summaryrefslogtreecommitdiff
path: root/src/tty-ask-password-agent
AgeCommit message (Collapse)Author
2017-02-05treewide: replace homegrown memory_erase with explicit_bzeroZbigniew Jędrzejewski-Szmek
explicit_bzero was added in glibc 2.25. Make use of it. explicit_bzero is hardcoded to zero the memory, so string erase now truncates the string, instead of overwriting it with 'x'. This causes a visible difference only in the journalctl case.
2016-10-10core: when determining whether a process exit status is clean, consider ↵Lennart Poettering
whether it is a command or a daemon SIGTERM should be considered a clean exit code for daemons (i.e. long-running processes, as a daemon without SIGTERM handler may be shut down without issues via SIGTERM still) while it should not be considered a clean exit code for commands (i.e. short-running processes). Let's add two different clean checking modes for this, and use the right one at the appropriate places. Fixes: #4275
2016-05-24ask-password: ask for passphrases not only on the first console of /dev/consoleWerner Fink
but also on all other consoles. This does help on e.g. mainframes where often a serial console together with other consoles are used. Even rack based servers attachted to both a serial console as well as having a virtual console do sometimes miss a connected monitor. To be able to ask on all terminal devices of /dev/console the devices are collected. If more than one device are found, then on each of the terminals a inquiring task for passphrase is forked and do not return to the caller. Every task has its own session and its own controlling terminal. If one of the tasks does handle a password, the remaining tasks will be terminated. Also let contradictory options on the command of systemd-tty-ask-password-agent fail. Spwan for each device of the system console /dev/console a own process. Replace the system call wait() with with system call waitid(). Use SIGTERM instead of SIGHUP to get unresponsive childs down. Port the collect_consoles() function forward to a pulbic and strv based function "get_kernel_consoles()" in terminal-util.c and use this in tty-ask-password-agent.c.
2016-05-05tree-wide: introduce new SOCKADDR_UN_LEN() macro, and use it everywhereLennart Poettering
The macro determines the right length of a AF_UNIX "struct sockaddr_un" to pass to connect() or bind(). It automatically figures out if the socket refers to an abstract namespace socket, or a socket in the file system, and properly handles the full length of the path field. This macro is not only safer, but also simpler to use, than the usual offsetof() + strlen() logic.
2016-04-28tree-wide: rename hidden_file to hidden_or_backup_file and optimizeZbigniew Jędrzejewski-Szmek
In standard linux parlance, "hidden" usually means that the file name starts with ".", and nothing else. Rename the function to convey what the function does better to casual readers. Stop exposing hidden_file_allow_backup which is rather ugly and rewrite hidden_file to extract the suffix first. Note that hidden_file_allow_backup excluded files with "~" at the end, which is quite confusing. Let's get rid of it before it gets used in the wrong place.
2016-02-10Merge pull request #2495 from heftig/masterLennart Poettering
tty-ask-password: Split out password sending
2016-02-10tree-wide: remove Emacs lines from all filesDaniel Mack
This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.
2016-02-03tty-ask-password: Split out password sendingJan Alexander Steffens (heftig)
This is a piece of refactoring I've done while looking for a solution to bug #2378. It separates the password sending from `parse_password`, which only needs to know about the socket path and the list of passwords to send. As a caveat, the `ask_password_tty` path needs to construct a one-password strv, too.
2015-11-05tty-ask-password-agent: fix typo in error messageMichal Schmidt
2015-10-27util-lib: split out allocation calls into alloc-util.[ch]Lennart Poettering
2015-10-27util-lib: introduce dirent-util.[ch] for directory entry callsLennart Poettering
Also, move a couple of more path-related functions to path-util.c.
2015-10-26util-lib: split out IO related calls to io-util.[ch]Lennart Poettering
2015-10-25util-lib: split out fd-related operations into fd-util.[ch]Lennart Poettering
There are more than enough to deserve their own .c file, hence move them over.
2015-10-24util-lib: split our string related calls from util.[ch] into its own file ↵Lennart Poettering
string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
2015-10-19strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_Zbigniew Jędrzejewski-Szmek
2015-10-19tree-wide: whenever we deal with passwords, erase them from memory after useLennart Poettering
A bit snake-oilish, but can't hurt.
2015-10-14tty-ask-password-agent: don't warn if we cannot disable wall messages on the ↵Lennart Poettering
calling tty For example, due to perm issues. THis simply downgrades the message about it, since this is purely cosmetical anyway. Fixes #1543.
2015-10-08util: do not reset terminal in acquire_terminal()Lennart Poettering
Before, we'd always reset acquired terminals, which is not really desired, as we expose a setting TTYReset= which is supposed to control whether the TTY is reset or not. Previously that setting would only enable a second resetting of the TTY, which is of course pointless... Hence, move the implicit resetting out of acquire_terminal() and make the callers do it if they need it.
2015-10-07ask-password: add support for caching passwords in the kernel keyringLennart Poettering
This adds support for caching harddisk passwords in the kernel keyring if it is available, thus supporting caching without Plymouth being around. This is also useful for hooking up "gdm-auto-login" with the collected boot-time harddisk password, in order to support gnome keyring passphrase unlocking via the HDD password, if it is the same. Any passwords added to the kernel keyring this way have a timeout of 2.5min at which time they are purged from the kernel.
2015-10-06ask-password: various modernizationsLennart Poettering
Primarily clean-up error logging: log either all or no error messages in the various functions. Mostly this means the actual password querying calls no longer will log on their own, but the callers have to do so. Contains various other fixes too, for example ports some code over to use the clean-up macro. Should contain no functional changes.
2015-09-30tree-wide: use strempty() where possibleDaniel Mack
Also add a Coccinell patch to detect such locations in the future.
2015-09-29tty-ask-password: minor modernizationsLennart Poettering
2015-09-29util: introduce common version() implementation and use it everywhereLennart Poettering
This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-07-31tree-wide: introduce mfree()David Herrmann
Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-06-15everywhere: port everything to sigprocmask_many() and friendsLennart Poettering
This ports a lot of manual code over to sigprocmask_many() and friends. Also, we now consistly check for sigprocmask() failures with assert_se(), since the call cannot realistically fail unless there's a programming error. Also encloses a few sd_event_add_signal() calls with (void) when we ignore the return values for it knowingly.
2015-05-29util: split out signal-util.[ch] from util.[ch]Lennart Poettering
No functional changes.
2015-04-24shared/utmp-wtmp: add parameter for origin tty and callback userdataDaniel Mack
Instead of looking up the tty from STDIN, let utmp_wall() take an argument to specify an origin tty for the wall message. Only if that argument is NULL do the STDIN lookup. Also add an void *userdata argument that is handed back to the callback function.
2015-04-11shared: add terminal-util.[ch]Ronny Chevalier
2015-04-10shared: add process-util.[ch]Ronny Chevalier
2015-02-12include <poll.h> instead of <sys/poll.h>Thomas Hindoe Paaboel Andersen
include-what-you-use automatically does this and it makes finding unnecessary harder to spot. The only content of poll.h is a include of sys/poll.h so should be harmless.
2015-02-03util: rework strappenda(), and rename it strjoina()Lennart Poettering
After all it is now much more like strjoin() than strappend(). At the same time, add support for NULL sentinels, even if they are normally not necessary.
2014-12-19util: rename ignore_file() to hidden_file()Lennart Poettering
hidden_file() is a bit more precise, since dot files usually shouldn't be ignored, but certainly be considered hidden.
2014-12-09treewide: sanitize loop_writeZbigniew Jędrzejewski-Szmek
loop_write() didn't follow the usual systemd rules and returned status partially in errno and required extensive checks from callers. Some of the callers dealt with this properly, but many did not, treating partial writes as successful. Simplify things by conforming to usual rules.
2014-11-28treewide: another round of simplificationsMichal Schmidt
Using the same scripts as in f647962d64e "treewide: yet more log_*_errno + return simplifications".
2014-11-28treewide: use log_*_errno whenever %m is in the format stringMichal Schmidt
If the format string contains %m, clearly errno must have a meaningful value, so we might as well use log_*_errno to have ERRNO= logged. Using: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/' Plus some whitespace, linewrap, and indent adjustments.
2014-11-28treewide: yet more log_*_errno + return simplificationsMichal Schmidt
Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.
2014-11-28treewide: no need to negate errno for log_*_errno()Michal Schmidt
It corrrectly handles both positive and negative errno values.
2014-11-28treewide: auto-convert the simple cases to log_*_errno()Michal Schmidt
As a followup to 086891e5c1 "log: add an "error" parameter to all low-level logging calls and intrdouce log_error_errno() as log calls that take error numbers", use sed to convert the simple cases to use the new macros: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/' Multi-line log_*() invocations are not covered. And we also should add log_unit_*_errno().
2014-10-05ask-password: Add --echo to enable echoing the user inputDavid Sommerseth
Programs such as OpenVPN may use ask-password for not only retrieving passwords, but also usernames. Masking usernames with * seems just silly. v2 - Don't mess with termios flags, instead print the input instead of an asterix. Resolves issues with backspace and TAB input. v3 - Renamed 'do_echo' variables and argument to 'echo'. Also modified the ask_password_{tty,agent,auto} API instead of additional wrapper functions. [zj: undo changes to ask_password_auto, since no callers were using the new argument.]
2014-10-02Correct a few typosTorstein Husebø
2014-08-03tty-ask-password-agent: modernizationZbigniew Jędrzejewski-Szmek
2014-08-03Unify parse_argv styleZbigniew Jędrzejewski-Szmek
getopt is usually good at printing out a nice error message when commandline options are invalid. It distinguishes between an unknown option and a known option with a missing arg. It is better to let it do its job and not use opterr=0 unless we actually want to suppress messages. So remove opterr=0 in the few places where it wasn't really useful. When an error in options is encountered, we should not print a lengthy help() and overwhelm the user, when we know precisely what is wrong with the commandline. In addition, since help() prints to stdout, it should not be used except when requested with -h or --help. Also, simplify things here and there.
2014-07-29time-util: add and use USEC/NSEC_INFINIYKay Sievers
2014-07-26Always check asprintf return codeKarel Zak
There is a small number of the places in sources where we don't check asprintf() return code and assume that after error the function returns NULL pointer via the first argument. That's wrong, after error the content of pointer is undefined.
2014-07-16tty-ask-password-agent: modernizationZbigniew Jędrzejewski-Szmek
2014-07-16Let config_parse open file where applicableZbigniew Jędrzejewski-Szmek
Special care is needed so that we get an error message if the file failed to parse, but not when it is missing. To avoid duplicating the same error check in every caller, add an additional 'warn' boolean to tell config_parse whether a message should be issued. This makes things both shorter and more robust wrt. to error reporting.
2014-07-15Constify ConfigTableItem tablesZbigniew Jędrzejewski-Szmek
2014-06-01tty-ask-password-agent: Do tell what directory we failed to openCristian Rodríguez
2014-04-05tty-ask-password-agent: return negative errnoFlorian Albrechtskirchinger
Return negative errno in wall_tty_block(). get_ctty_devnr() already returns a negative errno in case of failure, no need to negate it again. Reported-by: Simon <hwold@odai.homelinux.net>
2014-03-18util: replace close_nointr_nofail() by a more useful safe_close()Lennart Poettering
safe_close() automatically becomes a NOP when a negative fd is passed, and returns -1 unconditionally. This makes it easy to write lines like this: fd = safe_close(fd); Which will close an fd if it is open, and reset the fd variable correctly. By making use of this new scheme we can drop a > 200 lines of code that was required to test for non-negative fds or to reset the closed fd variable afterwards.