]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/cryptsetup/cryptsetup-generator.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 #include "generator.h"
29 #include "path-util.h"
30 #include "fstab-util.h"
32 #include "unit-name.h"
35 typedef struct crypto_device
{
43 static const char *arg_dest
= "/tmp";
44 static bool arg_enabled
= true;
45 static bool arg_read_crypttab
= true;
46 static bool arg_whitelist
= false;
47 static Hashmap
*arg_disks
= NULL
;
48 static char *arg_default_options
= NULL
;
49 static char *arg_default_keyfile
= NULL
;
51 static int create_disk(
55 const char *options
) {
57 _cleanup_free_
char *p
= NULL
, *n
= NULL
, *d
= NULL
, *u
= NULL
, *to
= NULL
, *e
= NULL
,
59 _cleanup_fclose_
FILE *f
= NULL
;
60 bool noauto
, nofail
, tmp
, swap
;
67 noauto
= fstab_test_yes_no_option(options
, "noauto\0" "auto\0");
68 nofail
= fstab_test_yes_no_option(options
, "nofail\0" "fail\0");
69 tmp
= fstab_test_option(options
, "tmp\0");
70 swap
= fstab_test_option(options
, "swap\0");
73 log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name
);
77 e
= unit_name_escape(name
);
81 r
= unit_name_build("systemd-cryptsetup", e
, ".service", &n
);
83 return log_error_errno(r
, "Failed to generate unit name: %m");
85 p
= strjoin(arg_dest
, "/", n
, NULL
);
89 u
= fstab_node_to_udev_node(device
);
93 r
= unit_name_from_path(u
, ".device", &d
);
95 return log_error_errno(r
, "Failed to generate unit name: %m");
99 return log_error_errno(errno
, "Failed to create unit file %s: %m", p
);
102 "# Automatically generated by systemd-cryptsetup-generator\n\n"
104 "Description=Cryptography Setup for %I\n"
105 "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
106 "SourcePath=/etc/crypttab\n"
107 "DefaultDependencies=no\n"
108 "Conflicts=umount.target\n"
109 "BindsTo=dev-mapper-%i.device\n"
110 "IgnoreOnIsolate=true\n"
111 "After=cryptsetup-pre.target\n",
116 "Before=cryptsetup.target\n");
119 if (STR_IN_SET(password
, "/dev/urandom", "/dev/random", "/dev/hw_random"))
120 fputs("After=systemd-random-seed.service\n", f
);
121 else if (!streq(password
, "-") && !streq(password
, "none")) {
122 _cleanup_free_
char *uu
;
124 uu
= fstab_node_to_udev_node(password
);
128 if (!path_equal(uu
, "/dev/null")) {
130 if (is_device_path(uu
)) {
131 _cleanup_free_
char *dd
= NULL
;
133 r
= unit_name_from_path(uu
, ".device", &dd
);
135 return log_error_errno(r
, "Failed to generate unit name: %m");
137 fprintf(f
, "After=%1$s\nRequires=%1$s\n", dd
);
139 fprintf(f
, "RequiresMountsFor=%s\n", password
);
144 if (is_device_path(u
))
148 "Before=umount.target\n",
152 "RequiresMountsFor=%s\n",
155 r
= generator_write_timeouts(arg_dest
, device
, name
, options
, &filtered
);
162 "RemainAfterExit=yes\n"
163 "TimeoutSec=0\n" /* the binary handles timeouts anyway */
164 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH
" attach '%s' '%s' '%s' '%s'\n"
165 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH
" detach '%s'\n",
166 name
, u
, strempty(password
), strempty(filtered
),
171 "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
176 "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
179 r
= fflush_and_check(f
);
181 return log_error_errno(r
, "Failed to write file %s: %m", p
);
183 from
= strjoina("../", n
);
187 to
= strjoin(arg_dest
, "/", d
, ".wants/", n
, NULL
);
191 mkdir_parents_label(to
, 0755);
192 if (symlink(from
, to
) < 0)
193 return log_error_errno(errno
, "Failed to create symlink %s: %m", to
);
197 to
= strjoin(arg_dest
, "/cryptsetup.target.requires/", n
, NULL
);
199 to
= strjoin(arg_dest
, "/cryptsetup.target.wants/", n
, NULL
);
203 mkdir_parents_label(to
, 0755);
204 if (symlink(from
, to
) < 0)
205 return log_error_errno(errno
, "Failed to create symlink %s: %m", to
);
209 to
= strjoin(arg_dest
, "/dev-mapper-", e
, ".device.requires/", n
, NULL
);
213 mkdir_parents_label(to
, 0755);
214 if (symlink(from
, to
) < 0)
215 return log_error_errno(errno
, "Failed to create symlink %s: %m", to
);
217 if (!noauto
&& !nofail
) {
218 _cleanup_free_
char *dmname
;
219 dmname
= strjoin("dev-mapper-", e
, ".device", NULL
);
223 r
= write_drop_in(arg_dest
, dmname
, 90, "device-timeout",
224 "# Automatically generated by systemd-cryptsetup-generator \n\n"
225 "[Unit]\nJobTimeoutSec=0");
227 return log_error_errno(r
, "Failed to write device drop-in: %m");
233 static void free_arg_disks(void) {
236 while ((d
= hashmap_steal_first(arg_disks
))) {
244 hashmap_free(arg_disks
);
247 static crypto_device
*get_crypto_device(const char *uuid
) {
253 d
= hashmap_get(arg_disks
, uuid
);
255 d
= new0(struct crypto_device
, 1);
260 d
->keyfile
= d
->options
= d
->name
= NULL
;
262 d
->uuid
= strdup(uuid
);
268 r
= hashmap_put(arg_disks
, d
->uuid
, d
);
279 static int parse_proc_cmdline_item(const char *key
, const char *value
) {
282 _cleanup_free_
char *uuid
= NULL
, *uuid_value
= NULL
;
284 if (STR_IN_SET(key
, "luks", "rd.luks") && value
) {
286 r
= parse_boolean(value
);
288 log_warning("Failed to parse luks switch %s. Ignoring.", value
);
292 } else if (STR_IN_SET(key
, "luks.crypttab", "rd.luks.crypttab") && value
) {
294 r
= parse_boolean(value
);
296 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", value
);
298 arg_read_crypttab
= r
;
300 } else if (STR_IN_SET(key
, "luks.uuid", "rd.luks.uuid") && value
) {
302 d
= get_crypto_device(startswith(value
, "luks-") ? value
+5 : value
);
306 d
->create
= arg_whitelist
= true;
308 } else if (STR_IN_SET(key
, "luks.options", "rd.luks.options") && value
) {
310 r
= sscanf(value
, "%m[0-9a-fA-F-]=%ms", &uuid
, &uuid_value
);
312 d
= get_crypto_device(uuid
);
317 d
->options
= uuid_value
;
319 } else if (free_and_strdup(&arg_default_options
, value
) < 0)
322 } else if (STR_IN_SET(key
, "luks.key", "rd.luks.key") && value
) {
324 r
= sscanf(value
, "%m[0-9a-fA-F-]=%ms", &uuid
, &uuid_value
);
326 d
= get_crypto_device(uuid
);
331 d
->keyfile
= uuid_value
;
333 } else if (free_and_strdup(&arg_default_keyfile
, value
) < 0)
336 } else if (STR_IN_SET(key
, "luks.name", "rd.luks.name") && value
) {
338 r
= sscanf(value
, "%m[0-9a-fA-F-]=%ms", &uuid
, &uuid_value
);
340 d
= get_crypto_device(uuid
);
344 d
->create
= arg_whitelist
= true;
347 d
->name
= uuid_value
;
350 log_warning("Failed to parse luks name switch %s. Ignoring.", value
);
357 static int add_crypttab_devices(void) {
359 unsigned crypttab_line
= 0;
360 _cleanup_fclose_
FILE *f
= NULL
;
362 if (!arg_read_crypttab
)
365 f
= fopen("/etc/crypttab", "re");
368 log_error_errno(errno
, "Failed to open /etc/crypttab: %m");
372 if (fstat(fileno(f
), &st
) < 0) {
373 log_error_errno(errno
, "Failed to stat /etc/crypttab: %m");
379 char line
[LINE_MAX
], *l
, *uuid
;
380 crypto_device
*d
= NULL
;
381 _cleanup_free_
char *name
= NULL
, *device
= NULL
, *keyfile
= NULL
, *options
= NULL
;
383 if (!fgets(line
, sizeof(line
), f
))
389 if (*l
== '#' || *l
== 0)
392 k
= sscanf(l
, "%ms %ms %ms %ms", &name
, &device
, &keyfile
, &options
);
393 if (k
< 2 || k
> 4) {
394 log_error("Failed to parse /etc/crypttab:%u, ignoring.", crypttab_line
);
398 uuid
= startswith(device
, "UUID=");
400 uuid
= path_startswith(device
, "/dev/disk/by-uuid/");
402 uuid
= startswith(name
, "luks-");
404 d
= hashmap_get(arg_disks
, uuid
);
406 if (arg_whitelist
&& !d
) {
407 log_info("Not creating device '%s' because it was not specified on the kernel command line.", name
);
411 r
= create_disk(name
, device
, keyfile
, (d
&& d
->options
) ? d
->options
: options
);
422 static int add_proc_cmdline_devices(void) {
427 HASHMAP_FOREACH(d
, arg_disks
, i
) {
429 _cleanup_free_
char *device
= NULL
;
435 d
->name
= strappend("luks-", d
->uuid
);
440 device
= strappend("UUID=", d
->uuid
);
445 options
= d
->options
;
446 else if (arg_default_options
)
447 options
= arg_default_options
;
449 options
= "timeout=0";
451 r
= create_disk(d
->name
, device
, d
->keyfile
?: arg_default_keyfile
, options
);
459 int main(int argc
, char *argv
[]) {
460 int r
= EXIT_FAILURE
;
462 if (argc
> 1 && argc
!= 4) {
463 log_error("This program takes three or no arguments.");
470 log_set_target(LOG_TARGET_SAFE
);
471 log_parse_environment();
476 arg_disks
= hashmap_new(&string_hash_ops
);
480 r
= parse_proc_cmdline(parse_proc_cmdline_item
);
482 log_warning_errno(r
, "Failed to parse kernel command line, ignoring: %m");
491 if (add_crypttab_devices() < 0)
494 if (add_proc_cmdline_devices() < 0)
501 free(arg_default_options
);
502 free(arg_default_keyfile
);