.keyring = arg_key_name,
.credential = arg_credential_name ?: "password",
.until = timeout,
+ .hup_fd = -EBADF,
};
r = ask_password_auto(&req, arg_flags, &l);
.keyring = arg_private_key,
.credential = "bootctl.private-key-pin",
.until = USEC_INFINITY,
+ .hup_fd = -EBADF,
},
&private_key,
&ui);
.keyring = "cryptenroll",
.credential = "cryptenroll.passphrase",
.until = USEC_INFINITY,
+ .hup_fd = -EBADF,
};
for (;;) {
.keyring = "cryptenroll",
.credential = "cryptenroll.new-passphrase",
.until = USEC_INFINITY,
+ .hup_fd = -EBADF,
};
for (;;) {
.keyring = "tpm2-pin",
.credential = "cryptenroll.new-tpm2-pin",
.until = USEC_INFINITY,
+ .hup_fd = -EBADF,
};
pin = strv_free_erase(pin);
.keyring = "cryptsetup",
.credential = "cryptsetup.passphrase",
.until = until,
+ .hup_fd = -EBADF,
};
if (ignore_cached)
.keyring = keyring,
.credential = credential,
.until = until,
+ .hup_fd = -EBADF,
};
r = ask_password_auto(&req, flags, &pins);
.tty_fd = -EBADF,
.message = msg1,
.until = USEC_INFINITY,
+ .hup_fd = -EBADF,
};
r = ask_password_tty(&req, /* flags= */ 0, &a);
.keyring = "home-password",
.credential = "home.password",
.until = USEC_INFINITY,
+ .hup_fd = -EBADF,
};
r = ask_password_auto(&req, flags, &password);
.keyring = "home-recovery-key",
.credential = "home.recovery-key",
.until = USEC_INFINITY,
+ .hup_fd = -EBADF,
};
r = ask_password_auto(&req, flags, &recovery_key);
.keyring = "token-pin",
.credential = "home.token-pin",
.until = USEC_INFINITY,
+ .hup_fd = -EBADF,
};
r = ask_password_auto(&req, flags, &pin);
.keyring = "home-password",
.credential = "home.new-password",
.until = USEC_INFINITY,
+ .hup_fd = -EBADF,
};
r = ask_password_auto(
.keyring = arg_private_key,
.credential = "keyutil.private-key-pin",
.until = USEC_INFINITY,
+ .hup_fd = -EBADF,
},
&private_key,
&ui);
.keyring = arg_private_key,
.credential = "keyutil.private-key-pin",
.until = USEC_INFINITY,
+ .hup_fd = -EBADF,
},
&private_key,
&ui);
.keyring = arg_private_key,
.credential = "measure.private-key-pin",
.until = USEC_INFINITY,
+ .hup_fd = -EBADF,
},
&privkey,
&ui);
.id = "pcrlock-recovery-pin",
.credential = "pcrlock.recovery-pin",
.until = USEC_INFINITY,
+ .hup_fd = -EBADF,
};
r = ask_password_auto(
.keyring = arg_private_key,
.credential = "repart.private-key-pin",
.until = USEC_INFINITY,
+ .hup_fd = -EBADF,
},
&private_key,
&ui);
.keyring = arg_private_key,
.credential = "sbsign.private-key-pin",
.until = USEC_INFINITY,
+ .hup_fd = -EBADF,
},
&private_key,
&ui);
enum {
POLL_SOCKET,
- POLL_INOTIFY, /* Must be last, because optional */
+ POLL_TWO,
+ POLL_THREE,
_POLL_MAX,
};
struct pollfd pollfd[_POLL_MAX] = {
- [POLL_SOCKET] = { .fd = fd, .events = POLLIN },
- [POLL_INOTIFY] = { .fd = inotify_fd, .events = POLLIN },
+ [POLL_SOCKET] = {
+ .fd = fd,
+ .events = POLLIN,
+ },
};
- size_t n_pollfd = inotify_fd >= 0 ? _POLL_MAX : _POLL_MAX-1;
+ size_t n_pollfd = POLL_SOCKET + 1, inotify_idx = SIZE_MAX, hup_fd_idx = SIZE_MAX;
+ if (inotify_fd >= 0)
+ pollfd[inotify_idx = n_pollfd++] = (struct pollfd) {
+ .fd = inotify_fd,
+ .events = POLLIN,
+ };
+ if (req->hup_fd >= 0)
+ pollfd[hup_fd_idx = n_pollfd++] = (struct pollfd) {
+ .fd = req->hup_fd,
+ .events = POLLHUP,
+ };
+
+ assert(n_pollfd <= _POLL_MAX);
for (;;) {
usec_t timeout;
if (r == 0)
return -ETIME;
- if (inotify_fd >= 0 && pollfd[POLL_INOTIFY].revents != 0)
+ if (req->hup_fd >= 0 && pollfd[hup_fd_idx].revents & POLLHUP)
+ return -ECONNRESET;
+
+ if (inotify_fd >= 0 && pollfd[inotify_idx].revents != 0)
(void) flush_fd(inotify_fd);
if (pollfd[POLL_SOCKET].revents == 0)
enum {
POLL_TTY,
- POLL_INOTIFY, /* Must be last, because optional */
+ POLL_TWO,
+ POLL_THREE,
_POLL_MAX,
};
struct pollfd pollfd[_POLL_MAX] = {
- [POLL_TTY] = { .fd = ttyfd >= 0 ? ttyfd : STDIN_FILENO, .events = POLLIN },
- [POLL_INOTIFY] = { .fd = inotify_fd, .events = POLLIN },
+ [POLL_TTY] = {
+ .fd = ttyfd >= 0 ? ttyfd : STDIN_FILENO,
+ .events = POLLIN,
+ },
};
- size_t n_pollfd = inotify_fd >= 0 ? _POLL_MAX : _POLL_MAX-1;
+ size_t n_pollfd = POLL_TTY + 1, inotify_idx = SIZE_MAX, hup_fd_idx = SIZE_MAX;
+
+ if (inotify_fd >= 0)
+ pollfd[inotify_idx = n_pollfd++] = (struct pollfd) {
+ .fd = inotify_fd,
+ .events = POLLIN,
+ };
+ if (req->hup_fd >= 0)
+ pollfd[hup_fd_idx = n_pollfd++] = (struct pollfd) {
+ .fd = req->hup_fd,
+ .events = POLLHUP,
+ };
+
+ assert(n_pollfd <= _POLL_MAX);
for (;;) {
_cleanup_(erase_char) char c;
goto finish;
}
- if (inotify_fd >= 0 && pollfd[POLL_INOTIFY].revents != 0 && keyring) {
+ if (req->hup_fd >= 0 && pollfd[hup_fd_idx].revents & POLLHUP) {
+ r = -ECONNRESET;
+ goto finish;
+ }
+
+ if (inotify_fd >= 0 && pollfd[inotify_idx].revents != 0 && keyring) {
(void) flush_fd(inotify_fd);
r = ask_password_keyring(req, flags, ret);
enum {
POLL_SOCKET,
POLL_SIGNAL,
- POLL_INOTIFY, /* Must be last, because optional */
+ POLL_THREE,
+ POLL_FOUR,
_POLL_MAX
};
struct pollfd pollfd[_POLL_MAX] = {
[POLL_SOCKET] = { .fd = socket_fd, .events = POLLIN },
[POLL_SIGNAL] = { .fd = signal_fd, .events = POLLIN },
- [POLL_INOTIFY] = { .fd = inotify_fd, .events = POLLIN },
};
- size_t n_pollfd = inotify_fd >= 0 ? _POLL_MAX : _POLL_MAX - 1;
+ size_t n_pollfd = POLL_SIGNAL + 1, inotify_idx = SIZE_MAX, hup_fd_idx = SIZE_MAX;
+
+ if (inotify_fd >= 0)
+ pollfd[inotify_idx = n_pollfd++] = (struct pollfd) {
+ .fd = inotify_fd,
+ .events = POLLIN,
+ };
+ if (req->hup_fd >= 0)
+ pollfd[hup_fd_idx = n_pollfd ++] = (struct pollfd) {
+ .fd = req->hup_fd,
+ .events = POLLHUP,
+ };
+
+ assert(n_pollfd <= _POLL_MAX);
for (;;) {
CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred))) control;
goto finish;
}
- if (inotify_fd >= 0 && pollfd[POLL_INOTIFY].revents != 0) {
+ if (req->hup_fd >= 0 && pollfd[hup_fd_idx].revents & POLLHUP)
+ return -ECONNRESET;
+
+ if (inotify_fd >= 0 && pollfd[inotify_idx].revents != 0) {
(void) flush_fd(inotify_fd);
if (req && req->keyring) {
const char *credential; /* $CREDENTIALS_DIRECTORY credential name */
const char *flag_file; /* Once this flag file disappears abort the query */
int tty_fd; /* If querying on a TTY, the TTY to query on (or -EBADF) */
+ int hup_fd; /* An extra fd to watch for POLLHUP, in which case to abort the query */
usec_t until; /* CLOCK_MONOTONIC time until which to show the prompt (if zero: forever) */
} AskPasswordRequest;
.keyring = "fido2-pin",
.credential = "cryptsetup.fido2-pin",
.until = until,
+ .hup_fd = -EBADF,
};
pins = strv_free_erase(pins);
.keyring = "tpm2-pin",
.credential = askpw_credential,
.until = until,
+ .hup_fd = -EBADF,
};
pin = strv_free_erase(pin);
.keyring = "dissect",
.credential = "dissect.passphrase",
.until = USEC_INFINITY,
+ .hup_fd = -EBADF,
};
r = ask_password_auto(&req, /* flags= */ 0, &z);
.keyring = "fido2-pin",
.credential = askpw_credential,
.until = USEC_INFINITY,
+ .hup_fd = -EBADF,
};
r = ask_password_auto(&req, /* flags= */ 0, &pin);
.keyring = askpw_keyring,
.credential = askpw_credential,
.until = until,
+ .hup_fd = -EBADF,
};
/* We never cache PINs, simply because it's fatal if we use wrong PINs, since usually there are only 3 tries */
.message = "hello?",
.keyring = "da key",
.until = USEC_INFINITY,
+ .hup_fd = -EBADF,
};
r = ask_password_tty(&req, /* flags= */ ASK_PASSWORD_CONSOLE_COLOR, &ret);
.message = message,
.flag_file = flag_file,
.until = until,
+ .hup_fd = -EBADF,
};
r = ask_password_tty(&req, flags, ret);
.message = message,
.flag_file = filename,
.until = not_after,
+ .hup_fd = -EBADF,
};
r = ask_password_plymouth(&req, flags, &passwords);
projects / thirdparty / systemd.git / commitdiff
