diff options
| author | Lennart Poettering <lennart@poettering.net> | 2021-03-11 20:17:10 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2021-03-26 12:21:56 +0100 |
| commit | 8806bb4bc7fa15d6ca46e81b8d535730209a3b66 (patch) | |
| tree | 95412964dee1dca33817f5fa6bb2150436338bf2 /src/ask-password | |
| parent | f6ab6199a2e8cbda64fe2574af572b8800da48bd (diff) | |
| download | systemd-8806bb4bc7fa15d6ca46e81b8d535730209a3b66.tar.gz | |
ask-password: when querying for a password, try to read from credential store first
This adds generic support for the SetCredential=/LoadCredential= logic
to our password querying infrastructure: if a password is requested by a
program that has a credential store configured via
$CREDENTIALS_DIRECTORY we'll look in it for a password.
The "systemd-ask-password" tool is updated with an option to specify the
credential to look for.
Diffstat (limited to 'src/ask-password')
| -rw-r--r-- | src/ask-password/ask-password.c | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/src/ask-password/ask-password.c b/src/ask-password/ask-password.c index 6b89f57e1b..09bcefbe66 100644 --- a/src/ask-password/ask-password.c +++ b/src/ask-password/ask-password.c @@ -12,10 +12,12 @@ #include "main-func.h" #include "pretty-print.h" #include "strv.h" +#include "terminal-util.h" static const char *arg_icon = NULL; -static const char *arg_id = NULL; -static const char *arg_keyname = NULL; +static const char *arg_id = NULL; /* identifier for 'ask-password' protocol */ +static const char *arg_key_name = NULL; /* name in kernel keyring */ +static const char *arg_credential_name = NULL; /* name in $CREDENTIALS_DIRECTORY directory */ static char *arg_message = NULL; static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC; static bool arg_multiple = false; @@ -32,21 +34,26 @@ static int help(void) { if (r < 0) return log_oom(); - printf("%s [OPTIONS...] MESSAGE\n\n" - "Query the user for a system passphrase, via the TTY or an UI agent.\n\n" + printf("%1$s [OPTIONS...] MESSAGE\n\n" + "%3$sQuery the user for a system passphrase, via the TTY or an UI agent.%4$s\n\n" " -h --help Show this help\n" " --icon=NAME Icon name\n" " --id=ID Query identifier (e.g. \"cryptsetup:/dev/sda5\")\n" " --keyname=NAME Kernel key name for caching passwords (e.g. \"cryptsetup\")\n" + " --credential=NAME\n" + " Credential name for LoadCredential=/SetCredential=\n" + " credentials\n" " --timeout=SEC Timeout in seconds\n" " --echo Do not mask input (useful for usernames)\n" " --no-tty Ask question via agent even on TTY\n" " --accept-cached Accept cached passwords\n" " --multiple List multiple passwords if available\n" " --no-output Do not print password to standard output\n" - "\nSee the %s for details.\n", + "\nSee the %2$s for details.\n", program_invocation_short_name, - link); + link, + ansi_highlight(), + ansi_normal()); return 0; } @@ -64,6 +71,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_KEYNAME, ARG_NO_OUTPUT, ARG_VERSION, + ARG_CREDENTIAL, }; static const struct option options[] = { @@ -78,6 +86,7 @@ static int parse_argv(int argc, char *argv[]) { { "id", required_argument, NULL, ARG_ID }, { "keyname", required_argument, NULL, ARG_KEYNAME }, { "no-output", no_argument, NULL, ARG_NO_OUTPUT }, + { "credential", required_argument, NULL, ARG_CREDENTIAL }, {} }; @@ -128,13 +137,17 @@ static int parse_argv(int argc, char *argv[]) { break; case ARG_KEYNAME: - arg_keyname = optarg; + arg_key_name = optarg; break; case ARG_NO_OUTPUT: arg_no_output = true; break; + case ARG_CREDENTIAL: + arg_credential_name = optarg; + break; + case '?': return -EINVAL; @@ -170,7 +183,7 @@ static int run(int argc, char *argv[]) { else timeout = 0; - r = ask_password_auto(arg_message, arg_icon, arg_id, arg_keyname, timeout, arg_flags, &l); + r = ask_password_auto(arg_message, arg_icon, arg_id, arg_key_name, arg_credential_name ?: "password", timeout, arg_flags, &l); if (r < 0) return log_error_errno(r, "Failed to query password: %m"); |