ask-password: when querying for a password, try to read from credential store first

This adds generic support for the SetCredential=/LoadCredential= logic to our password querying infrastructure: if a password is requested by a program that has a credential store configured via $CREDENTIALS_DIRECTORY we'll look in it for a password. The "systemd-ask-password" tool is updated with an option to specify the credential to look for.
author: Lennart Poettering <lennart@poettering.net> 2021-03-11 20:17:10 +0100
committer: Lennart Poettering <lennart@poettering.net> 2021-03-26 12:21:56 +0100
commit: 8806bb4bc7fa15d6ca46e81b8d535730209a3b66 (patch)
tree: 95412964dee1dca33817f5fa6bb2150436338bf2 /src/cryptenroll
parent: f6ab6199a2e8cbda64fe2574af572b8800da48bd (diff)
download: systemd-8806bb4bc7fa15d6ca46e81b8d535730209a3b66.tar.gz
2 files changed, 3 insertions, 3 deletions
diff --git a/src/cryptenroll/cryptenroll-password.c b/src/cryptenroll/cryptenroll-password.c
index e08f564d3f..0314831174 100644
--- a/src/cryptenroll/cryptenroll-password.c
+++ b/src/cryptenroll/cryptenroll-password.c
@@ -57,7 +57,7 @@ int enroll_password(
                         if (!question)
                                 return log_oom();
 
-                        r = ask_password_auto(question, "drive-harddisk", id, "cryptenroll", USEC_INFINITY, 0, &passwords);
+                        r = ask_password_auto(question, "drive-harddisk", id, "cryptenroll", "cryptenroll.new-passphrase", USEC_INFINITY, 0, &passwords);
                         if (r < 0)
                                 return log_error_errno(r, "Failed to query password: %m");
 
@@ -68,7 +68,7 @@ int enroll_password(
                         if (!question)
                                 return log_oom();
 
-                        r = ask_password_auto(question, "drive-harddisk", id, "cryptenroll", USEC_INFINITY, 0, &passwords2);
+                        r = ask_password_auto(question, "drive-harddisk", id, "cryptenroll", "cryptenroll.new-passphrase", USEC_INFINITY, 0, &passwords2);
                         if (r < 0)
                                 return log_error_errno(r, "Failed to query password: %m");
 
diff --git a/src/cryptenroll/cryptenroll.c b/src/cryptenroll/cryptenroll.c
index a137a41c9d..7d12c427b3 100644
--- a/src/cryptenroll/cryptenroll.c
+++ b/src/cryptenroll/cryptenroll.c
@@ -417,7 +417,7 @@ static int prepare_luks(
                                                        "Too many attempts, giving up:");
 
                         r = ask_password_auto(
-                                        question, "drive-harddisk", id, "cryptenroll", USEC_INFINITY,
+                                        question, "drive-harddisk", id, "cryptenroll", "cryptenroll.passphrase", USEC_INFINITY,
                                         ask_password_flags,
                                         &passwords);
                         if (r < 0)
author	Lennart Poettering <lennart@poettering.net>	2021-03-11 20:17:10 +0100
committer	Lennart Poettering <lennart@poettering.net>	2021-03-26 12:21:56 +0100
commit	8806bb4bc7fa15d6ca46e81b8d535730209a3b66 (patch)
tree	95412964dee1dca33817f5fa6bb2150436338bf2 /src/cryptenroll
parent	f6ab6199a2e8cbda64fe2574af572b8800da48bd (diff)
download	systemd-8806bb4bc7fa15d6ca46e81b8d535730209a3b66.tar.gz