« back to all changes in this revision
Viewing changes to src/cryptsetup.c
- browse files at revision 65
- compare with another revision
- download diff
- download tarball
- view history from revision 65
- Committer: Bazaar Package Importer
- Author(s): Martin Pitt
- Date: 2009-11-11 15:04:27 UTC
- mfrom: (0.1.7 squeeze)
- Revision ID: james.westby@ubuntu.com-20091111150427-elb822l63lnihaue
Tags: 2:1.1.0~rc2-1ubuntu1
* Merge with Debian testing. Remaining Ubuntu changes:
- debian/rules: cryptsetup is linked dynamically against libgcrypt and
libgpg-error.
- Upstart migration:
+ Add debian/cryptdisks-enable.upstart.
+ debian/cryptdisks{,-early}.init: Make the 'start' action of the init
script a no-op, this should be handled entirely by the upstart job.
(LP #473615)
+ debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
upgrade.
+ debian/rules: Do not install start symlinks for those two, and install
debian/cryptdisks-enable.upstart scripts.
- Add debian/cryptsetup.apport: Apport package hook. Install in
debian/rules, and create dir in debian/cryptsetup.dirs.
- Start usplash in initramfs, since we need it for fancy passphrase input:
+ debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y
+ debian/control: Bump initramfs-tools Suggests to Depends:.
- debian/rules: cryptsetup is linked dynamically against libgcrypt and
libgpg-error.
- Upstart migration:
+ Add debian/cryptdisks-enable.upstart.
+ debian/cryptdisks{,-early}.init: Make the 'start' action of the init
script a no-op, this should be handled entirely by the upstart job.
(LP #473615)
+ debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
upgrade.
+ debian/rules: Do not install start symlinks for those two, and install
debian/cryptdisks-enable.upstart scripts.
- Add debian/cryptsetup.apport: Apport package hook. Install in
debian/rules, and create dir in debian/cryptsetup.dirs.
- Start usplash in initramfs, since we need it for fancy passphrase input:
+ debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y
+ debian/control: Bump initramfs-tools Suggests to Depends:.
- files added:
- debian/README.opensc
- tests
- files removed:
- autogen.sh
- luks/sha
- luks/testing
- m4
- files modified:
- ChangeLog
- compile *
- config.rpath *
- depcomp *
- missing *
added
removed
src/cryptsetup.c
2
2
#include <stdio.h>
3
3
#include <stdlib.h>
4
4
#include <stdint.h>
5
#include <stdarg.h>
5
6
#include <inttypes.h>
6
7
#include <errno.h>
7
8
#include <unistd.h>
9
#include <fcntl.h>
8
10
#include <assert.h>
9
11
10
12
#include <libcryptsetup.h>
14
16
15
17
#include "cryptsetup.h"
16
18
17
static int opt_verbose = 1;
19
static int opt_verbose = 0;
20
static int opt_debug = 0;
18
21
static char *opt_cipher = NULL;
19
static char *opt_hash = DEFAULT_HASH;
22
static char *opt_hash = NULL;
20
23
static int opt_verify_passphrase = 0;
21
24
static char *opt_key_file = NULL;
25
static char *opt_master_key_file = NULL;
26
static char *opt_header_backup_file = NULL;
22
27
static unsigned int opt_key_size = 0;
23
static int opt_key_slot = -1;
28
static int opt_key_slot = CRYPT_ANY_SLOT;
24
29
static uint64_t opt_size = 0;
25
30
static uint64_t opt_offset = 0;
26
31
static uint64_t opt_skip = 0;
49
54
static int action_isLuks(int arg);
50
55
static int action_luksUUID(int arg);
51
56
static int action_luksDump(int arg);
57
static int action_luksSuspend(int arg);
58
static int action_luksResume(int arg);
59
static int action_luksBackup(int arg);
60
static int action_luksRestore(int arg);
52
61
53
62
static struct action_type {
54
63
const char *type;
55
int (*handler)(int);
64
int (*handler)(int);
56
65
int arg;
57
66
int required_action_argc;
67
int required_memlock;
58
68
const char *arg_desc;
59
69
const char *desc;
60
70
} action_types[] = {
61
{ "create", action_create, 0, 2, N_("<name> <device>"), N_("create device") },
62
{ "remove", action_remove, 0, 1, N_("<name>"), N_("remove device") },
63
{ "resize", action_resize, 0, 1, N_("<name>"), N_("resize active device") },
64
{ "status", action_status, 0, 1, N_("<name>"), N_("show device status") },
65
{ "luksFormat", action_luksFormat, 0, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") },
66
{ "luksOpen", action_luksOpen, 0, 2, N_("<device> <name> "), N_("open LUKS device as mapping <name>") },
67
{ "luksAddKey", action_luksAddKey, 0, 1, N_("<device> [<new key file>]"), N_("add key to LUKS device") },
68
{ "luksRemoveKey", action_luksRemoveKey, 0, 1, N_("<device> [<key file>]"), N_("removes supplied key or key file from LUKS device") },
69
{ "luksKillSlot", action_luksKillSlot, 0, 2, N_("<device> <key slot>"), N_("wipes key with number <key slot> from LUKS device") },
70
{ "luksUUID", action_luksUUID, 0, 1, N_("<device>"), N_("print UUID of LUKS device") },
71
{ "isLuks", action_isLuks, 0, 1, N_("<device>"), N_("tests <device> for LUKS partition header") },
72
{ "luksClose", action_remove, 0, 1, N_("<name>"), N_("remove LUKS mapping") },
73
{ "luksDump", action_luksDump, 0, 1, N_("<device>"), N_("dump LUKS partition information") },
74
{ "luksDelKey", action_luksDelKey, 0, 2, N_("<device> <key slot>"), N_("identical to luksKillSlot - DEPRECATED - see man page") },
75
{ "reload", action_create, 1, 2, N_("<name> <device>"), N_("modify active device - DEPRECATED - see man page") },
76
{ NULL, NULL, 0, 0, NULL }
71
{ "create", action_create, 0, 2, 1, N_("<name> <device>"),N_("create device") },
72
{ "remove", action_remove, 0, 1, 1, N_("<name>"), N_("remove device") },
73
{ "resize", action_resize, 0, 1, 1, N_("<name>"), N_("resize active device") },
74
{ "status", action_status, 0, 1, 0, N_("<name>"), N_("show device status") },
75
{ "luksFormat", action_luksFormat, 0, 1, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") },
76
{ "luksOpen", action_luksOpen, 0, 2, 1, N_("<device> <name> "), N_("open LUKS device as mapping <name>") },
77
{ "luksAddKey", action_luksAddKey, 0, 1, 1, N_("<device> [<new key file>]"), N_("add key to LUKS device") },
78
{ "luksRemoveKey",action_luksRemoveKey, 0, 1, 1, N_("<device> [<key file>]"), N_("removes supplied key or key file from LUKS device") },
79
{ "luksKillSlot", action_luksKillSlot, 0, 2, 1, N_("<device> <key slot>"), N_("wipes key with number <key slot> from LUKS device") },
80
{ "luksUUID", action_luksUUID, 0, 1, 0, N_("<device>"), N_("print UUID of LUKS device") },
81
{ "isLuks", action_isLuks, 0, 1, 0, N_("<device>"), N_("tests <device> for LUKS partition header") },
82
{ "luksClose", action_remove, 0, 1, 1, N_("<name>"), N_("remove LUKS mapping") },
83
{ "luksDump", action_luksDump, 0, 1, 0, N_("<device>"), N_("dump LUKS partition information") },
84
{ "luksSuspend",action_luksSuspend, 0, 1, 1, N_("<device>"), N_("Suspend LUKS device and wipe key (all IOs are frozen).") },
85
{ "luksResume", action_luksResume, 0, 1, 1, N_("<device>"), N_("Resume suspended LUKS device.") },
86
{ "luksHeaderBackup",action_luksBackup, 0, 1, 1, N_("<device>"), N_("Backup LUKS device header and keyslots") },
87
{ "luksHeaderRestore",action_luksRestore,0,1, 1, N_("<device>"), N_("Restore LUKS device header and keyslots") },
88
{ "luksDelKey", action_luksDelKey, 0, 2, 1, N_("<device> <key slot>"), N_("identical to luksKillSlot - DEPRECATED - see man page") },
89
{ "reload", action_create, 1, 2, 1, N_("<name> <device>"), N_("modify active device - DEPRECATED - see man page") },
90
{ NULL, NULL, 0, 0, 0, NULL, NULL }
77
91
};
78
92
93
static void clogger(struct crypt_device *cd, int class, const char *file,
94
int line, const char *format, ...)
95
{
96
va_list argp;
97
char *target = NULL;
98
99
va_start(argp, format);
100
101
if (vasprintf(&target, format, argp) > 0) {
102
if (class >= 0) {
103
crypt_log(cd, class, target);
104
#ifdef CRYPT_DEBUG
105
} else if (opt_debug)
106
printf("# %s:%d %s\n", file ?: "?", line, target);
107
#else
108
} else if (opt_debug)
109
printf("# %s\n", target);
110
#endif
111
}
112
113
va_end(argp);
114
free(target);
115
}
116
79
117
/* Interface Callbacks */
80
118
static int yesDialog(char *msg)
81
119
{
82
int r = 0;
120
char *answer = NULL;
121
size_t size = 0;
122
int r = 1;
123
83
124
if(isatty(0) && !opt_batch_mode) {
84
char *answer=NULL;
85
size_t size=0;
86
fprintf(stderr,"\nWARNING!\n========\n");
87
fprintf(stderr,"%s\n\nAre you sure? (Type uppercase yes): ",msg);
88
if(getline(&answer,&size,stdin) == -1)
125
log_std("\nWARNING!\n========\n");
126
log_std("%s\n\nAre you sure? (Type uppercase yes): ", msg);
127
if(getline(&answer, &size, stdin) == -1) {
128
perror("getline");
129
free(answer);
89
130
return 0;
90
if(strcmp(answer,"YES\n") == 0)
91
r = 1;
131
}
132
if(strcmp(answer, "YES\n"))
133
r = 0;
92
134
free(answer);
93
} else
94
r = 1;
135
}
136
95
137
return r;
96
138
}
97
139
115
157
.log = cmdLineLog,
116
158
};
117
159
160
static void _log(int class, const char *msg, void *usrptr)
161
{
162
cmdLineLog(class, (char *)msg);
163
}
164
165
static int _yesDialog(const char *msg, void *usrptr)
166
{
167
return yesDialog((char*)msg);
168
}
169
118
170
/* End ICBs */
119
171
120
172
static void show_status(int errcode)
121
173
{
122
char error[256];
174
char error[256], *error_;
175
176
if(!opt_verbose)
177
return;
123
178
124
179
if(!errcode) {
125
fprintf(stderr, _("Command successful.\n"));
126
return;
180
log_std(_("Command successful.\n"));
181
return;
127
182
}
128
183
129
184
crypt_get_error(error, sizeof(error));
130
if (!opt_verbose) {
131
char *error_ = strerror_r(errcode, error, sizeof(error));
185
186
if (!error[0]) {
187
error_ = strerror_r(-errcode, error, sizeof(error));
132
188
if (error_ != error) {
133
189
strncpy(error, error_, sizeof(error));
134
error[sizeof error - 1] = '\0';
190
error[sizeof(error) - 1] = '\0';
135
191
}
136
192
}
137
193
138
fprintf(stderr, _("Command failed"));
194
log_err(_("Command failed with code %i"), -errcode);
139
195
if (*error)
140
fprintf(stderr, ": %s\n", error);
196
log_err(": %s\n", error);
141
197
else
142
fputs(".\n", stderr);
143
return;
198
log_err(".\n");
144
199
}
145
200
146
201
static int action_create(int reload)
149
204
.name = action_argv[0],
150
205
.device = action_argv[1],
151
206
.cipher = opt_cipher?opt_cipher:DEFAULT_CIPHER,
152
.hash = opt_hash,
207
.hash = opt_hash ?: DEFAULT_HASH,
153
208
.key_file = opt_key_file,
154
209
.key_size = ((opt_key_size)?opt_key_size:DEFAULT_KEY_SIZE)/8,
155
210
.key_slot = opt_key_slot,
156
.passphrase_fd = 0, /* stdin */
157
211
.flags = 0,
158
212
.size = opt_size,
159
213
.offset = opt_offset,
165
219
int r;
166
220
167
221
if(reload)
168
fprintf(stderr, _("The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\nWARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n"));
222
log_err(_("The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\nWARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n"));
169
223
170
224
if (options.hash && strcmp(options.hash, "plain") == 0)
171
225
options.hash = NULL;
178
232
r = crypt_update_device(&options);
179
233
else
180
234
r = crypt_create_device(&options);
181
if (r < 0)
182
show_status(-r);
235
183
236
return r;
184
237
}
185
238
189
242
.name = action_argv[0],
190
243
.icb = &cmd_icb,
191
244
};
192
int r;
193
245
194
r = crypt_remove_device(&options);
195
if (r < 0)
196
show_status(-r);
197
return r;
246
return crypt_remove_device(&options);
198
247
}
199
248
200
249
static int action_resize(int arg)
204
253
.size = opt_size,
205
254
.icb = &cmd_icb,
206
255
};
207
int r;
208
256
209
r = crypt_resize_device(&options);
210
if (r < 0)
211
show_status(-r);
212
return r;
257
return crypt_resize_device(&options);
213
258
}
214
259
215
260
static int action_status(int arg)
221
266
int r;
222
267
223
268
r = crypt_query_device(&options);
224
225
if (r < 0) {
226
/* error */
227
show_status(-r);
228
} else if (r == 0) {
269
if (r < 0)
270
return r;
271
272
if (r == 0) {
229
273
/* inactive */
230
printf("%s/%s is inactive.\n", crypt_get_dir(), options.name);
274
log_std("%s/%s is inactive.\n", crypt_get_dir(), options.name);
231
275
r = 1;
232
276
} else {
233
277
/* active */
234
printf("%s/%s is active:\n", crypt_get_dir(), options.name);
235
printf(" cipher: %s\n", options.cipher);
236
printf(" keysize: %d bits\n", options.key_size * 8);
237
printf(" device: %s\n", options.device);
238
printf(" offset: %" PRIu64 " sectors\n", options.offset);
239
printf(" size: %" PRIu64 " sectors\n", options.size);
278
log_std("%s/%s is active:\n", crypt_get_dir(), options.name);
279
log_std(" cipher: %s\n", options.cipher);
280
log_std(" keysize: %d bits\n", options.key_size * 8);
281
log_std(" device: %s\n", options.device);
282
log_std(" offset: %" PRIu64 " sectors\n", options.offset);
283
log_std(" size: %" PRIu64 " sectors\n", options.size);
240
284
if (options.skip)
241
printf(" skipped: %" PRIu64 " sectors\n", options.skip);
242
printf(" mode: %s\n", (options.flags & CRYPT_FLAG_READONLY)
285
log_std(" skipped: %" PRIu64 " sectors\n", options.skip);
286
log_std(" mode: %s\n", (options.flags & CRYPT_FLAG_READONLY)
243
287
? "readonly" : "read/write");
244
288
crypt_put_options(&options);
245
289
r = 0;
247
291
return r;
248
292
}
249
293
250
static int action_luksFormat(int arg)
294
static int _action_luksFormat_generateMK()
251
295
{
252
296
struct crypt_options options = {
253
.key_size = (opt_key_size != 0 ? opt_key_size : DEFAULT_LUKS_KEY_SIZE) / 8,
297
.key_size = (opt_key_size ?: DEFAULT_LUKS_KEY_SIZE) / 8,
254
298
.key_slot = opt_key_slot,
255
299
.device = action_argv[0],
256
.cipher = opt_cipher?opt_cipher:DEFAULT_LUKS_CIPHER,
300
.cipher = opt_cipher ?: DEFAULT_LUKS_CIPHER,
301
.hash = opt_hash ?: DEFAULT_LUKS_HASH,
257
302
.new_key_file = action_argc > 1 ? action_argv[1] : NULL,
258
303
.flags = opt_verify_passphrase ? CRYPT_FLAG_VERIFY : (!opt_batch_mode?CRYPT_FLAG_VERIFY_IF_POSSIBLE : 0),
259
304
.iteration_time = opt_iteration_time,
262
307
.icb = &cmd_icb,
263
308
};
264
309
310
return crypt_luksFormat(&options);
311
}
312
313
static int _read_mk(const char *file, char **key, int keysize)
314
{
315
int fd;
316
317
*key = malloc(keysize);
318
if (!*key)
319
return -ENOMEM;
320
321
fd = open(file, O_RDONLY);
322
if (fd == -1) {
323
log_err("Cannot read keyfile %s.\n", file);
324
return -EINVAL;
325
}
326
if ((read(fd, *key, keysize) != keysize)) {
327
log_err("Cannot read %d bytes from keyfile %s.\n", keysize, file);
328
close(fd);
329
memset(*key, 0, keysize);
330
free(*key);
331
return -EINVAL;
332
}
333
close(fd);
334
return 0;
335
}
336
337
static int _action_luksFormat_useMK()
338
{
339
int r = -EINVAL, keysize;
340
char *key = NULL, cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
341
struct crypt_device *cd = NULL;
342
struct crypt_params_luks1 params = {
343
.hash = opt_hash ?: DEFAULT_LUKS_HASH,
344
.data_alignment = opt_align_payload,
345
};
346
347
if (sscanf(opt_cipher ?: DEFAULT_LUKS_CIPHER,
348
"%" MAX_CIPHER_LEN_STR "[^-]-%" MAX_CIPHER_LEN_STR "s",
349
cipher, cipher_mode) != 2) {
350
log_err("No known cipher specification pattern detected.\n");
351
return -EINVAL;
352
}
353
354
keysize = (opt_key_size ?: DEFAULT_LUKS_KEY_SIZE) / 8;
355
if (_read_mk(opt_master_key_file, &key, keysize) < 0)
356
return -EINVAL;
357
358
if ((r = crypt_init(&cd, action_argv[0])))
359
goto out;
360
361
crypt_set_password_verify(cd, 1);
362
crypt_set_timeout(cd, opt_timeout);
363
if (opt_iteration_time)
364
crypt_set_iterarion_time(cd, opt_iteration_time);
365
366
if ((r = crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, keysize, ¶ms)))
367
goto out;
368
369
r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot, key, keysize, NULL, 0);
370
out:
371
372
crypt_free(cd);
373
if (key) {
374
memset(key, 0, keysize);
375
free(key);
376
}
377
return r;
378
}
379
380
static int action_luksFormat(int arg)
381
{
265
382
int r = 0; char *msg = NULL;
266
383
267
if(asprintf(&msg, _("This will overwrite data on %s irrevocably."), options.device) == -1) {
268
fputs(_("memory allocation error in action_luksFormat"), stderr);
269
} else {
270
r = yesDialog(msg) ? crypt_luksFormat(&options) : -EINVAL;
271
free(msg);
272
show_status(-r);
273
}
274
return r;
384
/* Avoid overwriting possibly wrong part of device than user requested by rejecting these options */
385
if (opt_offset || opt_skip) {
386
log_err("Options --offset and --skip are not supported for luksFormat.\n");
387
return -EINVAL;
388
}
389
390
if(asprintf(&msg, _("This will overwrite data on %s irrevocably."), action_argv[0]) == -1) {
391
log_err(_("memory allocation error in action_luksFormat"));
392
return -ENOMEM;
393
}
394
r = yesDialog(msg);
395
free(msg);
396
397
if (!r)
398
return -EINVAL;
399
400
if (opt_master_key_file)
401
return _action_luksFormat_useMK();
402
else
403
return _action_luksFormat_generateMK();
275
404
}
276
405
277
406
static int action_luksOpen(int arg)
280
409
.name = action_argv[1],
281
410
.device = action_argv[0],
282
411
.key_file = opt_key_file,
412
.key_size = opt_key_file ? (opt_key_size / 8) : 0, /* limit bytes read from keyfile */
283
413
.timeout = opt_timeout,
284
.tries = opt_tries,
414
.tries = opt_key_file ? 1 : opt_tries, /* verify is usefull only for tty */
285
415
.icb = &cmd_icb,
286
416
};
287
int r;
288
417
289
opt_verbose = 1;
290
options.flags = 0;
291
418
if (opt_readonly)
292
419
options.flags |= CRYPT_FLAG_READONLY;
293
420
if (opt_non_exclusive)
294
options.flags |= CRYPT_FLAG_NON_EXCLUSIVE_ACCESS;
295
r = crypt_luksOpen(&options);
296
show_status(-r);
297
return r;
421
log_err(_("Obsolete option --non-exclusive is ignored.\n"));
422
423
return crypt_luksOpen(&options);
298
424
}
299
425
300
426
static int action_luksDelKey(int arg)
301
427
{
302
fprintf(stderr,"luksDelKey is a deprecated action name.\nPlease use luksKillSlot.\n");
303
return action_luksKillSlot(arg);
428
log_err("luksDelKey is a deprecated action name.\nPlease use luksKillSlot.\n");
429
return action_luksKillSlot(arg);
304
430
}
305
431
306
432
static int action_luksKillSlot(int arg)
313
439
.flags = !opt_batch_mode?CRYPT_FLAG_VERIFY_ON_DELKEY : 0,
314
440
.icb = &cmd_icb,
315
441
};
316
int r;
317
442
318
opt_verbose = 1;
319
r = crypt_luksKillSlot(&options);
320
show_status(-r);
321
return r;
443
return crypt_luksKillSlot(&options);
322
444
}
323
445
324
446
static int action_luksRemoveKey(int arg)
331
453
.flags = !opt_batch_mode?CRYPT_FLAG_VERIFY_ON_DELKEY : 0,
332
454
.icb = &cmd_icb,
333
455
};
334
int r;
335
336
opt_verbose = 1;
337
r = crypt_luksRemoveKey(&options);
338
show_status(-r);
456
457
return crypt_luksRemoveKey(&options);
458
}
459
460
static int _action_luksAddKey_useMK()
461
{
462
int r = -EINVAL, keysize;
463
char *key = NULL;
464
struct crypt_device *cd = NULL;
465
466
if ((r = crypt_init(&cd, action_argv[0])))
467
goto out;
468
469
if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
470
goto out;
471
472
keysize = crypt_get_volume_key_size(cd);
473
crypt_set_password_verify(cd, 1);
474
crypt_set_timeout(cd, opt_timeout);
475
if (opt_iteration_time)
476
crypt_set_iterarion_time(cd, opt_iteration_time);
477
478
if (_read_mk(opt_master_key_file, &key, keysize) < 0)
479
goto out;
480
481
r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot, key, keysize, NULL, 0);
482
out:
483
crypt_free(cd);
484
if (key) {
485
memset(key, 0, keysize);
486
free(key);
487
}
339
488
return r;
340
489
}
341
490
351
500
.timeout = opt_timeout,
352
501
.icb = &cmd_icb,
353
502
};
354
int r;
355
503
356
opt_verbose = 1;
357
r = crypt_luksAddKey(&options);
358
show_status(-r);
359
return r;
504
if (opt_master_key_file)
505
return _action_luksAddKey_useMK();
506
else
507
return crypt_luksAddKey(&options);
360
508
}
361
509
362
510
static int action_isLuks(int arg)
365
513
.device = action_argv[0],
366
514
.icb = &cmd_icb,
367
515
};
516
368
517
return crypt_isLuks(&options);
369
518
}
370
519
374
523
.device = action_argv[0],
375
524
.icb = &cmd_icb,
376
525
};
377
int r;
378
526
379
r = crypt_luksUUID(&options);
380
if (r < 0)
381
show_status(-r);
382
return r;
527
return crypt_luksUUID(&options);
383
528
}
384
529
385
530
static int action_luksDump(int arg)
388
533
.device = action_argv[0],
389
534
.icb = &cmd_icb,
390
535
};
391
int r;
392
393
r = crypt_luksDump(&options);
394
if (r < 0)
395
show_status(-r);
536
537
return crypt_luksDump(&options);
538
}
539
540
static int action_luksSuspend(int arg)
541
{
542
struct crypt_device *cd = NULL;
543
int r;
544
545
r = crypt_init_by_name(&cd, action_argv[0]);
546
if (!r)
547
r = crypt_suspend(cd, action_argv[0]);
548
549
crypt_free(cd);
550
return r;
551
}
552
553
static int action_luksResume(int arg)
554
{
555
struct crypt_device *cd = NULL;
556
int r;
557
558
if ((r = crypt_init_by_name(&cd, action_argv[0])))
559
goto out;
560
561
if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
562
goto out;
563
564
if (opt_key_file)
565
r = crypt_resume_by_keyfile(cd, action_argv[0], CRYPT_ANY_SLOT,
566
opt_key_file, opt_key_size / 8);
567
else
568
r = crypt_resume_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT,
569
NULL, 0);
570
out:
571
crypt_free(cd);
572
return r;
573
}
574
575
static int action_luksBackup(int arg)
576
{
577
struct crypt_device *cd = NULL;
578
int r;
579
580
if (!opt_header_backup_file) {
581
log_err(_("Option --header-backup-file is required.\n"));
582
return -EINVAL;
583
}
584
585
if ((r = crypt_init(&cd, action_argv[0])))
586
goto out;
587
588
crypt_set_log_callback(cd, _log, NULL);
589
crypt_set_confirm_callback(cd, _yesDialog, NULL);
590
591
r = crypt_header_backup(cd, CRYPT_LUKS1, opt_header_backup_file);
592
out:
593
crypt_free(cd);
594
return r;
595
}
596
597
static int action_luksRestore(int arg)
598
{
599
struct crypt_device *cd = NULL;
600
int r = 0;
601
602
if (!opt_header_backup_file) {
603
log_err(_("Option --header-backup-file is required.\n"));
604
return -EINVAL;
605
}
606
607
if ((r = crypt_init(&cd, action_argv[0])))
608
goto out;
609
610
crypt_set_log_callback(cd, _log, NULL);
611
crypt_set_confirm_callback(cd, _yesDialog, NULL);
612
r = crypt_header_restore(cd, CRYPT_LUKS1, opt_header_backup_file);
613
out:
614
crypt_free(cd);
396
615
return r;
397
616
}
398
617
401
620
{
402
621
poptPrintUsage(popt_context, stderr, 0);
403
622
if (error)
404
fprintf(stderr, "%s: %s\n", more, error);
623
log_err("%s: %s\n", more, error);
405
624
exit(exitcode);
406
625
}
407
626
411
630
if (key->shortName == '?') {
412
631
struct action_type *action;
413
632
414
fprintf(stdout, "%s\n",PACKAGE_STRING);
633
log_std("%s\n",PACKAGE_STRING);
415
634
416
635
poptPrintHelp(popt_context, stdout, 0);
417
636
418
printf(_("\n"
637
log_std(_("\n"
419
638
"<action> is one of:\n"));
420
639
421
640
for(action = action_types; action->type; action++)
422
printf("\t%s %s - %s\n", action->type, _(action->arg_desc), _(action->desc));
641
log_std("\t%s %s - %s\n", action->type, _(action->arg_desc), _(action->desc));
423
642
424
printf(_("\n"
643
log_std(_("\n"
425
644
"<name> is the device to create under %s\n"
426
645
"<device> is the encrypted device\n"
427
646
"<key slot> is the LUKS key slot number to modify\n"
430
649
exit(0);
431
650
} else
432
651
usage(popt_context, 0, NULL, NULL);
433
}
652
}
653
654
void set_debug_level(int level);
655
656
static void _dbg_version_and_cmd(int argc, char **argv)
657
{
658
int i;
659
660
log_std("# %s %s processing \"", PACKAGE_NAME, PACKAGE_VERSION);
661
for (i = 0; i < argc; i++) {
662
if (i)
663
log_std(" ");
664
log_std(argv[i]);
665
}
666
log_std("\"\n");
667
}
668
669
static int run_action(struct action_type *action)
670
{
671
int r;
672
673
if (action->required_memlock)
674
crypt_memory_lock(NULL, 1);
675
676
r = action->handler(action->arg);
677
678
if (action->required_memlock)
679
crypt_memory_lock(NULL, 0);
680
681
show_status(r);
682
683
return r;
684
}
434
685
435
686
int main(int argc, char **argv)
436
687
{
444
695
static struct poptOption popt_options[] = {
445
696
{ NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL },
446
697
{ "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL },
698
{ "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL },
447
699
{ "cipher", 'c', POPT_ARG_STRING | POPT_ARGFLAG_SHOW_DEFAULT, &opt_cipher, 0, N_("The cipher used to encrypt the disk (see /proc/crypto)"), NULL },
448
700
{ "hash", 'h', POPT_ARG_STRING | POPT_ARGFLAG_SHOW_DEFAULT, &opt_hash, 0, N_("The hash used to create the encryption key from the passphrase"), NULL },
449
701
{ "verify-passphrase", 'y', POPT_ARG_NONE, &opt_verify_passphrase, 0, N_("Verifies the passphrase by asking for it twice"), NULL },
450
702
{ "key-file", 'd', POPT_ARG_STRING, &opt_key_file, 0, N_("Read the key from a file (can be /dev/random)"), NULL },
703
{ "master-key-file", '\0', POPT_ARG_STRING, &opt_master_key_file, 0, N_("Read the volume (master) key from file."), NULL },
451
704
{ "key-size", 's', POPT_ARG_INT | POPT_ARGFLAG_SHOW_DEFAULT, &opt_key_size, 0, N_("The size of the encryption key"), N_("BITS") },
452
705
{ "key-slot", 'S', POPT_ARG_INT, &opt_key_slot, 0, N_("Slot number for new key (default is first free)"), NULL },
453
706
{ "size", 'b', POPT_ARG_STRING, &popt_tmp, 1, N_("The size of the device"), N_("SECTORS") },
458
711
N_("msecs") },
459
712
{ "batch-mode", 'q', POPT_ARG_NONE, &opt_batch_mode, 0, N_("Do not ask for confirmation"), NULL },
460
713
{ "version", '\0', POPT_ARG_NONE, &opt_version_mode, 0, N_("Print package version"), NULL },
461
{ "timeout", 't', POPT_ARG_INT, &opt_timeout, 0, N_("Timeout for interactive passphrase prompt (in seconds)"), N_("secs") },
462
{ "tries", 'T', POPT_ARG_INT, &opt_tries, 0, N_("How often the input of the passphrase can be retried"), NULL },
463
{ "align-payload", '\0', POPT_ARG_INT, &opt_align_payload, 0, N_("Align payload at <n> sector boundaries - for luksFormat"), N_("SECTORS") },
464
{ "non-exclusive", '\0', POPT_ARG_NONE, &opt_non_exclusive, 0, N_("Allows non-exclusive access for luksOpen, WARNING see manpage."), NULL },
714
{ "timeout", 't', POPT_ARG_INT, &opt_timeout, 0, N_("Timeout for interactive passphrase prompt (in seconds)"), N_("secs") },
715
{ "tries", 'T', POPT_ARG_INT, &opt_tries, 0, N_("How often the input of the passphrase canbe retried"), NULL },
716
{ "align-payload", '\0', POPT_ARG_INT, &opt_align_payload, 0, N_("Align payload at <n> sector boundaries - for luksFormat"), N_("SECTORS") },
717
{ "non-exclusive", '\0', POPT_ARG_NONE, &opt_non_exclusive, 0, N_("Allows non-exclusive access for luksOpen, WARNING see manpage."), NULL },
718
{ "header-backup-file",'\0', POPT_ARG_STRING, &opt_header_backup_file,0, N_("File with LUKS header and keyslots backup."), NULL },
465
719
POPT_TABLEEND
466
720
};
467
721
poptContext popt_context;
470
724
int r;
471
725
const char *null_action_argv[] = {NULL};
472
726
727
crypt_set_log_callback(NULL, _log, NULL);
728
473
729
setlocale(LC_ALL, "");
474
730
bindtextdomain(PACKAGE, LOCALEDIR);
475
731
textdomain(PACKAGE);
507
763
usage(popt_context, 1, poptStrerror(r),
508
764
poptBadOption(popt_context, POPT_BADOPTION_NOALIAS));
509
765
if (opt_version_mode) {
510
printf("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION);
766
log_std("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION);
511
767
exit(0);
512
768
}
513
769
514
770
if (opt_key_size % 8)
515
771
usage(popt_context, 1,
516
772
_("Key size must be a multiple of 8 bits"),
517
773
poptGetInvocationName(popt_context));
518
774
519
775
if (!(aname = (char *)poptGetArg(popt_context)))
520
776
usage(popt_context, 1, _("Argument <action> missing."),
521
777
poptGetInvocationName(popt_context));
531
787
/* Make return values of poptGetArgs more consistent in case of remaining argc = 0 */
532
788
if(!action_argv)
533
789
action_argv = null_action_argv;
534
790
535
791
/* Count args, somewhat unnice, change? */
536
792
while(action_argv[action_argc] != NULL)
537
793
action_argc++;
541
797
snprintf(buf, 128,_("%s: requires %s as arguments"), action->type, action->arg_desc);
542
798
usage(popt_context, 1, buf,
543
799
poptGetInvocationName(popt_context));
544
}
545
return action->handler(action->arg);
800
}
801
802
if (opt_debug) {
803
opt_verbose = 1;
804
crypt_set_debug_level(-1);
805
_dbg_version_and_cmd(argc, argv);
806
}
807
808
return run_action(action);
546
809
}
547
548
// Local Variables:
549
// c-basic-offset: 8
550
// indent-tabs-mode: nil
551
// End:
Loggerhead is a web-based interface for Breezy
Version: 2.0.1