alex/bcachefs-tools
1
0
Fork 0
mirror of https://github.com/koverstreet/bcachefs-tools.git synced 2025-02-23 00:00:02 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

check_for_key before ask_for_passphrase

Browse Source 
let's always first check if there is already a key in the keyring
available before we try to get the key from some more involved means.

Fixes: #261
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
This commit is contained in:
Thomas Mühlbacher 2024-05-09 23:52:47 +02:00 committed by Kent Overstreet
parent 6ba303e8bf
commit 5b216318b8
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/commands/mount.rs
View File

@ -345,8 +345,17 @@ fn cmd_mount_inner(opt: Cli) -> anyhow::Result<()> {
if block_devices_to_mount.is_empty() { if block_devices_to_mount.is_empty() {
Err(anyhow::anyhow!("No device found from specified parameters"))?; Err(anyhow::anyhow!("No device found from specified parameters"))?;
} }
// Check if the filesystem's master key is encrypted
if unsafe { bcachefs::bch2_sb_is_encrypted_and_locked(block_devices_to_mount[0].sb) } { let key_name = CString::new(format!(
"bcachefs:{}",
block_devices_to_mount[0].sb().uuid()
))
.unwrap();
// Check if the filesystem's master key is encrypted and we don't have a key
if unsafe { bcachefs::bch2_sb_is_encrypted_and_locked(block_devices_to_mount[0].sb) }
&& !key::check_for_key(&key_name)?
{
// First by password_file, if available // First by password_file, if available
let fallback_to_unlock_policy = if let Some(passphrase_file) = &opt.passphrase_file { let fallback_to_unlock_policy = if let Some(passphrase_file) = &opt.passphrase_file {
match key::read_from_passphrase_file(&block_devices_to_mount[0], passphrase_file.as_path()) { match key::read_from_passphrase_file(&block_devices_to_mount[0], passphrase_file.as_path()) {

4
src/key.rs
View File

@ -58,7 +58,7 @@ impl fmt::Display for UnlockPolicy {
} }
} }
fn check_for_key(key_name: &std::ffi::CStr) -> anyhow::Result<bool> { pub fn check_for_key(key_name: &std::ffi::CStr) -> anyhow::Result<bool> {
use bch_bindgen::keyutils::{self, keyctl_search}; use bch_bindgen::keyutils::{self, keyctl_search};
let key_name = key_name.to_bytes_with_nul().as_ptr() as *const _; let key_name = key_name.to_bytes_with_nul().as_ptr() as *const _;
let key_type = c_str!("user"); let key_type = c_str!("user");
@ -86,10 +86,12 @@ fn wait_for_unlock(uuid: &uuid::Uuid) -> anyhow::Result<()> {
} }
} }
// blocks indefinitely if no input is available on stdin
fn ask_for_passphrase(sb: &bch_sb_handle) -> anyhow::Result<()> { fn ask_for_passphrase(sb: &bch_sb_handle) -> anyhow::Result<()> {
let passphrase = if stdin().is_terminal() { let passphrase = if stdin().is_terminal() {
rpassword::prompt_password("Enter passphrase: ")? rpassword::prompt_password("Enter passphrase: ")?
} else { } else {
info!("Trying to read passphrase from stdin...");
let mut line = String::new(); let mut line = String::new();
stdin().read_line(&mut line)?; stdin().read_line(&mut line)?;
line line