mount.cifs: Use systemd's mechanism for getting password, if present.

If systemd is running and /bin/systemd-ask-password if available,
then use that else fallback on getpass(..).

And add a --enable-systemd configure option, which defaults to yes.

Signed-off-by: Ankit Jain <jankit@suse.com>

2 files changed, 81 insertions, 5 deletions

diff --git a/configure.ac b/configure.ac
index 10c2f67..599401f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -46,6 +46,12 @@ AC_ARG_ENABLE(cifsacl,
 	enable_cifsacl=$enableval,
 	enable_cifsacl="maybe")
 
+AC_ARG_ENABLE(systemd,
+	[AC_HELP_STRING([--enable-systemd],
+			[Enable systemd specific behavior for mount.cifs @<:@default=yes@:>@])],
+	enable_systemd=$enableval,
+	enable_systemd="maybe")
+
 # check for ROOTSBINDIR environment var
 if test -z $ROOTSBINDIR; then
 	ROOTSBINDIR="/sbin"
@@ -210,6 +216,10 @@ if test $enable_cifsupcall != "no"; then
 	AC_CHECK_FUNCS([krb5_auth_con_setaddrs krb5_auth_con_set_req_cksumtype])
 fi
 
+if test $enable_systemd != "no"; then
+	AC_DEFINE(ENABLE_SYSTEMD, 1, [Enable systemd specific behavior for mount.cifs])
+fi
+
 # MIT krb5 < 1.7 does not have this declaration but does have the symbol
 AC_CHECK_DECLS(krb5_auth_con_set_req_cksumtype, [], [], [#include <krb5.h>])
 
diff --git a/mount.cifs.c b/mount.cifs.c
index 6f3f382..a15ba9e 100644
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -1687,6 +1687,66 @@ drop_child_privs(void)
 	return 0;
 }
 
+/*
+ * If systemd is running and /bin/systemd-ask-password --
+ * is available, then use that else fallback on getpass(..)
+ *
+ * Returns: @input or NULL on error
+ */
+static char*
+get_password(const char *prompt, char *input, int capacity)
+{
+#ifdef ENABLE_SYSTEMD
+	int is_systemd_running;
+	struct stat a, b;
+
+	/* We simply test whether the systemd cgroup hierarchy is
+	 * mounted */
+	is_systemd_running = (lstat("/sys/fs/cgroup", &a) == 0)
+		&& (lstat("/sys/fs/cgroup/systemd", &b) == 0)
+		&& (a.st_dev != b.st_dev);
+
+	if (is_systemd_running) {
+		char *cmd, *ret;
+		FILE *ask_pass_fp = NULL;
+
+		cmd = ret = NULL;
+		if (asprintf(&cmd, "/bin/systemd-ask-password \"%s\"", prompt) >= 0) {
+			ask_pass_fp = popen (cmd, "re");
+			free (cmd);
+		}
+
+		if (ask_pass_fp) {
+			ret = fgets(input, capacity, ask_pass_fp);
+			pclose(ask_pass_fp);
+		}
+
+		if (ret) {
+			int len = strlen(input);
+			if (input[len - 1] == '\n')
+				input[len - 1] = '\0';
+			return input;
+		}
+	}
+#endif
+
+	/*
+	 * Falling back to getpass(..)
+	 * getpass is obsolete, but there's apparently nothing that replaces it
+	 */
+	char *tmp_pass = getpass(prompt);
+	if (!tmp_pass)
+		return NULL;
+
+	strncpy(input, tmp_pass, capacity - 1);
+	input[capacity - 1] = '\0';
+
+	/* zero-out the static buffer */
+	memset(tmp_pass, 0, strlen(tmp_pass));
+
+	return input;
+}
+
 static int
 assemble_mountinfo(struct parsed_mount_info *parsed_info,
 		   const char *thisprogram, const char *mountpoint,
@@ -1768,14 +1828,20 @@ assemble_mountinfo(struct parsed_mount_info *parsed_info,
 	}
 
 	if (!parsed_info->got_password) {
-		/* getpass is obsolete, but there's apparently nothing that replaces it */
-		char *tmp_pass = getpass("Password: ");
-		if (!tmp_pass) {
+		char tmp_pass[MOUNT_PASSWD_SIZE + 1];
+		char *prompt = NULL;
+
+		if(asprintf(&prompt, "Password for %s@%s: ", parsed_info->username, orig_dev) < 0)
+			prompt = NULL;
+
+		if (get_password(prompt ? prompt : "Password: ", tmp_pass, MOUNT_PASSWD_SIZE + 1)) {
+			rc = set_password(parsed_info, tmp_pass);
+		} else {
 			fprintf(stderr, "Error reading password, exiting\n");
 			rc = EX_SYSERR;
-			goto assemble_exit;
 		}
-		rc = set_password(parsed_info, tmp_pass);
+
+		free(prompt);
 		if (rc)
 			goto assemble_exit;
 	}