[systemd-commits] 2 commits - src/ask-password src/cryptsetup src/shared

Lennart Poettering lennart at kemper.freedesktop.org
Thu Apr 24 00:24:47 PDT 2014


 src/ask-password/ask-password.c |   14 +++++++++++---
 src/cryptsetup/cryptsetup.c     |   25 +++++++++++++++++++++----
 src/shared/ask-password-api.c   |    9 +++++++--
 src/shared/ask-password-api.h   |    6 ++++--
 4 files changed, 43 insertions(+), 11 deletions(-)

New commits:
commit 6131a78b4d247618715e042e14ad682f678d3b32
Author: David Härdeman <david at hardeman.nu>
Date:   Tue Mar 25 11:05:28 2014 +0100

    Fix keysize handling in cryptsetup (bits vs. bytes)
    
    The command line key-size is in bits but the libcryptsetup API expects bytes.
    
    Note that the modulo 8 check is in the original cryptsetup binary as well, so
    it's no new limitation.
    
    (v2: changed the point at which the /= 8 is performed, rebased, removed tabs)

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index a647a94..812b32f 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -88,6 +88,13 @@ static int parse_one_option(const char *option) {
                         return 0;
                 }
 
+                if (arg_key_size % 8) {
+                        log_error("size= not a multiple of 8, ignoring.");
+                        return 0;
+                }
+
+                arg_key_size /= 8;
+
         } else if (startswith(option, "key-slot=")) {
 
                 arg_type = CRYPT_LUKS1;
@@ -414,7 +421,7 @@ static int attach_luks_or_plain(struct crypt_device *cd,
                 /* for CRYPT_PLAIN limit reads
                  * from keyfile to key length, and
                  * ignore keyfile-size */
-                arg_keyfile_size = arg_key_size / 8;
+                arg_keyfile_size = arg_key_size;
 
                 /* In contrast to what the name
                  * crypt_setup() might suggest this
@@ -577,7 +584,7 @@ int main(int argc, char *argv[]) {
                 else
                         until = 0;
 
-                arg_key_size = (arg_key_size > 0 ? arg_key_size : 256);
+                arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8));
 
                 if (key_file) {
                         struct stat st;

commit 9fa1de965a0954dcb6d855ebe0513077515a0daa
Author: David Härdeman <david at hardeman.nu>
Date:   Tue Mar 25 11:05:23 2014 +0100

    Add more password agent information
    
    Add an (optional) "Id" key in the password agent .ask files. The Id is
    supposed to be a simple string in "<subsystem>:<target>" form which
    is used to provide more information on what the requested passphrase
    is to be used for (which e.g. allows an agent to only react to cryptsetup
    requests).
    
    (v2: rebased, fixed indentation, escape name, use strappenda)

diff --git a/src/ask-password/ask-password.c b/src/ask-password/ask-password.c
index ea0c623..4d5690c 100644
--- a/src/ask-password/ask-password.c
+++ b/src/ask-password/ask-password.c
@@ -43,6 +43,7 @@
 #include "def.h"
 
 static const char *arg_icon = NULL;
+static const char *arg_id = NULL;
 static const char *arg_message = NULL;
 static bool arg_use_tty = true;
 static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC;
@@ -58,7 +59,8 @@ static int help(void) {
                "     --timeout=SEC   Timeout in sec\n"
                "     --no-tty        Ask question via agent even on TTY\n"
                "     --accept-cached Accept cached passwords\n"
-               "     --multiple      List multiple passwords if available\n",
+               "     --multiple      List multiple passwords if available\n"
+               "     --id=ID         Query identifier (e.g. cryptsetup:/dev/sda5)\n",
                program_invocation_short_name);
 
         return 0;
@@ -71,7 +73,8 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_TIMEOUT,
                 ARG_NO_TTY,
                 ARG_ACCEPT_CACHED,
-                ARG_MULTIPLE
+                ARG_MULTIPLE,
+                ARG_ID
         };
 
         static const struct option options[] = {
@@ -81,6 +84,7 @@ static int parse_argv(int argc, char *argv[]) {
                 { "no-tty",        no_argument,       NULL, ARG_NO_TTY        },
                 { "accept-cached", no_argument,       NULL, ARG_ACCEPT_CACHED },
                 { "multiple",      no_argument,       NULL, ARG_MULTIPLE      },
+                { "id",            required_argument, NULL, ARG_ID            },
                 {}
         };
 
@@ -119,6 +123,10 @@ static int parse_argv(int argc, char *argv[]) {
                         arg_multiple = true;
                         break;
 
+                case ARG_ID:
+                        arg_id = optarg;
+                        break;
+
                 case '?':
                         return -EINVAL;
 
@@ -162,7 +170,7 @@ int main(int argc, char *argv[]) {
         } else {
                 char **l;
 
-                if ((r = ask_password_agent(arg_message, arg_icon, timeout, arg_accept_cached, &l)) >= 0) {
+                if ((r = ask_password_agent(arg_message, arg_icon, arg_id, timeout, arg_accept_cached, &l)) >= 0) {
                         char **p;
 
                         STRV_FOREACH(p, l) {
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 9b9074c..a647a94 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -257,6 +257,8 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char
         int r;
         char **p;
         _cleanup_free_ char *text = NULL;
+        _cleanup_free_ char *escaped_name = NULL;
+        char *id;
 
         assert(name);
         assert(passwords);
@@ -264,7 +266,13 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char
         if (asprintf(&text, "Please enter passphrase for disk %s!", name) < 0)
                 return log_oom();
 
-        r = ask_password_auto(text, "drive-harddisk", until, accept_cached, passwords);
+        escaped_name = cescape(name);
+        if (!escaped_name)
+                return log_oom();
+
+        id = strappenda("cryptsetup:", escaped_name);
+
+        r = ask_password_auto(text, "drive-harddisk", id, until, accept_cached, passwords);
         if (r < 0) {
                 log_error("Failed to query password: %s", strerror(-r));
                 return r;
@@ -278,7 +286,9 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char
                 if (asprintf(&text, "Please enter passphrase for disk %s! (verification)", name) < 0)
                         return log_oom();
 
-                r = ask_password_auto(text, "drive-harddisk", until, false, &passwords2);
+                id = strappenda("cryptsetup-verification:", escaped_name);
+
+                r = ask_password_auto(text, "drive-harddisk", id, until, false, &passwords2);
                 if (r < 0) {
                         log_error("Failed to query verification password: %s", strerror(-r));
                         return r;
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index eb40995..c3c78b6 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -298,6 +298,7 @@ fail:
 int ask_password_agent(
                 const char *message,
                 const char *icon,
+                const char *id,
                 usec_t until,
                 bool accept_cached,
                 char ***_passphrases) {
@@ -373,6 +374,9 @@ int ask_password_agent(
         if (icon)
                 fprintf(f, "Icon=%s\n", icon);
 
+        if (id)
+                fprintf(f, "Id=%s\n", id);
+
         fflush(f);
 
         if (ferror(f)) {
@@ -537,7 +541,8 @@ finish:
         return r;
 }
 
-int ask_password_auto(const char *message, const char *icon, usec_t until, bool accept_cached, char ***_passphrases) {
+int ask_password_auto(const char *message, const char *icon, const char *id,
+                      usec_t until, bool accept_cached, char ***_passphrases) {
         assert(message);
         assert(_passphrases);
 
@@ -556,5 +561,5 @@ int ask_password_auto(const char *message, const char *icon, usec_t until, bool
                 *_passphrases = l;
                 return r;
         } else
-                return ask_password_agent(message, icon, until, accept_cached, _passphrases);
+                return ask_password_agent(message, icon, id, until, accept_cached, _passphrases);
 }
diff --git a/src/shared/ask-password-api.h b/src/shared/ask-password-api.h
index 288a0f4..3839a2d 100644
--- a/src/shared/ask-password-api.h
+++ b/src/shared/ask-password-api.h
@@ -25,6 +25,8 @@
 
 int ask_password_tty(const char *message, usec_t until, const char *flag_file, char **_passphrase);
 
-int ask_password_agent(const char *message, const char *icon, usec_t until, bool accept_cached, char ***_passphrases);
+int ask_password_agent(const char *message, const char *icon, const char *id,
+                       usec_t until, bool accept_cached, char ***_passphrases);
 
-int ask_password_auto(const char *message, const char *icon, usec_t until, bool accept_cached, char ***_passphrases);
+int ask_password_auto(const char *message, const char *icon, const char *id,
+                      usec_t until, bool accept_cached, char ***_passphrases);



More information about the systemd-commits mailing list