From: Jan Janssen Date: Fri, 18 Feb 2022 18:38:09 +0000 (+0100) Subject: generator: Rename password arg X-Git-Tag: v251-rc1~259 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b7de9651db7bdbb42befa653791980daa50448bb;p=thirdparty%2Fsystemd.git generator: Rename password arg This function does not expect a password, but a key file path. The cryptsetup helper binary even calls it that. No Code changes. Follow up on: 6e41f4dd916293f35d7d35cea7eed1807d7ea771 Fixes: https://github.com/systemd/systemd/security/code-scanning/81 --- diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c index 98c8408da54..8f5ad67f48e 100644 --- a/src/cryptsetup/cryptsetup-generator.c +++ b/src/cryptsetup/cryptsetup-generator.c @@ -277,7 +277,7 @@ static int print_dependencies(FILE *f, const char* device_path) { static int create_disk( const char *name, const char *device, - const char *password, + const char *key_file, const char *keydev, const char *headerdev, const char *options, @@ -285,7 +285,7 @@ static int create_disk( _cleanup_free_ char *n = NULL, *d = NULL, *u = NULL, *e = NULL, *keydev_mount = NULL, *keyfile_timeout_value = NULL, - *filtered = NULL, *u_escaped = NULL, *name_escaped = NULL, *header_path = NULL, *password_buffer = NULL, + *filtered = NULL, *u_escaped = NULL, *name_escaped = NULL, *header_path = NULL, *key_file_buffer = NULL, *tmp_fstype = NULL, *filtered_header = NULL, *headerdev_mount = NULL; _cleanup_fclose_ FILE *f = NULL; const char *dmname; @@ -350,9 +350,9 @@ static int create_disk( if (r < 0) return log_error_errno(r, "Failed to generate unit name: %m"); - if (keydev && !password) + if (keydev && !key_file) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Key device is specified, but path to the password file is missing."); + "Key device is specified, but path to the key file is missing."); r = generator_open_unit_file(arg_dest, NULL, n, &f); if (r < 0) @@ -388,11 +388,11 @@ static int create_disk( if (r < 0) return log_error_errno(r, "Failed to generate keydev umount unit: %m"); - password_buffer = path_join(keydev_mount, password); - if (!password_buffer) + key_file_buffer = path_join(keydev_mount, key_file); + if (!key_file_buffer) return log_oom(); - password = password_buffer; + key_file = key_file_buffer; fprintf(f, "After=%s\n", unit); if (keyfile_can_timeout > 0) @@ -462,8 +462,8 @@ static int create_disk( "Before=%s\n", netdev ? "remote-cryptsetup.target" : "cryptsetup.target"); - if (password && !keydev) { - r = print_dependencies(f, password); + if (key_file && !keydev) { + r = print_dependencies(f, key_file); if (r < 0) return r; } @@ -495,7 +495,7 @@ static int create_disk( if (r < 0) log_warning_errno(r, "Failed to write device timeout drop-in: %m"); - r = generator_write_cryptsetup_service_section(f, name, u, password, filtered); + r = generator_write_cryptsetup_service_section(f, name, u, key_file, filtered); if (r < 0) return r; diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 250a8314f65..746d428a9bd 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -1639,7 +1639,7 @@ static int help(void) { if (r < 0) return log_oom(); - printf("%s attach VOLUME SOURCEDEVICE [PASSWORD] [OPTIONS]\n" + printf("%s attach VOLUME SOURCEDEVICE [KEY-FILE] [OPTIONS]\n" "%s detach VOLUME\n\n" "Attaches or detaches an encrypted block device.\n" "\nSee the %s for details.\n", @@ -1721,7 +1721,7 @@ static int run(int argc, char *argv[]) { unsigned tries; usec_t until; - /* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [PASSWORD] [OPTIONS] */ + /* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [KEY-FILE] [OPTIONS] */ if (argc < 4) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach requires at least two arguments."); diff --git a/src/shared/generator.c b/src/shared/generator.c index 014b34747db..ca66673d841 100644 --- a/src/shared/generator.c +++ b/src/shared/generator.c @@ -616,10 +616,10 @@ int generator_write_cryptsetup_service_section( FILE *f, const char *name, const char *what, - const char *password, + const char *key_file, const char *options) { - _cleanup_free_ char *name_escaped = NULL, *what_escaped = NULL, *password_escaped = NULL, *options_escaped = NULL; + _cleanup_free_ char *name_escaped = NULL, *what_escaped = NULL, *key_file_escaped = NULL, *options_escaped = NULL; assert(f); assert(name); @@ -633,9 +633,9 @@ int generator_write_cryptsetup_service_section( if (!what_escaped) return log_oom(); - if (password) { - password_escaped = specifier_escape(password); - if (!password_escaped) + if (key_file) { + key_file_escaped = specifier_escape(key_file); + if (!key_file_escaped) return log_oom(); } @@ -655,7 +655,7 @@ int generator_write_cryptsetup_service_section( "OOMScoreAdjust=500\n" /* Unlocking can allocate a lot of memory if Argon2 is used */ "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n" "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n", - name_escaped, what_escaped, strempty(password_escaped), strempty(options_escaped), + name_escaped, what_escaped, strempty(key_file_escaped), strempty(options_escaped), name_escaped); return 0;