.id = arg_id,
.keyring = arg_key_name,
.credential = arg_credential_name ?: "password",
+ .until = timeout,
};
- r = ask_password_auto(&req, timeout, arg_flags, &l);
+ r = ask_password_auto(&req, arg_flags, &l);
if (r < 0)
return log_error_errno(r, "Failed to query password: %m");
.id = "bootctl-private-key-pin",
.keyring = arg_private_key,
.credential = "bootctl.private-key-pin",
+ .until = USEC_INFINITY,
},
&private_key,
&ui);
.id = id,
.keyring = "cryptenroll",
.credential = "cryptenroll.passphrase",
+ .until = USEC_INFINITY,
};
for (;;) {
return log_error_errno(SYNTHETIC_ERRNO(ENOKEY),
"Too many attempts, giving up.");
- r = ask_password_auto(&req, USEC_INFINITY, ask_password_flags, &passwords);
+ r = ask_password_auto(&req, ask_password_flags, &passwords);
if (r < 0)
return log_error_errno(r, "Failed to query password: %m");
.id = id,
.keyring = "cryptenroll",
.credential = "cryptenroll.new-passphrase",
+ .until = USEC_INFINITY,
};
for (;;) {
req.message = question;
- r = ask_password_auto(&req, USEC_INFINITY, /* flags= */ 0, &passwords);
+ r = ask_password_auto(&req, /* flags= */ 0, &passwords);
if (r < 0)
return log_error_errno(r, "Failed to query password: %m");
req.message = question;
- r = ask_password_auto(&req, USEC_INFINITY, /* flags= */ 0, &passwords2);
+ r = ask_password_auto(&req, /* flags= */ 0, &passwords2);
if (r < 0)
return log_error_errno(r, "Failed to query password: %m");
.icon = "drive-harddisk",
.keyring = "tpm2-pin",
.credential = "cryptenroll.new-tpm2-pin",
+ .until = USEC_INFINITY,
};
pin = strv_free_erase(pin);
r = ask_password_auto(
&req,
- /* until= */ USEC_INFINITY,
/* flags= */ 0,
&pin);
if (r < 0)
r = ask_password_auto(
&req,
- USEC_INFINITY,
/* flags= */ 0,
&pin2);
if (r < 0)
.id = id,
.keyring = "cryptsetup",
.credential = "cryptsetup.passphrase",
+ .until = until,
};
if (ignore_cached)
flags &= ~ASK_PASSWORD_ACCEPT_CACHED;
- r = ask_password_auto(&req, until, flags, &passwords);
+ r = ask_password_auto(&req, flags, &passwords);
if (r < 0)
return log_error_errno(r, "Failed to query password: %m");
req.message = text;
req.id = id;
- r = ask_password_auto(&req, until, flags, &passwords2);
+ r = ask_password_auto(&req, flags, &passwords2);
if (r < 0)
return log_error_errno(r, "Failed to query verification password: %m");
.icon = "drive-harddisk",
.keyring = keyring,
.credential = credential,
+ .until = until,
};
- r = ask_password_auto(&req, until, flags, &pins);
+ r = ask_password_auto(&req, flags, &pins);
if (r < 0)
return r;
AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = msg1,
+ .until = USEC_INFINITY,
};
- r = ask_password_tty(&req, /* until= */ 0, /* flags= */ 0, &a);
+ r = ask_password_tty(&req, /* flags= */ 0, &a);
if (r < 0)
return log_error_errno(r, "Failed to query root password: %m");
if (strv_length(a) != 1)
req.message = msg2;
- r = ask_password_tty(&req, /* until= */ 0, /* flags= */ 0, &b);
+ r = ask_password_tty(&req, /* flags= */ 0, &b);
if (r < 0)
return log_error_errno(r, "Failed to query root password: %m");
if (strv_length(b) != 1)
.icon = "user-home",
.keyring = "home-password",
.credential = "home.password",
+ .until = USEC_INFINITY,
};
- r = ask_password_auto(&req, USEC_INFINITY, flags, &password);
+ r = ask_password_auto(&req, flags, &password);
if (r == -EUNATCH) { /* EUNATCH is returned if no password was found and asking interactively was
* disabled via the flags. Not an error for us. */
log_debug_errno(r, "No passwords acquired.");
.icon = "user-home",
.keyring = "home-recovery-key",
.credential = "home.recovery-key",
+ .until = USEC_INFINITY,
};
- r = ask_password_auto(&req, USEC_INFINITY, flags, &recovery_key);
+ r = ask_password_auto(&req, flags, &recovery_key);
if (r == -EUNATCH) { /* EUNATCH is returned if no recovery key was found and asking interactively was
* disabled via the flags. Not an error for us. */
log_debug_errno(r, "No recovery keys acquired.");
.icon = "user-home",
.keyring = "token-pin",
.credential = "home.token-pin",
+ .until = USEC_INFINITY,
};
- r = ask_password_auto(&req, USEC_INFINITY, flags, &pin);
+ r = ask_password_auto(&req, flags, &pin);
if (r == -EUNATCH) { /* EUNATCH is returned if no PIN was found and asking interactively was disabled
* via the flags. Not an error for us. */
log_debug_errno(r, "No security token PINs acquired.");
.icon = "user-home",
.keyring = "home-password",
.credential = "home.new-password",
+ .until = USEC_INFINITY,
};
r = ask_password_auto(
&req,
- USEC_INFINITY,
/* flags= */ 0, /* no caching, we want to collect a new password here after all */
&first);
if (r < 0)
r = ask_password_auto(
&req,
- USEC_INFINITY,
/* flags= */ 0, /* no caching */
&second);
if (r < 0)
.id = "keyutil-private-key-pin",
.keyring = arg_private_key,
.credential = "keyutil.private-key-pin",
+ .until = USEC_INFINITY,
},
&private_key,
&ui);
.id = "keyutil-private-key-pin",
.keyring = arg_private_key,
.credential = "keyutil.private-key-pin",
+ .until = USEC_INFINITY,
},
&private_key,
&ui);
.id = "measure-private-key-pin",
.keyring = arg_private_key,
.credential = "measure.private-key-pin",
+ .until = USEC_INFINITY,
},
&privkey,
&ui);
.message = "Recovery PIN",
.id = "pcrlock-recovery-pin",
.credential = "pcrlock.recovery-pin",
+ .until = USEC_INFINITY,
};
r = ask_password_auto(
&req,
- /* until= */ 0,
/* flags= */ 0,
&l);
if (r < 0)
.id = "repart-private-key-pin",
.keyring = arg_private_key,
.credential = "repart.private-key-pin",
+ .until = USEC_INFINITY,
},
&private_key,
&ui);
.id = "sbsign-private-key-pin",
.keyring = arg_private_key,
.credential = "sbsign.private-key-pin",
+ .until = USEC_INFINITY,
},
&private_key,
&ui);
int ask_password_plymouth(
const AskPasswordRequest *req,
- usec_t until,
AskPasswordFlags flags,
char ***ret) {
for (;;) {
usec_t timeout;
- if (until > 0)
- timeout = usec_sub_unsigned(until, now(CLOCK_MONOTONIC));
+ if (req->until > 0)
+ timeout = usec_sub_unsigned(req->until, now(CLOCK_MONOTONIC));
else
timeout = USEC_INFINITY;
int ask_password_tty(
const AskPasswordRequest *req,
- usec_t until,
AskPasswordFlags flags,
char ***ret) {
usec_t timeout;
ssize_t n;
- if (until > 0)
- timeout = usec_sub_unsigned(until, now(CLOCK_MONOTONIC));
+ if (req->until > 0)
+ timeout = usec_sub_unsigned(req->until, now(CLOCK_MONOTONIC));
else
timeout = USEC_INFINITY;
int ask_password_agent(
const AskPasswordRequest *req,
- usec_t until,
AskPasswordFlags flags,
char ***ret) {
socket_name,
FLAGS_SET(flags, ASK_PASSWORD_ACCEPT_CACHED),
FLAGS_SET(flags, ASK_PASSWORD_ECHO),
- until,
+ req->until,
FLAGS_SET(flags, ASK_PASSWORD_SILENT));
if (req) {
usec_t timeout;
ssize_t n;
- if (until > 0)
- timeout = usec_sub_unsigned(until, now(CLOCK_MONOTONIC));
+ if (req->until > 0)
+ timeout = usec_sub_unsigned(req->until, now(CLOCK_MONOTONIC));
else
timeout = USEC_INFINITY;
int ask_password_auto(
const AskPasswordRequest *req,
- usec_t until,
AskPasswordFlags flags,
char ***ret) {
}
if (!FLAGS_SET(flags, ASK_PASSWORD_NO_TTY) && isatty_safe(STDIN_FILENO))
- return ask_password_tty(req, until, flags, ret);
+ return ask_password_tty(req, flags, ret);
if (!FLAGS_SET(flags, ASK_PASSWORD_NO_AGENT))
- return ask_password_agent(req, until, flags, ret);
+ return ask_password_agent(req, flags, ret);
return -EUNATCH;
}
const char *credential; /* $CREDENTIALS_DIRECTORY credential name */
const char *flag_file; /* Once this flag file disappears abort the query */
int tty_fd; /* If querying on a TTY, the TTY to query on (or -EBADF) */
+ usec_t until; /* CLOCK_MONOTONIC time until which to show the prompt (if zero: forever) */
} AskPasswordRequest;
-int ask_password_tty(const AskPasswordRequest *req, usec_t until, AskPasswordFlags flags, char ***ret);
-int ask_password_plymouth(const AskPasswordRequest *req, usec_t until, AskPasswordFlags flags, char ***ret);
-int ask_password_agent(const AskPasswordRequest *req, usec_t until, AskPasswordFlags flag, char ***ret);
-int ask_password_auto(const AskPasswordRequest *req, usec_t until, AskPasswordFlags flag, char ***ret);
+int ask_password_tty(const AskPasswordRequest *req, AskPasswordFlags flags, char ***ret);
+int ask_password_plymouth(const AskPasswordRequest *req, AskPasswordFlags flags, char ***ret);
+int ask_password_agent(const AskPasswordRequest *req, AskPasswordFlags flag, char ***ret);
+int ask_password_auto(const AskPasswordRequest *req, AskPasswordFlags flag, char ***ret);
int acquire_user_ask_password_directory(char **ret);
if (FLAGS_SET(askpw_flags, ASK_PASSWORD_HEADLESS))
return log_error_errno(SYNTHETIC_ERRNO(ENOPKG), "PIN querying disabled via 'headless' option. Use the '$PIN' environment variable.");
- static const AskPasswordRequest req = {
+ AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = "Please enter security token PIN:",
.icon = "drive-harddisk",
.keyring = "fido2-pin",
.credential = "cryptsetup.fido2-pin",
+ .until = until,
};
pins = strv_free_erase(pins);
- r = ask_password_auto(&req, until, askpw_flags, &pins);
+ r = ask_password_auto(&req, askpw_flags, &pins);
if (r < 0)
return log_error_errno(r, "Failed to ask for user password: %m");
.icon = "drive-harddisk",
.keyring = "tpm2-pin",
.credential = askpw_credential,
+ .until = until,
};
pin = strv_free_erase(pin);
- r = ask_password_auto(&req, until, askpw_flags, &pin);
+ r = ask_password_auto(&req, askpw_flags, &pin);
if (r < 0)
return log_error_errno(r, "Failed to ask for user pin: %m");
assert(strv_length(pin) == 1);
.id = "dissect",
.keyring = "dissect",
.credential = "dissect.passphrase",
+ .until = USEC_INFINITY,
};
- r = ask_password_auto(&req, USEC_INFINITY, /* flags= */ 0, &z);
+ r = ask_password_auto(&req, /* flags= */ 0, &z);
if (r < 0)
return log_error_errno(r, "Failed to query for passphrase: %m");
.icon = askpw_icon,
.keyring = "fido2-pin",
.credential = askpw_credential,
+ .until = USEC_INFINITY,
};
- r = ask_password_auto(&req, USEC_INFINITY, /* flags= */ 0, &pin);
+ r = ask_password_auto(&req, /* flags= */ 0, &pin);
if (r < 0)
return log_error_errno(r, "Failed to acquire user PIN: %m");
req->message = UI_get0_output_string(uis);
_cleanup_(strv_freep) char **l = NULL;
- r = ask_password_auto(req, /*until=*/ 0, ASK_PASSWORD_ACCEPT_CACHED|ASK_PASSWORD_PUSH_CACHE, &l);
+ r = ask_password_auto(req, ASK_PASSWORD_ACCEPT_CACHED|ASK_PASSWORD_PUSH_CACHE, &l);
if (r < 0) {
log_error_errno(r, "Failed to query for PIN: %m");
return 0;
.id = id,
.keyring = askpw_keyring,
.credential = askpw_credential,
+ .until = until,
};
/* We never cache PINs, simply because it's fatal if we use wrong PINs, since usually there are only 3 tries */
- r = ask_password_auto(&req, until, askpw_flags, &passwords);
+ r = ask_password_auto(&req, askpw_flags, &passwords);
if (r < 0)
return log_error_errno(r, "Failed to query PIN for security token '%s': %m", token_label);
}
.tty_fd = -EBADF,
.message = "hello?",
.keyring = "da key",
+ .until = USEC_INFINITY,
};
- r = ask_password_tty(&req, /* until= */ 0, /* flags= */ ASK_PASSWORD_CONSOLE_COLOR, &ret);
+ r = ask_password_tty(&req, /* flags= */ ASK_PASSWORD_CONSOLE_COLOR, &ret);
if (r == -ECANCELED)
ASSERT_NULL(ret);
else {
.tty_fd = tty_fd,
.message = message,
.flag_file = flag_file,
+ .until = until,
};
- r = ask_password_tty(&req, until, flags, ret);
+ r = ask_password_tty(&req, flags, ret);
if (arg_console) {
assert(tty_fd >= 0);
.tty_fd = -EBADF,
.message = message,
.flag_file = filename,
+ .until = not_after,
};
- r = ask_password_plymouth(&req, not_after, flags, &passwords);
+ r = ask_password_plymouth(&req, flags, &passwords);
} else
r = agent_ask_password_tty(message, not_after, flags, filename, &passwords);
if (r < 0) {
projects / thirdparty / systemd.git / commitdiff
