From 63abce0454b85da861819da652d0bd5326a1fcb9 Mon Sep 17 00:00:00 2001 From: Marco van Wieringen Date: Sat, 4 May 2013 21:02:46 +0200 Subject: [PATCH] Fix printing of crypto cache. Also fixed input to always clean the input buffer so we don't read garbage and added a -r option to be able to reset the expiry time of all entries in the cache by setting the time they were added to the current time. Updated manpage to document the new flags. --- manpages/bscrypto.8 | 10 ++++++++-- src/lib/crypto_cache.c | 42 ++++++++++++++++++++++++++++++++++++------ src/lib/crypto_cache.h | 1 + src/tools/bscrypto.c | 37 ++++++++++++++++++++++++++++++++++--- 4 files changed, 79 insertions(+), 11 deletions(-) diff --git a/manpages/bscrypto.8 b/manpages/bscrypto.8 index 580205e23f7..c57f9e6af68 100644 --- a/manpages/bscrypto.8 +++ b/manpages/bscrypto.8 @@ -2,7 +2,7 @@ .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) -.TH BSCRYPTO 8 "03 January 2013" "Marco van Wieringen" "Backup Archiving REcovery Open Sourced" +.TH BSCRYPTO 8 "23 February 2013" "Marco van Wieringen" "Backup Archiving REcovery Open Sourced" .\" Please adjust this date whenever revising the manpage. .\" .SH NAME @@ -47,6 +47,9 @@ and as such converted to normal ASCII. Clear encryption key. Clear the encryption key currently loaded on the drive by issueing a SCSI SPOUT clear key page. .TP +.B \-D +Dump the content of given cachefile +.TP .B \-d Set debug level to .TP @@ -69,6 +72,9 @@ in RFC3394 which gives binary output. .B \-p Populate given cachefile with crypto keys .TP +.B \-r +Reset expiry time for entries of given cachefile +.TP .B \-s Set encryption key loaded from keyfile. Load the new key from the keyfile and load it into the drives crypto buffer using a SCSI SPOUT command. @@ -90,4 +96,4 @@ flag to base64 encode this data. .SH AUTHOR This manual page was written by Marco van Wieringen .nh - + diff --git a/src/lib/crypto_cache.c b/src/lib/crypto_cache.c index c0d6f7d5031..018a4794007 100644 --- a/src/lib/crypto_cache.c +++ b/src/lib/crypto_cache.c @@ -317,8 +317,8 @@ char *lookup_crypto_cache_entry(const char *VolumeName) void dump_crypto_cache(int fd) { int len; - int max_vol_length = 0; - int max_key_length = 0; + int max_vol_length = strlen(_("Volumename")); + int max_key_length = strlen(_("EncryptionKey")); crypto_cache_entry_t *cce; char dt1[MAX_TIME_LENGTH], dt2[MAX_TIME_LENGTH]; @@ -346,15 +346,19 @@ void dump_crypto_cache(int fd) } } - len = Mmsg(msg, "%*s %*s %-20s %-20s\n", max_vol_length, _("Volumename"), max_key_length, - _("EncryptionKey"), _("Added"), _("Expires")); + len = Mmsg(msg, "%-*s %-*s %-20s %-20s\n", + max_vol_length, _("Volumename"), + max_key_length, _("EncryptionKey"), + _("Added"), _("Expires")); write(fd, msg.c_str(), len); foreach_dlist(cce, cached_crypto_keys) { bstrutime(dt1, sizeof(dt1), cce->added); bstrutime(dt2, sizeof(dt2), cce->added + CRYPTO_CACHE_MAX_AGE); - len = Mmsg(msg, "%*s %*s %-20s %-20s\n", max_vol_length, cce->VolumeName, max_key_length, - cce->EncryptionKey, dt1, dt2); + len = Mmsg(msg, "%-*s %-*s %-20s %-20s\n", + max_vol_length, cce->VolumeName, + max_key_length, cce->EncryptionKey, + dt1, dt2); write(fd, msg.c_str(), len); } @@ -362,6 +366,32 @@ void dump_crypto_cache(int fd) V(crypto_cache_lock); } +/* + * Reset all entries in the cache to the current time. + */ +void reset_crypto_cache(void) +{ + time_t now; + crypto_cache_entry_t *cce; + + if (!cached_crypto_keys) { + return; + } + + now = time(NULL); + + /* + * Lock the cache. + */ + P(crypto_cache_lock); + + foreach_dlist(cce, cached_crypto_keys) { + cce->added = now; + } + + V(crypto_cache_lock); +} + /* * Flush the date from the internal cache. */ diff --git a/src/lib/crypto_cache.h b/src/lib/crypto_cache.h index cab1bdcadef..d1a3607495b 100644 --- a/src/lib/crypto_cache.h +++ b/src/lib/crypto_cache.h @@ -49,6 +49,7 @@ void write_crypto_cache(const char *cache_file); bool update_crypto_cache(const char *VolumeName, const char *EncryptionKey); char *lookup_crypto_cache_entry(const char *VolumeName); void dump_crypto_cache(int fd); +void reset_crypto_cache(void); void flush_crypto_cache(void); #endif /* _CRYPTO_CACHE_H */ diff --git a/src/tools/bscrypto.c b/src/tools/bscrypto.c index 7d0fae4b353..03557afda05 100644 --- a/src/tools/bscrypto.c +++ b/src/tools/bscrypto.c @@ -43,6 +43,7 @@ static void usage() " -g Generate new encryption passphrase in keyfile\n" " -k Show content of keyfile\n" " -p Populate given cachefile with crypto keys\n" +" -r Reset expiry time for entries of given cachefile\n" " -s Set encryption key loaded from keyfile\n" " -v Show volume encryption status\n" " -w Wrap/Unwrap the key using RFC3394 aes-(un)wrap\n" @@ -63,6 +64,7 @@ int main(int argc, char *const *argv) drive_encryption_status = false, generate_passphrase = false, populate_cache = false, + reset_cache = false, set_encryption = false, show_keydata = false, volume_encryption_status = false, @@ -77,7 +79,7 @@ int main(int argc, char *const *argv) bindtextdomain("bareos", LOCALEDIR); textdomain("bareos"); - while ((ch = getopt(argc, argv, "bcD:d:eg:k:p:s:vw:?")) != -1) { + while ((ch = getopt(argc, argv, "bcD:d:eg:k:p:r:s:vw:?")) != -1) { switch (ch) { case 'b': base64_transform = true; @@ -126,6 +128,11 @@ int main(int argc, char *const *argv) cache_file = bstrdup(optarg); break; + case 'r': + reset_cache = true; + cache_file = bstrdup(optarg); + break; + case 's': set_encryption = true; if (keyfile) { @@ -155,7 +162,7 @@ int main(int argc, char *const *argv) argc -= optind; argv += optind; - if (!generate_passphrase && !show_keydata && !dump_cache && !populate_cache && argc < 1) { + if (!generate_passphrase && !show_keydata && !dump_cache && !populate_cache && !reset_cache && argc < 1) { fprintf(stderr, _("Missing device_name argument for this option\n")); usage(); retval = 1; @@ -190,7 +197,8 @@ int main(int argc, char *const *argv) (generate_passphrase || show_keydata || dump_cache || - populate_cache)) { + populate_cache || + reset_cache)) { fprintf(stderr, _("Don't mix operations which are incompatible " "e.g. generate/show vs set/clear etc.\n")); retval = 1; @@ -230,6 +238,8 @@ int main(int argc, char *const *argv) */ fprintf(stdout, _("Enter cache entrie(s) (close with ^D): ")); fflush(stdout); + + memset(new_cache_entry, 0, sizeof(new_cache_entry)); while (read(1, new_cache_entry, sizeof(new_cache_entry)) > 0) { strip_trailing_junk(new_cache_entry); @@ -244,6 +254,7 @@ int main(int argc, char *const *argv) *EncrKey++ = '\0'; update_crypto_cache(VolumeName, EncrKey); + memset(new_cache_entry, 0, sizeof(new_cache_entry)); } /* @@ -255,6 +266,26 @@ int main(int argc, char *const *argv) goto bail_out; } + if (reset_cache) { + /* + * Load any keys currently in the cache. + */ + read_crypto_cache(cache_file); + + /* + * Reset all entries. + */ + reset_crypto_cache(); + + /* + * Write out the new cache entries. + */ + write_crypto_cache(cache_file); + + flush_crypto_cache(); + goto bail_out; + } + memset(keydata, 0, sizeof(keydata)); memset(wrapdata, 0, sizeof(wrapdata));