Author: fehr
Date: Thu Apr 29 15:40:41 2010
New Revision: 61919
URL: http://svn.opensuse.org/viewcvs/yast?rev=61919&view=rev
Log:
- backport crypt related fixes to handle L3 (bnc #599998)
- 2.17.77
Modified:
branches/SuSE-Code-11-Branch/storage/VERSION
branches/SuSE-Code-11-Branch/storage/libstorage/src/Container.cc
branches/SuSE-Code-11-Branch/storage/libstorage/src/DmCo.cc
branches/SuSE-Code-11-Branch/storage/libstorage/src/EtcFstab.cc
branches/SuSE-Code-11-Branch/storage/libstorage/src/EtcFstab.h
branches/SuSE-Code-11-Branch/storage/libstorage/src/Loop.cc
branches/SuSE-Code-11-Branch/storage/libstorage/src/Md.cc
branches/SuSE-Code-11-Branch/storage/libstorage/src/Md.h
branches/SuSE-Code-11-Branch/storage/libstorage/src/Storage.cc
branches/SuSE-Code-11-Branch/storage/libstorage/src/Storage.h
branches/SuSE-Code-11-Branch/storage/libstorage/src/StorageInterface.h
branches/SuSE-Code-11-Branch/storage/libstorage/src/StorageTmpl.h
branches/SuSE-Code-11-Branch/storage/libstorage/src/Volume.cc
branches/SuSE-Code-11-Branch/storage/libstorage/src/Volume.h
branches/SuSE-Code-11-Branch/storage/libstorage/testsuite/fstab1.cc
branches/SuSE-Code-11-Branch/storage/libstorage/testsuite/single.out/fstab1.out
branches/SuSE-Code-11-Branch/storage/package/yast2-storage.changes
branches/SuSE-Code-11-Branch/storage/storage/src/include/custom_part_lib.ycp
branches/SuSE-Code-11-Branch/storage/storage/src/include/ep-dialogs.ycp
branches/SuSE-Code-11-Branch/storage/storage/src/modules/Storage.ycp
Modified: branches/SuSE-Code-11-Branch/storage/VERSION
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/VERSION?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/VERSION (original)
+++ branches/SuSE-Code-11-Branch/storage/VERSION Thu Apr 29 15:40:41 2010
@@ -1 +1 @@
-2.17.76
+2.17.77
Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/Container.cc
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/libstorage/src/Container.cc?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/libstorage/src/Container.cc (original)
+++ branches/SuSE-Code-11-Branch/storage/libstorage/src/Container.cc Thu Apr 29 15:40:41 2010
@@ -120,9 +120,11 @@
ret = doCreate( vol );
else if( vol->needExtend() )
ret = doResize( vol );
+ if (vol->needCrsetup(false))
+ ret = vol->doCrsetup();
break;
case FORMAT:
- if( vol->needCrsetup() )
+ if (vol->needCrsetup(true))
ret = vol->doCrsetup();
if( ret==0 && vol->getFormat() )
ret = vol->doFormat();
@@ -131,7 +133,11 @@
break;
case MOUNT:
if( vol->needRemount() )
+ {
+ if (vol->needCrsetup(true))
+ vol->doCrsetup();
ret = vol->doMount();
+ }
if( ret==0 && vol->needFstabUpdate() )
{
ret = vol->doFstabUpdate();
Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/DmCo.cc
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/libstorage/src/DmCo.cc?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/libstorage/src/DmCo.cc (original)
+++ branches/SuSE-Code-11-Branch/storage/libstorage/src/DmCo.cc Thu Apr 29 15:40:41 2010
@@ -91,7 +91,7 @@
keysize = extractNthWord( 1, line );
}
- if( cipher == "aes-cbc-essiv:sha256" )
+ if( cipher == "aes-cbc-essiv:sha256" || cipher == "aes-cbc-plain")
ret = ENC_LUKS;
else if( cipher == "twofish-cbc-plain" )
ret = ENC_TWOFISH;
Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/EtcFstab.cc
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/libstorage/src/EtcFstab.cc?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/libstorage/src/EtcFstab.cc (original)
+++ branches/SuSE-Code-11-Branch/storage/libstorage/src/EtcFstab.cc Thu Apr 29 15:40:41 2010
@@ -3,7 +3,6 @@
Textdomain "storage"
*/
-
#include <fstream>
#include <algorithm>
@@ -74,6 +73,8 @@
if( i!=l.end() )
*i++ >> p->old.passno;
p->old.calcDependent();
+ if( checkNormalFile(p->old.device) )
+ p->old.loop = true;
p->nnew = p->old;
co.push_back( *p );
delete p;
@@ -478,14 +479,15 @@
{
ls.push_back( e.loop_dev );
}
- ls.push_back( e.dentry );
+ if( e.dmcrypt && e.optUser() )
+ ls.push_back( e.device );
+ else
+ ls.push_back( e.dentry );
ls.push_back( e.mount );
- if( e.dmcrypt && e.noauto )
+ if( e.dmcrypt && e.optUser() )
ls.push_back( "crypt" );
else
- {
ls.push_back( (e.fs!="ntfs")?e.fs:"ntfs-3g" );
- }
if( e.crypto )
{
ls.push_back( Volume::encTypeString(e.encr) );
@@ -528,8 +530,7 @@
string EtcFstab::createTabLine( const FstabEntry& e )
{
- y2milestone( "device:%s mp:%s", e.dentry.c_str(), e.mount.c_str() );
- y2mil( "entry:" << e );
+ y2mil("dentry:" << e.dentry << " mount:" << e.mount << " device:" << e.device);
list<string> ls;
makeStringList( e, ls );
y2mil( "list:" << ls );
@@ -740,6 +741,15 @@
i->old = i->nnew;
i->op = Entry::NONE;
}
+ else if( findCrtab( i->nnew, crypttab, lineno ))
+ {
+ string line = createTabLine( i->nnew );
+ if (!i->nnew.mount.empty())
+ fstab->append( line );
+ if( i->old.cryptt > i->nnew.cryptt &&
+ findCrtab( i->old, crypttab, lineno ))
+ crypttab.remove( lineno, 1 );
+ }
else
ret = FSTAB_UPDATE_ENTRY_NOT_FOUND;
break;
@@ -873,7 +883,11 @@
return( txt );
}
-
+bool
+FstabEntry::optUser() const
+ {
+ return find( opts.begin(), opts.end(), "user" ) != opts.end();
+ }
unsigned EtcFstab::fstabFields[] = { 20, 20, 10, 21, 1, 1 };
unsigned EtcFstab::cryptotabFields[] = { 11, 15, 20, 10, 10, 1 };
Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/EtcFstab.h
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/libstorage/src/EtcFstab.h?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/libstorage/src/EtcFstab.h (original)
+++ branches/SuSE-Code-11-Branch/storage/libstorage/src/EtcFstab.h Thu Apr 29 15:40:41 2010
@@ -41,6 +41,7 @@
storage::MountByType mount_by;
void calcDependent();
+ bool optUser() const;
};
inline std::ostream& operator<< (std::ostream& s, const FstabEntry &v )
Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/Loop.cc
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/libstorage/src/Loop.cc?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/libstorage/src/Loop.cc (original)
+++ branches/SuSE-Code-11-Branch/storage/libstorage/src/Loop.cc Thu Apr 29 15:40:41 2010
@@ -53,7 +53,7 @@
else
{
numeric = false;
- setEncryption( ENC_LUKS );
+ initEncryption( ENC_LUKS );
if( !dm_dev.empty() )
{
setDmcryptDev( dm_dev );
@@ -102,7 +102,7 @@
else
{
numeric = false;
- setEncryption( ENC_LUKS );
+ initEncryption( ENC_LUKS );
if( dmcrypt_dev.empty() )
dmcrypt_dev = getDmcryptName();
setDmcryptDev( dmcrypt_dev, false );
@@ -122,13 +122,15 @@
void
Loop::init()
{
- reuseFile = delFile = false;
+ delFile = false;
+ reuseFile = true;
}
void
Loop::setDmcryptDev( const string& dm_dev, bool active )
{
dev = dm_dev;
+ y2mil( "dm_dev:" << dm_dev << " active:" << active );
nm = dm_dev.substr( dm_dev.find_last_of( '/' )+1);
if( active )
{
Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/Md.cc
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/libstorage/src/Md.cc?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/libstorage/src/Md.cc (original)
+++ branches/SuSE-Code-11-Branch/storage/libstorage/src/Md.cc Thu Apr 29 15:40:41 2010
@@ -545,6 +545,13 @@
return( ret );
}
+string Md::mdDevice( unsigned num )
+ {
+ string dev( "/dev/md" );
+ dev += decString(num);
+ return( dev );
+ }
+
void Md::setPersonality( MdType val )
{
md_type=val;
Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/Md.h
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/libstorage/src/Md.h?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/libstorage/src/Md.h (original)
+++ branches/SuSE-Code-11-Branch/storage/libstorage/src/Md.h Thu Apr 29 15:40:41 2010
@@ -43,6 +43,8 @@
static const string& pName( storage::MdType t ) { return md_names[t]; }
static bool mdStringNum( const string& name, unsigned& num );
+ static string mdDevice( unsigned num );
+
friend std::ostream& operator<< (std::ostream& s, const Md& m );
virtual void print( std::ostream& s ) const { s << *this; }
string removeText( bool doing ) const;
Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/Storage.cc
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/libstorage/src/Storage.cc?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/libstorage/src/Storage.cc (original)
+++ branches/SuSE-Code-11-Branch/storage/libstorage/src/Storage.cc Thu Apr 29 15:40:41 2010
@@ -1005,6 +1005,8 @@
else
{
ret = i->createPartition( type, start, size, device, true );
+ if( ret==0 )
+ checkPwdBuf( device );
}
}
}
@@ -1019,6 +1021,8 @@
else
{
ret = i->createPartition( type, start, size, device, true );
+ if( ret==0 )
+ checkPwdBuf( device );
}
}
}
@@ -1934,6 +1938,40 @@
}
int
+Storage::verifyCryptFilePassword( const string& file, const string& pwd )
+ {
+ int ret = VOLUME_CRYPT_NOT_DETECTED;
+ assertInit();
+ y2mil("file:" << file << " l:" << pwd.length());
+#ifdef DEBUG_LOOP_CRYPT_PASSWORD
+ y2mil("password:" << pwd);
+#endif
+
+ VolIterator vol;
+ if (readonly)
+ {
+ ret = STORAGE_CHANGE_READONLY;
+ }
+ else
+ {
+ ProcPart ppart;
+ LoopCo* co = new LoopCo(this, false, ppart);
+ if( co )
+ {
+ Loop* loop = new Loop( *co, file, true, 0, true );
+ if( loop && loop->setCryptPwd( pwd )==0 &&
+ loop->detectEncryption()!=ENC_UNKNOWN )
+ ret = 0;
+ if( loop )
+ delete loop;
+ delete co;
+ }
+ }
+ y2mil("ret:" << ret);
+ return( ret );
+ }
+
+int
Storage::changeMkfsOptVolume( const string& device, const string& opts )
{
int ret = 0;
@@ -2265,6 +2303,8 @@
{
ret = STORAGE_VOLUME_NOT_FOUND;
}
+ if( !val )
+ pwdBuf.erase(device);
if( ret==0 )
{
ret = checkCache();
@@ -2294,7 +2334,7 @@
}
int
-Storage::setCryptPassword( const string& device, const string& pwd )
+Storage::verifyCryptPassword( const string& device, const string& pwd )
{
int ret = 0;
assertInit();
@@ -2311,10 +2351,43 @@
else if( findVolume( device, vol ) )
{
ret = vol->setCryptPwd( pwd );
+ if( ret==0 && vol->detectEncryption()==ENC_UNKNOWN )
+ ret = VOLUME_CRYPT_NOT_DETECTED;
+ vol->clearCryptPwd();
}
else
{
- ret = STORAGE_VOLUME_NOT_FOUND;
+ ret = verifyCryptFilePassword( device, pwd );
+ }
+ y2mil("ret:" << ret);
+ return( ret );
+ }
+
+int
+Storage::setCryptPassword( const string& device, const string& pwd )
+ {
+ int ret = 0;
+ assertInit();
+ y2mil("device:" << device << " l:" << pwd.length());
+#ifdef DEBUG_LOOP_CRYPT_PASSWORD
+ y2mil("password:" << pwd);
+#endif
+
+ VolIterator vol;
+ map::iterator i = pwdBuf.find(device);
+ if (readonly)
+ {
+ ret = STORAGE_CHANGE_READONLY;
+ }
+ else if( findVolume( device, vol ) )
+ {
+ ret = vol->setCryptPwd( pwd );
+ if( i!=pwdBuf.end() )
+ pwdBuf.erase(i);
+ }
+ else
+ {
+ mapInsertOrReplace( pwdBuf, device, pwd );
}
if( ret==0 )
{
@@ -2342,11 +2415,45 @@
}
else
{
- ret = STORAGE_VOLUME_NOT_FOUND;
+ map::iterator i = pwdBuf.find(device);
+ if( i!=pwdBuf.end() )
+ pwdBuf.erase(i);
+ else
+ ret = STORAGE_VOLUME_NOT_FOUND;
}
- if( ret==0 )
+ y2mil("ret:" << ret);
+ return( ret );
+ }
+
+bool
+Storage::needCryptPassword( const string& device )
+ {
+ bool ret = true;
+ bool volFound = false;
+ assertInit();
+ y2mil("device:" << device);
+
+ VolIterator vol;
+ if( checkNormalFile(device) )
{
- ret = checkCache();
+ ConstLoopPair p = loopPair(Loop::notDeleted);
+ ConstLoopIterator i = p.begin();
+ while( i != p.end() && i->loopFile()!=device )
+ ++i;
+ if( i != p.end() )
+ {
+ ret = i->needCryptPwd();
+ volFound = true;
+ }
+ }
+ else if( findVolume( device, vol ) )
+ {
+ ret = vol->needCryptPwd();
+ volFound = true;
+ }
+ if( !volFound )
+ {
+ ret = pwdBuf.find( device )==pwdBuf.end();
}
y2mil("ret:" << ret);
return( ret );
@@ -2367,11 +2474,11 @@
}
else
{
- ret = STORAGE_VOLUME_NOT_FOUND;
- }
- if( ret==0 )
- {
- ret = checkCache();
+ map::const_iterator i = pwdBuf.find(device);
+ if( i!=pwdBuf.end() )
+ pwd = i->second;
+ else
+ ret = STORAGE_VOLUME_NOT_FOUND;
}
#ifdef DEBUG_LOOP_CRYPT_PASSWORD
y2milestone( "password:%s", pwd.c_str() );
@@ -2694,6 +2801,8 @@
else if( i != lvgEnd() )
{
ret = i->createLv( name, sizeM*1024, stripe, device );
+ if( ret==0 )
+ checkPwdBuf( device );
}
else
{
@@ -2937,6 +3046,8 @@
list<string> d;
d.insert( d.end(), devs.begin(), devs.end() );
ret = md->createMd( num, rtype, d );
+ if( ret==0 )
+ checkPwdBuf( Md::mdDevice(num) );
}
if( !have_md )
{
@@ -2981,6 +3092,8 @@
list<string> d;
d.insert( d.end(), devs.begin(), devs.end() );
ret = md->createMd( num, rtype, d );
+ if( ret==0 )
+ checkPwdBuf( Md::mdDevice(num) );
}
if( !have_md )
{
@@ -5867,6 +5980,20 @@
}
}
+void Storage::checkPwdBuf( const string& device )
+ {
+ if( !pwdBuf.empty() )
+ {
+ map::iterator i=pwdBuf.find(device);
+ if( i!=pwdBuf.end() )
+ {
+ VolIterator vol;
+ if( findVolume( device, vol ) )
+ vol->setCryptPwd( i->second );
+ pwdBuf.erase(i);
+ }
+ }
+ }
int
Storage::zeroDevice(const string& device, unsigned long long sizeK, bool random,
Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/Storage.h
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/libstorage/src/Storage.h?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/libstorage/src/Storage.h (original)
+++ branches/SuSE-Code-11-Branch/storage/libstorage/src/Storage.h Thu Apr 29 15:40:41 2010
@@ -341,6 +341,9 @@
int addFstabOptions( const string&, const string& options );
int removeFstabOptions( const string&, const string& options );
int setCryptPassword( const string& device, const string& pwd );
+ int verifyCryptPassword( const string& device, const string& pwd );
+ int verifyCryptFilePassword( const string& file, const string& pwd );
+ bool needCryptPassword( const string& device );
int forgetCryptPassword( const string& device );
int getCryptPassword( const string& device, string& pwd );
int setCrypt( const string& device, bool val );
@@ -1690,6 +1693,7 @@
bool also_del=false );
bool findContainer( const string& device, ContIterator& c );
+ void checkPwdBuf( const string& device );
bool haveMd( MdCo*& md );
bool haveNfs( NfsCo*& co );
bool haveLoop( LoopCo*& loop );
@@ -1755,6 +1759,7 @@
string extendedError;
std::map backups;
std::map freeInfo;
+ std::map pwdBuf;
std::list > infoPopupTxts;
};
Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/StorageInterface.h
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/libstorage/src/StorageInterface.h?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/libstorage/src/StorageInterface.h (original)
+++ branches/SuSE-Code-11-Branch/storage/libstorage/src/StorageInterface.h Thu Apr 29 15:40:41 2010
@@ -1264,6 +1264,22 @@
virtual int getCryptPassword( const string& device, string& pwd ) = 0;
/**
+ * Verify password of a volume
+ *
+ * @param device name of volume, e.g. /dev/hda1
+ * @param pwd crypt password for this volume
+ * @return zero if password is ok, a negative number to indicate an error
+ */
+ virtual int verifyCryptPassword( const string& device, const string& pwd ) = 0;
+ /**
+ * Check if crypt password is required
+ *
+ * @param device name of volume, e.g. /dev/hda1
+ * @return true if password is required, false otherwise
+ */
+ virtual bool needCryptPassword( const string& device ) = 0;
+
+ /**
* Set encryption state of a volume
*
* @param device name of volume, e.g. /dev/hda1
Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/StorageTmpl.h
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/libstorage/src/StorageTmpl.h?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/libstorage/src/StorageTmpl.h (original)
+++ branches/SuSE-Code-11-Branch/storage/libstorage/src/StorageTmpl.h Thu Apr 29 15:40:41 2010
@@ -122,6 +122,16 @@
l.insert( i, e );
}
+template
+typename Map::iterator mapInsertOrReplace(Map& m, const Key& k, const Value& v)
+ {
+ typename Map::iterator pos = m.lower_bound(k);
+ if (pos != m.end() && !typename Map::key_compare()(k, pos->first))
+ pos->second = v;
+ else
+ pos = m.insert(pos, typename Map::value_type(k, v));
+ return pos;
+ }
template<class Num> string decString(Num number)
{
Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/Volume.cc
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/libstorage/src/Volume.cc?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/libstorage/src/Volume.cc (original)
+++ branches/SuSE-Code-11-Branch/storage/libstorage/src/Volume.cc Thu Apr 29 15:40:41 2010
@@ -287,7 +287,7 @@
classic(file);
file.read( buf, sizeof(buf) );
if( file.good() && strncmp( buf, "LUKS", 4 )==0 )
- setEncryption( ENC_LUKS );
+ initEncryption( ENC_LUKS );
file.close();
}
}
@@ -985,6 +985,8 @@
int Volume::cryptUnsetup( bool force )
{
int ret=0;
+ y2mil( "force:" << force << " active:" << dmcrypt_active <<
+ " table:" << dmcrypt_dev );
if( dmcrypt_active || force )
{
string table = dmcrypt_dev;
@@ -1320,11 +1322,23 @@
is_loop = false;
encryption = ENC_NONE;
crypt_pwd.erase();
+ orig_crypt_pwd.erase();
}
else
{
if( !loop_active && !isTmpCryptMp(mp) && crypt_pwd.empty() )
ret = VOLUME_CRYPT_NO_PWD;
+ if( !isTmpCryptMp(mp) )
+ {
+ if( !dmcrypt_active && crypt_pwd.empty() )
+ ret = VOLUME_CRYPT_NO_PWD;
+ if( ret==0 && !dmcrypt_active &&
+ !pwdLengthOk(typ,crypt_pwd,format) )
+ {
+ ret = VOLUME_CRYPT_PWD_TOO_SHORT;
+ clearCryptPwd();
+ }
+ }
if( ret == 0 && cType()==NFSC )
ret = VOLUME_CRYPT_NFS_IMPOSSIBLE;
if( ret==0 && (format||loop_active) )
@@ -1582,6 +1596,26 @@
return( cmd );
}
+bool Volume::pwdLengthOk( storage::EncryptType typ, const string& val,
+ bool fmt ) const
+ {
+ bool ret = true;
+ if( fmt )
+ {
+ ret = val.size()>=8;
+ }
+ else
+ {
+ if( typ==ENC_TWOFISH_OLD )
+ ret = val.size()>=5;
+ else if( typ==ENC_TWOFISH || typ==ENC_TWOFISH256_OLD )
+ ret = val.size()>=8;
+ else
+ ret = val.size()>=1;
+ }
+ return( ret );
+ }
+
int
Volume::setCryptPwd( const string& val )
{
@@ -1590,18 +1624,12 @@
#endif
int ret = 0;
- if( ((encryption==ENC_UNKNOWN||encryption==ENC_TWOFISH_OLD||
- encryption==ENC_NONE) && val.size()<5) ||
- ((encryption==ENC_TWOFISH||encryption==ENC_TWOFISH256_OLD) &&
- val.size()<8) ||
- (encryption==ENC_LUKS && val.size()<1))
- {
- if( !isTmpCryptMp(mp) )
- ret = VOLUME_CRYPT_PWD_TOO_SHORT;
- }
+ if( !pwdLengthOk(encryption,val,format) && !isTmpCryptMp(mp) )
+ ret = VOLUME_CRYPT_PWD_TOO_SHORT;
else
{
- crypt_pwd=val;
+ orig_crypt_pwd = crypt_pwd;
+ crypt_pwd = val;
if( encryption==ENC_UNKNOWN )
detectEncryption();
}
@@ -1609,25 +1637,47 @@
return( ret );
}
-bool Volume::needLosetup() const
+bool
+Volume::needCryptPwd() const
{
- return( (is_loop!=loop_active) &&
- (encryption==ENC_NONE || !crypt_pwd.empty() ||
- (dmcrypt()&&cont->type()==LOOP)) );
+ bool ret = crypt_pwd.empty();
+ if( ret && is_loop )
+ ret = ret && !loop_active;
+ if( ret && dmcrypt() )
+ ret = ret && !dmcrypt_active;
+ y2mil("ret:" << ret);
+ return( ret );
}
-bool Volume::needCryptsetup() const
+bool Volume::needLosetup( bool urgent ) const
{
- if (dmcrypt() && encryption != orig_encryption)
- return true;
+ bool ret = (is_loop!=loop_active) &&
+ (encryption==ENC_NONE || !crypt_pwd.empty() ||
+ (dmcrypt() && cType() == LOOP));
+ if( !urgent && loop_dev.empty() )
+ ret = false;
+ if( is_loop && encryption!=ENC_NONE &&
+ !crypt_pwd.empty() && crypt_pwd!=orig_crypt_pwd )
+ ret = true;
+ return( ret );
+ }
- return( dmcrypt()!=dmcrypt_active &&
- (encryption==ENC_NONE || !crypt_pwd.empty() || isTmpCryptMp(mp)));
+bool Volume::needCryptsetup() const
+ {
+ bool ret = (dmcrypt()!=dmcrypt_active) &&
+ (encryption==ENC_NONE || encryption!=orig_encryption ||
+ !crypt_pwd.empty() || isTmpCryptMp(mp));
+ if( dmcrypt() && encryption!=ENC_NONE &&
+ !crypt_pwd.empty() && crypt_pwd!=orig_crypt_pwd )
+ ret = true;
+ y2mil( "vol:" << *this );
+ y2mil( "ret:" << ret );
+ return( ret );
}
-bool Volume::needCrsetup() const
+bool Volume::needCrsetup( bool urgent ) const
{
- return( needLosetup()||needCryptsetup() );
+ return( needLosetup(urgent)||needCryptsetup() );
}
bool Volume::needFstabUpdate() const
@@ -1733,12 +1783,15 @@
{
is_loop = cont->type()==LOOP;
ret = encryption = orig_encryption = try_order[pos];
+ orig_crypt_pwd = crypt_pwd;
}
else
{
is_loop = false;
dmcrypt_dev.erase();
loop_dev.erase();
+ crypt_pwd.erase();
+ orig_crypt_pwd.erase();
ret = encryption = orig_encryption = ENC_UNKNOWN;
}
unlink( fname.c_str() );
@@ -1782,6 +1835,8 @@
SystemCmd c( getLosetupCmd( encryption, fname ));
if( c.retcode()!=0 )
ret = VOLUME_LOSETUP_FAILED;
+ else
+ orig_crypt_pwd = crypt_pwd;
if( !fname.empty() )
{
unlink( fname.c_str() );
@@ -1908,6 +1963,8 @@
ret = VOLUME_CRYPTSETUP_FAILED;
}
}
+ if( ret==0 )
+ orig_crypt_pwd = crypt_pwd;
unlink( fname.c_str() );
rmdir( cont->getStorage()->tmpDir().c_str() );
cont->getStorage()->waitForDevice( dmcrypt_dev );
@@ -1943,7 +2000,7 @@
{
int ret = 0;
bool losetup_done = false;
- if( needLosetup() )
+ if( needLosetup(true) )
{
ret = doLosetup();
losetup_done = ret==0;
@@ -2264,6 +2321,11 @@
l.push_back( new commitAction( FORMAT, cont->type(),
formatText(false), this, true ));
}
+ else if ( needCrsetup(false) )
+ {
+ l.push_back(new commitAction(mp.empty()?INCREASE:FORMAT, cont->type(),
+ crsetupText(false), this, mp.empty()));
+ }
else if( mp != orig_mp ||
(cont->getStorage()->instsys()&&mp=="swap") )
{
@@ -2444,7 +2506,7 @@
changed = true;
che.dentry = de;
}
- if( fs != detected_fs )
+ if( fs != detected_fs || che.fs!=fs_names[fs] )
{
changed = true;
che.fs = fs_names[fs];
@@ -2764,6 +2826,9 @@
#ifdef DEBUG_LOOP_CRYPT_PASSWORD
if( is_loop && encryption!=ENC_NONE && !crypt_pwd.empty() )
file << " pwd:" << crypt_pwd;
+ if( is_loop && encryption!=ENC_NONE && !orig_crypt_pwd.empty() &&
+ orig_crypt_pwd!=crypt_pwd )
+ file << " orig_pwd:" << orig_crypt_pwd;
#endif
file << endl;
return( file );
@@ -2805,7 +2870,7 @@
encryption = orig_encryption = toEncType(i->second);
i = m.find( "pwd" );
if( i!=m.end() )
- crypt_pwd = i->second;
+ orig_crypt_pwd = crypt_pwd = i->second;
}
namespace storage
@@ -2902,6 +2967,8 @@
s << " orig_encr:" << v.enc_names[v.orig_encryption];
#ifdef DEBUG_LOOP_CRYPT_PASSWORD
s << " pwd:" << v.crypt_pwd;
+ if( v.orig_crypt_pwd.empty() && v.crypt_pwd!=v.orig_crypt_pwd )
+ s << " orig_pwd:" << v.orig_crypt_pwd;
#endif
}
if( !v.dmcrypt_dev.empty() )
@@ -3103,6 +3170,7 @@
loop_dev = rhs.loop_dev;
fstab_loop_dev = rhs.fstab_loop_dev;
crypt_pwd = rhs.crypt_pwd;
+ orig_crypt_pwd = rhs.orig_crypt_pwd;
uby = rhs.uby;
alt_names = rhs.alt_names;
return( *this );
Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/Volume.h
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/libstorage/src/Volume.h?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/libstorage/src/Volume.h (original)
+++ branches/SuSE-Code-11-Branch/storage/libstorage/src/Volume.h Thu Apr 29 15:40:41 2010
@@ -70,19 +70,20 @@
bool dmcrypt() const { return encryption != ENC_NONE && encryption != ENC_UNKNOWN; }
bool loopActive() const { return( is_loop&&loop_active ); }
bool dmcryptActive() const { return( dmcrypt()&&dmcrypt_active ); }
- bool needCrsetup() const;
+ bool needCrsetup( bool urgent=true ) const;
const string& getUuid() const { return uuid; }
const string& getLabel() const { return label; }
int setLabel( const string& val );
int eraseLabel() { label.erase(); orig_label.erase(); return 0; }
bool needLabel() const { return( label!=orig_label ); }
storage::EncryptType getEncryption() const { return encryption; }
- void setEncryption( storage::EncryptType val=storage::ENC_LUKS )
+ void initEncryption( storage::EncryptType val=storage::ENC_LUKS )
{ encryption=orig_encryption=val; }
virtual int setEncryption( bool val, storage::EncryptType typ=storage::ENC_LUKS );
const string& getCryptPwd() const { return crypt_pwd; }
int setCryptPwd( const string& val );
- void clearCryptPwd() { crypt_pwd.erase(); }
+ void clearCryptPwd() { crypt_pwd.erase(); orig_crypt_pwd.erase(); }
+ bool needCryptPwd() const;
const string& getMount() const { return mp; }
bool hasOrigMount() const { return !orig_mp.empty(); }
bool needRemount() const;
@@ -222,12 +223,14 @@
bool getLoopFile( string& fname ) const;
void setExtError( const SystemCmd& cmd, bool serr=true );
string getDmcryptName();
- bool needLosetup() const;
+ bool needLosetup( bool urgent ) const;
bool needCryptsetup() const;
int doLosetup();
int doCryptsetup();
int loUnsetup( bool force=false );
int cryptUnsetup( bool force=false );
+ bool pwdLengthOk( storage::EncryptType typ, const string& val,
+ bool format ) const;
std::ostream& logVolume( std::ostream& file ) const;
string getLosetupCmd( storage::EncryptType, const string& pwdfile ) const;
@@ -270,6 +273,7 @@
string dmcrypt_dev;
string fstab_loop_dev;
string crypt_pwd;
+ string orig_crypt_pwd;
string nm;
std::list<string> alt_names;
unsigned num;
Modified: branches/SuSE-Code-11-Branch/storage/libstorage/testsuite/fstab1.cc
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/libstorage/testsuite/fstab1.cc?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/libstorage/testsuite/fstab1.cc (original)
+++ branches/SuSE-Code-11-Branch/storage/libstorage/testsuite/fstab1.cc Thu Apr 29 15:40:41 2010
@@ -104,10 +104,15 @@
bool val = false;
+ cout << s->changeFormatVolume("/dev/hda1", true, EXT3 ) << '\n';
cout << s->setCryptPassword ("/dev/hda1", "test") << '\n'; // FAILS
-
cout << s->setCrypt ("/dev/hda1", true) << '\n'; // FAILS
+ cout << s->changeFormatVolume("/dev/hda1", false, EXT3 ) << '\n';
+ cout << s->setCryptPassword("/dev/hda1", "test") << '\n';
+ cout << s->setCrypt("/dev/hda1", true) << '\n';
+
+ cout << s->changeFormatVolume("/dev/hda1", true, EXT3 ) << '\n';
cout << s->setCryptPassword ("/dev/hda1", "hello-world") << '\n';
cout << s->setCrypt ("/dev/hda1", true) << '\n';
Modified: branches/SuSE-Code-11-Branch/storage/libstorage/testsuite/single.out/fstab1.out
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/libstorage/testsuite/single.out/fstab1.out?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/libstorage/testsuite/single.out/fstab1.out (original)
+++ branches/SuSE-Code-11-Branch/storage/libstorage/testsuite/single.out/fstab1.out Thu Apr 29 15:40:41 2010
@@ -35,11 +35,16 @@
0
user_xattr,noauto
crypt1
+0
-3015
-3014
0
0
0
+0
+0
+0
+0
1
0
0
Modified: branches/SuSE-Code-11-Branch/storage/package/yast2-storage.changes
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/package/yast2-storage.changes?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/package/yast2-storage.changes (original)
+++ branches/SuSE-Code-11-Branch/storage/package/yast2-storage.changes Thu Apr 29 15:40:41 2010
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Wed Apr 28 11:47:19 CEST 2010 - fehr@suse.de
+
+- backport crypt related fixes to handle L3 (bnc #599998)
+- 2.17.77
+
+-------------------------------------------------------------------
Mon Jan 18 12:47:39 CET 2010 - aschnell@suse.de
- fixed resizing of LVM logical volumes on S390 (bnc #571159)
Modified: branches/SuSE-Code-11-Branch/storage/storage/src/include/custom_part_lib.ycp
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/storage/src/include/custom_part_lib.ycp?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/storage/src/include/custom_part_lib.ycp (original)
+++ branches/SuSE-Code-11-Branch/storage/storage/src/include/custom_part_lib.ycp Thu Apr 29 15:40:41 2010
@@ -626,8 +626,6 @@
ret["ok"] = Storage::SetCryptPwd( dev, fs_passwd ) &&
(new["format"]:false ||
Storage::SetCrypt( dev, true, new["format"]:false ));
- if( ret["ok"]:false && new["type"]:`unknown == `loop )
- Storage::UpdateClassified( new["fpath"]:"", fs_passwd );
if( popup )
UI::CloseDialog();
}
Modified: branches/SuSE-Code-11-Branch/storage/storage/src/include/ep-dialogs.ycp
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/storage/src/include/ep-dialogs.ycp?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/storage/src/include/ep-dialogs.ycp (original)
+++ branches/SuSE-Code-11-Branch/storage/storage/src/include/ep-dialogs.ycp Thu Apr 29 15:40:41 2010
@@ -73,15 +73,13 @@
boolean AskPassword()
{
- if (!NeedPassword())
- return false;
-
- // TODO: this is ugly
- string key = (data["type"]:`unknown != `loop) ? (data["device"]:"error") : (data["fpath"]:"error");
- if (Storage::HasClassified(key))
- return false;
-
- return true;
+ boolean ret = NeedPassword();
+ if( ret && !do_format && size(data["mount"]:"")>0 )
+ {
+ string key = (data["type"]:`unknown != `loop) ? (data["device"]:"error") : (data["fpath"]:"error");
+ ret = Storage::NeedCryptPwd(key);
+ }
+ return ret;
}
@@ -490,6 +488,8 @@
UI::ChangeWidget(`id(`pw1), `Value, "");
UI::ChangeWidget(`id(`pw2), `Value, "");
+ string dev = (data["type"]:`unknown != `loop) ? data["device"]:""
+ : data["fpath"]:"";
repeat
{
widget = MiniWorkflow::UserInput();
@@ -543,10 +543,7 @@
if (widget == `next)
{
- if (data["type"]:`unknown != `loop)
- Storage::UpdateClassified(data["device"]:"", pw1);
- else
- Storage::UpdateClassified(data["fpath"]:"", pw1);
+ Storage::SetCryptPwd(dev, pw1);
widget = `finish;
}
Modified: branches/SuSE-Code-11-Branch/storage/storage/src/modules/Storage.ycp
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/storage/src/modules/Storage.ycp?rev=61919&r1=61918&r2=61919&view=diff
==============================================================================
--- branches/SuSE-Code-11-Branch/storage/storage/src/modules/Storage.ycp (original)
+++ branches/SuSE-Code-11-Branch/storage/storage/src/modules/Storage.ycp Thu Apr 29 15:40:41 2010
@@ -69,9 +69,6 @@
import "LibStorage::CommitInfo";
-global void UpdateClassified(string key, string pwd);
-
-
map conv_ctype =
$[ "def_sym" : `CT_UNKNOWN,
"def_int" : LibStorage::CUNKNOWN(),
@@ -164,7 +161,6 @@
map DiskMapVersion = $[];
map DiskMap = $[];
-map ClassifiedSettings = $[];
map type_order = $[ `CT_DISK : 0, `CT_MD : 1, `CT_DMRAID : 2, `CT_DMMULTIPATH : 3,
`CT_LOOP : 4, `CT_DM : 5, `CT_LVM : 6, `CT_NFS : 7 ];
list<string> hw_packages = [];
@@ -729,6 +725,12 @@
``(p["device"]:""==device ));
pa = part[0]:$[];
}
+ if( size(pa)==0 && search(device, "/dev/mapper/")==0 )
+ {
+ part = filter( map p, tg["/dev/loop","partitions"]:[],
+ ``(p["device"]:""==device ));
+ pa = part[0]:$[];
+ }
if( size(pa)>0 )
ret = add( ret, pa );
});
@@ -2633,21 +2635,6 @@
else
y2milestone( "ChangeVolumeProperties sint ret:%1", ret );
}
- if( ret==0 &&
- part["enc_type"]:`none != `none && haskey( ClassifiedSettings, dev ) )
- {
- changed = true;
- if( size(ClassifiedSettings[dev]:"")>0 )
- {
- string pwd = ClassifiedSettings[dev]:"";
- ret = LibStorage::StorageInterface::setCryptPassword( sint, dev,
- pwd );
- if( ret<0 )
- y2error( "ChangeVolumeProperties sint ret:%1", ret );
- else
- y2milestone( "ChangeVolumeProperties sint ret:%1", ret );
- }
- }
if( ret==0 && part["enc_type"]:`none != curr["enc_type"]:`none )
{
changed = true;
@@ -2992,23 +2979,52 @@
return ret;
}
+global string GetCryptPwd( string device )
+ {
+ string pwd="";
+ y2milestone( "GetCryptPwd device:%1", device );
+ integer ret = 0;
+ ret = LibStorage::StorageInterface::getCryptPassword( sint, device, pwd );
+ if( ret<0 )
+ y2error( "GetCryptPwd sint ret:%1", ret );
+ else
+ y2milestone( "GetCryptPwd empty:%1", size(pwd)==0 );
+ return( pwd );
+ }
+
+global boolean SetCryptPwd( string device, string pwd )
+ {
+ y2milestone( "SetCryptPwd device:%1", device );
+ integer ret = 0;
+ ret = LibStorage::StorageInterface::setCryptPassword( sint, device, pwd );
+ if( ret<0 )
+ y2error( "SetCryptPwd sint ret:%1", ret );
+ else
+ y2milestone( "SetCryptPwd sint ret:%1", ret );
+ return( ret==0 );
+ }
+
+global boolean NeedCryptPwd( string device )
+ {
+ boolean ret = false;
+ ret = LibStorage::StorageInterface::needCryptPassword( sint, device );
+ y2milestone( "NeedCryptPwd device:%1 ret:%2", device, ret );
+ return( ret );
+ }
+
global string CreateLoop( string file, boolean create, integer sizeK,
string mp )
{
y2milestone( "CreateLoop file:%1 create:%2 sizeK:%3 mp:%4", file, create,
sizeK, mp );
string dev = "";
- integer ret = -9999;
- if( haskey( ClassifiedSettings, file ))
- {
- string pwd = ClassifiedSettings[file]:"";
- ret = LibStorage::StorageInterface::createFileLoop( sint, file, !create,
- sizeK, mp, pwd,
- dev );
- UpdateClassified(dev, pwd);
- }
+ integer ret = 0;
+ string pwd = GetCryptPwd( file );
+ ret = LibStorage::StorageInterface::createFileLoop( sint, file, !create,
+ sizeK, mp, pwd, dev );
if( ret<0 )
y2error( "CreateLoop sint ret:%1", ret );
+ LibStorage::StorageInterface::forgetCryptPassword( sint, file );
UpdateTargetMapDisk( "/dev/loop" );
y2milestone( "CreateLoop dev:%1", dev );
return( dev );
@@ -3036,19 +3052,6 @@
}
*/
-global void UpdateClassified( string key, string pwd )
- {
- ClassifiedSettings[key] = pwd;
- //y2milestone( "ClassifiedSettings %1", ClassifiedSettings );
- }
-
-
-global boolean HasClassified(string key)
-{
- return haskey(ClassifiedSettings, key);
-}
-
-
define void HandleModulesOnBoot( map targetMap );
global boolean UpdateLoop( string dev, string file, boolean create,
@@ -3078,43 +3081,6 @@
return( ret==0 );
}
-global string GetCryptPwd( string device )
- {
- string pwd="";
- y2milestone( "GetCryptPwd device:%1", device );
- if( size(ClassifiedSettings[device]:"")>0 )
- pwd = ClassifiedSettings[device]:"";
- else
- {
- integer ret = 0;
- ret = LibStorage::StorageInterface::getCryptPassword( sint, device,
- pwd );
- if( ret<0 )
- y2error( "GetCryptPwd sint ret:%1", ret );
- }
- y2milestone( "GetCryptPwd empty:%1", size(pwd)==0 );
- return( pwd );
- }
-
-global boolean SetCryptPwd( string device, string pwd )
- {
- y2milestone( "SetCryptPwd device:%1", device );
- integer ret = LibStorage::StorageInterface::setCryptPassword( sint, device,
- pwd );
- y2milestone( "SetCryptPwd sint ret:%1", ret );
- map p = GetPartition( GetTargetMap(), device );
- if( ret==LibStorage::STORAGE_VOLUME_NOT_FOUND() || p["create"]:false )
- {
- ClassifiedSettings[device] = pwd;
- y2milestone( "setting classified %1 pwd size %2", device, size(pwd) );
- ret = 0;
- }
- else if( ret<0 )
- y2error( "SetCryptPwd sint ret:%1", ret );
- return( ret==0 );
- }
-
-
global string DefaultDiskLabel(integer size_k)
{
y2milestone("DefaultDiskLabel size_k:%1", size_k );
@@ -3724,7 +3690,6 @@
integer ret = LibStorage::StorageInterface::commit( sint );
if( ret<0 )
y2error( "CommitChanges sint ret:%1", ret );
- ClassifiedSettings = $[];
return( ret );
}
@@ -6552,5 +6517,20 @@
return size(LibStorage::StorageInterface::getCommitActions( sint, true ));
}
+global boolean CheckCryptOk( string dev, string fs_passwd )
+ {
+ integer i = LibStorage::StorageInterface::verifyCryptPassword( sint, dev, fs_passwd );
+ if( i!=0 )
+ Popup::Error( sformat(_("Could not set encryption.
+System error code is %1.
+
+The crypt password provided could be incorrect.
+"), i ));
+ y2milestone( "CheckCryptOk dev:%1 pwlen:%2 ret:%3",
+ dev, size(fs_passwd), i==0 );
+ return( i==0 );
+ }
+
}
+
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org