diff options
Diffstat (limited to 'tokens/ssh')
| -rw-r--r-- | tokens/ssh/cryptsetup-ssh.c | 28 | ||||
| -rw-r--r-- | tokens/ssh/libcryptsetup-token-ssh.c | 4 | ||||
| -rw-r--r-- | tokens/ssh/meson.build | 39 | ||||
| -rw-r--r-- | tokens/ssh/ssh-utils.c | 4 | ||||
| -rw-r--r-- | tokens/ssh/ssh-utils.h | 9 |
5 files changed, 74 insertions, 10 deletions
diff --git a/tokens/ssh/cryptsetup-ssh.c b/tokens/ssh/cryptsetup-ssh.c index 7c0bf02..68a414b 100644 --- a/tokens/ssh/cryptsetup-ssh.c +++ b/tokens/ssh/cryptsetup-ssh.c @@ -1,8 +1,8 @@ /* * Example of LUKS2 token storing third party metadata (EXPERIMENTAL EXAMPLE) * - * Copyright (C) 2016-2023 Milan Broz - * Copyright (C) 2021-2023 Vojtech Trefny + * Copyright (C) 2016-2024 Milan Broz + * Copyright (C) 2021-2024 Vojtech Trefny * * Use: * - generate ssh example token @@ -47,6 +47,7 @@ #define OPT_DEBUG 5 #define OPT_DEBUG_JSON 6 #define OPT_KEY_SLOT 7 +#define OPT_TOKENS_PATH 8 void tools_cleanup(void) { @@ -59,6 +60,7 @@ static int token_add( const char *user, const char *path, const char *keypath, + const char *plugin_path, int keyslot) { @@ -68,6 +70,12 @@ static int token_add( const char *string_token; int r, token; + if (plugin_path) { + r = crypt_token_set_external_path(plugin_path); + if (r < 0) + return r; + } + r = crypt_init(&cd, device); if (r) return r; @@ -78,15 +86,20 @@ static int token_add( goto out; } - r = -EINVAL; jobj = json_object_new_object(); - if (!jobj) + if (!jobj) { + r = -ENOMEM; goto out; + } /* type is mandatory field in all tokens and must match handler name member */ json_object_object_add(jobj, "type", json_object_new_string(TOKEN_NAME)); jobj_keyslots = json_object_new_array(); + if (!jobj_keyslots) { + r = -ENOMEM; + goto out; + } /* mandatory array field (may be empty and assigned later */ json_object_object_add(jobj, "keyslots", jobj_keyslots); @@ -143,6 +156,8 @@ static struct argp_option options[] = { {"ssh-user", OPT_SSH_USER, "STRING", 0, N_("Username used for the remote server")}, {"ssh-path", OPT_SSH_PATH, "STRING", 0, N_("Path to the key file on the remote server")}, {"ssh-keypath", OPT_KEY_PATH, "STRING", 0, N_("Path to the SSH key for connecting to the remote server")}, + {"external-tokens-path", + OPT_TOKENS_PATH,"STRING", 0, N_("Path to directory containinig libcryptsetup external tokens")}, {"key-slot", OPT_KEY_SLOT, "NUM", 0, N_("Keyslot to assign the token to. If not specified, token will "\ "be assigned to the first keyslot matching provided passphrase.")}, {0, 0, 0, 0, N_("Generic options:")}, @@ -159,6 +174,7 @@ struct arguments { char *ssh_user; char *ssh_path; char *ssh_keypath; + char *ssh_plugin_path; int keyslot; int verbose; int debug; @@ -182,6 +198,9 @@ parse_opt (int key, char *arg, struct argp_state *state) { case OPT_KEY_PATH: arguments->ssh_keypath = arg; break; + case OPT_TOKENS_PATH: + arguments->ssh_plugin_path = arg; + break; case OPT_KEY_SLOT: arguments->keyslot = atoi(arg); break; @@ -408,6 +427,7 @@ int main(int argc, char *argv[]) arguments.ssh_user, arguments.ssh_path, arguments.ssh_keypath, + arguments.ssh_plugin_path, arguments.keyslot); if (ret < 0) return EXIT_FAILURE; diff --git a/tokens/ssh/libcryptsetup-token-ssh.c b/tokens/ssh/libcryptsetup-token-ssh.c index 639b25d..ac85f89 100644 --- a/tokens/ssh/libcryptsetup-token-ssh.c +++ b/tokens/ssh/libcryptsetup-token-ssh.c @@ -1,8 +1,8 @@ /* * Example of LUKS2 ssh token handler (EXPERIMENTAL) * - * Copyright (C) 2016-2023 Milan Broz - * Copyright (C) 2020-2023 Vojtech Trefny + * Copyright (C) 2016-2024 Milan Broz + * Copyright (C) 2020-2024 Vojtech Trefny * * Use: * - generate LUKS device diff --git a/tokens/ssh/meson.build b/tokens/ssh/meson.build new file mode 100644 index 0000000..dba1d76 --- /dev/null +++ b/tokens/ssh/meson.build @@ -0,0 +1,39 @@ +tokens_ssh_build_dir = meson.current_build_dir() + +if get_option('ssh-token') + if not enable_static + libcryptsetup_token_ssh = shared_library( + 'cryptsetup-token-ssh', + [ + 'libcryptsetup-token-ssh.c', + 'ssh-utils.c', + ], + dependencies: [ + jsonc, + libssh, + ], + link_with: libcryptsetup, + link_args: token_link_args, + include_directories: includes_tools + ['..']) + endif + + cryptsetup_ssh_files = files( + 'cryptsetup-ssh.c', + 'ssh-utils.c', + ) + cryptsetup_ssh_files += lib_ssh_token_files + cryptsetup_ssh_files += src_ssh_token_files + + cryptsetup_ssh = executable('cryptsetup-ssh', + cryptsetup_ssh_files, + dependencies: [ + argp, + jsonc, + libssh, + passwdqc, + popt, + pwquality, + ], + link_with: libcryptsetup, + include_directories: includes_tools + ['..']) +endif diff --git a/tokens/ssh/ssh-utils.c b/tokens/ssh/ssh-utils.c index 564d858..07638ba 100644 --- a/tokens/ssh/ssh-utils.c +++ b/tokens/ssh/ssh-utils.c @@ -1,8 +1,8 @@ /* * ssh plugin utilities * - * Copyright (C) 2016-2023 Milan Broz - * Copyright (C) 2020-2023 Vojtech Trefny + * Copyright (C) 2016-2024 Milan Broz + * Copyright (C) 2020-2024 Vojtech Trefny * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/tokens/ssh/ssh-utils.h b/tokens/ssh/ssh-utils.h index a491275..19fe61e 100644 --- a/tokens/ssh/ssh-utils.h +++ b/tokens/ssh/ssh-utils.h @@ -1,8 +1,8 @@ /* * ssh plugin utilities * - * Copyright (C) 2016-2023 Milan Broz - * Copyright (C) 2020-2023 Vojtech Trefny + * Copyright (C) 2016-2024 Milan Broz + * Copyright (C) 2020-2024 Vojtech Trefny * * This file is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -19,6 +19,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#ifndef SSH_UTILS_H +#define SSH_UTILS_H + #include <libssh/libssh.h> #include <libssh/sftp.h> #include <libcryptsetup.h> @@ -27,3 +30,5 @@ int sshplugin_download_password(struct crypt_device *cd, ssh_session ssh, const char *path, char **password, size_t *password_len); ssh_session sshplugin_session_init(struct crypt_device *cd, const char *host, const char *user); int sshplugin_public_key_auth(struct crypt_device *cd, ssh_session ssh, const ssh_key pkey); + +#endif /* SSH_UTILS_H */ |