shaba/lvm2
1
0
Fork 0
mirror of git://sourceware.org/git/lvm2.git synced 2025-01-18 10:04:20 +03:00
Code Releases Activity

dmsetup: hide integrity encryption keys on table output

Browse Source
This commit is contained in:
Ondrej Kozina 2017-11-10 13:55:04 +01:00
parent 512b2adc77
commit 32e747dd31
3 changed files with 48 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
WHATS_NEW_DM
View File

@ -1,5 +1,6 @@
Version 1.02.146 - Version 1.02.146 -
==================================== ====================================
Suppress integrity encryption keys in 'table' output unless --showkeys supplied.
Version 1.02.145 - 3rd November 2017 Version 1.02.145 - 3rd November 2017
==================================== ====================================

6
man/dmsetup.8_main
View File

@ -842,10 +842,10 @@ Outputs the current table for the device in a format that can be fed
back in using the create or load commands. back in using the create or load commands.
With \fB--target\fP, only information relating to the specified target type With \fB--target\fP, only information relating to the specified target type
is displayed. is displayed.
Real encryption keys are suppressed in the table output for the crypt Real encryption keys are suppressed in the table output for crypt and integrity
target unless the \fB--showkeys\fP parameter is supplied. Kernel key targets unless the \fB--showkeys\fP parameter is supplied. Kernel key
references prefixed with \fB:\fP are not affected by the parameter and get references prefixed with \fB:\fP are not affected by the parameter and get
displayed always. displayed always (crypt target only).
With \fB--concise\fP, the output is presented concisely on a single line. With \fB--concise\fP, the output is presented concisely on a single line.
Commas then separate the name, uuid, minor device number, flags ('ro' or 'rw') Commas then separate the name, uuid, minor device number, flags ('ro' or 'rw')
and the table (if present). Semi-colons separate devices. Backslashes escape and the table (if present). Semi-colons separate devices. Backslashes escape

34
tools/dmsetup.c
View File

@ -2375,6 +2375,24 @@ static void _print_string_quoted(const char *s)
} }
} }
static void hide_key(char *params, const char *name)
{
char *c = strstr(params, name);
if (!c)
return;
c += strlen(name);
/* key is optional */
c = strpbrk(c, " :");
if (!c || *c++ != ':')
return;
while (*c && *c != ' ')
*c++ = '0';
}
static int _status(CMD_ARGS) static int _status(CMD_ARGS)
{ {
int r = 0; int r = 0;
@ -2480,10 +2498,10 @@ static int _status(CMD_ARGS)
} }
/* Next print any target-specific information */ /* Next print any target-specific information */
if (target_type) { if (target_type) {
/* Suppress encryption key */ /* Suppress encryption keys */
if (!_switches[SHOWKEYS_ARG] && if (!_switches[SHOWKEYS_ARG] &&
cmdno == DM_DEVICE_TABLE && cmdno == DM_DEVICE_TABLE) {
!strcmp(target_type, "crypt")) { if (!strcmp(target_type, "crypt")) {
c = params; c = params;
while (*c && *c != ' ') while (*c && *c != ' ')
c++; c++;
@ -2498,6 +2516,16 @@ static int _status(CMD_ARGS)
if (*c != ':') if (*c != ':')
while (*c && *c != ' ') while (*c && *c != ' ')
*c++ = '0'; *c++ = '0';
} else if (!strcmp(target_type, "integrity")) {
/*
* "internal_hash", "journal_crypt" and "journal_mac"
* params allow keys optionally in hexbyte
* representation.
*/
hide_key(params, "internal_hash:");
hide_key(params, "journal_crypt:");
hide_key(params, "journal_mac:");
}
} }
if (use_concise) if (use_concise)
putchar(','); putchar(',');