Date: Tue, 1 Dec 2009 00:03:39 GMT From: Gleb Kurtsou <gk@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 171215 for review Message-ID: <200912010003.nB103d7Q034023@repoman.freebsd.org>
index | next in thread | raw e-mail
http://p4web.freebsd.org/chv.cgi?CH=171215 Change 171215 by gk@gk_h1 on 2009/12/01 00:03:14 sync sources before moving to github: http://github.com/glk/pefs it's likely to be last commit to this branch. implement pefs getkey command Affected files ... .. //depot/projects/soc2009/gk_pefs/sbin/pefs/pefs.8#2 edit .. //depot/projects/soc2009/gk_pefs/sbin/pefs/pefs_ctl.c#14 edit .. //depot/projects/soc2009/gk_pefs/sys/fs/pefs/pefs.h#17 edit .. //depot/projects/soc2009/gk_pefs/sys/fs/pefs/pefs_vnops.c#28 edit Differences ... ==== //depot/projects/soc2009/gk_pefs/sbin/pefs/pefs.8#2 (text+ko) ==== @@ -49,13 +49,6 @@ .Op Fl k Ar keyfile .Ar filesystem .Nm -.Cm setkey -.Op Fl cCpvx -.Op Fl a Ar alg -.Op Fl i Ar iterations -.Op Fl k Ar keyfile -.Ar directory -.Nm .Cm delkey .Op Fl cCpv .Op Fl i Ar iterations @@ -65,6 +58,17 @@ .Cm flushkeys .Ar filesystem .Nm +.Cm getkey +.Op Fl t +.Ar file +.Nm +.Cm setkey +.Op Fl cCpvx +.Op Fl a Ar alg +.Op Fl i Ar iterations +.Op Fl k Ar keyfile +.Ar directory +.Nm .Cm showkeys .Op Fl t .Ar filesystem @@ -154,6 +158,20 @@ .It Cm addkey Ar filesystem Add key to the .Ar filesystem +.It Cm delkey Ar filesystem +Delete key from +.Ar filesystem . +Command doesn't accept +.Fl a Ar alg +argument because the key fingerprint generated from the key doesn't depend on +encryption algorithm. +.It Cm getkey Ar file +Print fingerprint of the key used by +.Ar file . +.It Cm flushkeys Ar filesystem +Delete all keys from +.Ar filesystem . +After the command all opened files would become unavailable. .It Cm setkey Ar directory Change default key for the .Ar directory . @@ -165,17 +183,6 @@ are not changed and no data is re-encrypted with new key. .Fl x option can be used to add a new key to file system if it isn't found. -.It Cm delkey Ar filesystem -Delete key from -.Ar filesystem . -Command doesn't accept -.Fl a Ar alg -argument because the key fingerprint generated from the key doesn't depend on -encryption algorithm. -.It Cm flushkeys Ar filesystem -Delete all keys from -.Ar filesystem . -After the command all opened files would become unavailable. .It Cm showkeys Ar filesystem Print fingerprints if all active keys. .It Cm addchain Ar filesystem ==== //depot/projects/soc2009/gk_pefs/sbin/pefs/pefs_ctl.c#14 (text+ko) ==== @@ -36,6 +36,7 @@ #include <assert.h> #include <ctype.h> #include <inttypes.h> +#include <libgen.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -65,6 +66,7 @@ static int pefs_delchain(int argc, char *argv[]); static int pefs_randomchain(int argc, char *argv[]); static int pefs_showkeys(int argc, char *argv[]); +static int pefs_getkey(int argc, char *argv[]); static int pefs_showchains(int argc, char *argv[]); static int pefs_showalgs(int argc, char *argv[]); @@ -88,6 +90,7 @@ { "delkey", pefs_delkey }, { "flushkeys", pefs_flushkeys }, { "showkeys", pefs_showkeys }, + { "getkey", pefs_getkey }, { "status", pefs_showkeys }, { "randomchain", pefs_randomchain }, { "addchain", pefs_addchain }, @@ -174,12 +177,25 @@ } static inline void -pefs_key_show(struct pefs_xkey *xk, int ind) +pefs_key_showind(struct pefs_xkey *xk, int ind) { printf("\t%-4d %016jx %s\n", ind, pefs_keyid_as_int(xk->pxk_keyid), pefs_alg_name(xk)); } +static inline void +pefs_key_shownode(struct pefs_xkey *xk, const char *path) +{ + const char *basepath; + + basepath = basename(path); + if (xk == NULL) + printf("Key(%s): <NOT SPECIFIED>\n", basepath); + else + printf("Key(%s): %016jx %s\n", basepath, + pefs_keyid_as_int(xk->pxk_keyid), pefs_alg_name(xk)); +} + static int pefs_keyop(keyop_func_t func, int argc, char *argv[]) { @@ -385,7 +401,7 @@ warn("cannot set key"); error = EX_OSERR; } else if (verbose) { - printf("New key: %016jx\n", pefs_keyid_as_int(k.pxk_keyid)); + pefs_key_shownode(&k, argv[0]); } close(fd); @@ -414,6 +430,64 @@ } static int +pefs_getkey(int argc, char *argv[]) +{ + struct pefs_xkey k; + int testonly = 0; + int error = 0; + int fd, i; + + while ((i = getopt(argc, argv, "t")) != -1) + switch(i) { + case 't': + testonly = 1; + break; + case '?': + default: + pefs_usage(); + } + argc -= optind; + argv += optind; + + if (argc != 1) { + if (argc == 0) + warnx("missing file argument"); + else + warnx("too many arguments"); + pefs_usage(); + } + + /* only check filesystem type */ + if (pefs_getfsroot(argv[0], NULL, 0) != 0) + return (EX_DATAERR); + + fd = open(argv[0], O_RDONLY); + if (fd == -1) { + warn("cannot open %s", argv[0]); + return (EX_IOERR); + } + + bzero(&k, sizeof(k)); + if (ioctl(fd, PEFS_GETNODEKEY, &k) == -1) { + if (errno == ENOENT) { + if (testonly == 0) + pefs_key_shownode(NULL, argv[0]); + else + error = 1; + } else { + warn("cannot get key"); + error = EX_OSERR; + } + } else if (testonly == 0) { + pefs_key_shownode(&k, argv[0]); + } + + close(fd); + + return (error); +} + +static int pefs_showkeys(int argc, char *argv[]) { struct pefs_xkey k; @@ -457,7 +531,7 @@ } printf("Keys:\n"); while (1) { - pefs_key_show(&k, k.pxk_index); + pefs_key_showind(&k, k.pxk_index); k.pxk_index++; if (ioctl(fd, PEFS_GETKEY, &k) == -1) break; @@ -802,7 +876,7 @@ printf("Key chain:\n"); i = 1; TAILQ_FOREACH(kc, &kch, kc_entry) { - pefs_key_show(&kc->kc_key, i++); + pefs_key_showind(&kc->kc_key, i++); } pefs_keychain_free(&kch); @@ -899,9 +973,10 @@ "usage: pefs mount [-o options] [from filesystem]\n" " pefs unmount [-fv] filesystem\n" " pefs addkey [-cCpv] [-a alg] [-i iterations] [-k keyfile] filesystem\n" -" pefs setkey [-cCpvx] [-a alg] [-i iterations] [-k keyfile] directory\n" " pefs delkey [-cCpv] [-i iterations] [-k keyfile] filesystem\n" " pefs flushkeys filesystem\n" +" pefs getkey [-t] file\n" +" pefs setkey [-cCpvx] [-a alg] [-i iterations] [-k keyfile] directory\n" " pefs showkeys [-t] filesystem\n" " pefs addchain [-fpPvZ] [-a alg] [-i iterations] [-k keyfile]\n" " [-A alg] [-I iterations] [-K keyfile] filesystem\n" ==== //depot/projects/soc2009/gk_pefs/sys/fs/pefs/pefs.h#17 (text+ko) ==== @@ -52,6 +52,7 @@ #define PEFS_SETKEY _IOWR('p', 2, struct pefs_xkey) #define PEFS_DELKEY _IOWR('p', 3, struct pefs_xkey) #define PEFS_FLUSHKEYS _IO('p', 4) +#define PEFS_GETNODEKEY _IOWR('p', 5, struct pefs_xkey) #endif #ifdef _KERNEL ==== //depot/projects/soc2009/gk_pefs/sys/fs/pefs/pefs_vnops.c#28 (text+ko) ==== @@ -2115,6 +2115,7 @@ struct thread *td = ap->a_td; struct mount *mp = vp->v_mount; struct pefs_mount *pm = VFS_TO_PEFS(mp); + struct pefs_node *pn; struct pefs_key *pk; int error = 0, i; @@ -2152,6 +2153,21 @@ if (pk == NULL) error = ENOENT; break; + case PEFS_GETNODEKEY: + PEFSDEBUG("pefs_ioctl: set key: %8D\n", xk->pxk_keyid, ""); + pn = VP_TO_PN(vp); + if ((pn->pn_flags & PN_HASKEY) != 0) { + mtx_lock(&pm->pm_keys_lock); + pk = pn->pn_tkey.ptk_key; + memcpy(xk->pxk_keyid, pk->pk_keyid, PEFS_KEYID_SIZE); + xk->pxk_alg = pk->pk_algid; + xk->pxk_keybits = pk->pk_keybits; + mtx_unlock(&pm->pm_keys_lock); + } else { + PEFSDEBUG("pefs_ioctl: key not found\n"); + error = ENOENT; + } + break; case PEFS_SETKEY: PEFSDEBUG("pefs_ioctl: set key: %8D\n", xk->pxk_keyid, ""); mtx_lock(&pm->pm_keys_lock);home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912010003.nB103d7Q034023>