summaryrefslogtreecommitdiff
path: root/src/tty-ask-password-agent.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2010-11-12 03:33:08 +0100
committerLennart Poettering <lennart@poettering.net>2010-11-12 03:33:08 +0100
commit7af53310dd9154ba76be7808292d9a046b849e43 (patch)
tree75a49739917317234ac91edf0f7306326fadddf7 /src/tty-ask-password-agent.c
parent9d3e691e709eb12ce48a3dec6e50537406d12ad2 (diff)
ask-password: don't show wall message on ttys we are already running a tty agent on
Diffstat (limited to 'src/tty-ask-password-agent.c')
-rw-r--r--src/tty-ask-password-agent.c59
1 files changed, 57 insertions, 2 deletions
diff --git a/src/tty-ask-password-agent.c b/src/tty-ask-password-agent.c
index 2e8a92fe53..1d17e2289e 100644
--- a/src/tty-ask-password-agent.c
+++ b/src/tty-ask-password-agent.c
@@ -30,6 +30,7 @@
#include <unistd.h>
#include <getopt.h>
#include <sys/signalfd.h>
+#include <fcntl.h>
#include "util.h"
#include "conf-parser.h"
@@ -335,6 +336,55 @@ finish:
return r;
}
+static int tty_block(void) {
+ char *p;
+ const char *t;
+ int fd;
+
+ if (!(t = ttyname(STDIN_FILENO)))
+ return -errno;
+
+ if (asprintf(&p, "/dev/.systemd/ask-password-block/%s", file_name_from_path(t)) < 0)
+ return -ENOMEM;
+
+ mkdir_parents(p, 0700);
+ mkfifo(p, 0600);
+
+ fd = open(p, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
+ free(p);
+
+ if (fd < 0)
+ return -errno;
+
+ return fd;
+}
+
+static bool tty_match(const char *path) {
+ int fd;
+ char *p;
+
+ /* We use named pipes to ensure that wall messages suggesting
+ * password entry are not printed over password prompts
+ * already shown. We use the fact here that opening a pipe in
+ * non-blocking mode for write-only will succeed only if
+ * there's some writer behind it. Using pipes has the
+ * advantage that the block will automatically go away if the
+ * process dies. */
+
+ if (asprintf(&p, "/dev/.systemd/ask-password-block/%s", file_name_from_path(path)) < 0)
+ return true;
+
+ fd = open(p, O_WRONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
+ free(p);
+
+ if (fd < 0)
+ return true;
+
+ /* What, we managed to open the pipe? Then this tty is filtered. */
+ close_nointr_nofail(fd);
+ return false;
+}
+
static int show_passwords(void) {
DIR *d;
struct dirent *de;
@@ -375,7 +425,7 @@ static int show_passwords(void) {
free(p);
if (wall) {
- utmp_wall(wall);
+ utmp_wall(wall, tty_match);
free(wall);
}
}
@@ -394,11 +444,13 @@ static int watch_passwords(void) {
_FD_MAX
};
- int notify = -1, signal_fd = -1;
+ int notify = -1, signal_fd = -1, tty_block_fd = -1;
struct pollfd pollfd[_FD_MAX];
sigset_t mask;
int r;
+ tty_block_fd = tty_block();
+
mkdir_p("/dev/.systemd/ask-password", 0755);
if ((notify = inotify_init1(IN_CLOEXEC)) < 0) {
@@ -456,6 +508,9 @@ finish:
if (signal_fd >= 0)
close_nointr_nofail(signal_fd);
+ if (tty_block_fd >= 0)
+ close_nointr_nofail(tty_block_fd);
+
return r;
}