]>
Commit | Line | Data |
---|---|---|
52ad194e | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
663996b3 | 2 | |
663996b3 | 3 | #include <errno.h> |
52ad194e | 4 | #include <stdio_ext.h> |
663996b3 | 5 | |
db2df898 | 6 | #include "alloc-util.h" |
f47781d8 | 7 | #include "dropin.h" |
6e866b33 | 8 | #include "escape.h" |
db2df898 MP |
9 | #include "fd-util.h" |
10 | #include "fileio.h" | |
11 | #include "fstab-util.h" | |
f47781d8 MP |
12 | #include "generator.h" |
13 | #include "hashmap.h" | |
6e866b33 | 14 | #include "id128-util.h" |
663996b3 | 15 | #include "log.h" |
663996b3 | 16 | #include "mkdir.h" |
db2df898 | 17 | #include "parse-util.h" |
e842803a | 18 | #include "path-util.h" |
db2df898 | 19 | #include "proc-cmdline.h" |
52ad194e | 20 | #include "specifier.h" |
db2df898 | 21 | #include "string-util.h" |
f47781d8 MP |
22 | #include "strv.h" |
23 | #include "unit-name.h" | |
24 | #include "util.h" | |
25 | ||
26 | typedef struct crypto_device { | |
27 | char *uuid; | |
28 | char *keyfile; | |
6e866b33 | 29 | char *keydev; |
f47781d8 MP |
30 | char *name; |
31 | char *options; | |
32 | bool create; | |
33 | } crypto_device; | |
663996b3 | 34 | |
6e866b33 | 35 | static const char *arg_dest = NULL; |
663996b3 MS |
36 | static bool arg_enabled = true; |
37 | static bool arg_read_crypttab = true; | |
f47781d8 MP |
38 | static bool arg_whitelist = false; |
39 | static Hashmap *arg_disks = NULL; | |
40 | static char *arg_default_options = NULL; | |
41 | static char *arg_default_keyfile = NULL; | |
663996b3 | 42 | |
6e866b33 MB |
43 | STATIC_DESTRUCTOR_REGISTER(arg_disks, hashmap_freep); |
44 | STATIC_DESTRUCTOR_REGISTER(arg_default_options, freep); | |
45 | STATIC_DESTRUCTOR_REGISTER(arg_default_keyfile, freep); | |
46 | ||
47 | static int generate_keydev_mount(const char *name, const char *keydev, char **unit, char **mount) { | |
48 | _cleanup_free_ char *u = NULL, *what = NULL, *where = NULL, *name_escaped = NULL; | |
49 | _cleanup_fclose_ FILE *f = NULL; | |
50 | int r; | |
51 | ||
52 | assert(name); | |
53 | assert(keydev); | |
54 | assert(unit); | |
55 | assert(mount); | |
56 | ||
57 | r = mkdir_parents("/run/systemd/cryptsetup", 0755); | |
58 | if (r < 0) | |
59 | return r; | |
60 | ||
61 | r = mkdir("/run/systemd/cryptsetup", 0700); | |
62 | if (r < 0 && errno != EEXIST) | |
63 | return -errno; | |
64 | ||
65 | name_escaped = cescape(name); | |
66 | if (!name_escaped) | |
67 | return -ENOMEM; | |
68 | ||
69 | where = strjoin("/run/systemd/cryptsetup/keydev-", name_escaped); | |
70 | if (!where) | |
71 | return -ENOMEM; | |
72 | ||
73 | r = mkdir(where, 0700); | |
74 | if (r < 0 && errno != EEXIST) | |
75 | return -errno; | |
76 | ||
77 | r = unit_name_from_path(where, ".mount", &u); | |
78 | if (r < 0) | |
79 | return r; | |
80 | ||
81 | r = generator_open_unit_file(arg_dest, NULL, u, &f); | |
82 | if (r < 0) | |
83 | return r; | |
84 | ||
85 | what = fstab_node_to_udev_node(keydev); | |
86 | if (!what) | |
87 | return -ENOMEM; | |
88 | ||
89 | fprintf(f, | |
90 | "[Unit]\n" | |
91 | "DefaultDependencies=no\n\n" | |
92 | "[Mount]\n" | |
93 | "What=%s\n" | |
94 | "Where=%s\n" | |
95 | "Options=ro\n", what, where); | |
96 | ||
97 | r = fflush_and_check(f); | |
98 | if (r < 0) | |
99 | return r; | |
100 | ||
101 | *unit = TAKE_PTR(u); | |
102 | *mount = TAKE_PTR(where); | |
103 | ||
104 | return 0; | |
105 | } | |
106 | ||
663996b3 MS |
107 | static int create_disk( |
108 | const char *name, | |
109 | const char *device, | |
6e866b33 | 110 | const char *keydev, |
663996b3 MS |
111 | const char *password, |
112 | const char *options) { | |
113 | ||
1d42b86d | 114 | _cleanup_free_ char *n = NULL, *d = NULL, *u = NULL, *e = NULL, |
6e866b33 | 115 | *filtered = NULL, *u_escaped = NULL, *password_escaped = NULL, *filtered_escaped = NULL, *name_escaped = NULL, *keydev_mount = NULL; |
663996b3 | 116 | _cleanup_fclose_ FILE *f = NULL; |
f5e65279 MB |
117 | const char *dmname; |
118 | bool noauto, nofail, tmp, swap, netdev; | |
60f067b4 | 119 | int r; |
663996b3 MS |
120 | |
121 | assert(name); | |
122 | assert(device); | |
123 | ||
e735f4d4 MP |
124 | noauto = fstab_test_yes_no_option(options, "noauto\0" "auto\0"); |
125 | nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0"); | |
126 | tmp = fstab_test_option(options, "tmp\0"); | |
127 | swap = fstab_test_option(options, "swap\0"); | |
f5e65279 | 128 | netdev = fstab_test_option(options, "_netdev\0"); |
14228c0d | 129 | |
6e866b33 MB |
130 | if (tmp && swap) |
131 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
132 | "Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", | |
133 | name); | |
663996b3 | 134 | |
52ad194e MB |
135 | name_escaped = specifier_escape(name); |
136 | if (!name_escaped) | |
137 | return log_oom(); | |
138 | ||
60f067b4 JS |
139 | e = unit_name_escape(name); |
140 | if (!e) | |
141 | return log_oom(); | |
142 | ||
663996b3 MS |
143 | u = fstab_node_to_udev_node(device); |
144 | if (!u) | |
145 | return log_oom(); | |
146 | ||
1d42b86d MB |
147 | r = unit_name_build("systemd-cryptsetup", e, ".service", &n); |
148 | if (r < 0) | |
149 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
150 | ||
52ad194e MB |
151 | u_escaped = specifier_escape(u); |
152 | if (!u_escaped) | |
153 | return log_oom(); | |
154 | ||
e3bff60a MP |
155 | r = unit_name_from_path(u, ".device", &d); |
156 | if (r < 0) | |
157 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
663996b3 | 158 | |
1d42b86d MB |
159 | if (password) { |
160 | password_escaped = specifier_escape(password); | |
161 | if (!password_escaped) | |
162 | return log_oom(); | |
163 | } | |
663996b3 | 164 | |
6e866b33 MB |
165 | if (keydev && !password) |
166 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
167 | "Key device is specified, but path to the password file is missing."); | |
168 | ||
1d42b86d MB |
169 | r = generator_open_unit_file(arg_dest, NULL, n, &f); |
170 | if (r < 0) | |
171 | return r; | |
52ad194e | 172 | |
f5e65279 | 173 | fprintf(f, |
f5e65279 MB |
174 | "[Unit]\n" |
175 | "Description=Cryptography Setup for %%I\n" | |
176 | "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n" | |
177 | "SourcePath=/etc/crypttab\n" | |
178 | "DefaultDependencies=no\n" | |
179 | "Conflicts=umount.target\n" | |
180 | "IgnoreOnIsolate=true\n" | |
181 | "After=%s\n", | |
52ad194e | 182 | netdev ? "remote-fs-pre.target" : "cryptsetup-pre.target"); |
663996b3 | 183 | |
6e866b33 MB |
184 | if (keydev) { |
185 | _cleanup_free_ char *unit = NULL, *p = NULL; | |
186 | ||
187 | r = generate_keydev_mount(name, keydev, &unit, &keydev_mount); | |
188 | if (r < 0) | |
189 | return log_error_errno(r, "Failed to generate keydev mount unit: %m"); | |
190 | ||
191 | p = prefix_root(keydev_mount, password_escaped); | |
192 | if (!p) | |
193 | return log_oom(); | |
194 | ||
195 | free_and_replace(password_escaped, p); | |
196 | } | |
197 | ||
663996b3 MS |
198 | if (!nofail) |
199 | fprintf(f, | |
f5e65279 MB |
200 | "Before=%s\n", |
201 | netdev ? "remote-cryptsetup.target" : "cryptsetup.target"); | |
663996b3 MS |
202 | |
203 | if (password) { | |
6e866b33 | 204 | if (PATH_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random")) |
52ad194e | 205 | fputs("After=systemd-random-seed.service\n", f); |
f5e65279 | 206 | else if (!STR_IN_SET(password, "-", "none")) { |
60f067b4 JS |
207 | _cleanup_free_ char *uu; |
208 | ||
209 | uu = fstab_node_to_udev_node(password); | |
210 | if (!uu) | |
211 | return log_oom(); | |
212 | ||
e842803a | 213 | if (!path_equal(uu, "/dev/null")) { |
60f067b4 | 214 | |
f5e65279 | 215 | if (path_startswith(uu, "/dev/")) { |
e3bff60a | 216 | _cleanup_free_ char *dd = NULL; |
60f067b4 | 217 | |
e3bff60a MP |
218 | r = unit_name_from_path(uu, ".device", &dd); |
219 | if (r < 0) | |
220 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
e842803a MB |
221 | |
222 | fprintf(f, "After=%1$s\nRequires=%1$s\n", dd); | |
223 | } else | |
52ad194e | 224 | fprintf(f, "RequiresMountsFor=%s\n", password_escaped); |
e842803a | 225 | } |
60f067b4 | 226 | } |
663996b3 MS |
227 | } |
228 | ||
f5e65279 | 229 | if (path_startswith(u, "/dev/")) { |
663996b3 MS |
230 | fprintf(f, |
231 | "BindsTo=%s\n" | |
232 | "After=%s\n" | |
233 | "Before=umount.target\n", | |
234 | d, d); | |
2897b343 MP |
235 | |
236 | if (swap) | |
52ad194e MB |
237 | fputs("Before=dev-mapper-%i.swap\n", |
238 | f); | |
2897b343 | 239 | } else |
6e866b33 MB |
240 | /* For loopback devices, add systemd-tmpfiles-setup-dev.service |
241 | dependency to ensure that loopback support is available in | |
242 | the kernel (/dev/loop-control needs to exist) */ | |
663996b3 | 243 | fprintf(f, |
6e866b33 MB |
244 | "RequiresMountsFor=%s\n" |
245 | "Requires=systemd-tmpfiles-setup-dev.service\n" | |
246 | "After=systemd-tmpfiles-setup-dev.service\n", | |
52ad194e MB |
247 | u_escaped); |
248 | ||
e842803a MB |
249 | r = generator_write_timeouts(arg_dest, device, name, options, &filtered); |
250 | if (r < 0) | |
251 | return r; | |
252 | ||
1d42b86d MB |
253 | if (filtered) { |
254 | filtered_escaped = specifier_escape(filtered); | |
255 | if (!filtered_escaped) | |
256 | return log_oom(); | |
257 | } | |
52ad194e | 258 | |
663996b3 MS |
259 | fprintf(f, |
260 | "\n[Service]\n" | |
261 | "Type=oneshot\n" | |
262 | "RemainAfterExit=yes\n" | |
263 | "TimeoutSec=0\n" /* the binary handles timeouts anyway */ | |
f5e65279 | 264 | "KeyringMode=shared\n" /* make sure we can share cached keys among instances */ |
663996b3 MS |
265 | "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n" |
266 | "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n", | |
52ad194e MB |
267 | name_escaped, u_escaped, strempty(password_escaped), strempty(filtered_escaped), |
268 | name_escaped); | |
663996b3 | 269 | |
14228c0d | 270 | if (tmp) |
663996b3 MS |
271 | fprintf(f, |
272 | "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n", | |
52ad194e | 273 | name_escaped); |
663996b3 | 274 | |
14228c0d | 275 | if (swap) |
663996b3 MS |
276 | fprintf(f, |
277 | "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n", | |
52ad194e | 278 | name_escaped); |
663996b3 | 279 | |
6e866b33 MB |
280 | if (keydev) |
281 | fprintf(f, | |
282 | "ExecStartPost=" UMOUNT_PATH " %s\n\n", | |
283 | keydev_mount); | |
284 | ||
e3bff60a MP |
285 | r = fflush_and_check(f); |
286 | if (r < 0) | |
1d42b86d | 287 | return log_error_errno(r, "Failed to write unit file %s: %m", n); |
663996b3 | 288 | |
663996b3 | 289 | if (!noauto) { |
f5e65279 MB |
290 | r = generator_add_symlink(arg_dest, d, "wants", n); |
291 | if (r < 0) | |
292 | return r; | |
663996b3 | 293 | |
f5e65279 MB |
294 | r = generator_add_symlink(arg_dest, |
295 | netdev ? "remote-cryptsetup.target" : "cryptsetup.target", | |
296 | nofail ? "wants" : "requires", n); | |
297 | if (r < 0) | |
298 | return r; | |
663996b3 MS |
299 | } |
300 | ||
f5e65279 MB |
301 | dmname = strjoina("dev-mapper-", e, ".device"); |
302 | r = generator_add_symlink(arg_dest, dmname, "requires", n); | |
303 | if (r < 0) | |
304 | return r; | |
663996b3 MS |
305 | |
306 | if (!noauto && !nofail) { | |
5eef597e | 307 | r = write_drop_in(arg_dest, dmname, 90, "device-timeout", |
e842803a MB |
308 | "# Automatically generated by systemd-cryptsetup-generator \n\n" |
309 | "[Unit]\nJobTimeoutSec=0"); | |
f47781d8 MP |
310 | if (r < 0) |
311 | return log_error_errno(r, "Failed to write device drop-in: %m"); | |
312 | } | |
313 | ||
314 | return 0; | |
315 | } | |
316 | ||
6e866b33 MB |
317 | static crypto_device* crypt_device_free(crypto_device *d) { |
318 | if (!d) | |
319 | return NULL; | |
320 | ||
52ad194e MB |
321 | free(d->uuid); |
322 | free(d->keyfile); | |
6e866b33 | 323 | free(d->keydev); |
52ad194e MB |
324 | free(d->name); |
325 | free(d->options); | |
6e866b33 | 326 | return mfree(d); |
f47781d8 MP |
327 | } |
328 | ||
329 | static crypto_device *get_crypto_device(const char *uuid) { | |
330 | int r; | |
331 | crypto_device *d; | |
332 | ||
333 | assert(uuid); | |
334 | ||
335 | d = hashmap_get(arg_disks, uuid); | |
336 | if (!d) { | |
337 | d = new0(struct crypto_device, 1); | |
338 | if (!d) | |
339 | return NULL; | |
340 | ||
341 | d->create = false; | |
342 | d->keyfile = d->options = d->name = NULL; | |
343 | ||
344 | d->uuid = strdup(uuid); | |
8a584da2 MP |
345 | if (!d->uuid) |
346 | return mfree(d); | |
f47781d8 MP |
347 | |
348 | r = hashmap_put(arg_disks, d->uuid, d); | |
60f067b4 | 349 | if (r < 0) { |
f47781d8 | 350 | free(d->uuid); |
8a584da2 | 351 | return mfree(d); |
60f067b4 | 352 | } |
663996b3 MS |
353 | } |
354 | ||
f47781d8 | 355 | return d; |
663996b3 MS |
356 | } |
357 | ||
8a584da2 | 358 | static int parse_proc_cmdline_item(const char *key, const char *value, void *data) { |
f47781d8 | 359 | _cleanup_free_ char *uuid = NULL, *uuid_value = NULL; |
2897b343 MP |
360 | crypto_device *d; |
361 | int r; | |
663996b3 | 362 | |
2897b343 | 363 | if (streq(key, "luks")) { |
663996b3 | 364 | |
2897b343 | 365 | r = value ? parse_boolean(value) : 1; |
60f067b4 | 366 | if (r < 0) |
2897b343 | 367 | log_warning("Failed to parse luks= kernel command line switch %s. Ignoring.", value); |
60f067b4 JS |
368 | else |
369 | arg_enabled = r; | |
663996b3 | 370 | |
2897b343 | 371 | } else if (streq(key, "luks.crypttab")) { |
14228c0d | 372 | |
2897b343 | 373 | r = value ? parse_boolean(value) : 1; |
60f067b4 | 374 | if (r < 0) |
2897b343 | 375 | log_warning("Failed to parse luks.crypttab= kernel command line switch %s. Ignoring.", value); |
60f067b4 JS |
376 | else |
377 | arg_read_crypttab = r; | |
14228c0d | 378 | |
2897b343 MP |
379 | } else if (streq(key, "luks.uuid")) { |
380 | ||
381 | if (proc_cmdline_value_missing(key, value)) | |
382 | return 0; | |
14228c0d | 383 | |
f47781d8 MP |
384 | d = get_crypto_device(startswith(value, "luks-") ? value+5 : value); |
385 | if (!d) | |
60f067b4 | 386 | return log_oom(); |
663996b3 | 387 | |
f47781d8 MP |
388 | d->create = arg_whitelist = true; |
389 | ||
2897b343 MP |
390 | } else if (streq(key, "luks.options")) { |
391 | ||
392 | if (proc_cmdline_value_missing(key, value)) | |
393 | return 0; | |
663996b3 | 394 | |
f47781d8 MP |
395 | r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value); |
396 | if (r == 2) { | |
397 | d = get_crypto_device(uuid); | |
398 | if (!d) | |
399 | return log_oom(); | |
400 | ||
2897b343 | 401 | free_and_replace(d->options, uuid_value); |
f47781d8 | 402 | } else if (free_and_strdup(&arg_default_options, value) < 0) |
60f067b4 | 403 | return log_oom(); |
663996b3 | 404 | |
2897b343 | 405 | } else if (streq(key, "luks.key")) { |
6e866b33 MB |
406 | size_t n; |
407 | _cleanup_free_ char *keyfile = NULL, *keydev = NULL; | |
408 | char *c; | |
409 | const char *keyspec; | |
2897b343 MP |
410 | |
411 | if (proc_cmdline_value_missing(key, value)) | |
412 | return 0; | |
663996b3 | 413 | |
6e866b33 MB |
414 | n = strspn(value, LETTERS DIGITS "-"); |
415 | if (value[n] != '=') { | |
416 | if (free_and_strdup(&arg_default_keyfile, value) < 0) | |
417 | return log_oom(); | |
418 | return 0; | |
419 | } | |
420 | ||
421 | uuid = strndup(value, n); | |
422 | if (!uuid) | |
423 | return log_oom(); | |
424 | ||
425 | if (!id128_is_valid(uuid)) { | |
426 | log_warning("Failed to parse luks.key= kernel command line switch. UUID is invalid, ignoring."); | |
427 | return 0; | |
428 | } | |
f47781d8 | 429 | |
6e866b33 MB |
430 | d = get_crypto_device(uuid); |
431 | if (!d) | |
60f067b4 | 432 | return log_oom(); |
663996b3 | 433 | |
6e866b33 MB |
434 | keyspec = value + n + 1; |
435 | c = strrchr(keyspec, ':'); | |
436 | if (c) { | |
437 | *c = '\0'; | |
438 | keyfile = strdup(keyspec); | |
439 | keydev = strdup(c + 1); | |
440 | ||
441 | if (!keyfile || !keydev) | |
442 | return log_oom(); | |
443 | } else { | |
444 | /* No keydev specified */ | |
445 | keyfile = strdup(keyspec); | |
446 | if (!keyfile) | |
447 | return log_oom(); | |
448 | } | |
449 | ||
450 | free_and_replace(d->keyfile, keyfile); | |
451 | free_and_replace(d->keydev, keydev); | |
2897b343 MP |
452 | } else if (streq(key, "luks.name")) { |
453 | ||
454 | if (proc_cmdline_value_missing(key, value)) | |
455 | return 0; | |
f47781d8 MP |
456 | |
457 | r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value); | |
458 | if (r == 2) { | |
459 | d = get_crypto_device(uuid); | |
460 | if (!d) | |
461 | return log_oom(); | |
462 | ||
463 | d->create = arg_whitelist = true; | |
464 | ||
52ad194e | 465 | free_and_replace(d->name, uuid_value); |
f47781d8 MP |
466 | } else |
467 | log_warning("Failed to parse luks name switch %s. Ignoring.", value); | |
e842803a | 468 | } |
663996b3 MS |
469 | |
470 | return 0; | |
471 | } | |
472 | ||
f47781d8 | 473 | static int add_crypttab_devices(void) { |
663996b3 | 474 | _cleanup_fclose_ FILE *f = NULL; |
6e866b33 MB |
475 | unsigned crypttab_line = 0; |
476 | struct stat st; | |
477 | int r; | |
663996b3 | 478 | |
f47781d8 MP |
479 | if (!arg_read_crypttab) |
480 | return 0; | |
481 | ||
482 | f = fopen("/etc/crypttab", "re"); | |
483 | if (!f) { | |
484 | if (errno != ENOENT) | |
485 | log_error_errno(errno, "Failed to open /etc/crypttab: %m"); | |
486 | return 0; | |
663996b3 MS |
487 | } |
488 | ||
52ad194e MB |
489 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); |
490 | ||
f47781d8 MP |
491 | if (fstat(fileno(f), &st) < 0) { |
492 | log_error_errno(errno, "Failed to stat /etc/crypttab: %m"); | |
493 | return 0; | |
494 | } | |
663996b3 | 495 | |
f47781d8 | 496 | for (;;) { |
6e866b33 | 497 | _cleanup_free_ char *line = NULL, *name = NULL, *device = NULL, *keyfile = NULL, *options = NULL; |
f47781d8 | 498 | crypto_device *d = NULL; |
6e866b33 MB |
499 | char *l, *uuid; |
500 | int k; | |
663996b3 | 501 | |
6e866b33 MB |
502 | r = read_line(f, LONG_LINE_MAX, &line); |
503 | if (r < 0) | |
504 | return log_error_errno(r, "Failed to read /etc/crypttab: %m"); | |
505 | if (r == 0) | |
f47781d8 | 506 | break; |
60f067b4 | 507 | |
f47781d8 | 508 | crypttab_line++; |
663996b3 | 509 | |
f47781d8 | 510 | l = strstrip(line); |
6e866b33 | 511 | if (IN_SET(l[0], 0, '#')) |
f47781d8 | 512 | continue; |
663996b3 | 513 | |
f47781d8 MP |
514 | k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &keyfile, &options); |
515 | if (k < 2 || k > 4) { | |
516 | log_error("Failed to parse /etc/crypttab:%u, ignoring.", crypttab_line); | |
517 | continue; | |
518 | } | |
663996b3 | 519 | |
6e866b33 | 520 | uuid = STARTSWITH_SET(device, "UUID=", "luks-"); |
f47781d8 MP |
521 | if (!uuid) |
522 | uuid = path_startswith(device, "/dev/disk/by-uuid/"); | |
f47781d8 MP |
523 | if (uuid) |
524 | d = hashmap_get(arg_disks, uuid); | |
663996b3 | 525 | |
f47781d8 MP |
526 | if (arg_whitelist && !d) { |
527 | log_info("Not creating device '%s' because it was not specified on the kernel command line.", name); | |
528 | continue; | |
663996b3 MS |
529 | } |
530 | ||
6e866b33 | 531 | r = create_disk(name, device, NULL, keyfile, (d && d->options) ? d->options : options); |
f47781d8 MP |
532 | if (r < 0) |
533 | return r; | |
663996b3 | 534 | |
f47781d8 MP |
535 | if (d) |
536 | d->create = false; | |
537 | } | |
663996b3 | 538 | |
f47781d8 MP |
539 | return 0; |
540 | } | |
663996b3 | 541 | |
f47781d8 MP |
542 | static int add_proc_cmdline_devices(void) { |
543 | int r; | |
544 | Iterator i; | |
545 | crypto_device *d; | |
663996b3 | 546 | |
f47781d8 MP |
547 | HASHMAP_FOREACH(d, arg_disks, i) { |
548 | const char *options; | |
549 | _cleanup_free_ char *device = NULL; | |
663996b3 | 550 | |
f47781d8 MP |
551 | if (!d->create) |
552 | continue; | |
663996b3 | 553 | |
f47781d8 MP |
554 | if (!d->name) { |
555 | d->name = strappend("luks-", d->uuid); | |
556 | if (!d->name) | |
557 | return log_oom(); | |
558 | } | |
663996b3 | 559 | |
f47781d8 MP |
560 | device = strappend("UUID=", d->uuid); |
561 | if (!device) | |
562 | return log_oom(); | |
14228c0d | 563 | |
f47781d8 MP |
564 | if (d->options) |
565 | options = d->options; | |
566 | else if (arg_default_options) | |
567 | options = arg_default_options; | |
568 | else | |
569 | options = "timeout=0"; | |
60f067b4 | 570 | |
6e866b33 | 571 | r = create_disk(d->name, device, d->keydev, d->keyfile ?: arg_default_keyfile, options); |
f47781d8 MP |
572 | if (r < 0) |
573 | return r; | |
663996b3 MS |
574 | } |
575 | ||
f47781d8 MP |
576 | return 0; |
577 | } | |
663996b3 | 578 | |
6e866b33 MB |
579 | DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(crypt_device_hash_ops, char, string_hash_func, string_compare_func, |
580 | crypto_device, crypt_device_free); | |
663996b3 | 581 | |
6e866b33 MB |
582 | static int run(const char *dest, const char *dest_early, const char *dest_late) { |
583 | int r; | |
663996b3 | 584 | |
6e866b33 | 585 | assert_se(arg_dest = dest); |
663996b3 | 586 | |
6e866b33 MB |
587 | arg_disks = hashmap_new(&crypt_device_hash_ops); |
588 | if (!arg_disks) | |
589 | return log_oom(); | |
14228c0d | 590 | |
2897b343 | 591 | r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, PROC_CMDLINE_STRIP_RD_PREFIX); |
6e866b33 MB |
592 | if (r < 0) |
593 | return log_warning_errno(r, "Failed to parse kernel command line: %m"); | |
14228c0d | 594 | |
6e866b33 MB |
595 | if (!arg_enabled) |
596 | return 0; | |
663996b3 | 597 | |
2897b343 MP |
598 | r = add_crypttab_devices(); |
599 | if (r < 0) | |
6e866b33 | 600 | return r; |
f47781d8 | 601 | |
2897b343 MP |
602 | r = add_proc_cmdline_devices(); |
603 | if (r < 0) | |
6e866b33 | 604 | return r; |
60f067b4 | 605 | |
6e866b33 | 606 | return 0; |
663996b3 | 607 | } |
6e866b33 MB |
608 | |
609 | DEFINE_MAIN_GENERATOR_FUNCTION(run); |