teknoraver / rpms / systemd

Forked from rpms/systemd 2 months ago
Clone

Blame SOURCES/0597-cryptsetup-when-unlocking-always-put-path-to-the-obj.patch

ecbff1
From ec71ee722b573560c14840214adab862b09280c3 Mon Sep 17 00:00:00 2001
ecbff1
From: Michal Sekletar <msekleta@redhat.com>
ecbff1
Date: Tue, 12 Dec 2017 17:49:14 +0100
ecbff1
Subject: [PATCH] cryptsetup: when unlocking always put path to the object into
ecbff1
 Id
ecbff1
ecbff1
Some ask-password agents (e.g. clevis-luks-askpass) use Id option from
ecbff1
/run/systemd/ask-password/ask* file in order to obtain the password for
ecbff1
the device.
ecbff1
ecbff1
Id option should be in the following format,
ecbff1
e.g. Id=subsystem:data. Where data part is supposed to identify object
ecbff1
that ask-password query is done for. Since
ecbff1
e51b9486d1b59e72c293028fed1384f4e4ef09aa this field has format
ecbff1
Id=cryptsetup:/dev/block/major:minor when systemd-cryptsetup is
ecbff1
unlocking encrypted block device. However, crypttab also supports
ecbff1
encrypted image files in which case we usually set data part of Id to
ecbff1
"vol on mountpoint". This is unexpected and actually breaks network
ecbff1
based device encryption as implemented by clevis.
ecbff1
ecbff1
Example:
ecbff1
$ cat /etc/crypttab
ecbff1
clevis-unlocked /clevis-test-disk-image none luks,_netdev
ecbff1
$ systemctl start 'systemd-cryptsetup@clevis\x2dunlocked.service'
ecbff1
$ grep Id /run/systemd/ask-password/ask*
ecbff1
ecbff1
Before:
ecbff1
$ Id=cryptsetup:clevis-unlocked on /clevis-test-disk-image-mnt
ecbff1
ecbff1
After:
ecbff1
$ Id=cryptsetup:/clevis-test-disk-image
ecbff1
ecbff1
(cherry-picked from commit 5a9f1b05ed6dad48958097fb37811668e69447fb)
ecbff1
ecbff1
Resolves: #1511043
ecbff1
---
ecbff1
 src/cryptsetup/cryptsetup.c | 2 +-
ecbff1
 1 file changed, 1 insertion(+), 1 deletion(-)
ecbff1
ecbff1
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
ecbff1
index 5dedb073e..c57d2b294 100644
ecbff1
--- a/src/cryptsetup/cryptsetup.c
ecbff1
+++ b/src/cryptsetup/cryptsetup.c
ecbff1
@@ -342,7 +342,7 @@ static int get_password(const char *vol, const char *src, usec_t until, bool acc
ecbff1
                 escaped_name = maj_min;
ecbff1
                 maj_min = NULL;
ecbff1
         } else
ecbff1
-                escaped_name = cescape(name);
ecbff1
+                escaped_name = cescape(src);
ecbff1
 
ecbff1
         if (!escaped_name)
ecbff1
                 return log_oom();