From 340ee8bb30b4db4e9b52b78743b1a1be8ba74a2e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Rapha=C3=ABl=20Gertz?= Date: Mon, 24 Sep 2018 18:09:56 +0200 Subject: [PATCH] Default to 503 code Add base for systemd-cryptsetupd implementation the day it's fixed Don't kill ihttpd process anymore, only askpassword one Add a half second sleep before killing askpassword process to let device popup correctly Continue process on already unlocked and valid devices --- SOURCES/index.bin.c | 65 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 52 insertions(+), 13 deletions(-) diff --git a/SOURCES/index.bin.c b/SOURCES/index.bin.c index e6780a1..a71c252 100644 --- a/SOURCES/index.bin.c +++ b/SOURCES/index.bin.c @@ -65,6 +65,9 @@ //Default cryptsetup #define CRYPTSETUP "/sbin/cryptsetup" +//Systemd cryptsetup +#define SYSTEMDCRYPTSETUP "/usr/lib/systemd/systemd-cryptsetup" + //Default pid file #define IHTTPDPID "/run/ihttpd/ihttpd.pid" @@ -87,7 +90,8 @@ const struct httpStatusStruct httpStatuses[] = { {400, "Bad Request"}, {405, "Method Not Allowed"}, {411, "Length Required"}, - {500, "Internal Server Error"} + {500, "Internal Server Error"}, + {503, "Service Unavailable"} }; /** @@ -137,6 +141,9 @@ void header(const int code, const char *ctype) { case 500: k = 4; break; + case 503: + k = 5; + break; default: k = 0; } @@ -154,7 +161,7 @@ void header(const int code, const char *ctype) { * Show form */ void showForm(const char *requestUri, const int keyfileSizeMax, const int passphraseSizeMax) { - header(200, "text/html"); + header(503, "text/html"); printf("\r\n"); printf("\r\n"); printf("Key upload form\r\n"); @@ -757,7 +764,6 @@ int extractIHttpdPid(pid_t *pid) { * Main function */ int main(int argc, char **argv) { - //Get request method char *requestMethod = getenv("REQUEST_METHOD"); @@ -794,6 +800,9 @@ int main(int argc, char **argv) { //Declare luks and device char *luks = NULL, *device = NULL; + //Declare cargv + char **cargv = NULL; + //Pairs of pipe for stdin, stdout and stderr int inPipe[2], errPipe[2]; @@ -831,12 +840,32 @@ int main(int argc, char **argv) { die(500, "Failed to extract value"); } - //Extract luks and device if ((ret = extractLuksDevice(&luks, &device)) < 0) { die(500, "Failed to extract luks and device"); } + //Declare cargv array + char *cargvs[] = { CRYPTSETUP, "-d", "-", "luksOpen", device, luks, NULL }; + //TODO: device cannot be an UUID=xyz, a resolved block device is required for it + char *scargvs[] = { SYSTEMDCRYPTSETUP, "attach", luks, device, "-", NULL }; + + //Check cryptsetup binary + if (access(CRYPTSETUP, F_OK|X_OK) == -1) { + //Check systemdcryptsetup binary + if (access(SYSTEMDCRYPTSETUP, F_OK|X_OK) == -1) { + die(500, "No cryptsetup available"); + } else { + //Set contextual env + //TODO: resolve UUID in real device name + //TODO: passing password through the socket is not possible, as it rely on password ending with \0 + die(500, "systemd-cryptsetupd is not implementable"); + } + } else { + //Set contextual env + cargv = cargvs; + } + //Create stdin pipe if (pipe(inPipe) == -1) { die(500, "Failed to create in pipe"); @@ -854,8 +883,7 @@ int main(int argc, char **argv) { //Child process if (pid == 0) { - //Child argv - char *cargv[] = { CRYPTSETUP, "-d", "-", "luksOpen", device, luks, NULL }; + //Child arge char *carge[] = { NULL }; //Free value free(value); @@ -873,8 +901,9 @@ int main(int argc, char **argv) { //Close errPipe close(errPipe[0]); close(errPipe[1]); + //Call cryptsetup - if (execve(CRYPTSETUP, cargv, carge) == -1) { + if (execve(cargv[0], cargv, carge) == -1) { die(500, "Failed to call cryptsetup"); } //Parent process @@ -904,15 +933,15 @@ int main(int argc, char **argv) { die(500, "Failed to wait child"); } - //Handle already unlocked device - if (ret == 1280) { - die(200, "Device already unlocked"); //Handle already in use device - } else if (ret == 5) { + if (ret == 5) { die(500, "Device already in use"); + //Handle already unlocked device + //} else if (ret == 1280) { + // die(200, "Device already unlocked"); //Handle invalid luks device - } else if (ret == 256) { - die(500, "Device is now a valid device"); + //} else if (ret == 256) { + // die(500, "Device is now a valid device"); //Handle no key available with this passphrase } else if (ret == 512) { die(500, "No slot for this value"); @@ -960,6 +989,8 @@ int main(int argc, char **argv) { close(errPipe[0]); } +//Removed as it was making fail the process of booting sometimes +#if 0 //Fork process if ((pid = fork()) == -1) { die(500, "Failed to fork"); @@ -1038,6 +1069,12 @@ int main(int argc, char **argv) { //Parent process } else { +#endif + + //Sleep before killing askpassword process + if (usleep(500000) == -1) { + die(500, "Usleep failed"); + } //Fork process if ((pid = fork()) == -1) { @@ -1127,7 +1164,9 @@ int main(int argc, char **argv) { } +#if 0 } +#endif } -- 2.41.1