Merge ea1f0f58db into d99198819c

Right now, the sending of wall messages on reboot/shutdown/etc can be
controlled via DBus properties. This patch adds support for changing the
default via the logind.conf file as well.

Note that the DBus setting is lost if logind is restarted or reloaded,
but it was already the case before this patch that the setting is lost
upon restart.

man/systemd-cryptenroll.xml

@@ -265,11 +265,32 @@
   </refsect1>
 
   <refsect1>
-    <title>Unlocking</title>
+    <title>Options</title>
 
-    <para>The following options are understood that may be used to unlock the device in preparation of the enrollment operations:</para>
+    <para>The following options are understood:</para>
 
     <variablelist>
+      <varlistentry>
+        <term><option>--password</option></term>
+
+        <listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
+        <command>cryptsetup luksAddKey</command>, however may be combined with
+        <option>--wipe-slot=</option> in one call, see below.</para>
+
+        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--recovery-key</option></term>
+
+        <listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
+        computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
+        key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
+        </para>
+
+        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
 
@@ -307,45 +328,7 @@
 
         <xi:include href="version-info.xml" xpointer="v256"/></listitem>
       </varlistentry>
-    </variablelist>
-  </refsect1>
 
-  <refsect1>
-    <title>Simple Enrollment</title>
-
-    <para>The following options are understood that may be used to enroll simple user input based
-    unlocking:</para>
-
-    <variablelist>
-      <varlistentry>
-        <term><option>--password</option></term>
-
-        <listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
-        <command>cryptsetup luksAddKey</command>, however may be combined with
-        <option>--wipe-slot=</option> in one call, see below.</para>
-
-        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><option>--recovery-key</option></term>
-
-        <listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
-        computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
-        key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
-        </para>
-
-        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>PKCS#11 Enrollment</title>
-
-    <para>The following option is understood that may be used to enroll PKCS#11 tokens:</para>
-
-    <variablelist>
       <varlistentry>
         <term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
 
@@ -378,15 +361,7 @@
 
         <xi:include href="version-info.xml" xpointer="v248"/></listitem>
       </varlistentry>
-    </variablelist>
-  </refsect1>
 
-  <refsect1>
-    <title>FIDO2 Enrollment</title>
-
-    <para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
-
-    <variablelist>
       <varlistentry>
         <term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
         <listitem><para>Specify COSE algorithm used in credential generation. The default value is
@@ -486,15 +461,7 @@
 
         <xi:include href="version-info.xml" xpointer="v249"/></listitem>
       </varlistentry>
-    </variablelist>
-  </refsect1>
 
-  <refsect1>
-    <title>TPM2 Enrollment</title>
-
-    <para>The following options are understood that may be used to enroll TPM2 devices:</para>
-
-    <variablelist>
       <varlistentry>
         <term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
 
@@ -669,15 +636,7 @@
 
         <xi:include href="version-info.xml" xpointer="v255"/></listitem>
       </varlistentry>
-    </variablelist>
-  </refsect1>
 
-  <refsect1>
-    <title>Other Options</title>
-
-    <para>The following additional options are understood:</para>
-
-    <variablelist>
       <varlistentry>
         <term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>
 

shell-completion/bash/systemd-cryptenroll

@@ -38,12 +38,19 @@ __get_tpm2_devices() {
     done
 }
 
+__get_block_devices() {
+    local i
+    for i in /dev/*; do
+        [ -b "$i" ] && printf '%s\n' "$i"
+    done
+}
+
 _systemd_cryptenroll() {
     local comps
     local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
     local -A OPTS=(
         [STANDALONE]='-h --help --version
-                     --password --recovery-key --list-devices'
+                     --password --recovery-key'
         [ARG]='--unlock-key-file
                --unlock-fido2-device
                --unlock-tpm2-device
@@ -109,7 +116,7 @@ _systemd_cryptenroll() {
         return 0
     fi
 
-    comps=$(systemd-cryptenroll --list-devices)
+    comps=$(__get_block_devices)
     COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
     return 0
 }

src/cryptenroll/cryptenroll.c

@@ -193,7 +193,7 @@ static int help(void) {
                "\n%3$sSimple Enrollment:%4$s\n"
                "     --password        Enroll a user-supplied password\n"
                "     --recovery-key    Enroll a recovery key\n"
-               "\n%3$sPKCS#11 Enrollment:%4$s\n"
+               "\n%3$sPKCS11 Enrollment:%4$s\n"
                "     --pkcs11-token-uri=URI\n"
                "                       Specify PKCS#11 security token URI\n"
                "\n%3$sFIDO2 Enrollment:%4$s\n"

src/login/logind-core.c

@@ -39,7 +39,6 @@ void manager_reset_config(Manager *m) {
         m->remove_ipc = true;
         m->inhibit_delay_max = 5 * USEC_PER_SEC;
         m->user_stop_delay = 10 * USEC_PER_SEC;
-        m->enable_wall_messages = true;
 
         m->handle_action_sleep_mask = HANDLE_ACTION_SLEEP_MASK_DEFAULT;
 

src/login/logind.c

@@ -64,6 +64,7 @@ static int manager_new(Manager **ret) {
         *m = (Manager) {
                 .console_active_fd = -EBADF,
                 .reserve_vt_fd = -EBADF,
+                .enable_wall_messages = true,
                 .idle_action_not_before_usec = now(CLOCK_MONOTONIC),
                 .scheduled_shutdown_action = _HANDLE_ACTION_INVALID,