[systemd-devel] [PATCH 1/4] Add more password agent information
David Härdeman
david at hardeman.nu
Mon Feb 3 15:57:31 PST 2014
Add (optional) "Purpose" and "Target" keys in the password agent .ask
files. These are used to provide more information on what the requested
passphrase is to be used for (which e.g. allows an agent to only listen
to cryptsetup requests).
---
src/ask-password/ask-password.c | 22 +++++++++++++++++++---
src/cryptsetup/cryptsetup.c | 4 ++--
src/shared/ask-password-api.c | 13 +++++++++++--
src/shared/ask-password-api.h | 6 ++++--
4 files changed, 36 insertions(+), 9 deletions(-)
diff --git a/src/ask-password/ask-password.c b/src/ask-password/ask-password.c
index ea0c623..ca337b6 100644
--- a/src/ask-password/ask-password.c
+++ b/src/ask-password/ask-password.c
@@ -43,6 +43,8 @@
#include "def.h"
static const char *arg_icon = NULL;
+static const char *arg_purpose = NULL;
+static const char *arg_target = NULL;
static const char *arg_message = NULL;
static bool arg_use_tty = true;
static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC;
@@ -58,7 +60,9 @@ static int help(void) {
" --timeout=SEC Timeout in sec\n"
" --no-tty Ask question via agent even on TTY\n"
" --accept-cached Accept cached passwords\n"
- " --multiple List multiple passwords if available\n",
+ " --multiple List multiple passwords if available\n"
+ " --purpose=TXT Passphrase subsystem/purpose, e.g. cryptsetup\n"
+ " --target=TXT E.g. device to unlock, subsystem specific\n",
program_invocation_short_name);
return 0;
@@ -71,7 +75,9 @@ static int parse_argv(int argc, char *argv[]) {
ARG_TIMEOUT,
ARG_NO_TTY,
ARG_ACCEPT_CACHED,
- ARG_MULTIPLE
+ ARG_MULTIPLE,
+ ARG_PURPOSE,
+ ARG_TARGET
};
static const struct option options[] = {
@@ -81,6 +87,8 @@ static int parse_argv(int argc, char *argv[]) {
{ "no-tty", no_argument, NULL, ARG_NO_TTY },
{ "accept-cached", no_argument, NULL, ARG_ACCEPT_CACHED },
{ "multiple", no_argument, NULL, ARG_MULTIPLE },
+ { "purpose", required_argument, NULL, ARG_PURPOSE },
+ { "target", required_argument, NULL, ARG_TARGET },
{}
};
@@ -119,6 +127,14 @@ static int parse_argv(int argc, char *argv[]) {
arg_multiple = true;
break;
+ case ARG_PURPOSE:
+ arg_purpose = optarg;
+ break;
+
+ case ARG_TARGET:
+ arg_target = optarg;
+ break;
+
case '?':
return -EINVAL;
@@ -162,7 +178,7 @@ int main(int argc, char *argv[]) {
} else {
char **l;
- if ((r = ask_password_agent(arg_message, arg_icon, timeout, arg_accept_cached, &l)) >= 0) {
+ if ((r = ask_password_agent(arg_message, arg_icon, arg_purpose, arg_target, timeout, arg_accept_cached, &l)) >= 0) {
char **p;
STRV_FOREACH(p, l) {
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 033c0cd..4a32856 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -267,7 +267,7 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char
if (asprintf(&text, "Please enter passphrase for disk %s!", name) < 0)
return log_oom();
- r = ask_password_auto(text, "drive-harddisk", until, accept_cached, passwords);
+ r = ask_password_auto(text, "drive-harddisk", "cryptsetup", name, until, accept_cached, passwords);
if (r < 0) {
log_error("Failed to query password: %s", strerror(-r));
return r;
@@ -281,7 +281,7 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char
if (asprintf(&text, "Please enter passphrase for disk %s! (verification)", name) < 0)
return log_oom();
- r = ask_password_auto(text, "drive-harddisk", until, false, &passwords2);
+ r = ask_password_auto(text, "drive-harddisk", "cryptsetup", name, until, false, &passwords2);
if (r < 0) {
log_error("Failed to query verification password: %s", strerror(-r));
return r;
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index a328f14..553debc 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -298,6 +298,8 @@ fail:
int ask_password_agent(
const char *message,
const char *icon,
+ const char *purpose,
+ const char *target,
usec_t until,
bool accept_cached,
char ***_passphrases) {
@@ -370,6 +372,12 @@ int ask_password_agent(
if (icon)
fprintf(f, "Icon=%s\n", icon);
+ if (purpose)
+ fprintf(f, "Purpose=%s\n", purpose);
+
+ if (target)
+ fprintf(f, "Target=%s\n", target);
+
fflush(f);
if (ferror(f)) {
@@ -548,7 +556,8 @@ finish:
return r;
}
-int ask_password_auto(const char *message, const char *icon, usec_t until, bool accept_cached, char ***_passphrases) {
+int ask_password_auto(const char *message, const char *icon, const char *purpose, const char *target,
+ usec_t until, bool accept_cached, char ***_passphrases) {
assert(message);
assert(_passphrases);
@@ -569,5 +578,5 @@ int ask_password_auto(const char *message, const char *icon, usec_t until, bool
return r;
} else
- return ask_password_agent(message, icon, until, accept_cached, _passphrases);
+ return ask_password_agent(message, icon, purpose, target, until, accept_cached, _passphrases);
}
diff --git a/src/shared/ask-password-api.h b/src/shared/ask-password-api.h
index 288a0f4..d85d18e 100644
--- a/src/shared/ask-password-api.h
+++ b/src/shared/ask-password-api.h
@@ -25,6 +25,8 @@
int ask_password_tty(const char *message, usec_t until, const char *flag_file, char **_passphrase);
-int ask_password_agent(const char *message, const char *icon, usec_t until, bool accept_cached, char ***_passphrases);
+int ask_password_agent(const char *message, const char *icon, const char *purpose, const char *target,
+ usec_t until, bool accept_cached, char ***_passphrases);
-int ask_password_auto(const char *message, const char *icon, usec_t until, bool accept_cached, char ***_passphrases);
+int ask_password_auto(const char *message, const char *icon, const char *purpose, const char *target,
+ usec_t until, bool accept_cached, char ***_passphrases);
More information about the systemd-devel
mailing list