Fix return code and retry count for bad passphrase and non-tty input.

It there is an input on stdin (pipe), we cannot retry for password, a retry applies only for the real terminal. Also the retry lost EPERM (wrong passphrase) return code in this case, replacing it with tty read error. Fixes #321.
2025-12-15 12:50:06 +01:00 · 2018-03-23 08:13:43 +01:00
parent 1e2ad19d68
commit 8d1fb88a20
3 changed files with 17 additions and 4 deletions
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -1122,7 +1122,7 @@ static int action_open_luks(void)
 		if (r >= 0 || opt_token_only)
 			goto out;
-		tries = (opt_key_file && !tools_is_stdin(opt_key_file)) ? 1 : opt_tries;
+		tries = (tools_is_stdin(opt_key_file) && isatty(STDIN_FILENO)) ? opt_tries : 1;
 		do {
 			r = tools_get_key(NULL, &password, &passwordLen,
 					opt_keyfile_offset, opt_keyfile_size, opt_key_file,
@@ -1590,7 +1590,7 @@ static int action_luksResume(void)
 	if ((r = crypt_load(cd, luksType(opt_type), NULL)))
 		goto out;
-	tries = (opt_key_file && !tools_is_stdin(opt_key_file)) ? 1 : opt_tries;
+	tries = (tools_is_stdin(opt_key_file) && isatty(STDIN_FILENO)) ? opt_tries : 1;
 	do {
 		r = tools_get_key(NULL, &password, &passwordLen,
 			opt_keyfile_offset, opt_keyfile_size, opt_key_file,
--- a/tests/compat-test
+++ b/tests/compat-test
@@ -174,6 +174,7 @@ echo "[1] format"
 echo $PWD1 | $CRYPTSETUP luksFormat $IMG $FAST_PBKDF_OPT || fail
 echo "[2] open"
 echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
 [ $? -ne 2 ] && fail "luksOpen should return EPERM exit code"
 echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase || fail
 echo "[3] add key"
 echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT && fail
@@ -182,14 +183,18 @@ echo -e "$PWD0\n$PWD1" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null
 echo "[4] change key"
 echo -e "$PWD1\n$PWD0\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG || fail
 echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG 2>/dev/null && fail
 [ $? -ne 2 ] && fail "luksChangeKey should return EPERM exit code"
 echo "[5] remove key"
 # delete active keys PWD0, PWD2
 echo $PWD1 | $CRYPTSETUP luksRemoveKey $IMG 2>/dev/null && fail
 [ $? -ne 2 ] && fail "luksRemove should return EPERM exit code"
 echo $PWD0 | $CRYPTSETUP luksRemoveKey $IMG || fail
 echo $PWD2 | $CRYPTSETUP luksRemoveKey $IMG || fail
 # check if keys were deleted
 echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
 [ $? -ne 2 ] && fail "luksOpen should return EPERM exit code"
 echo $PWD2 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
 [ $? -ne 2 ] && fail "luksOpen should return EPERM exit code"
 echo "[6] kill slot"
 # format new luks device with active keys PWD1, PWD2
 echo $PWD1 | $CRYPTSETUP luksFormat $IMG $FAST_PBKDF_OPT || fail
@@ -202,6 +207,7 @@ echo $PWD1 | $CRYPTSETUP -q luksKillSlot $IMG 0 2>/dev/null && fail
 echo $PWD2 | $CRYPTSETUP -q luksKillSlot $IMG 0 || fail
 $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 0: DISABLED" || fail
 echo $PWD1 | $CRYPTSETUP -q luksKillSlot $IMG 1 2>/dev/null && fail
 [ $? -ne 2 ] && fail "luksKill should return EPERM exit code"
 echo $PWD2 | $CRYPTSETUP -q luksKillSlot $IMG 1 || fail
 $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 1: DISABLED" || fail
 # check if keys were deactivated
@@ -617,7 +623,8 @@ echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT $LOOPDEV || fail
 echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP luksSuspend $DEV_NAME || fail
 $CRYPTSETUP -q resize  $DEV_NAME 2>/dev/null && fail
-echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME -T 1 2>/dev/null && fail
+echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
 [ $? -ne 2 ] && fail "luksResume should return EPERM exit code"
 echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME  || fail
 $CRYPTSETUP -q luksClose $DEV_NAME || fail
--- a/tests/compat-test2
+++ b/tests/compat-test2
@@ -205,6 +205,7 @@ echo $PWD1 | $CRYPTSETUP $FAST_PBKDF_OPT -h sha512 -c aes-cbc-essiv:sha256 -s 12
 prepare "[5] open"
 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase || fail
 echo $PWDW | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase 2>/dev/null && fail
 [ $? -ne 2 ] && fail "luksOpen should return EPERM exit code"
 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
 check_exists
@@ -216,6 +217,7 @@ echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
 # Unsuccessful Key Delete - nothing may change
 prepare "[7] unsuccessful delete"
 echo $PWDW | $CRYPTSETUP luksKillSlot $LOOPDEV 1 2>/dev/null && fail
 [ $? -ne 2 ] && fail "luksKillSlot should return EPERM exit code"
 #FIXME
 #$CRYPTSETUP -q luksKillSlot $LOOPDEV 8 2>/dev/null && fail
 #$CRYPTSETUP -q luksKillSlot $LOOPDEV 7 2>/dev/null && fail
@@ -225,6 +227,7 @@ echo $PWDW | $CRYPTSETUP luksKillSlot $LOOPDEV 1 2>/dev/null && fail
 prepare "[8] successful delete"
 $CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail
 echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2> /dev/null && fail
 [ $? -ne 2 ] && fail "luksOpen should return EPERM exit code"
 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
 # Key Slot 1 and key material section 1 must change, the rest must not
@@ -352,6 +355,7 @@ $CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2" || fail
 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2" && fail
 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 2>/dev/null && fail
 [ $? -ne 2 ] && fail "luksRemoveKey should return EPERM exit code"
 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 --keyfile-size 1 2>/dev/null && fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "4: luks2" || fail
 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 || fail
@@ -497,6 +501,7 @@ $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 --new-keyfi
 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 2>/dev/null && fail
 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 -l 12 || fail
 $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 2>/dev/null && fail
 [ $? -ne 2 ] && fail "luksChangeKey should return EPERM exit code"
 $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 -l 14 2>/dev/null && fail
 $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 || fail
 # -l is ignored for stdin if _only_ passphrase is used
@@ -537,7 +542,8 @@ echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV ||
 echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP luksSuspend $DEV_NAME || fail
 $CRYPTSETUP -q resize  $DEV_NAME 2>/dev/null && fail
-echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME -T 1 2>/dev/null && fail
+echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
 [ $? -ne 2 ] && fail "luksResume should return EPERM exit code"
 echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME  || fail
 $CRYPTSETUP -q luksClose $DEV_NAME || fail