This is preparation for the Varlinkification, as then we want to pass
the password in via IPC instead of prompting the user.
Note that this only adds the field, and applies it, but never actually
sets it. That's for the varlinkification later.
assert_se(cd);
assert_se(ret_vk);
+ if (c->unlock_password) {
+ r = sym_crypt_volume_key_get(
+ cd,
+ CRYPT_ANY_SLOT,
+ ret_vk->iov_base,
+ &ret_vk->iov_len,
+ c->unlock_password,
+ strlen(c->unlock_password));
+ if (r < 0)
+ return log_error_errno(r, "Provided unlock password did not work: %m");
+
+ return r;
+ }
+
r = getenv_steal_erase("PASSWORD", &envpw);
if (r < 0)
return log_error_errno(r, "Failed to acquire password from environment: %m");
c->unlock_keyfile = mfree(c->unlock_keyfile);
c->unlock_fido2_device = mfree(c->unlock_fido2_device);
c->unlock_tpm2_device = mfree(c->unlock_tpm2_device);
+ c->unlock_password = erase_and_free(c->unlock_password);
c->passphrase = erase_and_free(c->passphrase);
c->fido2_device = mfree(c->fido2_device);
c->fido2_salt_file = mfree(c->fido2_salt_file);
char *unlock_keyfile;
char *unlock_fido2_device;
char *unlock_tpm2_device;
+ char *unlock_password; /* used by Varlink; NULL on CLI path */
/* New password to enroll (mechanism == password). When NULL the helpers fall back to
* $NEWPASSWORD / askpw. */
projects / thirdparty / systemd.git / commitdiff
