[thirdparty/systemd.git] / src / cryptsetup / cryptsetup-generator.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <errno.h>

#include "dropin.h"
#include "fd-util.h"
#include "fileio.h"
#include "fstab-util.h"
#include "generator.h"
#include "hashmap.h"
#include "log.h"
#include "mkdir.h"
#include "parse-util.h"
#include "path-util.h"
#include "string-util.h"
#include "strv.h"
#include "unit-name.h"
#include "util.h"

typedef struct crypto_device {
        char *uuid;
        char *keyfile;
        char *name;
        char *options;
        bool create;
} crypto_device;

static const char *arg_dest = "/tmp";
static bool arg_enabled = true;
static bool arg_read_crypttab = true;
static bool arg_whitelist = false;
static Hashmap *arg_disks = NULL;
static char *arg_default_options = NULL;
static char *arg_default_keyfile = NULL;

static int create_disk(
                const char *name,
                const char *device,
                const char *password,
                const char *options) {

        _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL,
                *filtered = NULL;
        _cleanup_fclose_ FILE *f = NULL;
        bool noauto, nofail, tmp, swap;
        char *from;
        int r;

        assert(name);
        assert(device);

        noauto = fstab_test_yes_no_option(options, "noauto\0" "auto\0");
        nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0");
        tmp = fstab_test_option(options, "tmp\0");
        swap = fstab_test_option(options, "swap\0");

        if (tmp && swap) {
                log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
                return -EINVAL;
        }

        e = unit_name_escape(name);
        if (!e)
                return log_oom();

        r = unit_name_build("systemd-cryptsetup", e, ".service", &n);
        if (r < 0)
                return log_error_errno(r, "Failed to generate unit name: %m");

        p = strjoin(arg_dest, "/", n, NULL);
        if (!p)
                return log_oom();

        u = fstab_node_to_udev_node(device);
        if (!u)
                return log_oom();

        r = unit_name_from_path(u, ".device", &d);
        if (r < 0)
                return log_error_errno(r, "Failed to generate unit name: %m");

        f = fopen(p, "wxe");
        if (!f)
                return log_error_errno(errno, "Failed to create unit file %s: %m", p);

        fputs(
                "# Automatically generated by systemd-cryptsetup-generator\n\n"
                "[Unit]\n"
                "Description=Cryptography Setup for %I\n"
                "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
                "SourcePath=/etc/crypttab\n"
                "DefaultDependencies=no\n"
                "Conflicts=umount.target\n"
                "BindsTo=dev-mapper-%i.device\n"
                "IgnoreOnIsolate=true\n"
                "After=cryptsetup-pre.target\n",
                f);

        if (!nofail)
                fprintf(f,
                        "Before=cryptsetup.target\n");

        if (password) {
                if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
                        fputs("After=systemd-random-seed.service\n", f);
                else if (!streq(password, "-") && !streq(password, "none")) {
                        _cleanup_free_ char *uu;

                        uu = fstab_node_to_udev_node(password);
                        if (!uu)
                                return log_oom();

                        if (!path_equal(uu, "/dev/null")) {

                                if (is_device_path(uu)) {
                                        _cleanup_free_ char *dd = NULL;

                                        r = unit_name_from_path(uu, ".device", &dd);
                                        if (r < 0)
                                                return log_error_errno(r, "Failed to generate unit name: %m");

                                        fprintf(f, "After=%1$s\nRequires=%1$s\n", dd);
                                } else
                                        fprintf(f, "RequiresMountsFor=%s\n", password);
                        }
                }
        }

        if (is_device_path(u))
                fprintf(f,
                        "BindsTo=%s\n"
                        "After=%s\n"
                        "Before=umount.target\n",
                        d, d);
        else
                fprintf(f,
                        "RequiresMountsFor=%s\n",
                        u);

        r = generator_write_timeouts(arg_dest, device, name, options, &filtered);
        if (r < 0)
                return r;

        fprintf(f,
                "\n[Service]\n"
                "Type=oneshot\n"
                "RemainAfterExit=yes\n"
                "TimeoutSec=0\n" /* the binary handles timeouts anyway */
                "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
                "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
                name, u, strempty(password), strempty(filtered),
                name);

        if (tmp)
                fprintf(f,
                        "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
                        name);

        if (swap)
                fprintf(f,
                        "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
                        name);

        r = fflush_and_check(f);
        if (r < 0)
                return log_error_errno(r, "Failed to write file %s: %m", p);

        from = strjoina("../", n);

        if (!noauto) {

                to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
                if (!to)
                        return log_oom();

                mkdir_parents_label(to, 0755);
                if (symlink(from, to) < 0)
                        return log_error_errno(errno, "Failed to create symlink %s: %m", to);

                free(to);
                if (!nofail)
                        to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
                else
                        to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
                if (!to)
                        return log_oom();

                mkdir_parents_label(to, 0755);
                if (symlink(from, to) < 0)
                        return log_error_errno(errno, "Failed to create symlink %s: %m", to);
        }

        free(to);
        to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
        if (!to)
                return log_oom();

        mkdir_parents_label(to, 0755);
        if (symlink(from, to) < 0)
                return log_error_errno(errno, "Failed to create symlink %s: %m", to);

        if (!noauto && !nofail) {
                _cleanup_free_ char *dmname;
                dmname = strjoin("dev-mapper-", e, ".device", NULL);
                if (!dmname)
                        return log_oom();

                r = write_drop_in(arg_dest, dmname, 90, "device-timeout",
                                  "# Automatically generated by systemd-cryptsetup-generator \n\n"
                                  "[Unit]\nJobTimeoutSec=0");
                if (r < 0)
                        return log_error_errno(r, "Failed to write device drop-in: %m");
        }

        return 0;
}

static void free_arg_disks(void) {
        crypto_device *d;

        while ((d = hashmap_steal_first(arg_disks))) {
                free(d->uuid);
                free(d->keyfile);
                free(d->name);
                free(d->options);
                free(d);
        }

        hashmap_free(arg_disks);
}

static crypto_device *get_crypto_device(const char *uuid) {
        int r;
        crypto_device *d;

        assert(uuid);

        d = hashmap_get(arg_disks, uuid);
        if (!d) {
                d = new0(struct crypto_device, 1);
                if (!d)
                        return NULL;

                d->create = false;
                d->keyfile = d->options = d->name = NULL;

                d->uuid = strdup(uuid);
                if (!d->uuid) {
                        free(d);
                        return NULL;
                }

                r = hashmap_put(arg_disks, d->uuid, d);
                if (r < 0) {
                        free(d->uuid);
                        free(d);
                        return NULL;
                }
        }

        return d;
}

static int parse_proc_cmdline_item(const char *key, const char *value) {
        int r;
        crypto_device *d;
        _cleanup_free_ char *uuid = NULL, *uuid_value = NULL;

        if (STR_IN_SET(key, "luks", "rd.luks") && value) {

                r = parse_boolean(value);
                if (r < 0)
                        log_warning("Failed to parse luks switch %s. Ignoring.", value);
                else
                        arg_enabled = r;

        } else if (STR_IN_SET(key, "luks.crypttab", "rd.luks.crypttab") && value) {

                r = parse_boolean(value);
                if (r < 0)
                        log_warning("Failed to parse luks crypttab switch %s. Ignoring.", value);
                else
                        arg_read_crypttab = r;

        } else if (STR_IN_SET(key, "luks.uuid", "rd.luks.uuid") && value) {

                d = get_crypto_device(startswith(value, "luks-") ? value+5 : value);
                if (!d)
                        return log_oom();

                d->create = arg_whitelist = true;

        } else if (STR_IN_SET(key, "luks.options", "rd.luks.options") && value) {

                r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
                if (r == 2) {
                        d = get_crypto_device(uuid);
                        if (!d)
                                return log_oom();

                        free(d->options);
                        d->options = uuid_value;
                        uuid_value = NULL;
                } else if (free_and_strdup(&arg_default_options, value) < 0)
                        return log_oom();

        } else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) {

                r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
                if (r == 2) {
                        d = get_crypto_device(uuid);
                        if (!d)
                                return log_oom();

                        free(d->keyfile);
                        d->keyfile = uuid_value;
                        uuid_value = NULL;
                } else if (free_and_strdup(&arg_default_keyfile, value) < 0)
                        return log_oom();

        } else if (STR_IN_SET(key, "luks.name", "rd.luks.name") && value) {

                r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
                if (r == 2) {
                        d = get_crypto_device(uuid);
                        if (!d)
                                return log_oom();

                        d->create = arg_whitelist = true;

                        free(d->name);
                        d->name = uuid_value;
                        uuid_value = NULL;
                } else
                        log_warning("Failed to parse luks name switch %s. Ignoring.", value);

        }

        return 0;
}

static int add_crypttab_devices(void) {
        struct stat st;
        unsigned crypttab_line = 0;
        _cleanup_fclose_ FILE *f = NULL;

        if (!arg_read_crypttab)
                return 0;

        f = fopen("/etc/crypttab", "re");
        if (!f) {
                if (errno != ENOENT)
                        log_error_errno(errno, "Failed to open /etc/crypttab: %m");
                return 0;
        }

        if (fstat(fileno(f), &st) < 0) {
                log_error_errno(errno, "Failed to stat /etc/crypttab: %m");
                return 0;
        }

        for (;;) {
                int r, k;
                char line[LINE_MAX], *l, *uuid;
                crypto_device *d = NULL;
                _cleanup_free_ char *name = NULL, *device = NULL, *keyfile = NULL, *options = NULL;

                if (!fgets(line, sizeof(line), f))
                        break;

                crypttab_line++;

                l = strstrip(line);
                if (*l == '#' || *l == 0)
                        continue;

                k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &keyfile, &options);
                if (k < 2 || k > 4) {
                        log_error("Failed to parse /etc/crypttab:%u, ignoring.", crypttab_line);
                        continue;
                }

                uuid = startswith(device, "UUID=");
                if (!uuid)
                        uuid = path_startswith(device, "/dev/disk/by-uuid/");
                if (!uuid)
                        uuid = startswith(name, "luks-");
                if (uuid)
                        d = hashmap_get(arg_disks, uuid);

                if (arg_whitelist && !d) {
                        log_info("Not creating device '%s' because it was not specified on the kernel command line.", name);
                        continue;
                }

                r = create_disk(name, device, keyfile, (d && d->options) ? d->options : options);
                if (r < 0)
                        return r;

                if (d)
                        d->create = false;
        }

        return 0;
}

static int add_proc_cmdline_devices(void) {
        int r;
        Iterator i;
        crypto_device *d;

        HASHMAP_FOREACH(d, arg_disks, i) {
                const char *options;
                _cleanup_free_ char *device = NULL;

                if (!d->create)
                        continue;

                if (!d->name) {
                        d->name = strappend("luks-", d->uuid);
                        if (!d->name)
                                return log_oom();
                }

                device = strappend("UUID=", d->uuid);
                if (!device)
                        return log_oom();

                if (d->options)
                        options = d->options;
                else if (arg_default_options)
                        options = arg_default_options;
                else
                        options = "timeout=0";

                r = create_disk(d->name, device, d->keyfile ?: arg_default_keyfile, options);
                if (r < 0)
                        return r;
        }

        return 0;
}

int main(int argc, char *argv[]) {
        int r = EXIT_FAILURE;

        if (argc > 1 && argc != 4) {
                log_error("This program takes three or no arguments.");
                return EXIT_FAILURE;
        }

        if (argc > 1)
                arg_dest = argv[1];

        log_set_target(LOG_TARGET_SAFE);
        log_parse_environment();
        log_open();

        umask(0022);

        arg_disks = hashmap_new(&string_hash_ops);
        if (!arg_disks)
                goto cleanup;

        r = parse_proc_cmdline(parse_proc_cmdline_item);
        if (r < 0) {
                log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
                r = EXIT_FAILURE;
        }

        if (!arg_enabled) {
                r = EXIT_SUCCESS;
                goto cleanup;
        }

        if (add_crypttab_devices() < 0)
                goto cleanup;

        if (add_proc_cmdline_devices() < 0)
                goto cleanup;

        r = EXIT_SUCCESS;

cleanup:
        free_arg_disks();
        free(arg_default_options);
        free(arg_default_keyfile);

        return r;
}
Commit	Line	Data
e23a0ce8 LP	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2010 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	9	under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	10	the Free Software Foundation; either version 2.1 of the License, or
e23a0ce8 LP	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2	16	Lesser General Public License for more details.
e23a0ce8	17
5430f7f2	18	You should have received a copy of the GNU Lesser General Public License
e23a0ce8 LP	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
e23a0ce8	22	#include <errno.h>
e23a0ce8	23
0fa9e53d	24	#include "dropin.h"
3ffd4af2	25	#include "fd-util.h"
0d39fa9c	26	#include "fileio.h"
07630cea	27	#include "fstab-util.h"
0fa9e53d JJ	28	#include "generator.h"
0fa9e53d JJ	29	#include "hashmap.h"
e23a0ce8	30	#include "log.h"
49e942b2	31	#include "mkdir.h"
6bedfcbb	32	#include "parse-util.h"
bde29068	33	#include "path-util.h"
07630cea	34	#include "string-util.h"
0fa9e53d JJ	35	#include "strv.h"
	36	#include "unit-name.h"
	37	#include "util.h"
	38
	39	typedef struct crypto_device {
	40	char *uuid;
6cd5b12a	41	char *keyfile;
baade8cc	42	char *name;
0fa9e53d JJ	43	char *options;
	44	bool create;
	45	} crypto_device;
e23a0ce8	46
66a78c2b LP	47	static const char *arg_dest = "/tmp";
	48	static bool arg_enabled = true;
	49	static bool arg_read_crypttab = true;
0fa9e53d JJ	50	static bool arg_whitelist = false;
	51	static Hashmap *arg_disks = NULL;
	52	static char *arg_default_options = NULL;
	53	static char *arg_default_keyfile = NULL;
141a79f4	54
e23a0ce8 LP	55	static int create_disk(
	56	const char *name,
	57	const char *device,
	58	const char *password,
	59	const char *options) {
	60
8eea8687 ZJS	61	_cleanup_free_ char p = NULL, n = NULL, d = NULL, u = NULL, to = NULL, e = NULL,
8eea8687 ZJS	62	*filtered = NULL;
7fd1b19b	63	_cleanup_fclose_ FILE *f = NULL;
8c11d3c1	64	bool noauto, nofail, tmp, swap;
744198e9 LP	65	char *from;
744198e9 LP	66	int r;
e23a0ce8 LP	67
	68	assert(name);
	69	assert(device);
	70
b9f111b9 ZJS	71	noauto = fstab_test_yes_no_option(options, "noauto\0" "auto\0");
b9f111b9 ZJS	72	nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0");
a6dba978 ZJS	73	tmp = fstab_test_option(options, "tmp\0");
a6dba978 ZJS	74	swap = fstab_test_option(options, "swap\0");
8c11d3c1 TG	75
	76	if (tmp && swap) {
	77	log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
	78	return -EINVAL;
	79	}
155da457	80
744198e9 LP	81	e = unit_name_escape(name);
	82	if (!e)
	83	return log_oom();
	84
7410616c LP	85	r = unit_name_build("systemd-cryptsetup", e, ".service", &n);
	86	if (r < 0)
	87	return log_error_errno(r, "Failed to generate unit name: %m");
e23a0ce8	88
b7def684	89	p = strjoin(arg_dest, "/", n, NULL);
24a988e9 HH	90	if (!p)
24a988e9 HH	91	return log_oom();
e23a0ce8	92
f7f21d33	93	u = fstab_node_to_udev_node(device);
24a988e9 HH	94	if (!u)
24a988e9 HH	95	return log_oom();
e23a0ce8	96
7410616c LP	97	r = unit_name_from_path(u, ".device", &d);
	98	if (r < 0)
	99	return log_error_errno(r, "Failed to generate unit name: %m");
e23a0ce8	100
f7f21d33	101	f = fopen(p, "wxe");
4a62c710 MS	102	if (!f)
4a62c710 MS	103	return log_error_errno(errno, "Failed to create unit file %s: %m", p);
e23a0ce8	104
9ece938a	105	fputs(
6b1dc2bd	106	"# Automatically generated by systemd-cryptsetup-generator\n\n"
e23a0ce8	107	"[Unit]\n"
9ece938a	108	"Description=Cryptography Setup for %I\n"
c3834f9b	109	"Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
1b64d026	110	"SourcePath=/etc/crypttab\n"
e23a0ce8	111	"DefaultDependencies=no\n"
744198e9	112	"Conflicts=umount.target\n"
9ece938a	113	"BindsTo=dev-mapper-%i.device\n"
4469ff4a	114	"IgnoreOnIsolate=true\n"
d6bc8348	115	"After=cryptsetup-pre.target\n",
9ece938a	116	f);
e23a0ce8	117
155da457 LP	118	if (!nofail)
	119	fprintf(f,
	120	"Before=cryptsetup.target\n");
	121
ceca9501	122	if (password) {
744198e9	123	if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
a0f70805	124	fputs("After=systemd-random-seed.service\n", f);
66a5dbdf	125	else if (!streq(password, "-") && !streq(password, "none")) {
744198e9 LP	126	_cleanup_free_ char *uu;
	127
	128	uu = fstab_node_to_udev_node(password);
	129	if (!uu)
66a5dbdf DR	130	return log_oom();
66a5dbdf DR	131
bde29068	132	if (!path_equal(uu, "/dev/null")) {
744198e9	133
bde29068	134	if (is_device_path(uu)) {
7410616c	135	_cleanup_free_ char *dd = NULL;
66a5dbdf	136
7410616c LP	137	r = unit_name_from_path(uu, ".device", &dd);
	138	if (r < 0)
	139	return log_error_errno(r, "Failed to generate unit name: %m");
bde29068 LP	140
	141	fprintf(f, "After=%1$s\nRequires=%1$s\n", dd);
	142	} else
	143	fprintf(f, "RequiresMountsFor=%s\n", password);
	144	}
66a5dbdf	145	}
ceca9501	146	}
e23a0ce8	147
9ece938a TW	148	if (is_device_path(u))
	149	fprintf(f,
	150	"BindsTo=%s\n"
	151	"After=%s\n"
	152	"Before=umount.target\n",
	153	d, d);
	154	else
	155	fprintf(f,
	156	"RequiresMountsFor=%s\n",
	157	u);
	158
8eea8687 ZJS	159	r = generator_write_timeouts(arg_dest, device, name, options, &filtered);
	160	if (r < 0)
	161	return r;
	162
e23a0ce8 LP	163	fprintf(f,
	164	"\n[Service]\n"
	165	"Type=oneshot\n"
	166	"RemainAfterExit=yes\n"
90724929	167	"TimeoutSec=0\n" /* the binary handles timeouts anyway */
260ab287	168	"ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
7f4e0805	169	"ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
8eea8687	170	name, u, strempty(password), strempty(filtered),
e23a0ce8 LP	171	name);
e23a0ce8 LP	172
8c11d3c1	173	if (tmp)
e23a0ce8	174	fprintf(f,
50109038	175	"ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
1d3399e6	176	name);
e23a0ce8	177
8c11d3c1	178	if (swap)
e23a0ce8	179	fprintf(f,
50109038	180	"ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
1d3399e6	181	name);
e23a0ce8	182
4652c56c ZJS	183	r = fflush_and_check(f);
	184	if (r < 0)
	185	return log_error_errno(r, "Failed to write file %s: %m", p);
e23a0ce8	186
63c372cb	187	from = strjoina("../", n);
74715b82	188
155da457	189	if (!noauto) {
e23a0ce8	190
b7def684	191	to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
24a988e9 HH	192	if (!to)
24a988e9 HH	193	return log_oom();
e23a0ce8	194
d2e54fae	195	mkdir_parents_label(to, 0755);
4a62c710 MS	196	if (symlink(from, to) < 0)
4a62c710 MS	197	return log_error_errno(errno, "Failed to create symlink %s: %m", to);
2f8cd170 LP	198
2f8cd170 LP	199	free(to);
155da457	200	if (!nofail)
b7def684	201	to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
155da457	202	else
b7def684	203	to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
24a988e9 HH	204	if (!to)
24a988e9 HH	205	return log_oom();
2f8cd170	206
d2e54fae	207	mkdir_parents_label(to, 0755);
4a62c710 MS	208	if (symlink(from, to) < 0)
4a62c710 MS	209	return log_error_errno(errno, "Failed to create symlink %s: %m", to);
f7f21d33	210	}
74715b82	211
608d41f3	212	free(to);
b7def684	213	to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
24a988e9 HH	214	if (!to)
24a988e9 HH	215	return log_oom();
74715b82	216
d2e54fae	217	mkdir_parents_label(to, 0755);
4a62c710 MS	218	if (symlink(from, to) < 0)
4a62c710 MS	219	return log_error_errno(errno, "Failed to create symlink %s: %m", to);
74715b82	220
68395007	221	if (!noauto && !nofail) {
a6fb0dc1 HG	222	_cleanup_free_ char *dmname;
	223	dmname = strjoin("dev-mapper-", e, ".device", NULL);
	224	if (!dmname)
	225	return log_oom();
	226
	227	r = write_drop_in(arg_dest, dmname, 90, "device-timeout",
8eea8687 ZJS	228	"# Automatically generated by systemd-cryptsetup-generator \n\n"
8eea8687 ZJS	229	"[Unit]\nJobTimeoutSec=0");
23bbb0de MS	230	if (r < 0)
23bbb0de MS	231	return log_error_errno(r, "Failed to write device drop-in: %m");
68395007 HH	232	}
68395007 HH	233
24a988e9	234	return 0;
e23a0ce8 LP	235	}
e23a0ce8 LP	236
0fa9e53d JJ	237	static void free_arg_disks(void) {
	238	crypto_device *d;
	239
	240	while ((d = hashmap_steal_first(arg_disks))) {
	241	free(d->uuid);
6cd5b12a	242	free(d->keyfile);
baade8cc	243	free(d->name);
0fa9e53d JJ	244	free(d->options);
	245	free(d);
	246	}
	247
	248	hashmap_free(arg_disks);
	249	}
	250
	251	static crypto_device get_crypto_device(const char uuid) {
	252	int r;
	253	crypto_device *d;
	254
	255	assert(uuid);
	256
	257	d = hashmap_get(arg_disks, uuid);
	258	if (!d) {
	259	d = new0(struct crypto_device, 1);
	260	if (!d)
	261	return NULL;
	262
	263	d->create = false;
baade8cc	264	d->keyfile = d->options = d->name = NULL;
0fa9e53d JJ	265
	266	d->uuid = strdup(uuid);
	267	if (!d->uuid) {
	268	free(d);
	269	return NULL;
	270	}
	271
	272	r = hashmap_put(arg_disks, d->uuid, d);
	273	if (r < 0) {
	274	free(d->uuid);
	275	free(d);
	276	return NULL;
	277	}
	278	}
	279
	280	return d;
	281	}
	282
059cb385	283	static int parse_proc_cmdline_item(const char key, const char value) {
74df0fca	284	int r;
0fa9e53d JJ	285	crypto_device *d;
0fa9e53d JJ	286	_cleanup_free_ char uuid = NULL, uuid_value = NULL;
66a78c2b	287
059cb385 LP	288	if (STR_IN_SET(key, "luks", "rd.luks") && value) {
	289
	290	r = parse_boolean(value);
141a79f4	291	if (r < 0)
059cb385	292	log_warning("Failed to parse luks switch %s. Ignoring.", value);
141a79f4 ZJS	293	else
141a79f4 ZJS	294	arg_enabled = r;
66a78c2b	295
059cb385	296	} else if (STR_IN_SET(key, "luks.crypttab", "rd.luks.crypttab") && value) {
66a78c2b	297
059cb385	298	r = parse_boolean(value);
141a79f4	299	if (r < 0)
059cb385	300	log_warning("Failed to parse luks crypttab switch %s. Ignoring.", value);
141a79f4 ZJS	301	else
141a79f4 ZJS	302	arg_read_crypttab = r;
66a78c2b	303
059cb385	304	} else if (STR_IN_SET(key, "luks.uuid", "rd.luks.uuid") && value) {
66a78c2b	305
0fa9e53d JJ	306	d = get_crypto_device(startswith(value, "luks-") ? value+5 : value);
0fa9e53d JJ	307	if (!d)
141a79f4	308	return log_oom();
66a78c2b	309
0fa9e53d JJ	310	d->create = arg_whitelist = true;
0fa9e53d JJ	311
059cb385	312	} else if (STR_IN_SET(key, "luks.options", "rd.luks.options") && value) {
66a78c2b	313
0fa9e53d JJ	314	r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
	315	if (r == 2) {
	316	d = get_crypto_device(uuid);
	317	if (!d)
	318	return log_oom();
	319
	320	free(d->options);
	321	d->options = uuid_value;
	322	uuid_value = NULL;
	323	} else if (free_and_strdup(&arg_default_options, value) < 0)
141a79f4	324	return log_oom();
66a78c2b	325
059cb385	326	} else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) {
66a78c2b	327
6cd5b12a JJ	328	r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
	329	if (r == 2) {
	330	d = get_crypto_device(uuid);
	331	if (!d)
	332	return log_oom();
	333
	334	free(d->keyfile);
	335	d->keyfile = uuid_value;
	336	uuid_value = NULL;
c802a730	337	} else if (free_and_strdup(&arg_default_keyfile, value) < 0)
141a79f4	338	return log_oom();
7ab064a6	339
baade8cc JJ	340	} else if (STR_IN_SET(key, "luks.name", "rd.luks.name") && value) {
	341
	342	r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
	343	if (r == 2) {
	344	d = get_crypto_device(uuid);
	345	if (!d)
	346	return log_oom();
	347
	348	d->create = arg_whitelist = true;
	349
	350	free(d->name);
	351	d->name = uuid_value;
	352	uuid_value = NULL;
	353	} else
	354	log_warning("Failed to parse luks name switch %s. Ignoring.", value);
	355
85013844	356	}
66a78c2b	357
24a988e9	358	return 0;
66a78c2b LP	359	}
66a78c2b LP	360
0fa9e53d JJ	361	static int add_crypttab_devices(void) {
	362	struct stat st;
	363	unsigned crypttab_line = 0;
7fd1b19b	364	_cleanup_fclose_ FILE *f = NULL;
e23a0ce8	365
0fa9e53d JJ	366	if (!arg_read_crypttab)
	367	return 0;
	368
	369	f = fopen("/etc/crypttab", "re");
	370	if (!f) {
	371	if (errno != ENOENT)
	372	log_error_errno(errno, "Failed to open /etc/crypttab: %m");
	373	return 0;
e23a0ce8 LP	374	}
e23a0ce8 LP	375
0fa9e53d JJ	376	if (fstat(fileno(f), &st) < 0) {
	377	log_error_errno(errno, "Failed to stat /etc/crypttab: %m");
	378	return 0;
	379	}
e23a0ce8	380
0fa9e53d JJ	381	for (;;) {
	382	int r, k;
	383	char line[LINE_MAX], l, uuid;
	384	crypto_device *d = NULL;
	385	_cleanup_free_ char name = NULL, device = NULL, keyfile = NULL, options = NULL;
4c12626c	386
0fa9e53d JJ	387	if (!fgets(line, sizeof(line), f))
0fa9e53d JJ	388	break;
66a78c2b	389
0fa9e53d	390	crypttab_line++;
141a79f4	391
0fa9e53d JJ	392	l = strstrip(line);
	393	if (l == '#' \|\| l == 0)
	394	continue;
66a78c2b	395
0fa9e53d JJ	396	k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &keyfile, &options);
	397	if (k < 2 \|\| k > 4) {
	398	log_error("Failed to parse /etc/crypttab:%u, ignoring.", crypttab_line);
	399	continue;
	400	}
66a78c2b	401
0fa9e53d JJ	402	uuid = startswith(device, "UUID=");
	403	if (!uuid)
	404	uuid = path_startswith(device, "/dev/disk/by-uuid/");
	405	if (!uuid)
	406	uuid = startswith(name, "luks-");
	407	if (uuid)
	408	d = hashmap_get(arg_disks, uuid);
8973790e	409
0fa9e53d JJ	410	if (arg_whitelist && !d) {
	411	log_info("Not creating device '%s' because it was not specified on the kernel command line.", name);
	412	continue;
8973790e LP	413	}
8973790e LP	414
0fa9e53d JJ	415	r = create_disk(name, device, keyfile, (d && d->options) ? d->options : options);
	416	if (r < 0)
	417	return r;
8973790e	418
0fa9e53d JJ	419	if (d)
	420	d->create = false;
	421	}
8973790e	422
0fa9e53d JJ	423	return 0;
0fa9e53d JJ	424	}
66a78c2b	425
0fa9e53d JJ	426	static int add_proc_cmdline_devices(void) {
	427	int r;
	428	Iterator i;
	429	crypto_device *d;
66a78c2b	430
0fa9e53d JJ	431	HASHMAP_FOREACH(d, arg_disks, i) {
0fa9e53d JJ	432	const char *options;
baade8cc	433	_cleanup_free_ char *device = NULL;
66a78c2b	434
0fa9e53d JJ	435	if (!d->create)
0fa9e53d JJ	436	continue;
e23a0ce8	437
baade8cc JJ	438	if (!d->name) {
	439	d->name = strappend("luks-", d->uuid);
	440	if (!d->name)
	441	return log_oom();
	442	}
e23a0ce8	443
0fa9e53d JJ	444	device = strappend("UUID=", d->uuid);
	445	if (!device)
	446	return log_oom();
7ab064a6	447
0fa9e53d JJ	448	if (d->options)
	449	options = d->options;
	450	else if (arg_default_options)
	451	options = arg_default_options;
	452	else
	453	options = "timeout=0";
141a79f4	454
baade8cc	455	r = create_disk(d->name, device, d->keyfile ?: arg_default_keyfile, options);
0fa9e53d JJ	456	if (r < 0)
0fa9e53d JJ	457	return r;
e23a0ce8 LP	458	}
e23a0ce8 LP	459
0fa9e53d JJ	460	return 0;
0fa9e53d JJ	461	}
e23a0ce8	462
0fa9e53d JJ	463	int main(int argc, char *argv[]) {
0fa9e53d JJ	464	int r = EXIT_FAILURE;
e23a0ce8	465
0fa9e53d JJ	466	if (argc > 1 && argc != 4) {
	467	log_error("This program takes three or no arguments.");
	468	return EXIT_FAILURE;
	469	}
e23a0ce8	470
0fa9e53d JJ	471	if (argc > 1)
0fa9e53d JJ	472	arg_dest = argv[1];
e23a0ce8	473
0fa9e53d JJ	474	log_set_target(LOG_TARGET_SAFE);
	475	log_parse_environment();
	476	log_open();
e2cb60fa	477
0fa9e53d	478	umask(0022);
e23a0ce8	479
0fa9e53d JJ	480	arg_disks = hashmap_new(&string_hash_ops);
	481	if (!arg_disks)
	482	goto cleanup;
7ab064a6	483
0fa9e53d JJ	484	r = parse_proc_cmdline(parse_proc_cmdline_item);
	485	if (r < 0) {
	486	log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
	487	r = EXIT_FAILURE;
	488	}
7ab064a6	489
0fa9e53d JJ	490	if (!arg_enabled) {
	491	r = EXIT_SUCCESS;
	492	goto cleanup;
e23a0ce8 LP	493	}
e23a0ce8 LP	494
0fa9e53d JJ	495	if (add_crypttab_devices() < 0)
	496	goto cleanup;
	497
	498	if (add_proc_cmdline_devices() < 0)
	499	goto cleanup;
	500
	501	r = EXIT_SUCCESS;
141a79f4 ZJS	502
141a79f4 ZJS	503	cleanup:
0fa9e53d JJ	504	free_arg_disks();
	505	free(arg_default_options);
	506	free(arg_default_keyfile);
141a79f4	507
0fa9e53d	508	return r;
e23a0ce8	509	}