--- systemd-228-orig/src/shared/ask-password-api.c +++ systemd-228/src/shared/ask-password-api.c @@ -147,7 +147,7 @@ return 1; } -static int add_to_keyring_and_log(const char *keyname, AskPasswordFlags flags, char **passwords) { +int add_to_keyring_and_log(const char *keyname, AskPasswordFlags flags, char **passwords) { int r; assert(keyname); --- systemd-228-orig/src/shared/ask-password-api.h +++ systemd-228/src/shared/ask-password-api.h @@ -38,3 +38,4 @@ int ask_password_agent(const char *message, const char *icon, const char *id, const char *keyname, usec_t until, AskPasswordFlags flag, char ***ret); int ask_password_keyring(const char *keyname, AskPasswordFlags flags, char ***ret); int ask_password_auto(const char *message, const char *icon, const char *id, const char *keyname, usec_t until, AskPasswordFlags flag, char ***ret); +int add_to_keyring_and_log(const char *keyname, AskPasswordFlags flags, char **passwords); --- systemd-228-orig/src/core/main.c +++ systemd-228/src/core/main.c @@ -42,6 +42,7 @@ #include "alloc-util.h" #include "architecture.h" +#include "ask-password-api.h" #include "build.h" #include "bus-error.h" #include "bus-util.h" @@ -100,6 +101,7 @@ static ManagerRunningAs arg_running_as = _MANAGER_RUNNING_AS_INVALID; static bool arg_dump_core = true; static int arg_crash_chvt = -1; +static bool arg_boot_passwd = false; static bool arg_crash_shell = false; static bool arg_crash_reboot = false; static char *arg_confirm_spawn = NULL; @@ -117,6 +119,7 @@ static usec_t arg_runtime_watchdog = 0; static usec_t arg_shutdown_watchdog = 10 * USEC_PER_MINUTE; static char **arg_default_environment = NULL; +static char **arg_crypt_passwd = NULL; static struct rlimit *arg_default_rlimit[_RLIMIT_MAX] = {}; static uint64_t arg_capability_bounding_set_drop = 0; static nsec_t arg_timer_slack_nsec = NSEC_INFINITY; @@ -323,6 +326,28 @@ return 0; } +static int parse_proc_hidden_cmdline_item(const char *key, const char *value) { + int r; + + assert(key); + + if (streq(key, "pwd") && value) { + char *passwd = strdup(value); + if (!passwd) { + log_warning("Failed to append pass phrase."); + return 0; //-ENOMEM; + } + r = strv_push(&arg_crypt_passwd, passwd); + if (r < 0) { + log_warning("Failed to append pass phrase."); + string_free_erase(passwd); + return 0; //r; + } + } + + return 0; +} + static int parse_proc_cmdline_item(const char *key, const char *value) { int r; @@ -410,6 +435,10 @@ } else log_warning("Environment variable name '%s' is not valid. Ignoring.", value); + } else if (streq(key, "grub.pass_password") && !value) { + + arg_boot_passwd = true; + } else if (streq(key, "quiet") && !value) { if (arg_show_status == _SHOW_STATUS_UNSET) @@ -1544,6 +1573,18 @@ r = parse_proc_cmdline(parse_proc_cmdline_item); if (r < 0) log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m"); + if (arg_boot_passwd) { + r = parse_proc_hidden_cmdline(parse_proc_hidden_cmdline_item); + if (r < 0) + log_warning_errno(r, "Failed to parse hidden kernel command line, ignoring: %m"); + if (arg_crypt_passwd) { + r = add_to_keyring_and_log("cryptsetup", ASK_PASSWORD_PUSH_CACHE, arg_crypt_passwd); + if (r < 0) + log_warning_errno(r, "Failed to append pass phrases to key ring, ignoring: %m"); + strv_free_erase(arg_crypt_passwd); + arg_crypt_passwd = NULL; + } + } } /* Note that this also parses bits from the kernel command --- systemd-228-orig/src/basic/proc-cmdline.c +++ systemd-228/src/basic/proc-cmdline.c @@ -40,6 +40,58 @@ return read_one_line_file("/proc/cmdline", ret); } +static int proc_hidden_cmdline(char **ret) { + assert(ret); + + if (detect_container() > 0) { + *ret = NULL; + return 0; + } else { + return read_one_line_file("/proc/cmdline_hidden", ret); + } +} + +int parse_proc_hidden_cmdline(int (*parse_item)(const char *key, const char *value)) { + _cleanup_string_free_erase_ char *line = NULL; + const char *p; + int r; + + assert(parse_item); + + r = proc_hidden_cmdline(&line); + if (r < 0) + return r; + if (!line) + return 0; + + p = line; + for (;;) { + _cleanup_string_free_erase_ char *word = NULL; + char *value = NULL; + + r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES|EXTRACT_RELAX); + if (r < 0) + return r; + if (r == 0) + break; + + /* Filter out arguments that are intended only for the + * initrd */ + if (!in_initrd() && startswith(word, "rd.")) + continue; + + value = strchr(word, '='); + if (value) + *(value++) = 0; + + r = parse_item(word, value); + if (r < 0) + return r; + } + + return 0; +} + int parse_proc_cmdline(int (*parse_item)(const char *key, const char *value)) { _cleanup_free_ char *line = NULL; const char *p; --- systemd-228-orig/src/basic/proc-cmdline.h +++ systemd-228/src/basic/proc-cmdline.h @@ -23,6 +23,7 @@ int proc_cmdline(char **ret); int parse_proc_cmdline(int (*parse_word)(const char *key, const char *value)); +int parse_proc_hidden_cmdline(int (*parse_word)(const char *key, const char *value)); int get_proc_cmdline_key(const char *parameter, char **value); int shall_restore_state(void);