rpms / systemd

Clone
Source Code
GIT

Blame SOURCES/0184-cryptsetup-craft-a-unique-ID-with-the-source-device.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c8s-sig-hyperscale c8s-sig-hyperscale-hotfix-252 c9 c9-beta c9s-sig-hyperscale c9s-sig-hyperscale-hotfix-252
  1.   f8986c4b4dc1cf78661aaaa3bafd1feb14e05574
  2.   SOURCES
  3.   0184-cryptsetup-craft-a-unique-ID-with-the-source-device.patch
Blob History Raw
803fb7 
From 6c45bdd261e027ea78eabb81feaa70f3774bcf2f Mon Sep 17 00:00:00 2001
803fb7 
From: Harald Hoyer <harald@redhat.com>
803fb7 
Date: Mon, 1 Jun 2015 17:26:27 +0200
803fb7 
Subject: [PATCH] cryptsetup: craft a unique ID with the source device
803fb7
803fb7 
If cryptsetup is called with a source device as argv[3], then craft the
803fb7 
ID for the password agent with a unique device path.
803fb7
803fb7 
If possible "/dev/block/<maj>:<min>" is used, otherwise the original
803fb7 
argv[3] is used.
803fb7
803fb7 
This enables password agents like petera [1] to provide a password
803fb7 
according to the source device. The original ID did not carry enough
803fb7 
information and was more targeted for a human readable string, which
803fb7 
is specified in the "Message" field anyway.
803fb7
803fb7 
With this patch the ID of the ask.XXX ini file looks like this:
803fb7 
ID=cryptsetup:/dev/block/<maj>:<min>
803fb7
803fb7 
[1] https://github.com/npmccallum/petera
803fb7
803fb7 
Cherry-picked from: e51b9486d1b59e72c293028fed1384f4e4ef09aa
803fb7 
Resolves: #1226333
803fb7 
---
de8967 
 src/cryptsetup/cryptsetup.c | 90 ++++++++++++++++++++++++-------------
803fb7 
 1 file changed, 58 insertions(+), 32 deletions(-)
803fb7
803fb7 
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
803fb7 
index 3f613d9b6..5dedb073e 100644
803fb7 
--- a/src/cryptsetup/cryptsetup.c
803fb7 
+++ b/src/cryptsetup/cryptsetup.c
803fb7 
@@ -217,6 +217,23 @@ static void log_glue(int level, const char *msg, void *usrptr) {
803fb7 
         log_debug("%s", msg);
803fb7 
 }
803fb7
803fb7 
+static int disk_major_minor(const char *path, char **ret) {
803fb7 
+        struct stat st;
803fb7 
+
803fb7 
+        assert(path);
803fb7 
+
803fb7 
+        if (stat(path, &st) < 0)
803fb7 
+                return -errno;
803fb7 
+
803fb7 
+        if (!S_ISBLK(st.st_mode))
803fb7 
+                return -EINVAL;
803fb7 
+
803fb7 
+        if (asprintf(ret, "/dev/block/%d:%d", major(st.st_rdev), minor(st.st_rdev)) < 0)
803fb7 
+                return -errno;
803fb7 
+
803fb7 
+        return 0;
803fb7 
+}
803fb7 
+
803fb7 
 static char* disk_description(const char *path) {
803fb7
803fb7 
         static const char name_fields[] =
803fb7 
@@ -278,20 +295,55 @@ static char *disk_mount_point(const char *label) {
803fb7 
         return NULL;
803fb7 
 }
803fb7
803fb7 
-static int get_password(const char *name, usec_t until, bool accept_cached, char ***passwords) {
803fb7 
-        int r;
803fb7 
+static int get_password(const char *vol, const char *src, usec_t until, bool accept_cached, char ***passwords) {
803fb7 
+        int r = 0;
803fb7 
         char **p;
803fb7 
         _cleanup_free_ char *text = NULL;
803fb7 
         _cleanup_free_ char *escaped_name = NULL;
803fb7 
         char *id;
803fb7 
+        const char *name = NULL;
803fb7 
+        _cleanup_free_ char *description = NULL, *name_buffer = NULL,
803fb7 
+                *mount_point = NULL, *maj_min = NULL;
803fb7
803fb7 
-        assert(name);
803fb7 
+        assert(vol);
803fb7 
+        assert(src);
803fb7 
         assert(passwords);
803fb7
803fb7 
+        description = disk_description(src);
803fb7 
+        mount_point = disk_mount_point(vol);
803fb7 
+
803fb7 
+        if (description && streq(vol, description)) {
803fb7 
+                /* If the description string is simply the
803fb7 
+                 * volume name, then let's not show this
803fb7 
+                 * twice */
803fb7 
+                free(description);
803fb7 
+                description = NULL;
803fb7 
+        }
803fb7 
+
803fb7 
+        if (mount_point && description)
803fb7 
+                r = asprintf(&name_buffer, "%s (%s) on %s", description, vol, mount_point);
803fb7 
+        else if (mount_point)
803fb7 
+                r = asprintf(&name_buffer, "%s on %s", vol, mount_point);
803fb7 
+        else if (description)
803fb7 
+                r = asprintf(&name_buffer, "%s (%s)", description, vol);
803fb7 
+
803fb7 
+        if (r < 0)
803fb7 
+                return log_oom();
803fb7 
+
803fb7 
+        name = name_buffer ? name_buffer : vol;
803fb7 
+
803fb7 
         if (asprintf(&text, "Please enter passphrase for disk %s!", name) < 0)
803fb7 
                 return log_oom();
803fb7
803fb7 
-        escaped_name = cescape(name);
803fb7 
+        if (src)
803fb7 
+                (void) disk_major_minor(src, &maj_min);
803fb7 
+
803fb7 
+        if (maj_min) {
803fb7 
+                escaped_name = maj_min;
803fb7 
+                maj_min = NULL;
803fb7 
+        } else
803fb7 
+                escaped_name = cescape(name);
803fb7 
+
803fb7 
         if (!escaped_name)
803fb7 
                 return log_oom();
803fb7
803fb7 
@@ -532,8 +584,7 @@ int main(int argc, char *argv[]) {
803fb7 
                 unsigned tries;
803fb7 
                 usec_t until;
803fb7 
                 crypt_status_info status;
803fb7 
-                const char *key_file = NULL, *name = NULL;
803fb7 
-                _cleanup_free_ char *description = NULL, *name_buffer = NULL, *mount_point = NULL;
803fb7 
+                const char *key_file = NULL;
803fb7
803fb7 
                 /* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [PASSWORD] [OPTIONS] */
803fb7
803fb7 
@@ -561,31 +612,6 @@ int main(int argc, char *argv[]) {
803fb7 
                 /* A delicious drop of snake oil */
803fb7 
                 mlockall(MCL_FUTURE);
803fb7
803fb7 
-                description = disk_description(argv[3]);
803fb7 
-                mount_point = disk_mount_point(argv[2]);
803fb7 
-
803fb7 
-                if (description && streq(argv[2], description)) {
803fb7 
-                        /* If the description string is simply the
803fb7 
-                         * volume name, then let's not show this
803fb7 
-                         * twice */
803fb7 
-                        free(description);
803fb7 
-                        description = NULL;
803fb7 
-                }
803fb7 
-
803fb7 
-                k = 0;
803fb7 
-                if (mount_point && description)
803fb7 
-                        k = asprintf(&name_buffer, "%s (%s) on %s", description, argv[2], mount_point);
803fb7 
-                else if (mount_point)
803fb7 
-                        k = asprintf(&name_buffer, "%s on %s", argv[2], mount_point);
803fb7 
-                else if (description)
803fb7 
-                        k = asprintf(&name_buffer, "%s (%s)", description, argv[2]);
803fb7 
-
803fb7 
-                if (k < 0) {
803fb7 
-                        log_oom();
803fb7 
-                        goto finish;
803fb7 
-                }
803fb7 
-                name = name_buffer ? name_buffer : argv[2];
803fb7 
-
803fb7 
                 if (arg_header) {
803fb7 
                         log_debug("LUKS header: %s", arg_header);
803fb7 
                         k = crypt_init(&cd, arg_header);
803fb7 
@@ -632,7 +658,7 @@ int main(int argc, char *argv[]) {
803fb7 
                         _cleanup_strv_free_ char **passwords = NULL;
803fb7
803fb7 
                         if (!key_file) {
803fb7 
-                                k = get_password(name, until, tries == 0 && !arg_verify, &passwords);
803fb7 
+                                k = get_password(argv[2], argv[3], until, tries == 0 && !arg_verify, &passwords);
803fb7 
                                 if (k == -EAGAIN)
803fb7 
                                         continue;
803fb7 
                                 else if (k < 0)

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation