eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-15 12:50:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix return code and retry count for bad passphrase and non-tty input.

Browse Source 
It there is an input on stdin (pipe), we cannot retry for password,
a retry applies only for the real terminal.

Also the retry lost EPERM (wrong passphrase) return code in this case,
replacing it with tty read error.

Fixes #321.
This commit is contained in:
Milan Broz
2018-03-23 08:13:43 +01:00
parent 1e2ad19d68
commit 8d1fb88a20
3 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/cryptsetup.c
View File

@@ -1122,7 +1122,7 @@ static int action_open_luks(void)
if (r >= 0 || opt_token_only)
goto out;
tries = (opt_key_file && !tools_is_stdin(opt_key_file)) ? 1 : opt_tries;
tries = (tools_is_stdin(opt_key_file) && isatty(STDIN_FILENO)) ? opt_tries : 1;
do {
r = tools_get_key(NULL, &password, &passwordLen,
opt_keyfile_offset, opt_keyfile_size, opt_key_file,
@@ -1590,7 +1590,7 @@ static int action_luksResume(void)
if ((r = crypt_load(cd, luksType(opt_type), NULL)))
goto out;
tries = (opt_key_file && !tools_is_stdin(opt_key_file)) ? 1 : opt_tries;
tries = (tools_is_stdin(opt_key_file) && isatty(STDIN_FILENO)) ? opt_tries : 1;
do {
r = tools_get_key(NULL, &password, &passwordLen,
opt_keyfile_offset, opt_keyfile_size, opt_key_file,

9
tests/compat-test
View File

@@ -174,6 +174,7 @@ echo "[1] format"
echo $PWD1 | $CRYPTSETUP luksFormat $IMG $FAST_PBKDF_OPT || fail
echo "[2] open"
echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code"
echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase || fail
echo "[3] add key"
echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT && fail
@@ -182,14 +183,18 @@ echo -e "$PWD0\n$PWD1" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null
echo "[4] change key"
echo -e "$PWD1\n$PWD0\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG || fail
echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG 2>/dev/null && fail
[ $? -ne 2 ] && fail "luksChangeKey should return EPERM exit code"
echo "[5] remove key"
# delete active keys PWD0, PWD2
echo $PWD1 | $CRYPTSETUP luksRemoveKey $IMG 2>/dev/null && fail
[ $? -ne 2 ] && fail "luksRemove should return EPERM exit code"
echo $PWD0 | $CRYPTSETUP luksRemoveKey $IMG || fail
echo $PWD2 | $CRYPTSETUP luksRemoveKey $IMG || fail
# check if keys were deleted
echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code"
echo $PWD2 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code"
echo "[6] kill slot"
# format new luks device with active keys PWD1, PWD2
echo $PWD1 | $CRYPTSETUP luksFormat $IMG $FAST_PBKDF_OPT || fail
@@ -202,6 +207,7 @@ echo $PWD1 | $CRYPTSETUP -q luksKillSlot $IMG 0 2>/dev/null && fail
echo $PWD2 | $CRYPTSETUP -q luksKillSlot $IMG 0 || fail
$CRYPTSETUP luksDump $IMG | grep -q "Key Slot 0: DISABLED" || fail
echo $PWD1 | $CRYPTSETUP -q luksKillSlot $IMG 1 2>/dev/null && fail
[ $? -ne 2 ] && fail "luksKill should return EPERM exit code"
echo $PWD2 | $CRYPTSETUP -q luksKillSlot $IMG 1 || fail
$CRYPTSETUP luksDump $IMG | grep -q "Key Slot 1: DISABLED" || fail
# check if keys were deactivated
@@ -617,7 +623,8 @@ echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT $LOOPDEV || fail
echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
$CRYPTSETUP luksSuspend $DEV_NAME || fail
$CRYPTSETUP -q resize $DEV_NAME 2>/dev/null && fail
echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME -T 1 2>/dev/null && fail
echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
[ $? -ne 2 ] && fail "luksResume should return EPERM exit code"
echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail
$CRYPTSETUP -q luksClose $DEV_NAME || fail

8
tests/compat-test2
View File

@@ -205,6 +205,7 @@ echo $PWD1 | $CRYPTSETUP $FAST_PBKDF_OPT -h sha512 -c aes-cbc-essiv:sha256 -s 12
prepare "[5] open"
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase || fail
echo $PWDW | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase 2>/dev/null && fail
[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code"
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
check_exists
@@ -216,6 +217,7 @@ echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
# Unsuccessful Key Delete - nothing may change
prepare "[7] unsuccessful delete"
echo $PWDW | $CRYPTSETUP luksKillSlot $LOOPDEV 1 2>/dev/null && fail
[ $? -ne 2 ] && fail "luksKillSlot should return EPERM exit code"
#FIXME
#$CRYPTSETUP -q luksKillSlot $LOOPDEV 8 2>/dev/null && fail
#$CRYPTSETUP -q luksKillSlot $LOOPDEV 7 2>/dev/null && fail
@@ -225,6 +227,7 @@ echo $PWDW | $CRYPTSETUP luksKillSlot $LOOPDEV 1 2>/dev/null && fail
prepare "[8] successful delete"
$CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail
echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2> /dev/null && fail
[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code"
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
# Key Slot 1 and key material section 1 must change, the rest must not
@@ -352,6 +355,7 @@ $CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2" || fail
$CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2" && fail
$CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 2>/dev/null && fail
[ $? -ne 2 ] && fail "luksRemoveKey should return EPERM exit code"
$CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 --keyfile-size 1 2>/dev/null && fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "4: luks2" || fail
$CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 || fail
@@ -497,6 +501,7 @@ $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 --new-keyfi
$CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 2>/dev/null && fail
$CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 -l 12 || fail
$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 2>/dev/null && fail
[ $? -ne 2 ] && fail "luksChangeKey should return EPERM exit code"
$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 -l 14 2>/dev/null && fail
$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 || fail
# -l is ignored for stdin if _only_ passphrase is used
@@ -537,7 +542,8 @@ echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV ||
echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
$CRYPTSETUP luksSuspend $DEV_NAME || fail
$CRYPTSETUP -q resize $DEV_NAME 2>/dev/null && fail
echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME -T 1 2>/dev/null && fail
echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
[ $? -ne 2 ] && fail "luksResume should return EPERM exit code"
echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail
$CRYPTSETUP -q luksClose $DEV_NAME || fail