When the following conditions are meet:
- First configured key is based only on keyfile (no passphrase). - Device is attached. - User changes first key (setkey) from keyfile to passphrase and doesn't specify number of iterations (with -i option). ...geli(8) won't store calculated number of iterations in metadata. This result in device beeing unaccesable after detach. One can recover from this situation by guessing number of iterations generated, storing it in metadata and trying to attach device. Recovery procedure isn't nice, but one's data is not lost. Reported by: Thomas Nickl <T.Nickl@gmx.net> MFC after: 1 week
This commit is contained in:
Pawel Jakub Dawidek
parent
1378624c2e
commit
eeefa1fa7e
@ -739,18 +739,30 @@ static void
|
||||
eli_setkey_attached(struct gctl_req *req, struct g_eli_metadata *md)
|
||||
{
|
||||
unsigned char key[G_ELI_USERKEYLEN];
|
||||
intmax_t val;
|
||||
intmax_t val, old = 0;
|
||||
int error;
|
||||
|
||||
val = gctl_get_intmax(req, "iterations");
|
||||
/* Check if iterations number should be changed. */
|
||||
if (val != -1)
|
||||
md->md_iterations = val;
|
||||
else
|
||||
old = md->md_iterations;
|
||||
|
||||
/* Generate key for Master Key encryption. */
|
||||
if (eli_genkey(req, md, key, 1) == NULL) {
|
||||
bzero(key, sizeof(key));
|
||||
return;
|
||||
}
|
||||
/*
|
||||
* If number of iterations has changed, but wasn't given as a
|
||||
* command-line argument, update the request.
|
||||
*/
|
||||
if (val == -1 && md->md_iterations != old) {
|
||||
error = gctl_change_param(req, "iterations", sizeof(intmax_t),
|
||||
&md->md_iterations);
|
||||
assert(error == 0);
|
||||
}
|
||||
|
||||
gctl_ro_param(req, "key", sizeof(key), key);
|
||||
gctl_issue(req);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user