From 07815c24cd193176ee258f3d20901453a6d07340 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Mon, 13 Aug 2012 16:54:41 +0200
Subject: [PATCH] Print better error message if device is read-only etc.

---
 lib/luks1/keyencryption.c |  9 ++++++++-
 lib/luks1/keymanage.c     | 28 +++++++++++++++++++---------
 lib/setup.c               |  6 +++++-
 lib/utils_device.c        |  1 -
 lib/utils_wipe.c          |  2 +-
 5 files changed, 33 insertions(+), 13 deletions(-)

diff --git a/lib/luks1/keyencryption.c b/lib/luks1/keyencryption.c
index 4dc4e4b..f56fa1f 100644
--- a/lib/luks1/keyencryption.c
+++ b/lib/luks1/keyencryption.c
@@ -79,6 +79,11 @@ static int setup_mapping(const char *cipher, const char *name,
 	if (r < 0)
 		return r;
 
+	if (mode != O_RDONLY && dmd.flags & CRYPT_ACTIVATE_READONLY) {
+		log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
+			device_path(device));
+		return -EACCES;
+	}
 	cleaner_size = dmd.size;
 	return dm_create_device(name, "TEMP", &dmd, 0);
 }
@@ -138,7 +143,8 @@ static int LUKS_endec_template(char *src, size_t srcLength,
 
 	r = setup_mapping(dmCipherSpec, name, bsize, vk, sector, srcLength, mode, ctx);
 	if(r < 0) {
-		log_err(ctx, _("Failed to setup dm-crypt key mapping for device %s.\n"
+		if (r != -EACCES)
+			log_err(ctx, _("Failed to setup dm-crypt key mapping for device %s.\n"
 			"Check that kernel supports %s cipher (check syslog for more info).\n%s"),
 			device_path(crypt_metadata_device(ctx)), dmCipherSpec,
 			_error_hint(hdr->cipherMode, vk->keylength * 8));
@@ -155,6 +161,7 @@ static int LUKS_endec_template(char *src, size_t srcLength,
 
 	r = func(devfd, bsize, src, srcLength);
 	if(r < 0) {
+		log_err(ctx, "errno = %i\n", errno);
 		log_err(ctx, _("Failed to access temporary keystore device.\n"));
 		r = -EIO;
 		goto out3;
diff --git a/lib/luks1/keymanage.c b/lib/luks1/keymanage.c
index 626229e..0ba2c93 100644
--- a/lib/luks1/keymanage.c
+++ b/lib/luks1/keymanage.c
@@ -286,7 +286,11 @@ int LUKS_hdr_restore(
 
 	devfd = open(device_path(device), O_WRONLY | O_DIRECT | O_SYNC);
 	if(devfd == -1) {
-		log_err(ctx, _("Cannot open device %s.\n"), device_path(device));
+		if (errno == EACCES)
+			log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
+				device_path(device));
+		else
+			log_err(ctx, _("Cannot open device %s.\n"), device_path(device));
 		r = -EINVAL;
 		goto out;
 	}
@@ -545,7 +549,11 @@ int LUKS_write_phdr(struct luks_phdr *hdr,
 
 	devfd = open(device_path(device), O_RDWR | O_DIRECT | O_SYNC);
 	if(-1 == devfd) {
-		log_err(ctx, _("Cannot open device %s.\n"), device_path(device));
+		if (errno == EACCES)
+			log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
+				device_path(device));
+		else
+			log_err(ctx, _("Cannot open device %s.\n"), device_path(device));
 		return -EINVAL;
 	}
 
@@ -799,10 +807,8 @@ int LUKS_set_key(unsigned int keyIndex,
 				    derived_key,
 				    hdr->keyblock[keyIndex].keyMaterialOffset,
 				    ctx);
-	if (r < 0) {
-		log_err(ctx, _("Failed to write to key storage.\n"));
+	if (r < 0)
 		goto out;
-	}
 
 	/* Mark the key as active in phdr */
 	r = LUKS_keyslot_set(hdr, (int)keyIndex, 1);
@@ -882,10 +888,8 @@ static int LUKS_open_key(unsigned int keyIndex,
 				      derived_key,
 				      hdr->keyblock[keyIndex].keyMaterialOffset,
 				      ctx);
-	if (r < 0) {
-		log_err(ctx, _("Failed to read from key storage.\n"));
+	if (r < 0)
 		goto out;
-	}
 
 	r = AF_merge(AfKey,vk->key,vk->keylength,hdr->keyblock[keyIndex].stripes,hdr->hashSpec);
 	if (r < 0)
@@ -960,7 +964,13 @@ int LUKS_del_key(unsigned int keyIndex,
 		       (endOffset - startOffset) * SECTOR_SIZE,
 		       CRYPT_WIPE_DISK, 0);
 	if (r) {
-		log_err(ctx, _("Cannot wipe device %s.\n"), device_path(device));
+		if (r == -EACCES) {
+			log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
+				device_path(device));
+			r = -EINVAL;
+		} else
+			log_err(ctx, _("Cannot wipe device %s.\n"),
+				device_path(device));
 		return r;
 	}
 
diff --git a/lib/setup.c b/lib/setup.c
index b9e43af..731b51f 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -954,7 +954,11 @@ static int _crypt_format_luks1(struct crypt_device *cd,
 		if (r == -EBUSY)
 			log_err(cd, _("Cannot format device %s which is still in use.\n"),
 				mdata_device_path(cd));
-		else
+		else if (r == -EACCES) {
+			log_err(cd, _("Cannot format device %s, permission denied.\n"),
+				mdata_device_path(cd));
+			r = -EINVAL;
+		} else
 			log_err(cd, _("Cannot wipe header on device %s.\n"),
 				mdata_device_path(cd));
 
diff --git a/lib/utils_device.c b/lib/utils_device.c
index 5618eb7..3008ff3 100644
--- a/lib/utils_device.c
+++ b/lib/utils_device.c
@@ -296,7 +296,6 @@ static int device_info(struct device *device,
 
 	if (S_ISREG(st.st_mode)) {
 		//FIXME: add readonly check
-
 		*size = (uint64_t)st.st_size;
 		*size >>= SECTOR_SHIFT;
 	} else {
diff --git a/lib/utils_wipe.c b/lib/utils_wipe.c
index ef3883c..e6190e4 100644
--- a/lib/utils_wipe.c
+++ b/lib/utils_wipe.c
@@ -163,7 +163,7 @@ int crypt_wipe(struct device *device,
 	devfd = open(device_path(device), flags);
 	if (devfd == -1) {
 		free(buffer);
-		return errno == EBUSY ? -EBUSY : -EINVAL;
+		return errno ? -errno : -EINVAL;
 	}
 
 	// FIXME: use fixed block size and loop here
-- 
2.7.4