search for: key_store_key

The first patch fixes a rather serious bug, the second patch allows multiple --key parameters and default parameters. There is a third patch to libguestfs which adds a test, coming up. I did not yet review and fix the documentation. I think we need to centralize it in one place because at the moment the same documentation for --key is copy/pasted all over the tools. Rich.

v1: https://www.redhat.com/archives/libguestfs/2019-November/msg00036.html

This combined patch series enables to decrypt LUKS devices on inspection by allowing the UUID of the LUKS device with the --key syntax. I opted for reusing the option instead of adding another one, as I think that device names and UUIDs are different enough that can be properly distinguished. A test for this (patch #4) can be applied only when the patches for common are applied, and the

...stfs_int_mllib_rfc3339_date_time_string (value unitv) { CAMLparam1 (unitv); char buf[64]; diff --git a/common/mltools/tools_utils.ml b/common/mltools/tools_utils.ml index de42df600..127180225 100644 --- a/common/mltools/tools_utils.ml +++ b/common/mltools/tools_utils.ml @@ -32,7 +32,7 @@ and key_store_key = external c_inspect_decrypt : Guestfs.t -> int64 -> (string * key_store_key) list -> unit = "guestfs_int_mllib_inspect_decrypt" external c_set_echo_keys : unit -> unit = "guestfs_int_mllib_set_echo_keys" "noalloc" external c_set_keys_from_stdin : unit -...

...les changed, 15 insertions(+), 12 deletions(-) diff --git a/mltools/tools_utils-c.c b/mltools/tools_utils-c.c index 3b80091..6c43b8d 100644 --- a/mltools/tools_utils-c.c +++ b/mltools/tools_utils-c.c @@ -57,8 +57,8 @@ guestfs_int_mllib_inspect_decrypt (value gv, value gpv, value keysv) struct key_store_key key; elemv = Field (keysv, 0); - key.device = strdup (String_val (Field (elemv, 0))); - if (!key.device) + key.id = strdup (String_val (Field (elemv, 0))); + if (!key.id) caml_raise_out_of_memory (); v = Field (elemv, 1); diff --git a/options/key-option.pod b/option...

...t + * more than ks->nr_keys. + */ + len = 1; + if (ks) + len = MIN (1, ks->nr_keys); + r = calloc (len+1, sizeof (char *)); + if (r == NULL) + error (EXIT_FAILURE, errno, "calloc"); + + j = 0; if (ks) { for (i = 0; i < ks->nr_keys; ++i) { struct key_store_key *key = &ks->keys[i]; - char *s; - if (STRNEQ (key->device, device)) + if (STRNEQ (key->device, "") && + STRNEQ (key->device, device)) continue; switch (key->type) { @@ -139,63 +157,64 @@ get_key (struct key_store *ks,...

...ar ** -get_keys (struct key_store *ks, const char *device) +get_keys (struct key_store *ks, const char *device, const char *uuid) { size_t i, j, len; char **r; @@ -148,7 +148,7 @@ get_keys (struct key_store *ks, const char *device) for (i = 0; i < ks->nr_keys; ++i) { struct key_store_key *key = &ks->keys[i]; - if (STRNEQ (key->id, device)) + if (STRNEQ (key->id, device) && (uuid && STRNEQ (key->id, uuid))) continue; switch (key->type) { diff --git a/options/options.h b/options/options.h index b83a92b..9b78302 100644 -...

...t + * more than ks->nr_keys. + */ + len = 1; + if (ks) + len = MIN (1, ks->nr_keys); + r = calloc (len+1, sizeof (char *)); + if (r == NULL) + error (EXIT_FAILURE, errno, "calloc"); + + j = 0; if (ks) { for (i = 0; i < ks->nr_keys; ++i) { struct key_store_key *key = &ks->keys[i]; - char *s; if (STRNEQ (key->device, device)) continue; @@ -139,17 +156,25 @@ get_key (struct key_store *ks, const char *device) s = strdup (key->string.s); if (!s) error (EXIT_FAILURE, errno, "strdup");...

...1); } - inspect_do_decrypt (g, ks); + inspect_do_decrypt (g, ks, Int_val (allowdiscards)); CAMLreturn (Val_unit); } diff --git a/mltools/tools_utils.ml b/mltools/tools_utils.ml index 1271802..cb94125 100644 --- a/mltools/tools_utils.ml +++ b/mltools/tools_utils.ml @@ -29,7 +29,7 @@ and key_store_key = | KeyString of string | KeyFileName of string -external c_inspect_decrypt : Guestfs.t -> int64 -> (string * key_store_key) list -> unit = "guestfs_int_mllib_inspect_decrypt" +external c_inspect_decrypt : Guestfs.t -> int64 -> (string * key_store_key) list -> bo...

...9027 in main () (gdb) quit --- options/keys.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/options/keys.c b/options/keys.c index 7f68986..f783066 100644 --- a/options/keys.c +++ b/options/keys.c @@ -216,7 +216,8 @@ key_store_import_key (struct key_store *ks, const struct key_store_key *key) } assert (ks != NULL); - new_keys = realloc (ks->keys, sizeof (*ks->keys) + 1); + new_keys = realloc (ks->keys, + (ks->nr_keys + 1) * sizeof (struct key_store_key)); if (!new_keys) error (EXIT_FAILURE, errno, "realloc"); -- 2.23....

...2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/options/keys.c b/options/keys.c index 782bdb6..817508b 100644 --- a/options/keys.c +++ b/options/keys.c @@ -148,7 +148,8 @@ get_keys (struct key_store *ks, const char *device) for (i = 0; i < ks->nr_keys; ++i) { struct key_store_key *key = &ks->keys[i]; - if (STRNEQ (key->device, device)) + if (STRNEQ (key->device, "") && + STRNEQ (key->device, device)) continue; switch (key->type) { diff --git a/options/options.h b/options/options.h index 510e8a8..2f6...

...t_decrypt (value gv, value gpv, value keysv) { - CAMLparam2 (gv, gpv); + CAMLparam3 (gv, gpv, keysv); + CAMLlocal2 (elemv, v); guestfs_h *g = (guestfs_h *) (intptr_t) Int64_val (gpv); + struct key_store *ks = NULL; - inspect_do_decrypt (g); + while (keysv != Val_emptylist) { + struct key_store_key key; + + elemv = Field (keysv, 0); + key.device = strdup (String_val (Field (elemv, 0))); + if (!key.device) + caml_raise_out_of_memory (); + + v = Field (elemv, 1); + switch (Tag_val (v)) { + case 0: /* KeyString of string */ + key.type = key_string; + key.string....

Enhance the output in machine parseable mode, by outputting all the messages of OCaml tools as JSON to the machine parseable stream. Related, although not strictly needed for this (and thus can be split if requested), is the addition of the fd format for the machine readable stream. Pino Toscano (4): common/mltools: move the code for machine readable up common/mltools: make sure machine

...+ if (!chan) + caml_raise_out_of_memory (); + + CAMLreturn (caml_alloc_channel (chan)); +} diff --git a/common/mltools/tools_utils.ml b/common/mltools/tools_utils.ml index ade4cb37f..3c54cd4a0 100644 --- a/common/mltools/tools_utils.ml +++ b/common/mltools/tools_utils.ml @@ -32,6 +32,7 @@ and key_store_key = external c_inspect_decrypt : Guestfs.t -> int64 -> (string * key_store_key) list -> unit = "guestfs_int_mllib_inspect_decrypt" external c_set_echo_keys : unit -> unit = "guestfs_int_mllib_set_echo_keys" "noalloc" external c_set_keys_from_stdin : unit -...

Hi, the following series adds a --key option in the majority of tools: this makes it possible to pass LUKS credentials programmatically, avoid the need to manually input them, or unsafely pass them via stdin. Thanks, Pino Toscano (2): mltools: create a cmdline_options struct Introduce a --key option in tools that accept keys builder/cmdline.ml | 2 +-

...etions(-) > > diff --git a/options/keys.c b/options/keys.c > index 782bdb6..817508b 100644 > --- a/options/keys.c > +++ b/options/keys.c > @@ -148,7 +148,8 @@ get_keys (struct key_store *ks, const char *device) > for (i = 0; i < ks->nr_keys; ++i) { > struct key_store_key *key = &ks->keys[i]; > > - if (STRNEQ (key->device, device)) > + if (STRNEQ (key->device, "") && > + STRNEQ (key->device, device)) > continue; > > switch (key->type) { > diff --git a/options/options.h b/...

...1); } - inspect_do_decrypt (g, ks); + inspect_do_decrypt (g, ks, Int_val (allowdiscards)); CAMLreturn (Val_unit); } diff --git a/mltools/tools_utils.ml b/mltools/tools_utils.ml index 1271802..cb94125 100644 --- a/mltools/tools_utils.ml +++ b/mltools/tools_utils.ml @@ -29,7 +29,7 @@ and key_store_key = | KeyString of string | KeyFileName of string -external c_inspect_decrypt : Guestfs.t -> int64 -> (string * key_store_key) list -> unit = "guestfs_int_mllib_inspect_decrypt" +external c_inspect_decrypt : Guestfs.t -> int64 -> (string * key_store_key) list -> bo...

Enhance the output in machine parseable mode, by outputting all the messages of OCaml tools as JSON to the machine parseable stream. Related, although not strictly needed for this (and thus can be split if requested), is the addition of the fd format for the machine readable stream. Changes from v1: - use Obj.magic to convert int -> Unix.file_descr - add tests Pino Toscano (4):

...insertions(+), 30 deletions(-) diff --git a/common/mltools/tools_utils.ml b/common/mltools/tools_utils.ml index 24641369e..5a35708cd 100644 --- a/common/mltools/tools_utils.ml +++ b/common/mltools/tools_utils.ml @@ -33,6 +33,36 @@ external c_inspect_decrypt : Guestfs.t -> int64 -> (string * key_store_key) list external c_set_echo_keys : unit -> unit = "guestfs_int_mllib_set_echo_keys" "noalloc" external c_set_keys_from_stdin : unit -> unit = "guestfs_int_mllib_set_keys_from_stdin" "noalloc" +type machine_readable_fn = { + pr : 'a. ('a, unit...

...r *selector_orig) +key_store_add_from_selector (struct key_store *ks, const char *selector) { - CLEANUP_FREE char *selector = strdup (selector_orig); - const char *elem; - char *saveptr; + CLEANUP_FREE_STRING_LIST char **fields = + guestfs_int_split_string (':', selector); struct key_store_key key; - if (!selector) - error (EXIT_FAILURE, errno, "strdup"); + if (!fields) + error (EXIT_FAILURE, errno, "guestfs_int_split_string"); - /* 1: device */ - elem = strtok_r (selector, ":", &saveptr); - if (!elem) { + if (guestfs_int_count_strings (f...