Fix printing of crypto cache.

Also fixed input to always clean the input buffer so we don't read garbage and added a -r option to be able to reset the expiry time of all entries in the cache by setting the time they were added to the current time. Updated manpage to document the new flags.
bareos · Feb 17, 2015 · 63abce0 · 63abce0
1 parent 21ea95f
commit 63abce0
Show file tree

Hide file tree

Showing 4 changed files with 79 additions and 11 deletions.
diff --git a/manpages/bscrypto.8 b/manpages/bscrypto.8
@@ -2,7 +2,7 @@
 .\" First parameter, NAME, should be all caps
 .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
 .\" other parameters are allowed: see man(7), man(1)
-.TH BSCRYPTO 8 "03 January 2013" "Marco van Wieringen" "Backup Archiving REcovery Open Sourced"
+.TH BSCRYPTO 8 "23 February 2013" "Marco van Wieringen" "Backup Archiving REcovery Open Sourced"
 .\" Please adjust this date whenever revising the manpage.
 .\"
 .SH NAME
@@ -47,6 +47,9 @@ and as such converted to normal ASCII.
 Clear encryption key. Clear the encryption key currently loaded on the
 drive by issueing a SCSI SPOUT clear key page.
 .TP
+.B \-D <cachefile>
+Dump the content of given cachefile
+.TP
 .B \-d <nn>
 Set debug level to <nn>
 .TP
@@ -69,6 +72,9 @@ in RFC3394 which gives binary output.
 .B \-p <cachefile>
 Populate given cachefile with crypto keys
 .TP
+.B \-r <cachefile>
+Reset expiry time for entries of given cachefile
+.TP
 .B \-s <keyfile>
 Set encryption key loaded from keyfile. Load the new key from the keyfile
 and load it into the drives crypto buffer using a SCSI SPOUT command.
@@ -90,4 +96,4 @@ flag to base64 encode this data.
 .SH AUTHOR
 This manual page was written by Marco van Wieringen
 .nh
-<mvw@planets.elm.net>
+<marco.van.wieringen@bareos.com>
diff --git a/src/lib/crypto_cache.c b/src/lib/crypto_cache.c
@@ -317,8 +317,8 @@ char *lookup_crypto_cache_entry(const char *VolumeName)
 void dump_crypto_cache(int fd)
 {
    int len;
-   int max_vol_length = 0;
-   int max_key_length = 0;
+   int max_vol_length = strlen(_("Volumename"));
+   int max_key_length = strlen(_("EncryptionKey"));
    crypto_cache_entry_t *cce;
    char dt1[MAX_TIME_LENGTH],
         dt2[MAX_TIME_LENGTH];
@@ -346,22 +346,52 @@ void dump_crypto_cache(int fd)
       }
    }
 
-   len = Mmsg(msg, "%*s %*s %-20s %-20s\n", max_vol_length, _("Volumename"), max_key_length,
-              _("EncryptionKey"), _("Added"), _("Expires"));
+   len = Mmsg(msg, "%-*s %-*s %-20s %-20s\n",
+              max_vol_length, _("Volumename"),
+              max_key_length, _("EncryptionKey"),
+              _("Added"), _("Expires"));
    write(fd, msg.c_str(), len);
 
    foreach_dlist(cce, cached_crypto_keys) {
       bstrutime(dt1, sizeof(dt1), cce->added);
       bstrutime(dt2, sizeof(dt2), cce->added + CRYPTO_CACHE_MAX_AGE);
-      len = Mmsg(msg, "%*s %*s %-20s %-20s\n", max_vol_length, cce->VolumeName, max_key_length,
-                 cce->EncryptionKey, dt1, dt2);
+      len = Mmsg(msg, "%-*s %-*s %-20s %-20s\n",
+                 max_vol_length, cce->VolumeName,
+                 max_key_length, cce->EncryptionKey,
+                 dt1, dt2);
 
       write(fd, msg.c_str(), len);
    }
 
    V(crypto_cache_lock);
 }
 
+/*
+ * Reset all entries in the cache to the current time.
+ */
+void reset_crypto_cache(void)
+{
+   time_t now;
+   crypto_cache_entry_t *cce;
+
+   if (!cached_crypto_keys) {
+      return;
+   }
+
+   now = time(NULL);
+
+   /*
+    * Lock the cache.
+    */
+   P(crypto_cache_lock);
+
+   foreach_dlist(cce, cached_crypto_keys) {
+      cce->added = now;
+   }
+
+   V(crypto_cache_lock);
+}
+
 /*
  * Flush the date from the internal cache.
  */

diff --git a/src/lib/crypto_cache.h b/src/lib/crypto_cache.h
@@ -49,6 +49,7 @@ void write_crypto_cache(const char *cache_file);
 bool update_crypto_cache(const char *VolumeName, const char *EncryptionKey);
 char *lookup_crypto_cache_entry(const char *VolumeName);
 void dump_crypto_cache(int fd);
+void reset_crypto_cache(void);
 void flush_crypto_cache(void);
 
 #endif /* _CRYPTO_CACHE_H */
diff --git a/src/tools/bscrypto.c b/src/tools/bscrypto.c
@@ -43,6 +43,7 @@ static void usage()
 "       -g <keyfile>    Generate new encryption passphrase in keyfile\n"
 "       -k <keyfile>    Show content of keyfile\n"
 "       -p <cachefile>  Populate given cachefile with crypto keys\n"
+"       -r <cachefile>  Reset expiry time for entries of given cachefile\n"
 "       -s <keyfile>    Set encryption key loaded from keyfile\n"
 "       -v              Show volume encryption status\n"
 "       -w <keyfile>    Wrap/Unwrap the key using RFC3394 aes-(un)wrap\n"
@@ -63,6 +64,7 @@ int main(int argc, char *const *argv)
         drive_encryption_status = false,
         generate_passphrase = false,
         populate_cache = false,
+        reset_cache = false,
         set_encryption = false,
         show_keydata = false,
         volume_encryption_status = false,
@@ -77,7 +79,7 @@ int main(int argc, char *const *argv)
    bindtextdomain("bareos", LOCALEDIR);
    textdomain("bareos");
 
-   while ((ch = getopt(argc, argv, "bcD:d:eg:k:p:s:vw:?")) != -1) {
+   while ((ch = getopt(argc, argv, "bcD:d:eg:k:p:r:s:vw:?")) != -1) {
       switch (ch) {
       case 'b':
          base64_transform = true;
@@ -126,6 +128,11 @@ int main(int argc, char *const *argv)
          cache_file = bstrdup(optarg);
          break;
 
+      case 'r':
+         reset_cache = true;
+         cache_file = bstrdup(optarg);
+         break;
+
       case 's':
          set_encryption = true;
          if (keyfile) {
@@ -155,7 +162,7 @@ int main(int argc, char *const *argv)
    argc -= optind;
    argv += optind;
 
-   if (!generate_passphrase && !show_keydata && !dump_cache && !populate_cache && argc < 1) {
+   if (!generate_passphrase && !show_keydata && !dump_cache && !populate_cache && !reset_cache && argc < 1) {
       fprintf(stderr, _("Missing device_name argument for this option\n"));
       usage();
       retval = 1;
@@ -190,7 +197,8 @@ int main(int argc, char *const *argv)
        (generate_passphrase ||
         show_keydata ||
         dump_cache ||
-        populate_cache)) {
+        populate_cache ||
+        reset_cache)) {
       fprintf(stderr, _("Don't mix operations which are incompatible "
                         "e.g. generate/show vs set/clear etc.\n"));
       retval = 1;
@@ -230,6 +238,8 @@ int main(int argc, char *const *argv)
        */
       fprintf(stdout, _("Enter cache entrie(s) (close with ^D): "));
       fflush(stdout);
+
+      memset(new_cache_entry, 0, sizeof(new_cache_entry));
       while (read(1, new_cache_entry, sizeof(new_cache_entry)) > 0) {
          strip_trailing_junk(new_cache_entry);
 
@@ -244,6 +254,7 @@ int main(int argc, char *const *argv)
 
          *EncrKey++ = '\0';
          update_crypto_cache(VolumeName, EncrKey);
+         memset(new_cache_entry, 0, sizeof(new_cache_entry));
       }
 
       /*
@@ -255,6 +266,26 @@ int main(int argc, char *const *argv)
       goto bail_out;
    }
 
+   if (reset_cache) {
+      /*
+       * Load any keys currently in the cache.
+       */
+      read_crypto_cache(cache_file);
+
+      /*
+       * Reset all entries.
+       */
+      reset_crypto_cache();
+
+      /*
+       * Write out the new cache entries.
+       */
+      write_crypto_cache(cache_file);
+
+      flush_crypto_cache();
+      goto bail_out;
+   }
+
    memset(keydata, 0, sizeof(keydata));
    memset(wrapdata, 0, sizeof(wrapdata));