shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-06 08:26:52 +03:00
Code
1602b00853
systemd/src/cryptsetup/cryptsetup.c

761 lines
25 KiB
C
Raw Normal View History

cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
/***
This file is part of systemd.
Copyright 2010 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
relicense to LGPLv2.1 (with exceptions) We finally got the OK from all contributors with non-trivial commits to relicense systemd from GPL2+ to LGPL2.1+. Some udev bits continue to be GPL2+ for now, but we are looking into relicensing them too, to allow free copy/paste of all code within systemd. The bits that used to be MIT continue to be MIT. The big benefit of the relicensing is that closed source code may now link against libsystemd-login.so and friends.
2012-04-12 02:20:58 +04:00
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
relicense to LGPLv2.1 (with exceptions) We finally got the OK from all contributors with non-trivial commits to relicense systemd from GPL2+ to LGPL2.1+. Some udev bits continue to be GPL2+ for now, but we are looking into relicensing them too, to allow free copy/paste of all code within systemd. The bits that used to be MIT continue to be MIT. The big benefit of the relicensing is that closed source code may now link against libsystemd-login.so and friends.
2012-04-12 02:20:58 +04:00
Lesser General Public License for more details.
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
relicense to LGPLv2.1 (with exceptions) We finally got the OK from all contributors with non-trivial commits to relicense systemd from GPL2+ to LGPL2.1+. Some udev bits continue to be GPL2+ for now, but we are looking into relicensing them too, to allow free copy/paste of all code within systemd. The bits that used to be MIT continue to be MIT. The big benefit of the relicensing is that closed source code may now link against libsystemd-login.so and friends.
2012-04-12 02:20:58 +04:00
You should have received a copy of the GNU Lesser General Public License
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <string.h>
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
#include <errno.h>
cryptsetup: lock ourselves into memory as long as we deal with passwords
2010-11-16 05:23:52 +03:00
#include <sys/mman.h>
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
#include <mntent.h>
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
#include <libcryptsetup.h>
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
#include "fileio.h"
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
#include "log.h"
#include "util.h"
util: split-out path-util.[ch]
2012-05-07 23:36:12 +04:00
#include "path-util.h"
ask-password: supported plymouth cached passwords
2011-02-23 03:12:07 +03:00
#include "strv.h"
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
#include "ask-password-api.h"
cryptsetup: port from libudev to sd-device
2015-04-01 15:26:47 +03:00
#include "sd-device.h"
#include "device-util.h"
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
static const char *arg_type = NULL; /* CRYPT_LUKS1, CRYPT_TCRYPT or CRYPT_PLAIN */
static char *arg_cipher = NULL;
static unsigned arg_key_size = 0;
static int arg_key_slot = CRYPT_ANY_SLOT;
static unsigned arg_keyfile_size = 0;
static unsigned arg_keyfile_offset = 0;
static char *arg_hash = NULL;
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
static char *arg_header = NULL;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
static unsigned arg_tries = 3;
static bool arg_readonly = false;
static bool arg_verify = false;
static bool arg_discards = false;
static bool arg_tcrypt_hidden = false;
static bool arg_tcrypt_system = false;
static char **arg_tcrypt_keyfiles = NULL;
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
static uint64_t arg_offset = 0;
static uint64_t arg_skip = 0;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
static usec_t arg_timeout = 0;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
cryptsetup: handle password=none properly
2010-11-14 04:08:31 +03:00
/* Options Debian's crypttab knows we don't:
precheck=
check=
checkargs=
noearly=
loud=
keyscript=
*/
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
static int parse_one_option(const char *option) {
assert(option);
/* Handled outside of this tool */
Support negated fstab options We would ignore options like "fail" and "auto", and for any option which takes a value the first assignment would win. Repeated and options equivalent to the default are rarely used, but they have been documented forever, and people might use them. Especially on the kernel command line it is easier to append a repeated or negated option at the end.
2015-01-11 08:04:00 +03:00
if (STR_IN_SET(option, "noauto", "auto", "nofail", "fail"))
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
return 0;
if (startswith(option, "cipher=")) {
char *t;
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
t = strdup(option+7);
if (!t)
cryptsetup: fix OOM handling when parsing mount options
2013-10-02 21:36:28 +04:00
return log_oom();
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
free(arg_cipher);
arg_cipher = t;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
} else if (startswith(option, "size=")) {
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (safe_atou(option+5, &arg_key_size) < 0) {
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
log_error("size= parse failure, ignoring.");
return 0;
}
Fix keysize handling in cryptsetup (bits vs. bytes) The command line key-size is in bits but the libcryptsetup API expects bytes. Note that the modulo 8 check is in the original cryptsetup binary as well, so it's no new limitation. (v2: changed the point at which the /= 8 is performed, rebased, removed tabs)
2014-03-25 14:05:28 +04:00
if (arg_key_size % 8) {
log_error("size= not a multiple of 8, ignoring.");
return 0;
}
arg_key_size /= 8;
cryptsetup: Support key-slot option Debian recently introduced the option key-slot to /etc/crypttab to specify the LUKS key slot to be used for decrypting the device. On systems where a keyfile is used and the key is not in the first slot, this can speed up the boot process quite a bit, since cryptsetup does not need to try all of the slots sequentially. (Unsuccessfully testing a key slot typically takes up to about 1 second.) This patch makes systemd aware of this option. Debian bug that introduced the feature: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704470
2014-01-26 15:02:49 +04:00
} else if (startswith(option, "key-slot=")) {
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
arg_type = CRYPT_LUKS1;
if (safe_atoi(option+9, &arg_key_slot) < 0) {
cryptsetup: Support key-slot option Debian recently introduced the option key-slot to /etc/crypttab to specify the LUKS key slot to be used for decrypting the device. On systems where a keyfile is used and the key is not in the first slot, this can speed up the boot process quite a bit, since cryptsetup does not need to try all of the slots sequentially. (Unsuccessfully testing a key slot typically takes up to about 1 second.) This patch makes systemd aware of this option. Debian bug that introduced the feature: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704470
2014-01-26 15:02:49 +04:00
log_error("key-slot= parse failure, ignoring.");
return 0;
}
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
} else if (startswith(option, "tcrypt-keyfile=")) {
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
arg_type = CRYPT_TCRYPT;
cryptsetup: fix OOM handling when parsing mount options
2013-10-02 21:36:28 +04:00
if (path_is_absolute(option+15)) {
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (strv_extend(&arg_tcrypt_keyfiles, option + 15) < 0)
cryptsetup: fix OOM handling when parsing mount options
2013-10-02 21:36:28 +04:00
return log_oom();
} else
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
log_error("Key file path '%s' is not absolute. Ignoring.", option+15);
cryptsetup: add keyfile-size= support This is useful e.g. if the keyfile is a raw device, where only parts of it should be read. It is typically used whenever the keyfile-offset= option is specified. Tested-by: Erik Westrup <erik.westrup@gmail.com>
2012-08-03 14:47:24 +04:00
} else if (startswith(option, "keyfile-size=")) {
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (safe_atou(option+13, &arg_keyfile_size) < 0) {
cryptsetup: add keyfile-size= support This is useful e.g. if the keyfile is a raw device, where only parts of it should be read. It is typically used whenever the keyfile-offset= option is specified. Tested-by: Erik Westrup <erik.westrup@gmail.com>
2012-08-03 14:47:24 +04:00
log_error("keyfile-size= parse failure, ignoring.");
return 0;
}
cryptsetup: add keyfile-offset= support This is useful if your keyfile is a block device, and you want to use a specific part of it, such as an area between the MBR and the first partition. This feature is documented in the Arch wiki[0], and has been supported by the Arch initscripts, so would be nice to get this into systemd. This requires libcryptsetup >= 1.4.2 (released 12.4.2012). Acked-by: Paul Menzel <paulepanter@users.sourceforge.net> [0]: <https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS# Storing_the_key_between_MBR_and_1st_partition>
2012-06-29 16:36:37 +04:00
} else if (startswith(option, "keyfile-offset=")) {
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (safe_atou(option+15, &arg_keyfile_offset) < 0) {
cryptsetup: add keyfile-offset= support This is useful if your keyfile is a block device, and you want to use a specific part of it, such as an area between the MBR and the first partition. This feature is documented in the Arch wiki[0], and has been supported by the Arch initscripts, so would be nice to get this into systemd. This requires libcryptsetup >= 1.4.2 (released 12.4.2012). Acked-by: Paul Menzel <paulepanter@users.sourceforge.net> [0]: <https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS# Storing_the_key_between_MBR_and_1st_partition>
2012-06-29 16:36:37 +04:00
log_error("keyfile-offset= parse failure, ignoring.");
return 0;
}
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
} else if (startswith(option, "hash=")) {
char *t;
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
t = strdup(option+5);
if (!t)
cryptsetup: fix OOM handling when parsing mount options
2013-10-02 21:36:28 +04:00
return log_oom();
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
free(arg_hash);
arg_hash = t;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
} else if (startswith(option, "header=")) {
arg_type = CRYPT_LUKS1;
if (!path_is_absolute(option+7)) {
log_error("Header path '%s' is not absolute, refusing.", option+7);
return -EINVAL;
}
if (arg_header) {
log_error("Duplicate header= options, refusing.");
return -EINVAL;
}
arg_header = strdup(option+7);
if (!arg_header)
return log_oom();
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
} else if (startswith(option, "tries=")) {
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (safe_atou(option+6, &arg_tries) < 0) {
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
log_error("tries= parse failure, ignoring.");
return 0;
}
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
} else if (STR_IN_SET(option, "readonly", "read-only"))
arg_readonly = true;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
else if (streq(option, "verify"))
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
arg_verify = true;
else if (STR_IN_SET(option, "allow-discards", "discard"))
arg_discards = true;
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
else if (streq(option, "luks"))
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
arg_type = CRYPT_LUKS1;
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
else if (streq(option, "tcrypt"))
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
arg_type = CRYPT_TCRYPT;
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
else if (streq(option, "tcrypt-hidden")) {
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
arg_type = CRYPT_TCRYPT;
arg_tcrypt_hidden = true;
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
} else if (streq(option, "tcrypt-system")) {
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
arg_type = CRYPT_TCRYPT;
arg_tcrypt_system = true;
} else if (STR_IN_SET(option, "plain", "swap", "tmp"))
arg_type = CRYPT_PLAIN;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
else if (startswith(option, "timeout=")) {
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (parse_sec(option+8, &arg_timeout) < 0) {
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
log_error("timeout= parse failure, ignoring.");
return 0;
}
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
} else if (startswith(option, "offset=")) {
if (safe_atou64(option+7, &arg_offset) < 0) {
log_error("offset= parse failure, refusing.");
return -EINVAL;
}
} else if (startswith(option, "skip=")) {
if (safe_atou64(option+5, &arg_skip) < 0) {
log_error("skip= parse failure, refusing.");
return -EINVAL;
}
cryptsetup: accept "none" option
2011-08-04 18:04:43 +04:00
} else if (!streq(option, "none"))
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
log_error("Encountered unknown /etc/crypttab option '%s', ignoring.", option);
return 0;
}
static int parse_options(const char *options) {
Reject invalid quoted strings String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-30 06:01:36 +04:00
const char *word, *state;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
size_t l;
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
int r;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
assert(options);
Reject invalid quoted strings String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-30 06:01:36 +04:00
FOREACH_WORD_SEPARATOR(word, l, options, ",", state) {
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
_cleanup_free_ char *o;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
Reject invalid quoted strings String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-30 06:01:36 +04:00
o = strndup(word, l);
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
if (!o)
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
return -ENOMEM;
r = parse_one_option(o);
if (r < 0)
return r;
}
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
/* sanity-check options */
if (arg_type != NULL && !streq(arg_type, CRYPT_PLAIN)) {
if (arg_offset)
log_warning("offset= ignored with type %s", arg_type);
if (arg_skip)
log_warning("skip= ignored with type %s", arg_type);
}
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
return 0;
}
static void log_glue(int level, const char *msg, void *usrptr) {
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
log_debug("%s", msg);
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
}
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
static int disk_major_minor(const char *path, char **ret) {
struct stat st;
assert(path);
if (stat(path, &st) < 0)
return -errno;
if (!S_ISBLK(st.st_mode))
return -EINVAL;
if (asprintf(ret, "/dev/block/%d:%d", major(st.st_rdev), minor(st.st_rdev)) < 0)
return -errno;
return 0;
}
Introduce udev object cleanup functions
2013-10-13 04:28:21 +04:00
static char* disk_description(const char *path) {
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
static const char name_fields[] =
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
"ID_PART_ENTRY_NAME\0"
"DM_NAME\0"
"ID_MODEL_FROM_DATABASE\0"
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
"ID_MODEL\0";
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
cryptsetup: port from libudev to sd-device
2015-04-01 15:26:47 +03:00
_cleanup_device_unref_ sd_device *device = NULL;
cryptsetup: show udev device name when asking for password
2010-11-19 01:34:42 +03:00
struct stat st;
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
const char *i;
cryptsetup: port from libudev to sd-device
2015-04-01 15:26:47 +03:00
int r;
cryptsetup: show udev device name when asking for password
2010-11-19 01:34:42 +03:00
assert(path);
if (stat(path, &st) < 0)
return NULL;
if (!S_ISBLK(st.st_mode))
return NULL;
cryptsetup: port from libudev to sd-device
2015-04-01 15:26:47 +03:00
r = sd_device_new_from_devnum(&device, 'b', st.st_rdev);
if (r < 0)
Introduce udev object cleanup functions
2013-10-13 04:28:21 +04:00
return NULL;
cryptsetup: show udev device name when asking for password
2010-11-19 01:34:42 +03:00
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
NULSTR_FOREACH(i, name_fields) {
const char *name;
cryptsetup: port from libudev to sd-device
2015-04-01 15:26:47 +03:00
r = sd_device_get_property_value(device, i, &name);
if (r >= 0 && !isempty(name))
Introduce udev object cleanup functions
2013-10-13 04:28:21 +04:00
return strdup(name);
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
}
cryptsetup: show udev device name when asking for password
2010-11-19 01:34:42 +03:00
Introduce udev object cleanup functions
2013-10-13 04:28:21 +04:00
return NULL;
cryptsetup: show udev device name when asking for password
2010-11-19 01:34:42 +03:00
}
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
static char *disk_mount_point(const char *label) {
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
_cleanup_free_ char *device = NULL;
Introduce _cleanup_endmntent_
2013-10-04 06:13:55 +04:00
_cleanup_endmntent_ FILE *f = NULL;
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
struct mntent *m;
/* Yeah, we don't support native systemd unit files here for now */
if (asprintf(&device, "/dev/mapper/%s", label) < 0)
Introduce _cleanup_endmntent_
2013-10-04 06:13:55 +04:00
return NULL;
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
mount: don't fail if fstab doesn't exist
2012-04-22 17:33:43 +04:00
f = setmntent("/etc/fstab", "r");
if (!f)
Introduce _cleanup_endmntent_
2013-10-04 06:13:55 +04:00
return NULL;
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
while ((m = getmntent(f)))
Introduce _cleanup_endmntent_
2013-10-04 06:13:55 +04:00
if (path_equal(m->mnt_fsname, device))
return strdup(m->mnt_dir);
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
Introduce _cleanup_endmntent_
2013-10-04 06:13:55 +04:00
return NULL;
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
}
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
static int get_password(const char *vol, const char *src, usec_t until, bool accept_cached, char ***ret) {
ask-password: add support for caching passwords in the kernel keyring This adds support for caching harddisk passwords in the kernel keyring if it is available, thus supporting caching without Plymouth being around. This is also useful for hooking up "gdm-auto-login" with the collected boot-time harddisk password, in order to support gnome keyring passphrase unlocking via the HDD password, if it is the same. Any passwords added to the kernel keyring this way have a timeout of 2.5min at which time they are purged from the kernel.
2015-10-07 12:26:10 +03:00
_cleanup_free_ char *description = NULL, *name_buffer = NULL, *mount_point = NULL, *maj_min = NULL, *text = NULL, *escaped_name = NULL;
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
_cleanup_strv_free_ char **passwords = NULL, **passwords2 = NULL;
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
const char *name = NULL;
ask-password: add support for caching passwords in the kernel keyring This adds support for caching harddisk passwords in the kernel keyring if it is available, thus supporting caching without Plymouth being around. This is also useful for hooking up "gdm-auto-login" with the collected boot-time harddisk password, in order to support gnome keyring passphrase unlocking via the HDD password, if it is the same. Any passwords added to the kernel keyring this way have a timeout of 2.5min at which time they are purged from the kernel.
2015-10-07 12:26:10 +03:00
char **p, *id;
int r = 0;
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
assert(vol);
assert(src);
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
assert(ret);
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
description = disk_description(src);
mount_point = disk_mount_point(vol);
tree-wide: drop {} from one-line if blocks Patch via coccinelle.
2015-09-09 00:03:38 +03:00
if (description && streq(vol, description))
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
/* If the description string is simply the
* volume name, then let's not show this
* twice */
tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-31 20:56:38 +03:00
description = mfree(description);
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
if (mount_point && description)
r = asprintf(&name_buffer, "%s (%s) on %s", description, vol, mount_point);
else if (mount_point)
r = asprintf(&name_buffer, "%s on %s", vol, mount_point);
else if (description)
r = asprintf(&name_buffer, "%s (%s)", description, vol);
if (r < 0)
return log_oom();
name = name_buffer ? name_buffer : vol;
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
if (asprintf(&text, "Please enter passphrase for disk %s!", name) < 0)
return log_oom();
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
if (src)
(void) disk_major_minor(src, &maj_min);
if (maj_min) {
escaped_name = maj_min;
maj_min = NULL;
} else
escaped_name = cescape(name);
Add more password agent information Add an (optional) "Id" key in the password agent .ask files. The Id is supposed to be a simple string in "<subsystem>:<target>" form which is used to provide more information on what the requested passphrase is to be used for (which e.g. allows an agent to only react to cryptsetup requests). (v2: rebased, fixed indentation, escape name, use strappenda)
2014-03-25 14:05:23 +04:00
if (!escaped_name)
return log_oom();
util: rework strappenda(), and rename it strjoina() After all it is now much more like strjoin() than strappend(). At the same time, add support for NULL sentinels, even if they are normally not necessary.
2015-02-03 04:05:59 +03:00
id = strjoina("cryptsetup:", escaped_name);
Add more password agent information Add an (optional) "Id" key in the password agent .ask files. The Id is supposed to be a simple string in "<subsystem>:<target>" form which is used to provide more information on what the requested passphrase is to be used for (which e.g. allows an agent to only react to cryptsetup requests). (v2: rebased, fixed indentation, escape name, use strappenda)
2014-03-25 14:05:23 +04:00
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", until, ASK_PASSWORD_PUSH_CACHE|(accept_cached ? ASK_PASSWORD_ACCEPT_CACHED : 0), &passwords);
treewide: more log_*_errno + return simplifications
2014-11-28 20:23:20 +03:00
if (r < 0)
return log_error_errno(r, "Failed to query password: %m");
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_verify) {
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
assert(strv_length(passwords) == 1);
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
if (asprintf(&text, "Please enter passphrase for disk %s! (verification)", name) < 0) {
r = log_oom();
goto finish;
}
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
util: rework strappenda(), and rename it strjoina() After all it is now much more like strjoin() than strappend(). At the same time, add support for NULL sentinels, even if they are normally not necessary.
2015-02-03 04:05:59 +03:00
id = strjoina("cryptsetup-verification:", escaped_name);
Add more password agent information Add an (optional) "Id" key in the password agent .ask files. The Id is supposed to be a simple string in "<subsystem>:<target>" form which is used to provide more information on what the requested passphrase is to be used for (which e.g. allows an agent to only react to cryptsetup requests). (v2: rebased, fixed indentation, escape name, use strappenda)
2014-03-25 14:05:23 +04:00
ask-password: add support for caching passwords in the kernel keyring This adds support for caching harddisk passwords in the kernel keyring if it is available, thus supporting caching without Plymouth being around. This is also useful for hooking up "gdm-auto-login" with the collected boot-time harddisk password, in order to support gnome keyring passphrase unlocking via the HDD password, if it is the same. Any passwords added to the kernel keyring this way have a timeout of 2.5min at which time they are purged from the kernel.
2015-10-07 12:26:10 +03:00
r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", until, ASK_PASSWORD_PUSH_CACHE, &passwords2);
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
if (r < 0) {
log_error_errno(r, "Failed to query verification password: %m");
goto finish;
}
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
assert(strv_length(passwords2) == 1);
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
if (!streq(passwords[0], passwords2[0])) {
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
log_warning("Passwords did not match, retrying.");
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
r = -EAGAIN;
goto finish;
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
}
}
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
strv_uniq(passwords);
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
STRV_FOREACH(p, passwords) {
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
char *c;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (strlen(*p)+1 >= arg_key_size)
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
continue;
/* Pad password if necessary */
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
c = new(char, arg_key_size);
if (!c) {
r = -ENOMEM;
goto finish;
}
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
strncpy(c, *p, arg_key_size);
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
free(*p);
*p = c;
}
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
*ret = passwords;
passwords = NULL;
r = 0;
finish:
strv_erase(passwords);
strv_erase(passwords2);
return r;
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
}
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
static int attach_tcrypt(
struct crypt_device *cd,
const char *name,
const char *key_file,
char **passwords,
uint32_t flags) {
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
int r = 0;
_cleanup_free_ char *passphrase = NULL;
struct crypt_params_tcrypt params = {
.flags = CRYPT_TCRYPT_LEGACY_MODES,
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
.keyfiles = (const char **)arg_tcrypt_keyfiles,
.keyfiles_count = strv_length(arg_tcrypt_keyfiles)
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
};
assert(cd);
assert(name);
cryptsetup: check that password is not null Beef up the assert to protect against passing null to strlen. Found with scan-build.
2014-06-13 00:50:04 +04:00
assert(key_file || (passwords && passwords[0]));
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_tcrypt_hidden)
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
params.flags |= CRYPT_TCRYPT_HIDDEN_HEADER;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_tcrypt_system)
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
params.flags |= CRYPT_TCRYPT_SYSTEM_HEADER;
if (key_file) {
r = read_one_line_file(key_file, &passphrase);
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 15:19:16 +03:00
log_error_errno(r, "Failed to read password file '%s': %m", key_file);
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
return -EAGAIN;
}
params.passphrase = passphrase;
} else
params.passphrase = passwords[0];
params.passphrase_size = strlen(params.passphrase);
r = crypt_load(cd, CRYPT_TCRYPT, &params);
if (r < 0) {
if (key_file && r == -EPERM) {
log_error("Failed to activate using password file '%s'.", key_file);
return -EAGAIN;
}
return r;
}
cryptsetup: minor typo fix
2014-03-25 02:45:58 +04:00
return crypt_activate_by_volume_key(cd, name, NULL, 0, flags);
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
}
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
static int attach_luks_or_plain(struct crypt_device *cd,
const char *name,
const char *key_file,
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
const char *data_device,
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
char **passwords,
uint32_t flags) {
int r = 0;
bool pass_volume_key = false;
assert(cd);
assert(name);
assert(key_file || passwords);
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
if (!arg_type || streq(arg_type, CRYPT_LUKS1)) {
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
r = crypt_load(cd, CRYPT_LUKS1, NULL);
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
if (r < 0) {
log_error("crypt_load() failed on device %s.\n", crypt_get_device_name(cd));
return r;
}
if (data_device)
r = crypt_set_data_device(cd, data_device);
}
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if ((!arg_type && r < 0) || streq_ptr(arg_type, CRYPT_PLAIN)) {
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
struct crypt_params_plain params = {
.offset = arg_offset,
.skip = arg_skip,
};
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
const char *cipher, *cipher_mode;
_cleanup_free_ char *truncated_cipher = NULL;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_hash) {
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
/* plain isn't a real hash type. it just means "use no hash" */
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (!streq(arg_hash, "plain"))
params.hash = arg_hash;
cryptsetup: default to no hash when keyfile is specified For plain dm-crypt devices, the behavior of cryptsetup package is to ignore the hash algorithm when a key file is provided. It seems wrong to ignore a hash when it is explicitly specified, but we should default to no hash if the keyfile is specified. https://bugs.freedesktop.org/show_bug.cgi?id=52630
2014-11-24 17:11:12 +03:00
} else if (!key_file)
/* for CRYPT_PLAIN, the behaviour of cryptsetup
* package is to not hash when a key file is provided */
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
params.hash = "ripemd160";
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_cipher) {
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
size_t l;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
l = strcspn(arg_cipher, "-");
truncated_cipher = strndup(arg_cipher, l);
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
if (!truncated_cipher)
return log_oom();
cipher = truncated_cipher;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
cipher_mode = arg_cipher[l] ? arg_cipher+l+1 : "plain";
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
} else {
cipher = "aes";
cipher_mode = "cbc-essiv:sha256";
}
/* for CRYPT_PLAIN limit reads
* from keyfile to key length, and
* ignore keyfile-size */
Fix keysize handling in cryptsetup (bits vs. bytes) The command line key-size is in bits but the libcryptsetup API expects bytes. Note that the modulo 8 check is in the original cryptsetup binary as well, so it's no new limitation. (v2: changed the point at which the /= 8 is performed, rebased, removed tabs)
2014-03-25 14:05:28 +04:00
arg_keyfile_size = arg_key_size;
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
/* In contrast to what the name
* crypt_setup() might suggest this
* doesn't actually format anything,
* it just configures encryption
* parameters when used for plain
* mode. */
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
r = crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, arg_keyfile_size, &params);
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
/* hash == NULL implies the user passed "plain" */
pass_volume_key = (params.hash == NULL);
}
treewide: more log_*_errno + return simplifications
2014-11-28 20:23:20 +03:00
if (r < 0)
return log_error_errno(r, "Loading of cryptographic parameters failed: %m");
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
log_info("Set cipher %s, mode %s, key size %i bits for device %s.",
crypt_get_cipher(cd),
crypt_get_cipher_mode(cd),
crypt_get_volume_key_size(cd)*8,
crypt_get_device_name(cd));
if (key_file) {
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
r = crypt_activate_by_keyfile_offset(cd, name, arg_key_slot, key_file, arg_keyfile_size, arg_keyfile_offset, flags);
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 15:19:16 +03:00
log_error_errno(r, "Failed to activate with key file '%s': %m", key_file);
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
return -EAGAIN;
}
} else {
char **p;
STRV_FOREACH(p, passwords) {
if (pass_volume_key)
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
r = crypt_activate_by_volume_key(cd, name, *p, arg_key_size, flags);
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
else
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
r = crypt_activate_by_passphrase(cd, name, arg_key_slot, *p, strlen(*p), flags);
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
if (r >= 0)
break;
}
}
return r;
}
cryptsetup: add a terse help
2011-02-25 04:56:27 +03:00
static int help(void) {
printf("%s attach VOLUME SOURCEDEVICE [PASSWORD] [OPTIONS]\n"
"%s detach VOLUME\n\n"
"Attaches or detaches an encrypted block device.\n",
program_invocation_short_name,
program_invocation_short_name);
return 0;
}
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
int main(int argc, char *argv[]) {
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
int r = EXIT_FAILURE;
struct crypt_device *cd = NULL;
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
cryptsetup: add a terse help
2011-02-25 04:56:27 +03:00
if (argc <= 1) {
help();
return EXIT_SUCCESS;
}
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
if (argc < 3) {
log_error("This program requires at least two arguments.");
return EXIT_FAILURE;
}
log: add automatic log target
2010-11-12 03:01:04 +03:00
log_set_target(LOG_TARGET_AUTO);
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
log_parse_environment();
log_open();
umask: change default umask to 0022 just to be sure, and set it explicitly in all binaries, in order to make sure it is set when started from the terminal
2011-08-01 22:52:18 +04:00
umask(0022);
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
if (streq(argv[1], "attach")) {
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
uint32_t flags = 0;
int k;
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
unsigned tries;
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
usec_t until;
cryptsetup: properly parse cipher= switch
2010-11-14 04:01:29 +03:00
crypt_status_info status;
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
const char *key_file = NULL;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
/* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [PASSWORD] [OPTIONS] */
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
if (argc < 4) {
log_error("attach requires at least two arguments.");
goto finish;
}
cryptsetup: handle password=none properly
2010-11-14 04:08:31 +03:00
if (argc >= 5 &&
argv[4][0] &&
!streq(argv[4], "-") &&
!streq(argv[4], "none")) {
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
if (!path_is_absolute(argv[4]))
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
log_error("Password file path '%s' is not absolute. Ignoring.", argv[4]);
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
else
key_file = argv[4];
}
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
if (argc >= 6 && argv[5][0] && !streq(argv[5], "-")) {
if (parse_options(argv[5]) < 0)
goto finish;
}
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
cryptsetup: lock ourselves into memory as long as we deal with passwords
2010-11-16 05:23:52 +03:00
/* A delicious drop of snake oil */
mlockall(MCL_FUTURE);
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
if (arg_header) {
log_debug("LUKS header: %s", arg_header);
k = crypt_init(&cd, arg_header);
} else
k = crypt_init(&cd, argv[3]);
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
if (k) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 15:19:16 +03:00
log_error_errno(k, "crypt_init() failed: %m");
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
goto finish;
}
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
crypt_set_log_callback(cd, log_glue, NULL);
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
status = crypt_status(cd, argv[2]);
if (status == CRYPT_ACTIVE || status == CRYPT_BUSY) {
log_info("Volume %s already active.", argv[2]);
r = EXIT_SUCCESS;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
goto finish;
}
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_readonly)
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
flags |= CRYPT_ACTIVATE_READONLY;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_discards)
cryptsetup: support discards (TRIM)
2012-05-19 19:05:50 +04:00
flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_timeout > 0)
until = now(CLOCK_MONOTONIC) + arg_timeout;
ask-password: support passwords without timeouts
2011-04-13 23:42:46 +04:00
else
until = 0;
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
Fix keysize handling in cryptsetup (bits vs. bytes) The command line key-size is in bits but the libcryptsetup API expects bytes. Note that the modulo 8 check is in the original cryptsetup binary as well, so it's no new limitation. (v2: changed the point at which the /= 8 is performed, rebased, removed tabs)
2014-03-25 14:05:28 +04:00
arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8));
cryptsetup: properly parse cipher= switch
2010-11-14 04:01:29 +03:00
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
if (key_file) {
struct stat st;
cryptsetup: properly parse cipher= switch
2010-11-14 04:01:29 +03:00
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
/* Ideally we'd do this on the open fd, but since this is just a
* warning it's OK to do this in two steps. */
cryptsetup: only warn on real key files Simplify the check from commit 05f73ad to only apply the warning to regular files instead of enumerating device nodes.
2015-02-02 18:53:39 +03:00
if (stat(key_file, &st) >= 0 && S_ISREG(st.st_mode) && (st.st_mode & 0005))
log_warning("Key file %s is world-readable. This is not a good idea!", key_file);
cryptsetup: properly parse cipher= switch
2010-11-14 04:01:29 +03:00
}
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) {
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
_cleanup_strv_free_ char **passwords = NULL;
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
if (!key_file) {
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
k = get_password(argv[2], argv[3], until, tries == 0 && !arg_verify, &passwords);
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
if (k == -EAGAIN)
continue;
else if (k < 0)
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
goto finish;
}
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (streq_ptr(arg_type, CRYPT_TCRYPT))
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
k = attach_tcrypt(cd, argv[2], key_file, passwords, flags);
else
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
k = attach_luks_or_plain(cd,
argv[2],
key_file,
arg_header ? argv[3] : NULL,
passwords,
flags);
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
strv_erase(passwords);
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
if (k >= 0)
break;
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
else if (k == -EAGAIN) {
key_file = NULL;
continue;
} else if (k != -EPERM) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 15:19:16 +03:00
log_error_errno(k, "Failed to activate: %m");
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
goto finish;
}
log_warning("Invalid passphrase.");
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
}
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_tries != 0 && tries >= arg_tries) {
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
log_error("Too many attempts; giving up.");
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
r = EXIT_FAILURE;
clang: fix some issues found with clang-analyzer
2011-01-22 04:18:59 +03:00
goto finish;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
}
} else if (streq(argv[1], "detach")) {
int k;
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
k = crypt_init_by_name(&cd, argv[2]);
if (k) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 15:19:16 +03:00
log_error_errno(k, "crypt_init() failed: %m");
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
goto finish;
}
crypt_set_log_callback(cd, log_glue, NULL);
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
k = crypt_deactivate(cd, argv[2]);
if (k < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 15:19:16 +03:00
log_error_errno(k, "Failed to deactivate: %m");
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
goto finish;
}
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
} else {
log_error("Unknown verb %s.", argv[1]);
goto finish;
}
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
r = EXIT_SUCCESS;
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
finish:
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
if (cd)
crypt_free(cd);
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
free(arg_cipher);
free(arg_hash);
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
free(arg_header);
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
strv_free(arg_tcrypt_keyfiles);
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
return r;
}
Copy Permalink