git.ipfire.org Git - thirdparty/systemd.git/commit

cryptsetup: pass AskPasswordFlags down into pkcs11 module

The pkcs11 cryptsetup token module is a bit different from the tpm2 +
fido2 ones: it asks for the PIN itself, rather than bubbling up a
request to get a PIN. That's because it might need multiple, and because
we don't want to destroy a the pkcs11 session half-way and thus risk
increasing pin counters.

Hence, we sometimes ask for PINs from our code, rather than let the
libcryptsetup caller do that. So far we didn't pass the AskPasswordFlags
field down into the module though. Fix that.

Fixes: #28665

author	Lennart Poettering <lennart@poettering.net>
	Thu, 2 Nov 2023 21:32:36 +0000 (22:32 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Fri, 3 Nov 2023 08:51:53 +0000 (09:51 +0100)
commit	a758a128709cbcd99eddd1de6ea0e9846b9ce2eb
tree	32b646ef8e73b90bad778ae151cd41325524da6b	tree \| snapshot
parent	00392b14373496681f35fadccf3b28bd2586a387	commit \| diff

src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c		diff \| blob \| blame \| history
src/cryptsetup/cryptsetup.c		diff \| blob \| blame \| history
src/shared/pkcs11-util.c		diff \| blob \| blame \| history
src/shared/pkcs11-util.h		diff \| blob \| blame \| history