summaryrefslogtreecommitdiff
path: root/src/cryptsetup/cryptsetup.c
AgeCommit message (Collapse)Author
2015-11-27tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easyLennart Poettering
GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.
2015-10-27util-lib: split out allocation calls into alloc-util.[ch]Lennart Poettering
2015-10-27util-lib: move mount related utility calls to mount-util.[ch]Lennart Poettering
2015-10-27util-lib: split string parsing related calls from util.[ch] into parse-util.[ch]Lennart Poettering
2015-10-24util-lib: split our string related calls from util.[ch] into its own file ↵Lennart Poettering
string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
2015-10-24util: split out escaping code into escape.[ch]Lennart Poettering
This really deserves its own file, given how much code this is now.
2015-10-19strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_Zbigniew Jędrzejewski-Szmek
2015-10-19tree-wide: whenever we deal with passwords, erase them from memory after useLennart Poettering
A bit snake-oilish, but can't hurt.
2015-10-07ask-password: add support for caching passwords in the kernel keyringLennart Poettering
This adds support for caching harddisk passwords in the kernel keyring if it is available, thus supporting caching without Plymouth being around. This is also useful for hooking up "gdm-auto-login" with the collected boot-time harddisk password, in order to support gnome keyring passphrase unlocking via the HDD password, if it is the same. Any passwords added to the kernel keyring this way have a timeout of 2.5min at which time they are purged from the kernel.
2015-09-09tree-wide: drop {} from one-line if blocksLennart Poettering
Patch via coccinelle.
2015-07-31tree-wide: introduce mfree()David Herrmann
Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-06-09cryptsetup: craft a unique ID with the source deviceHarald Hoyer
If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-04-17cryptsetup: Implement offset and skip optionsMartin Pitt
These are useful for plain devices as they don't have any metadata by themselves. Instead of using an unreliable hardcoded device name in crypttab you can then put static metadata at the start of the partition for a stable UUID or label. https://bugs.freedesktop.org/show_bug.cgi?id=87717 https://bugs.debian.org/751707 https://launchpad.net/bugs/953875
2015-04-02cryptsetup: port from libudev to sd-deviceTom Gundersen
2015-02-23remove unused includesThomas Hindoe Paaboel Andersen
This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.
2015-02-03util: rework strappenda(), and rename it strjoina()Lennart Poettering
After all it is now much more like strjoin() than strappend(). At the same time, add support for NULL sentinels, even if they are normally not necessary.
2015-02-02cryptsetup: only warn on real key filesMartin Pitt
Simplify the check from commit 05f73ad to only apply the warning to regular files instead of enumerating device nodes.
2015-02-02cryptsetup: Do not warn If the key is /dev/*randomCristian Rodríguez
Using /dev/urandom as a key is valid for swap, do not warn if this devices are world readable.
2015-01-11Support negated fstab optionsZbigniew Jędrzejewski-Szmek
We would ignore options like "fail" and "auto", and for any option which takes a value the first assignment would win. Repeated and options equivalent to the default are rarely used, but they have been documented forever, and people might use them. Especially on the kernel command line it is easier to append a repeated or negated option at the end.
2015-01-08cryptsetup: support header= optionAndrey Chaser
https://bugs.freedesktop.org/show_bug.cgi?id=66396
2014-11-28treewide: more log_*_errno + return simplificationsMichal Schmidt
2014-11-28treewide: no need to negate errno for log_*_errno()Michal Schmidt
It corrrectly handles both positive and negative errno values.
2014-11-28treewide: auto-convert the simple cases to log_*_errno()Michal Schmidt
As a followup to 086891e5c1 "log: add an "error" parameter to all low-level logging calls and intrdouce log_error_errno() as log calls that take error numbers", use sed to convert the simple cases to use the new macros: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/' Multi-line log_*() invocations are not covered. And we also should add log_unit_*_errno().
2014-11-24cryptsetup: default to no hash when keyfile is specifiedZbigniew Jędrzejewski-Szmek
For plain dm-crypt devices, the behavior of cryptsetup package is to ignore the hash algorithm when a key file is provided. It seems wrong to ignore a hash when it is explicitly specified, but we should default to no hash if the keyfile is specified. https://bugs.freedesktop.org/show_bug.cgi?id=52630
2014-07-31Reject invalid quoted stringsZbigniew Jędrzejewski-Szmek
String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-26Always check asprintf return codeKarel Zak
There is a small number of the places in sources where we don't check asprintf() return code and assume that after error the function returns NULL pointer via the first argument. That's wrong, after error the content of pointer is undefined.
2014-06-13cryptsetup: check that password is not nullThomas Hindoe Paaboel Andersen
Beef up the assert to protect against passing null to strlen. Found with scan-build.
2014-04-24Fix keysize handling in cryptsetup (bits vs. bytes)David Härdeman
The command line key-size is in bits but the libcryptsetup API expects bytes. Note that the modulo 8 check is in the original cryptsetup binary as well, so it's no new limitation. (v2: changed the point at which the /= 8 is performed, rebased, removed tabs)
2014-04-24Add more password agent informationDavid Härdeman
Add an (optional) "Id" key in the password agent .ask files. The Id is supposed to be a simple string in "<subsystem>:<target>" form which is used to provide more information on what the requested passphrase is to be used for (which e.g. allows an agent to only react to cryptsetup requests). (v2: rebased, fixed indentation, escape name, use strappenda)
2014-03-24cryptsetup: minor typo fixLennart Poettering
2014-03-13cryptsetup: call static variables parsed from command line arg_XYZ like in ↵Lennart Poettering
all other tools
2014-01-26cryptsetup: Support key-slot optionChristian Seiler
Debian recently introduced the option key-slot to /etc/crypttab to specify the LUKS key slot to be used for decrypting the device. On systems where a keyfile is used and the key is not in the first slot, this can speed up the boot process quite a bit, since cryptsetup does not need to try all of the slots sequentially. (Unsuccessfully testing a key slot typically takes up to about 1 second.) This patch makes systemd aware of this option. Debian bug that introduced the feature: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704470
2013-10-13Introduce udev object cleanup functionsZbigniew Jędrzejewski-Szmek
2013-10-03Introduce _cleanup_endmntent_Zbigniew Jędrzejewski-Szmek
2013-10-02cryptsetup: fix OOM handling when parsing mount optionsLennart Poettering
2013-09-11cryptsetup: Retry indefinitely if tries=0 option has been set.Thomas Bächler
When running from initrd, entering a wrong passphrase usually means that you cannot boot. Therefore, we allow trying indefinitely.
2013-08-14systemd-cryptsetup: makes “discard” a synonym for “allow-discards”Ondrej Balaz
systemd-cryptsetup recognizes option 'allow-discards' in /etc/crypttab to enable TRIM passthrough to underlying encrypted device. In Debian this option was changed to 'discard' to avoid hyphen in option name. (see: #648868 and `man crypttab`). [zj: update crypttab(5) too, making "discard" the default.]
2013-07-16cryptsetup: Add tcrypt supportJan Janssen
Tcrypt uses a different approach to passphrases/key files. The passphrase and all key files are incorporated into the "password" to open the volume. So, the idea of slots that provide a way to open the volume with different passphrases/key files that are independent from each other like with LUKS does not apply. Therefore, we use the key file from /etc/crypttab as the source for the passphrase. The actual key files that are combined with the passphrase into a password are provided as a new option in /etc/crypttab and can be given multiple times if more than one key file is used by a volume.
2013-07-16cryptsetup: Move attaching of the device out of mainJan Janssen
2013-07-16cryptsetup: Move password query out of mainJan Janssen
Also use _cleanup_free_ where possible.
2013-04-30cryptsetup: warn if keyfiles are world-readableLennart Poettering
2013-04-18cryptsetup: ask for password, if key file cannot be accessedHarald Hoyer
If the key file cannot be accessed, we can at least ask for the password.
2013-04-18cryptsetup: set the timeout to 0 by defaultHarald Hoyer
cryptsetup itself has no timeout as default from the beginning. So the default timeout has been "0" from the beginning. https://bugzilla.redhat.com/show_bug.cgi?id=949702
2013-04-05Use initalization instead of explicit zeroingZbigniew Jędrzejewski-Szmek
Before, we would initialize many fields twice: first by filling the structure with zeros, and then a second time with the real values. We can let the compiler do the job for us, avoiding one copy. A downside of this patch is that text gets slightly bigger. This is because all zero() calls are effectively inlined: $ size build/.libs/systemd text data bss dec hex filename before 897737 107300 2560 1007597 f5fed build/.libs/systemd after 897873 107300 2560 1007733 f6075 build/.libs/systemd … actually less than 1‰. A few asserts that the parameter is not null had to be removed. I don't think this changes much, because first, it is quite unlikely for the assert to fail, and second, an immediate SEGV is almost as good as an assert.
2013-04-03util: rename parse_usec() to parse_sec() sinds the default unit is secondsLennart Poettering
Internally we store all time values in usec_t, however parse_usec() actually was used mostly to parse values in seconds (unless explicit units were specified to define a different unit). Hence, be clear about this and name the function about what we pass into it, not what we get out of it.
2013-03-26cryptsetup: when prompting for password use GPT partition labelLennart Poettering
If there's a GPT partition label set for a LUKS partition, then it's nicer to show that than the model number, when asking for a passphrase.
2013-01-31cryptsetup: accept both "read-only" and "readonly" spellingsMichal Schmidt
Mukund Sivaraman pointed out that cryptsetup(5) mentions the "read-only" option, while the code understands "readonly". We could just fix the manpage, but for consistency in naming of multi-word options it would be prettier to have "read-only". So let's accept both spellings. BZ: https://bugzilla.redhat.com/show_bug.cgi?id=903463
2012-11-21cryptsetup: fix nofail supportTom Gundersen
This was documented in the man page and supported in the generator, but systemd-cryptestup itself would fail with this option. systemd-cryptsetup should ignore 'nofail', as it does with 'noauto'.
2012-11-06cryptsetup: fix inverted comparison in pass_volume_keyDave Reisner
2012-11-06cryptsetup: hash=plain means don't use a hashDave Reisner
"plain" is a semantic value that cryptsetup(8) uses to describe a plain dm-crypt volume that does not use a hash. Catch this value earlier and ensure that a NULL params.hash is passed to crypt_format to avoid passing an invalid hash type to the libcryptsetup backend. FDO bug #56593.