]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/cryptsetup/cryptsetup-generator.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24 #include "alloc-util.h"
28 #include "fstab-util.h"
29 #include "generator.h"
33 #include "parse-util.h"
34 #include "path-util.h"
35 #include "proc-cmdline.h"
36 #include "string-util.h"
38 #include "unit-name.h"
41 typedef struct crypto_device
{
49 static const char *arg_dest
= "/tmp";
50 static bool arg_enabled
= true;
51 static bool arg_read_crypttab
= true;
52 static bool arg_whitelist
= false;
53 static Hashmap
*arg_disks
= NULL
;
54 static char *arg_default_options
= NULL
;
55 static char *arg_default_keyfile
= NULL
;
57 static int create_disk(
61 const char *options
) {
63 _cleanup_free_
char *p
= NULL
, *n
= NULL
, *d
= NULL
, *u
= NULL
, *to
= NULL
, *e
= NULL
,
65 _cleanup_fclose_
FILE *f
= NULL
;
66 bool noauto
, nofail
, tmp
, swap
;
73 noauto
= fstab_test_yes_no_option(options
, "noauto\0" "auto\0");
74 nofail
= fstab_test_yes_no_option(options
, "nofail\0" "fail\0");
75 tmp
= fstab_test_option(options
, "tmp\0");
76 swap
= fstab_test_option(options
, "swap\0");
79 log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name
);
83 e
= unit_name_escape(name
);
87 r
= unit_name_build("systemd-cryptsetup", e
, ".service", &n
);
89 return log_error_errno(r
, "Failed to generate unit name: %m");
91 p
= strjoin(arg_dest
, "/", n
, NULL
);
95 u
= fstab_node_to_udev_node(device
);
99 r
= unit_name_from_path(u
, ".device", &d
);
101 return log_error_errno(r
, "Failed to generate unit name: %m");
105 return log_error_errno(errno
, "Failed to create unit file %s: %m", p
);
108 "# Automatically generated by systemd-cryptsetup-generator\n\n"
110 "Description=Cryptography Setup for %I\n"
111 "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
112 "SourcePath=/etc/crypttab\n"
113 "DefaultDependencies=no\n"
114 "Conflicts=umount.target\n"
115 "BindsTo=dev-mapper-%i.device\n"
116 "IgnoreOnIsolate=true\n"
117 "After=cryptsetup-pre.target\n",
122 "Before=cryptsetup.target\n");
125 if (STR_IN_SET(password
, "/dev/urandom", "/dev/random", "/dev/hw_random"))
126 fputs("After=systemd-random-seed.service\n", f
);
127 else if (!streq(password
, "-") && !streq(password
, "none")) {
128 _cleanup_free_
char *uu
;
130 uu
= fstab_node_to_udev_node(password
);
134 if (!path_equal(uu
, "/dev/null")) {
136 if (is_device_path(uu
)) {
137 _cleanup_free_
char *dd
= NULL
;
139 r
= unit_name_from_path(uu
, ".device", &dd
);
141 return log_error_errno(r
, "Failed to generate unit name: %m");
143 fprintf(f
, "After=%1$s\nRequires=%1$s\n", dd
);
145 fprintf(f
, "RequiresMountsFor=%s\n", password
);
150 if (is_device_path(u
))
154 "Before=umount.target\n",
158 "RequiresMountsFor=%s\n",
161 r
= generator_write_timeouts(arg_dest
, device
, name
, options
, &filtered
);
168 "RemainAfterExit=yes\n"
169 "TimeoutSec=0\n" /* the binary handles timeouts anyway */
170 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH
" attach '%s' '%s' '%s' '%s'\n"
171 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH
" detach '%s'\n",
172 name
, u
, strempty(password
), strempty(filtered
),
177 "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
182 "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
185 r
= fflush_and_check(f
);
187 return log_error_errno(r
, "Failed to write file %s: %m", p
);
189 from
= strjoina("../", n
);
193 to
= strjoin(arg_dest
, "/", d
, ".wants/", n
, NULL
);
197 mkdir_parents_label(to
, 0755);
198 if (symlink(from
, to
) < 0)
199 return log_error_errno(errno
, "Failed to create symlink %s: %m", to
);
203 to
= strjoin(arg_dest
, "/cryptsetup.target.requires/", n
, NULL
);
205 to
= strjoin(arg_dest
, "/cryptsetup.target.wants/", n
, NULL
);
209 mkdir_parents_label(to
, 0755);
210 if (symlink(from
, to
) < 0)
211 return log_error_errno(errno
, "Failed to create symlink %s: %m", to
);
215 to
= strjoin(arg_dest
, "/dev-mapper-", e
, ".device.requires/", n
, NULL
);
219 mkdir_parents_label(to
, 0755);
220 if (symlink(from
, to
) < 0)
221 return log_error_errno(errno
, "Failed to create symlink %s: %m", to
);
223 if (!noauto
&& !nofail
) {
224 _cleanup_free_
char *dmname
;
225 dmname
= strjoin("dev-mapper-", e
, ".device", NULL
);
229 r
= write_drop_in(arg_dest
, dmname
, 90, "device-timeout",
230 "# Automatically generated by systemd-cryptsetup-generator \n\n"
231 "[Unit]\nJobTimeoutSec=0");
233 return log_error_errno(r
, "Failed to write device drop-in: %m");
239 static void free_arg_disks(void) {
242 while ((d
= hashmap_steal_first(arg_disks
))) {
250 hashmap_free(arg_disks
);
253 static crypto_device
*get_crypto_device(const char *uuid
) {
259 d
= hashmap_get(arg_disks
, uuid
);
261 d
= new0(struct crypto_device
, 1);
266 d
->keyfile
= d
->options
= d
->name
= NULL
;
268 d
->uuid
= strdup(uuid
);
274 r
= hashmap_put(arg_disks
, d
->uuid
, d
);
285 static int parse_proc_cmdline_item(const char *key
, const char *value
) {
288 _cleanup_free_
char *uuid
= NULL
, *uuid_value
= NULL
;
290 if (STR_IN_SET(key
, "luks", "rd.luks") && value
) {
292 r
= parse_boolean(value
);
294 log_warning("Failed to parse luks switch %s. Ignoring.", value
);
298 } else if (STR_IN_SET(key
, "luks.crypttab", "rd.luks.crypttab") && value
) {
300 r
= parse_boolean(value
);
302 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", value
);
304 arg_read_crypttab
= r
;
306 } else if (STR_IN_SET(key
, "luks.uuid", "rd.luks.uuid") && value
) {
308 d
= get_crypto_device(startswith(value
, "luks-") ? value
+5 : value
);
312 d
->create
= arg_whitelist
= true;
314 } else if (STR_IN_SET(key
, "luks.options", "rd.luks.options") && value
) {
316 r
= sscanf(value
, "%m[0-9a-fA-F-]=%ms", &uuid
, &uuid_value
);
318 d
= get_crypto_device(uuid
);
323 d
->options
= uuid_value
;
325 } else if (free_and_strdup(&arg_default_options
, value
) < 0)
328 } else if (STR_IN_SET(key
, "luks.key", "rd.luks.key") && value
) {
330 r
= sscanf(value
, "%m[0-9a-fA-F-]=%ms", &uuid
, &uuid_value
);
332 d
= get_crypto_device(uuid
);
337 d
->keyfile
= uuid_value
;
339 } else if (free_and_strdup(&arg_default_keyfile
, value
) < 0)
342 } else if (STR_IN_SET(key
, "luks.name", "rd.luks.name") && value
) {
344 r
= sscanf(value
, "%m[0-9a-fA-F-]=%ms", &uuid
, &uuid_value
);
346 d
= get_crypto_device(uuid
);
350 d
->create
= arg_whitelist
= true;
353 d
->name
= uuid_value
;
356 log_warning("Failed to parse luks name switch %s. Ignoring.", value
);
363 static int add_crypttab_devices(void) {
365 unsigned crypttab_line
= 0;
366 _cleanup_fclose_
FILE *f
= NULL
;
368 if (!arg_read_crypttab
)
371 f
= fopen("/etc/crypttab", "re");
374 log_error_errno(errno
, "Failed to open /etc/crypttab: %m");
378 if (fstat(fileno(f
), &st
) < 0) {
379 log_error_errno(errno
, "Failed to stat /etc/crypttab: %m");
385 char line
[LINE_MAX
], *l
, *uuid
;
386 crypto_device
*d
= NULL
;
387 _cleanup_free_
char *name
= NULL
, *device
= NULL
, *keyfile
= NULL
, *options
= NULL
;
389 if (!fgets(line
, sizeof(line
), f
))
395 if (*l
== '#' || *l
== 0)
398 k
= sscanf(l
, "%ms %ms %ms %ms", &name
, &device
, &keyfile
, &options
);
399 if (k
< 2 || k
> 4) {
400 log_error("Failed to parse /etc/crypttab:%u, ignoring.", crypttab_line
);
404 uuid
= startswith(device
, "UUID=");
406 uuid
= path_startswith(device
, "/dev/disk/by-uuid/");
408 uuid
= startswith(name
, "luks-");
410 d
= hashmap_get(arg_disks
, uuid
);
412 if (arg_whitelist
&& !d
) {
413 log_info("Not creating device '%s' because it was not specified on the kernel command line.", name
);
417 r
= create_disk(name
, device
, keyfile
, (d
&& d
->options
) ? d
->options
: options
);
428 static int add_proc_cmdline_devices(void) {
433 HASHMAP_FOREACH(d
, arg_disks
, i
) {
435 _cleanup_free_
char *device
= NULL
;
441 d
->name
= strappend("luks-", d
->uuid
);
446 device
= strappend("UUID=", d
->uuid
);
451 options
= d
->options
;
452 else if (arg_default_options
)
453 options
= arg_default_options
;
455 options
= "timeout=0";
457 r
= create_disk(d
->name
, device
, d
->keyfile
?: arg_default_keyfile
, options
);
465 int main(int argc
, char *argv
[]) {
466 int r
= EXIT_FAILURE
;
468 if (argc
> 1 && argc
!= 4) {
469 log_error("This program takes three or no arguments.");
476 log_set_target(LOG_TARGET_SAFE
);
477 log_parse_environment();
482 arg_disks
= hashmap_new(&string_hash_ops
);
486 r
= parse_proc_cmdline(parse_proc_cmdline_item
);
488 log_warning_errno(r
, "Failed to parse kernel command line, ignoring: %m");
497 if (add_crypttab_devices() < 0)
500 if (add_proc_cmdline_devices() < 0)
507 free(arg_default_options
);
508 free(arg_default_keyfile
);