mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
Cryptenroll pager and tweaks (#35517)
This commit is contained in:
commit
18d2d10c17
@ -720,14 +720,16 @@
|
||||
<term><option>--list-devices</option></term>
|
||||
|
||||
<listitem><para>Show a list of candidate block devices this command may operate on. Specifically,
|
||||
this enumerates block devices currently present that contain a LUKS superblock, and shows their device
|
||||
node paths along with any of their symlinks.</para>
|
||||
this enumerates block devices currently present that contain a LUKS superblock, and shows their
|
||||
device node paths along with any of their symlinks. The devices must implement the
|
||||
<option>hmac-secret</option> extension to be useable.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<xi:include href="standard-options.xml" xpointer="help" />
|
||||
<xi:include href="standard-options.xml" xpointer="version" />
|
||||
<xi:include href="standard-options.xml" xpointer="no-pager" />
|
||||
</variablelist>
|
||||
|
||||
</refsect1>
|
||||
|
@ -23,6 +23,7 @@
|
||||
#include "libfido2-util.h"
|
||||
#include "main-func.h"
|
||||
#include "memory-util.h"
|
||||
#include "pager.h"
|
||||
#include "parse-argument.h"
|
||||
#include "parse-util.h"
|
||||
#include "path-util.h"
|
||||
@ -54,6 +55,7 @@ static uint32_t arg_tpm2_public_key_pcr_mask = 0;
|
||||
static char *arg_tpm2_signature = NULL;
|
||||
static char *arg_tpm2_pcrlock = NULL;
|
||||
static char *arg_node = NULL;
|
||||
PagerFlags arg_pager_flags = 0;
|
||||
static int *arg_wipe_slots = NULL;
|
||||
static size_t arg_n_wipe_slots = 0;
|
||||
static WipeScope arg_wipe_slots_scope = WIPE_EXPLICIT;
|
||||
@ -172,6 +174,8 @@ static int help(void) {
|
||||
_cleanup_free_ char *link = NULL;
|
||||
int r;
|
||||
|
||||
pager_open(arg_pager_flags);
|
||||
|
||||
r = terminal_urlify_man("systemd-cryptenroll", "1", &link);
|
||||
if (r < 0)
|
||||
return log_oom();
|
||||
@ -180,6 +184,7 @@ static int help(void) {
|
||||
"%5$sEnroll a security token or authentication credential to a LUKS volume.%6$s\n\n"
|
||||
" -h --help Show this help\n"
|
||||
" --version Show package version\n"
|
||||
" --no-pager Do not spawn a pager\n"
|
||||
" --list-devices List candidate block devices to operate on\n"
|
||||
" --wipe-slot=SLOT1,SLOT2,…\n"
|
||||
" Wipe specified slots\n"
|
||||
@ -194,11 +199,11 @@ static int help(void) {
|
||||
" --password Enroll a user-supplied password\n"
|
||||
" --recovery-key Enroll a recovery key\n"
|
||||
"\n%3$sPKCS#11 Enrollment:%4$s\n"
|
||||
" --pkcs11-token-uri=URI\n"
|
||||
" Specify PKCS#11 security token URI\n"
|
||||
" --pkcs11-token-uri=URI|auto|list\n"
|
||||
" Enroll a PKCS#11 security token or list them\n"
|
||||
"\n%3$sFIDO2 Enrollment:%4$s\n"
|
||||
" --fido2-device=PATH\n"
|
||||
" Enroll a FIDO2-HMAC security token\n"
|
||||
" --fido2-device=PATH|auto|list\n"
|
||||
" Enroll a FIDO2-HMAC security token or list them\n"
|
||||
" --fido2-salt-file=PATH\n"
|
||||
" Use salt from a file instead of generating one\n"
|
||||
" --fido2-parameters-in-header=BOOL\n"
|
||||
@ -212,8 +217,8 @@ static int help(void) {
|
||||
" --fido2-with-user-verification=BOOL\n"
|
||||
" Whether to require user verification to unlock the volume\n"
|
||||
"\n%3$sTPM2 Enrollment:%4$s\n"
|
||||
" --tpm2-device=PATH\n"
|
||||
" Enroll a TPM2 device\n"
|
||||
" --tpm2-device=PATH|auto|list\n"
|
||||
" Enroll a TPM2 device or list them\n"
|
||||
" --tpm2-device-key=PATH\n"
|
||||
" Enroll a TPM2 device using its public key\n"
|
||||
" --tpm2-seal-key-handle=HANDLE\n"
|
||||
@ -245,6 +250,7 @@ static int help(void) {
|
||||
static int parse_argv(int argc, char *argv[]) {
|
||||
enum {
|
||||
ARG_VERSION = 0x100,
|
||||
ARG_NO_PAGER,
|
||||
ARG_PASSWORD,
|
||||
ARG_RECOVERY_KEY,
|
||||
ARG_UNLOCK_KEYFILE,
|
||||
@ -274,6 +280,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
static const struct option options[] = {
|
||||
{ "help", no_argument, NULL, 'h' },
|
||||
{ "version", no_argument, NULL, ARG_VERSION },
|
||||
{ "no-pager", no_argument, NULL, ARG_NO_PAGER },
|
||||
{ "password", no_argument, NULL, ARG_PASSWORD },
|
||||
{ "recovery-key", no_argument, NULL, ARG_RECOVERY_KEY },
|
||||
{ "unlock-key-file", required_argument, NULL, ARG_UNLOCK_KEYFILE },
|
||||
@ -307,7 +314,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
assert(argc >= 0);
|
||||
assert(argv);
|
||||
|
||||
while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) {
|
||||
while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
|
||||
|
||||
switch (c) {
|
||||
|
||||
@ -317,6 +324,10 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
case ARG_VERSION:
|
||||
return version();
|
||||
|
||||
case ARG_NO_PAGER:
|
||||
arg_pager_flags |= PAGER_DISABLE;
|
||||
break;
|
||||
|
||||
case ARG_FIDO2_WITH_PIN:
|
||||
r = parse_boolean_argument("--fido2-with-client-pin=", optarg, NULL);
|
||||
if (r < 0)
|
||||
@ -634,7 +645,6 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
default:
|
||||
assert_not_reached();
|
||||
}
|
||||
}
|
||||
|
||||
if (argc > optind+1)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
|
@ -1253,6 +1253,8 @@ static int make_security_device_monitor(
|
||||
assert(ret_monitor);
|
||||
|
||||
/* Waits for a device with "security-device" tag to show up in udev */
|
||||
log_debug("Creating device monitor for tag 'security-device' with timeout %s",
|
||||
FORMAT_TIMESPAN(arg_token_timeout_usec, 1*USEC_PER_SEC));
|
||||
|
||||
r = sd_event_default(&event);
|
||||
if (r < 0)
|
||||
@ -2600,7 +2602,7 @@ static int run(int argc, char *argv[]) {
|
||||
return r;
|
||||
|
||||
/* Key not correct? Let's try again, but let's invalidate one of the passed fields,
|
||||
* so that we fallback to the next best thing. */
|
||||
* so that we fall back to the next best thing. */
|
||||
|
||||
if (token_type == TOKEN_TPM2) {
|
||||
arg_tpm2_device = mfree(arg_tpm2_device);
|
||||
|
@ -1124,7 +1124,7 @@ int fido2_list_devices(void) {
|
||||
goto finish;
|
||||
}
|
||||
|
||||
t = table_new("path", "manufacturer", "product");
|
||||
t = table_new("path", "manufacturer", "product", "compatible");
|
||||
if (!t) {
|
||||
r = log_oom();
|
||||
goto finish;
|
||||
@ -1143,14 +1143,14 @@ int fido2_list_devices(void) {
|
||||
r = check_device_is_fido2_with_hmac_secret(sym_fido_dev_info_path(entry));
|
||||
if (r < 0)
|
||||
goto finish;
|
||||
if (!r)
|
||||
continue;
|
||||
bool compatible = r > 0;
|
||||
|
||||
r = table_add_many(
|
||||
t,
|
||||
TABLE_PATH, sym_fido_dev_info_path(entry),
|
||||
TABLE_STRING, sym_fido_dev_info_manufacturer_string(entry),
|
||||
TABLE_STRING, sym_fido_dev_info_product_string(entry));
|
||||
TABLE_STRING, sym_fido_dev_info_product_string(entry),
|
||||
TABLE_BOOLEAN_CHECKMARK, compatible);
|
||||
if (r < 0) {
|
||||
table_log_add_error(r);
|
||||
goto finish;
|
||||
|
Loading…
Reference in New Issue
Block a user