anitazha / rpms / systemd

Forked from rpms/systemd 3 years ago
Clone

Blame SOURCES/0305-cryptsetup-rework-how-we-log-about-activation-failur.patch

5d2ee9
From 966ecf0011a02c7823083a7868b8589fdf850be8 Mon Sep 17 00:00:00 2001
5d2ee9
From: Lennart Poettering <lennart@poettering.net>
5d2ee9
Date: Mon, 21 Jan 2019 20:20:35 +0100
5d2ee9
Subject: [PATCH] cryptsetup: rework how we log about activation failures
5d2ee9
5d2ee9
First of all let's always log where the errors happen, and not in an
5d2ee9
upper stackframe, in all cases. Previously we'd do this somethis one way
5d2ee9
and sometimes another, which resulted in sometimes duplicate logging and
5d2ee9
sometimes none.
5d2ee9
5d2ee9
When we cannot activate something due to bad password the kernel gives
5d2ee9
us EPERM. Let's uniformly return this EAGAIN, so tha the next password
5d2ee9
is tried. (previously this was done in most cases but not in all)
5d2ee9
5d2ee9
When we get EPERM let's also explicitly indicate that this probably
5d2ee9
means the password is simply wrong.
5d2ee9
5d2ee9
Fixes: #11498
5d2ee9
(cherry picked from commit 6f177c7dc092eb68762b4533d41b14244adb2a73)
5d2ee9
5d2ee9
Related: #1776408
5d2ee9
---
5d2ee9
 src/cryptsetup/cryptsetup.c | 36 ++++++++++++++++++++++--------------
5d2ee9
 1 file changed, 22 insertions(+), 14 deletions(-)
5d2ee9
5d2ee9
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
5d2ee9
index 53fe04a73f..33c215eaa1 100644
5d2ee9
--- a/src/cryptsetup/cryptsetup.c
5d2ee9
+++ b/src/cryptsetup/cryptsetup.c
5d2ee9
@@ -469,10 +469,15 @@ static int attach_tcrypt(
5d2ee9
                         log_error("Failed to activate using password file '%s'.", key_file);
5d2ee9
                         return -EAGAIN;
5d2ee9
                 }
5d2ee9
-                return r;
5d2ee9
+
5d2ee9
+                return log_error_errno(r, "Failed to load tcrypt superblock on device %s: %m", crypt_get_device_name(cd));
5d2ee9
         }
5d2ee9
 
5d2ee9
-        return crypt_activate_by_volume_key(cd, name, NULL, 0, flags);
5d2ee9
+        r = crypt_activate_by_volume_key(cd, name, NULL, 0, flags);
5d2ee9
+        if (r < 0)
5d2ee9
+                return log_error_errno(r, "Failed to activate tcrypt device %s: %m", crypt_get_device_name(cd));
5d2ee9
+
5d2ee9
+        return 0;
5d2ee9
 }
5d2ee9
 
5d2ee9
 static int attach_luks_or_plain(struct crypt_device *cd,
5d2ee9
@@ -549,22 +554,30 @@ static int attach_luks_or_plain(struct crypt_device *cd,
5d2ee9
 
5d2ee9
         if (key_file) {
5d2ee9
                 r = crypt_activate_by_keyfile_offset(cd, name, arg_key_slot, key_file, arg_keyfile_size, arg_keyfile_offset, flags);
5d2ee9
-                if (r < 0) {
5d2ee9
-                        log_error_errno(r, "Failed to activate with key file '%s': %m", key_file);
5d2ee9
-                        return -EAGAIN;
5d2ee9
+                if (r == -EPERM) {
5d2ee9
+                        log_error_errno(r, "Failed to activate with key file '%s'. (Key data incorrect?)", key_file);
5d2ee9
+                        return -EAGAIN; /* Log actual error, but return EAGAIN */
5d2ee9
                 }
5d2ee9
+                if (r < 0)
5d2ee9
+                        return log_error_errno(r, "Failed to activate with key file '%s': %m", key_file);
5d2ee9
         } else {
5d2ee9
                 char **p;
5d2ee9
 
5d2ee9
+                r = -EINVAL;
5d2ee9
                 STRV_FOREACH(p, passwords) {
5d2ee9
                         if (pass_volume_key)
5d2ee9
                                 r = crypt_activate_by_volume_key(cd, name, *p, arg_key_size, flags);
5d2ee9
                         else
5d2ee9
                                 r = crypt_activate_by_passphrase(cd, name, arg_key_slot, *p, strlen(*p), flags);
5d2ee9
-
5d2ee9
                         if (r >= 0)
5d2ee9
                                 break;
5d2ee9
                 }
5d2ee9
+                if (r == -EPERM) {
5d2ee9
+                        log_error_errno(r, "Failed to activate with specified passphrase. (Passphrase incorrect?)");
5d2ee9
+                        return -EAGAIN; /* log actual error, but return EAGAIN */
5d2ee9
+                }
5d2ee9
+                if (r < 0)
5d2ee9
+                        return log_error_errno(r, "Failed to activate with specified passphrase: %m");
5d2ee9
         }
5d2ee9
 
5d2ee9
         return r;
5d2ee9
@@ -726,16 +739,11 @@ int main(int argc, char *argv[]) {
5d2ee9
                                                          flags);
5d2ee9
                         if (r >= 0)
5d2ee9
                                 break;
5d2ee9
-                        if (r == -EAGAIN) {
5d2ee9
-                                key_file = NULL;
5d2ee9
-                                continue;
5d2ee9
-                        }
5d2ee9
-                        if (r != -EPERM) {
5d2ee9
-                                log_error_errno(r, "Failed to activate: %m");
5d2ee9
+                        if (r != -EAGAIN)
5d2ee9
                                 goto finish;
5d2ee9
-                        }
5d2ee9
 
5d2ee9
-                        log_warning("Invalid passphrase.");
5d2ee9
+                        /* Passphrase not correct? Let's try again! */
5d2ee9
+                        key_file = NULL;
5d2ee9
                 }
5d2ee9
 
5d2ee9
                 if (arg_tries != 0 && tries >= arg_tries) {