alex/bcachefs-tools
1
0
Fork 0
mirror of https://github.com/koverstreet/bcachefs-tools.git synced 2025-02-23 00:00:02 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

cmd_unlock: Add -k argument to specify keyring

Browse Source 
This adds a new argument (-k) to cmd_unlock for specifying the keyring
to add to. The default is user, but user_session and session can also be
specified.

Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
This commit is contained in:
Kent Overstreet 2022-05-19 15:59:37 -04:00
parent 0766bee8fd
commit 8cc7d49281
9 changed files with 35 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.bcachefs_revision
View File

@ -1 +1 @@
c4ca278a540bd2f99864f198a6ec9b4cb1f1fd44 40eaef7e8049b75ff7e5da42227295c754d9c906

10
cmd_key.c
View File

@ -14,20 +14,26 @@ static void unlock_usage(void)
"\n" "\n"
"Options:\n" "Options:\n"
" -c Check if a device is encrypted\n" " -c Check if a device is encrypted\n"
" -k (session|user|user_session)\n"
" Keyring to add to (default: user)\n"
" -h Display this help and exit\n" " -h Display this help and exit\n"
"Report bugs to <linux-bcache@vger.kernel.org>"); "Report bugs to <linux-bcache@vger.kernel.org>");
} }
int cmd_unlock(int argc, char *argv[]) int cmd_unlock(int argc, char *argv[])
{ {
const char *keyring = "user";
bool check = false; bool check = false;
int opt; int opt;
while ((opt = getopt(argc, argv, "ch")) != -1) while ((opt = getopt(argc, argv, "ck:h")) != -1)
switch (opt) { switch (opt) {
case 'c': case 'c':
check = true; check = true;
break; break;
case 'k':
keyring = strdup(optarg);
break;
case 'h': case 'h':
unlock_usage(); unlock_usage();
exit(EXIT_SUCCESS); exit(EXIT_SUCCESS);
@ -59,7 +65,7 @@ int cmd_unlock(int argc, char *argv[])
char *passphrase = read_passphrase("Enter passphrase: "); char *passphrase = read_passphrase("Enter passphrase: ");
bch2_add_key(sb.sb, passphrase); bch2_add_key(sb.sb, "user", keyring, passphrase);
bch2_free_super(&sb); bch2_free_super(&sb);
memzero_explicit(passphrase, strlen(passphrase)); memzero_explicit(passphrase, strlen(passphrase));

2
cmd_migrate.c
View File

@ -691,7 +691,7 @@ static int migrate_fs(const char *fs_path,
u64 sb_offset = le64_to_cpu(sb->layout.sb_offset[0]); u64 sb_offset = le64_to_cpu(sb->layout.sb_offset[0]);
if (format_opts.passphrase) if (format_opts.passphrase)
bch2_add_key(sb, format_opts.passphrase); bch2_add_key(sb, "user", "user", format_opts.passphrase);
free(sb); free(sb);

23
crypto.c
View File

@ -133,10 +133,23 @@ void bch2_passphrase_check(struct bch_sb *sb, const char *passphrase,
die("incorrect passphrase"); die("incorrect passphrase");
} }
void bch2_add_key(struct bch_sb *sb, const char *passphrase) void bch2_add_key(struct bch_sb *sb,
const char *type,
const char *keyring_str,
const char *passphrase)
{ {
struct bch_key passphrase_key; struct bch_key passphrase_key;
struct bch_encrypted_key sb_key; struct bch_encrypted_key sb_key;
int keyring;
if (!strcmp(keyring_str, "session"))
keyring = KEY_SPEC_SESSION_KEYRING;
else if (!strcmp(keyring_str, "user"))
keyring = KEY_SPEC_USER_KEYRING;
else if (!strcmp(keyring_str, "user_session"))
keyring = KEY_SPEC_USER_SESSION_KEYRING;
else
die("unknown keyring %s", keyring_str);
bch2_passphrase_check(sb, passphrase, bch2_passphrase_check(sb, passphrase,
&passphrase_key, &passphrase_key,
@ -147,12 +160,10 @@ void bch2_add_key(struct bch_sb *sb, const char *passphrase)
char *description = mprintf("bcachefs:%s", uuid); char *description = mprintf("bcachefs:%s", uuid);
if (add_key("logon", description, if (add_key(type,
description,
&passphrase_key, sizeof(passphrase_key), &passphrase_key, sizeof(passphrase_key),
KEY_SPEC_USER_KEYRING) < 0 || keyring) < 0)
add_key("user", description,
&passphrase_key, sizeof(passphrase_key),
KEY_SPEC_USER_KEYRING) < 0)
die("add_key error: %m"); die("add_key error: %m");
memzero_explicit(description, strlen(description)); memzero_explicit(description, strlen(description));

2
crypto.h
View File

@ -15,7 +15,7 @@ struct bch_key derive_passphrase(struct bch_sb_field_crypt *, const char *);
bool bch2_sb_is_encrypted(struct bch_sb *); bool bch2_sb_is_encrypted(struct bch_sb *);
void bch2_passphrase_check(struct bch_sb *, const char *, void bch2_passphrase_check(struct bch_sb *, const char *,
struct bch_key *, struct bch_encrypted_key *); struct bch_key *, struct bch_encrypted_key *);
void bch2_add_key(struct bch_sb *, const char *); void bch2_add_key(struct bch_sb *, const char *, const char *, const char *);
void bch_sb_crypt_init(struct bch_sb *sb, struct bch_sb_field_crypt *, void bch_sb_crypt_init(struct bch_sb *sb, struct bch_sb_field_crypt *,
const char *); const char *);

2
libbcachefs/checksum.c
View File

@ -424,7 +424,7 @@ static int __bch2_request_key(char *key_description, struct bch_key *key)
const struct user_key_payload *ukp; const struct user_key_payload *ukp;
int ret; int ret;
keyring_key = request_key(&key_type_logon, key_description, NULL); keyring_key = request_key(&key_type_user, key_description, NULL);
if (IS_ERR(keyring_key)) if (IS_ERR(keyring_key))
return PTR_ERR(keyring_key); return PTR_ERR(keyring_key);

6
libbcachefs/lru.c
View File

@ -130,7 +130,7 @@ int bch2_lru_change(struct btree_trans *trans, u64 id, u64 idx,
} }
static int bch2_check_lru_key(struct btree_trans *trans, static int bch2_check_lru_key(struct btree_trans *trans,
struct btree_iter *lru_iter, bool initial) struct btree_iter *lru_iter)
{ {
struct bch_fs *c = trans->c; struct bch_fs *c = trans->c;
struct btree_iter iter; struct btree_iter iter;
@ -193,7 +193,7 @@ fsck_err:
return ret; return ret;
} }
int bch2_check_lrus(struct bch_fs *c, bool initial) int bch2_check_lrus(struct bch_fs *c)
{ {
struct btree_trans trans; struct btree_trans trans;
struct btree_iter iter; struct btree_iter iter;
@ -207,7 +207,7 @@ int bch2_check_lrus(struct bch_fs *c, bool initial)
ret = __bch2_trans_do(&trans, NULL, NULL, ret = __bch2_trans_do(&trans, NULL, NULL,
BTREE_INSERT_NOFAIL| BTREE_INSERT_NOFAIL|
BTREE_INSERT_LAZY_RW, BTREE_INSERT_LAZY_RW,
bch2_check_lru_key(&trans, &iter, initial)); bch2_check_lru_key(&trans, &iter));
if (ret) if (ret)
break; break;
} }

2
libbcachefs/lru.h
View File

@ -14,6 +14,6 @@ int bch2_lru_delete(struct btree_trans *, u64, u64, u64, struct bkey_s_c);
int bch2_lru_set(struct btree_trans *, u64, u64, u64 *); int bch2_lru_set(struct btree_trans *, u64, u64, u64 *);
int bch2_lru_change(struct btree_trans *, u64, u64, u64, u64 *, struct bkey_s_c); int bch2_lru_change(struct btree_trans *, u64, u64, u64, u64 *, struct bkey_s_c);
int bch2_check_lrus(struct bch_fs *, bool); int bch2_check_lrus(struct bch_fs *);
#endif /* _BCACHEFS_LRU_H */ #endif /* _BCACHEFS_LRU_H */

9
libbcachefs/recovery.c
View File

@ -1256,24 +1256,19 @@ use_clean:
bch_info(c, "checking lrus"); bch_info(c, "checking lrus");
err = "error checking lrus"; err = "error checking lrus";
ret = bch2_check_lrus(c, true); ret = bch2_check_lrus(c);
if (ret) if (ret)
goto err; goto err;
bch_verbose(c, "done checking lrus"); bch_verbose(c, "done checking lrus");
set_bit(BCH_FS_CHECK_LRUS_DONE, &c->flags); set_bit(BCH_FS_CHECK_LRUS_DONE, &c->flags);
bch_info(c, "checking alloc to lru refs"); bch_info(c, "checking alloc to lru refs");
err = "error checking alloc to lru refs"; err = "error checking alloc to lru refs";
ret = bch2_check_alloc_to_lru_refs(c); ret = bch2_check_alloc_to_lru_refs(c);
if (ret)
goto err;
set_bit(BCH_FS_CHECK_ALLOC_TO_LRU_REFS_DONE, &c->flags);
ret = bch2_check_lrus(c, true);
if (ret) if (ret)
goto err; goto err;
bch_verbose(c, "done checking alloc to lru refs"); bch_verbose(c, "done checking alloc to lru refs");
set_bit(BCH_FS_CHECK_ALLOC_TO_LRU_REFS_DONE, &c->flags);
} else { } else {
set_bit(BCH_FS_MAY_GO_RW, &c->flags); set_bit(BCH_FS_MAY_GO_RW, &c->flags);
set_bit(BCH_FS_INITIAL_GC_DONE, &c->flags); set_bit(BCH_FS_INITIAL_GC_DONE, &c->flags);