1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
28 #include "unit-name.h"
32 #include "path-util.h"
34 static const char *arg_dest = "/tmp";
35 static bool arg_enabled = true;
36 static bool arg_read_crypttab = true;
37 static char **arg_disks = NULL;
38 static char **arg_options = NULL;
39 static char *arg_keyfile = NULL;
41 static bool has_option(const char *haystack, const char *needle) {
42 const char *f = haystack;
52 while ((f = strstr(f, needle))) {
54 if (f > haystack && f[-1] != ',') {
59 if (f[l] != 0 && f[l] != ',') {
70 static int create_disk(
74 const char *options) {
76 _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL;
77 _cleanup_fclose_ FILE *f = NULL;
78 bool noauto, nofail, tmp, swap;
85 noauto = has_option(options, "noauto");
86 nofail = has_option(options, "nofail");
87 tmp = has_option(options, "tmp");
88 swap = has_option(options, "swap");
91 log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
95 e = unit_name_escape(name);
99 n = unit_name_build("systemd-cryptsetup", e, ".service");
103 p = strjoin(arg_dest, "/", n, NULL);
107 u = fstab_node_to_udev_node(device);
111 d = unit_name_from_path(u, ".device");
117 log_error("Failed to create unit file %s: %m", p);
122 "# Automatically generated by systemd-cryptsetup-generator\n\n"
124 "Description=Cryptography Setup for %I\n"
125 "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
126 "SourcePath=/etc/crypttab\n"
127 "DefaultDependencies=no\n"
128 "Conflicts=umount.target\n"
129 "BindsTo=dev-mapper-%i.device\n"
130 "IgnoreOnIsolate=true\n"
131 "After=systemd-readahead-collect.service systemd-readahead-replay.service cryptsetup-pre.target\n",
136 "Before=cryptsetup.target\n");
139 if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
140 fputs("After=systemd-random-seed.service\n", f);
141 else if (!streq(password, "-") && !streq(password, "none")) {
142 _cleanup_free_ char *uu;
144 uu = fstab_node_to_udev_node(password);
148 if (!path_equal(uu, "/dev/null")) {
150 if (is_device_path(uu)) {
151 _cleanup_free_ char *dd;
153 dd = unit_name_from_path(uu, ".device");
157 fprintf(f, "After=%1$s\nRequires=%1$s\n", dd);
159 fprintf(f, "RequiresMountsFor=%s\n", password);
164 if (is_device_path(u))
168 "Before=umount.target\n",
172 "RequiresMountsFor=%s\n",
178 "RemainAfterExit=yes\n"
179 "TimeoutSec=0\n" /* the binary handles timeouts anyway */
180 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
181 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
182 name, u, strempty(password), strempty(options),
187 "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
192 "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
197 log_error("Failed to write file %s: %m", p);
201 from = strappenda("../", n);
205 to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
209 mkdir_parents_label(to, 0755);
210 if (symlink(from, to) < 0) {
211 log_error("Failed to create symlink %s: %m", to);
217 to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
219 to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
223 mkdir_parents_label(to, 0755);
224 if (symlink(from, to) < 0) {
225 log_error("Failed to create symlink %s: %m", to);
231 to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
235 mkdir_parents_label(to, 0755);
236 if (symlink(from, to) < 0) {
237 log_error("Failed to create symlink %s: %m", to);
241 if (!noauto && !nofail) {
244 p = strjoin(arg_dest, "/dev-mapper-", e, ".device.d/50-job-timeout-sec-0.conf", NULL);
248 mkdir_parents_label(p, 0755);
249 r = write_string_file(p,
250 "# Automatically generated by systemd-cryptsetup-generator\n\n"
252 "JobTimeoutSec=0\n"); /* the binary handles timeouts anyway */
254 log_error("Failed to write device drop-in: %s", strerror(-r));
262 static int parse_proc_cmdline_item(const char *key, const char *value) {
265 if (STR_IN_SET(key, "luks", "rd.luks") && value) {
267 r = parse_boolean(value);
269 log_warning("Failed to parse luks switch %s. Ignoring.", value);
273 } else if (STR_IN_SET(key, "luks.crypttab", "rd.luks.crypttab") && value) {
275 r = parse_boolean(value);
277 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", value);
279 arg_read_crypttab = r;
281 } else if (STR_IN_SET(key, "luks.uuid", "rd.luks.uuid") && value) {
283 if (strv_extend(&arg_disks, value) < 0)
286 } else if (STR_IN_SET(key, "luks.options", "rd.luks.options") && value) {
288 if (strv_extend(&arg_options, value) < 0)
291 } else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) {
294 arg_keyfile = strdup(value);
303 int main(int argc, char *argv[]) {
304 _cleanup_strv_free_ char **disks_done = NULL;
305 _cleanup_fclose_ FILE *f = NULL;
307 int r = EXIT_FAILURE, r2 = EXIT_FAILURE;
310 if (argc > 1 && argc != 4) {
311 log_error("This program takes three or no arguments.");
318 log_set_target(LOG_TARGET_SAFE);
319 log_parse_environment();
324 if (parse_proc_cmdline(parse_proc_cmdline_item) < 0)
328 r = r2 = EXIT_SUCCESS;
332 strv_uniq(arg_disks);
334 if (arg_read_crypttab) {
337 f = fopen("/etc/crypttab", "re");
342 log_error("Failed to open /etc/crypttab: %m");
347 if (fstat(fileno(f), &st) < 0) {
348 log_error("Failed to stat /etc/crypttab: %m");
352 /* If we readd support for specifying passphrases
353 * directly in crypttabe we should upgrade the warning
354 * below, though possibly only if a passphrase is
355 * specified directly. */
356 if (st.st_mode & 0005)
357 log_debug("/etc/crypttab is world-readable. This is usually not a good idea.");
360 char line[LINE_MAX], *l;
361 _cleanup_free_ char *name = NULL, *device = NULL, *password = NULL, *options = NULL;
364 if (!fgets(line, sizeof(line), f))
370 if (*l == '#' || *l == 0)
373 k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &password, &options);
374 if (k < 2 || k > 4) {
375 log_error("Failed to parse /etc/crypttab:%u, ignoring.", n);
380 If options are specified on the kernel commandline, let them override
381 the ones from crypttab.
383 STRV_FOREACH(i, arg_options) {
384 _cleanup_free_ char *proc_uuid = NULL, *proc_options = NULL;
387 k = sscanf(p, "%m[0-9a-fA-F-]=%ms", &proc_uuid, &proc_options);
388 if (k == 2 && streq(proc_uuid, device + 5)) {
400 If luks UUIDs are specified on the kernel command line, use them as a filter
401 for /etc/crypttab and only generate units for those.
403 STRV_FOREACH(i, arg_disks) {
404 _cleanup_free_ char *proc_device = NULL, *proc_name = NULL;
407 if (startswith(p, "luks-"))
410 proc_name = strappend("luks-", p);
411 proc_device = strappend("UUID=", p);
413 if (!proc_name || !proc_device) {
418 if (streq(proc_device, device) || streq(proc_name, name)) {
419 if (create_disk(name, device, password, options) < 0)
422 if (strv_extend(&disks_done, p) < 0) {
428 } else if (create_disk(name, device, password, options) < 0)
437 STRV_FOREACH(i, arg_disks) {
439 Generate units for those UUIDs, which were specified
440 on the kernel command line and not yet written.
443 _cleanup_free_ char *name = NULL, *device = NULL, *options = NULL;
446 if (startswith(p, "luks-"))
449 if (strv_contains(disks_done, p))
452 name = strappend("luks-", p);
453 device = strappend("UUID=", p);
455 if (!name || !device) {
462 If options are specified on the kernel commandline, use them.
466 STRV_FOREACH(j, arg_options) {
467 _cleanup_free_ char *proc_uuid = NULL, *proc_options = NULL;
471 k = sscanf(s, "%m[0-9a-fA-F-]=%ms", &proc_uuid, &proc_options);
473 if (streq(proc_uuid, device + 5)) {
475 options = proc_options;
478 } else if (!options) {
480 Fall back to options without a specified UUID
492 options = strdup("timeout=0");
499 if (create_disk(name, device, arg_keyfile, options) < 0)
506 strv_free(arg_disks);
507 strv_free(arg_options);
510 return r != EXIT_SUCCESS ? r : r2;