Author: fehr Date: Thu Apr 29 15:40:41 2010 New Revision: 61919 URL: http://svn.opensuse.org/viewcvs/yast?rev=61919&view=rev Log: - backport crypt related fixes to handle L3 (bnc #599998) - 2.17.77 Modified: branches/SuSE-Code-11-Branch/storage/VERSION branches/SuSE-Code-11-Branch/storage/libstorage/src/Container.cc branches/SuSE-Code-11-Branch/storage/libstorage/src/DmCo.cc branches/SuSE-Code-11-Branch/storage/libstorage/src/EtcFstab.cc branches/SuSE-Code-11-Branch/storage/libstorage/src/EtcFstab.h branches/SuSE-Code-11-Branch/storage/libstorage/src/Loop.cc branches/SuSE-Code-11-Branch/storage/libstorage/src/Md.cc branches/SuSE-Code-11-Branch/storage/libstorage/src/Md.h branches/SuSE-Code-11-Branch/storage/libstorage/src/Storage.cc branches/SuSE-Code-11-Branch/storage/libstorage/src/Storage.h branches/SuSE-Code-11-Branch/storage/libstorage/src/StorageInterface.h branches/SuSE-Code-11-Branch/storage/libstorage/src/StorageTmpl.h branches/SuSE-Code-11-Branch/storage/libstorage/src/Volume.cc branches/SuSE-Code-11-Branch/storage/libstorage/src/Volume.h branches/SuSE-Code-11-Branch/storage/libstorage/testsuite/fstab1.cc branches/SuSE-Code-11-Branch/storage/libstorage/testsuite/single.out/fstab1.out branches/SuSE-Code-11-Branch/storage/package/yast2-storage.changes branches/SuSE-Code-11-Branch/storage/storage/src/include/custom_part_lib.ycp branches/SuSE-Code-11-Branch/storage/storage/src/include/ep-dialogs.ycp branches/SuSE-Code-11-Branch/storage/storage/src/modules/Storage.ycp Modified: branches/SuSE-Code-11-Branch/storage/VERSION URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/VE... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/VERSION (original) +++ branches/SuSE-Code-11-Branch/storage/VERSION Thu Apr 29 15:40:41 2010 @@ -1 +1 @@ -2.17.76 +2.17.77 Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/Container.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/li... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/libstorage/src/Container.cc (original) +++ branches/SuSE-Code-11-Branch/storage/libstorage/src/Container.cc Thu Apr 29 15:40:41 2010 @@ -120,9 +120,11 @@ ret = doCreate( vol ); else if( vol->needExtend() ) ret = doResize( vol ); + if (vol->needCrsetup(false)) + ret = vol->doCrsetup(); break; case FORMAT: - if( vol->needCrsetup() ) + if (vol->needCrsetup(true)) ret = vol->doCrsetup(); if( ret==0 && vol->getFormat() ) ret = vol->doFormat(); @@ -131,7 +133,11 @@ break; case MOUNT: if( vol->needRemount() ) + { + if (vol->needCrsetup(true)) + vol->doCrsetup(); ret = vol->doMount(); + } if( ret==0 && vol->needFstabUpdate() ) { ret = vol->doFstabUpdate(); Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/DmCo.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/li... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/libstorage/src/DmCo.cc (original) +++ branches/SuSE-Code-11-Branch/storage/libstorage/src/DmCo.cc Thu Apr 29 15:40:41 2010 @@ -91,7 +91,7 @@ keysize = extractNthWord( 1, line ); } - if( cipher == "aes-cbc-essiv:sha256" ) + if( cipher == "aes-cbc-essiv:sha256" || cipher == "aes-cbc-plain") ret = ENC_LUKS; else if( cipher == "twofish-cbc-plain" ) ret = ENC_TWOFISH; Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/EtcFstab.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/li... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/libstorage/src/EtcFstab.cc (original) +++ branches/SuSE-Code-11-Branch/storage/libstorage/src/EtcFstab.cc Thu Apr 29 15:40:41 2010 @@ -3,7 +3,6 @@ Textdomain "storage" */ - #include <fstream> #include <algorithm> @@ -74,6 +73,8 @@ if( i!=l.end() ) *i++ >> p->old.passno; p->old.calcDependent(); + if( checkNormalFile(p->old.device) ) + p->old.loop = true; p->nnew = p->old; co.push_back( *p ); delete p; @@ -478,14 +479,15 @@ { ls.push_back( e.loop_dev ); } - ls.push_back( e.dentry ); + if( e.dmcrypt && e.optUser() ) + ls.push_back( e.device ); + else + ls.push_back( e.dentry ); ls.push_back( e.mount ); - if( e.dmcrypt && e.noauto ) + if( e.dmcrypt && e.optUser() ) ls.push_back( "crypt" ); else - { ls.push_back( (e.fs!="ntfs")?e.fs:"ntfs-3g" ); - } if( e.crypto ) { ls.push_back( Volume::encTypeString(e.encr) ); @@ -528,8 +530,7 @@ string EtcFstab::createTabLine( const FstabEntry& e ) { - y2milestone( "device:%s mp:%s", e.dentry.c_str(), e.mount.c_str() ); - y2mil( "entry:" << e ); + y2mil("dentry:" << e.dentry << " mount:" << e.mount << " device:" << e.device); list<string> ls; makeStringList( e, ls ); y2mil( "list:" << ls ); @@ -740,6 +741,15 @@ i->old = i->nnew; i->op = Entry::NONE; } + else if( findCrtab( i->nnew, crypttab, lineno )) + { + string line = createTabLine( i->nnew ); + if (!i->nnew.mount.empty()) + fstab->append( line ); + if( i->old.cryptt > i->nnew.cryptt && + findCrtab( i->old, crypttab, lineno )) + crypttab.remove( lineno, 1 ); + } else ret = FSTAB_UPDATE_ENTRY_NOT_FOUND; break; @@ -873,7 +883,11 @@ return( txt ); } - +bool +FstabEntry::optUser() const + { + return find( opts.begin(), opts.end(), "user" ) != opts.end(); + } unsigned EtcFstab::fstabFields[] = { 20, 20, 10, 21, 1, 1 }; unsigned EtcFstab::cryptotabFields[] = { 11, 15, 20, 10, 10, 1 }; Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/EtcFstab.h URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/li... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/libstorage/src/EtcFstab.h (original) +++ branches/SuSE-Code-11-Branch/storage/libstorage/src/EtcFstab.h Thu Apr 29 15:40:41 2010 @@ -41,6 +41,7 @@ storage::MountByType mount_by; void calcDependent(); + bool optUser() const; }; inline std::ostream& operator<< (std::ostream& s, const FstabEntry &v ) Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/Loop.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/li... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/libstorage/src/Loop.cc (original) +++ branches/SuSE-Code-11-Branch/storage/libstorage/src/Loop.cc Thu Apr 29 15:40:41 2010 @@ -53,7 +53,7 @@ else { numeric = false; - setEncryption( ENC_LUKS ); + initEncryption( ENC_LUKS ); if( !dm_dev.empty() ) { setDmcryptDev( dm_dev ); @@ -102,7 +102,7 @@ else { numeric = false; - setEncryption( ENC_LUKS ); + initEncryption( ENC_LUKS ); if( dmcrypt_dev.empty() ) dmcrypt_dev = getDmcryptName(); setDmcryptDev( dmcrypt_dev, false ); @@ -122,13 +122,15 @@ void Loop::init() { - reuseFile = delFile = false; + delFile = false; + reuseFile = true; } void Loop::setDmcryptDev( const string& dm_dev, bool active ) { dev = dm_dev; + y2mil( "dm_dev:" << dm_dev << " active:" << active ); nm = dm_dev.substr( dm_dev.find_last_of( '/' )+1); if( active ) { Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/Md.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/li... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/libstorage/src/Md.cc (original) +++ branches/SuSE-Code-11-Branch/storage/libstorage/src/Md.cc Thu Apr 29 15:40:41 2010 @@ -545,6 +545,13 @@ return( ret ); } +string Md::mdDevice( unsigned num ) + { + string dev( "/dev/md" ); + dev += decString(num); + return( dev ); + } + void Md::setPersonality( MdType val ) { md_type=val; Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/Md.h URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/li... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/libstorage/src/Md.h (original) +++ branches/SuSE-Code-11-Branch/storage/libstorage/src/Md.h Thu Apr 29 15:40:41 2010 @@ -43,6 +43,8 @@ static const string& pName( storage::MdType t ) { return md_names[t]; } static bool mdStringNum( const string& name, unsigned& num ); + static string mdDevice( unsigned num ); + friend std::ostream& operator<< (std::ostream& s, const Md& m ); virtual void print( std::ostream& s ) const { s << *this; } string removeText( bool doing ) const; Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/Storage.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/li... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/libstorage/src/Storage.cc (original) +++ branches/SuSE-Code-11-Branch/storage/libstorage/src/Storage.cc Thu Apr 29 15:40:41 2010 @@ -1005,6 +1005,8 @@ else { ret = i->createPartition( type, start, size, device, true ); + if( ret==0 ) + checkPwdBuf( device ); } } } @@ -1019,6 +1021,8 @@ else { ret = i->createPartition( type, start, size, device, true ); + if( ret==0 ) + checkPwdBuf( device ); } } } @@ -1934,6 +1938,40 @@ } int +Storage::verifyCryptFilePassword( const string& file, const string& pwd ) + { + int ret = VOLUME_CRYPT_NOT_DETECTED; + assertInit(); + y2mil("file:" << file << " l:" << pwd.length()); +#ifdef DEBUG_LOOP_CRYPT_PASSWORD + y2mil("password:" << pwd); +#endif + + VolIterator vol; + if (readonly) + { + ret = STORAGE_CHANGE_READONLY; + } + else + { + ProcPart ppart; + LoopCo* co = new LoopCo(this, false, ppart); + if( co ) + { + Loop* loop = new Loop( *co, file, true, 0, true ); + if( loop && loop->setCryptPwd( pwd )==0 && + loop->detectEncryption()!=ENC_UNKNOWN ) + ret = 0; + if( loop ) + delete loop; + delete co; + } + } + y2mil("ret:" << ret); + return( ret ); + } + +int Storage::changeMkfsOptVolume( const string& device, const string& opts ) { int ret = 0; @@ -2265,6 +2303,8 @@ { ret = STORAGE_VOLUME_NOT_FOUND; } + if( !val ) + pwdBuf.erase(device); if( ret==0 ) { ret = checkCache(); @@ -2294,7 +2334,7 @@ } int -Storage::setCryptPassword( const string& device, const string& pwd ) +Storage::verifyCryptPassword( const string& device, const string& pwd ) { int ret = 0; assertInit(); @@ -2311,10 +2351,43 @@ else if( findVolume( device, vol ) ) { ret = vol->setCryptPwd( pwd ); + if( ret==0 && vol->detectEncryption()==ENC_UNKNOWN ) + ret = VOLUME_CRYPT_NOT_DETECTED; + vol->clearCryptPwd(); } else { - ret = STORAGE_VOLUME_NOT_FOUND; + ret = verifyCryptFilePassword( device, pwd ); + } + y2mil("ret:" << ret); + return( ret ); + } + +int +Storage::setCryptPassword( const string& device, const string& pwd ) + { + int ret = 0; + assertInit(); + y2mil("device:" << device << " l:" << pwd.length()); +#ifdef DEBUG_LOOP_CRYPT_PASSWORD + y2mil("password:" << pwd); +#endif + + VolIterator vol; + map<string,string>::iterator i = pwdBuf.find(device); + if (readonly) + { + ret = STORAGE_CHANGE_READONLY; + } + else if( findVolume( device, vol ) ) + { + ret = vol->setCryptPwd( pwd ); + if( i!=pwdBuf.end() ) + pwdBuf.erase(i); + } + else + { + mapInsertOrReplace( pwdBuf, device, pwd ); } if( ret==0 ) { @@ -2342,11 +2415,45 @@ } else { - ret = STORAGE_VOLUME_NOT_FOUND; + map<string,string>::iterator i = pwdBuf.find(device); + if( i!=pwdBuf.end() ) + pwdBuf.erase(i); + else + ret = STORAGE_VOLUME_NOT_FOUND; } - if( ret==0 ) + y2mil("ret:" << ret); + return( ret ); + } + +bool +Storage::needCryptPassword( const string& device ) + { + bool ret = true; + bool volFound = false; + assertInit(); + y2mil("device:" << device); + + VolIterator vol; + if( checkNormalFile(device) ) { - ret = checkCache(); + ConstLoopPair p = loopPair(Loop::notDeleted); + ConstLoopIterator i = p.begin(); + while( i != p.end() && i->loopFile()!=device ) + ++i; + if( i != p.end() ) + { + ret = i->needCryptPwd(); + volFound = true; + } + } + else if( findVolume( device, vol ) ) + { + ret = vol->needCryptPwd(); + volFound = true; + } + if( !volFound ) + { + ret = pwdBuf.find( device )==pwdBuf.end(); } y2mil("ret:" << ret); return( ret ); @@ -2367,11 +2474,11 @@ } else { - ret = STORAGE_VOLUME_NOT_FOUND; - } - if( ret==0 ) - { - ret = checkCache(); + map<string,string>::const_iterator i = pwdBuf.find(device); + if( i!=pwdBuf.end() ) + pwd = i->second; + else + ret = STORAGE_VOLUME_NOT_FOUND; } #ifdef DEBUG_LOOP_CRYPT_PASSWORD y2milestone( "password:%s", pwd.c_str() ); @@ -2694,6 +2801,8 @@ else if( i != lvgEnd() ) { ret = i->createLv( name, sizeM*1024, stripe, device ); + if( ret==0 ) + checkPwdBuf( device ); } else { @@ -2937,6 +3046,8 @@ list<string> d; d.insert( d.end(), devs.begin(), devs.end() ); ret = md->createMd( num, rtype, d ); + if( ret==0 ) + checkPwdBuf( Md::mdDevice(num) ); } if( !have_md ) { @@ -2981,6 +3092,8 @@ list<string> d; d.insert( d.end(), devs.begin(), devs.end() ); ret = md->createMd( num, rtype, d ); + if( ret==0 ) + checkPwdBuf( Md::mdDevice(num) ); } if( !have_md ) { @@ -5867,6 +5980,20 @@ } } +void Storage::checkPwdBuf( const string& device ) + { + if( !pwdBuf.empty() ) + { + map<string,string>::iterator i=pwdBuf.find(device); + if( i!=pwdBuf.end() ) + { + VolIterator vol; + if( findVolume( device, vol ) ) + vol->setCryptPwd( i->second ); + pwdBuf.erase(i); + } + } + } int Storage::zeroDevice(const string& device, unsigned long long sizeK, bool random, Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/Storage.h URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/li... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/libstorage/src/Storage.h (original) +++ branches/SuSE-Code-11-Branch/storage/libstorage/src/Storage.h Thu Apr 29 15:40:41 2010 @@ -341,6 +341,9 @@ int addFstabOptions( const string&, const string& options ); int removeFstabOptions( const string&, const string& options ); int setCryptPassword( const string& device, const string& pwd ); + int verifyCryptPassword( const string& device, const string& pwd ); + int verifyCryptFilePassword( const string& file, const string& pwd ); + bool needCryptPassword( const string& device ); int forgetCryptPassword( const string& device ); int getCryptPassword( const string& device, string& pwd ); int setCrypt( const string& device, bool val ); @@ -1690,6 +1693,7 @@ bool also_del=false ); bool findContainer( const string& device, ContIterator& c ); + void checkPwdBuf( const string& device ); bool haveMd( MdCo*& md ); bool haveNfs( NfsCo*& co ); bool haveLoop( LoopCo*& loop ); @@ -1755,6 +1759,7 @@ string extendedError; std::map<string,CCont> backups; std::map<string,FreeInfo> freeInfo; + std::map<string,string> pwdBuf; std::list<std::pair<string,string> > infoPopupTxts; }; Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/StorageInterface.h URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/li... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/libstorage/src/StorageInterface.h (original) +++ branches/SuSE-Code-11-Branch/storage/libstorage/src/StorageInterface.h Thu Apr 29 15:40:41 2010 @@ -1264,6 +1264,22 @@ virtual int getCryptPassword( const string& device, string& pwd ) = 0; /** + * Verify password of a volume + * + * @param device name of volume, e.g. /dev/hda1 + * @param pwd crypt password for this volume + * @return zero if password is ok, a negative number to indicate an error + */ + virtual int verifyCryptPassword( const string& device, const string& pwd ) = 0; + /** + * Check if crypt password is required + * + * @param device name of volume, e.g. /dev/hda1 + * @return true if password is required, false otherwise + */ + virtual bool needCryptPassword( const string& device ) = 0; + + /** * Set encryption state of a volume * * @param device name of volume, e.g. /dev/hda1 Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/StorageTmpl.h URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/li... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/libstorage/src/StorageTmpl.h (original) +++ branches/SuSE-Code-11-Branch/storage/libstorage/src/StorageTmpl.h Thu Apr 29 15:40:41 2010 @@ -122,6 +122,16 @@ l.insert( i, e ); } +template<typename Map, typename Key, typename Value> +typename Map::iterator mapInsertOrReplace(Map& m, const Key& k, const Value& v) + { + typename Map::iterator pos = m.lower_bound(k); + if (pos != m.end() && !typename Map::key_compare()(k, pos->first)) + pos->second = v; + else + pos = m.insert(pos, typename Map::value_type(k, v)); + return pos; + } template<class Num> string decString(Num number) { Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/Volume.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/li... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/libstorage/src/Volume.cc (original) +++ branches/SuSE-Code-11-Branch/storage/libstorage/src/Volume.cc Thu Apr 29 15:40:41 2010 @@ -287,7 +287,7 @@ classic(file); file.read( buf, sizeof(buf) ); if( file.good() && strncmp( buf, "LUKS", 4 )==0 ) - setEncryption( ENC_LUKS ); + initEncryption( ENC_LUKS ); file.close(); } } @@ -985,6 +985,8 @@ int Volume::cryptUnsetup( bool force ) { int ret=0; + y2mil( "force:" << force << " active:" << dmcrypt_active << + " table:" << dmcrypt_dev ); if( dmcrypt_active || force ) { string table = dmcrypt_dev; @@ -1320,11 +1322,23 @@ is_loop = false; encryption = ENC_NONE; crypt_pwd.erase(); + orig_crypt_pwd.erase(); } else { if( !loop_active && !isTmpCryptMp(mp) && crypt_pwd.empty() ) ret = VOLUME_CRYPT_NO_PWD; + if( !isTmpCryptMp(mp) ) + { + if( !dmcrypt_active && crypt_pwd.empty() ) + ret = VOLUME_CRYPT_NO_PWD; + if( ret==0 && !dmcrypt_active && + !pwdLengthOk(typ,crypt_pwd,format) ) + { + ret = VOLUME_CRYPT_PWD_TOO_SHORT; + clearCryptPwd(); + } + } if( ret == 0 && cType()==NFSC ) ret = VOLUME_CRYPT_NFS_IMPOSSIBLE; if( ret==0 && (format||loop_active) ) @@ -1582,6 +1596,26 @@ return( cmd ); } +bool Volume::pwdLengthOk( storage::EncryptType typ, const string& val, + bool fmt ) const + { + bool ret = true; + if( fmt ) + { + ret = val.size()>=8; + } + else + { + if( typ==ENC_TWOFISH_OLD ) + ret = val.size()>=5; + else if( typ==ENC_TWOFISH || typ==ENC_TWOFISH256_OLD ) + ret = val.size()>=8; + else + ret = val.size()>=1; + } + return( ret ); + } + int Volume::setCryptPwd( const string& val ) { @@ -1590,18 +1624,12 @@ #endif int ret = 0; - if( ((encryption==ENC_UNKNOWN||encryption==ENC_TWOFISH_OLD|| - encryption==ENC_NONE) && val.size()<5) || - ((encryption==ENC_TWOFISH||encryption==ENC_TWOFISH256_OLD) && - val.size()<8) || - (encryption==ENC_LUKS && val.size()<1)) - { - if( !isTmpCryptMp(mp) ) - ret = VOLUME_CRYPT_PWD_TOO_SHORT; - } + if( !pwdLengthOk(encryption,val,format) && !isTmpCryptMp(mp) ) + ret = VOLUME_CRYPT_PWD_TOO_SHORT; else { - crypt_pwd=val; + orig_crypt_pwd = crypt_pwd; + crypt_pwd = val; if( encryption==ENC_UNKNOWN ) detectEncryption(); } @@ -1609,25 +1637,47 @@ return( ret ); } -bool Volume::needLosetup() const +bool +Volume::needCryptPwd() const { - return( (is_loop!=loop_active) && - (encryption==ENC_NONE || !crypt_pwd.empty() || - (dmcrypt()&&cont->type()==LOOP)) ); + bool ret = crypt_pwd.empty(); + if( ret && is_loop ) + ret = ret && !loop_active; + if( ret && dmcrypt() ) + ret = ret && !dmcrypt_active; + y2mil("ret:" << ret); + return( ret ); } -bool Volume::needCryptsetup() const +bool Volume::needLosetup( bool urgent ) const { - if (dmcrypt() && encryption != orig_encryption) - return true; + bool ret = (is_loop!=loop_active) && + (encryption==ENC_NONE || !crypt_pwd.empty() || + (dmcrypt() && cType() == LOOP)); + if( !urgent && loop_dev.empty() ) + ret = false; + if( is_loop && encryption!=ENC_NONE && + !crypt_pwd.empty() && crypt_pwd!=orig_crypt_pwd ) + ret = true; + return( ret ); + } - return( dmcrypt()!=dmcrypt_active && - (encryption==ENC_NONE || !crypt_pwd.empty() || isTmpCryptMp(mp))); +bool Volume::needCryptsetup() const + { + bool ret = (dmcrypt()!=dmcrypt_active) && + (encryption==ENC_NONE || encryption!=orig_encryption || + !crypt_pwd.empty() || isTmpCryptMp(mp)); + if( dmcrypt() && encryption!=ENC_NONE && + !crypt_pwd.empty() && crypt_pwd!=orig_crypt_pwd ) + ret = true; + y2mil( "vol:" << *this ); + y2mil( "ret:" << ret ); + return( ret ); } -bool Volume::needCrsetup() const +bool Volume::needCrsetup( bool urgent ) const { - return( needLosetup()||needCryptsetup() ); + return( needLosetup(urgent)||needCryptsetup() ); } bool Volume::needFstabUpdate() const @@ -1733,12 +1783,15 @@ { is_loop = cont->type()==LOOP; ret = encryption = orig_encryption = try_order[pos]; + orig_crypt_pwd = crypt_pwd; } else { is_loop = false; dmcrypt_dev.erase(); loop_dev.erase(); + crypt_pwd.erase(); + orig_crypt_pwd.erase(); ret = encryption = orig_encryption = ENC_UNKNOWN; } unlink( fname.c_str() ); @@ -1782,6 +1835,8 @@ SystemCmd c( getLosetupCmd( encryption, fname )); if( c.retcode()!=0 ) ret = VOLUME_LOSETUP_FAILED; + else + orig_crypt_pwd = crypt_pwd; if( !fname.empty() ) { unlink( fname.c_str() ); @@ -1908,6 +1963,8 @@ ret = VOLUME_CRYPTSETUP_FAILED; } } + if( ret==0 ) + orig_crypt_pwd = crypt_pwd; unlink( fname.c_str() ); rmdir( cont->getStorage()->tmpDir().c_str() ); cont->getStorage()->waitForDevice( dmcrypt_dev ); @@ -1943,7 +2000,7 @@ { int ret = 0; bool losetup_done = false; - if( needLosetup() ) + if( needLosetup(true) ) { ret = doLosetup(); losetup_done = ret==0; @@ -2264,6 +2321,11 @@ l.push_back( new commitAction( FORMAT, cont->type(), formatText(false), this, true )); } + else if ( needCrsetup(false) ) + { + l.push_back(new commitAction(mp.empty()?INCREASE:FORMAT, cont->type(), + crsetupText(false), this, mp.empty())); + } else if( mp != orig_mp || (cont->getStorage()->instsys()&&mp=="swap") ) { @@ -2444,7 +2506,7 @@ changed = true; che.dentry = de; } - if( fs != detected_fs ) + if( fs != detected_fs || che.fs!=fs_names[fs] ) { changed = true; che.fs = fs_names[fs]; @@ -2764,6 +2826,9 @@ #ifdef DEBUG_LOOP_CRYPT_PASSWORD if( is_loop && encryption!=ENC_NONE && !crypt_pwd.empty() ) file << " pwd:" << crypt_pwd; + if( is_loop && encryption!=ENC_NONE && !orig_crypt_pwd.empty() && + orig_crypt_pwd!=crypt_pwd ) + file << " orig_pwd:" << orig_crypt_pwd; #endif file << endl; return( file ); @@ -2805,7 +2870,7 @@ encryption = orig_encryption = toEncType(i->second); i = m.find( "pwd" ); if( i!=m.end() ) - crypt_pwd = i->second; + orig_crypt_pwd = crypt_pwd = i->second; } namespace storage @@ -2902,6 +2967,8 @@ s << " orig_encr:" << v.enc_names[v.orig_encryption]; #ifdef DEBUG_LOOP_CRYPT_PASSWORD s << " pwd:" << v.crypt_pwd; + if( v.orig_crypt_pwd.empty() && v.crypt_pwd!=v.orig_crypt_pwd ) + s << " orig_pwd:" << v.orig_crypt_pwd; #endif } if( !v.dmcrypt_dev.empty() ) @@ -3103,6 +3170,7 @@ loop_dev = rhs.loop_dev; fstab_loop_dev = rhs.fstab_loop_dev; crypt_pwd = rhs.crypt_pwd; + orig_crypt_pwd = rhs.orig_crypt_pwd; uby = rhs.uby; alt_names = rhs.alt_names; return( *this ); Modified: branches/SuSE-Code-11-Branch/storage/libstorage/src/Volume.h URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/li... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/libstorage/src/Volume.h (original) +++ branches/SuSE-Code-11-Branch/storage/libstorage/src/Volume.h Thu Apr 29 15:40:41 2010 @@ -70,19 +70,20 @@ bool dmcrypt() const { return encryption != ENC_NONE && encryption != ENC_UNKNOWN; } bool loopActive() const { return( is_loop&&loop_active ); } bool dmcryptActive() const { return( dmcrypt()&&dmcrypt_active ); } - bool needCrsetup() const; + bool needCrsetup( bool urgent=true ) const; const string& getUuid() const { return uuid; } const string& getLabel() const { return label; } int setLabel( const string& val ); int eraseLabel() { label.erase(); orig_label.erase(); return 0; } bool needLabel() const { return( label!=orig_label ); } storage::EncryptType getEncryption() const { return encryption; } - void setEncryption( storage::EncryptType val=storage::ENC_LUKS ) + void initEncryption( storage::EncryptType val=storage::ENC_LUKS ) { encryption=orig_encryption=val; } virtual int setEncryption( bool val, storage::EncryptType typ=storage::ENC_LUKS ); const string& getCryptPwd() const { return crypt_pwd; } int setCryptPwd( const string& val ); - void clearCryptPwd() { crypt_pwd.erase(); } + void clearCryptPwd() { crypt_pwd.erase(); orig_crypt_pwd.erase(); } + bool needCryptPwd() const; const string& getMount() const { return mp; } bool hasOrigMount() const { return !orig_mp.empty(); } bool needRemount() const; @@ -222,12 +223,14 @@ bool getLoopFile( string& fname ) const; void setExtError( const SystemCmd& cmd, bool serr=true ); string getDmcryptName(); - bool needLosetup() const; + bool needLosetup( bool urgent ) const; bool needCryptsetup() const; int doLosetup(); int doCryptsetup(); int loUnsetup( bool force=false ); int cryptUnsetup( bool force=false ); + bool pwdLengthOk( storage::EncryptType typ, const string& val, + bool format ) const; std::ostream& logVolume( std::ostream& file ) const; string getLosetupCmd( storage::EncryptType, const string& pwdfile ) const; @@ -270,6 +273,7 @@ string dmcrypt_dev; string fstab_loop_dev; string crypt_pwd; + string orig_crypt_pwd; string nm; std::list<string> alt_names; unsigned num; Modified: branches/SuSE-Code-11-Branch/storage/libstorage/testsuite/fstab1.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/li... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/libstorage/testsuite/fstab1.cc (original) +++ branches/SuSE-Code-11-Branch/storage/libstorage/testsuite/fstab1.cc Thu Apr 29 15:40:41 2010 @@ -104,10 +104,15 @@ bool val = false; + cout << s->changeFormatVolume("/dev/hda1", true, EXT3 ) << '\n'; cout << s->setCryptPassword ("/dev/hda1", "test") << '\n'; // FAILS - cout << s->setCrypt ("/dev/hda1", true) << '\n'; // FAILS + cout << s->changeFormatVolume("/dev/hda1", false, EXT3 ) << '\n'; + cout << s->setCryptPassword("/dev/hda1", "test") << '\n'; + cout << s->setCrypt("/dev/hda1", true) << '\n'; + + cout << s->changeFormatVolume("/dev/hda1", true, EXT3 ) << '\n'; cout << s->setCryptPassword ("/dev/hda1", "hello-world") << '\n'; cout << s->setCrypt ("/dev/hda1", true) << '\n'; Modified: branches/SuSE-Code-11-Branch/storage/libstorage/testsuite/single.out/fstab1.out URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/li... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/libstorage/testsuite/single.out/fstab1.out (original) +++ branches/SuSE-Code-11-Branch/storage/libstorage/testsuite/single.out/fstab1.out Thu Apr 29 15:40:41 2010 @@ -35,11 +35,16 @@ 0 user_xattr,noauto crypt1 +0 -3015 -3014 0 0 0 +0 +0 +0 +0 1 0 0 Modified: branches/SuSE-Code-11-Branch/storage/package/yast2-storage.changes URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/pa... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/package/yast2-storage.changes (original) +++ branches/SuSE-Code-11-Branch/storage/package/yast2-storage.changes Thu Apr 29 15:40:41 2010 @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Wed Apr 28 11:47:19 CEST 2010 - fehr@suse.de + +- backport crypt related fixes to handle L3 (bnc #599998) +- 2.17.77 + +------------------------------------------------------------------- Mon Jan 18 12:47:39 CET 2010 - aschnell@suse.de - fixed resizing of LVM logical volumes on S390 (bnc #571159) Modified: branches/SuSE-Code-11-Branch/storage/storage/src/include/custom_part_lib.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/st... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/storage/src/include/custom_part_lib.ycp (original) +++ branches/SuSE-Code-11-Branch/storage/storage/src/include/custom_part_lib.ycp Thu Apr 29 15:40:41 2010 @@ -626,8 +626,6 @@ ret["ok"] = Storage::SetCryptPwd( dev, fs_passwd ) && (new["format"]:false || Storage::SetCrypt( dev, true, new["format"]:false )); - if( ret["ok"]:false && new["type"]:`unknown == `loop ) - Storage::UpdateClassified( new["fpath"]:"", fs_passwd ); if( popup ) UI::CloseDialog(); } Modified: branches/SuSE-Code-11-Branch/storage/storage/src/include/ep-dialogs.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/st... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/storage/src/include/ep-dialogs.ycp (original) +++ branches/SuSE-Code-11-Branch/storage/storage/src/include/ep-dialogs.ycp Thu Apr 29 15:40:41 2010 @@ -73,15 +73,13 @@ boolean AskPassword() { - if (!NeedPassword()) - return false; - - // TODO: this is ugly - string key = (data["type"]:`unknown != `loop) ? (data["device"]:"error") : (data["fpath"]:"error"); - if (Storage::HasClassified(key)) - return false; - - return true; + boolean ret = NeedPassword(); + if( ret && !do_format && size(data["mount"]:"")>0 ) + { + string key = (data["type"]:`unknown != `loop) ? (data["device"]:"error") : (data["fpath"]:"error"); + ret = Storage::NeedCryptPwd(key); + } + return ret; } @@ -490,6 +488,8 @@ UI::ChangeWidget(`id(`pw1), `Value, ""); UI::ChangeWidget(`id(`pw2), `Value, ""); + string dev = (data["type"]:`unknown != `loop) ? data["device"]:"" + : data["fpath"]:""; repeat { widget = MiniWorkflow::UserInput(); @@ -543,10 +543,7 @@ if (widget == `next) { - if (data["type"]:`unknown != `loop) - Storage::UpdateClassified(data["device"]:"", pw1); - else - Storage::UpdateClassified(data["fpath"]:"", pw1); + Storage::SetCryptPwd(dev, pw1); widget = `finish; } Modified: branches/SuSE-Code-11-Branch/storage/storage/src/modules/Storage.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-Branch/storage/st... ============================================================================== --- branches/SuSE-Code-11-Branch/storage/storage/src/modules/Storage.ycp (original) +++ branches/SuSE-Code-11-Branch/storage/storage/src/modules/Storage.ycp Thu Apr 29 15:40:41 2010 @@ -69,9 +69,6 @@ import "LibStorage::CommitInfo"; -global void UpdateClassified(string key, string pwd); - - map<string,any> conv_ctype = $[ "def_sym" : `CT_UNKNOWN, "def_int" : LibStorage::CUNKNOWN(), @@ -164,7 +161,6 @@ map DiskMapVersion = $[]; map DiskMap = $[]; -map<string, string> ClassifiedSettings = $[]; map type_order = $[ `CT_DISK : 0, `CT_MD : 1, `CT_DMRAID : 2, `CT_DMMULTIPATH : 3, `CT_LOOP : 4, `CT_DM : 5, `CT_LVM : 6, `CT_NFS : 7 ]; list<string> hw_packages = []; @@ -729,6 +725,12 @@ ``(p["device"]:""==device )); pa = part[0]:$[]; } + if( size(pa)==0 && search(device, "/dev/mapper/")==0 ) + { + part = filter( map p, tg["/dev/loop","partitions"]:[], + ``(p["device"]:""==device )); + pa = part[0]:$[]; + } if( size(pa)>0 ) ret = add( ret, pa ); }); @@ -2633,21 +2635,6 @@ else y2milestone( "ChangeVolumeProperties sint ret:%1", ret ); } - if( ret==0 && - part["enc_type"]:`none != `none && haskey( ClassifiedSettings, dev ) ) - { - changed = true; - if( size(ClassifiedSettings[dev]:"")>0 ) - { - string pwd = ClassifiedSettings[dev]:""; - ret = LibStorage::StorageInterface::setCryptPassword( sint, dev, - pwd ); - if( ret<0 ) - y2error( "ChangeVolumeProperties sint ret:%1", ret ); - else - y2milestone( "ChangeVolumeProperties sint ret:%1", ret ); - } - } if( ret==0 && part["enc_type"]:`none != curr["enc_type"]:`none ) { changed = true; @@ -2992,23 +2979,52 @@ return ret; } +global string GetCryptPwd( string device ) + { + string pwd=""; + y2milestone( "GetCryptPwd device:%1", device ); + integer ret = 0; + ret = LibStorage::StorageInterface::getCryptPassword( sint, device, pwd ); + if( ret<0 ) + y2error( "GetCryptPwd sint ret:%1", ret ); + else + y2milestone( "GetCryptPwd empty:%1", size(pwd)==0 ); + return( pwd ); + } + +global boolean SetCryptPwd( string device, string pwd ) + { + y2milestone( "SetCryptPwd device:%1", device ); + integer ret = 0; + ret = LibStorage::StorageInterface::setCryptPassword( sint, device, pwd ); + if( ret<0 ) + y2error( "SetCryptPwd sint ret:%1", ret ); + else + y2milestone( "SetCryptPwd sint ret:%1", ret ); + return( ret==0 ); + } + +global boolean NeedCryptPwd( string device ) + { + boolean ret = false; + ret = LibStorage::StorageInterface::needCryptPassword( sint, device ); + y2milestone( "NeedCryptPwd device:%1 ret:%2", device, ret ); + return( ret ); + } + global string CreateLoop( string file, boolean create, integer sizeK, string mp ) { y2milestone( "CreateLoop file:%1 create:%2 sizeK:%3 mp:%4", file, create, sizeK, mp ); string dev = ""; - integer ret = -9999; - if( haskey( ClassifiedSettings, file )) - { - string pwd = ClassifiedSettings[file]:""; - ret = LibStorage::StorageInterface::createFileLoop( sint, file, !create, - sizeK, mp, pwd, - dev ); - UpdateClassified(dev, pwd); - } + integer ret = 0; + string pwd = GetCryptPwd( file ); + ret = LibStorage::StorageInterface::createFileLoop( sint, file, !create, + sizeK, mp, pwd, dev ); if( ret<0 ) y2error( "CreateLoop sint ret:%1", ret ); + LibStorage::StorageInterface::forgetCryptPassword( sint, file ); UpdateTargetMapDisk( "/dev/loop" ); y2milestone( "CreateLoop dev:%1", dev ); return( dev ); @@ -3036,19 +3052,6 @@ } */ -global void UpdateClassified( string key, string pwd ) - { - ClassifiedSettings[key] = pwd; - //y2milestone( "ClassifiedSettings %1", ClassifiedSettings ); - } - - -global boolean HasClassified(string key) -{ - return haskey(ClassifiedSettings, key); -} - - define void HandleModulesOnBoot( map<string,map> targetMap ); global boolean UpdateLoop( string dev, string file, boolean create, @@ -3078,43 +3081,6 @@ return( ret==0 ); } -global string GetCryptPwd( string device ) - { - string pwd=""; - y2milestone( "GetCryptPwd device:%1", device ); - if( size(ClassifiedSettings[device]:"")>0 ) - pwd = ClassifiedSettings[device]:""; - else - { - integer ret = 0; - ret = LibStorage::StorageInterface::getCryptPassword( sint, device, - pwd ); - if( ret<0 ) - y2error( "GetCryptPwd sint ret:%1", ret ); - } - y2milestone( "GetCryptPwd empty:%1", size(pwd)==0 ); - return( pwd ); - } - -global boolean SetCryptPwd( string device, string pwd ) - { - y2milestone( "SetCryptPwd device:%1", device ); - integer ret = LibStorage::StorageInterface::setCryptPassword( sint, device, - pwd ); - y2milestone( "SetCryptPwd sint ret:%1", ret ); - map p = GetPartition( GetTargetMap(), device ); - if( ret==LibStorage::STORAGE_VOLUME_NOT_FOUND() || p["create"]:false ) - { - ClassifiedSettings[device] = pwd; - y2milestone( "setting classified %1 pwd size %2", device, size(pwd) ); - ret = 0; - } - else if( ret<0 ) - y2error( "SetCryptPwd sint ret:%1", ret ); - return( ret==0 ); - } - - global string DefaultDiskLabel(integer size_k) { y2milestone("DefaultDiskLabel size_k:%1", size_k ); @@ -3724,7 +3690,6 @@ integer ret = LibStorage::StorageInterface::commit( sint ); if( ret<0 ) y2error( "CommitChanges sint ret:%1", ret ); - ClassifiedSettings = $[]; return( ret ); } @@ -6552,5 +6517,20 @@ return size(LibStorage::StorageInterface::getCommitActions( sint, true )); } +global boolean CheckCryptOk( string dev, string fs_passwd ) + { + integer i = LibStorage::StorageInterface::verifyCryptPassword( sint, dev, fs_passwd ); + if( i!=0 ) + Popup::Error( sformat(_("Could not set encryption. +System error code is %1. + +The crypt password provided could be incorrect. +"), i )); + y2milestone( "CheckCryptOk dev:%1 pwlen:%2 ret:%3", + dev, size(fs_passwd), i==0 ); + return( i==0 ); + } + } + -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org