Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src add cgdconfig -l like vnconfig -l



details:   https://anonhg.NetBSD.org/src/rev/8843247777d7
branches:  trunk
changeset: 783092:8843247777d7
user:      christos <christos%NetBSD.org@localhost>
date:      Wed Dec 05 02:23:20 2012 +0000

description:
add cgdconfig -l like vnconfig -l

diffstat:

 sbin/cgdconfig/cgdconfig.8 |   55 ++++++++++++------
 sbin/cgdconfig/cgdconfig.c |  100 ++++++++++++++++++++++++++++++++--
 share/man/man4/cgd.4       |    7 +-
 sys/dev/cgd.c              |   63 +++++++++++++++++++--
 sys/dev/cgd_crypto.c       |  129 +++++++++++++++++++-------------------------
 sys/dev/cgd_crypto.h       |    5 +-
 sys/dev/cgdvar.h           |   34 ++++++++---
 7 files changed, 276 insertions(+), 117 deletions(-)

diffs (truncated from 849 to 300 lines):

diff -r ad4dd8e12fc8 -r 8843247777d7 sbin/cgdconfig/cgdconfig.8
--- a/sbin/cgdconfig/cgdconfig.8        Wed Dec 05 01:46:22 2012 +0000
+++ b/sbin/cgdconfig/cgdconfig.8        Wed Dec 05 02:23:20 2012 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: cgdconfig.8,v 1.31 2011/07/03 19:05:10 dholland Exp $
+.\" $NetBSD: cgdconfig.8,v 1.32 2012/12/05 02:23:20 christos Exp $
 .\"
 .\" Copyright (c) 2002, The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd October 19, 2009
+.Dd December 3, 2012
 .Dt CGDCONFIG 8
 .Os
 .Sh NAME
@@ -44,10 +44,6 @@
 .Op Fl nv
 .Op Fl f Ar configfile
 .Nm
-.Fl U
-.Op Fl nv
-.Op Fl f Ar configfile
-.Nm
 .Fl G
 .Op Fl nv
 .Op Fl i Ar ivmeth
@@ -63,6 +59,9 @@
 .Ar alg
 .Op Ar keylen
 .Nm
+.Fl l
+.Op Fl cgd
+.Nm
 .Fl s
 .Op Fl nv
 .Op Fl i Ar ivmeth
@@ -71,6 +70,10 @@
 .Ar alg
 .Op Ar keylen
 .Nm
+.Fl U
+.Op Fl nv
+.Op Fl f Ar configfile
+.Nm
 .Fl u
 .Op Fl nv
 .Ar cgd
@@ -100,6 +103,11 @@
 Specify the IV method (default: encblkno1).
 .It Fl k Ar kgmeth
 Specify the key generation method (default: pkcs5_pbkdf2/sha1).
+.It Fl l Op Ar cgd
+List state of all devices or just the one
+.Ar cgd
+device.
+The verbosity level affects the output.
 .It Fl n
 Do not actually configure or unconfigure a cryptographic disk
 device, but instead report the steps that would be taken.
@@ -335,22 +343,29 @@
 Here is the
 sequence of commands that is recommended:
 .Bd -literal
-             # cgdconfig -g -o /etc/cgd/wd0e -V disklabel aes-cbc
-             # cgdconfig -V re-enter cgd0 /dev/wd0e
-             /dev/wd0e's passphrase:
-             re-enter device's passphrase:
-             # disklabel -e -I cgd0
-             # cgdconfig -u cgd0
-             # cgdconfig cgd0 /dev/wd0e
-             /dev/wd0e's passphrase:
+       # cgdconfig -g -o /etc/cgd/wd0e -V disklabel aes-cbc
+       # cgdconfig -V re-enter cgd0 /dev/wd0e
+       /dev/wd0e's passphrase:
+       re-enter device's passphrase:
+       # disklabel -e -I cgd0
+       # cgdconfig -u cgd0
+       # cgdconfig cgd0 /dev/wd0e
+       /dev/wd0e's passphrase:
+.Ed
+.Pp
+To scrub data from a disk before setting up a cgd:
+.Bd -literal
+       # cgdconfig -s cgd0 /dev/sd0e aes-cbc 256 < /dev/urandom 
+       # dd if=/dev/zero of=/dev/rcgd0d bs=32k progress=512
+       # cgdconfig -u cgd0
 .Ed
 .Pp
 To create a new parameters file that will generate the same key as an old
 parameters file:
 .Bd -literal
-             # cgdconfig -G -o newparamsfile oldparamsfile
-             old file's passphrase:
-             new file's passphrase:
+       # cgdconfig -G -o newparamsfile oldparamsfile
+       old file's passphrase:
+       new file's passphrase:
 .Ed
 .Pp
 To configure a cgd that uses Blowfish with a 200 bit key that it
@@ -395,9 +410,13 @@
        cgd1            /dev/sd0h       /usr/local/etc/cgd/sd0h
 .Ed
 .Pp
-Note that this will store the parameters file as
+Note the first entry will store the parameters file as
 .Pa /etc/cgd/wd0e .
 And use the entered passphrase to generate the key.
+.Pp
+Although not required, the partition type
+.Ar cgd
+should be used in the disklabel for the cgd partition.
 .Sh DIAGNOSTICS
 .Bl -diag
 .It "cgdconfig: could not calibrate pkcs5_pbkdf2"
diff -r ad4dd8e12fc8 -r 8843247777d7 sbin/cgdconfig/cgdconfig.c
--- a/sbin/cgdconfig/cgdconfig.c        Wed Dec 05 01:46:22 2012 +0000
+++ b/sbin/cgdconfig/cgdconfig.c        Wed Dec 05 02:23:20 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.33 2011/08/29 14:34:59 joerg Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.34 2012/12/05 02:23:20 christos Exp $ */
 
 /*-
  * Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
 #ifndef lint
 __COPYRIGHT("@(#) Copyright (c) 2002, 2003\
  The NetBSD Foundation, Inc.  All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.33 2011/08/29 14:34:59 joerg Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.34 2012/12/05 02:23:20 christos Exp $");
 #endif
 
 #include <err.h>
@@ -51,6 +51,7 @@
 #include <sys/mman.h>
 #include <sys/param.h>
 #include <sys/resource.h>
+#include <sys/statvfs.h>
 
 #include <dev/cgdvar.h>
 
@@ -73,7 +74,8 @@
         ACTION_GENERATE_CONVERT,       /* generate a ``dup'' paramsfile */
         ACTION_CONFIGALL,              /* configure all from config file */
         ACTION_UNCONFIGALL,            /* unconfigure all from config file */
-        ACTION_CONFIGSTDIN             /* configure, key from stdin */
+        ACTION_CONFIGSTDIN,            /* configure, key from stdin */
+        ACTION_LIST                    /* list configured devices */
 };
 
 /* if nflag is set, do not configure/unconfigure the cgd's */
@@ -93,6 +95,7 @@
 static int     unconfigure(int, char **, struct params *, int);
 static int     do_all(const char *, int, char **,
                       int (*)(int, char **, struct params *, int));
+static int     do_list(int, char **);
 
 #define CONFIG_FLAGS_FROMALL   1       /* called from configure_all() */
 #define CONFIG_FLAGS_FROMMAIN  2       /* called from main() */
@@ -129,13 +132,14 @@
        (void)fprintf(stderr, "usage: %s [-nv] [-V vmeth] cgd dev [paramsfile]\n",
            getprogname());
        (void)fprintf(stderr, "       %s -C [-nv] [-f configfile]\n", getprogname());
-       (void)fprintf(stderr, "       %s -U [-nv] [-f configfile]\n", getprogname());
        (void)fprintf(stderr, "       %s -G [-nv] [-i ivmeth] [-k kgmeth] "
            "[-o outfile] paramsfile\n", getprogname());
        (void)fprintf(stderr, "       %s -g [-nv] [-i ivmeth] [-k kgmeth] "
            "[-o outfile] alg [keylen]\n", getprogname());
+       (void)fprintf(stderr, "       %s -l\n", getprogname());
        (void)fprintf(stderr, "       %s -s [-nv] [-i ivmeth] cgd dev alg "
            "[keylen]\n", getprogname());
+       (void)fprintf(stderr, "       %s -U [-nv] [-f configfile]\n", getprogname());
        (void)fprintf(stderr, "       %s -u [-nv] cgd\n", getprogname());
        exit(EXIT_FAILURE);
 }
@@ -188,7 +192,7 @@
        p = params_new();
        kg = NULL;
 
-       while ((ch = getopt(argc, argv, "CGUV:b:f:gi:k:no:spuv")) != -1)
+       while ((ch = getopt(argc, argv, "CGUV:b:f:gi:k:lno:spuv")) != -1)
                switch (ch) {
                case 'C':
                        set_action(&action, ACTION_CONFIGALL);
@@ -235,6 +239,9 @@
                                usage();
                        keygen_addlist(&p->keygen, kg);
                        break;
+               case 'l':
+                       set_action(&action, ACTION_LIST);
+                       break;
                case 'n':
                        nflag = 1;
                        break;
@@ -290,6 +297,8 @@
                return do_all(cfile, argc, argv, unconfigure);
        case ACTION_CONFIGSTDIN:
                return configure_stdin(p, argc, argv);
+       case ACTION_LIST:
+               return do_list(argc, argv);
        default:
                errx(EXIT_FAILURE, "undefined action");
                /* NOTREACHED */
@@ -497,7 +506,7 @@
        int              ret;
        char             cgdname[PATH_MAX];
 
-       if (argc == 2) {        
+       if (argc == 2) {
                char *pfile;
 
                if (asprintf(&pfile, "%s/%s",
@@ -976,6 +985,85 @@
        return ret;
 }
 
+static const char *
+iv_method(int mode)
+{
+
+       switch (mode) {
+       case CGD_CIPHER_CBC_ENCBLKNO8:
+               return "encblkno8";
+       case CGD_CIPHER_CBC_ENCBLKNO1:
+               return "encblkno1";
+       default:
+               return "unknown";
+       }
+}
+
+static int
+do_list(int argc, char **argv)
+{
+       char path[64], buf[16];
+       struct cgd_user cgu;
+       const char *fn;
+       int fd, n, rv;
+
+       if (argc != 0 && argc != 1)
+               usage();
+
+       fn = argc ? argv[0] : "cgd0";
+       n = 0;
+       for (;;) {
+               fd = opendisk(fn, O_RDONLY, path, sizeof(path), 0);
+               if (fd == -1) {
+                       if (argc)
+                               err(1, "open: %s", fn);
+                       break;
+               }
+
+               cgu.cgu_unit = argc ? -1 : n;
+               rv = prog_ioctl(fd, CGDIOCGET, &cgu);
+               if (rv == -1) {
+                       close(fd);
+                       err(1, "CGDIOCGET");
+               }
+
+               printf("%s: ", fn);
+
+               if (cgu.cgu_dev == 0)
+                       printf("not in use");
+               else {
+                       char *dev;
+
+                       dev = devname(cgu.cgu_dev, S_IFBLK);
+                       if (dev != NULL)
+                               printf("%s ", dev);
+                       else
+                               printf("dev %llu,%llu ",
+                                   (unsigned long long)major(cgu.cgu_dev),
+                                   (unsigned long long)minor(cgu.cgu_dev));
+
+                       if (verbose)
+                               printf("%s ", cgu.cgu_alg);
+                       if (verbose > 1) {
+                               printf("keylen %d ", cgu.cgu_keylen);
+                               printf("blksize %zd ", cgu.cgu_blocksize);
+                               printf("%s ", iv_method(cgu.cgu_mode));
+                       }
+               }
+               putchar('\n');
+               close(fd);
+
+               if (argc)
+                       break;
+
+               n++;
+               snprintf(buf, sizeof(buf), "cgd%d", n);
+               fn = buf;
+       }
+
+       return 0;
+}
+
 static void
 eliminate_cores(void)



Home | Main Index | Thread Index | Old Index