*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include <config.h>
#include <string.h>
#include "daemon.h"
-#include "c-ctype.h"
#include "actions.h"
#include "optgroups.h"
+#define MAX_ARGS 64
+
int
optgroup_luks_available (void)
{
return prog_exists ("cryptsetup");
}
-static int
-luks_open (const char *device, const char *key, const char *mapname,
- int readonly)
+/* Callers must also call remove_temp (tempfile). */
+static char *
+write_key_to_temp (const char *key)
{
- /* Sanity check: /dev/mapper/mapname must not exist already. Note
- * that the device-mapper control device (/dev/mapper/control) is
- * always there, so you can't ever have mapname == "control".
- */
- size_t len = strlen (mapname);
- char devmapper[len+32];
- snprintf (devmapper, len+32, "/dev/mapper/%s", mapname);
- if (access (devmapper, F_OK) == 0) {
- reply_with_error ("%s: device already exists", devmapper);
- return -1;
+ char *tempfile = strdup ("/tmp/luksXXXXXX");
+ if (!tempfile) {
+ reply_with_perror ("strdup");
+ return NULL;
}
- char tempfile[] = "/tmp/luksXXXXXX";
int fd = mkstemp (tempfile);
if (fd == -1) {
reply_with_perror ("mkstemp");
- return -1;
+ goto error;
}
- len = strlen (key);
+ size_t len = strlen (key);
if (xwrite (fd, key, len) == -1) {
reply_with_perror ("write");
close (fd);
- unlink (tempfile);
- return -1;
+ goto error;
}
if (close (fd) == -1) {
reply_with_perror ("close");
- unlink (tempfile);
+ goto error;
+ }
+
+ return tempfile;
+
+ error:
+ unlink (tempfile);
+ free (tempfile);
+ return NULL;
+}
+
+static void
+remove_temp (char *tempfile)
+{
+ unlink (tempfile);
+ free (tempfile);
+}
+
+static int
+luks_open (const char *device, const char *key, const char *mapname,
+ int readonly)
+{
+ /* Sanity check: /dev/mapper/mapname must not exist already. Note
+ * that the device-mapper control device (/dev/mapper/control) is
+ * always there, so you can't ever have mapname == "control".
+ */
+ size_t len = strlen (mapname);
+ char devmapper[len+32];
+ snprintf (devmapper, len+32, "/dev/mapper/%s", mapname);
+ if (access (devmapper, F_OK) == 0) {
+ reply_with_error ("%s: device already exists", devmapper);
return -1;
}
- const char *argv[16];
+ char *tempfile = write_key_to_temp (key);
+ if (!tempfile)
+ return -1;
+
+ const char *argv[MAX_ARGS];
size_t i = 0;
- argv[i++] = "cryptsetup";
- argv[i++] = "-d";
- argv[i++] = tempfile;
- if (readonly) argv[i++] = "--readonly";
- argv[i++] = "luksOpen";
- argv[i++] = device;
- argv[i++] = mapname;
- argv[i++] = NULL;
+ ADD_ARG (argv, i, "cryptsetup");
+ ADD_ARG (argv, i, "-d");
+ ADD_ARG (argv, i, tempfile);
+ if (readonly) ADD_ARG (argv, i, "--readonly");
+ ADD_ARG (argv, i, "luksOpen");
+ ADD_ARG (argv, i, device);
+ ADD_ARG (argv, i, mapname);
+ ADD_ARG (argv, i, NULL);
char *err;
int r = commandv (NULL, &err, (const char * const *) argv);
- unlink (tempfile);
+ remove_temp (tempfile);
if (r == -1) {
reply_with_error ("%s", err);
return 0;
}
+
+static int
+luks_format (const char *device, const char *key, int keyslot,
+ const char *cipher)
+{
+ char *tempfile = write_key_to_temp (key);
+ if (!tempfile)
+ return -1;
+
+ const char *argv[MAX_ARGS];
+ char keyslot_s[16];
+ size_t i = 0;
+
+ ADD_ARG (argv, i, "cryptsetup");
+ ADD_ARG (argv, i, "-q");
+ if (cipher) {
+ ADD_ARG (argv, i, "--cipher");
+ ADD_ARG (argv, i, cipher);
+ }
+ ADD_ARG (argv, i, "--key-slot");
+ snprintf (keyslot_s, sizeof keyslot_s, "%d", keyslot);
+ ADD_ARG (argv, i, keyslot_s);
+ ADD_ARG (argv, i, "luksFormat");
+ ADD_ARG (argv, i, device);
+ ADD_ARG (argv, i, tempfile);
+ ADD_ARG (argv, i, NULL);
+
+ char *err;
+ int r = commandv (NULL, &err, (const char * const *) argv);
+ remove_temp (tempfile);
+
+ if (r == -1) {
+ reply_with_error ("%s", err);
+ free (err);
+ return -1;
+ }
+
+ free (err);
+
+ udev_settle ();
+
+ return 0;
+}
+
+int
+do_luks_format (const char *device, const char *key, int keyslot)
+{
+ return luks_format (device, key, keyslot, NULL);
+}
+
+int
+do_luks_format_cipher (const char *device, const char *key, int keyslot,
+ const char *cipher)
+{
+ return luks_format (device, key, keyslot, cipher);
+}
+
+int
+do_luks_add_key (const char *device, const char *key, const char *newkey,
+ int keyslot)
+{
+ char *keyfile = write_key_to_temp (key);
+ if (!keyfile)
+ return -1;
+
+ char *newkeyfile = write_key_to_temp (newkey);
+ if (!newkeyfile) {
+ remove_temp (keyfile);
+ return -1;
+ }
+
+ const char *argv[MAX_ARGS];
+ char keyslot_s[16];
+ size_t i = 0;
+
+ ADD_ARG (argv, i, "cryptsetup");
+ ADD_ARG (argv, i, "-q");
+ ADD_ARG (argv, i, "-d");
+ ADD_ARG (argv, i, keyfile);
+ ADD_ARG (argv, i, "--key-slot");
+ snprintf (keyslot_s, sizeof keyslot_s, "%d", keyslot);
+ ADD_ARG (argv, i, keyslot_s);
+ ADD_ARG (argv, i, "luksAddKey");
+ ADD_ARG (argv, i, device);
+ ADD_ARG (argv, i, newkeyfile);
+ ADD_ARG (argv, i, NULL);
+
+ char *err;
+ int r = commandv (NULL, &err, (const char * const *) argv);
+ remove_temp (keyfile);
+ remove_temp (newkeyfile);
+
+ if (r == -1) {
+ reply_with_error ("%s", err);
+ free (err);
+ return -1;
+ }
+
+ free (err);
+
+ return 0;
+}
+
+int
+do_luks_kill_slot (const char *device, const char *key, int keyslot)
+{
+ char *tempfile = write_key_to_temp (key);
+ if (!tempfile)
+ return -1;
+
+ const char *argv[MAX_ARGS];
+ char keyslot_s[16];
+ size_t i = 0;
+
+ ADD_ARG (argv, i, "cryptsetup");
+ ADD_ARG (argv, i, "-q");
+ ADD_ARG (argv, i, "-d");
+ ADD_ARG (argv, i, tempfile);
+ ADD_ARG (argv, i, "luksKillSlot");
+ ADD_ARG (argv, i, device);
+ snprintf (keyslot_s, sizeof keyslot_s, "%d", keyslot);
+ ADD_ARG (argv, i, keyslot_s);
+ ADD_ARG (argv, i, NULL);
+
+ char *err;
+ int r = commandv (NULL, &err, (const char * const *) argv);
+ remove_temp (tempfile);
+
+ if (r == -1) {
+ reply_with_error ("%s", err);
+ free (err);
+ return -1;
+ }
+
+ free (err);
+
+ return 0;
+}