1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
28 #include "generator.h"
32 #include "path-util.h"
34 #include "unit-name.h"
37 typedef struct crypto_device {
43 static const char *arg_dest = "/tmp";
44 static bool arg_enabled = true;
45 static bool arg_read_crypttab = true;
46 static bool arg_whitelist = false;
47 static Hashmap *arg_disks = NULL;
48 static char *arg_default_options = NULL;
49 static char *arg_default_keyfile = NULL;
51 static bool has_option(const char *haystack, const char *needle) {
52 const char *f = haystack;
62 while ((f = strstr(f, needle))) {
64 if (f > haystack && f[-1] != ',') {
69 if (f[l] != 0 && f[l] != ',') {
80 static int create_disk(
84 const char *options) {
86 _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL,
88 _cleanup_fclose_ FILE *f = NULL;
89 bool noauto, nofail, tmp, swap;
96 noauto = has_option(options, "noauto");
97 nofail = has_option(options, "nofail");
98 tmp = has_option(options, "tmp");
99 swap = has_option(options, "swap");
102 log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
106 e = unit_name_escape(name);
110 n = unit_name_build("systemd-cryptsetup", e, ".service");
114 p = strjoin(arg_dest, "/", n, NULL);
118 u = fstab_node_to_udev_node(device);
122 d = unit_name_from_path(u, ".device");
128 return log_error_errno(errno, "Failed to create unit file %s: %m", p);
131 "# Automatically generated by systemd-cryptsetup-generator\n\n"
133 "Description=Cryptography Setup for %I\n"
134 "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
135 "SourcePath=/etc/crypttab\n"
136 "DefaultDependencies=no\n"
137 "Conflicts=umount.target\n"
138 "BindsTo=dev-mapper-%i.device\n"
139 "IgnoreOnIsolate=true\n"
140 "After=cryptsetup-pre.target\n",
145 "Before=cryptsetup.target\n");
148 if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
149 fputs("After=systemd-random-seed.service\n", f);
150 else if (!streq(password, "-") && !streq(password, "none")) {
151 _cleanup_free_ char *uu;
153 uu = fstab_node_to_udev_node(password);
157 if (!path_equal(uu, "/dev/null")) {
159 if (is_device_path(uu)) {
160 _cleanup_free_ char *dd;
162 dd = unit_name_from_path(uu, ".device");
166 fprintf(f, "After=%1$s\nRequires=%1$s\n", dd);
168 fprintf(f, "RequiresMountsFor=%s\n", password);
173 if (is_device_path(u))
177 "Before=umount.target\n",
181 "RequiresMountsFor=%s\n",
184 r = generator_write_timeouts(arg_dest, device, name, options, &filtered);
191 "RemainAfterExit=yes\n"
192 "TimeoutSec=0\n" /* the binary handles timeouts anyway */
193 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
194 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
195 name, u, strempty(password), strempty(filtered),
200 "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
205 "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
210 return log_error_errno(errno, "Failed to write file %s: %m", p);
212 from = strappenda("../", n);
216 to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
220 mkdir_parents_label(to, 0755);
221 if (symlink(from, to) < 0)
222 return log_error_errno(errno, "Failed to create symlink %s: %m", to);
226 to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
228 to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
232 mkdir_parents_label(to, 0755);
233 if (symlink(from, to) < 0)
234 return log_error_errno(errno, "Failed to create symlink %s: %m", to);
238 to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
242 mkdir_parents_label(to, 0755);
243 if (symlink(from, to) < 0)
244 return log_error_errno(errno, "Failed to create symlink %s: %m", to);
246 if (!noauto && !nofail) {
247 _cleanup_free_ char *dmname;
248 dmname = strjoin("dev-mapper-", e, ".device", NULL);
252 r = write_drop_in(arg_dest, dmname, 90, "device-timeout",
253 "# Automatically generated by systemd-cryptsetup-generator \n\n"
254 "[Unit]\nJobTimeoutSec=0");
256 return log_error_errno(r, "Failed to write device drop-in: %m");
262 static void free_arg_disks(void) {
265 while ((d = hashmap_steal_first(arg_disks))) {
271 hashmap_free(arg_disks);
274 static crypto_device *get_crypto_device(const char *uuid) {
280 d = hashmap_get(arg_disks, uuid);
282 d = new0(struct crypto_device, 1);
289 d->uuid = strdup(uuid);
295 r = hashmap_put(arg_disks, d->uuid, d);
306 static int parse_proc_cmdline_item(const char *key, const char *value) {
309 _cleanup_free_ char *uuid = NULL, *uuid_value = NULL;
311 if (STR_IN_SET(key, "luks", "rd.luks") && value) {
313 r = parse_boolean(value);
315 log_warning("Failed to parse luks switch %s. Ignoring.", value);
319 } else if (STR_IN_SET(key, "luks.crypttab", "rd.luks.crypttab") && value) {
321 r = parse_boolean(value);
323 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", value);
325 arg_read_crypttab = r;
327 } else if (STR_IN_SET(key, "luks.uuid", "rd.luks.uuid") && value) {
329 d = get_crypto_device(startswith(value, "luks-") ? value+5 : value);
333 d->create = arg_whitelist = true;
335 } else if (STR_IN_SET(key, "luks.options", "rd.luks.options") && value) {
337 r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
339 d = get_crypto_device(uuid);
344 d->options = uuid_value;
346 } else if (free_and_strdup(&arg_default_options, value) < 0)
349 } else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) {
351 if (free_and_strdup(&arg_default_keyfile, value))
359 static int add_crypttab_devices(void) {
361 unsigned crypttab_line = 0;
362 _cleanup_fclose_ FILE *f = NULL;
364 if (!arg_read_crypttab)
367 f = fopen("/etc/crypttab", "re");
370 log_error_errno(errno, "Failed to open /etc/crypttab: %m");
374 if (fstat(fileno(f), &st) < 0) {
375 log_error_errno(errno, "Failed to stat /etc/crypttab: %m");
379 /* If we readd support for specifying passphrases
380 * directly in crypttab we should upgrade the warning
381 * below, though possibly only if a passphrase is
382 * specified directly. */
383 if (st.st_mode & 0005)
384 log_debug("/etc/crypttab is world-readable. This is usually not a good idea.");
388 char line[LINE_MAX], *l, *uuid;
389 crypto_device *d = NULL;
390 _cleanup_free_ char *name = NULL, *device = NULL, *keyfile = NULL, *options = NULL;
392 if (!fgets(line, sizeof(line), f))
398 if (*l == '#' || *l == 0)
401 k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &keyfile, &options);
402 if (k < 2 || k > 4) {
403 log_error("Failed to parse /etc/crypttab:%u, ignoring.", crypttab_line);
407 uuid = startswith(device, "UUID=");
409 uuid = path_startswith(device, "/dev/disk/by-uuid/");
411 uuid = startswith(name, "luks-");
413 d = hashmap_get(arg_disks, uuid);
415 if (arg_whitelist && !d) {
416 log_info("Not creating device '%s' because it was not specified on the kernel command line.", name);
420 r = create_disk(name, device, keyfile, (d && d->options) ? d->options : options);
431 static int add_proc_cmdline_devices(void) {
436 HASHMAP_FOREACH(d, arg_disks, i) {
438 _cleanup_free_ char *name = NULL, *device = NULL;
443 name = strappend("luks-", d->uuid);
447 device = strappend("UUID=", d->uuid);
452 options = d->options;
453 else if (arg_default_options)
454 options = arg_default_options;
456 options = "timeout=0";
458 r = create_disk(name, device, arg_default_keyfile, options);
466 int main(int argc, char *argv[]) {
467 int r = EXIT_FAILURE;
469 if (argc > 1 && argc != 4) {
470 log_error("This program takes three or no arguments.");
477 log_set_target(LOG_TARGET_SAFE);
478 log_parse_environment();
483 arg_disks = hashmap_new(&string_hash_ops);
487 r = parse_proc_cmdline(parse_proc_cmdline_item);
489 log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
498 if (add_crypttab_devices() < 0)
501 if (add_proc_cmdline_devices() < 0)
508 free(arg_default_options);
509 free(arg_default_keyfile);