summaryrefslogtreecommitdiff
path: root/src/tty-ask-password-agent
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-10-07 11:26:10 +0200
committerLennart Poettering <lennart@poettering.net>2015-10-07 12:26:14 +0200
commite287086b8aa2558356af225a12d9bfea8e7d61ca (patch)
tree934632ad37a839938f519a800a29c7541741a1b4 /src/tty-ask-password-agent
parent0084360296429b2068c1a4d4d4263083a8963b02 (diff)
ask-password: add support for caching passwords in the kernel keyring
This adds support for caching harddisk passwords in the kernel keyring if it is available, thus supporting caching without Plymouth being around. This is also useful for hooking up "gdm-auto-login" with the collected boot-time harddisk password, in order to support gnome keyring passphrase unlocking via the HDD password, if it is the same. Any passwords added to the kernel keyring this way have a timeout of 2.5min at which time they are purged from the kernel.
Diffstat (limited to 'src/tty-ask-password-agent')
-rw-r--r--src/tty-ask-password-agent/tty-ask-password-agent.c34
1 files changed, 20 insertions, 14 deletions
diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c
index e1e2945c06..5dbc0a9bcc 100644
--- a/src/tty-ask-password-agent/tty-ask-password-agent.c
+++ b/src/tty-ask-password-agent/tty-ask-password-agent.c
@@ -58,9 +58,9 @@ static bool arg_console = false;
static int ask_password_plymouth(
const char *message,
usec_t until,
+ AskPasswordFlags flags,
const char *flag_file,
- bool accept_cached,
- char ***_passphrases) {
+ char ***ret) {
_cleanup_close_ int fd = -1, notify = -1;
union sockaddr_union sa = PLYMOUTH_SOCKET;
@@ -75,7 +75,7 @@ static int ask_password_plymouth(
POLL_INOTIFY
};
- assert(_passphrases);
+ assert(ret);
if (flag_file) {
notify = inotify_init1(IN_CLOEXEC|IN_NONBLOCK);
@@ -95,12 +95,11 @@ static int ask_password_plymouth(
if (r < 0)
return -errno;
- if (accept_cached) {
+ if (flags & ASK_PASSWORD_ACCEPT_CACHED) {
packet = strdup("c");
n = 1;
} else if (asprintf(&packet, "*\002%c%s%n", (int) (strlen(message) + 1), message, &n) < 0)
packet = NULL;
-
if (!packet)
return -ENOMEM;
@@ -130,7 +129,7 @@ static int ask_password_plymouth(
if (flag_file && access(flag_file, F_OK) < 0)
return -errno;
- j = poll(pollfd, notify > 0 ? 2 : 1, sleep_for);
+ j = poll(pollfd, notify >= 0 ? 2 : 1, sleep_for);
if (j < 0) {
if (errno == EINTR)
continue;
@@ -139,15 +138,20 @@ static int ask_password_plymouth(
} else if (j == 0)
return -ETIME;
- if (notify > 0 && pollfd[POLL_INOTIFY].revents != 0)
+ if (notify >= 0 && pollfd[POLL_INOTIFY].revents != 0)
flush_fd(notify);
if (pollfd[POLL_SOCKET].revents == 0)
continue;
k = read(fd, buffer + p, sizeof(buffer) - p);
- if (k <= 0)
- return r = k < 0 ? -errno : -EIO;
+ if (k < 0) {
+ if (errno == EINTR || errno == EAGAIN)
+ continue;
+
+ return -errno;
+ } else if (k == 0)
+ return -EIO;
p += k;
@@ -156,7 +160,7 @@ static int ask_password_plymouth(
if (buffer[0] == 5) {
- if (accept_cached) {
+ if (flags & ASK_PASSWORD_ACCEPT_CACHED) {
/* Hmm, first try with cached
* passwords failed, so let's retry
* with a normal password request */
@@ -169,7 +173,7 @@ static int ask_password_plymouth(
if (r < 0)
return r;
- accept_cached = false;
+ flags &= ~ASK_PASSWORD_ACCEPT_CACHED;
p = 0;
continue;
}
@@ -197,7 +201,7 @@ static int ask_password_plymouth(
if (!l)
return -ENOMEM;
- *_passphrases = l;
+ *ret = l;
break;
} else
@@ -282,7 +286,7 @@ static int parse_password(const char *filename, char **wall) {
if (arg_plymouth) {
_cleanup_strv_free_ char **passwords = NULL;
- r = ask_password_plymouth(message, not_after, filename, accept_cached, &passwords);
+ r = ask_password_plymouth(message, not_after, accept_cached ? ASK_PASSWORD_ACCEPT_CACHED : 0, filename, &passwords);
if (r >= 0) {
char **p;
@@ -313,7 +317,7 @@ static int parse_password(const char *filename, char **wall) {
return log_error_errno(tty_fd, "Failed to acquire /dev/console: %m");
}
- r = ask_password_tty(message, not_after, echo, filename, &password);
+ r = ask_password_tty(message, NULL, not_after, echo ? ASK_PASSWORD_ECHO : 0, filename, &password);
if (arg_console) {
tty_fd = safe_close(tty_fd);
@@ -360,6 +364,8 @@ static int wall_tty_block(void) {
int fd, r;
r = get_ctty_devnr(0, &devnr);
+ if (r == -ENXIO) /* We have no controlling tty */
+ return -ENOTTY;
if (r < 0)
return log_error_errno(r, "Failed to get controlling TTY: %m");