~nabijaczleweli/tzpfms

cc4716c5695a9ea38b8eb1944bad3517ee34299c — наб a month ago 6423713
Add zfs-tpm1x-clear-key. Move clear_key_props() warning to zfs.cpp
M src/bin/zfs-tpm1x-change-key.cpp => src/bin/zfs-tpm1x-change-key.cpp +1 -3
@@ 116,9 116,7 @@ int main(int argc, char ** argv) {


			    if(auto err = change_key(dataset, wrap_key)) {
				    if(clear_key_props(dataset))  // Sync with zfs-tpm2-{clear,change}-key
					    fprintf(stderr, "You might need to run \"zfs inherit %s %s\" and \"zfs inherit %s %s\"!\n", PROPNAME_BACKEND, zfs_get_name(dataset), PROPNAME_KEY,
					            zfs_get_name(dataset));
				    clear_key_props(dataset);
				    return err;
			    }


A src/bin/zfs-tpm1x-clear-key.cpp => src/bin/zfs-tpm1x-clear-key.cpp +37 -0
@@ 0,0 1,37 @@
/* SPDX-License-Identifier: MIT */


#include <libzfs.h>

#include <stdio.h>

#include "../main.hpp"
#include "../tpm1x.hpp"
#include "../zfs.hpp"


#define THIS_BACKEND "TPM1.X"


int main(int argc, char ** argv) {
	return do_main(
	    argc, argv, "", "", [&](auto) {},
	    [&](auto dataset) {
		    REQUIRE_KEY_LOADED(dataset);

		    char * handle_s{};
		    TRY_MAIN(parse_key_props(dataset, THIS_BACKEND, handle_s));

		    tpm1x_handle handle{};  // Not like we use this, but for symmetry with the other -clear-keys
		    TRY_MAIN(tpm1x_parse_handle(zfs_get_name(dataset), handle_s, handle));


		    if(zfs_crypto_rewrap(dataset, TRY_PTR("get clear rewrap args", clear_rewrap_args()), B_FALSE))
			    return __LINE__;  // Error printed by libzfs


		    TRY_MAIN(clear_key_props(dataset));

		    return 0;
	    });
}

M src/bin/zfs-tpm2-change-key.cpp => src/bin/zfs-tpm2-change-key.cpp +2 -3
@@ 61,9 61,8 @@ int main(int argc, char ** argv) {
			    quickscope_wrapper persistent_clearer{[&] {
				    if(!ok && tpm2_free_persistent(tpm2_ctx, tpm2_session, persistent_handle))
					    fprintf(stderr, "Couldn't free persistent handle. You might need to run \"tpm2_evictcontrol -c 0x%X\" or equivalent!\n", persistent_handle);
				    if(!ok && clear_key_props(dataset))  // Sync with zfs-tpm1x-change-key, zfs-tpm2-clear-key
					    fprintf(stderr, "You might need to run \"zfs inherit %s %s\" and \"zfs inherit %s %s\"!\n", PROPNAME_BACKEND, zfs_get_name(dataset), PROPNAME_KEY,
					            zfs_get_name(dataset));
				    if(!ok)
					    clear_key_props(dataset);
			    }};

			    {

M src/bin/zfs-tpm2-clear-key.cpp => src/bin/zfs-tpm2-clear-key.cpp +1 -5
@@ 35,11 35,7 @@ int main(int argc, char ** argv) {
			    return 0;
		    }));

		    if(clear_key_props(dataset)) {  // Sync with zfs-tpm1x-change-key, zfs-tpm2-change-key
			    fprintf(stderr, "You might need to run \"zfs inherit %s %s\" and \"zfs inherit %s %s\"!\n", PROPNAME_BACKEND, zfs_get_name(dataset), PROPNAME_KEY,
			            zfs_get_name(dataset));
			    return __LINE__;
		    }
		    TRY_MAIN(clear_key_props(dataset));

		    return 0;
	    });

M src/tpm1x.hpp => src/tpm1x.hpp +1 -1
@@ 81,7 81,7 @@ struct tpm1x_handle {
extern int tpm1x_parse_handle(const char * dataset_name, char * handle_s, tpm1x_handle & handle);


extern int tpm1x_prep_sealed_object(TSS_HCONTEXT ctx, TSS_HOBJECT & sealed_object, TSS_HPOLICY &sealed_object_policy);
extern int tpm1x_prep_sealed_object(TSS_HCONTEXT ctx, TSS_HOBJECT & sealed_object, TSS_HPOLICY & sealed_object_policy);
// extern int tpm2_seal(ESYS_CONTEXT * tpm2_ctx, ESYS_TR tpm2_session, TPMI_DH_PERSISTENT & persistent_handle, const TPM2B_DATA & metadata, void * data,
//                      size_t data_len);
// extern int tpm2_unseal(ESYS_CONTEXT * tpm2_ctx, ESYS_TR tpm2_session, TPMI_DH_PERSISTENT persistent_handle, void * data, size_t data_len);

M src/zfs.cpp => src/zfs.cpp +11 -2
@@ 81,7 81,7 @@ int lookup_userprop(zfs_handle_t * in, const char * name, char *& out) {


int set_key_props(zfs_handle_t * on, const char * backend, const char * handle) {
		nvlist_t * props{};
	nvlist_t * props{};
	quickscope_wrapper props_deleter{[&] { nvlist_free(props); }};

	TRY_NVL("allocate key nvlist", nvlist_alloc(&props, NV_UNIQUE_NAME, 0));


@@ 95,14 95,23 @@ int set_key_props(zfs_handle_t * on, const char * backend, const char * handle) 


int clear_key_props(zfs_handle_t * from) {
	bool ok = false;
	quickscope_wrapper props_deleter{[&] {
		if(!ok)
			fprintf(stderr, "You might need to run \"zfs inherit %s %s\" and \"zfs inherit %s %s\"!\n", PROPNAME_BACKEND, zfs_get_name(from), PROPNAME_KEY,
			        zfs_get_name(from));
	}};

	TRY("delete tzpfms.backend", zfs_prop_inherit(from, PROPNAME_BACKEND, B_FALSE));
	TRY("delete tzpfms.key", zfs_prop_inherit(from, PROPNAME_KEY, B_FALSE));

	ok = true;
	return 0;
}


int parse_key_props(zfs_handle_t * in, const char * our_backend, char *& handle) {
	char *backend{};
	char * backend{};
	TRY_MAIN(lookup_userprop(in, PROPNAME_BACKEND, backend));

	if(!backend) {