anitazha / rpms / systemd

Forked from rpms/systemd 3 years ago
Clone

Blame SOURCES/0597-cryptsetup-when-unlocking-always-put-path-to-the-obj.patch

923a60
From ec71ee722b573560c14840214adab862b09280c3 Mon Sep 17 00:00:00 2001
923a60
From: Michal Sekletar <msekleta@redhat.com>
923a60
Date: Tue, 12 Dec 2017 17:49:14 +0100
923a60
Subject: [PATCH] cryptsetup: when unlocking always put path to the object into
923a60
 Id
923a60
923a60
Some ask-password agents (e.g. clevis-luks-askpass) use Id option from
923a60
/run/systemd/ask-password/ask* file in order to obtain the password for
923a60
the device.
923a60
923a60
Id option should be in the following format,
923a60
e.g. Id=subsystem:data. Where data part is supposed to identify object
923a60
that ask-password query is done for. Since
923a60
e51b9486d1b59e72c293028fed1384f4e4ef09aa this field has format
923a60
Id=cryptsetup:/dev/block/major:minor when systemd-cryptsetup is
923a60
unlocking encrypted block device. However, crypttab also supports
923a60
encrypted image files in which case we usually set data part of Id to
923a60
"vol on mountpoint". This is unexpected and actually breaks network
923a60
based device encryption as implemented by clevis.
923a60
923a60
Example:
923a60
$ cat /etc/crypttab
923a60
clevis-unlocked /clevis-test-disk-image none luks,_netdev
923a60
$ systemctl start 'systemd-cryptsetup@clevis\x2dunlocked.service'
923a60
$ grep Id /run/systemd/ask-password/ask*
923a60
923a60
Before:
923a60
$ Id=cryptsetup:clevis-unlocked on /clevis-test-disk-image-mnt
923a60
923a60
After:
923a60
$ Id=cryptsetup:/clevis-test-disk-image
923a60
923a60
(cherry-picked from commit 5a9f1b05ed6dad48958097fb37811668e69447fb)
923a60
923a60
Resolves: #1511043
923a60
---
923a60
 src/cryptsetup/cryptsetup.c | 2 +-
923a60
 1 file changed, 1 insertion(+), 1 deletion(-)
923a60
923a60
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
923a60
index 5dedb073e4..c57d2b2948 100644
923a60
--- a/src/cryptsetup/cryptsetup.c
923a60
+++ b/src/cryptsetup/cryptsetup.c
923a60
@@ -342,7 +342,7 @@ static int get_password(const char *vol, const char *src, usec_t until, bool acc
923a60
                 escaped_name = maj_min;
923a60
                 maj_min = NULL;
923a60
         } else
923a60
-                escaped_name = cescape(name);
923a60
+                escaped_name = cescape(src);
923a60
 
923a60
         if (!escaped_name)
923a60
                 return log_oom();