1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
28 #include "unit-name.h"
33 static const char *arg_dest = "/tmp";
34 static bool arg_enabled = true;
35 static bool arg_read_crypttab = true;
37 static char **arg_disks;
38 static char **arg_options;
39 static char *arg_keyfile;
42 static bool has_option(const char *haystack, const char *needle) {
43 const char *f = haystack;
53 while ((f = strstr(f, needle))) {
55 if (f > haystack && f[-1] != ',') {
60 if (f[l] != 0 && f[l] != ',') {
71 static int create_disk(
75 const char *options) {
77 _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *from = NULL, *to = NULL, *e = NULL;
78 _cleanup_fclose_ FILE *f = NULL;
79 bool noauto, nofail, tmp, swap;
84 noauto = has_option(options, "noauto");
85 nofail = has_option(options, "nofail");
86 tmp = has_option(options, "tmp");
87 swap = has_option(options, "swap");
90 log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
94 n = unit_name_from_path_instance("systemd-cryptsetup", name, ".service");
98 p = strjoin(arg_dest, "/", n, NULL);
102 u = fstab_node_to_udev_node(device);
106 d = unit_name_from_path(u, ".device");
112 log_error("Failed to create unit file %s: %m", p);
117 "# Automatically generated by systemd-cryptsetup-generator\n\n"
119 "Description=Cryptography Setup for %I\n"
120 "Documentation=man:systemd-cryptsetup@.service(8) man:crypttab(5)\n"
121 "SourcePath=/etc/crypttab\n"
122 "Conflicts=umount.target\n"
123 "DefaultDependencies=no\n"
124 "BindsTo=dev-mapper-%i.device\n"
125 "IgnoreOnIsolate=true\n"
126 "After=systemd-readahead-collect.service systemd-readahead-replay.service\n",
131 "Before=cryptsetup.target\n");
134 if (streq(password, "/dev/urandom") ||
135 streq(password, "/dev/random") ||
136 streq(password, "/dev/hw_random"))
137 fputs("After=systemd-random-seed.service\n", f);
139 else if (!streq(password, "-") && !streq(password, "none")) {
140 _cleanup_free_ char *uu = fstab_node_to_udev_node(password);
144 if (is_device_path(uu)) {
145 _cleanup_free_ char *dd = unit_name_from_path(uu, ".device");
149 fprintf(f, "After=%1$s\nRequires=%1$s\n", dd);
151 fprintf(f, "RequiresMountsFor=%s\n", password);
155 if (is_device_path(u))
159 "Before=umount.target\n",
163 "RequiresMountsFor=%s\n",
169 "RemainAfterExit=yes\n"
170 "TimeoutSec=0\n" /* the binary handles timeouts anyway */
171 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
172 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
173 name, u, strempty(password), strempty(options),
178 "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
183 "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
189 log_error("Failed to write file %s: %m", p);
193 if (asprintf(&from, "../%s", n) < 0)
198 to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
202 mkdir_parents_label(to, 0755);
203 if (symlink(from, to) < 0) {
204 log_error("Failed to create symlink %s: %m", to);
210 to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
212 to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
216 mkdir_parents_label(to, 0755);
217 if (symlink(from, to) < 0) {
218 log_error("Failed to create symlink %s: %m", to);
223 e = unit_name_escape(name);
228 to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
232 mkdir_parents_label(to, 0755);
233 if (symlink(from, to) < 0) {
234 log_error("Failed to create symlink %s: %m", to);
238 if (!noauto && !nofail) {
241 p = strjoin(arg_dest, "/dev-mapper-", e, ".device.d/50-job-timeout-sec-0.conf", NULL);
245 mkdir_parents_label(p, 0755);
247 r = write_string_file(p,
248 "# Automatically generated by systemd-cryptsetup-generator\n\n"
250 "JobTimeoutSec=0\n"); /* the binary handles timeouts anyway */
258 static int parse_proc_cmdline_word(const char *word) {
261 if (startswith(word, "luks=")) {
262 r = parse_boolean(word + 5);
264 log_warning("Failed to parse luks switch %s. Ignoring.", word + 5);
268 } else if (startswith(word, "rd.luks=")) {
271 r = parse_boolean(word + 8);
273 log_warning("Failed to parse luks switch %s. Ignoring.", word + 8);
278 } else if (startswith(word, "luks.crypttab=")) {
279 r = parse_boolean(word + 14);
281 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", word + 14);
283 arg_read_crypttab = r;
285 } else if (startswith(word, "rd.luks.crypttab=")) {
288 r = parse_boolean(word + 17);
290 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", word + 17);
292 arg_read_crypttab = r;
295 } else if (startswith(word, "luks.uuid=")) {
296 if (strv_extend(&arg_disks, word + 10) < 0)
299 } else if (startswith(word, "rd.luks.uuid=")) {
302 if (strv_extend(&arg_disks, word + 13) < 0)
306 } else if (startswith(word, "luks.options=")) {
307 if (strv_extend(&arg_options, word + 13) < 0)
310 } else if (startswith(word, "rd.luks.options=")) {
313 if (strv_extend(&arg_options, word + 16) < 0)
317 } else if (startswith(word, "luks.key=")) {
319 arg_keyfile = strdup(word + 9);
323 } else if (startswith(word, "rd.luks.key=")) {
327 arg_keyfile = strdup(word + 12);
332 } else if (startswith(word, "luks.") ||
333 (in_initrd() && startswith(word, "rd.luks."))) {
335 log_warning("Unknown kernel switch %s. Ignoring.", word);
341 int main(int argc, char *argv[]) {
342 _cleanup_strv_free_ char **disks_done = NULL;
343 _cleanup_fclose_ FILE *f = NULL;
345 int r = EXIT_FAILURE, r2 = EXIT_FAILURE;
348 if (argc > 1 && argc != 4) {
349 log_error("This program takes three or no arguments.");
356 log_set_target(LOG_TARGET_SAFE);
357 log_parse_environment();
362 if (parse_proc_cmdline(parse_proc_cmdline_word) < 0)
366 r = r2 = EXIT_SUCCESS;
370 strv_uniq(arg_disks);
372 if (arg_read_crypttab) {
375 f = fopen("/etc/crypttab", "re");
380 log_error("Failed to open /etc/crypttab: %m");
385 if (fstat(fileno(f), &st) < 0) {
386 log_error("Failed to stat /etc/crypttab: %m");
390 /* If we readd support for specifying passphrases
391 * directly in crypttabe we should upgrade the warning
392 * below, though possibly only if a passphrase is
393 * specified directly. */
394 if (st.st_mode & 0005)
395 log_debug("/etc/crypttab is world-readable. This is usually not a good idea.");
398 char line[LINE_MAX], *l;
399 _cleanup_free_ char *name = NULL, *device = NULL, *password = NULL, *options = NULL;
402 if (!fgets(line, sizeof(line), f))
408 if (*l == '#' || *l == 0)
411 k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &password, &options);
412 if (k < 2 || k > 4) {
413 log_error("Failed to parse /etc/crypttab:%u, ignoring.", n);
418 If options are specified on the kernel commandline, let them override
419 the ones from crypttab.
421 STRV_FOREACH(i, arg_options) {
422 _cleanup_free_ char *proc_uuid = NULL, *proc_options = NULL;
425 k = sscanf(p, "%m[0-9a-fA-F-]=%ms", &proc_uuid, &proc_options);
426 if (k == 2 && streq(proc_uuid, device + 5)) {
438 If luks UUIDs are specified on the kernel command line, use them as a filter
439 for /etc/crypttab and only generate units for those.
441 STRV_FOREACH(i, arg_disks) {
442 _cleanup_free_ char *proc_device = NULL, *proc_name = NULL;
445 if (startswith(p, "luks-"))
448 proc_name = strappend("luks-", p);
449 proc_device = strappend("UUID=", p);
451 if (!proc_name || !proc_device) {
456 if (streq(proc_device, device) || streq(proc_name, name)) {
457 if (create_disk(name, device, password, options) < 0)
460 if (strv_extend(&disks_done, p) < 0) {
466 } else if (create_disk(name, device, password, options) < 0)
475 STRV_FOREACH(i, arg_disks) {
477 Generate units for those UUIDs, which were specified
478 on the kernel command line and not yet written.
481 _cleanup_free_ char *name = NULL, *device = NULL, *options = NULL;
484 if (startswith(p, "luks-"))
487 if (strv_contains(disks_done, p))
490 name = strappend("luks-", p);
491 device = strappend("UUID=", p);
493 if (!name || !device) {
500 If options are specified on the kernel commandline, use them.
504 STRV_FOREACH(j, arg_options) {
505 _cleanup_free_ char *proc_uuid = NULL, *proc_options = NULL;
509 k = sscanf(s, "%m[0-9a-fA-F-]=%ms", &proc_uuid, &proc_options);
511 if (streq(proc_uuid, device + 5)) {
514 options = strdup(proc_options);
520 } else if (!options) {
522 Fall back to options without a specified UUID
534 options = strdup("timeout=0");
541 if (create_disk(name, device, arg_keyfile, options) < 0)
548 strv_free(arg_disks);
549 strv_free(arg_options);
552 return r != EXIT_SUCCESS ? r : r2;