Age | Commit message (Collapse) | Author |
|
This adds support for caching harddisk passwords in the kernel keyring
if it is available, thus supporting caching without Plymouth being
around.
This is also useful for hooking up "gdm-auto-login" with the collected
boot-time harddisk password, in order to support gnome keyring
passphrase unlocking via the HDD password, if it is the same.
Any passwords added to the kernel keyring this way have a timeout of
2.5min at which time they are purged from the kernel.
|
|
Patch via coccinelle.
|
|
Pretty trivial helper which wraps free() but returns NULL, so we can
simplify this:
free(foobar);
foobar = NULL;
to this:
foobar = mfree(foobar);
|
|
If cryptsetup is called with a source device as argv[3], then craft the
ID for the password agent with a unique device path.
If possible "/dev/block/<maj>:<min>" is used, otherwise the original
argv[3] is used.
This enables password agents like petera [1] to provide a password
according to the source device. The original ID did not carry enough
information and was more targeted for a human readable string, which
is specified in the "Message" field anyway.
With this patch the ID of the ask.XXX ini file looks like this:
ID=cryptsetup:/dev/block/<maj>:<min>
[1] https://github.com/npmccallum/petera
|
|
These are useful for plain devices as they don't have any metadata by
themselves. Instead of using an unreliable hardcoded device name in crypttab
you can then put static metadata at the start of the partition for a stable
UUID or label.
https://bugs.freedesktop.org/show_bug.cgi?id=87717
https://bugs.debian.org/751707
https://launchpad.net/bugs/953875
|
|
|
|
This patch removes includes that are not used. The removals were found with
include-what-you-use which checks if any of the symbols from a header is
in use.
|
|
After all it is now much more like strjoin() than strappend(). At the
same time, add support for NULL sentinels, even if they are normally not
necessary.
|
|
Simplify the check from commit 05f73ad to only apply the warning to regular
files instead of enumerating device nodes.
|
|
Using /dev/urandom as a key is valid for swap, do not
warn if this devices are world readable.
|
|
We would ignore options like "fail" and "auto", and for any option
which takes a value the first assignment would win. Repeated and
options equivalent to the default are rarely used, but they have been
documented forever, and people might use them. Especially on the
kernel command line it is easier to append a repeated or negated
option at the end.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=66396
|
|
|
|
It corrrectly handles both positive and negative errno values.
|
|
As a followup to 086891e5c1 "log: add an "error" parameter to all
low-level logging calls and intrdouce log_error_errno() as log calls
that take error numbers", use sed to convert the simple cases to use
the new macros:
find . -name '*.[ch]' | xargs sed -r -i -e \
's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/'
Multi-line log_*() invocations are not covered.
And we also should add log_unit_*_errno().
|
|
For plain dm-crypt devices, the behavior of cryptsetup package is to
ignore the hash algorithm when a key file is provided. It seems wrong
to ignore a hash when it is explicitly specified, but we should default
to no hash if the keyfile is specified.
https://bugs.freedesktop.org/show_bug.cgi?id=52630
|
|
String which ended in an unfinished quote were accepted, potentially
with bad memory accesses.
Reject anything which ends in a unfished quote, or contains
non-whitespace characters right after the closing quote.
_FOREACH_WORD now returns the invalid character in *state. But this return
value is not checked anywhere yet.
Also, make 'word' and 'state' variables const pointers, and rename 'w'
to 'word' in various places. Things are easier to read if the same name
is used consistently.
mbiebl_> am I correct that something like this doesn't work
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"'
mbiebl_> systemd seems to strip of the quotes
mbiebl_> systemctl status shows
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint
mbiebl_> which is pretty weird
|
|
There is a small number of the places in sources where we don't check
asprintf() return code and assume that after error the function
returns NULL pointer via the first argument. That's wrong, after
error the content of pointer is undefined.
|
|
Beef up the assert to protect against passing null to strlen.
Found with scan-build.
|
|
The command line key-size is in bits but the libcryptsetup API expects bytes.
Note that the modulo 8 check is in the original cryptsetup binary as well, so
it's no new limitation.
(v2: changed the point at which the /= 8 is performed, rebased, removed tabs)
|
|
Add an (optional) "Id" key in the password agent .ask files. The Id is
supposed to be a simple string in "<subsystem>:<target>" form which
is used to provide more information on what the requested passphrase
is to be used for (which e.g. allows an agent to only react to cryptsetup
requests).
(v2: rebased, fixed indentation, escape name, use strappenda)
|
|
|
|
all other tools
|
|
Debian recently introduced the option key-slot to /etc/crypttab to
specify the LUKS key slot to be used for decrypting the device. On
systems where a keyfile is used and the key is not in the first slot,
this can speed up the boot process quite a bit, since cryptsetup does
not need to try all of the slots sequentially. (Unsuccessfully testing
a key slot typically takes up to about 1 second.)
This patch makes systemd aware of this option.
Debian bug that introduced the feature:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704470
|
|
|
|
|
|
|
|
When running from initrd, entering a wrong passphrase usually means that
you cannot boot. Therefore, we allow trying indefinitely.
|
|
systemd-cryptsetup recognizes option 'allow-discards' in /etc/crypttab
to enable TRIM passthrough to underlying encrypted device. In Debian
this option was changed to 'discard' to avoid hyphen in option name.
(see: #648868 and `man crypttab`).
[zj: update crypttab(5) too, making "discard" the default.]
|
|
Tcrypt uses a different approach to passphrases/key files. The
passphrase and all key files are incorporated into the "password"
to open the volume. So, the idea of slots that provide a way to
open the volume with different passphrases/key files that are
independent from each other like with LUKS does not apply.
Therefore, we use the key file from /etc/crypttab as the source
for the passphrase. The actual key files that are combined with
the passphrase into a password are provided as a new option in
/etc/crypttab and can be given multiple times if more than one
key file is used by a volume.
|
|
|
|
Also use _cleanup_free_ where possible.
|
|
|
|
If the key file cannot be accessed, we can at least ask for the
password.
|
|
cryptsetup itself has no timeout as default from the beginning. So the
default timeout has been "0" from the beginning.
https://bugzilla.redhat.com/show_bug.cgi?id=949702
|
|
Before, we would initialize many fields twice: first
by filling the structure with zeros, and then a second
time with the real values. We can let the compiler do
the job for us, avoiding one copy.
A downside of this patch is that text gets slightly
bigger. This is because all zero() calls are effectively
inlined:
$ size build/.libs/systemd
text data bss dec hex filename
before 897737 107300 2560 1007597 f5fed build/.libs/systemd
after 897873 107300 2560 1007733 f6075 build/.libs/systemd
… actually less than 1‰.
A few asserts that the parameter is not null had to be removed. I
don't think this changes much, because first, it is quite unlikely
for the assert to fail, and second, an immediate SEGV is almost as
good as an assert.
|
|
Internally we store all time values in usec_t, however parse_usec()
actually was used mostly to parse values in seconds (unless explicit
units were specified to define a different unit). Hence, be clear about
this and name the function about what we pass into it, not what we get
out of it.
|
|
If there's a GPT partition label set for a LUKS partition, then it's
nicer to show that than the model number, when asking for a passphrase.
|
|
Mukund Sivaraman pointed out that cryptsetup(5) mentions the "read-only"
option, while the code understands "readonly".
We could just fix the manpage, but for consistency in naming of
multi-word options it would be prettier to have "read-only". So let's
accept both spellings.
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=903463
|
|
This was documented in the man page and supported in the generator,
but systemd-cryptestup itself would fail with this option.
systemd-cryptsetup should ignore 'nofail', as it does with 'noauto'.
|
|
|
|
"plain" is a semantic value that cryptsetup(8) uses to describe a plain
dm-crypt volume that does not use a hash. Catch this value earlier and
ensure that a NULL params.hash is passed to crypt_format to avoid
passing an invalid hash type to the libcryptsetup backend.
FDO bug #56593.
|
|
This is useful e.g. if the keyfile is a raw device, where only parts of it
should be read. It is typically used whenever the keyfile-offset= option is
specified.
Tested-by: Erik Westrup <erik.westrup@gmail.com>
|
|
also a number of minor fixups and bug fixes: spelling, oom errors
that didn't print errors, not properly forwarding error codes,
few more consistency issues, et cetera
|
|
glibc/glib both use "out of memory" consistantly so maybe we should
consider that instead of this.
Eliminates one string out of a number of binaries. Also fixes extra newline
in udev/scsi_id
|
|
This is useful if your keyfile is a block device, and you want to
use a specific part of it, such as an area between the MBR and the
first partition.
This feature is documented in the Arch wiki[0], and has been supported
by the Arch initscripts, so would be nice to get this into systemd.
This requires libcryptsetup >= 1.4.2 (released 12.4.2012).
Acked-by: Paul Menzel <paulepanter@users.sourceforge.net>
[0]:
<https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS#
Storing_the_key_between_MBR_and_1st_partition>
|
|
|
|
|
|
|
|
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.
Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.
The bits that used to be MIT continue to be MIT.
The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
|