From 225690a604e73a7f90859370cc5201b599b0e823 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Wed, 10 May 2017 18:16:16 -0400 Subject: ./tools/notsd-move --- src/systemd-ask-password/GNUmakefile | 1 + src/systemd-ask-password/Makefile | 33 +++ src/systemd-ask-password/ask-password.c | 188 +++++++++++++++++ .../systemd-ask-password.completion.zsh | 12 ++ src/systemd-ask-password/systemd-ask-password.xml | 227 +++++++++++++++++++++ 5 files changed, 461 insertions(+) create mode 120000 src/systemd-ask-password/GNUmakefile create mode 100644 src/systemd-ask-password/Makefile create mode 100644 src/systemd-ask-password/ask-password.c create mode 100644 src/systemd-ask-password/systemd-ask-password.completion.zsh create mode 100644 src/systemd-ask-password/systemd-ask-password.xml (limited to 'src/systemd-ask-password') diff --git a/src/systemd-ask-password/GNUmakefile b/src/systemd-ask-password/GNUmakefile new file mode 120000 index 0000000000..54fdd42278 --- /dev/null +++ b/src/systemd-ask-password/GNUmakefile @@ -0,0 +1 @@ +../../GNUmakefile \ No newline at end of file diff --git a/src/systemd-ask-password/Makefile b/src/systemd-ask-password/Makefile new file mode 100644 index 0000000000..9b23b41513 --- /dev/null +++ b/src/systemd-ask-password/Makefile @@ -0,0 +1,33 @@ +# -*- Mode: makefile; indent-tabs-mode: t -*- +# +# This file is part of systemd. +# +# Copyright 2010-2012 Lennart Poettering +# Copyright 2010-2012 Kay Sievers +# Copyright 2013 Zbigniew Jędrzejewski-Szmek +# Copyright 2013 David Strauss +# Copyright 2016 Luke Shumaker +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# systemd is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with systemd; If not, see . +include $(dir $(lastword $(MAKEFILE_LIST)))/../../config.mk +include $(topsrcdir)/build-aux/Makefile.head.mk + +rootbin_PROGRAMS += systemd-ask-password +systemd_ask_password_SOURCES = \ + src/ask-password/ask-password.c + +systemd_ask_password_LDADD = \ + libsystemd-shared.la + +include $(topsrcdir)/build-aux/Makefile.tail.mk diff --git a/src/systemd-ask-password/ask-password.c b/src/systemd-ask-password/ask-password.c new file mode 100644 index 0000000000..ee29d1c558 --- /dev/null +++ b/src/systemd-ask-password/ask-password.c @@ -0,0 +1,188 @@ +/*** + This file is part of systemd. + + Copyright 2010 Lennart Poettering + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see . +***/ + +#include +#include +#include +#include + +#include "systemd-basic/def.h" +#include "systemd-basic/log.h" +#include "systemd-basic/macro.h" +#include "systemd-basic/strv.h" +#include "systemd-shared/ask-password-api.h" + +static const char *arg_icon = NULL; +static const char *arg_id = NULL; +static const char *arg_keyname = NULL; +static char *arg_message = NULL; +static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC; +static bool arg_multiple = false; +static bool arg_no_output = false; +static AskPasswordFlags arg_flags = ASK_PASSWORD_PUSH_CACHE; + +static void help(void) { + printf("%s [OPTIONS...] MESSAGE\n\n" + "Query the user for a system passphrase, via the TTY or an UI agent.\n\n" + " -h --help Show this help\n" + " --icon=NAME Icon name\n" + " --id=ID Query identifier (e.g. \"cryptsetup:/dev/sda5\")\n" + " --keyname=NAME Kernel key name for caching passwords (e.g. \"cryptsetup\")\n" + " --timeout=SEC Timeout in seconds\n" + " --echo Do not mask input (useful for usernames)\n" + " --no-tty Ask question via agent even on TTY\n" + " --accept-cached Accept cached passwords\n" + " --multiple List multiple passwords if available\n" + " --no-output Do not print password to standard output\n" + , program_invocation_short_name); +} + +static int parse_argv(int argc, char *argv[]) { + + enum { + ARG_ICON = 0x100, + ARG_TIMEOUT, + ARG_ECHO, + ARG_NO_TTY, + ARG_ACCEPT_CACHED, + ARG_MULTIPLE, + ARG_ID, + ARG_KEYNAME, + ARG_NO_OUTPUT, + }; + + static const struct option options[] = { + { "help", no_argument, NULL, 'h' }, + { "icon", required_argument, NULL, ARG_ICON }, + { "timeout", required_argument, NULL, ARG_TIMEOUT }, + { "echo", no_argument, NULL, ARG_ECHO }, + { "no-tty", no_argument, NULL, ARG_NO_TTY }, + { "accept-cached", no_argument, NULL, ARG_ACCEPT_CACHED }, + { "multiple", no_argument, NULL, ARG_MULTIPLE }, + { "id", required_argument, NULL, ARG_ID }, + { "keyname", required_argument, NULL, ARG_KEYNAME }, + { "no-output", no_argument, NULL, ARG_NO_OUTPUT }, + {} + }; + + int c; + + assert(argc >= 0); + assert(argv); + + while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) + + switch (c) { + + case 'h': + help(); + return 0; + + case ARG_ICON: + arg_icon = optarg; + break; + + case ARG_TIMEOUT: + if (parse_sec(optarg, &arg_timeout) < 0) { + log_error("Failed to parse --timeout parameter %s", optarg); + return -EINVAL; + } + break; + + case ARG_ECHO: + arg_flags |= ASK_PASSWORD_ECHO; + break; + + case ARG_NO_TTY: + arg_flags |= ASK_PASSWORD_NO_TTY; + break; + + case ARG_ACCEPT_CACHED: + arg_flags |= ASK_PASSWORD_ACCEPT_CACHED; + break; + + case ARG_MULTIPLE: + arg_multiple = true; + break; + + case ARG_ID: + arg_id = optarg; + break; + + case ARG_KEYNAME: + arg_keyname = optarg; + break; + + case ARG_NO_OUTPUT: + arg_no_output = true; + break; + + case '?': + return -EINVAL; + + default: + assert_not_reached("Unhandled option"); + } + + if (argc > optind) { + arg_message = strv_join(argv + optind, " "); + if (!arg_message) + return log_oom(); + } + + return 1; +} + +int main(int argc, char *argv[]) { + _cleanup_strv_free_erase_ char **l = NULL; + usec_t timeout; + char **p; + int r; + + log_parse_environment(); + log_open(); + + r = parse_argv(argc, argv); + if (r <= 0) + goto finish; + + if (arg_timeout > 0) + timeout = now(CLOCK_MONOTONIC) + arg_timeout; + else + timeout = 0; + + r = ask_password_auto(arg_message, arg_icon, arg_id, arg_keyname, timeout, arg_flags, &l); + if (r < 0) { + log_error_errno(r, "Failed to query password: %m"); + goto finish; + } + + STRV_FOREACH(p, l) { + if (!arg_no_output) + puts(*p); + + if (!arg_multiple) + break; + } + +finish: + free(arg_message); + + return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; +} diff --git a/src/systemd-ask-password/systemd-ask-password.completion.zsh b/src/systemd-ask-password/systemd-ask-password.completion.zsh new file mode 100644 index 0000000000..fa68159256 --- /dev/null +++ b/src/systemd-ask-password/systemd-ask-password.completion.zsh @@ -0,0 +1,12 @@ +#compdef systemd-ask-password + +local curcontext="$curcontext" state lstate line +_arguments \ + {-h,--help}'[Show this help]' \ + '--icon=[Icon name]:icon name:' \ + '--timeout=[Timeout in sec]:timeout (seconds):' \ + '--no-tty[Ask question via agent even on TTY]' \ + '--accept-cached[Accept cached passwords]' \ + '--multiple[List multiple passwords if available]' + +#vim: set ft=zsh sw=4 ts=4 et diff --git a/src/systemd-ask-password/systemd-ask-password.xml b/src/systemd-ask-password/systemd-ask-password.xml new file mode 100644 index 0000000000..2b6fb5a82f --- /dev/null +++ b/src/systemd-ask-password/systemd-ask-password.xml @@ -0,0 +1,227 @@ + + + + + + + + + systemd-ask-password + systemd + + + + Developer + Lennart + Poettering + lennart@poettering.net + + + + + + systemd-ask-password + 1 + + + + systemd-ask-password + Query the user for a system password + + + + + systemd-ask-password OPTIONS MESSAGE + + + + + Description + + systemd-ask-password may be used to query + a system password or passphrase from the user, using a question + message specified on the command line. When run from a TTY it will + query a password on the TTY and print it to standard output. When + run with no TTY or with it will query + the password system-wide and allow active users to respond via + several agents. The latter is only available to privileged + processes. + + The purpose of this tool is to query system-wide passwords + — that is passwords not attached to a specific user account. + Examples include: unlocking encrypted hard disks when they are + plugged in or at boot, entering an SSL certificate passphrase for + web and VPN servers. + + Existing agents are: + + + A boot-time password agent asking the user for + passwords using Plymouth + + A boot-time password agent querying the user + directly on the console + + An agent requesting password input via a + wall1 + message + + A command line agent which can be started + temporarily to process queued password + requests + + A TTY agent that is temporarily spawned during + systemctl1 + invocations + + + Additional password agents may be implemented according to + the systemd + Password Agent Specification. + + If a password is queried on a TTY, the user may press TAB to + hide the asterisks normally shown for each character typed. + Pressing Backspace as first key achieves the same effect. + + + + + Options + + The following options are understood: + + + + + + Specify an icon name alongside the password + query, which may be used in all agents supporting graphical + display. The icon name should follow the XDG + Icon Naming Specification. + + + + + Specify an identifier for this password + query. This identifier is freely choosable and allows + recognition of queries by involved agents. It should include + the subsystem doing the query and the specific object the + query is done for. Example: + --id=cryptsetup:/dev/sda5. + + + + + Configure a kernel keyring key name to use as + cache for the password. If set, then the tool will try to push + any collected passwords into the kernel keyring of the root + user, as a key of the specified name. If combined with + , it will also try to retrieve + such cached passwords from the key in the kernel keyring + instead of querying the user right away. By using this option, + the kernel keyring may be used as effective cache to avoid + repeatedly asking users for passwords, if there are multiple + objects that may be unlocked with the same password. The + cached key will have a timeout of 2.5min set, after which it + will be purged from the kernel keyring. Note that it is + possible to cache multiple passwords under the same keyname, + in which case they will be stored as NUL-separated list of + passwords. Use + keyctl1 + to access the cached key via the kernel keyring + directly. Example: --keyname=cryptsetup + + + + + + Specify the query timeout in seconds. Defaults + to 90s. A timeout of 0 waits indefinitely. + + + + + + Echo the user input instead of masking it. + This is useful when using + systemd-ask-password to query for + usernames. + + + + + + Never ask for password on current TTY even if + one is available. Always use agent system. + + + + + + If passed, accept cached passwords, i.e. + passwords previously entered. + + + + + + When used in conjunction with + accept multiple passwords. + This will output one password per line. + + + + + + Do not print passwords to standard output. + This is useful if you want to store a password in kernel + keyring with but do not want it + to show up on screen or in logs. + + + + + + + + + Exit status + + On success, 0 is returned, a non-zero failure code + otherwise. + + + + See Also + + systemd1, + systemctl1, + keyctl1, + plymouth8, + wall1 + + + + -- cgit v1.2.3-54-g00ecf