1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
28 #include "unit-name.h"
32 #include "path-util.h"
34 #include "generator.h"
36 static const char *arg_dest = "/tmp";
37 static bool arg_enabled = true;
38 static bool arg_read_crypttab = true;
39 static char **arg_disks = NULL;
40 static char **arg_options = NULL;
41 static char *arg_keyfile = NULL;
43 static bool has_option(const char *haystack, const char *needle) {
44 const char *f = haystack;
54 while ((f = strstr(f, needle))) {
56 if (f > haystack && f[-1] != ',') {
61 if (f[l] != 0 && f[l] != ',') {
72 static int create_disk(
76 const char *options) {
78 _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL,
80 _cleanup_fclose_ FILE *f = NULL;
81 bool noauto, nofail, tmp, swap;
88 noauto = has_option(options, "noauto");
89 nofail = has_option(options, "nofail");
90 tmp = has_option(options, "tmp");
91 swap = has_option(options, "swap");
94 log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
98 e = unit_name_escape(name);
102 n = unit_name_build("systemd-cryptsetup", e, ".service");
106 p = strjoin(arg_dest, "/", n, NULL);
110 u = fstab_node_to_udev_node(device);
114 d = unit_name_from_path(u, ".device");
120 return log_error_errno(errno, "Failed to create unit file %s: %m", p);
123 "# Automatically generated by systemd-cryptsetup-generator\n\n"
125 "Description=Cryptography Setup for %I\n"
126 "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
127 "SourcePath=/etc/crypttab\n"
128 "DefaultDependencies=no\n"
129 "Conflicts=umount.target\n"
130 "BindsTo=dev-mapper-%i.device\n"
131 "IgnoreOnIsolate=true\n"
132 "After=cryptsetup-pre.target\n",
137 "Before=cryptsetup.target\n");
140 if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
141 fputs("After=systemd-random-seed.service\n", f);
142 else if (!streq(password, "-") && !streq(password, "none")) {
143 _cleanup_free_ char *uu;
145 uu = fstab_node_to_udev_node(password);
149 if (!path_equal(uu, "/dev/null")) {
151 if (is_device_path(uu)) {
152 _cleanup_free_ char *dd;
154 dd = unit_name_from_path(uu, ".device");
158 fprintf(f, "After=%1$s\nRequires=%1$s\n", dd);
160 fprintf(f, "RequiresMountsFor=%s\n", password);
165 if (is_device_path(u))
169 "Before=umount.target\n",
173 "RequiresMountsFor=%s\n",
176 r = generator_write_timeouts(arg_dest, device, name, options, &filtered);
183 "RemainAfterExit=yes\n"
184 "TimeoutSec=0\n" /* the binary handles timeouts anyway */
185 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
186 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
187 name, u, strempty(password), strempty(filtered),
192 "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
197 "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
202 return log_error_errno(errno, "Failed to write file %s: %m", p);
204 from = strappenda("../", n);
208 to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
212 mkdir_parents_label(to, 0755);
213 if (symlink(from, to) < 0)
214 return log_error_errno(errno, "Failed to create symlink %s: %m", to);
218 to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
220 to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
224 mkdir_parents_label(to, 0755);
225 if (symlink(from, to) < 0)
226 return log_error_errno(errno, "Failed to create symlink %s: %m", to);
230 to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
234 mkdir_parents_label(to, 0755);
235 if (symlink(from, to) < 0)
236 return log_error_errno(errno, "Failed to create symlink %s: %m", to);
238 if (!noauto && !nofail) {
239 _cleanup_free_ char *dmname;
240 dmname = strjoin("dev-mapper-", e, ".device", NULL);
244 r = write_drop_in(arg_dest, dmname, 90, "device-timeout",
245 "# Automatically generated by systemd-cryptsetup-generator \n\n"
246 "[Unit]\nJobTimeoutSec=0");
248 return log_error_errno(r, "Failed to write device drop-in: %m");
254 static int parse_proc_cmdline_item(const char *key, const char *value) {
257 if (STR_IN_SET(key, "luks", "rd.luks") && value) {
259 r = parse_boolean(value);
261 log_warning("Failed to parse luks switch %s. Ignoring.", value);
265 } else if (STR_IN_SET(key, "luks.crypttab", "rd.luks.crypttab") && value) {
267 r = parse_boolean(value);
269 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", value);
271 arg_read_crypttab = r;
273 } else if (STR_IN_SET(key, "luks.uuid", "rd.luks.uuid") && value) {
275 if (strv_extend(&arg_disks, value) < 0)
278 } else if (STR_IN_SET(key, "luks.options", "rd.luks.options") && value) {
280 if (strv_extend(&arg_options, value) < 0)
283 } else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) {
286 arg_keyfile = strdup(value);
295 int main(int argc, char *argv[]) {
296 _cleanup_strv_free_ char **disks_done = NULL;
297 _cleanup_fclose_ FILE *f = NULL;
299 int r = EXIT_FAILURE, r2 = EXIT_FAILURE, z;
302 if (argc > 1 && argc != 4) {
303 log_error("This program takes three or no arguments.");
310 log_set_target(LOG_TARGET_SAFE);
311 log_parse_environment();
316 z = parse_proc_cmdline(parse_proc_cmdline_item);
318 log_warning_errno(z, "Failed to parse kernel command line, ignoring: %m");
321 r = r2 = EXIT_SUCCESS;
325 strv_uniq(arg_disks);
327 if (arg_read_crypttab) {
330 f = fopen("/etc/crypttab", "re");
335 log_error_errno(errno, "Failed to open /etc/crypttab: %m");
340 if (fstat(fileno(f), &st) < 0) {
341 log_error_errno(errno, "Failed to stat /etc/crypttab: %m");
345 /* If we readd support for specifying passphrases
346 * directly in crypttabe we should upgrade the warning
347 * below, though possibly only if a passphrase is
348 * specified directly. */
349 if (st.st_mode & 0005)
350 log_debug("/etc/crypttab is world-readable. This is usually not a good idea.");
353 char line[LINE_MAX], *l;
354 _cleanup_free_ char *name = NULL, *device = NULL, *password = NULL, *options = NULL;
357 if (!fgets(line, sizeof(line), f))
363 if (*l == '#' || *l == 0)
366 k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &password, &options);
367 if (k < 2 || k > 4) {
368 log_error("Failed to parse /etc/crypttab:%u, ignoring.", n);
373 If options are specified on the kernel command line, let them override
374 the ones from crypttab.
376 STRV_FOREACH(i, arg_options) {
377 _cleanup_free_ char *proc_uuid = NULL, *proc_options = NULL;
380 k = sscanf(p, "%m[0-9a-fA-F-]=%ms", &proc_uuid, &proc_options);
381 if (k == 2 && streq(proc_uuid, device + 5)) {
393 If luks UUIDs are specified on the kernel command line, use them as a filter
394 for /etc/crypttab and only generate units for those.
396 STRV_FOREACH(i, arg_disks) {
397 _cleanup_free_ char *proc_device = NULL, *proc_name = NULL;
400 if (startswith(p, "luks-"))
403 proc_name = strappend("luks-", p);
404 proc_device = strappend("UUID=", p);
406 if (!proc_name || !proc_device) {
411 if (streq(proc_device, device) || streq(proc_name, name)) {
412 if (create_disk(name, device, password, options) < 0)
415 if (strv_extend(&disks_done, p) < 0) {
421 } else if (create_disk(name, device, password, options) < 0)
430 STRV_FOREACH(i, arg_disks) {
432 Generate units for those UUIDs, which were specified
433 on the kernel command line and not yet written.
436 _cleanup_free_ char *name = NULL, *device = NULL, *options = NULL;
439 if (startswith(p, "luks-"))
442 if (strv_contains(disks_done, p))
445 name = strappend("luks-", p);
446 device = strappend("UUID=", p);
448 if (!name || !device) {
455 If options are specified on the kernel command line, use them.
459 STRV_FOREACH(j, arg_options) {
460 _cleanup_free_ char *proc_uuid = NULL, *proc_options = NULL;
464 k = sscanf(s, "%m[0-9a-fA-F-]=%ms", &proc_uuid, &proc_options);
466 if (streq(proc_uuid, device + 5)) {
468 options = proc_options;
471 } else if (!options) {
473 Fall back to options without a specified UUID
485 options = strdup("timeout=0");
492 if (create_disk(name, device, arg_keyfile, options) < 0)
499 strv_free(arg_disks);
500 strv_free(arg_options);
503 return r != EXIT_SUCCESS ? r : r2;