]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/cryptsetup/cryptsetup-generator.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 #include "fstab-util.h"
26 #include "generator.h"
30 #include "path-util.h"
31 #include "string-util.h"
33 #include "unit-name.h"
36 typedef struct crypto_device
{
44 static const char *arg_dest
= "/tmp";
45 static bool arg_enabled
= true;
46 static bool arg_read_crypttab
= true;
47 static bool arg_whitelist
= false;
48 static Hashmap
*arg_disks
= NULL
;
49 static char *arg_default_options
= NULL
;
50 static char *arg_default_keyfile
= NULL
;
52 static int create_disk(
56 const char *options
) {
58 _cleanup_free_
char *p
= NULL
, *n
= NULL
, *d
= NULL
, *u
= NULL
, *to
= NULL
, *e
= NULL
,
60 _cleanup_fclose_
FILE *f
= NULL
;
61 bool noauto
, nofail
, tmp
, swap
;
68 noauto
= fstab_test_yes_no_option(options
, "noauto\0" "auto\0");
69 nofail
= fstab_test_yes_no_option(options
, "nofail\0" "fail\0");
70 tmp
= fstab_test_option(options
, "tmp\0");
71 swap
= fstab_test_option(options
, "swap\0");
74 log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name
);
78 e
= unit_name_escape(name
);
82 r
= unit_name_build("systemd-cryptsetup", e
, ".service", &n
);
84 return log_error_errno(r
, "Failed to generate unit name: %m");
86 p
= strjoin(arg_dest
, "/", n
, NULL
);
90 u
= fstab_node_to_udev_node(device
);
94 r
= unit_name_from_path(u
, ".device", &d
);
96 return log_error_errno(r
, "Failed to generate unit name: %m");
100 return log_error_errno(errno
, "Failed to create unit file %s: %m", p
);
103 "# Automatically generated by systemd-cryptsetup-generator\n\n"
105 "Description=Cryptography Setup for %I\n"
106 "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
107 "SourcePath=/etc/crypttab\n"
108 "DefaultDependencies=no\n"
109 "Conflicts=umount.target\n"
110 "BindsTo=dev-mapper-%i.device\n"
111 "IgnoreOnIsolate=true\n"
112 "After=cryptsetup-pre.target\n",
117 "Before=cryptsetup.target\n");
120 if (STR_IN_SET(password
, "/dev/urandom", "/dev/random", "/dev/hw_random"))
121 fputs("After=systemd-random-seed.service\n", f
);
122 else if (!streq(password
, "-") && !streq(password
, "none")) {
123 _cleanup_free_
char *uu
;
125 uu
= fstab_node_to_udev_node(password
);
129 if (!path_equal(uu
, "/dev/null")) {
131 if (is_device_path(uu
)) {
132 _cleanup_free_
char *dd
= NULL
;
134 r
= unit_name_from_path(uu
, ".device", &dd
);
136 return log_error_errno(r
, "Failed to generate unit name: %m");
138 fprintf(f
, "After=%1$s\nRequires=%1$s\n", dd
);
140 fprintf(f
, "RequiresMountsFor=%s\n", password
);
145 if (is_device_path(u
))
149 "Before=umount.target\n",
153 "RequiresMountsFor=%s\n",
156 r
= generator_write_timeouts(arg_dest
, device
, name
, options
, &filtered
);
163 "RemainAfterExit=yes\n"
164 "TimeoutSec=0\n" /* the binary handles timeouts anyway */
165 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH
" attach '%s' '%s' '%s' '%s'\n"
166 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH
" detach '%s'\n",
167 name
, u
, strempty(password
), strempty(filtered
),
172 "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
177 "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
180 r
= fflush_and_check(f
);
182 return log_error_errno(r
, "Failed to write file %s: %m", p
);
184 from
= strjoina("../", n
);
188 to
= strjoin(arg_dest
, "/", d
, ".wants/", n
, NULL
);
192 mkdir_parents_label(to
, 0755);
193 if (symlink(from
, to
) < 0)
194 return log_error_errno(errno
, "Failed to create symlink %s: %m", to
);
198 to
= strjoin(arg_dest
, "/cryptsetup.target.requires/", n
, NULL
);
200 to
= strjoin(arg_dest
, "/cryptsetup.target.wants/", n
, NULL
);
204 mkdir_parents_label(to
, 0755);
205 if (symlink(from
, to
) < 0)
206 return log_error_errno(errno
, "Failed to create symlink %s: %m", to
);
210 to
= strjoin(arg_dest
, "/dev-mapper-", e
, ".device.requires/", n
, NULL
);
214 mkdir_parents_label(to
, 0755);
215 if (symlink(from
, to
) < 0)
216 return log_error_errno(errno
, "Failed to create symlink %s: %m", to
);
218 if (!noauto
&& !nofail
) {
219 _cleanup_free_
char *dmname
;
220 dmname
= strjoin("dev-mapper-", e
, ".device", NULL
);
224 r
= write_drop_in(arg_dest
, dmname
, 90, "device-timeout",
225 "# Automatically generated by systemd-cryptsetup-generator \n\n"
226 "[Unit]\nJobTimeoutSec=0");
228 return log_error_errno(r
, "Failed to write device drop-in: %m");
234 static void free_arg_disks(void) {
237 while ((d
= hashmap_steal_first(arg_disks
))) {
245 hashmap_free(arg_disks
);
248 static crypto_device
*get_crypto_device(const char *uuid
) {
254 d
= hashmap_get(arg_disks
, uuid
);
256 d
= new0(struct crypto_device
, 1);
261 d
->keyfile
= d
->options
= d
->name
= NULL
;
263 d
->uuid
= strdup(uuid
);
269 r
= hashmap_put(arg_disks
, d
->uuid
, d
);
280 static int parse_proc_cmdline_item(const char *key
, const char *value
) {
283 _cleanup_free_
char *uuid
= NULL
, *uuid_value
= NULL
;
285 if (STR_IN_SET(key
, "luks", "rd.luks") && value
) {
287 r
= parse_boolean(value
);
289 log_warning("Failed to parse luks switch %s. Ignoring.", value
);
293 } else if (STR_IN_SET(key
, "luks.crypttab", "rd.luks.crypttab") && value
) {
295 r
= parse_boolean(value
);
297 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", value
);
299 arg_read_crypttab
= r
;
301 } else if (STR_IN_SET(key
, "luks.uuid", "rd.luks.uuid") && value
) {
303 d
= get_crypto_device(startswith(value
, "luks-") ? value
+5 : value
);
307 d
->create
= arg_whitelist
= true;
309 } else if (STR_IN_SET(key
, "luks.options", "rd.luks.options") && value
) {
311 r
= sscanf(value
, "%m[0-9a-fA-F-]=%ms", &uuid
, &uuid_value
);
313 d
= get_crypto_device(uuid
);
318 d
->options
= uuid_value
;
320 } else if (free_and_strdup(&arg_default_options
, value
) < 0)
323 } else if (STR_IN_SET(key
, "luks.key", "rd.luks.key") && value
) {
325 r
= sscanf(value
, "%m[0-9a-fA-F-]=%ms", &uuid
, &uuid_value
);
327 d
= get_crypto_device(uuid
);
332 d
->keyfile
= uuid_value
;
334 } else if (free_and_strdup(&arg_default_keyfile
, value
) < 0)
337 } else if (STR_IN_SET(key
, "luks.name", "rd.luks.name") && value
) {
339 r
= sscanf(value
, "%m[0-9a-fA-F-]=%ms", &uuid
, &uuid_value
);
341 d
= get_crypto_device(uuid
);
345 d
->create
= arg_whitelist
= true;
348 d
->name
= uuid_value
;
351 log_warning("Failed to parse luks name switch %s. Ignoring.", value
);
358 static int add_crypttab_devices(void) {
360 unsigned crypttab_line
= 0;
361 _cleanup_fclose_
FILE *f
= NULL
;
363 if (!arg_read_crypttab
)
366 f
= fopen("/etc/crypttab", "re");
369 log_error_errno(errno
, "Failed to open /etc/crypttab: %m");
373 if (fstat(fileno(f
), &st
) < 0) {
374 log_error_errno(errno
, "Failed to stat /etc/crypttab: %m");
380 char line
[LINE_MAX
], *l
, *uuid
;
381 crypto_device
*d
= NULL
;
382 _cleanup_free_
char *name
= NULL
, *device
= NULL
, *keyfile
= NULL
, *options
= NULL
;
384 if (!fgets(line
, sizeof(line
), f
))
390 if (*l
== '#' || *l
== 0)
393 k
= sscanf(l
, "%ms %ms %ms %ms", &name
, &device
, &keyfile
, &options
);
394 if (k
< 2 || k
> 4) {
395 log_error("Failed to parse /etc/crypttab:%u, ignoring.", crypttab_line
);
399 uuid
= startswith(device
, "UUID=");
401 uuid
= path_startswith(device
, "/dev/disk/by-uuid/");
403 uuid
= startswith(name
, "luks-");
405 d
= hashmap_get(arg_disks
, uuid
);
407 if (arg_whitelist
&& !d
) {
408 log_info("Not creating device '%s' because it was not specified on the kernel command line.", name
);
412 r
= create_disk(name
, device
, keyfile
, (d
&& d
->options
) ? d
->options
: options
);
423 static int add_proc_cmdline_devices(void) {
428 HASHMAP_FOREACH(d
, arg_disks
, i
) {
430 _cleanup_free_
char *device
= NULL
;
436 d
->name
= strappend("luks-", d
->uuid
);
441 device
= strappend("UUID=", d
->uuid
);
446 options
= d
->options
;
447 else if (arg_default_options
)
448 options
= arg_default_options
;
450 options
= "timeout=0";
452 r
= create_disk(d
->name
, device
, d
->keyfile
?: arg_default_keyfile
, options
);
460 int main(int argc
, char *argv
[]) {
461 int r
= EXIT_FAILURE
;
463 if (argc
> 1 && argc
!= 4) {
464 log_error("This program takes three or no arguments.");
471 log_set_target(LOG_TARGET_SAFE
);
472 log_parse_environment();
477 arg_disks
= hashmap_new(&string_hash_ops
);
481 r
= parse_proc_cmdline(parse_proc_cmdline_item
);
483 log_warning_errno(r
, "Failed to parse kernel command line, ignoring: %m");
492 if (add_crypttab_devices() < 0)
495 if (add_proc_cmdline_devices() < 0)
502 free(arg_default_options
);
503 free(arg_default_keyfile
);