eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-07 17:00:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

luks2: move pre-activation requirements check lower

Browse Source
This commit is contained in:
Ondrej Kozina
2017-09-26 18:13:33 +02:00
committed by Milan Broz
parent 9bbc13f256
commit c015aeca4e
2 changed files with 5 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/luks2/luks2_json_metadata.c
View File

@@ -1734,6 +1734,10 @@ int LUKS2_activate(struct crypt_device *cd,
char dm_int_name[PATH_MAX], dm_int_dev_name[PATH_MAX]; char dm_int_name[PATH_MAX], dm_int_dev_name[PATH_MAX];
struct device *device = NULL; struct device *device = NULL;
/* do not allow activation when particular requirements detected */
if ((r = LUKS2_unmet_requirements(cd, hdr, 0)))
return r;
/* Add persistent activation flags */ /* Add persistent activation flags */
if (!(flags & CRYPT_ACTIVATE_IGNORE_PERSISTENT)) if (!(flags & CRYPT_ACTIVATE_IGNORE_PERSISTENT))
LUKS2_config_get_flags(cd, hdr, &dmd.flags); LUKS2_config_get_flags(cd, hdr, &dmd.flags);

12
lib/setup.c
View File

@@ -2877,9 +2877,6 @@ static int _activate_by_passphrase(struct crypt_device *cd,
r = LUKS1_activate(cd, name, vk, flags); r = LUKS1_activate(cd, name, vk, flags);
} }
} else if (isLUKS2(cd->type)) { } else if (isLUKS2(cd->type)) {
if (name && LUKS2_unmet_requirements(cd, &cd->u.luks2.hdr, 0))
return -ETXTBSY;
r = LUKS2_keyslot_open(cd, keyslot, r = LUKS2_keyslot_open(cd, keyslot,
name ? CRYPT_DEFAULT_SEGMENT : CRYPT_ANY_SEGMENT, name ? CRYPT_DEFAULT_SEGMENT : CRYPT_ANY_SEGMENT,
passphrase, passphrase_size, &vk); passphrase, passphrase_size, &vk);
@@ -3005,10 +3002,6 @@ int crypt_activate_by_keyfile_offset(struct crypt_device *cd,
} }
r = keyslot; r = keyslot;
} else if (isLUKS2(cd->type)) { } else if (isLUKS2(cd->type)) {
if (name && LUKS2_unmet_requirements(cd, &cd->u.luks2.hdr, 0)) {
r = -ETXTBSY;
goto out;
}
r = crypt_keyfile_read(cd, keyfile, r = crypt_keyfile_read(cd, keyfile,
&passphrase_read, &passphrase_size_read, &passphrase_read, &passphrase_size_read,
keyfile_offset, keyfile_size, 0); keyfile_offset, keyfile_size, 0);
@@ -3134,8 +3127,6 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
if (!r && name) if (!r && name)
r = LUKS1_activate(cd, name, vk, flags); r = LUKS1_activate(cd, name, vk, flags);
} else if (isLUKS2(cd->type)) { } else if (isLUKS2(cd->type)) {
if (name && LUKS2_unmet_requirements(cd, &cd->u.luks2.hdr, 0))
return -ETXTBSY;
/* If key is not provided, try to use internal key */ /* If key is not provided, try to use internal key */
if (!volume_key) { if (!volume_key) {
if (!cd->volume_key) { if (!cd->volume_key) {
@@ -3991,12 +3982,11 @@ int crypt_activate_by_token(struct crypt_device *cd,
const char *name, int token, void *usrptr, uint32_t flags) const char *name, int token, void *usrptr, uint32_t flags)
{ {
int r; int r;
uint32_t check = CRYPT_CD_QUIET | (name ? 0 : CRYPT_CD_UNRESTRICTED);
log_dbg("%s volume %s using token %d.", log_dbg("%s volume %s using token %d.",
name ? "Activating" : "Checking", name ?: "passphrase", token); name ? "Activating" : "Checking", name ?: "passphrase", token);
if ((r = _onlyLUKS2(cd, check))) if ((r = _onlyLUKS2(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED)))
return r; return r;
if (token == CRYPT_ANY_TOKEN) if (token == CRYPT_ANY_TOKEN)