[thirdparty/systemd.git] / src / cryptsetup / cryptsetup-generator.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <string.h>
#include <errno.h>
#include <unistd.h>

#include "log.h"
#include "util.h"
#include "unit-name.h"
#include "mkdir.h"
#include "strv.h"
#include "fileio.h"
#include "path-util.h"
#include "dropin.h"
#include "generator.h"

static const char *arg_dest = "/tmp";
static bool arg_enabled = true;
static bool arg_read_crypttab = true;
static char **arg_disks = NULL;
static char **arg_options = NULL;
static char *arg_keyfile = NULL;

static bool has_option(const char *haystack, const char *needle) {
        const char *f = haystack;
        size_t l;

        assert(needle);

        if (!haystack)
                return false;

        l = strlen(needle);

        while ((f = strstr(f, needle))) {

                if (f > haystack && f[-1] != ',') {
                        f++;
                        continue;
                }

                if (f[l] != 0 && f[l] != ',') {
                        f++;
                        continue;
                }

                return true;
        }

        return false;
}

static int create_disk(
                const char *name,
                const char *device,
                const char *password,
                const char *options) {

        _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL,
                *filtered = NULL;
        _cleanup_fclose_ FILE *f = NULL;
        bool noauto, nofail, tmp, swap;
        char *from;
        int r;

        assert(name);
        assert(device);

        noauto = has_option(options, "noauto");
        nofail = has_option(options, "nofail");
        tmp = has_option(options, "tmp");
        swap = has_option(options, "swap");

        if (tmp && swap) {
                log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
                return -EINVAL;
        }

        e = unit_name_escape(name);
        if (!e)
                return log_oom();

        n = unit_name_build("systemd-cryptsetup", e, ".service");
        if (!n)
                return log_oom();

        p = strjoin(arg_dest, "/", n, NULL);
        if (!p)
                return log_oom();

        u = fstab_node_to_udev_node(device);
        if (!u)
                return log_oom();

        d = unit_name_from_path(u, ".device");
        if (!d)
                return log_oom();

        f = fopen(p, "wxe");
        if (!f) {
                log_error_errno(errno, "Failed to create unit file %s: %m", p);
                return -errno;
        }

        fputs(
                "# Automatically generated by systemd-cryptsetup-generator\n\n"
                "[Unit]\n"
                "Description=Cryptography Setup for %I\n"
                "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
                "SourcePath=/etc/crypttab\n"
                "DefaultDependencies=no\n"
                "Conflicts=umount.target\n"
                "BindsTo=dev-mapper-%i.device\n"
                "IgnoreOnIsolate=true\n"
                "After=cryptsetup-pre.target\n",
                f);

        if (!nofail)
                fprintf(f,
                        "Before=cryptsetup.target\n");

        if (password) {
                if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
                        fputs("After=systemd-random-seed.service\n", f);
                else if (!streq(password, "-") && !streq(password, "none")) {
                        _cleanup_free_ char *uu;

                        uu = fstab_node_to_udev_node(password);
                        if (!uu)
                                return log_oom();

                        if (!path_equal(uu, "/dev/null")) {

                                if (is_device_path(uu)) {
                                        _cleanup_free_ char *dd;

                                        dd = unit_name_from_path(uu, ".device");
                                        if (!dd)
                                                return log_oom();

                                        fprintf(f, "After=%1$s\nRequires=%1$s\n", dd);
                                } else
                                        fprintf(f, "RequiresMountsFor=%s\n", password);
                        }
                }
        }

        if (is_device_path(u))
                fprintf(f,
                        "BindsTo=%s\n"
                        "After=%s\n"
                        "Before=umount.target\n",
                        d, d);
        else
                fprintf(f,
                        "RequiresMountsFor=%s\n",
                        u);

        r = generator_write_timeouts(arg_dest, device, name, options, &filtered);
        if (r < 0)
                return r;

        fprintf(f,
                "\n[Service]\n"
                "Type=oneshot\n"
                "RemainAfterExit=yes\n"
                "TimeoutSec=0\n" /* the binary handles timeouts anyway */
                "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
                "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
                name, u, strempty(password), strempty(filtered),
                name);

        if (tmp)
                fprintf(f,
                        "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
                        name);

        if (swap)
                fprintf(f,
                        "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
                        name);

        fflush(f);
        if (ferror(f)) {
                log_error_errno(errno, "Failed to write file %s: %m", p);
                return -errno;
        }

        from = strappenda("../", n);

        if (!noauto) {

                to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
                if (!to)
                        return log_oom();

                mkdir_parents_label(to, 0755);
                if (symlink(from, to) < 0) {
                        log_error_errno(errno, "Failed to create symlink %s: %m", to);
                        return -errno;
                }

                free(to);
                if (!nofail)
                        to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
                else
                        to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
                if (!to)
                        return log_oom();

                mkdir_parents_label(to, 0755);
                if (symlink(from, to) < 0) {
                        log_error_errno(errno, "Failed to create symlink %s: %m", to);
                        return -errno;
                }
        }

        free(to);
        to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
        if (!to)
                return log_oom();

        mkdir_parents_label(to, 0755);
        if (symlink(from, to) < 0) {
                log_error_errno(errno, "Failed to create symlink %s: %m", to);
                return -errno;
        }

        if (!noauto && !nofail) {
                _cleanup_free_ char *dmname;
                dmname = strjoin("dev-mapper-", e, ".device", NULL);
                if (!dmname)
                        return log_oom();

                r = write_drop_in(arg_dest, dmname, 90, "device-timeout",
                                  "# Automatically generated by systemd-cryptsetup-generator \n\n"
                                  "[Unit]\nJobTimeoutSec=0");
                if (r < 0)
                        return log_error_errno(r, "Failed to write device drop-in: %m");
        }

        return 0;
}

static int parse_proc_cmdline_item(const char *key, const char *value) {
        int r;

        if (STR_IN_SET(key, "luks", "rd.luks") && value) {

                r = parse_boolean(value);
                if (r < 0)
                        log_warning("Failed to parse luks switch %s. Ignoring.", value);
                else
                        arg_enabled = r;

        } else if (STR_IN_SET(key, "luks.crypttab", "rd.luks.crypttab") && value) {

                r = parse_boolean(value);
                if (r < 0)
                        log_warning("Failed to parse luks crypttab switch %s. Ignoring.", value);
                else
                        arg_read_crypttab = r;

        } else if (STR_IN_SET(key, "luks.uuid", "rd.luks.uuid") && value) {

                if (strv_extend(&arg_disks, value) < 0)
                        return log_oom();

        } else if (STR_IN_SET(key, "luks.options", "rd.luks.options") && value) {

                if (strv_extend(&arg_options, value) < 0)
                        return log_oom();

        } else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) {

                free(arg_keyfile);
                arg_keyfile = strdup(value);
                if (!arg_keyfile)
                        return log_oom();

        }

        return 0;
}

int main(int argc, char *argv[]) {
        _cleanup_strv_free_ char **disks_done = NULL;
        _cleanup_fclose_ FILE *f = NULL;
        unsigned n = 0;
        int r = EXIT_FAILURE, r2 = EXIT_FAILURE, z;
        char **i;

        if (argc > 1 && argc != 4) {
                log_error("This program takes three or no arguments.");
                return EXIT_FAILURE;
        }

        if (argc > 1)
                arg_dest = argv[1];

        log_set_target(LOG_TARGET_SAFE);
        log_parse_environment();
        log_open();

        umask(0022);

        z = parse_proc_cmdline(parse_proc_cmdline_item);
        if (z < 0)
                log_warning_errno(z, "Failed to parse kernel command line, ignoring: %m");

        if (!arg_enabled) {
                r = r2 = EXIT_SUCCESS;
                goto cleanup;
        }

        strv_uniq(arg_disks);

        if (arg_read_crypttab) {
                struct stat st;

                f = fopen("/etc/crypttab", "re");
                if (!f) {
                        if (errno == ENOENT)
                                r = EXIT_SUCCESS;
                        else
                                log_error_errno(errno, "Failed to open /etc/crypttab: %m");

                        goto next;
                }

                if (fstat(fileno(f), &st) < 0) {
                        log_error_errno(errno, "Failed to stat /etc/crypttab: %m");
                        goto next;
                }

                /* If we readd support for specifying passphrases
                 * directly in crypttabe we should upgrade the warning
                 * below, though possibly only if a passphrase is
                 * specified directly. */
                if (st.st_mode & 0005)
                        log_debug("/etc/crypttab is world-readable. This is usually not a good idea.");

                for (;;) {
                        char line[LINE_MAX], *l;
                        _cleanup_free_ char *name = NULL, *device = NULL, *password = NULL, *options = NULL;
                        int k;

                        if (!fgets(line, sizeof(line), f))
                                break;

                        n++;

                        l = strstrip(line);
                        if (*l == '#' || *l == 0)
                                continue;

                        k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &password, &options);
                        if (k < 2 || k > 4) {
                                log_error("Failed to parse /etc/crypttab:%u, ignoring.", n);
                                continue;
                        }

                        /*
                          If options are specified on the kernel command line, let them override
                          the ones from crypttab.
                        */
                        STRV_FOREACH(i, arg_options) {
                                _cleanup_free_ char *proc_uuid = NULL, *proc_options = NULL;
                                const char *p = *i;

                                k = sscanf(p, "%m[0-9a-fA-F-]=%ms", &proc_uuid, &proc_options);
                                if (k == 2 && streq(proc_uuid, device + 5)) {
                                        free(options);
                                        options = strdup(p);
                                        if (!options) {
                                                log_oom();
                                                goto cleanup;
                                        }
                                }
                        }

                        if (arg_disks) {
                                /*
                                  If luks UUIDs are specified on the kernel command line, use them as a filter
                                  for /etc/crypttab and only generate units for those.
                                */
                                STRV_FOREACH(i, arg_disks) {
                                        _cleanup_free_ char *proc_device = NULL, *proc_name = NULL;
                                        const char *p = *i;

                                        if (startswith(p, "luks-"))
                                                p += 5;

                                        proc_name = strappend("luks-", p);
                                        proc_device = strappend("UUID=", p);

                                        if (!proc_name || !proc_device) {
                                                log_oom();
                                                goto cleanup;
                                        }

                                        if (streq(proc_device, device) || streq(proc_name, name)) {
                                                if (create_disk(name, device, password, options) < 0)
                                                        goto cleanup;

                                                if (strv_extend(&disks_done, p) < 0) {
                                                        log_oom();
                                                        goto cleanup;
                                                }
                                        }
                                }
                        } else if (create_disk(name, device, password, options) < 0)
                                goto cleanup;

                }
        }

        r = EXIT_SUCCESS;

next:
        STRV_FOREACH(i, arg_disks) {
                /*
                  Generate units for those UUIDs, which were specified
                  on the kernel command line and not yet written.
                */

                _cleanup_free_ char *name = NULL, *device = NULL, *options = NULL;
                const char *p = *i;

                if (startswith(p, "luks-"))
                        p += 5;

                if (strv_contains(disks_done, p))
                        continue;

                name = strappend("luks-", p);
                device = strappend("UUID=", p);

                if (!name || !device) {
                        log_oom();
                        goto cleanup;
                }

                if (arg_options) {
                        /*
                          If options are specified on the kernel command line, use them.
                        */
                        char **j;

                        STRV_FOREACH(j, arg_options) {
                                _cleanup_free_ char *proc_uuid = NULL, *proc_options = NULL;
                                const char *s = *j;
                                int k;

                                k = sscanf(s, "%m[0-9a-fA-F-]=%ms", &proc_uuid, &proc_options);
                                if (k == 2) {
                                        if (streq(proc_uuid, device + 5)) {
                                                free(options);
                                                options = proc_options;
                                                proc_options = NULL;
                                        }
                                } else if (!options) {
                                        /*
                                          Fall back to options without a specified UUID
                                        */
                                        options = strdup(s);
                                        if (!options) {
                                                log_oom();
                                                goto cleanup;
                                        };
                                }
                        }
                }

                if (!options) {
                        options = strdup("timeout=0");
                        if (!options) {
                                log_oom();
                                goto cleanup;
                        }
                }

                if (create_disk(name, device, arg_keyfile, options) < 0)
                        goto cleanup;
        }

        r2 = EXIT_SUCCESS;

cleanup:
        strv_free(arg_disks);
        strv_free(arg_options);
        free(arg_keyfile);

        return r != EXIT_SUCCESS ? r : r2;
}
Commit	Line	Data
e23a0ce8 LP	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2010 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	9	under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	10	the Free Software Foundation; either version 2.1 of the License, or
e23a0ce8 LP	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2	16	Lesser General Public License for more details.
e23a0ce8	17
5430f7f2	18	You should have received a copy of the GNU Lesser General Public License
e23a0ce8 LP	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	#include <string.h>
	23	#include <errno.h>
	24	#include <unistd.h>
	25
	26	#include "log.h"
	27	#include "util.h"
	28	#include "unit-name.h"
49e942b2	29	#include "mkdir.h"
66a78c2b	30	#include "strv.h"
a860325e	31	#include "fileio.h"
bde29068	32	#include "path-util.h"
8eea8687 ZJS	33	#include "dropin.h"
8eea8687 ZJS	34	#include "generator.h"
e23a0ce8	35
66a78c2b LP	36	static const char *arg_dest = "/tmp";
	37	static bool arg_enabled = true;
	38	static bool arg_read_crypttab = true;
744198e9 LP	39	static char **arg_disks = NULL;
	40	static char **arg_options = NULL;
	41	static char *arg_keyfile = NULL;
141a79f4	42
e23a0ce8 LP	43	static bool has_option(const char haystack, const char needle) {
	44	const char *f = haystack;
	45	size_t l;
	46
f653f683 LP	47	assert(needle);
	48
	49	if (!haystack)
	50	return false;
	51
e23a0ce8 LP	52	l = strlen(needle);
	53
	54	while ((f = strstr(f, needle))) {
	55
	56	if (f > haystack && f[-1] != ',') {
	57	f++;
	58	continue;
	59	}
	60
aae5220d	61	if (f[l] != 0 && f[l] != ',') {
e23a0ce8 LP	62	f++;
	63	continue;
	64	}
	65
	66	return true;
	67	}
	68
	69	return false;
	70	}
	71
	72	static int create_disk(
	73	const char *name,
	74	const char *device,
	75	const char *password,
	76	const char *options) {
	77
8eea8687 ZJS	78	_cleanup_free_ char p = NULL, n = NULL, d = NULL, u = NULL, to = NULL, e = NULL,
8eea8687 ZJS	79	*filtered = NULL;
7fd1b19b	80	_cleanup_fclose_ FILE *f = NULL;
8c11d3c1	81	bool noauto, nofail, tmp, swap;
744198e9 LP	82	char *from;
744198e9 LP	83	int r;
e23a0ce8 LP	84
	85	assert(name);
	86	assert(device);
	87
155da457 LP	88	noauto = has_option(options, "noauto");
155da457 LP	89	nofail = has_option(options, "nofail");
8c11d3c1 TG	90	tmp = has_option(options, "tmp");
	91	swap = has_option(options, "swap");
	92
	93	if (tmp && swap) {
	94	log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
	95	return -EINVAL;
	96	}
155da457	97
744198e9 LP	98	e = unit_name_escape(name);
	99	if (!e)
	100	return log_oom();
	101
	102	n = unit_name_build("systemd-cryptsetup", e, ".service");
24a988e9 HH	103	if (!n)
24a988e9 HH	104	return log_oom();
e23a0ce8	105
b7def684	106	p = strjoin(arg_dest, "/", n, NULL);
24a988e9 HH	107	if (!p)
24a988e9 HH	108	return log_oom();
e23a0ce8	109
f7f21d33	110	u = fstab_node_to_udev_node(device);
24a988e9 HH	111	if (!u)
24a988e9 HH	112	return log_oom();
e23a0ce8	113
f7f21d33	114	d = unit_name_from_path(u, ".device");
24a988e9 HH	115	if (!d)
24a988e9 HH	116	return log_oom();
e23a0ce8	117
f7f21d33 LP	118	f = fopen(p, "wxe");
f7f21d33 LP	119	if (!f) {
56f64d95	120	log_error_errno(errno, "Failed to create unit file %s: %m", p);
24a988e9	121	return -errno;
e23a0ce8 LP	122	}
e23a0ce8 LP	123
9ece938a	124	fputs(
6b1dc2bd	125	"# Automatically generated by systemd-cryptsetup-generator\n\n"
e23a0ce8	126	"[Unit]\n"
9ece938a	127	"Description=Cryptography Setup for %I\n"
c3834f9b	128	"Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
1b64d026	129	"SourcePath=/etc/crypttab\n"
e23a0ce8	130	"DefaultDependencies=no\n"
744198e9	131	"Conflicts=umount.target\n"
9ece938a	132	"BindsTo=dev-mapper-%i.device\n"
4469ff4a	133	"IgnoreOnIsolate=true\n"
d6bc8348	134	"After=cryptsetup-pre.target\n",
9ece938a	135	f);
e23a0ce8	136
155da457 LP	137	if (!nofail)
	138	fprintf(f,
	139	"Before=cryptsetup.target\n");
	140
ceca9501	141	if (password) {
744198e9	142	if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
a0f70805	143	fputs("After=systemd-random-seed.service\n", f);
66a5dbdf	144	else if (!streq(password, "-") && !streq(password, "none")) {
744198e9 LP	145	_cleanup_free_ char *uu;
	146
	147	uu = fstab_node_to_udev_node(password);
	148	if (!uu)
66a5dbdf DR	149	return log_oom();
66a5dbdf DR	150
bde29068	151	if (!path_equal(uu, "/dev/null")) {
744198e9	152
bde29068 LP	153	if (is_device_path(uu)) {
bde29068 LP	154	_cleanup_free_ char *dd;
66a5dbdf	155
bde29068 LP	156	dd = unit_name_from_path(uu, ".device");
	157	if (!dd)
	158	return log_oom();
	159
	160	fprintf(f, "After=%1$s\nRequires=%1$s\n", dd);
	161	} else
	162	fprintf(f, "RequiresMountsFor=%s\n", password);
	163	}
66a5dbdf	164	}
ceca9501	165	}
e23a0ce8	166
9ece938a TW	167	if (is_device_path(u))
	168	fprintf(f,
	169	"BindsTo=%s\n"
	170	"After=%s\n"
	171	"Before=umount.target\n",
	172	d, d);
	173	else
	174	fprintf(f,
	175	"RequiresMountsFor=%s\n",
	176	u);
	177
8eea8687 ZJS	178	r = generator_write_timeouts(arg_dest, device, name, options, &filtered);
	179	if (r < 0)
	180	return r;
	181
e23a0ce8 LP	182	fprintf(f,
	183	"\n[Service]\n"
	184	"Type=oneshot\n"
	185	"RemainAfterExit=yes\n"
90724929	186	"TimeoutSec=0\n" /* the binary handles timeouts anyway */
260ab287	187	"ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
7f4e0805	188	"ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
8eea8687	189	name, u, strempty(password), strempty(filtered),
e23a0ce8 LP	190	name);
e23a0ce8 LP	191
8c11d3c1	192	if (tmp)
e23a0ce8	193	fprintf(f,
50109038	194	"ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
1d3399e6	195	name);
e23a0ce8	196
8c11d3c1	197	if (swap)
e23a0ce8	198	fprintf(f,
50109038	199	"ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
1d3399e6	200	name);
e23a0ce8 LP	201
e23a0ce8 LP	202	fflush(f);
e23a0ce8	203	if (ferror(f)) {
56f64d95	204	log_error_errno(errno, "Failed to write file %s: %m", p);
24a988e9	205	return -errno;
e23a0ce8 LP	206	}
e23a0ce8 LP	207
744198e9	208	from = strappenda("../", n);
74715b82	209
155da457	210	if (!noauto) {
e23a0ce8	211
b7def684	212	to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
24a988e9 HH	213	if (!to)
24a988e9 HH	214	return log_oom();
e23a0ce8	215
d2e54fae	216	mkdir_parents_label(to, 0755);
e23a0ce8	217	if (symlink(from, to) < 0) {
56f64d95	218	log_error_errno(errno, "Failed to create symlink %s: %m", to);
24a988e9	219	return -errno;
e23a0ce8	220	}
2f8cd170 LP	221
2f8cd170 LP	222	free(to);
155da457	223	if (!nofail)
b7def684	224	to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
155da457	225	else
b7def684	226	to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
24a988e9 HH	227	if (!to)
24a988e9 HH	228	return log_oom();
2f8cd170	229
d2e54fae	230	mkdir_parents_label(to, 0755);
155da457	231	if (symlink(from, to) < 0) {
56f64d95	232	log_error_errno(errno, "Failed to create symlink %s: %m", to);
24a988e9	233	return -errno;
2f8cd170	234	}
f7f21d33	235	}
74715b82	236
608d41f3	237	free(to);
b7def684	238	to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
24a988e9 HH	239	if (!to)
24a988e9 HH	240	return log_oom();
74715b82	241
d2e54fae	242	mkdir_parents_label(to, 0755);
74715b82	243	if (symlink(from, to) < 0) {
56f64d95	244	log_error_errno(errno, "Failed to create symlink %s: %m", to);
24a988e9	245	return -errno;
74715b82 LP	246	}
74715b82 LP	247
68395007	248	if (!noauto && !nofail) {
a6fb0dc1 HG	249	_cleanup_free_ char *dmname;
	250	dmname = strjoin("dev-mapper-", e, ".device", NULL);
	251	if (!dmname)
	252	return log_oom();
	253
	254	r = write_drop_in(arg_dest, dmname, 90, "device-timeout",
8eea8687 ZJS	255	"# Automatically generated by systemd-cryptsetup-generator \n\n"
8eea8687 ZJS	256	"[Unit]\nJobTimeoutSec=0");
23bbb0de MS	257	if (r < 0)
23bbb0de MS	258	return log_error_errno(r, "Failed to write device drop-in: %m");
68395007 HH	259	}
68395007 HH	260
24a988e9	261	return 0;
e23a0ce8 LP	262	}
e23a0ce8 LP	263
059cb385	264	static int parse_proc_cmdline_item(const char key, const char value) {
74df0fca	265	int r;
66a78c2b	266
059cb385 LP	267	if (STR_IN_SET(key, "luks", "rd.luks") && value) {
	268
	269	r = parse_boolean(value);
141a79f4	270	if (r < 0)
059cb385	271	log_warning("Failed to parse luks switch %s. Ignoring.", value);
141a79f4 ZJS	272	else
141a79f4 ZJS	273	arg_enabled = r;
66a78c2b	274
059cb385	275	} else if (STR_IN_SET(key, "luks.crypttab", "rd.luks.crypttab") && value) {
66a78c2b	276
059cb385	277	r = parse_boolean(value);
141a79f4	278	if (r < 0)
059cb385	279	log_warning("Failed to parse luks crypttab switch %s. Ignoring.", value);
141a79f4 ZJS	280	else
141a79f4 ZJS	281	arg_read_crypttab = r;
66a78c2b	282
059cb385	283	} else if (STR_IN_SET(key, "luks.uuid", "rd.luks.uuid") && value) {
66a78c2b	284
059cb385	285	if (strv_extend(&arg_disks, value) < 0)
141a79f4	286	return log_oom();
66a78c2b	287
059cb385	288	} else if (STR_IN_SET(key, "luks.options", "rd.luks.options") && value) {
66a78c2b	289
059cb385	290	if (strv_extend(&arg_options, value) < 0)
141a79f4	291	return log_oom();
66a78c2b	292
059cb385	293	} else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) {
66a78c2b	294
141a79f4	295	free(arg_keyfile);
66aaf85e	296	arg_keyfile = strdup(value);
141a79f4 ZJS	297	if (!arg_keyfile)
141a79f4 ZJS	298	return log_oom();
7ab064a6	299
85013844	300	}
66a78c2b	301
24a988e9	302	return 0;
66a78c2b LP	303	}
66a78c2b LP	304
e23a0ce8	305	int main(int argc, char *argv[]) {
141a79f4	306	_cleanup_strv_free_ char **disks_done = NULL;
7fd1b19b	307	_cleanup_fclose_ FILE *f = NULL;
e23a0ce8	308	unsigned n = 0;
b5884878	309	int r = EXIT_FAILURE, r2 = EXIT_FAILURE, z;
66a78c2b	310	char **i;
e23a0ce8	311
07719a21 LP	312	if (argc > 1 && argc != 4) {
07719a21 LP	313	log_error("This program takes three or no arguments.");
e23a0ce8 LP	314	return EXIT_FAILURE;
	315	}
	316
2a796654 LP	317	if (argc > 1)
2a796654 LP	318	arg_dest = argv[1];
e23a0ce8	319
a6903061	320	log_set_target(LOG_TARGET_SAFE);
e23a0ce8 LP	321	log_parse_environment();
	322	log_open();
	323
4c12626c LP	324	umask(0022);
4c12626c LP	325
b5884878 LP	326	z = parse_proc_cmdline(parse_proc_cmdline_item);
b5884878 LP	327	if (z < 0)
da927ba9	328	log_warning_errno(z, "Failed to parse kernel command line, ignoring: %m");
66a78c2b	329
141a79f4 ZJS	330	if (!arg_enabled) {
	331	r = r2 = EXIT_SUCCESS;
	332	goto cleanup;
	333	}
	334
	335	strv_uniq(arg_disks);
66a78c2b	336
e2cb60fa	337	if (arg_read_crypttab) {
8973790e	338	struct stat st;
66a78c2b	339
8973790e	340	f = fopen("/etc/crypttab", "re");
e2cb60fa HH	341	if (!f) {
	342	if (errno == ENOENT)
	343	r = EXIT_SUCCESS;
141a79f4	344	else
56f64d95	345	log_error_errno(errno, "Failed to open /etc/crypttab: %m");
8973790e LP	346
	347	goto next;
	348	}
	349
	350	if (fstat(fileno(f), &st) < 0) {
56f64d95	351	log_error_errno(errno, "Failed to stat /etc/crypttab: %m");
8973790e LP	352	goto next;
	353	}
	354
2b68185a LP	355	/* If we readd support for specifying passphrases
	356	* directly in crypttabe we should upgrade the warning
	357	* below, though possibly only if a passphrase is
	358	* specified directly. */
8973790e	359	if (st.st_mode & 0005)
2b68185a	360	log_debug("/etc/crypttab is world-readable. This is usually not a good idea.");
8973790e LP	361
8973790e LP	362	for (;;) {
e2cb60fa	363	char line[LINE_MAX], *l;
7fd1b19b	364	_cleanup_free_ char name = NULL, device = NULL, password = NULL, options = NULL;
e2cb60fa	365	int k;
66a78c2b	366
e2cb60fa HH	367	if (!fgets(line, sizeof(line), f))
e2cb60fa HH	368	break;
66a78c2b	369
e2cb60fa	370	n++;
66a78c2b	371
e2cb60fa HH	372	l = strstrip(line);
	373	if (l == '#' \|\| l == 0)
	374	continue;
e23a0ce8	375
e2cb60fa HH	376	k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &password, &options);
	377	if (k < 2 \|\| k > 4) {
	378	log_error("Failed to parse /etc/crypttab:%u, ignoring.", n);
24a988e9	379	continue;
e2cb60fa	380	}
e23a0ce8	381
141a79f4	382	/*
3f85ef0f	383	If options are specified on the kernel command line, let them override
141a79f4 ZJS	384	the ones from crypttab.
	385	*/
	386	STRV_FOREACH(i, arg_options) {
	387	_cleanup_free_ char proc_uuid = NULL, proc_options = NULL;
	388	const char p = i;
	389
	390	k = sscanf(p, "%m[0-9a-fA-F-]=%ms", &proc_uuid, &proc_options);
	391	if (k == 2 && streq(proc_uuid, device + 5)) {
	392	free(options);
	393	options = strdup(p);
0e2f1401	394	if (!options) {
141a79f4 ZJS	395	log_oom();
141a79f4 ZJS	396	goto cleanup;
7ab064a6 TG	397	}
	398	}
	399	}
	400
141a79f4	401	if (arg_disks) {
e2cb60fa HH	402	/*
	403	If luks UUIDs are specified on the kernel command line, use them as a filter
	404	for /etc/crypttab and only generate units for those.
	405	*/
141a79f4	406	STRV_FOREACH(i, arg_disks) {
7fd1b19b	407	_cleanup_free_ char proc_device = NULL, proc_name = NULL;
e2cb60fa HH	408	const char p = i;
	409
	410	if (startswith(p, "luks-"))
	411	p += 5;
	412
	413	proc_name = strappend("luks-", p);
	414	proc_device = strappend("UUID=", p);
	415
141a79f4 ZJS	416	if (!proc_name \|\| !proc_device) {
	417	log_oom();
	418	goto cleanup;
	419	}
24a988e9	420
e2cb60fa	421	if (streq(proc_device, device) \|\| streq(proc_name, name)) {
e2cb60fa	422	if (create_disk(name, device, password, options) < 0)
141a79f4	423	goto cleanup;
e2cb60fa	424
141a79f4 ZJS	425	if (strv_extend(&disks_done, p) < 0) {
	426	log_oom();
	427	goto cleanup;
	428	}
e2cb60fa	429	}
e2cb60fa	430	}
141a79f4 ZJS	431	} else if (create_disk(name, device, password, options) < 0)
	432	goto cleanup;
	433
e2cb60fa	434	}
e23a0ce8 LP	435	}
e23a0ce8 LP	436
141a79f4 ZJS	437	r = EXIT_SUCCESS;
141a79f4 ZJS	438
8973790e	439	next:
141a79f4	440	STRV_FOREACH(i, arg_disks) {
e2cb60fa HH	441	/*
	442	Generate units for those UUIDs, which were specified
	443	on the kernel command line and not yet written.
	444	*/
e23a0ce8	445
7ab064a6	446	_cleanup_free_ char name = NULL, device = NULL, *options = NULL;
e2cb60fa	447	const char p = i;
e23a0ce8	448
e2cb60fa HH	449	if (startswith(p, "luks-"))
e2cb60fa HH	450	p += 5;
e23a0ce8	451
141a79f4	452	if (strv_contains(disks_done, p))
e23a0ce8 LP	453	continue;
e23a0ce8 LP	454
e2cb60fa HH	455	name = strappend("luks-", p);
	456	device = strappend("UUID=", p);
	457
141a79f4 ZJS	458	if (!name \|\| !device) {
	459	log_oom();
	460	goto cleanup;
	461	}
e23a0ce8	462
141a79f4	463	if (arg_options) {
7ab064a6	464	/*
3f85ef0f	465	If options are specified on the kernel command line, use them.
7ab064a6 TG	466	*/
	467	char **j;
	468
141a79f4	469	STRV_FOREACH(j, arg_options) {
7ab064a6 TG	470	_cleanup_free_ char proc_uuid = NULL, proc_options = NULL;
	471	const char s = j;
	472	int k;
	473
	474	k = sscanf(s, "%m[0-9a-fA-F-]=%ms", &proc_uuid, &proc_options);
	475	if (k == 2) {
	476	if (streq(proc_uuid, device + 5)) {
744198e9 LP	477	free(options);
	478	options = proc_options;
	479	proc_options = NULL;
7ab064a6 TG	480	}
	481	} else if (!options) {
	482	/*
	483	Fall back to options without a specified UUID
	484	*/
	485	options = strdup(s);
141a79f4 ZJS	486	if (!options) {
	487	log_oom();
	488	goto cleanup;
	489	};
7ab064a6 TG	490	}
	491	}
	492	}
	493
	494	if (!options) {
	495	options = strdup("timeout=0");
141a79f4 ZJS	496	if (!options) {
	497	log_oom();
	498	goto cleanup;
	499	}
7ab064a6 TG	500	}
7ab064a6 TG	501
141a79f4 ZJS	502	if (create_disk(name, device, arg_keyfile, options) < 0)
141a79f4 ZJS	503	goto cleanup;
e23a0ce8 LP	504	}
e23a0ce8 LP	505
141a79f4 ZJS	506	r2 = EXIT_SUCCESS;
	507
	508	cleanup:
	509	strv_free(arg_disks);
	510	strv_free(arg_options);
	511	free(arg_keyfile);
	512
	513	return r != EXIT_SUCCESS ? r : r2;
e23a0ce8	514	}