teknoraver / rpms / systemd

Forked from rpms/systemd 2 months ago
Clone

Blame SOURCES/0597-cryptsetup-when-unlocking-always-put-path-to-the-obj.patch

dd65c9
From ec71ee722b573560c14840214adab862b09280c3 Mon Sep 17 00:00:00 2001
dd65c9
From: Michal Sekletar <msekleta@redhat.com>
dd65c9
Date: Tue, 12 Dec 2017 17:49:14 +0100
dd65c9
Subject: [PATCH] cryptsetup: when unlocking always put path to the object into
dd65c9
 Id
dd65c9
dd65c9
Some ask-password agents (e.g. clevis-luks-askpass) use Id option from
dd65c9
/run/systemd/ask-password/ask* file in order to obtain the password for
dd65c9
the device.
dd65c9
dd65c9
Id option should be in the following format,
dd65c9
e.g. Id=subsystem:data. Where data part is supposed to identify object
dd65c9
that ask-password query is done for. Since
dd65c9
e51b9486d1b59e72c293028fed1384f4e4ef09aa this field has format
dd65c9
Id=cryptsetup:/dev/block/major:minor when systemd-cryptsetup is
dd65c9
unlocking encrypted block device. However, crypttab also supports
dd65c9
encrypted image files in which case we usually set data part of Id to
dd65c9
"vol on mountpoint". This is unexpected and actually breaks network
dd65c9
based device encryption as implemented by clevis.
dd65c9
dd65c9
Example:
dd65c9
$ cat /etc/crypttab
dd65c9
clevis-unlocked /clevis-test-disk-image none luks,_netdev
dd65c9
$ systemctl start 'systemd-cryptsetup@clevis\x2dunlocked.service'
dd65c9
$ grep Id /run/systemd/ask-password/ask*
dd65c9
dd65c9
Before:
dd65c9
$ Id=cryptsetup:clevis-unlocked on /clevis-test-disk-image-mnt
dd65c9
dd65c9
After:
dd65c9
$ Id=cryptsetup:/clevis-test-disk-image
dd65c9
dd65c9
(cherry-picked from commit 5a9f1b05ed6dad48958097fb37811668e69447fb)
dd65c9
dd65c9
Resolves: #1511043
dd65c9
---
dd65c9
 src/cryptsetup/cryptsetup.c | 2 +-
dd65c9
 1 file changed, 1 insertion(+), 1 deletion(-)
dd65c9
dd65c9
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
dd65c9
index 5dedb073e..c57d2b294 100644
dd65c9
--- a/src/cryptsetup/cryptsetup.c
dd65c9
+++ b/src/cryptsetup/cryptsetup.c
dd65c9
@@ -342,7 +342,7 @@ static int get_password(const char *vol, const char *src, usec_t until, bool acc
dd65c9
                 escaped_name = maj_min;
dd65c9
                 maj_min = NULL;
dd65c9
         } else
dd65c9
-                escaped_name = cescape(name);
dd65c9
+                escaped_name = cescape(src);
dd65c9
 
dd65c9
         if (!escaped_name)
dd65c9
                 return log_oom();