MFC: sbin/geom/class/eli/geom_eli.c 1.19
When the following conditions are meet: - First configured key is based only on keyfile (no passphrase). - Device is attached. - User changes first key (setkey) from keyfile to passphrase and doesn't specify number of iterations (with -i option). ...geli(8) won't store calculated number of iterations in metadata. This result in device beeing unaccesable after detach. One can recover from this situation by guessing number of iterations generated, storing it in metadata and trying to attach device. Recovery procedure isn't nice, but one's data is not lost. Reported by: Thomas Nickl <T.Nickl@gmx.net>
This commit is contained in:
parent
1ebd1ed20e
commit
9084f020a7
@ -739,18 +739,30 @@ static void
|
||||
eli_setkey_attached(struct gctl_req *req, struct g_eli_metadata *md)
|
||||
{
|
||||
unsigned char key[G_ELI_USERKEYLEN];
|
||||
intmax_t val;
|
||||
intmax_t val, old = 0;
|
||||
int error;
|
||||
|
||||
val = gctl_get_intmax(req, "iterations");
|
||||
/* Check if iterations number should be changed. */
|
||||
if (val != -1)
|
||||
md->md_iterations = val;
|
||||
else
|
||||
old = md->md_iterations;
|
||||
|
||||
/* Generate key for Master Key encryption. */
|
||||
if (eli_genkey(req, md, key, 1) == NULL) {
|
||||
bzero(key, sizeof(key));
|
||||
return;
|
||||
}
|
||||
/*
|
||||
* If number of iterations has changed, but wasn't given as a
|
||||
* command-line argument, update the request.
|
||||
*/
|
||||
if (val == -1 && md->md_iterations != old) {
|
||||
error = gctl_change_param(req, "iterations", sizeof(intmax_t),
|
||||
&md->md_iterations);
|
||||
assert(error == 0);
|
||||
}
|
||||
|
||||
gctl_ro_param(req, "key", sizeof(key), key);
|
||||
gctl_issue(req);
|
||||
|
Loading…
Reference in New Issue
Block a user