search for: read_key

...(keys) == 0) > + error (EXIT_FAILURE, 0, > + _("no key was provided to open LUKS encrypted %s, " > + "try using --key on the command line"), > + partitions[i]); Is this check ever going to be true? get_keys() calls read_key() to ask the user for a key if none were provided, and on read_key() failure error() is called directly. In case this might be dead code, I'd place an assert instead or a non-translatable internal error. -- Pino Toscano

...k; case key_file: - return read_first_line_from_file (key->file.name); + s = read_first_line_from_file (key->file.name); + r[j++] = s; + break; } - - /* Key not found in the key store, ask the user for it. */ - break; } } - return read_key (device); + if (j == 0) { + /* Key not found in the key store, ask the user for it. */ + s = read_key (device); + if (!s) + error (EXIT_FAILURE, 0, _("could not read key from user")); + r[0] = s; + } + + return r; } struct key_store * diff --git a/options/options.h...

v1: https://www.redhat.com/archives/libguestfs/2019-November/msg00036.html

...k; case key_file: - return read_first_line_from_file (key->file.name); + s = read_first_line_from_file (key->file.name); + r[j++] = s; + break; } - - /* Key not found in the key store, ask the user for it. */ - break; } } - return read_key (device); + if (j == 0) { + /* Key not found in the key store, ask the user for it. */ + s = read_key (device); + if (!s) + error (EXIT_FAILURE, 0, _("could not read key from user")); + r[0] = s; + } + + return r; } struct key_store * -key_store_add_from_selector (...

The first patch fixes a rather serious bug, the second patch allows multiple --key parameters and default parameters. There is a third patch to libguestfs which adds a test, coming up. I did not yet review and fix the documentation. I think we need to centralize it in one place because at the moment the same documentation for --key is copy/pasted all over the tools. Rich.

...t;) ssh_dir; + + (* Newest file. *) + let files = List.map ( + fun file -> + let file = ssh_dir // file in + let stat = stat file in + (file, stat.st_mtime) + ) files in + let files = List.sort (fun (_,m1) (_,m2) -> compare m2 m1) files in + + fst (List.hd files) + +let read_key file = + (* Read and return the public key. *) + let key = read_whole_file file in + if key = "" then + error (f_"ssh-inject: public key file (%s) is empty") file; + key + +let key_string_from_selector = function + | SystemKey -> + read_key (local_user_ssh_pubkey (...

...+ for (i = 0; partitions[i] != NULL; ++i) { + CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]); + if (type && STREQ (type, "crypto_LUKS")) { + char mapname[32]; + make_mapname (partitions[i], mapname, sizeof mapname); + + CLEANUP_FREE char *key = read_key (partitions[i]); + /* XXX Should we call guestfs_luks_open_ro if readonly flag + * is set? This might break 'mount_ro'. + */ + if (guestfs_luks_open (g, partitions[i], key, mapname) == -1) + exit (EXIT_FAILURE); + + need_rescan = 1; + } + } + + if (ne...

...stfs - * device name. + /* An ID for the device this key refers to. It can be either the libguestfs + * device name, or the UUID. * * There may be multiple matching devices in the list. */ @@ -150,7 +150,7 @@ extern void print_inspect_prompt (void); /* in key.c */ extern char *read_key (const char *param); -extern char **get_keys (struct key_store *ks, const char *device); +extern char **get_keys (struct key_store *ks, const char *device, const char *uuid); extern struct key_store *key_store_add_from_selector (struct key_store *ks, const char *selector); extern struct key_store...

This adds a customize option: virt-customize --ssh-inject USER[=KEY] virt-builder --ssh-inject USER[=KEY] virt-sysprep --ssh-inject USER[=KEY] In each case this either injects the current (host) user's ssh pubkey into the guest user USER (adding it to ~USER/.ssh/authorized_keys in the guest), or you can specify a particular key. For example: virt-builder fedora-20 --ssh-inject root

I have an openssh server running on solaris 7 and the client running on a clean RH linux 6.1 box. I am using the latest release (2.1.1p1 -- i had the known solaris utmp problem and the read_key problem when using 2.1.0p2 so i upgraded). scp from the linux machine to solaris machine gives a "lost connection" message [root at dog /root]# scp foo.bar solmachine:/tmp/ lost connection the file foo.bar does not even have to exist for this to happen. The -v and the -d flags don'...

Hi, this series refactors some guestfish code (not much), and exposes it via Common_utils, so it is possible to decrypt LUKS partitions when using virt-customize, virt-get-kernel, virt-sparsify, and virt-sysprep. This brings them closer in features with C tools. Most probably a couple more of other OCaml-based tools (virt-v2v to convert encrypted guests, and virt-builder to use encrypted

...ruct key_store *ks) { CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions (g); if (partitions == NULL) @@ -82,7 +82,7 @@ inspect_do_decrypt (guestfs_h *g) char mapname[32]; make_mapname (partitions[i], mapname, sizeof mapname); - CLEANUP_FREE char *key = read_key (partitions[i]); + CLEANUP_FREE char *key = get_key (ks, partitions[i]); /* XXX Should we call guestfs_luks_open_ro if readonly flag * is set? This might break 'mount_ro'. */ diff --git a/common/options/inspect.c b/common/options/inspect.c index e0deae2df..3de6d...

This combined patch series enables to decrypt LUKS devices on inspection by allowing the UUID of the LUKS device with the --key syntax. I opted for reusing the option instead of adding another one, as I think that device names and UUIDs are different enough that can be properly distinguished. A test for this (patch #4) can be applied only when the patches for common are applied, and the

...an = 0; + size_t i; + for (i = 0; partitions[i] != NULL; ++i) { + char *type = guestfs_vfs_type (g, partitions[i]); + if (type && STREQ (type, "crypto_LUKS")) { + char mapname[32]; + diff_make_mapname (partitions[i], mapname, sizeof mapname); + + char *key = read_key (partitions[i]); + /* XXX Should we call guestfs_luks_open_ro if readonly flag + * is set? This might break 'mount_ro'. + */ + if (guestfs_luks_open (g, partitions[i], key, mapname) == -1) + exit (EXIT_FAILURE); + + free (key); + + need_rescan = 1; +...

As discussed previously: https://www.redhat.com/archives/libguestfs/2010-July/msg00003.html https://www.redhat.com/archives/libguestfs/2010-July/msg00024.html To do: (1) Implement progress notifications for many more daemon operations. (2) OCaml bindings to the callback. (3) Perl bindings to the callback. Rich. -- Richard Jones, Virtualization Group, Red Hat

Hi, the following series adds a --key option in the majority of tools: this makes it possible to pass LUKS credentials programmatically, avoid the need to manually input them, or unsafely pass them via stdin. Thanks, Pino Toscano (2): mltools: create a cmdline_options struct Introduce a --key option in tools that accept keys builder/cmdline.ml | 2 +-

Some of the C tools were building also config.c as part of the shared sources from guestfish, and thus bringing a dependency on libconfig. Since none of them actually read the libguestfs configuration at all, then exclude fish/config.c from their build, and stop linking to libconfig. --- align/Makefile.am | 3 --- df/Makefile.am | 3 --- edit/Makefile.am | 3 ---

...;drv' struct. For -d this + * can be != 1 because a guest can have more than one disk. For + * others it is always 1. This is filled in by add_drives(). + */ + size_t nr_drives; enum { drv_a, /* -a option (without URI) */ @@ -123,8 +123,8 @@ extern char *read_key (const char *param); /* in options.c */ extern void option_a (const char *arg, const char *format, struct drv **drvsp); extern void option_d (const char *arg, struct drv **drvsp); -extern char add_drives_handle (guestfs_h *g, struct drv *drv, char next_drive); -#define add_drives(drv, next_drive...

This patch series moves some files and directories around but is only code motion (or supposed to be). A new directory, common/, is created for all of the common code which is currently shared in random ways between parts of the project. And src/ becomes lib/ (the largest change, but mostly mechanical). In full this series makes the following changes: src/libprotocol -> common/protocol

...| FilenameList name -> + | StringList (_, name) -> pr " %s = parse_string_list (argv[i++]);\n" name; pr " if (%s == NULL) goto out_%s;\n" name name - | Key name -> + | String (Key, name) -> pr " %s = read_key (\"%s\");\n" name name; pr " if (keys_from_stdin)\n"; pr " input_lineno++;\n"; @@ -477,21 +472,19 @@ let generate_fish_run_cmds actions () = ) (List.rev optargs); List.iter ( function - | Device _ | Mount...