shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-06 08:26:52 +03:00
Code
206a29b2e1
systemd/src/cryptsetup/cryptsetup.c

761 lines
27 KiB
C
Raw Normal View History

Add SPDX license identifiers to source files under the LGPL This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
2017-11-18 19:09:20 +03:00
/* SPDX-License-Identifier: LGPL-2.1+ */
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
#include <errno.h>
util-lib: split our string related calls from util.[ch] into its own file string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
2015-10-24 23:58:24 +03:00
#include <mntent.h>
#include <sys/mman.h>
headers: remove unneeded includes from util.h This means we need to include many more headers in various files that simply included util.h before, but it seems cleaner to do it this way.
2019-03-27 13:32:41 +03:00
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
util: split out escaping code into escape.[ch] This really deserves its own file, given how much code this is now.
2015-10-23 19:52:53 +03:00
#include "sd-device.h"
util-lib: split out allocation calls into alloc-util.[ch]
2015-10-27 05:01:06 +03:00
#include "alloc-util.h"
util: split out escaping code into escape.[ch] This really deserves its own file, given how much code this is now.
2015-10-23 19:52:53 +03:00
#include "ask-password-api.h"
util-lib: add cleanup function for crypt_free
2017-11-02 11:16:47 +03:00
#include "crypt-util.h"
util: split out escaping code into escape.[ch] This really deserves its own file, given how much code this is now.
2015-10-23 19:52:53 +03:00
#include "device-util.h"
#include "escape.h"
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
#include "fileio.h"
Allow overriding /etc/fstab with $SYSTEMD_FSTAB
2019-11-13 19:36:46 +03:00
#include "fstab-util.h"
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
#include "log.h"
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
#include "main-func.h"
util-lib: move mount related utility calls to mount-util.[ch]
2015-10-26 20:44:13 +03:00
#include "mount-util.h"
util: split out nulstr related stuff to nulstr-util.[ch]
2019-03-14 15:14:33 +03:00
#include "nulstr-util.h"
util-lib: split string parsing related calls from util.[ch] into parse-util.[ch]
2015-10-26 18:18:16 +03:00
#include "parse-util.h"
util: split-out path-util.[ch]
2012-05-07 23:36:12 +04:00
#include "path-util.h"
util: split out nulstr related stuff to nulstr-util.[ch]
2019-03-14 15:14:33 +03:00
#include "pretty-print.h"
util-lib: split our string related calls from util.[ch] into its own file string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
2015-10-24 23:58:24 +03:00
#include "string-util.h"
ask-password: supported plymouth cached passwords
2011-02-23 03:12:07 +03:00
#include "strv.h"
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
cryptsetup: support LUKS2 on-disk format Allow cryptsetup utility to activate LUKS2 devices (with appropriate libcryptsetup) The change itself doesn't enforce new libcryptsetup 2.x and is backward compatible with versions 1.x
2017-10-12 13:57:25 +03:00
/* internal helper */
#define ANY_LUKS "LUKS"
cryptsetup: add support for sector-size= option (#9936) Bug-Ubuntu: https://launchpad.net/bugs/1776626 Closes #8881.
2018-08-29 17:38:09 +03:00
/* as in src/cryptsetup.h */
#define CRYPT_SECTOR_SIZE 512
#define CRYPT_MAX_SECTOR_SIZE 4096
cryptsetup: support LUKS2 on-disk format Allow cryptsetup utility to activate LUKS2 devices (with appropriate libcryptsetup) The change itself doesn't enforce new libcryptsetup 2.x and is backward compatible with versions 1.x
2017-10-12 13:57:25 +03:00
static const char *arg_type = NULL; /* ANY_LUKS, CRYPT_LUKS1, CRYPT_LUKS2, CRYPT_TCRYPT or CRYPT_PLAIN */
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
static char *arg_cipher = NULL;
static unsigned arg_key_size = 0;
cryptsetup: add support for sector-size= option (#9936) Bug-Ubuntu: https://launchpad.net/bugs/1776626 Closes #8881.
2018-08-29 17:38:09 +03:00
static unsigned arg_sector_size = CRYPT_SECTOR_SIZE;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
static int arg_key_slot = CRYPT_ANY_SLOT;
static unsigned arg_keyfile_size = 0;
cryptsetup: use uint64_t for keyfile-offset= (#7689) On 32bit, refuse large offsets. Once https://gitlab.com/cryptsetup/cryptsetup/issues/359 is resolved, we should switch to the new api, whatever it is. Fixes #7677.
2017-12-19 10:51:12 +03:00
static uint64_t arg_keyfile_offset = 0;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
static char *arg_hash = NULL;
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
static char *arg_header = NULL;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
static unsigned arg_tries = 3;
static bool arg_readonly = false;
static bool arg_verify = false;
static bool arg_discards = false;
cryptsetup: add same-cpu-crypt and submit-from-crypt-cpus options Closes #11946.
2019-03-11 08:04:06 +03:00
static bool arg_same_cpu_crypt = false;
static bool arg_submit_from_crypt_cpus = false;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
static bool arg_tcrypt_hidden = false;
static bool arg_tcrypt_system = false;
Implement VeraCrypt volume handling in crypttab (#4501) This introduces a new option, `tcrypt-veracrypt`, that sets the corresponding VeraCrypt flag in the flags passed to cryptsetup.
2016-10-30 17:25:31 +03:00
static bool arg_tcrypt_veracrypt = false;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
static char **arg_tcrypt_keyfiles = NULL;
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
static uint64_t arg_offset = 0;
static uint64_t arg_skip = 0;
cryptsetup: fix infinite timeout (#6486) 0004f698d causes `arg_timeout` to be infinity instead of 0 when timeout=0. The logic here now matches this change. Fixes #6381
2017-07-31 09:19:16 +03:00
static usec_t arg_timeout = USEC_INFINITY;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
STATIC_DESTRUCTOR_REGISTER(arg_cipher, freep);
STATIC_DESTRUCTOR_REGISTER(arg_hash, freep);
STATIC_DESTRUCTOR_REGISTER(arg_header, freep);
STATIC_DESTRUCTOR_REGISTER(arg_tcrypt_keyfiles, strv_freep);
cryptsetup: handle password=none properly
2010-11-14 04:08:31 +03:00
/* Options Debian's crypttab knows we don't:
precheck=
check=
checkargs=
noearly=
loud=
keyscript=
*/
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
static int parse_one_option(const char *option) {
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
const char *val;
int r;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
assert(option);
/* Handled outside of this tool */
cryptsetup: add keyfile-timeout to allow a keydev timeout and allow to fallback to a password if it fails.
2019-07-16 14:06:16 +03:00
if (STR_IN_SET(option, "noauto", "auto", "nofail", "fail", "_netdev", "keyfile-timeout"))
return 0;
if (startswith(option, "keyfile-timeout="))
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
return 0;
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
if ((val = startswith(option, "cipher="))) {
r = free_and_strdup(&arg_cipher, val);
if (r < 0)
cryptsetup: fix OOM handling when parsing mount options
2013-10-02 21:36:28 +04:00
return log_oom();
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "size="))) {
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
r = safe_atou(val, &arg_key_size);
if (r < 0) {
log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
return 0;
}
Fix keysize handling in cryptsetup (bits vs. bytes) The command line key-size is in bits but the libcryptsetup API expects bytes. Note that the modulo 8 check is in the original cryptsetup binary as well, so it's no new limitation. (v2: changed the point at which the /= 8 is performed, rebased, removed tabs)
2014-03-25 14:05:28 +04:00
if (arg_key_size % 8) {
log_error("size= not a multiple of 8, ignoring.");
return 0;
}
arg_key_size /= 8;
cryptsetup: add support for sector-size= option (#9936) Bug-Ubuntu: https://launchpad.net/bugs/1776626 Closes #8881.
2018-08-29 17:38:09 +03:00
} else if ((val = startswith(option, "sector-size="))) {
r = safe_atou(val, &arg_sector_size);
if (r < 0) {
log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
return 0;
}
if (arg_sector_size % 2) {
log_error("sector-size= not a multiple of 2, ignoring.");
return 0;
}
if (arg_sector_size < CRYPT_SECTOR_SIZE || arg_sector_size > CRYPT_MAX_SECTOR_SIZE) {
log_error("sector-size= is outside of %u and %u, ignoring.", CRYPT_SECTOR_SIZE, CRYPT_MAX_SECTOR_SIZE);
return 0;
}
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "key-slot="))) {
cryptsetup: Support key-slot option Debian recently introduced the option key-slot to /etc/crypttab to specify the LUKS key slot to be used for decrypting the device. On systems where a keyfile is used and the key is not in the first slot, this can speed up the boot process quite a bit, since cryptsetup does not need to try all of the slots sequentially. (Unsuccessfully testing a key slot typically takes up to about 1 second.) This patch makes systemd aware of this option. Debian bug that introduced the feature: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704470
2014-01-26 15:02:49 +04:00
cryptsetup: support LUKS2 on-disk format Allow cryptsetup utility to activate LUKS2 devices (with appropriate libcryptsetup) The change itself doesn't enforce new libcryptsetup 2.x and is backward compatible with versions 1.x
2017-10-12 13:57:25 +03:00
arg_type = ANY_LUKS;
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
r = safe_atoi(val, &arg_key_slot);
if (r < 0) {
log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
cryptsetup: Support key-slot option Debian recently introduced the option key-slot to /etc/crypttab to specify the LUKS key slot to be used for decrypting the device. On systems where a keyfile is used and the key is not in the first slot, this can speed up the boot process quite a bit, since cryptsetup does not need to try all of the slots sequentially. (Unsuccessfully testing a key slot typically takes up to about 1 second.) This patch makes systemd aware of this option. Debian bug that introduced the feature: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704470
2014-01-26 15:02:49 +04:00
return 0;
}
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "tcrypt-keyfile="))) {
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
arg_type = CRYPT_TCRYPT;
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
if (path_is_absolute(val)) {
if (strv_extend(&arg_tcrypt_keyfiles, val) < 0)
cryptsetup: fix OOM handling when parsing mount options
2013-10-02 21:36:28 +04:00
return log_oom();
} else
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
log_error("Key file path \"%s\" is not absolute. Ignoring.", val);
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "keyfile-size="))) {
cryptsetup: add keyfile-size= support This is useful e.g. if the keyfile is a raw device, where only parts of it should be read. It is typically used whenever the keyfile-offset= option is specified. Tested-by: Erik Westrup <erik.westrup@gmail.com>
2012-08-03 14:47:24 +04:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
r = safe_atou(val, &arg_keyfile_size);
if (r < 0) {
log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
cryptsetup: add keyfile-size= support This is useful e.g. if the keyfile is a raw device, where only parts of it should be read. It is typically used whenever the keyfile-offset= option is specified. Tested-by: Erik Westrup <erik.westrup@gmail.com>
2012-08-03 14:47:24 +04:00
return 0;
}
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "keyfile-offset="))) {
cryptsetup: add keyfile-offset= support This is useful if your keyfile is a block device, and you want to use a specific part of it, such as an area between the MBR and the first partition. This feature is documented in the Arch wiki[0], and has been supported by the Arch initscripts, so would be nice to get this into systemd. This requires libcryptsetup >= 1.4.2 (released 12.4.2012). Acked-by: Paul Menzel <paulepanter@users.sourceforge.net> [0]: <https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS# Storing_the_key_between_MBR_and_1st_partition>
2012-06-29 16:36:37 +04:00
cryptsetup: bump minimum libcryptsetup version to v2.0.1 libcryptsetup v2.0.1 introduced new API calls, supporting 64 bit wide integers for `keyfile_offset`. This change invokes the new function call, gets rid of the warning that was added in #7689, and removes redundant #ifdefery and constant definitions. See https://gitlab.com/cryptsetup/cryptsetup/issues/359. Fixes #7677.
2019-09-26 16:54:29 +03:00
r = safe_atou64(val, &arg_keyfile_offset);
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
if (r < 0) {
log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
cryptsetup: add keyfile-offset= support This is useful if your keyfile is a block device, and you want to use a specific part of it, such as an area between the MBR and the first partition. This feature is documented in the Arch wiki[0], and has been supported by the Arch initscripts, so would be nice to get this into systemd. This requires libcryptsetup >= 1.4.2 (released 12.4.2012). Acked-by: Paul Menzel <paulepanter@users.sourceforge.net> [0]: <https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS# Storing_the_key_between_MBR_and_1st_partition>
2012-06-29 16:36:37 +04:00
return 0;
}
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "hash="))) {
r = free_and_strdup(&arg_hash, val);
if (r < 0)
cryptsetup: fix OOM handling when parsing mount options
2013-10-02 21:36:28 +04:00
return log_oom();
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "header="))) {
cryptsetup: support LUKS2 on-disk format Allow cryptsetup utility to activate LUKS2 devices (with appropriate libcryptsetup) The change itself doesn't enforce new libcryptsetup 2.x and is backward compatible with versions 1.x
2017-10-12 13:57:25 +03:00
arg_type = ANY_LUKS;
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-21 01:40:44 +03:00
if (!path_is_absolute(val))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Header path \"%s\" is not absolute, refusing.", val);
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-21 01:40:44 +03:00
if (arg_header)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Duplicate header= option, refusing.");
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
arg_header = strdup(val);
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
if (!arg_header)
return log_oom();
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "tries="))) {
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
r = safe_atou(val, &arg_tries);
if (r < 0) {
log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
return 0;
}
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
} else if (STR_IN_SET(option, "readonly", "read-only"))
arg_readonly = true;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
else if (streq(option, "verify"))
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
arg_verify = true;
else if (STR_IN_SET(option, "allow-discards", "discard"))
arg_discards = true;
cryptsetup: add same-cpu-crypt and submit-from-crypt-cpus options Closes #11946.
2019-03-11 08:04:06 +03:00
else if (streq(option, "same-cpu-crypt"))
arg_same_cpu_crypt = true;
else if (streq(option, "submit-from-crypt-cpus"))
arg_submit_from_crypt_cpus = true;
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
else if (streq(option, "luks"))
cryptsetup: support LUKS2 on-disk format Allow cryptsetup utility to activate LUKS2 devices (with appropriate libcryptsetup) The change itself doesn't enforce new libcryptsetup 2.x and is backward compatible with versions 1.x
2017-10-12 13:57:25 +03:00
arg_type = ANY_LUKS;
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
else if (streq(option, "tcrypt"))
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
arg_type = CRYPT_TCRYPT;
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
else if (streq(option, "tcrypt-hidden")) {
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
arg_type = CRYPT_TCRYPT;
arg_tcrypt_hidden = true;
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
} else if (streq(option, "tcrypt-system")) {
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
arg_type = CRYPT_TCRYPT;
arg_tcrypt_system = true;
Implement VeraCrypt volume handling in crypttab (#4501) This introduces a new option, `tcrypt-veracrypt`, that sets the corresponding VeraCrypt flag in the flags passed to cryptsetup.
2016-10-30 17:25:31 +03:00
} else if (streq(option, "tcrypt-veracrypt")) {
arg_type = CRYPT_TCRYPT;
arg_tcrypt_veracrypt = true;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
} else if (STR_IN_SET(option, "plain", "swap", "tmp"))
arg_type = CRYPT_PLAIN;
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
else if ((val = startswith(option, "timeout="))) {
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
Parse "timeout=0" as infinity in various generators (#6264) This extends 2d79a0bbb9f651656384a0a86ed814e6306fb5dd to the kernel command line parsing. The parsing is changed a bit to only understand "0" as infinity. If units are specified, parse normally, e.g. "0s" is just 0. This makes it possible to provide a zero timeout if necessary. Simple test is added. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1462378.
2017-07-03 15:29:32 +03:00
r = parse_sec_fix_0(val, &arg_timeout);
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
if (r < 0) {
log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
return 0;
}
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "offset="))) {
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
r = safe_atou64(val, &arg_offset);
if (r < 0)
return log_error_errno(r, "Failed to parse %s: %m", option);
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "skip="))) {
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
r = safe_atou64(val, &arg_skip);
if (r < 0)
return log_error_errno(r, "Failed to parse %s: %m", option);
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
cryptsetup: use STR_IN_SET() where appropriate Note that this slightly changes behaviour: "none" is only allowed as option, if it's the only option specified, but not in combination with other options. I think this makes more sense, since it's the choice when no options shall be specified.
2019-08-21 11:45:42 +03:00
} else
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
log_warning("Encountered unknown /etc/crypttab option '%s', ignoring.", option);
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
return 0;
}
static int parse_options(const char *options) {
Reject invalid quoted strings String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-30 06:01:36 +04:00
const char *word, *state;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
size_t l;
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
int r;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
assert(options);
Reject invalid quoted strings String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-30 06:01:36 +04:00
FOREACH_WORD_SEPARATOR(word, l, options, ",", state) {
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
_cleanup_free_ char *o;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
Reject invalid quoted strings String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-30 06:01:36 +04:00
o = strndup(word, l);
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
if (!o)
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
return -ENOMEM;
r = parse_one_option(o);
if (r < 0)
return r;
}
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
/* sanity-check options */
cryptsetup: minor coding style clean-ups
2019-08-21 11:40:04 +03:00
if (arg_type && !streq(arg_type, CRYPT_PLAIN)) {
if (arg_offset != 0)
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
log_warning("offset= ignored with type %s", arg_type);
cryptsetup: minor coding style clean-ups
2019-08-21 11:40:04 +03:00
if (arg_skip != 0)
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
log_warning("skip= ignored with type %s", arg_type);
}
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
return 0;
}
Introduce udev object cleanup functions
2013-10-13 04:28:21 +04:00
static char* disk_description(const char *path) {
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
static const char name_fields[] =
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
"ID_PART_ENTRY_NAME\0"
"DM_NAME\0"
"ID_MODEL_FROM_DATABASE\0"
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
"ID_MODEL\0";
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.
2015-11-27 21:13:45 +03:00
_cleanup_(sd_device_unrefp) sd_device *device = NULL;
tree-wide: do not assign unused return values
2018-09-01 17:12:47 +03:00
const char *i, *name;
cryptsetup: show udev device name when asking for password
2010-11-19 01:34:42 +03:00
struct stat st;
assert(path);
if (stat(path, &st) < 0)
return NULL;
if (!S_ISBLK(st.st_mode))
return NULL;
tree-wide: do not assign unused return values
2018-09-01 17:12:47 +03:00
if (sd_device_new_from_devnum(&device, 'b', st.st_rdev) < 0)
Introduce udev object cleanup functions
2013-10-13 04:28:21 +04:00
return NULL;
cryptsetup: show udev device name when asking for password
2010-11-19 01:34:42 +03:00
tree-wide: do not assign unused return values
2018-09-01 17:12:47 +03:00
NULSTR_FOREACH(i, name_fields)
if (sd_device_get_property_value(device, i, &name) >= 0 &&
!isempty(name))
Introduce udev object cleanup functions
2013-10-13 04:28:21 +04:00
return strdup(name);
cryptsetup: show udev device name when asking for password
2010-11-19 01:34:42 +03:00
Introduce udev object cleanup functions
2013-10-13 04:28:21 +04:00
return NULL;
cryptsetup: show udev device name when asking for password
2010-11-19 01:34:42 +03:00
}
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
static char *disk_mount_point(const char *label) {
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
_cleanup_free_ char *device = NULL;
Introduce _cleanup_endmntent_
2013-10-04 06:13:55 +04:00
_cleanup_endmntent_ FILE *f = NULL;
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
struct mntent *m;
/* Yeah, we don't support native systemd unit files here for now */
if (asprintf(&device, "/dev/mapper/%s", label) < 0)
Introduce _cleanup_endmntent_
2013-10-04 06:13:55 +04:00
return NULL;
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
Allow overriding /etc/fstab with $SYSTEMD_FSTAB
2019-11-13 19:36:46 +03:00
f = setmntent(fstab_path(), "re");
mount: don't fail if fstab doesn't exist
2012-04-22 17:33:43 +04:00
if (!f)
Introduce _cleanup_endmntent_
2013-10-04 06:13:55 +04:00
return NULL;
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
while ((m = getmntent(f)))
Introduce _cleanup_endmntent_
2013-10-04 06:13:55 +04:00
if (path_equal(m->mnt_fsname, device))
return strdup(m->mnt_dir);
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
Introduce _cleanup_endmntent_
2013-10-04 06:13:55 +04:00
return NULL;
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
}
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
static int get_password(const char *vol, const char *src, usec_t until, bool accept_cached, char ***ret) {
cryptsetup: use more descriptive name for the variable and drop redundant function Let's rename escaped_name to disk_path since this is an actual content that pointer refers to. It is either path to encrypted block device or path to encrypted image file. Also drop redundant function disk_major_minor(). src is always set, and it always points to either encrypted block device path (or symlink to such device) or to encrypted image. In case it is set to device path there is no need to reset it to /dev/block/major:minor symlink since those paths are equivalent.
2017-12-12 22:00:31 +03:00
_cleanup_free_ char *description = NULL, *name_buffer = NULL, *mount_point = NULL, *text = NULL, *disk_path = NULL;
strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_
2015-10-15 17:02:35 +03:00
_cleanup_strv_free_erase_ char **passwords = NULL;
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
const char *name = NULL;
ask-password: add support for caching passwords in the kernel keyring This adds support for caching harddisk passwords in the kernel keyring if it is available, thus supporting caching without Plymouth being around. This is also useful for hooking up "gdm-auto-login" with the collected boot-time harddisk password, in order to support gnome keyring passphrase unlocking via the HDD password, if it is the same. Any passwords added to the kernel keyring this way have a timeout of 2.5min at which time they are purged from the kernel.
2015-10-07 12:26:10 +03:00
char **p, *id;
int r = 0;
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
assert(vol);
assert(src);
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
assert(ret);
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
description = disk_description(src);
mount_point = disk_mount_point(vol);
cryptsetup: use more descriptive name for the variable and drop redundant function Let's rename escaped_name to disk_path since this is an actual content that pointer refers to. It is either path to encrypted block device or path to encrypted image file. Also drop redundant function disk_major_minor(). src is always set, and it always points to either encrypted block device path (or symlink to such device) or to encrypted image. In case it is set to device path there is no need to reset it to /dev/block/major:minor symlink since those paths are equivalent.
2017-12-12 22:00:31 +03:00
disk_path = cescape(src);
if (!disk_path)
return log_oom();
tree-wide: drop {} from one-line if blocks Patch via coccinelle.
2015-09-09 00:03:38 +03:00
if (description && streq(vol, description))
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
/* If the description string is simply the
* volume name, then let's not show this
* twice */
tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-31 20:56:38 +03:00
description = mfree(description);
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
if (mount_point && description)
r = asprintf(&name_buffer, "%s (%s) on %s", description, vol, mount_point);
else if (mount_point)
r = asprintf(&name_buffer, "%s on %s", vol, mount_point);
else if (description)
r = asprintf(&name_buffer, "%s (%s)", description, vol);
if (r < 0)
return log_oom();
name = name_buffer ? name_buffer : vol;
More polite passphrase prompt Instead of Please enter passphrase for disk <disk-name>! use Please enter passphrase for disk <disk-name>: which is more polite and matches Plymouth convention.
2018-10-09 17:13:34 +03:00
if (asprintf(&text, "Please enter passphrase for disk %s:", name) < 0)
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
return log_oom();
cryptsetup: use more descriptive name for the variable and drop redundant function Let's rename escaped_name to disk_path since this is an actual content that pointer refers to. It is either path to encrypted block device or path to encrypted image file. Also drop redundant function disk_major_minor(). src is always set, and it always points to either encrypted block device path (or symlink to such device) or to encrypted image. In case it is set to device path there is no need to reset it to /dev/block/major:minor symlink since those paths are equivalent.
2017-12-12 22:00:31 +03:00
id = strjoina("cryptsetup:", disk_path);
Add more password agent information Add an (optional) "Id" key in the password agent .ask files. The Id is supposed to be a simple string in "<subsystem>:<target>" form which is used to provide more information on what the requested passphrase is to be used for (which e.g. allows an agent to only react to cryptsetup requests). (v2: rebased, fixed indentation, escape name, use strappenda)
2014-03-25 14:05:23 +04:00
strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_
2015-10-15 17:02:35 +03:00
r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", until,
ASK_PASSWORD_PUSH_CACHE | (accept_cached*ASK_PASSWORD_ACCEPT_CACHED),
&passwords);
treewide: more log_*_errno + return simplifications
2014-11-28 20:23:20 +03:00
if (r < 0)
return log_error_errno(r, "Failed to query password: %m");
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_verify) {
strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_
2015-10-15 17:02:35 +03:00
_cleanup_strv_free_erase_ char **passwords2 = NULL;
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
assert(strv_length(passwords) == 1);
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
More polite passphrase prompt Instead of Please enter passphrase for disk <disk-name>! use Please enter passphrase for disk <disk-name>: which is more polite and matches Plymouth convention.
2018-10-09 17:13:34 +03:00
if (asprintf(&text, "Please enter passphrase for disk %s (verification):", name) < 0)
strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_
2015-10-15 17:02:35 +03:00
return log_oom();
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
cryptsetup: use more descriptive name for the variable and drop redundant function Let's rename escaped_name to disk_path since this is an actual content that pointer refers to. It is either path to encrypted block device or path to encrypted image file. Also drop redundant function disk_major_minor(). src is always set, and it always points to either encrypted block device path (or symlink to such device) or to encrypted image. In case it is set to device path there is no need to reset it to /dev/block/major:minor symlink since those paths are equivalent.
2017-12-12 22:00:31 +03:00
id = strjoina("cryptsetup-verification:", disk_path);
Add more password agent information Add an (optional) "Id" key in the password agent .ask files. The Id is supposed to be a simple string in "<subsystem>:<target>" form which is used to provide more information on what the requested passphrase is to be used for (which e.g. allows an agent to only react to cryptsetup requests). (v2: rebased, fixed indentation, escape name, use strappenda)
2014-03-25 14:05:23 +04:00
ask-password: add support for caching passwords in the kernel keyring This adds support for caching harddisk passwords in the kernel keyring if it is available, thus supporting caching without Plymouth being around. This is also useful for hooking up "gdm-auto-login" with the collected boot-time harddisk password, in order to support gnome keyring passphrase unlocking via the HDD password, if it is the same. Any passwords added to the kernel keyring this way have a timeout of 2.5min at which time they are purged from the kernel.
2015-10-07 12:26:10 +03:00
r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", until, ASK_PASSWORD_PUSH_CACHE, &passwords2);
strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_
2015-10-15 17:02:35 +03:00
if (r < 0)
return log_error_errno(r, "Failed to query verification password: %m");
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
assert(strv_length(passwords2) == 1);
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
if (!streq(passwords[0], passwords2[0])) {
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
log_warning("Passwords did not match, retrying.");
strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_
2015-10-15 17:02:35 +03:00
return -EAGAIN;
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
}
}
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
strv_uniq(passwords);
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
STRV_FOREACH(p, passwords) {
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
char *c;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (strlen(*p)+1 >= arg_key_size)
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
continue;
/* Pad password if necessary */
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
c = new(char, arg_key_size);
strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_
2015-10-15 17:02:35 +03:00
if (!c)
return log_oom();
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
strncpy(c, *p, arg_key_size);
cryptsetup: use free_and_replace() where appropriate
2019-01-21 22:01:38 +03:00
free_and_replace(*p, c);
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
}
macro: introduce TAKE_PTR() macro This macro will read a pointer of any type, return it, and set the pointer to NULL. This is useful as an explicit concept of passing ownership of a memory area between pointers. This takes inspiration from Rust: https://doc.rust-lang.org/std/option/enum.Option.html#method.take and was suggested by Alan Jenkins (@sourcejedi). It drops ~160 lines of code from our codebase, which makes me like it. Also, I think it clarifies passing of ownership, and thus helps readability a bit (at least for the initiated who know the new macro)
2018-03-22 18:53:26 +03:00
*ret = TAKE_PTR(passwords);
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_
2015-10-15 17:02:35 +03:00
return 0;
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
}
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
static int attach_tcrypt(
struct crypt_device *cd,
const char *name,
const char *key_file,
char **passwords,
uint32_t flags) {
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
int r = 0;
_cleanup_free_ char *passphrase = NULL;
struct crypt_params_tcrypt params = {
.flags = CRYPT_TCRYPT_LEGACY_MODES,
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
.keyfiles = (const char **)arg_tcrypt_keyfiles,
.keyfiles_count = strv_length(arg_tcrypt_keyfiles)
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
};
assert(cd);
assert(name);
cryptsetup: check that password is not null Beef up the assert to protect against passing null to strlen. Found with scan-build.
2014-06-13 00:50:04 +04:00
assert(key_file || (passwords && passwords[0]));
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_tcrypt_hidden)
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
params.flags |= CRYPT_TCRYPT_HIDDEN_HEADER;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_tcrypt_system)
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
params.flags |= CRYPT_TCRYPT_SYSTEM_HEADER;
Implement VeraCrypt volume handling in crypttab (#4501) This introduces a new option, `tcrypt-veracrypt`, that sets the corresponding VeraCrypt flag in the flags passed to cryptsetup.
2016-10-30 17:25:31 +03:00
if (arg_tcrypt_veracrypt)
params.flags |= CRYPT_TCRYPT_VERA_MODES;
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
if (key_file) {
r = read_one_line_file(key_file, &passphrase);
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 15:19:16 +03:00
log_error_errno(r, "Failed to read password file '%s': %m", key_file);
cryptsetup: add some commenting about EAGAIN generation
2019-01-21 22:13:11 +03:00
return -EAGAIN; /* log with the actual error, but return EAGAIN */
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
}
params.passphrase = passphrase;
} else
params.passphrase = passwords[0];
params.passphrase_size = strlen(params.passphrase);
r = crypt_load(cd, CRYPT_TCRYPT, &params);
if (r < 0) {
cryptsetup: rework how we log about activation failures First of all let's always log where the errors happen, and not in an upper stackframe, in all cases. Previously we'd do this somethis one way and sometimes another, which resulted in sometimes duplicate logging and sometimes none. When we cannot activate something due to bad password the kernel gives us EPERM. Let's uniformly return this EAGAIN, so tha the next password is tried. (previously this was done in most cases but not in all) When we get EPERM let's also explicitly indicate that this probably means the password is simply wrong. Fixes: #11498
2019-01-21 22:19:11 +03:00
if (key_file && r == -EPERM) {
log_error_errno(r, "Failed to activate using password file '%s'. (Key data not correct?)", key_file);
return -EAGAIN; /* log the actual error, but return EAGAIN */
}
return log_error_errno(r, "Failed to load tcrypt superblock on device %s: %m", crypt_get_device_name(cd));
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
}
cryptsetup: rework how we log about activation failures First of all let's always log where the errors happen, and not in an upper stackframe, in all cases. Previously we'd do this somethis one way and sometimes another, which resulted in sometimes duplicate logging and sometimes none. When we cannot activate something due to bad password the kernel gives us EPERM. Let's uniformly return this EAGAIN, so tha the next password is tried. (previously this was done in most cases but not in all) When we get EPERM let's also explicitly indicate that this probably means the password is simply wrong. Fixes: #11498
2019-01-21 22:19:11 +03:00
r = crypt_activate_by_volume_key(cd, name, NULL, 0, flags);
if (r < 0)
return log_error_errno(r, "Failed to activate tcrypt device %s: %m", crypt_get_device_name(cd));
return 0;
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
}
cryptsetup: minor coding style clean-ups
2019-08-21 11:40:04 +03:00
static int attach_luks_or_plain(
struct crypt_device *cd,
const char *name,
const char *key_file,
char **passwords,
uint32_t flags) {
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
int r = 0;
bool pass_volume_key = false;
assert(cd);
assert(name);
assert(key_file || passwords);
cryptsetup: Do not fallback to PLAIN mapping if LUKS data device set fails. If crypt_load() for LUKS succeeds, we know that it is a LUKS device. Failure of data device setting should fail in this case; remapping as a PLAIN device late could mean data corruption. (If a user wants to map PLAIN device over a device with LUKS header, it should be said explicitly with "plain" argument type.) Also, if there is no explicit PLAIN type requested and crypt device is already initialized (crypt_data_type() is set), do not run the initialization again.
2019-05-27 10:27:54 +03:00
if ((!arg_type && !crypt_get_type(cd)) || streq_ptr(arg_type, CRYPT_PLAIN)) {
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
struct crypt_params_plain params = {
.offset = arg_offset,
.skip = arg_skip,
cryptsetup: add support for sector-size= option (#9936) Bug-Ubuntu: https://launchpad.net/bugs/1776626 Closes #8881.
2018-08-29 17:38:09 +03:00
.sector_size = arg_sector_size,
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
};
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
const char *cipher, *cipher_mode;
_cleanup_free_ char *truncated_cipher = NULL;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_hash) {
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
/* plain isn't a real hash type. it just means "use no hash" */
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (!streq(arg_hash, "plain"))
params.hash = arg_hash;
cryptsetup: default to no hash when keyfile is specified For plain dm-crypt devices, the behavior of cryptsetup package is to ignore the hash algorithm when a key file is provided. It seems wrong to ignore a hash when it is explicitly specified, but we should default to no hash if the keyfile is specified. https://bugs.freedesktop.org/show_bug.cgi?id=52630
2014-11-24 17:11:12 +03:00
} else if (!key_file)
/* for CRYPT_PLAIN, the behaviour of cryptsetup
* package is to not hash when a key file is provided */
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
params.hash = "ripemd160";
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_cipher) {
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
size_t l;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
l = strcspn(arg_cipher, "-");
truncated_cipher = strndup(arg_cipher, l);
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
if (!truncated_cipher)
return log_oom();
cipher = truncated_cipher;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
cipher_mode = arg_cipher[l] ? arg_cipher+l+1 : "plain";
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
} else {
cipher = "aes";
cipher_mode = "cbc-essiv:sha256";
}
cryptsetup: don't line-break so aggressively
2019-01-21 22:14:42 +03:00
/* for CRYPT_PLAIN limit reads from keyfile to key length, and ignore keyfile-size */
Fix keysize handling in cryptsetup (bits vs. bytes) The command line key-size is in bits but the libcryptsetup API expects bytes. Note that the modulo 8 check is in the original cryptsetup binary as well, so it's no new limitation. (v2: changed the point at which the /= 8 is performed, rebased, removed tabs)
2014-03-25 14:05:28 +04:00
arg_keyfile_size = arg_key_size;
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
cryptsetup: comment: crypt_setup → crypt_format
2019-06-27 10:38:30 +03:00
/* In contrast to what the name crypt_format() might suggest this doesn't actually format
cryptsetup: don't line-break so aggressively
2019-01-21 22:14:42 +03:00
* anything, it just configures encryption parameters when used for plain mode. */
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
r = crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, arg_keyfile_size, &params);
cryptsetup: Do not fallback to PLAIN mapping if LUKS data device set fails. If crypt_load() for LUKS succeeds, we know that it is a LUKS device. Failure of data device setting should fail in this case; remapping as a PLAIN device late could mean data corruption. (If a user wants to map PLAIN device over a device with LUKS header, it should be said explicitly with "plain" argument type.) Also, if there is no explicit PLAIN type requested and crypt device is already initialized (crypt_data_type() is set), do not run the initialization again.
2019-05-27 10:27:54 +03:00
if (r < 0)
return log_error_errno(r, "Loading of cryptographic parameters failed: %m");
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
/* hash == NULL implies the user passed "plain" */
pass_volume_key = (params.hash == NULL);
}
log_info("Set cipher %s, mode %s, key size %i bits for device %s.",
crypt_get_cipher(cd),
crypt_get_cipher_mode(cd),
crypt_get_volume_key_size(cd)*8,
crypt_get_device_name(cd));
if (key_file) {
cryptsetup: bump minimum libcryptsetup version to v2.0.1 libcryptsetup v2.0.1 introduced new API calls, supporting 64 bit wide integers for `keyfile_offset`. This change invokes the new function call, gets rid of the warning that was added in #7689, and removes redundant #ifdefery and constant definitions. See https://gitlab.com/cryptsetup/cryptsetup/issues/359. Fixes #7677.
2019-09-26 16:54:29 +03:00
r = crypt_activate_by_keyfile_device_offset(cd, name, arg_key_slot, key_file, arg_keyfile_size, arg_keyfile_offset, flags);
cryptsetup: rework how we log about activation failures First of all let's always log where the errors happen, and not in an upper stackframe, in all cases. Previously we'd do this somethis one way and sometimes another, which resulted in sometimes duplicate logging and sometimes none. When we cannot activate something due to bad password the kernel gives us EPERM. Let's uniformly return this EAGAIN, so tha the next password is tried. (previously this was done in most cases but not in all) When we get EPERM let's also explicitly indicate that this probably means the password is simply wrong. Fixes: #11498
2019-01-21 22:19:11 +03:00
if (r == -EPERM) {
log_error_errno(r, "Failed to activate with key file '%s'. (Key data incorrect?)", key_file);
return -EAGAIN; /* Log actual error, but return EAGAIN */
cryptsetup: Treat key file errors as a failed password attempt 6f177c7dc092eb68762b4533d41b14244adb2a73 caused key file errors to immediately fail, which would make it hard to correct an issue due to e.g. a crypttab typo or a damaged key file. Closes #11723.
2019-02-23 08:45:03 +03:00
}
if (r == -EINVAL) {
log_error_errno(r, "Failed to activate with key file '%s'. (Key file missing?)", key_file);
return -EAGAIN; /* Log actual error, but return EAGAIN */
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
}
cryptsetup: rework how we log about activation failures First of all let's always log where the errors happen, and not in an upper stackframe, in all cases. Previously we'd do this somethis one way and sometimes another, which resulted in sometimes duplicate logging and sometimes none. When we cannot activate something due to bad password the kernel gives us EPERM. Let's uniformly return this EAGAIN, so tha the next password is tried. (previously this was done in most cases but not in all) When we get EPERM let's also explicitly indicate that this probably means the password is simply wrong. Fixes: #11498
2019-01-21 22:19:11 +03:00
if (r < 0)
return log_error_errno(r, "Failed to activate with key file '%s': %m", key_file);
cryptsetup: minor coding style clean-ups
2019-08-21 11:40:04 +03:00
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
} else {
char **p;
cryptsetup: rework how we log about activation failures First of all let's always log where the errors happen, and not in an upper stackframe, in all cases. Previously we'd do this somethis one way and sometimes another, which resulted in sometimes duplicate logging and sometimes none. When we cannot activate something due to bad password the kernel gives us EPERM. Let's uniformly return this EAGAIN, so tha the next password is tried. (previously this was done in most cases but not in all) When we get EPERM let's also explicitly indicate that this probably means the password is simply wrong. Fixes: #11498
2019-01-21 22:19:11 +03:00
r = -EINVAL;
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
STRV_FOREACH(p, passwords) {
if (pass_volume_key)
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
r = crypt_activate_by_volume_key(cd, name, *p, arg_key_size, flags);
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
else
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
r = crypt_activate_by_passphrase(cd, name, arg_key_slot, *p, strlen(*p), flags);
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
if (r >= 0)
break;
}
cryptsetup: rework how we log about activation failures First of all let's always log where the errors happen, and not in an upper stackframe, in all cases. Previously we'd do this somethis one way and sometimes another, which resulted in sometimes duplicate logging and sometimes none. When we cannot activate something due to bad password the kernel gives us EPERM. Let's uniformly return this EAGAIN, so tha the next password is tried. (previously this was done in most cases but not in all) When we get EPERM let's also explicitly indicate that this probably means the password is simply wrong. Fixes: #11498
2019-01-21 22:19:11 +03:00
if (r == -EPERM) {
log_error_errno(r, "Failed to activate with specified passphrase. (Passphrase incorrect?)");
return -EAGAIN; /* log actual error, but return EAGAIN */
}
if (r < 0)
return log_error_errno(r, "Failed to activate with specified passphrase: %m");
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
}
return r;
}
cryptsetup: add a terse help
2011-02-25 04:56:27 +03:00
static int help(void) {
tree-wide: add clickable man page link to all --help texts This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
2018-08-09 11:32:31 +03:00
_cleanup_free_ char *link = NULL;
int r;
r = terminal_urlify_man("systemd-cryptsetup@.service", "8", &link);
if (r < 0)
return log_oom();
cryptsetup: add a terse help
2011-02-25 04:56:27 +03:00
printf("%s attach VOLUME SOURCEDEVICE [PASSWORD] [OPTIONS]\n"
"%s detach VOLUME\n\n"
tree-wide: add clickable man page link to all --help texts This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
2018-08-09 11:32:31 +03:00
"Attaches or detaches an encrypted block device.\n"
"\nSee the %s for details.\n"
, program_invocation_short_name
, program_invocation_short_name
, link
);
cryptsetup: add a terse help
2011-02-25 04:56:27 +03:00
return 0;
}
cryptsetup: small refactoring
2019-03-19 23:42:21 +03:00
static uint32_t determine_flags(void) {
uint32_t flags = 0;
if (arg_readonly)
flags |= CRYPT_ACTIVATE_READONLY;
if (arg_discards)
flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
if (arg_same_cpu_crypt)
flags |= CRYPT_ACTIVATE_SAME_CPU_CRYPT;
if (arg_submit_from_crypt_cpus)
flags |= CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS;
return flags;
}
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
static int run(int argc, char *argv[]) {
util-lib: add cleanup function for crypt_free
2017-11-02 11:16:47 +03:00
_cleanup_(crypt_freep) struct crypt_device *cd = NULL;
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
int r;
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
if (argc <= 1)
return help();
cryptsetup: add a terse help
2011-02-25 04:56:27 +03:00
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
if (argc < 3) {
log_error("This program requires at least two arguments.");
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
return -EINVAL;
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
}
log: introduce new helper call log_setup_service() Let's reduce the common boilerplate and have a single setup function used by all service code to setup logging.
2018-11-20 13:18:22 +03:00
log_setup_service();
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
cryptsetup: set libcryptsetup global log callback too
2019-07-06 13:48:50 +03:00
crypt_set_log_callback(NULL, cryptsetup_log_glue, NULL);
cryptsetup: enable libcryptsetup debug logging if we want it Even if we set a log callback that would accept debug messages, libcryptsetup needs debug logging enabled explicitly for it to happen.
2019-07-06 13:51:23 +03:00
if (DEBUG_LOGGING)
/* libcryptsetup won't even consider debug messages by default */
crypt_set_debug_level(CRYPT_DEBUG_ALL);
umask: change default umask to 0022 just to be sure, and set it explicitly in all binaries, in order to make sure it is set when started from the terminal
2011-08-01 22:52:18 +04:00
umask(0022);
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
if (streq(argv[1], "attach")) {
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
uint32_t flags = 0;
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
unsigned tries;
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
usec_t until;
cryptsetup: properly parse cipher= switch
2010-11-14 04:01:29 +03:00
crypt_status_info status;
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
const char *key_file = NULL;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
/* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [PASSWORD] [OPTIONS] */
cryptsetup: modernize some log message invocations
2019-01-21 22:02:33 +03:00
if (argc < 4)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach requires at least two arguments.");
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
cryptsetup: use STR_IN_SET() where appropriate Note that this slightly changes behaviour: "none" is only allowed as option, if it's the only option specified, but not in combination with other options. I think this makes more sense, since it's the choice when no options shall be specified.
2019-08-21 11:45:42 +03:00
if (argc >= 5 && !STR_IN_SET(argv[4], "", "-", "none")) {
if (path_is_absolute(argv[4]))
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
key_file = argv[4];
cryptsetup: use STR_IN_SET() where appropriate Note that this slightly changes behaviour: "none" is only allowed as option, if it's the only option specified, but not in combination with other options. I think this makes more sense, since it's the choice when no options shall be specified.
2019-08-21 11:45:42 +03:00
else
log_warning("Password file path '%s' is not absolute. Ignoring.", argv[4]);
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
}
cryptsetup: use STR_IN_SET() where appropriate Note that this slightly changes behaviour: "none" is only allowed as option, if it's the only option specified, but not in combination with other options. I think this makes more sense, since it's the choice when no options shall be specified.
2019-08-21 11:45:42 +03:00
if (argc >= 6 && !STR_IN_SET(argv[5], "", "-", "none")) {
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
r = parse_options(argv[5]);
if (r < 0)
return r;
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
}
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
cryptsetup: lock ourselves into memory as long as we deal with passwords
2010-11-16 05:23:52 +03:00
/* A delicious drop of snake oil */
cryptsetup: minor coding style clean-ups
2019-08-21 11:40:04 +03:00
(void) mlockall(MCL_FUTURE);
cryptsetup: lock ourselves into memory as long as we deal with passwords
2010-11-16 05:23:52 +03:00
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
if (arg_header) {
log_debug("LUKS header: %s", arg_header);
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
r = crypt_init(&cd, arg_header);
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
} else
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
r = crypt_init(&cd, argv[3]);
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
if (r < 0)
return log_error_errno(r, "crypt_init() failed: %m");
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
util-lib: export cryptsetup logging glue function
2017-11-01 17:56:25 +03:00
crypt_set_log_callback(cd, cryptsetup_log_glue, NULL);
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
status = crypt_status(cd, argv[2]);
tree-wide: use IN_SET where possible In addition to the changes from #6933 this handles cases that could be matched with the included cocci file.
2017-09-29 01:37:23 +03:00
if (IN_SET(status, CRYPT_ACTIVE, CRYPT_BUSY)) {
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
log_info("Volume %s already active.", argv[2]);
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
return 0;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
}
cryptsetup: small refactoring
2019-03-19 23:42:21 +03:00
flags = determine_flags();
cryptsetup: add same-cpu-crypt and submit-from-crypt-cpus options Closes #11946.
2019-03-11 08:04:06 +03:00
cryptsetup: fix infinite timeout (#6486) 0004f698d causes `arg_timeout` to be infinity instead of 0 when timeout=0. The logic here now matches this change. Fixes #6381
2017-07-31 09:19:16 +03:00
if (arg_timeout == USEC_INFINITY)
ask-password: support passwords without timeouts
2011-04-13 23:42:46 +04:00
until = 0;
cryptsetup: fix infinite timeout (#6486) 0004f698d causes `arg_timeout` to be infinity instead of 0 when timeout=0. The logic here now matches this change. Fixes #6381
2017-07-31 09:19:16 +03:00
else
until = now(CLOCK_MONOTONIC) + arg_timeout;
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
Fix keysize handling in cryptsetup (bits vs. bytes) The command line key-size is in bits but the libcryptsetup API expects bytes. Note that the modulo 8 check is in the original cryptsetup binary as well, so it's no new limitation. (v2: changed the point at which the /= 8 is performed, rebased, removed tabs)
2014-03-25 14:05:28 +04:00
arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8));
cryptsetup: properly parse cipher= switch
2010-11-14 04:01:29 +03:00
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
if (key_file) {
struct stat st;
cryptsetup: properly parse cipher= switch
2010-11-14 04:01:29 +03:00
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
/* Ideally we'd do this on the open fd, but since this is just a
* warning it's OK to do this in two steps. */
cryptsetup: only warn on real key files Simplify the check from commit 05f73ad to only apply the warning to regular files instead of enumerating device nodes.
2015-02-02 18:53:39 +03:00
if (stat(key_file, &st) >= 0 && S_ISREG(st.st_mode) && (st.st_mode & 0005))
log_warning("Key file %s is world-readable. This is not a good idea!", key_file);
cryptsetup: properly parse cipher= switch
2010-11-14 04:01:29 +03:00
}
cryptsetup: call crypt_load() for LUKS only once The crypt_load() for LUKS2 can read a quite big area of disk (metadata area size is configurable and can increase up to megabytes). This initialization is not needed to be repeated, just use the existing context. (This patch is also required for the following change.)
2019-05-27 10:43:03 +03:00
if (!arg_type || STR_IN_SET(arg_type, ANY_LUKS, CRYPT_LUKS1)) {
r = crypt_load(cd, CRYPT_LUKS, NULL);
if (r < 0)
return log_error_errno(r, "Failed to load LUKS superblock on device %s: %m", crypt_get_device_name(cd));
if (arg_header) {
r = crypt_set_data_device(cd, argv[3]);
if (r < 0)
return log_error_errno(r, "Failed to set LUKS data device %s: %m", argv[3]);
}
cryptsetup: bump minimum libcryptsetup version to v2.0.1 libcryptsetup v2.0.1 introduced new API calls, supporting 64 bit wide integers for `keyfile_offset`. This change invokes the new function call, gets rid of the warning that was added in #7689, and removes redundant #ifdefery and constant definitions. See https://gitlab.com/cryptsetup/cryptsetup/issues/359. Fixes #7677.
2019-09-26 16:54:29 +03:00
cryptsetup: Add LUKS2 token support. LUKS2 supports so-called tokens. The libcryptsetup internally support keyring token (it tries to open device using specified keyring entry). Only if all token fails (or are not available), it uses a passphrase. This patch aligns the functionality with the cryptsetup utility (cryptsetup luksOpen tries tokens first) but does not replace the systemd native ask-password function (can be used the same in combination with this patch).
2019-05-27 10:44:14 +03:00
/* Tokens are available in LUKS2 only, but it is ok to call (and fail) with LUKS1. */
if (!key_file) {
r = crypt_activate_by_token(cd, argv[2], CRYPT_ANY_TOKEN, NULL, flags);
if (r >= 0) {
log_debug("Volume %s activated with LUKS token id %i.", argv[2], r);
return 0;
}
log_debug_errno(r, "Token activation unsuccessful for device %s: %m", crypt_get_device_name(cd));
}
cryptsetup: call crypt_load() for LUKS only once The crypt_load() for LUKS2 can read a quite big area of disk (metadata area size is configurable and can increase up to megabytes). This initialization is not needed to be repeated, just use the existing context. (This patch is also required for the following change.)
2019-05-27 10:43:03 +03:00
}
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) {
strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_
2015-10-15 17:02:35 +03:00
_cleanup_strv_free_erase_ char **passwords = NULL;
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
if (!key_file) {
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
r = get_password(argv[2], argv[3], until, tries == 0 && !arg_verify, &passwords);
if (r == -EAGAIN)
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
continue;
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
if (r < 0)
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
return r;
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
}
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (streq_ptr(arg_type, CRYPT_TCRYPT))
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
r = attach_tcrypt(cd, argv[2], key_file, passwords, flags);
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
else
cryptsetup: minor coding style clean-ups
2019-08-21 11:40:04 +03:00
r = attach_luks_or_plain(cd, argv[2], key_file, passwords, flags);
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
if (r >= 0)
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
break;
cryptsetup: rework how we log about activation failures First of all let's always log where the errors happen, and not in an upper stackframe, in all cases. Previously we'd do this somethis one way and sometimes another, which resulted in sometimes duplicate logging and sometimes none. When we cannot activate something due to bad password the kernel gives us EPERM. Let's uniformly return this EAGAIN, so tha the next password is tried. (previously this was done in most cases but not in all) When we get EPERM let's also explicitly indicate that this probably means the password is simply wrong. Fixes: #11498
2019-01-21 22:19:11 +03:00
if (r != -EAGAIN)
return r;
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
cryptsetup: rework how we log about activation failures First of all let's always log where the errors happen, and not in an upper stackframe, in all cases. Previously we'd do this somethis one way and sometimes another, which resulted in sometimes duplicate logging and sometimes none. When we cannot activate something due to bad password the kernel gives us EPERM. Let's uniformly return this EAGAIN, so tha the next password is tried. (previously this was done in most cases but not in all) When we get EPERM let's also explicitly indicate that this probably means the password is simply wrong. Fixes: #11498
2019-01-21 22:19:11 +03:00
/* Passphrase not correct? Let's try again! */
key_file = NULL;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
}
cryptsetup: modernize some log message invocations
2019-01-21 22:02:33 +03:00
if (arg_tries != 0 && tries >= arg_tries)
return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Too many attempts to activate; giving up.");
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
} else if (streq(argv[1], "detach")) {
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
r = crypt_init_by_name(&cd, argv[2]);
if (r == -ENODEV) {
cryptsetup: do not 'fail' if trying to detach a nonexistent device It could be that our .service is being stopped precisely because the device already disappeared (e.g. due to a manual `cryptsetup close`, or due to UDisks2 cleaning up).
2016-04-01 21:51:20 +03:00
log_info("Volume %s already inactive.", argv[2]);
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
return 0;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
}
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
if (r < 0)
return log_error_errno(r, "crypt_init_by_name() failed: %m");
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
util-lib: export cryptsetup logging glue function
2017-11-01 17:56:25 +03:00
crypt_set_log_callback(cd, cryptsetup_log_glue, NULL);
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
r = crypt_deactivate(cd, argv[2]);
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
if (r < 0)
return log_error_errno(r, "Failed to deactivate: %m");
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
cryptsetup: modernize some log message invocations
2019-01-21 22:02:33 +03:00
} else
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unknown verb %s.", argv[1]);
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
return 0;
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
}
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
DEFINE_MAIN_FUNCTION(run);
Copy Permalink