ask-password: when querying for a password, try to read from credential store first

This adds generic support for the SetCredential=/LoadCredential= logic to our password querying infrastructure: if a password is requested by a program that has a credential store configured via $CREDENTIALS_DIRECTORY we'll look in it for a password. The "systemd-ask-password" tool is updated with an option to specify the credential to look for.
author: Lennart Poettering <lennart@poettering.net> 2021-03-11 20:17:10 +0100
committer: Lennart Poettering <lennart@poettering.net> 2021-03-26 12:21:56 +0100
commit: 8806bb4bc7fa15d6ca46e81b8d535730209a3b66 (patch)
tree: 95412964dee1dca33817f5fa6bb2150436338bf2 /src/home/homectl.c
parent: f6ab6199a2e8cbda64fe2574af572b8800da48bd (diff)
download: systemd-8806bb4bc7fa15d6ca46e81b8d535730209a3b66.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/src/home/homectl.c b/src/home/homectl.c
index 9d12b9abae..cf1a2d9f9b 100644
--- a/src/home/homectl.c
+++ b/src/home/homectl.c
@@ -221,7 +221,7 @@ static int acquire_existing_password(const char *user_name, UserRecord *hr, bool
                      user_name) < 0)
                 return log_oom();
 
-        r = ask_password_auto(question, "user-home", NULL, "home-password", USEC_INFINITY, ASK_PASSWORD_ACCEPT_CACHED|ASK_PASSWORD_PUSH_CACHE, &password);
+        r = ask_password_auto(question, "user-home", NULL, "home-password", "home.password", USEC_INFINITY, ASK_PASSWORD_ACCEPT_CACHED|ASK_PASSWORD_PUSH_CACHE, &password);
         if (r < 0)
                 return log_error_errno(r, "Failed to acquire password: %m");
 
@@ -257,7 +257,7 @@ static int acquire_token_pin(const char *user_name, UserRecord *hr) {
                 return log_oom();
 
         /* We never cache or use cached PINs, since usually there are only very few attempts allowed before the PIN is blocked */
-        r = ask_password_auto(question, "user-home", NULL, "token-pin", USEC_INFINITY, 0, &pin);
+        r = ask_password_auto(question, "user-home", NULL, "token-pin", "home.token-pin", USEC_INFINITY, 0, &pin);
         if (r < 0)
                 return log_error_errno(r, "Failed to acquire security token PIN: %m");
 
@@ -1010,7 +1010,7 @@ static int acquire_new_password(
                 if (asprintf(&question, "Please enter new password for user %s:", user_name) < 0)
                         return log_oom();
 
-                r = ask_password_auto(question, "user-home", NULL, "home-password", USEC_INFINITY, 0, &first);
+                r = ask_password_auto(question, "user-home", NULL, "home-password", "home.new-password", USEC_INFINITY, 0, &first);
                 if (r < 0)
                         return log_error_errno(r, "Failed to acquire password: %m");
 
@@ -1018,7 +1018,7 @@ static int acquire_new_password(
                 if (asprintf(&question, "Please enter new password for user %s (repeat):", user_name) < 0)
                         return log_oom();
 
-                r = ask_password_auto(question, "user-home", NULL, "home-password", USEC_INFINITY, 0, &second);
+                r = ask_password_auto(question, "user-home", NULL, "home-password", "home.new-password", USEC_INFINITY, 0, &second);
                 if (r < 0)
                         return log_error_errno(r, "Failed to acquire password: %m");
author	Lennart Poettering <lennart@poettering.net>	2021-03-11 20:17:10 +0100
committer	Lennart Poettering <lennart@poettering.net>	2021-03-26 12:21:56 +0100
commit	8806bb4bc7fa15d6ca46e81b8d535730209a3b66 (patch)
tree	95412964dee1dca33817f5fa6bb2150436338bf2 /src/home/homectl.c
parent	f6ab6199a2e8cbda64fe2574af572b8800da48bd (diff)
download	systemd-8806bb4bc7fa15d6ca46e81b8d535730209a3b66.tar.gz