From: Lennart Poettering Date: Fri, 8 Oct 2021 16:19:49 +0000 (+0200) Subject: cryptsetup: don't repeat exact same code twice X-Git-Tag: v250-rc1~535^2~7 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=92828080fb858e290f6b78691908d612560d9558;p=thirdparty%2Fsystemd.git cryptsetup: don't repeat exact same code twice let's move turning off of the cache bit into the for loop, so that we can eliminate a copy of the loop body. --- diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 2c5b0e8f7df..f23e671e8e7 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -803,20 +803,6 @@ static int attach_luks2_by_fido2( if (headless) return log_error_errno(SYNTHETIC_ERRNO(ENOPKG), "PIN querying disabled via 'headless' option. Use the '$PIN' environment variable."); - pins = strv_free_erase(pins); - r = ask_password_auto("Please enter security token PIN:", "drive-harddisk", NULL, "fido2-pin", "cryptsetup.fido2-pin", until, flags, &pins); - if (r < 0) - return r; - - STRV_FOREACH(p, pins) { - r = crypt_activate_by_token_pin(cd, name, "systemd-fido2", CRYPT_ANY_TOKEN, *p, strlen(*p), usrptr, activation_flags); - if (r > 0) /* returns unlocked keyslot id on success */ - r = 0; - if (r != -ENOANO) /* needs pin or pin is wrong */ - return r; - } - - flags &= ~ASK_PASSWORD_ACCEPT_CACHED; for (;;) { pins = strv_free_erase(pins); r = ask_password_auto("Please enter security token PIN:", "drive-harddisk", NULL, "fido2-pin", "cryptsetup.fido2-pin", until, flags, &pins); @@ -830,6 +816,8 @@ static int attach_luks2_by_fido2( if (r != -ENOANO) /* needs pin or pin is wrong */ return r; } + + flags &= ~ASK_PASSWORD_ACCEPT_CACHED; } #endif return r;