summaryrefslogtreecommitdiffstats
path: root/tokens
diff options
context:
space:
mode:
Diffstat (limited to 'tokens')
-rw-r--r--tokens/meson.build8
-rw-r--r--tokens/ssh/cryptsetup-ssh.c28
-rw-r--r--tokens/ssh/libcryptsetup-token-ssh.c4
-rw-r--r--tokens/ssh/meson.build39
-rw-r--r--tokens/ssh/ssh-utils.c4
-rw-r--r--tokens/ssh/ssh-utils.h9
6 files changed, 82 insertions, 10 deletions
diff --git a/tokens/meson.build b/tokens/meson.build
new file mode 100644
index 0000000..a772a11
--- /dev/null
+++ b/tokens/meson.build
@@ -0,0 +1,8 @@
+libcryptsetup_token_sym_path = join_paths(meson.current_source_dir(), 'libcryptsetup-token.sym')
+
+token_link_args = [
+ '-Wl,--version-script=' +
+ libcryptsetup_token_sym_path,
+]
+
+subdir('ssh')
diff --git a/tokens/ssh/cryptsetup-ssh.c b/tokens/ssh/cryptsetup-ssh.c
index 7c0bf02..68a414b 100644
--- a/tokens/ssh/cryptsetup-ssh.c
+++ b/tokens/ssh/cryptsetup-ssh.c
@@ -1,8 +1,8 @@
/*
* Example of LUKS2 token storing third party metadata (EXPERIMENTAL EXAMPLE)
*
- * Copyright (C) 2016-2023 Milan Broz
- * Copyright (C) 2021-2023 Vojtech Trefny
+ * Copyright (C) 2016-2024 Milan Broz
+ * Copyright (C) 2021-2024 Vojtech Trefny
*
* Use:
* - generate ssh example token
@@ -47,6 +47,7 @@
#define OPT_DEBUG 5
#define OPT_DEBUG_JSON 6
#define OPT_KEY_SLOT 7
+#define OPT_TOKENS_PATH 8
void tools_cleanup(void)
{
@@ -59,6 +60,7 @@ static int token_add(
const char *user,
const char *path,
const char *keypath,
+ const char *plugin_path,
int keyslot)
{
@@ -68,6 +70,12 @@ static int token_add(
const char *string_token;
int r, token;
+ if (plugin_path) {
+ r = crypt_token_set_external_path(plugin_path);
+ if (r < 0)
+ return r;
+ }
+
r = crypt_init(&cd, device);
if (r)
return r;
@@ -78,15 +86,20 @@ static int token_add(
goto out;
}
- r = -EINVAL;
jobj = json_object_new_object();
- if (!jobj)
+ if (!jobj) {
+ r = -ENOMEM;
goto out;
+ }
/* type is mandatory field in all tokens and must match handler name member */
json_object_object_add(jobj, "type", json_object_new_string(TOKEN_NAME));
jobj_keyslots = json_object_new_array();
+ if (!jobj_keyslots) {
+ r = -ENOMEM;
+ goto out;
+ }
/* mandatory array field (may be empty and assigned later */
json_object_object_add(jobj, "keyslots", jobj_keyslots);
@@ -143,6 +156,8 @@ static struct argp_option options[] = {
{"ssh-user", OPT_SSH_USER, "STRING", 0, N_("Username used for the remote server")},
{"ssh-path", OPT_SSH_PATH, "STRING", 0, N_("Path to the key file on the remote server")},
{"ssh-keypath", OPT_KEY_PATH, "STRING", 0, N_("Path to the SSH key for connecting to the remote server")},
+ {"external-tokens-path",
+ OPT_TOKENS_PATH,"STRING", 0, N_("Path to directory containinig libcryptsetup external tokens")},
{"key-slot", OPT_KEY_SLOT, "NUM", 0, N_("Keyslot to assign the token to. If not specified, token will "\
"be assigned to the first keyslot matching provided passphrase.")},
{0, 0, 0, 0, N_("Generic options:")},
@@ -159,6 +174,7 @@ struct arguments {
char *ssh_user;
char *ssh_path;
char *ssh_keypath;
+ char *ssh_plugin_path;
int keyslot;
int verbose;
int debug;
@@ -182,6 +198,9 @@ parse_opt (int key, char *arg, struct argp_state *state) {
case OPT_KEY_PATH:
arguments->ssh_keypath = arg;
break;
+ case OPT_TOKENS_PATH:
+ arguments->ssh_plugin_path = arg;
+ break;
case OPT_KEY_SLOT:
arguments->keyslot = atoi(arg);
break;
@@ -408,6 +427,7 @@ int main(int argc, char *argv[])
arguments.ssh_user,
arguments.ssh_path,
arguments.ssh_keypath,
+ arguments.ssh_plugin_path,
arguments.keyslot);
if (ret < 0)
return EXIT_FAILURE;
diff --git a/tokens/ssh/libcryptsetup-token-ssh.c b/tokens/ssh/libcryptsetup-token-ssh.c
index 639b25d..ac85f89 100644
--- a/tokens/ssh/libcryptsetup-token-ssh.c
+++ b/tokens/ssh/libcryptsetup-token-ssh.c
@@ -1,8 +1,8 @@
/*
* Example of LUKS2 ssh token handler (EXPERIMENTAL)
*
- * Copyright (C) 2016-2023 Milan Broz
- * Copyright (C) 2020-2023 Vojtech Trefny
+ * Copyright (C) 2016-2024 Milan Broz
+ * Copyright (C) 2020-2024 Vojtech Trefny
*
* Use:
* - generate LUKS device
diff --git a/tokens/ssh/meson.build b/tokens/ssh/meson.build
new file mode 100644
index 0000000..dba1d76
--- /dev/null
+++ b/tokens/ssh/meson.build
@@ -0,0 +1,39 @@
+tokens_ssh_build_dir = meson.current_build_dir()
+
+if get_option('ssh-token')
+ if not enable_static
+ libcryptsetup_token_ssh = shared_library(
+ 'cryptsetup-token-ssh',
+ [
+ 'libcryptsetup-token-ssh.c',
+ 'ssh-utils.c',
+ ],
+ dependencies: [
+ jsonc,
+ libssh,
+ ],
+ link_with: libcryptsetup,
+ link_args: token_link_args,
+ include_directories: includes_tools + ['..'])
+ endif
+
+ cryptsetup_ssh_files = files(
+ 'cryptsetup-ssh.c',
+ 'ssh-utils.c',
+ )
+ cryptsetup_ssh_files += lib_ssh_token_files
+ cryptsetup_ssh_files += src_ssh_token_files
+
+ cryptsetup_ssh = executable('cryptsetup-ssh',
+ cryptsetup_ssh_files,
+ dependencies: [
+ argp,
+ jsonc,
+ libssh,
+ passwdqc,
+ popt,
+ pwquality,
+ ],
+ link_with: libcryptsetup,
+ include_directories: includes_tools + ['..'])
+endif
diff --git a/tokens/ssh/ssh-utils.c b/tokens/ssh/ssh-utils.c
index 564d858..07638ba 100644
--- a/tokens/ssh/ssh-utils.c
+++ b/tokens/ssh/ssh-utils.c
@@ -1,8 +1,8 @@
/*
* ssh plugin utilities
*
- * Copyright (C) 2016-2023 Milan Broz
- * Copyright (C) 2020-2023 Vojtech Trefny
+ * Copyright (C) 2016-2024 Milan Broz
+ * Copyright (C) 2020-2024 Vojtech Trefny
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
diff --git a/tokens/ssh/ssh-utils.h b/tokens/ssh/ssh-utils.h
index a491275..19fe61e 100644
--- a/tokens/ssh/ssh-utils.h
+++ b/tokens/ssh/ssh-utils.h
@@ -1,8 +1,8 @@
/*
* ssh plugin utilities
*
- * Copyright (C) 2016-2023 Milan Broz
- * Copyright (C) 2020-2023 Vojtech Trefny
+ * Copyright (C) 2016-2024 Milan Broz
+ * Copyright (C) 2020-2024 Vojtech Trefny
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -19,6 +19,9 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
+#ifndef SSH_UTILS_H
+#define SSH_UTILS_H
+
#include <libssh/libssh.h>
#include <libssh/sftp.h>
#include <libcryptsetup.h>
@@ -27,3 +30,5 @@ int sshplugin_download_password(struct crypt_device *cd, ssh_session ssh,
const char *path, char **password, size_t *password_len);
ssh_session sshplugin_session_init(struct crypt_device *cd, const char *host, const char *user);
int sshplugin_public_key_auth(struct crypt_device *cd, ssh_session ssh, const ssh_key pkey);
+
+#endif /* SSH_UTILS_H */