eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 10:50:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

luks2: allow masking of requirements internaly

Browse Source 
before this patch any LUKS2 requirement defined in header
would stop a restricted operation from proceeding further.
This patch adds ability to mask requirements (internal only).
This commit is contained in:
Ondrej Kozina
2017-09-26 18:13:35 +02:00
committed by Milan Broz
parent b3feae5474
commit b4782809d4
3 changed files with 22 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
lib/luks2/luks2_json_metadata.c
View File

@@ -1023,7 +1023,7 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
}
/* do not allow header restore from backup with unmet requirements */
if (LUKS2_unmet_requirements(cd, &hdr_file, 1)) {
if (LUKS2_unmet_requirements(cd, &hdr_file, 0, 1)) {
log_err(cd, _("Unmet LUKS2 requirements detected in backup %s.\n"),
backup_file);
return -ETXTBSY;
@@ -1733,7 +1733,7 @@ int LUKS2_activate(struct crypt_device *cd,
struct device *device = NULL;
/* do not allow activation when particular requirements detected */
if ((r = LUKS2_unmet_requirements(cd, hdr, 0)))
if ((r = LUKS2_unmet_requirements(cd, hdr, 0, 0)))
return r;
/* Add persistent activation flags */
@@ -1792,21 +1792,27 @@ int LUKS2_activate(struct crypt_device *cd,
return r;
}
int LUKS2_unmet_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, int quiet)
int LUKS2_unmet_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t reqs_mask, int quiet)
{
uint32_t reqs;
int r = LUKS2_config_get_requirements(cd, hdr, &reqs);
if (r) {
log_err(cd, _("Failed to read LUKS2 requierements.\n"));
if (!quiet)
log_err(cd, _("Failed to read LUKS2 requierements.\n"));
return r;
}
if (reqs_unknown(reqs))
r = -ETXTBSY;
/* do not mask unknown requirements check */
if (reqs_unknown(reqs)) {
if (!quiet)
log_err(cd, _("Unmet LUKS2 requirements detected.\n"));
return -ETXTBSY;
}
if (r && !quiet)
log_err(cd, _("Unmet LUKS2 requirements detected.\n"));
/* mask out permitted requirements */
reqs &= ~reqs_mask;
return r;
/* any remaining unmasked requirement fails the check */
return reqs ? -EINVAL : 0;
}