2017-11-18 17:09:20 +01:00
|
|
|
/* SPDX-License-Identifier: LGPL-2.1+ */
|
2010-11-08 05:02:45 +01:00
|
|
|
|
|
|
|
#include <errno.h>
|
2019-03-27 11:32:41 +01:00
|
|
|
#include <fcntl.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/types.h>
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2015-10-27 03:01:06 +01:00
|
|
|
#include "alloc-util.h"
|
2014-12-02 18:49:28 +01:00
|
|
|
#include "dropin.h"
|
2018-09-04 20:03:34 +02:00
|
|
|
#include "escape.h"
|
2015-10-25 13:14:12 +01:00
|
|
|
#include "fd-util.h"
|
2015-10-26 18:05:03 +01:00
|
|
|
#include "fileio.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "fstab-util.h"
|
2014-12-02 18:49:28 +01:00
|
|
|
#include "generator.h"
|
|
|
|
#include "hashmap.h"
|
2018-09-04 20:03:34 +02:00
|
|
|
#include "id128-util.h"
|
2010-11-08 05:02:45 +01:00
|
|
|
#include "log.h"
|
2012-04-10 21:54:31 +02:00
|
|
|
#include "mkdir.h"
|
2015-10-26 16:18:16 +01:00
|
|
|
#include "parse-util.h"
|
2014-06-23 19:18:44 +02:00
|
|
|
#include "path-util.h"
|
2015-10-27 00:06:29 +01:00
|
|
|
#include "proc-cmdline.h"
|
2017-11-21 20:09:31 +01:00
|
|
|
#include "specifier.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "string-util.h"
|
2014-12-02 18:49:28 +01:00
|
|
|
#include "strv.h"
|
|
|
|
#include "unit-name.h"
|
|
|
|
#include "util.h"
|
|
|
|
|
|
|
|
typedef struct crypto_device {
|
|
|
|
char *uuid;
|
2014-12-02 18:49:29 +01:00
|
|
|
char *keyfile;
|
2018-08-30 10:45:11 +02:00
|
|
|
char *keydev;
|
2014-12-02 18:49:30 +01:00
|
|
|
char *name;
|
2014-12-02 18:49:28 +01:00
|
|
|
char *options;
|
|
|
|
bool create;
|
|
|
|
} crypto_device;
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2018-12-04 11:49:42 +01:00
|
|
|
static const char *arg_dest = NULL;
|
2012-06-22 10:11:06 +02:00
|
|
|
static bool arg_enabled = true;
|
|
|
|
static bool arg_read_crypttab = true;
|
2014-12-02 18:49:28 +01:00
|
|
|
static bool arg_whitelist = false;
|
|
|
|
static Hashmap *arg_disks = NULL;
|
|
|
|
static char *arg_default_options = NULL;
|
|
|
|
static char *arg_default_keyfile = NULL;
|
2014-02-16 00:08:59 +01:00
|
|
|
|
2018-11-25 16:19:08 +01:00
|
|
|
STATIC_DESTRUCTOR_REGISTER(arg_disks, hashmap_freep);
|
|
|
|
STATIC_DESTRUCTOR_REGISTER(arg_default_options, freep);
|
|
|
|
STATIC_DESTRUCTOR_REGISTER(arg_default_keyfile, freep);
|
|
|
|
|
2018-08-30 10:45:11 +02:00
|
|
|
static int generate_keydev_mount(const char *name, const char *keydev, char **unit, char **mount) {
|
2018-09-04 20:03:34 +02:00
|
|
|
_cleanup_free_ char *u = NULL, *what = NULL, *where = NULL, *name_escaped = NULL;
|
2018-08-30 10:45:11 +02:00
|
|
|
_cleanup_fclose_ FILE *f = NULL;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(name);
|
|
|
|
assert(keydev);
|
|
|
|
assert(unit);
|
|
|
|
assert(mount);
|
|
|
|
|
|
|
|
r = mkdir_parents("/run/systemd/cryptsetup", 0755);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
r = mkdir("/run/systemd/cryptsetup", 0700);
|
2018-09-04 19:51:14 +02:00
|
|
|
if (r < 0 && errno != EEXIST)
|
|
|
|
return -errno;
|
2018-08-30 10:45:11 +02:00
|
|
|
|
2018-09-04 20:03:34 +02:00
|
|
|
name_escaped = cescape(name);
|
|
|
|
if (!name_escaped)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
where = strjoin("/run/systemd/cryptsetup/keydev-", name_escaped);
|
2018-08-30 10:45:11 +02:00
|
|
|
if (!where)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
r = mkdir(where, 0700);
|
2018-09-04 19:51:14 +02:00
|
|
|
if (r < 0 && errno != EEXIST)
|
|
|
|
return -errno;
|
2018-08-30 10:45:11 +02:00
|
|
|
|
|
|
|
r = unit_name_from_path(where, ".mount", &u);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
r = generator_open_unit_file(arg_dest, NULL, u, &f);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
what = fstab_node_to_udev_node(keydev);
|
|
|
|
if (!what)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
fprintf(f,
|
|
|
|
"[Unit]\n"
|
|
|
|
"DefaultDependencies=no\n\n"
|
|
|
|
"[Mount]\n"
|
|
|
|
"What=%s\n"
|
|
|
|
"Where=%s\n"
|
|
|
|
"Options=ro\n", what, where);
|
|
|
|
|
|
|
|
r = fflush_and_check(f);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
*unit = TAKE_PTR(u);
|
|
|
|
*mount = TAKE_PTR(where);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2010-11-08 05:02:45 +01:00
|
|
|
static int create_disk(
|
|
|
|
const char *name,
|
|
|
|
const char *device,
|
2018-08-30 10:45:11 +02:00
|
|
|
const char *keydev,
|
2010-11-08 05:02:45 +01:00
|
|
|
const char *password,
|
|
|
|
const char *options) {
|
|
|
|
|
2017-12-09 19:23:26 +01:00
|
|
|
_cleanup_free_ char *n = NULL, *d = NULL, *u = NULL, *e = NULL,
|
2018-08-30 10:45:11 +02:00
|
|
|
*filtered = NULL, *u_escaped = NULL, *password_escaped = NULL, *filtered_escaped = NULL, *name_escaped = NULL, *keydev_mount = NULL;
|
2013-04-18 09:11:22 +02:00
|
|
|
_cleanup_fclose_ FILE *f = NULL;
|
2017-07-10 05:31:47 +02:00
|
|
|
const char *dmname;
|
2017-09-05 11:30:33 +02:00
|
|
|
bool noauto, nofail, tmp, swap, netdev;
|
2014-03-06 02:26:52 +01:00
|
|
|
int r;
|
2010-11-08 05:02:45 +01:00
|
|
|
|
|
|
|
assert(name);
|
|
|
|
assert(device);
|
|
|
|
|
2015-01-11 06:04:00 +01:00
|
|
|
noauto = fstab_test_yes_no_option(options, "noauto\0" "auto\0");
|
|
|
|
nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0");
|
2015-01-11 05:06:52 +01:00
|
|
|
tmp = fstab_test_option(options, "tmp\0");
|
|
|
|
swap = fstab_test_option(options, "swap\0");
|
2017-09-05 11:30:33 +02:00
|
|
|
netdev = fstab_test_option(options, "_netdev\0");
|
2013-08-15 02:47:59 +02:00
|
|
|
|
2018-11-20 23:40:44 +01:00
|
|
|
if (tmp && swap)
|
|
|
|
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
|
|
|
"Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.",
|
|
|
|
name);
|
2011-04-20 00:45:22 +02:00
|
|
|
|
2017-11-21 20:09:31 +01:00
|
|
|
name_escaped = specifier_escape(name);
|
|
|
|
if (!name_escaped)
|
|
|
|
return log_oom();
|
|
|
|
|
2014-03-06 02:26:52 +01:00
|
|
|
e = unit_name_escape(name);
|
|
|
|
if (!e)
|
|
|
|
return log_oom();
|
|
|
|
|
2012-05-21 17:22:36 +02:00
|
|
|
u = fstab_node_to_udev_node(device);
|
2013-03-08 10:50:33 +01:00
|
|
|
if (!u)
|
|
|
|
return log_oom();
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2017-12-09 19:23:26 +01:00
|
|
|
r = unit_name_build("systemd-cryptsetup", e, ".service", &n);
|
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Failed to generate unit name: %m");
|
|
|
|
|
2017-11-21 20:09:31 +01:00
|
|
|
u_escaped = specifier_escape(u);
|
|
|
|
if (!u_escaped)
|
|
|
|
return log_oom();
|
|
|
|
|
2015-04-30 20:21:00 +02:00
|
|
|
r = unit_name_from_path(u, ".device", &d);
|
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Failed to generate unit name: %m");
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2017-12-27 12:43:31 +01:00
|
|
|
if (password) {
|
|
|
|
password_escaped = specifier_escape(password);
|
|
|
|
if (!password_escaped)
|
|
|
|
return log_oom();
|
|
|
|
}
|
2017-11-21 20:09:31 +01:00
|
|
|
|
2018-11-20 23:40:44 +01:00
|
|
|
if (keydev && !password)
|
|
|
|
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
|
|
|
"Key device is specified, but path to the password file is missing.");
|
2018-08-30 10:45:11 +02:00
|
|
|
|
2017-12-09 19:23:26 +01:00
|
|
|
r = generator_open_unit_file(arg_dest, NULL, n, &f);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2017-12-11 19:50:30 +01:00
|
|
|
|
2017-09-05 11:30:33 +02:00
|
|
|
fprintf(f,
|
|
|
|
"[Unit]\n"
|
|
|
|
"Description=Cryptography Setup for %%I\n"
|
|
|
|
"Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
|
|
|
|
"SourcePath=/etc/crypttab\n"
|
|
|
|
"DefaultDependencies=no\n"
|
|
|
|
"Conflicts=umount.target\n"
|
|
|
|
"IgnoreOnIsolate=true\n"
|
|
|
|
"After=%s\n",
|
2017-10-12 22:34:54 +02:00
|
|
|
netdev ? "remote-fs-pre.target" : "cryptsetup-pre.target");
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2018-08-30 10:45:11 +02:00
|
|
|
if (keydev) {
|
|
|
|
_cleanup_free_ char *unit = NULL, *p = NULL;
|
|
|
|
|
|
|
|
r = generate_keydev_mount(name, keydev, &unit, &keydev_mount);
|
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Failed to generate keydev mount unit: %m");
|
|
|
|
|
|
|
|
p = prefix_root(keydev_mount, password_escaped);
|
|
|
|
if (!p)
|
|
|
|
return log_oom();
|
|
|
|
|
|
|
|
free_and_replace(password_escaped, p);
|
|
|
|
}
|
|
|
|
|
2011-04-20 00:45:22 +02:00
|
|
|
if (!nofail)
|
|
|
|
fprintf(f,
|
2017-09-05 11:30:33 +02:00
|
|
|
"Before=%s\n",
|
|
|
|
netdev ? "remote-cryptsetup.target" : "cryptsetup.target");
|
2011-04-20 00:45:22 +02:00
|
|
|
|
2013-03-29 23:01:12 +01:00
|
|
|
if (password) {
|
2018-10-05 22:39:02 +02:00
|
|
|
if (PATH_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
|
2017-12-11 19:50:30 +01:00
|
|
|
fputs("After=systemd-random-seed.service\n", f);
|
2017-07-10 05:31:47 +02:00
|
|
|
else if (!STR_IN_SET(password, "-", "none")) {
|
2014-03-06 02:26:52 +01:00
|
|
|
_cleanup_free_ char *uu;
|
|
|
|
|
|
|
|
uu = fstab_node_to_udev_node(password);
|
|
|
|
if (!uu)
|
2014-02-08 18:54:58 +01:00
|
|
|
return log_oom();
|
|
|
|
|
2014-06-23 19:18:44 +02:00
|
|
|
if (!path_equal(uu, "/dev/null")) {
|
2014-03-06 02:26:52 +01:00
|
|
|
|
2017-09-04 15:36:52 +02:00
|
|
|
if (path_startswith(uu, "/dev/")) {
|
2015-04-30 20:21:00 +02:00
|
|
|
_cleanup_free_ char *dd = NULL;
|
2014-02-08 18:54:58 +01:00
|
|
|
|
2015-04-30 20:21:00 +02:00
|
|
|
r = unit_name_from_path(uu, ".device", &dd);
|
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Failed to generate unit name: %m");
|
2014-06-23 19:18:44 +02:00
|
|
|
|
|
|
|
fprintf(f, "After=%1$s\nRequires=%1$s\n", dd);
|
|
|
|
} else
|
2017-11-21 20:09:31 +01:00
|
|
|
fprintf(f, "RequiresMountsFor=%s\n", password_escaped);
|
2014-06-23 19:18:44 +02:00
|
|
|
}
|
2014-02-08 18:54:58 +01:00
|
|
|
}
|
2013-03-29 23:01:12 +01:00
|
|
|
}
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2017-09-04 15:36:52 +02:00
|
|
|
if (path_startswith(u, "/dev/")) {
|
2013-03-29 23:01:11 +01:00
|
|
|
fprintf(f,
|
|
|
|
"BindsTo=%s\n"
|
|
|
|
"After=%s\n"
|
|
|
|
"Before=umount.target\n",
|
|
|
|
d, d);
|
2017-02-28 21:30:22 +01:00
|
|
|
|
|
|
|
if (swap)
|
2017-12-11 19:50:30 +01:00
|
|
|
fputs("Before=dev-mapper-%i.swap\n",
|
|
|
|
f);
|
2017-02-28 21:30:22 +01:00
|
|
|
} else
|
2018-06-26 19:41:30 +02:00
|
|
|
/* For loopback devices, add systemd-tmpfiles-setup-dev.service
|
|
|
|
dependency to ensure that loopback support is available in
|
|
|
|
the kernel (/dev/loop-control needs to exist) */
|
2013-03-29 23:01:11 +01:00
|
|
|
fprintf(f,
|
2018-06-26 19:41:30 +02:00
|
|
|
"RequiresMountsFor=%s\n"
|
|
|
|
"Requires=systemd-tmpfiles-setup-dev.service\n"
|
|
|
|
"After=systemd-tmpfiles-setup-dev.service\n",
|
2017-11-21 20:09:31 +01:00
|
|
|
u_escaped);
|
|
|
|
|
2014-07-01 00:41:17 +02:00
|
|
|
r = generator_write_timeouts(arg_dest, device, name, options, &filtered);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
2017-12-27 12:43:31 +01:00
|
|
|
if (filtered) {
|
|
|
|
filtered_escaped = specifier_escape(filtered);
|
|
|
|
if (!filtered_escaped)
|
|
|
|
return log_oom();
|
|
|
|
}
|
2017-11-21 20:09:31 +01:00
|
|
|
|
2010-11-08 05:02:45 +01:00
|
|
|
fprintf(f,
|
|
|
|
"\n[Service]\n"
|
|
|
|
"Type=oneshot\n"
|
|
|
|
"RemainAfterExit=yes\n"
|
2011-04-14 02:36:02 +02:00
|
|
|
"TimeoutSec=0\n" /* the binary handles timeouts anyway */
|
2017-09-14 21:23:56 +02:00
|
|
|
"KeyringMode=shared\n" /* make sure we can share cached keys among instances */
|
2019-03-27 09:27:21 +01:00
|
|
|
"OOMScoreAdjust=500\n" /* unlocking can allocate a lot of memory if Argon2 is used */
|
2010-11-14 01:53:46 +01:00
|
|
|
"ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
|
2010-11-12 00:39:17 +01:00
|
|
|
"ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
|
2017-11-21 20:09:31 +01:00
|
|
|
name_escaped, u_escaped, strempty(password_escaped), strempty(filtered_escaped),
|
|
|
|
name_escaped);
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2013-08-15 02:47:59 +02:00
|
|
|
if (tmp)
|
2010-11-08 05:02:45 +01:00
|
|
|
fprintf(f,
|
2011-04-13 22:22:10 +02:00
|
|
|
"ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
|
2017-11-21 20:09:31 +01:00
|
|
|
name_escaped);
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2013-08-15 02:47:59 +02:00
|
|
|
if (swap)
|
2010-11-08 05:02:45 +01:00
|
|
|
fprintf(f,
|
2011-04-13 22:22:10 +02:00
|
|
|
"ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
|
2017-11-21 20:09:31 +01:00
|
|
|
name_escaped);
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2018-08-30 10:45:11 +02:00
|
|
|
if (keydev)
|
|
|
|
fprintf(f,
|
|
|
|
"ExecStartPost=" UMOUNT_PATH " %s\n\n",
|
|
|
|
keydev_mount);
|
|
|
|
|
2015-05-17 00:11:12 +02:00
|
|
|
r = fflush_and_check(f);
|
|
|
|
if (r < 0)
|
2017-12-09 19:23:26 +01:00
|
|
|
return log_error_errno(r, "Failed to write unit file %s: %m", n);
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2011-04-20 00:45:22 +02:00
|
|
|
if (!noauto) {
|
2017-09-05 11:30:33 +02:00
|
|
|
r = generator_add_symlink(arg_dest,
|
|
|
|
netdev ? "remote-cryptsetup.target" : "cryptsetup.target",
|
2017-07-10 05:31:47 +02:00
|
|
|
nofail ? "wants" : "requires", n);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2012-05-21 17:22:36 +02:00
|
|
|
}
|
2010-11-12 03:04:10 +01:00
|
|
|
|
2017-07-10 05:31:47 +02:00
|
|
|
dmname = strjoina("dev-mapper-", e, ".device");
|
|
|
|
r = generator_add_symlink(arg_dest, dmname, "requires", n);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2010-11-12 03:04:10 +01:00
|
|
|
|
2013-03-01 15:13:43 +01:00
|
|
|
if (!noauto && !nofail) {
|
2014-09-28 03:05:41 +02:00
|
|
|
r = write_drop_in(arg_dest, dmname, 90, "device-timeout",
|
2014-07-01 00:41:17 +02:00
|
|
|
"# Automatically generated by systemd-cryptsetup-generator \n\n"
|
|
|
|
"[Unit]\nJobTimeoutSec=0");
|
2014-11-28 18:23:20 +01:00
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Failed to write device drop-in: %m");
|
2013-03-01 15:13:43 +01:00
|
|
|
}
|
|
|
|
|
2013-03-08 10:50:33 +01:00
|
|
|
return 0;
|
2010-11-08 05:02:45 +01:00
|
|
|
}
|
|
|
|
|
2018-11-25 16:19:08 +01:00
|
|
|
static crypto_device* crypt_device_free(crypto_device *d) {
|
|
|
|
if (!d)
|
|
|
|
return NULL;
|
|
|
|
|
2017-11-28 12:37:51 +01:00
|
|
|
free(d->uuid);
|
|
|
|
free(d->keyfile);
|
2018-08-30 10:45:11 +02:00
|
|
|
free(d->keydev);
|
2017-11-28 12:37:51 +01:00
|
|
|
free(d->name);
|
|
|
|
free(d->options);
|
2018-11-25 16:19:08 +01:00
|
|
|
return mfree(d);
|
2014-12-02 18:49:28 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
static crypto_device *get_crypto_device(const char *uuid) {
|
|
|
|
int r;
|
|
|
|
crypto_device *d;
|
|
|
|
|
|
|
|
assert(uuid);
|
|
|
|
|
|
|
|
d = hashmap_get(arg_disks, uuid);
|
|
|
|
if (!d) {
|
|
|
|
d = new0(struct crypto_device, 1);
|
|
|
|
if (!d)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
d->create = false;
|
2014-12-02 18:49:30 +01:00
|
|
|
d->keyfile = d->options = d->name = NULL;
|
2014-12-02 18:49:28 +01:00
|
|
|
|
|
|
|
d->uuid = strdup(uuid);
|
2016-10-17 00:28:30 +02:00
|
|
|
if (!d->uuid)
|
|
|
|
return mfree(d);
|
2014-12-02 18:49:28 +01:00
|
|
|
|
|
|
|
r = hashmap_put(arg_disks, d->uuid, d);
|
|
|
|
if (r < 0) {
|
|
|
|
free(d->uuid);
|
2016-10-17 00:28:30 +02:00
|
|
|
return mfree(d);
|
2014-12-02 18:49:28 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return d;
|
|
|
|
}
|
|
|
|
|
2016-10-22 20:24:52 +02:00
|
|
|
static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
|
2014-12-02 18:49:28 +01:00
|
|
|
_cleanup_free_ char *uuid = NULL, *uuid_value = NULL;
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
crypto_device *d;
|
|
|
|
int r;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
if (streq(key, "luks")) {
|
2014-03-06 17:05:55 +01:00
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
r = value ? parse_boolean(value) : 1;
|
2014-02-16 00:08:59 +01:00
|
|
|
if (r < 0)
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
log_warning("Failed to parse luks= kernel command line switch %s. Ignoring.", value);
|
2014-02-16 00:08:59 +01:00
|
|
|
else
|
|
|
|
arg_enabled = r;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
} else if (streq(key, "luks.crypttab")) {
|
2012-06-22 10:11:06 +02:00
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
r = value ? parse_boolean(value) : 1;
|
2014-02-16 00:08:59 +01:00
|
|
|
if (r < 0)
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
log_warning("Failed to parse luks.crypttab= kernel command line switch %s. Ignoring.", value);
|
2014-02-16 00:08:59 +01:00
|
|
|
else
|
|
|
|
arg_read_crypttab = r;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
} else if (streq(key, "luks.uuid")) {
|
|
|
|
|
|
|
|
if (proc_cmdline_value_missing(key, value))
|
|
|
|
return 0;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
d = get_crypto_device(startswith(value, "luks-") ? value+5 : value);
|
|
|
|
if (!d)
|
2014-02-16 00:08:59 +01:00
|
|
|
return log_oom();
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
d->create = arg_whitelist = true;
|
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
} else if (streq(key, "luks.options")) {
|
|
|
|
|
|
|
|
if (proc_cmdline_value_missing(key, value))
|
|
|
|
return 0;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
|
|
|
|
if (r == 2) {
|
|
|
|
d = get_crypto_device(uuid);
|
|
|
|
if (!d)
|
|
|
|
return log_oom();
|
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
free_and_replace(d->options, uuid_value);
|
2014-12-02 18:49:28 +01:00
|
|
|
} else if (free_and_strdup(&arg_default_options, value) < 0)
|
2014-02-16 00:08:59 +01:00
|
|
|
return log_oom();
|
2012-06-22 10:11:06 +02:00
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
} else if (streq(key, "luks.key")) {
|
2018-09-04 20:03:34 +02:00
|
|
|
size_t n;
|
|
|
|
_cleanup_free_ char *keyfile = NULL, *keydev = NULL;
|
|
|
|
char *c;
|
|
|
|
const char *keyspec;
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
|
|
|
|
if (proc_cmdline_value_missing(key, value))
|
|
|
|
return 0;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2018-09-04 20:03:34 +02:00
|
|
|
n = strspn(value, LETTERS DIGITS "-");
|
|
|
|
if (value[n] != '=') {
|
|
|
|
if (free_and_strdup(&arg_default_keyfile, value) < 0)
|
|
|
|
return log_oom();
|
|
|
|
return 0;
|
|
|
|
}
|
2018-08-30 10:45:11 +02:00
|
|
|
|
2018-09-04 20:03:34 +02:00
|
|
|
uuid = strndup(value, n);
|
|
|
|
if (!uuid)
|
|
|
|
return log_oom();
|
2014-12-02 18:49:29 +01:00
|
|
|
|
2018-09-04 20:03:34 +02:00
|
|
|
if (!id128_is_valid(uuid)) {
|
|
|
|
log_warning("Failed to parse luks.key= kernel command line switch. UUID is invalid, ignoring.");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
d = get_crypto_device(uuid);
|
|
|
|
if (!d)
|
|
|
|
return log_oom();
|
2018-08-30 10:45:11 +02:00
|
|
|
|
2018-09-04 20:03:34 +02:00
|
|
|
keyspec = value + n + 1;
|
|
|
|
c = strrchr(keyspec, ':');
|
|
|
|
if (c) {
|
|
|
|
*c = '\0';
|
|
|
|
keyfile = strdup(keyspec);
|
|
|
|
keydev = strdup(c + 1);
|
2018-08-30 10:45:11 +02:00
|
|
|
|
|
|
|
if (!keyfile || !keydev)
|
|
|
|
return log_oom();
|
2018-09-04 20:03:34 +02:00
|
|
|
} else {
|
|
|
|
/* No keydev specified */
|
|
|
|
keyfile = strdup(keyspec);
|
|
|
|
if (!keyfile)
|
|
|
|
return log_oom();
|
|
|
|
}
|
2018-08-30 10:45:11 +02:00
|
|
|
|
2018-09-04 20:03:34 +02:00
|
|
|
free_and_replace(d->keyfile, keyfile);
|
|
|
|
free_and_replace(d->keydev, keydev);
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
} else if (streq(key, "luks.name")) {
|
|
|
|
|
|
|
|
if (proc_cmdline_value_missing(key, value))
|
|
|
|
return 0;
|
2014-12-02 18:49:30 +01:00
|
|
|
|
|
|
|
r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
|
|
|
|
if (r == 2) {
|
|
|
|
d = get_crypto_device(uuid);
|
|
|
|
if (!d)
|
|
|
|
return log_oom();
|
|
|
|
|
|
|
|
d->create = arg_whitelist = true;
|
|
|
|
|
2017-11-24 11:33:41 +01:00
|
|
|
free_and_replace(d->name, uuid_value);
|
2014-12-02 18:49:30 +01:00
|
|
|
} else
|
|
|
|
log_warning("Failed to parse luks name switch %s. Ignoring.", value);
|
2014-06-19 16:55:20 +02:00
|
|
|
}
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2013-03-08 10:50:33 +01:00
|
|
|
return 0;
|
2012-06-22 10:11:06 +02:00
|
|
|
}
|
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
static int add_crypttab_devices(void) {
|
2013-04-18 09:11:22 +02:00
|
|
|
_cleanup_fclose_ FILE *f = NULL;
|
2018-10-18 13:34:40 +02:00
|
|
|
unsigned crypttab_line = 0;
|
|
|
|
struct stat st;
|
|
|
|
int r;
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (!arg_read_crypttab)
|
|
|
|
return 0;
|
|
|
|
|
2019-04-04 10:17:16 +02:00
|
|
|
r = fopen_unlocked("/etc/crypttab", "re", &f);
|
|
|
|
if (r < 0) {
|
2014-12-02 18:49:28 +01:00
|
|
|
if (errno != ENOENT)
|
|
|
|
log_error_errno(errno, "Failed to open /etc/crypttab: %m");
|
|
|
|
return 0;
|
2010-11-08 05:02:45 +01:00
|
|
|
}
|
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (fstat(fileno(f), &st) < 0) {
|
|
|
|
log_error_errno(errno, "Failed to stat /etc/crypttab: %m");
|
|
|
|
return 0;
|
|
|
|
}
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
for (;;) {
|
2018-10-18 13:34:40 +02:00
|
|
|
_cleanup_free_ char *line = NULL, *name = NULL, *device = NULL, *keyfile = NULL, *options = NULL;
|
2014-12-02 18:49:28 +01:00
|
|
|
crypto_device *d = NULL;
|
2018-10-18 13:34:40 +02:00
|
|
|
char *l, *uuid;
|
|
|
|
int k;
|
2011-08-01 20:52:18 +02:00
|
|
|
|
2018-10-18 13:34:40 +02:00
|
|
|
r = read_line(f, LONG_LINE_MAX, &line);
|
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Failed to read /etc/crypttab: %m");
|
|
|
|
if (r == 0)
|
2014-12-02 18:49:28 +01:00
|
|
|
break;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
crypttab_line++;
|
2014-02-16 00:08:59 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
l = strstrip(line);
|
2018-10-18 13:34:40 +02:00
|
|
|
if (IN_SET(l[0], 0, '#'))
|
2014-12-02 18:49:28 +01:00
|
|
|
continue;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &keyfile, &options);
|
|
|
|
if (k < 2 || k > 4) {
|
|
|
|
log_error("Failed to parse /etc/crypttab:%u, ignoring.", crypttab_line);
|
|
|
|
continue;
|
|
|
|
}
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2018-11-23 16:30:23 +01:00
|
|
|
uuid = STARTSWITH_SET(device, "UUID=", "luks-");
|
2014-12-02 18:49:28 +01:00
|
|
|
if (!uuid)
|
|
|
|
uuid = path_startswith(device, "/dev/disk/by-uuid/");
|
|
|
|
if (uuid)
|
|
|
|
d = hashmap_get(arg_disks, uuid);
|
2013-04-30 00:48:03 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (arg_whitelist && !d) {
|
|
|
|
log_info("Not creating device '%s' because it was not specified on the kernel command line.", name);
|
|
|
|
continue;
|
2013-04-30 00:48:03 +02:00
|
|
|
}
|
|
|
|
|
2018-08-30 10:45:11 +02:00
|
|
|
r = create_disk(name, device, NULL, keyfile, (d && d->options) ? d->options : options);
|
2014-12-02 18:49:28 +01:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-04-30 00:48:03 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (d)
|
|
|
|
d->create = false;
|
|
|
|
}
|
2013-04-30 00:48:03 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
return 0;
|
|
|
|
}
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
static int add_proc_cmdline_devices(void) {
|
|
|
|
int r;
|
|
|
|
Iterator i;
|
|
|
|
crypto_device *d;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
HASHMAP_FOREACH(d, arg_disks, i) {
|
|
|
|
const char *options;
|
2014-12-02 18:49:30 +01:00
|
|
|
_cleanup_free_ char *device = NULL;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (!d->create)
|
|
|
|
continue;
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:30 +01:00
|
|
|
if (!d->name) {
|
|
|
|
d->name = strappend("luks-", d->uuid);
|
|
|
|
if (!d->name)
|
|
|
|
return log_oom();
|
|
|
|
}
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
device = strappend("UUID=", d->uuid);
|
|
|
|
if (!device)
|
|
|
|
return log_oom();
|
2013-08-18 08:59:00 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (d->options)
|
|
|
|
options = d->options;
|
|
|
|
else if (arg_default_options)
|
|
|
|
options = arg_default_options;
|
|
|
|
else
|
|
|
|
options = "timeout=0";
|
2014-02-16 00:08:59 +01:00
|
|
|
|
2018-08-30 10:45:11 +02:00
|
|
|
r = create_disk(d->name, device, d->keydev, d->keyfile ?: arg_default_keyfile, options);
|
2014-12-02 18:49:28 +01:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2010-11-08 05:02:45 +01:00
|
|
|
}
|
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
return 0;
|
|
|
|
}
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2018-11-25 16:19:08 +01:00
|
|
|
DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(crypt_device_hash_ops, char, string_hash_func, string_compare_func,
|
|
|
|
crypto_device, crypt_device_free);
|
|
|
|
|
2018-12-04 11:49:42 +01:00
|
|
|
static int run(const char *dest, const char *dest_early, const char *dest_late) {
|
2016-12-16 13:15:31 +01:00
|
|
|
int r;
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2018-12-04 11:49:42 +01:00
|
|
|
assert_se(arg_dest = dest);
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2018-11-25 16:19:08 +01:00
|
|
|
arg_disks = hashmap_new(&crypt_device_hash_ops);
|
|
|
|
if (!arg_disks)
|
|
|
|
return log_oom();
|
2013-08-18 08:59:00 +02:00
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, PROC_CMDLINE_STRIP_RD_PREFIX);
|
2018-11-25 16:19:08 +01:00
|
|
|
if (r < 0)
|
|
|
|
return log_warning_errno(r, "Failed to parse kernel command line: %m");
|
2013-08-18 08:59:00 +02:00
|
|
|
|
2018-11-25 16:19:08 +01:00
|
|
|
if (!arg_enabled)
|
|
|
|
return 0;
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2016-12-16 13:15:31 +01:00
|
|
|
r = add_crypttab_devices();
|
|
|
|
if (r < 0)
|
2018-11-25 16:19:08 +01:00
|
|
|
return r;
|
2014-12-02 18:49:28 +01:00
|
|
|
|
2016-12-16 13:15:31 +01:00
|
|
|
r = add_proc_cmdline_devices();
|
|
|
|
if (r < 0)
|
2018-11-25 16:19:08 +01:00
|
|
|
return r;
|
2014-02-16 00:08:59 +01:00
|
|
|
|
2018-11-25 16:19:08 +01:00
|
|
|
return 0;
|
2010-11-08 05:02:45 +01:00
|
|
|
}
|
2018-11-25 16:19:08 +01:00
|
|
|
|
2018-12-04 11:49:42 +01:00
|
|
|
DEFINE_MAIN_GENERATOR_FUNCTION(run);
|