diff options
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | debian/changelog | 7 | ||||
| -rw-r--r-- | debian/control | 2 | ||||
| -rw-r--r-- | main.c | 3 | ||||
| -rw-r--r-- | scripts/naskconf | 2 | ||||
| -rw-r--r-- | scripts/naskpass.initscript | 133 | ||||
| -rw-r--r-- | ui.c | 2 | ||||
| -rw-r--r-- | ui_input.c | 5 |
8 files changed, 97 insertions, 59 deletions
@@ -3,7 +3,7 @@ DBGFLAGS = -g LDFLAGS ?= $(shell ncurses5-config --libs) -pthread CC := gcc INSTALL ?= install -VERSION ?= $(shell if [ -d ./.git ]; then echo -n "git-"; git rev-parse --short HEAD; else echo "1.1a"; fi) +VERSION ?= $(shell if [ -d ./.git ]; then echo -n "git-"; git rev-parse --short HEAD; else echo "1.2a"; fi) BIN = naskpass SOURCES = status.c ui_ani.c ui_input.c ui_statusbar.c ui_nwindow.c ui.c main.c diff --git a/debian/changelog b/debian/changelog index 5f36cc5..fec9b9d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,9 @@ -naskpass (1.1-1) UNRELEASED; urgency=low +naskpass (1.2) unstable; urgency=low + * jessie port + + -- Toni Uhlig <matzeton@googlemail.com> Tue, 09 Jun 2015 11:14:20 +0100 + +naskpass (1.1-1) unstable; urgency=low * UI rewritten * maintainer scripts/configs renewed diff --git a/debian/control b/debian/control index d85a5ec..ee161d9 100644 --- a/debian/control +++ b/debian/control @@ -10,6 +10,6 @@ Homepage: https://github.com/freecoding/naskpass.git Package: naskpass Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, cryptsetup (= 2:1.4.3-4), libncurses5, libtinfo5, coreutils +Depends: ${shlibs:Depends}, ${misc:Depends}, cryptsetup (= 2:1.6.6-5), libncurses5, libtinfo5, coreutils Description: Ncurses based cryptsetup askpass replacement NULL. @@ -135,7 +135,7 @@ main(int argc, char **argv) while (input_timeout(ffd, 1) == 0) { usleep(100000); if (ui_active == true) { - + // TODO: smthng } } stop_ui(); @@ -152,7 +152,6 @@ main(int argc, char **argv) exit(EXIT_FAILURE); } -printf("BLA\n"); close(ffd); if (crypt_cmd != NULL) free(crypt_cmd); free(fifo_path); diff --git a/scripts/naskconf b/scripts/naskconf index 2452799..4a4a7e0 100644 --- a/scripts/naskconf +++ b/scripts/naskconf @@ -1,6 +1,6 @@ #!/bin/sh -export ORGCHKSM="5924c70e5c9fabf0398050349c3f4f283ab80091b23ea8c677249ee7bdd41f6e4910ce5e1bc32577e67763dc30d9b96cc3528256e1cc63dba959a5e3866ec21f" +export ORGCHKSM="2057abcd4c0038fb3357680ac3057b208672d5d81bca85e1cc668f17d4060a23bda4c34352682b289d17a18f6ab75c4b9ea9df1a9f85709e3042ff7fdc83e245" export ORGFILE="/usr/share/initramfs-tools/scripts/local-top/cryptroot" diff --git a/scripts/naskpass.initscript b/scripts/naskpass.initscript index 3f9be2c..4be0aa8 100644 --- a/scripts/naskpass.initscript +++ b/scripts/naskpass.initscript @@ -42,10 +42,10 @@ message() udev_settle() { # Wait for udev to be ready, see https://launchpad.net/bugs/85640 - if [ -x /sbin/udevadm ]; then - /sbin/udevadm settle --timeout=30 - elif [ -x /sbin/udevsettle ]; then - /sbin/udevsettle --timeout=30 + if command -v udevadm >/dev/null 2>&1; then + udevadm settle --timeout=30 + elif command -v udevsettle >/dev/null 2>&1; then + udevsettle --timeout=30 fi return 0 } @@ -65,10 +65,12 @@ parse_options() crypthash=ripemd160 crypttarget=cryptroot cryptsource="" + cryptheader="" cryptlvm="" cryptkeyscript="" cryptkey="" # This is only used as an argument to an eventual keyscript crypttries=3 + crypttcrypt="" cryptrootdev="" cryptdiscard="" CRYPTTAB_OPTIONS="" @@ -98,6 +100,13 @@ parse_options() fi export CRYPTTAB_SOURCE="$cryptsource" ;; + header=*) + cryptheader=${x#header=} + if [ ! -e "$cryptheader" ] && [ -e "/conf/conf.d/cryptheader/$cryptheader" ]; then + cryptheader="/conf/conf.d/cryptheader/$cryptheader" + fi + export CRYPTTAB_HEADER="$cryptheader" + ;; lvm=*) cryptlvm=${x#lvm=} ;; @@ -118,6 +127,9 @@ parse_options() ;; esac ;; + tcrypt) + crypttcrypt="yes" + ;; rootdev) cryptrootdev="yes" ;; @@ -157,29 +169,9 @@ activate_vg() return $? } -activate_evms() -{ - local dev module - - # Sanity checks - if [ ! -x /sbin/evms_activate ]; then - message "cryptsetup: evms_activate is not available" - return 1 - fi - - # Load modules used by evms - for module in dm-mod linear raid0 raid1 raid10 raid5 raid6; do - modprobe -q $module - done - - # Activate it - /sbin/evms_activate - return $? -} - setup_mapping() { - local opts count cryptcreate cryptremove NEWROOT + local opts count cryptopen cryptremove NEWROOT opts="$1" if [ -z "$opts" ]; then @@ -193,6 +185,11 @@ setup_mapping() return 1 fi + if [ -n "$cryptheader" ] && ! type "$cryptheader" >/dev/null; then + message "cryptsetup: error - LUKS header \"$cryptheader\" missing" + return 1 + fi + # The same target can be specified multiple times # e.g. root and resume lvs-on-lvm-on-crypto if [ -e "/dev/mapper/$crypttarget" ]; then @@ -204,7 +201,6 @@ setup_mapping() # Make sure the cryptsource device is available if [ ! -e $cryptsource ]; then activate_vg - activate_evms fi # If the encrypted source device hasn't shown up yet, give it a @@ -225,6 +221,11 @@ setup_mapping() slumber=$(( ${slumber} * 10 )) while [ ! -e "$cryptsource" ]; do + # retry for LVM devices every 10 seconds + if [ ${slumber} -eq $(( ${slumber}/100*100 )) ]; then + activate_vg + fi + /bin/sleep 0.1 slumber=$(( ${slumber} - 1 )) [ ${slumber} -gt 0 ] || break @@ -239,21 +240,33 @@ setup_mapping() udev_settle # We've given up, but we'll let the user fix matters if they can - while [ ! -e "${cryptsource}" ]; do + if [ ! -e "${cryptsource}" ]; then + + echo " ALERT! ${cryptsource} does not exist." echo " Check cryptopts=source= bootarg: cat /proc/cmdline" echo " or missing modules, devices: cat /proc/modules; ls /dev" - panic -r "ALERT! ${cryptsource} does not exist. Dropping to a shell!" - done + panic -r "Dropping to a shell. Will skip ${cryptsource} if you can't fix." + fi + + if [ ! -e "${cryptsource}" ]; then + return 1 + fi + # Prepare commands - cryptcreate="/sbin/cryptsetup -T 1" + cryptopen="/sbin/cryptsetup -T 1" if [ "$cryptdiscard" = "yes" ]; then - cryptcreate="$cryptcreate --allow-discards" + cryptopen="$cryptopen --allow-discards" fi - if /sbin/cryptsetup isLuks $cryptsource >/dev/null 2>&1; then - cryptcreate="$cryptcreate luksOpen $cryptsource $crypttarget" + if [ -n "$cryptheader" ]; then + cryptopen="$cryptopen --header=$cryptheader" + fi + if /sbin/cryptsetup isLuks ${cryptheader:-$cryptsource} >/dev/null 2>&1; then + cryptopen="$cryptopen open --type luks $cryptsource $crypttarget --key-file=-" + elif [ "$crypttcrypt" = "yes" ]; then + cryptopen="$cryptopen open --type tcrypt $cryptsource $crypttarget" else - cryptcreate="$cryptcreate -c $cryptcipher -s $cryptsize -h $crypthash create $crypttarget $cryptsource" + cryptopen="$cryptopen -c $cryptcipher -s $cryptsize -h $crypthash open --type plain $cryptsource $crypttarget --key-file=-" fi cryptremove="/sbin/cryptsetup remove $crypttarget" NEWROOT="/dev/mapper/$crypttarget" @@ -261,19 +274,29 @@ setup_mapping() # Try to get a satisfactory password $crypttries times count=0 while [ $crypttries -le 0 ] || [ $count -lt $crypttries ]; do + export CRYPTTAB_TRIED="$count" count=$(( $count + 1 )) - if [ $count -gt 1 ]; then - /bin/sleep 3 - fi - if [ -z "$cryptkeyscript" ]; then - cryptkey="Unlocking the disk $cryptsource ($crypttarget)\nEnter passphrase: " + if [ ${cryptsource#/dev/disk/by-uuid/} != $cryptsource ]; then + # UUIDs are not very helpful + diskname="$crypttarget" + else + diskname="$cryptsource ($crypttarget)" + fi + if [ -x /bin/plymouth ] && plymouth --ping; then cryptkeyscript="plymouth ask-for-password --prompt" - cryptkey=$(printf "$cryptkey") + # Plymouth will add a : if it is a non-graphical prompt + cryptkey="Please unlock disk $diskname" else - cryptkeyscript="/lib/cryptsetup/naskpass" + if [ -x /lib/cryptsetup/naskpass ]; then + cryptkeyscript="/lib/cryptsetup/naskpass" + cryptkey="" + else + cryptkeyscript="/lib/cryptsetup/askpass" + cryptkey="Please unlock disk $diskname: " + fi fi fi @@ -282,12 +305,17 @@ setup_mapping() if [ -x /bin/plymouth ] && plymouth --ping; then message "naskpass does not work with playmouth, falling back to default askpass .." if ! crypttarget="$crypttarget" cryptsource="$cryptsource" \ - $cryptkeyscript "$cryptkey" | $cryptcreate --key-file=- ; then + $cryptkeyscript "$cryptkey" | $cryptopen; then message "cryptsetup: cryptsetup failed, bad password or options?" continue fi else - $cryptkeyscript -c "$cryptcreate" + if ! $cryptkeyscript -c "cryptsetup -T 1 open $cryptsource $crypttarget"; then + message "naskpass: failed" + continue + else + message "naskpass: success" + fi fi fi @@ -298,7 +326,7 @@ setup_mapping() #FSTYPE='' #eval $(fstype < "$NEWROOT") - FSTYPE="$(blkid -s TYPE -o value "$NEWROOT")" + FSTYPE="$(/sbin/blkid -s TYPE -o value "$NEWROOT")" # See if we need to setup lvm on the crypto device #if [ "$FSTYPE" = "lvm" ] || [ "$FSTYPE" = "lvm2" ]; then @@ -312,12 +340,19 @@ setup_mapping() return 1 fi - NEWROOT=${cmdline_root:-/dev/mapper/$cryptlvm} - if [ "$cryptrootdev" = "yes" ]; then - # required for lilo to find the root device - echo "ROOT=$NEWROOT" >>/conf/param.conf + # Apparently ROOT is already set in /conf/param.conf for + # flashed kernels at least. See bugreport #759720. + if [ -f /conf/param.conf ] && grep -q "^ROOT=" /conf/param.conf; then + NEWROOT=$(sed -n 's/^ROOT=//p' /conf/param.conf) + else + NEWROOT=${cmdline_root:-/dev/mapper/$cryptlvm} + if [ "$cryptrootdev" = "yes" ]; then + # required for lilo to find the root device + echo "ROOT=$NEWROOT" >>/conf/param.conf + fi fi - eval $(fstype < "$NEWROOT") + #eval $(fstype < "$NEWROOT") + FSTYPE="$(/sbin/blkid -s TYPE -o value "$NEWROOT")" fi #if [ -z "$FSTYPE" ] || [ "$FSTYPE" = "unknown" ]; then @@ -217,7 +217,7 @@ send_passwd(int fifo_fd, char *passwd, size_t len) } static bool -process_key(wchar_t key, struct input *a, WINDOW *win) +process_key(char key, struct input *a, WINDOW *win) { bool retval = true; @@ -1,6 +1,5 @@ #include <stdlib.h> #include <string.h> -#include <wchar.h> #include "ui.h" #include "ui_input.h" @@ -130,11 +129,11 @@ activate_input(WINDOW *win, struct input *a) } int -add_input(WINDOW *win, struct input *a, wchar_t key) +add_input(WINDOW *win, struct input *a, int key) { if (a == NULL) return (UICB_ERR_UNDEF); if (a->input_len >= a->input_max) return (UICB_ERR_BUF); - *(a->input + a->input_pos) = (wchar_t) key; + *(a->input + a->input_pos) = (char) key; ++a->input_pos; ++a->input_len; a->cur_pos = (a->cur_pos+1 < a->width ? a->cur_pos+1 : a->cur_pos); |