diff options
author | Lennart Poettering <lennart@poettering.net> | 2021-03-11 20:17:10 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2021-03-26 12:21:56 +0100 |
commit | 8806bb4bc7fa15d6ca46e81b8d535730209a3b66 (patch) | |
tree | 95412964dee1dca33817f5fa6bb2150436338bf2 /src/home/homectl.c | |
parent | man: document in nspawn docs how to make use of the new firstboot/sysusers fe... (diff) | |
download | systemd-8806bb4bc7fa15d6ca46e81b8d535730209a3b66.tar.xz systemd-8806bb4bc7fa15d6ca46e81b8d535730209a3b66.zip |
ask-password: when querying for a password, try to read from credential store first
This adds generic support for the SetCredential=/LoadCredential= logic
to our password querying infrastructure: if a password is requested by a
program that has a credential store configured via
$CREDENTIALS_DIRECTORY we'll look in it for a password.
The "systemd-ask-password" tool is updated with an option to specify the
credential to look for.
Diffstat (limited to 'src/home/homectl.c')
-rw-r--r-- | src/home/homectl.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/home/homectl.c b/src/home/homectl.c index 9d12b9abae..cf1a2d9f9b 100644 --- a/src/home/homectl.c +++ b/src/home/homectl.c @@ -221,7 +221,7 @@ static int acquire_existing_password(const char *user_name, UserRecord *hr, bool user_name) < 0) return log_oom(); - r = ask_password_auto(question, "user-home", NULL, "home-password", USEC_INFINITY, ASK_PASSWORD_ACCEPT_CACHED|ASK_PASSWORD_PUSH_CACHE, &password); + r = ask_password_auto(question, "user-home", NULL, "home-password", "home.password", USEC_INFINITY, ASK_PASSWORD_ACCEPT_CACHED|ASK_PASSWORD_PUSH_CACHE, &password); if (r < 0) return log_error_errno(r, "Failed to acquire password: %m"); @@ -257,7 +257,7 @@ static int acquire_token_pin(const char *user_name, UserRecord *hr) { return log_oom(); /* We never cache or use cached PINs, since usually there are only very few attempts allowed before the PIN is blocked */ - r = ask_password_auto(question, "user-home", NULL, "token-pin", USEC_INFINITY, 0, &pin); + r = ask_password_auto(question, "user-home", NULL, "token-pin", "home.token-pin", USEC_INFINITY, 0, &pin); if (r < 0) return log_error_errno(r, "Failed to acquire security token PIN: %m"); @@ -1010,7 +1010,7 @@ static int acquire_new_password( if (asprintf(&question, "Please enter new password for user %s:", user_name) < 0) return log_oom(); - r = ask_password_auto(question, "user-home", NULL, "home-password", USEC_INFINITY, 0, &first); + r = ask_password_auto(question, "user-home", NULL, "home-password", "home.new-password", USEC_INFINITY, 0, &first); if (r < 0) return log_error_errno(r, "Failed to acquire password: %m"); @@ -1018,7 +1018,7 @@ static int acquire_new_password( if (asprintf(&question, "Please enter new password for user %s (repeat):", user_name) < 0) return log_oom(); - r = ask_password_auto(question, "user-home", NULL, "home-password", USEC_INFINITY, 0, &second); + r = ask_password_auto(question, "user-home", NULL, "home-password", "home.new-password", USEC_INFINITY, 0, &second); if (r < 0) return log_error_errno(r, "Failed to acquire password: %m"); |