From e287086b8aa2558356af225a12d9bfea8e7d61ca Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 7 Oct 2015 11:26:10 +0200
Subject: ask-password: add support for caching passwords in the kernel keyring

This adds support for caching harddisk passwords in the kernel keyring
if it is available, thus supporting caching without Plymouth being
around.

This is also useful for hooking up "gdm-auto-login" with the collected
boot-time harddisk password, in order to support gnome keyring
passphrase unlocking via the HDD password, if it is the same.

Any passwords added to the kernel keyring this way have a timeout of
2.5min at which time they are purged from the kernel.
---
 .../tty-ask-password-agent.c                       | 34 +++++++++++++---------
 1 file changed, 20 insertions(+), 14 deletions(-)

(limited to 'src/tty-ask-password-agent/tty-ask-password-agent.c')

diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c
index e1e2945c06..5dbc0a9bcc 100644
--- a/src/tty-ask-password-agent/tty-ask-password-agent.c
+++ b/src/tty-ask-password-agent/tty-ask-password-agent.c
@@ -58,9 +58,9 @@ static bool arg_console = false;
 static int ask_password_plymouth(
                 const char *message,
                 usec_t until,
+                AskPasswordFlags flags,
                 const char *flag_file,
-                bool accept_cached,
-                char ***_passphrases) {
+                char ***ret) {
 
         _cleanup_close_ int fd = -1, notify = -1;
         union sockaddr_union sa = PLYMOUTH_SOCKET;
@@ -75,7 +75,7 @@ static int ask_password_plymouth(
                 POLL_INOTIFY
         };
 
-        assert(_passphrases);
+        assert(ret);
 
         if (flag_file) {
                 notify = inotify_init1(IN_CLOEXEC|IN_NONBLOCK);
@@ -95,12 +95,11 @@ static int ask_password_plymouth(
         if (r < 0)
                 return -errno;
 
-        if (accept_cached) {
+        if (flags & ASK_PASSWORD_ACCEPT_CACHED) {
                 packet = strdup("c");
                 n = 1;
         } else if (asprintf(&packet, "*\002%c%s%n", (int) (strlen(message) + 1), message, &n) < 0)
                 packet = NULL;
-
         if (!packet)
                 return -ENOMEM;
 
@@ -130,7 +129,7 @@ static int ask_password_plymouth(
                 if (flag_file && access(flag_file, F_OK) < 0)
                         return -errno;
 
-                j = poll(pollfd, notify > 0 ? 2 : 1, sleep_for);
+                j = poll(pollfd, notify >= 0 ? 2 : 1, sleep_for);
                 if (j < 0) {
                         if (errno == EINTR)
                                 continue;
@@ -139,15 +138,20 @@ static int ask_password_plymouth(
                 } else if (j == 0)
                         return -ETIME;
 
-                if (notify > 0 && pollfd[POLL_INOTIFY].revents != 0)
+                if (notify >= 0 && pollfd[POLL_INOTIFY].revents != 0)
                         flush_fd(notify);
 
                 if (pollfd[POLL_SOCKET].revents == 0)
                         continue;
 
                 k = read(fd, buffer + p, sizeof(buffer) - p);
-                if (k <= 0)
-                        return r = k < 0 ? -errno : -EIO;
+                if (k < 0) {
+                        if (errno == EINTR || errno == EAGAIN)
+                                continue;
+
+                        return -errno;
+                } else if (k == 0)
+                        return -EIO;
 
                 p += k;
 
@@ -156,7 +160,7 @@ static int ask_password_plymouth(
 
                 if (buffer[0] == 5) {
 
-                        if (accept_cached) {
+                        if (flags & ASK_PASSWORD_ACCEPT_CACHED) {
                                 /* Hmm, first try with cached
                                  * passwords failed, so let's retry
                                  * with a normal password request */
@@ -169,7 +173,7 @@ static int ask_password_plymouth(
                                 if (r < 0)
                                         return r;
 
-                                accept_cached = false;
+                                flags &= ~ASK_PASSWORD_ACCEPT_CACHED;
                                 p = 0;
                                 continue;
                         }
@@ -197,7 +201,7 @@ static int ask_password_plymouth(
                         if (!l)
                                 return -ENOMEM;
 
-                        *_passphrases = l;
+                        *ret = l;
                         break;
 
                 } else
@@ -282,7 +286,7 @@ static int parse_password(const char *filename, char **wall) {
                 if (arg_plymouth) {
                         _cleanup_strv_free_ char **passwords = NULL;
 
-                        r = ask_password_plymouth(message, not_after, filename, accept_cached, &passwords);
+                        r = ask_password_plymouth(message, not_after, accept_cached ? ASK_PASSWORD_ACCEPT_CACHED : 0, filename, &passwords);
                         if (r >= 0) {
                                 char **p;
 
@@ -313,7 +317,7 @@ static int parse_password(const char *filename, char **wall) {
                                         return log_error_errno(tty_fd, "Failed to acquire /dev/console: %m");
                         }
 
-                        r = ask_password_tty(message, not_after, echo, filename, &password);
+                        r = ask_password_tty(message, NULL, not_after, echo ? ASK_PASSWORD_ECHO : 0, filename, &password);
 
                         if (arg_console) {
                                 tty_fd = safe_close(tty_fd);
@@ -360,6 +364,8 @@ static int wall_tty_block(void) {
         int fd, r;
 
         r = get_ctty_devnr(0, &devnr);
+        if (r == -ENXIO) /* We have no controlling tty */
+                return -ENOTTY;
         if (r < 0)
                 return log_error_errno(r, "Failed to get controlling TTY: %m");
 
-- 
cgit v1.2.3-54-g00ecf