plugin-runner: too many arguments
DaRkBoDoM
bodom at discosucks.it
Sun Feb 27 17:15:16 CET 2022
Hi again,
i've solved with this patch.
How do i submit it for merge?
=== modified file 'plugin-runner.c'
--- old/plugin-runner.c 2021-03-21 18:48:43 +0000
+++ new/plugin-runner.c 2022-02-26 22:14:35 +0000
@@ -605,17 +605,16 @@
* "case" to the "parse_opt_config_file" function below.
*/
case ARGP_KEY_ARG:
- /* Cryptsetup always passes an argument, which is an empty
- string if "none" was specified in /etc/crypttab. So if
- argument was empty, we ignore it silently. */
- if(arg[0] == '\0'){
- break;
+ /* Cryptsetup passes an argument, which is an empty string if
"none" was
+ specified in /etc/crypttab or the value of key field. When the
+ keyscript is specified directly in the boot command line, it also
+ passes an argument. Just ignoring any argument.
+ */
+ if(arg[0] != '\0'){
+ // Emit a warning for non-empty argument
+ fprintf(stderr, "ignoring argument: %s\n", arg);
}
-#if __GNUC__ >= 7
- __attribute__((fallthrough));
-#else
- /* FALLTHROUGH */
-#endif
+ break;
default:
return ARGP_ERR_UNKNOWN;
}
Il 20/02/22 15:23, DaRkBoDoM ha scritto:
> Hi there!
>
> I am trying to setup mandos for automatic reboot on Raspberry OS
> (formerly Raspian).
>
> I am following this (old?) totorial:
> https://blog.boyeau.com/booting-an-unattended-full-disk-encrypted-server-ubuntu-server-16-04-setup-with-mandos/
>
>
> I have tried adding
> # <target name> <source device> <key file> <options>
> crypt /dev/disk/by-uuid/my-uuid none
> luks,keyscript=/usr/lib/mandos/plugin-runner
>
> to /etc/crypttab but when i rebuild the initrd i get the error
> "cryptsetup: ERROR: crypt: invalid value for 'keyscript' option, skipping"
>
> couldn't figure out what is wrong, so i fell back to adding the
> keyscript in the kernel cmdline:
>
> root=/dev/mapper/crypt cryptdevice=/dev/mmcblk0p3:crypt
> cryptopts=source=/dev/mmcblk0p3,target=crypt,keyscript=/usr/lib/mandos/plugin-runner
> rootfstype=ext4 fsck.repair=yes rootwait
>
> this works: plugin-runner is correctly invoked but i get a
> "plugin-runner: Too many arguments
> Try `plugin-runner --help` or `plugin-runner --usage` for more information.
> Going to fallback mode using getpass(3)
> Password:" error.
>
> I've tried many solutions, but i am stuck.
>
> Looks like the plugin-runner is asking for the secret anyway in
> background (and getting it from the server). In the server log i can find:
> 2022-02-20 15:14:24,307 root [34623]: INFO: Sending secret to osgiliath
>
> While the client is still waiting for the password prompt.
>
> May i get an hint on how to solve this? Looks like i am stuck at just
> one step from finish line.
>
> Bonus question: is there an option to disable the checker and automatic
> client disabling? It is a very nice feature, but i do not need it since
> i have strong physical security measures in place: if my raspberry gets
> stolen, i will certainly notice and disable it manually long before any
> attacker could realize hot to ask the server for the key.
>
> Thank you for writing and sharing this very nice software!
> _______________________________________________
> Mandos-Dev mailing list
> Mandos-Dev at recompile.se
> https://mail.recompile.se/cgi-bin/mailman/listinfo/mandos-dev
>
More information about the Mandos-Dev
mailing list