From e1f7680ca45c5173f7853feb76dd093cec8d17ad Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Fri, 15 Jun 2012 09:38:36 +0200 Subject: [PATCH] remove obsolete encryption support from losetup kernel cryptoloop is deprecated since ages and support for cryptoloop in util-linux is incomplete/broken. - no password hashing - last 8 bit of key are always set to zero - no binary keys possible (stops reading key at \n and \0) In the past some Distros added the above features with patches. So remove cryptoloop support from util-linux completely to make sure people won't try using it. Signed-off-by: Ludwig Nussel --- include/loopdev.h | 3 -- lib/loopdev.c | 56 ---------------------------------------- libmount/src/context_loopdev.c | 22 +++------------- mount/mount.8 | 9 +----- mount/mount.c | 20 +++++--------- sys-utils/losetup.8 | 29 ++------------------ sys-utils/losetup.c | 30 +++++---------------- sys-utils/mount.8 | 7 +---- sys-utils/mount.c | 34 +----------------------- 9 files changed, 25 insertions(+), 185 deletions(-) diff --git a/include/loopdev.h b/include/loopdev.h index 906bee0..030f215 100644 --- a/include/loopdev.h +++ b/include/loopdev.h @@ -165,9 +165,6 @@ int loopcxt_set_offset(struct loopdev_cxt *lc, uint64_t offset); int loopcxt_set_sizelimit(struct loopdev_cxt *lc, uint64_t sizelimit); int loopcxt_set_flags(struct loopdev_cxt *lc, uint32_t flags); int loopcxt_set_backing_file(struct loopdev_cxt *lc, const char *filename); -int loopcxt_set_encryption(struct loopdev_cxt *lc, - const char *encryption, - const char *password); extern char *loopcxt_get_backing_file(struct loopdev_cxt *lc); extern int loopcxt_get_backing_devno(struct loopdev_cxt *lc, dev_t *devno); diff --git a/lib/loopdev.c b/lib/loopdev.c index fd3f9ba..807984e 100644 --- a/lib/loopdev.c +++ b/lib/loopdev.c @@ -963,62 +963,6 @@ int loopcxt_set_backing_file(struct loopdev_cxt *lc, const char *filename) return 0; } -static int digits_only(const char *s) -{ - while (*s) - if (!isdigit(*s++)) - return 0; - return 1; -} - -/* - * @lc: context - * @encryption: encryption name / type (see lopsetup man page) - * @password - * - * Note that the encryption functionality is deprecated an unmaintained. Use - * cryptsetup (it also supports AES-loops). - * - * The setting is removed by loopcxt_set_device() loopcxt_next()! - * - * Returns: 0 on success, <0 on error. - */ -int loopcxt_set_encryption(struct loopdev_cxt *lc, - const char *encryption, - const char *password) -{ - if (!lc) - return -EINVAL; - - DBG(lc, loopdev_debug("setting encryption '%s'", encryption)); - - if (encryption && *encryption) { - if (digits_only(encryption)) { - lc->info.lo_encrypt_type = atoi(encryption); - } else { - lc->info.lo_encrypt_type = LO_CRYPT_CRYPTOAPI; - snprintf((char *)lc->info.lo_crypt_name, LO_NAME_SIZE, - "%s", encryption); - } - } - - switch (lc->info.lo_encrypt_type) { - case LO_CRYPT_NONE: - lc->info.lo_encrypt_key_size = 0; - break; - default: - DBG(lc, loopdev_debug("setting encryption key")); - memset(lc->info.lo_encrypt_key, 0, LO_KEY_SIZE); - strncpy((char *)lc->info.lo_encrypt_key, password, LO_KEY_SIZE); - lc->info.lo_encrypt_key[LO_KEY_SIZE - 1] = '\0'; - lc->info.lo_encrypt_key_size = LO_KEY_SIZE; - break; - } - - DBG(lc, loopdev_debug("encryption successfully set")); - return 0; -} - /* * @cl: context * diff --git a/libmount/src/context_loopdev.c b/libmount/src/context_loopdev.c index 023c952..863ee3d 100644 --- a/libmount/src/context_loopdev.c +++ b/libmount/src/context_loopdev.c @@ -7,7 +7,6 @@ /* * DOCS: - "lo@" prefix for fstype is unsupported - * - encyption= mount option for loop device is unssuported */ #include @@ -35,8 +34,7 @@ int mnt_context_is_loopdev(struct libmnt_context *cxt) if (cxt->user_mountflags & (MNT_MS_LOOP | MNT_MS_OFFSET | - MNT_MS_SIZELIMIT | - MNT_MS_ENCRYPTION)) { + MNT_MS_SIZELIMIT)) { DBG(CXT, mnt_debug_h(cxt, "loopdev specific options detected")); return 1; @@ -134,7 +132,7 @@ static int is_mounted_same_loopfile(struct libmnt_context *cxt, int mnt_context_setup_loopdev(struct libmnt_context *cxt) { const char *backing_file, *optstr, *loopdev = NULL; - char *val = NULL, *enc = NULL, *pwd = NULL; + char *val = NULL; size_t len; struct loopdev_cxt lc; int rc = 0, lo_flags = 0; @@ -200,13 +198,8 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt) */ if (rc == 0 && (cxt->user_mountflags & MNT_MS_ENCRYPTION) && mnt_optstr_get_option(optstr, "encryption", &val, &len) == 0) { - enc = strndup(val, len); - if (val && !enc) - rc = -ENOMEM; - if (enc && cxt->pwd_get_cb) { - DBG(CXT, mnt_debug_h(cxt, "asking for pass")); - pwd = cxt->pwd_get_cb(cxt); - } + DBG(CXT, mnt_debug_h(cxt, "encryption no longer supported")); + rc = -EINVAL; } if (rc == 0 && is_mounted_same_loopfile(cxt, @@ -245,8 +238,6 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt) rc = loopcxt_set_offset(&lc, offset); if (!rc && sizelimit) rc = loopcxt_set_sizelimit(&lc, sizelimit); - if (!rc && enc && pwd) - loopcxt_set_encryption(&lc, enc, pwd); if (!rc) loopcxt_set_flags(&lc, lo_flags); if (rc) { @@ -298,11 +289,6 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt) loopcxt_set_fd(&lc, -1, 0); } done: - free(enc); - if (pwd && cxt->pwd_release_cb) { - DBG(CXT, mnt_debug_h(cxt, "release pass")); - cxt->pwd_release_cb(cxt, pwd); - } loopcxt_deinit(&lc); return rc; } diff --git a/mount/mount.8 b/mount/mount.8 index 789d9fe..0644e8e 100644 --- a/mount/mount.8 +++ b/mount/mount.8 @@ -535,11 +535,6 @@ Don't canonicalize paths. The mount command canonicalizes all paths file. This option can be used together with the .B \-f flag for already canonicalized absolut paths. -.IP "\fB\-p, \-\-pass\-fd \fInum\fP" -In case of a loop mount with encryption, read the passphrase from -file descriptor -.I num -instead of from the terminal. .IP "\fB\-s\fP" Tolerate sloppy mount options rather than failing. This will ignore mount options not supported by a filesystem type. Not all filesystems @@ -2708,8 +2703,8 @@ not specified or the filesystem is known for libblkid, for example: .B "mount -t ext3 /tmp/disk.img /mnt" .sp .RE -This type of mount knows about four options, namely -.BR loop ", " offset ", " sizelimit " and " encryption , +This type of mount knows about three options, namely +.BR loop ", " offset ", " sizelimit " , that are really options to .BR \%losetup (8). (These options can be used in addition to those specific diff --git a/mount/mount.c b/mount/mount.c index 396f357..b69fd61 100644 --- a/mount/mount.c +++ b/mount/mount.c @@ -83,9 +83,6 @@ static int mounttype = 0; /* True if (ruid != euid) or (0 != ruid), i.e. only "user" mounts permitted. */ static int restricted = 1; -/* Contains the fd to read the passphrase from, if any. */ -static int pfd = -1; - #ifdef HAVE_LIBMOUNT_MOUNT static struct libmnt_update *mtab_update; static char *mtab_opts; @@ -1262,7 +1259,7 @@ loop_check(const char **spec, const char **type, int *flags, *type = opt_vfstype; } - *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_sizelimit || opt_encryption); + *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_sizelimit); *loopfile = *spec; /* Automatically create a loop device from a regular file if a filesystem @@ -1317,6 +1314,11 @@ loop_check(const char **spec, const char **type, int *flags, return EX_FAIL; } + if (opt_encryption) { + error("mount: %s", _("encryption not supported, use cryptsetup(8) instead")); + return EX_FAIL; + } + loopcxt_init(&lc, 0); /* loopcxt_enable_debug(&lc, 1); */ @@ -1525,14 +1527,6 @@ update_mtab_entry(const char *spec, const char *node, const char *type, #endif /* !HAVE_LIBMOUNT_MOUNT */ static void -set_pfd(char *s) { - if (!isdigit(*s)) - die(EX_USAGE, - _("mount: argument to -p or --pass-fd must be a number")); - pfd = atoi(optarg); -} - -static void cdrom_setspeed(const char *spec) { #define CDROM_SELECT_SPEED 0x5322 /* Set the CD-ROM speed */ if (opt_speed) { @@ -2579,7 +2573,7 @@ main(int argc, char *argv[]) { test_opts = append_opt(test_opts, optarg, NULL); break; case 'p': /* fd on which to read passwd */ - set_pfd(optarg); + error("mount: %s", _("--pass-fd is no longer supported")); break; case 'r': /* mount readonly */ readonly = 1; diff --git a/sys-utils/losetup.8 b/sys-utils/losetup.8 index f50b072..8c69689 100644 --- a/sys-utils/losetup.8 +++ b/sys-utils/losetup.8 @@ -40,8 +40,6 @@ Setup loop device: .sp .in +5 .B losetup -.RB [{ \-e | \-E } -.IR encryption ] .RB [ \-o .IR offset ] .RB [ \-\-sizelimit @@ -82,8 +80,6 @@ force loop driver to reread size of the file associated with the specified loop detach the file or device associated with the specified loop device(s) .IP "\fB\-D, \-\-detach-all\fP" detach all associated loop devices -.IP "\fB\-e, \-E, \-\-encryption \fIencryption_type\fP" -enable data encryption with specified name or number .IP "\fB\-f, \-\-find\fP" find the first unused loop device. If a .I file @@ -98,10 +94,6 @@ the data start is moved \fIoffset\fP bytes into the specified file or device .IP "\fB\-\-sizelimit \fIsize\fP" the data end is set to no more than \fIsize\fP bytes after the data start -.IP "\fB\-p, \-\-pass-fd \fInum\fP" -read the passphrase from file descriptor with number -.I num -instead of from the terminal .IP "\fB\-P, \-\-partscan\fP" force kernel to scan partition table on newly created loop device .IP "\fB\-r, \-\-read-only\fP" @@ -116,25 +108,10 @@ argument are present. verbose mode .SH ENCRYPTION -.B Cryptoloop is deprecated in favor of dm-crypt. For more details see -.B cryptsetup (8). It is possible that all bug reports regarding to -E/-e -.B options will be ignored. - - -It is possible to specify transfer functions (for encryption/decryption -or other purposes) using one of the -.B \-E +Cryptoloop is no longer supported in favor of dm-crypt. For more details see +.B cryptsetup (8) and -.B \-e -options. -There are two mechanisms to specify the desired encryption: by number -and by name. If an encryption is specified by number then one -has to make sure that the Linux kernel knows about the encryption with that -number, probably by patching the kernel. Standard numbers that are -always present are 0 (no encryption) and 1 (XOR encryption). -When the cryptoloop module is loaded (or compiled in), it uses number 18. -This cryptoloop module will take the name of an arbitrary encryption type -and find the module that knows how to perform that encryption. +.B crypttab (5). .SH RETURN VALUE .B losetup diff --git a/sys-utils/losetup.c b/sys-utils/losetup.c index 9f03151..2513253 100644 --- a/sys-utils/losetup.c +++ b/sys-utils/losetup.c @@ -18,7 +18,6 @@ #include "nls.h" #include "strutils.h" #include "loopdev.h" -#include "xgetpass.h" enum { A_CREATE = 1, /* setup a new device */ @@ -164,10 +163,8 @@ static void usage(FILE *out) " -j, --associated list all devices associated with \n"), out); fputs(USAGE_SEPARATOR, out); - fputs(_(" -e, --encryption enable encryption with specified \n" - " -o, --offset start at offset into file\n" + fputs(_(" -o, --offset start at offset into file\n" " --sizelimit device limited to bytes of the file\n" - " -p, --pass-fd read passphrase from file descriptor \n" " -P, --partscan create partitioned loop device\n" " -r, --read-only setup read-only loop device\n" " --show print device name after setup (with -f)\n" @@ -185,8 +182,8 @@ static void usage(FILE *out) int main(int argc, char **argv) { struct loopdev_cxt lc; - int act = 0, flags = 0, passfd = -1, c; - char *file = NULL, *encryption = NULL; + int act = 0, flags = 0, c; + char *file = NULL; uint64_t offset = 0, sizelimit = 0; int res = 0, showdev = 0, lo_flags = 0; @@ -249,7 +246,7 @@ int main(int argc, char **argv) break; case 'E': case 'e': - encryption = optarg; + errx(EXIT_FAILURE, _("encryption not supported, use cryptsetup(8) instead")); break; case 'f': act = A_FIND_FREE; @@ -268,8 +265,7 @@ int main(int argc, char **argv) flags |= LOOPDEV_FL_OFFSET; break; case 'p': - passfd = strtol_or_err(optarg, - _("invalid passphrase file descriptor")); + warn(_("--pass-fd is no longer supported")); break; case 'P': lo_flags |= LO_FLAGS_PARTSCAN; @@ -327,10 +323,10 @@ int main(int argc, char **argv) } if (act != A_CREATE && - (encryption || sizelimit || passfd != -1 || lo_flags || showdev)) + (sizelimit || lo_flags || showdev)) errx(EXIT_FAILURE, _("the options %s are allowed to loop device setup only"), - "--{encryption,sizelimit,pass-fd,read-only,show}"); + "--{sizelimit,read-only,show}"); if ((flags & LOOPDEV_FL_OFFSET) && act != A_CREATE && (act != A_SHOW || !file)) @@ -339,16 +335,8 @@ int main(int argc, char **argv) switch (act) { case A_CREATE: { - char *pass = NULL; int hasdev = loopcxt_has_device(&lc); - if (encryption) { -#ifdef MCL_FUTURE - if(mlockall(MCL_CURRENT | MCL_FUTURE)) - err(EXIT_FAILURE, _("couldn't lock into memory")); -#endif - pass = xgetpass(passfd, _("Password: ")); - } do { /* Note that loopcxt_{find_unused,set_device}() resets * loopcxt struct. @@ -357,8 +345,6 @@ int main(int argc, char **argv) warnx(_("not found unused device")); break; } - if (encryption && pass) - loopcxt_set_encryption(&lc, encryption, pass); if (flags & LOOPDEV_FL_OFFSET) loopcxt_set_offset(&lc, offset); if (flags & LOOPDEV_FL_SIZELIMIT) @@ -379,8 +365,6 @@ int main(int argc, char **argv) } } while (hasdev == 0); - free(pass); - if (showdev && res == 0) printf("%s\n", loopcxt_get_device(&lc)); break; diff --git a/sys-utils/mount.8 b/sys-utils/mount.8 index 4f8af0a..73f5170 100644 --- a/sys-utils/mount.8 +++ b/sys-utils/mount.8 @@ -528,11 +528,6 @@ Don't canonicalize paths. The mount command canonicalizes all paths file. This option can be used together with the .B \-f flag for already canonicalized absolut paths. -.IP "\fB\-p, \-\-pass\-fd \fInum\fP" -In case of a loop mount with encryption, read the passphrase from -file descriptor -.I num -instead of from the terminal. .IP "\fB\-s\fP" Tolerate sloppy mount options rather than failing. This will ignore mount options not supported by a filesystem type. Not all filesystems @@ -2715,7 +2710,7 @@ not specified or the filesystem is known for libblkid, for example: .sp .RE This type of mount knows about four options, namely -.BR loop ", " offset ", " sizelimit " and " encryption , +.BR loop ", " offset ", " sizelimit ", that are really options to .BR \%losetup (8). (These options can be used in addition to those specific diff --git a/sys-utils/mount.c b/sys-utils/mount.c index 7f2d5d8..031fd31 100644 --- a/sys-utils/mount.c +++ b/sys-utils/mount.c @@ -36,7 +36,6 @@ #include "env.h" #include "optutils.h" #include "strutils.h" -#include "xgetpass.h" #include "exitcodes.h" #include "xalloc.h" @@ -49,7 +48,6 @@ * --options-source-force MNT_OMODE_FORCE */ -static int passfd = -1; static int readwrite; static int mk_exit_code(struct libmnt_context *cxt, int rc); @@ -103,32 +101,6 @@ static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__) return 0; } -static char *encrypt_pass_get(struct libmnt_context *cxt) -{ - if (!cxt) - return 0; - -#ifdef MCL_FUTURE - if (mlockall(MCL_CURRENT | MCL_FUTURE)) { - warn(_("couldn't lock into memory")); - return NULL; - } -#endif - return xgetpass(passfd, _("Password: ")); -} - -static void encrypt_pass_release(struct libmnt_context *cxt - __attribute__((__unused__)), char *pwd) -{ - char *p = pwd; - - while (p && *p) - *p++ = '\0'; - - free(pwd); - munlockall(); -} - static void print_all(struct libmnt_context *cxt, char *pattern, int show_label) { struct libmnt_table *tb; @@ -616,7 +588,6 @@ static void __attribute__((__noreturn__)) usage(FILE *out) fprintf(out, _( " -o, --options comma-separated list of mount options\n" " -O, --test-opts limit the set of filesystems (use with -a)\n" - " -p, --pass-fd read the passphrase from file descriptor\n" " -r, --read-only mount the filesystem read-only (same as -o ro)\n" " -t, --types limit the set of filesystem types\n")); fprintf(out, _( @@ -782,8 +753,7 @@ int main(int argc, char **argv) err(MOUNT_EX_SYSERR, _("failed to set options pattern")); break; case 'p': - passfd = strtol_or_err(optarg, - _("invalid passphrase file descriptor")); + warnx(_("--pass-fd is no longer supported")); break; case 'L': case 'U': @@ -864,8 +834,6 @@ int main(int argc, char **argv) else if (types) mnt_context_set_fstype(cxt, types); - mnt_context_set_passwd_cb(cxt, encrypt_pass_get, encrypt_pass_release); - if (all) { /* * A) Mount all -- 1.7.7