1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
28 #include "unit-name.h"
34 static const char *arg_dest = "/tmp";
35 static bool arg_enabled = true;
36 static bool arg_read_crypttab = true;
38 static bool has_option(const char *haystack, const char *needle) {
39 const char *f = haystack;
49 while ((f = strstr(f, needle))) {
51 if (f > haystack && f[-1] != ',') {
56 if (f[l] != 0 && f[l] != ',') {
67 static int create_disk(
71 const char *options) {
73 _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *from = NULL, *to = NULL, *e = NULL;
74 _cleanup_fclose_ FILE *f = NULL;
80 noauto = has_option(options, "noauto");
81 nofail = has_option(options, "nofail");
83 n = unit_name_from_path_instance("systemd-cryptsetup", name, ".service");
87 p = strjoin(arg_dest, "/", n, NULL);
91 u = fstab_node_to_udev_node(device);
95 d = unit_name_from_path(u, ".device");
101 log_error("Failed to create unit file %s: %m", p);
106 "# Automatically generated by systemd-cryptsetup-generator\n\n"
108 "Description=Cryptography Setup for %I\n"
109 "Documentation=man:systemd-cryptsetup@.service(8) man:crypttab(5)\n"
110 "SourcePath=/etc/crypttab\n"
111 "Conflicts=umount.target\n"
112 "DefaultDependencies=no\n"
113 "BindsTo=dev-mapper-%i.device\n"
114 "After=systemd-readahead-collect.service systemd-readahead-replay.service\n",
119 "Before=cryptsetup.target\n");
122 if (streq(password, "/dev/urandom") ||
123 streq(password, "/dev/random") ||
124 streq(password, "/dev/hw_random"))
125 fputs("After=systemd-random-seed-load.service\n", f);
126 else if (!streq(password, "-") &&
127 !streq(password, "none"))
129 "RequiresMountsFor=%s\n",
133 if (is_device_path(u))
137 "Before=umount.target\n",
141 "RequiresMountsFor=%s\n",
147 "RemainAfterExit=yes\n"
148 "TimeoutSec=0\n" /* the binary handles timeouts anyway */
149 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
150 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
151 name, u, strempty(password), strempty(options),
154 if (has_option(options, "tmp"))
156 "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
159 if (has_option(options, "swap"))
161 "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
167 log_error("Failed to write file %s: %m", p);
171 if (asprintf(&from, "../%s", n) < 0)
176 to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
180 mkdir_parents_label(to, 0755);
181 if (symlink(from, to) < 0) {
182 log_error("Failed to create symlink %s: %m", to);
188 to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
190 to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
194 mkdir_parents_label(to, 0755);
195 if (symlink(from, to) < 0) {
196 log_error("Failed to create symlink %s: %m", to);
201 e = unit_name_escape(name);
206 to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
210 mkdir_parents_label(to, 0755);
211 if (symlink(from, to) < 0) {
212 log_error("Failed to create symlink %s: %m", to);
216 if (!noauto && !nofail) {
219 p = strjoin(arg_dest, "/dev-mapper-", e, ".device.d/50-job-timeout-sec-0.conf", NULL);
223 mkdir_parents_label(p, 0755);
225 r = write_string_file(p,
226 "# Automatically generated by systemd-cryptsetup-generator\n\n"
228 "JobTimeoutSec=0\n"); /* the binary handles timeouts anyway */
236 static int parse_proc_cmdline(char ***arg_proc_cmdline_disks, char **arg_proc_cmdline_keyfile) {
237 _cleanup_free_ char *line = NULL;
238 char *w = NULL, *state = NULL;
242 if (detect_container(NULL) > 0)
245 r = read_one_line_file("/proc/cmdline", &line);
247 log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
251 FOREACH_WORD_QUOTED(w, l, line, state) {
252 _cleanup_free_ char *word = NULL;
254 word = strndup(w, l);
258 if (startswith(word, "luks=")) {
259 r = parse_boolean(word + 5);
261 log_warning("Failed to parse luks switch %s. Ignoring.", word + 5);
265 } else if (startswith(word, "rd.luks=")) {
268 r = parse_boolean(word + 8);
270 log_warning("Failed to parse luks switch %s. Ignoring.", word + 8);
275 } else if (startswith(word, "luks.crypttab=")) {
276 r = parse_boolean(word + 14);
278 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", word + 14);
280 arg_read_crypttab = r;
282 } else if (startswith(word, "rd.luks.crypttab=")) {
285 r = parse_boolean(word + 17);
287 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", word + 17);
289 arg_read_crypttab = r;
292 } else if (startswith(word, "luks.uuid=")) {
293 if (strv_extend(arg_proc_cmdline_disks, word + 10) < 0)
296 } else if (startswith(word, "rd.luks.uuid=")) {
299 if (strv_extend(arg_proc_cmdline_disks, word + 13) < 0)
303 } else if (startswith(word, "luks.key=")) {
304 *arg_proc_cmdline_keyfile = strdup(word + 9);
305 if (!*arg_proc_cmdline_keyfile)
308 } else if (startswith(word, "rd.luks.key=")) {
311 if (*arg_proc_cmdline_keyfile)
312 free(*arg_proc_cmdline_keyfile);
313 *arg_proc_cmdline_keyfile = strdup(word + 12);
314 if (!*arg_proc_cmdline_keyfile)
318 } else if (startswith(word, "luks.") ||
319 (in_initrd() && startswith(word, "rd.luks."))) {
321 log_warning("Unknown kernel switch %s. Ignoring.", word);
325 strv_uniq(*arg_proc_cmdline_disks);
330 int main(int argc, char *argv[]) {
331 _cleanup_strv_free_ char **arg_proc_cmdline_disks_done = NULL;
332 _cleanup_strv_free_ char **arg_proc_cmdline_disks = NULL;
333 _cleanup_free_ char *arg_proc_cmdline_keyfile = NULL;
334 _cleanup_fclose_ FILE *f = NULL;
336 int r = EXIT_SUCCESS;
339 if (argc > 1 && argc != 4) {
340 log_error("This program takes three or no arguments.");
347 log_set_target(LOG_TARGET_SAFE);
348 log_parse_environment();
353 if (parse_proc_cmdline(&arg_proc_cmdline_disks, &arg_proc_cmdline_keyfile) < 0)
359 if (arg_read_crypttab) {
362 f = fopen("/etc/crypttab", "re");
368 log_error("Failed to open /etc/crypttab: %m");
374 if (fstat(fileno(f), &st) < 0) {
375 log_error("Failed to stat /etc/crypttab: %m");
380 /* If we readd support for specifying passphrases
381 * directly in crypttabe we should upgrade the warning
382 * below, though possibly only if a passphrase is
383 * specified directly. */
384 if (st.st_mode & 0005)
385 log_debug("/etc/crypttab is world-readable. This is usually not a good idea.");
388 char line[LINE_MAX], *l;
389 _cleanup_free_ char *name = NULL, *device = NULL, *password = NULL, *options = NULL;
392 if (!fgets(line, sizeof(line), f))
398 if (*l == '#' || *l == 0)
401 k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &password, &options);
402 if (k < 2 || k > 4) {
403 log_error("Failed to parse /etc/crypttab:%u, ignoring.", n);
408 if (arg_proc_cmdline_disks) {
410 If luks UUIDs are specified on the kernel command line, use them as a filter
411 for /etc/crypttab and only generate units for those.
413 STRV_FOREACH(i, arg_proc_cmdline_disks) {
414 _cleanup_free_ char *proc_device = NULL, *proc_name = NULL;
417 if (startswith(p, "luks-"))
420 proc_name = strappend("luks-", p);
421 proc_device = strappend("UUID=", p);
423 if (!proc_name || !proc_device)
426 if (streq(proc_device, device) || streq(proc_name, name)) {
427 if (create_disk(name, device, password, options) < 0)
430 if (strv_extend(&arg_proc_cmdline_disks_done, p) < 0)
435 if (create_disk(name, device, password, options) < 0)
442 STRV_FOREACH(i, arg_proc_cmdline_disks) {
444 Generate units for those UUIDs, which were specified
445 on the kernel command line and not yet written.
448 _cleanup_free_ char *name = NULL, *device = NULL;
451 if (startswith(p, "luks-"))
454 if (strv_contains(arg_proc_cmdline_disks_done, p))
457 name = strappend("luks-", p);
458 device = strappend("UUID=", p);
460 if (!name || !device)
463 if (create_disk(name, device, arg_proc_cmdline_keyfile, "timeout=0") < 0)