From b2ac9280889ce5915e9b8437ee2aff134142ace9 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 19 Feb 2024 18:45:49 +0100 Subject: [PATCH] cryptsetup: drop "headless" bool, make it a flag in AskPasswordFlags instead This bool controls whether we should interactively ask for a password, which is pretty much what the ask_password-api.c APIs are about. Hence, just make the bool a flag in AskPasswordFlags enum, and use it everywhere. This still catches the flag early in upper levels of the codebase, exactly as before, but if the flag is still present in the lower layers it's also handled there and results in ENOEXEC if seen. This is mostly an excercise in simplifying our ridiculously long function call parameter lists a bit. --- src/cryptenroll/cryptenroll-fido2.c | 1 - src/cryptenroll/cryptenroll-pkcs11.c | 9 +++++- src/cryptenroll/cryptenroll-tpm2.c | 1 - src/cryptsetup/cryptsetup-pkcs11.c | 4 +-- src/cryptsetup/cryptsetup-pkcs11.h | 4 +-- .../cryptsetup-tokens/luks2-pkcs11.c | 1 - src/cryptsetup/cryptsetup.c | 28 +++++-------------- src/home/homectl-pkcs11.c | 9 +++++- src/shared/ask-password-api.c | 9 ++++++ src/shared/ask-password-api.h | 1 + src/shared/cryptsetup-fido2.c | 7 ++--- src/shared/cryptsetup-fido2.h | 4 --- src/shared/cryptsetup-tpm2.c | 12 ++------ src/shared/cryptsetup-tpm2.h | 2 -- src/shared/pkcs11-util.c | 12 ++++---- src/shared/pkcs11-util.h | 6 ++-- 16 files changed, 49 insertions(+), 61 deletions(-) diff --git a/src/cryptenroll/cryptenroll-fido2.c b/src/cryptenroll/cryptenroll-fido2.c index 194771d54eb..baa630a6b3d 100644 --- a/src/cryptenroll/cryptenroll-fido2.c +++ b/src/cryptenroll/cryptenroll-fido2.c @@ -33,7 +33,6 @@ int load_volume_key_fido2( cd_node, device, /* until= */ 0, - /* headless= */ false, "cryptenroll.fido2-pin", ASK_PASSWORD_PUSH_CACHE|ASK_PASSWORD_ACCEPT_CACHED, &decrypted_key, diff --git a/src/cryptenroll/cryptenroll-pkcs11.c b/src/cryptenroll/cryptenroll-pkcs11.c index 9cdb8407639..09875c1598f 100644 --- a/src/cryptenroll/cryptenroll-pkcs11.c +++ b/src/cryptenroll/cryptenroll-pkcs11.c @@ -55,7 +55,14 @@ int enroll_pkcs11( assert_se(node = crypt_get_device_name(cd)); - r = pkcs11_acquire_public_key(uri, "volume enrollment operation", "drive-harddisk", "cryptenroll.pkcs11-pin", &pkey, NULL); + r = pkcs11_acquire_public_key( + uri, + "volume enrollment operation", + "drive-harddisk", + "cryptenroll.pkcs11-pin", + /* askpw_flags= */ 0, + &pkey, + /* ret_pin_used= */ NULL); if (r < 0) return r; diff --git a/src/cryptenroll/cryptenroll-tpm2.c b/src/cryptenroll/cryptenroll-tpm2.c index 5359c9f8d56..3ded815fb07 100644 --- a/src/cryptenroll/cryptenroll-tpm2.c +++ b/src/cryptenroll/cryptenroll-tpm2.c @@ -210,7 +210,6 @@ int load_volume_key_tpm2( &pcrlock_nv, tpm2_flags, /* until= */ 0, - /* headless= */ false, "cryptenroll.tpm2-pin", /* askpw_flags= */ 0, &decrypted_key); diff --git a/src/cryptsetup/cryptsetup-pkcs11.c b/src/cryptsetup/cryptsetup-pkcs11.c index 4ef249509d4..4b2b5bbf007 100644 --- a/src/cryptsetup/cryptsetup-pkcs11.c +++ b/src/cryptsetup/cryptsetup-pkcs11.c @@ -34,14 +34,14 @@ int decrypt_pkcs11_key( const void *key_data, /* … or key_data and key_data_size (for literal keys) */ size_t key_data_size, usec_t until, - bool headless, + AskPasswordFlags askpw_flags, void **ret_decrypted_key, size_t *ret_decrypted_key_size) { _cleanup_(pkcs11_crypt_device_callback_data_release) pkcs11_crypt_device_callback_data data = { .friendly_name = friendly_name, + .askpw_flags = askpw_flags, .until = until, - .headless = headless, }; int r; diff --git a/src/cryptsetup/cryptsetup-pkcs11.h b/src/cryptsetup/cryptsetup-pkcs11.h index 256c09a9b68..22e6992582c 100644 --- a/src/cryptsetup/cryptsetup-pkcs11.h +++ b/src/cryptsetup/cryptsetup-pkcs11.h @@ -19,7 +19,7 @@ int decrypt_pkcs11_key( const void *key_data, size_t key_data_size, usec_t until, - bool headless, + AskPasswordFlags askpw_flags, void **ret_decrypted_key, size_t *ret_decrypted_key_size); @@ -42,7 +42,7 @@ static inline int decrypt_pkcs11_key( const void *key_data, size_t key_data_size, usec_t until, - bool headless, + AskPasswordFlags askpw_flags, void **ret_decrypted_key, size_t *ret_decrypted_key_size) { diff --git a/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c b/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c index 0203e726450..ac5100f6881 100644 --- a/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c +++ b/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c @@ -157,7 +157,6 @@ static int acquire_luks2_key_systemd( assert(params); data.friendly_name = params->friendly_name; - data.headless = params->headless; data.askpw_credential = params->askpw_credential; data.askpw_flags = params->askpw_flags; data.until = params->until; diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 63f8cdb81f1..7099f68f88b 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -101,7 +101,6 @@ static uint32_t arg_tpm2_pcr_mask = UINT32_MAX; static char *arg_tpm2_signature = NULL; static bool arg_tpm2_pin = false; static char *arg_tpm2_pcrlock = NULL; -static bool arg_headless = false; static usec_t arg_token_timeout_usec = 30*USEC_PER_SEC; static unsigned arg_tpm2_measure_pcr = UINT_MAX; /* This and the following field is about measuring the unlocked volume key to the local TPM */ static char **arg_tpm2_measure_banks = NULL; @@ -504,9 +503,9 @@ static int parse_one_option(const char *option) { return 0; } - arg_headless = r; + SET_FLAG(arg_ask_password_flags, ASK_PASSWORD_HEADLESS, r); } else if (streq(option, "headless")) - arg_headless = true; + arg_ask_password_flags |= ASK_PASSWORD_HEADLESS; else if ((val = startswith(option, "token-timeout="))) { @@ -807,7 +806,7 @@ static int get_password( assert(src); assert(ret); - if (arg_headless) + if (FLAGS_SET(arg_ask_password_flags, ASK_PASSWORD_HEADLESS)) return log_error_errno(SYNTHETIC_ERRNO(ENOPKG), "Password querying disabled via 'headless' option."); friendly = friendly_disk_name(src, vol); @@ -1266,7 +1265,6 @@ static int crypt_activate_by_token_pin_ask_password( const char *name, const char *type, usec_t until, - bool headless, void *userdata, uint32_t activation_flags, const char *message, @@ -1296,7 +1294,7 @@ static int crypt_activate_by_token_pin_ask_password( return r; } - if (headless) + if (FLAGS_SET(arg_ask_password_flags, ASK_PASSWORD_HEADLESS)) return log_error_errno(SYNTHETIC_ERRNO(ENOPKG), "PIN querying disabled via 'headless' option. Use the '$PIN' environment variable."); for (;;) { @@ -1333,7 +1331,6 @@ static int attach_luks2_by_fido2_via_plugin( struct crypt_device *cd, const char *name, usec_t until, - bool headless, void *userdata, uint32_t activation_flags) { @@ -1342,7 +1339,6 @@ static int attach_luks2_by_fido2_via_plugin( name, "systemd-fido2", until, - headless, userdata, activation_flags, "Please enter security token PIN:", @@ -1397,7 +1393,7 @@ static int attach_luks_or_plain_or_bitlk_by_fido2( for (;;) { if (use_libcryptsetup_plugin && !arg_fido2_cid) { - r = attach_luks2_by_fido2_via_plugin(cd, name, until, arg_headless, arg_fido2_device, flags); + r = attach_luks2_by_fido2_via_plugin(cd, name, until, arg_fido2_device, flags); if (IN_SET(r, -ENOTUNIQ, -ENXIO, -ENOENT)) return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), "Automatic FIDO2 metadata discovery was not possible because missing or not unique, falling back to traditional unlocking."); @@ -1413,7 +1409,6 @@ static int attach_luks_or_plain_or_bitlk_by_fido2( key_file, arg_keyfile_size, arg_keyfile_offset, key_data, key_data_size, until, - arg_headless, required, "cryptsetup.fido2-pin", arg_ask_password_flags, @@ -1426,7 +1421,6 @@ static int attach_luks_or_plain_or_bitlk_by_fido2( friendly, arg_fido2_device, until, - arg_headless, "cryptsetup.fido2-pin", arg_ask_password_flags, &decrypted_key, @@ -1491,7 +1485,6 @@ static int attach_luks2_by_pkcs11_via_plugin( const char *name, const char *friendly_name, usec_t until, - bool headless, const char *askpw_credential, uint32_t flags) { @@ -1504,7 +1497,6 @@ static int attach_luks2_by_pkcs11_via_plugin( systemd_pkcs11_plugin_params params = { .friendly_name = friendly_name, .until = until, - .headless = headless, .askpw_credential = askpw_credential, .askpw_flags = arg_ask_password_flags, }; @@ -1574,7 +1566,6 @@ static int attach_luks_or_plain_or_bitlk_by_pkcs11( name, friendly, until, - arg_headless, "cryptsetup.pkcs11-pin", flags); else { @@ -1585,7 +1576,7 @@ static int attach_luks_or_plain_or_bitlk_by_pkcs11( key_file, arg_keyfile_size, arg_keyfile_offset, key_data, key_data_size, until, - arg_headless, + arg_ask_password_flags, &decrypted_key, &decrypted_key_size); if (r >= 0) break; @@ -1710,7 +1701,6 @@ static int attach_luks2_by_tpm2_via_plugin( struct crypt_device *cd, const char *name, usec_t until, - bool headless, uint32_t flags) { #if HAVE_LIBCRYPTSETUP_PLUGINS @@ -1730,7 +1720,6 @@ static int attach_luks2_by_tpm2_via_plugin( name, "systemd-tpm2", until, - headless, ¶ms, flags, "Please enter TPM2 PIN:", @@ -1786,7 +1775,6 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2( /* pcrlock_nv= */ NULL, arg_tpm2_pin ? TPM2_FLAGS_USE_PIN : 0, until, - arg_headless, "cryptsetup.tpm2-pin", arg_ask_password_flags, &decrypted_key); @@ -1802,7 +1790,7 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2( return -EAGAIN; /* Mangle error code: let's make any form of TPM2 failure non-fatal. */ } } else { - r = attach_luks2_by_tpm2_via_plugin(cd, name, until, arg_headless, flags); + r = attach_luks2_by_tpm2_via_plugin(cd, name, until, flags); if (r >= 0) return 0; /* EAGAIN means: no tpm2 chip found @@ -1885,7 +1873,6 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2( &pcrlock_nv, tpm2_flags, until, - arg_headless, "cryptsetup.tpm2-pin", arg_ask_password_flags, &decrypted_key); @@ -2406,7 +2393,6 @@ static int run(int argc, char *argv[]) { volume, /* type= */ NULL, until, - arg_headless, /* userdata= */ NULL, flags, "Please enter LUKS2 token PIN:", diff --git a/src/home/homectl-pkcs11.c b/src/home/homectl-pkcs11.c index b9ee8acc4c1..bb582d7d473 100644 --- a/src/home/homectl-pkcs11.c +++ b/src/home/homectl-pkcs11.c @@ -153,7 +153,14 @@ int identity_add_pkcs11_key_data(JsonVariant **v, const char *uri) { assert(v); - r = pkcs11_acquire_public_key(uri, "home directory operation", "user-home", "home.token-pin", &pkey, &pin); + r = pkcs11_acquire_public_key( + uri, + "home directory operation", + "user-home", + "home.token-pin", + /* askpw_flags= */ 0, + &pkey, + &pin); if (r < 0) return r; diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c index a9d9cde97bf..462b3d2e003 100644 --- a/src/shared/ask-password-api.c +++ b/src/shared/ask-password-api.c @@ -224,6 +224,9 @@ int ask_password_plymouth( assert(ret); + if (FLAGS_SET(flags, ASK_PASSWORD_HEADLESS)) + return -ENOEXEC; + const char *message = req && req->message ? req->message : "Password:"; if (flag_file) { @@ -378,6 +381,9 @@ int ask_password_tty( assert(ret); + if (FLAGS_SET(flags, ASK_PASSWORD_HEADLESS)) + return -ENOEXEC; + if (FLAGS_SET(flags, ASK_PASSWORD_NO_TTY)) return -EUNATCH; @@ -700,6 +706,9 @@ int ask_password_agent( assert(ret); + if (FLAGS_SET(flags, ASK_PASSWORD_HEADLESS)) + return -ENOEXEC; + if (FLAGS_SET(flags, ASK_PASSWORD_NO_AGENT)) return -EUNATCH; diff --git a/src/shared/ask-password-api.h b/src/shared/ask-password-api.h index fced27798f2..e851d6d087d 100644 --- a/src/shared/ask-password-api.h +++ b/src/shared/ask-password-api.h @@ -15,6 +15,7 @@ typedef enum AskPasswordFlags { ASK_PASSWORD_CONSOLE_COLOR = 1 << 6, /* Use color if /dev/console points to a console that supports color */ ASK_PASSWORD_NO_CREDENTIAL = 1 << 7, /* never use $CREDENTIALS_DIRECTORY data */ ASK_PASSWORD_HIDE_EMOJI = 1 << 8, /* hide the lock and key emoji */ + ASK_PASSWORD_HEADLESS = 1 << 9, /* headless mode: never query interactively */ } AskPasswordFlags; /* Encapsulates the mostly static fields of a password query */ diff --git a/src/shared/cryptsetup-fido2.c b/src/shared/cryptsetup-fido2.c index d22c1059e6b..5ab5cefe8f0 100644 --- a/src/shared/cryptsetup-fido2.c +++ b/src/shared/cryptsetup-fido2.c @@ -24,7 +24,6 @@ int acquire_fido2_key( const void *key_data, size_t key_data_size, usec_t until, - bool headless, Fido2EnrollFlags required, const char *askpw_credential, AskPasswordFlags askpw_flags, @@ -39,7 +38,7 @@ int acquire_fido2_key( size_t salt_size; int r; - if ((required & (FIDO2ENROLL_PIN | FIDO2ENROLL_UP | FIDO2ENROLL_UV)) && headless) + if ((required & (FIDO2ENROLL_PIN | FIDO2ENROLL_UP | FIDO2ENROLL_UV)) && FLAGS_SET(askpw_flags, ASK_PASSWORD_HEADLESS)) return log_error_errno(SYNTHETIC_ERRNO(ENOPKG), "Local verification is required to unlock this volume, but the 'headless' parameter was set."); @@ -116,7 +115,7 @@ int acquire_fido2_key( device_exists = true; /* that a PIN is needed/wasn't correct means that we managed to * talk to a device */ - if (headless) + if (FLAGS_SET(askpw_flags, ASK_PASSWORD_HEADLESS)) return log_error_errno(SYNTHETIC_ERRNO(ENOPKG), "PIN querying disabled via 'headless' option. Use the '$PIN' environment variable."); static const AskPasswordRequest req = { @@ -141,7 +140,6 @@ int acquire_fido2_key_auto( const char *friendly_name, const char *fido2_device, usec_t until, - bool headless, const char *askpw_credential, AskPasswordFlags askpw_flags, void **ret_decrypted_key, @@ -263,7 +261,6 @@ int acquire_fido2_key_auto( /* key_file_offset= */ 0, salt, salt_size, until, - headless, required, "cryptsetup.fido2-pin", askpw_flags, diff --git a/src/shared/cryptsetup-fido2.h b/src/shared/cryptsetup-fido2.h index d99ad05725a..bd255668065 100644 --- a/src/shared/cryptsetup-fido2.h +++ b/src/shared/cryptsetup-fido2.h @@ -23,7 +23,6 @@ int acquire_fido2_key( const void *key_data, size_t key_data_size, usec_t until, - bool headless, Fido2EnrollFlags required, const char *askpw_credential, AskPasswordFlags askpw_flags, @@ -36,7 +35,6 @@ int acquire_fido2_key_auto( const char *friendly_name, const char *fido2_device, usec_t until, - bool headless, const char *askpw_credential, AskPasswordFlags askpw_flags, void **ret_decrypted_key, @@ -57,7 +55,6 @@ static inline int acquire_fido2_key( const void *key_data, size_t key_data_size, usec_t until, - bool headless, Fido2EnrollFlags required, const char *askpw_credential, AskPasswordFlags askpw_flags, @@ -74,7 +71,6 @@ static inline int acquire_fido2_key_auto( const char *friendly_name, const char *fido2_device, usec_t until, - bool headless, const char *askpw_credential, AskPasswordFlags askpw_flags, void **ret_decrypted_key, diff --git a/src/shared/cryptsetup-tpm2.c b/src/shared/cryptsetup-tpm2.c index 85bc42aef00..ee664a95a1a 100644 --- a/src/shared/cryptsetup-tpm2.c +++ b/src/shared/cryptsetup-tpm2.c @@ -14,7 +14,6 @@ static int get_pin( usec_t until, - bool headless, const char *askpw_credential, AskPasswordFlags askpw_flags, char **ret_pin_str) { @@ -28,7 +27,7 @@ static int get_pin( if (r < 0) return log_error_errno(r, "Failed to acquire PIN from environment: %m"); if (!r) { - if (headless) + if (FLAGS_SET(askpw_flags, ASK_PASSWORD_HEADLESS)) return log_error_errno( SYNTHETIC_ERRNO(ENOPKG), "PIN querying disabled via 'headless' option. " @@ -42,11 +41,7 @@ static int get_pin( }; pin = strv_free_erase(pin); - r = ask_password_auto( - &req, - until, - askpw_flags, - &pin); + r = ask_password_auto(&req, until, askpw_flags, &pin); if (r < 0) return log_error_errno(r, "Failed to ask for user pin: %m"); assert(strv_length(pin) == 1); @@ -81,7 +76,6 @@ int acquire_tpm2_key( const struct iovec *pcrlock_nv, TPM2Flags flags, usec_t until, - bool headless, const char *askpw_credential, AskPasswordFlags askpw_flags, struct iovec *ret_decrypted_key) { @@ -179,7 +173,7 @@ int acquire_tpm2_key( if (i <= 0) return -EACCES; - r = get_pin(until, headless, askpw_credential, askpw_flags, &pin_str); + r = get_pin(until, askpw_credential, askpw_flags, &pin_str); if (r < 0) return r; diff --git a/src/shared/cryptsetup-tpm2.h b/src/shared/cryptsetup-tpm2.h index 5809655c151..b9905f4f4b9 100644 --- a/src/shared/cryptsetup-tpm2.h +++ b/src/shared/cryptsetup-tpm2.h @@ -31,7 +31,6 @@ int acquire_tpm2_key( const struct iovec *pcrlock_nv, TPM2Flags flags, usec_t until, - bool headless, const char *askpw_credential, AskPasswordFlags askpw_flags, struct iovec *ret_decrypted_key); @@ -76,7 +75,6 @@ static inline int acquire_tpm2_key( const struct iovec *pcrlock_nv, TPM2Flags flags, usec_t until, - bool headless, const char *askpw_credential, AskPasswordFlags askpw_flags, struct iovec *ret_decrypted_key) { diff --git a/src/shared/pkcs11-util.c b/src/shared/pkcs11-util.c index bfaca79bc8b..c330d9b6e0f 100644 --- a/src/shared/pkcs11-util.c +++ b/src/shared/pkcs11-util.c @@ -295,8 +295,7 @@ int pkcs11_token_login( const char *askpw_keyring, const char *askpw_credential, usec_t until, - AskPasswordFlags ask_password_flags, - bool headless, + AskPasswordFlags askpw_flags, char **ret_used_pin) { _cleanup_free_ char *token_uri_string = NULL, *token_uri_escaped = NULL, *id = NULL, *token_label = NULL; @@ -351,7 +350,7 @@ int pkcs11_token_login( if (!passwords) return log_oom(); - } else if (headless) + } else if (FLAGS_SET(askpw_flags, ASK_PASSWORD_HEADLESS)) return log_error_errno(SYNTHETIC_ERRNO(ENOPKG), "PIN querying disabled via 'headless' option. Use the 'PIN' environment variable."); else { _cleanup_free_ char *text = NULL; @@ -384,7 +383,7 @@ int pkcs11_token_login( }; /* We never cache PINs, simply because it's fatal if we use wrong PINs, since usually there are only 3 tries */ - r = ask_password_auto(&req, until, ask_password_flags, &passwords); + r = ask_password_auto(&req, until, askpw_flags, &passwords); if (r < 0) return log_error_errno(r, "Failed to query PIN for security token '%s': %m", token_label); } @@ -1653,7 +1652,6 @@ struct pkcs11_acquire_public_key_callback_data { EVP_PKEY *pkey; const char *askpw_friendly_name, *askpw_icon, *askpw_credential; AskPasswordFlags askpw_flags; - bool headless; }; static void pkcs11_acquire_public_key_callback_data_release(struct pkcs11_acquire_public_key_callback_data *data) { @@ -1703,7 +1701,6 @@ static int pkcs11_acquire_public_key_callback( data->askpw_credential, UINT64_MAX, data->askpw_flags, - data->headless, &pin_used); if (r < 0) return r; @@ -1831,6 +1828,7 @@ int pkcs11_acquire_public_key( const char *askpw_friendly_name, const char *askpw_icon, const char *askpw_credential, + AskPasswordFlags askpw_flags, EVP_PKEY **ret_pkey, char **ret_pin_used) { @@ -1838,6 +1836,7 @@ int pkcs11_acquire_public_key( .askpw_friendly_name = askpw_friendly_name, .askpw_icon = askpw_icon, .askpw_credential = askpw_credential, + .askpw_flags = askpw_flags, }; int r; @@ -2045,7 +2044,6 @@ int pkcs11_crypt_device_callback( data->askpw_credential, data->until, data->askpw_flags, - data->headless, NULL); if (r < 0) return r; diff --git a/src/shared/pkcs11-util.h b/src/shared/pkcs11-util.h index dbd88ede677..6927a37113f 100644 --- a/src/shared/pkcs11-util.h +++ b/src/shared/pkcs11-util.h @@ -53,7 +53,7 @@ char *pkcs11_token_manufacturer_id(const CK_TOKEN_INFO *token_info); char *pkcs11_token_model(const CK_TOKEN_INFO *token_info); int pkcs11_token_login_by_pin(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, const CK_TOKEN_INFO *token_info, const char *token_label, const void *pin, size_t pin_size); -int pkcs11_token_login(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_TOKEN_INFO *token_info, const char *friendly_name, const char *icon_name, const char *key_name, const char *credential_name, usec_t until, AskPasswordFlags ask_password_flags, bool headless, char **ret_used_pin); +int pkcs11_token_login(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_TOKEN_INFO *token_info, const char *friendly_name, const char *icon_name, const char *key_name, const char *credential_name, usec_t until, AskPasswordFlags ask_password_flags, char **ret_used_pin); int pkcs11_token_find_related_object(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE prototype, CK_OBJECT_CLASS class, CK_OBJECT_HANDLE *ret_object); int pkcs11_token_find_x509_certificate(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, P11KitUri *search_uri, CK_OBJECT_HANDLE *ret_object); @@ -71,7 +71,7 @@ typedef int (*pkcs11_find_token_callback_t)(CK_FUNCTION_LIST *m, CK_SESSION_HAND int pkcs11_find_token(const char *pkcs11_uri, pkcs11_find_token_callback_t callback, void *userdata); #if HAVE_OPENSSL -int pkcs11_acquire_public_key(const char *uri, const char *askpw_friendly_name, const char *askpw_icon, const char *askpw_credential, EVP_PKEY **ret_pkey, char **ret_pin_used); +int pkcs11_acquire_public_key(const char *uri, const char *askpw_friendly_name, const char *askpw_icon, const char *askpw_credential, AskPasswordFlags askpw_flags, EVP_PKEY **ret_pkey, char **ret_pin_used); #endif typedef struct { @@ -82,7 +82,6 @@ typedef struct { void *decrypted_key; size_t decrypted_key_size; bool free_encrypted_key; - bool headless; const char *askpw_credential; AskPasswordFlags askpw_flags; } pkcs11_crypt_device_callback_data; @@ -111,7 +110,6 @@ static inline int dlopen_p11kit(void) { typedef struct { const char *friendly_name; usec_t until; - bool headless; const char *askpw_credential; AskPasswordFlags askpw_flags; } systemd_pkcs11_plugin_params; -- 2.47.3