Add SPDX license identifiers to source files under the LGPL

[thirdparty/systemd.git] / src / shared / ask-password-api.c

diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 4a4bd8d3b8ae8c82cb845eaf267205d73e433034..a0c76eddbe7ab4c6bc877003d0dbca31efe2cd79 100644 (file)
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
 /***
   This file is part of systemd.
 
@@ -43,12 +44,13 @@
 #include "ask-password-api.h"
 #include "fd-util.h"
 #include "fileio.h"
-#include "formats-util.h"
+#include "format-util.h"
 #include "io-util.h"
 #include "log.h"
 #include "macro.h"
 #include "missing.h"
 #include "mkdir.h"
+#include "process-util.h"
 #include "random-util.h"
 #include "signal-util.h"
 #include "socket-util.h"
@@ -95,7 +97,7 @@ static int retrieve_key(key_serial_t serial, char ***ret) {
                 if (n < m)
                         break;
 
-                memory_erase(p, n);
+                explicit_bzero(p, n);
                 free(p);
                 m *= 2;
         }
@@ -104,7 +106,7 @@ static int retrieve_key(key_serial_t serial, char ***ret) {
         if (!l)
                 return -ENOMEM;
 
-        memory_erase(p, n);
+        explicit_bzero(p, n);
 
         *ret = l;
         return 0;
@@ -139,12 +141,8 @@ static int add_to_keyring(const char *keyname, AskPasswordFlags flags, char **pa
         if (r < 0)
                 return r;
 
-        /* Truncate trailing NUL */
-        assert(n > 0);
-        assert(p[n-1] == 0);
-
-        serial = add_key("user", keyname, p, n-1, KEY_SPEC_USER_KEYRING);
-        memory_erase(p, n);
+        serial = add_key("user", keyname, p, n, KEY_SPEC_USER_KEYRING);
+        explicit_bzero(p, n);
         if (serial == -1)
                 return -errno;
 
@@ -253,10 +251,12 @@ int ask_password_tty(
                         goto finish;
                 }
 
-                loop_write(ttyfd, ANSI_HIGHLIGHT, strlen(ANSI_HIGHLIGHT), false);
+                if (colors_enabled())
+                        loop_write(ttyfd, ANSI_HIGHLIGHT, strlen(ANSI_HIGHLIGHT), false);
                 loop_write(ttyfd, message, strlen(message), false);
                 loop_write(ttyfd, " ", 1, false);
-                loop_write(ttyfd, ANSI_NORMAL, strlen(ANSI_NORMAL), false);
+                if (colors_enabled())
+                        loop_write(ttyfd, ANSI_NORMAL, strlen(ANSI_NORMAL), false);
 
                 new_termios = old_termios;
                 new_termios.c_lflag &= ~(ICANON|ECHO);
@@ -321,7 +321,7 @@ int ask_password_tty(
 
                 n = read(ttyfd >= 0 ? ttyfd : STDIN_FILENO, &c, 1);
                 if (n < 0) {
-                        if (errno == EINTR || errno == EAGAIN)
+                        if (IN_SET(errno, EINTR, EAGAIN))
                                 continue;
 
                         r = -errno;
@@ -338,7 +338,7 @@ int ask_password_tty(
                                 backspace_chars(ttyfd, p);
                         p = 0;
 
-                } else if (c == '\b' || c == 127) {
+                } else if (IN_SET(c, '\b', 127)) {
 
                         if (p > 0) {
 
@@ -392,7 +392,7 @@ int ask_password_tty(
         }
 
         x = strndup(passphrase, p);
-        memory_erase(passphrase, p);
+        explicit_bzero(passphrase, p);
         if (!x) {
                 r = -ENOMEM;
                 goto finish;
@@ -486,7 +486,7 @@ int ask_password_agent(
 
         (void) mkdir_p_label("/run/systemd/ask-password", 0755);
 
-        fd = mkostemp_safe(temp, O_WRONLY|O_CLOEXEC);
+        fd = mkostemp_safe(temp);
         if (fd < 0) {
                 r = fd;
                 goto finish;
@@ -521,7 +521,7 @@ int ask_password_agent(
                 "AcceptCached=%i\n"
                 "Echo=%i\n"
                 "NotAfter="USEC_FMT"\n",
-                getpid(),
+                getpid_cached(),
                 socket_name,
                 (flags & ASK_PASSWORD_ACCEPT_CACHED) ? 1 : 0,
                 (flags & ASK_PASSWORD_ECHO) ? 1 : 0,
@@ -614,8 +614,7 @@ int ask_password_agent(
 
                 n = recvmsg(socket_fd, &msghdr, 0);
                 if (n < 0) {
-                        if (errno == EAGAIN ||
-                            errno == EINTR)
+                        if (IN_SET(errno, EAGAIN, EINTR))
                                 continue;
 
                         r = -errno;
@@ -649,7 +648,7 @@ int ask_password_agent(
                                 l = strv_new("", NULL);
                         else
                                 l = strv_parse_nulstr(passphrase+1, n-1);
-                        memory_erase(passphrase, n);
+                        explicit_bzero(passphrase, n);
                         if (!l) {
                                 r = -ENOMEM;
                                 goto finish;