[thirdparty/systemd.git] / src / tty-ask-password-agent / tty-ask-password-agent.c

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <errno.h>
#include <fcntl.h>
#include <getopt.h>
#include <poll.h>
#include <stdbool.h>
#include <stddef.h>
#include <string.h>
#include <sys/inotify.h>
#include <sys/signalfd.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <unistd.h>

#include "alloc-util.h"
#include "ask-password-api.h"
#include "conf-parser.h"
#include "def.h"
#include "dirent-util.h"
#include "fd-util.h"
#include "io-util.h"
#include "mkdir.h"
#include "path-util.h"
#include "process-util.h"
#include "signal-util.h"
#include "socket-util.h"
#include "string-util.h"
#include "strv.h"
#include "terminal-util.h"
#include "util.h"
#include "utmp-wtmp.h"

static enum {
        ACTION_LIST,
        ACTION_QUERY,
        ACTION_WATCH,
        ACTION_WALL
} arg_action = ACTION_QUERY;

static bool arg_plymouth = false;
static bool arg_console = false;

static int ask_password_plymouth(
                const char *message,
                usec_t until,
                AskPasswordFlags flags,
                const char *flag_file,
                char ***ret) {

        _cleanup_close_ int fd = -1, notify = -1;
        union sockaddr_union sa = PLYMOUTH_SOCKET;
        _cleanup_free_ char *packet = NULL;
        ssize_t k;
        int r, n;
        struct pollfd pollfd[2] = {};
        char buffer[LINE_MAX];
        size_t p = 0;
        enum {
                POLL_SOCKET,
                POLL_INOTIFY
        };

        assert(ret);

        if (flag_file) {
                notify = inotify_init1(IN_CLOEXEC|IN_NONBLOCK);
                if (notify < 0)
                        return -errno;

                r = inotify_add_watch(notify, flag_file, IN_ATTRIB); /* for the link count */
                if (r < 0)
                        return -errno;
        }

        fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
        if (fd < 0)
                return -errno;

        r = connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + 1 + strlen(sa.un.sun_path+1));
        if (r < 0)
                return -errno;

        if (flags & ASK_PASSWORD_ACCEPT_CACHED) {
                packet = strdup("c");
                n = 1;
        } else if (asprintf(&packet, "*\002%c%s%n", (int) (strlen(message) + 1), message, &n) < 0)
                packet = NULL;
        if (!packet)
                return -ENOMEM;

        r = loop_write(fd, packet, n + 1, true);
        if (r < 0)
                return r;

        pollfd[POLL_SOCKET].fd = fd;
        pollfd[POLL_SOCKET].events = POLLIN;
        pollfd[POLL_INOTIFY].fd = notify;
        pollfd[POLL_INOTIFY].events = POLLIN;

        for (;;) {
                int sleep_for = -1, j;

                if (until > 0) {
                        usec_t y;

                        y = now(CLOCK_MONOTONIC);

                        if (y > until) {
                                r = -ETIME;
                                goto finish;
                        }

                        sleep_for = (int) ((until - y) / USEC_PER_MSEC);
                }

                if (flag_file && access(flag_file, F_OK) < 0) {
                        r = -errno;
                        goto finish;
                }

                j = poll(pollfd, notify >= 0 ? 2 : 1, sleep_for);
                if (j < 0) {
                        if (errno == EINTR)
                                continue;

                        r = -errno;
                        goto finish;
                } else if (j == 0) {
                        r = -ETIME;
                        goto finish;
                }

                if (notify >= 0 && pollfd[POLL_INOTIFY].revents != 0)
                        flush_fd(notify);

                if (pollfd[POLL_SOCKET].revents == 0)
                        continue;

                k = read(fd, buffer + p, sizeof(buffer) - p);
                if (k < 0) {
                        if (errno == EINTR || errno == EAGAIN)
                                continue;

                        r = -errno;
                        goto finish;
                } else if (k == 0) {
                        r = -EIO;
                        goto finish;
                }

                p += k;

                if (p < 1)
                        continue;

                if (buffer[0] == 5) {

                        if (flags & ASK_PASSWORD_ACCEPT_CACHED) {
                                /* Hmm, first try with cached
                                 * passwords failed, so let's retry
                                 * with a normal password request */
                                packet = mfree(packet);

                                if (asprintf(&packet, "*\002%c%s%n", (int) (strlen(message) + 1), message, &n) < 0) {
                                        r = -ENOMEM;
                                        goto finish;
                                }

                                r = loop_write(fd, packet, n+1, true);
                                if (r < 0)
                                        goto finish;

                                flags &= ~ASK_PASSWORD_ACCEPT_CACHED;
                                p = 0;
                                continue;
                        }

                        /* No password, because UI not shown */
                        r = -ENOENT;
                        goto finish;

                } else if (buffer[0] == 2 || buffer[0] == 9) {
                        uint32_t size;
                        char **l;

                        /* One or more answers */
                        if (p < 5)
                                continue;

                        memcpy(&size, buffer+1, sizeof(size));
                        size = le32toh(size);
                        if (size + 5 > sizeof(buffer)) {
                                r = -EIO;
                                goto finish;
                        }

                        if (p-5 < size)
                                continue;

                        l = strv_parse_nulstr(buffer + 5, size);
                        if (!l) {
                                r = -ENOMEM;
                                goto finish;
                        }

                        *ret = l;
                        break;

                } else {
                        /* Unknown packet */
                        r = -EIO;
                        goto finish;
                }
        }

        r = 0;

finish:
        memory_erase(buffer, sizeof(buffer));
        return r;
}

static int send_passwords(const char *socket_name, char **passwords) {
        _cleanup_free_ char *packet = NULL;
        _cleanup_close_ int socket_fd = -1;
        union sockaddr_union sa = { .un.sun_family = AF_UNIX };
        size_t packet_length = 1;
        char **p, *d;
        int r;

        assert(socket_name);

        STRV_FOREACH(p, passwords)
                packet_length += strlen(*p) + 1;

        packet = new(char, packet_length);
        if (!packet)
                return -ENOMEM;

        packet[0] = '+';

        d = packet + 1;
        STRV_FOREACH(p, passwords)
                d = stpcpy(d, *p) + 1;

        socket_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0);
        if (socket_fd < 0) {
                r = log_debug_errno(errno, "socket(): %m");
                goto finish;
        }

        strncpy(sa.un.sun_path, socket_name, sizeof(sa.un.sun_path));

        r = sendto(socket_fd, packet, packet_length, MSG_NOSIGNAL, &sa.sa,
                   offsetof(struct sockaddr_un, sun_path) + strlen(socket_name));
        if (r < 0)
                r = log_debug_errno(errno, "sendto(): %m");

finish:
        memory_erase(packet, packet_length);
        return r;
}

static int parse_password(const char *filename, char **wall) {
        _cleanup_free_ char *socket_name = NULL, *message = NULL;
        bool accept_cached = false, echo = false;
        uint64_t not_after = 0;
        unsigned pid = 0;

        const ConfigTableItem items[] = {
                { "Ask", "Socket",       config_parse_string,   0, &socket_name   },
                { "Ask", "NotAfter",     config_parse_uint64,   0, &not_after     },
                { "Ask", "Message",      config_parse_string,   0, &message       },
                { "Ask", "PID",          config_parse_unsigned, 0, &pid           },
                { "Ask", "AcceptCached", config_parse_bool,     0, &accept_cached },
                { "Ask", "Echo",         config_parse_bool,     0, &echo          },
                {}
        };

        int r;

        assert(filename);

        r = config_parse(NULL, filename, NULL,
                         NULL,
                         config_item_table_lookup, items,
                         true, false, true, NULL);
        if (r < 0)
                return r;

        if (!socket_name) {
                log_error("Invalid password file %s", filename);
                return -EBADMSG;
        }

        if (not_after > 0 && now(CLOCK_MONOTONIC) > not_after)
                return 0;

        if (pid > 0 && !pid_is_alive(pid))
                return 0;

        if (arg_action == ACTION_LIST)
                printf("'%s' (PID %u)\n", message, pid);

        else if (arg_action == ACTION_WALL) {
                char *_wall;

                if (asprintf(&_wall,
                             "%s%sPassword entry required for \'%s\' (PID %u).\r\n"
                             "Please enter password with the systemd-tty-ask-password-agent tool!",
                             strempty(*wall),
                             *wall ? "\r\n\r\n" : "",
                             message,
                             pid) < 0)
                        return log_oom();

                free(*wall);
                *wall = _wall;

        } else {
                _cleanup_strv_free_erase_ char **passwords = NULL;

                assert(arg_action == ACTION_QUERY ||
                       arg_action == ACTION_WATCH);

                if (access(socket_name, W_OK) < 0) {
                        if (arg_action == ACTION_QUERY)
                                log_info("Not querying '%s' (PID %u), lacking privileges.", message, pid);

                        return 0;
                }

                if (arg_plymouth)
                        r = ask_password_plymouth(message, not_after, accept_cached ? ASK_PASSWORD_ACCEPT_CACHED : 0, filename, &passwords);
                else {
                        char *password = NULL;
                        int tty_fd = -1;

                        if (arg_console) {
                                tty_fd = acquire_terminal("/dev/console", false, false, false, USEC_INFINITY);
                                if (tty_fd < 0)
                                        return log_error_errno(tty_fd, "Failed to acquire /dev/console: %m");

                                r = reset_terminal_fd(tty_fd, true);
                                if (r < 0)
                                        log_warning_errno(r, "Failed to reset terminal, ignoring: %m");
                        }

                        r = ask_password_tty(message, NULL, not_after, echo ? ASK_PASSWORD_ECHO : 0, filename, &password);

                        if (arg_console) {
                                tty_fd = safe_close(tty_fd);
                                release_terminal();
                        }

                        if (r >= 0)
                                r = strv_push(&passwords, password);

                        if (r < 0)
                                string_free_erase(password);
                }

                /* If the query went away, that's OK */
                if (IN_SET(r, -ETIME, -ENOENT))
                        return 0;

                if (r < 0)
                        return log_error_errno(r, "Failed to query password: %m");

                r = send_passwords(socket_name, passwords);
                if (r < 0)
                        return log_error_errno(r, "Failed to send: %m");
        }

        return 0;
}

static int wall_tty_block(void) {
        _cleanup_free_ char *p = NULL;
        dev_t devnr;
        int fd, r;

        r = get_ctty_devnr(0, &devnr);
        if (r == -ENXIO) /* We have no controlling tty */
                return -ENOTTY;
        if (r < 0)
                return log_error_errno(r, "Failed to get controlling TTY: %m");

        if (asprintf(&p, "/run/systemd/ask-password-block/%u:%u", major(devnr), minor(devnr)) < 0)
                return log_oom();

        mkdir_parents_label(p, 0700);
        mkfifo(p, 0600);

        fd = open(p, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
        if (fd < 0)
                return log_debug_errno(errno, "Failed to open %s: %m", p);

        return fd;
}

static bool wall_tty_match(const char *path, void *userdata) {
        _cleanup_free_ char *p = NULL;
        _cleanup_close_ int fd = -1;
        struct stat st;

        if (!path_is_absolute(path))
                path = strjoina("/dev/", path);

        if (lstat(path, &st) < 0) {
                log_debug_errno(errno, "Failed to stat %s: %m", path);
                return true;
        }

        if (!S_ISCHR(st.st_mode)) {
                log_debug("%s is not a character device.", path);
                return true;
        }

        /* We use named pipes to ensure that wall messages suggesting
         * password entry are not printed over password prompts
         * already shown. We use the fact here that opening a pipe in
         * non-blocking mode for write-only will succeed only if
         * there's some writer behind it. Using pipes has the
         * advantage that the block will automatically go away if the
         * process dies. */

        if (asprintf(&p, "/run/systemd/ask-password-block/%u:%u", major(st.st_rdev), minor(st.st_rdev)) < 0) {
                log_oom();
                return true;
        }

        fd = open(p, O_WRONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
        if (fd < 0) {
                log_debug_errno(errno, "Failed top open the wall pipe: %m");
                return 1;
        }

        /* What, we managed to open the pipe? Then this tty is filtered. */
        return 0;
}

static int show_passwords(void) {
        _cleanup_closedir_ DIR *d;
        struct dirent *de;
        int r = 0;

        d = opendir("/run/systemd/ask-password");
        if (!d) {
                if (errno == ENOENT)
                        return 0;

                return log_error_errno(errno, "Failed to open /run/systemd/ask-password: %m");
        }

        FOREACH_DIRENT_ALL(de, d, return log_error_errno(errno, "Failed to read directory: %m")) {
                _cleanup_free_ char *p = NULL, *wall = NULL;
                int q;

                /* We only support /dev on tmpfs, hence we can rely on
                 * d_type to be reliable */

                if (de->d_type != DT_REG)
                        continue;

                if (hidden_file(de->d_name))
                        continue;

                if (!startswith(de->d_name, "ask."))
                        continue;

                p = strappend("/run/systemd/ask-password/", de->d_name);
                if (!p)
                        return log_oom();

                q = parse_password(p, &wall);
                if (q < 0 && r == 0)
                        r = q;

                if (wall)
                        (void) utmp_wall(wall, NULL, NULL, wall_tty_match, NULL);
        }

        return r;
}

static int watch_passwords(void) {
        enum {
                FD_INOTIFY,
                FD_SIGNAL,
                _FD_MAX
        };

        _cleanup_close_ int notify = -1, signal_fd = -1, tty_block_fd = -1;
        struct pollfd pollfd[_FD_MAX] = {};
        sigset_t mask;
        int r;

        tty_block_fd = wall_tty_block();

        (void) mkdir_p_label("/run/systemd/ask-password", 0755);

        notify = inotify_init1(IN_CLOEXEC);
        if (notify < 0)
                return log_error_errno(errno, "Failed to allocate directory watch: %m");

        if (inotify_add_watch(notify, "/run/systemd/ask-password", IN_CLOSE_WRITE|IN_MOVED_TO) < 0)
                return log_error_errno(errno, "Failed to add /run/systemd/ask-password to directory watch: %m");

        assert_se(sigemptyset(&mask) >= 0);
        assert_se(sigset_add_many(&mask, SIGINT, SIGTERM, -1) >= 0);
        assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) >= 0);

        signal_fd = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC);
        if (signal_fd < 0)
                return log_error_errno(errno, "Failed to allocate signal file descriptor: %m");

        pollfd[FD_INOTIFY].fd = notify;
        pollfd[FD_INOTIFY].events = POLLIN;
        pollfd[FD_SIGNAL].fd = signal_fd;
        pollfd[FD_SIGNAL].events = POLLIN;

        for (;;) {
                r = show_passwords();
                if (r < 0)
                        log_error_errno(r, "Failed to show password: %m");

                if (poll(pollfd, _FD_MAX, -1) < 0) {
                        if (errno == EINTR)
                                continue;

                        return -errno;
                }

                if (pollfd[FD_INOTIFY].revents != 0)
                        (void) flush_fd(notify);

                if (pollfd[FD_SIGNAL].revents != 0)
                        break;
        }

        return 0;
}

static void help(void) {
        printf("%s [OPTIONS...]\n\n"
               "Process system password requests.\n\n"
               "  -h --help     Show this help\n"
               "     --version  Show package version\n"
               "     --list     Show pending password requests\n"
               "     --query    Process pending password requests\n"
               "     --watch    Continuously process password requests\n"
               "     --wall     Continuously forward password requests to wall\n"
               "     --plymouth Ask question with Plymouth instead of on TTY\n"
               "     --console  Ask question on /dev/console instead of current TTY\n",
               program_invocation_short_name);
}

static int parse_argv(int argc, char *argv[]) {

        enum {
                ARG_LIST = 0x100,
                ARG_QUERY,
                ARG_WATCH,
                ARG_WALL,
                ARG_PLYMOUTH,
                ARG_CONSOLE,
                ARG_VERSION
        };

        static const struct option options[] = {
                { "help",     no_argument, NULL, 'h'          },
                { "version",  no_argument, NULL, ARG_VERSION  },
                { "list",     no_argument, NULL, ARG_LIST     },
                { "query",    no_argument, NULL, ARG_QUERY    },
                { "watch",    no_argument, NULL, ARG_WATCH    },
                { "wall",     no_argument, NULL, ARG_WALL     },
                { "plymouth", no_argument, NULL, ARG_PLYMOUTH },
                { "console",  no_argument, NULL, ARG_CONSOLE  },
                {}
        };

        int c;

        assert(argc >= 0);
        assert(argv);

        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)

                switch (c) {

                case 'h':
                        help();
                        return 0;

                case ARG_VERSION:
                        return version();

                case ARG_LIST:
                        arg_action = ACTION_LIST;
                        break;

                case ARG_QUERY:
                        arg_action = ACTION_QUERY;
                        break;

                case ARG_WATCH:
                        arg_action = ACTION_WATCH;
                        break;

                case ARG_WALL:
                        arg_action = ACTION_WALL;
                        break;

                case ARG_PLYMOUTH:
                        arg_plymouth = true;
                        break;

                case ARG_CONSOLE:
                        arg_console = true;
                        break;

                case '?':
                        return -EINVAL;

                default:
                        assert_not_reached("Unhandled option");
                }

        if (optind != argc) {
                log_error("%s takes no arguments.", program_invocation_short_name);
                return -EINVAL;
        }

        return 1;
}

int main(int argc, char *argv[]) {
        int r;

        log_set_target(LOG_TARGET_AUTO);
        log_parse_environment();
        log_open();

        umask(0022);

        r = parse_argv(argc, argv);
        if (r <= 0)
                goto finish;

        if (arg_console) {
                (void) setsid();
                (void) release_terminal();
        }

        if (IN_SET(arg_action, ACTION_WATCH, ACTION_WALL))
                r = watch_passwords();
        else
                r = show_passwords();

finish:
        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
Commit	Line	Data
ec863ba6 LP	1	/***
	2	This file is part of systemd.
	3
	4	Copyright 2010 Lennart Poettering
	5
	6	systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	7	under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	8	the Free Software Foundation; either version 2.1 of the License, or
ec863ba6 LP	9	(at your option) any later version.
	10
	11	systemd is distributed in the hope that it will be useful, but
	12	WITHOUT ANY WARRANTY; without even the implied warranty of
	13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2	14	Lesser General Public License for more details.
ec863ba6	15
5430f7f2	16	You should have received a copy of the GNU Lesser General Public License
ec863ba6 LP	17	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	18	***/
	19
ec863ba6	20	#include <errno.h>
3f6fd1ba LP	21	#include <fcntl.h>
	22	#include <getopt.h>
	23	#include <poll.h>
	24	#include <stdbool.h>
	25	#include <stddef.h>
ec863ba6	26	#include <string.h>
3f6fd1ba LP	27	#include <sys/inotify.h>
3f6fd1ba LP	28	#include <sys/signalfd.h>
ec863ba6 LP	29	#include <sys/socket.h>
ec863ba6 LP	30	#include <sys/un.h>
ec863ba6	31	#include <unistd.h>
ec863ba6	32
b5efdb8a	33	#include "alloc-util.h"
3f6fd1ba LP	34	#include "ask-password-api.h"
	35	#include "conf-parser.h"
	36	#include "def.h"
a0956174	37	#include "dirent-util.h"
3ffd4af2	38	#include "fd-util.h"
c004493c	39	#include "io-util.h"
49e942b2	40	#include "mkdir.h"
9eb977db	41	#include "path-util.h"
3f6fd1ba LP	42	#include "process-util.h"
3f6fd1ba LP	43	#include "signal-util.h"
e5ebf783	44	#include "socket-util.h"
07630cea	45	#include "string-util.h"
21bc923a	46	#include "strv.h"
288a74cc	47	#include "terminal-util.h"
3f6fd1ba LP	48	#include "util.h"
3f6fd1ba LP	49	#include "utmp-wtmp.h"
ec863ba6 LP	50
	51	static enum {
	52	ACTION_LIST,
	53	ACTION_QUERY,
	54	ACTION_WATCH,
	55	ACTION_WALL
	56	} arg_action = ACTION_QUERY;
	57
e5ebf783	58	static bool arg_plymouth = false;
0cf84693	59	static bool arg_console = false;
e5ebf783	60
21bc923a LP	61	static int ask_password_plymouth(
	62	const char *message,
	63	usec_t until,
e287086b	64	AskPasswordFlags flags,
21bc923a	65	const char *flag_file,
e287086b	66	char ***ret) {
21bc923a	67
1d749d04 ZJS	68	_cleanup_close_ int fd = -1, notify = -1;
	69	union sockaddr_union sa = PLYMOUTH_SOCKET;
	70	_cleanup_free_ char *packet = NULL;
e5ebf783 LP	71	ssize_t k;
e5ebf783 LP	72	int r, n;
b92bea5d	73	struct pollfd pollfd[2] = {};
e5ebf783 LP	74	char buffer[LINE_MAX];
	75	size_t p = 0;
	76	enum {
	77	POLL_SOCKET,
	78	POLL_INOTIFY
	79	};
	80
e287086b	81	assert(ret);
21bc923a	82
e5ebf783	83	if (flag_file) {
1d749d04 ZJS	84	notify = inotify_init1(IN_CLOEXEC\|IN_NONBLOCK);
	85	if (notify < 0)
	86	return -errno;
e5ebf783	87
1d749d04 ZJS	88	r = inotify_add_watch(notify, flag_file, IN_ATTRIB); /* for the link count */
	89	if (r < 0)
	90	return -errno;
e5ebf783 LP	91	}
e5ebf783 LP	92
1d749d04 ZJS	93	fd = socket(AF_UNIX, SOCK_STREAM\|SOCK_CLOEXEC\|SOCK_NONBLOCK, 0);
	94	if (fd < 0)
	95	return -errno;
e5ebf783	96
1d749d04	97	r = connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + 1 + strlen(sa.un.sun_path+1));
4a62c710	98	if (r < 0)
00843602	99	return -errno;
e5ebf783	100
e287086b	101	if (flags & ASK_PASSWORD_ACCEPT_CACHED) {
21bc923a LP	102	packet = strdup("c");
21bc923a LP	103	n = 1;
00843602	104	} else if (asprintf(&packet, "*\002%c%s%n", (int) (strlen(message) + 1), message, &n) < 0)
7de80bfe	105	packet = NULL;
1d749d04	106	if (!packet)
00843602	107	return -ENOMEM;
e5ebf783	108
553acb7b ZJS	109	r = loop_write(fd, packet, n + 1, true);
	110	if (r < 0)
	111	return r;
e5ebf783	112
e5ebf783 LP	113	pollfd[POLL_SOCKET].fd = fd;
	114	pollfd[POLL_SOCKET].events = POLLIN;
	115	pollfd[POLL_INOTIFY].fd = notify;
	116	pollfd[POLL_INOTIFY].events = POLLIN;
	117
	118	for (;;) {
	119	int sleep_for = -1, j;
	120
	121	if (until > 0) {
	122	usec_t y;
	123
	124	y = now(CLOCK_MONOTONIC);
	125
1602b008 LP	126	if (y > until) {
	127	r = -ETIME;
	128	goto finish;
	129	}
e5ebf783 LP	130
	131	sleep_for = (int) ((until - y) / USEC_PER_MSEC);
	132	}
	133
1602b008 LP	134	if (flag_file && access(flag_file, F_OK) < 0) {
	135	r = -errno;
	136	goto finish;
	137	}
e5ebf783	138
e287086b	139	j = poll(pollfd, notify >= 0 ? 2 : 1, sleep_for);
1d749d04	140	if (j < 0) {
e5ebf783 LP	141	if (errno == EINTR)
	142	continue;
	143
1602b008 LP	144	r = -errno;
	145	goto finish;
	146	} else if (j == 0) {
	147	r = -ETIME;
	148	goto finish;
	149	}
e5ebf783	150
e287086b	151	if (notify >= 0 && pollfd[POLL_INOTIFY].revents != 0)
e5ebf783 LP	152	flush_fd(notify);
	153
	154	if (pollfd[POLL_SOCKET].revents == 0)
	155	continue;
	156
1d749d04	157	k = read(fd, buffer + p, sizeof(buffer) - p);
e287086b LP	158	if (k < 0) {
	159	if (errno == EINTR \|\| errno == EAGAIN)
	160	continue;
	161
1602b008 LP	162	r = -errno;
	163	goto finish;
	164	} else if (k == 0) {
	165	r = -EIO;
	166	goto finish;
	167	}
e5ebf783 LP	168
	169	p += k;
	170
	171	if (p < 1)
	172	continue;
	173
	174	if (buffer[0] == 5) {
21bc923a	175
e287086b	176	if (flags & ASK_PASSWORD_ACCEPT_CACHED) {
21bc923a LP	177	/* Hmm, first try with cached
	178	* passwords failed, so let's retry
	179	* with a normal password request */
97b11eed	180	packet = mfree(packet);
21bc923a	181
1602b008 LP	182	if (asprintf(&packet, "*\002%c%s%n", (int) (strlen(message) + 1), message, &n) < 0) {
	183	r = -ENOMEM;
	184	goto finish;
	185	}
21bc923a	186
553acb7b ZJS	187	r = loop_write(fd, packet, n+1, true);
553acb7b ZJS	188	if (r < 0)
1602b008	189	goto finish;
21bc923a	190
e287086b	191	flags &= ~ASK_PASSWORD_ACCEPT_CACHED;
21bc923a LP	192	p = 0;
	193	continue;
	194	}
	195
e5ebf783	196	/* No password, because UI not shown */
1602b008 LP	197	r = -ENOENT;
1602b008 LP	198	goto finish;
e5ebf783	199
21bc923a	200	} else if (buffer[0] == 2 \|\| buffer[0] == 9) {
e5ebf783	201	uint32_t size;
21bc923a	202	char **l;
e5ebf783	203
4cf07da2	204	/* One or more answers */
e5ebf783 LP	205	if (p < 5)
	206	continue;
	207
	208	memcpy(&size, buffer+1, sizeof(size));
bb53abeb	209	size = le32toh(size);
1602b008 LP	210	if (size + 5 > sizeof(buffer)) {
	211	r = -EIO;
	212	goto finish;
	213	}
e5ebf783 LP	214
	215	if (p-5 < size)
	216	continue;
	217
1d749d04	218	l = strv_parse_nulstr(buffer + 5, size);
1602b008 LP	219	if (!l) {
	220	r = -ENOMEM;
	221	goto finish;
	222	}
e5ebf783	223
e287086b	224	*ret = l;
e5ebf783	225	break;
21bc923a	226
1602b008	227	} else {
e5ebf783	228	/* Unknown packet */
1602b008 LP	229	r = -EIO;
	230	goto finish;
	231	}
e5ebf783 LP	232	}
e5ebf783 LP	233
1602b008 LP	234	r = 0;
	235
	236	finish:
	237	memory_erase(buffer, sizeof(buffer));
	238	return r;
e5ebf783 LP	239	}
e5ebf783 LP	240
bbada6d7 JAS	241	static int send_passwords(const char socket_name, char *passwords) {
	242	_cleanup_free_ char *packet = NULL;
	243	_cleanup_close_ int socket_fd = -1;
	244	union sockaddr_union sa = { .un.sun_family = AF_UNIX };
	245	size_t packet_length = 1;
	246	char *p, d;
	247	int r;
	248
	249	assert(socket_name);
	250
	251	STRV_FOREACH(p, passwords)
	252	packet_length += strlen(*p) + 1;
	253
	254	packet = new(char, packet_length);
	255	if (!packet)
	256	return -ENOMEM;
	257
	258	packet[0] = '+';
	259
	260	d = packet + 1;
	261	STRV_FOREACH(p, passwords)
	262	d = stpcpy(d, *p) + 1;
	263
	264	socket_fd = socket(AF_UNIX, SOCK_DGRAM\|SOCK_CLOEXEC, 0);
	265	if (socket_fd < 0) {
	266	r = log_debug_errno(errno, "socket(): %m");
	267	goto finish;
	268	}
	269
	270	strncpy(sa.un.sun_path, socket_name, sizeof(sa.un.sun_path));
	271
	272	r = sendto(socket_fd, packet, packet_length, MSG_NOSIGNAL, &sa.sa,
	273	offsetof(struct sockaddr_un, sun_path) + strlen(socket_name));
	274	if (r < 0)
	275	r = log_debug_errno(errno, "sendto(): %m");
	276
	277	finish:
	278	memory_erase(packet, packet_length);
	279	return r;
	280	}
	281
0ddf1d3a	282	static int parse_password(const char filename, char *wall) {
bbada6d7	283	_cleanup_free_ char socket_name = NULL, message = NULL;
1602b008	284	bool accept_cached = false, echo = false;
ec863ba6 LP	285	uint64_t not_after = 0;
ec863ba6 LP	286	unsigned pid = 0;
ec863ba6	287
f975e971 LP	288	const ConfigTableItem items[] = {
	289	{ "Ask", "Socket", config_parse_string, 0, &socket_name },
	290	{ "Ask", "NotAfter", config_parse_uint64, 0, &not_after },
	291	{ "Ask", "Message", config_parse_string, 0, &message },
	292	{ "Ask", "PID", config_parse_unsigned, 0, &pid },
	293	{ "Ask", "AcceptCached", config_parse_bool, 0, &accept_cached },
64845bdc	294	{ "Ask", "Echo", config_parse_bool, 0, &echo },
1d749d04	295	{}
ec863ba6 LP	296	};
ec863ba6 LP	297
ec863ba6	298	int r;
ec863ba6 LP	299
	300	assert(filename);
	301
36f822c4 ZJS	302	r = config_parse(NULL, filename, NULL,
	303	NULL,
	304	config_item_table_lookup, items,
	305	true, false, true, NULL);
	306	if (r < 0)
	307	return r;
ec863ba6	308
7dcda352	309	if (!socket_name) {
ec863ba6	310	log_error("Invalid password file %s", filename);
e46eab86	311	return -EBADMSG;
ec863ba6 LP	312	}
ec863ba6 LP	313
e46eab86 ZJS	314	if (not_after > 0 && now(CLOCK_MONOTONIC) > not_after)
e46eab86 ZJS	315	return 0;
ec863ba6	316
e46eab86 ZJS	317	if (pid > 0 && !pid_is_alive(pid))
e46eab86 ZJS	318	return 0;
ded80335	319
ec863ba6 LP	320	if (arg_action == ACTION_LIST)
ec863ba6 LP	321	printf("'%s' (PID %u)\n", message, pid);
e46eab86	322
ec863ba6	323	else if (arg_action == ACTION_WALL) {
0ddf1d3a	324	char *_wall;
ec863ba6	325
0ddf1d3a LP	326	if (asprintf(&_wall,
0ddf1d3a LP	327	"%s%sPassword entry required for \'%s\' (PID %u).\r\n"
9d3e691e	328	"Please enter password with the systemd-tty-ask-password-agent tool!",
5cfee414	329	strempty(*wall),
0ddf1d3a	330	*wall ? "\r\n\r\n" : "",
ec863ba6	331	message,
e46eab86 ZJS	332	pid) < 0)
e46eab86 ZJS	333	return log_oom();
ec863ba6	334
0ddf1d3a LP	335	free(*wall);
0ddf1d3a LP	336	*wall = _wall;
e46eab86	337
ec863ba6	338	} else {
bbada6d7	339	_cleanup_strv_free_erase_ char **passwords = NULL;
ec863ba6 LP	340
	341	assert(arg_action == ACTION_QUERY \|\|
	342	arg_action == ACTION_WATCH);
	343
	344	if (access(socket_name, W_OK) < 0) {
ec863ba6 LP	345	if (arg_action == ACTION_QUERY)
	346	log_info("Not querying '%s' (PID %u), lacking privileges.", message, pid);
	347
e46eab86	348	return 0;
ec863ba6 LP	349	}
ec863ba6 LP	350
bbada6d7	351	if (arg_plymouth)
e287086b	352	r = ask_password_plymouth(message, not_after, accept_cached ? ASK_PASSWORD_ACCEPT_CACHED : 0, filename, &passwords);
bbada6d7 JAS	353	else {
bbada6d7 JAS	354	char *password = NULL;
00843602	355	int tty_fd = -1;
0cf84693	356
e46eab86	357	if (arg_console) {
3a43da28	358	tty_fd = acquire_terminal("/dev/console", false, false, false, USEC_INFINITY);
e46eab86	359	if (tty_fd < 0)
00843602	360	return log_error_errno(tty_fd, "Failed to acquire /dev/console: %m");
3d18b167 LP	361
	362	r = reset_terminal_fd(tty_fd, true);
	363	if (r < 0)
	364	log_warning_errno(r, "Failed to reset terminal, ignoring: %m");
e46eab86	365	}
0cf84693	366
e287086b	367	r = ask_password_tty(message, NULL, not_after, echo ? ASK_PASSWORD_ECHO : 0, filename, &password);
e5ebf783	368
0cf84693	369	if (arg_console) {
00843602	370	tty_fd = safe_close(tty_fd);
0cf84693 LP	371	release_terminal();
0cf84693 LP	372	}
21bc923a	373
bbada6d7 JAS	374	if (r >= 0)
bbada6d7 JAS	375	r = strv_push(&passwords, password);
0cf84693	376
bbada6d7 JAS	377	if (r < 0)
bbada6d7 JAS	378	string_free_erase(password);
1602b008	379	}
ec863ba6	380
bbada6d7 JAS	381	/* If the query went away, that's OK */
	382	if (IN_SET(r, -ETIME, -ENOENT))
	383	return 0;
ec863ba6	384
bbada6d7 JAS	385	if (r < 0)
bbada6d7 JAS	386	return log_error_errno(r, "Failed to query password: %m");
ec863ba6	387
bbada6d7	388	r = send_passwords(socket_name, passwords);
00843602	389	if (r < 0)
bbada6d7	390	return log_error_errno(r, "Failed to send: %m");
ec863ba6 LP	391	}
ec863ba6 LP	392
e46eab86	393	return 0;
ec863ba6 LP	394	}
ec863ba6 LP	395
0cf84693	396	static int wall_tty_block(void) {
1d749d04	397	_cleanup_free_ char *p = NULL;
fc116c6a	398	dev_t devnr;
00843602	399	int fd, r;
7af53310	400
4d6d6518	401	r = get_ctty_devnr(0, &devnr);
e287086b LP	402	if (r == -ENXIO) /* We have no controlling tty */
e287086b LP	403	return -ENOTTY;
4d6d6518	404	if (r < 0)
00843602	405	return log_error_errno(r, "Failed to get controlling TTY: %m");
7af53310	406
2b583ce6	407	if (asprintf(&p, "/run/systemd/ask-password-block/%u:%u", major(devnr), minor(devnr)) < 0)
00843602	408	return log_oom();
7af53310	409
d2e54fae	410	mkdir_parents_label(p, 0700);
7af53310 LP	411	mkfifo(p, 0600);
	412
	413	fd = open(p, O_RDONLY\|O_CLOEXEC\|O_NONBLOCK\|O_NOCTTY);
7af53310	414	if (fd < 0)
2ee4e222	415	return log_debug_errno(errno, "Failed to open %s: %m", p);
7af53310 LP	416
	417	return fd;
	418	}
	419
99f710dd	420	static bool wall_tty_match(const char path, void userdata) {
1d749d04	421	_cleanup_free_ char *p = NULL;
00843602 LP	422	_cleanup_close_ int fd = -1;
00843602 LP	423	struct stat st;
fc116c6a	424
1d749d04	425	if (!path_is_absolute(path))
63c372cb	426	path = strjoina("/dev/", path);
fc116c6a	427
00843602 LP	428	if (lstat(path, &st) < 0) {
00843602 LP	429	log_debug_errno(errno, "Failed to stat %s: %m", path);
fc116c6a	430	return true;
00843602	431	}
fc116c6a	432
00843602 LP	433	if (!S_ISCHR(st.st_mode)) {
00843602 LP	434	log_debug("%s is not a character device.", path);
fc116c6a	435	return true;
00843602	436	}
7af53310 LP	437
	438	/* We use named pipes to ensure that wall messages suggesting
	439	* password entry are not printed over password prompts
	440	* already shown. We use the fact here that opening a pipe in
	441	* non-blocking mode for write-only will succeed only if
	442	* there's some writer behind it. Using pipes has the
	443	* advantage that the block will automatically go away if the
	444	* process dies. */
	445
00843602 LP	446	if (asprintf(&p, "/run/systemd/ask-password-block/%u:%u", major(st.st_rdev), minor(st.st_rdev)) < 0) {
00843602 LP	447	log_oom();
7af53310	448	return true;
00843602	449	}
7af53310 LP	450
7af53310 LP	451	fd = open(p, O_WRONLY\|O_CLOEXEC\|O_NONBLOCK\|O_NOCTTY);
00843602 LP	452	if (fd < 0) {
	453	log_debug_errno(errno, "Failed top open the wall pipe: %m");
	454	return 1;
	455	}
7af53310 LP	456
7af53310 LP	457	/* What, we managed to open the pipe? Then this tty is filtered. */
00843602	458	return 0;
7af53310 LP	459	}
7af53310 LP	460
ec863ba6	461	static int show_passwords(void) {
1d749d04	462	_cleanup_closedir_ DIR *d;
ec863ba6 LP	463	struct dirent *de;
	464	int r = 0;
	465
1d749d04 ZJS	466	d = opendir("/run/systemd/ask-password");
1d749d04 ZJS	467	if (!d) {
ec863ba6 LP	468	if (errno == ENOENT)
	469	return 0;
	470
ad71eee5	471	return log_error_errno(errno, "Failed to open /run/systemd/ask-password: %m");
ec863ba6 LP	472	}
ec863ba6 LP	473
00843602	474	FOREACH_DIRENT_ALL(de, d, return log_error_errno(errno, "Failed to read directory: %m")) {
1d749d04	475	_cleanup_free_ char p = NULL, wall = NULL;
ec863ba6 LP	476	int q;
ec863ba6 LP	477
1a6f4df6 LP	478	/* We only support /dev on tmpfs, hence we can rely on
	479	* d_type to be reliable */
	480
ec863ba6 LP	481	if (de->d_type != DT_REG)
	482	continue;
	483
a34bf9db	484	if (hidden_file(de->d_name))
ec863ba6 LP	485	continue;
	486
	487	if (!startswith(de->d_name, "ask."))
	488	continue;
	489
1d749d04 ZJS	490	p = strappend("/run/systemd/ask-password/", de->d_name);
	491	if (!p)
	492	return log_oom();
ec863ba6	493
1d749d04 ZJS	494	q = parse_password(p, &wall);
1d749d04 ZJS	495	if (q < 0 && r == 0)
ec863ba6 LP	496	r = q;
ec863ba6 LP	497
1d749d04	498	if (wall)
00843602	499	(void) utmp_wall(wall, NULL, NULL, wall_tty_match, NULL);
ec863ba6 LP	500	}
ec863ba6 LP	501
ec863ba6 LP	502	return r;
	503	}
	504
	505	static int watch_passwords(void) {
b9ba604e LP	506	enum {
	507	FD_INOTIFY,
	508	FD_SIGNAL,
	509	_FD_MAX
	510	};
	511
1d749d04	512	_cleanup_close_ int notify = -1, signal_fd = -1, tty_block_fd = -1;
b92bea5d	513	struct pollfd pollfd[_FD_MAX] = {};
b9ba604e	514	sigset_t mask;
ec863ba6 LP	515	int r;
ec863ba6 LP	516
0cf84693	517	tty_block_fd = wall_tty_block();
7af53310	518
00843602	519	(void) mkdir_p_label("/run/systemd/ask-password", 0755);
ec863ba6	520
1d749d04 ZJS	521	notify = inotify_init1(IN_CLOEXEC);
1d749d04 ZJS	522	if (notify < 0)
00843602	523	return log_error_errno(errno, "Failed to allocate directory watch: %m");
ec863ba6	524
1d749d04	525	if (inotify_add_watch(notify, "/run/systemd/ask-password", IN_CLOSE_WRITE\|IN_MOVED_TO) < 0)
00843602	526	return log_error_errno(errno, "Failed to add /run/systemd/ask-password to directory watch: %m");
ec863ba6	527
72c0a2c2 LP	528	assert_se(sigemptyset(&mask) >= 0);
	529	assert_se(sigset_add_many(&mask, SIGINT, SIGTERM, -1) >= 0);
	530	assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) >= 0);
b9ba604e	531
1d749d04 ZJS	532	signal_fd = signalfd(-1, &mask, SFD_NONBLOCK\|SFD_CLOEXEC);
1d749d04 ZJS	533	if (signal_fd < 0)
00843602	534	return log_error_errno(errno, "Failed to allocate signal file descriptor: %m");
b9ba604e	535
b9ba604e LP	536	pollfd[FD_INOTIFY].fd = notify;
	537	pollfd[FD_INOTIFY].events = POLLIN;
	538	pollfd[FD_SIGNAL].fd = signal_fd;
	539	pollfd[FD_SIGNAL].events = POLLIN;
ec863ba6 LP	540
ec863ba6 LP	541	for (;;) {
1d749d04 ZJS	542	r = show_passwords();
1d749d04 ZJS	543	if (r < 0)
da927ba9	544	log_error_errno(r, "Failed to show password: %m");
ec863ba6	545
b9ba604e	546	if (poll(pollfd, _FD_MAX, -1) < 0) {
ec863ba6 LP	547	if (errno == EINTR)
	548	continue;
	549
1d749d04	550	return -errno;
ec863ba6 LP	551	}
ec863ba6 LP	552
b9ba604e	553	if (pollfd[FD_INOTIFY].revents != 0)
00843602	554	(void) flush_fd(notify);
b9ba604e LP	555
	556	if (pollfd[FD_SIGNAL].revents != 0)
	557	break;
ec863ba6 LP	558	}
ec863ba6 LP	559
1d749d04	560	return 0;
ec863ba6 LP	561	}
ec863ba6 LP	562
601185b4	563	static void help(void) {
ec863ba6 LP	564	printf("%s [OPTIONS...]\n\n"
ec863ba6 LP	565	"Process system password requests.\n\n"
e5ebf783	566	" -h --help Show this help\n"
c52f663b	567	" --version Show package version\n"
e5ebf783 LP	568	" --list Show pending password requests\n"
e5ebf783 LP	569	" --query Process pending password requests\n"
35b8ca3a HH	570	" --watch Continuously process password requests\n"
35b8ca3a HH	571	" --wall Continuously forward password requests to wall\n"
0cf84693 LP	572	" --plymouth Ask question with Plymouth instead of on TTY\n"
0cf84693 LP	573	" --console Ask question on /dev/console instead of current TTY\n",
ec863ba6	574	program_invocation_short_name);
ec863ba6 LP	575	}
	576
	577	static int parse_argv(int argc, char *argv[]) {
	578
	579	enum {
	580	ARG_LIST = 0x100,
	581	ARG_QUERY,
	582	ARG_WATCH,
	583	ARG_WALL,
0cf84693	584	ARG_PLYMOUTH,
c52f663b LP	585	ARG_CONSOLE,
c52f663b LP	586	ARG_VERSION
ec863ba6 LP	587	};
	588
	589	static const struct option options[] = {
e5ebf783	590	{ "help", no_argument, NULL, 'h' },
c52f663b	591	{ "version", no_argument, NULL, ARG_VERSION },
e5ebf783 LP	592	{ "list", no_argument, NULL, ARG_LIST },
	593	{ "query", no_argument, NULL, ARG_QUERY },
	594	{ "watch", no_argument, NULL, ARG_WATCH },
	595	{ "wall", no_argument, NULL, ARG_WALL },
	596	{ "plymouth", no_argument, NULL, ARG_PLYMOUTH },
0cf84693	597	{ "console", no_argument, NULL, ARG_CONSOLE },
eb9da376	598	{}
ec863ba6 LP	599	};
	600
	601	int c;
	602
	603	assert(argc >= 0);
	604	assert(argv);
	605
601185b4	606	while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
ec863ba6 LP	607
	608	switch (c) {
	609
	610	case 'h':
601185b4 ZJS	611	help();
601185b4 ZJS	612	return 0;
ec863ba6	613
c52f663b	614	case ARG_VERSION:
3f6fd1ba	615	return version();
c52f663b	616
ec863ba6 LP	617	case ARG_LIST:
	618	arg_action = ACTION_LIST;
	619	break;
	620
	621	case ARG_QUERY:
	622	arg_action = ACTION_QUERY;
	623	break;
	624
	625	case ARG_WATCH:
	626	arg_action = ACTION_WATCH;
	627	break;
	628
	629	case ARG_WALL:
	630	arg_action = ACTION_WALL;
	631	break;
	632
e5ebf783 LP	633	case ARG_PLYMOUTH:
	634	arg_plymouth = true;
	635	break;
	636
0cf84693 LP	637	case ARG_CONSOLE:
	638	arg_console = true;
	639	break;
	640
ec863ba6 LP	641	case '?':
	642	return -EINVAL;
	643
	644	default:
eb9da376	645	assert_not_reached("Unhandled option");
ec863ba6	646	}
ec863ba6 LP	647
ec863ba6 LP	648	if (optind != argc) {
601185b4	649	log_error("%s takes no arguments.", program_invocation_short_name);
ec863ba6 LP	650	return -EINVAL;
	651	}
	652
	653	return 1;
	654	}
	655
	656	int main(int argc, char *argv[]) {
	657	int r;
	658
4b261568	659	log_set_target(LOG_TARGET_AUTO);
ec863ba6 LP	660	log_parse_environment();
	661	log_open();
	662
4c12626c LP	663	umask(0022);
4c12626c LP	664
1d749d04 ZJS	665	r = parse_argv(argc, argv);
1d749d04 ZJS	666	if (r <= 0)
ec863ba6 LP	667	goto finish;
ec863ba6 LP	668
0cf84693	669	if (arg_console) {
16f98462 LP	670	(void) setsid();
16f98462 LP	671	(void) release_terminal();
0cf84693 LP	672	}
0cf84693 LP	673
1d749d04	674	if (IN_SET(arg_action, ACTION_WATCH, ACTION_WALL))
ec863ba6 LP	675	r = watch_passwords();
	676	else
	677	r = show_passwords();
96707269	678
ec863ba6 LP	679	finish:
	680	return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
	681	}