summaryrefslogtreecommitdiff
path: root/src/shared/ask-password-api.c
Commit message (Collapse)AuthorAgeFilesLines
* tree-wide: avoid direct use of color macrosrnhmjoj2020-12-151-1/+1
|
* ask-passwd: drop a condition which is always falseYu Watanabe2020-11-201-3/+0
|
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* tty-ask-pw-agent: the message string might not be setLennart Poettering2020-08-261-0/+3
|
* tree-wide: check POLLNVAL everywhereLennart Poettering2020-06-101-0/+19
| | | | | | | | | | | | | poll() sets POLLNVAL inside of the poll structures if an invalid fd is passed. So far we generally didn't check for that, thus not taking notice of the error. Given that this specific kind of error is generally indication of a programming error, and given that our code is embedded into our projects via NSS or because people link against our library, let's explicitly check for this and convert it to EBADF. (I ran into a busy loop because of this missing check when some of my test code accidentally closed an fd it shouldn't close, so this is a real thing)
* tree-wide: make sure our control buffers are properly alignedLennart Poettering2020-05-071-5/+1
| | | | | | | | | | | | | We always need to make them unions with a "struct cmsghdr" in them, so that things properly aligned. Otherwise we might end up at an unaligned address and the counting goes all wrong, possibly making the kernel refuse our buffers. Also, let's make sure we initialize the control buffers to zero when sending, but leave them uninitialized when reading. Both the alignment and the initialization thing is mentioned in the cmsg(3) man page.
* Merge pull request #15570 from poettering/cmsg-findZbigniew Jędrzejewski-Szmek2020-04-241-5/+2
|\ | | | | CMSG_FIND_DATA() and cmsg_find() work
| * socket-util: introduce type-safe, dereferencing wrapper CMSG_FIND_DATA ↵Lennart Poettering2020-04-231-5/+2
| | | | | | | | | | | | | | around cmsg_find() let's take this once step further, and add type-safety to cmsg_find(), and imply the CMSG_DATA() macro for finding the cmsg payload.
* | tree-wide: use structured initialization at various placesLennart Poettering2020-04-241-6/+6
|/
* tree-wide: use recvmsg_safe() at various placesLennart Poettering2020-04-231-5/+4
| | | | | | | | | | | | | | | | | Let's be extra careful whenever we return from recvmsg() and see MSG_CTRUNC set. This generally means we ran into a programming error, as we didn't size the control buffer large enough. It's an error condition we should at least log about, or propagate up. Hence do that. This is particularly important when receiving fds, since for those the control data can be of any size. In particular on stream sockets that's nasty, because if we miss an fd because of control data truncation we cannot recover, we might not even realize that we are one off. (Also, when failing early, if there's any chance the socket might be AF_UNIX let's close all received fds, all the time. We got this right most of the time, but there were a few cases missing. God, UNIX is hard to use)
* ask-password-api: reword some debug messagesLennart Poettering2020-04-151-3/+3
| | | | | Otherwise, seeing this in the log output is confusing since we don't know what kind of timeout or what kind if key we are adjusting here.
* ask-password: prefix password questions with lock and key emojiLennart Poettering2020-04-151-0/+4
| | | | | | | | | It's pretty, and it highlights that the pw prompt is kinda special and needs user input. We suppress the emoji entirel if there's no emoji support (i.e. this means we suppress the ASCII replacement), since it carries no additional information, it is just decoration to highlight a line.
* *: convert amenable fdopen calls to take_fdopenVito Caputo2020-03-311-3/+1
| | | | | Mechanical change to eliminate some cruft by using the new take_fdopen{_unlocked}() wrappers where trivial.
* shared/ask-password-api: do not show hint on echoChristian Hesse2020-03-121-1/+1
| | | | | | | | Giving --echo to systemd-ask-password allows to echo the user input instead of masking it. This is useful when querying for usernames or similar. Showing "(press TAB for no echo)" does not make sense there, so do not. Note that pressing TAB or ESC still disables echo.
* ask-password-api: drop unneeded parenthesesZbigniew Jędrzejewski-Szmek2020-03-021-2/+1
|
* tree-wide: use the return value from sockaddr_un_set_path()Zbigniew Jędrzejewski-Szmek2020-03-021-6/+8
| | | | | | | | | It fully initializes the address structure, so no need for pre-initialization, and also returns the length of the address, so no need to recalculate using SOCKADDR_UN_LEN(). socklen_t is unsigned, so let's not use an int for it. (It doesn't matter, but seems cleaner and more portable to not assume anything about the type.)
* shared/ask-password-api: show "(press TAB for no echo)"Zbigniew Jędrzejewski-Szmek2020-02-061-4/+21
| | | | | | | | For #8495: it is arguably useful to not show the length of the password in public spaces. It is possible to press TAB or BS to cancel the asterisks, but this is not very discoverable. Let's make it discoverable by showing a message (in gray). The message is "erased" after the first character is entered.
* shared/ask-password-api: return "error" when dialogue is cancelledZbigniew Jędrzejewski-Szmek2020-02-061-5/+9
| | | | | | | | test-ask-password-api would crash if ^D was pressed. If think the callers generally expect a non-empty strv as reply. Let's return an error if we have nothing to return. Also modernize test-ask-password-api a bit.
* shared/ask-password-api: modify keyctl break valueKevin Kuehler2019-11-281-1/+1
| | | | | | | | | | | We can break if KEYCTL_READ return value is equal to our buffer size. From keyctl(2): On a successful return, the return value is always the total size of the payload data. To determine whether the buffer was of sufficient size, check to see that the return value is less than or equal to the value supplied in arg4.
* ask-password: skip kernel keyring logic if we see EPERMLennart Poettering2019-11-191-1/+6
| | | | | Let's improve compat with container managers that block the keyring logic and return EPERM for them.
* ask-password: don't hit assert() when we query pw which the user C-d and ↵Lennart Poettering2019-11-141-2/+2
| | | | caching is enabled
* tree-wide: drop signal.h when signal-util.h is includedYu Watanabe2019-11-041-1/+0
|
* tree-wide: drop socket.h when socket-util.h is includedYu Watanabe2019-11-041-1/+0
|
* tree-wide: drop string.h when string-util.h or friends are includedYu Watanabe2019-11-041-1/+0
|
* tree-wide: drop missing.hYu Watanabe2019-10-311-1/+1
|
* Move PLYMOUTH_SOCKET define to def.h and nuke plymouth-util.hZbigniew Jędrzejewski-Szmek2019-10-241-1/+1
| | | | Let's not have a file with a single define.
* tty-ask-pwd-agent: move ask_password_plymouth() in ask-password-api.cFranck Bui2019-10-051-0/+181
|
* tty-ask-pwd-agent: give the possiblity to skip a password promptFranck Bui2019-10-051-0/+8
| | | | | If multiple passwords are waiting the agent will prompt for each of them. Give the possiblity to the user to skip some of them by pressing 'C-d'.
* shared/ask-password-api: backspace all chars at onceZbigniew Jędrzejewski-Szmek2019-07-121-23/+23
| | | | | | | | | We'd call loop_write() separately for each char. Let's be nice to serial console users, and write the full string in one go. Coverity was complaining that we're not checking the return value from loop_write(). Rework the code a bit and add voidify. CID#1402323.
* Use _cleanup(free_and_erasep) where appropriateZbigniew Jędrzejewski-Szmek2019-07-101-14/+11
| | | | Replaces #12959.
* ask-password: prevent buffer overrow when reading from keyringThadeu Lima de Souza Cascardo2019-05-151-1/+1
| | | | | | | | | | | | | When we read from keyring, a temporary buffer is allocated in order to determine the size needed for the entire data. However, when zeroing that area, we use the data size returned by the read instead of the lesser size allocate for the buffer. That will cause memory corruption that causes systemd-cryptsetup to crash either when a single large password is used or when multiple passwords have already been pushed to the keyring. Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
* ask-password: add extra paranoid overflow checkLennart Poettering2019-03-201-2/+7
|
* ask-password: erase character read with _cleanup_Lennart Poettering2019-03-201-4/+1
| | | | | This is much nicer, since it means we erase the character regardless how we exit the scope.
* util: split out memcmp()/memset() related calls into memory-util.[ch]Lennart Poettering2019-03-131-1/+1
| | | | Just some source rearranging.
* shared/ask-password-api: when echoing multi-byte characters, print the whole ↵Zbigniew Jędrzejewski-Szmek2019-02-261-1/+4
| | | | | | | sequence This is untested, but I don't see how the previous code could have worked for multibyte characters (with echo on).
* basic/utf8: do not read past end of string when looking for a multi-byte ↵Zbigniew Jędrzejewski-Szmek2019-02-261-6/+6
| | | | | | character Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9341.
* ask-password-api: do not call ask_password_keyring() if keyname == NULLYu Watanabe2018-12-301-1/+1
| | | | Fixes #11295.
* ask-password: make ask_password_keyring() staticYu Watanabe2018-12-301-1/+1
|
* util-lib: split out all temporary file related calls into tmpfiles-util.cLennart Poettering2018-12-021-0/+1
| | | | | | | | This splits out a bunch of functions from fileio.c that have to do with temporary files. Simply to make the header files a bit shorter, and to group things more nicely. No code changes, just some rearranging of source files.
* tree-wide: use IOVEC_MAKE() at many placesLennart Poettering2018-11-271-3/+1
|
* Merge pull request #10594 from poettering/env-reload-fixZbigniew Jędrzejewski-Szmek2018-11-071-1/+1
|\ | | | | change handling of environment block of PID1's manager object
| * strv: wrap strv_new() in a macro so that NULL sentinel is implicitLennart Poettering2018-10-311-1/+1
| |
* | ask-password: fix minor memory leak on error pathLennart Poettering2018-11-061-4/+2
| | | | | | | | CID 1396557
* | ask-password: check keyring in ask_password_tty and ask_password_agentXiang Fan2018-10-311-27/+81
|/ | | | | | | A race condition happens when calling ask_password_auto() multiple times to unlock several disks on boot and effectively no password caching is utilized. This patch fixes it by polling the cache when waiting for the password.
* string-util: introduce explicit_zero_safe()Lennart Poettering2018-10-241-7/+7
| | | | | | | The only real difference is that this wrapper can deal with NULL pointer arguments, but only if the length is also zero. CID 1396277
* tree-wide: introduce setsockopt_int() helper and make use of it everywhereLennart Poettering2018-10-181-3/+4
| | | | | | As suggested by @heftig: https://github.com/systemd/systemd/commit/6d5e65f6454212cd400d0ebda34978a9f20cc26a#commitcomment-30938667
* tree-wide: add a single version of "static const int one = 1"Lennart Poettering2018-10-151-2/+1
| | | | | | | | | | All over the place we define local variables for the various sockopts that take a bool-like "int" value. Sometimes they are const, sometimes static, sometimes both, sometimes neither. Let's clean this up, introduce a common const variable "const_int_one" (as well as one matching "const_int_zero") and use it everywhere, all acorss the codebase.
* tree-wide: port various users over to sockaddr_un_set_path()Lennart Poettering2018-10-151-19/+14
| | | | | CID 1396140 CID 1396141
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-141-3/+0
| | | | | | | | | | | These lines are generally out-of-date, incomplete and unnecessary. With SPDX and git repository much more accurate and fine grained information about licensing and authorship is available, hence let's drop the per-file copyright notice. Of course, removing copyright lines of others is problematic, hence this commit only removes my own lines and leaves all others untouched. It might be nicer if sooner or later those could go away too, making git the only and accurate source of authorship information.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
View Lorry Controller Status