Merge branch 'master' into '6-delete-luks-key-endpoint'

# Conflicts:
#   src/cryptops-api.c

Makefile

@@ -9,30 +9,34 @@ SRCDIR   = src
 OBJDIR   = obj
 BINDIR   = bin
 
+DEPS=$(wildcard $(SRCDIR)/*/*.c) $(wildcard $(SRCDIR)/*.c)
+
 SOURCES  := $(SRCDIR)/$(TARGET).c
-INCLUDES := $(wildcard $(SRCDIR)/*.h)
 OBJECTS  := $(SOURCES:$(SRCDIR)/%.c=$(OBJDIR)/%.o)
 
 $(BINDIR)/$(TARGET): $(BINDIR)
 $(BINDIR):
 	mkdir -p $(BINDIR)
+
+# Make binary linking .o files and libraries
 $(BINDIR)/$(TARGET): $(OBJECTS)
 	@$(LINKER) $(OBJECTS) $(LFLAGS) -o $@
 	@echo "Linking complete."
 
-$(OBJECTS): | $(OBJDIR)
-$(OBJDIR):
+# Compile an object for a c file in SRCDIR
+$(OBJDIR)/%.o: $(SRCDIR)/%.c $(DEPS)
 	mkdir -p $(OBJDIR)
-$(OBJECTS): $(OBJDIR)/%.o : $(SRCDIR)/%.c
 	@$(CC) $(CFLAGS) -c $< -o $@
 	@echo "Compiled "$<" successfully."
 
+# Remove intermediate files
 .PHONY: clean
 clean:
-	@rm -f $(OBJECTS)
+	@rm -rf $(OBJDIR)
 	@echo "Cleanup complete."
 
+# Remove all compiled files
 .PHONY: remove
 remove: clean
-	@rm -f $(BINDIR)/$(TARGET)
+	@rm -rf $(BINDIR)
 	@echo "Executable removed."

src/api/encryption_get.c

@@ -33,7 +33,7 @@ int callback_encryption_get(const struct _u_request * request,
             FILESYSTEM_TYPE);
         if (r != 0)
         {
-            printf("mounting root device failed: return code %d\n", r);
+            y_log_message(Y_LOG_LEVEL_ERROR, "mounting root device failed: return code %d", r);
             return send_simple_response(response, 500, "error",
                "mounting root device failed");
         }

src/api/encryption_init_post.c

@@ -57,9 +57,10 @@ int callback_encryption_init_post(const struct _u_request * request,
         FILESYSTEM_TYPE);
     if (r != 0)
     {
-        printf("mounting root device failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR, 
+            "mounting root device failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "mounting root device failed");
+            "mounting root device failed");
     }
 
     // Determine if the files on the unencrypted device would fit in memory.
@@ -73,27 +74,32 @@ int callback_encryption_init_post(const struct _u_request * request,
     }
 
     // Copy device contents to temporary filesystem.
-    printf("copying existing root device contents to memory\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG,
+            "copying existing root device contents to memory");
     char * command = NULL;
     asprintf(&command, "rsync -a %s/ %s", UNENCRYPTED_TMP_MOUNTPOINT,
         TMP_LOCATION);
     r = system(command);
     if (r != 0)
     {
-        printf("copying root device contents into memory failed"
-            ": return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "copying root device contents into memory failed: return code %d",
+            r);
         return send_simple_response(response, 500, "error",
             "copying root device contents into memory failed");
     }
 
     // Unmount unencrypted device.
-    printf("unmounting unencrypted device at %s\n", UNENCRYPTED_TMP_MOUNTPOINT);
+    y_log_message(Y_LOG_LEVEL_ERROR,
+        "unmounting unencrypted device at %s",
+        UNENCRYPTED_TMP_MOUNTPOINT);
     r = umount(UNENCRYPTED_TMP_MOUNTPOINT);
     if (r != 0)
     {
-        printf("unmounting encrypted device failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR, 
+            "unmounting encrypted device failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "unmounting unencrypted device failed");
+            "unmounting unencrypted device failed");
     }
 
     // Check whether the authorized_keys file exists on root device.
@@ -103,188 +109,208 @@ int callback_encryption_init_post(const struct _u_request * request,
     struct stat st = {0};
     if (stat(authorized_keys_path, &st) == -1)
     {
-        printf("authorized_keys not found on root device at %s\n",
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "authorized_keys not found on root device at %s",
             authorized_keys_path);
         return send_simple_response(response, 500, "error",
-           "authorized_keys not found on root device");
+            "authorized_keys not found on root device");
     }
 
     // Re-partition device.
-    printf("repartitioning device %s\n", ROOT_DEVICE);
+    y_log_message(Y_LOG_LEVEL_ERROR, "repartitioning device %s", ROOT_DEVICE);
     command = NULL;
     asprintf(&command, "sgdisk -a 8192 -n 1:0:48M -N 2 %s", ROOT_DEVICE);
     r = system(command);
     if (r != 0)
     {
-        printf("partitioning root device failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "partitioning root device failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "partitioning root device failed");
+            "partitioning root device failed");
     }
 
     // Inform kernel of partitioning changes.
-    printf("running partprobe\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG, "running partprobe");
     command = NULL;
     asprintf(&command, "partprobe");
     r = system(command);
     if (r != 0)
     {
-        printf("partprobe: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR, "partprobe failed: return code %d", 
+            r);
         return send_simple_response(response, 500, "error",
-           "partprobe failed");
+            "partprobe failed");
     }
     // Sleep for a little while.
     // This seems necessary for the newly created partitions to appear as
     // devices.
-    printf("waiting a bit...\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG, "waiting a bit...");
     sleep(2);
 
     // Create filesystem on the info partition.
-    printf("creating filesystem on info partition\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG, "creating filesystem on info partition");
     command = NULL;
     asprintf(&command, "mkfs -t %s %s", FILESYSTEM_TYPE,
         INFO_PARTITION_DEVICE);
-    printf("command: %s\n", command);
+    y_log_message(Y_LOG_LEVEL_DEBUG, "command: %s", command);
     r = system(command);
     if (r != 0)
     {
-        printf("creating filesystem failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "creating filesystem failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "creating filesystem inside encrypted container failed");
+            "creating filesystem inside encrypted container failed");
     }
 
     // Mount the info partition.
-    printf("mounting info partition\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG, "mounting info partition");
     r = temporary_mount(INFO_PARTITION_DEVICE, INFO_TMP_MOUNTPOINT,
         FILESYSTEM_TYPE);
     if (r != 0)
     {
-        printf("mounting encrypted device failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "mounting encrypted device failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "mounting encrypted root device failed");
+            "mounting encrypted root device failed");
     }
 
     // Create some directories in the info partition.
-    printf("creating directories in info partition\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG, "creating directories in info partition");
     command = NULL;
     asprintf(&command, "mkdir -p %s%s %s%s", INFO_TMP_MOUNTPOINT,
         AUTHORIZED_KEYS_DIR, INFO_TMP_MOUNTPOINT, SSH_HOST_KEY_DIR);
     r = system(command);
     if (r != 0)
     {
-        printf("creating directories failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "creating directories failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "creating directories in info partition failed");
+            "creating directories in info partition failed");
     }
 
     // Copy authorized_keys file to the info partition.
-    printf("copying authorized_keys to info partition\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG, "copying authorized_keys to info partition");
     command = NULL;
     asprintf(&command, "cp %s %s%s",
         AUTHORIZED_KEYS_PATH, INFO_TMP_MOUNTPOINT, AUTHORIZED_KEYS_PATH);
     r = system(command);
     if (r != 0)
     {
-        printf("copying authorized_keys failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "copying authorized_keys failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "copying authorized_keys failed");
+            "copying authorized_keys failed");
     }
 
     // Copy dropbear ssh host keys from the initrd to the info partition.
-    printf("copying dropbear ssh host keys\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG, "copying dropbear ssh host keys");
     command = NULL;
     asprintf(&command, "cp /etc/dropbear/* %s%s/", INFO_TMP_MOUNTPOINT,
         SSH_HOST_KEY_DIR);
     r = system(command);
     if (r != 0)
     {
-        printf("copying dropbear ssh host keys failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_DEBUG,
+            "copying dropbear ssh host keys failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "copying dropbear ssh host keys failed");
+            "copying dropbear ssh host keys failed");
     }
 
     // Unmount info partition.
-    printf("unmounting info partition at %s\n", INFO_TMP_MOUNTPOINT);
+    y_log_message(Y_LOG_LEVEL_DEBUG,
+        "unmounting info partition at %s", INFO_TMP_MOUNTPOINT);
     r = umount(INFO_TMP_MOUNTPOINT);
     if (r != 0)
     {
-        printf("unmounting failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "unmounting failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "unmounting configuration partition failed");
+            "unmounting configuration partition failed");
     }
 
     // Initialise encrypted container on data partition.
-    printf("creating encrypted container at %s\n", DATA_PARTITION_DEVICE);
+    y_log_message(Y_LOG_LEVEL_DEBUG,
+        "creating encrypted container at %s", DATA_PARTITION_DEVICE);
     r = create_encrypted_device(DATA_PARTITION_DEVICE, password);
     if (r != 0)
     {
-        printf("creating encrypted container failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "creating encrypted container failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "creating encryption container failed");
+            "creating encryption container failed");
     }
 
     // Unlock the new container.
-    printf("unlocking encrypted device\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG, "unlocking encrypted device");
     r = encryption_unlock(DATA_PARTITION_DEVICE, MAPPED_DEVICE_NAME,
         password);
     if (r != 0)
     {
-        printf("unlocking encrypted container failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "unlocking encrypted container failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "unlocking new encryption container failed");
+            "unlocking new encryption container failed");
     }
 
     // Create filesystem in the new container.
-    printf("creating filesystem in new container\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG, "creating filesystem in new container");
     command = NULL;
     asprintf(&command, "mkfs -t %s %s", FILESYSTEM_TYPE, MAPPED_DEVICE_PATH);
     r = system(command);
     if (r != 0)
     {
-        printf("creating filesystem failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "creating filesystem failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "creating filesystem inside encrypted container failed");
+            "creating filesystem inside encrypted container failed");
     }
 
     // Mount the unlocked container.
-    printf("mounting new filesystem\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG, "mounting new filesystem");
     r = temporary_mount(MAPPED_DEVICE_PATH, DATA_TMP_MOUNTPOINT,
         FILESYSTEM_TYPE);
     if (r != 0)
     {
-        printf("mounting encrypted device failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "mounting encrypted device failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "mounting encrypted root device failed");
+            "mounting encrypted root device failed");
     }
 
     // Copy device contents from temporary filesystem to encrypted container.
-    printf("copying root device contents from memory\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG,
+        "copying root device contents from memory");
     command = NULL;
     asprintf(&command, "rsync -a %s/ %s", TMP_LOCATION, DATA_TMP_MOUNTPOINT);
     r = system(command);
     if (r != 0)
     {
-        printf("copying from memory to encrypted device failed:"
-            " return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "copying from memory to encrypted device failed: return code %d",
+            r);
         return send_simple_response(response, 500, "error",
-           "copying root device contents from memory failed");
+            "copying root device contents from memory failed");
     }
 
     // Unmount filesystem on encrypted data partition.
-    printf("unmounting encrypted device at %s\n", DATA_TMP_MOUNTPOINT);
+    y_log_message(Y_LOG_LEVEL_DEBUG,
+        "unmounting encrypted device at %s", DATA_TMP_MOUNTPOINT);
     r = umount(DATA_TMP_MOUNTPOINT);
     if (r != 0)
     {
-        printf("unmounting encrypted device failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "unmounting encrypted device failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "unmounting encrypted device failed");
+            "unmounting encrypted device failed");
     }
 
     // Lock the container.
-    printf("locking encrypted device\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG, "locking encrypted device");
     r = encryption_lock(MAPPED_DEVICE_NAME);
     if (r != 0)
     {
-        printf("locking encrypted container failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "locking encrypted container failed: return code %d", r);
         return send_simple_response(response, 500, "error",
            "locking container failed");
     }

src/api/encryption_keys_get.c

@@ -23,7 +23,8 @@ int callback_encryption_keys_get(const struct _u_request * request,
     }
     if (r != 0)
     {
-        printf("container_initialise failed with status %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "container_initialise failed with status %d", r);
         return send_simple_response(response, 500, "error",
             "initialising encrypted container failed");
     }

src/api/encryption_keys_put.c → src/api/encryption_keys_put_post.c

 /**
- * Callback function to change a luks encryption password.
+ * Combined handler for adding and changing luks encryption passwords.
  * @param[in]   request   incoming HTTP request
  * @param[out]  response  HTTP response to the request
- * @param[in]   user_data extra data to pass between main thread and callbacks
+ * @param[in]   is_post   this is a post request (true) or a put (false)
  * @return                internal status code
  */
-int callback_encryption_keys_put(const struct _u_request * request,
-    struct _u_response * response, void * user_data)
+int encryption_keys_change(const struct _u_request * request,
+    struct _u_response * response, bool is_post)
 {
     int r;
 
@@ -31,20 +31,30 @@ int callback_encryption_keys_put(const struct _u_request * request,
             "missing new password");
     }
 
-    // Read keyslot from request URI.
-    const char * keyslot_string = u_map_get(request->map_url, "slot");
-    if (keyslot_string == NULL)
+    int keyslot;
+    // Posting a new password, put it in the first available slot.
+    if (is_post)
     {
-        return send_simple_response(response, 400, "error",
-            "missing url parameter `slot`");
+        keyslot = CRYPT_ANY_SLOT;
     }
-    int keyslot;
-    r = parse_int(keyslot_string, &keyslot);
-    if (r != 0)
+    // Changing an existing password, so read the slot from the url.
+    else
     {
-        printf("invalid url parameter `slot`: %s\n", keyslot_string);
-        return send_simple_response(response, 400, "error",
-            "invalid url parameter `slot`");
+        // Read keyslot from request URI.
+        const char * keyslot_string = u_map_get(request->map_url, "slot");
+        if (keyslot_string == NULL)
+        {
+            return send_simple_response(response, 400, "error",
+                "missing url parameter `slot`");
+        }
+        r = parse_int(keyslot_string, &keyslot);
+        if (r != 0)
+        {
+            y_log_message(Y_LOG_LEVEL_WARNING,
+                "invalid url parameter `slot`: %s", keyslot_string);
+            return send_simple_response(response, 400, "error",
+                "invalid url parameter `slot`");
+        }
     }
 
     // Initialise encrypted container.
@@ -56,14 +66,24 @@ int callback_encryption_keys_put(const struct _u_request * request,
     }
     if (r != 0)
     {
-        printf("container_initialise failed with status %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "container_initialise failed with status %d", r);
         return send_simple_response(response, 500, "error",
             "initialising encrypted container failed");
     }
 
-    // Add encryption password.
-    r = crypt_keyslot_change_by_passphrase(cd, keyslot, keyslot,
-        password, strlen(password), new_password, strlen(new_password));
+    if (is_post)
+    {
+        // Add encryption password.
+        r = crypt_keyslot_add_by_passphrase(cd, keyslot,
+            password, strlen(password), new_password, strlen(new_password));
+    }
+    else
+    {
+        // Change encryption password.
+        r = crypt_keyslot_change_by_passphrase(cd, keyslot, keyslot,
+            password, strlen(password), new_password, strlen(new_password));
+    }
   
     if (r == -1)
     {
@@ -75,7 +95,16 @@ int callback_encryption_keys_put(const struct _u_request * request,
     if (r < 0)
     {
         // Something else went wrong.
-        printf("crypt_keyslot_add_by_passphrase failed with status %d\n", r);
+        if (is_post)
+        {
+            y_log_message(Y_LOG_LEVEL_ERROR,
+                "crypt_keyslot_add_by_passphrase failed with status %d", r);
+        }
+        else
+        {
+            y_log_message(Y_LOG_LEVEL_ERROR,
+                "crypt_keyslot_change_by_passphrase failed with status %d", r);
+        }
         return send_simple_response(response, 500, "error",
             "error changing password");
     }
@@ -83,3 +112,28 @@ int callback_encryption_keys_put(const struct _u_request * request,
     // If we reach this point, apparently everything went well.
     return send_simple_response(response, 200, "status", "ok");
 }
+
+/**
+ * Callback function to add a luks encryption password.
+ * @param[in]   request   incoming HTTP request
+ * @param[out]  response  HTTP response to the request
+ * @param[in]   user_data extra data to pass between main thread and callbacks
+ * @return                internal status code
+ */
+int callback_encryption_keys_post(const struct _u_request * request,
+    struct _u_response * response, void * user_data)
+{
+    return encryption_keys_change(request, response, true);
+}
+/**
+ * Callback function to change a luks encryption password.
+ * @param[in]   request   incoming HTTP request
+ * @param[out]  response  HTTP response to the request
+ * @param[in]   user_data extra data to pass between main thread and callbacks
+ * @return                internal status code
+ */
+int callback_encryption_keys_put(const struct _u_request * request,
+    struct _u_response * response, void * user_data)
+{
+    return encryption_keys_change(request, response, false);
+}

src/api/encryption_remove_post.c

@@ -46,7 +46,7 @@ int callback_encryption_remove_post(const struct _u_request * request,
     }
 
     // Unlock the container.
-    printf("unlocking encrypted device\n");
+    y_log_message(Y_LOG_LEVEL_INFO, "unlocking encrypted device");
     r = encryption_unlock(DATA_PARTITION_DEVICE, MAPPED_DEVICE_NAME,
         password);
     if (r == -1)
@@ -57,9 +57,10 @@ int callback_encryption_remove_post(const struct _u_request * request,
     }
     if (r != 0)
     {
-        printf("unlocking encrypted container failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "unlocking encrypted container failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "unlocking encrypted container failed");
+            "unlocking encrypted container failed");
     }
 
     // Mount the filesystem on the encrypted data partition.
@@ -67,9 +68,10 @@ int callback_encryption_remove_post(const struct _u_request * request,
         FILESYSTEM_TYPE);
     if (r != 0)
     {
-        printf("mounting root device failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "mounting root device failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "mounting root device failed");
+            "mounting root device failed");
     }
 
     // Determine the filesystem usage of the encrypted data partition.
@@ -78,111 +80,127 @@ int callback_encryption_remove_post(const struct _u_request * request,
     {
         // Projected memory usage is really high, so abort.
         return send_simple_response(response, 500, "error",
-           "device too large");
+            "device too large");
     }
 
     // Copy device contents to temporary filesystem.
-    printf("copying existing root device contents to memory\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG,
+        "copying existing root device contents to memory");
     char * command = NULL;
     asprintf(&command, "rsync -a %s/ %s", DATA_TMP_MOUNTPOINT, TMP_LOCATION);
     r = system(command);
     if(r != 0)
     {
-        printf("copying root device contents into memory failed"
-            ": return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "copying root device contents into memory failed: return code %d",
+            r);
         return send_simple_response(response, 500, "error",
             "copying root device contents into memory failed");
     }
 
     // Unmount encrypted data partition.
-    printf("unmounting encrypted device at %s\n", DATA_TMP_MOUNTPOINT);
+    y_log_message(Y_LOG_LEVEL_DEBUG,
+        "unmounting encrypted device at %s", DATA_TMP_MOUNTPOINT);
     r = umount(DATA_TMP_MOUNTPOINT);
     if (r != 0)
     {
-        printf("unmounting encrypted device failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "unmounting encrypted device failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "unmounting encrypted device failed");
+            "unmounting encrypted device failed");
     }
 
     // Lock the container.
-    printf("locking encrypted device\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG, "locking encrypted device");
     r = encryption_lock(MAPPED_DEVICE_NAME);
     if (r != 0)
     {
-        printf("locking encrypted container failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "locking encrypted container failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "locking encrypted container failed");
+            "locking encrypted container failed");
     }
 
     // Unmount info partition.
     // We didn't mount this in cryptops-api, but it was mounted by the initrd
     // scripts for use by dropbear.
-    printf("unmounting info partition at %s\n", INFO_MOUNTPOINT);
+    y_log_message(Y_LOG_LEVEL_DEBUG,
+        "unmounting info partition at %s", INFO_MOUNTPOINT);
     r = umount(INFO_MOUNTPOINT);
     if (r != 0)
     {
-        printf("unmounting info partition failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "unmounting info partition failed: return code %d", r);
         return send_simple_response(response, 500, "error",
            "unmounting info partition failed");
     }
 
     // Remove all partitions from the device.
-    printf("removing partitions from device %s\n", ROOT_DEVICE);
+    y_log_message(Y_LOG_LEVEL_DEBUG,
+        "removing partitions from device %s", ROOT_DEVICE);
     command = NULL;
     asprintf(&command, "sgdisk -Z %s", ROOT_DEVICE);
     r = system(command);
     if (r != 0)
     {
-        printf("removing partitions failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "removing partitions failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "removing partitions failed");
+            "removing partitions failed");
     }
 
     // Create filesystem on the unencrypted device.
-    printf("creating filesystem on unencrypted device\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG,
+        "creating filesystem on unencrypted device");
     command = NULL;
     asprintf(&command, "mkfs -t %s %s", FILESYSTEM_TYPE, ROOT_DEVICE);
     r = system(command);
     if (r != 0)
     {
-        printf("creating filesystem failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "creating filesystem failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "creating filesystem on unencrypted device failed");
+            "creating filesystem on unencrypted device failed");
     }
 
     // Mount the new filesystem.
-    printf("mounting new filesystem\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG, "mounting new filesystem");
     r = temporary_mount(ROOT_DEVICE, UNENCRYPTED_TMP_MOUNTPOINT,
         FILESYSTEM_TYPE);
     if (r != 0)
     {
-        printf("mounting unencrypted device failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "mounting unencrypted device failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "mounting unencrypted root device failed");
+            "mounting unencrypted root device failed");
     }
 
     // Copy device contents from memory to the unencrypted device.
-    printf("copying root device contents from memory\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG,
+        "copying root device contents from memory");
     command = NULL;
     asprintf(&command, "rsync -a %s/ %s",
         TMP_LOCATION, UNENCRYPTED_TMP_MOUNTPOINT);
     r = system(command);
     if (r != 0)
     {
-        printf("copying from memory to unencrypted device failed:"
-            " return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "copying from memory to unencrypted device failed: return code %d",
+            r);
         return send_simple_response(response, 500, "error",
-           "copying root device contents from memory failed");
+            "copying root device contents from memory failed");
     }
 
     // Unmount filesystem on unencrypted device.
-    printf("unmounting unencrypted device at %s\n", UNENCRYPTED_TMP_MOUNTPOINT);
+    y_log_message(Y_LOG_LEVEL_DEBUG,
+        "unmounting unencrypted device at %s", UNENCRYPTED_TMP_MOUNTPOINT);
     r = umount(UNENCRYPTED_TMP_MOUNTPOINT);
     if (r != 0)
     {
-        printf("unmounting unencrypted device failed: return code %d\n", r);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "unmounting unencrypted device failed: return code %d", r);
         return send_simple_response(response, 500, "error",
-           "unmounting unencrypted device failed");
+            "unmounting unencrypted device failed");
     }
 
     // Record that we want to reboot the machine.

src/api/encryption_unlock_post.c

@@ -31,7 +31,8 @@ int callback_encryption_unlock_post(const struct _u_request * request,
     if (unlock_status != 0)
     {
         // Something else went wrong with unlocking.
-        printf("encryption_unlock failed with status %d\n", unlock_status);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "encryption_unlock failed with status %d", unlock_status);
         return send_simple_response(response, 500, "error",
             "error during unlocking");
     }

src/api/ssh_keys_delete.c

@@ -23,7 +23,8 @@ int callback_ssh_keys_delete(const struct _u_request * request,
     int r = parse_int(id_string, &id);
     if (r != 0)
     {
-        printf("invalid url parameter `id`: %s\n", id_string);
+        y_log_message(Y_LOG_LEVEL_WARNING,
+            "invalid url parameter `id`: %s", id_string);
         return send_simple_response(response, 400, "error",
             "invalid url parameter `id`");
     }

src/api/ssh_keys_get.c

@@ -69,7 +69,8 @@ int callback_ssh_keys_get(const struct _u_request * request,
     json_t * keys = readAuthorizedKeysToJson();
     if (keys == NULL)
     {
-        printf("Could not open authorized_keys file\n");
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "Could not open authorized_keys file");
         return send_simple_response(response, 500, "error",
             "error reading authorized_keys");
     }

src/api/ssh_keys_post.c

@@ -25,7 +25,8 @@ int callback_ssh_keys_post(const struct _u_request * request,
     // Check if that succeeded.
     if (authorized_keys == NULL)
     {
-        printf("Could not open authorized_keys file for writing\n");
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "Could not open authorized_keys file for writing");
         return send_simple_response(response, 500, "error",
             "error opening authorized_keys");
     }

src/api/ssh_keys_put.c

@@ -23,7 +23,8 @@ int callback_ssh_keys_put(const struct _u_request * request,
     int r = parse_int(id_string, &id);
     if (r != 0)
     {
-        printf("invalid url parameter `id`: %s\n", id_string);
+        y_log_message(Y_LOG_LEVEL_WARNING,
+            "invalid url parameter `id`: %s", id_string);
         return send_simple_response(response, 400, "error",
             "invalid url parameter `id`");
     }

src/auxiliary.c

@@ -3,7 +3,7 @@
  */
 void stop_server()
 {
-    printf("Stopping cryptops-api server...\n");
+    y_log_message(Y_LOG_LEVEL_INFO, "Stopping cryptops-api server...");
     int fifo;
     char fifo_path[] = FIFO_PATH;
     fifo = open(fifo_path, O_WRONLY);
@@ -33,7 +33,8 @@ char * read_from_file(FILE * file)
             temp = realloc(str, size + strlength);
             if (temp == NULL)
             {
-                printf("Could not allocate memory for file reading\n");
+                y_log_message(Y_LOG_LEVEL_ERROR,
+                    "Could not allocate memory for file reading");
                 return NULL;
             }
             else
@@ -95,7 +96,8 @@ unsigned long device_size(char * device_path)
     fd = open(device_path, O_RDONLY);
     ioctl(fd, BLKGETSIZE, &numblocks);
     close(fd);
-    printf("Number of blocks: %lu, this makes %.3f GB\n",
+    y_log_message(Y_LOG_LEVEL_DEBUG,
+        "Number of blocks: %lu, this makes %.3f GB",
         numblocks, (double)numblocks * 512.0 / (1024 * 1024 * 1024));
     return (numblocks * 512);
 }
@@ -110,7 +112,7 @@ unsigned long available_memory()
   unsigned long free_bytes;
   sysinfo(&myinfo);
   free_bytes = myinfo.mem_unit * myinfo.freeram;
-  printf("Free memory: %lu B, %lu MB\n",
+  y_log_message(Y_LOG_LEVEL_DEBUG, "Free memory: %lu B, %lu MB",
       free_bytes, free_bytes / 1024 / 1024);
   return free_bytes;
 }
@@ -146,16 +148,19 @@ bool filesystem_fits_in_memory(const char * path, double safety_margin)
     {
         // Something went wrong in determining the filesystem usage.
         // Return false as a precaution.
-        printf("Determining file system usage failed (size: %lu)\n", size);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "Determining file system usage failed (size: %lu)", size);
         return false;
     }
-    printf("file system usage: %lu bytes\n", size);
+    y_log_message(Y_LOG_LEVEL_DEBUG,
+        "file system usage: %lu bytes", size);
 
     // Determine the available memory.
     unsigned long memory = available_memory();
 
     double projected_usage = (double)size / (double)memory;
-    printf("projected memory usage: %.3f\n", projected_usage);
+    y_log_message(Y_LOG_LEVEL_DEBUG, "projected memory usage: %.3f",
+        projected_usage);
     return (projected_usage <= safety_margin);
 }
 
@@ -234,7 +239,8 @@ int replace_ssh_key(int id, const char * ssh_key)
     // Check if that succeeded.
     if (authorized_keys_in == NULL)
     {
-        printf("Could not open authorized_keys file for reading\n");
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "Could not open authorized_keys file for reading");
         return -1;
     }
 
@@ -247,7 +253,8 @@ int replace_ssh_key(int id, const char * ssh_key)
     // Check if that succeeded.
     if (authorized_keys_out == NULL)
     {
-        printf("Could not open authorized_keys tmp file for writing\n");
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "Could not open authorized_keys tmp file for writing");
         return -2;
     }
 

src/cryptops-api.c

@@ -11,8 +11,8 @@
 #include <api/encryption_remove_post.c>
 #include <api/encryption_unlock_post.c>
 #include <api/encryption_keys_get.c>
-#include <api/encryption_keys_put.c>
 #include <api/encryption_keys_delete.c>
+#include <api/encryption_keys_put_post.c>
 #include <api/ssh_keys_get.c>
 #include <api/ssh_keys_put.c>
 #include <api/ssh_keys_post.c>
@@ -59,6 +59,9 @@ int main(int argc, char ** argv)
     ulfius_add_endpoint_by_val(&instance, "GET" , PREFIX,
         "/encryption/keys",
         0, &callback_encryption_keys_get, NULL);
+    ulfius_add_endpoint_by_val(&instance, "POST" , PREFIX,
+        "/encryption/keys",
+        0, &callback_encryption_keys_post, NULL);
     ulfius_add_endpoint_by_val(&instance, "PUT" , PREFIX,
         "/encryption/keys/:slot",
         0, &callback_encryption_keys_put, NULL);
@@ -125,7 +128,7 @@ int main(int argc, char ** argv)
     // Give request handlers that have called for the stop a chance to
     // send their response to the client.
     sleep(1);
-    
+
     y_close_logs();
 
     ulfius_stop_framework(&instance);
@@ -134,7 +137,7 @@ int main(int argc, char ** argv)
     // Check if the encryption/init handler said that we should reboot.
     if (reboot)
     {
-        printf("rebooting...");
+        y_log_message(Y_LOG_LEVEL_INFO, "rebooting...");
         reboot_initrd();
     }
 

src/encryption_functions.c

@@ -13,7 +13,7 @@ static int container_initialise(struct crypt_device ** cd, const char * path,
     // Check if the device exists.
     if (! path_exists(path))
     {
-        printf("device does not exist: %s.\n", path);
+        y_log_message(Y_LOG_LEVEL_ERROR, "device does not exist: %s.", path);
         return 1;
     }
 
@@ -23,8 +23,8 @@ static int container_initialise(struct crypt_device ** cd, const char * path,
     {
         if (debug)
         {
-            printf("crypt_init() failed for %s.\n", path);
-            printf("status: %d.\n", r);
+            y_log_message(Y_LOG_LEVEL_ERROR,
+                "crypt_init() failed for '%s', status: %d.", path, r);
         }
         return r;
     }
@@ -35,7 +35,8 @@ static int container_initialise(struct crypt_device ** cd, const char * path,
     {
         if (debug)
         {
-            printf("crypt_load() failed on device %s.\n",
+            y_log_message(Y_LOG_LEVEL_ERROR,
+                "crypt_load() failed on device %s.",
                 crypt_get_device_name(*cd));
         }
     }
@@ -84,15 +85,20 @@ static int encryption_unlock(const char * path, const char * device_name,
         password, strlen(password), 0);
     if (r < 0)
     {
-        printf("Device %s activation failed.\n", device_name);
+        y_log_message(Y_LOG_LEVEL_ERROR,
+            "Device %s activation failed.", device_name);
         crypt_free(cd);
         return r;
     }
 
-    printf("LUKS device %s/%s is active.\n", crypt_get_dir(), device_name);
-    printf("\tcipher used: %s\n", crypt_get_cipher(cd));
-    printf("\tcipher mode: %s\n", crypt_get_cipher_mode(cd));
-    printf("\tdevice UUID: %s\n", crypt_get_uuid(cd));
+    y_log_message(Y_LOG_LEVEL_DEBUG,
+        "LUKS device %s/%s is active.", crypt_get_dir(), device_name);
+    y_log_message(Y_LOG_LEVEL_DEBUG, "\tcipher used: %s",
+        crypt_get_cipher(cd));
+    y_log_message(Y_LOG_LEVEL_DEBUG, "\tcipher mode: %s",
+        crypt_get_cipher_mode(cd));
+    y_log_message(Y_LOG_LEVEL_DEBUG, "\tdevice UUID: %s",
+        crypt_get_uuid(cd));
 
     crypt_free(cd);
     return 0;
@@ -111,17 +117,17 @@ static int encryption_lock(const char * device_name)
     r = crypt_init_by_name(&cd, device_name);
     if (r < 0)
     {
-        printf("crypt_init_by_name() failed for %s.\n", device_name);
+        y_log_message(Y_LOG_LEVEL_ERROR, "crypt_init_by_name() failed for %s.", device_name);
         return r;
     }
 
     if (crypt_status(cd, device_name) == CRYPT_ACTIVE)
     {
-        printf("Device %s is still active.\n", device_name);
+        y_log_message(Y_LOG_LEVEL_ERROR, "Device %s is still active.", device_name);
     }
     else
     {
-        printf("Something failed perhaps, device %s is not active.\n",
+        y_log_message(Y_LOG_LEVEL_ERROR, "Something failed perhaps, device %s is not active.",
             device_name);
         crypt_free(cd);
         return -1;
@@ -130,12 +136,12 @@ static int encryption_lock(const char * device_name)
     r = crypt_deactivate(cd, device_name);
     if (r < 0)
     {
-        printf("crypt_deactivate() failed.\n");
+        y_log_message(Y_LOG_LEVEL_ERROR, "crypt_deactivate() failed.");
         crypt_free(cd);
         return r;
     }
 
-    printf("Device %s is now deactivated.\n", device_name);
+    y_log_message(Y_LOG_LEVEL_DEBUG, "Device %s is now deactivated.", device_name);
     crypt_free(cd);
     return 0;
 }
@@ -156,11 +162,11 @@ static int create_encrypted_device(const char * path, const char * password)
     r = crypt_init(&cd, path);
     if (r < 0 )
     {
-        printf("crypt_init() failed for %s.\n", path);
+        y_log_message(Y_LOG_LEVEL_ERROR, "crypt_init() failed for %s.", path);
         return r;
     }
 
-    printf("Context is attached to block device %s.\n",
+    y_log_message(Y_LOG_LEVEL_DEBUG, "Context is attached to block device %s.",
         crypt_get_device_name(cd));
 
     params.hash = "sha1";
@@ -171,7 +177,7 @@ static int create_encrypted_device(const char * path, const char * password)
 
     if (r < 0)
     {
-        printf("crypt_format() failed on device %s\n",
+        y_log_message(Y_LOG_LEVEL_ERROR, "crypt_format() failed on device %s",
             crypt_get_device_name(cd));
         crypt_free(cd);
         return r;
@@ -181,11 +187,11 @@ static int create_encrypted_device(const char * path, const char * password)
         strlen(password));
     if (r < 0)
     {
-        printf("Adding keyslot failed.\n");
+        y_log_message(Y_LOG_LEVEL_ERROR, "Adding keyslot failed.");
         crypt_free(cd);
         return r;
     }
-    printf("The first keyslot is initialized.\n");
+    y_log_message(Y_LOG_LEVEL_DEBUG, "The first keyslot is initialized.");
 
     crypt_free(cd);
     return 0;