Add more password agent information
Add an (optional) "Id" key in the password agent .ask files. The Id is supposed to be a simple string in "<subsystem>:<target>" form which is used to provide more information on what the requested passphrase is to be used for (which e.g. allows an agent to only react to cryptsetup requests). (v2: rebased, fixed indentation, escape name, use strappenda)
This commit is contained in:
parent
0d522a7a05
commit
9fa1de965a
|
@ -43,6 +43,7 @@
|
||||||
#include "def.h"
|
#include "def.h"
|
||||||
|
|
||||||
static const char *arg_icon = NULL;
|
static const char *arg_icon = NULL;
|
||||||
|
static const char *arg_id = NULL;
|
||||||
static const char *arg_message = NULL;
|
static const char *arg_message = NULL;
|
||||||
static bool arg_use_tty = true;
|
static bool arg_use_tty = true;
|
||||||
static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC;
|
static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC;
|
||||||
|
@ -58,7 +59,8 @@ static int help(void) {
|
||||||
" --timeout=SEC Timeout in sec\n"
|
" --timeout=SEC Timeout in sec\n"
|
||||||
" --no-tty Ask question via agent even on TTY\n"
|
" --no-tty Ask question via agent even on TTY\n"
|
||||||
" --accept-cached Accept cached passwords\n"
|
" --accept-cached Accept cached passwords\n"
|
||||||
" --multiple List multiple passwords if available\n",
|
" --multiple List multiple passwords if available\n"
|
||||||
|
" --id=ID Query identifier (e.g. cryptsetup:/dev/sda5)\n",
|
||||||
program_invocation_short_name);
|
program_invocation_short_name);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -71,7 +73,8 @@ static int parse_argv(int argc, char *argv[]) {
|
||||||
ARG_TIMEOUT,
|
ARG_TIMEOUT,
|
||||||
ARG_NO_TTY,
|
ARG_NO_TTY,
|
||||||
ARG_ACCEPT_CACHED,
|
ARG_ACCEPT_CACHED,
|
||||||
ARG_MULTIPLE
|
ARG_MULTIPLE,
|
||||||
|
ARG_ID
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct option options[] = {
|
static const struct option options[] = {
|
||||||
|
@ -81,6 +84,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||||
{ "no-tty", no_argument, NULL, ARG_NO_TTY },
|
{ "no-tty", no_argument, NULL, ARG_NO_TTY },
|
||||||
{ "accept-cached", no_argument, NULL, ARG_ACCEPT_CACHED },
|
{ "accept-cached", no_argument, NULL, ARG_ACCEPT_CACHED },
|
||||||
{ "multiple", no_argument, NULL, ARG_MULTIPLE },
|
{ "multiple", no_argument, NULL, ARG_MULTIPLE },
|
||||||
|
{ "id", required_argument, NULL, ARG_ID },
|
||||||
{}
|
{}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -119,6 +123,10 @@ static int parse_argv(int argc, char *argv[]) {
|
||||||
arg_multiple = true;
|
arg_multiple = true;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case ARG_ID:
|
||||||
|
arg_id = optarg;
|
||||||
|
break;
|
||||||
|
|
||||||
case '?':
|
case '?':
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
|
@ -162,7 +170,7 @@ int main(int argc, char *argv[]) {
|
||||||
} else {
|
} else {
|
||||||
char **l;
|
char **l;
|
||||||
|
|
||||||
if ((r = ask_password_agent(arg_message, arg_icon, timeout, arg_accept_cached, &l)) >= 0) {
|
if ((r = ask_password_agent(arg_message, arg_icon, arg_id, timeout, arg_accept_cached, &l)) >= 0) {
|
||||||
char **p;
|
char **p;
|
||||||
|
|
||||||
STRV_FOREACH(p, l) {
|
STRV_FOREACH(p, l) {
|
||||||
|
|
|
@ -257,6 +257,8 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char
|
||||||
int r;
|
int r;
|
||||||
char **p;
|
char **p;
|
||||||
_cleanup_free_ char *text = NULL;
|
_cleanup_free_ char *text = NULL;
|
||||||
|
_cleanup_free_ char *escaped_name = NULL;
|
||||||
|
char *id;
|
||||||
|
|
||||||
assert(name);
|
assert(name);
|
||||||
assert(passwords);
|
assert(passwords);
|
||||||
|
@ -264,7 +266,13 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char
|
||||||
if (asprintf(&text, "Please enter passphrase for disk %s!", name) < 0)
|
if (asprintf(&text, "Please enter passphrase for disk %s!", name) < 0)
|
||||||
return log_oom();
|
return log_oom();
|
||||||
|
|
||||||
r = ask_password_auto(text, "drive-harddisk", until, accept_cached, passwords);
|
escaped_name = cescape(name);
|
||||||
|
if (!escaped_name)
|
||||||
|
return log_oom();
|
||||||
|
|
||||||
|
id = strappenda("cryptsetup:", escaped_name);
|
||||||
|
|
||||||
|
r = ask_password_auto(text, "drive-harddisk", id, until, accept_cached, passwords);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_error("Failed to query password: %s", strerror(-r));
|
log_error("Failed to query password: %s", strerror(-r));
|
||||||
return r;
|
return r;
|
||||||
|
@ -278,7 +286,9 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char
|
||||||
if (asprintf(&text, "Please enter passphrase for disk %s! (verification)", name) < 0)
|
if (asprintf(&text, "Please enter passphrase for disk %s! (verification)", name) < 0)
|
||||||
return log_oom();
|
return log_oom();
|
||||||
|
|
||||||
r = ask_password_auto(text, "drive-harddisk", until, false, &passwords2);
|
id = strappenda("cryptsetup-verification:", escaped_name);
|
||||||
|
|
||||||
|
r = ask_password_auto(text, "drive-harddisk", id, until, false, &passwords2);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_error("Failed to query verification password: %s", strerror(-r));
|
log_error("Failed to query verification password: %s", strerror(-r));
|
||||||
return r;
|
return r;
|
||||||
|
|
|
@ -298,6 +298,7 @@ fail:
|
||||||
int ask_password_agent(
|
int ask_password_agent(
|
||||||
const char *message,
|
const char *message,
|
||||||
const char *icon,
|
const char *icon,
|
||||||
|
const char *id,
|
||||||
usec_t until,
|
usec_t until,
|
||||||
bool accept_cached,
|
bool accept_cached,
|
||||||
char ***_passphrases) {
|
char ***_passphrases) {
|
||||||
|
@ -373,6 +374,9 @@ int ask_password_agent(
|
||||||
if (icon)
|
if (icon)
|
||||||
fprintf(f, "Icon=%s\n", icon);
|
fprintf(f, "Icon=%s\n", icon);
|
||||||
|
|
||||||
|
if (id)
|
||||||
|
fprintf(f, "Id=%s\n", id);
|
||||||
|
|
||||||
fflush(f);
|
fflush(f);
|
||||||
|
|
||||||
if (ferror(f)) {
|
if (ferror(f)) {
|
||||||
|
@ -537,7 +541,8 @@ finish:
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
int ask_password_auto(const char *message, const char *icon, usec_t until, bool accept_cached, char ***_passphrases) {
|
int ask_password_auto(const char *message, const char *icon, const char *id,
|
||||||
|
usec_t until, bool accept_cached, char ***_passphrases) {
|
||||||
assert(message);
|
assert(message);
|
||||||
assert(_passphrases);
|
assert(_passphrases);
|
||||||
|
|
||||||
|
@ -556,5 +561,5 @@ int ask_password_auto(const char *message, const char *icon, usec_t until, bool
|
||||||
*_passphrases = l;
|
*_passphrases = l;
|
||||||
return r;
|
return r;
|
||||||
} else
|
} else
|
||||||
return ask_password_agent(message, icon, until, accept_cached, _passphrases);
|
return ask_password_agent(message, icon, id, until, accept_cached, _passphrases);
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,6 +25,8 @@
|
||||||
|
|
||||||
int ask_password_tty(const char *message, usec_t until, const char *flag_file, char **_passphrase);
|
int ask_password_tty(const char *message, usec_t until, const char *flag_file, char **_passphrase);
|
||||||
|
|
||||||
int ask_password_agent(const char *message, const char *icon, usec_t until, bool accept_cached, char ***_passphrases);
|
int ask_password_agent(const char *message, const char *icon, const char *id,
|
||||||
|
usec_t until, bool accept_cached, char ***_passphrases);
|
||||||
|
|
||||||
int ask_password_auto(const char *message, const char *icon, usec_t until, bool accept_cached, char ***_passphrases);
|
int ask_password_auto(const char *message, const char *icon, const char *id,
|
||||||
|
usec_t until, bool accept_cached, char ***_passphrases);
|
||||||
|
|
Loading…
Reference in a new issue