neil / rpms / libblockdev

Forked from rpms/libblockdev a year ago
Clone
Blob Blame History Raw
From 2719ab3ee310a59ea64629852b507d63e3dbf0e5 Mon Sep 17 00:00:00 2001
From: Vojtech Trefny <vtrefny@redhat.com>
Date: Wed, 19 Dec 2018 11:04:51 +0100
Subject: [PATCH] crypto: Do not try to use keyring on systems without keyring
 support

Older kernels doesn't support storing keys in keyring. Fortunately
we can use 'crypt_active_device' to check if keyring is supported.
---
 src/plugins/crypto.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/plugins/crypto.c b/src/plugins/crypto.c
index 6b5be9d0..963ab457 100644
--- a/src/plugins/crypto.c
+++ b/src/plugins/crypto.c
@@ -1444,6 +1444,7 @@ gboolean bd_crypto_luks_change_key (const gchar *device, const gchar *pass, cons
 
 static gboolean luks_resize (const gchar *luks_device, guint64 size, const guint8 *pass_data, gsize data_len, const gchar *key_file, GError **error) {
     struct crypt_device *cd = NULL;
+    struct crypt_active_device cad;
     gint ret = 0;
     guint64 progress_id = 0;
     gchar *msg = NULL;
@@ -1463,6 +1464,16 @@ static gboolean luks_resize (const gchar *luks_device, guint64 size, const guint
         return FALSE;
     }
 
+    ret = crypt_get_active_device (cd, luks_device, &cad);
+    if (ret != 0) {
+        g_set_error (error, BD_CRYPTO_ERROR, BD_CRYPTO_ERROR_DEVICE,
+                     "Failed to get information about '%s': %s",
+                     luks_device, strerror_l(-ret, c_locale));
+        crypt_free (cd);
+        bd_utils_report_finished (progress_id, (*error)->message);
+        return FALSE;
+    }
+
     if (pass_data || key_file) {
         if (key_file) {
             success = g_file_get_contents (key_file, &key_buffer, &buf_len, error);
@@ -1478,7 +1489,7 @@ static gboolean luks_resize (const gchar *luks_device, guint64 size, const guint
 #ifdef LIBCRYPTSETUP_2
         ret = crypt_activate_by_passphrase (cd, NULL, CRYPT_ANY_SLOT,
                                             key_buffer ? key_buffer : (char*) pass_data,
-                                            buf_len, CRYPT_ACTIVATE_KEYRING_KEY);
+                                            buf_len, cad.flags & CRYPT_ACTIVATE_KEYRING_KEY);
 #else
         ret = crypt_activate_by_passphrase (cd, NULL, CRYPT_ANY_SLOT,
                                             key_buffer ? key_buffer : (char*) pass_data,