summaryrefslogtreecommitdiff
path: root/src/cryptsetup.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2010-11-12 00:39:17 +0100
committerLennart Poettering <lennart@poettering.net>2010-11-12 00:40:27 +0100
commit7f4e08056de0184b205a20632e62db73d299937e (patch)
tree09633a6d941c08d6c17797425f3b592742fe7c4e /src/cryptsetup.c
parent5a1e99375d03bc88795d68c66bf3933dd04c1015 (diff)
cryptsetup: hook up tool with ask-password
Diffstat (limited to 'src/cryptsetup.c')
-rw-r--r--src/cryptsetup.c202
1 files changed, 198 insertions, 4 deletions
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index 22312477d2..7d5d3db49b 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -20,12 +20,134 @@
***/
#include <string.h>
+#include <errno.h>
+
+#include <libcryptsetup.h>
#include "log.h"
#include "util.h"
+#include "ask-password-api.h"
+
+static unsigned opt_tries = 0;
+static char *opt_cipher = NULL;
+static unsigned opt_size = 0;
+static char *opt_hash = NULL;
+static bool opt_readonly = false;
+static bool opt_verify = false;
+static usec_t arg_timeout = 0;
+
+static int parse_one_option(const char *option) {
+ assert(option);
+
+ /* Handled outside of this tool */
+ if (streq(option, "swap") ||
+ streq(option, "tmp") ||
+ streq(option, "noauto"))
+ return 0;
+
+ if (startswith(option, "cipher=")) {
+ char *t;
+
+ if (!(t = strdup(option+7)))
+ return -ENOMEM;
+
+ free(opt_cipher);
+ opt_cipher = t;
+
+ } else if (startswith(option, "size=")) {
+
+ if (safe_atou(option+5, &opt_size) < 0) {
+ log_error("size= parse failure, ignoring.");
+ return 0;
+ }
+
+ } else if (startswith(option, "hash=")) {
+ char *t;
+
+ if (!(t = strdup(option+5)))
+ return -ENOMEM;
+
+ free(opt_hash);
+ opt_hash = t;
+
+ } else if (startswith(option, "tries=")) {
+
+ if (safe_atou(option+6, &opt_tries) < 0) {
+ log_error("tries= parse failure, ignoring.");
+ return 0;
+ }
+
+ } else if (streq(option, "readonly"))
+ opt_readonly = true;
+ else if (streq(option, "verify"))
+ opt_verify = true;
+ else if (startswith(option, "timeout=")) {
+
+ if (parse_usec(option+8, &arg_timeout) < 0) {
+ log_error("timeout= parse failure, ignoring.");
+ return 0;
+ }
+
+ } else
+ log_error("Encountered unknown /etc/crypttab option '%s', ignoring.", option);
+
+ return 0;
+}
+
+static int parse_options(const char *options) {
+ char *state;
+ char *w;
+ size_t l;
+
+ assert(options);
+
+ FOREACH_WORD_SEPARATOR(w, l, options, ",", state) {
+ char *o;
+ int r;
+
+ if (!(o = strndup(w, l)))
+ return -ENOMEM;
+
+ r = parse_one_option(o);
+ free(o);
+
+ if (r < 0)
+ return r;
+ }
+
+ return 0;
+}
+
+static void log_glue(int level, const char *msg, void *usrptr) {
+
+ log_full(level == CRYPT_LOG_ERROR ? LOG_ERR :
+ level == CRYPT_LOG_VERBOSE ? LOG_INFO :
+ level == CRYPT_LOG_DEBUG ? LOG_DEBUG :
+ LOG_NOTICE,
+ "%s", msg);
+}
+
+static int password_glue(const char *msg, char *buf, size_t length, void *usrptr) {
+ usec_t until;
+ char *password = NULL;
+ int k;
+
+ until = now(CLOCK_MONOTONIC) + (arg_timeout > 0 ? arg_timeout : 60 * USEC_PER_SEC);
+
+ if ((k = ask_password_agent(msg, "drive-harddisk", until, &password)) < 0)
+ return k;
+
+ strncpy(buf, password, length-1);
+ buf[length-1] = 0;
+
+ free(password);
+
+ return strlen(buf);
+}
int main(int argc, char *argv[]) {
- int r = EXIT_SUCCESS;
+ int r = EXIT_FAILURE;
+ struct crypt_device *cd = NULL;
if (argc < 3) {
log_error("This program requires at least two arguments.");
@@ -36,18 +158,90 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
- if (streq(argv[1], "create")) {
+ if (streq(argv[1], "attach") ||
+ streq(argv[1], "format-and-attach")) {
+ uint32_t flags = 0;
+ int k;
+ const char *key_file = NULL;
+
+ if (argc < 4) {
+ log_error("attach requires at least two arguments.");
+ goto finish;
+ }
+
+ if (argc >= 5 && argv[4][0] && !streq(argv[4], "-")) {
+
+ if (!path_is_absolute(argv[4]))
+ log_error("Password file path %s is not absolute. Ignoring.", argv[4]);
+ else
+ key_file = argv[4];
+ }
+
+ if (argc >= 6 && argv[5][0] && !streq(argv[5], "-"))
+ parse_options(argv[5]);
- } else if (streq(argv[1], "format")) {
+ if ((k = crypt_init(&cd, argv[3]))) {
+ log_error("crypt_init() failed: %s", strerror(-k));
+ goto finish;
+ }
+ crypt_set_log_callback(cd, log_glue, NULL);
+ crypt_set_password_callback(cd, password_glue, NULL);
- } else if (streq(argv[1], "remove")) {
+ if (streq(argv[1], "format-and-attach")) {
+
+ /* Format with random key and attach */
+
+ log_error("Formatting not yet supported.");
+ goto finish;
+
+ } else if ((k = crypt_load(cd, CRYPT_LUKS1, NULL))) {
+ log_error("crypt_load() failed: %s", strerror(-k));
+ goto finish;
+ }
+
+ if (opt_readonly)
+ flags |= CRYPT_ACTIVATE_READONLY;
+
+ if (key_file) {
+ crypt_set_password_retry(cd, 1);
+ k = crypt_activate_by_keyfile(cd, argv[2], CRYPT_ANY_SLOT, key_file, 0, flags);
+ } else {
+ crypt_set_password_retry(cd, opt_tries > 0 ? opt_tries : 3);
+ k = crypt_activate_by_passphrase(cd, argv[2], CRYPT_ANY_SLOT, NULL, 0, flags);
+ }
+
+ if (k < 0) {
+ log_error("Failed to activate: %s", strerror(-k));
+ goto finish;
+ }
+
+ } else if (streq(argv[1], "detach")) {
+ int k;
+
+ if ((k = crypt_init_by_name(&cd, argv[2]))) {
+ log_error("crypt_init() failed: %s", strerror(-k));
+ goto finish;
+ }
+
+ crypt_set_log_callback(cd, log_glue, NULL);
+
+ if ((k = crypt_deactivate(cd, argv[2])) < 0) {
+ log_error("Failed to deactivate: %s", strerror(-k));
+ goto finish;
+ }
} else {
log_error("Unknown verb %s.", argv[1]);
goto finish;
}
+ r = EXIT_SUCCESS;
+
finish:
+
+ if (cd)
+ crypt_free(cd);
+
return r;
}