diff options
Diffstat (limited to 'src/shared/ask-password-api.c')
| -rw-r--r-- | src/shared/ask-password-api.c | 372 | 
1 files changed, 258 insertions, 114 deletions
| diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c index ca4c24ebde..ddf42f11e1 100644 --- a/src/shared/ask-password-api.c +++ b/src/shared/ask-password-api.c @@ -18,28 +18,162 @@    You should have received a copy of the GNU Lesser General Public License    along with systemd; If not, see <http://www.gnu.org/licenses/>.  ***/ -#include <stdbool.h> -#include <termios.h> -#include <unistd.h> -#include <poll.h> -#include <sys/inotify.h> +  #include <errno.h>  #include <fcntl.h> -#include <sys/socket.h> -#include <string.h> -#include <sys/un.h> +#include <poll.h> +#include <stdbool.h>  #include <stddef.h> +#include <string.h> +#include <sys/inotify.h>  #include <sys/signalfd.h> +#include <sys/socket.h> +#include <sys/un.h> +#include <termios.h> +#include <unistd.h> -#include "util.h"  #include "formats-util.h" +#include "missing.h"  #include "mkdir.h" -#include "strv.h"  #include "random-util.h" -#include "terminal-util.h"  #include "signal-util.h" +#include "socket-util.h" +#include "strv.h" +#include "terminal-util.h" +#include "util.h"  #include "ask-password-api.h" +#define KEYRING_TIMEOUT_USEC ((5 * USEC_PER_MINUTE) / 2) + +static int lookup_key(const char *keyname, key_serial_t *ret) { +        key_serial_t serial; + +        assert(keyname); +        assert(ret); + +        serial = request_key("user", keyname, NULL, 0); +        if (serial == -1) +                return -errno; + +        *ret = serial; +        return 0; +} + +static int retrieve_key(key_serial_t serial, char ***ret) { +        _cleanup_free_ char *p = NULL; +        long m = 100, n; +        char **l; + +        assert(ret); + +        for (;;) { +                p = new(char, m); +                if (!p) +                        return -ENOMEM; + +                n = keyctl(KEYCTL_READ, (unsigned long) serial, (unsigned long) p, (unsigned long) m, 0); +                if (n < 0) +                        return -errno; + +                if (n < m) +                        break; + +                memory_erase(p, n); +                free(p); +                m *= 2; +        } + +        l = strv_parse_nulstr(p, n); +        if (!l) +                return -ENOMEM; + +        memory_erase(p, n); + +        *ret = l; +        return 0; +} + +static int add_to_keyring(const char *keyname, AskPasswordFlags flags, char **passwords) { +        _cleanup_strv_free_erase_ char **l = NULL; +        _cleanup_free_ char *p = NULL; +        key_serial_t serial; +        size_t n; +        int r; + +        assert(keyname); +        assert(passwords); + +        if (!(flags & ASK_PASSWORD_PUSH_CACHE)) +                return 0; + +        r = lookup_key(keyname, &serial); +        if (r >= 0) { +                r = retrieve_key(serial, &l); +                if (r < 0) +                        return r; +        } else if (r != -ENOKEY) +                return r; + +        r = strv_extend_strv(&l, passwords, true); +        if (r <= 0) +                return r; + +        r = strv_make_nulstr(l, &p, &n); +        if (r < 0) +                return r; + +        /* Truncate trailing NUL */ +        assert(n > 0); +        assert(p[n-1] == 0); + +        serial = add_key("user", keyname, p, n-1, KEY_SPEC_USER_KEYRING); +        memory_erase(p, n); +        if (serial == -1) +                return -errno; + +        if (keyctl(KEYCTL_SET_TIMEOUT, +                   (unsigned long) serial, +                   (unsigned long) DIV_ROUND_UP(KEYRING_TIMEOUT_USEC, USEC_PER_SEC), 0, 0) < 0) +                log_debug_errno(errno, "Failed to adjust timeout: %m"); + +        log_debug("Added key to keyring as %" PRIi32 ".", serial); + +        return 1; +} + +static int add_to_keyring_and_log(const char *keyname, AskPasswordFlags flags, char **passwords) { +        int r; + +        assert(keyname); +        assert(passwords); + +        r = add_to_keyring(keyname, flags, passwords); +        if (r < 0) +                return log_debug_errno(r, "Failed to add password to keyring: %m"); + +        return 0; +} + +int ask_password_keyring(const char *keyname, AskPasswordFlags flags, char ***ret) { + +        key_serial_t serial; +        int r; + +        assert(keyname); +        assert(ret); + +        if (!(flags & ASK_PASSWORD_ACCEPT_CACHED)) +                return -EUNATCH; + +        r = lookup_key(keyname, &serial); +        if (r == -ENOSYS) /* when retrieving the distinction doesn't matter */ +                return -ENOKEY; +        if (r < 0) +                return r; + +        return retrieve_key(serial, ret); +} +  static void backspace_chars(int ttyfd, size_t p) {          if (ttyfd < 0) @@ -54,10 +188,11 @@ static void backspace_chars(int ttyfd, size_t p) {  int ask_password_tty(                  const char *message, +                const char *keyname,                  usec_t until, -                bool echo, +                AskPasswordFlags flags,                  const char *flag_file, -                char **_passphrase) { +                char **ret) {          struct termios old_termios, new_termios;          char passphrase[LINE_MAX], *x; @@ -66,15 +201,19 @@ int ask_password_tty(          _cleanup_close_ int ttyfd = -1, notify = -1;          struct pollfd pollfd[2];          bool reset_tty = false; -        bool silent_mode = false;          bool dirty = false;          enum {                  POLL_TTY,                  POLL_INOTIFY          }; -        assert(message); -        assert(_passphrase); +        assert(ret); + +        if (flags & ASK_PASSWORD_NO_TTY) +                return -EUNATCH; + +        if (!message) +                message = "Password:";          if (flag_file) {                  notify = inotify_init1(IN_CLOEXEC|IN_NONBLOCK); @@ -97,10 +236,10 @@ int ask_password_tty(                          goto finish;                  } -                loop_write(ttyfd, ANSI_HIGHLIGHT_ON, sizeof(ANSI_HIGHLIGHT_ON)-1, false); +                loop_write(ttyfd, ANSI_HIGHLIGHT, strlen(ANSI_HIGHLIGHT), false);                  loop_write(ttyfd, message, strlen(message), false);                  loop_write(ttyfd, " ", 1, false); -                loop_write(ttyfd, ANSI_HIGHLIGHT_OFF, sizeof(ANSI_HIGHLIGHT_OFF)-1, false); +                loop_write(ttyfd, ANSI_NORMAL, strlen(ANSI_NORMAL), false);                  new_termios = old_termios;                  new_termios.c_lflag &= ~(ICANON|ECHO); @@ -145,7 +284,7 @@ int ask_password_tty(                                  goto finish;                          } -                k = poll(pollfd, notify > 0 ? 2 : 1, sleep_for); +                k = poll(pollfd, notify >= 0 ? 2 : 1, sleep_for);                  if (k < 0) {                          if (errno == EINTR)                                  continue; @@ -157,7 +296,7 @@ int ask_password_tty(                          goto finish;                  } -                if (notify > 0 && pollfd[POLL_INOTIFY].revents != 0) +                if (notify >= 0 && pollfd[POLL_INOTIFY].revents != 0)                          flush_fd(notify);                  if (pollfd[POLL_TTY].revents == 0) @@ -178,7 +317,7 @@ int ask_password_tty(                          break;                  else if (c == 21) { /* C-u */ -                        if (!silent_mode) +                        if (!(flags & ASK_PASSWORD_SILENT))                                  backspace_chars(ttyfd, p);                          p = 0; @@ -186,28 +325,28 @@ int ask_password_tty(                          if (p > 0) { -                                if (!silent_mode) +                                if (!(flags & ASK_PASSWORD_SILENT))                                          backspace_chars(ttyfd, 1);                                  p--; -                        } else if (!dirty && !silent_mode) { +                        } else if (!dirty && !(flags & ASK_PASSWORD_SILENT)) { -                                silent_mode = true; +                                flags |= ASK_PASSWORD_SILENT;                                  /* There are two ways to enter silent                                   * mode. Either by pressing backspace -                                 * as first key (and only as first key), -                                 * or ... */ +                                 * as first key (and only as first +                                 * key), or ... */                                  if (ttyfd >= 0)                                          loop_write(ttyfd, "(no echo) ", 10, false);                          } else if (ttyfd >= 0)                                  loop_write(ttyfd, "\a", 1, false); -                } else if (c == '\t' && !silent_mode) { +                } else if (c == '\t' && !(flags & ASK_PASSWORD_SILENT)) {                          backspace_chars(ttyfd, p); -                        silent_mode = true; +                        flags |= ASK_PASSWORD_SILENT;                          /* ... or by pressing TAB at any time. */ @@ -221,20 +360,26 @@ int ask_password_tty(                          passphrase[p++] = c; -                        if (!silent_mode && ttyfd >= 0) -                                loop_write(ttyfd, echo ? &c : "*", 1, false); +                        if (!(flags & ASK_PASSWORD_SILENT) && ttyfd >= 0) +                                loop_write(ttyfd, (flags & ASK_PASSWORD_ECHO) ? &c : "*", 1, false);                          dirty = true;                  } + +                c = 'x';          }          x = strndup(passphrase, p); +        memory_erase(passphrase, p);          if (!x) {                  r = -ENOMEM;                  goto finish;          } -        *_passphrase = x; +        if (keyname) +                (void) add_to_keyring_and_log(keyname, flags, STRV_MAKE(x)); + +        *ret = x;          r = 0;  finish: @@ -247,52 +392,38 @@ finish:  }  static int create_socket(char **name) { -        int fd; -        union { -                struct sockaddr sa; -                struct sockaddr_un un; -        } sa = { +        union sockaddr_union sa = {                  .un.sun_family = AF_UNIX,          }; -        int one = 1; -        int r = 0; +        _cleanup_close_ int fd = -1; +        static const int one = 1;          char *c; +        int r;          assert(name);          fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);          if (fd < 0) -                return log_error_errno(errno, "socket() failed: %m"); +                return -errno;          snprintf(sa.un.sun_path, sizeof(sa.un.sun_path)-1, "/run/systemd/ask-password/sck.%" PRIx64, random_u64());          RUN_WITH_UMASK(0177) { -                r = bind(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path)); +                if (bind(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path)) < 0) +                        return -errno;          } -        if (r < 0) { -                r = -errno; -                log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path); -                goto fail; -        } - -        if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0) { -                r = -errno; -                log_error_errno(errno, "SO_PASSCRED failed: %m"); -                goto fail; -        } +        if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0) +                return -errno;          c = strdup(sa.un.sun_path); -        if (!c) { -                r = log_oom(); -                goto fail; -        } +        if (!c) +                return -ENOMEM;          *name = c; -        return fd; -fail: -        safe_close(fd); +        r = fd; +        fd = -1;          return r;  } @@ -301,10 +432,10 @@ int ask_password_agent(                  const char *message,                  const char *icon,                  const char *id, +                const char *keyname,                  usec_t until, -                bool echo, -                bool accept_cached, -                char ***_passphrases) { +                AskPasswordFlags flags, +                char ***ret) {          enum {                  FD_SOCKET, @@ -312,35 +443,37 @@ int ask_password_agent(                  _FD_MAX          }; +        _cleanup_close_ int socket_fd = -1, signal_fd = -1, fd = -1;          char temp[] = "/run/systemd/ask-password/tmp.XXXXXX";          char final[sizeof(temp)] = ""; -        _cleanup_fclose_ FILE *f = NULL;          _cleanup_free_ char *socket_name = NULL; -        _cleanup_close_ int socket_fd = -1, signal_fd = -1, fd = -1; -        sigset_t mask, oldmask; +        _cleanup_strv_free_ char **l = NULL; +        _cleanup_fclose_ FILE *f = NULL;          struct pollfd pollfd[_FD_MAX]; +        sigset_t mask, oldmask;          int r; -        assert(_passphrases); +        assert(ret); + +        if (flags & ASK_PASSWORD_NO_AGENT) +                return -EUNATCH;          assert_se(sigemptyset(&mask) >= 0);          assert_se(sigset_add_many(&mask, SIGINT, SIGTERM, -1) >= 0);          assert_se(sigprocmask(SIG_BLOCK, &mask, &oldmask) >= 0); -        mkdir_p_label("/run/systemd/ask-password", 0755); +        (void) mkdir_p_label("/run/systemd/ask-password", 0755);          fd = mkostemp_safe(temp, O_WRONLY|O_CLOEXEC);          if (fd < 0) { -                log_error_errno(errno, "Failed to create password file: %m");                  r = -errno;                  goto finish;          } -        fchmod(fd, 0644); +        (void) fchmod(fd, 0644);          f = fdopen(fd, "w");          if (!f) { -                log_error_errno(errno, "Failed to allocate FILE: %m");                  r = -errno;                  goto finish;          } @@ -349,7 +482,6 @@ int ask_password_agent(          signal_fd = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC);          if (signal_fd < 0) { -                log_error_errno(errno, "signalfd(): %m");                  r = -errno;                  goto finish;          } @@ -369,8 +501,8 @@ int ask_password_agent(                  "NotAfter="USEC_FMT"\n",                  getpid(),                  socket_name, -                accept_cached ? 1 : 0, -                echo ? 1 : 0, +                (flags & ASK_PASSWORD_ACCEPT_CACHED) ? 1 : 0, +                (flags & ASK_PASSWORD_ECHO) ? 1 : 0,                  until);          if (message) @@ -383,10 +515,8 @@ int ask_password_agent(                  fprintf(f, "Id=%s\n", id);          r = fflush_and_check(f); -        if (r < 0) { -                log_error_errno(r, "Failed to write query file: %m"); +        if (r < 0)                  goto finish; -        }          memcpy(final, temp, sizeof(temp)); @@ -395,7 +525,6 @@ int ask_password_agent(          final[sizeof(final)-9] = 'k';          if (rename(temp, final) < 0) { -                log_error_errno(errno, "Failed to rename query file: %m");                  r = -errno;                  goto finish;          } @@ -422,7 +551,6 @@ int ask_password_agent(                  t = now(CLOCK_MONOTONIC);                  if (until > 0 && until <= t) { -                        log_notice("Timed out");                          r = -ETIME;                          goto finish;                  } @@ -432,13 +560,11 @@ int ask_password_agent(                          if (errno == EINTR)                                  continue; -                        log_error_errno(errno, "poll() failed: %m");                          r = -errno;                          goto finish;                  }                  if (k <= 0) { -                        log_notice("Timed out");                          r = -ETIME;                          goto finish;                  } @@ -449,7 +575,6 @@ int ask_password_agent(                  }                  if (pollfd[FD_SOCKET].revents != POLLIN) { -                        log_error("Unexpected poll() event.");                          r = -EIO;                          goto finish;                  } @@ -471,7 +596,6 @@ int ask_password_agent(                              errno == EINTR)                                  continue; -                        log_error_errno(errno, "recvmsg() failed: %m");                          r = -errno;                          goto finish;                  } @@ -479,7 +603,7 @@ int ask_password_agent(                  cmsg_close_all(&msghdr);                  if (n <= 0) { -                        log_error("Message too short"); +                        log_debug("Message too short");                          continue;                  } @@ -487,84 +611,104 @@ int ask_password_agent(                      control.cmsghdr.cmsg_level != SOL_SOCKET ||                      control.cmsghdr.cmsg_type != SCM_CREDENTIALS ||                      control.cmsghdr.cmsg_len != CMSG_LEN(sizeof(struct ucred))) { -                        log_warning("Received message without credentials. Ignoring."); +                        log_debug("Received message without credentials. Ignoring.");                          continue;                  }                  ucred = (struct ucred*) CMSG_DATA(&control.cmsghdr);                  if (ucred->uid != 0) { -                        log_warning("Got request from unprivileged user. Ignoring."); +                        log_debug("Got request from unprivileged user. Ignoring.");                          continue;                  }                  if (passphrase[0] == '+') { -                        char **l; - +                        /* An empty message refers to the empty password */                          if (n == 1)                                  l = strv_new("", NULL);                          else                                  l = strv_parse_nulstr(passphrase+1, n-1); -                                /* An empty message refers to the empty password */ - +                        memory_erase(passphrase, n);                          if (!l) {                                  r = -ENOMEM;                                  goto finish;                          }                          if (strv_length(l) <= 0) { -                                strv_free(l); -                                log_error("Invalid packet"); +                                l = strv_free(l); +                                log_debug("Invalid packet");                                  continue;                          } -                        *_passphrases = l; +                        break; +                } -                } else if (passphrase[0] == '-') { +                if (passphrase[0] == '-') {                          r = -ECANCELED;                          goto finish; -                } else { -                        log_error("Invalid packet"); -                        continue;                  } -                break; +                log_debug("Invalid packet");          } +        if (keyname) +                (void) add_to_keyring_and_log(keyname, flags, l); + +        *ret = l; +        l = NULL;          r = 0;  finish:          if (socket_name) -                unlink(socket_name); +                (void) unlink(socket_name); -        unlink(temp); +        (void) unlink(temp);          if (final[0]) -                unlink(final); +                (void) unlink(final);          assert_se(sigprocmask(SIG_SETMASK, &oldmask, NULL) == 0); -          return r;  } -int ask_password_auto(const char *message, const char *icon, const char *id, -                      usec_t until, bool accept_cached, char ***_passphrases) { -        assert(message); -        assert(_passphrases); +int ask_password_auto( +                const char *message, +                const char *icon, +                const char *id, +                const char *keyname, +                usec_t until, +                AskPasswordFlags flags, +                char ***ret) { + +        int r; -        if (isatty(STDIN_FILENO)) { -                int r; -                char *s = NULL, **l = NULL; +        assert(ret); -                r = ask_password_tty(message, until, false, NULL, &s); -                if (r < 0) +        if ((flags & ASK_PASSWORD_ACCEPT_CACHED) && keyname) { +                r = ask_password_keyring(keyname, flags, ret); +                if (r != -ENOKEY)                          return r; +        } -                r = strv_consume(&l, s); +        if (!(flags & ASK_PASSWORD_NO_TTY) && isatty(STDIN_FILENO)) { +                char *s = NULL, **l = NULL; + +                r = ask_password_tty(message, keyname, until, flags, NULL, &s);                  if (r < 0)                          return r; -                *_passphrases = l; -                return r; -        } else -                return ask_password_agent(message, icon, id, until, false, accept_cached, _passphrases); +                r = strv_push(&l, s); +                if (r < 0) { +                        string_erase(s); +                        free(s); +                        return -ENOMEM; +                } + +                *ret = l; +                return 0; +        } + +        if (!(flags & ASK_PASSWORD_NO_AGENT)) +                return ask_password_agent(message, icon, id, keyname, until, flags, ret); + +        return -EUNATCH;  } | 
