1 diff -Nur util-linux-2.12.orig/mount/cryptsetup.c util-linux-2.12/mount/cryptsetup.c
2 --- util-linux-2.12.orig/mount/cryptsetup.c 1970-01-01 01:00:00.000000000 +0100
3 +++ util-linux-2.12/mount/cryptsetup.c 2004-03-10 00:54:10.977381704 +0100
6 + * cryptsetup.c - setup and control encrypted devices
13 +#include <libcryptsetup.h>
15 +#include "cryptsetup.h"
19 +extern char *xstrdup (const char *s); /* not: #include "sundries.h" */
20 +extern void *xmalloc (size_t size); /* idem */
21 +extern void error (const char *fmt, ...); /* idem */
23 +#ifdef CRYPT_FLAG_READONLY
25 +#define BUFFER_SIZE 128
26 +#define DEFAULT_HASH "ripemd160"
27 +#define DEFAULT_KEYSIZE 256
30 +xstrtok(char *s, char delim) {
36 + p = strchr(s, delim);
44 +set_crypt(char **cryptdev, const char *realdev, int offset,
45 + char **encryption, int pfd, int *cryptro) {
46 + struct crypt_options options;
47 + char buffer[BUFFER_SIZE];
48 + const char *dir = crypt_get_dir();
49 + const char *name = NULL;
54 + error(_("mount: crypt engine not ready"));
58 + if (**encryption == '@') {
59 + int len = strlen(dir);
60 + p = *encryption + 1;
61 + if (strncmp(dir, p, len) == 0 && p[len] == '/')
74 + p = (char *)realdev;
77 + if (strncmp(p, "dev/", 4) == 0)
79 + for(q = buffer; *p && q < &buffer[BUFFER_SIZE - 2]; p++)
92 + strncpy(q, "-crypt", BUFFER_SIZE - (q - buffer));
93 + buffer[BUFFER_SIZE - 1] = '\0';
97 + p = xstrdup(*encryption);
99 + memset(&options, 0, sizeof options);
100 + options.name = name;
101 + options.device = realdev;
102 + options.cipher = xstrtok(p, ':');
103 + q = xstrtok(NULL, ':');
104 + options.key_size = q ? strtoul(q, NULL, 0) : 0;
105 + if (!options.key_size)
106 + options.key_size = DEFAULT_KEYSIZE;
107 + options.hash = xstrtok(NULL, ':');
108 + if (!(options.hash && *options.hash))
109 + options.hash = DEFAULT_HASH;
110 + options.key_file = xstrtok(NULL, ':');
111 + if (!(options.key_file && *options.key_file))
112 + options.key_file = NULL;
113 + options.passphrase_fd = (pfd >= 0) ? pfd : 0;
115 + if (!options.key_file)
116 + options.flags |= CRYPT_FLAG_PASSPHRASE;
118 + options.flags |= CRYPT_FLAG_READONLY;
119 + options.offset = offset;
121 + if (options.offset % 512) {
122 + error(_("mount: offset must be a multiple of 512 bytes"));
125 + options.offset >>= 9;
127 + if (options.key_size % 8) {
128 + error(_("mount: key size must be a multiple of 8 bits"));
131 + options.key_size /= 8;
133 + ret = crypt_create_device(&options);
138 + /* use dev as buffer */
139 + char *errorstr = buffer;
140 + crypt_get_error(errorstr, BUFFER_SIZE);
142 + errorstr = strerror(-ret);
144 + error(_("mount: cryptsetup failed with: %s"), errorstr);
148 + *cryptdev = (char *)xmalloc(strlen(dir) + strlen(name) + 2);
149 + sprintf(*cryptdev, "%s/%s", dir, name);
151 + if (options.flags & CRYPT_FLAG_READONLY)
158 +del_crypt (const char *device) {
159 + struct crypt_options options;
160 + const char *dir = crypt_get_dir();
161 + int len = strlen(dir);
165 + error(_("mount: crypt engine not ready"));
169 + if (*device == '@') {
172 + p = strchr(device, ':');
177 + if (strncmp(dir, device, len) == 0 && device[len] == '/')
180 + memset(&options, 0, sizeof options);
181 + options.name = device;
183 + ret = crypt_remove_device(&options);
185 + char buffer[BUFFER_SIZE];
186 + char *errorstr = buffer;
187 + crypt_get_error(errorstr, BUFFER_SIZE);
189 + errorstr = strerror(-ret);
191 + error(_("mount: cryptsetup failed with: %s"), errorstr);
198 +#else /* without CRYPT_FLAG_READONLY */
203 + _("This mount was compiled without cryptsetup support. "
204 + "Please recompile.\n"));
208 +set_crypt(char **cryptdev, const char *realdev, int offset,
209 + char **encryption, int pfd, int *cryptro) {
215 +del_crypt (const char *device) {
221 diff -Nur util-linux-2.12.orig/mount/cryptsetup.h util-linux-2.12/mount/cryptsetup.h
222 --- util-linux-2.12.orig/mount/cryptsetup.h 1970-01-01 01:00:00.000000000 +0100
223 +++ util-linux-2.12/mount/cryptsetup.h 2004-03-10 00:07:48.000000000 +0100
226 +extern int set_crypt(char **, const char *, int, char **,
228 +extern int del_crypt(const char *);
229 diff -Nur util-linux-2.12.orig/mount/Makefile util-linux-2.12/mount/Makefile
230 --- util-linux-2.12.orig/mount/Makefile 2003-07-16 22:07:27.000000000 +0200
231 +++ util-linux-2.12/mount/Makefile 2004-03-10 00:07:48.000000000 +0100
233 MAYBE = pivot_root swapoff
235 LO_OBJS = lomount.o $(LIB)/xstrncpy.o
236 +CRYPT_OBJS = cryptsetup.o -lcryptsetup
237 NFS_OBJS = nfsmount.o nfsmount_xdr.o nfsmount_clnt.o
238 GEN_FILES = nfsmount.h nfsmount_xdr.c nfsmount_clnt.c
242 mount: mount.o fstab.o sundries.o realpath.o mntent.o version.o \
243 mount_guess_fstype.o get_label_uuid.o mount_by_label.o getusername.o \
244 - $(LIB)/setproctitle.o $(LIB)/env.o $(NFS_OBJS) $(LO_OBJS)
245 + $(LIB)/setproctitle.o $(LIB)/env.o $(NFS_OBJS) $(LO_OBJS) $(CRYPT_OBJS)
248 umount: umount.o fstab.o sundries.o realpath.o mntent.o getusername.o \
249 - get_label_uuid.o version.o $(LIB)/env.o $(LO_OBJS)
250 + get_label_uuid.o version.o $(LIB)/env.o $(LO_OBJS) $(CRYPT_OBJS)
253 swapon: swapon.o version.o
254 diff -Nur util-linux-2.12.orig/mount/mount.c util-linux-2.12/mount/mount.c
255 --- util-linux-2.12.orig/mount/mount.c 2003-07-15 23:38:48.000000000 +0200
256 +++ util-linux-2.12/mount/mount.c 2004-03-10 00:28:34.619477080 +0100
261 +#include "cryptsetup.h"
263 #include "linux_fs.h" /* for BLKGETSIZE */
264 #include "mount_guess_rootdev.h"
266 #define MS_USERS 0x40000000
267 #define MS_USER 0x20000000
268 #define MS_OWNER 0x10000000
269 +#define MS_CRYPT 0x00040000
270 #define MS_NETDEV 0x00020000
271 #define MS_LOOP 0x00010000
274 { "vfs=", 1, &opt_vfstype },
275 { "offset=", 0, &opt_offset },
276 { "encryption=", 0, &opt_encryption },
277 - { "speed=", 0, &opt_speed },
278 + { "speed=", 0, &opt_speed },
286 - *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_encryption);
287 + *loop = ((*flags & MS_LOOP) || *loopdev || (opt_offset && !opt_encryption));
292 printf(_("mount: going to use the loop device %s\n"), *loopdev);
293 offset = opt_offset ? strtoul(opt_offset, NULL, 0) : 0;
294 if (set_loop(*loopdev, *loopfile, offset,
295 - opt_encryption, pfd, &loopro)) {
296 + NULL /* opt_encryption */, pfd, &loopro)) {
298 printf(_("mount: failed setting up loop device\n"));
304 + /* set offset to 0 so that crypto setup doesn't add an offset too */
313 +crypt_check(char **spec, char **type, int *flags,
314 + int *crypt, char **cryptdev, char **realdev) {
317 + *crypt = ((*flags & MS_CRYPT) || opt_encryption);
321 + *flags |= MS_CRYPT;
324 + printf(_("mount: skipping the setup of an encrypted device\n"));
326 + int cryptro = (*flags & MS_RDONLY);
328 + offset = opt_offset ? strtoul(opt_offset, NULL, 0) : 0;
329 + if (set_crypt(cryptdev, *realdev, offset,
330 + &opt_encryption, pfd, &cryptro)) {
332 + printf(_("mount: failed setting up encrypted device\n"));
336 + printf(_("mount: setup crypt device successfully\n"));
339 + *flags |= MS_RDONLY;
344 char *spec, *node, *types;
348 char *loopdev = 0, *loopfile = 0;
349 + char *cryptdev = 0, *realdev = 0;
351 int nfs_mount_version = 0; /* any version */
354 res = loop_check(&spec, &types, &flags, &loop, &loopdev, &loopfile);
358 + res = crypt_check(&spec, &types, &flags, &crypt, &cryptdev, &realdev);
365 /* Mount succeeded, report this (if verbose) and write mtab entry. */
367 opt_loopdev = loopdev;
369 + char *tmp = xmalloc(strlen(cryptdev) + strlen(opt_encryption) + 3);
370 + sprintf(tmp, "@%s:%s", cryptdev, opt_encryption);
371 + opt_encryption = tmp;
374 - update_mtab_entry(loop ? loopfile : spec,
375 + update_mtab_entry(loop ? loopfile : crypt ? realdev : spec,
377 types ? types : "unknown",
378 fix_opts_string (flags & ~MS_NOMTAB, extra_opts, user),
388 diff -Nur util-linux-2.12.orig/mount/umount.c util-linux-2.12/mount/umount.c
389 --- util-linux-2.12.orig/mount/umount.c 2003-07-15 23:19:22.000000000 +0200
390 +++ util-linux-2.12/mount/umount.c 2004-03-10 00:07:48.000000000 +0100
392 #include "sundries.h"
393 #include "getusername.h"
395 +#include "cryptsetup.h"
403 + const char *cryptdev;
405 /* Special case for root. As of 0.99pl10 we can (almost) unmount root;
406 the kernel will remount it readonly so that we can carry on running
407 @@ -331,12 +333,33 @@
413 /* Umount succeeded */
415 printf (_("%s umounted\n"), spec);
420 + /* Free any encrypted devices that we allocated ourselves */
424 + optl = mc->m.mnt_opts ? xstrdup(mc->m.mnt_opts) : "";
425 + for (optl = strtok (optl, ","); optl;
426 + optl = strtok (NULL, ",")) {
427 + if (!strncmp(optl, "encryption=", 11)) {
428 + cryptdev = optl+11;
435 + del_crypt(cryptdev);
439 /* Free any loop devices that we allocated ourselves */