From cd5f57bda71dc9485d7eddf6cfcbfba843f5126c Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Fri, 9 Apr 2021 20:43:10 +0100
Subject: cryptsetup: add 'headless' parameter to skip password/pin query

On headless setups, in case other methods fail, asking for a password/pin
is not useful as there are no users on the terminal, and generates
unwanted noise. Add a parameter to /etc/crypttab to skip it.
---
 src/cryptsetup/cryptsetup-pkcs11.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/cryptsetup/cryptsetup-pkcs11.c')

diff --git a/src/cryptsetup/cryptsetup-pkcs11.c b/src/cryptsetup/cryptsetup-pkcs11.c
index 6d7b01176c..67adf923cc 100644
--- a/src/cryptsetup/cryptsetup-pkcs11.c
+++ b/src/cryptsetup/cryptsetup-pkcs11.c
@@ -32,6 +32,7 @@ struct pkcs11_callback_data {
         void *decrypted_key;
         size_t decrypted_key_size;
         bool free_encrypted_key;
+        bool headless;
 };
 
 static void pkcs11_callback_data_release(struct pkcs11_callback_data *data) {
@@ -72,6 +73,7 @@ static int pkcs11_callback(
                         "pkcs11-pin",
                         "cryptsetup.pkcs11-pin",
                         data->until,
+                        data->headless,
                         NULL);
         if (r < 0)
                 return r;
@@ -109,12 +111,14 @@ int decrypt_pkcs11_key(
                 const void *key_data,         /* … or key_data and key_data_size (for literal keys) */
                 size_t key_data_size,
                 usec_t until,
+                bool headless,
                 void **ret_decrypted_key,
                 size_t *ret_decrypted_key_size) {
 
         _cleanup_(pkcs11_callback_data_release) struct pkcs11_callback_data data = {
                 .friendly_name = friendly_name,
                 .until = until,
+                .headless = headless,
         };
         int r;
 
-- 
cgit v1.2.1