Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src add cgdconfig -l like vnconfig -l
details: https://anonhg.NetBSD.org/src/rev/8843247777d7
branches: trunk
changeset: 783092:8843247777d7
user: christos <christos%NetBSD.org@localhost>
date: Wed Dec 05 02:23:20 2012 +0000
description:
add cgdconfig -l like vnconfig -l
diffstat:
sbin/cgdconfig/cgdconfig.8 | 55 ++++++++++++------
sbin/cgdconfig/cgdconfig.c | 100 ++++++++++++++++++++++++++++++++--
share/man/man4/cgd.4 | 7 +-
sys/dev/cgd.c | 63 +++++++++++++++++++--
sys/dev/cgd_crypto.c | 129 +++++++++++++++++++-------------------------
sys/dev/cgd_crypto.h | 5 +-
sys/dev/cgdvar.h | 34 ++++++++---
7 files changed, 276 insertions(+), 117 deletions(-)
diffs (truncated from 849 to 300 lines):
diff -r ad4dd8e12fc8 -r 8843247777d7 sbin/cgdconfig/cgdconfig.8
--- a/sbin/cgdconfig/cgdconfig.8 Wed Dec 05 01:46:22 2012 +0000
+++ b/sbin/cgdconfig/cgdconfig.8 Wed Dec 05 02:23:20 2012 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: cgdconfig.8,v 1.31 2011/07/03 19:05:10 dholland Exp $
+.\" $NetBSD: cgdconfig.8,v 1.32 2012/12/05 02:23:20 christos Exp $
.\"
.\" Copyright (c) 2002, The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd October 19, 2009
+.Dd December 3, 2012
.Dt CGDCONFIG 8
.Os
.Sh NAME
@@ -44,10 +44,6 @@
.Op Fl nv
.Op Fl f Ar configfile
.Nm
-.Fl U
-.Op Fl nv
-.Op Fl f Ar configfile
-.Nm
.Fl G
.Op Fl nv
.Op Fl i Ar ivmeth
@@ -63,6 +59,9 @@
.Ar alg
.Op Ar keylen
.Nm
+.Fl l
+.Op Fl cgd
+.Nm
.Fl s
.Op Fl nv
.Op Fl i Ar ivmeth
@@ -71,6 +70,10 @@
.Ar alg
.Op Ar keylen
.Nm
+.Fl U
+.Op Fl nv
+.Op Fl f Ar configfile
+.Nm
.Fl u
.Op Fl nv
.Ar cgd
@@ -100,6 +103,11 @@
Specify the IV method (default: encblkno1).
.It Fl k Ar kgmeth
Specify the key generation method (default: pkcs5_pbkdf2/sha1).
+.It Fl l Op Ar cgd
+List state of all devices or just the one
+.Ar cgd
+device.
+The verbosity level affects the output.
.It Fl n
Do not actually configure or unconfigure a cryptographic disk
device, but instead report the steps that would be taken.
@@ -335,22 +343,29 @@
Here is the
sequence of commands that is recommended:
.Bd -literal
- # cgdconfig -g -o /etc/cgd/wd0e -V disklabel aes-cbc
- # cgdconfig -V re-enter cgd0 /dev/wd0e
- /dev/wd0e's passphrase:
- re-enter device's passphrase:
- # disklabel -e -I cgd0
- # cgdconfig -u cgd0
- # cgdconfig cgd0 /dev/wd0e
- /dev/wd0e's passphrase:
+ # cgdconfig -g -o /etc/cgd/wd0e -V disklabel aes-cbc
+ # cgdconfig -V re-enter cgd0 /dev/wd0e
+ /dev/wd0e's passphrase:
+ re-enter device's passphrase:
+ # disklabel -e -I cgd0
+ # cgdconfig -u cgd0
+ # cgdconfig cgd0 /dev/wd0e
+ /dev/wd0e's passphrase:
+.Ed
+.Pp
+To scrub data from a disk before setting up a cgd:
+.Bd -literal
+ # cgdconfig -s cgd0 /dev/sd0e aes-cbc 256 < /dev/urandom
+ # dd if=/dev/zero of=/dev/rcgd0d bs=32k progress=512
+ # cgdconfig -u cgd0
.Ed
.Pp
To create a new parameters file that will generate the same key as an old
parameters file:
.Bd -literal
- # cgdconfig -G -o newparamsfile oldparamsfile
- old file's passphrase:
- new file's passphrase:
+ # cgdconfig -G -o newparamsfile oldparamsfile
+ old file's passphrase:
+ new file's passphrase:
.Ed
.Pp
To configure a cgd that uses Blowfish with a 200 bit key that it
@@ -395,9 +410,13 @@
cgd1 /dev/sd0h /usr/local/etc/cgd/sd0h
.Ed
.Pp
-Note that this will store the parameters file as
+Note the first entry will store the parameters file as
.Pa /etc/cgd/wd0e .
And use the entered passphrase to generate the key.
+.Pp
+Although not required, the partition type
+.Ar cgd
+should be used in the disklabel for the cgd partition.
.Sh DIAGNOSTICS
.Bl -diag
.It "cgdconfig: could not calibrate pkcs5_pbkdf2"
diff -r ad4dd8e12fc8 -r 8843247777d7 sbin/cgdconfig/cgdconfig.c
--- a/sbin/cgdconfig/cgdconfig.c Wed Dec 05 01:46:22 2012 +0000
+++ b/sbin/cgdconfig/cgdconfig.c Wed Dec 05 02:23:20 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.33 2011/08/29 14:34:59 joerg Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.34 2012/12/05 02:23:20 christos Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.33 2011/08/29 14:34:59 joerg Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.34 2012/12/05 02:23:20 christos Exp $");
#endif
#include <err.h>
@@ -51,6 +51,7 @@
#include <sys/mman.h>
#include <sys/param.h>
#include <sys/resource.h>
+#include <sys/statvfs.h>
#include <dev/cgdvar.h>
@@ -73,7 +74,8 @@
ACTION_GENERATE_CONVERT, /* generate a ``dup'' paramsfile */
ACTION_CONFIGALL, /* configure all from config file */
ACTION_UNCONFIGALL, /* unconfigure all from config file */
- ACTION_CONFIGSTDIN /* configure, key from stdin */
+ ACTION_CONFIGSTDIN, /* configure, key from stdin */
+ ACTION_LIST /* list configured devices */
};
/* if nflag is set, do not configure/unconfigure the cgd's */
@@ -93,6 +95,7 @@
static int unconfigure(int, char **, struct params *, int);
static int do_all(const char *, int, char **,
int (*)(int, char **, struct params *, int));
+static int do_list(int, char **);
#define CONFIG_FLAGS_FROMALL 1 /* called from configure_all() */
#define CONFIG_FLAGS_FROMMAIN 2 /* called from main() */
@@ -129,13 +132,14 @@
(void)fprintf(stderr, "usage: %s [-nv] [-V vmeth] cgd dev [paramsfile]\n",
getprogname());
(void)fprintf(stderr, " %s -C [-nv] [-f configfile]\n", getprogname());
- (void)fprintf(stderr, " %s -U [-nv] [-f configfile]\n", getprogname());
(void)fprintf(stderr, " %s -G [-nv] [-i ivmeth] [-k kgmeth] "
"[-o outfile] paramsfile\n", getprogname());
(void)fprintf(stderr, " %s -g [-nv] [-i ivmeth] [-k kgmeth] "
"[-o outfile] alg [keylen]\n", getprogname());
+ (void)fprintf(stderr, " %s -l\n", getprogname());
(void)fprintf(stderr, " %s -s [-nv] [-i ivmeth] cgd dev alg "
"[keylen]\n", getprogname());
+ (void)fprintf(stderr, " %s -U [-nv] [-f configfile]\n", getprogname());
(void)fprintf(stderr, " %s -u [-nv] cgd\n", getprogname());
exit(EXIT_FAILURE);
}
@@ -188,7 +192,7 @@
p = params_new();
kg = NULL;
- while ((ch = getopt(argc, argv, "CGUV:b:f:gi:k:no:spuv")) != -1)
+ while ((ch = getopt(argc, argv, "CGUV:b:f:gi:k:lno:spuv")) != -1)
switch (ch) {
case 'C':
set_action(&action, ACTION_CONFIGALL);
@@ -235,6 +239,9 @@
usage();
keygen_addlist(&p->keygen, kg);
break;
+ case 'l':
+ set_action(&action, ACTION_LIST);
+ break;
case 'n':
nflag = 1;
break;
@@ -290,6 +297,8 @@
return do_all(cfile, argc, argv, unconfigure);
case ACTION_CONFIGSTDIN:
return configure_stdin(p, argc, argv);
+ case ACTION_LIST:
+ return do_list(argc, argv);
default:
errx(EXIT_FAILURE, "undefined action");
/* NOTREACHED */
@@ -497,7 +506,7 @@
int ret;
char cgdname[PATH_MAX];
- if (argc == 2) {
+ if (argc == 2) {
char *pfile;
if (asprintf(&pfile, "%s/%s",
@@ -976,6 +985,85 @@
return ret;
}
+static const char *
+iv_method(int mode)
+{
+
+ switch (mode) {
+ case CGD_CIPHER_CBC_ENCBLKNO8:
+ return "encblkno8";
+ case CGD_CIPHER_CBC_ENCBLKNO1:
+ return "encblkno1";
+ default:
+ return "unknown";
+ }
+}
+
+static int
+do_list(int argc, char **argv)
+{
+ char path[64], buf[16];
+ struct cgd_user cgu;
+ const char *fn;
+ int fd, n, rv;
+
+ if (argc != 0 && argc != 1)
+ usage();
+
+ fn = argc ? argv[0] : "cgd0";
+ n = 0;
+ for (;;) {
+ fd = opendisk(fn, O_RDONLY, path, sizeof(path), 0);
+ if (fd == -1) {
+ if (argc)
+ err(1, "open: %s", fn);
+ break;
+ }
+
+ cgu.cgu_unit = argc ? -1 : n;
+ rv = prog_ioctl(fd, CGDIOCGET, &cgu);
+ if (rv == -1) {
+ close(fd);
+ err(1, "CGDIOCGET");
+ }
+
+ printf("%s: ", fn);
+
+ if (cgu.cgu_dev == 0)
+ printf("not in use");
+ else {
+ char *dev;
+
+ dev = devname(cgu.cgu_dev, S_IFBLK);
+ if (dev != NULL)
+ printf("%s ", dev);
+ else
+ printf("dev %llu,%llu ",
+ (unsigned long long)major(cgu.cgu_dev),
+ (unsigned long long)minor(cgu.cgu_dev));
+
+ if (verbose)
+ printf("%s ", cgu.cgu_alg);
+ if (verbose > 1) {
+ printf("keylen %d ", cgu.cgu_keylen);
+ printf("blksize %zd ", cgu.cgu_blocksize);
+ printf("%s ", iv_method(cgu.cgu_mode));
+ }
+ }
+ putchar('\n');
+ close(fd);
+
+ if (argc)
+ break;
+
+ n++;
+ snprintf(buf, sizeof(buf), "cgd%d", n);
+ fn = buf;
+ }
+
+ return 0;
+}
+
static void
eliminate_cores(void)
Home |
Main Index |
Thread Index |
Old Index