cryptsetup: when unlocking always put path to the object into Id

Some ask-password agents (e.g. clevis-luks-askpass) use Id option from
/run/systemd/ask-password/ask* file in order to obtain the password for
the device.

Id option should be in the following format,
e.g. Id=subsystem:data. Where data part is supposed to identify object
that ask-password query is done for. Since
e51b9486d1b59e72c293028fed1384f4e4ef09aa this field has format
Id=cryptsetup:/dev/block/major:minor when systemd-cryptsetup is
unlocking encrypted block device. However, crypttab also supports
encrypted image files in which case we usually set data part of Id to
"vol on mountpoint". This is unexpected and actually breaks network
based device encryption as implemented by clevis.

Example:
$ cat /etc/crypttab
clevis-unlocked /clevis-test-disk-image none luks,_netdev
$ systemctl start 'systemd-cryptsetup@clevis\x2dunlocked.service'
$ grep Id /run/systemd/ask-password/ask*

Before:
$ Id=cryptsetup:clevis-unlocked on /clevis-test-disk-image-mnt

After:
$ Id=cryptsetup:/clevis-test-disk-image

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index ab4d24c..b6d965e 100644 (file)
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -365,7 +365,7 @@ static int get_password(const char *vol, const char *src, usec_t until, bool acc
                 escaped_name = maj_min;
                 maj_min = NULL;
         } else
-                escaped_name = cescape(name);
+                escaped_name = cescape(src);
 
         if (!escaped_name)
                 return log_oom();