[thirdparty/systemd.git] / src / cryptsetup / cryptsetup-generator.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <string.h>
#include <errno.h>
#include <unistd.h>

#include "log.h"
#include "util.h"
#include "unit-name.h"
#include "mkdir.h"
#include "strv.h"
#include "fileio.h"
#include "path-util.h"
#include "dropin.h"
#include "generator.h"

static const char *arg_dest = "/tmp";
static bool arg_enabled = true;
static bool arg_read_crypttab = true;
static char **arg_disks = NULL;
static char **arg_options = NULL;
static char *arg_keyfile = NULL;

static bool has_option(const char *haystack, const char *needle) {
        const char *f = haystack;
        size_t l;

        assert(needle);

        if (!haystack)
                return false;

        l = strlen(needle);

        while ((f = strstr(f, needle))) {

                if (f > haystack && f[-1] != ',') {
                        f++;
                        continue;
                }

                if (f[l] != 0 && f[l] != ',') {
                        f++;
                        continue;
                }

                return true;
        }

        return false;
}

static int create_disk(
                const char *name,
                const char *device,
                const char *password,
                const char *options) {

        _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL,
                *filtered = NULL;
        _cleanup_fclose_ FILE *f = NULL;
        bool noauto, nofail, tmp, swap;
        char *from;
        int r;

        assert(name);
        assert(device);

        noauto = has_option(options, "noauto");
        nofail = has_option(options, "nofail");
        tmp = has_option(options, "tmp");
        swap = has_option(options, "swap");

        if (tmp && swap) {
                log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
                return -EINVAL;
        }

        e = unit_name_escape(name);
        if (!e)
                return log_oom();

        n = unit_name_build("systemd-cryptsetup", e, ".service");
        if (!n)
                return log_oom();

        p = strjoin(arg_dest, "/", n, NULL);
        if (!p)
                return log_oom();

        u = fstab_node_to_udev_node(device);
        if (!u)
                return log_oom();

        d = unit_name_from_path(u, ".device");
        if (!d)
                return log_oom();

        f = fopen(p, "wxe");
        if (!f) {
                log_error("Failed to create unit file %s: %m", p);
                return -errno;
        }

        fputs(
                "# Automatically generated by systemd-cryptsetup-generator\n\n"
                "[Unit]\n"
                "Description=Cryptography Setup for %I\n"
                "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
                "SourcePath=/etc/crypttab\n"
                "DefaultDependencies=no\n"
                "Conflicts=umount.target\n"
                "BindsTo=dev-mapper-%i.device\n"
                "IgnoreOnIsolate=true\n"
                "After=cryptsetup-pre.target\n",
                f);

        if (!nofail)
                fprintf(f,
                        "Before=cryptsetup.target\n");

        if (password) {
                if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
                        fputs("After=systemd-random-seed.service\n", f);
                else if (!streq(password, "-") && !streq(password, "none")) {
                        _cleanup_free_ char *uu;

                        uu = fstab_node_to_udev_node(password);
                        if (!uu)
                                return log_oom();

                        if (!path_equal(uu, "/dev/null")) {

                                if (is_device_path(uu)) {
                                        _cleanup_free_ char *dd;

                                        dd = unit_name_from_path(uu, ".device");
                                        if (!dd)
                                                return log_oom();

                                        fprintf(f, "After=%1$s\nRequires=%1$s\n", dd);
                                } else
                                        fprintf(f, "RequiresMountsFor=%s\n", password);
                        }
                }
        }

        if (is_device_path(u))
                fprintf(f,
                        "BindsTo=%s\n"
                        "After=%s\n"
                        "Before=umount.target\n",
                        d, d);
        else
                fprintf(f,
                        "RequiresMountsFor=%s\n",
                        u);

        r = generator_write_timeouts(arg_dest, device, name, options, &filtered);
        if (r < 0)
                return r;

        fprintf(f,
                "\n[Service]\n"
                "Type=oneshot\n"
                "RemainAfterExit=yes\n"
                "TimeoutSec=0\n" /* the binary handles timeouts anyway */
                "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
                "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
                name, u, strempty(password), strempty(filtered),
                name);

        if (tmp)
                fprintf(f,
                        "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
                        name);

        if (swap)
                fprintf(f,
                        "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
                        name);

        fflush(f);
        if (ferror(f)) {
                log_error("Failed to write file %s: %m", p);
                return -errno;
        }

        from = strappenda("../", n);

        if (!noauto) {

                to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
                if (!to)
                        return log_oom();

                mkdir_parents_label(to, 0755);
                if (symlink(from, to) < 0) {
                        log_error("Failed to create symlink %s: %m", to);
                        return -errno;
                }

                free(to);
                if (!nofail)
                        to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
                else
                        to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
                if (!to)
                        return log_oom();

                mkdir_parents_label(to, 0755);
                if (symlink(from, to) < 0) {
                        log_error("Failed to create symlink %s: %m", to);
                        return -errno;
                }
        }

        free(to);
        to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
        if (!to)
                return log_oom();

        mkdir_parents_label(to, 0755);
        if (symlink(from, to) < 0) {
                log_error("Failed to create symlink %s: %m", to);
                return -errno;
        }

        if (!noauto && !nofail) {
                _cleanup_free_ char *dmname;
                dmname = strjoin("dev-mapper-", e, ".device", NULL);
                if (!dmname)
                        return log_oom();

                r = write_drop_in(arg_dest, dmname, 90, "device-timeout",
                                  "# Automatically generated by systemd-cryptsetup-generator \n\n"
                                  "[Unit]\nJobTimeoutSec=0");
                if (r < 0) {
                        log_error_errno(-r, "Failed to write device drop-in: %m");
                        return r;
                }
        }

        return 0;
}

static int parse_proc_cmdline_item(const char *key, const char *value) {
        int r;

        if (STR_IN_SET(key, "luks", "rd.luks") && value) {

                r = parse_boolean(value);
                if (r < 0)
                        log_warning("Failed to parse luks switch %s. Ignoring.", value);
                else
                        arg_enabled = r;

        } else if (STR_IN_SET(key, "luks.crypttab", "rd.luks.crypttab") && value) {

                r = parse_boolean(value);
                if (r < 0)
                        log_warning("Failed to parse luks crypttab switch %s. Ignoring.", value);
                else
                        arg_read_crypttab = r;

        } else if (STR_IN_SET(key, "luks.uuid", "rd.luks.uuid") && value) {

                if (strv_extend(&arg_disks, value) < 0)
                        return log_oom();

        } else if (STR_IN_SET(key, "luks.options", "rd.luks.options") && value) {

                if (strv_extend(&arg_options, value) < 0)
                        return log_oom();

        } else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) {

                free(arg_keyfile);
                arg_keyfile = strdup(value);
                if (!arg_keyfile)
                        return log_oom();

        }

        return 0;
}

int main(int argc, char *argv[]) {
        _cleanup_strv_free_ char **disks_done = NULL;
        _cleanup_fclose_ FILE *f = NULL;
        unsigned n = 0;
        int r = EXIT_FAILURE, r2 = EXIT_FAILURE, z;
        char **i;

        if (argc > 1 && argc != 4) {
                log_error("This program takes three or no arguments.");
                return EXIT_FAILURE;
        }

        if (argc > 1)
                arg_dest = argv[1];

        log_set_target(LOG_TARGET_SAFE);
        log_parse_environment();
        log_open();

        umask(0022);

        z = parse_proc_cmdline(parse_proc_cmdline_item);
        if (z < 0)
                log_warning_errno(-z, "Failed to parse kernel command line, ignoring: %m");

        if (!arg_enabled) {
                r = r2 = EXIT_SUCCESS;
                goto cleanup;
        }

        strv_uniq(arg_disks);

        if (arg_read_crypttab) {
                struct stat st;

                f = fopen("/etc/crypttab", "re");
                if (!f) {
                        if (errno == ENOENT)
                                r = EXIT_SUCCESS;
                        else
                                log_error("Failed to open /etc/crypttab: %m");

                        goto next;
                }

                if (fstat(fileno(f), &st) < 0) {
                        log_error("Failed to stat /etc/crypttab: %m");
                        goto next;
                }

                /* If we readd support for specifying passphrases
                 * directly in crypttabe we should upgrade the warning
                 * below, though possibly only if a passphrase is
                 * specified directly. */
                if (st.st_mode & 0005)
                        log_debug("/etc/crypttab is world-readable. This is usually not a good idea.");

                for (;;) {
                        char line[LINE_MAX], *l;
                        _cleanup_free_ char *name = NULL, *device = NULL, *password = NULL, *options = NULL;
                        int k;

                        if (!fgets(line, sizeof(line), f))
                                break;

                        n++;

                        l = strstrip(line);
                        if (*l == '#' || *l == 0)
                                continue;

                        k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &password, &options);
                        if (k < 2 || k > 4) {
                                log_error("Failed to parse /etc/crypttab:%u, ignoring.", n);
                                continue;
                        }

                        /*
                          If options are specified on the kernel command line, let them override
                          the ones from crypttab.
                        */
                        STRV_FOREACH(i, arg_options) {
                                _cleanup_free_ char *proc_uuid = NULL, *proc_options = NULL;
                                const char *p = *i;

                                k = sscanf(p, "%m[0-9a-fA-F-]=%ms", &proc_uuid, &proc_options);
                                if (k == 2 && streq(proc_uuid, device + 5)) {
                                        free(options);
                                        options = strdup(p);
                                        if (!options) {
                                                log_oom();
                                                goto cleanup;
                                        }
                                }
                        }

                        if (arg_disks) {
                                /*
                                  If luks UUIDs are specified on the kernel command line, use them as a filter
                                  for /etc/crypttab and only generate units for those.
                                */
                                STRV_FOREACH(i, arg_disks) {
                                        _cleanup_free_ char *proc_device = NULL, *proc_name = NULL;
                                        const char *p = *i;

                                        if (startswith(p, "luks-"))
                                                p += 5;

                                        proc_name = strappend("luks-", p);
                                        proc_device = strappend("UUID=", p);

                                        if (!proc_name || !proc_device) {
                                                log_oom();
                                                goto cleanup;
                                        }

                                        if (streq(proc_device, device) || streq(proc_name, name)) {
                                                if (create_disk(name, device, password, options) < 0)
                                                        goto cleanup;

                                                if (strv_extend(&disks_done, p) < 0) {
                                                        log_oom();
                                                        goto cleanup;
                                                }
                                        }
                                }
                        } else if (create_disk(name, device, password, options) < 0)
                                goto cleanup;

                }
        }

        r = EXIT_SUCCESS;

next:
        STRV_FOREACH(i, arg_disks) {
                /*
                  Generate units for those UUIDs, which were specified
                  on the kernel command line and not yet written.
                */

                _cleanup_free_ char *name = NULL, *device = NULL, *options = NULL;
                const char *p = *i;

                if (startswith(p, "luks-"))
                        p += 5;

                if (strv_contains(disks_done, p))
                        continue;

                name = strappend("luks-", p);
                device = strappend("UUID=", p);

                if (!name || !device) {
                        log_oom();
                        goto cleanup;
                }

                if (arg_options) {
                        /*
                          If options are specified on the kernel command line, use them.
                        */
                        char **j;

                        STRV_FOREACH(j, arg_options) {
                                _cleanup_free_ char *proc_uuid = NULL, *proc_options = NULL;
                                const char *s = *j;
                                int k;

                                k = sscanf(s, "%m[0-9a-fA-F-]=%ms", &proc_uuid, &proc_options);
                                if (k == 2) {
                                        if (streq(proc_uuid, device + 5)) {
                                                free(options);
                                                options = proc_options;
                                                proc_options = NULL;
                                        }
                                } else if (!options) {
                                        /*
                                          Fall back to options without a specified UUID
                                        */
                                        options = strdup(s);
                                        if (!options) {
                                                log_oom();
                                                goto cleanup;
                                        };
                                }
                        }
                }

                if (!options) {
                        options = strdup("timeout=0");
                        if (!options) {
                                log_oom();
                                goto cleanup;
                        }
                }

                if (create_disk(name, device, arg_keyfile, options) < 0)
                        goto cleanup;
        }

        r2 = EXIT_SUCCESS;

cleanup:
        strv_free(arg_disks);
        strv_free(arg_options);
        free(arg_keyfile);

        return r != EXIT_SUCCESS ? r : r2;
}
Commit	Line	Data
e23a0ce8 LP	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2010 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	9	under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	10	the Free Software Foundation; either version 2.1 of the License, or
e23a0ce8 LP	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2	16	Lesser General Public License for more details.
e23a0ce8	17
5430f7f2	18	You should have received a copy of the GNU Lesser General Public License
e23a0ce8 LP	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	#include <string.h>
	23	#include <errno.h>
	24	#include <unistd.h>
	25
	26	#include "log.h"
	27	#include "util.h"
	28	#include "unit-name.h"
49e942b2	29	#include "mkdir.h"
66a78c2b	30	#include "strv.h"
a860325e	31	#include "fileio.h"
bde29068	32	#include "path-util.h"
8eea8687 ZJS	33	#include "dropin.h"
8eea8687 ZJS	34	#include "generator.h"
e23a0ce8	35
66a78c2b LP	36	static const char *arg_dest = "/tmp";
	37	static bool arg_enabled = true;
	38	static bool arg_read_crypttab = true;
744198e9 LP	39	static char **arg_disks = NULL;
	40	static char **arg_options = NULL;
	41	static char *arg_keyfile = NULL;
141a79f4	42
e23a0ce8 LP	43	static bool has_option(const char haystack, const char needle) {
	44	const char *f = haystack;
	45	size_t l;
	46
f653f683 LP	47	assert(needle);
	48
	49	if (!haystack)
	50	return false;
	51
e23a0ce8 LP	52	l = strlen(needle);
	53
	54	while ((f = strstr(f, needle))) {
	55
	56	if (f > haystack && f[-1] != ',') {
	57	f++;
	58	continue;
	59	}
	60
aae5220d	61	if (f[l] != 0 && f[l] != ',') {
e23a0ce8 LP	62	f++;
	63	continue;
	64	}
	65
	66	return true;
	67	}
	68
	69	return false;
	70	}
	71
	72	static int create_disk(
	73	const char *name,
	74	const char *device,
	75	const char *password,
	76	const char *options) {
	77
8eea8687 ZJS	78	_cleanup_free_ char p = NULL, n = NULL, d = NULL, u = NULL, to = NULL, e = NULL,
8eea8687 ZJS	79	*filtered = NULL;
7fd1b19b	80	_cleanup_fclose_ FILE *f = NULL;
8c11d3c1	81	bool noauto, nofail, tmp, swap;
744198e9 LP	82	char *from;
744198e9 LP	83	int r;
e23a0ce8 LP	84
	85	assert(name);
	86	assert(device);
	87
155da457 LP	88	noauto = has_option(options, "noauto");
155da457 LP	89	nofail = has_option(options, "nofail");
8c11d3c1 TG	90	tmp = has_option(options, "tmp");
	91	swap = has_option(options, "swap");
	92
	93	if (tmp && swap) {
	94	log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
	95	return -EINVAL;
	96	}
155da457	97
744198e9 LP	98	e = unit_name_escape(name);
	99	if (!e)
	100	return log_oom();
	101
	102	n = unit_name_build("systemd-cryptsetup", e, ".service");
24a988e9 HH	103	if (!n)
24a988e9 HH	104	return log_oom();
e23a0ce8	105
b7def684	106	p = strjoin(arg_dest, "/", n, NULL);
24a988e9 HH	107	if (!p)
24a988e9 HH	108	return log_oom();
e23a0ce8	109
f7f21d33	110	u = fstab_node_to_udev_node(device);
24a988e9 HH	111	if (!u)
24a988e9 HH	112	return log_oom();
e23a0ce8	113
f7f21d33	114	d = unit_name_from_path(u, ".device");
24a988e9 HH	115	if (!d)
24a988e9 HH	116	return log_oom();
e23a0ce8	117
f7f21d33 LP	118	f = fopen(p, "wxe");
f7f21d33 LP	119	if (!f) {
1cda32b8	120	log_error("Failed to create unit file %s: %m", p);
24a988e9	121	return -errno;
e23a0ce8 LP	122	}
e23a0ce8 LP	123
9ece938a	124	fputs(
6b1dc2bd	125	"# Automatically generated by systemd-cryptsetup-generator\n\n"
e23a0ce8	126	"[Unit]\n"
9ece938a	127	"Description=Cryptography Setup for %I\n"
c3834f9b	128	"Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
1b64d026	129	"SourcePath=/etc/crypttab\n"
e23a0ce8	130	"DefaultDependencies=no\n"
744198e9	131	"Conflicts=umount.target\n"
9ece938a	132	"BindsTo=dev-mapper-%i.device\n"
4469ff4a	133	"IgnoreOnIsolate=true\n"
d6bc8348	134	"After=cryptsetup-pre.target\n",
9ece938a	135	f);
e23a0ce8	136
155da457 LP	137	if (!nofail)
	138	fprintf(f,
	139	"Before=cryptsetup.target\n");
	140
ceca9501	141	if (password) {
744198e9	142	if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
a0f70805	143	fputs("After=systemd-random-seed.service\n", f);
66a5dbdf	144	else if (!streq(password, "-") && !streq(password, "none")) {
744198e9 LP	145	_cleanup_free_ char *uu;
	146
	147	uu = fstab_node_to_udev_node(password);
	148	if (!uu)
66a5dbdf DR	149	return log_oom();
66a5dbdf DR	150
bde29068	151	if (!path_equal(uu, "/dev/null")) {
744198e9	152
bde29068 LP	153	if (is_device_path(uu)) {
bde29068 LP	154	_cleanup_free_ char *dd;
66a5dbdf	155
bde29068 LP	156	dd = unit_name_from_path(uu, ".device");
	157	if (!dd)
	158	return log_oom();
	159
	160	fprintf(f, "After=%1$s\nRequires=%1$s\n", dd);
	161	} else
	162	fprintf(f, "RequiresMountsFor=%s\n", password);
	163	}
66a5dbdf	164	}
ceca9501	165	}
e23a0ce8	166
9ece938a TW	167	if (is_device_path(u))
	168	fprintf(f,
	169	"BindsTo=%s\n"
	170	"After=%s\n"
	171	"Before=umount.target\n",
	172	d, d);
	173	else
	174	fprintf(f,
	175	"RequiresMountsFor=%s\n",
	176	u);
	177
8eea8687 ZJS	178	r = generator_write_timeouts(arg_dest, device, name, options, &filtered);
	179	if (r < 0)
	180	return r;
	181
e23a0ce8 LP	182	fprintf(f,
	183	"\n[Service]\n"
	184	"Type=oneshot\n"
	185	"RemainAfterExit=yes\n"
90724929	186	"TimeoutSec=0\n" /* the binary handles timeouts anyway */
260ab287	187	"ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
7f4e0805	188	"ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
8eea8687	189	name, u, strempty(password), strempty(filtered),
e23a0ce8 LP	190	name);
e23a0ce8 LP	191
8c11d3c1	192	if (tmp)
e23a0ce8	193	fprintf(f,
50109038	194	"ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
1d3399e6	195	name);
e23a0ce8	196
8c11d3c1	197	if (swap)
e23a0ce8	198	fprintf(f,
50109038	199	"ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
1d3399e6	200	name);
e23a0ce8 LP	201
e23a0ce8 LP	202	fflush(f);
e23a0ce8	203	if (ferror(f)) {
1cda32b8	204	log_error("Failed to write file %s: %m", p);
24a988e9	205	return -errno;
e23a0ce8 LP	206	}
e23a0ce8 LP	207
744198e9	208	from = strappenda("../", n);
74715b82	209
155da457	210	if (!noauto) {
e23a0ce8	211
b7def684	212	to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
24a988e9 HH	213	if (!to)
24a988e9 HH	214	return log_oom();
e23a0ce8	215
d2e54fae	216	mkdir_parents_label(to, 0755);
e23a0ce8	217	if (symlink(from, to) < 0) {
c79bb9e4	218	log_error("Failed to create symlink %s: %m", to);
24a988e9	219	return -errno;
e23a0ce8	220	}
2f8cd170 LP	221
2f8cd170 LP	222	free(to);
155da457	223	if (!nofail)
b7def684	224	to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
155da457	225	else
b7def684	226	to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
24a988e9 HH	227	if (!to)
24a988e9 HH	228	return log_oom();
2f8cd170	229
d2e54fae	230	mkdir_parents_label(to, 0755);
155da457	231	if (symlink(from, to) < 0) {
c79bb9e4	232	log_error("Failed to create symlink %s: %m", to);
24a988e9	233	return -errno;
2f8cd170	234	}
f7f21d33	235	}
74715b82	236
608d41f3	237	free(to);
b7def684	238	to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
24a988e9 HH	239	if (!to)
24a988e9 HH	240	return log_oom();
74715b82	241
d2e54fae	242	mkdir_parents_label(to, 0755);
74715b82	243	if (symlink(from, to) < 0) {
c79bb9e4	244	log_error("Failed to create symlink %s: %m", to);
24a988e9	245	return -errno;
74715b82 LP	246	}
74715b82 LP	247
68395007	248	if (!noauto && !nofail) {
a6fb0dc1 HG	249	_cleanup_free_ char *dmname;
	250	dmname = strjoin("dev-mapper-", e, ".device", NULL);
	251	if (!dmname)
	252	return log_oom();
	253
	254	r = write_drop_in(arg_dest, dmname, 90, "device-timeout",
8eea8687 ZJS	255	"# Automatically generated by systemd-cryptsetup-generator \n\n"
8eea8687 ZJS	256	"[Unit]\nJobTimeoutSec=0");
744198e9	257	if (r < 0) {
0a1beeb6	258	log_error_errno(-r, "Failed to write device drop-in: %m");
68395007	259	return r;
744198e9	260	}
68395007 HH	261	}
68395007 HH	262
24a988e9	263	return 0;
e23a0ce8 LP	264	}
e23a0ce8 LP	265
059cb385	266	static int parse_proc_cmdline_item(const char key, const char value) {
74df0fca	267	int r;
66a78c2b	268
059cb385 LP	269	if (STR_IN_SET(key, "luks", "rd.luks") && value) {
	270
	271	r = parse_boolean(value);
141a79f4	272	if (r < 0)
059cb385	273	log_warning("Failed to parse luks switch %s. Ignoring.", value);
141a79f4 ZJS	274	else
141a79f4 ZJS	275	arg_enabled = r;
66a78c2b	276
059cb385	277	} else if (STR_IN_SET(key, "luks.crypttab", "rd.luks.crypttab") && value) {
66a78c2b	278
059cb385	279	r = parse_boolean(value);
141a79f4	280	if (r < 0)
059cb385	281	log_warning("Failed to parse luks crypttab switch %s. Ignoring.", value);
141a79f4 ZJS	282	else
141a79f4 ZJS	283	arg_read_crypttab = r;
66a78c2b	284
059cb385	285	} else if (STR_IN_SET(key, "luks.uuid", "rd.luks.uuid") && value) {
66a78c2b	286
059cb385	287	if (strv_extend(&arg_disks, value) < 0)
141a79f4	288	return log_oom();
66a78c2b	289
059cb385	290	} else if (STR_IN_SET(key, "luks.options", "rd.luks.options") && value) {
66a78c2b	291
059cb385	292	if (strv_extend(&arg_options, value) < 0)
141a79f4	293	return log_oom();
66a78c2b	294
059cb385	295	} else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) {
66a78c2b	296
141a79f4	297	free(arg_keyfile);
66aaf85e	298	arg_keyfile = strdup(value);
141a79f4 ZJS	299	if (!arg_keyfile)
141a79f4 ZJS	300	return log_oom();
7ab064a6	301
85013844	302	}
66a78c2b	303
24a988e9	304	return 0;
66a78c2b LP	305	}
66a78c2b LP	306
e23a0ce8	307	int main(int argc, char *argv[]) {
141a79f4	308	_cleanup_strv_free_ char **disks_done = NULL;
7fd1b19b	309	_cleanup_fclose_ FILE *f = NULL;
e23a0ce8	310	unsigned n = 0;
b5884878	311	int r = EXIT_FAILURE, r2 = EXIT_FAILURE, z;
66a78c2b	312	char **i;
e23a0ce8	313
07719a21 LP	314	if (argc > 1 && argc != 4) {
07719a21 LP	315	log_error("This program takes three or no arguments.");
e23a0ce8 LP	316	return EXIT_FAILURE;
	317	}
	318
2a796654 LP	319	if (argc > 1)
2a796654 LP	320	arg_dest = argv[1];
e23a0ce8	321
a6903061	322	log_set_target(LOG_TARGET_SAFE);
e23a0ce8 LP	323	log_parse_environment();
	324	log_open();
	325
4c12626c LP	326	umask(0022);
4c12626c LP	327
b5884878 LP	328	z = parse_proc_cmdline(parse_proc_cmdline_item);
b5884878 LP	329	if (z < 0)
0a1beeb6	330	log_warning_errno(-z, "Failed to parse kernel command line, ignoring: %m");
66a78c2b	331
141a79f4 ZJS	332	if (!arg_enabled) {
	333	r = r2 = EXIT_SUCCESS;
	334	goto cleanup;
	335	}
	336
	337	strv_uniq(arg_disks);
66a78c2b	338
e2cb60fa	339	if (arg_read_crypttab) {
8973790e	340	struct stat st;
66a78c2b	341
8973790e	342	f = fopen("/etc/crypttab", "re");
e2cb60fa HH	343	if (!f) {
	344	if (errno == ENOENT)
	345	r = EXIT_SUCCESS;
141a79f4	346	else
e2cb60fa	347	log_error("Failed to open /etc/crypttab: %m");
8973790e LP	348
	349	goto next;
	350	}
	351
	352	if (fstat(fileno(f), &st) < 0) {
	353	log_error("Failed to stat /etc/crypttab: %m");
8973790e LP	354	goto next;
	355	}
	356
2b68185a LP	357	/* If we readd support for specifying passphrases
	358	* directly in crypttabe we should upgrade the warning
	359	* below, though possibly only if a passphrase is
	360	* specified directly. */
8973790e	361	if (st.st_mode & 0005)
2b68185a	362	log_debug("/etc/crypttab is world-readable. This is usually not a good idea.");
8973790e LP	363
8973790e LP	364	for (;;) {
e2cb60fa	365	char line[LINE_MAX], *l;
7fd1b19b	366	_cleanup_free_ char name = NULL, device = NULL, password = NULL, options = NULL;
e2cb60fa	367	int k;
66a78c2b	368
e2cb60fa HH	369	if (!fgets(line, sizeof(line), f))
e2cb60fa HH	370	break;
66a78c2b	371
e2cb60fa	372	n++;
66a78c2b	373
e2cb60fa HH	374	l = strstrip(line);
	375	if (l == '#' \|\| l == 0)
	376	continue;
e23a0ce8	377
e2cb60fa HH	378	k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &password, &options);
	379	if (k < 2 \|\| k > 4) {
	380	log_error("Failed to parse /etc/crypttab:%u, ignoring.", n);
24a988e9	381	continue;
e2cb60fa	382	}
e23a0ce8	383
141a79f4	384	/*
3f85ef0f	385	If options are specified on the kernel command line, let them override
141a79f4 ZJS	386	the ones from crypttab.
	387	*/
	388	STRV_FOREACH(i, arg_options) {
	389	_cleanup_free_ char proc_uuid = NULL, proc_options = NULL;
	390	const char p = i;
	391
	392	k = sscanf(p, "%m[0-9a-fA-F-]=%ms", &proc_uuid, &proc_options);
	393	if (k == 2 && streq(proc_uuid, device + 5)) {
	394	free(options);
	395	options = strdup(p);
0e2f1401	396	if (!options) {
141a79f4 ZJS	397	log_oom();
141a79f4 ZJS	398	goto cleanup;
7ab064a6 TG	399	}
	400	}
	401	}
	402
141a79f4	403	if (arg_disks) {
e2cb60fa HH	404	/*
	405	If luks UUIDs are specified on the kernel command line, use them as a filter
	406	for /etc/crypttab and only generate units for those.
	407	*/
141a79f4	408	STRV_FOREACH(i, arg_disks) {
7fd1b19b	409	_cleanup_free_ char proc_device = NULL, proc_name = NULL;
e2cb60fa HH	410	const char p = i;
	411
	412	if (startswith(p, "luks-"))
	413	p += 5;
	414
	415	proc_name = strappend("luks-", p);
	416	proc_device = strappend("UUID=", p);
	417
141a79f4 ZJS	418	if (!proc_name \|\| !proc_device) {
	419	log_oom();
	420	goto cleanup;
	421	}
24a988e9	422
e2cb60fa	423	if (streq(proc_device, device) \|\| streq(proc_name, name)) {
e2cb60fa	424	if (create_disk(name, device, password, options) < 0)
141a79f4	425	goto cleanup;
e2cb60fa	426
141a79f4 ZJS	427	if (strv_extend(&disks_done, p) < 0) {
	428	log_oom();
	429	goto cleanup;
	430	}
e2cb60fa	431	}
e2cb60fa	432	}
141a79f4 ZJS	433	} else if (create_disk(name, device, password, options) < 0)
	434	goto cleanup;
	435
e2cb60fa	436	}
e23a0ce8 LP	437	}
e23a0ce8 LP	438
141a79f4 ZJS	439	r = EXIT_SUCCESS;
141a79f4 ZJS	440
8973790e	441	next:
141a79f4	442	STRV_FOREACH(i, arg_disks) {
e2cb60fa HH	443	/*
	444	Generate units for those UUIDs, which were specified
	445	on the kernel command line and not yet written.
	446	*/
e23a0ce8	447
7ab064a6	448	_cleanup_free_ char name = NULL, device = NULL, *options = NULL;
e2cb60fa	449	const char p = i;
e23a0ce8	450
e2cb60fa HH	451	if (startswith(p, "luks-"))
e2cb60fa HH	452	p += 5;
e23a0ce8	453
141a79f4	454	if (strv_contains(disks_done, p))
e23a0ce8 LP	455	continue;
e23a0ce8 LP	456
e2cb60fa HH	457	name = strappend("luks-", p);
	458	device = strappend("UUID=", p);
	459
141a79f4 ZJS	460	if (!name \|\| !device) {
	461	log_oom();
	462	goto cleanup;
	463	}
e23a0ce8	464
141a79f4	465	if (arg_options) {
7ab064a6	466	/*
3f85ef0f	467	If options are specified on the kernel command line, use them.
7ab064a6 TG	468	*/
	469	char **j;
	470
141a79f4	471	STRV_FOREACH(j, arg_options) {
7ab064a6 TG	472	_cleanup_free_ char proc_uuid = NULL, proc_options = NULL;
	473	const char s = j;
	474	int k;
	475
	476	k = sscanf(s, "%m[0-9a-fA-F-]=%ms", &proc_uuid, &proc_options);
	477	if (k == 2) {
	478	if (streq(proc_uuid, device + 5)) {
744198e9 LP	479	free(options);
	480	options = proc_options;
	481	proc_options = NULL;
7ab064a6 TG	482	}
	483	} else if (!options) {
	484	/*
	485	Fall back to options without a specified UUID
	486	*/
	487	options = strdup(s);
141a79f4 ZJS	488	if (!options) {
	489	log_oom();
	490	goto cleanup;
	491	};
7ab064a6 TG	492	}
	493	}
	494	}
	495
	496	if (!options) {
	497	options = strdup("timeout=0");
141a79f4 ZJS	498	if (!options) {
	499	log_oom();
	500	goto cleanup;
	501	}
7ab064a6 TG	502	}
7ab064a6 TG	503
141a79f4 ZJS	504	if (create_disk(name, device, arg_keyfile, options) < 0)
141a79f4 ZJS	505	goto cleanup;
e23a0ce8 LP	506	}
e23a0ce8 LP	507
141a79f4 ZJS	508	r2 = EXIT_SUCCESS;
	509
	510	cleanup:
	511	strv_free(arg_disks);
	512	strv_free(arg_options);
	513	free(arg_keyfile);
	514
	515	return r != EXIT_SUCCESS ? r : r2;
e23a0ce8	516	}