data.friendly_name = params->friendly_name;
data.headless = params->headless;
+ data.askpw_flags = params->askpw_flags;
data.until = params->until;
/* The functions called here log about all errors, except for EAGAIN which means "token not found right now" */
systemd_pkcs11_plugin_params params = {
.friendly_name = friendly_name,
.until = until,
- .headless = headless
+ .headless = headless,
+ .askpw_flags = arg_ask_password_flags,
};
r = crypt_activate_by_token_pin(cd, name, "systemd-pkcs11", CRYPT_ANY_TOKEN, NULL, 0, ¶ms, flags);
const char *key_name,
const char *credential_name,
usec_t until,
+ AskPasswordFlags ask_password_flags,
bool headless,
char **ret_used_pin) {
return log_oom();
/* We never cache PINs, simply because it's fatal if we use wrong PINs, since usually there are only 3 tries */
- r = ask_password_auto(text, icon_name, id, key_name, credential_name, until, 0, &passwords);
+ r = ask_password_auto(text, icon_name, id, key_name, credential_name, until, ask_password_flags, &passwords);
if (r < 0)
return log_error_errno(r, "Failed to query PIN for security token '%s': %m", token_label);
}
char *pin_used;
X509 *cert;
const char *askpw_friendly_name, *askpw_icon_name;
+ AskPasswordFlags askpw_flags;
+ bool headless;
};
static void pkcs11_acquire_certificate_callback_data_release(struct pkcs11_acquire_certificate_callback_data *data) {
/* Called for every token matching our URI */
- r = pkcs11_token_login(m, session, slot_id, token_info, data->askpw_friendly_name, data->askpw_icon_name, "pkcs11-pin", "pkcs11-pin", UINT64_MAX, false, &pin_used);
+ r = pkcs11_token_login(
+ m,
+ session,
+ slot_id,
+ token_info,
+ data->askpw_friendly_name,
+ data->askpw_icon_name,
+ "pkcs11-pin",
+ "pkcs11-pin",
+ UINT64_MAX,
+ data->askpw_flags,
+ data->headless,
+ &pin_used);
if (r < 0)
return r;
"pkcs11-pin",
"cryptsetup.pkcs11-pin",
data->until,
+ data->askpw_flags,
data->headless,
NULL);
if (r < 0)
# include <p11-kit/uri.h>
#endif
+#include "ask-password-api.h"
#include "macro.h"
#include "openssl-util.h"
#include "time-util.h"
char *pkcs11_token_model(const CK_TOKEN_INFO *token_info);
int pkcs11_token_login_by_pin(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, const CK_TOKEN_INFO *token_info, const char *token_label, const void *pin, size_t pin_size);
-int pkcs11_token_login(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_TOKEN_INFO *token_info, const char *friendly_name, const char *icon_name, const char *key_name, const char *credential_name, usec_t until, bool headless, char **ret_used_pin);
+int pkcs11_token_login(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_TOKEN_INFO *token_info, const char *friendly_name, const char *icon_name, const char *key_name, const char *credential_name, usec_t until, AskPasswordFlags ask_password_flags, bool headless, char **ret_used_pin);
int pkcs11_token_find_x509_certificate(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, P11KitUri *search_uri, CK_OBJECT_HANDLE *ret_object);
#if HAVE_OPENSSL
size_t decrypted_key_size;
bool free_encrypted_key;
bool headless;
+ AskPasswordFlags askpw_flags;
} pkcs11_crypt_device_callback_data;
void pkcs11_crypt_device_callback_data_release(pkcs11_crypt_device_callback_data *data);
const char *friendly_name;
usec_t until;
bool headless;
+ AskPasswordFlags askpw_flags;
} systemd_pkcs11_plugin_params;
int pkcs11_list_tokens(void);
projects / thirdparty / systemd.git / commitdiff
