Reject unsupported --offset and --skip options for luksFormat and update man page.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@63 36d66b0a-2a48-0410-832c-cd162a569da5

ChangeLog

@@ -1,3 +1,7 @@
+2009-07-11  Milan Broz  <mbroz@redhat.com>
+
+	* Reject unsupported --offset and --skip options for luksFormat and update man page.
+
 2009-06-22  Milan Broz  <mbroz@redhat.com>
 
 	* Summary of changes in subversion for 1.0.7-rc1:
@@ -30,13 +34,11 @@
 	* Add non-exclusive override to interface definition.
 	* Refactor key slot selection into keyslot_from_option.
 
-
 2007-05-01  Clemens Fruhwirth  <clemens@endorphin.org>
 
 	* lib/backends.c, man/cryptsetup.8: Apply patch from Ludwig Nussel
 	<ludwig.nussel@suse.de>, for old SuSE compat hashing.
 
-
 2007-04-16  Clemens Fruhwirth  <clemens@endorphin.org>
 
 	* Summary of changes in subversion:
@@ -48,7 +50,6 @@
 	Fix parenthesization error that prevented --tries from working
 	correctly.
 
-
 2006-11-28  gettextize  <bug-gnu-gettext@gnu.org>
 
 	* m4/gettext.m4: Upgrade to gettext-0.15.
@@ -152,7 +153,6 @@
 	CRYPT_FLAG_VERIFY_IF_POSSIBLE, so that in no case password verification is done
 	for password retrieval.
 
-
 2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
 
 	* configure.in: Merge Patch from http://bugs.gentoo.org/show_bug.cgi?id=132126 for sepol
@@ -375,7 +375,6 @@
 	phdr is written after passphrase reading, so the user can change
 	his mind, and not have a partial written LUKS header on it's disk.
 
-
 2005-02-09  Clemens Fruhwirth  <clemens@endorphin.org>
 
 	* luks/keymanage.c (LUKS_write_phdr): converted argument phdr to
@@ -441,4 +440,3 @@
 	  configure.in, setup-gettext, po/ChangeLog, po/LINGUAS,
 	  po/POTFILES.in, po/de.po, src/cryptsetup.c, src/cryptsetup.h,
 	  src/Makefile.am: Initial revision
-

man/cryptsetup.8

@@ -84,7 +84,7 @@ For more information about LUKS, see \fBhttp://code.google.com/p/cryptsetup/wiki
 .SH OPTIONS
 .TP
 .B "\-\-hash, \-h"
-specifies hash to use for password hashing. This option is only relevant for the "create" action. The hash string is passed to libgcrypt, so all hashes accepted by gcrypt are supported. Default is "ripemd160".
+specifies hash to use for password hashing. This option is only relevant for \fIcreate\fR action. The hash string is passed to libgcrypt, so all hashes accepted by gcrypt are supported. Default is "ripemd160".
 .TP
 .B "\-\-cipher, \-c"
 set cipher specification string. For plain dm-crypt mappings, the default is "aes-cbc-plain", for LUKS mappings it's "aes-cbc-essiv:sha256". For pre-2.6.10 kernels, use "aes-plain" as they don't understand the new cipher spec strings. To use ESSIV, use "aes-cbc-essiv:sha256".
@@ -100,19 +100,22 @@ use file as key material. With LUKS, key material supplied in key files via \-d
 If the key file is "-", stdin will be used. This is different from how cryptsetup usually reads from stdin. See section \fBNOTES ON PASSWORD PROCESSING\fR for more information.
 .TP
 .B "\-\-key-slot, \-S"
-For LUKS operations that add key material, this options allows to you specify which key slot is selected for the new key. This option can be used for luksFormat and luksAddKey.
+For LUKS operations that add key material, this options allows to you specify which key slot is selected for the new key. This option can be used for \fIluksFormat\fR and \fIluksAddKey\fR.
 .TP
 .B "\-\-key-size, \-s"
 set key size in bits. Has to be a multiple of 8 bits. The key size is limited by the used cipher. See output of /proc/crypto for more information. Can be used for \fIcreate\fR or \fIluksFormat\fR, all other LUKS actions will ignore this flag, as the key-size is specified by the partition header. Default is 128 for \fIluksFormat\fR and 256 for \fIcreate\fR.
 .TP
 .B "\-\-size, \-b"
 force the size of the underlying device in sectors.
+This option is only relevant for \fIcreate\fR and \fIresize\fR action.
 .TP
 .B "\-\-offset, \-o"
 start offset in the backend device.
+This option is only relevant for \fIcreate\fR action.
 .TP
 .B "\-\-skip, \-p"
 how many sectors of the encrypted data to skip at the beginning. This is different from the \-\-offset options with respect to IV calculations. Using \-\-offset will shift the IV calculation by the same negative amount. Hence, if \-\-offset \fIn\fR, sector \fIn\fR will be the first sector on the mapping with IV \fI0\fR. Using \-\-skip would have resulted in sector \fIn\fR being the first sector also, but with IV \fIn\fR.
+This option is only relevant for \fIcreate\fR action.
 .TP
 .B "\-\-readonly"
 set up a read-only mapping.

src/cryptsetup.c

@@ -264,6 +264,12 @@ static int action_luksFormat(int arg)
 
 	int r = 0; char *msg = NULL;
 
+	/* Avoid overwriting possibly wrong part of device than user requested by rejecting these options */
+	if (opt_offset || opt_skip) {
+		fprintf(stderr,"Options --offset and --skip are not supported for luksFormat.\n"); 
+		return -EINVAL;
+	}
+
 	if(asprintf(&msg, _("This will overwrite data on %s irrevocably."), options.device) == -1) {
 		fputs(_("memory allocation error in action_luksFormat"), stderr);
 	} else {