shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-03 05:18:09 +03:00
Code

ask-password-api: move tty_fd into AskPasswordRequest structure, too

Browse Source
This commit is contained in:
Lennart Poettering 2024-11-07 10:30:34 +01:00
parent 975301170f
commit 187bfa7b0d
21 changed files with 37 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/ask-password/ask-password.c
View File

@ -252,6 +252,7 @@ static int run(int argc, char *argv[]) {
timeout = arg_timeout > 0 ? usec_add(now(CLOCK_MONOTONIC), arg_timeout) : 0;
AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = arg_message,
.icon = arg_icon,
.id = arg_id,

1
src/bootctl/bootctl-install.c
View File

@ -984,6 +984,7 @@ int verb_install(int argc, char *argv[], void *userdata) {
arg_private_key_source,
arg_private_key,
&(AskPasswordRequest) {
.tty_fd = -EBADF,
.id = "bootctl-private-key-pin",
.keyring = arg_private_key,
.credential = "bootctl.private-key-pin",

2
src/cryptenroll/cryptenroll-password.c
View File

@ -55,6 +55,7 @@ int load_volume_key_password(
return log_oom();
AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = question,
.icon = "drive-harddisk",
.id = id,
@ -130,6 +131,7 @@ int enroll_password(
return log_oom();
AskPasswordRequest req = {
.tty_fd = -EBADF,
.icon = "drive-harddisk",
.id = id,
.keyring = "cryptenroll",

1
src/cryptenroll/cryptenroll-tpm2.c
View File

@ -119,6 +119,7 @@ static int get_pin(char **ret_pin_str, TPM2Flags *ret_flags) {
SYNTHETIC_ERRNO(ENOKEY), "Too many attempts, giving up.");
AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = "Please enter TPM2 PIN:",
.icon = "drive-harddisk",
.keyring = "tpm2-pin",

2
src/cryptsetup/cryptsetup.c
View File

@ -906,6 +906,7 @@ static int get_password(
return log_oom();
AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = text,
.icon = "drive-harddisk",
.id = id,
@ -1422,6 +1423,7 @@ static int crypt_activate_by_token_pin_ask_password(
pins = strv_free_erase(pins);
AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = message,
.icon = "drive-harddisk",
.keyring = keyring,

5
src/firstboot/firstboot.c
View File

@ -735,10 +735,11 @@ static int prompt_root_password(int rfd) {
_cleanup_free_ char *error = NULL;
AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = msg1,
};
r = ask_password_tty(-EBADF, &req, /* until= */ 0, /* flags= */ 0, &a);
r = ask_password_tty(&req, /* until= */ 0, /* flags= */ 0, &a);
if (r < 0)
return log_error_errno(r, "Failed to query root password: %m");
if (strv_length(a) != 1)
@ -760,7 +761,7 @@ static int prompt_root_password(int rfd) {
req.message = msg2;
r = ask_password_tty(-EBADF, &req, /* until= */ 0, /* flags= */ 0, &b);
r = ask_password_tty(&req, /* until= */ 0, /* flags= */ 0, &b);
if (r < 0)
return log_error_errno(r, "Failed to query root password: %m");
if (strv_length(b) != 1)

4
src/home/homectl.c
View File

@ -263,6 +263,7 @@ static int acquire_existing_password(
return log_oom();
AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = question,
.icon = "user-home",
.keyring = "home-password",
@ -321,6 +322,7 @@ static int acquire_recovery_key(
return log_oom();
AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = question,
.icon = "user-home",
.keyring = "home-recovery-key",
@ -375,6 +377,7 @@ static int acquire_token_pin(
return log_oom();
AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = question,
.icon = "user-home",
.keyring = "token-pin",
@ -1229,6 +1232,7 @@ static int acquire_new_password(
return log_oom();
AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = question,
.icon = "user-home",
.keyring = "home-password",

2
src/keyutil/keyutil.c
View File

@ -182,6 +182,7 @@ static int verb_validate(int argc, char *argv[], void *userdata) {
arg_private_key_source,
arg_private_key,
&(AskPasswordRequest) {
.tty_fd = -EBADF,
.id = "keyutil-private-key-pin",
.keyring = arg_private_key,
.credential = "keyutil.private-key-pin",
@ -238,6 +239,7 @@ static int verb_public(int argc, char *argv[], void *userdata) {
arg_private_key_source,
arg_private_key,
&(AskPasswordRequest) {
.tty_fd = -EBADF,
.id = "keyutil-private-key-pin",
.keyring = arg_private_key,
.credential = "keyutil.private-key-pin",

1
src/measure/measure.c
View File

@ -888,6 +888,7 @@ static int verb_sign(int argc, char *argv[], void *userdata) {
arg_private_key_source,
arg_private_key,
&(AskPasswordRequest) {
.tty_fd = -EBADF,
.id = "measure-private-key-pin",
.keyring = arg_private_key,
.credential = "measure.private-key-pin",

1
src/pcrlock/pcrlock.c
View File

@ -4550,6 +4550,7 @@ static int make_policy(bool force, RecoveryPinMode recovery_pin_mode) {
_cleanup_(strv_free_erasep) char **l = NULL;
AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = "Recovery PIN",
.id = "pcrlock-recovery-pin",
.credential = "pcrlock.recovery-pin",

1
src/repart/repart.c
View File

@ -8572,6 +8572,7 @@ static int parse_argv(int argc, char *argv[], X509 **ret_certificate, EVP_PKEY *
arg_private_key_source,
arg_private_key,
&(AskPasswordRequest) {
.tty_fd = -EBADF,
.id = "repart-private-key-pin",
.keyring = arg_private_key,
.credential = "repart.private-key-pin",

1
src/sbsign/sbsign.c
View File

@ -203,6 +203,7 @@ static int verb_sign(int argc, char *argv[], void *userdata) {
arg_private_key_source,
arg_private_key,
&(AskPasswordRequest) {
.tty_fd = -EBADF,
.id = "sbsign-private-key-pin",
.keyring = arg_private_key,
.credential = "sbsign.private-key-pin",

8
src/shared/ask-password-api.c
View File

@ -463,7 +463,6 @@ int ask_password_plymouth(
#define SKIPPED "(skipped)"
int ask_password_tty(
int ttyfd,
const AskPasswordRequest *req,
usec_t until,
AskPasswordFlags flags,
@ -526,8 +525,11 @@ int ask_password_tty(
CLEANUP_ERASE(passphrase);
/* If the caller didn't specify a TTY, then use the controlling tty, if we can. */
if (ttyfd < 0)
int ttyfd;
if (req->tty_fd < 0)
ttyfd = cttyfd = open("/dev/tty", O_RDWR|O_NOCTTY|O_CLOEXEC);
else
ttyfd = req->tty_fd;
if (ttyfd >= 0) {
if (tcgetattr(ttyfd, &old_termios) < 0)
@ -1128,7 +1130,7 @@ int ask_password_auto(
}
if (!FLAGS_SET(flags, ASK_PASSWORD_NO_TTY) && isatty_safe(STDIN_FILENO))
return ask_password_tty(-EBADF, req, until, flags, ret);
return ask_password_tty(req, until, flags, ret);
if (!FLAGS_SET(flags, ASK_PASSWORD_NO_AGENT))
return ask_password_agent(req, until, flags, ret);

3
src/shared/ask-password-api.h
View File

@ -27,9 +27,10 @@ typedef struct AskPasswordRequest {
const char *id; /* some identifier used for this prompt for the "ask-password" protocol */
const char *credential; /* $CREDENTIALS_DIRECTORY credential name */
const char *flag_file; /* Once this flag file disappears abort the query */
int tty_fd; /* If querying on a TTY, the TTY to query on (or -EBADF) */
} AskPasswordRequest;
int ask_password_tty(int tty_fd, const AskPasswordRequest *req, usec_t until, AskPasswordFlags flags, char ***ret);
int ask_password_tty(const AskPasswordRequest *req, usec_t until, AskPasswordFlags flags, char ***ret);
int ask_password_plymouth(const AskPasswordRequest *req, usec_t until, AskPasswordFlags flags, char ***ret);
int ask_password_agent(const AskPasswordRequest *req, usec_t until, AskPasswordFlags flag, char ***ret);
int ask_password_auto(const AskPasswordRequest *req, usec_t until, AskPasswordFlags flag, char ***ret);

1
src/shared/cryptsetup-fido2.c
View File

@ -112,6 +112,7 @@ int acquire_fido2_key(
return log_error_errno(SYNTHETIC_ERRNO(ENOPKG), "PIN querying disabled via 'headless' option. Use the '$PIN' environment variable.");
static const AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = "Please enter security token PIN:",
.icon = "drive-harddisk",
.keyring = "fido2-pin",

1
src/shared/cryptsetup-tpm2.c
View File

@ -35,6 +35,7 @@ static int get_pin(
"Use the '$PIN' environment variable.");
AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = "Please enter TPM2 PIN:",
.icon = "drive-harddisk",
.keyring = "tpm2-pin",

1
src/shared/dissect-image.c
View File

@ -3077,6 +3077,7 @@ int dissected_image_decrypt_interactively(
z = strv_free_erase(z);
static const AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = "Please enter image passphrase:",
.id = "dissect",
.keyring = "dissect",

1
src/shared/libfido2-util.c
View File

@ -857,6 +857,7 @@ int fido2_generate_hmac_hash(
for (;;) {
_cleanup_strv_free_erase_ char **pin = NULL;
AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = "Please enter security token PIN:",
.icon = askpw_icon,
.keyring = "fido2-pin",

1
src/shared/pkcs11-util.c
View File

@ -380,6 +380,7 @@ int pkcs11_token_login(
return log_oom();
AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = text,
.icon = askpw_icon,
.id = id,

3
src/test/test-ask-password-api.c
View File

@ -9,11 +9,12 @@ TEST(ask_password) {
int r;
static const AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = "hello?",
.keyring = "da key",
};
r = ask_password_tty(-EBADF, &req, /* until= */ 0, /* flags= */ ASK_PASSWORD_CONSOLE_COLOR, &ret);
r = ask_password_tty(&req, /* until= */ 0, /* flags= */ ASK_PASSWORD_CONSOLE_COLOR, &ret);
if (r == -ECANCELED)
ASSERT_NULL(ret);
else {

4
src/tty-ask-password-agent/tty-ask-password-agent.c
View File

@ -148,11 +148,12 @@ static int agent_ask_password_tty(
}
AskPasswordRequest req = {
.tty_fd = tty_fd,
.message = message,
.flag_file = flag_file,
};
r = ask_password_tty(tty_fd, &req, until, flags, ret);
r = ask_password_tty(&req, until, flags, ret);
if (arg_console) {
assert(tty_fd >= 0);
@ -254,6 +255,7 @@ static int process_one_password_file(const char *filename, FILE *f) {
} else {
if (arg_plymouth) {
AskPasswordRequest req = {
.tty_fd = -EBADF,
.message = message,
.flag_file = filename,
};