Commit Graph

207 Commits

Author SHA1 Message Date
Lennart Poettering
6f177c7dc0 cryptsetup: rework how we log about activation failures
First of all let's always log where the errors happen, and not in an
upper stackframe, in all cases. Previously we'd do this somethis one way
and sometimes another, which resulted in sometimes duplicate logging and
sometimes none.

When we cannot activate something due to bad password the kernel gives
us EPERM. Let's uniformly return this EAGAIN, so tha the next password
is tried. (previously this was done in most cases but not in all)

When we get EPERM let's also explicitly indicate that this probably
means the password is simply wrong.

Fixes: #11498
2019-01-23 23:37:17 +01:00
Lennart Poettering
906962f312 cryptsetup: add comment what EAGAIN means when activating 2019-01-23 23:37:17 +01:00
Lennart Poettering
44ce425514 cryptsetup: downgrade a log message we ignore 2019-01-23 23:37:17 +01:00
Lennart Poettering
aed68083c0 cryptsetup: don't line-break so aggressively 2019-01-23 23:37:17 +01:00
Lennart Poettering
b7a0fead10 cryptsetup: add some commenting about EAGAIN generation 2019-01-23 23:37:17 +01:00
Lennart Poettering
0ffff81abd cryptsetup: modernize some log message invocations 2019-01-23 23:37:17 +01:00
Lennart Poettering
d135419e32 cryptsetup: use free_and_replace() where appropriate 2019-01-23 23:37:17 +01:00
Zbigniew Jędrzejewski-Szmek
7a44c7e31f generators: define custom main func definer and use it where applicable
There should be no functional difference, except that the error message
is changd from "three or no arguments" to "zero or three arguments". Somehow
the inverted form always seemed strange.

umask() call is also dropped from run-generator. I think it wasn't dropped in
053254e3cb because the run generator was merged
around the same time.
2018-12-12 21:58:00 +01:00
Zbigniew Jędrzejewski-Szmek
aba311f7ff generators: configure logging before the first use 2018-12-12 10:48:38 +01:00
Yu Watanabe
a4a90e65c7 cryptsetup-generator: define main through macro 2018-12-02 12:18:54 +01:00
Lennart Poettering
49fe5c0996 tree-wide: port various places over to STARTSWITH_SET() 2018-11-26 14:08:46 +01:00
Zbigniew Jędrzejewski-Szmek
baaa35ad70 coccinelle: make use of SYNTHETIC_ERRNO
Ideally, coccinelle would strip unnecessary braces too. But I do not see any
option in coccinelle for this, so instead, I edited the patch text using
search&replace to remove the braces. Unfortunately this is not fully automatic,
in particular it didn't deal well with if-else-if-else blocks and ifdefs, so
there is an increased likelikehood be some bugs in such spots.

I also removed part of the patch that coccinelle generated for udev, where we
returns -1 for failure. This should be fixed independently.
2018-11-22 10:54:38 +01:00
Zbigniew Jędrzejewski-Szmek
053254e3cb generators: drop umask calls
systemd already sets the umask (see e3b8d0637d). When
running under systemd, we don't need to set it. And when *not* running under
systemd, for example during development, there is no reason to override the user
config. Let's just drop those calls.

$ git grep -e 'umask\(' -l 'src/*generator*' |xargs perl -i -0pe 's|^[^\n]*umask\([^\n]+\n\n||gms'
2018-11-21 13:40:24 +01:00
Zbigniew Jędrzejewski-Szmek
294bf0c34a Split out pretty-print.c and move pager.c and main-func.h to shared/
This is high-level functionality, and fits better in shared/ (which is for
our executables), than in basic/ (which is also for libraries).
2018-11-20 18:40:02 +01:00
Yu Watanabe
3a40f366b2 cryptsetup: use static destructor and DEFINE_MAIN_FUNCTION() macro 2018-11-20 18:40:02 +01:00
Lennart Poettering
6bf3c61c57 log: introduce new helper call log_setup_service()
Let's reduce the common boilerplate and have a single setup function
used by all service code to setup logging.
2018-11-20 11:18:22 +01:00
Lennart Poettering
afe44c8ffd generators: introduce a common implementation for the log setup boilerplate 2018-11-20 10:57:50 +01:00
Zbigniew Jędrzejewski-Szmek
fde32028a4 Move LONG_LINE_MAX definition to fileio.h
All users of the macro (except for one, in serialize.c), use the macro in
connection with read_line(), so they must include fileio.h.  Let's not play
libc games and require multiple header file to be included for the most common
use of a function.

The removal of def.h includes is not exact. I mostly went over the commits that
switch over to use read_line() and add def.h at the same time and reverted the
addition of def.h in those files.
2018-11-14 16:25:32 +01:00
Michal Sekletar
7949dfa73a cryptsetup-generator: allow whitespace characters in keydev specification
For example, <luks.uuid>=/keyfile:LABEL="KEYFILE FS" previously wouldn't
work, because we truncated label at the first whitespace character,
i.e. LABEL="KEYFILE".
2018-10-30 09:18:46 +01:00
Michal Sekletar
579875bc4a cryptsetup-generator: don't return error if target directory already exists 2018-10-30 09:02:34 +01:00
Lennart Poettering
b42674a168 cryptsetup-generator: fgets() excorcism 2018-10-18 13:34:40 +02:00
Marko Myllynen
a1c111c2d1 More polite passphrase prompt
Instead of

Please enter passphrase for disk <disk-name>!

use

Please enter passphrase for disk <disk-name>:

which is more polite and matches Plymouth convention.
2018-10-09 16:26:03 +02:00
Lennart Poettering
e3ca6580ae cryptsetup: use PATH_IN_SET() instead of STR_IN_SET() when comparing paths
It's formally more correct.
2018-10-05 22:39:02 +02:00
Lennart Poettering
2abe64666e cryptsetup: don't use %m if there's no error to show
We are not the ones receiving an error here, but the ones generating it,
hence we shouldn't show it with %m, that's just confusing, as it
suggests we received an error from some other call.
2018-10-05 22:37:58 +02:00
Yu Watanabe
2c740afd16 tree-wide: do not assign unused return values 2018-09-23 17:18:50 +09:00
Michal Sekletar
70f5f48eb8 cryptsetup-generator: introduce basic keydev support
Dracut has a support for unlocking encrypted drives with keyfile stored
on the external drive. This support is included in the generated initrd
only if systemd module is not included.

When systemd is used in initrd then attachment of encrypted drives is
handled by systemd-cryptsetup tools. Our generator has support for
keyfile, however, it didn't support keyfile on the external block
device (keydev).

This commit introduces basic keydev support. Keydev can be specified per
luks.uuid on the kernel command line. Keydev is automatically mounted
during boot and we look for keyfile in the keydev
mountpoint (i.e. keyfile path is prefixed with the keydev mount point
path). After crypt device is attached we automatically unmount
where keyfile resides.

Example:
        rd.luks.key=70bc876b-f627-4038-9049-3080d79d2165=/key:LABEL=KEYDEV
2018-09-04 16:54:53 +02:00
Yu Watanabe
645461f0cf cryptsetup: do not define arg_sector_size if libgcrypt is v1.x (#9990)
Follow-up for #9936.
2018-09-01 23:47:46 +09:00
Dimitri John Ledkov
a9fc640671 cryptsetup: add support for sector-size= option (#9936)
Bug-Ubuntu: https://launchpad.net/bugs/1776626

Closes #8881.
2018-08-29 23:38:09 +09:00
Lennart Poettering
37ec0fdd34 tree-wide: add clickable man page link to all --help texts
This is a bit like the info link in most of GNU's --help texts, but we
don't do info but man pages, and we make them properly clickable on
terminal supporting that, because awesome.

I think it's generally advisable to link up our (brief) --help texts and
our (more comprehensive) man pages a bit, so this should be an easy and
straight-forward way to do it.
2018-08-20 11:33:04 +02:00
Lorenz Hübschle-Schneider
b90cbe6638 cryptsetup: Add dependency on loopback setup to generated units
For loopback volumes, the generated unit needs to depend on
systemd-tmpfiles-setup-dev.service to ensure that loopback
support is loaded.

Fixes #9308
2018-06-27 16:57:17 +02:00
Lennart Poettering
0c69794138 tree-wide: remove Lennart's copyright lines
These lines are generally out-of-date, incomplete and unnecessary. With
SPDX and git repository much more accurate and fine grained information
about licensing and authorship is available, hence let's drop the
per-file copyright notice. Of course, removing copyright lines of others
is problematic, hence this commit only removes my own lines and leaves
all others untouched. It might be nicer if sooner or later those could
go away too, making git the only and accurate source of authorship
information.
2018-06-14 10:20:20 +02:00
Lennart Poettering
818bf54632 tree-wide: drop 'This file is part of systemd' blurb
This part of the copyright blurb stems from the GPL use recommendations:

https://www.gnu.org/licenses/gpl-howto.en.html

The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.

hence, let's just get rid of this old cruft, and shorten our codebase a
bit.
2018-06-14 10:20:20 +02:00
Lennart Poettering
5d13a15b1d tree-wide: drop spurious newlines (#8764)
Double newlines (i.e. one empty lines) are great to structure code. But
let's avoid triple newlines (i.e. two empty lines), quadruple newlines,
quintuple newlines, …, that's just spurious whitespace.

It's an easy way to drop 121 lines of code, and keeps the coding style
of our sources a bit tigther.
2018-04-19 12:13:23 +02:00
Zbigniew Jędrzejewski-Szmek
11a1589223 tree-wide: drop license boilerplate
Files which are installed as-is (any .service and other unit files, .conf
files, .policy files, etc), are left as is. My assumption is that SPDX
identifiers are not yet that well known, so it's better to retain the
extended header to avoid any doubt.

I also kept any copyright lines. We can probably remove them, but it'd nice to
obtain explicit acks from all involved authors before doing that.
2018-04-06 18:58:55 +02:00
Lennart Poettering
ae2a15bc14 macro: introduce TAKE_PTR() macro
This macro will read a pointer of any type, return it, and set the
pointer to NULL. This is useful as an explicit concept of passing
ownership of a memory area between pointers.

This takes inspiration from Rust:

https://doc.rust-lang.org/std/option/enum.Option.html#method.take

and was suggested by Alan Jenkins (@sourcejedi).

It drops ~160 lines of code from our codebase, which makes me like it.
Also, I think it clarifies passing of ownership, and thus helps
readability a bit (at least for the initiated who know the new macro)
2018-03-22 20:21:42 +01:00
Lennart Poettering
6c347d5024 log: remove LOG_TARGET_SAFE pseudo log target
This removes LOG_TARGET_SAFE. It's made redundant by the new
"prohibit-ipc" logging flag, as it used to have a similar effect: avoid
logging to the journal/syslog, i.e. any local services in order to avoid
deadlocks when we lock from PID 1 or its utility processes (such as
generators).

All previous users of LOG_TARGET_SAFE are switched over to the new
setting. This makes things a bit safer for all, as not even the
SYSTEMD_LOG_TARGET env var can be used to accidentally log to the
journal anymore in these programs.
2018-01-24 18:22:56 +01:00
Lennart Poettering
d31eb24fc2 cryptsetup: small if check improvement (#7747)
It's a bit weird to test these strings after the fact instead of before.
Let's make sure that we don't even attempt the string escaping if the
strings are NULL.

Follow-up for #7688
2017-12-27 12:43:31 +01:00
Zbigniew Jędrzejewski-Szmek
dc0a35550e cryptsetup: use uint64_t for keyfile-offset= (#7689)
On 32bit, refuse large offsets. Once https://gitlab.com/cryptsetup/cryptsetup/issues/359
is resolved, we should switch to the new api, whatever it is.

Fixes #7677.
2017-12-19 16:51:12 +09:00
Jan Alexander Steffens
aff0b1fa7b cryptsetup-generator: Don't mistake NULL input as OOM (#7688)
Since systemd v236, several Arch users complained that
systemd-cryptsetup-generator exits with an OOM error and that it
prevents the boot from continuing.

Investigating the diff of cryptsetup-generator between v235 and v236 I
noticed that create_disk allowed for the `password` and `filtered`
variables to be NULL (they're handled with `strempty()`) but not their
`*_escaped` versions, and returned OOM errors in those cases.

Fix this by checking that the input string is non-NULL before deciding
that `specifier_escape` had an OOM error.

I could not test this fix myself, but some users have reported success.

Downstream bug: https://bugs.archlinux.org/task/56733
2017-12-18 14:47:18 +01:00
Zbigniew Jędrzejewski-Szmek
fb883e759d generator: add helper function for writing unit files
It doesn't save too much, but it's a common pattern so I think it's worth
to factor this out.
2017-12-15 16:47:11 +01:00
Lennart Poettering
0d53667334 tree-wide: use __fsetlocking() instead of fxyz_unlocked()
Let's replace usage of fputc_unlocked() and friends by __fsetlocking(f,
FSETLOCKING_BYCALLER). This turns off locking for the entire FILE*,
instead of doing individual per-call decision whether to use normal
calls or _unlocked() calls.

This has various benefits:

1. It's easier to read and easier not to forget

2. It's more comprehensive, as fprintf() and friends are covered too
   (as these functions have no _unlocked() counterpart)

3. Philosophically, it's a bit more correct, because it's more a
   property of the file handle really whether we ever pass it on to another
   thread, not of the operations we then apply to it.

This patch reworks all pieces of codes that so far used fxyz_unlocked()
calls to use __fsetlocking() instead. It also reworks all places that
use open_memstream(), i.e. use stdio FILE* for string manipulations.

Note that this in some way a revert of 4b61c87511.
2017-12-14 10:42:25 +01:00
Michal Sekletar
ea7e7c1e9c cryptsetup: use more descriptive name for the variable and drop redundant function
Let's rename escaped_name to disk_path since this is an actual content
that pointer refers to. It is either path to encrypted block device
or path to encrypted image file.

Also drop redundant function disk_major_minor(). src is always set, and
it always points to either encrypted block device path (or symlink to
such device) or to encrypted image. In case it is set to device path
there is no need to reset it to /dev/block/major:minor symlink since
those paths are equivalent.
2017-12-12 20:31:25 +01:00
Michal Sekletar
5a9f1b05ed cryptsetup: when unlocking always put path to the object into Id
Some ask-password agents (e.g. clevis-luks-askpass) use Id option from
/run/systemd/ask-password/ask* file in order to obtain the password for
the device.

Id option should be in the following format,
e.g. Id=subsystem:data. Where data part is supposed to identify object
that ask-password query is done for. Since
e51b9486d1 this field has format
Id=cryptsetup:/dev/block/major:minor when systemd-cryptsetup is
unlocking encrypted block device. However, crypttab also supports
encrypted image files in which case we usually set data part of Id to
"vol on mountpoint". This is unexpected and actually breaks network
based device encryption as implemented by clevis.

Example:
$ cat /etc/crypttab
clevis-unlocked /clevis-test-disk-image none luks,_netdev
$ systemctl start 'systemd-cryptsetup@clevis\x2dunlocked.service'
$ grep Id /run/systemd/ask-password/ask*

Before:
$ Id=cryptsetup:clevis-unlocked on /clevis-test-disk-image-mnt

After:
$ Id=cryptsetup:/clevis-test-disk-image
2017-12-12 18:28:08 +01:00
Zbigniew Jędrzejewski-Szmek
c116b03595 Define CRYPT_LUKS in crypt-util.h
Also do not include libcryptsetup.h directly, but only through crypt-util.h.
This way we do not have to repeat the define in every file where it is used.
2017-11-30 20:43:25 +01:00
Zbigniew Jędrzejewski-Szmek
691c2e2e88 util-lib: export cryptsetup logging glue function 2017-11-30 20:43:25 +01:00
Zbigniew Jędrzejewski-Szmek
294bd45470 util-lib: add cleanup function for crypt_free 2017-11-30 20:43:25 +01:00
Lennart Poettering
98bad05e75 generators: be more careful when writing unit settings that support specifier expansion
Let's always escape strings we receive from the user before writing them
out to unit file settings that suppor specifier expansion, so that user
strings are transported as-is.
2017-11-29 12:32:57 +01:00
Zbigniew Jędrzejewski-Szmek
6dd1c36839 cryptsetup-generator: add helper function and use hashmap_free_with_destructor 2017-11-28 21:34:41 +01:00
Daniel Lockyer
f9ecfd3bbe Replace free and reassignment with free_and_replace 2017-11-24 10:33:41 +00:00
Zbigniew Jędrzejewski-Szmek
53e1b68390 Add SPDX license identifiers to source files under the LGPL
This follows what the kernel is doing, c.f.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
2017-11-19 19:08:15 +01:00