|
|
1f1adc |
From ecef526a51c5a276681472fd6df239570c9ce518 Mon Sep 17 00:00:00 2001
|
|
|
1f1adc |
From: Miloslav Trmač <mitr@redhat.com>
|
|
|
1f1adc |
Date: Nov 07 2017 15:55:55 +0000
|
|
|
1f1adc |
Subject: Stop using crypt_get_error
|
|
|
1f1adc |
|
|
|
1f1adc |
|
|
|
1f1adc |
Instead of crypt_get_error, which has been removed in cryptsetup 2.0,
|
|
|
1f1adc |
set up a log callback, which is available in both older and newer
|
|
|
1f1adc |
versions.
|
|
|
1f1adc |
|
|
|
1f1adc |
Fixes #13.
|
|
|
1f1adc |
|
|
|
1f1adc |
---
|
|
|
1f1adc |
|
|
|
1f1adc |
diff --git a/lib/volume_luks.c b/lib/volume_luks.c
|
|
|
1f1adc |
index 14794d7..f4bf2c8 100644
|
|
|
1f1adc |
--- a/lib/volume_luks.c
|
|
|
1f1adc |
+++ b/lib/volume_luks.c
|
|
|
1f1adc |
@@ -61,17 +61,13 @@ my_strerror (int err_no)
|
|
|
1f1adc |
}
|
|
|
1f1adc |
|
|
|
1f1adc |
/* Set ERROR based on libcryptsetup error state after returning RES.
|
|
|
1f1adc |
- Use CODE. */
|
|
|
1f1adc |
+ Use CODE and LAST_LOG_ENTRY. */
|
|
|
1f1adc |
static void
|
|
|
1f1adc |
-error_from_cryptsetup (GError **error, LIBVKError code, int res)
|
|
|
1f1adc |
+error_from_cryptsetup (GError **error, LIBVKError code, int res,
|
|
|
1f1adc |
+ char *last_log_entry)
|
|
|
1f1adc |
{
|
|
|
1f1adc |
- /* It's not possible to get the error message length from libcryptsetup, just
|
|
|
1f1adc |
- guess. */
|
|
|
1f1adc |
- char crypt_msg[4096];
|
|
|
1f1adc |
-
|
|
|
1f1adc |
- crypt_get_error (crypt_msg, sizeof (crypt_msg));
|
|
|
1f1adc |
- if (crypt_msg[0] != '\0')
|
|
|
1f1adc |
- g_set_error (error, LIBVK_ERROR, code, "%s", crypt_msg);
|
|
|
1f1adc |
+ if (last_log_entry != NULL && last_log_entry[0] != '\0')
|
|
|
1f1adc |
+ g_set_error (error, LIBVK_ERROR, code, "%s", last_log_entry);
|
|
|
1f1adc |
else
|
|
|
1f1adc |
{
|
|
|
1f1adc |
char *s;
|
|
|
1f1adc |
@@ -82,17 +78,33 @@ error_from_cryptsetup (GError **error, LIBVKError code, int res)
|
|
|
1f1adc |
}
|
|
|
1f1adc |
}
|
|
|
1f1adc |
|
|
|
1f1adc |
+static void
|
|
|
1f1adc |
+record_cryptsetup_log_entry (int level, const char *msg, void *usrptr)
|
|
|
1f1adc |
+{
|
|
|
1f1adc |
+ char **last_log_entry = usrptr;
|
|
|
1f1adc |
+
|
|
|
1f1adc |
+ if (level == CRYPT_LOG_ERROR)
|
|
|
1f1adc |
+ {
|
|
|
1f1adc |
+ g_free (*last_log_entry);
|
|
|
1f1adc |
+ *last_log_entry = g_strdup (msg);
|
|
|
1f1adc |
+ }
|
|
|
1f1adc |
+}
|
|
|
1f1adc |
+
|
|
|
1f1adc |
/* Open volume PATH and load its header.
|
|
|
1f1adc |
+ Set up *LAST_LOG_ENTRY to be updated to the last logged message for the
|
|
|
1f1adc |
+ device. The caller must g_free(*LAST_LOG_ENTRY) after closing the device.
|
|
|
1f1adc |
Return the volume, or NULL on error. */
|
|
|
1f1adc |
static struct crypt_device *
|
|
|
1f1adc |
-open_crypt_device (const char *path, GError **error)
|
|
|
1f1adc |
+open_crypt_device (const char *path, char **last_log_entry, GError **error)
|
|
|
1f1adc |
{
|
|
|
1f1adc |
struct crypt_device *cd;
|
|
|
1f1adc |
int r;
|
|
|
1f1adc |
|
|
|
1f1adc |
+ *last_log_entry = NULL;
|
|
|
1f1adc |
r = crypt_init (&cd, path);
|
|
|
1f1adc |
if (r < 0)
|
|
|
1f1adc |
goto err;
|
|
|
1f1adc |
+ crypt_set_log_callback(cd, record_cryptsetup_log_entry, last_log_entry);
|
|
|
1f1adc |
r = crypt_load (cd, CRYPT_LUKS1, NULL);
|
|
|
1f1adc |
if (r < 0)
|
|
|
1f1adc |
goto err_cd;
|
|
|
1f1adc |
@@ -101,9 +113,12 @@ open_crypt_device (const char *path, GError **error)
|
|
|
1f1adc |
err_cd:
|
|
|
1f1adc |
crypt_free (cd);
|
|
|
1f1adc |
err:
|
|
|
1f1adc |
- error_from_cryptsetup (error, LIBVK_ERROR_VOLUME_UNKNOWN_FORMAT, r);
|
|
|
1f1adc |
+ error_from_cryptsetup (error, LIBVK_ERROR_VOLUME_UNKNOWN_FORMAT, r,
|
|
|
1f1adc |
+ *last_log_entry);
|
|
|
1f1adc |
g_prefix_error (error, _("Error getting information about volume `%s': "),
|
|
|
1f1adc |
path);
|
|
|
1f1adc |
+ g_free (*last_log_entry);
|
|
|
1f1adc |
+ *last_log_entry = NULL;
|
|
|
1f1adc |
return NULL;
|
|
|
1f1adc |
}
|
|
|
1f1adc |
|
|
|
1f1adc |
@@ -173,10 +188,11 @@ luks_volume_open (struct libvk_volume *vol, const char *path, GError **error)
|
|
|
1f1adc |
{
|
|
|
1f1adc |
struct luks_volume *luks;
|
|
|
1f1adc |
struct crypt_device *cd;
|
|
|
1f1adc |
+ char *last_log_entry;
|
|
|
1f1adc |
const char *uuid;
|
|
|
1f1adc |
|
|
|
1f1adc |
(void)vol;
|
|
|
1f1adc |
- cd = open_crypt_device (path, error);
|
|
|
1f1adc |
+ cd = open_crypt_device (path, &last_log_entry, error);
|
|
|
1f1adc |
if (cd == NULL)
|
|
|
1f1adc |
return NULL;
|
|
|
1f1adc |
/* A bit of paranoia */
|
|
|
1f1adc |
@@ -187,6 +203,7 @@ luks_volume_open (struct libvk_volume *vol, const char *path, GError **error)
|
|
|
1f1adc |
_("UUID mismatch between libblkid and libcryptsetup: `%s' "
|
|
|
1f1adc |
"vs. `%s'"), vol->uuid, uuid);
|
|
|
1f1adc |
crypt_free (cd);
|
|
|
1f1adc |
+ g_free (last_log_entry);
|
|
|
1f1adc |
return NULL;
|
|
|
1f1adc |
}
|
|
|
1f1adc |
|
|
|
1f1adc |
@@ -195,6 +212,7 @@ luks_volume_open (struct libvk_volume *vol, const char *path, GError **error)
|
|
|
1f1adc |
luks->cipher_mode = g_strdup (crypt_get_cipher_mode (cd));
|
|
|
1f1adc |
luks->key_bytes = crypt_get_volume_key_size (cd);
|
|
|
1f1adc |
crypt_free (cd);
|
|
|
1f1adc |
+ g_free (last_log_entry);
|
|
|
1f1adc |
|
|
|
1f1adc |
luks->key = NULL;
|
|
|
1f1adc |
luks->passphrase = NULL;
|
|
|
1f1adc |
@@ -256,7 +274,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
|
|
|
1f1adc |
const struct libvk_ui *ui, GError **error)
|
|
|
1f1adc |
{
|
|
|
1f1adc |
struct crypt_device *cd;
|
|
|
1f1adc |
- char *passphrase;
|
|
|
1f1adc |
+ char *last_log_entry, *passphrase;
|
|
|
1f1adc |
void *key;
|
|
|
1f1adc |
size_t key_length;
|
|
|
1f1adc |
int slot;
|
|
|
1f1adc |
@@ -276,7 +294,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
|
|
|
1f1adc |
_("Encryption information type unsupported in LUKS"));
|
|
|
1f1adc |
goto err;
|
|
|
1f1adc |
}
|
|
|
1f1adc |
- cd = open_crypt_device (vol->path, error);
|
|
|
1f1adc |
+ cd = open_crypt_device (vol->path, &last_log_entry, error);
|
|
|
1f1adc |
if (cd == NULL)
|
|
|
1f1adc |
goto err;
|
|
|
1f1adc |
key_length = crypt_get_volume_key_size (cd);
|
|
|
1f1adc |
@@ -303,7 +321,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
|
|
|
1f1adc |
g_free_passphrase (passphrase);
|
|
|
1f1adc |
if (r != -EPERM)
|
|
|
1f1adc |
{
|
|
|
1f1adc |
- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r);
|
|
|
1f1adc |
+ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r, last_log_entry);
|
|
|
1f1adc |
g_prefix_error (error, _("Error getting LUKS data encryption key: "));
|
|
|
1f1adc |
goto err_prompt;
|
|
|
1f1adc |
}
|
|
|
1f1adc |
@@ -322,12 +340,14 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
|
|
|
1f1adc |
vol->v.luks->passphrase_slot = slot;
|
|
|
1f1adc |
g_free (prompt);
|
|
|
1f1adc |
crypt_free (cd);
|
|
|
1f1adc |
+ g_free (last_log_entry);
|
|
|
1f1adc |
return 0;
|
|
|
1f1adc |
|
|
|
1f1adc |
err_prompt:
|
|
|
1f1adc |
g_free (prompt);
|
|
|
1f1adc |
g_free_key (key, key_length);
|
|
|
1f1adc |
crypt_free (cd);
|
|
|
1f1adc |
+ g_free (last_log_entry);
|
|
|
1f1adc |
err:
|
|
|
1f1adc |
return -1;
|
|
|
1f1adc |
}
|
|
|
1f1adc |
@@ -383,11 +403,12 @@ luks_load_packet (struct libvk_volume *vol, const struct libvk_volume *packet,
|
|
|
1f1adc |
if (packet->v.luks->key != NULL)
|
|
|
1f1adc |
{
|
|
|
1f1adc |
struct crypt_device *cd;
|
|
|
1f1adc |
+ char *last_log_entry;
|
|
|
1f1adc |
int r;
|
|
|
1f1adc |
|
|
|
1f1adc |
g_return_val_if_fail (vol->v.luks->key_bytes == packet->v.luks->key_bytes,
|
|
|
1f1adc |
-1);
|
|
|
1f1adc |
- cd = open_crypt_device (vol->path, error);
|
|
|
1f1adc |
+ cd = open_crypt_device (vol->path, &last_log_entry, error);
|
|
|
1f1adc |
if (cd == NULL)
|
|
|
1f1adc |
return -1;
|
|
|
1f1adc |
r = crypt_volume_key_verify (cd, packet->v.luks->key,
|
|
|
1f1adc |
@@ -395,21 +416,25 @@ luks_load_packet (struct libvk_volume *vol, const struct libvk_volume *packet,
|
|
|
1f1adc |
crypt_free (cd);
|
|
|
1f1adc |
if (r < 0)
|
|
|
1f1adc |
{
|
|
|
1f1adc |
- error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r);
|
|
|
1f1adc |
+ error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r,
|
|
|
1f1adc |
+ last_log_entry);
|
|
|
1f1adc |
g_prefix_error (error, _("LUKS data encryption key in packet is "
|
|
|
1f1adc |
"invalid: "));
|
|
|
1f1adc |
+ g_free (last_log_entry);
|
|
|
1f1adc |
return -1;
|
|
|
1f1adc |
}
|
|
|
1f1adc |
+ g_free (last_log_entry);
|
|
|
1f1adc |
luks_replace_key (vol, packet->v.luks->key);
|
|
|
1f1adc |
}
|
|
|
1f1adc |
if (packet->v.luks->passphrase != NULL)
|
|
|
1f1adc |
{
|
|
|
1f1adc |
struct crypt_device *cd;
|
|
|
1f1adc |
+ char *last_log_entry;
|
|
|
1f1adc |
void *key;
|
|
|
1f1adc |
size_t key_size;
|
|
|
1f1adc |
int r;
|
|
|
1f1adc |
|
|
|
1f1adc |
- cd = open_crypt_device (vol->path, error);
|
|
|
1f1adc |
+ cd = open_crypt_device (vol->path, &last_log_entry, error);
|
|
|
1f1adc |
if (cd == NULL)
|
|
|
1f1adc |
return -1;
|
|
|
1f1adc |
key_size = crypt_get_volume_key_size (cd);
|
|
|
1f1adc |
@@ -420,10 +445,13 @@ luks_load_packet (struct libvk_volume *vol, const struct libvk_volume *packet,
|
|
|
1f1adc |
crypt_free (cd);
|
|
|
1f1adc |
if (r < 0)
|
|
|
1f1adc |
{
|
|
|
1f1adc |
- error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r);
|
|
|
1f1adc |
+ error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r,
|
|
|
1f1adc |
+ last_log_entry);
|
|
|
1f1adc |
g_prefix_error (error, _("LUKS passphrase in packet is invalid: "));
|
|
|
1f1adc |
+ g_free (last_log_entry);
|
|
|
1f1adc |
return -1;
|
|
|
1f1adc |
}
|
|
|
1f1adc |
+ g_free (last_log_entry);
|
|
|
1f1adc |
luks_replace_passphrase (vol, packet->v.luks->passphrase);
|
|
|
1f1adc |
vol->v.luks->passphrase_slot = r;
|
|
|
1f1adc |
if (packet->v.luks->key == NULL)
|
|
|
1f1adc |
@@ -446,7 +474,7 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet,
|
|
|
1f1adc |
GError **error)
|
|
|
1f1adc |
{
|
|
|
1f1adc |
struct crypt_device *cd;
|
|
|
1f1adc |
- char *prompt, *prompt2, *error_prompt, *passphrase;
|
|
|
1f1adc |
+ char *last_log_entry, *prompt, *prompt2, *error_prompt, *passphrase;
|
|
|
1f1adc |
unsigned failed;
|
|
|
1f1adc |
int res;
|
|
|
1f1adc |
|
|
|
1f1adc |
@@ -498,7 +526,7 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet,
|
|
|
1f1adc |
goto err_prompts;
|
|
|
1f1adc |
|
|
|
1f1adc |
got_passphrase:
|
|
|
1f1adc |
- cd = open_crypt_device (vol->path, error);
|
|
|
1f1adc |
+ cd = open_crypt_device (vol->path, &last_log_entry, error);
|
|
|
1f1adc |
if (cd == NULL)
|
|
|
1f1adc |
goto err_passphrase;
|
|
|
1f1adc |
res = crypt_keyslot_add_by_volume_key (cd, CRYPT_ANY_SLOT,
|
|
|
1f1adc |
@@ -508,10 +536,12 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet,
|
|
|
1f1adc |
crypt_free (cd);
|
|
|
1f1adc |
if (res < 0)
|
|
|
1f1adc |
{
|
|
|
1f1adc |
- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res);
|
|
|
1f1adc |
+ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res, last_log_entry);
|
|
|
1f1adc |
g_prefix_error (error, _("Error adding a LUKS passphrase"));
|
|
|
1f1adc |
+ g_free (last_log_entry);
|
|
|
1f1adc |
goto err_passphrase;
|
|
|
1f1adc |
}
|
|
|
1f1adc |
+ g_free (last_log_entry);
|
|
|
1f1adc |
|
|
|
1f1adc |
g_return_val_if_fail (vol->v.luks->key_bytes == packet->v.luks->key_bytes,
|
|
|
1f1adc |
-1);
|
|
|
1f1adc |
@@ -542,6 +572,7 @@ luks_add_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
|
|
|
1f1adc |
const void *secret, size_t size, GError **error)
|
|
|
1f1adc |
{
|
|
|
1f1adc |
struct crypt_device *cd;
|
|
|
1f1adc |
+ char *last_log_entry;
|
|
|
1f1adc |
int res;
|
|
|
1f1adc |
|
|
|
1f1adc |
if (secret_type != LIBVK_SECRET_PASSPHRASE)
|
|
|
1f1adc |
@@ -562,7 +593,7 @@ luks_add_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
|
|
|
1f1adc |
_("The passphrase must be a string"));
|
|
|
1f1adc |
return -1;
|
|
|
1f1adc |
}
|
|
|
1f1adc |
- cd = open_crypt_device (vol->path, error);
|
|
|
1f1adc |
+ cd = open_crypt_device (vol->path, &last_log_entry, error);
|
|
|
1f1adc |
if (cd == NULL)
|
|
|
1f1adc |
return -1;
|
|
|
1f1adc |
res = crypt_keyslot_add_by_volume_key (cd, CRYPT_ANY_SLOT, vol->v.luks->key,
|
|
|
1f1adc |
@@ -570,10 +601,12 @@ luks_add_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
|
|
|
1f1adc |
crypt_free (cd);
|
|
|
1f1adc |
if (res < 0)
|
|
|
1f1adc |
{
|
|
|
1f1adc |
- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res);
|
|
|
1f1adc |
+ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res, last_log_entry);
|
|
|
1f1adc |
g_prefix_error (error, _("Error adding a LUKS passphrase"));
|
|
|
1f1adc |
+ g_free (last_log_entry);
|
|
|
1f1adc |
return -1;
|
|
|
1f1adc |
}
|
|
|
1f1adc |
+ g_free (last_log_entry);
|
|
|
1f1adc |
|
|
|
1f1adc |
luks_replace_passphrase (vol, secret);
|
|
|
1f1adc |
vol->v.luks->passphrase_slot = res;
|
|
|
1f1adc |
@@ -823,12 +856,13 @@ luks_open_with_packet (struct libvk_volume *vol,
|
|
|
1f1adc |
GError **error)
|
|
|
1f1adc |
{
|
|
|
1f1adc |
struct crypt_device *cd;
|
|
|
1f1adc |
+ char *last_log_entry;
|
|
|
1f1adc |
void *to_free;
|
|
|
1f1adc |
const void *key;
|
|
|
1f1adc |
int r;
|
|
|
1f1adc |
size_t key_size;
|
|
|
1f1adc |
|
|
|
1f1adc |
- cd = open_crypt_device (vol->path, error);
|
|
|
1f1adc |
+ cd = open_crypt_device (vol->path, &last_log_entry, error);
|
|
|
1f1adc |
if (cd == NULL)
|
|
|
1f1adc |
goto err;
|
|
|
1f1adc |
if (packet->v.luks->key != NULL)
|
|
|
1f1adc |
@@ -846,7 +880,7 @@ luks_open_with_packet (struct libvk_volume *vol,
|
|
|
1f1adc |
strlen (packet->v.luks->passphrase));
|
|
|
1f1adc |
if (r < 0)
|
|
|
1f1adc |
{
|
|
|
1f1adc |
- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r);
|
|
|
1f1adc |
+ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r, last_log_entry);
|
|
|
1f1adc |
g_prefix_error (error, _("Error getting LUKS data encryption key: "));
|
|
|
1f1adc |
goto err_to_free;
|
|
|
1f1adc |
}
|
|
|
1f1adc |
@@ -862,7 +896,7 @@ luks_open_with_packet (struct libvk_volume *vol,
|
|
|
1f1adc |
r = crypt_activate_by_volume_key (cd, name, key, key_size, 0);
|
|
|
1f1adc |
if (r < 0)
|
|
|
1f1adc |
{
|
|
|
1f1adc |
- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r);
|
|
|
1f1adc |
+ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r, last_log_entry);
|
|
|
1f1adc |
g_prefix_error (error, _("Error opening LUKS volume: "));
|
|
|
1f1adc |
goto err_to_free;
|
|
|
1f1adc |
}
|
|
|
1f1adc |
@@ -870,6 +904,7 @@ luks_open_with_packet (struct libvk_volume *vol,
|
|
|
1f1adc |
if (to_free != NULL)
|
|
|
1f1adc |
g_free_key (to_free, key_size);
|
|
|
1f1adc |
crypt_free (cd);
|
|
|
1f1adc |
+ g_free (last_log_entry);
|
|
|
1f1adc |
return 0;
|
|
|
1f1adc |
|
|
|
1f1adc |
err_to_free:
|
|
|
1f1adc |
@@ -877,6 +912,7 @@ luks_open_with_packet (struct libvk_volume *vol,
|
|
|
1f1adc |
g_free_key (to_free, key_size);
|
|
|
1f1adc |
err_cd:
|
|
|
1f1adc |
crypt_free (cd);
|
|
|
1f1adc |
+ g_free (last_log_entry);
|
|
|
1f1adc |
err:
|
|
|
1f1adc |
return -1;
|
|
|
1f1adc |
}
|
|
|
1f1adc |
|