diff --git a/src/cryptsetup.c b/src/cryptsetup.c index ac190976..1277b629 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -1122,7 +1122,7 @@ static int action_open_luks(void) if (r >= 0 || opt_token_only) goto out; - tries = (opt_key_file && !tools_is_stdin(opt_key_file)) ? 1 : opt_tries; + tries = (tools_is_stdin(opt_key_file) && isatty(STDIN_FILENO)) ? opt_tries : 1; do { r = tools_get_key(NULL, &password, &passwordLen, opt_keyfile_offset, opt_keyfile_size, opt_key_file, @@ -1590,7 +1590,7 @@ static int action_luksResume(void) if ((r = crypt_load(cd, luksType(opt_type), NULL))) goto out; - tries = (opt_key_file && !tools_is_stdin(opt_key_file)) ? 1 : opt_tries; + tries = (tools_is_stdin(opt_key_file) && isatty(STDIN_FILENO)) ? opt_tries : 1; do { r = tools_get_key(NULL, &password, &passwordLen, opt_keyfile_offset, opt_keyfile_size, opt_key_file, diff --git a/tests/compat-test b/tests/compat-test index ebd24cf6..a0d99a00 100755 --- a/tests/compat-test +++ b/tests/compat-test @@ -174,6 +174,7 @@ echo "[1] format" echo $PWD1 | $CRYPTSETUP luksFormat $IMG $FAST_PBKDF_OPT || fail echo "[2] open" echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase || fail echo "[3] add key" echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT && fail @@ -182,14 +183,18 @@ echo -e "$PWD0\n$PWD1" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null echo "[4] change key" echo -e "$PWD1\n$PWD0\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG || fail echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksChangeKey should return EPERM exit code" echo "[5] remove key" # delete active keys PWD0, PWD2 echo $PWD1 | $CRYPTSETUP luksRemoveKey $IMG 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksRemove should return EPERM exit code" echo $PWD0 | $CRYPTSETUP luksRemoveKey $IMG || fail echo $PWD2 | $CRYPTSETUP luksRemoveKey $IMG || fail # check if keys were deleted echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" echo $PWD2 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" echo "[6] kill slot" # format new luks device with active keys PWD1, PWD2 echo $PWD1 | $CRYPTSETUP luksFormat $IMG $FAST_PBKDF_OPT || fail @@ -202,6 +207,7 @@ echo $PWD1 | $CRYPTSETUP -q luksKillSlot $IMG 0 2>/dev/null && fail echo $PWD2 | $CRYPTSETUP -q luksKillSlot $IMG 0 || fail $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 0: DISABLED" || fail echo $PWD1 | $CRYPTSETUP -q luksKillSlot $IMG 1 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksKill should return EPERM exit code" echo $PWD2 | $CRYPTSETUP -q luksKillSlot $IMG 1 || fail $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 1: DISABLED" || fail # check if keys were deactivated @@ -617,7 +623,8 @@ echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP -q resize $DEV_NAME 2>/dev/null && fail -echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME -T 1 2>/dev/null && fail +echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksResume should return EPERM exit code" echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail diff --git a/tests/compat-test2 b/tests/compat-test2 index 7e53efcc..55e35425 100755 --- a/tests/compat-test2 +++ b/tests/compat-test2 @@ -205,6 +205,7 @@ echo $PWD1 | $CRYPTSETUP $FAST_PBKDF_OPT -h sha512 -c aes-cbc-essiv:sha256 -s 12 prepare "[5] open" echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase || fail echo $PWDW | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail check_exists @@ -216,6 +217,7 @@ echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail # Unsuccessful Key Delete - nothing may change prepare "[7] unsuccessful delete" echo $PWDW | $CRYPTSETUP luksKillSlot $LOOPDEV 1 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksKillSlot should return EPERM exit code" #FIXME #$CRYPTSETUP -q luksKillSlot $LOOPDEV 8 2>/dev/null && fail #$CRYPTSETUP -q luksKillSlot $LOOPDEV 7 2>/dev/null && fail @@ -225,6 +227,7 @@ echo $PWDW | $CRYPTSETUP luksKillSlot $LOOPDEV 1 2>/dev/null && fail prepare "[8] successful delete" $CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2> /dev/null && fail +[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail # Key Slot 1 and key material section 1 must change, the rest must not @@ -352,6 +355,7 @@ $CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2" || fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2" && fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksRemoveKey should return EPERM exit code" $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 --keyfile-size 1 2>/dev/null && fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "4: luks2" || fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 || fail @@ -497,6 +501,7 @@ $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 --new-keyfi $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 2>/dev/null && fail $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 -l 12 || fail $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksChangeKey should return EPERM exit code" $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 -l 14 2>/dev/null && fail $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 || fail # -l is ignored for stdin if _only_ passphrase is used @@ -537,7 +542,8 @@ echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP -q resize $DEV_NAME 2>/dev/null && fail -echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME -T 1 2>/dev/null && fail +echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail +[ $? -ne 2 ] && fail "luksResume should return EPERM exit code" echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail $CRYPTSETUP -q luksClose $DEV_NAME || fail