[yast-commit] r60185 - in /branches/SuSE-Code-11-SP1-Branch/storage: ./ libstorage/src/ libstorage/testsuite/ libstorage/testsuite/single.out/ package/ storage/src/include/ storage/src/modules/

Author: fehr Date: Tue Dec 22 17:57:36 2009 New Revision: 60185 URL: http://svn.opensuse.org/viewcvs/yast?rev=60185&view=rev Log: backported crypt related fixes from HEAD Modified: branches/SuSE-Code-11-SP1-Branch/storage/VERSION branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Container.cc branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/DmCo.cc branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/EtcFstab.cc branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/EtcFstab.h branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Loop.cc branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Md.cc branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Md.h branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Storage.cc branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Storage.h branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/StorageInterface.h branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/StorageTmpl.h branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Volume.cc branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Volume.h branches/SuSE-Code-11-SP1-Branch/storage/libstorage/testsuite/fstab1.cc branches/SuSE-Code-11-SP1-Branch/storage/libstorage/testsuite/single.out/fstab1.out branches/SuSE-Code-11-SP1-Branch/storage/package/yast2-storage.changes branches/SuSE-Code-11-SP1-Branch/storage/storage/src/include/custom_part_lib.ycp branches/SuSE-Code-11-SP1-Branch/storage/storage/src/include/do_proposal_flexible.ycp branches/SuSE-Code-11-SP1-Branch/storage/storage/src/include/ep-dialogs.ycp branches/SuSE-Code-11-SP1-Branch/storage/storage/src/modules/Storage.ycp Modified: branches/SuSE-Code-11-SP1-Branch/storage/VERSION URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/VERSION?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/VERSION (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/VERSION Tue Dec 22 17:57:36 2009 @@ -1 +1 @@ -2.17.86 +2.17.87 Modified: branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Container.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Container.cc?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Container.cc (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Container.cc Tue Dec 22 17:57:36 2009 @@ -162,11 +162,13 @@ ret = doCreate( vol ); else if( vol->needExtend() ) ret = doResize( vol ); - if (vol->needCrsetup()) + if (vol->needCrsetup(false)) ret = vol->doCrsetup(); break; case FORMAT: + if (vol->needCrsetup(true)) + ret = vol->doCrsetup(); if( ret==0 && vol->getFormat() ) ret = vol->doFormat(); if( ret==0 && vol->needLabel() ) @@ -175,7 +177,11 @@ case MOUNT: if( vol->needRemount() ) + { + if (vol->needCrsetup(true)) + vol->doCrsetup(); ret = vol->doMount(); + } if( ret==0 && vol->needFstabUpdate() ) { ret = vol->doFstabUpdate(); Modified: branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/DmCo.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/DmCo.cc?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/DmCo.cc (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/DmCo.cc Tue Dec 22 17:57:36 2009 @@ -122,7 +122,7 @@ keysize = extractNthWord( 1, line ); } - if( cipher == "aes-cbc-essiv:sha256" ) + if( cipher == "aes-cbc-essiv:sha256" || cipher == "aes-cbc-plain") ret = ENC_LUKS; else if( cipher == "twofish-cbc-plain" ) ret = ENC_TWOFISH; Modified: branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/EtcFstab.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/EtcFstab.cc?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/EtcFstab.cc (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/EtcFstab.cc Tue Dec 22 17:57:36 2009 @@ -24,7 +24,6 @@ Textdomain "storage" */ - #include <fstream> #include <algorithm> @@ -94,6 +93,8 @@ if( i!=l.end() ) *i++ >> p->old.passno; p->old.calcDependent(); + if( checkNormalFile(p->old.device) ) + p->old.loop = true; p->nnew = p->old; co.push_back( *p ); delete p; @@ -494,14 +495,15 @@ { ls.push_back( e.loop_dev ); } - ls.push_back( e.dentry ); + if( e.dmcrypt && e.optUser() ) + ls.push_back( e.device ); + else + ls.push_back( e.dentry ); ls.push_back( e.mount ); - if( e.dmcrypt && e.noauto ) + if( e.dmcrypt && e.optUser() ) ls.push_back( "crypt" ); else - { ls.push_back( (e.fs!="ntfs")?e.fs:"ntfs-3g" ); - } if( e.cryptotab ) { ls.push_back( Volume::encTypeString(e.encr) ); @@ -545,8 +547,7 @@ string EtcFstab::createTabLine( const FstabEntry& e ) const { - y2mil("dentry:" << e.dentry << " mount:" << e.mount << "device:" << e.device); - y2mil( "entry:" << e ); + y2mil("dentry:" << e.dentry << " mount:" << e.mount << " device:" << e.device); const list<string> ls = makeStringList(e); y2mil( "list:" << ls ); unsigned max_fields = e.cryptotab ? lengthof(cryptotabFields) @@ -759,6 +760,15 @@ i->old = i->nnew; i->op = Entry::NONE; } + else if( findCrtab( i->nnew, crypttab, lineno )) + { + string line = createTabLine( i->nnew ); + if (!i->nnew.mount.empty()) + fstab->append( line ); + if( i->old.crypttab > i->nnew.crypttab && + findCrtab( i->old, crypttab, lineno )) + crypttab.remove( lineno, 1 ); + } else ret = FSTAB_UPDATE_ENTRY_NOT_FOUND; break; @@ -896,7 +906,11 @@ return( txt ); } - +bool +FstabEntry::optUser() const + { + return find( opts.begin(), opts.end(), "user" ) != opts.end(); + } unsigned EtcFstab::fstabFields[] = { 20, 20, 10, 21, 1, 1 }; unsigned EtcFstab::cryptotabFields[] = { 11, 15, 20, 10, 10, 1 }; Modified: branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/EtcFstab.h URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/EtcFstab.h?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/EtcFstab.h (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/EtcFstab.h Tue Dec 22 17:57:36 2009 @@ -65,6 +65,7 @@ storage::MountByType mount_by; void calcDependent(); + bool optUser() const; }; inline std::ostream& operator<< (std::ostream& s, const FstabEntry &v ) Modified: branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Loop.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Loop.cc?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Loop.cc (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Loop.cc Tue Dec 22 17:57:36 2009 @@ -74,7 +74,7 @@ else { numeric = false; - setEncryption( ENC_LUKS ); + initEncryption( ENC_LUKS ); if( !dm_dev.empty() ) { setDmcryptDev( dm_dev ); @@ -123,7 +123,7 @@ else { numeric = false; - setEncryption( ENC_LUKS ); + initEncryption( ENC_LUKS ); if( dmcrypt_dev.empty() ) dmcrypt_dev = getDmcryptName(); setDmcryptDev( dmcrypt_dev, false ); @@ -143,13 +143,15 @@ void Loop::init() { - reuseFile = delFile = false; + delFile = false; + reuseFile = true; } void Loop::setDmcryptDev( const string& dm_dev, bool active ) { dev = dm_dev; + y2mil( "dm_dev:" << dm_dev << " active:" << active ); nm = dm_dev.substr( dm_dev.find_last_of( '/' )+1); if( active ) { Modified: branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Md.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Md.cc?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Md.cc (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Md.cc Tue Dec 22 17:57:36 2009 @@ -601,6 +601,13 @@ return( ret ); } +string Md::mdDevice( unsigned num ) + { + string dev( "/dev/md" ); + dev += decString(num); + return( dev ); + } + void Md::setPersonality( MdType val ) { md_type=val; Modified: branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Md.h URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Md.h?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Md.h (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Md.h Tue Dec 22 17:57:36 2009 @@ -65,6 +65,8 @@ static const string& pName( storage::MdType t ) { return md_names[t]; } static bool mdStringNum( const string& name, unsigned& num ); + static string mdDevice( unsigned num ); + friend std::ostream& operator<< (std::ostream& s, const Md& m ); virtual void print( std::ostream& s ) const { s << *this; } string removeText( bool doing ) const; Modified: branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Storage.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Storage.cc?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Storage.cc (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Storage.cc Tue Dec 22 17:57:36 2009 @@ -1138,6 +1138,8 @@ else { ret = i->createPartition( type, start, size, device, true ); + if( ret==0 ) + checkPwdBuf( device ); } } } @@ -1152,6 +1154,8 @@ else { ret = i->createPartition( type, start, size, device, true ); + if( ret==0 ) + checkPwdBuf( device ); } } } @@ -2306,6 +2310,40 @@ } int +Storage::verifyCryptFilePassword( const string& file, const string& pwd ) + { + int ret = VOLUME_CRYPT_NOT_DETECTED; + assertInit(); + y2mil("file:" << file << " l:" << pwd.length()); +#ifdef DEBUG_LOOP_CRYPT_PASSWORD + y2mil("password:" << pwd); +#endif + + VolIterator vol; + if (readonly()) + { + ret = STORAGE_CHANGE_READONLY; + } + else + { + ProcPart ppart; + LoopCo* co = new LoopCo(this, false, ppart); + if( co ) + { + Loop* loop = new Loop( *co, file, true, 0, true ); + if( loop && loop->setCryptPwd( pwd )==0 && + loop->detectEncryption()!=ENC_UNKNOWN ) + ret = 0; + if( loop ) + delete loop; + delete co; + } + } + y2mil("ret:" << ret); + return( ret ); + } + +int Storage::changeMkfsOptVolume( const string& device, const string& opts ) { int ret = 0; @@ -2637,6 +2675,8 @@ { ret = STORAGE_VOLUME_NOT_FOUND; } + if( !val ) + pwdBuf.erase(device); if( ret==0 ) { ret = checkCache(); @@ -2666,7 +2706,7 @@ } int -Storage::setCryptPassword( const string& device, const string& pwd ) +Storage::verifyCryptPassword( const string& device, const string& pwd ) { int ret = 0; assertInit(); @@ -2683,10 +2723,43 @@ else if( findVolume( device, vol ) ) { ret = vol->setCryptPwd( pwd ); + if( ret==0 && vol->detectEncryption()==ENC_UNKNOWN ) + ret = VOLUME_CRYPT_NOT_DETECTED; + vol->clearCryptPwd(); } else { - ret = STORAGE_VOLUME_NOT_FOUND; + ret = verifyCryptFilePassword( device, pwd ); + } + y2mil("ret:" << ret); + return( ret ); + } + +int +Storage::setCryptPassword( const string& device, const string& pwd ) + { + int ret = 0; + assertInit(); + y2mil("device:" << device << " l:" << pwd.length()); +#ifdef DEBUG_LOOP_CRYPT_PASSWORD + y2mil("password:" << pwd); +#endif + + VolIterator vol; + map::iterator i = pwdBuf.find(device); + if (readonly()) + { + ret = STORAGE_CHANGE_READONLY; + } + else if( findVolume( device, vol ) ) + { + ret = vol->setCryptPwd( pwd ); + if( i!=pwdBuf.end() ) + pwdBuf.erase(i); + } + else + { + mapInsertOrReplace( pwdBuf, device, pwd ); } if( ret==0 ) { @@ -2714,11 +2787,45 @@ } else { - ret = STORAGE_VOLUME_NOT_FOUND; + map::iterator i = pwdBuf.find(device); + if( i!=pwdBuf.end() ) + pwdBuf.erase(i); + else + ret = STORAGE_VOLUME_NOT_FOUND; } - if( ret==0 ) + y2mil("ret:" << ret); + return( ret ); + } + +bool +Storage::needCryptPassword( const string& device ) + { + bool ret = true; + bool volFound = false; + assertInit(); + y2mil("device:" << device); + + VolIterator vol; + if( checkNormalFile(device) ) { - ret = checkCache(); + ConstLoopPair p = loopPair(Loop::notDeleted); + ConstLoopIterator i = p.begin(); + while( i != p.end() && i->loopFile()!=device ) + ++i; + if( i != p.end() ) + { + ret = i->needCryptPwd(); + volFound = true; + } + } + else if( findVolume( device, vol ) ) + { + ret = vol->needCryptPwd(); + volFound = true; + } + if( !volFound ) + { + ret = pwdBuf.find( device )==pwdBuf.end(); } y2mil("ret:" << ret); return( ret ); @@ -2739,11 +2846,11 @@ } else { - ret = STORAGE_VOLUME_NOT_FOUND; - } - if( ret==0 ) - { - ret = checkCache(); + map::const_iterator i = pwdBuf.find(device); + if( i!=pwdBuf.end() ) + pwd = i->second; + else + ret = STORAGE_VOLUME_NOT_FOUND; } #ifdef DEBUG_LOOP_CRYPT_PASSWORD y2milestone( "password:%s", pwd.c_str() ); @@ -3066,6 +3173,8 @@ else if( i != lvgEnd() ) { ret = i->createLv( name, sizeM*1024, stripe, device ); + if( ret==0 ) + checkPwdBuf( device ); } else { @@ -3309,6 +3418,8 @@ list<string> d; d.insert( d.end(), devs.begin(), devs.end() ); ret = md->createMd( num, rtype, d ); + if( ret==0 ) + checkPwdBuf( Md::mdDevice(num) ); } if( !have_md ) { @@ -3353,6 +3464,8 @@ list<string> d; d.insert( d.end(), devs.begin(), devs.end() ); ret = md->createMd( num, rtype, d ); + if( ret==0 ) + checkPwdBuf( Md::mdDevice(num) ); } if( !have_md ) { @@ -6414,6 +6527,20 @@ } } +void Storage::checkPwdBuf( const string& device ) + { + if( !pwdBuf.empty() ) + { + map::iterator i=pwdBuf.find(device); + if( i!=pwdBuf.end() ) + { + VolIterator vol; + if( findVolume( device, vol ) ) + vol->setCryptPwd( i->second ); + pwdBuf.erase(i); + } + } + } int Storage::zeroDevice(const string& device, unsigned long long sizeK, bool random, Modified: branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Storage.h URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Storage.h?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Storage.h (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Storage.h Tue Dec 22 17:57:36 2009 @@ -382,6 +382,9 @@ int addFstabOptions( const string&, const string& options ); int removeFstabOptions( const string&, const string& options ); int setCryptPassword( const string& device, const string& pwd ); + int verifyCryptPassword( const string& device, const string& pwd ); + int verifyCryptFilePassword( const string& file, const string& pwd ); + bool needCryptPassword( const string& device ); int forgetCryptPassword( const string& device ); int getCryptPassword( const string& device, string& pwd ); int setCrypt( const string& device, bool val ); @@ -1875,6 +1878,7 @@ bool also_del=false ); bool findContainer( const string& device, ContIterator& c ); + void checkPwdBuf( const string& device ); bool haveMd( MdCo*& md ); bool haveDm(DmCo*& dm); bool haveNfs( NfsCo*& co ); @@ -1935,6 +1939,7 @@ string extendedError; std::map backups; std::map freeInfo; + std::map pwdBuf; std::list > infoPopupTxts; }; Modified: branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/StorageInterface.h URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/StorageInterface.h?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/StorageInterface.h (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/StorageInterface.h Tue Dec 22 17:57:36 2009 @@ -1396,6 +1396,22 @@ virtual int getCryptPassword( const string& device, string& pwd ) = 0; /** + * Verify password of a volume + * + * @param device name of volume, e.g. /dev/hda1 + * @param pwd crypt password for this volume + * @return zero if password is ok, a negative number to indicate an error + */ + virtual int verifyCryptPassword( const string& device, const string& pwd ) = 0; + /** + * Check if crypt password is required + * + * @param device name of volume, e.g. /dev/hda1 + * @return true if password is required, false otherwise + */ + virtual bool needCryptPassword( const string& device ) = 0; + + /** * Set encryption state of a volume * * @param device name of volume, e.g. /dev/hda1 Modified: branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/StorageTmpl.h URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/StorageTmpl.h?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/StorageTmpl.h (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/StorageTmpl.h Tue Dec 22 17:57:36 2009 @@ -144,6 +144,16 @@ l.insert( i, e ); } +template +typename Map::iterator mapInsertOrReplace(Map& m, const Key& k, const Value& v) + { + typename Map::iterator pos = m.lower_bound(k); + if (pos != m.end() && !typename Map::key_compare()(k, pos->first)) + pos->second = v; + else + pos = m.insert(pos, typename Map::value_type(k, v)); + return pos; + } template<class Num> string decString(Num number) { Modified: branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Volume.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Volume.cc?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Volume.cc (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Volume.cc Tue Dec 22 17:57:36 2009 @@ -308,7 +308,7 @@ classic(file); file.read( buf, sizeof(buf) ); if( file.good() && strncmp( buf, "LUKS", 4 )==0 ) - setEncryption( ENC_LUKS ); + initEncryption( ENC_LUKS ); file.close(); } } @@ -1006,6 +1006,8 @@ int Volume::cryptUnsetup( bool force ) { int ret=0; + y2mil( "force:" << force << " active:" << dmcrypt_active << + " table:" << dmcrypt_dev ); if( dmcrypt_active || force ) { string table = dmcrypt_dev; @@ -1342,13 +1344,22 @@ { is_loop = false; encryption = ENC_NONE; - dmcrypt_dev.clear(); crypt_pwd.erase(); + orig_crypt_pwd.erase(); } else { - if( !loop_active && !isTmpCryptMp(mp) && crypt_pwd.empty() ) - ret = VOLUME_CRYPT_NO_PWD; + if( !isTmpCryptMp(mp) ) + { + if( !dmcrypt_active && crypt_pwd.empty() ) + ret = VOLUME_CRYPT_NO_PWD; + if( ret==0 && !dmcrypt_active && + !pwdLengthOk(typ,crypt_pwd,format) ) + { + ret = VOLUME_CRYPT_PWD_TOO_SHORT; + clearCryptPwd(); + } + } if( ret == 0 && cType()==NFSC ) ret = VOLUME_CRYPT_NFS_IMPOSSIBLE; if (ret == 0 && (create || format || loop_active || mp.empty())) @@ -1607,6 +1618,26 @@ return( cmd ); } +bool Volume::pwdLengthOk( storage::EncryptType typ, const string& val, + bool fmt ) const + { + bool ret = true; + if( fmt ) + { + ret = val.size()>=8; + } + else + { + if( typ==ENC_TWOFISH_OLD ) + ret = val.size()>=5; + else if( typ==ENC_TWOFISH || typ==ENC_TWOFISH256_OLD ) + ret = val.size()>=8; + else + ret = val.size()>=1; + } + return( ret ); + } + int Volume::setCryptPwd( const string& val ) { @@ -1615,18 +1646,12 @@ #endif int ret = 0; - if( ((encryption==ENC_UNKNOWN||encryption==ENC_TWOFISH_OLD|| - encryption==ENC_NONE) && val.size()<5) || - ((encryption==ENC_TWOFISH||encryption==ENC_TWOFISH256_OLD) && - val.size()<8) || - (encryption==ENC_LUKS && val.size()<1)) - { - if( !isTmpCryptMp(mp) ) - ret = VOLUME_CRYPT_PWD_TOO_SHORT; - } + if( !pwdLengthOk(encryption,val,format) && !isTmpCryptMp(mp) ) + ret = VOLUME_CRYPT_PWD_TOO_SHORT; else { - crypt_pwd=val; + orig_crypt_pwd = crypt_pwd; + crypt_pwd = val; if( encryption==ENC_UNKNOWN ) detectEncryption(); } @@ -1634,25 +1659,47 @@ return( ret ); } -bool Volume::needLosetup() const +bool +Volume::needCryptPwd() const { - return( (is_loop!=loop_active) && - (encryption==ENC_NONE || !crypt_pwd.empty() || - (dmcrypt()&&cont->type()==LOOP)) ); + bool ret = crypt_pwd.empty(); + if( ret && is_loop ) + ret = ret && !loop_active; + if( ret && dmcrypt() ) + ret = ret && !dmcrypt_active; + y2mil("ret:" << ret); + return( ret ); } -bool Volume::needCryptsetup() const +bool Volume::needLosetup( bool urgent ) const { - if (dmcrypt() && encryption != orig_encryption) - return true; + bool ret = (is_loop!=loop_active) && + (encryption==ENC_NONE || !crypt_pwd.empty() || + (dmcrypt() && cType() == LOOP)); + if( !urgent && loop_dev.empty() ) + ret = false; + if( is_loop && encryption!=ENC_NONE && + !crypt_pwd.empty() && crypt_pwd!=orig_crypt_pwd ) + ret = true; + return( ret ); + } - return( dmcrypt()!=dmcrypt_active && - (encryption==ENC_NONE || !crypt_pwd.empty() || isTmpCryptMp(mp))); +bool Volume::needCryptsetup() const + { + bool ret = (dmcrypt()!=dmcrypt_active) && + (encryption==ENC_NONE || encryption!=orig_encryption || + !crypt_pwd.empty() || isTmpCryptMp(mp)); + if( dmcrypt() && encryption!=ENC_NONE && + !crypt_pwd.empty() && crypt_pwd!=orig_crypt_pwd ) + ret = true; + y2mil( "vol:" << *this ); + y2mil( "ret:" << ret ); + return( ret ); } -bool Volume::needCrsetup() const +bool Volume::needCrsetup( bool urgent ) const { - return( needLosetup()||needCryptsetup() ); + return( needLosetup(urgent)||needCryptsetup() ); } bool Volume::needFstabUpdate() const @@ -1758,12 +1805,15 @@ { is_loop = cont->type()==LOOP; ret = encryption = orig_encryption = try_order[pos]; + orig_crypt_pwd = crypt_pwd; } else { is_loop = false; dmcrypt_dev.erase(); loop_dev.erase(); + crypt_pwd.erase(); + orig_crypt_pwd.erase(); ret = encryption = orig_encryption = ENC_UNKNOWN; } unlink( fname.c_str() ); @@ -1807,6 +1857,8 @@ SystemCmd c( getLosetupCmd( encryption, fname )); if( c.retcode()!=0 ) ret = VOLUME_LOSETUP_FAILED; + else + orig_crypt_pwd = crypt_pwd; if( !fname.empty() ) { unlink( fname.c_str() ); @@ -1934,6 +1986,8 @@ ret = VOLUME_CRYPTSETUP_FAILED; } } + if( ret==0 ) + orig_crypt_pwd = crypt_pwd; unlink( fname.c_str() ); rmdir( cont->getStorage()->tmpDir().c_str() ); cont->getStorage()->waitForDevice( dmcrypt_dev ); @@ -1973,7 +2027,7 @@ { int ret = 0; bool losetup_done = false; - if( needLosetup() ) + if( needLosetup(true) ) { ret = doLosetup(); losetup_done = ret==0; @@ -2300,7 +2354,7 @@ l.push_back( new commitAction( FORMAT, cont->type(), formatText(false), this, true )); } - else if ( encryption != ENC_NONE ) + else if ( needCrsetup(false) ) { l.push_back(new commitAction(mp.empty()?INCREASE:FORMAT, cont->type(), crsetupText(false), this, mp.empty())); @@ -2486,7 +2540,7 @@ changed = true; che.dentry = de; } - if( fs != detected_fs ) + if( fs != detected_fs || che.fs!=fs_names[fs] ) { changed = true; che.fs = fs_names[fs]; @@ -2806,6 +2860,9 @@ #ifdef DEBUG_LOOP_CRYPT_PASSWORD if( is_loop && encryption!=ENC_NONE && !crypt_pwd.empty() ) file << " pwd:" << crypt_pwd; + if( is_loop && encryption!=ENC_NONE && !orig_crypt_pwd.empty() && + orig_crypt_pwd!=crypt_pwd ) + file << " orig_pwd:" << orig_crypt_pwd; #endif file << endl; return( file ); @@ -2847,7 +2904,7 @@ encryption = orig_encryption = toEncType(i->second); i = m.find( "pwd" ); if( i!=m.end() ) - crypt_pwd = i->second; + orig_crypt_pwd = crypt_pwd = i->second; } namespace storage @@ -2944,6 +3001,8 @@ s << " orig_encr:" << v.enc_names[v.orig_encryption]; #ifdef DEBUG_LOOP_CRYPT_PASSWORD s << " pwd:" << v.crypt_pwd; + if( v.orig_crypt_pwd.empty() && v.crypt_pwd!=v.orig_crypt_pwd ) + s << " orig_pwd:" << v.orig_crypt_pwd; #endif } if( !v.dmcrypt_dev.empty() ) @@ -3145,6 +3204,7 @@ loop_dev = rhs.loop_dev; fstab_loop_dev = rhs.fstab_loop_dev; crypt_pwd = rhs.crypt_pwd; + orig_crypt_pwd = rhs.orig_crypt_pwd; uby = rhs.uby; alt_names = rhs.alt_names; return( *this ); Modified: branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Volume.h URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Volume.h?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Volume.h (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/libstorage/src/Volume.h Tue Dec 22 17:57:36 2009 @@ -92,19 +92,20 @@ bool dmcrypt() const { return encryption != ENC_NONE && encryption != ENC_UNKNOWN; } bool loopActive() const { return( is_loop&&loop_active ); } bool dmcryptActive() const { return( dmcrypt()&&dmcrypt_active ); } - bool needCrsetup() const; + bool needCrsetup( bool urgent=true ) const; const string& getUuid() const { return uuid; } const string& getLabel() const { return label; } int setLabel( const string& val ); int eraseLabel() { label.erase(); orig_label.erase(); return 0; } bool needLabel() const { return( label!=orig_label ); } storage::EncryptType getEncryption() const { return encryption; } - void setEncryption( storage::EncryptType val=storage::ENC_LUKS ) + void initEncryption( storage::EncryptType val=storage::ENC_LUKS ) { encryption=orig_encryption=val; } virtual int setEncryption(bool val, storage::EncryptType typ = storage::ENC_LUKS ); const string& getCryptPwd() const { return crypt_pwd; } int setCryptPwd( const string& val ); - void clearCryptPwd() { crypt_pwd.erase(); } + void clearCryptPwd() { crypt_pwd.erase(); orig_crypt_pwd.erase(); } + bool needCryptPwd() const; const string& getMount() const { return mp; } bool hasOrigMount() const { return !orig_mp.empty(); } bool needRemount() const; @@ -244,12 +245,14 @@ bool getLoopFile( string& fname ) const; void setExtError( const SystemCmd& cmd, bool serr=true ); string getDmcryptName(); - bool needLosetup() const; + bool needLosetup( bool urgent ) const; bool needCryptsetup() const; int doLosetup(); int doCryptsetup(); int loUnsetup( bool force=false ); int cryptUnsetup( bool force=false ); + bool pwdLengthOk( storage::EncryptType typ, const string& val, + bool format ) const; std::ostream& logVolume( std::ostream& file ) const; string getLosetupCmd( storage::EncryptType, const string& pwdfile ) const; @@ -292,6 +295,7 @@ string dmcrypt_dev; string fstab_loop_dev; string crypt_pwd; + string orig_crypt_pwd; string nm; std::list<string> alt_names; unsigned num; Modified: branches/SuSE-Code-11-SP1-Branch/storage/libstorage/testsuite/fstab1.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/libstorage/testsuite/fstab1.cc?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/libstorage/testsuite/fstab1.cc (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/libstorage/testsuite/fstab1.cc Tue Dec 22 17:57:36 2009 @@ -105,10 +105,15 @@ bool val = false; + cout << s->changeFormatVolume("/dev/hda1", true, EXT3 ) << '\n'; cout << s->setCryptPassword ("/dev/hda1", "test") << '\n'; // FAILS - cout << s->setCrypt ("/dev/hda1", true) << '\n'; // FAILS + cout << s->changeFormatVolume("/dev/hda1", false, EXT3 ) << '\n'; + cout << s->setCryptPassword("/dev/hda1", "test") << '\n'; + cout << s->setCrypt("/dev/hda1", true) << '\n'; + + cout << s->changeFormatVolume("/dev/hda1", true, EXT3 ) << '\n'; cout << s->setCryptPassword ("/dev/hda1", "hello-world") << '\n'; cout << s->setCrypt ("/dev/hda1", true) << '\n'; Modified: branches/SuSE-Code-11-SP1-Branch/storage/libstorage/testsuite/single.out/fstab1.out URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/libstorage/testsuite/single.out/fstab1.out?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/libstorage/testsuite/single.out/fstab1.out (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/libstorage/testsuite/single.out/fstab1.out Tue Dec 22 17:57:36 2009 @@ -35,11 +35,16 @@ 0 user_xattr,noauto crypt1 +0 -3015 -3014 0 0 0 +0 +0 +0 +0 1 0 0 Modified: branches/SuSE-Code-11-SP1-Branch/storage/package/yast2-storage.changes URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/package/yast2-storage.changes?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/package/yast2-storage.changes (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/package/yast2-storage.changes Tue Dec 22 17:57:36 2009 @@ -1,4 +1,20 @@ ------------------------------------------------------------------- +Mon Dec 21 13:03:03 CET 2009 - fehr@suse.de + +- backported crypt related fixes from HEAD + fix detection of encrypted swap and temp filesystems (bnc#435337) + fix various bugs handling encrypted devices + fix handling of inactive swap file entry in fstab (bnc#504497) + do some changes in handling of encrypted passwords (bnc#466196, bnc#480739) + use "crypt" fstab entry when "user" is set, not any more when "noauto" set + add capability to verify passwords of file based loop devices (bnc#467987) + check crypt password different depending on format flag + fix detection of existing file based loop devices + fix edit mode for existing file based loop devices (bnc#480736) + get rid of ClassifiedSettings in Storage.ycp + make removal of loop based files work again (bnc#480738) + +------------------------------------------------------------------- Thu Dec 17 10:48:33 CET 2009 - aschnell@suse.de - fixed BIOS ID for MDs (bnc #565222) @@ -11,14 +27,14 @@ ------------------------------------------------------------------- Thu Dec 10 17:58:03 CET 2009 - aschnell@suse.de -- run swapon with --fixpgsz (see bnc #433028) (requires util-linux +- run swapon with --fixpgsz (see bnc#433028) (requires util-linux 2.16) ------------------------------------------------------------------- Thu Dec 03 10:38:39 CET 2009 - fehr@suse.de - avoid data loss on encrypted partitions using non-LUKS encryption - when integrating them into system (#557607) + when integrating them into system (bnc #557607) - 2.17.86 ------------------------------------------------------------------- Modified: branches/SuSE-Code-11-SP1-Branch/storage/storage/src/include/custom_part_lib.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/storage/src/include/custom_part_lib.ycp?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/storage/src/include/custom_part_lib.ycp (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/storage/src/include/custom_part_lib.ycp Tue Dec 22 17:57:36 2009 @@ -626,8 +626,6 @@ ret["ok"] = Storage::SetCryptPwd( dev, fs_passwd ) && (new["format"]:false || Storage::SetCrypt( dev, true, new["format"]:false )); - if( ret["ok"]:false && new["type"]:`unknown == `loop ) - Storage::UpdateClassified( new["fpath"]:"", fs_passwd ); if( popup ) UI::CloseDialog(); } Modified: branches/SuSE-Code-11-SP1-Branch/storage/storage/src/include/do_proposal_flexible.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/storage/src/include/do_proposal_flexible.ycp?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/storage/src/include/do_proposal_flexible.ycp (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/storage/src/include/do_proposal_flexible.ycp Tue Dec 22 17:57:36 2009 @@ -183,7 +183,7 @@ if (contains(devices, part_device)) { partition["enc_type"] = `luks; - Storage::UpdateClassified(part_device, Storage::ProposalPassword()); + Storage::SetCryptPwd(part_device, Storage::ProposalPassword()); } return partition; }); Modified: branches/SuSE-Code-11-SP1-Branch/storage/storage/src/include/ep-dialogs.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/storage/src/include/ep-dialogs.ycp?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/storage/src/include/ep-dialogs.ycp (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/storage/src/include/ep-dialogs.ycp Tue Dec 22 17:57:36 2009 @@ -71,15 +71,13 @@ boolean AskPassword() { - if (!NeedPassword()) - return false; - - // TODO: this is ugly - string key = (data["type"]:`unknown != `loop) ? (data["device"]:"error") : (data["fpath"]:"error"); - if (Storage::HasClassified(key)) - return false; - - return true; + boolean ret = NeedPassword(); + if( ret && !do_format && size(data["mount"]:"")>0 ) + { + string key = (data["type"]:`unknown != `loop) ? (data["device"]:"error") : (data["fpath"]:"error"); + ret = Storage::NeedCryptPwd(key); + } + return ret; } @@ -488,6 +486,8 @@ UI::ChangeWidget(`id(`pw1), `Value, ""); UI::ChangeWidget(`id(`pw2), `Value, ""); + string dev = (data["type"]:`unknown != `loop) ? data["device"]:"" + : data["fpath"]:""; repeat { widget = MiniWorkflow::UserInput(); @@ -496,8 +496,11 @@ { password = (string) UI::QueryWidget(`id(`pw1), `Value); string tmp = (string) UI::QueryWidget(`id(`pw2), `Value); + boolean need_verify = !data["format"]:false && + size(data["mount"]:"")>0; - if (!Storage::CheckEncryptionPasswords(password, tmp, min_pw_len, empty_pw_allowed)) + if (!Storage::CheckEncryptionPasswords(password, tmp, min_pw_len, empty_pw_allowed) || + (need_verify && !Storage::CheckCryptOk(dev, password)) ) { UI::SetFocus(`id(`pw1) ); widget = `again; @@ -508,10 +511,7 @@ if (widget == `next) { - if (data["type"]:`unknown != `loop) - Storage::UpdateClassified(data["device"]:"", password); - else - Storage::UpdateClassified(data["fpath"]:"", password); + Storage::SetCryptPwd(dev, password); widget = `finish; } Modified: branches/SuSE-Code-11-SP1-Branch/storage/storage/src/modules/Storage.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/storage/storage/src/modules/Storage.ycp?rev=60185&r1=60184&r2=60185&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/storage/storage/src/modules/Storage.ycp (original) +++ branches/SuSE-Code-11-SP1-Branch/storage/storage/src/modules/Storage.ycp Tue Dec 22 17:57:36 2009 @@ -72,9 +72,6 @@ import "LibStorage::Environment"; -global void UpdateClassified(string key, string pwd); - - map conv_ctype = $[ "def_sym" : `CT_UNKNOWN, "def_int" : LibStorage::CUNKNOWN(), @@ -169,7 +166,6 @@ map DiskMapVersion = $[]; map DiskMap = $[]; -map ClassifiedSettings = $[]; map type_order = $[ `CT_DISK : 0, `CT_MD : 1, `CT_MDPART : 2, `CT_DMRAID : 3, `CT_DMMULTIPATH : 4, `CT_LOOP : 5, `CT_DM : 6, `CT_LVM : 7, `CT_NFS : 8 ]; @@ -753,6 +749,12 @@ ``(p["device"]:""==device )); pa = part[0]:$[]; } + if( size(pa)==0 && search(device, "/dev/mapper/")==0 ) + { + part = filter( map p, tg["/dev/loop","partitions"]:[], + ``(p["device"]:""==device )); + pa = part[0]:$[]; + } if( size(pa)>0 ) ret = add( ret, pa ); }); @@ -2716,21 +2718,6 @@ else y2milestone( "ChangeVolumeProperties sint ret:%1", ret ); } - if( ret==0 && - part["enc_type"]:`none != `none && haskey( ClassifiedSettings, dev ) ) - { - changed = true; - if( size(ClassifiedSettings[dev]:"")>0 ) - { - string pwd = ClassifiedSettings[dev]:""; - ret = LibStorage::StorageInterface::setCryptPassword( sint, dev, - pwd ); - if( ret<0 ) - y2error( "ChangeVolumeProperties sint ret:%1", ret ); - else - y2milestone( "ChangeVolumeProperties sint ret:%1", ret ); - } - } if( ret==0 && part["enc_type"]:`none != curr["enc_type"]:`none ) { changed = true; @@ -3075,23 +3062,52 @@ return ret; } +global string GetCryptPwd( string device ) + { + string pwd=""; + y2milestone( "GetCryptPwd device:%1", device ); + integer ret = 0; + ret = LibStorage::StorageInterface::getCryptPassword( sint, device, pwd ); + if( ret<0 ) + y2error( "GetCryptPwd sint ret:%1", ret ); + else + y2milestone( "GetCryptPwd empty:%1", size(pwd)==0 ); + return( pwd ); + } + +global boolean SetCryptPwd( string device, string pwd ) + { + y2milestone( "SetCryptPwd device:%1", device ); + integer ret = 0; + ret = LibStorage::StorageInterface::setCryptPassword( sint, device, pwd ); + if( ret<0 ) + y2error( "SetCryptPwd sint ret:%1", ret ); + else + y2milestone( "SetCryptPwd sint ret:%1", ret ); + return( ret==0 ); + } + +global boolean NeedCryptPwd( string device ) + { + boolean ret = false; + ret = LibStorage::StorageInterface::needCryptPassword( sint, device ); + y2milestone( "NeedCryptPwd device:%1 ret:%2", device, ret ); + return( ret ); + } + global string CreateLoop( string file, boolean create, integer sizeK, string mp ) { y2milestone( "CreateLoop file:%1 create:%2 sizeK:%3 mp:%4", file, create, sizeK, mp ); string dev = ""; - integer ret = -9999; - if( haskey( ClassifiedSettings, file )) - { - string pwd = ClassifiedSettings[file]:""; - ret = LibStorage::StorageInterface::createFileLoop( sint, file, !create, - sizeK, mp, pwd, - dev ); - UpdateClassified(dev, pwd); - } + integer ret = 0; + string pwd = GetCryptPwd( file ); + ret = LibStorage::StorageInterface::createFileLoop( sint, file, !create, + sizeK, mp, pwd, dev ); if( ret<0 ) y2error( "CreateLoop sint ret:%1", ret ); + LibStorage::StorageInterface::forgetCryptPassword( sint, file ); UpdateTargetMapDisk( "/dev/loop" ); y2milestone( "CreateLoop dev:%1", dev ); return( dev ); @@ -3121,17 +3137,9 @@ global void UpdateClassified( string key, string pwd ) { - ClassifiedSettings[key] = pwd; - //y2milestone( "ClassifiedSettings %1", ClassifiedSettings ); + LibStorage::StorageInterface::setCryptPassword( sint, key, pwd ); } - -global boolean HasClassified(string key) -{ - return haskey(ClassifiedSettings, key); -} - - define void HandleModulesOnBoot( map targetMap ); global boolean UpdateLoop( string dev, string file, boolean create, @@ -3161,43 +3169,6 @@ return( ret==0 ); } -global string GetCryptPwd( string device ) - { - string pwd=""; - y2milestone( "GetCryptPwd device:%1", device ); - if( size(ClassifiedSettings[device]:"")>0 ) - pwd = ClassifiedSettings[device]:""; - else - { - integer ret = 0; - ret = LibStorage::StorageInterface::getCryptPassword( sint, device, - pwd ); - if( ret<0 ) - y2error( "GetCryptPwd sint ret:%1", ret ); - } - y2milestone( "GetCryptPwd empty:%1", size(pwd)==0 ); - return( pwd ); - } - -global boolean SetCryptPwd( string device, string pwd ) - { - y2milestone( "SetCryptPwd device:%1", device ); - integer ret = LibStorage::StorageInterface::setCryptPassword( sint, device, - pwd ); - y2milestone( "SetCryptPwd sint ret:%1", ret ); - map p = GetPartition( GetTargetMap(), device ); - if( ret==LibStorage::STORAGE_VOLUME_NOT_FOUND() || p["create"]:false ) - { - ClassifiedSettings[device] = pwd; - y2milestone( "setting classified %1 pwd size %2", device, size(pwd) ); - ret = 0; - } - else if( ret<0 ) - y2error( "SetCryptPwd sint ret:%1", ret ); - return( ret==0 ); - } - - global string DefaultDiskLabel(integer size_k) { y2milestone("DefaultDiskLabel size_k:%1", size_k ); @@ -3814,7 +3785,6 @@ integer ret = LibStorage::StorageInterface::commit( sint ); if( ret<0 ) y2error( "CommitChanges sint ret:%1", ret ); - ClassifiedSettings = $[]; return( ret ); } @@ -6733,5 +6703,20 @@ return true; } +global boolean CheckCryptOk( string dev, string fs_passwd ) + { + integer i = LibStorage::StorageInterface::verifyCryptPassword( sint, dev, fs_passwd ); + if( i!=0 ) + Popup::Error( sformat(_("Could not set encryption. +System error code is %1. + +The crypt password provided could be incorrect. +"), i )); + y2milestone( "CheckCryptOk dev:%1 pwlen:%2 ret:%3", + dev, size(fs_passwd), i==0 ); + return( i==0 ); + } + } + -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org