shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-02-23 13:57:33 +03:00
Code

Add crypttab option silent

Browse Source 
Adds a crypttab option 'silent' that enables the AskPasswordFlag
ASK_PASSWORD_SILENT. This allows usage of systemd-cryptsetup to default
to silent mode, rather than requiring the user to press tab every time.
This commit is contained in:
Sebastian Blunt 2021-05-14 20:39:54 -07:00 committed by Zbigniew Jędrzejewski-Szmek
parent d57e871c60
commit 1fa94a3124
4 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
man/crypttab.xml
View File

@ -528,6 +528,13 @@
prevent typos.</para></listitem> prevent typos.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><option>silent</option></term>
<listitem><para>If the encryption password is read from console, no asterisks will be shown
while typing the password.</para></listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><option>pkcs11-uri=</option></term> <term><option>pkcs11-uri=</option></term>

8
src/cryptsetup/cryptsetup.c
View File

@ -57,6 +57,7 @@ static char *arg_header = NULL;
static unsigned arg_tries = 3; static unsigned arg_tries = 3;
static bool arg_readonly = false; static bool arg_readonly = false;
static bool arg_verify = false; static bool arg_verify = false;
static bool arg_silent = false;
static bool arg_discards = false; static bool arg_discards = false;
static bool arg_same_cpu_crypt = false; static bool arg_same_cpu_crypt = false;
static bool arg_submit_from_crypt_cpus = false; static bool arg_submit_from_crypt_cpus = false;
@ -233,6 +234,8 @@ static int parse_one_option(const char *option) {
arg_readonly = true; arg_readonly = true;
else if (streq(option, "verify")) else if (streq(option, "verify"))
arg_verify = true; arg_verify = true;
else if (streq(option, "silent"))
arg_silent = true;
else if (STR_IN_SET(option, "allow-discards", "discard")) else if (STR_IN_SET(option, "allow-discards", "discard"))
arg_discards = true; arg_discards = true;
else if (streq(option, "same-cpu-crypt")) else if (streq(option, "same-cpu-crypt"))
@ -539,6 +542,7 @@ static int get_password(
_cleanup_strv_free_erase_ char **passwords = NULL; _cleanup_strv_free_erase_ char **passwords = NULL;
char **p, *id; char **p, *id;
int r = 0; int r = 0;
AskPasswordFlags flags = ASK_PASSWORD_PUSH_CACHE | (arg_silent*ASK_PASSWORD_SILENT);
assert(vol); assert(vol);
assert(src); assert(src);
@ -561,7 +565,7 @@ static int get_password(
id = strjoina("cryptsetup:", disk_path); id = strjoina("cryptsetup:", disk_path);
r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", "cryptsetup.passphrase", until, r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", "cryptsetup.passphrase", until,
ASK_PASSWORD_PUSH_CACHE | (accept_cached*ASK_PASSWORD_ACCEPT_CACHED), flags | (accept_cached*ASK_PASSWORD_ACCEPT_CACHED),
&passwords); &passwords);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to query password: %m"); return log_error_errno(r, "Failed to query password: %m");
@ -576,7 +580,7 @@ static int get_password(
id = strjoina("cryptsetup-verification:", disk_path); id = strjoina("cryptsetup-verification:", disk_path);
r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", "cryptsetup.passphrase", until, ASK_PASSWORD_PUSH_CACHE, &passwords2); r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", "cryptsetup.passphrase", until, flags, &passwords2);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to query verification password: %m"); return log_error_errno(r, "Failed to query verification password: %m");

6
src/shared/ask-password-api.c
View File

@ -799,12 +799,14 @@ int ask_password_agent(
"Socket=%s\n" "Socket=%s\n"
"AcceptCached=%i\n" "AcceptCached=%i\n"
"Echo=%i\n" "Echo=%i\n"
"NotAfter="USEC_FMT"\n", "NotAfter="USEC_FMT"\n"
"Silent=%i\n",
getpid_cached(), getpid_cached(),
socket_name, socket_name,
(flags & ASK_PASSWORD_ACCEPT_CACHED) ? 1 : 0, (flags & ASK_PASSWORD_ACCEPT_CACHED) ? 1 : 0,
(flags & ASK_PASSWORD_ECHO) ? 1 : 0, (flags & ASK_PASSWORD_ECHO) ? 1 : 0,
until); until,
(flags & ASK_PASSWORD_SILENT) ? 1 : 0);
if (message) if (message)
fprintf(f, "Message=%s\n", message); fprintf(f, "Message=%s\n", message);

4
src/tty-ask-password-agent/tty-ask-password-agent.c
View File

@ -169,7 +169,7 @@ static int agent_ask_password_tty(
static int process_one_password_file(const char *filename) { static int process_one_password_file(const char *filename) {
_cleanup_free_ char *socket_name = NULL, *message = NULL; _cleanup_free_ char *socket_name = NULL, *message = NULL;
bool accept_cached = false, echo = false; bool accept_cached = false, echo = false, silent = false;
uint64_t not_after = 0; uint64_t not_after = 0;
unsigned pid = 0; unsigned pid = 0;
@ -180,6 +180,7 @@ static int process_one_password_file(const char *filename) {
{ "Ask", "PID", config_parse_unsigned, 0, &pid }, { "Ask", "PID", config_parse_unsigned, 0, &pid },
{ "Ask", "AcceptCached", config_parse_bool, 0, &accept_cached }, { "Ask", "AcceptCached", config_parse_bool, 0, &accept_cached },
{ "Ask", "Echo", config_parse_bool, 0, &echo }, { "Ask", "Echo", config_parse_bool, 0, &echo },
{ "Ask", "Silent", config_parse_bool, 0, &silent },
{} {}
}; };
@ -239,6 +240,7 @@ static int process_one_password_file(const char *filename) {
SET_FLAG(flags, ASK_PASSWORD_ACCEPT_CACHED, accept_cached); SET_FLAG(flags, ASK_PASSWORD_ACCEPT_CACHED, accept_cached);
SET_FLAG(flags, ASK_PASSWORD_CONSOLE_COLOR, arg_console); SET_FLAG(flags, ASK_PASSWORD_CONSOLE_COLOR, arg_console);
SET_FLAG(flags, ASK_PASSWORD_ECHO, echo); SET_FLAG(flags, ASK_PASSWORD_ECHO, echo);
SET_FLAG(flags, ASK_PASSWORD_SILENT, silent);
if (arg_plymouth) if (arg_plymouth)
r = ask_password_plymouth(message, not_after, flags, filename, &passwords); r = ask_password_plymouth(message, not_after, flags, filename, &passwords);