Merge faf9efa22eedabf430995f11884c640a81dab720 into fdab24bf6acc62d3011f9b5abdf834b4886642b2

2025-03-19 22:50:17 +03:00 · 2025-03-13 05:50:07 +01:00 · 2025-03-13 05:50:07 +01:00 · 95b678bb07
commit 95b678bb07
parent fdab24bf6a faf9efa22e
1 changed files with 7 additions and 2 deletions
--- a/src/cryptenroll/cryptenroll-tpm2.c
+++ b/src/cryptenroll/cryptenroll-tpm2.c
@ -111,6 +111,8 @@ static int get_pin(char **ret_pin_str, TPM2Flags *ret_flags) {
        if (r > 0)
                flags |= TPM2_FLAGS_USE_PIN;
        else {
+                AskPasswordFlags askpw_flags = ASK_PASSWORD_ACCEPT_CACHED;
+
                for (size_t i = 5;; i--) {
                        _cleanup_strv_free_erase_ char **pin = NULL, **pin2 = NULL;

@ -131,17 +133,19 @@ static int get_pin(char **ret_pin_str, TPM2Flags *ret_flags) {
                        pin = strv_free_erase(pin);
                        r = ask_password_auto(
                                        &req,
-                                        /* flags= */ 0,
+                                        askpw_flags,
                                        &pin);
                        if (r < 0)
                                return log_error_errno(r, "Failed to ask for user pin: %m");
+
                        assert(strv_length(pin) == 1);

                        req.message = "Please enter TPM2 PIN (repeat):";

+                        /* If the PIN was obtained from the keyring, it will match the 2nd time */
                        r = ask_password_auto(
                                        &req,
-                                        /* flags= */ 0,
+                                        askpw_flags,
                                        &pin2);
                        if (r < 0)
                                return log_error_errno(r, "Failed to ask for user pin: %m");
@ -155,6 +159,7 @@ static int get_pin(char **ret_pin_str, TPM2Flags *ret_flags) {
                                break;
                        }

+                        askpw_flags &= ~ASK_PASSWORD_ACCEPT_CACHED;
                        log_error("PINs didn't match, please try again!");
                }
        }