summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Härdeman <david@hardeman.nu>2014-03-25 11:05:23 +0100
committerLennart Poettering <lennart@poettering.net>2014-04-24 09:23:54 +0200
commit9fa1de965a0954dcb6d855ebe0513077515a0daa (patch)
tree7c6c8133d726a7d379361c4541fe15cb20bd7342
parent0d522a7a0547982eae9ab1b5971e4bed9c2fbc7c (diff)
Add more password agent information
Add an (optional) "Id" key in the password agent .ask files. The Id is supposed to be a simple string in "<subsystem>:<target>" form which is used to provide more information on what the requested passphrase is to be used for (which e.g. allows an agent to only react to cryptsetup requests). (v2: rebased, fixed indentation, escape name, use strappenda)
-rw-r--r--src/ask-password/ask-password.c14
-rw-r--r--src/cryptsetup/cryptsetup.c14
-rw-r--r--src/shared/ask-password-api.c9
-rw-r--r--src/shared/ask-password-api.h6
4 files changed, 34 insertions, 9 deletions
diff --git a/src/ask-password/ask-password.c b/src/ask-password/ask-password.c
index ea0c62397e..4d5690c2c0 100644
--- a/src/ask-password/ask-password.c
+++ b/src/ask-password/ask-password.c
@@ -43,6 +43,7 @@
#include "def.h"
static const char *arg_icon = NULL;
+static const char *arg_id = NULL;
static const char *arg_message = NULL;
static bool arg_use_tty = true;
static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC;
@@ -58,7 +59,8 @@ static int help(void) {
" --timeout=SEC Timeout in sec\n"
" --no-tty Ask question via agent even on TTY\n"
" --accept-cached Accept cached passwords\n"
- " --multiple List multiple passwords if available\n",
+ " --multiple List multiple passwords if available\n"
+ " --id=ID Query identifier (e.g. cryptsetup:/dev/sda5)\n",
program_invocation_short_name);
return 0;
@@ -71,7 +73,8 @@ static int parse_argv(int argc, char *argv[]) {
ARG_TIMEOUT,
ARG_NO_TTY,
ARG_ACCEPT_CACHED,
- ARG_MULTIPLE
+ ARG_MULTIPLE,
+ ARG_ID
};
static const struct option options[] = {
@@ -81,6 +84,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "no-tty", no_argument, NULL, ARG_NO_TTY },
{ "accept-cached", no_argument, NULL, ARG_ACCEPT_CACHED },
{ "multiple", no_argument, NULL, ARG_MULTIPLE },
+ { "id", required_argument, NULL, ARG_ID },
{}
};
@@ -119,6 +123,10 @@ static int parse_argv(int argc, char *argv[]) {
arg_multiple = true;
break;
+ case ARG_ID:
+ arg_id = optarg;
+ break;
+
case '?':
return -EINVAL;
@@ -162,7 +170,7 @@ int main(int argc, char *argv[]) {
} else {
char **l;
- if ((r = ask_password_agent(arg_message, arg_icon, timeout, arg_accept_cached, &l)) >= 0) {
+ if ((r = ask_password_agent(arg_message, arg_icon, arg_id, timeout, arg_accept_cached, &l)) >= 0) {
char **p;
STRV_FOREACH(p, l) {
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 9b9074c52a..a647a94e6e 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -257,6 +257,8 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char
int r;
char **p;
_cleanup_free_ char *text = NULL;
+ _cleanup_free_ char *escaped_name = NULL;
+ char *id;
assert(name);
assert(passwords);
@@ -264,7 +266,13 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char
if (asprintf(&text, "Please enter passphrase for disk %s!", name) < 0)
return log_oom();
- r = ask_password_auto(text, "drive-harddisk", until, accept_cached, passwords);
+ escaped_name = cescape(name);
+ if (!escaped_name)
+ return log_oom();
+
+ id = strappenda("cryptsetup:", escaped_name);
+
+ r = ask_password_auto(text, "drive-harddisk", id, until, accept_cached, passwords);
if (r < 0) {
log_error("Failed to query password: %s", strerror(-r));
return r;
@@ -278,7 +286,9 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char
if (asprintf(&text, "Please enter passphrase for disk %s! (verification)", name) < 0)
return log_oom();
- r = ask_password_auto(text, "drive-harddisk", until, false, &passwords2);
+ id = strappenda("cryptsetup-verification:", escaped_name);
+
+ r = ask_password_auto(text, "drive-harddisk", id, until, false, &passwords2);
if (r < 0) {
log_error("Failed to query verification password: %s", strerror(-r));
return r;
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index eb40995010..c3c78b69fb 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -298,6 +298,7 @@ fail:
int ask_password_agent(
const char *message,
const char *icon,
+ const char *id,
usec_t until,
bool accept_cached,
char ***_passphrases) {
@@ -373,6 +374,9 @@ int ask_password_agent(
if (icon)
fprintf(f, "Icon=%s\n", icon);
+ if (id)
+ fprintf(f, "Id=%s\n", id);
+
fflush(f);
if (ferror(f)) {
@@ -537,7 +541,8 @@ finish:
return r;
}
-int ask_password_auto(const char *message, const char *icon, usec_t until, bool accept_cached, char ***_passphrases) {
+int ask_password_auto(const char *message, const char *icon, const char *id,
+ usec_t until, bool accept_cached, char ***_passphrases) {
assert(message);
assert(_passphrases);
@@ -556,5 +561,5 @@ int ask_password_auto(const char *message, const char *icon, usec_t until, bool
*_passphrases = l;
return r;
} else
- return ask_password_agent(message, icon, until, accept_cached, _passphrases);
+ return ask_password_agent(message, icon, id, until, accept_cached, _passphrases);
}
diff --git a/src/shared/ask-password-api.h b/src/shared/ask-password-api.h
index 288a0f48cf..3839a2df0f 100644
--- a/src/shared/ask-password-api.h
+++ b/src/shared/ask-password-api.h
@@ -25,6 +25,8 @@
int ask_password_tty(const char *message, usec_t until, const char *flag_file, char **_passphrase);
-int ask_password_agent(const char *message, const char *icon, usec_t until, bool accept_cached, char ***_passphrases);
+int ask_password_agent(const char *message, const char *icon, const char *id,
+ usec_t until, bool accept_cached, char ***_passphrases);
-int ask_password_auto(const char *message, const char *icon, usec_t until, bool accept_cached, char ***_passphrases);
+int ask_password_auto(const char *message, const char *icon, const char *id,
+ usec_t until, bool accept_cached, char ***_passphrases);