]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/cryptsetup/cryptsetup-generator.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
26 #include "fstab-util.h"
27 #include "generator.h"
31 #include "parse-util.h"
32 #include "path-util.h"
33 #include "string-util.h"
35 #include "unit-name.h"
38 typedef struct crypto_device
{
46 static const char *arg_dest
= "/tmp";
47 static bool arg_enabled
= true;
48 static bool arg_read_crypttab
= true;
49 static bool arg_whitelist
= false;
50 static Hashmap
*arg_disks
= NULL
;
51 static char *arg_default_options
= NULL
;
52 static char *arg_default_keyfile
= NULL
;
54 static int create_disk(
58 const char *options
) {
60 _cleanup_free_
char *p
= NULL
, *n
= NULL
, *d
= NULL
, *u
= NULL
, *to
= NULL
, *e
= NULL
,
62 _cleanup_fclose_
FILE *f
= NULL
;
63 bool noauto
, nofail
, tmp
, swap
;
70 noauto
= fstab_test_yes_no_option(options
, "noauto\0" "auto\0");
71 nofail
= fstab_test_yes_no_option(options
, "nofail\0" "fail\0");
72 tmp
= fstab_test_option(options
, "tmp\0");
73 swap
= fstab_test_option(options
, "swap\0");
76 log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name
);
80 e
= unit_name_escape(name
);
84 r
= unit_name_build("systemd-cryptsetup", e
, ".service", &n
);
86 return log_error_errno(r
, "Failed to generate unit name: %m");
88 p
= strjoin(arg_dest
, "/", n
, NULL
);
92 u
= fstab_node_to_udev_node(device
);
96 r
= unit_name_from_path(u
, ".device", &d
);
98 return log_error_errno(r
, "Failed to generate unit name: %m");
102 return log_error_errno(errno
, "Failed to create unit file %s: %m", p
);
105 "# Automatically generated by systemd-cryptsetup-generator\n\n"
107 "Description=Cryptography Setup for %I\n"
108 "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
109 "SourcePath=/etc/crypttab\n"
110 "DefaultDependencies=no\n"
111 "Conflicts=umount.target\n"
112 "BindsTo=dev-mapper-%i.device\n"
113 "IgnoreOnIsolate=true\n"
114 "After=cryptsetup-pre.target\n",
119 "Before=cryptsetup.target\n");
122 if (STR_IN_SET(password
, "/dev/urandom", "/dev/random", "/dev/hw_random"))
123 fputs("After=systemd-random-seed.service\n", f
);
124 else if (!streq(password
, "-") && !streq(password
, "none")) {
125 _cleanup_free_
char *uu
;
127 uu
= fstab_node_to_udev_node(password
);
131 if (!path_equal(uu
, "/dev/null")) {
133 if (is_device_path(uu
)) {
134 _cleanup_free_
char *dd
= NULL
;
136 r
= unit_name_from_path(uu
, ".device", &dd
);
138 return log_error_errno(r
, "Failed to generate unit name: %m");
140 fprintf(f
, "After=%1$s\nRequires=%1$s\n", dd
);
142 fprintf(f
, "RequiresMountsFor=%s\n", password
);
147 if (is_device_path(u
))
151 "Before=umount.target\n",
155 "RequiresMountsFor=%s\n",
158 r
= generator_write_timeouts(arg_dest
, device
, name
, options
, &filtered
);
165 "RemainAfterExit=yes\n"
166 "TimeoutSec=0\n" /* the binary handles timeouts anyway */
167 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH
" attach '%s' '%s' '%s' '%s'\n"
168 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH
" detach '%s'\n",
169 name
, u
, strempty(password
), strempty(filtered
),
174 "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
179 "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
182 r
= fflush_and_check(f
);
184 return log_error_errno(r
, "Failed to write file %s: %m", p
);
186 from
= strjoina("../", n
);
190 to
= strjoin(arg_dest
, "/", d
, ".wants/", n
, NULL
);
194 mkdir_parents_label(to
, 0755);
195 if (symlink(from
, to
) < 0)
196 return log_error_errno(errno
, "Failed to create symlink %s: %m", to
);
200 to
= strjoin(arg_dest
, "/cryptsetup.target.requires/", n
, NULL
);
202 to
= strjoin(arg_dest
, "/cryptsetup.target.wants/", n
, NULL
);
206 mkdir_parents_label(to
, 0755);
207 if (symlink(from
, to
) < 0)
208 return log_error_errno(errno
, "Failed to create symlink %s: %m", to
);
212 to
= strjoin(arg_dest
, "/dev-mapper-", e
, ".device.requires/", n
, NULL
);
216 mkdir_parents_label(to
, 0755);
217 if (symlink(from
, to
) < 0)
218 return log_error_errno(errno
, "Failed to create symlink %s: %m", to
);
220 if (!noauto
&& !nofail
) {
221 _cleanup_free_
char *dmname
;
222 dmname
= strjoin("dev-mapper-", e
, ".device", NULL
);
226 r
= write_drop_in(arg_dest
, dmname
, 90, "device-timeout",
227 "# Automatically generated by systemd-cryptsetup-generator \n\n"
228 "[Unit]\nJobTimeoutSec=0");
230 return log_error_errno(r
, "Failed to write device drop-in: %m");
236 static void free_arg_disks(void) {
239 while ((d
= hashmap_steal_first(arg_disks
))) {
247 hashmap_free(arg_disks
);
250 static crypto_device
*get_crypto_device(const char *uuid
) {
256 d
= hashmap_get(arg_disks
, uuid
);
258 d
= new0(struct crypto_device
, 1);
263 d
->keyfile
= d
->options
= d
->name
= NULL
;
265 d
->uuid
= strdup(uuid
);
271 r
= hashmap_put(arg_disks
, d
->uuid
, d
);
282 static int parse_proc_cmdline_item(const char *key
, const char *value
) {
285 _cleanup_free_
char *uuid
= NULL
, *uuid_value
= NULL
;
287 if (STR_IN_SET(key
, "luks", "rd.luks") && value
) {
289 r
= parse_boolean(value
);
291 log_warning("Failed to parse luks switch %s. Ignoring.", value
);
295 } else if (STR_IN_SET(key
, "luks.crypttab", "rd.luks.crypttab") && value
) {
297 r
= parse_boolean(value
);
299 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", value
);
301 arg_read_crypttab
= r
;
303 } else if (STR_IN_SET(key
, "luks.uuid", "rd.luks.uuid") && value
) {
305 d
= get_crypto_device(startswith(value
, "luks-") ? value
+5 : value
);
309 d
->create
= arg_whitelist
= true;
311 } else if (STR_IN_SET(key
, "luks.options", "rd.luks.options") && value
) {
313 r
= sscanf(value
, "%m[0-9a-fA-F-]=%ms", &uuid
, &uuid_value
);
315 d
= get_crypto_device(uuid
);
320 d
->options
= uuid_value
;
322 } else if (free_and_strdup(&arg_default_options
, value
) < 0)
325 } else if (STR_IN_SET(key
, "luks.key", "rd.luks.key") && value
) {
327 r
= sscanf(value
, "%m[0-9a-fA-F-]=%ms", &uuid
, &uuid_value
);
329 d
= get_crypto_device(uuid
);
334 d
->keyfile
= uuid_value
;
336 } else if (free_and_strdup(&arg_default_keyfile
, value
) < 0)
339 } else if (STR_IN_SET(key
, "luks.name", "rd.luks.name") && value
) {
341 r
= sscanf(value
, "%m[0-9a-fA-F-]=%ms", &uuid
, &uuid_value
);
343 d
= get_crypto_device(uuid
);
347 d
->create
= arg_whitelist
= true;
350 d
->name
= uuid_value
;
353 log_warning("Failed to parse luks name switch %s. Ignoring.", value
);
360 static int add_crypttab_devices(void) {
362 unsigned crypttab_line
= 0;
363 _cleanup_fclose_
FILE *f
= NULL
;
365 if (!arg_read_crypttab
)
368 f
= fopen("/etc/crypttab", "re");
371 log_error_errno(errno
, "Failed to open /etc/crypttab: %m");
375 if (fstat(fileno(f
), &st
) < 0) {
376 log_error_errno(errno
, "Failed to stat /etc/crypttab: %m");
382 char line
[LINE_MAX
], *l
, *uuid
;
383 crypto_device
*d
= NULL
;
384 _cleanup_free_
char *name
= NULL
, *device
= NULL
, *keyfile
= NULL
, *options
= NULL
;
386 if (!fgets(line
, sizeof(line
), f
))
392 if (*l
== '#' || *l
== 0)
395 k
= sscanf(l
, "%ms %ms %ms %ms", &name
, &device
, &keyfile
, &options
);
396 if (k
< 2 || k
> 4) {
397 log_error("Failed to parse /etc/crypttab:%u, ignoring.", crypttab_line
);
401 uuid
= startswith(device
, "UUID=");
403 uuid
= path_startswith(device
, "/dev/disk/by-uuid/");
405 uuid
= startswith(name
, "luks-");
407 d
= hashmap_get(arg_disks
, uuid
);
409 if (arg_whitelist
&& !d
) {
410 log_info("Not creating device '%s' because it was not specified on the kernel command line.", name
);
414 r
= create_disk(name
, device
, keyfile
, (d
&& d
->options
) ? d
->options
: options
);
425 static int add_proc_cmdline_devices(void) {
430 HASHMAP_FOREACH(d
, arg_disks
, i
) {
432 _cleanup_free_
char *device
= NULL
;
438 d
->name
= strappend("luks-", d
->uuid
);
443 device
= strappend("UUID=", d
->uuid
);
448 options
= d
->options
;
449 else if (arg_default_options
)
450 options
= arg_default_options
;
452 options
= "timeout=0";
454 r
= create_disk(d
->name
, device
, d
->keyfile
?: arg_default_keyfile
, options
);
462 int main(int argc
, char *argv
[]) {
463 int r
= EXIT_FAILURE
;
465 if (argc
> 1 && argc
!= 4) {
466 log_error("This program takes three or no arguments.");
473 log_set_target(LOG_TARGET_SAFE
);
474 log_parse_environment();
479 arg_disks
= hashmap_new(&string_hash_ops
);
483 r
= parse_proc_cmdline(parse_proc_cmdline_item
);
485 log_warning_errno(r
, "Failed to parse kernel command line, ignoring: %m");
494 if (add_crypttab_devices() < 0)
497 if (add_proc_cmdline_devices() < 0)
504 free(arg_default_options
);
505 free(arg_default_keyfile
);