cryptsetup 2:1.7.3-4 / usr / share / cryptsetup / initramfs / bin / cryptroot-unlock

This file is indexed.

/usr/share/cryptsetup/initramfs/bin/cryptroot-unlock is in cryptsetup 2:1.7.3-4.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#!/bin/busybox ash

# Remotely unlock encrypted volumes.
#
# Copyright © 2015 Guilhem Moulin <guilhem@guilhem.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

set -ue
PATH=/sbin:/bin

TIMEOUT=10
PASSFIFO=/lib/cryptsetup/passfifo
ASKPASS=/lib/cryptsetup/askpass

# Return 0 if $pid has a file descriptor pointing to $name, and 1
# otherwise.
in_fds() {
    local  pid="$1" name="$2" fd
    for fd in $(find "/proc/$pid/fd" -type l); do
	[ "$(readlink -f "$fd")" != "$name" ] || return 0
    done
    return 1
}

# Print the PID of the askpass process with a file descriptor opened to
# /lib/cryptsetup/passfifo.
get_askpass_pid() {
    ps -eo pid,args | sed -nr "s#^\s*([0-9]+)\s+$ASKPASS\s+.*#\1#p" | while read pid; do
	if in_fds "$pid" "$PASSFIFO"; then
	    echo "$pid"
	    break
	fi
    done
}

# Wait for askpass, then set $PID (resp. $BIRTH) to the PID (resp.
# birth date) of the cryptsetup process with same $CRYPTTAB_NAME.
wait_for_prompt() {
    local pid=$(get_askpass_pid) timer=$(( 10 * $TIMEOUT ))

    # wait for the fifo
    until [ "$pid" ] && [ -p "$PASSFIFO" ]; do
	sleep .1
	pid=$(get_askpass_pid)
	timer=$(( $timer - 1 ))
	if [ $timer -le 0 ]; then
	    echo "Error: Timeout reached while waiting for askpass." >&2
	    exit 1
	fi
    done

    # find the cryptsetup process with same $CRYPTTAB_NAME
    eval $(grep -Ez '^CRYPTTAB_(NAME|TRIED|SOURCE)=' "/proc/$pid/environ" | tr '\0' '\n')
    for pid in $(ps -eo pid,args | sed -nr 's#^\s*([0-9]+)\s+/sbin/cryptsetup\s+.*#\1#p'); do
	if grep -Fxqz "CRYPTTAB_NAME=$CRYPTTAB_NAME" "/proc/$pid/environ"; then
	    PID=$pid
	    BIRTH=$(stat -c'%Z' "/proc/$PID")
	    return 0;
	fi
    done

    PID=
    BIRTH=
}

# Wait until $PID no longer exists or has a birth date greater that
# $BIRTH (ie was reallocated).  Then return with exit value 0 if
# /dev/mapper/$CRYPTTAB_NAME exists, and with exit value 1 if the
# maximum number of tries exceeded.  Otherwise (if the unlocking
# failed), return with value 1.
wait_for_answer() {
    local timer=$(( 10 * $TIMEOUT ))
    until [ ! -d "/proc/$PID" ] || [ $(stat -c'%Z' "/proc/$PID") -gt $BIRTH ]; do
	sleep .1
	timer=$(( $timer - 1 ))
	if [ $timer -le 0 ]; then
	    echo "Error: Timeout reached while waiting for PID $PID." >&2
	    exit 1
	fi
    done

    if [ -e "/dev/mapper/$CRYPTTAB_NAME" ]; then
	echo "cryptsetup: $CRYPTTAB_NAME set up successfully" >&2
	exit 0
    elif [ $CRYPTTAB_TRIED -ge 2 ]; then
	echo "cryptsetup: maximum number of tries exceeded for $CRYPTTAB_NAME" >&2
	exit 1
    else
	echo "cryptsetup: cryptsetup failed, bad password or options?" >&2
	return 1
    fi
}

if [ -t 0 ] && [ -x "$ASKPASS" ]; then
    # interactive mode on a TTY: keep trying until successful or
    # maximum number of tries exceeded.
    while :; do
	wait_for_prompt
	diskname="$CRYPTTAB_NAME"
	[ "${CRYPTTAB_SOURCE#/dev/disk/by-uuid/}" != "$CRYPTTAB_SOURCE" ] || diskname="$diskname ($CRYPTTAB_SOURCE)"
	read -rs -p "Please unlock disk $diskname: "; echo
	printf '%s' "$REPLY" >"$PASSFIFO"
	wait_for_answer || true
    done
else
    # non-interactive mode: slurp the passphrase from stdin
    wait_for_prompt
    diskname="$CRYPTTAB_NAME"
    [ "${CRYPTTAB_SOURCE#/dev/disk/by-uuid/}" != "$CRYPTTAB_SOURCE" ] || diskname="$diskname ($CRYPTTAB_SOURCE)"
    echo "Please unlock disk $diskname"
    cat >"$PASSFIFO"
    wait_for_answer || exit 1
fi

APT Browse - Built by Thomas Orozco.