Commit 62b0138d authored by Milan Broz's avatar Milan Broz

Allow to use --header option in all LUKS commands.

The --header always takes precedence over positional device argument.

Also allow specify UUID= for luksSuspend and luksResume if used with
detached header.
parent c13a8003
......@@ -160,6 +160,14 @@ Key operations that do not specify a slot affect the first slot
that matches the supplied passphrase or the first empty slot if
a new passphrase is added.
The \fB<device>\fR parameter can be also specified by a LUKS UUID in the
format UUID=<uuid>. Translation to real device name uses symlinks
in /dev/disk/by-uuid directory.
To specify a detached header, the \fB\-\-header\fR parameter can be used
in all LUKS commands and always takes precedence over positional \fB<device>\fR
parameter.
The following are valid LUKS actions:
\fIluksFormat\fR <device> [<key file>]
......@@ -196,9 +204,6 @@ successful verification of the supplied passphrase.
If the passphrase is not supplied via \-\-key-file, the command
prompts for it interactively.
The <device> parameter can be also specified by LUKS UUID in the
format UUID=<uuid>, which uses the symlinks in /dev/disk/by-uuid.
\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
\-\-keyfile\-size, \-\-readonly, \-\-test\-passphrase,
\-\-allow\-discards, \-\-header, \-\-key-slot, \-\-master\-key\-file].
......@@ -235,7 +240,7 @@ or read from the file given as positional argument.
\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
\-\-keyfile\-size, \-\-new\-keyfile\-offset,
\-\-new\-keyfile\-size, \-\-key\-slot, \-\-master\-key\-file,
\-\-iter\-time, \-\-force\-password].
\-\-iter\-time, \-\-force\-password, \-\-header].
.PP
\fIluksRemoveKey\fR <device> [<key file with passphrase to be removed>]
.IP
......@@ -244,7 +249,7 @@ passphrase to be removed can be specified interactively,
as positional argument or via \-\-key-file.
\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
\-\-keyfile\-size]
\-\-keyfile\-size, \-\-header]
\fBWARNING:\fR If you read the passphrase from stdin
(without further argument or with '-' as argument
......@@ -277,7 +282,7 @@ inaccessible.
\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
\-\-keyfile\-size, \-\-new\-keyfile\-offset,
\-\-new\-keyfile\-size, \-\-key\-slot, \-\-force\-password].
\-\-new\-keyfile\-size, \-\-key\-slot, \-\-force\-password, \-\-header].
.PP
\fIluksKillSlot\fR <device> <key slot number>
.IP
......@@ -288,7 +293,7 @@ an interactive confirmation when doing so. Removing the last
passphrase makes a LUKS container permanently inaccessible.
\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
\-\-keyfile\-size].
\-\-keyfile\-size, \-\-header].
\fBWARNING:\fR If you read the passphrase from stdin
(without further argument or with '-' as argument
......@@ -334,7 +339,7 @@ In order to dump the master key, a passphrase has to be supplied,
either interactively or via \-\-key\-file.
\fB<options>\fR can be [\-\-dump\-master\-key, \-\-key\-file,
\-\-keyfile\-offset, \-\-keyfile\-size].
\-\-keyfile\-offset, \-\-keyfile\-size, \-\-header].
\fBWARNING:\fR If \-\-dump\-master\-key is used with \-\-key\-file
and the argument to \-\-key\-file is '-', no validation question
......@@ -1026,7 +1031,7 @@ Copyright \(co 2004-2006 Clemens Fruhwirth
.br
Copyright \(co 2009-2012 Red Hat, Inc.
.br
Copyright \(co 2009-2014 Milan Broz
Copyright \(co 2009-2015 Milan Broz
.br
Copyright \(co 2012-2014 Arno Wagner
......
......@@ -4,7 +4,7 @@
* Copyright (C) 2004, Jana Saout <jana@saout.de>
* Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
* Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
* Copyright (C) 2009-2014, Milan Broz
* Copyright (C) 2009-2015, Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
......@@ -66,6 +66,14 @@ static const char **action_argv;
static int action_argc;
static const char *null_action_argv[] = {NULL, NULL};
static const char *uuid_or_device_header(const char **data_device)
{
if (data_device)
*data_device = opt_header_device ? action_argv[0] : NULL;
return uuid_or_device(opt_header_device ?: action_argv[0]);
}
static int _verify_passphrase(int def)
{
/* Batch mode switch off verify - if not overrided by -y */
......@@ -733,13 +741,7 @@ static int action_open_luks(void)
uint32_t flags = 0;
int r, keysize;
if (opt_header_device) {
header_device = uuid_or_device(opt_header_device);
data_device = action_argv[0];
} else {
header_device = uuid_or_device(action_argv[0]);
data_device = NULL;
}
header_device = uuid_or_device_header(&data_device);
activated_name = opt_test_passphrase ? NULL : action_argv[1];
......@@ -843,7 +845,7 @@ static int action_luksKillSlot(void)
struct crypt_device *cd = NULL;
int r;
if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
crypt_set_confirm_callback(cd, yesDialog, NULL);
......@@ -886,7 +888,7 @@ static int action_luksRemoveKey(void)
size_t passwordLen;
int r;
if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
crypt_set_confirm_callback(cd, yesDialog, NULL);
......@@ -937,7 +939,7 @@ static int action_luksAddKey(void)
size_t password_size = 0, password_new_size = 0;
struct crypt_device *cd = NULL;
if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
crypt_set_confirm_callback(cd, yesDialog, NULL);
......@@ -1004,7 +1006,7 @@ static int action_luksChangeKey(void)
size_t password_size = 0, password_new_size = 0;
int r;
if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
......@@ -1055,7 +1057,7 @@ static int action_isLuks(void)
return -ENODEV;
}
if ((r = crypt_init(&cd, action_argv[0])))
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
crypt_set_log_callback(cd, quiet_log, NULL);
......@@ -1071,7 +1073,7 @@ static int action_luksUUID(void)
const char *existing_uuid = NULL;
int r;
if ((r = crypt_init(&cd, action_argv[0])))
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
crypt_set_confirm_callback(cd, yesDialog, NULL);
......@@ -1150,7 +1152,7 @@ static int action_luksDump(void)
struct crypt_device *cd = NULL;
int r;
if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
......@@ -1170,7 +1172,7 @@ static int action_luksSuspend(void)
struct crypt_device *cd = NULL;
int r;
r = crypt_init_by_name_and_header(&cd, action_argv[0], opt_header_device);
r = crypt_init_by_name_and_header(&cd, action_argv[0], uuid_or_device(opt_header_device));
if (!r)
r = crypt_suspend(cd, action_argv[0]);
......@@ -1183,7 +1185,7 @@ static int action_luksResume(void)
struct crypt_device *cd = NULL;
int r;
if ((r = crypt_init_by_name_and_header(&cd, action_argv[0], opt_header_device)))
if ((r = crypt_init_by_name_and_header(&cd, action_argv[0], uuid_or_device(opt_header_device))))
goto out;
crypt_set_timeout(cd, opt_timeout);
......@@ -1211,7 +1213,7 @@ static int action_luksBackup(void)
return -EINVAL;
}
if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
crypt_set_confirm_callback(cd, yesDialog, NULL);
......@@ -1232,7 +1234,7 @@ static int action_luksRestore(void)
return -EINVAL;
}
if ((r = crypt_init(&cd, action_argv[0])))
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
crypt_set_confirm_callback(cd, yesDialog, NULL);
......@@ -1279,7 +1281,7 @@ static int action_luksErase(void)
char *msg = NULL;
int i, r;
if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
crypt_set_confirm_callback(cd, yesDialog, NULL);
......@@ -1289,7 +1291,7 @@ static int action_luksErase(void)
if(asprintf(&msg, _("This operation will erase all keyslots on device %s.\n"
"Device will become unusable after this operation."),
uuid_or_device(action_argv[0])) == -1) {
uuid_or_device_header(NULL)) == -1) {
r = -ENOMEM;
goto out;
}
......
......@@ -538,6 +538,10 @@ $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail
$CRYPTSETUP luksSuspend $DEV_NAME --header $HEADER_IMG || fail
echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail
$CRYPTSETUP luksClose $DEV_NAME || fail
echo $PWD1 | $CRYPTSETUP luksAddKey -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail
$CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: ENABLED" || fail
$CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail
$CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: DISABLED" || fail
prepare "[29] Repair metadata" wipe
$CRYPTSETUP -q luksFormat -i1 $LOOPDEV $KEY1 --key-slot 0 || fail
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment