From: Milan Broz Date: Thu, 16 Jul 2009 12:59:00 +0000 (+0000) Subject: Allow removal of last slot in luksRemoveKey and luksKillSlot. X-Git-Tag: upstream/1.6~757 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=fc2cfe7a3225420a687de5a890e0e185956fdbf6;p=platform%2Fupstream%2Fcryptsetup.git Allow removal of last slot in luksRemoveKey and luksKillSlot. git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@65 36d66b0a-2a48-0410-832c-cd162a569da5 --- diff --git a/ChangeLog b/ChangeLog index 8395021..dbaf79f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2009-07-16 Milan Broz + * Allow removal of last slot in luksRemoveKey and luksKillSlot. + 2009-07-11 Milan Broz * Add --disable-selinux option and fix static build if selinux is required. diff --git a/lib/setup.c b/lib/setup.c index 7dc9607..efda6ef 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -673,7 +673,7 @@ static int luks_remove_helper(int arg, struct setup_backend *backend, struct cry const char *device = options->device; int keyIndex; int openedIndex; - int r; + int r, last_slot; if (!LUKS_device_ready(options->device, O_RDWR)) return -ENOTBLK; @@ -694,11 +694,10 @@ static int luks_remove_helper(int arg, struct setup_backend *backend, struct cry keyIndex = options->key_slot; } - if(LUKS_is_last_keyslot(options->device, keyIndex) && - !(options->icb->yesDialog(_("This is the last keyslot. Device will become unusable after purging this key.")))) { - r = -EINVAL; - goto out; - } + last_slot = LUKS_is_last_keyslot(options->device, keyIndex); + if(last_slot && !(options->icb->yesDialog(_("This is the last keyslot. Device will become unusable after purging this key.")))) { + r = -EINVAL; goto out; + } if(options->flags & CRYPT_FLAG_VERIFY_ON_DELKEY) { options->flags &= ~CRYPT_FLAG_VERIFY_ON_DELKEY; @@ -712,7 +711,9 @@ static int luks_remove_helper(int arg, struct setup_backend *backend, struct cry options->icb->log(CRYPT_LOG_ERROR,"Failed to access device.\n"); r = -EIO; goto out; } - hdr.keyblock[keyIndex].active = LUKS_KEY_DISABLED; + + if(!last_slot) + hdr.keyblock[keyIndex].active = LUKS_KEY_DISABLED; openedIndex = LUKS_open_any_key_with_hdr(device, password, passwordLen, &hdr, &mk, backend); /* Clean up */ diff --git a/luks/Makefile.am b/luks/Makefile.am index 47d63ed..c914769 100644 --- a/luks/Makefile.am +++ b/luks/Makefile.am @@ -157,7 +157,16 @@ test: @../src/cryptsetup -v remove dummy @echo "success" -# Format test for ESSIV, and some other parameters. +# Delete last slot + @echo Case: delete last key + @cp $(IMG) $(ORIG_IMG) + @echo "key0" | ../src/cryptsetup -v luksFormat $(LOOPDEV) + echo "key0" | ../src/cryptsetup -v luksKillSlot $(LOOPDEV) 0 + @sync + echo "key0" | ../src/cryptsetup -v luksOpen $(LOOPDEV) dummy 2>/dev/null || true + @echo "success" + +# Format test for ESSIV, and some other parameters. @echo Case: parameter variation test @dd if=/dev/zero of=$(IMG) count=20000 @cp $(IMG) $(ORIG_IMG) diff --git a/man/cryptsetup.8 b/man/cryptsetup.8 index 9173e83..c5c63d5 100644 --- a/man/cryptsetup.8 +++ b/man/cryptsetup.8 @@ -124,7 +124,7 @@ set up a read-only mapping. The number of milliseconds to spend with PBKDF2 password processing. This option is only relevant to the LUKS operations as \fIluksFormat\fR or \fIluksAddKey\fR. .TP .B "\-\-batch-mode, \-q" -Do not ask for confirmation. This option is only relevant for \fIluksFormat\fR. +Do not ask for confirmation. Use with care! This option is only relevant for \fIluksFormat\fR,\fIluksAddKey\fR,\fIluksRemoveKey\fR or \fIluksKillSlot\fR. .TP .B "\-\-timeout, \-t" The number of seconds to wait before timeout. This option is relevant every time a password is asked, like \fIcreate\fR, \fIluksOpen\fR, \fIluksFormat\fR or \fIluksAddKey\fR. It has no effect if used in conjunction with \-\-key-file.