diff options
author | Ludwig Nussel | 2012-09-11 10:46:11 +0200 |
---|---|---|
committer | Karel Zak | 2012-09-11 10:46:11 +0200 |
commit | 5cf05c71472bf7230075cbdcd5cd6eb12b1d3654 (patch) | |
tree | 17ee914da867ce1765102b1dbbf0d6ffefab1ff6 /sys-utils | |
parent | build-sys: remove static from config-gen.d/{devel,all}.conf (diff) | |
download | kernel-qcow2-util-linux-5cf05c71472bf7230075cbdcd5cd6eb12b1d3654.tar.gz kernel-qcow2-util-linux-5cf05c71472bf7230075cbdcd5cd6eb12b1d3654.tar.xz kernel-qcow2-util-linux-5cf05c71472bf7230075cbdcd5cd6eb12b1d3654.zip |
mount: losetup: remove obsolete encryption support
kernel cryptoloop is deprecated since ages and support for cryptoloop
in util-linux is incomplete/broken.
- no password hashing
- last 8 bit of key are always set to zero
- no binary keys possible (stops reading key at \n and \0)
In the past some Distros added the above features with patches. So
remove cryptoloop support from util-linux completely to make sure
people won't try using it.
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'sys-utils')
-rw-r--r-- | sys-utils/losetup.8 | 29 | ||||
-rw-r--r-- | sys-utils/losetup.c | 30 | ||||
-rw-r--r-- | sys-utils/mount.8 | 7 | ||||
-rw-r--r-- | sys-utils/mount.c | 42 |
4 files changed, 12 insertions, 96 deletions
diff --git a/sys-utils/losetup.8 b/sys-utils/losetup.8 index 9b5fe6109..6a006e1b8 100644 --- a/sys-utils/losetup.8 +++ b/sys-utils/losetup.8 @@ -40,8 +40,6 @@ Setup loop device: .sp .in +5 .B losetup -.RB [{ \-e | \-E } -.IR encryption ] .RB [ \-o .IR offset ] .RB [ \-\-sizelimit @@ -83,8 +81,6 @@ force loop driver to reread size of the file associated with the specified loop detach the file or device associated with the specified loop device(s) .IP "\fB\-D, \-\-detach-all\fP" detach all associated loop devices -.IP "\fB\-e, \-E, \-\-encryption \fIencryption_type\fP" -enable data encryption with specified name or number .IP "\fB\-f, \-\-find\fP" find the first unused loop device. If a .I file @@ -99,10 +95,6 @@ the data start is moved \fIoffset\fP bytes into the specified file or device .IP "\fB\-\-sizelimit \fIsize\fP" the data end is set to no more than \fIsize\fP bytes after the data start -.IP "\fB\-p, \-\-pass-fd \fInum\fP" -read the passphrase from file descriptor with number -.I num -instead of from the terminal .IP "\fB\-P, \-\-partscan\fP" force kernel to scan partition table on newly created loop device .IP "\fB\-r, \-\-read-only\fP" @@ -117,25 +109,8 @@ argument are present. verbose mode .SH ENCRYPTION -.B Cryptoloop is deprecated in favor of dm-crypt. For more details see -.B cryptsetup (8). It is possible that all bug reports regarding to -E/-e -.B options will be ignored. - - -It is possible to specify transfer functions (for encryption/decryption -or other purposes) using one of the -.B \-E -and -.B \-e -options. -There are two mechanisms to specify the desired encryption: by number -and by name. If an encryption is specified by number then one -has to make sure that the Linux kernel knows about the encryption with that -number, probably by patching the kernel. Standard numbers that are -always present are 0 (no encryption) and 1 (XOR encryption). -When the cryptoloop module is loaded (or compiled in), it uses number 18. -This cryptoloop module will take the name of an arbitrary encryption type -and find the module that knows how to perform that encryption. +.B Cryptoloop is no longer supported in favor of dm-crypt. For more details see +.B cryptsetup (8). .SH RETURN VALUE .B losetup diff --git a/sys-utils/losetup.c b/sys-utils/losetup.c index 9aeb9ec8a..38ccc7d08 100644 --- a/sys-utils/losetup.c +++ b/sys-utils/losetup.c @@ -18,7 +18,6 @@ #include "nls.h" #include "strutils.h" #include "loopdev.h" -#include "xgetpass.h" #include "closestream.h" #include "optutils.h" @@ -166,10 +165,8 @@ static void usage(FILE *out) " -j, --associated <file> list all devices associated with <file>\n"), out); fputs(USAGE_SEPARATOR, out); - fputs(_(" -e, --encryption <type> enable encryption with specified <name/num>\n" - " -o, --offset <num> start at offset <num> into file\n" + fputs(_(" -o, --offset <num> start at offset <num> into file\n" " --sizelimit <num> device limited to <num> bytes of the file\n" - " -p, --pass-fd <num> read passphrase from file descriptor <num>\n" " -P, --partscan create partitioned loop device\n" " -r, --read-only setup read-only loop device\n" " --show print device name after setup (with -f)\n" @@ -207,8 +204,8 @@ static void warn_size(const char *filename, uint64_t size) int main(int argc, char **argv) { struct loopdev_cxt lc; - int act = 0, flags = 0, passfd = -1, c; - char *file = NULL, *encryption = NULL; + int act = 0, flags = 0, c; + char *file = NULL; uint64_t offset = 0, sizelimit = 0; int res = 0, showdev = 0, lo_flags = 0; @@ -281,7 +278,7 @@ int main(int argc, char **argv) break; case 'E': case 'e': - encryption = optarg; + errx(EXIT_FAILURE, _("encryption not supported, use cryptsetup(8) instead")); break; case 'f': act = A_FIND_FREE; @@ -298,8 +295,7 @@ int main(int argc, char **argv) flags |= LOOPDEV_FL_OFFSET; break; case 'p': - passfd = strtou32_or_err(optarg, - _("invalid passphrase file descriptor")); + warn(_("--pass-fd is no longer supported")); break; case 'P': lo_flags |= LO_FLAGS_PARTSCAN; @@ -361,10 +357,10 @@ int main(int argc, char **argv) } if (act != A_CREATE && - (encryption || sizelimit || passfd != -1 || lo_flags || showdev)) + (sizelimit || lo_flags || showdev)) errx(EXIT_FAILURE, _("the options %s are allowed to loop device setup only"), - "--{encryption,sizelimit,pass-fd,read-only,show}"); + "--{sizelimit,read-only,show}"); if ((flags & LOOPDEV_FL_OFFSET) && act != A_CREATE && (act != A_SHOW || !file)) @@ -373,16 +369,8 @@ int main(int argc, char **argv) switch (act) { case A_CREATE: { - char *pass = NULL; int hasdev = loopcxt_has_device(&lc); - if (encryption) { -#ifdef MCL_FUTURE - if(mlockall(MCL_CURRENT | MCL_FUTURE)) - err(EXIT_FAILURE, _("couldn't lock into memory")); -#endif - pass = xgetpass(passfd, _("Password: ")); - } do { /* Note that loopcxt_{find_unused,set_device}() resets * loopcxt struct. @@ -391,8 +379,6 @@ int main(int argc, char **argv) warnx(_("not found unused device")); break; } - if (encryption && pass) - loopcxt_set_encryption(&lc, encryption, pass); if (flags & LOOPDEV_FL_OFFSET) loopcxt_set_offset(&lc, offset); if (flags & LOOPDEV_FL_SIZELIMIT) @@ -415,8 +401,6 @@ int main(int argc, char **argv) } } while (hasdev == 0); - free(pass); - if (res == 0) { if (showdev) printf("%s\n", loopcxt_get_device(&lc)); diff --git a/sys-utils/mount.8 b/sys-utils/mount.8 index bac259b11..cbd7c1354 100644 --- a/sys-utils/mount.8 +++ b/sys-utils/mount.8 @@ -559,11 +559,6 @@ Don't canonicalize paths. The mount command canonicalizes all paths file. This option can be used together with the .B \-f flag for already canonicalized absolut paths. -.IP "\fB\-p, \-\-pass\-fd \fInum\fP" -In case of a loop mount with encryption, read the passphrase from -file descriptor -.I num -instead of from the terminal. .IP "\fB\-s\fP" Tolerate sloppy mount options rather than failing. This will ignore mount options not supported by a filesystem type. Not all filesystems @@ -2775,7 +2770,7 @@ not specified or the filesystem is known for libblkid, for example: .sp .RE This type of mount knows about four options, namely -.BR loop ", " offset ", " sizelimit " and " encryption , +.BR loop ", " offset " and " sizelimit " , that are really options to .BR \%losetup (8). (These options can be used in addition to those specific diff --git a/sys-utils/mount.c b/sys-utils/mount.c index 2d1d2cd41..0ac3d9083 100644 --- a/sys-utils/mount.c +++ b/sys-utils/mount.c @@ -36,7 +36,6 @@ #include "c.h" #include "env.h" #include "strutils.h" -#include "xgetpass.h" #include "exitcodes.h" #include "xalloc.h" #include "closestream.h" @@ -51,7 +50,6 @@ * --options-source-force MNT_OMODE_FORCE */ -static int passfd = -1; static int readwrite; static int mk_exit_code(struct libmnt_context *cxt, int rc); @@ -105,32 +103,6 @@ static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__) return 0; } -static char *encrypt_pass_get(struct libmnt_context *cxt) -{ - if (!cxt) - return 0; - -#ifdef MCL_FUTURE - if (mlockall(MCL_CURRENT | MCL_FUTURE)) { - warn(_("couldn't lock into memory")); - return NULL; - } -#endif - return xgetpass(passfd, _("Password: ")); -} - -static void encrypt_pass_release(struct libmnt_context *cxt - __attribute__((__unused__)), char *pwd) -{ - char *p = pwd; - - while (p && *p) - *p++ = '\0'; - - free(pwd); - munlockall(); -} - /* * Replace control chars with '?' to be compatible with coreutils. For more * robust solution use findmnt(1) where we use \x?? hex encoding. @@ -404,13 +376,7 @@ try_readonly: warnx(_("failed to parse mount options")); return MOUNT_EX_USAGE; case -MNT_ERR_LOOPDEV: - if (errno == ENOENT - && (uflags & MNT_MS_ENCRYPTION) - && src && stat(src, &st) == 0) - warnx(_("%s: failed to setup loop device " - "(probably unknown encryption type)"), src); - else - warn(_("%s: failed to setup loop device"), src); + warn(_("%s: failed to setup loop device"), src); return MOUNT_EX_FAIL; default: return handle_generic_errors(rc, _("%s: mount failed"), @@ -641,7 +607,6 @@ static void __attribute__((__noreturn__)) usage(FILE *out) fprintf(out, _( " -o, --options <list> comma-separated list of mount options\n" " -O, --test-opts <list> limit the set of filesystems (use with -a)\n" - " -p, --pass-fd <num> read the passphrase from file descriptor\n" " -r, --read-only mount the filesystem read-only (same as -o ro)\n" " -t, --types <list> limit the set of filesystem types\n")); fprintf(out, _( @@ -835,8 +800,7 @@ int main(int argc, char **argv) err(MOUNT_EX_SYSERR, _("failed to set options pattern")); break; case 'p': - passfd = strtou32_or_err(optarg, - _("invalid passphrase file descriptor")); + warnx(_("--pass-fd is no longer supported")); break; case 'L': xasprintf(&srcbuf, "LABEL=\"%s\"", optarg); @@ -931,8 +895,6 @@ int main(int argc, char **argv) else if (types) mnt_context_set_fstype(cxt, types); - mnt_context_set_passwd_cb(cxt, encrypt_pass_get, encrypt_pass_release); - if (all) { /* * A) Mount all |