generator: Rename password arg

This function does not expect a password, but a key file path. The
cryptsetup helper binary even calls it that.

No Code changes.

Follow up on: 6e41f4dd916293f35d7d35cea7eed1807d7ea771
Fixes: https://github.com/systemd/systemd/security/code-scanning/81

(cherry picked from commit b7de9651db7bdbb42befa653791980daa50448bb)

src/cryptsetup/cryptsetup-generator.c

@@ -277,7 +277,7 @@ static int print_dependencies(FILE *f, const char* device_path) {
 static int create_disk(
                 const char *name,
                 const char *device,
-                const char *password,
+                const char *key_file,
                 const char *keydev,
                 const char *headerdev,
                 const char *options,
@@ -285,7 +285,7 @@ static int create_disk(
 
         _cleanup_free_ char *n = NULL, *d = NULL, *u = NULL, *e = NULL,
                 *keydev_mount = NULL, *keyfile_timeout_value = NULL,
-                *filtered = NULL, *u_escaped = NULL, *name_escaped = NULL, *header_path = NULL, *password_buffer = NULL,
+                *filtered = NULL, *u_escaped = NULL, *name_escaped = NULL, *header_path = NULL, *key_file_buffer = NULL,
                 *tmp_fstype = NULL, *filtered_header = NULL, *headerdev_mount = NULL;
         _cleanup_fclose_ FILE *f = NULL;
         const char *dmname;
@@ -350,9 +350,9 @@ static int create_disk(
         if (r < 0)
                 return log_error_errno(r, "Failed to generate unit name: %m");
 
-        if (keydev && !password)
+        if (keydev && !key_file)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                       "Key device is specified, but path to the password file is missing.");
+                                       "Key device is specified, but path to the key file is missing.");
 
         r = generator_open_unit_file(arg_dest, NULL, n, &f);
         if (r < 0)
@@ -388,11 +388,11 @@ static int create_disk(
                 if (r < 0)
                         return log_error_errno(r, "Failed to generate keydev umount unit: %m");
 
-                password_buffer = path_join(keydev_mount, password);
-                if (!password_buffer)
+                key_file_buffer = path_join(keydev_mount, key_file);
+                if (!key_file_buffer)
                         return log_oom();
 
-                password = password_buffer;
+                key_file = key_file_buffer;
 
                 fprintf(f, "After=%s\n", unit);
                 if (keyfile_can_timeout > 0)
@@ -462,8 +462,8 @@ static int create_disk(
                         "Before=%s\n",
                         netdev ? "remote-cryptsetup.target" : "cryptsetup.target");
 
-        if (password && !keydev) {
-                r = print_dependencies(f, password);
+        if (key_file && !keydev) {
+                r = print_dependencies(f, key_file);
                 if (r < 0)
                         return r;
         }
@@ -495,7 +495,7 @@ static int create_disk(
         if (r < 0)
                 log_warning_errno(r, "Failed to write device timeout drop-in: %m");
 
-        r = generator_write_cryptsetup_service_section(f, name, u, password, filtered);
+        r = generator_write_cryptsetup_service_section(f, name, u, key_file, filtered);
         if (r < 0)
                 return r;
 

src/cryptsetup/cryptsetup.c

@@ -1639,7 +1639,7 @@ static int help(void) {
         if (r < 0)
                 return log_oom();
 
-        printf("%s attach VOLUME SOURCEDEVICE [PASSWORD] [OPTIONS]\n"
+        printf("%s attach VOLUME SOURCEDEVICE [KEY-FILE] [OPTIONS]\n"
                "%s detach VOLUME\n\n"
                "Attaches or detaches an encrypted block device.\n"
                "\nSee the %s for details.\n",
@@ -1721,7 +1721,7 @@ static int run(int argc, char *argv[]) {
                 unsigned tries;
                 usec_t until;
 
-                /* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [PASSWORD] [OPTIONS] */
+                /* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [KEY-FILE] [OPTIONS] */
 
                 if (argc < 4)
                         return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach requires at least two arguments.");

src/shared/generator.c

@@ -625,10 +625,10 @@ int generator_write_cryptsetup_service_section(
                 FILE *f,
                 const char *name,
                 const char *what,
-                const char *password,
+                const char *key_file,
                 const char *options) {
 
-        _cleanup_free_ char *name_escaped = NULL, *what_escaped = NULL, *password_escaped = NULL, *options_escaped = NULL;
+        _cleanup_free_ char *name_escaped = NULL, *what_escaped = NULL, *key_file_escaped = NULL, *options_escaped = NULL;
 
         assert(f);
         assert(name);
@@ -642,9 +642,9 @@ int generator_write_cryptsetup_service_section(
         if (!what_escaped)
                 return log_oom();
 
-        if (password) {
-                password_escaped = specifier_escape(password);
-                if (!password_escaped)
+        if (key_file) {
+                key_file_escaped = specifier_escape(key_file);
+                if (!key_file_escaped)
                         return log_oom();
         }
 
@@ -664,7 +664,7 @@ int generator_write_cryptsetup_service_section(
                 "OOMScoreAdjust=500\n"    /* Unlocking can allocate a lot of memory if Argon2 is used */
                 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
                 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
-                name_escaped, what_escaped, strempty(password_escaped), strempty(options_escaped),
+                name_escaped, what_escaped, strempty(key_file_escaped), strempty(options_escaped),
                 name_escaped);
 
         return 0;