Commit 9341679b authored by Milan Broz's avatar Milan Broz

Support UUID=<LUKS_UUID> format for device specification.

parent 78cac9a9
......@@ -2,6 +2,7 @@
* Unify password verification option.
* Support password verification with quiet flag if possible. (1.2.0)
* Fix retry if entered passphrases (with verify option) do not match.
* Support UUID=<LUKS_UUID> format for device specification.
2012-02-11 Milan Broz <mbroz@redhat.com>
* Add --master-key-file option to luksOpen (open using volume key).
......
......@@ -59,6 +59,9 @@ opens the LUKS partition <device> and sets up a mapping <name> after
successful verification of the supplied key material
(either via key file by \-\-key-file, or via prompting).
Device parameter can be also specified by LUKS UUID in the format UUID=<uuid>
(then cryptsetup will use /dev/disk/by-uuid symlinks).
\fB<options>\fR can be [\-\-key-file, \-\-keyfile-size, \-\-readonly, \-\-allow-discards,
\-\-header, \-\-key-slot, \-\-master-key-file].
.PP
......
......@@ -27,6 +27,7 @@
#include <inttypes.h>
#include <errno.h>
#include <unistd.h>
#include <ctype.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <assert.h>
......@@ -246,6 +247,31 @@ static void show_status(int errcode)
log_err(".\n");
}
static const char *uuid_or_device(const char *spec)
{
static char device[PATH_MAX];
char s, *ptr;
int i = 0, uuid_len = 5;
/* Check if it is correct UUID=<LUKS_UUID> format */
if (spec && !strncmp(spec, "UUID=", uuid_len)) {
strcpy(device, "/dev/disk/by-uuid/");
ptr = &device[strlen(device)];
i = uuid_len;
while ((s = spec[i++]) && i < PATH_MAX) {
if (!isxdigit(s) && s != '-')
return spec; /* Bail it out */
if (isalpha(s))
s = tolower(s);
*ptr++ = s;
}
*ptr = '\0';
return device;
}
return spec;
}
static int action_create(int arg __attribute__((unused)))
{
struct crypt_device *cd = NULL;
......@@ -574,10 +600,10 @@ static int action_luksOpen(int arg __attribute__((unused)))
int r, keysize;
if (opt_header_device) {
header_device = opt_header_device;
header_device = uuid_or_device(opt_header_device);
data_device = action_argv[0];
} else {
header_device = action_argv[0];
header_device = uuid_or_device(action_argv[0]);
data_device = NULL;
}
......@@ -680,7 +706,7 @@ static int action_luksKillSlot(int arg __attribute__((unused)))
struct crypt_device *cd = NULL;
int r;
if ((r = crypt_init(&cd, action_argv[0])))
if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
goto out;
crypt_set_confirm_callback(cd, _yesDialog, NULL);
......@@ -723,7 +749,7 @@ static int action_luksRemoveKey(int arg __attribute__((unused)))
size_t passwordLen;
int r;
if ((r = crypt_init(&cd, action_argv[0])))
if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
goto out;
crypt_set_confirm_callback(cd, _yesDialog, NULL);
......@@ -771,7 +797,7 @@ static int action_luksAddKey(int arg __attribute__((unused)))
const char *opt_new_key_file = (action_argc > 1 ? action_argv[1] : NULL);
struct crypt_device *cd = NULL;
if ((r = crypt_init(&cd, action_argv[0])))
if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
goto out;
crypt_set_confirm_callback(cd, _yesDialog, NULL);
......@@ -826,7 +852,7 @@ static int action_luksChangeKey(int arg __attribute__((unused)))
size_t vk_size;
int new_key_slot, old_key_slot, r;
if ((r = crypt_init(&cd, action_argv[0])))
if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
goto out;
if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
......@@ -1002,7 +1028,7 @@ static int action_luksDump(int arg __attribute__((unused)))
struct crypt_device *cd = NULL;
int r;
if ((r = crypt_init(&cd, action_argv[0])))
if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
goto out;
if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
......@@ -1063,7 +1089,7 @@ static int action_luksBackup(int arg __attribute__((unused)))
return -EINVAL;
}
if ((r = crypt_init(&cd, action_argv[0])))
if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
goto out;
crypt_set_confirm_callback(cd, _yesDialog, NULL);
......
......@@ -242,6 +242,10 @@ echo "key0" | $CRYPTSETUP -q luksFormat --master-key-file /dev/urandom $LOOPDEV
$CRYPTSETUP -q luksFormat --master-key-file /dev/urandom -s 256 --uuid $TEST_UUID $LOOPDEV $KEY1 || fail
$CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
$CRYPTSETUP -q luksClose $DEV_NAME || fail
# open by UUID
$CRYPTSETUP luksOpen -d $KEY1 UUID=X$TEST_UUID $DEV_NAME 2>/dev/null && fail
$CRYPTSETUP luksOpen -d $KEY1 UUID=$TEST_UUID $DEV_NAME || fail
$CRYPTSETUP -q luksClose $DEV_NAME || fail
# empty keyfile
$CRYPTSETUP -q luksFormat $LOOPDEV $KEYE || fail
$CRYPTSETUP luksOpen -d $KEYE $LOOPDEV $DEV_NAME || fail
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment