1 diff -urN util-linux-2.12q.org/mount/cryptsetup.c util-linux-2.12q/mount/cryptsetup.c
2 --- util-linux-2.12q.org/mount/cryptsetup.c 1970-01-01 01:00:00.000000000 +0100
3 +++ util-linux-2.12q/mount/cryptsetup.c 2005-02-27 19:26:34.000000000 +0100
6 + * cryptsetup.c - setup and control encrypted devices
13 +#include <libcryptsetup.h>
15 +#include "cryptsetup.h"
19 +extern char *xstrdup (const char *s); /* not: #include "sundries.h" */
20 +extern void *xmalloc (size_t size); /* idem */
21 +extern void error (const char *fmt, ...); /* idem */
23 +#ifdef CRYPT_FLAG_READONLY
25 +#define BUFFER_SIZE 128
26 +#define DEFAULT_HASH "ripemd160"
27 +#define DEFAULT_KEYSIZE 256
30 +xstrtok(char *s, char delim) {
36 + p = strchr(s, delim);
44 +set_crypt(char **cryptdev, const char *realdev, int offset,
45 + char **encryption, int pfd, int *cryptro) {
46 + struct crypt_options options;
47 + char buffer[BUFFER_SIZE];
48 + const char *dir = crypt_get_dir();
49 + const char *name = NULL;
54 + error(_("mount: crypt engine not ready"));
58 + if (**encryption == '@') {
59 + int len = strlen(dir);
60 + p = *encryption + 1;
61 + if (strncmp(dir, p, len) == 0 && p[len] == '/')
74 + p = (char *)realdev;
77 + if (strncmp(p, "dev/", 4) == 0)
79 + for(q = buffer; *p && q < &buffer[BUFFER_SIZE - 2]; p++)
92 + strncpy(q, "-crypt", BUFFER_SIZE - (q - buffer));
93 + buffer[BUFFER_SIZE - 1] = '\0';
97 + p = xstrdup(*encryption);
99 + memset(&options, 0, sizeof options);
100 + options.name = name;
101 + options.device = realdev;
102 + options.cipher = xstrtok(p, ':');
103 + q = xstrtok(NULL, ':');
104 + options.key_size = q ? strtoul(q, NULL, 0) : 0;
105 + if (!options.key_size)
106 + options.key_size = DEFAULT_KEYSIZE;
107 + options.hash = xstrtok(NULL, ':');
108 + if (!(options.hash && *options.hash))
109 + options.hash = DEFAULT_HASH;
110 + options.key_file = xstrtok(NULL, ':');
111 + if (!(options.key_file && *options.key_file))
112 + options.key_file = NULL;
113 + options.passphrase_fd = (pfd >= 0) ? pfd : 0;
115 + if (!options.key_file)
116 + options.flags |= CRYPT_FLAG_PASSPHRASE;
118 + options.flags |= CRYPT_FLAG_READONLY;
119 + options.offset = offset;
121 + if (options.offset % 512) {
122 + error(_("mount: offset must be a multiple of 512 bytes"));
125 + options.offset >>= 9;
127 + if (options.key_size % 8) {
128 + error(_("mount: key size must be a multiple of 8 bits"));
131 + options.key_size /= 8;
133 + ret = crypt_create_device(&options);
138 + /* use dev as buffer */
139 + char *errorstr = buffer;
140 + crypt_get_error(errorstr, BUFFER_SIZE);
142 + errorstr = strerror(-ret);
144 + error(_("mount: cryptsetup failed with: %s"), errorstr);
148 + *cryptdev = (char *)xmalloc(strlen(dir) + strlen(name) + 2);
149 + sprintf(*cryptdev, "%s/%s", dir, name);
151 + if (options.flags & CRYPT_FLAG_READONLY)
158 +del_crypt (const char *device) {
159 + struct crypt_options options;
160 + const char *dir = crypt_get_dir();
161 + int len = strlen(dir);
165 + error(_("mount: crypt engine not ready"));
169 + if (*device == '@') {
172 + p = strchr(device, ':');
177 + if (strncmp(dir, device, len) == 0 && device[len] == '/')
180 + memset(&options, 0, sizeof options);
181 + options.name = device;
183 + ret = crypt_remove_device(&options);
185 + char buffer[BUFFER_SIZE];
186 + char *errorstr = buffer;
187 + crypt_get_error(errorstr, BUFFER_SIZE);
189 + errorstr = strerror(-ret);
191 + error(_("mount: cryptsetup failed with: %s"), errorstr);
198 +#else /* without CRYPT_FLAG_READONLY */
203 + _("This mount was compiled without cryptsetup support. "
204 + "Please recompile.\n"));
208 +set_crypt(char **cryptdev, const char *realdev, int offset,
209 + char **encryption, int pfd, int *cryptro) {
215 +del_crypt (const char *device) {
221 diff -urN util-linux-2.12q.org/mount/cryptsetup.h util-linux-2.12q/mount/cryptsetup.h
222 --- util-linux-2.12q.org/mount/cryptsetup.h 1970-01-01 01:00:00.000000000 +0100
223 +++ util-linux-2.12q/mount/cryptsetup.h 2005-02-27 19:26:34.000000000 +0100
226 +extern int set_crypt(char **, const char *, int, char **,
228 +extern int del_crypt(const char *);
229 diff -urN util-linux-2.12q.org/mount/Makefile util-linux-2.12q/mount/Makefile
230 --- util-linux-2.12q.org/mount/Makefile 2005-02-27 19:25:37.000000000 +0100
231 +++ util-linux-2.12q/mount/Makefile 2005-02-27 19:27:21.000000000 +0100
233 MAYBE = pivot_root swapoff
235 LO_OBJS = lomount.o $(LIB)/xstrncpy.o
236 +CRYPT_OBJS = cryptsetup.o -lcryptsetup
237 NFS_OBJS = nfsmount.o nfsmount_xdr.o nfsmount_clnt.o
238 GEN_FILES = nfsmount.h nfsmount_xdr.c nfsmount_clnt.c
242 mount: mount.o fstab.o sundries.o xmalloc.o realpath.o mntent.o version.o \
243 get_label_uuid.o mount_by_label.o mount_blkid.o mount_guess_fstype.o \
244 - getusername.o $(LIB)/setproctitle.o $(LIB)/env.o $(NFS_OBJS) $(LO_OBJS)
245 + getusername.o $(LIB)/setproctitle.o $(LIB)/env.o $(NFS_OBJS) $(LO_OBJS) $(CRYPT_OBJS)
246 $(LINK) $^ -o $@ $(BLKID_LIB)
248 umount: umount.o fstab.o sundries.o xmalloc.o realpath.o mntent.o \
249 getusername.o get_label_uuid.o mount_by_label.o mount_blkid.o \
250 - version.o $(LIB)/env.o $(LO_OBJS)
251 + version.o $(LIB)/env.o $(LO_OBJS) $(CRYPT_OBJS)
252 $(LINK) $^ -o $@ $(BLKID_LIB)
254 swapon: swapon.o version.o xmalloc.o \
255 diff -urN util-linux-2.12q.org/mount/mount.c util-linux-2.12q/mount/mount.c
256 --- util-linux-2.12q.org/mount/mount.c 2004-12-21 23:00:36.000000000 +0100
257 +++ util-linux-2.12q/mount/mount.c 2005-02-27 19:29:40.000000000 +0100
262 +#include "cryptsetup.h"
264 #include "linux_fs.h" /* for BLKGETSIZE */
265 #include "mount_guess_rootdev.h"
267 #define MS_USER 0x20000000
268 #define MS_OWNER 0x10000000
269 #define MS_GROUP 0x08000000
270 +#define MS_CRYPT 0x00040000
271 #define MS_COMMENT 0x00020000
272 #define MS_LOOP 0x00010000
278 - *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_encryption);
279 + *loop = ((*flags & MS_LOOP) || *loopdev || (opt_offset && !opt_encryption));
284 printf(_("mount: going to use the loop device %s\n"), *loopdev);
285 offset = opt_offset ? strtoull(opt_offset, NULL, 0) : 0;
286 if (set_loop(*loopdev, *loopfile, offset,
287 - opt_encryption, pfd, &loopro)) {
288 + NULL /* opt_encryption */, pfd, &loopro)) {
290 printf(_("mount: failed setting up loop device\n"));
296 + /* set offset to 0 so that crypto setup doesn't add an offset too */
305 +crypt_check(char **spec, char **type, int *flags,
306 + int *crypt, char **cryptdev, char **realdev) {
309 + *crypt = ((*flags & MS_CRYPT) || opt_encryption);
313 + *flags |= MS_CRYPT;
316 + printf(_("mount: skipping the setup of an encrypted device\n"));
318 + int cryptro = (*flags & MS_RDONLY);
320 + offset = opt_offset ? strtoul(opt_offset, NULL, 0) : 0;
321 + if (set_crypt(cryptdev, *realdev, offset,
322 + &opt_encryption, pfd, &cryptro)) {
324 + printf(_("mount: failed setting up encrypted device\n"));
328 + printf(_("mount: setup crypt device successfully\n"));
331 + *flags |= MS_RDONLY;
336 const char *opts, *spec, *node, *types;
340 const char *loopdev = 0, *loopfile = 0;
341 + char *cryptdev = 0, *realdev = 0;
343 int nfs_mount_version = 0; /* any version */
346 res = loop_check(&spec, &types, &flags, &loop, &loopdev, &loopfile);
350 + res = crypt_check(&spec, &types, &flags, &crypt, &cryptdev, &realdev);
357 /* Mount succeeded, report this (if verbose) and write mtab entry. */
359 opt_loopdev = loopdev;
361 + char *tmp = xmalloc(strlen(cryptdev) + strlen(opt_encryption) + 3);
362 + sprintf(tmp, "@%s:%s", cryptdev, opt_encryption);
363 + opt_encryption = tmp;
366 - update_mtab_entry(loop ? loopfile : spec,
367 + update_mtab_entry(loop ? loopfile : crypt ? realdev : spec,
369 types ? types : "unknown",
370 fix_opts_string (flags & ~MS_NOMTAB, extra_opts, user),
380 diff -urN util-linux-2.12q.org/mount/umount.c util-linux-2.12q/mount/umount.c
381 --- util-linux-2.12q.org/mount/umount.c 2004-12-20 23:03:45.000000000 +0100
382 +++ util-linux-2.12q/mount/umount.c 2005-02-27 19:26:34.000000000 +0100
384 #include "sundries.h"
385 #include "getusername.h"
387 +#include "cryptsetup.h"
395 + const char *cryptdev;
397 /* Special case for root. As of 0.99pl10 we can (almost) unmount root;
398 the kernel will remount it readonly so that we can carry on running
399 @@ -365,12 +367,33 @@
405 /* Umount succeeded */
407 printf (_("%s umounted\n"), spec);
412 + /* Free any encrypted devices that we allocated ourselves */
416 + optl = mc->m.mnt_opts ? xstrdup(mc->m.mnt_opts) : "";
417 + for (optl = strtok (optl, ","); optl;
418 + optl = strtok (NULL, ",")) {
419 + if (!strncmp(optl, "encryption=", 11)) {
420 + cryptdev = optl+11;
427 + del_crypt(cryptdev);
431 /* Free any loop devices that we allocated ourselves */