25976879819

Committed 16 May 2026 07:16PM UTC coverage: 72.329% (-0.2%) from 72.557%

Build # 25976879819

Build Type

push

github

Committed by

web-flow

Commit Message

sd-dhcp-client: two tiny cleanups (#42129)

Coverage Stats

22 of 32 new or added lines in 4 files covered. (68.75%)

4308 existing lines in 77 files now uncovered.

328373 of 453998 relevant lines covered (72.33%)

1552889.91 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

59.57

/src/integritysetup/integritysetup.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <stdio.h>
#include <sys/stat.h>

#include "alloc-util.h"
#include "argv-util.h"
#include "cryptsetup-util.h"
#include "fileio.h"
#include "format-table.h"
#include "help-util.h"
#include "integrity-util.h"
#include "log.h"
#include "main-func.h"
#include "path-util.h"
#include "string-table.h"
#include "string-util.h"
#include "strv.h"
#include "time-util.h"
#include "verbs.h"

static uint32_t arg_activate_flags;
static int arg_percent;
static usec_t arg_commit_time;
static char *arg_existing_data_device;
static IntegrityAlgorithm arg_integrity_algorithm = _INTEGRITY_ALGORITHM_INVALID;

STATIC_DESTRUCTOR_REGISTER(arg_existing_data_device, freep);

/* Integrity algorithm names used by dm-integrity */
static const char* const dm_integrity_algorithm_table[_INTEGRITY_ALGORITHM_MAX] = {
        [INTEGRITY_ALGORITHM_CRC32]        = "crc32",
        [INTEGRITY_ALGORITHM_CRC32C]       = "crc32c",
        [INTEGRITY_ALGORITHM_XXHASH64]     = "xxhash64",
        [INTEGRITY_ALGORITHM_SHA1]         = "sha1",
        [INTEGRITY_ALGORITHM_SHA256]       = "sha256",
        [INTEGRITY_ALGORITHM_HMAC_SHA256]  = "hmac(sha256)",
        [INTEGRITY_ALGORITHM_HMAC_SHA512]  = "hmac(sha512)",
        [INTEGRITY_ALGORITHM_PHMAC_SHA256] = "phmac(sha256)",
        [INTEGRITY_ALGORITHM_PHMAC_SHA512] = "phmac(sha512)",
};

DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(dm_integrity_algorithm, IntegrityAlgorithm);

static int help(void) {
        _cleanup_(table_unrefp) Table *verbs = NULL;
        int r;

        r = verbs_get_help_table(&verbs);
        if (r < 0)
                return r;

        help_cmdline("COMMAND ...");
        help_abstract("Attach or detach an integrity protected block device.");

        help_section("Commands");
        r = table_print_or_warn(verbs);
        if (r < 0)
                return r;

        help_man_page_reference("systemd-integritysetup@.service", "8");
        return 0;
}

static int load_key_file(
                const char *key_file,
                void **ret_key_file_contents,
                size_t *ret_key_file_size) {
        int r;
        _cleanup_(erase_and_freep) char *tmp_key_file_contents = NULL;
        size_t tmp_key_file_size;

        if (!path_is_absolute(key_file))
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "key file not absolute path: %s", key_file);

        r = read_full_file_full(
                        AT_FDCWD, key_file, UINT64_MAX, DM_MAX_KEY_SIZE,
                        READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET|READ_FULL_FILE_FAIL_WHEN_LARGER,
                        NULL,
                        &tmp_key_file_contents, &tmp_key_file_size);
        if (r < 0)
                return log_error_errno(r, "Failed to process key file: %m");

        if (ret_key_file_contents && ret_key_file_size) {
                *ret_key_file_contents = TAKE_PTR(tmp_key_file_contents);
                *ret_key_file_size = tmp_key_file_size;
        }

        return 0;
}

static const char *integrity_algorithm_select(const void *key_file_buf) {
        IntegrityAlgorithm a = arg_integrity_algorithm >= 0
                ? arg_integrity_algorithm
                : (key_file_buf ? INTEGRITY_ALGORITHM_HMAC_SHA256 : INTEGRITY_ALGORITHM_CRC32C);

        return dm_integrity_algorithm_to_string(a);
}

VERB(verb_attach, "attach", "VOLUME DEVICE [HMAC_KEY_FILE|-] [OPTIONS]", 3, 5, 0,
     "Attach an integrity protected block device");
static int verb_attach(int argc, char *argv[], uintptr_t _data, void *userdata) {
        _cleanup_(crypt_freep) struct crypt_device *cd = NULL;
        crypt_status_info status;
        _cleanup_(erase_and_freep) void *key_buf = NULL;
        size_t key_buf_size = 0;
        int r;

        /* attach name device optional_key_file optional_options */

        assert(argc >= 3 && argc <= 5);

        const char *volume = argv[1],
                *device = argv[2],
                *key_file = mangle_none(argc > 3 ? argv[3] : NULL),
                *options = mangle_none(argc > 4 ? argv[4] : NULL);

        if (!filename_is_valid(volume))
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume);

        if (key_file) {
                r = load_key_file(key_file, &key_buf, &key_buf_size);
                if (r < 0)
                        return r;
        }

        if (options) {
                r = parse_integrity_options(options, &arg_activate_flags, &arg_percent,
                                            &arg_commit_time, &arg_existing_data_device, &arg_integrity_algorithm);
                if (r < 0)
                        return r;
        }

        r = sym_crypt_init(&cd, device);
        if (r < 0)
                return log_error_errno(r, "Failed to open integrity device %s: %m", device);

        cryptsetup_enable_logging(cd);

        status = sym_crypt_status(cd, volume);
        if (IN_SET(status, CRYPT_ACTIVE, CRYPT_BUSY)) {
                log_info("Volume %s already active.", volume);
                return 0;
        }

        r = sym_crypt_load(cd,
                       CRYPT_INTEGRITY,
                       &(struct crypt_params_integrity) {
                               .journal_watermark = arg_percent,
                               .journal_commit_time = DIV_ROUND_UP(arg_commit_time, USEC_PER_SEC),
                               .integrity = integrity_algorithm_select(key_buf),
                       });
        if (r < 0)
                return log_error_errno(r, "Failed to load integrity superblock: %m");

        if (!isempty(arg_existing_data_device)) {
                r = sym_crypt_set_data_device(cd, arg_existing_data_device);
                if (r < 0)
                        return log_error_errno(r, "Failed to add separate data device: %m");
        }

        r = sym_crypt_activate_by_volume_key(cd, volume, key_buf, key_buf_size, arg_activate_flags);
        if (r < 0)
                return log_error_errno(r, "Failed to set up integrity device: %m");

        return 0;
}

VERB(verb_detach, "detach", "VOLUME", 2, 2, 0,
     "Detach an integrity protected block device");
static int verb_detach(int argc, char *argv[], uintptr_t _data, void *userdata) {
        _cleanup_(crypt_freep) struct crypt_device *cd = NULL;
        int r;

        assert(argc == 2);

        const char *volume = argv[1];

        if (!filename_is_valid(volume))
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume);

        r = sym_crypt_init_by_name(&cd, volume);
        if (r == -ENODEV) {
                log_info("Volume %s already inactive.", volume);
                return 0;
        }
        if (r < 0)
                return log_error_errno(r, "crypt_init_by_name() failed: %m");

        cryptsetup_enable_logging(cd);

        r = sym_crypt_deactivate(cd, volume);
        if (r < 0)
                return log_error_errno(r, "Failed to deactivate: %m");

        return 0;
}

static int run(int argc, char *argv[]) {
        int r;

        if (argv_looks_like_help(argc, argv))
                return help();

        log_setup();

        r = dlopen_cryptsetup(LOG_ERR);
        if (r < 0)
                return r;

        umask(0022);

        return dispatch_verb(strv_skip(argv, 1), /* userdata= */ NULL);
}

DEFINE_MAIN_FUNCTION(run);

1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3	#include <stdio.h>
4	#include <sys/stat.h>
5
6	#include "alloc-util.h"
7	#include "argv-util.h"
8	#include "cryptsetup-util.h"
9	#include "fileio.h"
10	#include "format-table.h"
11	#include "help-util.h"
12	#include "integrity-util.h"
13	#include "log.h"
14	#include "main-func.h"
15	#include "path-util.h"
16	#include "string-table.h"
17	#include "string-util.h"
18	#include "strv.h"
19	#include "time-util.h"
20	#include "verbs.h"
21
22	static uint32_t arg_activate_flags;
23	static int arg_percent;
24	static usec_t arg_commit_time;
25	static char *arg_existing_data_device;
26	static IntegrityAlgorithm arg_integrity_algorithm = _INTEGRITY_ALGORITHM_INVALID;
27
28	STATIC_DESTRUCTOR_REGISTER(arg_existing_data_device, freep);	20✔
29
30	/* Integrity algorithm names used by dm-integrity */
31	static const char* const dm_integrity_algorithm_table[_INTEGRITY_ALGORITHM_MAX] = {
32	[INTEGRITY_ALGORITHM_CRC32] = "crc32",
33	[INTEGRITY_ALGORITHM_CRC32C] = "crc32c",
34	[INTEGRITY_ALGORITHM_XXHASH64] = "xxhash64",
35	[INTEGRITY_ALGORITHM_SHA1] = "sha1",
36	[INTEGRITY_ALGORITHM_SHA256] = "sha256",
37	[INTEGRITY_ALGORITHM_HMAC_SHA256] = "hmac(sha256)",
38	[INTEGRITY_ALGORITHM_HMAC_SHA512] = "hmac(sha512)",
39	[INTEGRITY_ALGORITHM_PHMAC_SHA256] = "phmac(sha256)",
40	[INTEGRITY_ALGORITHM_PHMAC_SHA512] = "phmac(sha512)",
41	};
42
43	DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(dm_integrity_algorithm, IntegrityAlgorithm);	10✔
44
45	static int help(void) {	×
UNCOV 46	_cleanup_(table_unrefp) Table *verbs = NULL;	×
47	int r;	×
48
49	r = verbs_get_help_table(&verbs);	×
UNCOV 50	if (r < 0)	×
51	return r;
52
UNCOV 53	help_cmdline("COMMAND ...");	×
UNCOV 54	help_abstract("Attach or detach an integrity protected block device.");	×
55
UNCOV 56	help_section("Commands");	×
UNCOV 57	r = table_print_or_warn(verbs);	×
UNCOV 58	if (r < 0)	×
59	return r;
60
UNCOV 61	help_man_page_reference("systemd-integritysetup@.service", "8");	×
62	return 0;
63	}
64
UNCOV 65	static int load_key_file(	×
66	const char *key_file,
67	void **ret_key_file_contents,
68	size_t *ret_key_file_size) {
UNCOV 69	int r;	×
70	_cleanup_(erase_and_freep) char *tmp_key_file_contents = NULL;	×
71	size_t tmp_key_file_size;	×
72
73	if (!path_is_absolute(key_file))	×
UNCOV 74	return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "key file not absolute path: %s", key_file);	×
75
UNCOV 76	r = read_full_file_full(	×
77	AT_FDCWD, key_file, UINT64_MAX, DM_MAX_KEY_SIZE,
78	READ_FULL_FILE_SECURE\|READ_FULL_FILE_WARN_WORLD_READABLE\|READ_FULL_FILE_CONNECT_SOCKET\|READ_FULL_FILE_FAIL_WHEN_LARGER,
79	NULL,
80	&tmp_key_file_contents, &tmp_key_file_size);
81	if (r < 0)	×
82	return log_error_errno(r, "Failed to process key file: %m");	×
83
UNCOV 84	if (ret_key_file_contents && ret_key_file_size) {	×
UNCOV 85	*ret_key_file_contents = TAKE_PTR(tmp_key_file_contents);	×
UNCOV 86	*ret_key_file_size = tmp_key_file_size;	×
87	}
88
89	return 0;
90	}
91
92	static const char integrity_algorithm_select(const void key_file_buf) {	10✔
UNCOV 93	IntegrityAlgorithm a = arg_integrity_algorithm >= 0	×
94	? arg_integrity_algorithm
95	: (key_file_buf ? INTEGRITY_ALGORITHM_HMAC_SHA256 : INTEGRITY_ALGORITHM_CRC32C);	10✔
96
97	return dm_integrity_algorithm_to_string(a);	10✔
98	}
99
100	VERB(verb_attach, "attach", "VOLUME DEVICE [HMAC_KEY_FILE\|-] [OPTIONS]", 3, 5, 0,
101	"Attach an integrity protected block device");
102	static int verb_attach(int argc, char argv[], uintptr_t _data, void userdata) {	10✔
UNCOV 103	_cleanup_(crypt_freep) struct crypt_device *cd = NULL;	×
104	crypt_status_info status;	10✔
105	_cleanup_(erase_and_freep) void *key_buf = NULL;	10✔
106	size_t key_buf_size = 0;	10✔
107	int r;	10✔
108
109	/* attach name device optional_key_file optional_options */
110
111	assert(argc >= 3 && argc <= 5);	10✔
112
113	const char *volume = argv[1],	10✔
114	*device = argv[2],	10✔
115	*key_file = mangle_none(argc > 3 ? argv[3] : NULL),	10✔
116	*options = mangle_none(argc > 4 ? argv[4] : NULL);	10✔
117
118	if (!filename_is_valid(volume))	10✔
UNCOV 119	return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume);	×
120
121	if (key_file) {	10✔
UNCOV 122	r = load_key_file(key_file, &key_buf, &key_buf_size);	×
UNCOV 123	if (r < 0)	×
124	return r;
125	}
126
127	if (options) {	10✔
128	r = parse_integrity_options(options, &arg_activate_flags, &arg_percent,	10✔
129	&arg_commit_time, &arg_existing_data_device, &arg_integrity_algorithm);
130	if (r < 0)	10✔
131	return r;
132	}
133
134	r = sym_crypt_init(&cd, device);	10✔
135	if (r < 0)	10✔
UNCOV 136	return log_error_errno(r, "Failed to open integrity device %s: %m", device);	×
137
138	cryptsetup_enable_logging(cd);	10✔
139
140	status = sym_crypt_status(cd, volume);	10✔
141	if (IN_SET(status, CRYPT_ACTIVE, CRYPT_BUSY)) {	10✔
UNCOV 142	log_info("Volume %s already active.", volume);	×
143	return 0;
144	}
145
146	r = sym_crypt_load(cd,	30✔
147	CRYPT_INTEGRITY,
148	&(struct crypt_params_integrity) {	10✔
149	.journal_watermark = arg_percent,
150	.journal_commit_time = DIV_ROUND_UP(arg_commit_time, USEC_PER_SEC),	10✔
151	.integrity = integrity_algorithm_select(key_buf),	10✔
152	});
153	if (r < 0)	10✔
154	return log_error_errno(r, "Failed to load integrity superblock: %m");	×
155
156	if (!isempty(arg_existing_data_device)) {	10✔
157	r = sym_crypt_set_data_device(cd, arg_existing_data_device);	5✔
158	if (r < 0)	5✔
159	return log_error_errno(r, "Failed to add separate data device: %m");	×
160	}
161
162	r = sym_crypt_activate_by_volume_key(cd, volume, key_buf, key_buf_size, arg_activate_flags);	10✔
163	if (r < 0)	10✔
UNCOV 164	return log_error_errno(r, "Failed to set up integrity device: %m");	×
165
166	return 0;
167	}
168
169	VERB(verb_detach, "detach", "VOLUME", 2, 2, 0,
170	"Detach an integrity protected block device");
171	static int verb_detach(int argc, char argv[], uintptr_t _data, void userdata) {	10✔
172	_cleanup_(crypt_freep) struct crypt_device *cd = NULL;	10✔
173	int r;	10✔
174
175	assert(argc == 2);	10✔
176
177	const char *volume = argv[1];	10✔
178
179	if (!filename_is_valid(volume))	10✔
UNCOV 180	return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume);	×
181
182	r = sym_crypt_init_by_name(&cd, volume);	10✔
183	if (r == -ENODEV) {	10✔
UNCOV 184	log_info("Volume %s already inactive.", volume);	×
185	return 0;
186	}
187	if (r < 0)	10✔
UNCOV 188	return log_error_errno(r, "crypt_init_by_name() failed: %m");	×
189
190	cryptsetup_enable_logging(cd);	10✔
191
192	r = sym_crypt_deactivate(cd, volume);	10✔
193	if (r < 0)	10✔
UNCOV 194	return log_error_errno(r, "Failed to deactivate: %m");	×
195
196	return 0;
197	}
198
199	static int run(int argc, char *argv[]) {	20✔
200	int r;	20✔
201
202	if (argv_looks_like_help(argc, argv))	20✔
UNCOV 203	return help();	×
204
205	log_setup();	20✔
206
207	r = dlopen_cryptsetup(LOG_ERR);	20✔
208	if (r < 0)	20✔
209	return r;
210
211	umask(0022);	20✔
212
213	return dispatch_verb(strv_skip(argv, 1), /* userdata= */ NULL);	20✔
214	}
215
216	DEFINE_MAIN_FUNCTION(run);	20✔

systemd / systemd / 25976879819

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous