]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
e23a0ce8 | 2 | |
e23a0ce8 | 3 | #include <errno.h> |
0d536673 | 4 | #include <stdio_ext.h> |
e23a0ce8 | 5 | |
b5efdb8a | 6 | #include "alloc-util.h" |
b42674a1 | 7 | #include "def.h" |
0fa9e53d | 8 | #include "dropin.h" |
7949dfa7 | 9 | #include "escape.h" |
3ffd4af2 | 10 | #include "fd-util.h" |
0d39fa9c | 11 | #include "fileio.h" |
07630cea | 12 | #include "fstab-util.h" |
0fa9e53d JJ |
13 | #include "generator.h" |
14 | #include "hashmap.h" | |
7949dfa7 | 15 | #include "id128-util.h" |
e23a0ce8 | 16 | #include "log.h" |
49e942b2 | 17 | #include "mkdir.h" |
6bedfcbb | 18 | #include "parse-util.h" |
bde29068 | 19 | #include "path-util.h" |
4e731273 | 20 | #include "proc-cmdline.h" |
98bad05e | 21 | #include "specifier.h" |
07630cea | 22 | #include "string-util.h" |
0fa9e53d JJ |
23 | #include "strv.h" |
24 | #include "unit-name.h" | |
25 | #include "util.h" | |
26 | ||
27 | typedef struct crypto_device { | |
28 | char *uuid; | |
6cd5b12a | 29 | char *keyfile; |
70f5f48e | 30 | char *keydev; |
baade8cc | 31 | char *name; |
0fa9e53d JJ |
32 | char *options; |
33 | bool create; | |
34 | } crypto_device; | |
e23a0ce8 | 35 | |
66a78c2b LP |
36 | static const char *arg_dest = "/tmp"; |
37 | static bool arg_enabled = true; | |
38 | static bool arg_read_crypttab = true; | |
0fa9e53d JJ |
39 | static bool arg_whitelist = false; |
40 | static Hashmap *arg_disks = NULL; | |
41 | static char *arg_default_options = NULL; | |
42 | static char *arg_default_keyfile = NULL; | |
141a79f4 | 43 | |
70f5f48e | 44 | static int generate_keydev_mount(const char *name, const char *keydev, char **unit, char **mount) { |
7949dfa7 | 45 | _cleanup_free_ char *u = NULL, *what = NULL, *where = NULL, *name_escaped = NULL; |
70f5f48e MS |
46 | _cleanup_fclose_ FILE *f = NULL; |
47 | int r; | |
48 | ||
49 | assert(name); | |
50 | assert(keydev); | |
51 | assert(unit); | |
52 | assert(mount); | |
53 | ||
54 | r = mkdir_parents("/run/systemd/cryptsetup", 0755); | |
55 | if (r < 0) | |
56 | return r; | |
57 | ||
58 | r = mkdir("/run/systemd/cryptsetup", 0700); | |
579875bc MS |
59 | if (r < 0 && errno != EEXIST) |
60 | return -errno; | |
70f5f48e | 61 | |
7949dfa7 MS |
62 | name_escaped = cescape(name); |
63 | if (!name_escaped) | |
64 | return -ENOMEM; | |
65 | ||
66 | where = strjoin("/run/systemd/cryptsetup/keydev-", name_escaped); | |
70f5f48e MS |
67 | if (!where) |
68 | return -ENOMEM; | |
69 | ||
70 | r = mkdir(where, 0700); | |
579875bc MS |
71 | if (r < 0 && errno != EEXIST) |
72 | return -errno; | |
70f5f48e MS |
73 | |
74 | r = unit_name_from_path(where, ".mount", &u); | |
75 | if (r < 0) | |
76 | return r; | |
77 | ||
78 | r = generator_open_unit_file(arg_dest, NULL, u, &f); | |
79 | if (r < 0) | |
80 | return r; | |
81 | ||
82 | what = fstab_node_to_udev_node(keydev); | |
83 | if (!what) | |
84 | return -ENOMEM; | |
85 | ||
86 | fprintf(f, | |
87 | "[Unit]\n" | |
88 | "DefaultDependencies=no\n\n" | |
89 | "[Mount]\n" | |
90 | "What=%s\n" | |
91 | "Where=%s\n" | |
92 | "Options=ro\n", what, where); | |
93 | ||
94 | r = fflush_and_check(f); | |
95 | if (r < 0) | |
96 | return r; | |
97 | ||
98 | *unit = TAKE_PTR(u); | |
99 | *mount = TAKE_PTR(where); | |
100 | ||
101 | return 0; | |
102 | } | |
103 | ||
e23a0ce8 LP |
104 | static int create_disk( |
105 | const char *name, | |
106 | const char *device, | |
70f5f48e | 107 | const char *keydev, |
e23a0ce8 LP |
108 | const char *password, |
109 | const char *options) { | |
110 | ||
fb883e75 | 111 | _cleanup_free_ char *n = NULL, *d = NULL, *u = NULL, *e = NULL, |
70f5f48e | 112 | *filtered = NULL, *u_escaped = NULL, *password_escaped = NULL, *filtered_escaped = NULL, *name_escaped = NULL, *keydev_mount = NULL; |
7fd1b19b | 113 | _cleanup_fclose_ FILE *f = NULL; |
b559616f | 114 | const char *dmname; |
b001ad61 | 115 | bool noauto, nofail, tmp, swap, netdev; |
744198e9 | 116 | int r; |
e23a0ce8 LP |
117 | |
118 | assert(name); | |
119 | assert(device); | |
120 | ||
b9f111b9 ZJS |
121 | noauto = fstab_test_yes_no_option(options, "noauto\0" "auto\0"); |
122 | nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0"); | |
a6dba978 ZJS |
123 | tmp = fstab_test_option(options, "tmp\0"); |
124 | swap = fstab_test_option(options, "swap\0"); | |
b001ad61 | 125 | netdev = fstab_test_option(options, "_netdev\0"); |
8c11d3c1 TG |
126 | |
127 | if (tmp && swap) { | |
128 | log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name); | |
129 | return -EINVAL; | |
130 | } | |
155da457 | 131 | |
98bad05e LP |
132 | name_escaped = specifier_escape(name); |
133 | if (!name_escaped) | |
134 | return log_oom(); | |
135 | ||
744198e9 LP |
136 | e = unit_name_escape(name); |
137 | if (!e) | |
138 | return log_oom(); | |
139 | ||
f7f21d33 | 140 | u = fstab_node_to_udev_node(device); |
24a988e9 HH |
141 | if (!u) |
142 | return log_oom(); | |
e23a0ce8 | 143 | |
fb883e75 ZJS |
144 | r = unit_name_build("systemd-cryptsetup", e, ".service", &n); |
145 | if (r < 0) | |
146 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
147 | ||
98bad05e LP |
148 | u_escaped = specifier_escape(u); |
149 | if (!u_escaped) | |
150 | return log_oom(); | |
151 | ||
7410616c LP |
152 | r = unit_name_from_path(u, ".device", &d); |
153 | if (r < 0) | |
154 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
e23a0ce8 | 155 | |
d31eb24f LP |
156 | if (password) { |
157 | password_escaped = specifier_escape(password); | |
158 | if (!password_escaped) | |
159 | return log_oom(); | |
160 | } | |
98bad05e | 161 | |
2abe6466 LP |
162 | if (keydev && !password) { |
163 | log_error("Key device is specified, but path to the password file is missing."); | |
164 | return -EINVAL; | |
165 | } | |
70f5f48e | 166 | |
fb883e75 ZJS |
167 | r = generator_open_unit_file(arg_dest, NULL, n, &f); |
168 | if (r < 0) | |
169 | return r; | |
0d536673 | 170 | |
b001ad61 | 171 | fprintf(f, |
b001ad61 ZJS |
172 | "[Unit]\n" |
173 | "Description=Cryptography Setup for %%I\n" | |
174 | "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n" | |
175 | "SourcePath=/etc/crypttab\n" | |
176 | "DefaultDependencies=no\n" | |
177 | "Conflicts=umount.target\n" | |
178 | "IgnoreOnIsolate=true\n" | |
179 | "After=%s\n", | |
a0dd2097 | 180 | netdev ? "remote-fs-pre.target" : "cryptsetup-pre.target"); |
e23a0ce8 | 181 | |
70f5f48e MS |
182 | if (keydev) { |
183 | _cleanup_free_ char *unit = NULL, *p = NULL; | |
184 | ||
185 | r = generate_keydev_mount(name, keydev, &unit, &keydev_mount); | |
186 | if (r < 0) | |
187 | return log_error_errno(r, "Failed to generate keydev mount unit: %m"); | |
188 | ||
189 | p = prefix_root(keydev_mount, password_escaped); | |
190 | if (!p) | |
191 | return log_oom(); | |
192 | ||
193 | free_and_replace(password_escaped, p); | |
194 | } | |
195 | ||
155da457 LP |
196 | if (!nofail) |
197 | fprintf(f, | |
b001ad61 ZJS |
198 | "Before=%s\n", |
199 | netdev ? "remote-cryptsetup.target" : "cryptsetup.target"); | |
155da457 | 200 | |
ceca9501 | 201 | if (password) { |
e3ca6580 | 202 | if (PATH_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random")) |
0d536673 | 203 | fputs("After=systemd-random-seed.service\n", f); |
b559616f | 204 | else if (!STR_IN_SET(password, "-", "none")) { |
744198e9 LP |
205 | _cleanup_free_ char *uu; |
206 | ||
207 | uu = fstab_node_to_udev_node(password); | |
208 | if (!uu) | |
66a5dbdf DR |
209 | return log_oom(); |
210 | ||
bde29068 | 211 | if (!path_equal(uu, "/dev/null")) { |
744198e9 | 212 | |
048dd629 | 213 | if (path_startswith(uu, "/dev/")) { |
7410616c | 214 | _cleanup_free_ char *dd = NULL; |
66a5dbdf | 215 | |
7410616c LP |
216 | r = unit_name_from_path(uu, ".device", &dd); |
217 | if (r < 0) | |
218 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
bde29068 LP |
219 | |
220 | fprintf(f, "After=%1$s\nRequires=%1$s\n", dd); | |
221 | } else | |
98bad05e | 222 | fprintf(f, "RequiresMountsFor=%s\n", password_escaped); |
bde29068 | 223 | } |
66a5dbdf | 224 | } |
ceca9501 | 225 | } |
e23a0ce8 | 226 | |
048dd629 | 227 | if (path_startswith(u, "/dev/")) { |
9ece938a TW |
228 | fprintf(f, |
229 | "BindsTo=%s\n" | |
230 | "After=%s\n" | |
231 | "Before=umount.target\n", | |
232 | d, d); | |
a6f8786a MFO |
233 | |
234 | if (swap) | |
0d536673 LP |
235 | fputs("Before=dev-mapper-%i.swap\n", |
236 | f); | |
a6f8786a | 237 | } else |
b90cbe66 LHS |
238 | /* For loopback devices, add systemd-tmpfiles-setup-dev.service |
239 | dependency to ensure that loopback support is available in | |
240 | the kernel (/dev/loop-control needs to exist) */ | |
9ece938a | 241 | fprintf(f, |
b90cbe66 LHS |
242 | "RequiresMountsFor=%s\n" |
243 | "Requires=systemd-tmpfiles-setup-dev.service\n" | |
244 | "After=systemd-tmpfiles-setup-dev.service\n", | |
98bad05e LP |
245 | u_escaped); |
246 | ||
8eea8687 ZJS |
247 | r = generator_write_timeouts(arg_dest, device, name, options, &filtered); |
248 | if (r < 0) | |
249 | return r; | |
250 | ||
d31eb24f LP |
251 | if (filtered) { |
252 | filtered_escaped = specifier_escape(filtered); | |
253 | if (!filtered_escaped) | |
254 | return log_oom(); | |
255 | } | |
98bad05e | 256 | |
e23a0ce8 LP |
257 | fprintf(f, |
258 | "\n[Service]\n" | |
259 | "Type=oneshot\n" | |
260 | "RemainAfterExit=yes\n" | |
90724929 | 261 | "TimeoutSec=0\n" /* the binary handles timeouts anyway */ |
0b1f68ac | 262 | "KeyringMode=shared\n" /* make sure we can share cached keys among instances */ |
260ab287 | 263 | "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n" |
7f4e0805 | 264 | "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n", |
98bad05e LP |
265 | name_escaped, u_escaped, strempty(password_escaped), strempty(filtered_escaped), |
266 | name_escaped); | |
e23a0ce8 | 267 | |
8c11d3c1 | 268 | if (tmp) |
e23a0ce8 | 269 | fprintf(f, |
50109038 | 270 | "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n", |
98bad05e | 271 | name_escaped); |
e23a0ce8 | 272 | |
8c11d3c1 | 273 | if (swap) |
e23a0ce8 | 274 | fprintf(f, |
50109038 | 275 | "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n", |
98bad05e | 276 | name_escaped); |
e23a0ce8 | 277 | |
70f5f48e MS |
278 | if (keydev) |
279 | fprintf(f, | |
280 | "ExecStartPost=" UMOUNT_PATH " %s\n\n", | |
281 | keydev_mount); | |
282 | ||
4652c56c ZJS |
283 | r = fflush_and_check(f); |
284 | if (r < 0) | |
fb883e75 | 285 | return log_error_errno(r, "Failed to write unit file %s: %m", n); |
e23a0ce8 | 286 | |
155da457 | 287 | if (!noauto) { |
b559616f ZJS |
288 | r = generator_add_symlink(arg_dest, d, "wants", n); |
289 | if (r < 0) | |
290 | return r; | |
e23a0ce8 | 291 | |
b001ad61 ZJS |
292 | r = generator_add_symlink(arg_dest, |
293 | netdev ? "remote-cryptsetup.target" : "cryptsetup.target", | |
b559616f ZJS |
294 | nofail ? "wants" : "requires", n); |
295 | if (r < 0) | |
296 | return r; | |
f7f21d33 | 297 | } |
74715b82 | 298 | |
b559616f ZJS |
299 | dmname = strjoina("dev-mapper-", e, ".device"); |
300 | r = generator_add_symlink(arg_dest, dmname, "requires", n); | |
301 | if (r < 0) | |
302 | return r; | |
74715b82 | 303 | |
68395007 | 304 | if (!noauto && !nofail) { |
a6fb0dc1 | 305 | r = write_drop_in(arg_dest, dmname, 90, "device-timeout", |
8eea8687 ZJS |
306 | "# Automatically generated by systemd-cryptsetup-generator \n\n" |
307 | "[Unit]\nJobTimeoutSec=0"); | |
23bbb0de MS |
308 | if (r < 0) |
309 | return log_error_errno(r, "Failed to write device drop-in: %m"); | |
68395007 HH |
310 | } |
311 | ||
24a988e9 | 312 | return 0; |
e23a0ce8 LP |
313 | } |
314 | ||
6dd1c368 ZJS |
315 | static void crypt_device_free(crypto_device *d) { |
316 | free(d->uuid); | |
317 | free(d->keyfile); | |
70f5f48e | 318 | free(d->keydev); |
6dd1c368 ZJS |
319 | free(d->name); |
320 | free(d->options); | |
321 | free(d); | |
0fa9e53d JJ |
322 | } |
323 | ||
324 | static crypto_device *get_crypto_device(const char *uuid) { | |
325 | int r; | |
326 | crypto_device *d; | |
327 | ||
328 | assert(uuid); | |
329 | ||
330 | d = hashmap_get(arg_disks, uuid); | |
331 | if (!d) { | |
332 | d = new0(struct crypto_device, 1); | |
333 | if (!d) | |
334 | return NULL; | |
335 | ||
336 | d->create = false; | |
baade8cc | 337 | d->keyfile = d->options = d->name = NULL; |
0fa9e53d JJ |
338 | |
339 | d->uuid = strdup(uuid); | |
6b430fdb ZJS |
340 | if (!d->uuid) |
341 | return mfree(d); | |
0fa9e53d JJ |
342 | |
343 | r = hashmap_put(arg_disks, d->uuid, d); | |
344 | if (r < 0) { | |
345 | free(d->uuid); | |
6b430fdb | 346 | return mfree(d); |
0fa9e53d JJ |
347 | } |
348 | } | |
349 | ||
350 | return d; | |
351 | } | |
352 | ||
96287a49 | 353 | static int parse_proc_cmdline_item(const char *key, const char *value, void *data) { |
0fa9e53d | 354 | _cleanup_free_ char *uuid = NULL, *uuid_value = NULL; |
1d84ad94 LP |
355 | crypto_device *d; |
356 | int r; | |
66a78c2b | 357 | |
1d84ad94 | 358 | if (streq(key, "luks")) { |
059cb385 | 359 | |
1d84ad94 | 360 | r = value ? parse_boolean(value) : 1; |
141a79f4 | 361 | if (r < 0) |
1d84ad94 | 362 | log_warning("Failed to parse luks= kernel command line switch %s. Ignoring.", value); |
141a79f4 ZJS |
363 | else |
364 | arg_enabled = r; | |
66a78c2b | 365 | |
1d84ad94 | 366 | } else if (streq(key, "luks.crypttab")) { |
66a78c2b | 367 | |
1d84ad94 | 368 | r = value ? parse_boolean(value) : 1; |
141a79f4 | 369 | if (r < 0) |
1d84ad94 | 370 | log_warning("Failed to parse luks.crypttab= kernel command line switch %s. Ignoring.", value); |
141a79f4 ZJS |
371 | else |
372 | arg_read_crypttab = r; | |
66a78c2b | 373 | |
1d84ad94 LP |
374 | } else if (streq(key, "luks.uuid")) { |
375 | ||
376 | if (proc_cmdline_value_missing(key, value)) | |
377 | return 0; | |
66a78c2b | 378 | |
0fa9e53d JJ |
379 | d = get_crypto_device(startswith(value, "luks-") ? value+5 : value); |
380 | if (!d) | |
141a79f4 | 381 | return log_oom(); |
66a78c2b | 382 | |
0fa9e53d JJ |
383 | d->create = arg_whitelist = true; |
384 | ||
1d84ad94 LP |
385 | } else if (streq(key, "luks.options")) { |
386 | ||
387 | if (proc_cmdline_value_missing(key, value)) | |
388 | return 0; | |
66a78c2b | 389 | |
0fa9e53d JJ |
390 | r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value); |
391 | if (r == 2) { | |
392 | d = get_crypto_device(uuid); | |
393 | if (!d) | |
394 | return log_oom(); | |
395 | ||
1d84ad94 | 396 | free_and_replace(d->options, uuid_value); |
0fa9e53d | 397 | } else if (free_and_strdup(&arg_default_options, value) < 0) |
141a79f4 | 398 | return log_oom(); |
66a78c2b | 399 | |
1d84ad94 | 400 | } else if (streq(key, "luks.key")) { |
7949dfa7 MS |
401 | size_t n; |
402 | _cleanup_free_ char *keyfile = NULL, *keydev = NULL; | |
403 | char *c; | |
404 | const char *keyspec; | |
1d84ad94 LP |
405 | |
406 | if (proc_cmdline_value_missing(key, value)) | |
407 | return 0; | |
66a78c2b | 408 | |
7949dfa7 MS |
409 | n = strspn(value, LETTERS DIGITS "-"); |
410 | if (value[n] != '=') { | |
411 | if (free_and_strdup(&arg_default_keyfile, value) < 0) | |
412 | return log_oom(); | |
413 | return 0; | |
414 | } | |
70f5f48e | 415 | |
7949dfa7 MS |
416 | uuid = strndup(value, n); |
417 | if (!uuid) | |
418 | return log_oom(); | |
6cd5b12a | 419 | |
7949dfa7 MS |
420 | if (!id128_is_valid(uuid)) { |
421 | log_warning("Failed to parse luks.key= kernel command line switch. UUID is invalid, ignoring."); | |
422 | return 0; | |
423 | } | |
424 | ||
425 | d = get_crypto_device(uuid); | |
426 | if (!d) | |
427 | return log_oom(); | |
70f5f48e | 428 | |
7949dfa7 MS |
429 | keyspec = value + n + 1; |
430 | c = strrchr(keyspec, ':'); | |
431 | if (c) { | |
432 | *c = '\0'; | |
433 | keyfile = strdup(keyspec); | |
434 | keydev = strdup(c + 1); | |
70f5f48e MS |
435 | |
436 | if (!keyfile || !keydev) | |
437 | return log_oom(); | |
7949dfa7 MS |
438 | } else { |
439 | /* No keydev specified */ | |
440 | keyfile = strdup(keyspec); | |
441 | if (!keyfile) | |
442 | return log_oom(); | |
443 | } | |
70f5f48e | 444 | |
7949dfa7 MS |
445 | free_and_replace(d->keyfile, keyfile); |
446 | free_and_replace(d->keydev, keydev); | |
1d84ad94 LP |
447 | } else if (streq(key, "luks.name")) { |
448 | ||
449 | if (proc_cmdline_value_missing(key, value)) | |
450 | return 0; | |
baade8cc JJ |
451 | |
452 | r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value); | |
453 | if (r == 2) { | |
454 | d = get_crypto_device(uuid); | |
455 | if (!d) | |
456 | return log_oom(); | |
457 | ||
458 | d->create = arg_whitelist = true; | |
459 | ||
f9ecfd3b | 460 | free_and_replace(d->name, uuid_value); |
baade8cc JJ |
461 | } else |
462 | log_warning("Failed to parse luks name switch %s. Ignoring.", value); | |
85013844 | 463 | } |
66a78c2b | 464 | |
24a988e9 | 465 | return 0; |
66a78c2b LP |
466 | } |
467 | ||
0fa9e53d | 468 | static int add_crypttab_devices(void) { |
7fd1b19b | 469 | _cleanup_fclose_ FILE *f = NULL; |
b42674a1 LP |
470 | unsigned crypttab_line = 0; |
471 | struct stat st; | |
472 | int r; | |
e23a0ce8 | 473 | |
0fa9e53d JJ |
474 | if (!arg_read_crypttab) |
475 | return 0; | |
476 | ||
477 | f = fopen("/etc/crypttab", "re"); | |
478 | if (!f) { | |
479 | if (errno != ENOENT) | |
480 | log_error_errno(errno, "Failed to open /etc/crypttab: %m"); | |
481 | return 0; | |
e23a0ce8 LP |
482 | } |
483 | ||
0d536673 LP |
484 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); |
485 | ||
0fa9e53d JJ |
486 | if (fstat(fileno(f), &st) < 0) { |
487 | log_error_errno(errno, "Failed to stat /etc/crypttab: %m"); | |
488 | return 0; | |
489 | } | |
e23a0ce8 | 490 | |
0fa9e53d | 491 | for (;;) { |
b42674a1 | 492 | _cleanup_free_ char *line = NULL, *name = NULL, *device = NULL, *keyfile = NULL, *options = NULL; |
0fa9e53d | 493 | crypto_device *d = NULL; |
b42674a1 LP |
494 | char *l, *uuid; |
495 | int k; | |
4c12626c | 496 | |
b42674a1 LP |
497 | r = read_line(f, LONG_LINE_MAX, &line); |
498 | if (r < 0) | |
499 | return log_error_errno(r, "Failed to read /etc/crypttab: %m"); | |
500 | if (r == 0) | |
0fa9e53d | 501 | break; |
66a78c2b | 502 | |
0fa9e53d | 503 | crypttab_line++; |
141a79f4 | 504 | |
0fa9e53d | 505 | l = strstrip(line); |
b42674a1 | 506 | if (IN_SET(l[0], 0, '#')) |
0fa9e53d | 507 | continue; |
66a78c2b | 508 | |
0fa9e53d JJ |
509 | k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &keyfile, &options); |
510 | if (k < 2 || k > 4) { | |
511 | log_error("Failed to parse /etc/crypttab:%u, ignoring.", crypttab_line); | |
512 | continue; | |
513 | } | |
66a78c2b | 514 | |
0fa9e53d JJ |
515 | uuid = startswith(device, "UUID="); |
516 | if (!uuid) | |
517 | uuid = path_startswith(device, "/dev/disk/by-uuid/"); | |
518 | if (!uuid) | |
519 | uuid = startswith(name, "luks-"); | |
520 | if (uuid) | |
521 | d = hashmap_get(arg_disks, uuid); | |
8973790e | 522 | |
0fa9e53d JJ |
523 | if (arg_whitelist && !d) { |
524 | log_info("Not creating device '%s' because it was not specified on the kernel command line.", name); | |
525 | continue; | |
8973790e LP |
526 | } |
527 | ||
70f5f48e | 528 | r = create_disk(name, device, NULL, keyfile, (d && d->options) ? d->options : options); |
0fa9e53d JJ |
529 | if (r < 0) |
530 | return r; | |
8973790e | 531 | |
0fa9e53d JJ |
532 | if (d) |
533 | d->create = false; | |
534 | } | |
8973790e | 535 | |
0fa9e53d JJ |
536 | return 0; |
537 | } | |
66a78c2b | 538 | |
0fa9e53d JJ |
539 | static int add_proc_cmdline_devices(void) { |
540 | int r; | |
541 | Iterator i; | |
542 | crypto_device *d; | |
66a78c2b | 543 | |
0fa9e53d JJ |
544 | HASHMAP_FOREACH(d, arg_disks, i) { |
545 | const char *options; | |
baade8cc | 546 | _cleanup_free_ char *device = NULL; |
66a78c2b | 547 | |
0fa9e53d JJ |
548 | if (!d->create) |
549 | continue; | |
e23a0ce8 | 550 | |
baade8cc JJ |
551 | if (!d->name) { |
552 | d->name = strappend("luks-", d->uuid); | |
553 | if (!d->name) | |
554 | return log_oom(); | |
555 | } | |
e23a0ce8 | 556 | |
0fa9e53d JJ |
557 | device = strappend("UUID=", d->uuid); |
558 | if (!device) | |
559 | return log_oom(); | |
7ab064a6 | 560 | |
0fa9e53d JJ |
561 | if (d->options) |
562 | options = d->options; | |
563 | else if (arg_default_options) | |
564 | options = arg_default_options; | |
565 | else | |
566 | options = "timeout=0"; | |
141a79f4 | 567 | |
70f5f48e | 568 | r = create_disk(d->name, device, d->keydev, d->keyfile ?: arg_default_keyfile, options); |
0fa9e53d JJ |
569 | if (r < 0) |
570 | return r; | |
e23a0ce8 LP |
571 | } |
572 | ||
0fa9e53d JJ |
573 | return 0; |
574 | } | |
e23a0ce8 | 575 | |
0fa9e53d | 576 | int main(int argc, char *argv[]) { |
5f4bfe56 | 577 | int r; |
e23a0ce8 | 578 | |
0fa9e53d JJ |
579 | if (argc > 1 && argc != 4) { |
580 | log_error("This program takes three or no arguments."); | |
581 | return EXIT_FAILURE; | |
582 | } | |
e23a0ce8 | 583 | |
0fa9e53d JJ |
584 | if (argc > 1) |
585 | arg_dest = argv[1]; | |
e23a0ce8 | 586 | |
6c347d50 LP |
587 | log_set_prohibit_ipc(true); |
588 | log_set_target(LOG_TARGET_AUTO); | |
0fa9e53d JJ |
589 | log_parse_environment(); |
590 | log_open(); | |
e2cb60fa | 591 | |
0fa9e53d | 592 | umask(0022); |
e23a0ce8 | 593 | |
0fa9e53d | 594 | arg_disks = hashmap_new(&string_hash_ops); |
5f4bfe56 LP |
595 | if (!arg_disks) { |
596 | r = log_oom(); | |
597 | goto finish; | |
598 | } | |
7ab064a6 | 599 | |
1d84ad94 | 600 | r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, PROC_CMDLINE_STRIP_RD_PREFIX); |
0fa9e53d | 601 | if (r < 0) { |
5f4bfe56 LP |
602 | log_warning_errno(r, "Failed to parse kernel command line: %m"); |
603 | goto finish; | |
0fa9e53d | 604 | } |
7ab064a6 | 605 | |
0fa9e53d | 606 | if (!arg_enabled) { |
5f4bfe56 LP |
607 | r = 0; |
608 | goto finish; | |
e23a0ce8 LP |
609 | } |
610 | ||
5f4bfe56 LP |
611 | r = add_crypttab_devices(); |
612 | if (r < 0) | |
613 | goto finish; | |
0fa9e53d | 614 | |
5f4bfe56 LP |
615 | r = add_proc_cmdline_devices(); |
616 | if (r < 0) | |
617 | goto finish; | |
0fa9e53d | 618 | |
5f4bfe56 | 619 | r = 0; |
141a79f4 | 620 | |
5f4bfe56 | 621 | finish: |
6dd1c368 | 622 | hashmap_free_with_destructor(arg_disks, crypt_device_free); |
0fa9e53d JJ |
623 | free(arg_default_options); |
624 | free(arg_default_keyfile); | |
141a79f4 | 625 | |
5f4bfe56 | 626 | return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; |
e23a0ce8 | 627 | } |