]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
e23a0ce8 | 2 | |
e23a0ce8 | 3 | #include <errno.h> |
0d536673 | 4 | #include <stdio_ext.h> |
e23a0ce8 | 5 | |
b5efdb8a | 6 | #include "alloc-util.h" |
0fa9e53d | 7 | #include "dropin.h" |
7949dfa7 | 8 | #include "escape.h" |
3ffd4af2 | 9 | #include "fd-util.h" |
0d39fa9c | 10 | #include "fileio.h" |
07630cea | 11 | #include "fstab-util.h" |
0fa9e53d JJ |
12 | #include "generator.h" |
13 | #include "hashmap.h" | |
7949dfa7 | 14 | #include "id128-util.h" |
e23a0ce8 | 15 | #include "log.h" |
49e942b2 | 16 | #include "mkdir.h" |
6bedfcbb | 17 | #include "parse-util.h" |
bde29068 | 18 | #include "path-util.h" |
4e731273 | 19 | #include "proc-cmdline.h" |
98bad05e | 20 | #include "specifier.h" |
07630cea | 21 | #include "string-util.h" |
0fa9e53d JJ |
22 | #include "strv.h" |
23 | #include "unit-name.h" | |
24 | #include "util.h" | |
25 | ||
26 | typedef struct crypto_device { | |
27 | char *uuid; | |
6cd5b12a | 28 | char *keyfile; |
70f5f48e | 29 | char *keydev; |
baade8cc | 30 | char *name; |
0fa9e53d JJ |
31 | char *options; |
32 | bool create; | |
33 | } crypto_device; | |
e23a0ce8 | 34 | |
66a78c2b LP |
35 | static const char *arg_dest = "/tmp"; |
36 | static bool arg_enabled = true; | |
37 | static bool arg_read_crypttab = true; | |
0fa9e53d JJ |
38 | static bool arg_whitelist = false; |
39 | static Hashmap *arg_disks = NULL; | |
40 | static char *arg_default_options = NULL; | |
41 | static char *arg_default_keyfile = NULL; | |
141a79f4 | 42 | |
70f5f48e | 43 | static int generate_keydev_mount(const char *name, const char *keydev, char **unit, char **mount) { |
7949dfa7 | 44 | _cleanup_free_ char *u = NULL, *what = NULL, *where = NULL, *name_escaped = NULL; |
70f5f48e MS |
45 | _cleanup_fclose_ FILE *f = NULL; |
46 | int r; | |
47 | ||
48 | assert(name); | |
49 | assert(keydev); | |
50 | assert(unit); | |
51 | assert(mount); | |
52 | ||
53 | r = mkdir_parents("/run/systemd/cryptsetup", 0755); | |
54 | if (r < 0) | |
55 | return r; | |
56 | ||
57 | r = mkdir("/run/systemd/cryptsetup", 0700); | |
579875bc MS |
58 | if (r < 0 && errno != EEXIST) |
59 | return -errno; | |
70f5f48e | 60 | |
7949dfa7 MS |
61 | name_escaped = cescape(name); |
62 | if (!name_escaped) | |
63 | return -ENOMEM; | |
64 | ||
65 | where = strjoin("/run/systemd/cryptsetup/keydev-", name_escaped); | |
70f5f48e MS |
66 | if (!where) |
67 | return -ENOMEM; | |
68 | ||
69 | r = mkdir(where, 0700); | |
579875bc MS |
70 | if (r < 0 && errno != EEXIST) |
71 | return -errno; | |
70f5f48e MS |
72 | |
73 | r = unit_name_from_path(where, ".mount", &u); | |
74 | if (r < 0) | |
75 | return r; | |
76 | ||
77 | r = generator_open_unit_file(arg_dest, NULL, u, &f); | |
78 | if (r < 0) | |
79 | return r; | |
80 | ||
81 | what = fstab_node_to_udev_node(keydev); | |
82 | if (!what) | |
83 | return -ENOMEM; | |
84 | ||
85 | fprintf(f, | |
86 | "[Unit]\n" | |
87 | "DefaultDependencies=no\n\n" | |
88 | "[Mount]\n" | |
89 | "What=%s\n" | |
90 | "Where=%s\n" | |
91 | "Options=ro\n", what, where); | |
92 | ||
93 | r = fflush_and_check(f); | |
94 | if (r < 0) | |
95 | return r; | |
96 | ||
97 | *unit = TAKE_PTR(u); | |
98 | *mount = TAKE_PTR(where); | |
99 | ||
100 | return 0; | |
101 | } | |
102 | ||
e23a0ce8 LP |
103 | static int create_disk( |
104 | const char *name, | |
105 | const char *device, | |
70f5f48e | 106 | const char *keydev, |
e23a0ce8 LP |
107 | const char *password, |
108 | const char *options) { | |
109 | ||
fb883e75 | 110 | _cleanup_free_ char *n = NULL, *d = NULL, *u = NULL, *e = NULL, |
70f5f48e | 111 | *filtered = NULL, *u_escaped = NULL, *password_escaped = NULL, *filtered_escaped = NULL, *name_escaped = NULL, *keydev_mount = NULL; |
7fd1b19b | 112 | _cleanup_fclose_ FILE *f = NULL; |
b559616f | 113 | const char *dmname; |
b001ad61 | 114 | bool noauto, nofail, tmp, swap, netdev; |
744198e9 | 115 | int r; |
e23a0ce8 LP |
116 | |
117 | assert(name); | |
118 | assert(device); | |
119 | ||
b9f111b9 ZJS |
120 | noauto = fstab_test_yes_no_option(options, "noauto\0" "auto\0"); |
121 | nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0"); | |
a6dba978 ZJS |
122 | tmp = fstab_test_option(options, "tmp\0"); |
123 | swap = fstab_test_option(options, "swap\0"); | |
b001ad61 | 124 | netdev = fstab_test_option(options, "_netdev\0"); |
8c11d3c1 | 125 | |
baaa35ad ZJS |
126 | if (tmp && swap) |
127 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
128 | "Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", | |
129 | name); | |
155da457 | 130 | |
98bad05e LP |
131 | name_escaped = specifier_escape(name); |
132 | if (!name_escaped) | |
133 | return log_oom(); | |
134 | ||
744198e9 LP |
135 | e = unit_name_escape(name); |
136 | if (!e) | |
137 | return log_oom(); | |
138 | ||
f7f21d33 | 139 | u = fstab_node_to_udev_node(device); |
24a988e9 HH |
140 | if (!u) |
141 | return log_oom(); | |
e23a0ce8 | 142 | |
fb883e75 ZJS |
143 | r = unit_name_build("systemd-cryptsetup", e, ".service", &n); |
144 | if (r < 0) | |
145 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
146 | ||
98bad05e LP |
147 | u_escaped = specifier_escape(u); |
148 | if (!u_escaped) | |
149 | return log_oom(); | |
150 | ||
7410616c LP |
151 | r = unit_name_from_path(u, ".device", &d); |
152 | if (r < 0) | |
153 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
e23a0ce8 | 154 | |
d31eb24f LP |
155 | if (password) { |
156 | password_escaped = specifier_escape(password); | |
157 | if (!password_escaped) | |
158 | return log_oom(); | |
159 | } | |
98bad05e | 160 | |
baaa35ad ZJS |
161 | if (keydev && !password) |
162 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
163 | "Key device is specified, but path to the password file is missing."); | |
70f5f48e | 164 | |
fb883e75 ZJS |
165 | r = generator_open_unit_file(arg_dest, NULL, n, &f); |
166 | if (r < 0) | |
167 | return r; | |
0d536673 | 168 | |
b001ad61 | 169 | fprintf(f, |
b001ad61 ZJS |
170 | "[Unit]\n" |
171 | "Description=Cryptography Setup for %%I\n" | |
172 | "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n" | |
173 | "SourcePath=/etc/crypttab\n" | |
174 | "DefaultDependencies=no\n" | |
175 | "Conflicts=umount.target\n" | |
176 | "IgnoreOnIsolate=true\n" | |
177 | "After=%s\n", | |
a0dd2097 | 178 | netdev ? "remote-fs-pre.target" : "cryptsetup-pre.target"); |
e23a0ce8 | 179 | |
70f5f48e MS |
180 | if (keydev) { |
181 | _cleanup_free_ char *unit = NULL, *p = NULL; | |
182 | ||
183 | r = generate_keydev_mount(name, keydev, &unit, &keydev_mount); | |
184 | if (r < 0) | |
185 | return log_error_errno(r, "Failed to generate keydev mount unit: %m"); | |
186 | ||
187 | p = prefix_root(keydev_mount, password_escaped); | |
188 | if (!p) | |
189 | return log_oom(); | |
190 | ||
191 | free_and_replace(password_escaped, p); | |
192 | } | |
193 | ||
155da457 LP |
194 | if (!nofail) |
195 | fprintf(f, | |
b001ad61 ZJS |
196 | "Before=%s\n", |
197 | netdev ? "remote-cryptsetup.target" : "cryptsetup.target"); | |
155da457 | 198 | |
ceca9501 | 199 | if (password) { |
e3ca6580 | 200 | if (PATH_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random")) |
0d536673 | 201 | fputs("After=systemd-random-seed.service\n", f); |
b559616f | 202 | else if (!STR_IN_SET(password, "-", "none")) { |
744198e9 LP |
203 | _cleanup_free_ char *uu; |
204 | ||
205 | uu = fstab_node_to_udev_node(password); | |
206 | if (!uu) | |
66a5dbdf DR |
207 | return log_oom(); |
208 | ||
bde29068 | 209 | if (!path_equal(uu, "/dev/null")) { |
744198e9 | 210 | |
048dd629 | 211 | if (path_startswith(uu, "/dev/")) { |
7410616c | 212 | _cleanup_free_ char *dd = NULL; |
66a5dbdf | 213 | |
7410616c LP |
214 | r = unit_name_from_path(uu, ".device", &dd); |
215 | if (r < 0) | |
216 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
bde29068 LP |
217 | |
218 | fprintf(f, "After=%1$s\nRequires=%1$s\n", dd); | |
219 | } else | |
98bad05e | 220 | fprintf(f, "RequiresMountsFor=%s\n", password_escaped); |
bde29068 | 221 | } |
66a5dbdf | 222 | } |
ceca9501 | 223 | } |
e23a0ce8 | 224 | |
048dd629 | 225 | if (path_startswith(u, "/dev/")) { |
9ece938a TW |
226 | fprintf(f, |
227 | "BindsTo=%s\n" | |
228 | "After=%s\n" | |
229 | "Before=umount.target\n", | |
230 | d, d); | |
a6f8786a MFO |
231 | |
232 | if (swap) | |
0d536673 LP |
233 | fputs("Before=dev-mapper-%i.swap\n", |
234 | f); | |
a6f8786a | 235 | } else |
b90cbe66 LHS |
236 | /* For loopback devices, add systemd-tmpfiles-setup-dev.service |
237 | dependency to ensure that loopback support is available in | |
238 | the kernel (/dev/loop-control needs to exist) */ | |
9ece938a | 239 | fprintf(f, |
b90cbe66 LHS |
240 | "RequiresMountsFor=%s\n" |
241 | "Requires=systemd-tmpfiles-setup-dev.service\n" | |
242 | "After=systemd-tmpfiles-setup-dev.service\n", | |
98bad05e LP |
243 | u_escaped); |
244 | ||
8eea8687 ZJS |
245 | r = generator_write_timeouts(arg_dest, device, name, options, &filtered); |
246 | if (r < 0) | |
247 | return r; | |
248 | ||
d31eb24f LP |
249 | if (filtered) { |
250 | filtered_escaped = specifier_escape(filtered); | |
251 | if (!filtered_escaped) | |
252 | return log_oom(); | |
253 | } | |
98bad05e | 254 | |
e23a0ce8 LP |
255 | fprintf(f, |
256 | "\n[Service]\n" | |
257 | "Type=oneshot\n" | |
258 | "RemainAfterExit=yes\n" | |
90724929 | 259 | "TimeoutSec=0\n" /* the binary handles timeouts anyway */ |
0b1f68ac | 260 | "KeyringMode=shared\n" /* make sure we can share cached keys among instances */ |
260ab287 | 261 | "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n" |
7f4e0805 | 262 | "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n", |
98bad05e LP |
263 | name_escaped, u_escaped, strempty(password_escaped), strempty(filtered_escaped), |
264 | name_escaped); | |
e23a0ce8 | 265 | |
8c11d3c1 | 266 | if (tmp) |
e23a0ce8 | 267 | fprintf(f, |
50109038 | 268 | "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n", |
98bad05e | 269 | name_escaped); |
e23a0ce8 | 270 | |
8c11d3c1 | 271 | if (swap) |
e23a0ce8 | 272 | fprintf(f, |
50109038 | 273 | "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n", |
98bad05e | 274 | name_escaped); |
e23a0ce8 | 275 | |
70f5f48e MS |
276 | if (keydev) |
277 | fprintf(f, | |
278 | "ExecStartPost=" UMOUNT_PATH " %s\n\n", | |
279 | keydev_mount); | |
280 | ||
4652c56c ZJS |
281 | r = fflush_and_check(f); |
282 | if (r < 0) | |
fb883e75 | 283 | return log_error_errno(r, "Failed to write unit file %s: %m", n); |
e23a0ce8 | 284 | |
155da457 | 285 | if (!noauto) { |
b559616f ZJS |
286 | r = generator_add_symlink(arg_dest, d, "wants", n); |
287 | if (r < 0) | |
288 | return r; | |
e23a0ce8 | 289 | |
b001ad61 ZJS |
290 | r = generator_add_symlink(arg_dest, |
291 | netdev ? "remote-cryptsetup.target" : "cryptsetup.target", | |
b559616f ZJS |
292 | nofail ? "wants" : "requires", n); |
293 | if (r < 0) | |
294 | return r; | |
f7f21d33 | 295 | } |
74715b82 | 296 | |
b559616f ZJS |
297 | dmname = strjoina("dev-mapper-", e, ".device"); |
298 | r = generator_add_symlink(arg_dest, dmname, "requires", n); | |
299 | if (r < 0) | |
300 | return r; | |
74715b82 | 301 | |
68395007 | 302 | if (!noauto && !nofail) { |
a6fb0dc1 | 303 | r = write_drop_in(arg_dest, dmname, 90, "device-timeout", |
8eea8687 ZJS |
304 | "# Automatically generated by systemd-cryptsetup-generator \n\n" |
305 | "[Unit]\nJobTimeoutSec=0"); | |
23bbb0de MS |
306 | if (r < 0) |
307 | return log_error_errno(r, "Failed to write device drop-in: %m"); | |
68395007 HH |
308 | } |
309 | ||
24a988e9 | 310 | return 0; |
e23a0ce8 LP |
311 | } |
312 | ||
6dd1c368 ZJS |
313 | static void crypt_device_free(crypto_device *d) { |
314 | free(d->uuid); | |
315 | free(d->keyfile); | |
70f5f48e | 316 | free(d->keydev); |
6dd1c368 ZJS |
317 | free(d->name); |
318 | free(d->options); | |
319 | free(d); | |
0fa9e53d JJ |
320 | } |
321 | ||
322 | static crypto_device *get_crypto_device(const char *uuid) { | |
323 | int r; | |
324 | crypto_device *d; | |
325 | ||
326 | assert(uuid); | |
327 | ||
328 | d = hashmap_get(arg_disks, uuid); | |
329 | if (!d) { | |
330 | d = new0(struct crypto_device, 1); | |
331 | if (!d) | |
332 | return NULL; | |
333 | ||
334 | d->create = false; | |
baade8cc | 335 | d->keyfile = d->options = d->name = NULL; |
0fa9e53d JJ |
336 | |
337 | d->uuid = strdup(uuid); | |
6b430fdb ZJS |
338 | if (!d->uuid) |
339 | return mfree(d); | |
0fa9e53d JJ |
340 | |
341 | r = hashmap_put(arg_disks, d->uuid, d); | |
342 | if (r < 0) { | |
343 | free(d->uuid); | |
6b430fdb | 344 | return mfree(d); |
0fa9e53d JJ |
345 | } |
346 | } | |
347 | ||
348 | return d; | |
349 | } | |
350 | ||
96287a49 | 351 | static int parse_proc_cmdline_item(const char *key, const char *value, void *data) { |
0fa9e53d | 352 | _cleanup_free_ char *uuid = NULL, *uuid_value = NULL; |
1d84ad94 LP |
353 | crypto_device *d; |
354 | int r; | |
66a78c2b | 355 | |
1d84ad94 | 356 | if (streq(key, "luks")) { |
059cb385 | 357 | |
1d84ad94 | 358 | r = value ? parse_boolean(value) : 1; |
141a79f4 | 359 | if (r < 0) |
1d84ad94 | 360 | log_warning("Failed to parse luks= kernel command line switch %s. Ignoring.", value); |
141a79f4 ZJS |
361 | else |
362 | arg_enabled = r; | |
66a78c2b | 363 | |
1d84ad94 | 364 | } else if (streq(key, "luks.crypttab")) { |
66a78c2b | 365 | |
1d84ad94 | 366 | r = value ? parse_boolean(value) : 1; |
141a79f4 | 367 | if (r < 0) |
1d84ad94 | 368 | log_warning("Failed to parse luks.crypttab= kernel command line switch %s. Ignoring.", value); |
141a79f4 ZJS |
369 | else |
370 | arg_read_crypttab = r; | |
66a78c2b | 371 | |
1d84ad94 LP |
372 | } else if (streq(key, "luks.uuid")) { |
373 | ||
374 | if (proc_cmdline_value_missing(key, value)) | |
375 | return 0; | |
66a78c2b | 376 | |
0fa9e53d JJ |
377 | d = get_crypto_device(startswith(value, "luks-") ? value+5 : value); |
378 | if (!d) | |
141a79f4 | 379 | return log_oom(); |
66a78c2b | 380 | |
0fa9e53d JJ |
381 | d->create = arg_whitelist = true; |
382 | ||
1d84ad94 LP |
383 | } else if (streq(key, "luks.options")) { |
384 | ||
385 | if (proc_cmdline_value_missing(key, value)) | |
386 | return 0; | |
66a78c2b | 387 | |
0fa9e53d JJ |
388 | r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value); |
389 | if (r == 2) { | |
390 | d = get_crypto_device(uuid); | |
391 | if (!d) | |
392 | return log_oom(); | |
393 | ||
1d84ad94 | 394 | free_and_replace(d->options, uuid_value); |
0fa9e53d | 395 | } else if (free_and_strdup(&arg_default_options, value) < 0) |
141a79f4 | 396 | return log_oom(); |
66a78c2b | 397 | |
1d84ad94 | 398 | } else if (streq(key, "luks.key")) { |
7949dfa7 MS |
399 | size_t n; |
400 | _cleanup_free_ char *keyfile = NULL, *keydev = NULL; | |
401 | char *c; | |
402 | const char *keyspec; | |
1d84ad94 LP |
403 | |
404 | if (proc_cmdline_value_missing(key, value)) | |
405 | return 0; | |
66a78c2b | 406 | |
7949dfa7 MS |
407 | n = strspn(value, LETTERS DIGITS "-"); |
408 | if (value[n] != '=') { | |
409 | if (free_and_strdup(&arg_default_keyfile, value) < 0) | |
410 | return log_oom(); | |
411 | return 0; | |
412 | } | |
70f5f48e | 413 | |
7949dfa7 MS |
414 | uuid = strndup(value, n); |
415 | if (!uuid) | |
416 | return log_oom(); | |
6cd5b12a | 417 | |
7949dfa7 MS |
418 | if (!id128_is_valid(uuid)) { |
419 | log_warning("Failed to parse luks.key= kernel command line switch. UUID is invalid, ignoring."); | |
420 | return 0; | |
421 | } | |
422 | ||
423 | d = get_crypto_device(uuid); | |
424 | if (!d) | |
425 | return log_oom(); | |
70f5f48e | 426 | |
7949dfa7 MS |
427 | keyspec = value + n + 1; |
428 | c = strrchr(keyspec, ':'); | |
429 | if (c) { | |
430 | *c = '\0'; | |
431 | keyfile = strdup(keyspec); | |
432 | keydev = strdup(c + 1); | |
70f5f48e MS |
433 | |
434 | if (!keyfile || !keydev) | |
435 | return log_oom(); | |
7949dfa7 MS |
436 | } else { |
437 | /* No keydev specified */ | |
438 | keyfile = strdup(keyspec); | |
439 | if (!keyfile) | |
440 | return log_oom(); | |
441 | } | |
70f5f48e | 442 | |
7949dfa7 MS |
443 | free_and_replace(d->keyfile, keyfile); |
444 | free_and_replace(d->keydev, keydev); | |
1d84ad94 LP |
445 | } else if (streq(key, "luks.name")) { |
446 | ||
447 | if (proc_cmdline_value_missing(key, value)) | |
448 | return 0; | |
baade8cc JJ |
449 | |
450 | r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value); | |
451 | if (r == 2) { | |
452 | d = get_crypto_device(uuid); | |
453 | if (!d) | |
454 | return log_oom(); | |
455 | ||
456 | d->create = arg_whitelist = true; | |
457 | ||
f9ecfd3b | 458 | free_and_replace(d->name, uuid_value); |
baade8cc JJ |
459 | } else |
460 | log_warning("Failed to parse luks name switch %s. Ignoring.", value); | |
85013844 | 461 | } |
66a78c2b | 462 | |
24a988e9 | 463 | return 0; |
66a78c2b LP |
464 | } |
465 | ||
0fa9e53d | 466 | static int add_crypttab_devices(void) { |
7fd1b19b | 467 | _cleanup_fclose_ FILE *f = NULL; |
b42674a1 LP |
468 | unsigned crypttab_line = 0; |
469 | struct stat st; | |
470 | int r; | |
e23a0ce8 | 471 | |
0fa9e53d JJ |
472 | if (!arg_read_crypttab) |
473 | return 0; | |
474 | ||
475 | f = fopen("/etc/crypttab", "re"); | |
476 | if (!f) { | |
477 | if (errno != ENOENT) | |
478 | log_error_errno(errno, "Failed to open /etc/crypttab: %m"); | |
479 | return 0; | |
e23a0ce8 LP |
480 | } |
481 | ||
0d536673 LP |
482 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); |
483 | ||
0fa9e53d JJ |
484 | if (fstat(fileno(f), &st) < 0) { |
485 | log_error_errno(errno, "Failed to stat /etc/crypttab: %m"); | |
486 | return 0; | |
487 | } | |
e23a0ce8 | 488 | |
0fa9e53d | 489 | for (;;) { |
b42674a1 | 490 | _cleanup_free_ char *line = NULL, *name = NULL, *device = NULL, *keyfile = NULL, *options = NULL; |
0fa9e53d | 491 | crypto_device *d = NULL; |
b42674a1 LP |
492 | char *l, *uuid; |
493 | int k; | |
4c12626c | 494 | |
b42674a1 LP |
495 | r = read_line(f, LONG_LINE_MAX, &line); |
496 | if (r < 0) | |
497 | return log_error_errno(r, "Failed to read /etc/crypttab: %m"); | |
498 | if (r == 0) | |
0fa9e53d | 499 | break; |
66a78c2b | 500 | |
0fa9e53d | 501 | crypttab_line++; |
141a79f4 | 502 | |
0fa9e53d | 503 | l = strstrip(line); |
b42674a1 | 504 | if (IN_SET(l[0], 0, '#')) |
0fa9e53d | 505 | continue; |
66a78c2b | 506 | |
0fa9e53d JJ |
507 | k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &keyfile, &options); |
508 | if (k < 2 || k > 4) { | |
509 | log_error("Failed to parse /etc/crypttab:%u, ignoring.", crypttab_line); | |
510 | continue; | |
511 | } | |
66a78c2b | 512 | |
49fe5c09 | 513 | uuid = STARTSWITH_SET(device, "UUID=", "luks-"); |
0fa9e53d JJ |
514 | if (!uuid) |
515 | uuid = path_startswith(device, "/dev/disk/by-uuid/"); | |
0fa9e53d JJ |
516 | if (uuid) |
517 | d = hashmap_get(arg_disks, uuid); | |
8973790e | 518 | |
0fa9e53d JJ |
519 | if (arg_whitelist && !d) { |
520 | log_info("Not creating device '%s' because it was not specified on the kernel command line.", name); | |
521 | continue; | |
8973790e LP |
522 | } |
523 | ||
70f5f48e | 524 | r = create_disk(name, device, NULL, keyfile, (d && d->options) ? d->options : options); |
0fa9e53d JJ |
525 | if (r < 0) |
526 | return r; | |
8973790e | 527 | |
0fa9e53d JJ |
528 | if (d) |
529 | d->create = false; | |
530 | } | |
8973790e | 531 | |
0fa9e53d JJ |
532 | return 0; |
533 | } | |
66a78c2b | 534 | |
0fa9e53d JJ |
535 | static int add_proc_cmdline_devices(void) { |
536 | int r; | |
537 | Iterator i; | |
538 | crypto_device *d; | |
66a78c2b | 539 | |
0fa9e53d JJ |
540 | HASHMAP_FOREACH(d, arg_disks, i) { |
541 | const char *options; | |
baade8cc | 542 | _cleanup_free_ char *device = NULL; |
66a78c2b | 543 | |
0fa9e53d JJ |
544 | if (!d->create) |
545 | continue; | |
e23a0ce8 | 546 | |
baade8cc JJ |
547 | if (!d->name) { |
548 | d->name = strappend("luks-", d->uuid); | |
549 | if (!d->name) | |
550 | return log_oom(); | |
551 | } | |
e23a0ce8 | 552 | |
0fa9e53d JJ |
553 | device = strappend("UUID=", d->uuid); |
554 | if (!device) | |
555 | return log_oom(); | |
7ab064a6 | 556 | |
0fa9e53d JJ |
557 | if (d->options) |
558 | options = d->options; | |
559 | else if (arg_default_options) | |
560 | options = arg_default_options; | |
561 | else | |
562 | options = "timeout=0"; | |
141a79f4 | 563 | |
70f5f48e | 564 | r = create_disk(d->name, device, d->keydev, d->keyfile ?: arg_default_keyfile, options); |
0fa9e53d JJ |
565 | if (r < 0) |
566 | return r; | |
e23a0ce8 LP |
567 | } |
568 | ||
0fa9e53d JJ |
569 | return 0; |
570 | } | |
e23a0ce8 | 571 | |
0fa9e53d | 572 | int main(int argc, char *argv[]) { |
5f4bfe56 | 573 | int r; |
e23a0ce8 | 574 | |
0fa9e53d JJ |
575 | if (argc > 1 && argc != 4) { |
576 | log_error("This program takes three or no arguments."); | |
577 | return EXIT_FAILURE; | |
578 | } | |
e23a0ce8 | 579 | |
0fa9e53d JJ |
580 | if (argc > 1) |
581 | arg_dest = argv[1]; | |
e23a0ce8 | 582 | |
afe44c8f | 583 | log_setup_generator(); |
e2cb60fa | 584 | |
0fa9e53d | 585 | arg_disks = hashmap_new(&string_hash_ops); |
5f4bfe56 LP |
586 | if (!arg_disks) { |
587 | r = log_oom(); | |
588 | goto finish; | |
589 | } | |
7ab064a6 | 590 | |
1d84ad94 | 591 | r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, PROC_CMDLINE_STRIP_RD_PREFIX); |
0fa9e53d | 592 | if (r < 0) { |
5f4bfe56 LP |
593 | log_warning_errno(r, "Failed to parse kernel command line: %m"); |
594 | goto finish; | |
0fa9e53d | 595 | } |
7ab064a6 | 596 | |
0fa9e53d | 597 | if (!arg_enabled) { |
5f4bfe56 LP |
598 | r = 0; |
599 | goto finish; | |
e23a0ce8 LP |
600 | } |
601 | ||
5f4bfe56 LP |
602 | r = add_crypttab_devices(); |
603 | if (r < 0) | |
604 | goto finish; | |
0fa9e53d | 605 | |
5f4bfe56 LP |
606 | r = add_proc_cmdline_devices(); |
607 | if (r < 0) | |
608 | goto finish; | |
0fa9e53d | 609 | |
5f4bfe56 | 610 | r = 0; |
141a79f4 | 611 | |
5f4bfe56 | 612 | finish: |
6dd1c368 | 613 | hashmap_free_with_destructor(arg_disks, crypt_device_free); |
0fa9e53d JJ |
614 | free(arg_default_options); |
615 | free(arg_default_keyfile); | |
141a79f4 | 616 | |
5f4bfe56 | 617 | return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; |
e23a0ce8 | 618 | } |