cryptsetup: ask for password, if key file cannot be accessed

[elogind.git] / src / cryptsetup / cryptsetup.c

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 51d4f99edc0bd513683051bb801cdaa3fcdc67c8..a24e61a0358e2a7a1f947f939ddba4b4046d321f 100644 (file)
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -44,7 +44,7 @@ static unsigned opt_tries = 0;
 static bool opt_readonly = false;
 static bool opt_verify = false;
 static bool opt_discards = false;
-static usec_t opt_timeout = DEFAULT_TIMEOUT_USEC;
+static usec_t opt_timeout = 0;
 
 /* Options Debian's crypttab knows we don't:
 
@@ -461,10 +461,7 @@ int main(int argc, char *argv[]) {
                                 k = crypt_load(cd, CRYPT_LUKS1, NULL);
 
                         if ((!opt_type && k < 0) || streq_ptr(opt_type, CRYPT_PLAIN)) {
-                                struct crypt_params_plain params;
-
-                                zero(params);
-                                params.hash = hash;
+                                struct crypt_params_plain params = { .hash = hash };
 
                                 /* for CRYPT_PLAIN limit reads
                                 * from keyfile to key length, and
@@ -503,6 +500,11 @@ int main(int argc, char *argv[]) {
                         if (key_file)
                                 k = crypt_activate_by_keyfile_offset(cd, argv[2], CRYPT_ANY_SLOT, key_file, opt_keyfile_size,
                                             opt_keyfile_offset, flags);
+                                if (k < 0) {
+                                        log_error("Failed to activate with key file '%s': %s", key_file, strerror(-k));
+                                        key_file = NULL;
+                                        continue;
+                                }
                         else {
                                 char **p;