diff options
| -rw-r--r-- | src/shutdownd.c | 4 | ||||
| -rw-r--r-- | src/systemctl.c | 4 | ||||
| -rw-r--r-- | src/tty-ask-password-agent.c | 59 | ||||
| -rw-r--r-- | src/utmp-wtmp.c | 7 | ||||
| -rw-r--r-- | src/utmp-wtmp.h | 2 |
5 files changed, 66 insertions, 10 deletions
diff --git a/src/shutdownd.c b/src/shutdownd.c index bf69fb5367..143fa8d825 100644 --- a/src/shutdownd.c +++ b/src/shutdownd.c @@ -108,7 +108,7 @@ static void warn_wall(usec_t n, struct shutdownd_command *c) { return; if (c->wall_message[0]) - utmp_wall(c->wall_message); + utmp_wall(c->wall_message, NULL); else { char date[FORMAT_TIMESTAMP_MAX]; const char* prefix; @@ -126,7 +126,7 @@ static void warn_wall(usec_t n, struct shutdownd_command *c) { if (asprintf(&l, "%s%s!", prefix, format_timestamp(date, sizeof(date), c->elapse)) < 0) log_error("Failed to allocate wall message"); else { - utmp_wall(l); + utmp_wall(l, NULL); free(l); } } diff --git a/src/systemctl.c b/src/systemctl.c index 4f4b6dd6d2..372b3d0ca6 100644 --- a/src/systemctl.c +++ b/src/systemctl.c @@ -258,7 +258,7 @@ static void warn_wall(enum action action) { } if (*p) { - utmp_wall(p); + utmp_wall(p, NULL); free(p); return; } @@ -269,7 +269,7 @@ static void warn_wall(enum action action) { if (!table[action]) return; - utmp_wall(table[action]); + utmp_wall(table[action], NULL); } struct unit_info { diff --git a/src/tty-ask-password-agent.c b/src/tty-ask-password-agent.c index 2e8a92fe53..1d17e2289e 100644 --- a/src/tty-ask-password-agent.c +++ b/src/tty-ask-password-agent.c @@ -30,6 +30,7 @@ #include <unistd.h> #include <getopt.h> #include <sys/signalfd.h> +#include <fcntl.h> #include "util.h" #include "conf-parser.h" @@ -335,6 +336,55 @@ finish: return r; } +static int tty_block(void) { + char *p; + const char *t; + int fd; + + if (!(t = ttyname(STDIN_FILENO))) + return -errno; + + if (asprintf(&p, "/dev/.systemd/ask-password-block/%s", file_name_from_path(t)) < 0) + return -ENOMEM; + + mkdir_parents(p, 0700); + mkfifo(p, 0600); + + fd = open(p, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY); + free(p); + + if (fd < 0) + return -errno; + + return fd; +} + +static bool tty_match(const char *path) { + int fd; + char *p; + + /* We use named pipes to ensure that wall messages suggesting + * password entry are not printed over password prompts + * already shown. We use the fact here that opening a pipe in + * non-blocking mode for write-only will succeed only if + * there's some writer behind it. Using pipes has the + * advantage that the block will automatically go away if the + * process dies. */ + + if (asprintf(&p, "/dev/.systemd/ask-password-block/%s", file_name_from_path(path)) < 0) + return true; + + fd = open(p, O_WRONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY); + free(p); + + if (fd < 0) + return true; + + /* What, we managed to open the pipe? Then this tty is filtered. */ + close_nointr_nofail(fd); + return false; +} + static int show_passwords(void) { DIR *d; struct dirent *de; @@ -375,7 +425,7 @@ static int show_passwords(void) { free(p); if (wall) { - utmp_wall(wall); + utmp_wall(wall, tty_match); free(wall); } } @@ -394,11 +444,13 @@ static int watch_passwords(void) { _FD_MAX }; - int notify = -1, signal_fd = -1; + int notify = -1, signal_fd = -1, tty_block_fd = -1; struct pollfd pollfd[_FD_MAX]; sigset_t mask; int r; + tty_block_fd = tty_block(); + mkdir_p("/dev/.systemd/ask-password", 0755); if ((notify = inotify_init1(IN_CLOEXEC)) < 0) { @@ -456,6 +508,9 @@ finish: if (signal_fd >= 0) close_nointr_nofail(signal_fd); + if (tty_block_fd >= 0) + close_nointr_nofail(tty_block_fd); + return r; } diff --git a/src/utmp-wtmp.c b/src/utmp-wtmp.c index 41589303ba..83da640bf3 100644 --- a/src/utmp-wtmp.c +++ b/src/utmp-wtmp.c @@ -358,7 +358,7 @@ finish: return r; } -int utmp_wall(const char *message) { +int utmp_wall(const char *message, bool (*match_tty)(const char *tty)) { struct utmpx *u; char date[FORMAT_TIMESTAMP_MAX]; char *text = NULL, *hn = NULL, *un = NULL, *tty = NULL; @@ -407,8 +407,9 @@ int utmp_wall(const char *message) { path = buf; } - if ((q = write_to_terminal(path, text)) < 0) - r = q; + if (!match_tty || match_tty(path)) + if ((q = write_to_terminal(path, text)) < 0) + r = q; free(buf); } diff --git a/src/utmp-wtmp.h b/src/utmp-wtmp.h index 86bc6bd3fc..4054aff7ea 100644 --- a/src/utmp-wtmp.h +++ b/src/utmp-wtmp.h @@ -33,6 +33,6 @@ int utmp_put_runlevel(usec_t timestamp, int runlevel, int previous); int utmp_put_dead_process(const char *id, pid_t pid, int code, int status); int utmp_put_init_process(usec_t timestamp, const char *id, pid_t pid, pid_t sid, const char *line); -int utmp_wall(const char *message); +int utmp_wall(const char *message, bool (*match_tty)(const char *tty)); #endif |