File: | build-scan/../src/cryptsetup/cryptsetup-generator.c |
Warning: | line 491, column 25 Potential leak of memory pointed to by 'uuid' |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* SPDX-License-Identifier: LGPL-2.1+ */ | |||
2 | ||||
3 | #include <errno(*__errno_location ()).h> | |||
4 | #include <stdio_ext.h> | |||
5 | ||||
6 | #include "alloc-util.h" | |||
7 | #include "dropin.h" | |||
8 | #include "escape.h" | |||
9 | #include "fd-util.h" | |||
10 | #include "fileio.h" | |||
11 | #include "fstab-util.h" | |||
12 | #include "generator.h" | |||
13 | #include "hashmap.h" | |||
14 | #include "id128-util.h" | |||
15 | #include "log.h" | |||
16 | #include "mkdir.h" | |||
17 | #include "parse-util.h" | |||
18 | #include "path-util.h" | |||
19 | #include "proc-cmdline.h" | |||
20 | #include "specifier.h" | |||
21 | #include "string-util.h" | |||
22 | #include "strv.h" | |||
23 | #include "unit-name.h" | |||
24 | #include "util.h" | |||
25 | ||||
26 | typedef struct crypto_device { | |||
27 | char *uuid; | |||
28 | char *keyfile; | |||
29 | char *keydev; | |||
30 | char *name; | |||
31 | char *options; | |||
32 | bool_Bool create; | |||
33 | } crypto_device; | |||
34 | ||||
35 | static const char *arg_dest = "/tmp"; | |||
36 | static bool_Bool arg_enabled = true1; | |||
37 | static bool_Bool arg_read_crypttab = true1; | |||
38 | static bool_Bool arg_whitelist = false0; | |||
39 | static Hashmap *arg_disks = NULL((void*)0); | |||
40 | static char *arg_default_options = NULL((void*)0); | |||
41 | static char *arg_default_keyfile = NULL((void*)0); | |||
42 | ||||
43 | static int split_keyspec(const char *keyspec, char **ret_keyfile, char **ret_keydev) { | |||
44 | _cleanup_free___attribute__((cleanup(freep))) char *keyfile = NULL((void*)0), *keydev = NULL((void*)0); | |||
45 | const char *c; | |||
46 | ||||
47 | assert(ret_keyfile)do { if ((__builtin_expect(!!(!(ret_keyfile)),0))) log_assert_failed_realm (LOG_REALM_SYSTEMD, ("ret_keyfile"), "../src/cryptsetup/cryptsetup-generator.c" , 47, __PRETTY_FUNCTION__); } while (0); | |||
48 | assert(ret_keydev)do { if ((__builtin_expect(!!(!(ret_keydev)),0))) log_assert_failed_realm (LOG_REALM_SYSTEMD, ("ret_keydev"), "../src/cryptsetup/cryptsetup-generator.c" , 48, __PRETTY_FUNCTION__); } while (0); | |||
49 | ||||
50 | if (!keyspec) { | |||
51 | *ret_keyfile = *ret_keydev = NULL((void*)0); | |||
52 | return 0; | |||
53 | } | |||
54 | ||||
55 | c = strrchr(keyspec, ':'); | |||
56 | if (c) { | |||
57 | /* The keydev part has to be either an absolute path to device node (/dev/something, | |||
58 | * /dev/foo/something, or even possibly /dev/foo/something:part), or a fstab device | |||
59 | * specification starting with LABEL= or similar. The keyfile part has the same syntax. | |||
60 | * | |||
61 | * Let's try to guess if the second part looks like a keydev specification, or just part of a | |||
62 | * filename with a colon. fstab_node_to_udev_node() will convert the fstab device syntax to | |||
63 | * an absolute path. If we didn't get an absolute path, assume that it is just part of the | |||
64 | * first keyfile argument. */ | |||
65 | ||||
66 | keydev = fstab_node_to_udev_node(c + 1); | |||
67 | if (!keydev) | |||
68 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 68, __func__); | |||
69 | ||||
70 | if (path_is_absolute(keydev)) | |||
71 | keyfile = strndup(keyspec, c-keyspec); | |||
72 | else { | |||
73 | log_debug("Keyspec argument contains a colon, but \"%s\" doesn't look like a device specification.\n"({ int _level = (((7))), _e = ((0)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 75, __func__, "Keyspec argument contains a colon, but \"%s\" doesn't look like a device specification.\n" "Assuming that \"%s\" is a single device specification.", c + 1, keyspec) : -abs(_e); }) | |||
74 | "Assuming that \"%s\" is a single device specification.",({ int _level = (((7))), _e = ((0)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 75, __func__, "Keyspec argument contains a colon, but \"%s\" doesn't look like a device specification.\n" "Assuming that \"%s\" is a single device specification.", c + 1, keyspec) : -abs(_e); }) | |||
75 | c + 1, keyspec)({ int _level = (((7))), _e = ((0)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 75, __func__, "Keyspec argument contains a colon, but \"%s\" doesn't look like a device specification.\n" "Assuming that \"%s\" is a single device specification.", c + 1, keyspec) : -abs(_e); }); | |||
76 | keydev = mfree(keydev); | |||
77 | c = NULL((void*)0); | |||
78 | } | |||
79 | } | |||
80 | ||||
81 | if (!c) | |||
82 | /* No keydev specified */ | |||
83 | keyfile = strdup(keyspec); | |||
84 | ||||
85 | if (!keyfile) | |||
86 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 86, __func__); | |||
87 | ||||
88 | *ret_keyfile = TAKE_PTR(keyfile)({ typeof(keyfile) _ptr_ = (keyfile); (keyfile) = ((void*)0); _ptr_; }); | |||
89 | *ret_keydev = TAKE_PTR(keydev)({ typeof(keydev) _ptr_ = (keydev); (keydev) = ((void*)0); _ptr_ ; }); | |||
90 | ||||
91 | return 0; | |||
92 | } | |||
93 | ||||
94 | static int generate_keydev_mount(const char *name, const char *keydev, const char *keydev_timeout, bool_Bool canfail, char **unit, char **mount) { | |||
95 | _cleanup_free___attribute__((cleanup(freep))) char *u = NULL((void*)0), *where = NULL((void*)0), *name_escaped = NULL((void*)0), *device_unit = NULL((void*)0); | |||
96 | _cleanup_fclose___attribute__((cleanup(fclosep))) FILE *f = NULL((void*)0); | |||
97 | int r; | |||
98 | usec_t timeout_us; | |||
99 | ||||
100 | assert(name)do { if ((__builtin_expect(!!(!(name)),0))) log_assert_failed_realm (LOG_REALM_SYSTEMD, ("name"), "../src/cryptsetup/cryptsetup-generator.c" , 100, __PRETTY_FUNCTION__); } while (0); | |||
101 | assert(keydev)do { if ((__builtin_expect(!!(!(keydev)),0))) log_assert_failed_realm (LOG_REALM_SYSTEMD, ("keydev"), "../src/cryptsetup/cryptsetup-generator.c" , 101, __PRETTY_FUNCTION__); } while (0); | |||
102 | assert(unit)do { if ((__builtin_expect(!!(!(unit)),0))) log_assert_failed_realm (LOG_REALM_SYSTEMD, ("unit"), "../src/cryptsetup/cryptsetup-generator.c" , 102, __PRETTY_FUNCTION__); } while (0); | |||
103 | assert(mount)do { if ((__builtin_expect(!!(!(mount)),0))) log_assert_failed_realm (LOG_REALM_SYSTEMD, ("mount"), "../src/cryptsetup/cryptsetup-generator.c" , 103, __PRETTY_FUNCTION__); } while (0); | |||
104 | ||||
105 | r = mkdir_parents("/run/systemd/cryptsetup", 0755); | |||
106 | if (r < 0) | |||
107 | return r; | |||
108 | ||||
109 | r = mkdir("/run/systemd/cryptsetup", 0700); | |||
110 | if (r < 0 && errno(*__errno_location ()) != EEXIST17) | |||
111 | return -errno(*__errno_location ()); | |||
112 | ||||
113 | name_escaped = cescape(name); | |||
114 | if (!name_escaped) | |||
115 | return -ENOMEM12; | |||
116 | ||||
117 | where = strjoin("/run/systemd/cryptsetup/keydev-", name_escaped)strjoin_real(("/run/systemd/cryptsetup/keydev-"), name_escaped , ((void*)0)); | |||
118 | if (!where) | |||
119 | return -ENOMEM12; | |||
120 | ||||
121 | r = mkdir(where, 0700); | |||
122 | if (r < 0 && errno(*__errno_location ()) != EEXIST17) | |||
123 | return -errno(*__errno_location ()); | |||
124 | ||||
125 | r = unit_name_from_path(where, ".mount", &u); | |||
126 | if (r < 0) | |||
127 | return r; | |||
128 | ||||
129 | r = generator_open_unit_file(arg_dest, NULL((void*)0), u, &f); | |||
130 | if (r < 0) | |||
131 | return r; | |||
132 | ||||
133 | fprintf(f, | |||
134 | "[Unit]\n" | |||
135 | "DefaultDependencies=no\n\n" | |||
136 | "[Mount]\n" | |||
137 | "What=%s\n" | |||
138 | "Where=%s\n" | |||
139 | "Options=ro%s\n", keydev, where, canfail ? ",nofail" : ""); | |||
140 | ||||
141 | if (keydev_timeout) { | |||
142 | r = parse_sec_fix_0(keydev_timeout, &timeout_us); | |||
143 | if (r >= 0) { | |||
144 | r = unit_name_from_path(keydev, ".device", &device_unit); | |||
145 | if (r < 0) | |||
146 | return log_error_errno(r, "Failed to generate unit name: %m")({ int _level = ((3)), _e = ((r)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 146, __func__, "Failed to generate unit name: %m" ) : -abs(_e); }); | |||
147 | ||||
148 | r = write_drop_in_format(arg_dest, device_unit, 90, "device-timeout", | |||
149 | "# Automatically generated by systemd-cryptsetup-generator \n\n" | |||
150 | "[Unit]\nJobRunningTimeoutSec=%s", keydev_timeout); | |||
151 | if (r < 0) | |||
152 | return log_error_errno(r, "Failed to write device drop-in: %m")({ int _level = ((3)), _e = ((r)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 152, __func__, "Failed to write device drop-in: %m" ) : -abs(_e); }); | |||
153 | ||||
154 | } else | |||
155 | log_warning_errno(r, "Failed to parse %s, ignoring: %m", keydev_timeout)({ int _level = ((4)), _e = ((r)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 155, __func__, "Failed to parse %s, ignoring: %m" , keydev_timeout) : -abs(_e); }); | |||
156 | ||||
157 | } | |||
158 | ||||
159 | r = fflush_and_check(f); | |||
160 | if (r < 0) | |||
161 | return r; | |||
162 | ||||
163 | *unit = TAKE_PTR(u)({ typeof(u) _ptr_ = (u); (u) = ((void*)0); _ptr_; }); | |||
164 | *mount = TAKE_PTR(where)({ typeof(where) _ptr_ = (where); (where) = ((void*)0); _ptr_ ; }); | |||
165 | ||||
166 | return 0; | |||
167 | } | |||
168 | ||||
169 | static int create_disk( | |||
170 | const char *name, | |||
171 | const char *device, | |||
172 | const char *password, | |||
173 | const char *keydev, | |||
174 | const char *options) { | |||
175 | ||||
176 | _cleanup_free___attribute__((cleanup(freep))) char *n = NULL((void*)0), *d = NULL((void*)0), *u = NULL((void*)0), *e = NULL((void*)0), | |||
177 | *keydev_mount = NULL((void*)0), *keyfile_timeout_value = NULL((void*)0), *password_escaped = NULL((void*)0), | |||
178 | *filtered = NULL((void*)0), *u_escaped = NULL((void*)0), *filtered_escaped = NULL((void*)0), *name_escaped = NULL((void*)0); | |||
179 | _cleanup_fclose___attribute__((cleanup(fclosep))) FILE *f = NULL((void*)0); | |||
180 | const char *dmname; | |||
181 | bool_Bool noauto, nofail, tmp, swap, netdev; | |||
182 | int r, keyfile_can_timeout; | |||
183 | ||||
184 | assert(name)do { if ((__builtin_expect(!!(!(name)),0))) log_assert_failed_realm (LOG_REALM_SYSTEMD, ("name"), "../src/cryptsetup/cryptsetup-generator.c" , 184, __PRETTY_FUNCTION__); } while (0); | |||
185 | assert(device)do { if ((__builtin_expect(!!(!(device)),0))) log_assert_failed_realm (LOG_REALM_SYSTEMD, ("device"), "../src/cryptsetup/cryptsetup-generator.c" , 185, __PRETTY_FUNCTION__); } while (0); | |||
186 | ||||
187 | noauto = fstab_test_yes_no_option(options, "noauto\0" "auto\0"); | |||
188 | nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0"); | |||
189 | tmp = fstab_test_option(options, "tmp\0"); | |||
190 | swap = fstab_test_option(options, "swap\0"); | |||
191 | netdev = fstab_test_option(options, "_netdev\0"); | |||
192 | ||||
193 | keyfile_can_timeout = fstab_filter_options(options, "keyfile-timeout\0", NULL((void*)0), &keyfile_timeout_value, NULL((void*)0)); | |||
194 | if (keyfile_can_timeout < 0) | |||
195 | return log_error_errno(keyfile_can_timeout, "Failed to parse keyfile-timeout= option value: %m")({ int _level = ((3)), _e = ((keyfile_can_timeout)), _realm = (LOG_REALM_SYSTEMD); (log_get_max_level_realm(_realm) >= ( (_level) & 0x07)) ? log_internal_realm(((_realm) << 10 | (_level)), _e, "../src/cryptsetup/cryptsetup-generator.c" , 195, __func__, "Failed to parse keyfile-timeout= option value: %m" ) : -abs(_e); }); | |||
196 | ||||
197 | if (tmp && swap) { | |||
198 | log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name)({ int _level = (((3))), _e = ((0)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 198, __func__, "Device '%s' cannot be both 'tmp' and 'swap'. Ignoring." , name) : -abs(_e); }); | |||
199 | return -EINVAL22; | |||
200 | } | |||
201 | ||||
202 | name_escaped = specifier_escape(name); | |||
203 | if (!name_escaped) | |||
204 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 204, __func__); | |||
205 | ||||
206 | e = unit_name_escape(name); | |||
207 | if (!e) | |||
208 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 208, __func__); | |||
209 | ||||
210 | u = fstab_node_to_udev_node(device); | |||
211 | if (!u) | |||
212 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 212, __func__); | |||
213 | ||||
214 | r = unit_name_build("systemd-cryptsetup", e, ".service", &n); | |||
215 | if (r < 0) | |||
216 | return log_error_errno(r, "Failed to generate unit name: %m")({ int _level = ((3)), _e = ((r)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 216, __func__, "Failed to generate unit name: %m" ) : -abs(_e); }); | |||
217 | ||||
218 | u_escaped = specifier_escape(u); | |||
219 | if (!u_escaped) | |||
220 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 220, __func__); | |||
221 | ||||
222 | r = unit_name_from_path(u, ".device", &d); | |||
223 | if (r < 0) | |||
224 | return log_error_errno(r, "Failed to generate unit name: %m")({ int _level = ((3)), _e = ((r)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 224, __func__, "Failed to generate unit name: %m" ) : -abs(_e); }); | |||
225 | ||||
226 | if (keydev && !password) { | |||
227 | log_error("Key device is specified, but path to the password file is missing.")({ int _level = (((3))), _e = ((0)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 227, __func__, "Key device is specified, but path to the password file is missing." ) : -abs(_e); }); | |||
228 | return -EINVAL22; | |||
229 | } | |||
230 | ||||
231 | r = generator_open_unit_file(arg_dest, NULL((void*)0), n, &f); | |||
232 | if (r < 0) | |||
233 | return r; | |||
234 | ||||
235 | fprintf(f, | |||
236 | "[Unit]\n" | |||
237 | "Description=Cryptography Setup for %%I\n" | |||
238 | "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n" | |||
239 | "SourcePath=/etc/crypttab\n" | |||
240 | "DefaultDependencies=no\n" | |||
241 | "Conflicts=umount.target\n" | |||
242 | "IgnoreOnIsolate=true\n" | |||
243 | "After=%s\n", | |||
244 | netdev ? "remote-fs-pre.target" : "cryptsetup-pre.target"); | |||
245 | ||||
246 | if (password) { | |||
247 | password_escaped = specifier_escape(password); | |||
248 | if (!password_escaped) | |||
249 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 249, __func__); | |||
250 | } | |||
251 | ||||
252 | if (keydev) { | |||
253 | _cleanup_free___attribute__((cleanup(freep))) char *unit = NULL((void*)0), *p = NULL((void*)0); | |||
254 | ||||
255 | r = generate_keydev_mount(name, keydev, keyfile_timeout_value, keyfile_can_timeout > 0, &unit, &keydev_mount); | |||
256 | if (r < 0) | |||
257 | return log_error_errno(r, "Failed to generate keydev mount unit: %m")({ int _level = ((3)), _e = ((r)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 257, __func__, "Failed to generate keydev mount unit: %m" ) : -abs(_e); }); | |||
258 | ||||
259 | p = prefix_root(keydev_mount, password_escaped); | |||
260 | if (!p) | |||
261 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 261, __func__); | |||
262 | ||||
263 | free_and_replace(password_escaped, p)({ free(password_escaped); (password_escaped) = (p); (p) = (( void*)0); 0; }); | |||
264 | ||||
265 | fprintf(f, "After=%s\n", unit); | |||
266 | if (keyfile_can_timeout > 0) | |||
267 | fprintf(f, "Wants=%s\n", unit); | |||
268 | else | |||
269 | fprintf(f, "Requires=%s\n", unit); | |||
270 | } | |||
271 | ||||
272 | if (!nofail) | |||
273 | fprintf(f, | |||
274 | "Before=%s\n", | |||
275 | netdev ? "remote-cryptsetup.target" : "cryptsetup.target"); | |||
276 | ||||
277 | if (password && !keydev) { | |||
278 | if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random")(!!strv_find((((char**) ((const char*[]) { "/dev/urandom", "/dev/random" , "/dev/hw_random", ((void*)0) }))), (password)))) | |||
279 | fputs("After=systemd-random-seed.service\n", f); | |||
280 | else if (!STR_IN_SET(password, "-", "none")(!!strv_find((((char**) ((const char*[]) { "-", "none", ((void *)0) }))), (password)))) { | |||
281 | _cleanup_free___attribute__((cleanup(freep))) char *uu; | |||
282 | ||||
283 | uu = fstab_node_to_udev_node(password); | |||
284 | if (!uu) | |||
285 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 285, __func__); | |||
286 | ||||
287 | if (!path_equal(uu, "/dev/null")) { | |||
288 | ||||
289 | if (path_startswith(uu, "/dev/")) { | |||
290 | _cleanup_free___attribute__((cleanup(freep))) char *dd = NULL((void*)0); | |||
291 | ||||
292 | r = unit_name_from_path(uu, ".device", &dd); | |||
293 | if (r < 0) | |||
294 | return log_error_errno(r, "Failed to generate unit name: %m")({ int _level = ((3)), _e = ((r)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 294, __func__, "Failed to generate unit name: %m" ) : -abs(_e); }); | |||
295 | ||||
296 | fprintf(f, "After=%1$s\nRequires=%1$s\n", dd); | |||
297 | } else | |||
298 | fprintf(f, "RequiresMountsFor=%s\n", password_escaped); | |||
299 | } | |||
300 | } | |||
301 | } | |||
302 | ||||
303 | if (path_startswith(u, "/dev/")) { | |||
304 | fprintf(f, | |||
305 | "BindsTo=%s\n" | |||
306 | "After=%s\n" | |||
307 | "Before=umount.target\n", | |||
308 | d, d); | |||
309 | ||||
310 | if (swap) | |||
311 | fputs("Before=dev-mapper-%i.swap\n", | |||
312 | f); | |||
313 | } else | |||
314 | fprintf(f, | |||
315 | "RequiresMountsFor=%s\n", | |||
316 | u_escaped); | |||
317 | ||||
318 | r = generator_write_timeouts(arg_dest, device, name, options, &filtered); | |||
319 | if (r < 0) | |||
320 | return r; | |||
321 | ||||
322 | if (filtered) { | |||
323 | filtered_escaped = specifier_escape(filtered); | |||
324 | if (!filtered_escaped) | |||
325 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 325, __func__); | |||
326 | } | |||
327 | ||||
328 | fprintf(f, | |||
329 | "\n[Service]\n" | |||
330 | "Type=oneshot\n" | |||
331 | "RemainAfterExit=yes\n" | |||
332 | "TimeoutSec=0\n" /* the binary handles timeouts anyway */ | |||
333 | "KeyringMode=shared\n" /* make sure we can share cached keys among instances */ | |||
334 | "ExecStart=" SYSTEMD_CRYPTSETUP_PATH"/usr/lib/systemd/systemd-cryptsetup" " attach '%s' '%s' '%s' '%s'\n" | |||
335 | "ExecStop=" SYSTEMD_CRYPTSETUP_PATH"/usr/lib/systemd/systemd-cryptsetup" " detach '%s'\n", | |||
336 | name_escaped, u_escaped, strempty(password_escaped), strempty(filtered_escaped), | |||
337 | name_escaped); | |||
338 | ||||
339 | if (tmp) | |||
340 | fprintf(f, | |||
341 | "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n", | |||
342 | name_escaped); | |||
343 | ||||
344 | if (swap) | |||
345 | fprintf(f, | |||
346 | "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n", | |||
347 | name_escaped); | |||
348 | ||||
349 | if (keydev) | |||
350 | fprintf(f, | |||
351 | "ExecStartPost=-" UMOUNT_PATH"/bin/umount" " %s\n\n", | |||
352 | keydev_mount); | |||
353 | ||||
354 | r = fflush_and_check(f); | |||
355 | if (r < 0) | |||
356 | return log_error_errno(r, "Failed to write unit file %s: %m", n)({ int _level = ((3)), _e = ((r)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 356, __func__, "Failed to write unit file %s: %m" , n) : -abs(_e); }); | |||
357 | ||||
358 | if (!noauto) { | |||
359 | r = generator_add_symlink(arg_dest, d, "wants", n); | |||
360 | if (r < 0) | |||
361 | return r; | |||
362 | ||||
363 | r = generator_add_symlink(arg_dest, | |||
364 | netdev ? "remote-cryptsetup.target" : "cryptsetup.target", | |||
365 | nofail ? "wants" : "requires", n); | |||
366 | if (r < 0) | |||
367 | return r; | |||
368 | } | |||
369 | ||||
370 | dmname = strjoina("dev-mapper-", e, ".device")({ const char *_appendees_[] = { "dev-mapper-", e, ".device" } ; char *_d_, *_p_; size_t _len_ = 0; size_t _i_; for (_i_ = 0 ; _i_ < __extension__ (__builtin_choose_expr( !__builtin_types_compatible_p (typeof(_appendees_), typeof(&*(_appendees_))), sizeof(_appendees_ )/sizeof((_appendees_)[0]), ((void)0))) && _appendees_ [_i_]; _i_++) _len_ += strlen(_appendees_[_i_]); _p_ = _d_ = __builtin_alloca (_len_ + 1); for (_i_ = 0; _i_ < __extension__ (__builtin_choose_expr ( !__builtin_types_compatible_p(typeof(_appendees_), typeof(& *(_appendees_))), sizeof(_appendees_)/sizeof((_appendees_)[0] ), ((void)0))) && _appendees_[_i_]; _i_++) _p_ = stpcpy (_p_, _appendees_[_i_]); *_p_ = 0; _d_; }); | |||
371 | r = generator_add_symlink(arg_dest, dmname, "requires", n); | |||
372 | if (r < 0) | |||
373 | return r; | |||
374 | ||||
375 | if (!noauto && !nofail) { | |||
376 | r = write_drop_in(arg_dest, dmname, 90, "device-timeout", | |||
377 | "# Automatically generated by systemd-cryptsetup-generator \n\n" | |||
378 | "[Unit]\nJobTimeoutSec=0"); | |||
379 | if (r < 0) | |||
380 | return log_error_errno(r, "Failed to write device drop-in: %m")({ int _level = ((3)), _e = ((r)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 380, __func__, "Failed to write device drop-in: %m" ) : -abs(_e); }); | |||
381 | } | |||
382 | ||||
383 | return 0; | |||
384 | } | |||
385 | ||||
386 | static void crypt_device_free(crypto_device *d) { | |||
387 | free(d->uuid); | |||
388 | free(d->keyfile); | |||
389 | free(d->keydev); | |||
390 | free(d->name); | |||
391 | free(d->options); | |||
392 | free(d); | |||
393 | } | |||
394 | ||||
395 | static crypto_device *get_crypto_device(const char *uuid) { | |||
396 | int r; | |||
397 | crypto_device *d; | |||
398 | ||||
399 | assert(uuid)do { if ((__builtin_expect(!!(!(uuid)),0))) log_assert_failed_realm (LOG_REALM_SYSTEMD, ("uuid"), "../src/cryptsetup/cryptsetup-generator.c" , 399, __PRETTY_FUNCTION__); } while (0); | |||
400 | ||||
401 | d = hashmap_get(arg_disks, uuid); | |||
402 | if (!d) { | |||
403 | d = new0(struct crypto_device, 1)((struct crypto_device*) calloc((1), sizeof(struct crypto_device ))); | |||
404 | if (!d) | |||
405 | return NULL((void*)0); | |||
406 | ||||
407 | d->create = false0; | |||
408 | d->keyfile = d->options = d->name = NULL((void*)0); | |||
409 | ||||
410 | d->uuid = strdup(uuid); | |||
411 | if (!d->uuid) | |||
412 | return mfree(d); | |||
413 | ||||
414 | r = hashmap_put(arg_disks, d->uuid, d); | |||
415 | if (r < 0) { | |||
416 | free(d->uuid); | |||
417 | return mfree(d); | |||
418 | } | |||
419 | } | |||
420 | ||||
421 | return d; | |||
422 | } | |||
423 | ||||
424 | static int parse_proc_cmdline_item(const char *key, const char *value, void *data) { | |||
425 | _cleanup_free___attribute__((cleanup(freep))) char *uuid = NULL((void*)0), *uuid_value = NULL((void*)0); | |||
426 | crypto_device *d; | |||
427 | int r; | |||
428 | ||||
429 | if (streq(key, "luks")(strcmp((key),("luks")) == 0)) { | |||
| ||||
430 | ||||
431 | r = value ? parse_boolean(value) : 1; | |||
432 | if (r < 0) | |||
433 | log_warning("Failed to parse luks= kernel command line switch %s. Ignoring.", value)({ int _level = (((4))), _e = ((0)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 433, __func__, "Failed to parse luks= kernel command line switch %s. Ignoring." , value) : -abs(_e); }); | |||
434 | else | |||
435 | arg_enabled = r; | |||
436 | ||||
437 | } else if (streq(key, "luks.crypttab")(strcmp((key),("luks.crypttab")) == 0)) { | |||
438 | ||||
439 | r = value ? parse_boolean(value) : 1; | |||
440 | if (r < 0) | |||
441 | log_warning("Failed to parse luks.crypttab= kernel command line switch %s. Ignoring.", value)({ int _level = (((4))), _e = ((0)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 441, __func__, "Failed to parse luks.crypttab= kernel command line switch %s. Ignoring." , value) : -abs(_e); }); | |||
442 | else | |||
443 | arg_read_crypttab = r; | |||
444 | ||||
445 | } else if (streq(key, "luks.uuid")(strcmp((key),("luks.uuid")) == 0)) { | |||
446 | ||||
447 | if (proc_cmdline_value_missing(key, value)) | |||
448 | return 0; | |||
449 | ||||
450 | d = get_crypto_device(startswith(value, "luks-") ? value+5 : value); | |||
451 | if (!d) | |||
452 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 452, __func__); | |||
453 | ||||
454 | d->create = arg_whitelist = true1; | |||
455 | ||||
456 | } else if (streq(key, "luks.options")(strcmp((key),("luks.options")) == 0)) { | |||
457 | ||||
458 | if (proc_cmdline_value_missing(key, value)) | |||
459 | return 0; | |||
460 | ||||
461 | r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value); | |||
462 | if (r == 2) { | |||
463 | d = get_crypto_device(uuid); | |||
464 | if (!d) | |||
465 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 465, __func__); | |||
466 | ||||
467 | free_and_replace(d->options, uuid_value)({ free(d->options); (d->options) = (uuid_value); (uuid_value ) = ((void*)0); 0; }); | |||
468 | } else if (free_and_strdup(&arg_default_options, value) < 0) | |||
469 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 469, __func__); | |||
470 | ||||
471 | } else if (streq(key, "luks.key")(strcmp((key),("luks.key")) == 0)) { | |||
472 | size_t n; | |||
473 | _cleanup_free___attribute__((cleanup(freep))) char *keyfile = NULL((void*)0), *keydev = NULL((void*)0); | |||
474 | const char *keyspec; | |||
475 | ||||
476 | if (proc_cmdline_value_missing(key, value)) | |||
477 | return 0; | |||
478 | ||||
479 | n = strspn(value, LETTERS"abcdefghijklmnopqrstuvwxyz" "ABCDEFGHIJKLMNOPQRSTUVWXYZ" DIGITS"0123456789" "-"); | |||
480 | if (value[n] != '=') { | |||
481 | if (free_and_strdup(&arg_default_keyfile, value) < 0) | |||
482 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 482, __func__); | |||
483 | return 0; | |||
484 | } | |||
485 | ||||
486 | uuid = strndup(value, n); | |||
487 | if (!uuid) | |||
488 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 488, __func__); | |||
489 | ||||
490 | if (!id128_is_valid(uuid)) { | |||
491 | log_warning("Failed to parse luks.key= kernel command line switch. UUID is invalid, ignoring.")({ int _level = (((4))), _e = ((0)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 491, __func__, "Failed to parse luks.key= kernel command line switch. UUID is invalid, ignoring." ) : -abs(_e); }); | |||
| ||||
492 | return 0; | |||
493 | } | |||
494 | ||||
495 | d = get_crypto_device(uuid); | |||
496 | if (!d) | |||
497 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 497, __func__); | |||
498 | ||||
499 | keyspec = value + n + 1; | |||
500 | r = split_keyspec(keyspec, &keyfile, &keydev); | |||
501 | if (r < 0) | |||
502 | return r; | |||
503 | ||||
504 | free_and_replace(d->keyfile, keyfile)({ free(d->keyfile); (d->keyfile) = (keyfile); (keyfile ) = ((void*)0); 0; }); | |||
505 | free_and_replace(d->keydev, keydev)({ free(d->keydev); (d->keydev) = (keydev); (keydev) = ( (void*)0); 0; }); | |||
506 | ||||
507 | } else if (streq(key, "luks.name")(strcmp((key),("luks.name")) == 0)) { | |||
508 | ||||
509 | if (proc_cmdline_value_missing(key, value)) | |||
510 | return 0; | |||
511 | ||||
512 | r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value); | |||
513 | if (r == 2) { | |||
514 | d = get_crypto_device(uuid); | |||
515 | if (!d) | |||
516 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 516, __func__); | |||
517 | ||||
518 | d->create = arg_whitelist = true1; | |||
519 | ||||
520 | free_and_replace(d->name, uuid_value)({ free(d->name); (d->name) = (uuid_value); (uuid_value ) = ((void*)0); 0; }); | |||
521 | } else | |||
522 | log_warning("Failed to parse luks name switch %s. Ignoring.", value)({ int _level = (((4))), _e = ((0)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 522, __func__, "Failed to parse luks name switch %s. Ignoring." , value) : -abs(_e); }); | |||
523 | } | |||
524 | ||||
525 | return 0; | |||
526 | } | |||
527 | ||||
528 | static int add_crypttab_devices(void) { | |||
529 | struct stat st; | |||
530 | unsigned crypttab_line = 0; | |||
531 | _cleanup_fclose___attribute__((cleanup(fclosep))) FILE *f = NULL((void*)0); | |||
532 | ||||
533 | if (!arg_read_crypttab) | |||
534 | return 0; | |||
535 | ||||
536 | f = fopen("/etc/crypttab", "re"); | |||
537 | if (!f) { | |||
538 | if (errno(*__errno_location ()) != ENOENT2) | |||
539 | log_error_errno(errno, "Failed to open /etc/crypttab: %m")({ int _level = ((3)), _e = (((*__errno_location ()))), _realm = (LOG_REALM_SYSTEMD); (log_get_max_level_realm(_realm) >= ((_level) & 0x07)) ? log_internal_realm(((_realm) << 10 | (_level)), _e, "../src/cryptsetup/cryptsetup-generator.c" , 539, __func__, "Failed to open /etc/crypttab: %m") : -abs(_e ); }); | |||
540 | return 0; | |||
541 | } | |||
542 | ||||
543 | (void) __fsetlocking(f, FSETLOCKING_BYCALLERFSETLOCKING_BYCALLER); | |||
544 | ||||
545 | if (fstat(fileno(f), &st) < 0) { | |||
546 | log_error_errno(errno, "Failed to stat /etc/crypttab: %m")({ int _level = ((3)), _e = (((*__errno_location ()))), _realm = (LOG_REALM_SYSTEMD); (log_get_max_level_realm(_realm) >= ((_level) & 0x07)) ? log_internal_realm(((_realm) << 10 | (_level)), _e, "../src/cryptsetup/cryptsetup-generator.c" , 546, __func__, "Failed to stat /etc/crypttab: %m") : -abs(_e ); }); | |||
547 | return 0; | |||
548 | } | |||
549 | ||||
550 | for (;;) { | |||
551 | int r, k; | |||
552 | char line[LINE_MAX2048], *l, *uuid; | |||
553 | crypto_device *d = NULL((void*)0); | |||
554 | _cleanup_free___attribute__((cleanup(freep))) char *name = NULL((void*)0), *device = NULL((void*)0), *keydev = NULL((void*)0), *keyfile = NULL((void*)0), *keyspec = NULL((void*)0), *options = NULL((void*)0); | |||
555 | ||||
556 | if (!fgets(line, sizeof(line), f)) | |||
557 | break; | |||
558 | ||||
559 | crypttab_line++; | |||
560 | ||||
561 | l = strstrip(line); | |||
562 | if (IN_SET(*l, 0, '#')({ _Bool _found = 0; static __attribute__ ((unused)) char _static_assert__macros_need_to_be_extended [20 - sizeof((int[]){0, '#'})/sizeof(int)]; switch(*l) { case 0: case '#': _found = 1; break; default: break; } _found; })) | |||
563 | continue; | |||
564 | ||||
565 | k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &keyspec, &options); | |||
566 | if (k < 2 || k > 4) { | |||
567 | log_error("Failed to parse /etc/crypttab:%u, ignoring.", crypttab_line)({ int _level = (((3))), _e = ((0)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 567, __func__, "Failed to parse /etc/crypttab:%u, ignoring." , crypttab_line) : -abs(_e); }); | |||
568 | continue; | |||
569 | } | |||
570 | ||||
571 | uuid = startswith(device, "UUID="); | |||
572 | if (!uuid) | |||
573 | uuid = path_startswith(device, "/dev/disk/by-uuid/"); | |||
574 | if (!uuid) | |||
575 | uuid = startswith(name, "luks-"); | |||
576 | if (uuid) | |||
577 | d = hashmap_get(arg_disks, uuid); | |||
578 | ||||
579 | if (arg_whitelist && !d) { | |||
580 | log_info("Not creating device '%s' because it was not specified on the kernel command line.", name)({ int _level = (((6))), _e = ((0)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 580, __func__, "Not creating device '%s' because it was not specified on the kernel command line." , name) : -abs(_e); }); | |||
581 | continue; | |||
582 | } | |||
583 | ||||
584 | r = split_keyspec(keyspec, &keyfile, &keydev); | |||
585 | if (r < 0) | |||
586 | return r; | |||
587 | ||||
588 | r = create_disk(name, device, keyfile, keydev, (d && d->options) ? d->options : options); | |||
589 | if (r < 0) | |||
590 | return r; | |||
591 | ||||
592 | if (d) | |||
593 | d->create = false0; | |||
594 | } | |||
595 | ||||
596 | return 0; | |||
597 | } | |||
598 | ||||
599 | static int add_proc_cmdline_devices(void) { | |||
600 | int r; | |||
601 | Iterator i; | |||
602 | crypto_device *d; | |||
603 | ||||
604 | HASHMAP_FOREACH(d, arg_disks, i)for ((i) = ((Iterator) { .idx = ((2147483647 *2U +1U) - 1), . next_key = ((void*)0) }); hashmap_iterate((arg_disks), &( i), (void**)&(d), ((void*)0)); ) { | |||
605 | const char *options; | |||
606 | _cleanup_free___attribute__((cleanup(freep))) char *device = NULL((void*)0); | |||
607 | ||||
608 | if (!d->create) | |||
609 | continue; | |||
610 | ||||
611 | if (!d->name) { | |||
612 | d->name = strappend("luks-", d->uuid); | |||
613 | if (!d->name) | |||
614 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 614, __func__); | |||
615 | } | |||
616 | ||||
617 | device = strappend("UUID=", d->uuid); | |||
618 | if (!device) | |||
619 | return log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 619, __func__); | |||
620 | ||||
621 | if (d->options) | |||
622 | options = d->options; | |||
623 | else if (arg_default_options) | |||
624 | options = arg_default_options; | |||
625 | else | |||
626 | options = "timeout=0"; | |||
627 | ||||
628 | r = create_disk(d->name, device, d->keyfile ?: arg_default_keyfile, d->keydev, options); | |||
629 | if (r < 0) | |||
630 | return r; | |||
631 | } | |||
632 | ||||
633 | return 0; | |||
634 | } | |||
635 | ||||
636 | int main(int argc, char *argv[]) { | |||
637 | int r; | |||
638 | ||||
639 | if (argc > 1 && argc != 4) { | |||
640 | log_error("This program takes three or no arguments.")({ int _level = (((3))), _e = ((0)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 640, __func__, "This program takes three or no arguments." ) : -abs(_e); }); | |||
641 | return EXIT_FAILURE1; | |||
642 | } | |||
643 | ||||
644 | if (argc > 1) | |||
645 | arg_dest = argv[1]; | |||
646 | ||||
647 | log_set_prohibit_ipc(true1); | |||
648 | log_set_target(LOG_TARGET_AUTO); | |||
649 | log_parse_environment()log_parse_environment_realm(LOG_REALM_SYSTEMD); | |||
650 | log_open(); | |||
651 | ||||
652 | umask(0022); | |||
653 | ||||
654 | arg_disks = hashmap_new(&string_hash_ops)internal_hashmap_new(&string_hash_ops ); | |||
655 | if (!arg_disks) { | |||
656 | r = log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/cryptsetup/cryptsetup-generator.c" , 656, __func__); | |||
657 | goto finish; | |||
658 | } | |||
659 | ||||
660 | r = proc_cmdline_parse(parse_proc_cmdline_item, NULL((void*)0), PROC_CMDLINE_STRIP_RD_PREFIX); | |||
661 | if (r < 0) { | |||
662 | log_warning_errno(r, "Failed to parse kernel command line: %m")({ int _level = ((4)), _e = ((r)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/cryptsetup/cryptsetup-generator.c", 662, __func__, "Failed to parse kernel command line: %m" ) : -abs(_e); }); | |||
663 | goto finish; | |||
664 | } | |||
665 | ||||
666 | if (!arg_enabled) { | |||
667 | r = 0; | |||
668 | goto finish; | |||
669 | } | |||
670 | ||||
671 | r = add_crypttab_devices(); | |||
672 | if (r < 0) | |||
673 | goto finish; | |||
674 | ||||
675 | r = add_proc_cmdline_devices(); | |||
676 | if (r < 0) | |||
677 | goto finish; | |||
678 | ||||
679 | r = 0; | |||
680 | ||||
681 | finish: | |||
682 | hashmap_free_with_destructor(arg_disks, crypt_device_free)({ ({ void *_item; while ((_item = hashmap_steal_first(arg_disks ))) crypt_device_free(_item); }); hashmap_free(arg_disks); }); | |||
683 | free(arg_default_options); | |||
684 | free(arg_default_keyfile); | |||
685 | ||||
686 | return r < 0 ? EXIT_FAILURE1 : EXIT_SUCCESS0; | |||
687 | } |