1
0
mirror of git://sourceware.org/git/lvm2.git synced 2025-01-18 10:04:20 +03:00

dmsetup: do not suppress kernel key descriptions in tables

Kernel 4.10 (dm-crypt v1.15.0) and later supports loading device
tables with crypt segment having key in kernel keyring retention
service.

dmsetup hid key section of tables output. With this patch dmsetup
no longer hides key section if it detects kernel key description
instead of hex byte representation of key itself.
This commit is contained in:
Ondrej Kozina 2017-02-10 13:19:22 +01:00
parent baba3f8e2a
commit 035c614c19
4 changed files with 86 additions and 4 deletions

View File

@ -1,5 +1,6 @@
Version 1.02.138 - Version 1.02.138 -
===================================== =====================================
Do not suppress kernel key description in dmsetup table output.
Support configurable command executed from dmeventd thin plugin. Support configurable command executed from dmeventd thin plugin.
Support new R|r human readable units output format. Support new R|r human readable units output format.
Thin dmeventd plugin reacts faster on lvextend failure path with umount. Thin dmeventd plugin reacts faster on lvextend failure path with umount.

View File

@ -820,8 +820,10 @@ Outputs the current table for the device in a format that can be fed
back in using the create or load commands. back in using the create or load commands.
With \fB\-\-target\fP, only information relating to the specified target type With \fB\-\-target\fP, only information relating to the specified target type
is displayed. is displayed.
Encryption keys are suppressed in the table output for the crypt Real encryption keys are suppressed in the table output for the crypt
target unless the \fB\-\-showkeys\fP parameter is supplied. target unless the \fB\-\-showkeys\fP parameter is supplied. Kernel key
references prefixed with \fB:\fP are not affected by the parameter and get
displayed always.
. .
.HP .HP
.CMD_TARGETS .CMD_TARGETS

View File

@ -0,0 +1,72 @@
#!/bin/sh
# Copyright (C) 2017 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing to use,
# modify, copy, or redistribute it subject to the terms and conditions
# of the GNU General Public License v.2.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
# unrelated to lvm2 daemons
SKIP_WITH_LVMLOCKD=1
SKIP_WITH_LVMPOLLD=1
SKIP_WITH_CLVMD=1
SKIP_WITH_LVMETAD=1
. lib/inittest
CIPHER=aes-xts-plain64
HEXKEY_32=0102030405060708090a0102030405060102030405060708090a010203040506
HIDENKEY_32=0000000000000000000000000000000000000000000000000000000000000000
KEY_NAME="$PREFIX:keydesc"
function _teardown() {
keyctl unlink %:$PREFIX-keyring
aux teardown_devs_prefixed $PREFIX
}
aux target_at_least dm-zero 1 0 0 || skip "missing dm-zero target"
aux target_at_least dm-crypt 1 15 0 || skip "dm-crypt doesn't support keys in kernel keyring service"
which keyctl || skip "test requires keyctl utility"
keyctl newring $PREFIX-keyring @u
keyctl timeout %:$PREFIX-keyring 60
trap '_teardown' EXIT
keyctl add logon $KEY_NAME ${HEXKEY_32:0:32} %:$PREFIX-keyring
dmsetup create $PREFIX-zero --table "0 1 zero"
# put key in kernel keyring for active table
dmsetup create $PREFIX-crypt --table "0 1 crypt $CIPHER :32:logon:$KEY_NAME 0 $TESTDIR/dev$prefix/mapper/$PREFIX-zero 0"
# put hexbyte key in dm-crypt directly in inactive table
dmsetup load $PREFIX-crypt --table "0 1 crypt $CIPHER $HEXKEY_32 0 $TESTDIR/dev$prefix/mapper/$PREFIX-zero 0"
# test dmsetup doesn't hide key descriptions...
str=`dmsetup table $PREFIX-crypt | cut -d ' ' -f 5`
test $str = :32:logon:$KEY_NAME || die
str=`dmsetup table --showkeys $PREFIX-crypt | cut -d ' ' -f 5`
test $str = :32:logon:$KEY_NAME || die
# ...but it hides hexbyte representation of keys...
str=`dmsetup table --inactive $PREFIX-crypt | cut -d ' ' -f 5`
test $str = $HIDENKEY_32 || die
#...unless --showkeys explictly requested
str=`dmsetup table --showkeys --inactive $PREFIX-crypt | cut -d ' ' -f 5`
test $str = $HEXKEY_32 || die
# let's swap the tables
dmsetup resume $PREFIX-crypt
dmsetup load $PREFIX-crypt --table "0 1 crypt $CIPHER :32:logon:$KEY_NAME 0 $TESTDIR/dev$prefix/mapper/$PREFIX-zero 0"
str=`dmsetup table --inactive $PREFIX-crypt | cut -d ' ' -f 5`
test $str = :32:logon:$KEY_NAME || die
str=`dmsetup table --showkeys --inactive $PREFIX-crypt | cut -d ' ' -f 5`
test $str = :32:logon:$KEY_NAME || die
str=`dmsetup table $PREFIX-crypt | cut -d ' ' -f 5`
test $str = $HIDENKEY_32 || die
str=`dmsetup table --showkeys $PREFIX-crypt | cut -d ' ' -f 5`
test $str = $HEXKEY_32 || die

View File

@ -2197,6 +2197,13 @@ static int _status(CMD_ARGS)
c++; c++;
if (*c) if (*c)
c++; c++;
/*
* Do not suppress kernel key references prefixed
* with colon ':'. Displaying those references is
* harmless. crypt target supports kernel keys
* starting with v1.15.0 (merged in kernel 4.10)
*/
if (*c != ':')
while (*c && *c != ' ') while (*c && *c != ' ')
*c++ = '0'; *c++ = '0';
} }