MFC: sbin/geom/class/eli/geom_eli.c 1.19

When the following conditions are meet:
- First configured key is based only on keyfile (no passphrase).
- Device is attached.
- User changes first key (setkey) from keyfile to passphrase and doesn't
  specify number of iterations (with -i option).
...geli(8) won't store calculated number of iterations in metadata.
This result in device beeing unaccesable after detach.

One can recover from this situation by guessing number of iterations
generated, storing it in metadata and trying to attach device.
Recovery procedure isn't nice, but one's data is not lost.

Reported by:	Thomas Nickl <T.Nickl@gmx.net>
This commit is contained in:
pjd 2007-02-03 16:09:10 +00:00
parent 1ebd1ed20e
commit 9084f020a7

View File

@ -739,18 +739,30 @@ static void
eli_setkey_attached(struct gctl_req *req, struct g_eli_metadata *md)
{
unsigned char key[G_ELI_USERKEYLEN];
intmax_t val;
intmax_t val, old = 0;
int error;
val = gctl_get_intmax(req, "iterations");
/* Check if iterations number should be changed. */
if (val != -1)
md->md_iterations = val;
else
old = md->md_iterations;
/* Generate key for Master Key encryption. */
if (eli_genkey(req, md, key, 1) == NULL) {
bzero(key, sizeof(key));
return;
}
/*
* If number of iterations has changed, but wasn't given as a
* command-line argument, update the request.
*/
if (val == -1 && md->md_iterations != old) {
error = gctl_change_param(req, "iterations", sizeof(intmax_t),
&md->md_iterations);
assert(error == 0);
}
gctl_ro_param(req, "key", sizeof(key), key);
gctl_issue(req);