[thirdparty/systemd.git] / src / cryptsetup / cryptsetup-generator.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <string.h>
#include <errno.h>
#include <unistd.h>

#include "log.h"
#include "util.h"
#include "unit-name.h"
#include "mkdir.h"
#include "virt.h"
#include "strv.h"
#include "fileio.h"

static const char *arg_dest = "/tmp";
static bool arg_enabled = true;
static bool arg_read_crypttab = true;

static bool has_option(const char *haystack, const char *needle) {
        const char *f = haystack;
        size_t l;

        assert(needle);

        if (!haystack)
                return false;

        l = strlen(needle);

        while ((f = strstr(f, needle))) {

                if (f > haystack && f[-1] != ',') {
                        f++;
                        continue;
                }

                if (f[l] != 0 && f[l] != ',') {
                        f++;
                        continue;
                }

                return true;
        }

        return false;
}

static int create_disk(
                const char *name,
                const char *device,
                const char *password,
                const char *options) {

        _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *from = NULL, *to = NULL, *e = NULL;
        _cleanup_fclose_ FILE *f = NULL;
        bool noauto, nofail;

        assert(name);
        assert(device);

        noauto = has_option(options, "noauto");
        nofail = has_option(options, "nofail");

        n = unit_name_from_path_instance("systemd-cryptsetup", name, ".service");
        if (!n)
                return log_oom();

        p = strjoin(arg_dest, "/", n, NULL);
        if (!p)
                return log_oom();

        u = fstab_node_to_udev_node(device);
        if (!u)
                return log_oom();

        d = unit_name_from_path(u, ".device");
        if (!d)
                return log_oom();

        f = fopen(p, "wxe");
        if (!f) {
                log_error("Failed to create unit file %s: %m", p);
                return -errno;
        }

        fputs(
                "# Automatically generated by systemd-cryptsetup-generator\n\n"
                "[Unit]\n"
                "Description=Cryptography Setup for %I\n"
                "Documentation=man:systemd-cryptsetup@.service(8) man:crypttab(5)\n"
                "SourcePath=/etc/crypttab\n"
                "Conflicts=umount.target\n"
                "DefaultDependencies=no\n"
                "BindsTo=dev-mapper-%i.device\n"
                "After=systemd-readahead-collect.service systemd-readahead-replay.service\n",
                f);

        if (!nofail)
                fprintf(f,
                        "Before=cryptsetup.target\n");

        if (password) {
                if (streq(password, "/dev/urandom") ||
                    streq(password, "/dev/random") ||
                    streq(password, "/dev/hw_random"))
                        fputs("After=systemd-random-seed-load.service\n", f);
                else if (!streq(password, "-") &&
                         !streq(password, "none"))
                        fprintf(f,
                                "RequiresMountsFor=%s\n",
                                password);
        }

        if (is_device_path(u))
                fprintf(f,
                        "BindsTo=%s\n"
                        "After=%s\n"
                        "Before=umount.target\n",
                        d, d);
        else
                fprintf(f,
                        "RequiresMountsFor=%s\n",
                        u);

        fprintf(f,
                "\n[Service]\n"
                "Type=oneshot\n"
                "RemainAfterExit=yes\n"
                "TimeoutSec=0\n" /* the binary handles timeouts anyway */
                "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
                "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
                name, u, strempty(password), strempty(options),
                name);

        if (has_option(options, "tmp"))
                fprintf(f,
                        "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
                        name);

        if (has_option(options, "swap"))
                fprintf(f,
                        "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
                        name);

        fflush(f);

        if (ferror(f)) {
                log_error("Failed to write file %s: %m", p);
                return -errno;
        }

        if (asprintf(&from, "../%s", n) < 0)
                return log_oom();

        if (!noauto) {

                to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
                if (!to)
                        return log_oom();

                mkdir_parents_label(to, 0755);
                if (symlink(from, to) < 0) {
                        log_error("Failed to create symlink %s: %m", to);
                        return -errno;
                }

                free(to);
                if (!nofail)
                        to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
                else
                        to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
                if (!to)
                        return log_oom();

                mkdir_parents_label(to, 0755);
                if (symlink(from, to) < 0) {
                        log_error("Failed to create symlink %s: %m", to);
                        return -errno;
                }
        }

        e = unit_name_escape(name);
        if (!e)
                return log_oom();

        free(to);
        to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
        if (!to)
                return log_oom();

        mkdir_parents_label(to, 0755);
        if (symlink(from, to) < 0) {
                log_error("Failed to create symlink %s: %m", to);
                return -errno;
        }

        if (!noauto && !nofail) {
                int r;
                free(p);
                p = strjoin(arg_dest, "/dev-mapper-", e, ".device.d/50-job-timeout-sec-0.conf", NULL);
                if (!p)
                        return log_oom();

                mkdir_parents_label(p, 0755);

                r = write_string_file(p,
                                "# Automatically generated by systemd-cryptsetup-generator\n\n"
                                "[Unit]\n"
                                "JobTimeoutSec=0\n"); /* the binary handles timeouts anyway */
                if (r)
                        return r;
        }

        return 0;
}

static int parse_proc_cmdline(char ***arg_proc_cmdline_disks, char **arg_proc_cmdline_keyfile) {
        _cleanup_free_ char *line = NULL;
        char *w = NULL, *state = NULL;
        int r;
        size_t l;

        if (detect_container(NULL) > 0)
                return 0;

        r = read_one_line_file("/proc/cmdline", &line);
        if (r < 0) {
                log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
                return 0;
        }

        FOREACH_WORD_QUOTED(w, l, line, state) {
                _cleanup_free_ char *word = NULL;

                word = strndup(w, l);
                if (!word)
                        return log_oom();

                if (startswith(word, "luks=")) {
                        r = parse_boolean(word + 5);
                        if (r < 0)
                                log_warning("Failed to parse luks switch %s. Ignoring.", word + 5);
                        else
                                arg_enabled = r;

                } else if (startswith(word, "rd.luks=")) {

                        if (in_initrd()) {
                                r = parse_boolean(word + 8);
                                if (r < 0)
                                        log_warning("Failed to parse luks switch %s. Ignoring.", word + 8);
                                else
                                        arg_enabled = r;
                        }

                } else if (startswith(word, "luks.crypttab=")) {
                        r = parse_boolean(word + 14);
                        if (r < 0)
                                log_warning("Failed to parse luks crypttab switch %s. Ignoring.", word + 14);
                        else
                                arg_read_crypttab = r;

                } else if (startswith(word, "rd.luks.crypttab=")) {

                        if (in_initrd()) {
                                r = parse_boolean(word + 17);
                                if (r < 0)
                                        log_warning("Failed to parse luks crypttab switch %s. Ignoring.", word + 17);
                                else
                                        arg_read_crypttab = r;
                        }

                } else if (startswith(word, "luks.uuid=")) {
                        if (strv_extend(arg_proc_cmdline_disks, word + 10) < 0)
                                return log_oom();

                } else if (startswith(word, "rd.luks.uuid=")) {

                        if (in_initrd()) {
                                if (strv_extend(arg_proc_cmdline_disks, word + 13) < 0)
                                        return log_oom();
                        }

                } else if (startswith(word, "luks.key=")) {
                        *arg_proc_cmdline_keyfile = strdup(word + 9);
                        if (!*arg_proc_cmdline_keyfile)
                                return log_oom();

                } else if (startswith(word, "rd.luks.key=")) {

                        if (in_initrd()) {
                                if (*arg_proc_cmdline_keyfile)
                                        free(*arg_proc_cmdline_keyfile);
                                *arg_proc_cmdline_keyfile = strdup(word + 12);
                                if (!*arg_proc_cmdline_keyfile)
                                        return log_oom();
                        }

                } else if (startswith(word, "luks.") ||
                           (in_initrd() && startswith(word, "rd.luks."))) {

                        log_warning("Unknown kernel switch %s. Ignoring.", word);
                }
        }

        strv_uniq(*arg_proc_cmdline_disks);

        return 0;
}

int main(int argc, char *argv[]) {
        _cleanup_fclose_ FILE *f = NULL;
        unsigned n = 0;
        int r = EXIT_SUCCESS;
        char **i;
        _cleanup_strv_free_ char **arg_proc_cmdline_disks_done = NULL;
        _cleanup_strv_free_ char **arg_proc_cmdline_disks = NULL;
        _cleanup_free_ char *arg_proc_cmdline_keyfile = NULL;

        if (argc > 1 && argc != 4) {
                log_error("This program takes three or no arguments.");
                return EXIT_FAILURE;
        }

        if (argc > 1)
                arg_dest = argv[1];

        log_set_target(LOG_TARGET_SAFE);
        log_parse_environment();
        log_open();

        umask(0022);

        if (parse_proc_cmdline(&arg_proc_cmdline_disks, &arg_proc_cmdline_keyfile) < 0)
                return EXIT_FAILURE;

        if (!arg_enabled)
                return EXIT_SUCCESS;

        if (arg_read_crypttab) {
                f = fopen("/etc/crypttab", "re");

                if (!f) {
                        if (errno == ENOENT)
                                r = EXIT_SUCCESS;
                        else {
                                r = EXIT_FAILURE;
                                log_error("Failed to open /etc/crypttab: %m");
                        }
                } else for (;;) {
                        char line[LINE_MAX], *l;
                        _cleanup_free_ char *name = NULL, *device = NULL, *password = NULL, *options = NULL;
                        int k;

                        if (!fgets(line, sizeof(line), f))
                                break;

                        n++;

                        l = strstrip(line);
                        if (*l == '#' || *l == 0)
                                continue;

                        k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &password, &options);
                        if (k < 2 || k > 4) {
                                log_error("Failed to parse /etc/crypttab:%u, ignoring.", n);
                                r = EXIT_FAILURE;
                                continue;
                        }

                        if (arg_proc_cmdline_disks) {
                                /*
                                  If luks UUIDs are specified on the kernel command line, use them as a filter
                                  for /etc/crypttab and only generate units for those.
                                */
                                STRV_FOREACH(i, arg_proc_cmdline_disks) {
                                        _cleanup_free_ char *proc_device = NULL, *proc_name = NULL;
                                        const char *p = *i;

                                        if (startswith(p, "luks-"))
                                                p += 5;

                                        proc_name = strappend("luks-", p);
                                        proc_device = strappend("UUID=", p);

                                        if (!proc_name || !proc_device)
                                                return log_oom();

                                        if (streq(proc_device, device) || streq(proc_name, name)) {
                                                if (create_disk(name, device, password, options) < 0)
                                                        r = EXIT_FAILURE;

                                                if (strv_extend(&arg_proc_cmdline_disks_done, p) < 0)
                                                        return log_oom();
                                        }
                                }
                        } else {
                                if (create_disk(name, device, password, options) < 0)
                                        r = EXIT_FAILURE;
                        }
                }
        }

        STRV_FOREACH(i, arg_proc_cmdline_disks) {
                /*
                  Generate units for those UUIDs, which were specified
                  on the kernel command line and not yet written.
                */

                _cleanup_free_ char *name = NULL, *device = NULL;
                const char *p = *i;

                if (startswith(p, "luks-"))
                        p += 5;

                if (strv_contains(arg_proc_cmdline_disks_done, p))
                        continue;

                name = strappend("luks-", p);
                device = strappend("UUID=", p);

                if (!name || !device)
                        return log_oom();

                if (create_disk(name, device, arg_proc_cmdline_keyfile, "timeout=0") < 0)
                        r = EXIT_FAILURE;
        }

        return r;
}
Commit	Line	Data
e23a0ce8 LP	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2010 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	9	under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	10	the Free Software Foundation; either version 2.1 of the License, or
e23a0ce8 LP	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2	16	Lesser General Public License for more details.
e23a0ce8	17
5430f7f2	18	You should have received a copy of the GNU Lesser General Public License
e23a0ce8 LP	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	#include <string.h>
	23	#include <errno.h>
	24	#include <unistd.h>
	25
	26	#include "log.h"
	27	#include "util.h"
	28	#include "unit-name.h"
49e942b2	29	#include "mkdir.h"
66a78c2b LP	30	#include "virt.h"
66a78c2b LP	31	#include "strv.h"
a860325e	32	#include "fileio.h"
e23a0ce8	33
66a78c2b LP	34	static const char *arg_dest = "/tmp";
	35	static bool arg_enabled = true;
	36	static bool arg_read_crypttab = true;
e23a0ce8 LP	37
	38	static bool has_option(const char haystack, const char needle) {
	39	const char *f = haystack;
	40	size_t l;
	41
f653f683 LP	42	assert(needle);
	43
	44	if (!haystack)
	45	return false;
	46
e23a0ce8 LP	47	l = strlen(needle);
	48
	49	while ((f = strstr(f, needle))) {
	50
	51	if (f > haystack && f[-1] != ',') {
	52	f++;
	53	continue;
	54	}
	55
aae5220d	56	if (f[l] != 0 && f[l] != ',') {
e23a0ce8 LP	57	f++;
	58	continue;
	59	}
	60
	61	return true;
	62	}
	63
	64	return false;
	65	}
	66
	67	static int create_disk(
	68	const char *name,
	69	const char *device,
	70	const char *password,
	71	const char *options) {
	72
7fd1b19b HH	73	_cleanup_free_ char p = NULL, n = NULL, d = NULL, u = NULL, from = NULL, to = NULL, *e = NULL;
7fd1b19b HH	74	_cleanup_fclose_ FILE *f = NULL;
155da457	75	bool noauto, nofail;
e23a0ce8 LP	76
	77	assert(name);
	78	assert(device);
	79
155da457 LP	80	noauto = has_option(options, "noauto");
	81	nofail = has_option(options, "nofail");
	82
35eb6b12	83	n = unit_name_from_path_instance("systemd-cryptsetup", name, ".service");
24a988e9 HH	84	if (!n)
24a988e9 HH	85	return log_oom();
e23a0ce8	86
b7def684	87	p = strjoin(arg_dest, "/", n, NULL);
24a988e9 HH	88	if (!p)
24a988e9 HH	89	return log_oom();
e23a0ce8	90
f7f21d33	91	u = fstab_node_to_udev_node(device);
24a988e9 HH	92	if (!u)
24a988e9 HH	93	return log_oom();
e23a0ce8	94
f7f21d33	95	d = unit_name_from_path(u, ".device");
24a988e9 HH	96	if (!d)
24a988e9 HH	97	return log_oom();
e23a0ce8	98
f7f21d33 LP	99	f = fopen(p, "wxe");
f7f21d33 LP	100	if (!f) {
1cda32b8	101	log_error("Failed to create unit file %s: %m", p);
24a988e9	102	return -errno;
e23a0ce8 LP	103	}
e23a0ce8 LP	104
9ece938a	105	fputs(
6b1dc2bd	106	"# Automatically generated by systemd-cryptsetup-generator\n\n"
e23a0ce8	107	"[Unit]\n"
9ece938a	108	"Description=Cryptography Setup for %I\n"
1c732700	109	"Documentation=man:systemd-cryptsetup@.service(8) man:crypttab(5)\n"
1b64d026	110	"SourcePath=/etc/crypttab\n"
155da457	111	"Conflicts=umount.target\n"
e23a0ce8	112	"DefaultDependencies=no\n"
9ece938a TW	113	"BindsTo=dev-mapper-%i.device\n"
	114	"After=systemd-readahead-collect.service systemd-readahead-replay.service\n",
	115	f);
e23a0ce8	116
155da457 LP	117	if (!nofail)
	118	fprintf(f,
	119	"Before=cryptsetup.target\n");
	120
ceca9501 TW	121	if (password) {
	122	if (streq(password, "/dev/urandom") \|\|
	123	streq(password, "/dev/random") \|\|
	124	streq(password, "/dev/hw_random"))
	125	fputs("After=systemd-random-seed-load.service\n", f);
	126	else if (!streq(password, "-") &&
	127	!streq(password, "none"))
	128	fprintf(f,
	129	"RequiresMountsFor=%s\n",
	130	password);
	131	}
e23a0ce8	132
9ece938a TW	133	if (is_device_path(u))
	134	fprintf(f,
	135	"BindsTo=%s\n"
	136	"After=%s\n"
	137	"Before=umount.target\n",
	138	d, d);
	139	else
	140	fprintf(f,
	141	"RequiresMountsFor=%s\n",
	142	u);
	143
e23a0ce8 LP	144	fprintf(f,
	145	"\n[Service]\n"
	146	"Type=oneshot\n"
	147	"RemainAfterExit=yes\n"
90724929	148	"TimeoutSec=0\n" /* the binary handles timeouts anyway */
260ab287	149	"ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
7f4e0805	150	"ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
e23a0ce8 LP	151	name, u, strempty(password), strempty(options),
	152	name);
	153
f653f683	154	if (has_option(options, "tmp"))
e23a0ce8	155	fprintf(f,
50109038	156	"ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
1d3399e6	157	name);
e23a0ce8	158
f653f683	159	if (has_option(options, "swap"))
e23a0ce8	160	fprintf(f,
50109038	161	"ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
1d3399e6	162	name);
e23a0ce8 LP	163
	164	fflush(f);
	165
	166	if (ferror(f)) {
1cda32b8	167	log_error("Failed to write file %s: %m", p);
24a988e9	168	return -errno;
e23a0ce8 LP	169	}
e23a0ce8 LP	170
24a988e9 HH	171	if (asprintf(&from, "../%s", n) < 0)
24a988e9 HH	172	return log_oom();
74715b82	173
155da457	174	if (!noauto) {
e23a0ce8	175
b7def684	176	to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
24a988e9 HH	177	if (!to)
24a988e9 HH	178	return log_oom();
e23a0ce8	179
d2e54fae	180	mkdir_parents_label(to, 0755);
e23a0ce8	181	if (symlink(from, to) < 0) {
c79bb9e4	182	log_error("Failed to create symlink %s: %m", to);
24a988e9	183	return -errno;
e23a0ce8	184	}
2f8cd170 LP	185
2f8cd170 LP	186	free(to);
155da457	187	if (!nofail)
b7def684	188	to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
155da457	189	else
b7def684	190	to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
24a988e9 HH	191	if (!to)
24a988e9 HH	192	return log_oom();
2f8cd170	193
d2e54fae	194	mkdir_parents_label(to, 0755);
155da457	195	if (symlink(from, to) < 0) {
c79bb9e4	196	log_error("Failed to create symlink %s: %m", to);
24a988e9	197	return -errno;
2f8cd170	198	}
f7f21d33	199	}
74715b82 LP	200
74715b82 LP	201	e = unit_name_escape(name);
608d41f3 LP	202	if (!e)
	203	return log_oom();
	204
	205	free(to);
b7def684	206	to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
24a988e9 HH	207	if (!to)
24a988e9 HH	208	return log_oom();
74715b82	209
d2e54fae	210	mkdir_parents_label(to, 0755);
74715b82	211	if (symlink(from, to) < 0) {
c79bb9e4	212	log_error("Failed to create symlink %s: %m", to);
24a988e9	213	return -errno;
74715b82 LP	214	}
74715b82 LP	215
68395007 HH	216	if (!noauto && !nofail) {
	217	int r;
	218	free(p);
	219	p = strjoin(arg_dest, "/dev-mapper-", e, ".device.d/50-job-timeout-sec-0.conf", NULL);
	220	if (!p)
	221	return log_oom();
	222
	223	mkdir_parents_label(p, 0755);
	224
	225	r = write_string_file(p,
	226	"# Automatically generated by systemd-cryptsetup-generator\n\n"
	227	"[Unit]\n"
	228	"JobTimeoutSec=0\n"); /* the binary handles timeouts anyway */
	229	if (r)
	230	return r;
	231	}
	232
24a988e9	233	return 0;
e23a0ce8 LP	234	}
e23a0ce8 LP	235
951657bd	236	static int parse_proc_cmdline(char *arg_proc_cmdline_disks, char arg_proc_cmdline_keyfile) {
7fd1b19b	237	_cleanup_free_ char *line = NULL;
24a988e9	238	char w = NULL, state = NULL;
66a78c2b LP	239	int r;
	240	size_t l;
	241
	242	if (detect_container(NULL) > 0)
	243	return 0;
	244
	245	r = read_one_line_file("/proc/cmdline", &line);
	246	if (r < 0) {
	247	log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
	248	return 0;
	249	}
	250
	251	FOREACH_WORD_QUOTED(w, l, line, state) {
7fd1b19b	252	_cleanup_free_ char *word = NULL;
66a78c2b LP	253
66a78c2b LP	254	word = strndup(w, l);
24a988e9 HH	255	if (!word)
24a988e9 HH	256	return log_oom();
66a78c2b LP	257
	258	if (startswith(word, "luks=")) {
	259	r = parse_boolean(word + 5);
	260	if (r < 0)
	261	log_warning("Failed to parse luks switch %s. Ignoring.", word + 5);
	262	else
	263	arg_enabled = r;
	264
	265	} else if (startswith(word, "rd.luks=")) {
	266
	267	if (in_initrd()) {
	268	r = parse_boolean(word + 8);
	269	if (r < 0)
	270	log_warning("Failed to parse luks switch %s. Ignoring.", word + 8);
	271	else
	272	arg_enabled = r;
	273	}
	274
	275	} else if (startswith(word, "luks.crypttab=")) {
	276	r = parse_boolean(word + 14);
	277	if (r < 0)
	278	log_warning("Failed to parse luks crypttab switch %s. Ignoring.", word + 14);
	279	else
	280	arg_read_crypttab = r;
	281
	282	} else if (startswith(word, "rd.luks.crypttab=")) {
	283
	284	if (in_initrd()) {
	285	r = parse_boolean(word + 17);
	286	if (r < 0)
	287	log_warning("Failed to parse luks crypttab switch %s. Ignoring.", word + 17);
	288	else
	289	arg_read_crypttab = r;
	290	}
	291
	292	} else if (startswith(word, "luks.uuid=")) {
e32530cb	293	if (strv_extend(arg_proc_cmdline_disks, word + 10) < 0)
24a988e9 HH	294	return log_oom();
24a988e9 HH	295
66a78c2b LP	296	} else if (startswith(word, "rd.luks.uuid=")) {
	297
	298	if (in_initrd()) {
e32530cb	299	if (strv_extend(arg_proc_cmdline_disks, word + 13) < 0)
24a988e9	300	return log_oom();
66a78c2b LP	301	}
66a78c2b LP	302
951657bd HH	303	} else if (startswith(word, "luks.key=")) {
951657bd HH	304	*arg_proc_cmdline_keyfile = strdup(word + 9);
5a8e2178	305	if (!*arg_proc_cmdline_keyfile)
951657bd HH	306	return log_oom();
	307
	308	} else if (startswith(word, "rd.luks.key=")) {
	309
	310	if (in_initrd()) {
	311	if (*arg_proc_cmdline_keyfile)
	312	free(*arg_proc_cmdline_keyfile);
	313	*arg_proc_cmdline_keyfile = strdup(word + 12);
5a8e2178	314	if (!*arg_proc_cmdline_keyfile)
951657bd HH	315	return log_oom();
	316	}
	317
66a78c2b LP	318	} else if (startswith(word, "luks.") \|\|
	319	(in_initrd() && startswith(word, "rd.luks."))) {
	320
	321	log_warning("Unknown kernel switch %s. Ignoring.", word);
	322	}
66a78c2b LP	323	}
66a78c2b LP	324
24a988e9	325	strv_uniq(*arg_proc_cmdline_disks);
66a78c2b	326
24a988e9	327	return 0;
66a78c2b LP	328	}
66a78c2b LP	329
e23a0ce8	330	int main(int argc, char *argv[]) {
7fd1b19b	331	_cleanup_fclose_ FILE *f = NULL;
e23a0ce8	332	unsigned n = 0;
24a988e9	333	int r = EXIT_SUCCESS;
66a78c2b	334	char **i;
7fd1b19b HH	335	_cleanup_strv_free_ char **arg_proc_cmdline_disks_done = NULL;
	336	_cleanup_strv_free_ char **arg_proc_cmdline_disks = NULL;
	337	_cleanup_free_ char *arg_proc_cmdline_keyfile = NULL;
e23a0ce8	338
07719a21 LP	339	if (argc > 1 && argc != 4) {
07719a21 LP	340	log_error("This program takes three or no arguments.");
e23a0ce8 LP	341	return EXIT_FAILURE;
	342	}
	343
2a796654 LP	344	if (argc > 1)
2a796654 LP	345	arg_dest = argv[1];
e23a0ce8	346
a6903061	347	log_set_target(LOG_TARGET_SAFE);
e23a0ce8 LP	348	log_parse_environment();
	349	log_open();
	350
4c12626c LP	351	umask(0022);
4c12626c LP	352
951657bd	353	if (parse_proc_cmdline(&arg_proc_cmdline_disks, &arg_proc_cmdline_keyfile) < 0)
66a78c2b LP	354	return EXIT_FAILURE;
66a78c2b LP	355
24a988e9 HH	356	if (!arg_enabled)
24a988e9 HH	357	return EXIT_SUCCESS;
66a78c2b	358
e2cb60fa HH	359	if (arg_read_crypttab) {
e2cb60fa HH	360	f = fopen("/etc/crypttab", "re");
66a78c2b	361
e2cb60fa HH	362	if (!f) {
	363	if (errno == ENOENT)
	364	r = EXIT_SUCCESS;
	365	else {
	366	r = EXIT_FAILURE;
	367	log_error("Failed to open /etc/crypttab: %m");
	368	}
24a988e9	369	} else for (;;) {
e2cb60fa	370	char line[LINE_MAX], *l;
7fd1b19b	371	_cleanup_free_ char name = NULL, device = NULL, password = NULL, options = NULL;
e2cb60fa	372	int k;
66a78c2b	373
e2cb60fa HH	374	if (!fgets(line, sizeof(line), f))
e2cb60fa HH	375	break;
66a78c2b	376
e2cb60fa	377	n++;
66a78c2b	378
e2cb60fa HH	379	l = strstrip(line);
	380	if (l == '#' \|\| l == 0)
	381	continue;
e23a0ce8	382
e2cb60fa HH	383	k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &password, &options);
	384	if (k < 2 \|\| k > 4) {
	385	log_error("Failed to parse /etc/crypttab:%u, ignoring.", n);
	386	r = EXIT_FAILURE;
24a988e9	387	continue;
e2cb60fa	388	}
e23a0ce8	389
e2cb60fa HH	390	if (arg_proc_cmdline_disks) {
	391	/*
	392	If luks UUIDs are specified on the kernel command line, use them as a filter
	393	for /etc/crypttab and only generate units for those.
	394	*/
	395	STRV_FOREACH(i, arg_proc_cmdline_disks) {
7fd1b19b	396	_cleanup_free_ char proc_device = NULL, proc_name = NULL;
e2cb60fa HH	397	const char p = i;
	398
	399	if (startswith(p, "luks-"))
	400	p += 5;
	401
	402	proc_name = strappend("luks-", p);
	403	proc_device = strappend("UUID=", p);
	404
24a988e9 HH	405	if (!proc_name \|\| !proc_device)
	406	return log_oom();
	407
e2cb60fa	408	if (streq(proc_device, device) \|\| streq(proc_name, name)) {
e2cb60fa HH	409	if (create_disk(name, device, password, options) < 0)
	410	r = EXIT_FAILURE;
	411
e32530cb	412	if (strv_extend(&arg_proc_cmdline_disks_done, p) < 0)
24a988e9	413	return log_oom();
e2cb60fa	414	}
e2cb60fa HH	415	}
	416	} else {
	417	if (create_disk(name, device, password, options) < 0)
	418	r = EXIT_FAILURE;
	419	}
e2cb60fa	420	}
e23a0ce8 LP	421	}
e23a0ce8 LP	422
e2cb60fa HH	423	STRV_FOREACH(i, arg_proc_cmdline_disks) {
	424	/*
	425	Generate units for those UUIDs, which were specified
	426	on the kernel command line and not yet written.
	427	*/
e23a0ce8	428
7fd1b19b	429	_cleanup_free_ char name = NULL, device = NULL;
e2cb60fa	430	const char p = i;
e23a0ce8	431
e2cb60fa HH	432	if (startswith(p, "luks-"))
e2cb60fa HH	433	p += 5;
e23a0ce8	434
e2cb60fa	435	if (strv_contains(arg_proc_cmdline_disks_done, p))
e23a0ce8 LP	436	continue;
e23a0ce8 LP	437
e2cb60fa HH	438	name = strappend("luks-", p);
	439	device = strappend("UUID=", p);
	440
24a988e9 HH	441	if (!name \|\| !device)
24a988e9 HH	442	return log_oom();
e23a0ce8	443
951657bd	444	if (create_disk(name, device, arg_proc_cmdline_keyfile, "timeout=0") < 0)
e23a0ce8	445	r = EXIT_FAILURE;
e23a0ce8 LP	446	}
e23a0ce8 LP	447
e23a0ce8 LP	448	return r;
e23a0ce8 LP	449	}