return log_error_errno(SYNTHETIC_ERRNO(EIO),
"Failed to log into security token '%s': %s", token_label, p11_kit_strerror(rv));
- log_notice("PIN for token '%s' is incorrect, please try again.", token_label);
-
- return -ENOLCK;
+ return log_notice_errno(SYNTHETIC_ERRNO(ENOLCK),
+ "PIN for token '%s' is incorrect, please try again.",
+ token_label);
}
int pkcs11_token_login(
for (unsigned tries = 0; tries < 3; tries++) {
_cleanup_strv_free_erase_ char **passwords = NULL;
- char **i, *e;
+ _cleanup_(erase_and_freep) char *envpin = NULL;
- e = getenv("PIN");
- if (e) {
- passwords = strv_new(e);
+ r = getenv_steal_erase("PIN", &envpin);
+ if (r < 0)
+ return log_error_errno(r, "Failed to acquire PIN from environment: %m");
+ if (r > 0) {
+ passwords = strv_new(envpin);
if (!passwords)
return log_oom();
- assert_se(unsetenv_erase("PIN") >= 0);
} else if (headless)
return log_error_errno(SYNTHETIC_ERRNO(ENOPKG), "PIN querying disabled via 'headless' option. Use the 'PIN' environment variable.");
else {
void *userdata) {
_cleanup_(erase_and_freep) char *pin_used = NULL;
- struct pkcs11_acquire_certificate_callback_data *data = userdata;
+ struct pkcs11_acquire_certificate_callback_data *data = ASSERT_PTR(userdata);
CK_OBJECT_HANDLE object;
int r;
assert(slot_info);
assert(token_info);
assert(uri);
- assert(data);
/* Called for every token matching our URI */
P11KitUri *uri,
void *userdata) {
- pkcs11_crypt_device_callback_data *data = userdata;
+ pkcs11_crypt_device_callback_data *data = ASSERT_PTR(userdata);
CK_OBJECT_HANDLE object;
int r;
assert(slot_info);
assert(token_info);
assert(uri);
- assert(data);
/* Called for every token matching our URI */
projects / thirdparty / systemd.git / blobdiff