From ee689d88b4bd9584272e01f1c467aa4648280004 Mon Sep 17 00:00:00 2001 From: Ondrej Kozina Date: Mon, 24 Sep 2018 15:38:05 +0200 Subject: [PATCH 042/324] Add blkid scan when attemting to open plain device. Warn user about existing device signatures on candidate ciphertext device and prompt for action confirmation. Fixes #411. --- src/cryptsetup.c | 27 ++++++++++++++++++++++++--- tests/device-test | 6 +++--- tests/discards-test | 2 +- 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/src/cryptsetup.c b/src/cryptsetup.c index 371948f..90fc703 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -166,7 +166,7 @@ static void _set_activation_flags(uint32_t *flags) static int action_open_plain(void) { struct crypt_device *cd = NULL; - char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; + char *msg, cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN]; struct crypt_params_plain params = { .hash = opt_hash ?: DEFAULT_PLAIN_HASH, .skip = opt_skip, @@ -175,8 +175,8 @@ static int action_open_plain(void) .sector_size = opt_sector_size, }; char *password = NULL; - size_t passwordLen, key_size_max; - size_t key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8; + size_t passwordLen, key_size_max, signatures, + key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8; uint32_t activate_flags = 0; int r; @@ -205,6 +205,27 @@ static int action_open_plain(void) if ((r = crypt_init(&cd, action_argv[0]))) goto out; + /* Skip blkid scan when activating plain device with offset */ + if (!opt_offset) { + /* Print all present signatures in read-only mode */ + r = tools_detect_signatures(action_argv[0], 0, &signatures); + if (r < 0) + goto out; + } + + if (signatures) { + r = asprintf(&msg, _("Detected device signature(s) on %s. Proceeding further may damage existing data."), action_argv[0]); + if (r == -1) { + r = -ENOMEM; + goto out; + } + + r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL; + free(msg); + if (r < 0) + goto out; + } + r = crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, diff --git a/tests/device-test b/tests/device-test index b9ba98d..c49eb84 100755 --- a/tests/device-test +++ b/tests/device-test @@ -97,11 +97,11 @@ if [ -z "$DM_PERF_CPU" ]; then SKIP_COUNT=$((SKIP_COUNT+1)) else # plain - echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail + echo -e "$PWD1" | $CRYPTSETUP open -q --type plain $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail $CRYPTSETUP close $DEV_NAME || fail - echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail + echo -e "$PWD1" | $CRYPTSETUP open -q --type plain $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail $CRYPTSETUP status $DEV_NAME | grep -q discards || fail $CRYPTSETUP close $DEV_NAME || fail @@ -152,7 +152,7 @@ else echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --sector-size 1234 >/dev/null 2>&1 && fail for S in 512 1024 2048 4096; do echo -n "[$S]" - echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --sector-size $S || fail + echo -e "$PWD1" | $CRYPTSETUP open -q --type plain $DEV $DEV_NAME --sector-size $S || fail check_sector_size $S $CRYPTSETUP close $DEV_NAME || fail done diff --git a/tests/discards-test b/tests/discards-test index 5ffe7ab..476c04d 100755 --- a/tests/discards-test +++ b/tests/discards-test @@ -74,7 +74,7 @@ dmsetup table $DEV_NAME | grep allow_discards >/dev/null || fail $CRYPTSETUP luksClose $DEV_NAME || fail echo "[2] Allowing discards for plain device" -echo $PWD1 | $CRYPTSETUP create $DEV_NAME $DEV --hash sha1 --allow-discards || fail +echo $PWD1 | $CRYPTSETUP create -q $DEV_NAME $DEV --hash sha1 --allow-discards || fail $CRYPTSETUP status $DEV_NAME | grep flags | grep discards >/dev/null || fail $CRYPTSETUP resize $DEV_NAME --size 100 || fail $CRYPTSETUP status $DEV_NAME | grep flags | grep discards >/dev/null || fail -- 2.19.1