]>
Commit | Line | Data |
---|---|---|
2f3dfc6f LP |
1 | /*** |
2 | This file is part of systemd. | |
3 | ||
4 | Copyright 2016 Lennart Poettering | |
5 | ||
6 | systemd is free software; you can redistribute it and/or modify it | |
7 | under the terms of the GNU Lesser General Public License as published by | |
8 | the Free Software Foundation; either version 2.1 of the License, or | |
9 | (at your option) any later version. | |
10 | ||
11 | systemd is distributed in the hope that it will be useful, but | |
12 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | Lesser General Public License for more details. | |
15 | ||
16 | You should have received a copy of the GNU Lesser General Public License | |
17 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
18 | ***/ | |
19 | ||
20 | #include <libcryptsetup.h> | |
21 | #include <stdio.h> | |
22 | #include <sys/stat.h> | |
23 | ||
24 | #include "log.h" | |
25 | #include "hexdecoct.h" | |
26 | #include "string-util.h" | |
27 | #include "alloc-util.h" | |
28 | ||
29 | static char *arg_root_hash = NULL; | |
30 | static char *arg_data_what = NULL; | |
31 | static char *arg_hash_what = NULL; | |
32 | ||
33 | static int help(void) { | |
34 | printf("%s attach VOLUME DATADEVICE HASHDEVICE ROOTHASH\n" | |
35 | "%s detach VOLUME\n\n" | |
36 | "Attaches or detaches an integrity protected block device.\n", | |
37 | program_invocation_short_name, | |
38 | program_invocation_short_name); | |
39 | ||
40 | return 0; | |
41 | } | |
42 | ||
43 | static void log_glue(int level, const char *msg, void *usrptr) { | |
44 | log_debug("%s", msg); | |
45 | } | |
46 | ||
47 | int main(int argc, char *argv[]) { | |
48 | struct crypt_device *cd = NULL; | |
49 | int r; | |
50 | ||
51 | if (argc <= 1) { | |
52 | r = help(); | |
53 | goto finish; | |
54 | } | |
55 | ||
56 | if (argc < 3) { | |
57 | log_error("This program requires at least two arguments."); | |
58 | r = -EINVAL; | |
59 | goto finish; | |
60 | } | |
61 | ||
62 | log_set_target(LOG_TARGET_AUTO); | |
63 | log_parse_environment(); | |
64 | log_open(); | |
65 | ||
66 | umask(0022); | |
67 | ||
68 | if (streq(argv[1], "attach")) { | |
69 | _cleanup_free_ void *m = NULL; | |
70 | crypt_status_info status; | |
71 | size_t l; | |
72 | ||
73 | if (argc < 6) { | |
74 | log_error("attach requires at least two arguments."); | |
75 | r = -EINVAL; | |
76 | goto finish; | |
77 | } | |
78 | ||
79 | r = unhexmem(argv[5], strlen(argv[5]), &m, &l); | |
80 | if (r < 0) { | |
81 | log_error("Failed to parse root hash."); | |
82 | goto finish; | |
83 | } | |
84 | ||
85 | r = crypt_init(&cd, argv[4]); | |
86 | if (r < 0) { | |
87 | log_error_errno(r, "Failed to open verity device %s: %m", argv[4]); | |
88 | goto finish; | |
89 | } | |
90 | ||
91 | crypt_set_log_callback(cd, log_glue, NULL); | |
92 | ||
93 | status = crypt_status(cd, argv[2]); | |
3742095b | 94 | if (IN_SET(status, CRYPT_ACTIVE, CRYPT_BUSY)) { |
2f3dfc6f LP |
95 | log_info("Volume %s already active.", argv[2]); |
96 | r = 0; | |
97 | goto finish; | |
98 | } | |
99 | ||
100 | r = crypt_load(cd, CRYPT_VERITY, NULL); | |
101 | if (r < 0) { | |
102 | log_error_errno(r, "Failed to load verity superblock: %m"); | |
103 | goto finish; | |
104 | } | |
105 | ||
106 | r = crypt_set_data_device(cd, argv[3]); | |
107 | if (r < 0) { | |
108 | log_error_errno(r, "Failed to configure data device: %m"); | |
109 | goto finish; | |
110 | } | |
111 | ||
112 | r = crypt_activate_by_volume_key(cd, argv[2], m, l, CRYPT_ACTIVATE_READONLY); | |
113 | if (r < 0) { | |
114 | log_error_errno(r, "Failed to set up verity device: %m"); | |
115 | goto finish; | |
116 | } | |
117 | ||
118 | } else if (streq(argv[1], "detach")) { | |
119 | ||
120 | r = crypt_init_by_name(&cd, argv[2]); | |
121 | if (r == -ENODEV) { | |
122 | log_info("Volume %s already inactive.", argv[2]); | |
123 | goto finish; | |
124 | } else if (r < 0) { | |
125 | log_error_errno(r, "crypt_init_by_name() failed: %m"); | |
126 | goto finish; | |
127 | } | |
128 | ||
129 | crypt_set_log_callback(cd, log_glue, NULL); | |
130 | ||
131 | r = crypt_deactivate(cd, argv[2]); | |
132 | if (r < 0) { | |
133 | log_error_errno(r, "Failed to deactivate: %m"); | |
134 | goto finish; | |
135 | } | |
136 | ||
137 | } else { | |
138 | log_error("Unknown verb %s.", argv[1]); | |
139 | r = -EINVAL; | |
140 | goto finish; | |
141 | } | |
142 | ||
143 | r = 0; | |
144 | ||
145 | finish: | |
146 | if (cd) | |
147 | crypt_free(cd); | |
148 | ||
149 | free(arg_root_hash); | |
150 | free(arg_data_what); | |
151 | free(arg_hash_what); | |
152 | ||
153 | return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; | |
154 | } |