diff options
author | David Härdeman <david@hardeman.nu> | 2014-03-25 11:05:23 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-04-24 09:23:54 +0200 |
commit | 9fa1de965a0954dcb6d855ebe0513077515a0daa (patch) | |
tree | 7c6c8133d726a7d379361c4541fe15cb20bd7342 | |
parent | 0d522a7a0547982eae9ab1b5971e4bed9c2fbc7c (diff) |
Add more password agent information
Add an (optional) "Id" key in the password agent .ask files. The Id is
supposed to be a simple string in "<subsystem>:<target>" form which
is used to provide more information on what the requested passphrase
is to be used for (which e.g. allows an agent to only react to cryptsetup
requests).
(v2: rebased, fixed indentation, escape name, use strappenda)
-rw-r--r-- | src/ask-password/ask-password.c | 14 | ||||
-rw-r--r-- | src/cryptsetup/cryptsetup.c | 14 | ||||
-rw-r--r-- | src/shared/ask-password-api.c | 9 | ||||
-rw-r--r-- | src/shared/ask-password-api.h | 6 |
4 files changed, 34 insertions, 9 deletions
diff --git a/src/ask-password/ask-password.c b/src/ask-password/ask-password.c index ea0c62397e..4d5690c2c0 100644 --- a/src/ask-password/ask-password.c +++ b/src/ask-password/ask-password.c @@ -43,6 +43,7 @@ #include "def.h" static const char *arg_icon = NULL; +static const char *arg_id = NULL; static const char *arg_message = NULL; static bool arg_use_tty = true; static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC; @@ -58,7 +59,8 @@ static int help(void) { " --timeout=SEC Timeout in sec\n" " --no-tty Ask question via agent even on TTY\n" " --accept-cached Accept cached passwords\n" - " --multiple List multiple passwords if available\n", + " --multiple List multiple passwords if available\n" + " --id=ID Query identifier (e.g. cryptsetup:/dev/sda5)\n", program_invocation_short_name); return 0; @@ -71,7 +73,8 @@ static int parse_argv(int argc, char *argv[]) { ARG_TIMEOUT, ARG_NO_TTY, ARG_ACCEPT_CACHED, - ARG_MULTIPLE + ARG_MULTIPLE, + ARG_ID }; static const struct option options[] = { @@ -81,6 +84,7 @@ static int parse_argv(int argc, char *argv[]) { { "no-tty", no_argument, NULL, ARG_NO_TTY }, { "accept-cached", no_argument, NULL, ARG_ACCEPT_CACHED }, { "multiple", no_argument, NULL, ARG_MULTIPLE }, + { "id", required_argument, NULL, ARG_ID }, {} }; @@ -119,6 +123,10 @@ static int parse_argv(int argc, char *argv[]) { arg_multiple = true; break; + case ARG_ID: + arg_id = optarg; + break; + case '?': return -EINVAL; @@ -162,7 +170,7 @@ int main(int argc, char *argv[]) { } else { char **l; - if ((r = ask_password_agent(arg_message, arg_icon, timeout, arg_accept_cached, &l)) >= 0) { + if ((r = ask_password_agent(arg_message, arg_icon, arg_id, timeout, arg_accept_cached, &l)) >= 0) { char **p; STRV_FOREACH(p, l) { diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 9b9074c52a..a647a94e6e 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -257,6 +257,8 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char int r; char **p; _cleanup_free_ char *text = NULL; + _cleanup_free_ char *escaped_name = NULL; + char *id; assert(name); assert(passwords); @@ -264,7 +266,13 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char if (asprintf(&text, "Please enter passphrase for disk %s!", name) < 0) return log_oom(); - r = ask_password_auto(text, "drive-harddisk", until, accept_cached, passwords); + escaped_name = cescape(name); + if (!escaped_name) + return log_oom(); + + id = strappenda("cryptsetup:", escaped_name); + + r = ask_password_auto(text, "drive-harddisk", id, until, accept_cached, passwords); if (r < 0) { log_error("Failed to query password: %s", strerror(-r)); return r; @@ -278,7 +286,9 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char if (asprintf(&text, "Please enter passphrase for disk %s! (verification)", name) < 0) return log_oom(); - r = ask_password_auto(text, "drive-harddisk", until, false, &passwords2); + id = strappenda("cryptsetup-verification:", escaped_name); + + r = ask_password_auto(text, "drive-harddisk", id, until, false, &passwords2); if (r < 0) { log_error("Failed to query verification password: %s", strerror(-r)); return r; diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c index eb40995010..c3c78b69fb 100644 --- a/src/shared/ask-password-api.c +++ b/src/shared/ask-password-api.c @@ -298,6 +298,7 @@ fail: int ask_password_agent( const char *message, const char *icon, + const char *id, usec_t until, bool accept_cached, char ***_passphrases) { @@ -373,6 +374,9 @@ int ask_password_agent( if (icon) fprintf(f, "Icon=%s\n", icon); + if (id) + fprintf(f, "Id=%s\n", id); + fflush(f); if (ferror(f)) { @@ -537,7 +541,8 @@ finish: return r; } -int ask_password_auto(const char *message, const char *icon, usec_t until, bool accept_cached, char ***_passphrases) { +int ask_password_auto(const char *message, const char *icon, const char *id, + usec_t until, bool accept_cached, char ***_passphrases) { assert(message); assert(_passphrases); @@ -556,5 +561,5 @@ int ask_password_auto(const char *message, const char *icon, usec_t until, bool *_passphrases = l; return r; } else - return ask_password_agent(message, icon, until, accept_cached, _passphrases); + return ask_password_agent(message, icon, id, until, accept_cached, _passphrases); } diff --git a/src/shared/ask-password-api.h b/src/shared/ask-password-api.h index 288a0f48cf..3839a2df0f 100644 --- a/src/shared/ask-password-api.h +++ b/src/shared/ask-password-api.h @@ -25,6 +25,8 @@ int ask_password_tty(const char *message, usec_t until, const char *flag_file, char **_passphrase); -int ask_password_agent(const char *message, const char *icon, usec_t until, bool accept_cached, char ***_passphrases); +int ask_password_agent(const char *message, const char *icon, const char *id, + usec_t until, bool accept_cached, char ***_passphrases); -int ask_password_auto(const char *message, const char *icon, usec_t until, bool accept_cached, char ***_passphrases); +int ask_password_auto(const char *message, const char *icon, const char *id, + usec_t until, bool accept_cached, char ***_passphrases); |