#include "ask-password-api.h"
#include "bus-common-errors.h"
#include "bus-error.h"
-#include "bus-util.h"
+#include "bus-locator.h"
#include "cgroup-util.h"
#include "dns-domain.h"
#include "env-util.h"
return 0;
}
-static int acquire_pkcs11_pin(const char *user_name, UserRecord *hr) {
+static int acquire_token_pin(const char *user_name, UserRecord *hr) {
_cleanup_(strv_free_erasep) char **pin = NULL;
_cleanup_free_ char *question = NULL;
char *e;
e = getenv("PIN");
if (e) {
- r = user_record_set_pkcs11_pin(hr, STRV_MAKE(e), false);
+ r = user_record_set_token_pin(hr, STRV_MAKE(e), false);
if (r < 0)
- return log_error_errno(r, "Failed to store PKCS#11 PIN: %m");
+ return log_error_errno(r, "Failed to store token PIN: %m");
string_erase(e);
return log_oom();
/* We never cache or use cached PINs, since usually there are only very few attempts allowed before the PIN is blocked */
- r = ask_password_auto(question, "user-home", NULL, "pkcs11-pin", USEC_INFINITY, 0, &pin);
+ r = ask_password_auto(question, "user-home", NULL, "token-pin", USEC_INFINITY, 0, &pin);
if (r < 0)
return log_error_errno(r, "Failed to acquire security token PIN: %m");
- r = user_record_set_pkcs11_pin(hr, pin, false);
+ r = user_record_set_token_pin(hr, pin, false);
if (r < 0)
return log_error_errno(r, "Failed to store security token PIN: %m");
} else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PIN_NEEDED)) {
- r = acquire_pkcs11_pin(user_name, hr);
+ r = acquire_token_pin(user_name, hr);
if (r < 0)
return r;
log_notice("Security token PIN incorrect, please try again.");
- r = acquire_pkcs11_pin(user_name, hr);
+ r = acquire_token_pin(user_name, hr);
if (r < 0)
return r;
log_notice("Security token PIN incorrect, please try again (only a few tries left!).");
- r = acquire_pkcs11_pin(user_name, hr);
+ r = acquire_token_pin(user_name, hr);
if (r < 0)
return r;
log_notice("Security token PIN incorrect, please try again (only one try left!).");
- r = acquire_pkcs11_pin(user_name, hr);
+ r = acquire_token_pin(user_name, hr);
if (r < 0)
return r;
} else
return 0;
}
-static int add_pkcs11_pin(JsonVariant **v, const char *pin) {
+static int add_token_pin(JsonVariant **v, const char *pin) {
_cleanup_(json_variant_unrefp) JsonVariant *w = NULL, *l = NULL;
_cleanup_(strv_free_erasep) char **pins = NULL;
int r;
return 0;
w = json_variant_ref(json_variant_by_key(*v, "secret"));
- l = json_variant_ref(json_variant_by_key(w, "pkcs11Pin"));
+ l = json_variant_ref(json_variant_by_key(w, "tokenPin"));
r = json_variant_strv(l, &pins);
if (r < 0)
json_variant_sensitive(l);
- r = json_variant_set_field(&w, "pkcs11Pin", l);
+ r = json_variant_set_field(&w, "tokenPin", l);
if (r < 0)
return log_error_errno(r, "Failed to update PIN field: %m");
/* If we acquired the PIN also include it in the secret section of the record, so that systemd-homed
* can use it if it needs to, given that it likely needs to decrypt the key again to pass to LUKS or
* fscrypt. */
- r = add_pkcs11_pin(v, pin);
+ r = add_token_pin(v, pin);
if (r < 0)
return r;
if (r < 0)
return r;
- /* Remember the original hashed paswords before we add our own, so that we can return to them later,
+ /* Remember the original hashed passwords before we add our own, so that we can return to them later,
* should the entered password turn out not to be acceptable. */
original_hashed_passwords = strv_copy(hr->hashed_password);
if (!original_hashed_passwords)
r = json_variant_format(hr->json, 0, &formatted);
if (r < 0)
- return r;
+ return log_error_errno(r, "Failed to format user record: %m");
r = bus_message_new_method_call(bus, &m, bus_home_mgr, "CreateHome");
if (r < 0)
r = json_variant_format(hr->json, 0, &formatted);
if (r < 0)
- return r;
+ return log_error_errno(r, "Failed to format user record: %m");
(void) sd_bus_message_sensitive(m);
int r;
- log_show_color(true);
- log_parse_environment();
- log_open();
+ log_setup_cli();
r = parse_argv(argc, argv);
if (r <= 0)