Skip to content
Snippets Groups Projects
Commit 8de743ac authored by Maarten de Waard's avatar Maarten de Waard :angel:
Browse files

Merge branch 'master' into '6-delete-luks-key-endpoint'

# Conflicts:
#   src/cryptops-api.c
parents cba1ebe6 babda843
No related branches found
No related tags found
No related merge requests found
...@@ -9,30 +9,34 @@ SRCDIR = src ...@@ -9,30 +9,34 @@ SRCDIR = src
OBJDIR = obj OBJDIR = obj
BINDIR = bin BINDIR = bin
DEPS=$(wildcard $(SRCDIR)/*/*.c) $(wildcard $(SRCDIR)/*.c)
SOURCES := $(SRCDIR)/$(TARGET).c SOURCES := $(SRCDIR)/$(TARGET).c
INCLUDES := $(wildcard $(SRCDIR)/*.h)
OBJECTS := $(SOURCES:$(SRCDIR)/%.c=$(OBJDIR)/%.o) OBJECTS := $(SOURCES:$(SRCDIR)/%.c=$(OBJDIR)/%.o)
$(BINDIR)/$(TARGET): $(BINDIR) $(BINDIR)/$(TARGET): $(BINDIR)
$(BINDIR): $(BINDIR):
mkdir -p $(BINDIR) mkdir -p $(BINDIR)
# Make binary linking .o files and libraries
$(BINDIR)/$(TARGET): $(OBJECTS) $(BINDIR)/$(TARGET): $(OBJECTS)
@$(LINKER) $(OBJECTS) $(LFLAGS) -o $@ @$(LINKER) $(OBJECTS) $(LFLAGS) -o $@
@echo "Linking complete." @echo "Linking complete."
$(OBJECTS): | $(OBJDIR) # Compile an object for a c file in SRCDIR
$(OBJDIR): $(OBJDIR)/%.o: $(SRCDIR)/%.c $(DEPS)
mkdir -p $(OBJDIR) mkdir -p $(OBJDIR)
$(OBJECTS): $(OBJDIR)/%.o : $(SRCDIR)/%.c
@$(CC) $(CFLAGS) -c $< -o $@ @$(CC) $(CFLAGS) -c $< -o $@
@echo "Compiled "$<" successfully." @echo "Compiled "$<" successfully."
# Remove intermediate files
.PHONY: clean .PHONY: clean
clean: clean:
@rm -f $(OBJECTS) @rm -rf $(OBJDIR)
@echo "Cleanup complete." @echo "Cleanup complete."
# Remove all compiled files
.PHONY: remove .PHONY: remove
remove: clean remove: clean
@rm -f $(BINDIR)/$(TARGET) @rm -rf $(BINDIR)
@echo "Executable removed." @echo "Executable removed."
...@@ -33,7 +33,7 @@ int callback_encryption_get(const struct _u_request * request, ...@@ -33,7 +33,7 @@ int callback_encryption_get(const struct _u_request * request,
FILESYSTEM_TYPE); FILESYSTEM_TYPE);
if (r != 0) if (r != 0)
{ {
printf("mounting root device failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR, "mounting root device failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"mounting root device failed"); "mounting root device failed");
} }
......
...@@ -57,9 +57,10 @@ int callback_encryption_init_post(const struct _u_request * request, ...@@ -57,9 +57,10 @@ int callback_encryption_init_post(const struct _u_request * request,
FILESYSTEM_TYPE); FILESYSTEM_TYPE);
if (r != 0) if (r != 0)
{ {
printf("mounting root device failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"mounting root device failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"mounting root device failed"); "mounting root device failed");
} }
// Determine if the files on the unencrypted device would fit in memory. // Determine if the files on the unencrypted device would fit in memory.
...@@ -73,27 +74,32 @@ int callback_encryption_init_post(const struct _u_request * request, ...@@ -73,27 +74,32 @@ int callback_encryption_init_post(const struct _u_request * request,
} }
// Copy device contents to temporary filesystem. // Copy device contents to temporary filesystem.
printf("copying existing root device contents to memory\n"); y_log_message(Y_LOG_LEVEL_DEBUG,
"copying existing root device contents to memory");
char * command = NULL; char * command = NULL;
asprintf(&command, "rsync -a %s/ %s", UNENCRYPTED_TMP_MOUNTPOINT, asprintf(&command, "rsync -a %s/ %s", UNENCRYPTED_TMP_MOUNTPOINT,
TMP_LOCATION); TMP_LOCATION);
r = system(command); r = system(command);
if (r != 0) if (r != 0)
{ {
printf("copying root device contents into memory failed" y_log_message(Y_LOG_LEVEL_ERROR,
": return code %d\n", r); "copying root device contents into memory failed: return code %d",
r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"copying root device contents into memory failed"); "copying root device contents into memory failed");
} }
// Unmount unencrypted device. // Unmount unencrypted device.
printf("unmounting unencrypted device at %s\n", UNENCRYPTED_TMP_MOUNTPOINT); y_log_message(Y_LOG_LEVEL_ERROR,
"unmounting unencrypted device at %s",
UNENCRYPTED_TMP_MOUNTPOINT);
r = umount(UNENCRYPTED_TMP_MOUNTPOINT); r = umount(UNENCRYPTED_TMP_MOUNTPOINT);
if (r != 0) if (r != 0)
{ {
printf("unmounting encrypted device failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"unmounting encrypted device failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"unmounting unencrypted device failed"); "unmounting unencrypted device failed");
} }
// Check whether the authorized_keys file exists on root device. // Check whether the authorized_keys file exists on root device.
...@@ -103,188 +109,208 @@ int callback_encryption_init_post(const struct _u_request * request, ...@@ -103,188 +109,208 @@ int callback_encryption_init_post(const struct _u_request * request,
struct stat st = {0}; struct stat st = {0};
if (stat(authorized_keys_path, &st) == -1) if (stat(authorized_keys_path, &st) == -1)
{ {
printf("authorized_keys not found on root device at %s\n", y_log_message(Y_LOG_LEVEL_ERROR,
"authorized_keys not found on root device at %s",
authorized_keys_path); authorized_keys_path);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"authorized_keys not found on root device"); "authorized_keys not found on root device");
} }
// Re-partition device. // Re-partition device.
printf("repartitioning device %s\n", ROOT_DEVICE); y_log_message(Y_LOG_LEVEL_ERROR, "repartitioning device %s", ROOT_DEVICE);
command = NULL; command = NULL;
asprintf(&command, "sgdisk -a 8192 -n 1:0:48M -N 2 %s", ROOT_DEVICE); asprintf(&command, "sgdisk -a 8192 -n 1:0:48M -N 2 %s", ROOT_DEVICE);
r = system(command); r = system(command);
if (r != 0) if (r != 0)
{ {
printf("partitioning root device failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"partitioning root device failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"partitioning root device failed"); "partitioning root device failed");
} }
// Inform kernel of partitioning changes. // Inform kernel of partitioning changes.
printf("running partprobe\n"); y_log_message(Y_LOG_LEVEL_DEBUG, "running partprobe");
command = NULL; command = NULL;
asprintf(&command, "partprobe"); asprintf(&command, "partprobe");
r = system(command); r = system(command);
if (r != 0) if (r != 0)
{ {
printf("partprobe: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR, "partprobe failed: return code %d",
r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"partprobe failed"); "partprobe failed");
} }
// Sleep for a little while. // Sleep for a little while.
// This seems necessary for the newly created partitions to appear as // This seems necessary for the newly created partitions to appear as
// devices. // devices.
printf("waiting a bit...\n"); y_log_message(Y_LOG_LEVEL_DEBUG, "waiting a bit...");
sleep(2); sleep(2);
// Create filesystem on the info partition. // Create filesystem on the info partition.
printf("creating filesystem on info partition\n"); y_log_message(Y_LOG_LEVEL_DEBUG, "creating filesystem on info partition");
command = NULL; command = NULL;
asprintf(&command, "mkfs -t %s %s", FILESYSTEM_TYPE, asprintf(&command, "mkfs -t %s %s", FILESYSTEM_TYPE,
INFO_PARTITION_DEVICE); INFO_PARTITION_DEVICE);
printf("command: %s\n", command); y_log_message(Y_LOG_LEVEL_DEBUG, "command: %s", command);
r = system(command); r = system(command);
if (r != 0) if (r != 0)
{ {
printf("creating filesystem failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"creating filesystem failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"creating filesystem inside encrypted container failed"); "creating filesystem inside encrypted container failed");
} }
// Mount the info partition. // Mount the info partition.
printf("mounting info partition\n"); y_log_message(Y_LOG_LEVEL_DEBUG, "mounting info partition");
r = temporary_mount(INFO_PARTITION_DEVICE, INFO_TMP_MOUNTPOINT, r = temporary_mount(INFO_PARTITION_DEVICE, INFO_TMP_MOUNTPOINT,
FILESYSTEM_TYPE); FILESYSTEM_TYPE);
if (r != 0) if (r != 0)
{ {
printf("mounting encrypted device failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"mounting encrypted device failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"mounting encrypted root device failed"); "mounting encrypted root device failed");
} }
// Create some directories in the info partition. // Create some directories in the info partition.
printf("creating directories in info partition\n"); y_log_message(Y_LOG_LEVEL_DEBUG, "creating directories in info partition");
command = NULL; command = NULL;
asprintf(&command, "mkdir -p %s%s %s%s", INFO_TMP_MOUNTPOINT, asprintf(&command, "mkdir -p %s%s %s%s", INFO_TMP_MOUNTPOINT,
AUTHORIZED_KEYS_DIR, INFO_TMP_MOUNTPOINT, SSH_HOST_KEY_DIR); AUTHORIZED_KEYS_DIR, INFO_TMP_MOUNTPOINT, SSH_HOST_KEY_DIR);
r = system(command); r = system(command);
if (r != 0) if (r != 0)
{ {
printf("creating directories failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"creating directories failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"creating directories in info partition failed"); "creating directories in info partition failed");
} }
// Copy authorized_keys file to the info partition. // Copy authorized_keys file to the info partition.
printf("copying authorized_keys to info partition\n"); y_log_message(Y_LOG_LEVEL_DEBUG, "copying authorized_keys to info partition");
command = NULL; command = NULL;
asprintf(&command, "cp %s %s%s", asprintf(&command, "cp %s %s%s",
AUTHORIZED_KEYS_PATH, INFO_TMP_MOUNTPOINT, AUTHORIZED_KEYS_PATH); AUTHORIZED_KEYS_PATH, INFO_TMP_MOUNTPOINT, AUTHORIZED_KEYS_PATH);
r = system(command); r = system(command);
if (r != 0) if (r != 0)
{ {
printf("copying authorized_keys failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"copying authorized_keys failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"copying authorized_keys failed"); "copying authorized_keys failed");
} }
// Copy dropbear ssh host keys from the initrd to the info partition. // Copy dropbear ssh host keys from the initrd to the info partition.
printf("copying dropbear ssh host keys\n"); y_log_message(Y_LOG_LEVEL_DEBUG, "copying dropbear ssh host keys");
command = NULL; command = NULL;
asprintf(&command, "cp /etc/dropbear/* %s%s/", INFO_TMP_MOUNTPOINT, asprintf(&command, "cp /etc/dropbear/* %s%s/", INFO_TMP_MOUNTPOINT,
SSH_HOST_KEY_DIR); SSH_HOST_KEY_DIR);
r = system(command); r = system(command);
if (r != 0) if (r != 0)
{ {
printf("copying dropbear ssh host keys failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_DEBUG,
"copying dropbear ssh host keys failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"copying dropbear ssh host keys failed"); "copying dropbear ssh host keys failed");
} }
// Unmount info partition. // Unmount info partition.
printf("unmounting info partition at %s\n", INFO_TMP_MOUNTPOINT); y_log_message(Y_LOG_LEVEL_DEBUG,
"unmounting info partition at %s", INFO_TMP_MOUNTPOINT);
r = umount(INFO_TMP_MOUNTPOINT); r = umount(INFO_TMP_MOUNTPOINT);
if (r != 0) if (r != 0)
{ {
printf("unmounting failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"unmounting failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"unmounting configuration partition failed"); "unmounting configuration partition failed");
} }
// Initialise encrypted container on data partition. // Initialise encrypted container on data partition.
printf("creating encrypted container at %s\n", DATA_PARTITION_DEVICE); y_log_message(Y_LOG_LEVEL_DEBUG,
"creating encrypted container at %s", DATA_PARTITION_DEVICE);
r = create_encrypted_device(DATA_PARTITION_DEVICE, password); r = create_encrypted_device(DATA_PARTITION_DEVICE, password);
if (r != 0) if (r != 0)
{ {
printf("creating encrypted container failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"creating encrypted container failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"creating encryption container failed"); "creating encryption container failed");
} }
// Unlock the new container. // Unlock the new container.
printf("unlocking encrypted device\n"); y_log_message(Y_LOG_LEVEL_DEBUG, "unlocking encrypted device");
r = encryption_unlock(DATA_PARTITION_DEVICE, MAPPED_DEVICE_NAME, r = encryption_unlock(DATA_PARTITION_DEVICE, MAPPED_DEVICE_NAME,
password); password);
if (r != 0) if (r != 0)
{ {
printf("unlocking encrypted container failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"unlocking encrypted container failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"unlocking new encryption container failed"); "unlocking new encryption container failed");
} }
// Create filesystem in the new container. // Create filesystem in the new container.
printf("creating filesystem in new container\n"); y_log_message(Y_LOG_LEVEL_DEBUG, "creating filesystem in new container");
command = NULL; command = NULL;
asprintf(&command, "mkfs -t %s %s", FILESYSTEM_TYPE, MAPPED_DEVICE_PATH); asprintf(&command, "mkfs -t %s %s", FILESYSTEM_TYPE, MAPPED_DEVICE_PATH);
r = system(command); r = system(command);
if (r != 0) if (r != 0)
{ {
printf("creating filesystem failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"creating filesystem failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"creating filesystem inside encrypted container failed"); "creating filesystem inside encrypted container failed");
} }
// Mount the unlocked container. // Mount the unlocked container.
printf("mounting new filesystem\n"); y_log_message(Y_LOG_LEVEL_DEBUG, "mounting new filesystem");
r = temporary_mount(MAPPED_DEVICE_PATH, DATA_TMP_MOUNTPOINT, r = temporary_mount(MAPPED_DEVICE_PATH, DATA_TMP_MOUNTPOINT,
FILESYSTEM_TYPE); FILESYSTEM_TYPE);
if (r != 0) if (r != 0)
{ {
printf("mounting encrypted device failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"mounting encrypted device failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"mounting encrypted root device failed"); "mounting encrypted root device failed");
} }
// Copy device contents from temporary filesystem to encrypted container. // Copy device contents from temporary filesystem to encrypted container.
printf("copying root device contents from memory\n"); y_log_message(Y_LOG_LEVEL_DEBUG,
"copying root device contents from memory");
command = NULL; command = NULL;
asprintf(&command, "rsync -a %s/ %s", TMP_LOCATION, DATA_TMP_MOUNTPOINT); asprintf(&command, "rsync -a %s/ %s", TMP_LOCATION, DATA_TMP_MOUNTPOINT);
r = system(command); r = system(command);
if (r != 0) if (r != 0)
{ {
printf("copying from memory to encrypted device failed:" y_log_message(Y_LOG_LEVEL_ERROR,
" return code %d\n", r); "copying from memory to encrypted device failed: return code %d",
r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"copying root device contents from memory failed"); "copying root device contents from memory failed");
} }
// Unmount filesystem on encrypted data partition. // Unmount filesystem on encrypted data partition.
printf("unmounting encrypted device at %s\n", DATA_TMP_MOUNTPOINT); y_log_message(Y_LOG_LEVEL_DEBUG,
"unmounting encrypted device at %s", DATA_TMP_MOUNTPOINT);
r = umount(DATA_TMP_MOUNTPOINT); r = umount(DATA_TMP_MOUNTPOINT);
if (r != 0) if (r != 0)
{ {
printf("unmounting encrypted device failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"unmounting encrypted device failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"unmounting encrypted device failed"); "unmounting encrypted device failed");
} }
// Lock the container. // Lock the container.
printf("locking encrypted device\n"); y_log_message(Y_LOG_LEVEL_DEBUG, "locking encrypted device");
r = encryption_lock(MAPPED_DEVICE_NAME); r = encryption_lock(MAPPED_DEVICE_NAME);
if (r != 0) if (r != 0)
{ {
printf("locking encrypted container failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"locking encrypted container failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"locking container failed"); "locking container failed");
} }
......
...@@ -23,7 +23,8 @@ int callback_encryption_keys_get(const struct _u_request * request, ...@@ -23,7 +23,8 @@ int callback_encryption_keys_get(const struct _u_request * request,
} }
if (r != 0) if (r != 0)
{ {
printf("container_initialise failed with status %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"container_initialise failed with status %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"initialising encrypted container failed"); "initialising encrypted container failed");
} }
......
/** /**
* Callback function to change a luks encryption password. * Combined handler for adding and changing luks encryption passwords.
* @param[in] request incoming HTTP request * @param[in] request incoming HTTP request
* @param[out] response HTTP response to the request * @param[out] response HTTP response to the request
* @param[in] user_data extra data to pass between main thread and callbacks * @param[in] is_post this is a post request (true) or a put (false)
* @return internal status code * @return internal status code
*/ */
int callback_encryption_keys_put(const struct _u_request * request, int encryption_keys_change(const struct _u_request * request,
struct _u_response * response, void * user_data) struct _u_response * response, bool is_post)
{ {
int r; int r;
...@@ -31,20 +31,30 @@ int callback_encryption_keys_put(const struct _u_request * request, ...@@ -31,20 +31,30 @@ int callback_encryption_keys_put(const struct _u_request * request,
"missing new password"); "missing new password");
} }
// Read keyslot from request URI. int keyslot;
const char * keyslot_string = u_map_get(request->map_url, "slot"); // Posting a new password, put it in the first available slot.
if (keyslot_string == NULL) if (is_post)
{ {
return send_simple_response(response, 400, "error", keyslot = CRYPT_ANY_SLOT;
"missing url parameter `slot`");
} }
int keyslot; // Changing an existing password, so read the slot from the url.
r = parse_int(keyslot_string, &keyslot); else
if (r != 0)
{ {
printf("invalid url parameter `slot`: %s\n", keyslot_string); // Read keyslot from request URI.
return send_simple_response(response, 400, "error", const char * keyslot_string = u_map_get(request->map_url, "slot");
"invalid url parameter `slot`"); if (keyslot_string == NULL)
{
return send_simple_response(response, 400, "error",
"missing url parameter `slot`");
}
r = parse_int(keyslot_string, &keyslot);
if (r != 0)
{
y_log_message(Y_LOG_LEVEL_WARNING,
"invalid url parameter `slot`: %s", keyslot_string);
return send_simple_response(response, 400, "error",
"invalid url parameter `slot`");
}
} }
// Initialise encrypted container. // Initialise encrypted container.
...@@ -56,14 +66,24 @@ int callback_encryption_keys_put(const struct _u_request * request, ...@@ -56,14 +66,24 @@ int callback_encryption_keys_put(const struct _u_request * request,
} }
if (r != 0) if (r != 0)
{ {
printf("container_initialise failed with status %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"container_initialise failed with status %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"initialising encrypted container failed"); "initialising encrypted container failed");
} }
// Add encryption password. if (is_post)
r = crypt_keyslot_change_by_passphrase(cd, keyslot, keyslot, {
password, strlen(password), new_password, strlen(new_password)); // Add encryption password.
r = crypt_keyslot_add_by_passphrase(cd, keyslot,
password, strlen(password), new_password, strlen(new_password));
}
else
{
// Change encryption password.
r = crypt_keyslot_change_by_passphrase(cd, keyslot, keyslot,
password, strlen(password), new_password, strlen(new_password));
}
if (r == -1) if (r == -1)
{ {
...@@ -75,7 +95,16 @@ int callback_encryption_keys_put(const struct _u_request * request, ...@@ -75,7 +95,16 @@ int callback_encryption_keys_put(const struct _u_request * request,
if (r < 0) if (r < 0)
{ {
// Something else went wrong. // Something else went wrong.
printf("crypt_keyslot_add_by_passphrase failed with status %d\n", r); if (is_post)
{
y_log_message(Y_LOG_LEVEL_ERROR,
"crypt_keyslot_add_by_passphrase failed with status %d", r);
}
else
{
y_log_message(Y_LOG_LEVEL_ERROR,
"crypt_keyslot_change_by_passphrase failed with status %d", r);
}
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"error changing password"); "error changing password");
} }
...@@ -83,3 +112,28 @@ int callback_encryption_keys_put(const struct _u_request * request, ...@@ -83,3 +112,28 @@ int callback_encryption_keys_put(const struct _u_request * request,
// If we reach this point, apparently everything went well. // If we reach this point, apparently everything went well.
return send_simple_response(response, 200, "status", "ok"); return send_simple_response(response, 200, "status", "ok");
} }
/**
* Callback function to add a luks encryption password.
* @param[in] request incoming HTTP request
* @param[out] response HTTP response to the request
* @param[in] user_data extra data to pass between main thread and callbacks
* @return internal status code
*/
int callback_encryption_keys_post(const struct _u_request * request,
struct _u_response * response, void * user_data)
{
return encryption_keys_change(request, response, true);
}
/**
* Callback function to change a luks encryption password.
* @param[in] request incoming HTTP request
* @param[out] response HTTP response to the request
* @param[in] user_data extra data to pass between main thread and callbacks
* @return internal status code
*/
int callback_encryption_keys_put(const struct _u_request * request,
struct _u_response * response, void * user_data)
{
return encryption_keys_change(request, response, false);
}
...@@ -46,7 +46,7 @@ int callback_encryption_remove_post(const struct _u_request * request, ...@@ -46,7 +46,7 @@ int callback_encryption_remove_post(const struct _u_request * request,
} }
// Unlock the container. // Unlock the container.
printf("unlocking encrypted device\n"); y_log_message(Y_LOG_LEVEL_INFO, "unlocking encrypted device");
r = encryption_unlock(DATA_PARTITION_DEVICE, MAPPED_DEVICE_NAME, r = encryption_unlock(DATA_PARTITION_DEVICE, MAPPED_DEVICE_NAME,
password); password);
if (r == -1) if (r == -1)
...@@ -57,9 +57,10 @@ int callback_encryption_remove_post(const struct _u_request * request, ...@@ -57,9 +57,10 @@ int callback_encryption_remove_post(const struct _u_request * request,
} }
if (r != 0) if (r != 0)
{ {
printf("unlocking encrypted container failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"unlocking encrypted container failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"unlocking encrypted container failed"); "unlocking encrypted container failed");
} }
// Mount the filesystem on the encrypted data partition. // Mount the filesystem on the encrypted data partition.
...@@ -67,9 +68,10 @@ int callback_encryption_remove_post(const struct _u_request * request, ...@@ -67,9 +68,10 @@ int callback_encryption_remove_post(const struct _u_request * request,
FILESYSTEM_TYPE); FILESYSTEM_TYPE);
if (r != 0) if (r != 0)
{ {
printf("mounting root device failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"mounting root device failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"mounting root device failed"); "mounting root device failed");
} }
// Determine the filesystem usage of the encrypted data partition. // Determine the filesystem usage of the encrypted data partition.
...@@ -78,111 +80,127 @@ int callback_encryption_remove_post(const struct _u_request * request, ...@@ -78,111 +80,127 @@ int callback_encryption_remove_post(const struct _u_request * request,
{ {
// Projected memory usage is really high, so abort. // Projected memory usage is really high, so abort.
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"device too large"); "device too large");
} }
// Copy device contents to temporary filesystem. // Copy device contents to temporary filesystem.
printf("copying existing root device contents to memory\n"); y_log_message(Y_LOG_LEVEL_DEBUG,
"copying existing root device contents to memory");
char * command = NULL; char * command = NULL;
asprintf(&command, "rsync -a %s/ %s", DATA_TMP_MOUNTPOINT, TMP_LOCATION); asprintf(&command, "rsync -a %s/ %s", DATA_TMP_MOUNTPOINT, TMP_LOCATION);
r = system(command); r = system(command);
if(r != 0) if(r != 0)
{ {
printf("copying root device contents into memory failed" y_log_message(Y_LOG_LEVEL_ERROR,
": return code %d\n", r); "copying root device contents into memory failed: return code %d",
r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"copying root device contents into memory failed"); "copying root device contents into memory failed");
} }
// Unmount encrypted data partition. // Unmount encrypted data partition.
printf("unmounting encrypted device at %s\n", DATA_TMP_MOUNTPOINT); y_log_message(Y_LOG_LEVEL_DEBUG,
"unmounting encrypted device at %s", DATA_TMP_MOUNTPOINT);
r = umount(DATA_TMP_MOUNTPOINT); r = umount(DATA_TMP_MOUNTPOINT);
if (r != 0) if (r != 0)
{ {
printf("unmounting encrypted device failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"unmounting encrypted device failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"unmounting encrypted device failed"); "unmounting encrypted device failed");
} }
// Lock the container. // Lock the container.
printf("locking encrypted device\n"); y_log_message(Y_LOG_LEVEL_DEBUG, "locking encrypted device");
r = encryption_lock(MAPPED_DEVICE_NAME); r = encryption_lock(MAPPED_DEVICE_NAME);
if (r != 0) if (r != 0)
{ {
printf("locking encrypted container failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"locking encrypted container failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"locking encrypted container failed"); "locking encrypted container failed");
} }
// Unmount info partition. // Unmount info partition.
// We didn't mount this in cryptops-api, but it was mounted by the initrd // We didn't mount this in cryptops-api, but it was mounted by the initrd
// scripts for use by dropbear. // scripts for use by dropbear.
printf("unmounting info partition at %s\n", INFO_MOUNTPOINT); y_log_message(Y_LOG_LEVEL_DEBUG,
"unmounting info partition at %s", INFO_MOUNTPOINT);
r = umount(INFO_MOUNTPOINT); r = umount(INFO_MOUNTPOINT);
if (r != 0) if (r != 0)
{ {
printf("unmounting info partition failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"unmounting info partition failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"unmounting info partition failed"); "unmounting info partition failed");
} }
// Remove all partitions from the device. // Remove all partitions from the device.
printf("removing partitions from device %s\n", ROOT_DEVICE); y_log_message(Y_LOG_LEVEL_DEBUG,
"removing partitions from device %s", ROOT_DEVICE);
command = NULL; command = NULL;
asprintf(&command, "sgdisk -Z %s", ROOT_DEVICE); asprintf(&command, "sgdisk -Z %s", ROOT_DEVICE);
r = system(command); r = system(command);
if (r != 0) if (r != 0)
{ {
printf("removing partitions failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"removing partitions failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"removing partitions failed"); "removing partitions failed");
} }
// Create filesystem on the unencrypted device. // Create filesystem on the unencrypted device.
printf("creating filesystem on unencrypted device\n"); y_log_message(Y_LOG_LEVEL_DEBUG,
"creating filesystem on unencrypted device");
command = NULL; command = NULL;
asprintf(&command, "mkfs -t %s %s", FILESYSTEM_TYPE, ROOT_DEVICE); asprintf(&command, "mkfs -t %s %s", FILESYSTEM_TYPE, ROOT_DEVICE);
r = system(command); r = system(command);
if (r != 0) if (r != 0)
{ {
printf("creating filesystem failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"creating filesystem failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"creating filesystem on unencrypted device failed"); "creating filesystem on unencrypted device failed");
} }
// Mount the new filesystem. // Mount the new filesystem.
printf("mounting new filesystem\n"); y_log_message(Y_LOG_LEVEL_DEBUG, "mounting new filesystem");
r = temporary_mount(ROOT_DEVICE, UNENCRYPTED_TMP_MOUNTPOINT, r = temporary_mount(ROOT_DEVICE, UNENCRYPTED_TMP_MOUNTPOINT,
FILESYSTEM_TYPE); FILESYSTEM_TYPE);
if (r != 0) if (r != 0)
{ {
printf("mounting unencrypted device failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"mounting unencrypted device failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"mounting unencrypted root device failed"); "mounting unencrypted root device failed");
} }
// Copy device contents from memory to the unencrypted device. // Copy device contents from memory to the unencrypted device.
printf("copying root device contents from memory\n"); y_log_message(Y_LOG_LEVEL_DEBUG,
"copying root device contents from memory");
command = NULL; command = NULL;
asprintf(&command, "rsync -a %s/ %s", asprintf(&command, "rsync -a %s/ %s",
TMP_LOCATION, UNENCRYPTED_TMP_MOUNTPOINT); TMP_LOCATION, UNENCRYPTED_TMP_MOUNTPOINT);
r = system(command); r = system(command);
if (r != 0) if (r != 0)
{ {
printf("copying from memory to unencrypted device failed:" y_log_message(Y_LOG_LEVEL_ERROR,
" return code %d\n", r); "copying from memory to unencrypted device failed: return code %d",
r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"copying root device contents from memory failed"); "copying root device contents from memory failed");
} }
// Unmount filesystem on unencrypted device. // Unmount filesystem on unencrypted device.
printf("unmounting unencrypted device at %s\n", UNENCRYPTED_TMP_MOUNTPOINT); y_log_message(Y_LOG_LEVEL_DEBUG,
"unmounting unencrypted device at %s", UNENCRYPTED_TMP_MOUNTPOINT);
r = umount(UNENCRYPTED_TMP_MOUNTPOINT); r = umount(UNENCRYPTED_TMP_MOUNTPOINT);
if (r != 0) if (r != 0)
{ {
printf("unmounting unencrypted device failed: return code %d\n", r); y_log_message(Y_LOG_LEVEL_ERROR,
"unmounting unencrypted device failed: return code %d", r);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"unmounting unencrypted device failed"); "unmounting unencrypted device failed");
} }
// Record that we want to reboot the machine. // Record that we want to reboot the machine.
......
...@@ -31,7 +31,8 @@ int callback_encryption_unlock_post(const struct _u_request * request, ...@@ -31,7 +31,8 @@ int callback_encryption_unlock_post(const struct _u_request * request,
if (unlock_status != 0) if (unlock_status != 0)
{ {
// Something else went wrong with unlocking. // Something else went wrong with unlocking.
printf("encryption_unlock failed with status %d\n", unlock_status); y_log_message(Y_LOG_LEVEL_ERROR,
"encryption_unlock failed with status %d", unlock_status);
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"error during unlocking"); "error during unlocking");
} }
......
...@@ -23,7 +23,8 @@ int callback_ssh_keys_delete(const struct _u_request * request, ...@@ -23,7 +23,8 @@ int callback_ssh_keys_delete(const struct _u_request * request,
int r = parse_int(id_string, &id); int r = parse_int(id_string, &id);
if (r != 0) if (r != 0)
{ {
printf("invalid url parameter `id`: %s\n", id_string); y_log_message(Y_LOG_LEVEL_WARNING,
"invalid url parameter `id`: %s", id_string);
return send_simple_response(response, 400, "error", return send_simple_response(response, 400, "error",
"invalid url parameter `id`"); "invalid url parameter `id`");
} }
......
...@@ -69,7 +69,8 @@ int callback_ssh_keys_get(const struct _u_request * request, ...@@ -69,7 +69,8 @@ int callback_ssh_keys_get(const struct _u_request * request,
json_t * keys = readAuthorizedKeysToJson(); json_t * keys = readAuthorizedKeysToJson();
if (keys == NULL) if (keys == NULL)
{ {
printf("Could not open authorized_keys file\n"); y_log_message(Y_LOG_LEVEL_ERROR,
"Could not open authorized_keys file");
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"error reading authorized_keys"); "error reading authorized_keys");
} }
......
...@@ -25,7 +25,8 @@ int callback_ssh_keys_post(const struct _u_request * request, ...@@ -25,7 +25,8 @@ int callback_ssh_keys_post(const struct _u_request * request,
// Check if that succeeded. // Check if that succeeded.
if (authorized_keys == NULL) if (authorized_keys == NULL)
{ {
printf("Could not open authorized_keys file for writing\n"); y_log_message(Y_LOG_LEVEL_ERROR,
"Could not open authorized_keys file for writing");
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"error opening authorized_keys"); "error opening authorized_keys");
} }
......
...@@ -23,7 +23,8 @@ int callback_ssh_keys_put(const struct _u_request * request, ...@@ -23,7 +23,8 @@ int callback_ssh_keys_put(const struct _u_request * request,
int r = parse_int(id_string, &id); int r = parse_int(id_string, &id);
if (r != 0) if (r != 0)
{ {
printf("invalid url parameter `id`: %s\n", id_string); y_log_message(Y_LOG_LEVEL_WARNING,
"invalid url parameter `id`: %s", id_string);
return send_simple_response(response, 400, "error", return send_simple_response(response, 400, "error",
"invalid url parameter `id`"); "invalid url parameter `id`");
} }
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
*/ */
void stop_server() void stop_server()
{ {
printf("Stopping cryptops-api server...\n"); y_log_message(Y_LOG_LEVEL_INFO, "Stopping cryptops-api server...");
int fifo; int fifo;
char fifo_path[] = FIFO_PATH; char fifo_path[] = FIFO_PATH;
fifo = open(fifo_path, O_WRONLY); fifo = open(fifo_path, O_WRONLY);
...@@ -33,7 +33,8 @@ char * read_from_file(FILE * file) ...@@ -33,7 +33,8 @@ char * read_from_file(FILE * file)
temp = realloc(str, size + strlength); temp = realloc(str, size + strlength);
if (temp == NULL) if (temp == NULL)
{ {
printf("Could not allocate memory for file reading\n"); y_log_message(Y_LOG_LEVEL_ERROR,
"Could not allocate memory for file reading");
return NULL; return NULL;
} }
else else
...@@ -95,7 +96,8 @@ unsigned long device_size(char * device_path) ...@@ -95,7 +96,8 @@ unsigned long device_size(char * device_path)
fd = open(device_path, O_RDONLY); fd = open(device_path, O_RDONLY);
ioctl(fd, BLKGETSIZE, &numblocks); ioctl(fd, BLKGETSIZE, &numblocks);
close(fd); close(fd);
printf("Number of blocks: %lu, this makes %.3f GB\n", y_log_message(Y_LOG_LEVEL_DEBUG,
"Number of blocks: %lu, this makes %.3f GB",
numblocks, (double)numblocks * 512.0 / (1024 * 1024 * 1024)); numblocks, (double)numblocks * 512.0 / (1024 * 1024 * 1024));
return (numblocks * 512); return (numblocks * 512);
} }
...@@ -110,7 +112,7 @@ unsigned long available_memory() ...@@ -110,7 +112,7 @@ unsigned long available_memory()
unsigned long free_bytes; unsigned long free_bytes;
sysinfo(&myinfo); sysinfo(&myinfo);
free_bytes = myinfo.mem_unit * myinfo.freeram; free_bytes = myinfo.mem_unit * myinfo.freeram;
printf("Free memory: %lu B, %lu MB\n", y_log_message(Y_LOG_LEVEL_DEBUG, "Free memory: %lu B, %lu MB",
free_bytes, free_bytes / 1024 / 1024); free_bytes, free_bytes / 1024 / 1024);
return free_bytes; return free_bytes;
} }
...@@ -146,16 +148,19 @@ bool filesystem_fits_in_memory(const char * path, double safety_margin) ...@@ -146,16 +148,19 @@ bool filesystem_fits_in_memory(const char * path, double safety_margin)
{ {
// Something went wrong in determining the filesystem usage. // Something went wrong in determining the filesystem usage.
// Return false as a precaution. // Return false as a precaution.
printf("Determining file system usage failed (size: %lu)\n", size); y_log_message(Y_LOG_LEVEL_ERROR,
"Determining file system usage failed (size: %lu)", size);
return false; return false;
} }
printf("file system usage: %lu bytes\n", size); y_log_message(Y_LOG_LEVEL_DEBUG,
"file system usage: %lu bytes", size);
// Determine the available memory. // Determine the available memory.
unsigned long memory = available_memory(); unsigned long memory = available_memory();
double projected_usage = (double)size / (double)memory; double projected_usage = (double)size / (double)memory;
printf("projected memory usage: %.3f\n", projected_usage); y_log_message(Y_LOG_LEVEL_DEBUG, "projected memory usage: %.3f",
projected_usage);
return (projected_usage <= safety_margin); return (projected_usage <= safety_margin);
} }
...@@ -234,7 +239,8 @@ int replace_ssh_key(int id, const char * ssh_key) ...@@ -234,7 +239,8 @@ int replace_ssh_key(int id, const char * ssh_key)
// Check if that succeeded. // Check if that succeeded.
if (authorized_keys_in == NULL) if (authorized_keys_in == NULL)
{ {
printf("Could not open authorized_keys file for reading\n"); y_log_message(Y_LOG_LEVEL_ERROR,
"Could not open authorized_keys file for reading");
return -1; return -1;
} }
...@@ -247,7 +253,8 @@ int replace_ssh_key(int id, const char * ssh_key) ...@@ -247,7 +253,8 @@ int replace_ssh_key(int id, const char * ssh_key)
// Check if that succeeded. // Check if that succeeded.
if (authorized_keys_out == NULL) if (authorized_keys_out == NULL)
{ {
printf("Could not open authorized_keys tmp file for writing\n"); y_log_message(Y_LOG_LEVEL_ERROR,
"Could not open authorized_keys tmp file for writing");
return -2; return -2;
} }
......
...@@ -11,8 +11,8 @@ ...@@ -11,8 +11,8 @@
#include <api/encryption_remove_post.c> #include <api/encryption_remove_post.c>
#include <api/encryption_unlock_post.c> #include <api/encryption_unlock_post.c>
#include <api/encryption_keys_get.c> #include <api/encryption_keys_get.c>
#include <api/encryption_keys_put.c>
#include <api/encryption_keys_delete.c> #include <api/encryption_keys_delete.c>
#include <api/encryption_keys_put_post.c>
#include <api/ssh_keys_get.c> #include <api/ssh_keys_get.c>
#include <api/ssh_keys_put.c> #include <api/ssh_keys_put.c>
#include <api/ssh_keys_post.c> #include <api/ssh_keys_post.c>
...@@ -59,6 +59,9 @@ int main(int argc, char ** argv) ...@@ -59,6 +59,9 @@ int main(int argc, char ** argv)
ulfius_add_endpoint_by_val(&instance, "GET" , PREFIX, ulfius_add_endpoint_by_val(&instance, "GET" , PREFIX,
"/encryption/keys", "/encryption/keys",
0, &callback_encryption_keys_get, NULL); 0, &callback_encryption_keys_get, NULL);
ulfius_add_endpoint_by_val(&instance, "POST" , PREFIX,
"/encryption/keys",
0, &callback_encryption_keys_post, NULL);
ulfius_add_endpoint_by_val(&instance, "PUT" , PREFIX, ulfius_add_endpoint_by_val(&instance, "PUT" , PREFIX,
"/encryption/keys/:slot", "/encryption/keys/:slot",
0, &callback_encryption_keys_put, NULL); 0, &callback_encryption_keys_put, NULL);
...@@ -125,7 +128,7 @@ int main(int argc, char ** argv) ...@@ -125,7 +128,7 @@ int main(int argc, char ** argv)
// Give request handlers that have called for the stop a chance to // Give request handlers that have called for the stop a chance to
// send their response to the client. // send their response to the client.
sleep(1); sleep(1);
y_close_logs(); y_close_logs();
ulfius_stop_framework(&instance); ulfius_stop_framework(&instance);
...@@ -134,7 +137,7 @@ int main(int argc, char ** argv) ...@@ -134,7 +137,7 @@ int main(int argc, char ** argv)
// Check if the encryption/init handler said that we should reboot. // Check if the encryption/init handler said that we should reboot.
if (reboot) if (reboot)
{ {
printf("rebooting..."); y_log_message(Y_LOG_LEVEL_INFO, "rebooting...");
reboot_initrd(); reboot_initrd();
} }
......
...@@ -13,7 +13,7 @@ static int container_initialise(struct crypt_device ** cd, const char * path, ...@@ -13,7 +13,7 @@ static int container_initialise(struct crypt_device ** cd, const char * path,
// Check if the device exists. // Check if the device exists.
if (! path_exists(path)) if (! path_exists(path))
{ {
printf("device does not exist: %s.\n", path); y_log_message(Y_LOG_LEVEL_ERROR, "device does not exist: %s.", path);
return 1; return 1;
} }
...@@ -23,8 +23,8 @@ static int container_initialise(struct crypt_device ** cd, const char * path, ...@@ -23,8 +23,8 @@ static int container_initialise(struct crypt_device ** cd, const char * path,
{ {
if (debug) if (debug)
{ {
printf("crypt_init() failed for %s.\n", path); y_log_message(Y_LOG_LEVEL_ERROR,
printf("status: %d.\n", r); "crypt_init() failed for '%s', status: %d.", path, r);
} }
return r; return r;
} }
...@@ -35,7 +35,8 @@ static int container_initialise(struct crypt_device ** cd, const char * path, ...@@ -35,7 +35,8 @@ static int container_initialise(struct crypt_device ** cd, const char * path,
{ {
if (debug) if (debug)
{ {
printf("crypt_load() failed on device %s.\n", y_log_message(Y_LOG_LEVEL_ERROR,
"crypt_load() failed on device %s.",
crypt_get_device_name(*cd)); crypt_get_device_name(*cd));
} }
} }
...@@ -84,15 +85,20 @@ static int encryption_unlock(const char * path, const char * device_name, ...@@ -84,15 +85,20 @@ static int encryption_unlock(const char * path, const char * device_name,
password, strlen(password), 0); password, strlen(password), 0);
if (r < 0) if (r < 0)
{ {
printf("Device %s activation failed.\n", device_name); y_log_message(Y_LOG_LEVEL_ERROR,
"Device %s activation failed.", device_name);
crypt_free(cd); crypt_free(cd);
return r; return r;
} }
printf("LUKS device %s/%s is active.\n", crypt_get_dir(), device_name); y_log_message(Y_LOG_LEVEL_DEBUG,
printf("\tcipher used: %s\n", crypt_get_cipher(cd)); "LUKS device %s/%s is active.", crypt_get_dir(), device_name);
printf("\tcipher mode: %s\n", crypt_get_cipher_mode(cd)); y_log_message(Y_LOG_LEVEL_DEBUG, "\tcipher used: %s",
printf("\tdevice UUID: %s\n", crypt_get_uuid(cd)); crypt_get_cipher(cd));
y_log_message(Y_LOG_LEVEL_DEBUG, "\tcipher mode: %s",
crypt_get_cipher_mode(cd));
y_log_message(Y_LOG_LEVEL_DEBUG, "\tdevice UUID: %s",
crypt_get_uuid(cd));
crypt_free(cd); crypt_free(cd);
return 0; return 0;
...@@ -111,17 +117,17 @@ static int encryption_lock(const char * device_name) ...@@ -111,17 +117,17 @@ static int encryption_lock(const char * device_name)
r = crypt_init_by_name(&cd, device_name); r = crypt_init_by_name(&cd, device_name);
if (r < 0) if (r < 0)
{ {
printf("crypt_init_by_name() failed for %s.\n", device_name); y_log_message(Y_LOG_LEVEL_ERROR, "crypt_init_by_name() failed for %s.", device_name);
return r; return r;
} }
if (crypt_status(cd, device_name) == CRYPT_ACTIVE) if (crypt_status(cd, device_name) == CRYPT_ACTIVE)
{ {
printf("Device %s is still active.\n", device_name); y_log_message(Y_LOG_LEVEL_ERROR, "Device %s is still active.", device_name);
} }
else else
{ {
printf("Something failed perhaps, device %s is not active.\n", y_log_message(Y_LOG_LEVEL_ERROR, "Something failed perhaps, device %s is not active.",
device_name); device_name);
crypt_free(cd); crypt_free(cd);
return -1; return -1;
...@@ -130,12 +136,12 @@ static int encryption_lock(const char * device_name) ...@@ -130,12 +136,12 @@ static int encryption_lock(const char * device_name)
r = crypt_deactivate(cd, device_name); r = crypt_deactivate(cd, device_name);
if (r < 0) if (r < 0)
{ {
printf("crypt_deactivate() failed.\n"); y_log_message(Y_LOG_LEVEL_ERROR, "crypt_deactivate() failed.");
crypt_free(cd); crypt_free(cd);
return r; return r;
} }
printf("Device %s is now deactivated.\n", device_name); y_log_message(Y_LOG_LEVEL_DEBUG, "Device %s is now deactivated.", device_name);
crypt_free(cd); crypt_free(cd);
return 0; return 0;
} }
...@@ -156,11 +162,11 @@ static int create_encrypted_device(const char * path, const char * password) ...@@ -156,11 +162,11 @@ static int create_encrypted_device(const char * path, const char * password)
r = crypt_init(&cd, path); r = crypt_init(&cd, path);
if (r < 0 ) if (r < 0 )
{ {
printf("crypt_init() failed for %s.\n", path); y_log_message(Y_LOG_LEVEL_ERROR, "crypt_init() failed for %s.", path);
return r; return r;
} }
printf("Context is attached to block device %s.\n", y_log_message(Y_LOG_LEVEL_DEBUG, "Context is attached to block device %s.",
crypt_get_device_name(cd)); crypt_get_device_name(cd));
params.hash = "sha1"; params.hash = "sha1";
...@@ -171,7 +177,7 @@ static int create_encrypted_device(const char * path, const char * password) ...@@ -171,7 +177,7 @@ static int create_encrypted_device(const char * path, const char * password)
if (r < 0) if (r < 0)
{ {
printf("crypt_format() failed on device %s\n", y_log_message(Y_LOG_LEVEL_ERROR, "crypt_format() failed on device %s",
crypt_get_device_name(cd)); crypt_get_device_name(cd));
crypt_free(cd); crypt_free(cd);
return r; return r;
...@@ -181,11 +187,11 @@ static int create_encrypted_device(const char * path, const char * password) ...@@ -181,11 +187,11 @@ static int create_encrypted_device(const char * path, const char * password)
strlen(password)); strlen(password));
if (r < 0) if (r < 0)
{ {
printf("Adding keyslot failed.\n"); y_log_message(Y_LOG_LEVEL_ERROR, "Adding keyslot failed.");
crypt_free(cd); crypt_free(cd);
return r; return r;
} }
printf("The first keyslot is initialized.\n"); y_log_message(Y_LOG_LEVEL_DEBUG, "The first keyslot is initialized.");
crypt_free(cd); crypt_free(cd);
return 0; return 0;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment