From 231ab0167b07d7ff9559df6ce75919459c69b7e2 Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Thu, 27 May 2010 18:44:00 +0000 Subject: [PATCH] Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile. git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@237 36d66b0a-2a48-0410-832c-cd162a569da5 --- ChangeLog | 3 +++ lib/setup.c | 2 +- src/cryptsetup.c | 5 ++++- tests/compat-test | 15 +++++++++++++++ 4 files changed, 23 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6c620421..c427afeb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2010-05-27 Milan Broz + * Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile. + 2010-05-23 Milan Broz * Fix luksClose operation for stacked DM devices. * Version 1.1.1. diff --git a/lib/setup.c b/lib/setup.c index bf37ecbe..fc6525c8 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -824,7 +824,7 @@ int crypt_luksOpen(struct crypt_options *options) if (options->flags & CRYPT_FLAG_NON_EXCLUSIVE_ACCESS) flags |= CRYPT_ACTIVATE_NO_UUID; - if (options->key_file && strcmp(options->key_file, "-")) + if (options->key_file) r = crypt_activate_by_keyfile(cd, options->name, CRYPT_ANY_SLOT, options->key_file, options->key_size, flags); diff --git a/src/cryptsetup.c b/src/cryptsetup.c index 53ecbca6..98c1ca80 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -299,7 +299,7 @@ static int _action_luksFormat_generateMK() .device = action_argv[0], .cipher = opt_cipher ?: DEFAULT_CIPHER(LUKS1), .hash = opt_hash ?: DEFAULT_LUKS1_HASH, - .new_key_file = action_argc > 1 ? action_argv[1] : NULL, + .new_key_file = opt_key_file ?: (action_argc > 1 ? action_argv[1] : NULL), .flags = opt_verify_passphrase ? CRYPT_FLAG_VERIFY : (!opt_batch_mode?CRYPT_FLAG_VERIFY_IF_POSSIBLE : 0), .iteration_time = opt_iteration_time, .timeout = opt_timeout, @@ -387,6 +387,9 @@ static int action_luksFormat(int arg) return -EINVAL; } + if (action_argc > 1 && opt_key_file) + log_err(_("Option --key-file takes precedence over specified key file argument.\n")); + if(asprintf(&msg, _("This will overwrite data on %s irrevocably."), action_argv[0]) == -1) { log_err(_("memory allocation error in action_luksFormat")); return -ENOMEM; diff --git a/tests/compat-test b/tests/compat-test index 1ec67772..b7f6589b 100755 --- a/tests/compat-test +++ b/tests/compat-test @@ -145,5 +145,20 @@ echo "key0" | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail $CRYPTSETUP -q luksClose $DEV_NAME2 || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail +prepare "[14] format/open - passphrase on stdin & new line" +# stdin defined by "-" must take even newline +echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV - || fail +echo -n $'foo\nbar' | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail +echo -n $'foo\nbar' | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME && fail +# now also try --key-file +echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV --key-file=- || fail +echo -n $'foo\nbar' | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail +# process newline if from stdin +echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV || fail +echo 'foo' | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail +$CRYPTSETUP -q luksClose $DEV_NAME || fail + remove_mapping exit 0