1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-06 08:26:52 +03:00
Commit Graph

57 Commits

Author SHA1 Message Date
Lennart Poettering
4349cd7c1d util-lib: move mount related utility calls to mount-util.[ch] 2015-10-27 13:25:55 +01:00
Lennart Poettering
6bedfcbb29 util-lib: split string parsing related calls from util.[ch] into parse-util.[ch] 2015-10-27 13:25:55 +01:00
Lennart Poettering
07630cea1f util-lib: split our string related calls from util.[ch] into its own file string-util.[ch]
There are more than enough calls doing string manipulations to deserve
its own files, hence do something about it.

This patch also sorts the #include blocks of all files that needed to be
updated, according to the sorting suggestions from CODING_STYLE. Since
pretty much every file needs our string manipulation functions this
effectively means that most files have sorted #include blocks now.

Also touches a few unrelated include files.
2015-10-24 23:05:02 +02:00
Lennart Poettering
4f5dd3943b util: split out escaping code into escape.[ch]
This really deserves its own file, given how much code this is now.
2015-10-24 23:04:42 +02:00
Zbigniew Jędrzejewski-Szmek
ab84f5b95e strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_ 2015-10-19 23:13:07 +02:00
Lennart Poettering
1602b00853 tree-wide: whenever we deal with passwords, erase them from memory after use
A bit snake-oilish, but can't hurt.
2015-10-19 23:13:07 +02:00
Lennart Poettering
e287086b8a ask-password: add support for caching passwords in the kernel keyring
This adds support for caching harddisk passwords in the kernel keyring
if it is available, thus supporting caching without Plymouth being
around.

This is also useful for hooking up "gdm-auto-login" with the collected
boot-time harddisk password, in order to support gnome keyring
passphrase unlocking via the HDD password, if it is the same.

Any passwords added to the kernel keyring this way have a timeout of
2.5min at which time they are purged from the kernel.
2015-10-07 12:26:14 +02:00
Lennart Poettering
ece174c543 tree-wide: drop {} from one-line if blocks
Patch via coccinelle.
2015-09-09 08:20:20 +02:00
David Herrmann
97b11eedff tree-wide: introduce mfree()
Pretty trivial helper which wraps free() but returns NULL, so we can
simplify this:
        free(foobar);
        foobar = NULL;
to this:
        foobar = mfree(foobar);
2015-07-31 19:56:38 +02:00
Harald Hoyer
e51b9486d1 cryptsetup: craft a unique ID with the source device
If cryptsetup is called with a source device as argv[3], then craft the
ID for the password agent with a unique device path.

If possible "/dev/block/<maj>:<min>" is used, otherwise the original
argv[3] is used.

This enables password agents like petera [1] to provide a password
according to the source device. The original ID did not carry enough
information and was more targeted for a human readable string, which
is specified in the "Message" field anyway.

With this patch the ID of the ask.XXX ini file looks like this:
ID=cryptsetup:/dev/block/<maj>:<min>

[1] https://github.com/npmccallum/petera
2015-06-09 10:17:55 +02:00
Martin Pitt
4eac277367 cryptsetup: Implement offset and skip options
These are useful for plain devices as they don't have any metadata by
themselves. Instead of using an unreliable hardcoded device name in crypttab
you can then put static metadata at the start of the partition for a stable
UUID or label.

https://bugs.freedesktop.org/show_bug.cgi?id=87717
https://bugs.debian.org/751707
https://launchpad.net/bugs/953875
2015-04-17 10:53:01 -05:00
Tom Gundersen
9a97aaae3b cryptsetup: port from libudev to sd-device 2015-04-02 00:18:27 +02:00
Thomas Hindoe Paaboel Andersen
2eec67acbb remove unused includes
This patch removes includes that are not used. The removals were found with
include-what-you-use which checks if any of the symbols from a header is
in use.
2015-02-23 23:53:42 +01:00
Lennart Poettering
63c372cb9d util: rework strappenda(), and rename it strjoina()
After all it is now much more like strjoin() than strappend(). At the
same time, add support for NULL sentinels, even if they are normally not
necessary.
2015-02-03 02:05:59 +01:00
Martin Pitt
3f4d56a069 cryptsetup: only warn on real key files
Simplify the check from commit 05f73ad to only apply the warning to regular
files instead of enumerating device nodes.
2015-02-02 16:53:39 +01:00
Cristian Rodríguez
05f73ad22b cryptsetup: Do not warn If the key is /dev/*random
Using /dev/urandom as a key is valid for swap, do not
warn if this devices are world readable.
2015-02-02 16:41:31 +01:00
Zbigniew Jędrzejewski-Szmek
b9f111b93f Support negated fstab options
We would ignore options like "fail" and "auto", and for any option
which takes a value the first assignment would win. Repeated and
options equivalent to the default are rarely used, but they have been
documented forever, and people might use them. Especially on the
kernel command line it is easier to append a repeated or negated
option at the end.
2015-01-11 23:41:41 -05:00
Andrey Chaser
7376e83528 cryptsetup: support header= option
https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-08 16:33:59 -05:00
Michal Schmidt
23bbb0de4e treewide: more log_*_errno + return simplifications 2014-11-28 18:24:30 +01:00
Michal Schmidt
da927ba997 treewide: no need to negate errno for log_*_errno()
It corrrectly handles both positive and negative errno values.
2014-11-28 13:29:21 +01:00
Michal Schmidt
0a1beeb642 treewide: auto-convert the simple cases to log_*_errno()
As a followup to 086891e5c1 "log: add an "error" parameter to all
low-level logging calls and intrdouce log_error_errno() as log calls
that take error numbers", use sed to convert the simple cases to use
the new macros:

find . -name '*.[ch]' | xargs sed -r -i -e \
's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/'

Multi-line log_*() invocations are not covered.
And we also should add log_unit_*_errno().
2014-11-28 12:04:41 +01:00
Zbigniew Jędrzejewski-Szmek
8a52210c93 cryptsetup: default to no hash when keyfile is specified
For plain dm-crypt devices, the behavior of cryptsetup package is to
ignore the hash algorithm when a key file is provided. It seems wrong
to ignore a hash when it is explicitly specified, but we should default
to no hash if the keyfile is specified.

https://bugs.freedesktop.org/show_bug.cgi?id=52630
2014-11-24 09:14:18 -05:00
Zbigniew Jędrzejewski-Szmek
a2a5291b3f Reject invalid quoted strings
String which ended in an unfinished quote were accepted, potentially
with bad memory accesses.

Reject anything which ends in a unfished quote, or contains
non-whitespace characters right after the closing quote.

_FOREACH_WORD now returns the invalid character in *state. But this return
value is not checked anywhere yet.

Also, make 'word' and 'state' variables const pointers, and rename 'w'
to 'word' in various places. Things are easier to read if the same name
is used consistently.

mbiebl_> am I correct that something like this doesn't work
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"'
mbiebl_> systemd seems to strip of the quotes
mbiebl_> systemctl status shows
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS  $RootDir $MountPoint
mbiebl_> which is pretty weird
2014-07-31 04:00:31 -04:00
Karel Zak
7de80bfe2e Always check asprintf return code
There is a small number of the places in sources where we don't check
asprintf() return code and assume that after error the function
returns NULL pointer via the first argument. That's wrong, after
error the content of pointer is undefined.
2014-07-26 15:08:41 -04:00
Thomas Hindoe Paaboel Andersen
f268f57f63 cryptsetup: check that password is not null
Beef up the assert to protect against passing null to strlen.

Found with scan-build.
2014-06-13 00:30:40 +02:00
David Härdeman
6131a78b4d Fix keysize handling in cryptsetup (bits vs. bytes)
The command line key-size is in bits but the libcryptsetup API expects bytes.

Note that the modulo 8 check is in the original cryptsetup binary as well, so
it's no new limitation.

(v2: changed the point at which the /= 8 is performed, rebased, removed tabs)
2014-04-24 09:23:57 +02:00
David Härdeman
9fa1de965a Add more password agent information
Add an (optional) "Id" key in the password agent .ask files. The Id is
supposed to be a simple string in "<subsystem>:<target>" form which
is used to provide more information on what the requested passphrase
is to be used for (which e.g. allows an agent to only react to cryptsetup
requests).

(v2: rebased, fixed indentation, escape name, use strappenda)
2014-04-24 09:23:54 +02:00
Lennart Poettering
ac1a87b9f2 cryptsetup: minor typo fix 2014-03-24 23:46:13 +01:00
Lennart Poettering
f75cac3746 cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools 2014-03-13 00:46:58 +01:00
Christian Seiler
b4a11878f2 cryptsetup: Support key-slot option
Debian recently introduced the option key-slot to /etc/crypttab to
specify the LUKS key slot to be used for decrypting the device. On
systems where a keyfile is used and the key is not in the first slot,
this can speed up the boot process quite a bit, since cryptsetup does
not need to try all of the slots sequentially. (Unsuccessfully testing
a key slot typically takes up to about 1 second.)

This patch makes systemd aware of this option.

Debian bug that introduced the feature:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704470
2014-01-26 13:24:01 +01:00
Zbigniew Jędrzejewski-Szmek
1ca208fb4f Introduce udev object cleanup functions 2013-10-13 17:56:55 -04:00
Zbigniew Jędrzejewski-Szmek
5862d652ba Introduce _cleanup_endmntent_ 2013-10-03 22:13:55 -04:00
Lennart Poettering
4b93637fd7 cryptsetup: fix OOM handling when parsing mount options 2013-10-02 19:45:12 +02:00
Thomas Bächler
404dac4d96 cryptsetup: Retry indefinitely if tries=0 option has been set.
When running from initrd, entering a wrong passphrase usually means that
you cannot boot. Therefore, we allow trying indefinitely.
2013-09-11 17:44:33 +02:00
Ondrej Balaz
1acbb95c2b systemd-cryptsetup: makes “discard” a synonym for “allow-discards”
systemd-cryptsetup recognizes option 'allow-discards' in /etc/crypttab
to enable TRIM passthrough to underlying encrypted device. In Debian
this option was changed to 'discard' to avoid hyphen in option name.
(see: #648868 and `man crypttab`).

[zj: update crypttab(5) too, making "discard" the default.]
2013-08-14 22:54:07 -04:00
Jan Janssen
8cf3ca8068 cryptsetup: Add tcrypt support
Tcrypt uses a different approach to passphrases/key files. The
passphrase and all key files are incorporated into the "password"
to open the volume. So, the idea of slots that provide a way to
open the volume with different passphrases/key files that are
independent from each other like with LUKS does not apply.

Therefore, we use the key file from /etc/crypttab as the source
for the passphrase. The actual key files that are combined with
the passphrase into a password are provided as a new option in
/etc/crypttab and can be given multiple times if more than one
key file is used by a volume.
2013-07-16 01:24:31 +02:00
Jan Janssen
10fb4e35fd cryptsetup: Move attaching of the device out of main 2013-07-16 01:24:28 +02:00
Jan Janssen
e7d90b7127 cryptsetup: Move password query out of main
Also use _cleanup_free_ where possible.
2013-07-16 01:24:24 +02:00
Lennart Poettering
5f1dac6bf6 cryptsetup: warn if keyfiles are world-readable 2013-04-30 08:36:01 -03:00
Harald Hoyer
8d768d9962 cryptsetup: ask for password, if key file cannot be accessed
If the key file cannot be accessed, we can at least ask for the
password.
2013-04-18 22:17:13 +02:00
Harald Hoyer
49714341c3 cryptsetup: set the timeout to 0 by default
cryptsetup itself has no timeout as default from the beginning. So the
default timeout has been "0" from the beginning.

https://bugzilla.redhat.com/show_bug.cgi?id=949702
2013-04-18 02:19:46 +02:00
Zbigniew Jędrzejewski-Szmek
b92bea5d2a Use initalization instead of explicit zeroing
Before, we would initialize many fields twice: first
by filling the structure with zeros, and then a second
time with the real values. We can let the compiler do
the job for us, avoiding one copy.

A downside of this patch is that text gets slightly
bigger. This is because all zero() calls are effectively
inlined:

$ size build/.libs/systemd
         text    data     bss     dec     hex filename
before 897737  107300    2560 1007597   f5fed build/.libs/systemd
after  897873  107300    2560 1007733   f6075 build/.libs/systemd

… actually less than 1‰.

A few asserts that the parameter is not null had to be removed. I
don't think this changes much, because first, it is quite unlikely
for the assert to fail, and second, an immediate SEGV is almost as
good as an assert.
2013-04-05 19:50:57 -04:00
Lennart Poettering
7f602784de util: rename parse_usec() to parse_sec() sinds the default unit is seconds
Internally we store all time values in usec_t, however parse_usec()
actually was used mostly to parse values in seconds (unless explicit
units were specified to define a different unit). Hence, be clear about
this and name the function about what we pass into it, not what we get
out of it.
2013-04-03 20:12:57 +02:00
Lennart Poettering
74b1c37174 cryptsetup: when prompting for password use GPT partition label
If there's a GPT partition label set for a LUKS partition, then it's
nicer to show that than the model number, when asking for a passphrase.
2013-03-26 15:24:44 +01:00
Michal Schmidt
18cf1a1be5 cryptsetup: accept both "read-only" and "readonly" spellings
Mukund Sivaraman pointed out that cryptsetup(5) mentions the "read-only"
option, while the code understands "readonly".

We could just fix the manpage, but for consistency in naming of
multi-word options it would be prettier to have "read-only". So let's
accept both spellings.

BZ: https://bugzilla.redhat.com/show_bug.cgi?id=903463
2013-01-31 19:57:56 +01:00
Tom Gundersen
adc40dc2f6 cryptsetup: fix nofail support
This was documented in the man page and supported in the generator,
but systemd-cryptestup itself would fail with this option.

systemd-cryptsetup should ignore 'nofail', as it does with 'noauto'.
2012-11-21 12:53:28 +01:00
Dave Reisner
8db9d8c2a4 cryptsetup: fix inverted comparison in pass_volume_key 2012-11-06 10:18:10 -05:00
Dave Reisner
65343c7494 cryptsetup: hash=plain means don't use a hash
"plain" is a semantic value that cryptsetup(8) uses to describe a plain
dm-crypt volume that does not use a hash. Catch this value earlier and
ensure that a NULL params.hash is passed to crypt_format to avoid
passing an invalid hash type to the libcryptsetup backend.

FDO bug #56593.
2012-11-06 09:53:00 -05:00
Tom Gundersen
4271d8235f cryptsetup: add keyfile-size= support
This is useful e.g. if the keyfile is a raw device, where only parts of it
should be read. It is typically used whenever the keyfile-offset= option is
specified.

Tested-by: Erik Westrup <erik.westrup@gmail.com>
2012-08-03 20:49:55 +02:00
Shawn Landden
0d0f0c50d3 log.h: new log_oom() -> int -ENOMEM, use it
also a number of minor fixups and bug fixes: spelling, oom errors
that didn't print errors, not properly forwarding error codes,
few more consistency issues, et cetera
2012-07-26 11:48:26 +02:00