|
|
|
@ -1,87 +1,6 @@ |
|
|
|
# --- ROCK-COPYRIGHT-NOTE-BEGIN --- |
|
|
|
# |
|
|
|
# This copyright note is auto-generated by ./scripts/Create-CopyPatch. |
|
|
|
# Please add additional copyright information _after_ the line containing |
|
|
|
# the ROCK-COPYRIGHT-NOTE-END tag. Otherwise it might get removed by |
|
|
|
# the ./scripts/Create-CopyPatch script. Do not edit this copyright text! |
|
|
|
# |
|
|
|
# ROCK Linux: rock-src/package/base/util-linux/cryptoloop-support.diff |
|
|
|
# ROCK Linux is Copyright (C) 1998 - 2004 Clifford Wolf |
|
|
|
# |
|
|
|
# This patch file is dual-licensed. It is available under the license the |
|
|
|
# patched project is licensed under, as long as it is an OpenSource license |
|
|
|
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms |
|
|
|
# of the GNU General Public License as published by the Free Software |
|
|
|
# Foundation; either version 2 of the License, or (at your option) any later |
|
|
|
# version. |
|
|
|
# |
|
|
|
# --- ROCK-COPYRIGHT-NOTE-END --- |
|
|
|
|
|
|
|
--- util-linux-2.12/mount/mount.8.orig 2003-09-21 18:14:26.000000000 -0400
|
|
|
|
+++ util-linux-2.12/mount/mount.8 2003-09-21 18:16:18.000000000 -0400
|
|
|
|
@@ -1696,6 +1696,11 @@
|
|
|
|
.BR loop ", " offset " and " encryption , |
|
|
|
that are really options to |
|
|
|
.BR losetup (8). |
|
|
|
+You can also use the
|
|
|
|
+.BR keygen
|
|
|
|
+option to have mount call an external program from, which it will read the
|
|
|
|
+encryption key. Arguments to this program can be given, separated by semicolons.
|
|
|
|
+
|
|
|
|
If no explicit loop device is mentioned |
|
|
|
(but just an option `\fB\-o loop\fP' is given), then |
|
|
|
.B mount |
|
|
|
--- util-linux-2.12/mount/mount.c.orig 2003-09-21 18:14:27.000000000 -0400
|
|
|
|
+++ util-linux-2.12/mount/mount.c 2003-09-21 18:16:18.000000000 -0400
|
|
|
|
@@ -195,7 +195,7 @@
|
|
|
|
}; |
|
|
|
|
|
|
|
static char *opt_loopdev, *opt_vfstype, *opt_offset, *opt_encryption, |
|
|
|
- *opt_speed;
|
|
|
|
+ *opt_keygen, *opt_speed;
|
|
|
|
|
|
|
|
static struct string_opt_map { |
|
|
|
char *tag; |
|
|
|
@@ -206,6 +206,7 @@
|
|
|
|
{ "vfs=", 1, &opt_vfstype }, |
|
|
|
{ "offset=", 0, &opt_offset }, |
|
|
|
{ "encryption=", 0, &opt_encryption }, |
|
|
|
+ { "keygen=", 0, &opt_keygen },
|
|
|
|
{ "speed=", 0, &opt_speed }, |
|
|
|
{ NULL, 0, NULL } |
|
|
|
}; |
|
|
|
@@ -586,7 +587,7 @@
|
|
|
|
*type = opt_vfstype; |
|
|
|
} |
|
|
|
|
|
|
|
- *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_encryption);
|
|
|
|
+ *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_encryption || opt_keygen);
|
|
|
|
*loopfile = *spec; |
|
|
|
|
|
|
|
if (*loop) { |
|
|
|
@@ -596,6 +597,11 @@
|
|
|
|
printf(_("mount: skipping the setup of a loop device\n")); |
|
|
|
} else { |
|
|
|
int loopro = (*flags & MS_RDONLY); |
|
|
|
+ /* Extra args to the keygen program. Right now there are 2: *
|
|
|
|
+ * - the looped file *
|
|
|
|
+ * - the encryption type used */
|
|
|
|
+ char *keygen_args[] = {*loopfile, opt_encryption};
|
|
|
|
+ const int _n_keygen_args = 2;
|
|
|
|
|
|
|
|
if (!*loopdev || !**loopdev) |
|
|
|
*loopdev = find_unused_loop_device(); |
|
|
|
@@ -604,6 +610,8 @@
|
|
|
|
if (verbose) |
|
|
|
printf(_("mount: going to use the loop device %s\n"), *loopdev); |
|
|
|
offset = opt_offset ? strtoul(opt_offset, NULL, 0) : 0; |
|
|
|
+ if (opt_keygen)
|
|
|
|
+ pfd = use_keygen_prog(opt_keygen, keygen_args, _n_keygen_args);
|
|
|
|
if (set_loop(*loopdev, *loopfile, offset, |
|
|
|
opt_encryption, pfd, &loopro)) { |
|
|
|
if (verbose) |
|
|
|
--- util-linux-2.12/mount/lomount.c.orig 2003-09-21 18:14:26.000000000 -0400
|
|
|
|
+++ util-linux-2.12/mount/lomount.c 2003-09-21 18:43:27.000000000 -0400
|
|
|
|
diff -dur util-linux-2.12h/mount/lomount.c util-linux-2.12h-patch/mount/lomount.c
|
|
|
|
--- util-linux-2.12h/mount/lomount.c 2004-09-22 18:26:02.000000000 +0000
|
|
|
|
+++ util-linux-2.12h-patch/mount/lomount.c 2004-10-23 03:37:44.541795904 +0000
|
|
|
|
@@ -10,7 +10,6 @@
|
|
|
|
* 2000-09-24 Marc Mutz <Marc@Mutz.com> |
|
|
|
* - added -p option to pass passphrases via fd's to losetup/mount. |
|
|
|
@ -127,23 +46,6 @@ |
|
|
|
-xgetpass(int pfd, const char *prompt) {
|
|
|
|
- char *pass;
|
|
|
|
- int buflen, i;
|
|
|
|
-
|
|
|
|
- if (pfd < 0) /* terminal */
|
|
|
|
- return getpass(prompt);
|
|
|
|
-
|
|
|
|
- pass = NULL;
|
|
|
|
- buflen = 0;
|
|
|
|
- for (i=0; ; i++) {
|
|
|
|
- if (i >= buflen-1) {
|
|
|
|
- /* we're running out of space in the buffer.
|
|
|
|
- * Make it bigger: */
|
|
|
|
- char *tmppass = pass;
|
|
|
|
- buflen += 128;
|
|
|
|
- pass = realloc(tmppass, buflen);
|
|
|
|
- if (pass == NULL) {
|
|
|
|
- /* realloc failed. Stop reading. */
|
|
|
|
- error("Out of memory while reading passphrase");
|
|
|
|
- pass = tmppass; /* the old buffer hasn't changed */
|
|
|
|
+/* A function to check the encryption parameters against /proc/crypto. *
|
|
|
|
+ * Returns 1 if everything checks out, 0 if there's any problem. *
|
|
|
|
+ * The purpose of this function is not so much to verify the parameters *
|
|
|
|
@ -160,7 +62,9 @@ |
|
|
|
+ int cipher_found = 0, min_size = 0, max_size = 0, retval;
|
|
|
|
+ FILE *fp;
|
|
|
|
+ struct stat st;
|
|
|
|
+
|
|
|
|
|
|
|
|
- if (pfd < 0) /* terminal */
|
|
|
|
- return getpass(prompt);
|
|
|
|
+ if (stat("/proc/crypto", &st) == -1) {
|
|
|
|
+ retval = 1;
|
|
|
|
+ goto end;
|
|
|
|
@ -172,7 +76,20 @@ |
|
|
|
+ retval = 1;
|
|
|
|
+ goto end;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
|
|
|
|
- pass = NULL;
|
|
|
|
- buflen = 0;
|
|
|
|
- for (i=0; ; i++) {
|
|
|
|
- if (i >= buflen-1) {
|
|
|
|
- /* we're running out of space in the buffer.
|
|
|
|
- * Make it bigger: */
|
|
|
|
- char *tmppass = pass;
|
|
|
|
- buflen += 128;
|
|
|
|
- pass = realloc(tmppass, buflen);
|
|
|
|
- if (pass == NULL) {
|
|
|
|
- /* realloc failed. Stop reading. */
|
|
|
|
- error("Out of memory while reading passphrase");
|
|
|
|
- pass = tmppass; /* the old buffer hasn't changed */
|
|
|
|
+ xstrncpy(cipher_name, loopinfo64->lo_crypt_name, LO_NAME_SIZE);
|
|
|
|
+ /* Chop off the cipher mode (ie. everything after the dash) */
|
|
|
|
+ cipher_name[strcspn(cipher_name, "-")] = '\0';
|
|
|
|
@ -190,13 +107,12 @@ |
|
|
|
} |
|
|
|
- if (read(pfd, pass+i, 1) != 1 || pass[i] == '\n')
|
|
|
|
- break;
|
|
|
|
- }
|
|
|
|
} |
|
|
|
- if (pass == NULL)
|
|
|
|
- return "";
|
|
|
|
- else {
|
|
|
|
- pass[i] = 0;
|
|
|
|
- return pass;
|
|
|
|
} |
|
|
|
+ fclose(fp);
|
|
|
|
+
|
|
|
|
+ if (!cipher_found) {
|
|
|
|
@ -209,7 +125,7 @@ |
|
|
|
+ loopinfo64->lo_encrypt_key_size, cipher_name);
|
|
|
|
+ retval = 0;
|
|
|
|
+ goto end;
|
|
|
|
+ }
|
|
|
|
} |
|
|
|
+
|
|
|
|
+ retval = 1;
|
|
|
|
+end:
|
|
|
|
@ -305,69 +221,84 @@ |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
@@ -307,9 +412,25 @@
|
|
|
|
@@ -308,10 +413,26 @@
|
|
|
|
strlen(loopinfo64.lo_encrypt_key); |
|
|
|
break; |
|
|
|
default: |
|
|
|
- pass = xgetpass(pfd, _("Password: "));
|
|
|
|
- xstrncpy(loopinfo64.lo_encrypt_key, pass, LO_KEY_SIZE);
|
|
|
|
- memset(pass, 0, strlen(pass));
|
|
|
|
- loopinfo64.lo_encrypt_key_size = LO_KEY_SIZE;
|
|
|
|
+ if (pfd == -1) {
|
|
|
|
+ pass = getpass(_("Password: "));
|
|
|
|
+ xstrncpy(loopinfo64.lo_encrypt_key, pass, LO_KEY_SIZE);
|
|
|
|
+ } else {
|
|
|
|
+ /* If we're reading from an extenral program, *
|
|
|
|
+ * odds are good that a SIGCHLD will interrupt *
|
|
|
|
+ * this read(), and ruin our whole day. So we *
|
|
|
|
+ * must block it. */
|
|
|
|
+ sigset_t ss, oss;
|
|
|
|
+ sigemptyset(&ss);
|
|
|
|
+ sigaddset(&ss, SIGCHLD);
|
|
|
|
+ sigprocmask(SIG_BLOCK, &ss, &oss);
|
|
|
|
+ if (read(pfd, loopinfo64.lo_encrypt_key,
|
|
|
|
+ LO_KEY_SIZE) == -1) {
|
|
|
|
+ perror("read");
|
|
|
|
+ fprintf(stderr, _("Error reading encryption key, exiting\n"));
|
|
|
|
+ }
|
|
|
|
+ sigprocmask(SIG_SETMASK, &oss, NULL);
|
|
|
|
+ }
|
|
|
|
+ if (pfd == -1) {
|
|
|
|
+ pass = getpass(_("Password: "));
|
|
|
|
+ xstrncpy(loopinfo64.lo_encrypt_key, pass, LO_KEY_SIZE);
|
|
|
|
+ memset(pass, 0, strlen(pass));
|
|
|
|
+ } else {
|
|
|
|
+ /* If we're reading from an extenral program, *
|
|
|
|
+ * odds are good that a SIGCHLD will interrupt *
|
|
|
|
+ * this read(), and ruin our whole day. So we *
|
|
|
|
+ * must block it. */
|
|
|
|
+ sigset_t ss, oss;
|
|
|
|
+ sigemptyset(&ss);
|
|
|
|
+ sigaddset(&ss, SIGCHLD);
|
|
|
|
+ sigprocmask(SIG_BLOCK, &ss, &oss);
|
|
|
|
+ if (read(pfd, loopinfo64.lo_encrypt_key,
|
|
|
|
+ LO_KEY_SIZE) == -1) {
|
|
|
|
+ perror("read");
|
|
|
|
+ fprintf(stderr, _("Error reading encryption key, exiting\n"));
|
|
|
|
+ }
|
|
|
|
+ sigprocmask(SIG_SETMASK, &oss, NULL);
|
|
|
|
+ }
|
|
|
|
} |
|
|
|
|
|
|
|
if (ioctl(fd, LOOP_SET_FD, ffd) < 0) { |
|
|
|
@@ -322,6 +443,14 @@
|
|
|
|
@@ -325,20 +446,44 @@
|
|
|
|
struct loop_info loopinfo; |
|
|
|
int errsv = errno; |
|
|
|
|
|
|
|
+ if (errno == EINVAL &&
|
|
|
|
+ loopinfo64.lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
|
|
|
|
+ if (!check_crypto(&loopinfo64)) {
|
|
|
|
+ fprintf(stderr,
|
|
|
|
+ _("Error in crypto parameters, exiting\n"));
|
|
|
|
+ goto fail;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
errno = loop_info64_to_old(&loopinfo64, &loopinfo); |
|
|
|
if (errno) { |
|
|
|
+ if (errno == EINVAL &&
|
|
|
|
+ loopinfo64.lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
|
|
|
|
+ if (!check_crypto(&loopinfo64)) {
|
|
|
|
+ fprintf(stderr,
|
|
|
|
+ _("Error in crypto parameters, exiting\n"));
|
|
|
|
+ goto fail;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+
|
|
|
|
i = loop_info64_to_old(&loopinfo64, &loopinfo); |
|
|
|
if (i) { |
|
|
|
errno = errsv; |
|
|
|
@@ -330,6 +459,17 @@
|
|
|
|
} |
|
|
|
|
|
|
|
if (ioctl(fd, LOOP_SET_STATUS, &loopinfo) < 0) { |
|
|
|
+ errsv = errno;
|
|
|
|
+
|
|
|
|
+ if (errno == EINVAL &&
|
|
|
|
+ loopinfo.lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
|
|
|
|
+ if (!check_crypto_old(&loopinfo)) {
|
|
|
|
+ fprintf(stderr,
|
|
|
|
+ _("Error in crypto parameters, exiting\n"));
|
|
|
|
+ goto fail;
|
|
|
|
perror("ioctl: LOOP_SET_STATUS64"); |
|
|
|
} else { |
|
|
|
i = ioctl(fd, LOOP_SET_STATUS, &loopinfo); |
|
|
|
- if (i)
|
|
|
|
+ if (i) {
|
|
|
|
+ if (i<0) {
|
|
|
|
+ errsv = errno;
|
|
|
|
+
|
|
|
|
+ if (errno == EINVAL &&
|
|
|
|
+ loopinfo.lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
|
|
|
|
+ if (!check_crypto_old(&loopinfo)) {
|
|
|
|
+ fprintf(stderr,
|
|
|
|
+ _("Error in crypto parameters, exiting\n"));
|
|
|
|
+ goto fail;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ errno = errsv;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ errno = errsv;
|
|
|
|
perror("ioctl: LOOP_SET_STATUS"); |
|
|
|
goto fail; |
|
|
|
perror("ioctl: LOOP_SET_STATUS"); |
|
|
|
+ }
|
|
|
|
} |
|
|
|
@@ -416,6 +556,22 @@
|
|
|
|
memset(&loopinfo, 0, sizeof(loopinfo)); |
|
|
|
} |
|
|
|
memset(&loopinfo64, 0, sizeof(loopinfo64)); |
|
|
|
|
|
|
|
if (i) { |
|
|
|
+fail:
|
|
|
|
ioctl (fd, LOOP_CLR_FD, 0); |
|
|
|
close (fd); |
|
|
|
return 1; |
|
|
|
@@ -420,6 +563,22 @@
|
|
|
|
exit(1); |
|
|
|
} |
|
|
|
|
|
|
|
@ -390,8 +321,75 @@ |
|
|
|
char * |
|
|
|
xstrdup (const char *s) { |
|
|
|
char *t; |
|
|
|
--- util-linux-2.12/mount/sundries.c.orig 2003-09-21 18:14:27.000000000 -0400
|
|
|
|
+++ util-linux-2.12/mount/sundries.c 2003-09-21 18:16:18.000000000 -0400
|
|
|
|
Nur in util-linux-2.12h-patch/mount: lomount.c~. |
|
|
|
diff -dur util-linux-2.12h/mount/mount.8 util-linux-2.12h-patch/mount/mount.8
|
|
|
|
--- util-linux-2.12h/mount/mount.8 2004-09-19 20:00:49.000000000 +0000
|
|
|
|
+++ util-linux-2.12h-patch/mount/mount.8 2004-10-23 03:36:52.385724832 +0000
|
|
|
|
@@ -1759,6 +1759,11 @@
|
|
|
|
.BR loop ", " offset " and " encryption , |
|
|
|
that are really options to |
|
|
|
.BR losetup (8). |
|
|
|
+You can also use the
|
|
|
|
+.BR keygen
|
|
|
|
+option to have mount call an external program from, which it will read the
|
|
|
|
+encryption key. Arguments to this program can be given, separated by semicolons.
|
|
|
|
+
|
|
|
|
If no explicit loop device is mentioned |
|
|
|
(but just an option `\fB\-o loop\fP' is given), then |
|
|
|
.B mount |
|
|
|
diff -dur util-linux-2.12h/mount/mount.c util-linux-2.12h-patch/mount/mount.c
|
|
|
|
--- util-linux-2.12h/mount/mount.c 2004-10-13 20:54:39.000000000 +0000
|
|
|
|
+++ util-linux-2.12h-patch/mount/mount.c 2004-10-23 03:36:52.386724680 +0000
|
|
|
|
@@ -164,7 +164,7 @@
|
|
|
|
}; |
|
|
|
|
|
|
|
static const char *opt_loopdev, *opt_vfstype, *opt_offset, *opt_encryption, |
|
|
|
- *opt_speed, *opt_comment;
|
|
|
|
+ *opt_keygen, *opt_speed, *opt_comment;
|
|
|
|
|
|
|
|
static struct string_opt_map { |
|
|
|
char *tag; |
|
|
|
@@ -175,6 +175,7 @@
|
|
|
|
{ "vfs=", 1, &opt_vfstype }, |
|
|
|
{ "offset=", 0, &opt_offset }, |
|
|
|
{ "encryption=", 0, &opt_encryption }, |
|
|
|
+ { "keygen=", 0, &opt_keygen },
|
|
|
|
{ "speed=", 0, &opt_speed }, |
|
|
|
{ "comment=", 1, &opt_comment }, |
|
|
|
{ NULL, 0, NULL } |
|
|
|
@@ -570,7 +571,7 @@
|
|
|
|
*type = opt_vfstype; |
|
|
|
} |
|
|
|
|
|
|
|
- *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_encryption);
|
|
|
|
+ *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_encryption || opt_keygen);
|
|
|
|
*loopfile = *spec; |
|
|
|
|
|
|
|
if (*loop) { |
|
|
|
@@ -580,6 +581,11 @@
|
|
|
|
printf(_("mount: skipping the setup of a loop device\n")); |
|
|
|
} else { |
|
|
|
int loopro = (*flags & MS_RDONLY); |
|
|
|
+ /* Extra args to the keygen program. Right now there are 2: *
|
|
|
|
+ * - the looped file *
|
|
|
|
+ * - the encryption type used */
|
|
|
|
+ char *keygen_args[] = {*loopfile, opt_encryption};
|
|
|
|
+ const int _n_keygen_args = 2;
|
|
|
|
|
|
|
|
if (!*loopdev || !**loopdev) |
|
|
|
*loopdev = find_unused_loop_device(); |
|
|
|
@@ -588,6 +594,8 @@
|
|
|
|
if (verbose) |
|
|
|
printf(_("mount: going to use the loop device %s\n"), *loopdev); |
|
|
|
offset = opt_offset ? strtoull(opt_offset, NULL, 0) : 0; |
|
|
|
+ if (opt_keygen)
|
|
|
|
+ pfd = use_keygen_prog(opt_keygen, keygen_args, _n_keygen_args);
|
|
|
|
if (set_loop(*loopdev, *loopfile, offset, |
|
|
|
opt_encryption, pfd, &loopro)) { |
|
|
|
if (verbose) |
|
|
|
diff -dur util-linux-2.12h/mount/sundries.c util-linux-2.12h-patch/mount/sundries.c
|
|
|
|
--- util-linux-2.12h/mount/sundries.c 2004-10-13 21:15:39.000000000 +0000
|
|
|
|
+++ util-linux-2.12h-patch/mount/sundries.c 2004-10-23 03:36:52.387724528 +0000
|
|
|
|
@@ -12,6 +12,8 @@
|
|
|
|
#include <stdio.h> |
|
|
|
#include <string.h> |
|
|
|
@ -401,9 +399,9 @@ |
|
|
|
#include "fstab.h" |
|
|
|
#include "sundries.h" |
|
|
|
#include "realpath.h" |
|
|
|
@@ -285,3 +287,100 @@
|
|
|
|
free(canonical); |
|
|
|
return xstrdup(path); |
|
|
|
@@ -288,3 +290,100 @@
|
|
|
|
|
|
|
|
return xstrdup(path); |
|
|
|
} |
|
|
|
+
|
|
|
|
+static volatile int keygen_wait = 1;
|
|
|
|
@ -502,8 +500,9 @@ |
|
|
|
+ return 0; /* so gcc will shut up */
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
--- util-linux-2.12/mount/sundries.h.orig 2003-09-21 18:14:27.000000000 -0400
|
|
|
|
+++ util-linux-2.12/mount/sundries.h 2003-09-21 18:16:18.000000000 -0400
|
|
|
|
diff -dur util-linux-2.12h/mount/sundries.h util-linux-2.12h-patch/mount/sundries.h
|
|
|
|
--- util-linux-2.12h/mount/sundries.h 2002-11-01 01:00:50.000000000 +0000
|
|
|
|
+++ util-linux-2.12h-patch/mount/sundries.h 2004-10-23 03:36:52.387724528 +0000
|
|
|
|
@@ -25,6 +25,7 @@
|
|
|
|
void error (const char *fmt, ...); |
|
|
|
int matching_type (const char *type, const char *types); |
|
|
|
|
Stefan Fiedler
20 years ago