shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-06 08:26:52 +03:00
Code
44ce425514
systemd/src/cryptsetup/cryptsetup.c

736 lines
26 KiB
C
Raw Normal View History

Add SPDX license identifiers to source files under the LGPL This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
2017-11-18 19:09:20 +03:00
/* SPDX-License-Identifier: LGPL-2.1+ */
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
#include <errno.h>
util-lib: split our string related calls from util.[ch] into its own file string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
2015-10-24 23:58:24 +03:00
#include <mntent.h>
#include <string.h>
#include <sys/mman.h>
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
util: split out escaping code into escape.[ch] This really deserves its own file, given how much code this is now.
2015-10-23 19:52:53 +03:00
#include "sd-device.h"
util-lib: split out allocation calls into alloc-util.[ch]
2015-10-27 05:01:06 +03:00
#include "alloc-util.h"
util: split out escaping code into escape.[ch] This really deserves its own file, given how much code this is now.
2015-10-23 19:52:53 +03:00
#include "ask-password-api.h"
util-lib: add cleanup function for crypt_free
2017-11-02 11:16:47 +03:00
#include "crypt-util.h"
util: split out escaping code into escape.[ch] This really deserves its own file, given how much code this is now.
2015-10-23 19:52:53 +03:00
#include "device-util.h"
#include "escape.h"
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
#include "fileio.h"
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
#include "log.h"
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
#include "main-func.h"
util-lib: move mount related utility calls to mount-util.[ch]
2015-10-26 20:44:13 +03:00
#include "mount-util.h"
util-lib: split string parsing related calls from util.[ch] into parse-util.[ch]
2015-10-26 18:18:16 +03:00
#include "parse-util.h"
util: split-out path-util.[ch]
2012-05-07 23:36:12 +04:00
#include "path-util.h"
util-lib: split our string related calls from util.[ch] into its own file string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
2015-10-24 23:58:24 +03:00
#include "string-util.h"
ask-password: supported plymouth cached passwords
2011-02-23 03:12:07 +03:00
#include "strv.h"
Split out pretty-print.c and move pager.c and main-func.h to shared/ This is high-level functionality, and fits better in shared/ (which is for our executables), than in basic/ (which is also for libraries).
2018-11-20 17:42:57 +03:00
#include "pretty-print.h"
util: split out escaping code into escape.[ch] This really deserves its own file, given how much code this is now.
2015-10-23 19:52:53 +03:00
#include "util.h"
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
cryptsetup: support LUKS2 on-disk format Allow cryptsetup utility to activate LUKS2 devices (with appropriate libcryptsetup) The change itself doesn't enforce new libcryptsetup 2.x and is backward compatible with versions 1.x
2017-10-12 13:57:25 +03:00
/* internal helper */
#define ANY_LUKS "LUKS"
cryptsetup: add support for sector-size= option (#9936) Bug-Ubuntu: https://launchpad.net/bugs/1776626 Closes #8881.
2018-08-29 17:38:09 +03:00
/* as in src/cryptsetup.h */
#define CRYPT_SECTOR_SIZE 512
#define CRYPT_MAX_SECTOR_SIZE 4096
cryptsetup: support LUKS2 on-disk format Allow cryptsetup utility to activate LUKS2 devices (with appropriate libcryptsetup) The change itself doesn't enforce new libcryptsetup 2.x and is backward compatible with versions 1.x
2017-10-12 13:57:25 +03:00
static const char *arg_type = NULL; /* ANY_LUKS, CRYPT_LUKS1, CRYPT_LUKS2, CRYPT_TCRYPT or CRYPT_PLAIN */
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
static char *arg_cipher = NULL;
static unsigned arg_key_size = 0;
cryptsetup: do not define arg_sector_size if libgcrypt is v1.x (#9990) Follow-up for #9936.
2018-09-01 17:47:46 +03:00
#if HAVE_LIBCRYPTSETUP_SECTOR_SIZE
cryptsetup: add support for sector-size= option (#9936) Bug-Ubuntu: https://launchpad.net/bugs/1776626 Closes #8881.
2018-08-29 17:38:09 +03:00
static unsigned arg_sector_size = CRYPT_SECTOR_SIZE;
cryptsetup: do not define arg_sector_size if libgcrypt is v1.x (#9990) Follow-up for #9936.
2018-09-01 17:47:46 +03:00
#endif
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
static int arg_key_slot = CRYPT_ANY_SLOT;
static unsigned arg_keyfile_size = 0;
cryptsetup: use uint64_t for keyfile-offset= (#7689) On 32bit, refuse large offsets. Once https://gitlab.com/cryptsetup/cryptsetup/issues/359 is resolved, we should switch to the new api, whatever it is. Fixes #7677.
2017-12-19 10:51:12 +03:00
static uint64_t arg_keyfile_offset = 0;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
static char *arg_hash = NULL;
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
static char *arg_header = NULL;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
static unsigned arg_tries = 3;
static bool arg_readonly = false;
static bool arg_verify = false;
static bool arg_discards = false;
static bool arg_tcrypt_hidden = false;
static bool arg_tcrypt_system = false;
cryptsetup: fix unused variable (#6833) When building without veracrypt, gcc warns ../src/cryptsetup/cryptsetup.c:55:13: warning: ‘arg_tcrypt_veracrypt’ defined but not used [-Wunused-variable] static bool arg_tcrypt_veracrypt = false; Fix this by conditionalizing the declaration.
2017-09-15 08:32:50 +03:00
#ifdef CRYPT_TCRYPT_VERA_MODES
Implement VeraCrypt volume handling in crypttab (#4501) This introduces a new option, `tcrypt-veracrypt`, that sets the corresponding VeraCrypt flag in the flags passed to cryptsetup.
2016-10-30 17:25:31 +03:00
static bool arg_tcrypt_veracrypt = false;
cryptsetup: fix unused variable (#6833) When building without veracrypt, gcc warns ../src/cryptsetup/cryptsetup.c:55:13: warning: ‘arg_tcrypt_veracrypt’ defined but not used [-Wunused-variable] static bool arg_tcrypt_veracrypt = false; Fix this by conditionalizing the declaration.
2017-09-15 08:32:50 +03:00
#endif
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
static char **arg_tcrypt_keyfiles = NULL;
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
static uint64_t arg_offset = 0;
static uint64_t arg_skip = 0;
cryptsetup: fix infinite timeout (#6486) 0004f698d causes `arg_timeout` to be infinity instead of 0 when timeout=0. The logic here now matches this change. Fixes #6381
2017-07-31 09:19:16 +03:00
static usec_t arg_timeout = USEC_INFINITY;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
STATIC_DESTRUCTOR_REGISTER(arg_cipher, freep);
STATIC_DESTRUCTOR_REGISTER(arg_hash, freep);
STATIC_DESTRUCTOR_REGISTER(arg_header, freep);
STATIC_DESTRUCTOR_REGISTER(arg_tcrypt_keyfiles, strv_freep);
cryptsetup: handle password=none properly
2010-11-14 04:08:31 +03:00
/* Options Debian's crypttab knows we don't:
precheck=
check=
checkargs=
noearly=
loud=
keyscript=
*/
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
static int parse_one_option(const char *option) {
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
const char *val;
int r;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
assert(option);
/* Handled outside of this tool */
cryptsetup: ignore _netdev, since it is used in generator (#7282)
2017-11-09 16:24:57 +03:00
if (STR_IN_SET(option, "noauto", "auto", "nofail", "fail", "_netdev"))
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
return 0;
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
if ((val = startswith(option, "cipher="))) {
r = free_and_strdup(&arg_cipher, val);
if (r < 0)
cryptsetup: fix OOM handling when parsing mount options
2013-10-02 21:36:28 +04:00
return log_oom();
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "size="))) {
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
r = safe_atou(val, &arg_key_size);
if (r < 0) {
log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
return 0;
}
Fix keysize handling in cryptsetup (bits vs. bytes) The command line key-size is in bits but the libcryptsetup API expects bytes. Note that the modulo 8 check is in the original cryptsetup binary as well, so it's no new limitation. (v2: changed the point at which the /= 8 is performed, rebased, removed tabs)
2014-03-25 14:05:28 +04:00
if (arg_key_size % 8) {
log_error("size= not a multiple of 8, ignoring.");
return 0;
}
arg_key_size /= 8;
cryptsetup: add support for sector-size= option (#9936) Bug-Ubuntu: https://launchpad.net/bugs/1776626 Closes #8881.
2018-08-29 17:38:09 +03:00
} else if ((val = startswith(option, "sector-size="))) {
#if HAVE_LIBCRYPTSETUP_SECTOR_SIZE
r = safe_atou(val, &arg_sector_size);
if (r < 0) {
log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
return 0;
}
if (arg_sector_size % 2) {
log_error("sector-size= not a multiple of 2, ignoring.");
return 0;
}
if (arg_sector_size < CRYPT_SECTOR_SIZE || arg_sector_size > CRYPT_MAX_SECTOR_SIZE) {
log_error("sector-size= is outside of %u and %u, ignoring.", CRYPT_SECTOR_SIZE, CRYPT_MAX_SECTOR_SIZE);
return 0;
}
#else
log_error("sector-size= is not supported, compiled with old libcryptsetup.");
return 0;
#endif
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "key-slot="))) {
cryptsetup: Support key-slot option Debian recently introduced the option key-slot to /etc/crypttab to specify the LUKS key slot to be used for decrypting the device. On systems where a keyfile is used and the key is not in the first slot, this can speed up the boot process quite a bit, since cryptsetup does not need to try all of the slots sequentially. (Unsuccessfully testing a key slot typically takes up to about 1 second.) This patch makes systemd aware of this option. Debian bug that introduced the feature: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704470
2014-01-26 15:02:49 +04:00
cryptsetup: support LUKS2 on-disk format Allow cryptsetup utility to activate LUKS2 devices (with appropriate libcryptsetup) The change itself doesn't enforce new libcryptsetup 2.x and is backward compatible with versions 1.x
2017-10-12 13:57:25 +03:00
arg_type = ANY_LUKS;
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
r = safe_atoi(val, &arg_key_slot);
if (r < 0) {
log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
cryptsetup: Support key-slot option Debian recently introduced the option key-slot to /etc/crypttab to specify the LUKS key slot to be used for decrypting the device. On systems where a keyfile is used and the key is not in the first slot, this can speed up the boot process quite a bit, since cryptsetup does not need to try all of the slots sequentially. (Unsuccessfully testing a key slot typically takes up to about 1 second.) This patch makes systemd aware of this option. Debian bug that introduced the feature: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704470
2014-01-26 15:02:49 +04:00
return 0;
}
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "tcrypt-keyfile="))) {
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
arg_type = CRYPT_TCRYPT;
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
if (path_is_absolute(val)) {
if (strv_extend(&arg_tcrypt_keyfiles, val) < 0)
cryptsetup: fix OOM handling when parsing mount options
2013-10-02 21:36:28 +04:00
return log_oom();
} else
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
log_error("Key file path \"%s\" is not absolute. Ignoring.", val);
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "keyfile-size="))) {
cryptsetup: add keyfile-size= support This is useful e.g. if the keyfile is a raw device, where only parts of it should be read. It is typically used whenever the keyfile-offset= option is specified. Tested-by: Erik Westrup <erik.westrup@gmail.com>
2012-08-03 14:47:24 +04:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
r = safe_atou(val, &arg_keyfile_size);
if (r < 0) {
log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
cryptsetup: add keyfile-size= support This is useful e.g. if the keyfile is a raw device, where only parts of it should be read. It is typically used whenever the keyfile-offset= option is specified. Tested-by: Erik Westrup <erik.westrup@gmail.com>
2012-08-03 14:47:24 +04:00
return 0;
}
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "keyfile-offset="))) {
cryptsetup: use uint64_t for keyfile-offset= (#7689) On 32bit, refuse large offsets. Once https://gitlab.com/cryptsetup/cryptsetup/issues/359 is resolved, we should switch to the new api, whatever it is. Fixes #7677.
2017-12-19 10:51:12 +03:00
uint64_t off;
cryptsetup: add keyfile-offset= support This is useful if your keyfile is a block device, and you want to use a specific part of it, such as an area between the MBR and the first partition. This feature is documented in the Arch wiki[0], and has been supported by the Arch initscripts, so would be nice to get this into systemd. This requires libcryptsetup >= 1.4.2 (released 12.4.2012). Acked-by: Paul Menzel <paulepanter@users.sourceforge.net> [0]: <https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS# Storing_the_key_between_MBR_and_1st_partition>
2012-06-29 16:36:37 +04:00
cryptsetup: use uint64_t for keyfile-offset= (#7689) On 32bit, refuse large offsets. Once https://gitlab.com/cryptsetup/cryptsetup/issues/359 is resolved, we should switch to the new api, whatever it is. Fixes #7677.
2017-12-19 10:51:12 +03:00
r = safe_atou64(val, &off);
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
if (r < 0) {
log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
cryptsetup: add keyfile-offset= support This is useful if your keyfile is a block device, and you want to use a specific part of it, such as an area between the MBR and the first partition. This feature is documented in the Arch wiki[0], and has been supported by the Arch initscripts, so would be nice to get this into systemd. This requires libcryptsetup >= 1.4.2 (released 12.4.2012). Acked-by: Paul Menzel <paulepanter@users.sourceforge.net> [0]: <https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS# Storing_the_key_between_MBR_and_1st_partition>
2012-06-29 16:36:37 +04:00
return 0;
}
cryptsetup: use uint64_t for keyfile-offset= (#7689) On 32bit, refuse large offsets. Once https://gitlab.com/cryptsetup/cryptsetup/issues/359 is resolved, we should switch to the new api, whatever it is. Fixes #7677.
2017-12-19 10:51:12 +03:00
if ((size_t) off != off) {
/* https://gitlab.com/cryptsetup/cryptsetup/issues/359 */
log_error("keyfile-offset= value would truncated to %zu, ignoring.", (size_t) off);
return 0;
}
arg_keyfile_offset = off;
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "hash="))) {
r = free_and_strdup(&arg_hash, val);
if (r < 0)
cryptsetup: fix OOM handling when parsing mount options
2013-10-02 21:36:28 +04:00
return log_oom();
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "header="))) {
cryptsetup: support LUKS2 on-disk format Allow cryptsetup utility to activate LUKS2 devices (with appropriate libcryptsetup) The change itself doesn't enforce new libcryptsetup 2.x and is backward compatible with versions 1.x
2017-10-12 13:57:25 +03:00
arg_type = ANY_LUKS;
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-21 01:40:44 +03:00
if (!path_is_absolute(val))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Header path \"%s\" is not absolute, refusing.", val);
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-21 01:40:44 +03:00
if (arg_header)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Duplicate header= option, refusing.");
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
arg_header = strdup(val);
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
if (!arg_header)
return log_oom();
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "tries="))) {
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
r = safe_atou(val, &arg_tries);
if (r < 0) {
log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
return 0;
}
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
} else if (STR_IN_SET(option, "readonly", "read-only"))
arg_readonly = true;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
else if (streq(option, "verify"))
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
arg_verify = true;
else if (STR_IN_SET(option, "allow-discards", "discard"))
arg_discards = true;
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
else if (streq(option, "luks"))
cryptsetup: support LUKS2 on-disk format Allow cryptsetup utility to activate LUKS2 devices (with appropriate libcryptsetup) The change itself doesn't enforce new libcryptsetup 2.x and is backward compatible with versions 1.x
2017-10-12 13:57:25 +03:00
arg_type = ANY_LUKS;
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
else if (streq(option, "tcrypt"))
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
arg_type = CRYPT_TCRYPT;
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
else if (streq(option, "tcrypt-hidden")) {
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
arg_type = CRYPT_TCRYPT;
arg_tcrypt_hidden = true;
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
} else if (streq(option, "tcrypt-system")) {
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
arg_type = CRYPT_TCRYPT;
arg_tcrypt_system = true;
Implement VeraCrypt volume handling in crypttab (#4501) This introduces a new option, `tcrypt-veracrypt`, that sets the corresponding VeraCrypt flag in the flags passed to cryptsetup.
2016-10-30 17:25:31 +03:00
} else if (streq(option, "tcrypt-veracrypt")) {
#ifdef CRYPT_TCRYPT_VERA_MODES
arg_type = CRYPT_TCRYPT;
arg_tcrypt_veracrypt = true;
#else
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-21 01:40:44 +03:00
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"This version of cryptsetup does not support tcrypt-veracrypt; refusing.");
Implement VeraCrypt volume handling in crypttab (#4501) This introduces a new option, `tcrypt-veracrypt`, that sets the corresponding VeraCrypt flag in the flags passed to cryptsetup.
2016-10-30 17:25:31 +03:00
#endif
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
} else if (STR_IN_SET(option, "plain", "swap", "tmp"))
arg_type = CRYPT_PLAIN;
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
else if ((val = startswith(option, "timeout="))) {
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
Parse "timeout=0" as infinity in various generators (#6264) This extends 2d79a0bbb9f651656384a0a86ed814e6306fb5dd to the kernel command line parsing. The parsing is changed a bit to only understand "0" as infinity. If units are specified, parse normally, e.g. "0s" is just 0. This makes it possible to provide a zero timeout if necessary. Simple test is added. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1462378.
2017-07-03 15:29:32 +03:00
r = parse_sec_fix_0(val, &arg_timeout);
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
if (r < 0) {
log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
return 0;
}
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "offset="))) {
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
r = safe_atou64(val, &arg_offset);
if (r < 0)
return log_error_errno(r, "Failed to parse %s: %m", option);
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
} else if ((val = startswith(option, "skip="))) {
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
r = safe_atou64(val, &arg_skip);
if (r < 0)
return log_error_errno(r, "Failed to parse %s: %m", option);
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
cryptsetup: accept "none" option
2011-08-04 18:04:43 +04:00
} else if (!streq(option, "none"))
tree-wide: use startswith return value to avoid hardcoded offset I think it's an antipattern to have to count the number of bytes in the prefix by hand. We should do this automatically to avoid wasting programmer time, and possible errors. I didn't any offsets that were wrong, so this change is mostly to make future development easier.
2016-10-22 23:11:41 +03:00
log_warning("Encountered unknown /etc/crypttab option '%s', ignoring.", option);
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
return 0;
}
static int parse_options(const char *options) {
Reject invalid quoted strings String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-30 06:01:36 +04:00
const char *word, *state;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
size_t l;
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
int r;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
assert(options);
Reject invalid quoted strings String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-30 06:01:36 +04:00
FOREACH_WORD_SEPARATOR(word, l, options, ",", state) {
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
_cleanup_free_ char *o;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
Reject invalid quoted strings String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-30 06:01:36 +04:00
o = strndup(word, l);
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
if (!o)
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
return -ENOMEM;
r = parse_one_option(o);
if (r < 0)
return r;
}
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
/* sanity-check options */
if (arg_type != NULL && !streq(arg_type, CRYPT_PLAIN)) {
if (arg_offset)
log_warning("offset= ignored with type %s", arg_type);
if (arg_skip)
log_warning("skip= ignored with type %s", arg_type);
}
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
return 0;
}
Introduce udev object cleanup functions
2013-10-13 04:28:21 +04:00
static char* disk_description(const char *path) {
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
static const char name_fields[] =
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
"ID_PART_ENTRY_NAME\0"
"DM_NAME\0"
"ID_MODEL_FROM_DATABASE\0"
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
"ID_MODEL\0";
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.
2015-11-27 21:13:45 +03:00
_cleanup_(sd_device_unrefp) sd_device *device = NULL;
tree-wide: do not assign unused return values
2018-09-01 17:12:47 +03:00
const char *i, *name;
cryptsetup: show udev device name when asking for password
2010-11-19 01:34:42 +03:00
struct stat st;
assert(path);
if (stat(path, &st) < 0)
return NULL;
if (!S_ISBLK(st.st_mode))
return NULL;
tree-wide: do not assign unused return values
2018-09-01 17:12:47 +03:00
if (sd_device_new_from_devnum(&device, 'b', st.st_rdev) < 0)
Introduce udev object cleanup functions
2013-10-13 04:28:21 +04:00
return NULL;
cryptsetup: show udev device name when asking for password
2010-11-19 01:34:42 +03:00
tree-wide: do not assign unused return values
2018-09-01 17:12:47 +03:00
NULSTR_FOREACH(i, name_fields)
if (sd_device_get_property_value(device, i, &name) >= 0 &&
!isempty(name))
Introduce udev object cleanup functions
2013-10-13 04:28:21 +04:00
return strdup(name);
cryptsetup: show udev device name when asking for password
2010-11-19 01:34:42 +03:00
Introduce udev object cleanup functions
2013-10-13 04:28:21 +04:00
return NULL;
cryptsetup: show udev device name when asking for password
2010-11-19 01:34:42 +03:00
}
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
static char *disk_mount_point(const char *label) {
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
_cleanup_free_ char *device = NULL;
Introduce _cleanup_endmntent_
2013-10-04 06:13:55 +04:00
_cleanup_endmntent_ FILE *f = NULL;
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
struct mntent *m;
/* Yeah, we don't support native systemd unit files here for now */
if (asprintf(&device, "/dev/mapper/%s", label) < 0)
Introduce _cleanup_endmntent_
2013-10-04 06:13:55 +04:00
return NULL;
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
tree-wide: always invoke setmntent() with "re" mode Let's make sure O_CLOEXEC is set for the file descriptor.
2016-12-08 21:36:46 +03:00
f = setmntent("/etc/fstab", "re");
mount: don't fail if fstab doesn't exist
2012-04-22 17:33:43 +04:00
if (!f)
Introduce _cleanup_endmntent_
2013-10-04 06:13:55 +04:00
return NULL;
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
while ((m = getmntent(f)))
Introduce _cleanup_endmntent_
2013-10-04 06:13:55 +04:00
if (path_equal(m->mnt_fsname, device))
return strdup(m->mnt_dir);
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
Introduce _cleanup_endmntent_
2013-10-04 06:13:55 +04:00
return NULL;
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
}
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
static int get_password(const char *vol, const char *src, usec_t until, bool accept_cached, char ***ret) {
cryptsetup: use more descriptive name for the variable and drop redundant function Let's rename escaped_name to disk_path since this is an actual content that pointer refers to. It is either path to encrypted block device or path to encrypted image file. Also drop redundant function disk_major_minor(). src is always set, and it always points to either encrypted block device path (or symlink to such device) or to encrypted image. In case it is set to device path there is no need to reset it to /dev/block/major:minor symlink since those paths are equivalent.
2017-12-12 22:00:31 +03:00
_cleanup_free_ char *description = NULL, *name_buffer = NULL, *mount_point = NULL, *text = NULL, *disk_path = NULL;
strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_
2015-10-15 17:02:35 +03:00
_cleanup_strv_free_erase_ char **passwords = NULL;
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
const char *name = NULL;
ask-password: add support for caching passwords in the kernel keyring This adds support for caching harddisk passwords in the kernel keyring if it is available, thus supporting caching without Plymouth being around. This is also useful for hooking up "gdm-auto-login" with the collected boot-time harddisk password, in order to support gnome keyring passphrase unlocking via the HDD password, if it is the same. Any passwords added to the kernel keyring this way have a timeout of 2.5min at which time they are purged from the kernel.
2015-10-07 12:26:10 +03:00
char **p, *id;
int r = 0;
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
assert(vol);
assert(src);
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
assert(ret);
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
description = disk_description(src);
mount_point = disk_mount_point(vol);
cryptsetup: use more descriptive name for the variable and drop redundant function Let's rename escaped_name to disk_path since this is an actual content that pointer refers to. It is either path to encrypted block device or path to encrypted image file. Also drop redundant function disk_major_minor(). src is always set, and it always points to either encrypted block device path (or symlink to such device) or to encrypted image. In case it is set to device path there is no need to reset it to /dev/block/major:minor symlink since those paths are equivalent.
2017-12-12 22:00:31 +03:00
disk_path = cescape(src);
if (!disk_path)
return log_oom();
tree-wide: drop {} from one-line if blocks Patch via coccinelle.
2015-09-09 00:03:38 +03:00
if (description && streq(vol, description))
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
/* If the description string is simply the
* volume name, then let's not show this
* twice */
tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-31 20:56:38 +03:00
description = mfree(description);
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
if (mount_point && description)
r = asprintf(&name_buffer, "%s (%s) on %s", description, vol, mount_point);
else if (mount_point)
r = asprintf(&name_buffer, "%s on %s", vol, mount_point);
else if (description)
r = asprintf(&name_buffer, "%s (%s)", description, vol);
if (r < 0)
return log_oom();
name = name_buffer ? name_buffer : vol;
More polite passphrase prompt Instead of Please enter passphrase for disk <disk-name>! use Please enter passphrase for disk <disk-name>: which is more polite and matches Plymouth convention.
2018-10-09 17:13:34 +03:00
if (asprintf(&text, "Please enter passphrase for disk %s:", name) < 0)
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
return log_oom();
cryptsetup: use more descriptive name for the variable and drop redundant function Let's rename escaped_name to disk_path since this is an actual content that pointer refers to. It is either path to encrypted block device or path to encrypted image file. Also drop redundant function disk_major_minor(). src is always set, and it always points to either encrypted block device path (or symlink to such device) or to encrypted image. In case it is set to device path there is no need to reset it to /dev/block/major:minor symlink since those paths are equivalent.
2017-12-12 22:00:31 +03:00
id = strjoina("cryptsetup:", disk_path);
Add more password agent information Add an (optional) "Id" key in the password agent .ask files. The Id is supposed to be a simple string in "<subsystem>:<target>" form which is used to provide more information on what the requested passphrase is to be used for (which e.g. allows an agent to only react to cryptsetup requests). (v2: rebased, fixed indentation, escape name, use strappenda)
2014-03-25 14:05:23 +04:00
strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_
2015-10-15 17:02:35 +03:00
r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", until,
ASK_PASSWORD_PUSH_CACHE | (accept_cached*ASK_PASSWORD_ACCEPT_CACHED),
&passwords);
treewide: more log_*_errno + return simplifications
2014-11-28 20:23:20 +03:00
if (r < 0)
return log_error_errno(r, "Failed to query password: %m");
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_verify) {
strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_
2015-10-15 17:02:35 +03:00
_cleanup_strv_free_erase_ char **passwords2 = NULL;
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
assert(strv_length(passwords) == 1);
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
More polite passphrase prompt Instead of Please enter passphrase for disk <disk-name>! use Please enter passphrase for disk <disk-name>: which is more polite and matches Plymouth convention.
2018-10-09 17:13:34 +03:00
if (asprintf(&text, "Please enter passphrase for disk %s (verification):", name) < 0)
strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_
2015-10-15 17:02:35 +03:00
return log_oom();
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
cryptsetup: use more descriptive name for the variable and drop redundant function Let's rename escaped_name to disk_path since this is an actual content that pointer refers to. It is either path to encrypted block device or path to encrypted image file. Also drop redundant function disk_major_minor(). src is always set, and it always points to either encrypted block device path (or symlink to such device) or to encrypted image. In case it is set to device path there is no need to reset it to /dev/block/major:minor symlink since those paths are equivalent.
2017-12-12 22:00:31 +03:00
id = strjoina("cryptsetup-verification:", disk_path);
Add more password agent information Add an (optional) "Id" key in the password agent .ask files. The Id is supposed to be a simple string in "<subsystem>:<target>" form which is used to provide more information on what the requested passphrase is to be used for (which e.g. allows an agent to only react to cryptsetup requests). (v2: rebased, fixed indentation, escape name, use strappenda)
2014-03-25 14:05:23 +04:00
ask-password: add support for caching passwords in the kernel keyring This adds support for caching harddisk passwords in the kernel keyring if it is available, thus supporting caching without Plymouth being around. This is also useful for hooking up "gdm-auto-login" with the collected boot-time harddisk password, in order to support gnome keyring passphrase unlocking via the HDD password, if it is the same. Any passwords added to the kernel keyring this way have a timeout of 2.5min at which time they are purged from the kernel.
2015-10-07 12:26:10 +03:00
r = ask_password_auto(text, "drive-harddisk", id, "cryptsetup", until, ASK_PASSWORD_PUSH_CACHE, &passwords2);
strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_
2015-10-15 17:02:35 +03:00
if (r < 0)
return log_error_errno(r, "Failed to query verification password: %m");
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
assert(strv_length(passwords2) == 1);
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
if (!streq(passwords[0], passwords2[0])) {
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
log_warning("Passwords did not match, retrying.");
strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_
2015-10-15 17:02:35 +03:00
return -EAGAIN;
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
}
}
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
strv_uniq(passwords);
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
STRV_FOREACH(p, passwords) {
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
char *c;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (strlen(*p)+1 >= arg_key_size)
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
continue;
/* Pad password if necessary */
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
c = new(char, arg_key_size);
strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_
2015-10-15 17:02:35 +03:00
if (!c)
return log_oom();
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
strncpy(c, *p, arg_key_size);
cryptsetup: use free_and_replace() where appropriate
2019-01-21 22:01:38 +03:00
free_and_replace(*p, c);
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
}
macro: introduce TAKE_PTR() macro This macro will read a pointer of any type, return it, and set the pointer to NULL. This is useful as an explicit concept of passing ownership of a memory area between pointers. This takes inspiration from Rust: https://doc.rust-lang.org/std/option/enum.Option.html#method.take and was suggested by Alan Jenkins (@sourcejedi). It drops ~160 lines of code from our codebase, which makes me like it. Also, I think it clarifies passing of ownership, and thus helps readability a bit (at least for the initiated who know the new macro)
2018-03-22 18:53:26 +03:00
*ret = TAKE_PTR(passwords);
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_
2015-10-15 17:02:35 +03:00
return 0;
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
}
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
static int attach_tcrypt(
struct crypt_device *cd,
const char *name,
const char *key_file,
char **passwords,
uint32_t flags) {
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
int r = 0;
_cleanup_free_ char *passphrase = NULL;
struct crypt_params_tcrypt params = {
.flags = CRYPT_TCRYPT_LEGACY_MODES,
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
.keyfiles = (const char **)arg_tcrypt_keyfiles,
.keyfiles_count = strv_length(arg_tcrypt_keyfiles)
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
};
assert(cd);
assert(name);
cryptsetup: check that password is not null Beef up the assert to protect against passing null to strlen. Found with scan-build.
2014-06-13 00:50:04 +04:00
assert(key_file || (passwords && passwords[0]));
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_tcrypt_hidden)
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
params.flags |= CRYPT_TCRYPT_HIDDEN_HEADER;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_tcrypt_system)
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
params.flags |= CRYPT_TCRYPT_SYSTEM_HEADER;
Implement VeraCrypt volume handling in crypttab (#4501) This introduces a new option, `tcrypt-veracrypt`, that sets the corresponding VeraCrypt flag in the flags passed to cryptsetup.
2016-10-30 17:25:31 +03:00
#ifdef CRYPT_TCRYPT_VERA_MODES
if (arg_tcrypt_veracrypt)
params.flags |= CRYPT_TCRYPT_VERA_MODES;
#endif
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
if (key_file) {
r = read_one_line_file(key_file, &passphrase);
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 15:19:16 +03:00
log_error_errno(r, "Failed to read password file '%s': %m", key_file);
cryptsetup: add some commenting about EAGAIN generation
2019-01-21 22:13:11 +03:00
return -EAGAIN; /* log with the actual error, but return EAGAIN */
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
}
params.passphrase = passphrase;
} else
params.passphrase = passwords[0];
params.passphrase_size = strlen(params.passphrase);
r = crypt_load(cd, CRYPT_TCRYPT, &params);
if (r < 0) {
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-21 01:40:44 +03:00
if (key_file && r == -EPERM)
return log_error_errno(SYNTHETIC_ERRNO(EAGAIN),
"Failed to activate using password file '%s'.",
key_file);
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
return r;
}
cryptsetup: minor typo fix
2014-03-25 02:45:58 +04:00
return crypt_activate_by_volume_key(cd, name, NULL, 0, flags);
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
}
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
static int attach_luks_or_plain(struct crypt_device *cd,
const char *name,
const char *key_file,
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
const char *data_device,
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
char **passwords,
uint32_t flags) {
int r = 0;
bool pass_volume_key = false;
assert(cd);
assert(name);
assert(key_file || passwords);
cryptsetup: support LUKS2 on-disk format Allow cryptsetup utility to activate LUKS2 devices (with appropriate libcryptsetup) The change itself doesn't enforce new libcryptsetup 2.x and is backward compatible with versions 1.x
2017-10-12 13:57:25 +03:00
if (!arg_type || STR_IN_SET(arg_type, ANY_LUKS, CRYPT_LUKS1)) {
r = crypt_load(cd, CRYPT_LUKS, NULL);
cryptsetup: modernize some log message invocations
2019-01-21 22:02:33 +03:00
if (r < 0)
return log_error_errno(r, "crypt_load() failed on device %s: %m", crypt_get_device_name(cd));
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
if (data_device)
r = crypt_set_data_device(cd, data_device);
}
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if ((!arg_type && r < 0) || streq_ptr(arg_type, CRYPT_PLAIN)) {
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
struct crypt_params_plain params = {
.offset = arg_offset,
.skip = arg_skip,
cryptsetup: add support for sector-size= option (#9936) Bug-Ubuntu: https://launchpad.net/bugs/1776626 Closes #8881.
2018-08-29 17:38:09 +03:00
#if HAVE_LIBCRYPTSETUP_SECTOR_SIZE
.sector_size = arg_sector_size,
#endif
cryptsetup: Implement offset and skip options These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-16 14:44:07 +03:00
};
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
const char *cipher, *cipher_mode;
_cleanup_free_ char *truncated_cipher = NULL;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_hash) {
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
/* plain isn't a real hash type. it just means "use no hash" */
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (!streq(arg_hash, "plain"))
params.hash = arg_hash;
cryptsetup: default to no hash when keyfile is specified For plain dm-crypt devices, the behavior of cryptsetup package is to ignore the hash algorithm when a key file is provided. It seems wrong to ignore a hash when it is explicitly specified, but we should default to no hash if the keyfile is specified. https://bugs.freedesktop.org/show_bug.cgi?id=52630
2014-11-24 17:11:12 +03:00
} else if (!key_file)
/* for CRYPT_PLAIN, the behaviour of cryptsetup
* package is to not hash when a key file is provided */
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
params.hash = "ripemd160";
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_cipher) {
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
size_t l;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
l = strcspn(arg_cipher, "-");
truncated_cipher = strndup(arg_cipher, l);
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
if (!truncated_cipher)
return log_oom();
cipher = truncated_cipher;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
cipher_mode = arg_cipher[l] ? arg_cipher+l+1 : "plain";
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
} else {
cipher = "aes";
cipher_mode = "cbc-essiv:sha256";
}
cryptsetup: don't line-break so aggressively
2019-01-21 22:14:42 +03:00
/* for CRYPT_PLAIN limit reads from keyfile to key length, and ignore keyfile-size */
Fix keysize handling in cryptsetup (bits vs. bytes) The command line key-size is in bits but the libcryptsetup API expects bytes. Note that the modulo 8 check is in the original cryptsetup binary as well, so it's no new limitation. (v2: changed the point at which the /= 8 is performed, rebased, removed tabs)
2014-03-25 14:05:28 +04:00
arg_keyfile_size = arg_key_size;
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
cryptsetup: don't line-break so aggressively
2019-01-21 22:14:42 +03:00
/* In contrast to what the name crypt_setup() might suggest this doesn't actually format
* anything, it just configures encryption parameters when used for plain mode. */
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
r = crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, arg_keyfile_size, &params);
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
/* hash == NULL implies the user passed "plain" */
pass_volume_key = (params.hash == NULL);
}
treewide: more log_*_errno + return simplifications
2014-11-28 20:23:20 +03:00
if (r < 0)
return log_error_errno(r, "Loading of cryptographic parameters failed: %m");
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
log_info("Set cipher %s, mode %s, key size %i bits for device %s.",
crypt_get_cipher(cd),
crypt_get_cipher_mode(cd),
crypt_get_volume_key_size(cd)*8,
crypt_get_device_name(cd));
if (key_file) {
tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.
2015-10-14 23:40:23 +03:00
r = crypt_activate_by_keyfile_offset(cd, name, arg_key_slot, key_file, arg_keyfile_size, arg_keyfile_offset, flags);
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 15:19:16 +03:00
log_error_errno(r, "Failed to activate with key file '%s': %m", key_file);
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
return -EAGAIN;
}
} else {
char **p;
STRV_FOREACH(p, passwords) {
if (pass_volume_key)
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
r = crypt_activate_by_volume_key(cd, name, *p, arg_key_size, flags);
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
else
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
r = crypt_activate_by_passphrase(cd, name, arg_key_slot, *p, strlen(*p), flags);
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
if (r >= 0)
break;
}
}
return r;
}
cryptsetup: add a terse help
2011-02-25 04:56:27 +03:00
static int help(void) {
tree-wide: add clickable man page link to all --help texts This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
2018-08-09 11:32:31 +03:00
_cleanup_free_ char *link = NULL;
int r;
r = terminal_urlify_man("systemd-cryptsetup@.service", "8", &link);
if (r < 0)
return log_oom();
cryptsetup: add a terse help
2011-02-25 04:56:27 +03:00
printf("%s attach VOLUME SOURCEDEVICE [PASSWORD] [OPTIONS]\n"
"%s detach VOLUME\n\n"
tree-wide: add clickable man page link to all --help texts This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
2018-08-09 11:32:31 +03:00
"Attaches or detaches an encrypted block device.\n"
"\nSee the %s for details.\n"
, program_invocation_short_name
, program_invocation_short_name
, link
);
cryptsetup: add a terse help
2011-02-25 04:56:27 +03:00
return 0;
}
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
static int run(int argc, char *argv[]) {
util-lib: add cleanup function for crypt_free
2017-11-02 11:16:47 +03:00
_cleanup_(crypt_freep) struct crypt_device *cd = NULL;
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
int r;
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
if (argc <= 1)
return help();
cryptsetup: add a terse help
2011-02-25 04:56:27 +03:00
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
if (argc < 3) {
log_error("This program requires at least two arguments.");
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
return -EINVAL;
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
}
log: introduce new helper call log_setup_service() Let's reduce the common boilerplate and have a single setup function used by all service code to setup logging.
2018-11-20 13:18:22 +03:00
log_setup_service();
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
umask: change default umask to 0022 just to be sure, and set it explicitly in all binaries, in order to make sure it is set when started from the terminal
2011-08-01 22:52:18 +04:00
umask(0022);
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
if (streq(argv[1], "attach")) {
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
uint32_t flags = 0;
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
unsigned tries;
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
usec_t until;
cryptsetup: properly parse cipher= switch
2010-11-14 04:01:29 +03:00
crypt_status_info status;
cryptsetup: craft a unique ID with the source device If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-01 18:26:27 +03:00
const char *key_file = NULL;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
cryptsetup: try to show the mount point for a crypto disk if we can
2011-02-23 20:46:27 +03:00
/* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [PASSWORD] [OPTIONS] */
cryptsetup: modernize some log message invocations
2019-01-21 22:02:33 +03:00
if (argc < 4)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach requires at least two arguments.");
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
cryptsetup: handle password=none properly
2010-11-14 04:08:31 +03:00
if (argc >= 5 &&
argv[4][0] &&
!streq(argv[4], "-") &&
!streq(argv[4], "none")) {
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
if (!path_is_absolute(argv[4]))
cryptsetup: downgrade a log message we ignore
2019-01-21 22:19:57 +03:00
log_warning("Password file path '%s' is not absolute. Ignoring.", argv[4]);
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
else
key_file = argv[4];
}
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
if (argc >= 6 && argv[5][0] && !streq(argv[5], "-")) {
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
r = parse_options(argv[5]);
if (r < 0)
return r;
cryptsetup: when prompting for password use GPT partition label If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-03-26 18:23:54 +04:00
}
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
cryptsetup: lock ourselves into memory as long as we deal with passwords
2010-11-16 05:23:52 +03:00
/* A delicious drop of snake oil */
mlockall(MCL_FUTURE);
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
if (arg_header) {
log_debug("LUKS header: %s", arg_header);
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
r = crypt_init(&cd, arg_header);
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
} else
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
r = crypt_init(&cd, argv[3]);
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
if (r < 0)
return log_error_errno(r, "crypt_init() failed: %m");
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
util-lib: export cryptsetup logging glue function
2017-11-01 17:56:25 +03:00
crypt_set_log_callback(cd, cryptsetup_log_glue, NULL);
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
status = crypt_status(cd, argv[2]);
tree-wide: use IN_SET where possible In addition to the changes from #6933 this handles cases that could be matched with the included cocci file.
2017-09-29 01:37:23 +03:00
if (IN_SET(status, CRYPT_ACTIVE, CRYPT_BUSY)) {
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
log_info("Volume %s already active.", argv[2]);
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
return 0;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
}
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_readonly)
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
flags |= CRYPT_ACTIVATE_READONLY;
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (arg_discards)
cryptsetup: support discards (TRIM)
2012-05-19 19:05:50 +04:00
flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
cryptsetup: fix infinite timeout (#6486) 0004f698d causes `arg_timeout` to be infinity instead of 0 when timeout=0. The logic here now matches this change. Fixes #6381
2017-07-31 09:19:16 +03:00
if (arg_timeout == USEC_INFINITY)
ask-password: support passwords without timeouts
2011-04-13 23:42:46 +04:00
until = 0;
cryptsetup: fix infinite timeout (#6486) 0004f698d causes `arg_timeout` to be infinity instead of 0 when timeout=0. The logic here now matches this change. Fixes #6381
2017-07-31 09:19:16 +03:00
else
until = now(CLOCK_MONOTONIC) + arg_timeout;
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
Fix keysize handling in cryptsetup (bits vs. bytes) The command line key-size is in bits but the libcryptsetup API expects bytes. Note that the modulo 8 check is in the original cryptsetup binary as well, so it's no new limitation. (v2: changed the point at which the /= 8 is performed, rebased, removed tabs)
2014-03-25 14:05:28 +04:00
arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8));
cryptsetup: properly parse cipher= switch
2010-11-14 04:01:29 +03:00
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
if (key_file) {
struct stat st;
cryptsetup: properly parse cipher= switch
2010-11-14 04:01:29 +03:00
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
/* Ideally we'd do this on the open fd, but since this is just a
* warning it's OK to do this in two steps. */
cryptsetup: only warn on real key files Simplify the check from commit 05f73ad to only apply the warning to regular files instead of enumerating device nodes.
2015-02-02 18:53:39 +03:00
if (stat(key_file, &st) >= 0 && S_ISREG(st.st_mode) && (st.st_mode & 0005))
log_warning("Key file %s is world-readable. This is not a good idea!", key_file);
cryptsetup: properly parse cipher= switch
2010-11-14 04:01:29 +03:00
}
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) {
strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_
2015-10-15 17:02:35 +03:00
_cleanup_strv_free_erase_ char **passwords = NULL;
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
if (!key_file) {
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
r = get_password(argv[2], argv[3], until, tries == 0 && !arg_verify, &passwords);
if (r == -EAGAIN)
cryptsetup: Move password query out of main Also use _cleanup_free_ where possible.
2013-07-13 15:19:36 +04:00
continue;
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
if (r < 0)
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
return r;
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
}
cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools
2014-03-13 03:46:58 +04:00
if (streq_ptr(arg_type, CRYPT_TCRYPT))
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
r = attach_tcrypt(cd, argv[2], key_file, passwords, flags);
cryptsetup: Add tcrypt support Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-13 15:19:38 +04:00
else
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
r = attach_luks_or_plain(cd,
cryptsetup: support header= option https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-09 00:21:06 +03:00
argv[2],
key_file,
arg_header ? argv[3] : NULL,
passwords,
flags);
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
if (r >= 0)
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
break;
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
if (r == -EAGAIN) {
cryptsetup: Move attaching of the device out of main
2013-07-13 15:19:37 +04:00
key_file = NULL;
continue;
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
}
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
if (r != -EPERM)
return log_error_errno(r, "Failed to activate: %m");
cryptsetup: support non-LUKS crypto partitions
2010-11-14 03:53:46 +03:00
log_warning("Invalid passphrase.");
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
}
cryptsetup: modernize some log message invocations
2019-01-21 22:02:33 +03:00
if (arg_tries != 0 && tries >= arg_tries)
return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Too many attempts to activate; giving up.");
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
} else if (streq(argv[1], "detach")) {
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
r = crypt_init_by_name(&cd, argv[2]);
if (r == -ENODEV) {
cryptsetup: do not 'fail' if trying to detach a nonexistent device It could be that our .service is being stopped precisely because the device already disappeared (e.g. due to a manual `cryptsetup close`, or due to UDisks2 cleaning up).
2016-04-01 21:51:20 +03:00
log_info("Volume %s already inactive.", argv[2]);
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
return 0;
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
}
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
if (r < 0)
return log_error_errno(r, "crypt_init_by_name() failed: %m");
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
util-lib: export cryptsetup logging glue function
2017-11-01 17:56:25 +03:00
crypt_set_log_callback(cd, cryptsetup_log_glue, NULL);
cryptsetup: hook up tool with ask-password
2010-11-12 02:39:17 +03:00
cryptsetup: various coding style improvements No functional changes.
2016-12-16 15:15:31 +03:00
r = crypt_deactivate(cd, argv[2]);
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
if (r < 0)
return log_error_errno(r, "Failed to deactivate: %m");
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
cryptsetup: modernize some log message invocations
2019-01-21 22:02:33 +03:00
} else
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unknown verb %s.", argv[1]);
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
return 0;
cryptsetup: minimal cryptsetup unit generator
2010-11-08 07:02:45 +03:00
}
cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro
2018-11-20 11:18:08 +03:00
DEFINE_MAIN_FUNCTION(run);
Copy Permalink