ask-password-tool: add --user/--system flag to systemd-ask-password tool

This allows selecting which agents to ask about this: system-level agents, or per-user agents. Fixes: #1232 #2217
author: Lennart Poettering <lennart@poettering.net> 2024-09-13 13:45:08 +0200
committer: Lennart Poettering <lennart@poettering.net> 2024-10-21 14:14:10 +0200
commit: 9c1fa3c2358e432e9858b3f9cc1454d1cd2ce602 (patch)
tree: 830fcb0a9e788e6555463b70d44e2131085672a8 /src/ask-password
parent: ask-password-api: add support for querying pws from unpriv agents (diff)
download: systemd-9c1fa3c2358e432e9858b3f9cc1454d1cd2ce602.tar.xz
systemd-9c1fa3c2358e432e9858b3f9cc1454d1cd2ce602.zip
1 files changed, 18 insertions, 1 deletions
diff --git a/src/ask-password/ask-password.c b/src/ask-password/ask-password.c
index b2c8ef7003..59eb7acddd 100644
--- a/src/ask-password/ask-password.c
+++ b/src/ask-password/ask-password.c
@@ -38,7 +38,7 @@ static int help(void) {
                 return log_oom();
 
         printf("%1$s [OPTIONS...] MESSAGE\n\n"
-               "%3$sQuery the user for a system passphrase, via the TTY or a UI agent.%4$s\n\n"
+               "%3$sQuery the user for a passphrase, via the TTY or a UI agent.%4$s\n\n"
                "  -h --help           Show this help\n"
                "     --icon=NAME      Icon name\n"
                "     --id=ID          Query identifier (e.g. \"cryptsetup:/dev/sda5\")\n"
@@ -58,6 +58,8 @@ static int help(void) {
                "     --no-output      Do not print password to standard output\n"
                "  -n                  Do not suffix password written to standard output with\n"
                "                      newline\n"
+               "     --user           Ask only our own user's agents\n"
+               "     --system         Ask agents of the system and of all users\n"
                "\nSee the %2$s for details.\n",
                program_invocation_short_name,
                link,
@@ -81,6 +83,8 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_NO_OUTPUT,
                 ARG_VERSION,
                 ARG_CREDENTIAL,
+                ARG_USER,
+                ARG_SYSTEM,
         };
 
         static const struct option options[] = {
@@ -97,6 +101,8 @@ static int parse_argv(int argc, char *argv[]) {
                 { "keyname",       required_argument, NULL, ARG_KEYNAME       },
                 { "no-output",     no_argument,       NULL, ARG_NO_OUTPUT     },
                 { "credential",    required_argument, NULL, ARG_CREDENTIAL    },
+                { "user",          no_argument,       NULL, ARG_USER          },
+                { "system",        no_argument,       NULL, ARG_SYSTEM        },
                 {}
         };
 
@@ -183,6 +189,14 @@ static int parse_argv(int argc, char *argv[]) {
                         arg_credential_name = optarg;
                         break;
 
+                case ARG_USER:
+                        arg_flags |= ASK_PASSWORD_USER;
+                        break;
+
+                case ARG_SYSTEM:
+                        arg_flags &= ~ASK_PASSWORD_USER;
+                        break;
+
                 case 'n':
                         arg_newline = false;
                         break;
@@ -228,6 +242,9 @@ static int run(int argc, char *argv[]) {
 
         log_setup();
 
+        /* Unprivileged? Then imply ASK_PASSWORD_USER by default */
+        SET_FLAG(arg_flags, ASK_PASSWORD_USER, geteuid() != 0);
+
         r = parse_argv(argc, argv);
         if (r <= 0)
                 return r;
author	Lennart Poettering <lennart@poettering.net>	2024-09-13 13:45:08 +0200
committer	Lennart Poettering <lennart@poettering.net>	2024-10-21 14:14:10 +0200
commit	9c1fa3c2358e432e9858b3f9cc1454d1cd2ce602 (patch)
tree	830fcb0a9e788e6555463b70d44e2131085672a8 /src/ask-password
parent	ask-password-api: add support for querying pws from unpriv agents (diff)
download	systemd-9c1fa3c2358e432e9858b3f9cc1454d1cd2ce602.tar.xz systemd-9c1fa3c2358e432e9858b3f9cc1454d1cd2ce602.zip