diff options
author | Luca Boccassi <luca.boccassi@microsoft.com> | 2021-04-09 20:43:10 +0100 |
---|---|---|
committer | Luca Boccassi <bluca@debian.org> | 2021-05-07 21:36:27 +0100 |
commit | cd5f57bda71dc9485d7eddf6cfcbfba843f5126c (patch) | |
tree | 8fdfbc64975b71d08f36fb8b3c33679013545739 /src/cryptsetup/cryptsetup-pkcs11.c | |
parent | 0cd70d43a36d94b578004dfbf176007de3fd1f8a (diff) | |
download | systemd-cd5f57bda71dc9485d7eddf6cfcbfba843f5126c.tar.gz |
cryptsetup: add 'headless' parameter to skip password/pin query
On headless setups, in case other methods fail, asking for a password/pin
is not useful as there are no users on the terminal, and generates
unwanted noise. Add a parameter to /etc/crypttab to skip it.
Diffstat (limited to 'src/cryptsetup/cryptsetup-pkcs11.c')
-rw-r--r-- | src/cryptsetup/cryptsetup-pkcs11.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/cryptsetup/cryptsetup-pkcs11.c b/src/cryptsetup/cryptsetup-pkcs11.c index 6d7b01176c..67adf923cc 100644 --- a/src/cryptsetup/cryptsetup-pkcs11.c +++ b/src/cryptsetup/cryptsetup-pkcs11.c @@ -32,6 +32,7 @@ struct pkcs11_callback_data { void *decrypted_key; size_t decrypted_key_size; bool free_encrypted_key; + bool headless; }; static void pkcs11_callback_data_release(struct pkcs11_callback_data *data) { @@ -72,6 +73,7 @@ static int pkcs11_callback( "pkcs11-pin", "cryptsetup.pkcs11-pin", data->until, + data->headless, NULL); if (r < 0) return r; @@ -109,12 +111,14 @@ int decrypt_pkcs11_key( const void *key_data, /* … or key_data and key_data_size (for literal keys) */ size_t key_data_size, usec_t until, + bool headless, void **ret_decrypted_key, size_t *ret_decrypted_key_size) { _cleanup_(pkcs11_callback_data_release) struct pkcs11_callback_data data = { .friendly_name = friendly_name, .until = until, + .headless = headless, }; int r; |