Laszlo Ersek
2022-Feb-28 15:54 UTC
[Libguestfs] [libguestfs-common PATCH 0/3] cleanups for "options/decrypt.c"
Three patches to address the comments that Rich made (on preexistent code) in this thread: [libguestfs-common PATCH 0/2] options: decrypt LUKS-on-LV devices Message-Id: <20220223161915.16604-1-lersek at redhat.com> https://listman.redhat.com/archives/libguestfs/2022-February/msg00369.html Thanks, Laszlo Laszlo Ersek (3): options: assume GUESTFS_HAVE_LUKS_UUID and GUESTFS_HAVE_CRYPTSETUP_OPEN options: remove stale comment about GUESTFS_CRYPTSETUP_OPEN_READONLY options: allocate the decrypted LUKS device name dynamically options/decrypt.c | 90 ++++++++++++++------ 1 file changed, 63 insertions(+), 27 deletions(-) base-commit: 2d8c0f8d40b5d43e45b969e25eb5c4a12b3c675a -- 2.19.1.3.g30247aa5d201
Laszlo Ersek
2022-Feb-28 15:54 UTC
[Libguestfs] [libguestfs-common PATCH 1/3] options: assume GUESTFS_HAVE_LUKS_UUID and GUESTFS_HAVE_CRYPTSETUP_OPEN
guestfs_luks_uuid() was added in libguestfs 1.42 (released March 2020). guestfs_cryptsetup_open was added in libguestfs 1.44 (Jan 2021). guestfs-tools already requires libguestfs >= 1.44 (see guestfs-tools.git/m4/guestfs-libraries.m4), as of commit 27da4b0c4991. The libguestfs version required in virt-v2v.git/m4/guestfs-libraries.m4 will have to be bumped to 1.44 (at commit 6711106145f9, the requirement is 1.40). Suggested-by: Richard W.M. Jones <rjones at redhat.com> Signed-off-by: Laszlo Ersek <lersek at redhat.com> --- options/decrypt.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/options/decrypt.c b/options/decrypt.c index f7c1d876b3ed..6e0ea95f1716 100644 --- a/options/decrypt.c +++ b/options/decrypt.c @@ -92,9 +92,7 @@ decrypt_mountables (guestfs_h *g, const char * const *mountables, * (unclear if this is a limitation of the format or cryptsetup). */ if (STREQ (type, "crypto_LUKS")) { -#ifdef GUESTFS_HAVE_LUKS_UUID uuid = guestfs_luks_uuid (g, mountable); -#endif } else if (STRNEQ (type, "BitLocker")) continue; @@ -115,14 +113,10 @@ decrypt_mountables (guestfs_h *g, const char * const *mountables, int r; guestfs_push_error_handler (g, NULL, NULL); -#ifdef GUESTFS_HAVE_CRYPTSETUP_OPEN /* XXX Should we set GUESTFS_CRYPTSETUP_OPEN_READONLY if readonly is * set? This might break 'mount_ro'. */ r = guestfs_cryptsetup_open (g, mountable, key, mapname, -1); -#else - r = guestfs_luks_open (g, mountable, key, mapname); -#endif guestfs_pop_error_handler (g); if (r == 0) -- 2.19.1.3.g30247aa5d201
Laszlo Ersek
2022-Feb-28 15:54 UTC
[Libguestfs] [libguestfs-common PATCH 2/3] options: remove stale comment about GUESTFS_CRYPTSETUP_OPEN_READONLY
When the appliance opens the disk image in read-only mode, it uses a writeable qcow2 overlay to protect the disk image from writes. Writable guest devices are required to mount filesystems with journals, even when mounting them with "-o ro". Suggested-by: Richard W.M. Jones <rjones at redhat.com> Signed-off-by: Laszlo Ersek <lersek at redhat.com> --- options/decrypt.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/options/decrypt.c b/options/decrypt.c index 6e0ea95f1716..c5b8f8f566fd 100644 --- a/options/decrypt.c +++ b/options/decrypt.c @@ -113,9 +113,6 @@ decrypt_mountables (guestfs_h *g, const char * const *mountables, int r; guestfs_push_error_handler (g, NULL, NULL); - /* XXX Should we set GUESTFS_CRYPTSETUP_OPEN_READONLY if readonly is - * set? This might break 'mount_ro'. - */ r = guestfs_cryptsetup_open (g, mountable, key, mapname, -1); guestfs_pop_error_handler (g); -- 2.19.1.3.g30247aa5d201
Laszlo Ersek
2022-Feb-28 15:54 UTC
[Libguestfs] [libguestfs-common PATCH 3/3] options: allocate the decrypted LUKS device name dynamically
This includes rewriting make_mapname() with dynamic memory allocation. Suggested-by: Richard W.M. Jones <rjones at redhat.com> Signed-off-by: Laszlo Ersek <lersek at redhat.com> --- options/decrypt.c | 81 +++++++++++++++----- 1 file changed, 63 insertions(+), 18 deletions(-) diff --git a/options/decrypt.c b/options/decrypt.c index c5b8f8f566fd..b899a0028620 100644 --- a/options/decrypt.c +++ b/options/decrypt.c @@ -30,6 +30,7 @@ #include <libintl.h> #include <error.h> #include <assert.h> +#include <errno.h> #include "c-ctype.h" @@ -37,6 +38,23 @@ #include "options.h" +static void +append_char (size_t *idx, char *buffer, char c) +{ + /* bail out if the size of the string (including the terminating NUL, if any + * cannot be expressed as a size_t + */ + if (*idx == (size_t)-1) + error (EXIT_FAILURE, 0, _("string size overflow")); + + /* if we're not just counting, then actually write the character */ + if (buffer != NULL) + buffer[*idx] = c; + + /* advance */ + ++*idx; +} + /** * Make a LUKS map name from the partition or logical volume name, eg. * C<"/dev/vda2" =E<gt> "cryptvda2">, or C<"/dev/vg-ssd/lv-root7" =E<gt> @@ -44,28 +62,55 @@ * c_isalnum() eliminates the "/" separator from between the VG and the LV, so * this mapping is not unique; but for our purposes, it will do. */ -static void -make_mapname (const char *device, char *mapname, size_t len) +static char * +make_mapname (const char *device) { - size_t i = 0; + bool strip_iprefix; + static const char iprefix[] = "/dev/"; + char *mapname; + enum { COUNT, WRITE, DONE } mode; - if (len < 6) - abort (); - strcpy (mapname, "crypt"); - mapname += 5; - len -= 5; + strip_iprefix = STRPREFIX (device, iprefix); - if (STRPREFIX (device, "/dev/")) - i = 5; + /* set to NULL in COUNT mode, flipped to non-NULL for WRITE mode */ + mapname = NULL; - for (; device[i] != '\0' && len >= 1; ++i) { - if (c_isalnum (device[i])) { - *mapname++ = device[i]; - len--; + for (mode = COUNT; mode < DONE; ++mode) { + size_t ipos; + static const size_t iprefixlen = sizeof iprefix - 1; + size_t opos; + static const char oprefix[] = "crypt"; + static const size_t oprefixlen = sizeof oprefix - 1; + char ichar; + + /* skip the input prefix, if any */ + ipos = strip_iprefix ? iprefixlen : 0; + /* start producing characters after the output prefix */ + opos = oprefixlen; + + /* filter & copy */ + while ((ichar = device[ipos]) != '\0') { + if (c_isalnum (ichar)) + append_char (&opos, mapname, ichar); + ++ipos; + } + + /* terminate */ + append_char (&opos, mapname, '\0'); + + /* allocate the output buffer when flipping from COUNT to WRITE mode */ + if (mode == COUNT) { + assert (opos >= sizeof oprefix); + mapname = malloc (opos); + if (mapname == NULL) + error (EXIT_FAILURE, errno, "malloc"); + + /* populate the output prefix -- note: not NUL-terminated yet */ + memcpy (mapname, oprefix, oprefixlen); } } - *mapname = '\0'; + return mapname; } static bool @@ -80,7 +125,7 @@ decrypt_mountables (guestfs_h *g, const char * const *mountables, CLEANUP_FREE char *type = NULL; CLEANUP_FREE char *uuid = NULL; CLEANUP_FREE_STRING_LIST char **keys = NULL; - char mapname[512]; + CLEANUP_FREE char *mapname = NULL; const char * const *key_scan; const char *key; @@ -104,8 +149,8 @@ decrypt_mountables (guestfs_h *g, const char * const *mountables, /* Generate a node name for the plaintext (decrypted) device node. */ if (!name_decrypted_by_uuid || uuid == NULL || - snprintf (mapname, sizeof mapname, "luks-%s", uuid) < 0) - make_mapname (mountable, mapname, sizeof mapname); + asprintf (&mapname, "luks-%s", uuid) == -1) + mapname = make_mapname (mountable); /* Try each key in turn. */ key_scan = (const char * const *)keys; -- 2.19.1.3.g30247aa5d201
Laszlo Ersek
2022-Mar-01 16:32 UTC
[Libguestfs] [libguestfs-common PATCH 0/3] cleanups for "options/decrypt.c"
On 02/28/22 16:54, Laszlo Ersek wrote:> Three patches to address the comments that Rich made (on preexistent > code) in this thread: > > [libguestfs-common PATCH 0/2] options: decrypt LUKS-on-LV devices > Message-Id: <20220223161915.16604-1-lersek at redhat.com> > https://listman.redhat.com/archives/libguestfs/2022-February/msg00369.html > > Thanks, > Laszlo > > Laszlo Ersek (3): > options: assume GUESTFS_HAVE_LUKS_UUID and > GUESTFS_HAVE_CRYPTSETUP_OPEN > options: remove stale comment about GUESTFS_CRYPTSETUP_OPEN_READONLY > options: allocate the decrypted LUKS device name dynamically > > options/decrypt.c | 90 ++++++++++++++------ > 1 file changed, 63 insertions(+), 27 deletions(-) > > > base-commit: 2d8c0f8d40b5d43e45b969e25eb5c4a12b3c675a >Merged as commit range 2d8c0f8d40b5..60efc5407552, per <https://listman.redhat.com/archives/libguestfs/2022-March/msg00000.html>. Thanks! Laszlo