From 2e387b9b852a5ae8c2980ff133e33d076004f6bf Mon Sep 17 00:00:00 2001 From: pjd Date: Sat, 16 Sep 2006 10:43:17 +0000 Subject: Add 'configure' subcommand which for now only allows setting and removing of the BOOT flag. It can be performed on both attached and detached providers. Requested by: Matthias Lederhofer MFC after: 1 week --- sbin/geom/class/eli/geli.8 | 19 +++++++++++- sbin/geom/class/eli/geom_eli.c | 70 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+), 1 deletion(-) (limited to 'sbin/geom/class') diff --git a/sbin/geom/class/eli/geli.8 b/sbin/geom/class/eli/geli.8 index 580b6e0..c2d588d 100644 --- a/sbin/geom/class/eli/geli.8 +++ b/sbin/geom/class/eli/geli.8 @@ -83,6 +83,10 @@ utility: .Op Fl s Ar sectorsize .Ar prov ... .Nm +.Cm configure +.Op Fl bB +.Ar prov ... +.Nm .Cm setkey .Op Fl pPv .Op Fl i Ar iterations @@ -196,7 +200,7 @@ Allows to verify data integrity (data authentication). The first argument to .Nm indicates an action to be performed: -.Bl -tag -width ".Cm onetime" +.Bl -tag -width ".Cm configure" .It Cm init Initialize provider which needs to be encrypted. Here you can set up the cryptographic algorithm to use, key length, etc. @@ -351,6 +355,19 @@ For more information, see the description of the .Cm init subcommand. .El +.It Cm configure +Change configuration of the given providers. +.Pp +Additional options include: +.Bl -tag -width ".Fl b" +.It Fl b +Set the BOOT flag on the given providers. +For more information, see the description of the +.Cm init +subcommand. +.It Fl B +Remove the BOOT flag from the given providers. +.El .It Cm setkey Change or setup (if not yet initialized) selected key. There is one master key, which can be encrypted with two independent user keys. diff --git a/sbin/geom/class/eli/geom_eli.c b/sbin/geom/class/eli/geom_eli.c index 3da4e83..0a82ccd 100644 --- a/sbin/geom/class/eli/geom_eli.c +++ b/sbin/geom/class/eli/geom_eli.c @@ -65,6 +65,7 @@ static char keyfile[] = "", newkeyfile[] = ""; static void eli_main(struct gctl_req *req, unsigned flags); static void eli_init(struct gctl_req *req); static void eli_attach(struct gctl_req *req); +static void eli_configure(struct gctl_req *req); static void eli_setkey(struct gctl_req *req); static void eli_delkey(struct gctl_req *req); static void eli_kill(struct gctl_req *req); @@ -82,6 +83,7 @@ static void eli_dump(struct gctl_req *req); * detach [-fl] prov ... * stop - alias for 'detach' * onetime [-d] [-a aalgo] [-e ealgo] [-l keylen] prov ... + * configure [-bB] prov ... * setkey [-pPv] [-n keyno] [-k keyfile] [-K newkeyfile] prov * delkey [-afv] [-n keyno] prov * kill [-av] [prov ...] @@ -156,6 +158,14 @@ struct g_command class_commands[] = { }, "[-d] [-a aalgo] [-e ealgo] [-l keylen] [-s sectorsize] prov ..." }, + { "configure", G_FLAG_VERBOSE, eli_main, + { + { 'b', "boot", NULL, G_TYPE_NONE }, + { 'B', "noboot", NULL, G_TYPE_NONE }, + G_OPT_SENTINEL + }, + "[-bB] prov ..." + }, { "setkey", G_FLAG_VERBOSE, eli_main, { { 'i', "iterations", &iterations, G_TYPE_NUMBER }, @@ -242,6 +252,8 @@ eli_main(struct gctl_req *req, unsigned flags) eli_init(req); else if (strcmp(name, "attach") == 0) eli_attach(req); + else if (strcmp(name, "configure") == 0) + eli_configure(req); else if (strcmp(name, "setkey") == 0) eli_setkey(req); else if (strcmp(name, "delkey") == 0) @@ -666,6 +678,64 @@ eli_attach(struct gctl_req *req) } static void +eli_configure_detached(struct gctl_req *req, const char *prov, int boot) +{ + struct g_eli_metadata md; + + if (eli_metadata_read(req, prov, &md) == -1) + return; + + if (boot && (md.md_flags & G_ELI_FLAG_BOOT)) { + if (verbose) + printf("BOOT flag already configured for %s.\n", prov); + } else if (!boot && !(md.md_flags & G_ELI_FLAG_BOOT)) { + if (verbose) + printf("BOOT flag not configured for %s.\n", prov); + } else { + if (boot) + md.md_flags |= G_ELI_FLAG_BOOT; + else + md.md_flags &= ~G_ELI_FLAG_BOOT; + eli_metadata_store(req, prov, &md); + } + bzero(&md, sizeof(md)); +} + +static void +eli_configure(struct gctl_req *req) +{ + const char *prov; + int i, nargs, boot, noboot; + + nargs = gctl_get_int(req, "nargs"); + if (nargs == 0) { + gctl_error(req, "Too few arguments."); + return; + } + + boot = gctl_get_int(req, "boot"); + noboot = gctl_get_int(req, "noboot"); + + if (boot && noboot) { + gctl_error(req, "Options -b and -B are mutually exclusive."); + return; + } + if (!boot && !noboot) { + gctl_error(req, "No option given."); + return; + } + + /* First attached providers. */ + gctl_issue(req); + /* Now the rest. */ + for (i = 0; i < nargs; i++) { + prov = gctl_get_ascii(req, "arg%d", i); + if (!eli_is_attached(prov)) + eli_configure_detached(req, prov, boot); + } +} + +static void eli_setkey_attached(struct gctl_req *req, struct g_eli_metadata *md) { unsigned char key[G_ELI_USERKEYLEN]; -- cgit v1.1