mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-12 11:20:10 +01:00
Split crypt_drop_keyring_key in two different routines.
crypt_drop_keyring_key function allow to drop all keys in keyring assocatiated with passed volume key list. crypt_drop_keyring_key_by_description is used to drop independent key.
This commit is contained in:
Ondrej Kozina
committed by
Milan Broz
Milan Broz
parent
6c6f4bcd45
commit
03e810ec72
@@ -226,7 +226,8 @@ int crypt_key_in_keyring(struct crypt_device *cd);
|
|||||||
void crypt_set_key_in_keyring(struct crypt_device *cd, unsigned key_in_keyring);
|
void crypt_set_key_in_keyring(struct crypt_device *cd, unsigned key_in_keyring);
|
||||||
int crypt_volume_key_load_in_keyring(struct crypt_device *cd, struct volume_key *vk);
|
int crypt_volume_key_load_in_keyring(struct crypt_device *cd, struct volume_key *vk);
|
||||||
int crypt_use_keyring_for_vk(struct crypt_device *cd);
|
int crypt_use_keyring_for_vk(struct crypt_device *cd);
|
||||||
void crypt_drop_keyring_key(struct crypt_device *cd, const char *key_description);
|
void crypt_drop_keyring_key_by_description(struct crypt_device *cd, const char *key_description, key_type_t ktype);
|
||||||
|
void crypt_drop_keyring_key(struct crypt_device *cd, struct volume_key *vks);
|
||||||
|
|
||||||
static inline uint64_t version(uint16_t major, uint16_t minor, uint16_t patch, uint16_t release)
|
static inline uint64_t version(uint16_t major, uint16_t minor, uint16_t patch, uint16_t release)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -410,8 +410,8 @@ int LUKS2_token_open_and_activate(struct crypt_device *cd,
|
|||||||
if (r >= 0 && name)
|
if (r >= 0 && name)
|
||||||
r = LUKS2_activate(cd, name, vk, flags);
|
r = LUKS2_activate(cd, name, vk, flags);
|
||||||
|
|
||||||
if (r < 0 && vk)
|
if (r < 0)
|
||||||
crypt_drop_keyring_key(cd, vk->key_description);
|
crypt_drop_keyring_key(cd, vk);
|
||||||
crypt_free_volume_key(vk);
|
crypt_free_volume_key(vk);
|
||||||
|
|
||||||
return r < 0 ? r : keyslot;
|
return r < 0 ? r : keyslot;
|
||||||
@@ -455,8 +455,8 @@ int LUKS2_token_open_and_activate_any(struct crypt_device *cd,
|
|||||||
if (r >= 0 && name)
|
if (r >= 0 && name)
|
||||||
r = LUKS2_activate(cd, name, vk, flags);
|
r = LUKS2_activate(cd, name, vk, flags);
|
||||||
|
|
||||||
if (r < 0 && vk)
|
if (r < 0)
|
||||||
crypt_drop_keyring_key(cd, vk->key_description);
|
crypt_drop_keyring_key(cd, vk);
|
||||||
crypt_free_volume_key(vk);
|
crypt_free_volume_key(vk);
|
||||||
|
|
||||||
return r < 0 ? r : keyslot;
|
return r < 0 ? r : keyslot;
|
||||||
|
|||||||
42
lib/setup.c
42
lib/setup.c
@@ -2928,7 +2928,7 @@ int crypt_suspend(struct crypt_device *cd,
|
|||||||
else if (r)
|
else if (r)
|
||||||
log_err(cd, _("Error during suspending device %s."), name);
|
log_err(cd, _("Error during suspending device %s."), name);
|
||||||
else
|
else
|
||||||
crypt_drop_keyring_key(cd, key_desc);
|
crypt_drop_keyring_key_by_description(cd, key_desc, LOGON_KEY);
|
||||||
free(key_desc);
|
free(key_desc);
|
||||||
out:
|
out:
|
||||||
dm_backend_exit(cd);
|
dm_backend_exit(cd);
|
||||||
@@ -2992,8 +2992,8 @@ int crypt_resume_by_passphrase(struct crypt_device *cd,
|
|||||||
else if (r)
|
else if (r)
|
||||||
log_err(cd, _("Error during resuming device %s."), name);
|
log_err(cd, _("Error during resuming device %s."), name);
|
||||||
out:
|
out:
|
||||||
if (r < 0 && vk)
|
if (r < 0)
|
||||||
crypt_drop_keyring_key(cd, vk->key_description);
|
crypt_drop_keyring_key(cd, vk);
|
||||||
crypt_free_volume_key(vk);
|
crypt_free_volume_key(vk);
|
||||||
|
|
||||||
return r < 0 ? r : keyslot;
|
return r < 0 ? r : keyslot;
|
||||||
@@ -3061,8 +3061,8 @@ int crypt_resume_by_keyfile_device_offset(struct crypt_device *cd,
|
|||||||
log_err(cd, _("Error during resuming device %s."), name);
|
log_err(cd, _("Error during resuming device %s."), name);
|
||||||
out:
|
out:
|
||||||
crypt_safe_free(passphrase_read);
|
crypt_safe_free(passphrase_read);
|
||||||
if (r < 0 && vk)
|
if (r < 0)
|
||||||
crypt_drop_keyring_key(cd, vk->key_description);
|
crypt_drop_keyring_key(cd, vk);
|
||||||
crypt_free_volume_key(vk);
|
crypt_free_volume_key(vk);
|
||||||
return r < 0 ? r : keyslot;
|
return r < 0 ? r : keyslot;
|
||||||
}
|
}
|
||||||
@@ -3687,8 +3687,8 @@ static int _activate_by_passphrase(struct crypt_device *cd,
|
|||||||
r = -EINVAL;
|
r = -EINVAL;
|
||||||
}
|
}
|
||||||
out:
|
out:
|
||||||
if (r < 0 && vk)
|
if (r < 0)
|
||||||
crypt_drop_keyring_key(cd, vk->key_description);
|
crypt_drop_keyring_key(cd, vk);
|
||||||
crypt_free_volume_key(vk);
|
crypt_free_volume_key(vk);
|
||||||
|
|
||||||
return r < 0 ? r : keyslot;
|
return r < 0 ? r : keyslot;
|
||||||
@@ -3955,8 +3955,8 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
|
|||||||
r = -EINVAL;
|
r = -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (r < 0 && vk)
|
if (r < 0)
|
||||||
crypt_drop_keyring_key(cd, vk->key_description);
|
crypt_drop_keyring_key(cd, vk);
|
||||||
crypt_free_volume_key(vk);
|
crypt_free_volume_key(vk);
|
||||||
|
|
||||||
return r;
|
return r;
|
||||||
@@ -4016,7 +4016,7 @@ int crypt_deactivate_by_name(struct crypt_device *cd, const char *name, uint32_t
|
|||||||
r = dm_remove_device(cd, namei, 0);
|
r = dm_remove_device(cd, namei, 0);
|
||||||
}
|
}
|
||||||
if (!r)
|
if (!r)
|
||||||
crypt_drop_keyring_key(cd, key_desc);
|
crypt_drop_keyring_key_by_description(cd, key_desc, LOGON_KEY);
|
||||||
free(key_desc);
|
free(key_desc);
|
||||||
break;
|
break;
|
||||||
case CRYPT_INACTIVE:
|
case CRYPT_INACTIVE:
|
||||||
@@ -5413,21 +5413,33 @@ void crypt_set_key_in_keyring(struct crypt_device *cd, unsigned key_in_keyring)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* internal only */
|
/* internal only */
|
||||||
void crypt_drop_keyring_key(struct crypt_device *cd, const char *key_description)
|
void crypt_drop_keyring_key_by_description(struct crypt_device *cd, const char *key_description, key_type_t ktype)
|
||||||
{
|
{
|
||||||
int r;
|
int r;
|
||||||
|
const char *type_name = key_type_name(ktype);
|
||||||
|
|
||||||
if (!key_description)
|
if (!key_description || !type_name)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
log_dbg(cd, "Requesting keyring logon key for revoke and unlink.");
|
log_dbg(cd, "Requesting keyring %s key for revoke and unlink.", type_name);
|
||||||
|
|
||||||
r = keyring_revoke_and_unlink_key(LOGON_KEY, key_description);
|
r = keyring_revoke_and_unlink_key(ktype, key_description);
|
||||||
if (r)
|
if (r)
|
||||||
log_dbg(cd, "keyring_revoke_and_unlink_logon_key failed (error %d)", r);
|
log_dbg(cd, "keyring_revoke_and_unlink_key failed (error %d)", r);
|
||||||
crypt_set_key_in_keyring(cd, 0);
|
crypt_set_key_in_keyring(cd, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* internal only */
|
||||||
|
void crypt_drop_keyring_key(struct crypt_device *cd, struct volume_key *vks)
|
||||||
|
{
|
||||||
|
struct volume_key *vk = vks;
|
||||||
|
|
||||||
|
while (vk) {
|
||||||
|
crypt_drop_keyring_key_by_description(cd, vk->key_description, LOGON_KEY);
|
||||||
|
vk = crypt_volume_key_next(vk);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
int crypt_activate_by_keyring(struct crypt_device *cd,
|
int crypt_activate_by_keyring(struct crypt_device *cd,
|
||||||
const char *name,
|
const char *name,
|
||||||
const char *key_description,
|
const char *key_description,
|
||||||
|
|||||||
Reference in New Issue
Block a user