From 1fa94a312447f80d67e1883142f532927ff793e7 Mon Sep 17 00:00:00 2001
From: Sebastian Blunt <sebastian@c4k3.net>
Date: Fri, 14 May 2021 20:39:54 -0700
Subject: [PATCH] Add crypttab option silent

Adds a crypttab option 'silent' that enables the AskPasswordFlag
ASK_PASSWORD_SILENT. This allows usage of systemd-cryptsetup to default
to silent mode, rather than requiring the user to press tab every time.
---
 man/crypttab.xml                                    | 7 +++++++
 src/cryptsetup/cryptsetup.c                         | 8 ++++++--
 src/shared/ask-password-api.c                       | 6 ++++--
 src/tty-ask-password-agent/tty-ask-password-agent.c | 4 +++-
 4 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/man/crypttab.xml b/man/crypttab.xml
index d3aa3b8fc1f..8f0ed5b77dc 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -528,6 +528,13 @@
         prevent typos.</para></listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><option>silent</option></term>
+
+        <listitem><para>If the encryption password is read from console, no asterisks will be shown
+        while typing the password.</para></listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><option>pkcs11-uri=</option></term>
 
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index ca6bdecb863..74bd071c10e 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -57,6 +57,7 @@ static char *arg_header = NULL;
 static unsigned arg_tries = 3;
 static bool arg_readonly = false;
 static bool arg_verify = false;
+static bool arg_silent = false;
 static bool arg_discards = false;
 static bool arg_same_cpu_crypt = false;
 static bool arg_submit_from_crypt_cpus = false;
@@ -233,6 +234,8 @@ static int parse_one_option(const char *option) {
                 arg_readonly = true;
         else if (streq(option, "verify"))
                 arg_verify = true;
+        else if (streq(option, "silent"))
+                arg_silent = true;
         else if (STR_IN_SET(option, "allow-discards", "discard"))
                 arg_discards = true;
         else if (streq(option, "same-cpu-crypt"))
@@ -539,6 +542,7 @@ static int get_password(
         _cleanup_strv_free_erase_ char **passwords = NULL;
         char **p, *id;
         int r = 0;
+        AskPasswordFlags flags = ASK_PASSWORD_PUSH_CACHE | (arg_silent*ASK_PASSWORD_SILENT);
 
         assert(vol);
         assert(src);
@@ -561,7 +565,7 @@ static int get_password(
         id = strjoina("cryptsetup:", disk_path);
 
         r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", "cryptsetup.passphrase", until,
-                              ASK_PASSWORD_PUSH_CACHE | (accept_cached*ASK_PASSWORD_ACCEPT_CACHED),
+                              flags | (accept_cached*ASK_PASSWORD_ACCEPT_CACHED),
                               &passwords);
         if (r < 0)
                 return log_error_errno(r, "Failed to query password: %m");
@@ -576,7 +580,7 @@ static int get_password(
 
                 id = strjoina("cryptsetup-verification:", disk_path);
 
-                r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", "cryptsetup.passphrase", until, ASK_PASSWORD_PUSH_CACHE, &passwords2);
+                r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", "cryptsetup.passphrase", until, flags, &passwords2);
                 if (r < 0)
                         return log_error_errno(r, "Failed to query verification password: %m");
 
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 04c6b5287ed..0895a24c7fa 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -799,12 +799,14 @@ int ask_password_agent(
                 "Socket=%s\n"
                 "AcceptCached=%i\n"
                 "Echo=%i\n"
-                "NotAfter="USEC_FMT"\n",
+                "NotAfter="USEC_FMT"\n"
+                "Silent=%i\n",
                 getpid_cached(),
                 socket_name,
                 (flags & ASK_PASSWORD_ACCEPT_CACHED) ? 1 : 0,
                 (flags & ASK_PASSWORD_ECHO) ? 1 : 0,
-                until);
+                until,
+                (flags & ASK_PASSWORD_SILENT) ? 1 : 0);
 
         if (message)
                 fprintf(f, "Message=%s\n", message);
diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c
index ceacb61bf14..e056853f312 100644
--- a/src/tty-ask-password-agent/tty-ask-password-agent.c
+++ b/src/tty-ask-password-agent/tty-ask-password-agent.c
@@ -169,7 +169,7 @@ static int agent_ask_password_tty(
 
 static int process_one_password_file(const char *filename) {
         _cleanup_free_ char *socket_name = NULL, *message = NULL;
-        bool accept_cached = false, echo = false;
+        bool accept_cached = false, echo = false, silent = false;
         uint64_t not_after = 0;
         unsigned pid = 0;
 
@@ -180,6 +180,7 @@ static int process_one_password_file(const char *filename) {
                 { "Ask", "PID",          config_parse_unsigned, 0, &pid           },
                 { "Ask", "AcceptCached", config_parse_bool,     0, &accept_cached },
                 { "Ask", "Echo",         config_parse_bool,     0, &echo          },
+                { "Ask", "Silent",       config_parse_bool,     0, &silent        },
                 {}
         };
 
@@ -239,6 +240,7 @@ static int process_one_password_file(const char *filename) {
                 SET_FLAG(flags, ASK_PASSWORD_ACCEPT_CACHED, accept_cached);
                 SET_FLAG(flags, ASK_PASSWORD_CONSOLE_COLOR, arg_console);
                 SET_FLAG(flags, ASK_PASSWORD_ECHO, echo);
+                SET_FLAG(flags, ASK_PASSWORD_SILENT, silent);
 
                 if (arg_plymouth)
                         r = ask_password_plymouth(message, not_after, flags, filename, &passwords);