[systemd-devel] Systemd ask-password unable to handle cryptsetup passwords with \0 character inside ?
Raphaƫl Gertz
systemd-devel at rapsys.eu
Tue May 31 18:40:37 UTC 2016
Hi,
My question is relative to the file
systemd/src/shared/ask-password-api.c+651 :
l = strv_parse_nulstr(passphrase+1, n-1);
On documentation
https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/ it is
specified that message should follow this pattern :
+passwordhere\0
or
-\0
With trailing \0 optional in both case.
If I am right it seems all password sent through AF_UNIX/SOCK_DGRAM are
split using \0 character and cached as differents passwords.
I am trying to create a cgi which send password or keyfile through this
system.
Cryptsetup can accept two case of password, a 512 max length passphrase
in interactive mode or a 8192 * 1024 keyfile.
(I have read the source code to find that)
There seems to have nothing disallowing to have a password like "toto\0"
or a keyfile containing "toto\0".
How am I supposed to submit password with \0 character inside or even
worse case with a \0 at end ?
Same question with file ?
Should I try to go around ask-password service and run cryptsetup
luksOpen behind his back and later shoot the ask-password process ?
Would it need an option to have password provided without modification
with trailing \0 with a new format like :
=toto\0
With all content considered as a single password ?
Best regards
More information about the systemd-devel
mailing list