src/tty-ask-password-agent.c

   1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
   2
   3 /***
   4   This file is part of systemd.
   5
   6   Copyright 2010 Lennart Poettering
   7
   8   systemd is free software; you can redistribute it and/or modify it
   9   under the terms of the GNU General Public License as published by
  10   the Free Software Foundation; either version 2 of the License, or
  11   (at your option) any later version.
  12
  13   systemd is distributed in the hope that it will be useful, but
  14   WITHOUT ANY WARRANTY; without even the implied warranty of
  15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  16   General Public License for more details.
  17
  18   You should have received a copy of the GNU General Public License
  19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  20 ***/
  21
  22 #include <stdbool.h>
  23 #include <errno.h>
  24 #include <string.h>
  25 #include <sys/socket.h>
  26 #include <sys/un.h>
  27 #include <stddef.h>
  28 #include <sys/poll.h>
  29 #include <sys/inotify.h>
  30 #include <unistd.h>
  31 #include <getopt.h>
  32
  33 #include "util.h"
  34 #include "conf-parser.h"
  35 #include "utmp-wtmp.h"
  36
  37 static enum {
  38         ACTION_LIST,
  39         ACTION_QUERY,
  40         ACTION_WATCH,
  41         ACTION_WALL
  42 } arg_action = ACTION_QUERY;
  43
  44 static int parse_password(const char *filename) {
  45         char *socket_name = NULL, *message = NULL, *packet = NULL;
  46         uint64_t not_after = 0;
  47         unsigned pid = 0;
  48         int socket_fd = -1;
  49
  50         const ConfigItem items[] = {
  51                 { "Socket",   config_parse_string,   &socket_name, "Ask" },
  52                 { "NotAfter", config_parse_uint64,   &not_after,   "Ask" },
  53                 { "Message",  config_parse_string,   &message,     "Ask" },
  54                 { "PID",      config_parse_unsigned, &pid,         "Ask" },
  55         };
  56
  57         FILE *f;
  58         int r;
  59         usec_t n;
  60
  61         assert(filename);
  62
  63         if (!(f = fopen(filename, "re"))) {
  64
  65                 if (errno == ENOENT)
  66                         return 0;
  67
  68                 log_error("open(%s): %m", filename);
  69                 return -errno;
  70         }
  71
  72         if ((r = config_parse(filename, f, NULL, items, false, NULL)) < 0) {
  73                 log_error("Failed to parse password file %s: %s", filename, strerror(-r));
  74                 goto finish;
  75         }
  76
  77         if (!socket_name || not_after <= 0) {
  78                 log_error("Invalid password file %s", filename);
  79                 r = -EBADMSG;
  80                 goto finish;
  81         }
  82
  83         n = now(CLOCK_MONOTONIC);
  84         if (n > not_after) {
  85                 r = 0;
  86                 goto finish;
  87         }
  88
  89         if (arg_action == ACTION_LIST)
  90                 printf("'%s' (PID %u)\n", message, pid);
  91         else if (arg_action == ACTION_WALL) {
  92                 char *wall;
  93
  94                 if (asprintf(&wall,
  95                              "Password entry required for \'%s\' (PID %u).\r\n"
  96                              "Please enter password with the systemd-tty-password-agent tool!",
  97                              message,
  98                              pid) < 0) {
  99                         log_error("Out of memory");
 100                         r = -ENOMEM;
 101                         goto finish;
 102                 }
 103
 104                 r = utmp_wall(wall);
 105                 free(wall);
 106         } else {
 107                 union {
 108                         struct sockaddr sa;
 109                         struct sockaddr_un un;
 110                 } sa;
 111                 char *password;
 112
 113                 assert(arg_action == ACTION_QUERY ||
 114                        arg_action == ACTION_WATCH);
 115
 116                 if (access(socket_name, W_OK) < 0) {
 117
 118                         if (arg_action == ACTION_QUERY)
 119                                 log_info("Not querying '%s' (PID %u), lacking privileges.", message, pid);
 120
 121                         r = 0;
 122                         goto finish;
 123                 }
 124
 125                 if ((r = ask_password_tty(message, not_after, filename, &password)) < 0) {
 126                         log_error("Failed to query passwords: %s", strerror(-r));
 127                         goto finish;
 128                 }
 129
 130                 asprintf(&packet, "+%s", password);
 131                 free(password);
 132
 133                 if (!packet) {
 134                         log_error("Out of memory");
 135                         r = -ENOMEM;
 136                         goto finish;
 137                 }
 138
 139                 if ((socket_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0)) < 0) {
 140                         log_error("socket(): %m");
 141                         r = -errno;
 142                         goto finish;
 143                 }
 144
 145                 zero(sa);
 146                 sa.un.sun_family = AF_UNIX;
 147                 strncpy(sa.un.sun_path, socket_name, sizeof(sa.un.sun_path));
 148
 149                 if (sendto(socket_fd, packet, strlen(packet), MSG_NOSIGNAL, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(socket_name)) < 0) {
 150                         log_error("Failed to send: %m");
 151                         r = -errno;
 152                         goto finish;
 153                 }
 154         }
 155
 156 finish:
 157         fclose(f);
 158
 159         if (socket_fd >= 0)
 160                 close_nointr_nofail(socket_fd);
 161
 162         free(packet);
 163         free(socket_name);
 164         free(message);
 165
 166         return r;
 167 }
 168
 169 static int show_passwords(void) {
 170         DIR *d;
 171         struct dirent *de;
 172         int r = 0;
 173
 174         if (!(d = opendir("/dev/.systemd/ask-password"))) {
 175                 if (errno == ENOENT)
 176                         return 0;
 177
 178                 log_error("opendir(): %m");
 179                 return -errno;
 180         }
 181
 182         while ((de = readdir(d))) {
 183                 char *p;
 184                 int q;
 185
 186                 if (de->d_type != DT_REG)
 187                         continue;
 188
 189                 if (ignore_file(de->d_name))
 190                         continue;
 191
 192                 if (!startswith(de->d_name, "ask."))
 193                         continue;
 194
 195                 if (!(p = strappend("/dev/.systemd/ask-password/", de->d_name))) {
 196                         log_error("Out of memory");
 197                         r = -ENOMEM;
 198                         goto finish;
 199                 }
 200
 201                 if ((q = parse_password(p)) < 0)
 202                         r = q;
 203
 204                 free(p);
 205         }
 206
 207 finish:
 208         if (d)
 209                 closedir(d);
 210
 211         return r;
 212 }
 213
 214 static int watch_passwords(void) {
 215         int notify;
 216         struct pollfd pollfd;
 217         int r;
 218
 219         mkdir_p("/dev/.systemd/ask-password", 0755);
 220
 221         if ((notify = inotify_init1(IN_CLOEXEC)) < 0) {
 222                 r = -errno;
 223                 goto finish;
 224         }
 225
 226         if (inotify_add_watch(notify, "/dev/.systemd/ask-password", IN_CLOSE_WRITE|IN_MOVED_TO) < 0) {
 227                 r = -errno;
 228                 goto finish;
 229         }
 230
 231         zero(pollfd);
 232         pollfd.fd = notify;
 233         pollfd.events = POLLIN;
 234
 235         for (;;) {
 236                 if ((r = show_passwords()) < 0)
 237                         break;
 238
 239                 if (poll(&pollfd, 1, -1) < 0) {
 240
 241                         if (errno == EINTR)
 242                                 continue;
 243
 244                         r = -errno;
 245                         goto finish;
 246                 }
 247
 248                 if (pollfd.revents != 0)
 249                         flush_fd(notify);
 250         }
 251
 252         r = 0;
 253
 254 finish:
 255         if (notify >= 0)
 256                 close_nointr_nofail(notify);
 257
 258         return r;
 259 }
 260
 261 static int help(void) {
 262
 263         printf("%s [OPTIONS...]\n\n"
 264                "Process system password requests.\n\n"
 265                "  -h --help   Show this help\n"
 266                "     --list   Show pending password requests\n"
 267                "     --query  Process pending password requests\n"
 268                "     --watch  Continously process password requests\n"
 269                "     --wall   Continously forward password requests to wall\n",
 270                program_invocation_short_name);
 271
 272         return 0;
 273 }
 274
 275 static int parse_argv(int argc, char *argv[]) {
 276
 277         enum {
 278                 ARG_LIST = 0x100,
 279                 ARG_QUERY,
 280                 ARG_WATCH,
 281                 ARG_WALL,
 282         };
 283
 284         static const struct option options[] = {
 285                 { "help",  no_argument, NULL, 'h'       },
 286                 { "list",  no_argument, NULL, ARG_LIST  },
 287                 { "query", no_argument, NULL, ARG_QUERY },
 288                 { "watch", no_argument, NULL, ARG_WATCH },
 289                 { "wall",  no_argument, NULL, ARG_WALL  },
 290                 { NULL,    0,           NULL, 0         }
 291         };
 292
 293         int c;
 294
 295         assert(argc >= 0);
 296         assert(argv);
 297
 298         while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) {
 299
 300                 switch (c) {
 301
 302                 case 'h':
 303                         help();
 304                         return 0;
 305
 306                 case ARG_LIST:
 307                         arg_action = ACTION_LIST;
 308                         break;
 309
 310                 case ARG_QUERY:
 311                         arg_action = ACTION_QUERY;
 312                         break;
 313
 314                 case ARG_WATCH:
 315                         arg_action = ACTION_WATCH;
 316                         break;
 317
 318                 case ARG_WALL:
 319                         arg_action = ACTION_WALL;
 320                         break;
 321
 322                 case '?':
 323                         return -EINVAL;
 324
 325                 default:
 326                         log_error("Unknown option code %c", c);
 327                         return -EINVAL;
 328                 }
 329         }
 330
 331         if (optind != argc) {
 332                 help();
 333                 return -EINVAL;
 334         }
 335
 336         return 1;
 337 }
 338
 339 int main(int argc, char *argv[]) {
 340         int r;
 341
 342         log_parse_environment();
 343         log_open();
 344
 345         if ((r = parse_argv(argc, argv)) <= 0)
 346                 goto finish;
 347
 348         if (arg_action == ACTION_WATCH ||
 349             arg_action == ACTION_WALL)
 350                 r = watch_passwords();
 351         else
 352                 r = show_passwords();
 353
 354 finish:
 355         return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
 356 }