diff options
| author | Ondrej Kozina <okozina@redhat.com> | 2017-02-10 13:19:22 +0100 |
|---|---|---|
| committer | Ondrej Kozina <okozina@redhat.com> | 2017-02-10 13:20:23 +0100 |
| commit | 90088e4bf4bd084cc355f3cea052851bf40bc423 (patch) | |
| tree | 9a4254b4ef2be837e648059a2100316b795f9071 | |
| parent | 55eaabd1183042b8e03b3a969eadf624623c4b62 (diff) | |
| download | lvm2-dev-okozina.tar.gz | |
dmsetup: do not suppress kernel key descriptions in tablesdev-okozina
Kernel 4.10 (dm-crypt v1.15.0) and later supports loading device
tables with crypt segment having key in kernel keyring retention
service.
dmsetup hid key section of tables output. With this patch dmsetup
no longer hides key section if it detects kernel key description
instead of hex byte representation of key itself.
| -rw-r--r-- | WHATS_NEW_DM | 1 | ||||
| -rw-r--r-- | test/shell/dmsetup-keyring.sh | 72 | ||||
| -rw-r--r-- | tools/dmsetup.c | 6 |
3 files changed, 77 insertions, 2 deletions
diff --git a/WHATS_NEW_DM b/WHATS_NEW_DM index 4903de37e..ac2d42020 100644 --- a/WHATS_NEW_DM +++ b/WHATS_NEW_DM @@ -1,5 +1,6 @@ Version 1.02.138 - ===================================== + Do not suppress kernel key description in dmsetup table output. Support configurable command executed from dmeventd thin plugin. Support new R|r human readable units output format. Thin dmeventd plugin reacts faster on lvextend failure path with umount. diff --git a/test/shell/dmsetup-keyring.sh b/test/shell/dmsetup-keyring.sh new file mode 100644 index 000000000..b85b5761f --- /dev/null +++ b/test/shell/dmsetup-keyring.sh @@ -0,0 +1,72 @@ +#!/bin/sh +# Copyright (C) 2017 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing to use, +# modify, copy, or redistribute it subject to the terms and conditions +# of the GNU General Public License v.2. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +# unrelated to lvm2 daemons +SKIP_WITH_LVMLOCKD=1 +SKIP_WITH_LVMPOLLD=1 +SKIP_WITH_CLVMD=1 +SKIP_WITH_LVMETAD=1 + +. lib/inittest + +CIPHER=aes-xts-plain64 +HEXKEY_32=0102030405060708090a0102030405060102030405060708090a010203040506 +HIDENKEY_32=0000000000000000000000000000000000000000000000000000000000000000 +KEY_NAME="$PREFIX:keydesc" + +function _teardown() { + keyctl unlink %:$PREFIX-keyring + aux teardown_devs_prefixed $PREFIX +} + +aux target_at_least zero 1 0 0 || skip "missing dm-zero target" +aux target_at_least crypt 1 15 0 || skip "dm-crypt doesn't support keys in kernel keyring service" +which keyctl || skip "test requires keyctl utility" + +keyctl newring $PREFIX-keyring @u +keyctl timeout %:$PREFIX-keyring 60 + +trap '_teardown' EXIT + +keyctl add logon $KEY_NAME ${HEXKEY_32:0:32} %:$PREFIX-keyring + +dmsetup create $PREFIX-zero --table "0 1 zero" +# put key in kernel keyring for active table +dmsetup create $PREFIX-crypt --table "0 1 crypt $CIPHER :32:logon:$KEY_NAME 0 $TESTDIR/dev$prefix/mapper/$PREFIX-zero 0" +# put hexbyte key in dm-crypt directly in inactive table +dmsetup load $PREFIX-crypt --table "0 1 crypt $CIPHER $HEXKEY_32 0 $TESTDIR/dev$prefix/mapper/$PREFIX-zero 0" + +# test dmsetup doesn't hide key descriptions... +str=`dmsetup table $PREFIX-crypt | cut -d ' ' -f 5` +test $str = :32:logon:$KEY_NAME || die +str=`dmsetup table --showkeys $PREFIX-crypt | cut -d ' ' -f 5` +test $str = :32:logon:$KEY_NAME || die + +# ...but it hides hexbyte representation of keys... +str=`dmsetup table --inactive $PREFIX-crypt | cut -d ' ' -f 5` +test $str = $HIDENKEY_32 || die +#...unless --showkeys explictly requested +str=`dmsetup table --showkeys --inactive $PREFIX-crypt | cut -d ' ' -f 5` +test $str = $HEXKEY_32 || die + +# let's swap the tables +dmsetup resume $PREFIX-crypt +dmsetup load $PREFIX-crypt --table "0 1 crypt $CIPHER :32:logon:$KEY_NAME 0 $TESTDIR/dev$prefix/mapper/$PREFIX-zero 0" + +str=`dmsetup table --inactive $PREFIX-crypt | cut -d ' ' -f 5` +test $str = :32:logon:$KEY_NAME || die +str=`dmsetup table --showkeys --inactive $PREFIX-crypt | cut -d ' ' -f 5` +test $str = :32:logon:$KEY_NAME || die + +str=`dmsetup table $PREFIX-crypt | cut -d ' ' -f 5` +test $str = $HIDENKEY_32 || die +str=`dmsetup table --showkeys $PREFIX-crypt | cut -d ' ' -f 5` +test $str = $HEXKEY_32 || die diff --git a/tools/dmsetup.c b/tools/dmsetup.c index c9549c6b5..120cae05f 100644 --- a/tools/dmsetup.c +++ b/tools/dmsetup.c @@ -2197,8 +2197,10 @@ static int _status(CMD_ARGS) c++; if (*c) c++; - while (*c && *c != ' ') - *c++ = '0'; + /* don't suppress kernel key descriptions */ + if (*c != ':') + while (*c && *c != ' ') + *c++ = '0'; } printf(FMTu64 " " FMTu64 " %s %s", start, length, target_type, params); |