Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- --- sbin/geom/class/eli/geom_eli.c.orig 2013-05-29 22:29:59.535524720 +0300
- +++ sbin/geom/class/eli/geom_eli.c 2013-06-02 12:53:31.992323211 +0300
- @@ -81,23 +81,23 @@
- /*
- * Available commands:
- *
- - * init [-bhPv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] prov
- + * init [-bPv] [-B backupfile] [-H headerfile] [-a aalgo] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] prov
- * label - alias for 'init'
- - * attach [-dprv] [-j passfile] [-k keyfile] prov
- + * attach [-dprv] [-H headerfile] [-j passfile] [-k keyfile] prov
- * detach [-fl] prov ...
- * stop - alias for 'detach'
- * onetime [-d] [-a aalgo] [-e ealgo] [-l keylen] prov
- - * configure [-bB] prov ...
- - * setkey [-pPv] [-n keyno] [-j passfile] [-J newpassfile] [-k keyfile] [-K newkeyfile] prov
- - * delkey [-afv] [-n keyno] prov
- + * configure [-bB] [-H headerfile] prov ...
- + * setkey [-pPv] [-H headerfile] [-n keyno] [-j passfile] [-J newpassfile] [-k keyfile] [-K newkeyfile] prov
- + * delkey [-afv] [-H headerfile] [-n keyno] prov
- * suspend [-v] -a | prov ...
- - * resume [-pv] [-j passfile] [-k keyfile] prov
- + * resume [-pv] [-H headerfile] [-j passfile] [-k keyfile] prov
- * kill [-av] [prov ...]
- * backup [-v] prov file
- * restore [-fv] file prov
- - * resize [-v] -s oldsize prov
- + * resize [-v] [-H headerfile] -s oldsize prov
- * clear [-v] prov ...
- - * dump [-v] prov ...
- + * dump [-v] [-H headerfile] prov ...
- */
- struct g_command class_commands[] = {
- { "init", G_FLAG_VERBOSE, eli_main,
- @@ -112,9 +112,10 @@
- { 'l', "keylen", "0", G_TYPE_NUMBER },
- { 'P', "nonewpassphrase", NULL, G_TYPE_BOOL },
- { 's', "sectorsize", "0", G_TYPE_NUMBER },
- + { 'H', "header", "", G_TYPE_STRING },
- G_OPT_SENTINEL
- },
- - "[-bPv] [-a aalgo] [-B backupfile] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] [-s sectorsize] prov"
- + "[-bPv] [-H headerfile] [-B backupfile] [-a aalgo] [-e ealgo] [-i iterations] [-l keylen] [-J newpassfile] [-K newkeyfile] [-s sectorsize] prov"
- },
- { "label", G_FLAG_VERBOSE, eli_main,
- {
- @@ -128,6 +129,7 @@
- { 'l', "keylen", "0", G_TYPE_NUMBER },
- { 'P', "nonewpassphrase", NULL, G_TYPE_BOOL },
- { 's', "sectorsize", "0", G_TYPE_NUMBER },
- + { 'H', "header", "", G_TYPE_STRING },
- G_OPT_SENTINEL
- },
- "- an alias for 'init'"
- @@ -139,9 +141,10 @@
- { 'k', "keyfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI },
- { 'p', "nopassphrase", NULL, G_TYPE_BOOL },
- { 'r', "readonly", NULL, G_TYPE_BOOL },
- + { 'H', "header", "", G_TYPE_STRING },
- G_OPT_SENTINEL
- },
- - "[-dprv] [-j passfile] [-k keyfile] prov"
- + "[-dprv] [-H headerfile] [-j passfile] [-k keyfile] prov"
- },
- { "detach", 0, NULL,
- {
- @@ -170,13 +173,14 @@
- },
- "[-d] [-a aalgo] [-e ealgo] [-l keylen] [-s sectorsize] prov"
- },
- - { "configure", G_FLAG_VERBOSE, eli_main,
- + { "configure", G_FLAG_VERBOSE | G_FLAG_LOADKLD, eli_main,
- {
- { 'b', "boot", NULL, G_TYPE_BOOL },
- { 'B', "noboot", NULL, G_TYPE_BOOL },
- + { 'H', "header", "", G_TYPE_STRING },
- G_OPT_SENTINEL
- },
- - "[-bB] prov ..."
- + "[-bB] [-H headerfile] prov ..."
- },
- { "setkey", G_FLAG_VERBOSE, eli_main,
- {
- @@ -188,18 +192,20 @@
- { 'n', "keyno", "-1", G_TYPE_NUMBER },
- { 'p', "nopassphrase", NULL, G_TYPE_BOOL },
- { 'P', "nonewpassphrase", NULL, G_TYPE_BOOL },
- + { 'H', "header", "", G_TYPE_STRING },
- G_OPT_SENTINEL
- },
- - "[-pPv] [-n keyno] [-i iterations] [-j passfile] [-J newpassfile] [-k keyfile] [-K newkeyfile] prov"
- + "[-pPv] [-H headerfile] [-n keyno] [-i iterations] [-j passfile] [-J newpassfile] [-k keyfile] [-K newkeyfile] prov"
- },
- { "delkey", G_FLAG_VERBOSE, eli_main,
- {
- { 'a', "all", NULL, G_TYPE_BOOL },
- { 'f', "force", NULL, G_TYPE_BOOL },
- { 'n', "keyno", "-1", G_TYPE_NUMBER },
- + { 'H', "header", "", G_TYPE_STRING },
- G_OPT_SENTINEL
- },
- - "[-afv] [-n keyno] prov"
- + "[-afv] [-H headerfile] [-n keyno] prov"
- },
- { "suspend", G_FLAG_VERBOSE, NULL,
- {
- @@ -213,9 +219,10 @@
- { 'j', "passfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI },
- { 'k', "keyfile", G_VAL_OPTIONAL, G_TYPE_STRING | G_TYPE_MULTI },
- { 'p', "nopassphrase", NULL, G_TYPE_BOOL },
- + { 'H', "header", "", G_TYPE_STRING },
- G_OPT_SENTINEL
- },
- - "[-pv] [-j passfile] [-k keyfile] prov"
- + "[-pv] [-H headerfile] [-j passfile] [-k keyfile] prov"
- },
- { "kill", G_FLAG_VERBOSE, eli_main,
- {
- @@ -237,15 +244,20 @@
- { "resize", G_FLAG_VERBOSE, eli_main,
- {
- { 's', "oldsize", NULL, G_TYPE_NUMBER },
- + { 'H', "header", "", G_TYPE_STRING },
- G_OPT_SENTINEL
- },
- - "[-v] -s oldsize prov"
- + "[-v] [-H headerfile] -s oldsize prov"
- },
- { "clear", G_FLAG_VERBOSE, eli_main, G_NULL_OPTS,
- "[-v] prov ..."
- },
- - { "dump", G_FLAG_VERBOSE, eli_main, G_NULL_OPTS,
- - "[-v] prov ..."
- + { "dump", G_FLAG_VERBOSE, eli_main,
- + {
- + { 'H', "header", "", G_TYPE_STRING },
- + G_OPT_SENTINEL
- + },
- + "[-v] [-H headerfile] prov ..."
- },
- G_CMD_SENTINEL
- };
- @@ -646,19 +658,48 @@
- return (0);
- }
- +static int
- +eli_header_store(struct gctl_req *req, const char *header,
- + unsigned char *hd, size_t hdsize)
- +{
- + int fd;
- +
- + fd = open(header, O_WRONLY | O_TRUNC | O_CREAT);
- + if (fd == -1) {
- + gctl_error(req, "Cannot open %s: %s.", header,
- + strerror(errno));
- + return (-1);
- + }
- +
- + if ((size_t)write(fd, hd, hdsize) != hdsize) {
- + gctl_error(req, "Cannot write metadata to %s: %s.",
- + header, strerror(errno));
- + return(-1);
- + }
- +
- + (void)fsync(fd);
- + close(fd);
- +
- + return (0);
- +}
- +
- static void
- eli_init(struct gctl_req *req)
- {
- struct g_eli_metadata md;
- unsigned char sector[sizeof(struct g_eli_metadata)];
- unsigned char key[G_ELI_USERKEYLEN];
- + unsigned char *hd;
- char backfile[MAXPATHLEN];
- - const char *str, *prov;
- + const char *str, *prov, *header;
- unsigned secsize;
- off_t mediasize;
- + size_t hdsize;
- intmax_t val;
- int error, nargs;
- + hd = NULL;
- +
- nargs = gctl_get_int(req, "nargs");
- if (nargs != 1) {
- gctl_error(req, "Invalid number of arguments.");
- @@ -666,7 +707,7 @@
- }
- prov = gctl_get_ascii(req, "arg0");
- mediasize = g_get_mediasize(prov);
- - secsize = g_get_sectorsize(prov);
- + hdsize = secsize = g_get_sectorsize(prov);
- if (mediasize == 0 || secsize == 0) {
- gctl_error(req, "Cannot get informations about %s: %s.", prov,
- strerror(errno));
- @@ -770,23 +811,39 @@
- error = g_eli_mkey_encrypt(md.md_ealgo, key, md.md_keylen, md.md_mkeys);
- bzero(key, sizeof(key));
- if (error != 0) {
- - bzero(&md, sizeof(md));
- gctl_error(req, "Cannot encrypt Master Key: %s.",
- strerror(error));
- - return;
- + goto out;
- }
- - eli_metadata_encode(&md, sector);
- - bzero(&md, sizeof(md));
- - error = g_metadata_store(prov, sector, sizeof(sector));
- - bzero(sector, sizeof(sector));
- - if (error != 0) {
- - gctl_error(req, "Cannot store metadata on %s: %s.", prov,
- - strerror(error));
- - return;
- + header = gctl_get_ascii(req, "header");
- + if (header[0] != '\0') {
- + hd = malloc(hdsize);
- + if (hd == NULL) {
- + gctl_error(req, "Cannot allocate %zd bytes of memory.", hdsize);
- + goto out;
- + }
- + bzero(hd, hdsize);
- +
- + eli_metadata_encode(&md, hd);
- + eli_header_store(req, header, hd, hdsize);
- + } else {
- + eli_metadata_encode(&md, sector);
- + error = g_metadata_store(prov, sector, sizeof(sector));
- + bzero(sector, sizeof(sector));
- + if (error != 0) {
- + gctl_error(req, "Cannot store metadata on %s: %s.", prov,
- + strerror(error));
- + goto out;
- + }
- + }
- +
- + if (verbose) {
- + if (header[0] != '\0')
- + printf("Metadata value stored in %s.\n", header);
- + else
- + printf("Metadata value stored on %s.\n", prov);
- }
- - if (verbose)
- - printf("Metadata value stored on %s.\n", prov);
- /* Backup metadata to a file. */
- str = gctl_get_ascii(req, "backupfile");
- if (str[0] != '\0') {
- @@ -807,12 +864,25 @@
- backfile[i] = '_';
- }
- }
- - if (strcmp(backfile, "none") != 0 &&
- - eli_backup_create(req, prov, backfile) == 0) {
- + if (strcmp(backfile, "none") != 0) {
- + if (header[0] != '\0')
- + error = eli_header_store(req, backfile, hd, hdsize);
- + else
- + error = eli_backup_create(req, prov, backfile);
- +
- + if (error != 0)
- + goto out;
- +
- printf("\nMetadata backup can be found in %s and\n", backfile);
- printf("can be restored with the following command:\n");
- printf("\n\t# geli restore %s %s\n\n", backfile, prov);
- }
- +out:
- + bzero(&md, sizeof(md));
- + if (hd != NULL) {
- + bzero(hd, hdsize);
- + free(hd);
- + }
- }
- static void
- @@ -820,8 +890,10 @@
- {
- struct g_eli_metadata md;
- unsigned char key[G_ELI_USERKEYLEN];
- - const char *prov;
- + unsigned char *hd = NULL;
- + const char *str, *prov, *header;
- off_t mediasize;
- + size_t hdsize = 0;
- int nargs;
- nargs = gctl_get_int(req, "nargs");
- @@ -829,14 +901,23 @@
- gctl_error(req, "Invalid number of arguments.");
- return;
- }
- +
- prov = gctl_get_ascii(req, "arg0");
- + header = gctl_get_ascii(req, "header");
- +
- + if (header[0] != '\0')
- + str = header;
- + else
- + str = prov;
- - if (eli_metadata_read(req, prov, &md) == -1)
- + if (eli_metadata_read(req, str, &md) == -1)
- return;
- + hdsize = g_get_sectorsize(prov);
- mediasize = g_get_mediasize(prov);
- +
- if (md.md_provsize != (uint64_t)mediasize) {
- - gctl_error(req, "Provider size mismatch.");
- + gctl_error(req, "Provider size mismatch (expected %zd).", md.md_provsize);
- return;
- }
- @@ -845,21 +926,53 @@
- return;
- }
- + if (header[0] != '\0') {
- + hd = malloc(hdsize);
- + if (hd == NULL) {
- + gctl_error(req, "Cannot allocate %zd bytes of memory.", hdsize);
- + return;
- + }
- + bzero(hd, hdsize);
- + eli_metadata_encode(&md, hd);
- + gctl_ro_param(req, "hd", hdsize, hd);
- + }
- +
- gctl_ro_param(req, "key", sizeof(key), key);
- if (gctl_issue(req) == NULL) {
- if (verbose)
- printf("Attached to %s.\n", prov);
- }
- bzero(key, sizeof(key));
- + if (hd != NULL) {
- + bzero(hd, hdsize);
- + free(hd);
- + }
- }
- static void
- eli_configure_detached(struct gctl_req *req, const char *prov, bool boot)
- {
- struct g_eli_metadata md;
- + unsigned char *hd;
- + const char *str, *header;
- + size_t hdsize;
- + off_t mediasize;
- +
- + header = gctl_get_ascii(req, "header");
- +
- + if (header[0] != '\0')
- + str = header;
- + else
- + str = prov;
- +
- + if (eli_metadata_read(req, str, &md) == -1)
- + return;
- - if (eli_metadata_read(req, prov, &md) == -1)
- + mediasize = g_get_mediasize(prov);
- + if (md.md_provsize != (uint64_t)mediasize) {
- + gctl_error(req, "Provider size mismatch (expected %zd).", md.md_provsize);
- return;
- + }
- if (boot && (md.md_flags & G_ELI_FLAG_BOOT)) {
- if (verbose)
- @@ -872,16 +985,40 @@
- md.md_flags |= G_ELI_FLAG_BOOT;
- else
- md.md_flags &= ~G_ELI_FLAG_BOOT;
- - eli_metadata_store(req, prov, &md);
- +
- + if (header[0] != '\0') {
- + hdsize = g_get_sectorsize(prov);
- +
- + hd = malloc(hdsize);
- + if (hd == NULL) {
- + gctl_error(req, "Cannot allocate %zd bytes of memory.", hdsize);
- + return;
- + }
- + bzero(hd, hdsize);
- +
- + eli_metadata_encode(&md, hd);
- + eli_header_store(req, header, hd, hdsize);
- +
- + bzero(hd, hdsize);
- + free(hd);
- + }
- + else {
- + eli_metadata_store(req, prov, &md);
- + }
- }
- +
- bzero(&md, sizeof(md));
- }
- static void
- eli_configure(struct gctl_req *req)
- {
- - const char *prov;
- + struct g_eli_metadata md;
- + const char *prov, *header;
- + unsigned char *hd;
- bool boot, noboot;
- + off_t mediasize;
- + size_t hdsize;
- int i, nargs;
- nargs = gctl_get_int(req, "nargs");
- @@ -902,8 +1039,46 @@
- return;
- }
- + prov = gctl_get_ascii(req, "arg0");
- + header = gctl_get_ascii(req, "header");
- +
- + if ((header[0] != '\0') && eli_is_attached(prov)) {
- + if(nargs != 1) {
- + gctl_error(req, "Too many arguments.");
- + return;
- + }
- +
- + if (eli_metadata_read(req, header, &md) == -1)
- + return;
- +
- + hdsize = g_get_sectorsize(prov);
- + mediasize = g_get_mediasize(prov);
- + if (md.md_provsize != (uint64_t)mediasize) {
- + gctl_error(req, "Provider size mismatch (expected %zd).", md.md_provsize);
- + return;
- + }
- +
- + hd = malloc(hdsize);
- + if (hd == NULL) {
- + gctl_error(req, "Cannot allocate %zd bytes of memory.", hdsize);
- + return;
- + }
- + bzero(hd, hdsize);
- +
- + eli_metadata_encode(&md, hd);
- + gctl_rw_param(req, "hd", hdsize, hd);
- + }
- +
- /* First attached providers. */
- gctl_issue(req);
- +
- + if ((header[0] != '\0') && eli_is_attached(prov)) {
- + eli_header_store(req, header, hd, hdsize);
- + bzero(&md, sizeof(md));
- + bzero(hd, hdsize);
- + free(hd);
- + }
- +
- /* Now the rest. */
- for (i = 0; i < nargs; i++) {
- prov = gctl_get_ascii(req, "arg%d", i);
- @@ -915,8 +1090,12 @@
- static void
- eli_setkey_attached(struct gctl_req *req, struct g_eli_metadata *md)
- {
- + const char *prov, *header;
- unsigned char key[G_ELI_USERKEYLEN];
- + unsigned char *hd;
- intmax_t val, old = 0;
- + off_t mediasize;
- + size_t hdsize;
- int error;
- val = gctl_get_intmax(req, "iterations");
- @@ -941,19 +1120,52 @@
- assert(error == 0);
- }
- + header = gctl_get_ascii(req, "header");
- + if (header[0] != '\0') {
- + prov = gctl_get_ascii(req, "arg0");
- +
- + hdsize = g_get_sectorsize(prov);
- + mediasize = g_get_mediasize(prov);
- + if (md->md_provsize != (uint64_t)mediasize) {
- + gctl_error(req, "Provider size mismatch (expected %zd).", md->md_provsize);
- + return;
- + }
- +
- + hd = malloc(hdsize);
- + if (hd == NULL) {
- + gctl_error(req, "Cannot allocate %zd bytes of memory.", hdsize);
- + return;
- + }
- + bzero(hd, hdsize);
- +
- + eli_metadata_encode(md, hd);
- + gctl_rw_param(req, "hd", hdsize, hd);
- + }
- +
- gctl_ro_param(req, "key", sizeof(key), key);
- gctl_issue(req);
- bzero(key, sizeof(key));
- +
- + if (header[0] != '\0') {
- + eli_metadata_decode(hd, md);
- + eli_header_store(req, header, hd, hdsize);
- +
- + bzero(hd, hdsize);
- + free(hd);
- + }
- }
- static void
- eli_setkey_detached(struct gctl_req *req, const char *prov,
- struct g_eli_metadata *md)
- {
- + const char *header;
- unsigned char key[G_ELI_USERKEYLEN], mkey[G_ELI_DATAIVKEYLEN];
- - unsigned char *mkeydst;
- + unsigned char *mkeydst, *hd = NULL;
- unsigned int nkey;
- intmax_t val;
- + off_t mediasize;
- + size_t hdsize = 0;
- int error;
- if (md->md_keys == 0) {
- @@ -1035,7 +1247,31 @@
- }
- /* Store metadata with fresh key. */
- - eli_metadata_store(req, prov, md);
- + header = gctl_get_ascii(req, "header");
- + if (header[0] != '\0') {
- + hdsize = g_get_sectorsize(prov);
- + mediasize = g_get_mediasize(prov);
- + if (md->md_provsize != (uint64_t)mediasize) {
- + gctl_error(req, "Provider size mismatch (expected %zd).", md->md_provsize);
- + return;
- + }
- +
- + hd = malloc(hdsize);
- + if (hd == NULL) {
- + gctl_error(req, "Cannot allocate %zd bytes of memory.", hdsize);
- + return;
- + }
- + bzero(hd, hdsize);
- +
- + eli_metadata_encode(md, hd);
- + eli_header_store(req, header, hd, hdsize);
- +
- + bzero(hd, hdsize);
- + free(hd);
- + } else {
- + eli_metadata_store(req, prov, md);
- + }
- +
- bzero(md, sizeof(*md));
- }
- @@ -1043,7 +1279,7 @@
- eli_setkey(struct gctl_req *req)
- {
- struct g_eli_metadata md;
- - const char *prov;
- + const char *str, *prov, *header;
- int nargs;
- nargs = gctl_get_int(req, "nargs");
- @@ -1051,9 +1287,16 @@
- gctl_error(req, "Invalid number of arguments.");
- return;
- }
- +
- prov = gctl_get_ascii(req, "arg0");
- + header = gctl_get_ascii(req, "header");
- +
- + if (header[0] != '\0')
- + str = header;
- + else
- + str = prov;
- - if (eli_metadata_read(req, prov, &md) == -1)
- + if (eli_metadata_read(req, str, &md) == -1)
- return;
- if (eli_is_attached(prov))
- @@ -1066,25 +1309,71 @@
- "and/or passphrase may still exists in a metadata backup "
- "file.\n");
- }
- +
- + bzero(&md, sizeof(md));
- }
- static void
- eli_delkey_attached(struct gctl_req *req, const char *prov __unused)
- {
- + struct g_eli_metadata md;
- + const char *header;
- + unsigned char *hd;
- + off_t mediasize;
- + size_t hdsize;
- +
- + header = gctl_get_ascii(req, "header");
- + if (header[0] != '\0') {
- + if (eli_metadata_read(req, header, &md) == -1)
- + return;
- +
- + hdsize = g_get_sectorsize(prov);
- + mediasize = g_get_mediasize(prov);
- + if (md.md_provsize != (uint64_t)mediasize) {
- + gctl_error(req, "Provider size mismatch (expected %zd).", md.md_provsize);
- + return;
- + }
- +
- + hd = malloc(hdsize);
- + if (hd == NULL) {
- + gctl_error(req, "Cannot allocate %zd bytes of memory.", hdsize);
- + return;
- + }
- + bzero(hd, hdsize);
- +
- + eli_metadata_encode(&md, hd);
- + bzero(&md, sizeof(md));
- + gctl_rw_param(req, "hd", hdsize, hd);
- + }
- gctl_issue(req);
- +
- + if (header[0] != '\0') {
- + eli_header_store(req, header, hd, hdsize);
- + bzero(hd, hdsize);
- + free(hd);
- + }
- }
- static void
- eli_delkey_detached(struct gctl_req *req, const char *prov)
- {
- struct g_eli_metadata md;
- - unsigned char *mkeydst;
- + const char *str, *header;
- + unsigned char *mkeydst, *hd;
- unsigned int nkey;
- + off_t mediasize;
- + size_t hdsize;
- intmax_t val;
- bool all, force;
- - if (eli_metadata_read(req, prov, &md) == -1)
- + header = gctl_get_ascii(req, "header");
- + if (header[0] != '\0')
- + str = header;
- + else
- + str = prov;
- +
- + if (eli_metadata_read(req, str, &md) == -1)
- return;
- all = gctl_get_int(req, "all");
- @@ -1116,7 +1405,29 @@
- arc4rand(mkeydst, G_ELI_MKEYLEN);
- }
- - eli_metadata_store(req, prov, &md);
- + if (header[0] != '\0') {
- + hdsize = g_get_sectorsize(prov);
- + mediasize = g_get_mediasize(prov);
- + if (md.md_provsize != (uint64_t)mediasize) {
- + gctl_error(req, "Provider size mismatch (expected %zd).", md.md_provsize);
- + return;
- + }
- +
- + hd = malloc(hdsize);
- + if (hd == NULL) {
- + gctl_error(req, "Cannot allocate %zd bytes of memory.", hdsize);
- + return;
- + }
- + bzero(hd, hdsize);
- +
- + eli_metadata_encode(&md, hd);
- + eli_header_store(req, header, hd, hdsize);
- +
- + bzero(hd, hdsize);
- + free(hd);
- + } else {
- + eli_metadata_store(req, prov, &md);
- + }
- bzero(&md, sizeof(md));
- }
- @@ -1144,8 +1455,10 @@
- {
- struct g_eli_metadata md;
- unsigned char key[G_ELI_USERKEYLEN];
- - const char *prov;
- + unsigned char *hd = NULL;
- + const char *str, *prov, *header;
- off_t mediasize;
- + size_t hdsize = 0;
- int nargs;
- nargs = gctl_get_int(req, "nargs");
- @@ -1154,13 +1467,19 @@
- return;
- }
- prov = gctl_get_ascii(req, "arg0");
- + header = gctl_get_ascii(req, "header");
- - if (eli_metadata_read(req, prov, &md) == -1)
- + if (header[0] != '\0')
- + str = header;
- + else
- + str = prov;
- +
- + if (eli_metadata_read(req, str, &md) == -1)
- return;
- mediasize = g_get_mediasize(prov);
- if (md.md_provsize != (uint64_t)mediasize) {
- - gctl_error(req, "Provider size mismatch.");
- + gctl_error(req, "Provider size mismatch (expected %zd).", md.md_provsize);
- return;
- }
- @@ -1169,11 +1488,31 @@
- return;
- }
- + if(header[0] != '\0') {
- + hdsize = g_get_sectorsize(prov);
- +
- + hd = malloc(hdsize);
- + if (hd == NULL) {
- + gctl_error(req, "Cannot allocate %zd bytes of memory.", hdsize);
- + return;
- + }
- + bzero(hd, hdsize);
- +
- + eli_metadata_encode(&md, hd);
- + gctl_ro_param(req, "hd", hdsize, hd);
- + }
- +
- gctl_ro_param(req, "key", sizeof(key), key);
- if (gctl_issue(req) == NULL) {
- if (verbose)
- printf("Resumed %s.\n", prov);
- }
- +
- + if (hd != NULL) {
- + bzero(hd, hdsize);
- + free(hd);
- + }
- +
- bzero(key, sizeof(key));
- }
- @@ -1336,11 +1675,13 @@
- gctl_error(req, "Cannot read metadata: %s.", strerror(errno));
- goto out;
- }
- +
- /* Check if this is geli provider. */
- if (eli_metadata_decode(sector, &md) != 0) {
- gctl_error(req, "MD5 hash mismatch: not a geli provider?");
- goto out;
- }
- +
- /* Write metadata to the destination file. */
- if (write(filefd, sector, secsize) != secsize) {
- gctl_error(req, "Cannot write to %s: %s.", file,
- @@ -1469,9 +1810,10 @@
- eli_resize(struct gctl_req *req)
- {
- struct g_eli_metadata md;
- - const char *prov;
- - unsigned char *sector;
- + const char *prov, *header;
- + unsigned char *sector, *hd;
- ssize_t secsize;
- + size_t hdsize;
- off_t mediasize, oldsize;
- int nargs, provfd;
- @@ -1480,20 +1822,28 @@
- gctl_error(req, "Invalid number of arguments.");
- return;
- }
- +
- prov = gctl_get_ascii(req, "arg0");
- + header = gctl_get_ascii(req, "header");
- provfd = -1;
- sector = NULL;
- secsize = 0;
- - provfd = g_open(prov, 1);
- - if (provfd == -1) {
- - gctl_error(req, "Cannot open %s: %s.", prov, strerror(errno));
- - goto out;
- + if (header[0] == '\0') {
- + provfd = g_open(prov, 1);
- + if (provfd == -1) {
- + gctl_error(req, "Cannot open %s: %s.", prov, strerror(errno));
- + goto out;
- + }
- +
- + mediasize = g_mediasize(provfd);
- + secsize = g_sectorsize(provfd);
- + } else {
- + mediasize = g_get_mediasize(prov);
- + secsize = g_get_sectorsize(prov);
- }
- - mediasize = g_mediasize(provfd);
- - secsize = g_sectorsize(provfd);
- if (mediasize == -1 || secsize == -1) {
- gctl_error(req, "Cannot get information about %s: %s.", prov,
- strerror(errno));
- @@ -1516,17 +1866,25 @@
- goto out;
- }
- - /* Read metadata from the 'oldsize' offset. */
- - if (pread(provfd, sector, secsize, oldsize - secsize) != secsize) {
- - gctl_error(req, "Cannot read old metadata: %s.",
- - strerror(errno));
- - goto out;
- - }
- + if (header[0] != '\0') {
- + if (eli_metadata_read(req, header, &md) == -1) {
- + gctl_error(req, "Cannot read old metadata: %s.",
- + header);
- + goto out;
- + }
- + } else {
- + /* Read metadata from the 'oldsize' offset. */
- + if (pread(provfd, sector, secsize, oldsize - secsize) != secsize) {
- + gctl_error(req, "Cannot read old metadata: %s.",
- + strerror(errno));
- + goto out;
- + }
- - /* Check if this sector contains geli metadata. */
- - if (eli_metadata_decode(sector, &md) != 0) {
- - gctl_error(req, "MD5 hash mismatch: no metadata for oldsize.");
- - goto out;
- + /* Check if this sector contains geli metadata. */
- + if (eli_metadata_decode(sector, &md) != 0) {
- + gctl_error(req, "MD5 hash mismatch: no metadata for oldsize.");
- + goto out;
- + }
- }
- /*
- @@ -1543,16 +1901,41 @@
- * it back to the correct place on the provider.
- */
- md.md_provsize = mediasize;
- - eli_metadata_encode(&md, sector);
- - if (pwrite(provfd, sector, secsize, mediasize - secsize) != secsize) {
- - gctl_error(req, "Cannot write metadata: %s.", strerror(errno));
- - goto out;
- +
- + if (header[0] != '\0') {
- + hdsize = g_get_sectorsize(prov);
- +
- + hd = malloc(hdsize);
- + if (hd == NULL) {
- + gctl_error(req, "Cannot allocate %zd bytes of memory.", hdsize);
- + return;
- + }
- + bzero(hd, hdsize);
- +
- + eli_metadata_encode(&md, hd);
- + eli_header_store(req, header, hd, hdsize);
- +
- + bzero(hd, hdsize);
- + free(hd);
- + } else {
- + sector = malloc(secsize);
- + if (sector == NULL) {
- + gctl_error(req, "Cannot allocate memory.");
- + goto out;
- + }
- +
- + eli_metadata_encode(&md, sector);
- + if (pwrite(provfd, sector, secsize, mediasize - secsize) != secsize) {
- + gctl_error(req, "Cannot write metadata: %s.", strerror(errno));
- + goto out;
- + }
- + (void)g_flush(provfd);
- +
- + /* Now trash the old metadata. */
- + if (eli_trash_metadata(req, prov, provfd, oldsize - secsize) == -1)
- + goto out;
- }
- - (void)g_flush(provfd);
- - /* Now trash the old metadata. */
- - if (eli_trash_metadata(req, prov, provfd, oldsize - secsize) == -1)
- - goto out;
- out:
- if (provfd >= 0)
- (void)g_close(provfd);
- @@ -1592,7 +1975,8 @@
- eli_dump(struct gctl_req *req)
- {
- struct g_eli_metadata md, tmpmd;
- - const char *name;
- + const char *name, *header;
- + size_t hdsize;
- int error, i, nargs;
- nargs = gctl_get_int(req, "nargs");
- @@ -1601,15 +1985,44 @@
- return;
- }
- - for (i = 0; i < nargs; i++) {
- - name = gctl_get_ascii(req, "arg%d", i);
- - error = g_metadata_read(name, (unsigned char *)&tmpmd,
- - sizeof(tmpmd), G_ELI_MAGIC);
- - if (error != 0) {
- + header = gctl_get_ascii(req, "header");
- + if (header[0] != '\0') {
- + if (nargs != 1) {
- + gctl_error(req, "Too many arguments.");
- + return;
- + }
- +
- + if (eli_metadata_read(req, header, &tmpmd) == -1)
- + return;
- +
- + name = gctl_get_ascii(req, "arg0");
- + hdsize = g_get_sectorsize(name);
- +
- + if (hdsize != tmpmd.md_sectorsize) {
- + gctl_error(req, "Provider sector size mismatch (expected %zd)", tmpmd.md_sectorsize);
- + return;
- + }
- +
- + if (strcmp(tmpmd.md_magic, G_ELI_MAGIC) != 0) {
- + error = EINVAL;
- fprintf(stderr, "Cannot read metadata from %s: %s.\n",
- - name, strerror(error));
- + name, strerror(error));
- gctl_error(req, "Not fully done.");
- - continue;
- + return;
- + }
- + }
- +
- + for (i = 0; i < nargs; i++) {
- + if (header[0] == '\0') {
- + name = gctl_get_ascii(req, "arg%d", i);
- + error = g_metadata_read(name, (unsigned char *)&tmpmd,
- + sizeof(tmpmd), G_ELI_MAGIC);
- + if (error != 0) {
- + fprintf(stderr, "Cannot read metadata from %s: %s.\n",
- + name, strerror(error));
- + gctl_error(req, "Not fully done.");
- + continue;
- + }
- }
- if (eli_metadata_decode((unsigned char *)&tmpmd, &md) != 0) {
- fprintf(stderr, "MD5 hash mismatch for %s, skipping.\n",
- --- sbin/geom/class/eli/geli.8.orig 2013-05-29 22:30:05.118234254 +0300
- +++ sbin/geom/class/eli/geli.8 2013-05-20 10:50:15.945898303 +0300
- @@ -52,6 +52,7 @@
- .Nm
- .Cm init
- .Op Fl bPv
- +.Op Fl H Ar headerfile
- .Op Fl a Ar aalgo
- .Op Fl B Ar backupfile
- .Op Fl e Ar ealgo
- @@ -67,6 +68,7 @@
- .Nm
- .Cm attach
- .Op Fl dprv
- +.Op Fl H Ar headerfile
- .Op Fl j Ar passfile
- .Op Fl k Ar keyfile
- .Ar prov
- @@ -88,10 +90,12 @@
- .Nm
- .Cm configure
- .Op Fl bB
- +.Op Fl H Ar headerfile
- .Ar prov ...
- .Nm
- .Cm setkey
- .Op Fl pPv
- +.Op Fl H Ar headerfile
- .Op Fl i Ar iterations
- .Op Fl j Ar passfile
- .Op Fl J Ar newpassfile
- @@ -102,6 +106,7 @@
- .Nm
- .Cm delkey
- .Op Fl afv
- +.Op Fl H Ar headerfile
- .Op Fl n Ar keyno
- .Ar prov
- .Nm
- @@ -125,12 +130,14 @@
- .Nm
- .Cm resume
- .Op Fl pv
- +.Op Fl H Ar headerfile
- .Op Fl j Ar passfile
- .Op Fl k Ar keyfile
- .Ar prov
- .Nm
- .Cm resize
- .Op Fl v
- +.Op Fl H Ar headerfile
- .Fl s Ar oldsize
- .Ar prov
- .Nm
- @@ -140,6 +147,7 @@
- .Nm
- .Cm dump
- .Op Fl v
- +.Op Fl H Ar headerfile
- .Ar prov ...
- .Nm
- .Cm list
- @@ -240,6 +248,8 @@
- .Pp
- Additional options include:
- .Bl -tag -width ".Fl J Ar newpassfile"
- +.It Fl H Ar headerfile
- +Store GELI metadata (header) in the external file
- .It Fl a Ar aalgo
- Enable data integrity verification (authentication) using the given algorithm.
- This will reduce size of available storage and also reduce speed.
- @@ -341,6 +351,8 @@
- option for the
- .Cm detach
- subcommand.
- +.It Fl H Ar headerfile
- +Read metadata from a file instead from a provider
- .It Fl j Ar passfile
- Specifies a file which contains the passphrase or its part.
- For more information see the description of the
- @@ -415,7 +427,9 @@
- Change configuration of the given providers.
- .Pp
- Additional options include:
- -.Bl -tag -width ".Fl b"
- +.Bl -tag -width ".Fl H Ar headerfile"
- +.It Fl H Ar headerfile
- +Handle external metadata
- .It Fl b
- Set the BOOT flag on the given providers.
- For more information, see the description of the
- @@ -437,6 +451,8 @@
- .Pp
- Additional options include:
- .Bl -tag -width ".Fl J Ar newpassfile"
- +.It Fl H Ar headerfile
- +Handle external metadata
- .It Fl i Ar iterations
- Number of iterations to use with PKCS#5v2.
- If 0 is given, PKCS#5v2 will not be used.
- @@ -472,7 +488,9 @@
- subcommand.
- .Pp
- Additional options include:
- -.Bl -tag -width ".Fl a Ar keyno"
- +.Bl -tag -width ".Fl H Ar headerfile"
- +.It Fl H Ar headerfile
- +Handle external metadata
- .It Fl a
- Destroy all keys (does not need
- .Fl f
- @@ -567,7 +585,9 @@
- utility is stored is bad idea.
- .Pp
- Additional options include:
- -.Bl -tag -width ".Fl j Ar passfile"
- +.Bl -tag -width ".Fl H Ar headerfile"
- +.It Fl H Ar headerfile
- +Handle external metadata
- .It Fl j Ar passfile
- Specifies a file which contains the passphrase or its part.
- For more information see the description of the
- @@ -593,7 +613,9 @@
- provider and the provider size is updated.
- .Pp
- Additional options include:
- -.Bl -tag -width ".Fl s Ar oldsize"
- +.Bl -tag -width ".Fl H Ar headerfile"
- +.It Fl H Ar headerfile
- +Handle external metadata
- .It Fl s Ar oldsize
- The size of the provider before it was resized.
- .El
- @@ -764,6 +786,9 @@
- # dd if=/dev/random of=/dev/da1s3a bs=1m
- # dd if=/dev/random of=/boot/keys/da1s3a.key bs=128k count=1
- # geli init -b -P -K /boot/keys/da1s3a.key da1s3a
- +# dd if=/dev/random of=/dev/ada1 bs=1m
- +# dd if=/dev/random of=/boot/keys/ada1.key bs=8 count=8
- +# geli init -b -H /boot/hd/ada1.hd -P -K /boot/keys/ada1.key ada1
- .Ed
- .Pp
- The providers are initialized, now we have to add those lines to
- @@ -782,6 +807,13 @@
- geli_da1s3a_keyfile0_load="YES"
- geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0"
- geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"
- +
- +geli_ada1_header_load="YES"
- +geli_ada1_header_type="ada1:geli_header"
- +geli_ada1_header_name="/boot/hd/ada1.hd"
- +geli_ada1_keyfile0_load="YES"
- +geli_ada1_keyfile0_type="ada1:geli_keyfile0"
- +geli_ada1_keyfile0_name="/boot/keys/ada1.key"
- .Ed
- .Pp
- Not only configure encryption, but also data integrity verification using
- --- sys/geom/eli/g_eli.c.orig 2013-05-31 01:23:18.992933645 +0300
- +++ sys/geom/eli/g_eli.c 2013-05-31 01:55:28.009101681 +0300
- @@ -1013,6 +1013,47 @@
- }
- }
- +static int
- +g_eli_header_load(struct g_eli_metadata *md, const char *provider)
- +{
- + unsigned char *headfile, *data;
- + char *file, name[64];
- + size_t size;
- +
- + snprintf(name, sizeof(name), "%s:geli_header", provider);
- + headfile = preload_search_by_type(name);
- + if (headfile == NULL)
- + return (1);
- +
- + data = preload_fetch_addr(headfile);
- + if (data == NULL) {
- + G_ELI_DEBUG(0, "Cannot find header file data for %s.",
- + name);
- + return (1);
- + }
- +
- + size = preload_fetch_size(headfile);
- + if (size == 0) {
- + G_ELI_DEBUG(0, "Cannot find header file size for %s.",
- + name);
- + return (1);
- + }
- +
- + file = preload_search_info(headfile, MODINFO_NAME);
- + if (file == NULL) {
- + G_ELI_DEBUG(0, "Cannot find header file name for %s.",
- + name);
- + return (1);
- + }
- +
- + G_ELI_DEBUG(1, "Loaded header %s for %s (type: %s).", file,
- + provider, name);
- +
- + eli_metadata_decode(data, md);
- +
- + return (0);
- +}
- +
- /*
- * Tasting is only made on boot.
- * We detect providers which should be attached before root is mounted.
- @@ -1036,9 +1077,11 @@
- G_ELI_DEBUG(3, "Tasting %s.", pp->name);
- - error = g_eli_read_metadata(mp, pp, &md);
- - if (error != 0)
- - return (NULL);
- + if(g_eli_header_load(&md, pp->name) != 0) {
- + error = g_eli_read_metadata(mp, pp, &md);
- + if (error != 0)
- + return (NULL);
- + }
- gp = NULL;
- if (strcmp(md.md_magic, G_ELI_MAGIC) != 0)
- --- sys/geom/eli/g_eli_ctl.c.orig 2013-05-31 01:23:25.741791390 +0300
- +++ sys/geom/eli/g_eli_ctl.c 2013-05-31 20:23:43.382321683 +0300
- @@ -56,7 +56,8 @@
- struct g_eli_metadata md;
- struct g_provider *pp;
- const char *name;
- - u_char *key, mkey[G_ELI_DATAIVKEYLEN];
- + u_char *key, *hd, mkey[G_ELI_DATAIVKEYLEN];
- + size_t hdsize;
- int *nargs, *detach, *readonly;
- int keysize, error;
- u_int nkey;
- @@ -97,12 +98,19 @@
- gctl_error(req, "Provider %s is invalid.", name);
- return;
- }
- - error = g_eli_read_metadata(mp, pp, &md);
- - if (error != 0) {
- - gctl_error(req, "Cannot read metadata from %s (error=%d).",
- - name, error);
- - return;
- +
- + hd = gctl_get_param(req, "hd", &hdsize);
- + if (hd == NULL) {
- + error = g_eli_read_metadata(mp, pp, &md);
- + if (error != 0) {
- + gctl_error(req, "Cannot read metadata from %s (error=%d).",
- + name, error);
- + return;
- + }
- + } else {
- + eli_metadata_decode(hd, &md);
- }
- +
- if (md.md_keys == 0x00) {
- bzero(&md, sizeof(md));
- gctl_error(req, "No valid keys on %s.", pp->name);
- @@ -376,7 +384,8 @@
- struct g_consumer *cp;
- char param[16];
- const char *prov;
- - u_char *sector;
- + u_char *sector, *hd;
- + size_t hdsize;
- int *nargs, *boot, *noboot;
- int error;
- u_int i;
- @@ -393,6 +402,12 @@
- return;
- }
- + hd = gctl_get_param(req, "hd", &hdsize);
- + if ((hd != NULL) && (*nargs != 1)) {
- + gctl_error(req, "Too much device(s).");
- + return;
- + }
- +
- boot = gctl_get_paraml(req, "boot", sizeof(*boot));
- if (boot == NULL) {
- gctl_error(req, "No '%s' argument.", "boot");
- @@ -413,6 +428,7 @@
- }
- for (i = 0; i < *nargs; i++) {
- + sector = NULL;
- snprintf(param, sizeof(param), "arg%d", i);
- prov = gctl_get_asciiparam(req, param);
- if (prov == NULL) {
- @@ -443,14 +459,18 @@
- "read-only provider %s.", prov);
- continue;
- }
- - cp = LIST_FIRST(&sc->sc_geom->consumer);
- - pp = cp->provider;
- - error = g_eli_read_metadata(mp, pp, &md);
- - if (error != 0) {
- - gctl_error(req,
- - "Cannot read metadata from %s (error=%d).",
- - prov, error);
- - continue;
- + if (hd == NULL) {
- + cp = LIST_FIRST(&sc->sc_geom->consumer);
- + pp = cp->provider;
- + error = g_eli_read_metadata(mp, pp, &md);
- + if (error != 0) {
- + gctl_error(req,
- + "Cannot read metadata from %s (error=%d).",
- + prov, error);
- + continue;
- + }
- + } else {
- + eli_metadata_decode(hd, &md);
- }
- if (*boot) {
- @@ -461,18 +481,26 @@
- sc->sc_flags &= ~G_ELI_FLAG_BOOT;
- }
- - sector = malloc(pp->sectorsize, M_ELI, M_WAITOK | M_ZERO);
- - eli_metadata_encode(&md, sector);
- - error = g_write_data(cp, pp->mediasize - pp->sectorsize, sector,
- - pp->sectorsize);
- - if (error != 0) {
- - gctl_error(req,
- - "Cannot store metadata on %s (error=%d).",
- - prov, error);
- + if (hd == NULL) {
- + sector = malloc(pp->sectorsize, M_ELI, M_WAITOK | M_ZERO);
- + eli_metadata_encode(&md, sector);
- + error = g_write_data(cp, pp->mediasize - pp->sectorsize, sector,
- + pp->sectorsize);
- + if (error != 0) {
- + gctl_error(req,
- + "Cannot store metadata on %s (error=%d).",
- + prov, error);
- + }
- + } else {
- + eli_metadata_encode(&md, hd);
- + gctl_set_param(req, "hd", hd, hdsize);
- }
- +
- bzero(&md, sizeof(md));
- - bzero(sector, sizeof(sector));
- - free(sector, M_ELI);
- + if (sector != NULL) {
- + bzero(sector, sizeof(sector));
- + free(sector, M_ELI);
- + }
- }
- }
- @@ -485,6 +513,8 @@
- struct g_consumer *cp;
- const char *name;
- u_char *key, *mkeydst, *sector;
- + unsigned char *hd;
- + size_t hdsize;
- intmax_t *valp;
- int keysize, nkey, error;
- @@ -507,11 +537,16 @@
- cp = LIST_FIRST(&sc->sc_geom->consumer);
- pp = cp->provider;
- - error = g_eli_read_metadata(mp, pp, &md);
- - if (error != 0) {
- - gctl_error(req, "Cannot read metadata from %s (error=%d).",
- - name, error);
- - return;
- + hd = gctl_get_param(req, "hd", &hdsize);
- + if (hd == NULL) {
- + error = g_eli_read_metadata(mp, pp, &md);
- + if (error != 0) {
- + gctl_error(req, "Cannot read metadata from %s (error=%d).",
- + name, error);
- + return;
- + }
- + } else {
- + eli_metadata_decode(hd, &md);
- }
- valp = gctl_get_paraml(req, "keyno", sizeof(*valp));
- @@ -569,19 +604,28 @@
- return;
- }
- - sector = malloc(pp->sectorsize, M_ELI, M_WAITOK | M_ZERO);
- /* Store metadata with fresh key. */
- - eli_metadata_encode(&md, sector);
- - bzero(&md, sizeof(md));
- - error = g_write_data(cp, pp->mediasize - pp->sectorsize, sector,
- - pp->sectorsize);
- - bzero(sector, sizeof(sector));
- - free(sector, M_ELI);
- - if (error != 0) {
- - gctl_error(req, "Cannot store metadata on %s (error=%d).",
- - pp->name, error);
- - return;
- + if (hd == NULL) {
- + sector = malloc(pp->sectorsize, M_ELI, M_WAITOK | M_ZERO);
- + eli_metadata_encode(&md, sector);
- + bzero(&md, sizeof(md));
- +
- + error = g_write_data(cp, pp->mediasize - pp->sectorsize, sector,
- + pp->sectorsize);
- +
- + bzero(sector, sizeof(sector));
- + free(sector, M_ELI);
- +
- + if (error != 0) {
- + gctl_error(req, "Cannot store metadata on %s (error=%d).",
- + pp->name, error);
- + return;
- + }
- + } else {
- + eli_metadata_encode(&md, hd);
- + gctl_set_param(req, "hd", hd, hdsize);
- }
- +
- G_ELI_DEBUG(1, "Key %u changed on %s.", nkey, pp->name);
- }
- @@ -593,7 +637,8 @@
- struct g_provider *pp;
- struct g_consumer *cp;
- const char *name;
- - u_char *mkeydst, *sector;
- + u_char *mkeydst, *sector, *hd;
- + size_t hdsize;
- intmax_t *valp;
- size_t keysize;
- int error, nkey, *all, *force;
- @@ -620,11 +665,16 @@
- cp = LIST_FIRST(&sc->sc_geom->consumer);
- pp = cp->provider;
- - error = g_eli_read_metadata(mp, pp, &md);
- - if (error != 0) {
- - gctl_error(req, "Cannot read metadata from %s (error=%d).",
- - name, error);
- - return;
- + hd = gctl_get_param(req, "hd", &hdsize);
- + if (hd == NULL) {
- + error = g_eli_read_metadata(mp, pp, &md);
- + if (error != 0) {
- + gctl_error(req, "Cannot read metadata from %s (error=%d).",
- + name, error);
- + return;
- + }
- + } else {
- + eli_metadata_decode(hd, &md);
- }
- all = gctl_get_paraml(req, "all", sizeof(*all));
- @@ -670,6 +720,13 @@
- keysize = G_ELI_MKEYLEN;
- }
- + if (hd != NULL) {
- + bzero(mkeydst, keysize);
- + eli_metadata_encode(&md, hd);
- + gctl_set_param(req, "hd", hd, hdsize);
- + goto out;
- + }
- +
- sector = malloc(pp->sectorsize, M_ELI, M_WAITOK | M_ZERO);
- for (i = 0; i <= g_eli_overwrites; i++) {
- if (i == g_eli_overwrites)
- @@ -690,9 +747,11 @@
- */
- (void)g_io_flush(cp);
- }
- - bzero(&md, sizeof(md));
- bzero(sector, sizeof(sector));
- free(sector, M_ELI);
- +
- +out:
- + bzero(&md, sizeof(md));
- if (*all)
- G_ELI_DEBUG(1, "All keys removed from %s.", pp->name);
- else
- @@ -816,6 +875,8 @@
- struct g_consumer *cp;
- const char *name;
- u_char *key, mkey[G_ELI_DATAIVKEYLEN];
- + unsigned char *hd;
- + size_t hdsize;
- int *nargs, keysize, error;
- u_int nkey;
- @@ -843,11 +904,17 @@
- }
- cp = LIST_FIRST(&sc->sc_geom->consumer);
- pp = cp->provider;
- - error = g_eli_read_metadata(mp, pp, &md);
- - if (error != 0) {
- - gctl_error(req, "Cannot read metadata from %s (error=%d).",
- - name, error);
- - return;
- +
- + hd = gctl_get_param(req, "hd", &hdsize);
- + if (hd == NULL) {
- + error = g_eli_read_metadata(mp, pp, &md);
- + if (error != 0) {
- + gctl_error(req, "Cannot read metadata from %s (error=%d).",
- + name, error);
- + return;
- + }
- + } else {
- + eli_metadata_decode(hd, &md);
- }
- if (md.md_keys == 0x00) {
- bzero(&md, sizeof(md));
- @@ -889,6 +956,7 @@
- mtx_unlock(&sc->sc_queue_mtx);
- bzero(mkey, sizeof(mkey));
- bzero(&md, sizeof(md));
- + G_ELI_DEBUG(0, "Device %s has been resumed.", sc->sc_name);
- }
- static int
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement