if (r < 0)
return r;
+ if (mode != O_RDONLY && dmd.flags & CRYPT_ACTIVATE_READONLY) {
+ log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
+ device_path(device));
+ return -EACCES;
+ }
cleaner_size = dmd.size;
return dm_create_device(name, "TEMP", &dmd, 0);
}
r = setup_mapping(dmCipherSpec, name, bsize, vk, sector, srcLength, mode, ctx);
if(r < 0) {
- log_err(ctx, _("Failed to setup dm-crypt key mapping for device %s.\n"
+ if (r != -EACCES)
+ log_err(ctx, _("Failed to setup dm-crypt key mapping for device %s.\n"
"Check that kernel supports %s cipher (check syslog for more info).\n%s"),
device_path(crypt_metadata_device(ctx)), dmCipherSpec,
_error_hint(hdr->cipherMode, vk->keylength * 8));
r = func(devfd, bsize, src, srcLength);
if(r < 0) {
+ log_err(ctx, "errno = %i\n", errno);
log_err(ctx, _("Failed to access temporary keystore device.\n"));
r = -EIO;
goto out3;
devfd = open(device_path(device), O_WRONLY | O_DIRECT | O_SYNC);
if(devfd == -1) {
- log_err(ctx, _("Cannot open device %s.\n"), device_path(device));
+ if (errno == EACCES)
+ log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
+ device_path(device));
+ else
+ log_err(ctx, _("Cannot open device %s.\n"), device_path(device));
r = -EINVAL;
goto out;
}
devfd = open(device_path(device), O_RDWR | O_DIRECT | O_SYNC);
if(-1 == devfd) {
- log_err(ctx, _("Cannot open device %s.\n"), device_path(device));
+ if (errno == EACCES)
+ log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
+ device_path(device));
+ else
+ log_err(ctx, _("Cannot open device %s.\n"), device_path(device));
return -EINVAL;
}
derived_key,
hdr->keyblock[keyIndex].keyMaterialOffset,
ctx);
- if (r < 0) {
- log_err(ctx, _("Failed to write to key storage.\n"));
+ if (r < 0)
goto out;
- }
/* Mark the key as active in phdr */
r = LUKS_keyslot_set(hdr, (int)keyIndex, 1);
derived_key,
hdr->keyblock[keyIndex].keyMaterialOffset,
ctx);
- if (r < 0) {
- log_err(ctx, _("Failed to read from key storage.\n"));
+ if (r < 0)
goto out;
- }
r = AF_merge(AfKey,vk->key,vk->keylength,hdr->keyblock[keyIndex].stripes,hdr->hashSpec);
if (r < 0)
(endOffset - startOffset) * SECTOR_SIZE,
CRYPT_WIPE_DISK, 0);
if (r) {
- log_err(ctx, _("Cannot wipe device %s.\n"), device_path(device));
+ if (r == -EACCES) {
+ log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
+ device_path(device));
+ r = -EINVAL;
+ } else
+ log_err(ctx, _("Cannot wipe device %s.\n"),
+ device_path(device));
return r;
}
if (r == -EBUSY)
log_err(cd, _("Cannot format device %s which is still in use.\n"),
mdata_device_path(cd));
- else
+ else if (r == -EACCES) {
+ log_err(cd, _("Cannot format device %s, permission denied.\n"),
+ mdata_device_path(cd));
+ r = -EINVAL;
+ } else
log_err(cd, _("Cannot wipe header on device %s.\n"),
mdata_device_path(cd));
if (S_ISREG(st.st_mode)) {
//FIXME: add readonly check
-
*size = (uint64_t)st.st_size;
*size >>= SECTOR_SHIFT;
} else {
devfd = open(device_path(device), flags);
if (devfd == -1) {
free(buffer);
- return errno == EBUSY ? -EBUSY : -EINVAL;
+ return errno ? -errno : -EINVAL;
}
// FIXME: use fixed block size and loop here