[Midnightbsd-cvs] src: class/eli:
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Fri Nov 21 16:05:34 EST 2008
Log Message:
-----------
Modified Files:
--------------
src/sbin/geom/class/concat:
gconcat.8 (r1.2 -> r1.3)
geom_concat.c (r1.2 -> r1.3)
src/sbin/geom/class/eli:
Makefile (r1.2 -> r1.3)
geli.8 (r1.2 -> r1.3)
geom_eli.c (r1.2 -> r1.3)
src/sbin/geom/class/label:
geom_label.c (r1.2 -> r1.3)
src/sbin/geom/class/mirror:
geom_mirror.c (r1.2 -> r1.3)
gmirror.8 (r1.2 -> r1.3)
src/sbin/geom/class/nop:
geom_nop.c (r1.2 -> r1.3)
src/sbin/geom/class/raid3:
geom_raid3.c (r1.2 -> r1.3)
src/sbin/geom/class/shsec:
geom_shsec.c (r1.2 -> r1.3)
src/sbin/geom/class/stripe:
geom_stripe.c (r1.2 -> r1.3)
-------------- next part --------------
Index: gconcat.8
===================================================================
RCS file: /home/cvs/src/sbin/geom/class/concat/gconcat.8,v
retrieving revision 1.2
retrieving revision 1.3
diff -L sbin/geom/class/concat/gconcat.8 -L sbin/geom/class/concat/gconcat.8 -u -r1.2 -r1.3
--- sbin/geom/class/concat/gconcat.8
+++ sbin/geom/class/concat/gconcat.8
@@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD: src/sbin/geom/class/concat/gconcat.8,v 1.17.2.1 2006/03/01 17:55:28 pjd Exp $
+.\" $FreeBSD: src/sbin/geom/class/concat/gconcat.8,v 1.18 2006/01/30 22:47:07 pjd Exp $
.\"
.Dd May 21, 2004
.Dt GCONCAT 8
Index: geom_concat.c
===================================================================
RCS file: /home/cvs/src/sbin/geom/class/concat/geom_concat.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -L sbin/geom/class/concat/geom_concat.c -L sbin/geom/class/concat/geom_concat.c -u -r1.2 -r1.3
--- sbin/geom/class/concat/geom_concat.c
+++ sbin/geom/class/concat/geom_concat.c
@@ -25,7 +25,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sbin/geom/class/concat/geom_concat.c,v 1.8.2.2 2006/03/01 17:55:28 pjd Exp $");
+__FBSDID("$FreeBSD: src/sbin/geom/class/concat/geom_concat.c,v 1.13 2007/05/15 20:25:16 marcel Exp $");
#include <sys/param.h>
#include <errno.h>
@@ -51,35 +51,35 @@
static void concat_label(struct gctl_req *req);
struct g_command class_commands[] = {
- { "clear", G_FLAG_VERBOSE, concat_main, G_NULL_OPTS,
+ { "clear", G_FLAG_VERBOSE, concat_main, G_NULL_OPTS, NULL,
"[-v] prov ..."
},
{ "create", G_FLAG_VERBOSE | G_FLAG_LOADKLD, NULL, G_NULL_OPTS,
- "[-v] name prov ..."
+ NULL, "[-v] name prov ..."
},
{ "destroy", G_FLAG_VERBOSE, NULL,
{
- { 'f', "force", NULL, G_TYPE_NONE },
+ { 'f', "force", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "[-fv] name ..."
+ NULL, "[-fv] name ..."
},
- { "dump", 0, concat_main, G_NULL_OPTS,
+ { "dump", 0, concat_main, G_NULL_OPTS, NULL,
"prov ..."
},
{ "label", G_FLAG_VERBOSE | G_FLAG_LOADKLD, concat_main,
{
- { 'h', "hardcode", NULL, G_TYPE_NONE },
+ { 'h', "hardcode", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "[-hv] name prov ..."
+ NULL, "[-hv] name prov ..."
},
{ "stop", G_FLAG_VERBOSE, NULL,
{
- { 'f', "force", NULL, G_TYPE_NONE },
+ { 'f', "force", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "[-fv] name ..."
+ NULL, "[-fv] name ..."
},
G_CMD_SENTINEL
};
Index: geom_eli.c
===================================================================
RCS file: /home/cvs/src/sbin/geom/class/eli/geom_eli.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -L sbin/geom/class/eli/geom_eli.c -L sbin/geom/class/eli/geom_eli.c -u -r1.2 -r1.3
--- sbin/geom/class/eli/geom_eli.c
+++ sbin/geom/class/eli/geom_eli.c
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2004 Pawel Jakub Dawidek <pjd at FreeBSD.org>
+ * Copyright (c) 2004-2006 Pawel Jakub Dawidek <pjd at FreeBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -25,8 +25,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sbin/geom/class/eli/geom_eli.c,v 1.1.2.7 2006/03/01 17:52:15 pjd Exp $");
-__MBSDID("$MidnightBSD$");
+__FBSDID("$FreeBSD: src/sbin/geom/class/eli/geom_eli.c,v 1.24 2007/05/15 20:25:16 marcel Exp $");
#include <stdio.h>
#include <stdint.h>
@@ -55,7 +54,8 @@
uint32_t lib_version = G_LIB_VERSION;
uint32_t version = G_ELI_VERSION;
-static char algo[] = "aes";
+static char aalgo[] = "none";
+static char ealgo[] = "aes";
static intmax_t keylen = 0;
static intmax_t keyno = -1;
static intmax_t iterations = -1;
@@ -65,6 +65,7 @@
static void eli_main(struct gctl_req *req, unsigned flags);
static void eli_init(struct gctl_req *req);
static void eli_attach(struct gctl_req *req);
+static void eli_configure(struct gctl_req *req);
static void eli_setkey(struct gctl_req *req);
static void eli_delkey(struct gctl_req *req);
static void eli_kill(struct gctl_req *req);
@@ -76,12 +77,13 @@
/*
* Available commands:
*
- * init [-bhPv] [-a algo] [-i iterations] [-l keylen] [-K newkeyfile] prov
+ * init [-bhPv] [-a aalgo] [-e ealgo] [-i iterations] [-l keylen] [-K newkeyfile] prov
* label - alias for 'init'
- * attach [-dpv] [-k keyfile] prov
+ * attach [-dprv] [-k keyfile] prov
* detach [-fl] prov ...
* stop - alias for 'detach'
- * onetime [-d] [-a algo] [-l keylen] prov ...
+ * onetime [-d] [-a aalgo] [-e ealgo] [-l keylen] prov ...
+ * configure [-bB] prov ...
* setkey [-pPv] [-n keyno] [-k keyfile] [-K newkeyfile] prov
* delkey [-afv] [-n keyno] prov
* kill [-av] [prov ...]
@@ -93,64 +95,76 @@
struct g_command class_commands[] = {
{ "init", G_FLAG_VERBOSE, eli_main,
{
- { 'a', "algo", algo, G_TYPE_STRING },
- { 'b', "boot", NULL, G_TYPE_NONE },
+ { 'a', "aalgo", aalgo, G_TYPE_STRING },
+ { 'b', "boot", NULL, G_TYPE_BOOL },
+ { 'e', "ealgo", ealgo, G_TYPE_STRING },
{ 'i', "iterations", &iterations, G_TYPE_NUMBER },
{ 'K', "newkeyfile", newkeyfile, G_TYPE_STRING },
{ 'l', "keylen", &keylen, G_TYPE_NUMBER },
- { 'P', "nonewpassphrase", NULL, G_TYPE_NONE },
+ { 'P', "nonewpassphrase", NULL, G_TYPE_BOOL },
{ 's', "sectorsize", §orsize, G_TYPE_NUMBER },
G_OPT_SENTINEL
},
- "[-bPv] [-a algo] [-i iterations] [-l keylen] [-K newkeyfile] [-s sectorsize] prov"
+ NULL, "[-bPv] [-a aalgo] [-e ealgo] [-i iterations] [-l keylen] [-K newkeyfile] [-s sectorsize] prov"
},
{ "label", G_FLAG_VERBOSE, eli_main,
{
- { 'a', "algo", algo, G_TYPE_STRING },
- { 'b', "boot", NULL, G_TYPE_NONE },
+ { 'a', "aalgo", aalgo, G_TYPE_STRING },
+ { 'b', "boot", NULL, G_TYPE_BOOL },
+ { 'e', "ealgo", ealgo, G_TYPE_STRING },
{ 'i', "iterations", &iterations, G_TYPE_NUMBER },
{ 'K', "newkeyfile", newkeyfile, G_TYPE_STRING },
{ 'l', "keylen", &keylen, G_TYPE_NUMBER },
- { 'P', "nonewpassphrase", NULL, G_TYPE_NONE },
+ { 'P', "nonewpassphrase", NULL, G_TYPE_BOOL },
{ 's', "sectorsize", §orsize, G_TYPE_NUMBER },
G_OPT_SENTINEL
},
- "- an alias for 'init'"
+ NULL, "- an alias for 'init'"
},
{ "attach", G_FLAG_VERBOSE | G_FLAG_LOADKLD, eli_main,
{
- { 'd', "detach", NULL, G_TYPE_NONE },
+ { 'd', "detach", NULL, G_TYPE_BOOL },
{ 'k', "keyfile", keyfile, G_TYPE_STRING },
- { 'p', "nopassphrase", NULL, G_TYPE_NONE },
+ { 'p', "nopassphrase", NULL, G_TYPE_BOOL },
+ { 'r', "readonly", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "[-dpv] [-k keyfile] prov"
+ NULL, "[-dprv] [-k keyfile] prov"
},
{ "detach", 0, NULL,
{
- { 'f', "force", NULL, G_TYPE_NONE },
- { 'l', "last", NULL, G_TYPE_NONE },
+ { 'f', "force", NULL, G_TYPE_BOOL },
+ { 'l', "last", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "[-fl] prov ..."
+ NULL, "[-fl] prov ..."
},
{ "stop", 0, NULL,
{
- { 'f', "force", NULL, G_TYPE_NONE },
- { 'l', "last", NULL, G_TYPE_NONE },
+ { 'f', "force", NULL, G_TYPE_BOOL },
+ { 'l', "last", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "- an alias for 'detach'"
+ NULL, "- an alias for 'detach'"
},
{ "onetime", G_FLAG_VERBOSE | G_FLAG_LOADKLD, NULL,
{
- { 'a', "algo", algo, G_TYPE_STRING },
- { 'd', "detach", NULL, G_TYPE_NONE },
+ { 'a', "aalgo", aalgo, G_TYPE_STRING },
+ { 'd', "detach", NULL, G_TYPE_BOOL },
+ { 'e', "ealgo", ealgo, G_TYPE_STRING },
{ 'l', "keylen", &keylen, G_TYPE_NUMBER },
{ 's', "sectorsize", §orsize, G_TYPE_NUMBER },
G_OPT_SENTINEL
},
- "[-d] [-a algo] [-l keylen] [-s sectorsize] prov ..."
+ NULL, "[-d] [-a aalgo] [-e ealgo] [-l keylen] [-s sectorsize] prov ..."
+ },
+ { "configure", G_FLAG_VERBOSE, eli_main,
+ {
+ { 'b', "boot", NULL, G_TYPE_BOOL },
+ { 'B', "noboot", NULL, G_TYPE_BOOL },
+ G_OPT_SENTINEL
+ },
+ NULL, "[-bB] prov ..."
},
{ "setkey", G_FLAG_VERBOSE, eli_main,
{
@@ -158,38 +172,38 @@
{ 'k', "keyfile", keyfile, G_TYPE_STRING },
{ 'K', "newkeyfile", newkeyfile, G_TYPE_STRING },
{ 'n', "keyno", &keyno, G_TYPE_NUMBER },
- { 'p', "nopassphrase", NULL, G_TYPE_NONE },
- { 'P', "nonewpassphrase", NULL, G_TYPE_NONE },
+ { 'p', "nopassphrase", NULL, G_TYPE_BOOL },
+ { 'P', "nonewpassphrase", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "[-pPv] [-n keyno] [-i iterations] [-k keyfile] [-K newkeyfile] prov"
+ NULL, "[-pPv] [-n keyno] [-i iterations] [-k keyfile] [-K newkeyfile] prov"
},
{ "delkey", G_FLAG_VERBOSE, eli_main,
{
- { 'a', "all", NULL, G_TYPE_NONE },
- { 'f', "force", NULL, G_TYPE_NONE },
+ { 'a', "all", NULL, G_TYPE_BOOL },
+ { 'f', "force", NULL, G_TYPE_BOOL },
{ 'n', "keyno", &keyno, G_TYPE_NUMBER },
G_OPT_SENTINEL
},
- "[-afv] [-n keyno] prov"
+ NULL, "[-afv] [-n keyno] prov"
},
{ "kill", G_FLAG_VERBOSE, eli_main,
{
- { 'a', "all", NULL, G_TYPE_NONE },
+ { 'a', "all", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "[-av] [prov ...]"
+ NULL, "[-av] [prov ...]"
},
- { "backup", G_FLAG_VERBOSE, eli_main, G_NULL_OPTS,
+ { "backup", G_FLAG_VERBOSE, eli_main, G_NULL_OPTS, NULL,
"[-v] prov file"
},
- { "restore", G_FLAG_VERBOSE, eli_main, G_NULL_OPTS,
+ { "restore", G_FLAG_VERBOSE, eli_main, G_NULL_OPTS, NULL,
"[-v] file prov"
},
- { "clear", G_FLAG_VERBOSE, eli_main, G_NULL_OPTS,
+ { "clear", G_FLAG_VERBOSE, eli_main, G_NULL_OPTS, NULL,
"[-v] prov ..."
},
- { "dump", G_FLAG_VERBOSE, eli_main, G_NULL_OPTS,
+ { "dump", G_FLAG_VERBOSE, eli_main, G_NULL_OPTS, NULL,
"[-v] prov ..."
},
G_CMD_SENTINEL
@@ -238,6 +252,8 @@
eli_init(req);
else if (strcmp(name, "attach") == 0)
eli_attach(req);
+ else if (strcmp(name, "configure") == 0)
+ eli_configure(req);
else if (strcmp(name, "setkey") == 0)
eli_setkey(req);
else if (strcmp(name, "delkey") == 0)
@@ -390,7 +406,7 @@
}
}
/*
- * If md_iterations is equal to 0, user don't want PKCS5v2.
+ * If md_iterations is equal to 0, user don't want PKCS#5v2.
*/
if (md->md_iterations == 0) {
g_eli_crypto_hmac_update(&ctx, md->md_salt,
@@ -506,7 +522,7 @@
nargs = gctl_get_int(req, "nargs");
if (nargs != 1) {
- gctl_error(req, "Too few arguments.");
+ gctl_error(req, "Invalid number of arguments.");
return;
}
prov = gctl_get_ascii(req, "arg0");
@@ -524,16 +540,44 @@
md.md_flags = 0;
if (gctl_get_int(req, "boot"))
md.md_flags |= G_ELI_FLAG_BOOT;
- str = gctl_get_ascii(req, "algo");
- md.md_algo = g_eli_str2algo(str);
- if (md.md_algo < CRYPTO_ALGORITHM_MIN ||
- md.md_algo > CRYPTO_ALGORITHM_MAX) {
- gctl_error(req, "Invalid encryption algorithm.");
- return;
+ md.md_ealgo = CRYPTO_ALGORITHM_MIN - 1;
+ str = gctl_get_ascii(req, "aalgo");
+ if (strcmp(str, "none") != 0) {
+ md.md_aalgo = g_eli_str2aalgo(str);
+ if (md.md_aalgo >= CRYPTO_ALGORITHM_MIN &&
+ md.md_aalgo <= CRYPTO_ALGORITHM_MAX) {
+ md.md_flags |= G_ELI_FLAG_AUTH;
+ } else {
+ /*
+ * For backward compatibility, check if the -a option
+ * was used to provide encryption algorithm.
+ */
+ md.md_ealgo = g_eli_str2ealgo(str);
+ if (md.md_ealgo < CRYPTO_ALGORITHM_MIN ||
+ md.md_ealgo > CRYPTO_ALGORITHM_MAX) {
+ gctl_error(req,
+ "Invalid authentication algorithm.");
+ return;
+ } else {
+ fprintf(stderr, "warning: The -e option, not "
+ "the -a option is now used to specify "
+ "encryption algorithm to use.\n");
+ }
+ }
+ }
+ if (md.md_ealgo < CRYPTO_ALGORITHM_MIN ||
+ md.md_ealgo > CRYPTO_ALGORITHM_MAX) {
+ str = gctl_get_ascii(req, "ealgo");
+ md.md_ealgo = g_eli_str2ealgo(str);
+ if (md.md_ealgo < CRYPTO_ALGORITHM_MIN ||
+ md.md_ealgo > CRYPTO_ALGORITHM_MAX) {
+ gctl_error(req, "Invalid encryption algorithm.");
+ return;
+ }
}
val = gctl_get_intmax(req, "keylen");
md.md_keylen = val;
- md.md_keylen = g_eli_keylen(md.md_algo, md.md_keylen);
+ md.md_keylen = g_eli_keylen(md.md_ealgo, md.md_keylen);
if (md.md_keylen == 0) {
gctl_error(req, "Invalid key length.");
return;
@@ -565,6 +609,10 @@
gctl_error(req, "Invalid sector size.");
return;
}
+ if (val > sysconf(_SC_PAGE_SIZE)) {
+ gctl_error(req, "warning: Using sectorsize bigger than "
+ "the page size!");
+ }
md.md_sectorsize = val;
}
@@ -580,7 +628,7 @@
}
/* Encrypt the first and the only Master Key. */
- error = g_eli_mkey_encrypt(md.md_algo, key, md.md_keylen, md.md_mkeys);
+ error = g_eli_mkey_encrypt(md.md_ealgo, key, md.md_keylen, md.md_mkeys);
bzero(key, sizeof(key));
if (error != 0) {
bzero(&md, sizeof(md));
@@ -612,7 +660,7 @@
nargs = gctl_get_int(req, "nargs");
if (nargs != 1) {
- gctl_error(req, "Too few arguments.");
+ gctl_error(req, "Invalid number of arguments.");
return;
}
prov = gctl_get_ascii(req, "arg0");
@@ -628,27 +676,97 @@
gctl_ro_param(req, "key", sizeof(key), key);
if (gctl_issue(req) == NULL) {
if (verbose)
- printf("Attched to %s.\n", prov);
+ printf("Attached to %s.\n", prov);
}
bzero(key, sizeof(key));
}
static void
+eli_configure_detached(struct gctl_req *req, const char *prov, int boot)
+{
+ struct g_eli_metadata md;
+
+ if (eli_metadata_read(req, prov, &md) == -1)
+ return;
+
+ if (boot && (md.md_flags & G_ELI_FLAG_BOOT)) {
+ if (verbose)
+ printf("BOOT flag already configured for %s.\n", prov);
+ } else if (!boot && !(md.md_flags & G_ELI_FLAG_BOOT)) {
+ if (verbose)
+ printf("BOOT flag not configured for %s.\n", prov);
+ } else {
+ if (boot)
+ md.md_flags |= G_ELI_FLAG_BOOT;
+ else
+ md.md_flags &= ~G_ELI_FLAG_BOOT;
+ eli_metadata_store(req, prov, &md);
+ }
+ bzero(&md, sizeof(md));
+}
+
+static void
+eli_configure(struct gctl_req *req)
+{
+ const char *prov;
+ int i, nargs, boot, noboot;
+
+ nargs = gctl_get_int(req, "nargs");
+ if (nargs == 0) {
+ gctl_error(req, "Too few arguments.");
+ return;
+ }
+
+ boot = gctl_get_int(req, "boot");
+ noboot = gctl_get_int(req, "noboot");
+
+ if (boot && noboot) {
+ gctl_error(req, "Options -b and -B are mutually exclusive.");
+ return;
+ }
+ if (!boot && !noboot) {
+ gctl_error(req, "No option given.");
+ return;
+ }
+
+ /* First attached providers. */
+ gctl_issue(req);
+ /* Now the rest. */
+ for (i = 0; i < nargs; i++) {
+ prov = gctl_get_ascii(req, "arg%d", i);
+ if (!eli_is_attached(prov))
+ eli_configure_detached(req, prov, boot);
+ }
+}
+
+static void
eli_setkey_attached(struct gctl_req *req, struct g_eli_metadata *md)
{
unsigned char key[G_ELI_USERKEYLEN];
- intmax_t val;
+ intmax_t val, old = 0;
+ int error;
val = gctl_get_intmax(req, "iterations");
/* Check if iterations number should be changed. */
if (val != -1)
md->md_iterations = val;
+ else
+ old = md->md_iterations;
/* Generate key for Master Key encryption. */
if (eli_genkey(req, md, key, 1) == NULL) {
bzero(key, sizeof(key));
return;
}
+ /*
+ * If number of iterations has changed, but wasn't given as a
+ * command-line argument, update the request.
+ */
+ if (val == -1 && md->md_iterations != old) {
+ error = gctl_change_param(req, "iterations", sizeof(intmax_t),
+ &md->md_iterations);
+ assert(error == 0);
+ }
gctl_ro_param(req, "key", sizeof(key), key);
gctl_issue(req);
@@ -734,7 +852,7 @@
}
/* Encrypt the Master-Key with the new key. */
- error = g_eli_mkey_encrypt(md->md_algo, key, md->md_keylen, mkeydst);
+ error = g_eli_mkey_encrypt(md->md_ealgo, key, md->md_keylen, mkeydst);
bzero(key, sizeof(key));
if (error != 0) {
bzero(md, sizeof(*md));
@@ -757,7 +875,7 @@
nargs = gctl_get_int(req, "nargs");
if (nargs != 1) {
- gctl_error(req, "Too few arguments.");
+ gctl_error(req, "Invalid number of arguments.");
return;
}
prov = gctl_get_ascii(req, "arg0");
@@ -831,7 +949,7 @@
nargs = gctl_get_int(req, "nargs");
if (nargs != 1) {
- gctl_error(req, "Too few arguments.");
+ gctl_error(req, "Invalid number of arguments.");
return;
}
prov = gctl_get_ascii(req, "arg0");
@@ -887,25 +1005,21 @@
* How '-a' option combine with a list of providers:
* Delete Master Keys from all attached providers:
* geli kill -a
- * Delete Master Keys from all attached provider and from
+ * Delete Master Keys from all attached providers and from
* detached da0 and da1:
* geli kill -a da0 da1
* Delete Master Keys from (attached or detached) da0 and da1:
* geli kill da0 da1
*/
- /*
- * First attached providers.
- */
- gctl_issue(req);
- /*
- * Now the rest.
- */
+ /* First detached providers. */
for (i = 0; i < nargs; i++) {
prov = gctl_get_ascii(req, "arg%d", i);
if (!eli_is_attached(prov))
eli_kill_detached(req, prov);
}
+ /* Now attached providers. */
+ gctl_issue(req);
}
static void
@@ -939,7 +1053,7 @@
}
if (provfd == -1) {
gctl_error(req, "Cannot open %s: %s.", prov, strerror(errno));
- return;
+ goto out;
}
filefd = open(file, O_WRONLY | O_TRUNC | O_CREAT, 0600);
if (filefd == -1) {
@@ -952,13 +1066,13 @@
if (mediasize == 0 || secsize == 0) {
gctl_error(req, "Cannot get informations about %s: %s.", prov,
strerror(errno));
- return;
+ goto out;
}
sector = malloc(secsize);
if (sector == NULL) {
gctl_error(req, "Cannot allocate memory.");
- return;
+ goto out;
}
/* Read metadata from the provider. */
@@ -1025,7 +1139,7 @@
}
if (provfd == -1) {
gctl_error(req, "Cannot open %s: %s.", prov, strerror(errno));
- return;
+ goto out;
}
mediasize = g_get_mediasize(prov);
@@ -1033,13 +1147,13 @@
if (mediasize == 0 || secsize == 0) {
gctl_error(req, "Cannot get informations about %s: %s.", prov,
strerror(errno));
- return;
+ goto out;
}
sector = malloc(secsize);
if (sector == NULL) {
gctl_error(req, "Cannot allocate memory.");
- return;
+ goto out;
}
/* Read metadata from the backup file. */
@@ -1053,7 +1167,7 @@
gctl_error(req, "MD5 hash mismatch: not a geli backup file?");
goto out;
}
- /* Read metadata from the provider. */
+ /* Write metadata from the provider. */
if (pwrite(provfd, sector, secsize, mediasize - secsize) !=
(ssize_t)secsize) {
gctl_error(req, "Cannot write metadata: %s.", strerror(errno));
Index: Makefile
===================================================================
RCS file: /home/cvs/src/sbin/geom/class/eli/Makefile,v
retrieving revision 1.2
retrieving revision 1.3
diff -L sbin/geom/class/eli/Makefile -L sbin/geom/class/eli/Makefile -u -r1.2 -r1.3
--- sbin/geom/class/eli/Makefile
+++ sbin/geom/class/eli/Makefile
@@ -1,5 +1,4 @@
-# $FreeBSD: src/sbin/geom/class/eli/Makefile,v 1.3.2.1 2005/08/05 19:58:13 pjd Exp $
-# $MidnightBSD$
+# $FreeBSD: src/sbin/geom/class/eli/Makefile,v 1.3 2005/07/29 10:06:57 pjd Exp $
.PATH: ${.CURDIR}/../../misc ${.CURDIR}/../../../../sys/geom/eli ${.CURDIR}/../../../../sys/crypto/sha2
Index: geli.8
===================================================================
RCS file: /home/cvs/src/sbin/geom/class/eli/geli.8,v
retrieving revision 1.2
retrieving revision 1.3
diff -L sbin/geom/class/eli/geli.8 -L sbin/geom/class/eli/geli.8 -u -r1.2 -r1.3
--- sbin/geom/class/eli/geli.8
+++ sbin/geom/class/eli/geli.8
@@ -1,4 +1,4 @@
-.\" Copyright (c) 2005 Pawel Jakub Dawidek <pjd at FreeBSD.org>
+.\" Copyright (c) 2005-2006 Pawel Jakub Dawidek <pjd at FreeBSD.org>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -22,10 +22,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD: src/sbin/geom/class/eli/geli.8,v 1.2.2.5 2006/03/01 17:52:15 pjd Exp $
-.\" $MidnightBSD$
+.\" $FreeBSD: src/sbin/geom/class/eli/geli.8,v 1.22 2007/09/01 06:33:01 pjd Exp $
.\"
-.Dd February 11, 2006
+.Dd September 16, 2006
.Dt GELI 8
.Os
.Sh NAME
@@ -53,7 +52,8 @@
.Nm
.Cm init
.Op Fl bPv
-.Op Fl a Ar algo
+.Op Fl a Ar aalgo
+.Op Fl e Ar ealgo
.Op Fl i Ar iterations
.Op Fl K Ar newkeyfile
.Op Fl l Ar keylen
@@ -64,7 +64,7 @@
.Cm init
.Nm
.Cm attach
-.Op Fl dpv
+.Op Fl dprv
.Op Fl k Ar keyfile
.Ar prov
.Nm
@@ -77,11 +77,16 @@
.Nm
.Cm onetime
.Op Fl d
-.Op Fl a Ar algo
+.Op Fl a Ar aalgo
+.Op Fl e Ar ealgo
.Op Fl l Ar keylen
.Op Fl s Ar sectorsize
.Ar prov ...
.Nm
+.Cm configure
+.Op Fl bB
+.Ar prov ...
+.Nm
.Cm setkey
.Op Fl pPv
.Op Fl i Ar iterations
@@ -141,10 +146,21 @@
.It
Supports many cryptographic algorithms (currently
.Nm AES ,
-.Nm Blowfish
+.Nm Blowfish ,
+.Nm Camellia
and
.Nm 3DES ) .
.It
+Can optionally perform data authentication (integrity verification) utilizing
+one of the following algorithms:
+.Nm HMAC/MD5 ,
+.Nm HMAC/SHA1 ,
+.Nm HMAC/RIPEMD160 ,
+.Nm HMAC/SHA256 ,
+.Nm HMAC/SHA384
+or
+.Nm HMAC/SHA512 .
+.It
Can create a key from a couple of components (user entered passphrase, random
bits from a file, etc.).
.It
@@ -152,7 +168,7 @@
passphrase before the root file system is mounted.
.It
The passphrase of the user is strengthened with:
-.Rs
+.Rs
.%A B. Kaliski
.%T "PKCS #5: Password-Based Cryptography Specification, Version 2.0."
.%R RFC
@@ -164,7 +180,7 @@
and
.Qq "company key" ) .
.It
-It is fast -
+It is fast -
.Nm
performs simple sector-to-sector encryption.
.It
@@ -178,24 +194,42 @@
.It
Allows to attach a provider with a random, one-time key - useful for swap
partitions and temporary file systems.
+.It
+Allows to verify data integrity (data authentication).
.El
.Pp
The first argument to
.Nm
indicates an action to be performed:
-.Bl -tag -width ".Cm onetime"
+.Bl -tag -width ".Cm configure"
.It Cm init
Initialize provider which needs to be encrypted.
Here you can set up the cryptographic algorithm to use, key length, etc.
The last provider's sector is used to store metadata.
.Pp
Additional options include:
-.Bl -tag -width ".Fl a Ar algo"
-.It Fl a Ar algo
+.Bl -tag -width ".Fl a Ar aalgo"
+.It Fl a Ar aalgo
+Enable data integrity verification (authentication) using the given algorithm.
+This will reduce size of available storage and also reduce speed.
+For example, when using 4096 bytes sector and
+.Nm HMAC/SHA256
+algorithm, 89% of the original provider storage will be available for use.
+Currently supported algorithms are:
+.Nm HMAC/MD5 ,
+.Nm HMAC/SHA1 ,
+.Nm HMAC/RIPEMD160 ,
+.Nm HMAC/SHA256 ,
+.Nm HMAC/SHA384
+and
+.Nm HMAC/SHA512 .
+If the option is not given, there will be no authentication, only encryption.
+.It Fl e Ar ealgo
Encryption algorithm to use.
Currently supported algorithms are:
.Nm AES ,
-.Nm Blowfish
+.Nm Blowfish ,
+.Nm Camellia
and
.Nm 3DES .
The default is
@@ -228,7 +262,9 @@
128 for
.Nm AES ,
128 for
-.Nm Blowfish
+.Nm Blowfish ,
+128 for
+.Nm Camellia
and 192 for
.Nm 3DES .
.It Fl s Ar sectorsize
@@ -260,6 +296,9 @@
option for the
.Cm detach
subcommand.
+.It Fl r
+Attach read-only provider.
+It will not be opened for writing.
.It Fl k Ar keyfile
Specifies a file which contains part of the key.
For more information see the description of the
@@ -290,8 +329,13 @@
The command can be used to encrypt swap partitions or temporary file systems.
.Pp
Additional options include:
-.Bl -tag -width ".Fl a Ar algo"
-.It Fl a Ar algo
+.Bl -tag -width ".Fl a Ar aalgo"
+.It Fl a Ar aalgo
+Enable data integrity verification (authentication).
+For more information, see the description of the
+.Cm init
+subcommand.
+.It Fl e Ar ealgo
Encryption algorithm to use.
For more information, see the description of the
.Cm init
@@ -315,6 +359,19 @@
.Cm init
subcommand.
.El
+.It Cm configure
+Change configuration of the given providers.
+.Pp
+Additional options include:
+.Bl -tag -width ".Fl b"
+.It Fl b
+Set the BOOT flag on the given providers.
+For more information, see the description of the
+.Cm init
+subcommand.
+.It Fl B
+Remove the BOOT flag from the given providers.
+.El
.It Cm setkey
Change or setup (if not yet initialized) selected key.
There is one master key, which can be encrypted with two independent user keys.
@@ -378,6 +435,9 @@
(if it is attached).
This is absolutely a one-way command - if you do not have a metadata
backup, your data is gone for good.
+In case the provider was attached with the
+.Fl r
+flag, the keys will not be destroyed, only the provider will be detached.
.Bl -tag -width ".Fl a Ar algo"
.It Fl a
If specified, all currently attached providers will be killed.
@@ -416,6 +476,8 @@
.Nm ELI
GEOM class.
The default value is shown next to each variable.
+All variables can also be set in
+.Pa /boot/loader.conf .
.Bl -tag -width indent
.It Va kern.geom.eli.debug : No 0
Debug level of the
@@ -425,8 +487,6 @@
If set to 0, minimal debug information is printed.
If set to 3, the
maximum amount of debug information is printed.
-This variable could be set in
-.Pa /boot/loader.conf .
.It Va kern.geom.eli.tries : No 3
Number of times a user is asked for the passphrase.
This is only used for providers which should be attached on boot
@@ -452,8 +512,11 @@
Its purpose is to increase performance on SMP systems.
If hardware acceleration is available, only one thread will be started.
If set to 0, CPU-bound thread will be started for every active CPU.
-This variable could be set in
-.Pa /boot/loader.conf .
+.It Va kern.geom.eli.batch : No 0
+When set to 1, can speed-up crypto operations by using batching.
+Batching allows to reduce number of interrupts by responding on a group of
+crypto requests with one interrupt.
+The crypto card and the driver has to support this feature.
.El
.Sh EXIT STATUS
Exit status is 0 on success, and 1 if the command fails.
@@ -509,7 +572,7 @@
Encrypted swap partition setup:
.Bd -literal -offset indent
# dd if=/dev/random of=/dev/ad0s1b bs=1m
-# geli onetime -d -a 3des ad0s1b
+# geli onetime -d -e 3des ad0s1b
# swapon /dev/ad0s1b.eli
.Ed
.Pp
@@ -547,6 +610,39 @@
geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0"
geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"
.Ed
+.Pp
+Not only configure encryption, but also data integrity verification using
+.Nm HMAC/SHA256 .
+.Bd -literal -offset indent
+# geli init -a hmac/sha256 -s 4096 /dev/da0
+Enter new passphrase:
+Reenter new passphrase:
+# geli attach /dev/da0
+Enter passphrase:
+# dd if=/dev/random of=/dev/da0.eli bs=1m
+# newfs /dev/da0.eli
+# mount /dev/da0.eli /mnt/secret
+.Ed
+.Sh DATA AUTHENTICATION
+.Nm
+can verify data integrity when an authentication algorithm is specified.
+When data corruption/modification is detected,
+.Nm
+will not return any data, but instead will return an error
+.Pq Er EINVAL .
+The offset and size of the corrupted data will be printed on the console.
+It is important to know against which attacks
+.Nm
+provides protection for your data.
+If data is modified in-place or copied from one place on the disk
+to another even without modification,
+.Nm
+should be able to detect such a change.
+If an attacker can remember the encrypted data, he can overwrite any future
+changes with the data he owns without notice.
+In other words
+.Nm
+will not protect your data against replay attacks.
.Sh SEE ALSO
.Xr crypto 4 ,
.Xr gbde 4 ,
@@ -560,5 +656,9 @@
.Nm
utility appeared in
.Fx 6.0 .
+Support for
+.Nm Camellia
+block cipher is implemented by Yoshisato Yanagisawa in
+.Fx 7.0 .
.Sh AUTHORS
.An Pawel Jakub Dawidek Aq pjd at FreeBSD.org
Index: geom_label.c
===================================================================
RCS file: /home/cvs/src/sbin/geom/class/label/geom_label.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -L sbin/geom/class/label/geom_label.c -L sbin/geom/class/label/geom_label.c -u -r1.2 -r1.3
--- sbin/geom/class/label/geom_label.c
+++ sbin/geom/class/label/geom_label.c
@@ -25,7 +25,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sbin/geom/class/label/geom_label.c,v 1.6.2.2 2006/04/05 22:20:43 pjd Exp $");
+__FBSDID("$FreeBSD: src/sbin/geom/class/label/geom_label.c,v 1.10 2007/05/15 20:25:16 marcel Exp $");
#include <sys/param.h>
#include <errno.h>
@@ -50,31 +50,31 @@
static void label_label(struct gctl_req *req);
struct g_command class_commands[] = {
- { "clear", G_FLAG_VERBOSE, label_main, G_NULL_OPTS,
+ { "clear", G_FLAG_VERBOSE, label_main, G_NULL_OPTS, NULL,
"[-v] dev ..."
},
{ "create", G_FLAG_VERBOSE | G_FLAG_LOADKLD, NULL, G_NULL_OPTS,
- "[-v] name dev"
+ NULL, "[-v] name dev"
},
{ "destroy", G_FLAG_VERBOSE, NULL,
{
- { 'f', "force", NULL, G_TYPE_NONE },
+ { 'f', "force", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "[-fv] name ..."
+ NULL, "[-fv] name ..."
},
- { "dump", 0, label_main, G_NULL_OPTS,
+ { "dump", 0, label_main, G_NULL_OPTS, NULL,
"dev ..."
},
{ "label", G_FLAG_VERBOSE | G_FLAG_LOADKLD, label_main, G_NULL_OPTS,
- "[-v] name dev"
+ NULL, "[-v] name dev"
},
{ "stop", G_FLAG_VERBOSE, NULL,
{
- { 'f', "force", NULL, G_TYPE_NONE },
+ { 'f', "force", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "[-fv] name ..."
+ NULL, "[-fv] name ..."
},
G_CMD_SENTINEL
};
Index: gmirror.8
===================================================================
RCS file: /home/cvs/src/sbin/geom/class/mirror/gmirror.8,v
retrieving revision 1.2
retrieving revision 1.3
diff -L sbin/geom/class/mirror/gmirror.8 -L sbin/geom/class/mirror/gmirror.8 -u -r1.2 -r1.3
--- sbin/geom/class/mirror/gmirror.8
+++ sbin/geom/class/mirror/gmirror.8
@@ -22,9 +22,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD: src/sbin/geom/class/mirror/gmirror.8,v 1.16.2.3 2006/03/20 15:48:55 pjd Exp $
+.\" $FreeBSD: src/sbin/geom/class/mirror/gmirror.8,v 1.23 2006/12/21 18:30:23 ceri Exp $
.\"
-.Dd March 8, 2006
+.Dd November 1, 2006
.Dt GMIRROR 8
.Os
.Sh NAME
@@ -33,7 +33,7 @@
.Sh SYNOPSIS
.Nm
.Cm label
-.Op Fl hnv
+.Op Fl Fhnv
.Op Fl b Ar balance
.Op Fl s Ar slice
.Ar name
@@ -44,7 +44,7 @@
.Ar prov ...
.Nm
.Cm configure
-.Op Fl adhnv
+.Op Fl adfFhnv
.Op Fl b Ar balance
.Op Fl s Ar slice
.Ar name
@@ -83,10 +83,6 @@
.Op Fl fv
.Ar name ...
.Nm
-.Cm clear
-.Op Fl v
-.Ar prov ...
-.Nm
.Cm dump
.Ar prov ...
.Nm
@@ -120,7 +116,9 @@
Create a mirror.
The order of components is important, because a component's priority is based on its position
(starting from 0).
-The component with the biggest priority is used by the prefer balance algorithm
+The component with the biggest priority is used by the
+.Cm prefer
+balance algorithm
and is also used as a master component when resynchronization is needed,
e.g.\& after a power failure when the device was open for writing.
.Pp
@@ -140,6 +138,9 @@
where N is the number of active components.
This is the default balance algorithm.
.El
+.It Fl F
+Do not synchronize after a power failure or system crash.
+Assumes device is in consistent state.
.It Fl h
Hardcode providers' names in metadata.
.It Fl n
@@ -165,6 +166,11 @@
Specifies balance algorithm to use.
.It Fl d
Do not hardcode providers' names in metadata.
+.It Fl f
+Synchronize device after a power failure or system crash.
+.It Fl F
+Do not synchronize after a power failure or system crash.
+Assumes device is in consistent state.
.It Fl h
Hardcode providers' names in metadata.
.It Fl n
@@ -291,7 +297,8 @@
First of all, a kernel dump will go only to one component and
.Nm
always chooses the component with the highest priority.
-Reading a dump from the mirror on boot will only work if the prefer
+Reading a dump from the mirror on boot will only work if the
+.Cm prefer
balance algorithm is used (that way
.Nm
will read only from the component with the highest priority).
@@ -320,7 +327,6 @@
If on the next boot a component with the highest priority will be synchronized,
the prefer balance algorithm will read from the next one, thus will find nothing
there.
-.Ed
.Sh SEE ALSO
.Xr geom 4 ,
.Xr dumpon 8 ,
Index: geom_mirror.c
===================================================================
RCS file: /home/cvs/src/sbin/geom/class/mirror/geom_mirror.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -L sbin/geom/class/mirror/geom_mirror.c -L sbin/geom/class/mirror/geom_mirror.c -u -r1.2 -r1.3
--- sbin/geom/class/mirror/geom_mirror.c
+++ sbin/geom/class/mirror/geom_mirror.c
@@ -25,7 +25,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sbin/geom/class/mirror/geom_mirror.c,v 1.10.2.2 2006/03/20 15:48:55 pjd Exp $");
+__FBSDID("$FreeBSD: src/sbin/geom/class/mirror/geom_mirror.c,v 1.17 2007/05/15 20:25:16 marcel Exp $");
#include <sys/param.h>
#include <errno.h>
@@ -56,64 +56,67 @@
static void mirror_label(struct gctl_req *req);
struct g_command class_commands[] = {
- { "activate", G_FLAG_VERBOSE, mirror_main, G_NULL_OPTS,
+ { "activate", G_FLAG_VERBOSE, mirror_main, G_NULL_OPTS, NULL,
"[-v] name prov ..."
},
- { "clear", G_FLAG_VERBOSE, mirror_main, G_NULL_OPTS,
+ { "clear", G_FLAG_VERBOSE, mirror_main, G_NULL_OPTS, NULL,
"[-v] prov ..."
},
{ "configure", G_FLAG_VERBOSE, NULL,
{
- { 'a', "autosync", NULL, G_TYPE_NONE },
+ { 'a', "autosync", NULL, G_TYPE_BOOL },
{ 'b', "balance", configure_balance, G_TYPE_STRING },
- { 'd', "dynamic", NULL, G_TYPE_NONE },
- { 'h', "hardcode", NULL, G_TYPE_NONE },
- { 'n', "noautosync", NULL, G_TYPE_NONE },
+ { 'd', "dynamic", NULL, G_TYPE_BOOL },
+ { 'f', "failsync", NULL, G_TYPE_BOOL },
+ { 'F', "nofailsync", NULL, G_TYPE_BOOL },
+ { 'h', "hardcode", NULL, G_TYPE_BOOL },
+ { 'n', "noautosync", NULL, G_TYPE_BOOL },
{ 's', "slice", &configure_slice, G_TYPE_NUMBER },
G_OPT_SENTINEL
},
- "[-adhnv] [-b balance] [-s slice] name"
+ NULL, "[-adfFhnv] [-b balance] [-s slice] name"
},
- { "deactivate", G_FLAG_VERBOSE, NULL, G_NULL_OPTS,
+ { "deactivate", G_FLAG_VERBOSE, NULL, G_NULL_OPTS, NULL,
"[-v] name prov ..."
},
- { "dump", 0, mirror_main, G_NULL_OPTS,
+ { "dump", 0, mirror_main, G_NULL_OPTS, NULL,
"prov ..."
},
- { "forget", G_FLAG_VERBOSE, NULL, G_NULL_OPTS,
+ { "forget", G_FLAG_VERBOSE, NULL, G_NULL_OPTS, NULL,
"name ..."
},
{ "label", G_FLAG_VERBOSE, mirror_main,
{
{ 'b', "balance", label_balance, G_TYPE_STRING },
- { 'h', "hardcode", NULL, G_TYPE_NONE },
- { 'n', "noautosync", NULL, G_TYPE_NONE },
+ { 'F', "nofailsync", NULL, G_TYPE_BOOL },
+ { 'h', "hardcode", NULL, G_TYPE_BOOL },
+ { 'n', "noautosync", NULL, G_TYPE_BOOL },
{ 's', "slice", &label_slice, G_TYPE_NUMBER },
G_OPT_SENTINEL
},
- "[-hnv] [-b balance] [-s slice] name prov ..."
+ NULL, "[-Fhnv] [-b balance] [-s slice] name prov ..."
},
{ "insert", G_FLAG_VERBOSE, NULL,
{
- { 'h', "hardcode", NULL, G_TYPE_NONE },
- { 'i', "inactive", NULL, G_TYPE_NONE },
+ { 'h', "hardcode", NULL, G_TYPE_BOOL },
+ { 'i', "inactive", NULL, G_TYPE_BOOL },
{ 'p', "priority", &insert_priority, G_TYPE_NUMBER },
G_OPT_SENTINEL
},
- "[-hiv] [-p priority] name prov ..."
+ NULL, "[-hiv] [-p priority] name prov ..."
},
- { "rebuild", G_FLAG_VERBOSE, NULL, G_NULL_OPTS,
+ { "rebuild", G_FLAG_VERBOSE, NULL, G_NULL_OPTS, NULL,
"[-v] name prov ..."
},
- { "remove", G_FLAG_VERBOSE, NULL, G_NULL_OPTS,
+ { "remove", G_FLAG_VERBOSE, NULL, G_NULL_OPTS, NULL,
"[-v] name prov ..."
},
{ "stop", G_FLAG_VERBOSE, NULL,
{
- { 'f', "force", NULL, G_TYPE_NONE },
+ { 'f', "force", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "[-fv] name ..."
+ NULL, "[-fv] name ..."
},
G_CMD_SENTINEL
};
@@ -154,7 +157,7 @@
unsigned sectorsize;
off_t mediasize;
intmax_t val;
- int error, i, nargs, bal, hardcode, noautosync;
+ int error, i, nargs, bal, hardcode;
nargs = gctl_get_int(req, "nargs");
if (nargs < 2) {
@@ -182,9 +185,10 @@
return;
}
md.md_balance = bal;
- noautosync = gctl_get_int(req, "noautosync");
- if (noautosync)
+ if (gctl_get_int(req, "noautosync"))
md.md_mflags |= G_MIRROR_DEVICE_FLAG_NOAUTOSYNC;
+ if (gctl_get_int(req, "nofailsync"))
+ md.md_mflags |= G_MIRROR_DEVICE_FLAG_NOFAILSYNC;
hardcode = gctl_get_int(req, "hardcode");
/*
@@ -215,6 +219,7 @@
}
md.md_mediasize = mediasize;
md.md_sectorsize = sectorsize;
+ md.md_mediasize -= (md.md_mediasize % md.md_sectorsize);
/*
* Clear last sector first, to spoil all components if device exists.
Index: geom_nop.c
===================================================================
RCS file: /home/cvs/src/sbin/geom/class/nop/geom_nop.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -L sbin/geom/class/nop/geom_nop.c -L sbin/geom/class/nop/geom_nop.c -u -r1.2 -r1.3
--- sbin/geom/class/nop/geom_nop.c
+++ sbin/geom/class/nop/geom_nop.c
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2004 Pawel Jakub Dawidek <pjd at FreeBSD.org>
+ * Copyright (c) 2004-2006 Pawel Jakub Dawidek <pjd at FreeBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -25,7 +25,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sbin/geom/class/nop/geom_nop.c,v 1.6.2.2 2006/04/05 22:20:43 pjd Exp $");
+__FBSDID("$FreeBSD: src/sbin/geom/class/nop/geom_nop.c,v 1.11 2007/05/15 20:25:17 marcel Exp $");
#include <stdio.h>
#include <stdint.h>
@@ -38,7 +38,9 @@
uint32_t lib_version = G_LIB_VERSION;
uint32_t version = G_NOP_VERSION;
-static intmax_t failprob = 0;
+static intmax_t error = -1;
+static intmax_t rfailprob = -1;
+static intmax_t wfailprob = -1;
static intmax_t offset = 0;
static intmax_t secsize = 0;
static intmax_t size = 0;
@@ -46,29 +48,34 @@
struct g_command class_commands[] = {
{ "create", G_FLAG_VERBOSE | G_FLAG_LOADKLD, NULL,
{
- { 'f', "failprob", &failprob, G_TYPE_NUMBER },
+ { 'e', "error", &error, G_TYPE_NUMBER },
{ 'o', "offset", &offset, G_TYPE_NUMBER },
+ { 'r', "rfailprob", &rfailprob, G_TYPE_NUMBER },
{ 's', "size", &size, G_TYPE_NUMBER },
{ 'S', "secsize", &secsize, G_TYPE_NUMBER },
+ { 'w', "wfailprob", &wfailprob, G_TYPE_NUMBER },
G_OPT_SENTINEL
},
- "[-v] [-f failprob] [-o offset] [-s size] [-S secsize] dev ..."
+ NULL, "[-v] [-e error] [-o offset] [-r rfailprob] [-s size] "
+ "[-S secsize] [-w wfailprob] dev ..."
},
{ "configure", G_FLAG_VERBOSE, NULL,
{
- { 'f', "failprob", &failprob, G_TYPE_NUMBER },
+ { 'e', "error", &error, G_TYPE_NUMBER },
+ { 'r', "rfailprob", &rfailprob, G_TYPE_NUMBER },
+ { 'w', "wfailprob", &wfailprob, G_TYPE_NUMBER },
G_OPT_SENTINEL
},
- "[-v] [-f failprob] prov ..."
+ NULL, "[-v] [-e error] [-r rfailprob] [-w wfailprob] prov ..."
},
{ "destroy", G_FLAG_VERBOSE, NULL,
{
- { 'f', "force", NULL, G_TYPE_NONE },
+ { 'f', "force", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "[-fv] prov ..."
+ NULL, "[-fv] prov ..."
},
- { "reset", G_FLAG_VERBOSE, NULL, G_NULL_OPTS,
+ { "reset", G_FLAG_VERBOSE, NULL, G_NULL_OPTS, NULL,
"[-v] prov ..."
},
G_CMD_SENTINEL
Index: geom_raid3.c
===================================================================
RCS file: /home/cvs/src/sbin/geom/class/raid3/geom_raid3.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -L sbin/geom/class/raid3/geom_raid3.c -L sbin/geom/class/raid3/geom_raid3.c -u -r1.2 -r1.3
--- sbin/geom/class/raid3/geom_raid3.c
+++ sbin/geom/class/raid3/geom_raid3.c
@@ -25,7 +25,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sbin/geom/class/raid3/geom_raid3.c,v 1.11.2.4 2006/03/20 15:50:01 pjd Exp $");
+__FBSDID("$FreeBSD: src/sbin/geom/class/raid3/geom_raid3.c,v 1.20 2007/05/15 20:25:17 marcel Exp $");
#include <sys/param.h>
#include <errno.h>
@@ -51,45 +51,48 @@
static void raid3_label(struct gctl_req *req);
struct g_command class_commands[] = {
- { "clear", G_FLAG_VERBOSE, raid3_main, G_NULL_OPTS,
+ { "clear", G_FLAG_VERBOSE, raid3_main, G_NULL_OPTS, NULL,
"[-v] prov ..."
},
{ "configure", G_FLAG_VERBOSE, NULL,
{
- { 'a', "autosync", NULL, G_TYPE_NONE },
- { 'd', "dynamic", NULL, G_TYPE_NONE },
- { 'h', "hardcode", NULL, G_TYPE_NONE },
- { 'n', "noautosync", NULL, G_TYPE_NONE },
- { 'r', "round_robin", NULL, G_TYPE_NONE },
- { 'R', "noround_robin", NULL, G_TYPE_NONE },
- { 'w', "verify", NULL, G_TYPE_NONE },
- { 'W', "noverify", NULL, G_TYPE_NONE },
+ { 'a', "autosync", NULL, G_TYPE_BOOL },
+ { 'd', "dynamic", NULL, G_TYPE_BOOL },
+ { 'f', "failsync", NULL, G_TYPE_BOOL },
+ { 'F', "nofailsync", NULL, G_TYPE_BOOL },
+ { 'h', "hardcode", NULL, G_TYPE_BOOL },
+ { 'n', "noautosync", NULL, G_TYPE_BOOL },
+ { 'r', "round_robin", NULL, G_TYPE_BOOL },
+ { 'R', "noround_robin", NULL, G_TYPE_BOOL },
+ { 'w', "verify", NULL, G_TYPE_BOOL },
+ { 'W', "noverify", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "[-adhnrRvwW] name"
+ NULL, "[-adfFhnrRvwW] name"
},
- { "dump", 0, raid3_main, G_NULL_OPTS,
+ { "dump", 0, raid3_main, G_NULL_OPTS, NULL,
"prov ..."
},
{ "insert", G_FLAG_VERBOSE, NULL,
{
- { 'h', "hardcode", NULL, G_TYPE_NONE },
+ { 'h', "hardcode", NULL, G_TYPE_BOOL },
{ 'n', "number", NULL, G_TYPE_NUMBER },
G_OPT_SENTINEL
},
- "[-hv] <-n number> name prov"
+ NULL, "[-hv] <-n number> name prov"
},
{ "label", G_FLAG_VERBOSE, raid3_main,
{
- { 'h', "hardcode", NULL, G_TYPE_NONE },
- { 'n', "noautosync", NULL, G_TYPE_NONE },
- { 'r', "round_robin", NULL, G_TYPE_NONE },
- { 'w', "verify", NULL, G_TYPE_NONE },
+ { 'h', "hardcode", NULL, G_TYPE_BOOL },
+ { 'F', "nofailsync", NULL, G_TYPE_BOOL },
+ { 'n', "noautosync", NULL, G_TYPE_BOOL },
+ { 'r', "round_robin", NULL, G_TYPE_BOOL },
+ { 'w', "verify", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "[-hnrvw] name prov prov prov ..."
+ NULL, "[-hFnrvw] name prov prov prov ..."
},
- { "rebuild", G_FLAG_VERBOSE, NULL, G_NULL_OPTS,
+ { "rebuild", G_FLAG_VERBOSE, NULL, G_NULL_OPTS, NULL,
"[-v] name prov"
},
{ "remove", G_FLAG_VERBOSE, NULL,
@@ -97,14 +100,14 @@
{ 'n', "number", NULL, G_TYPE_NUMBER },
G_OPT_SENTINEL
},
- "[-v] <-n number> name"
+ NULL, "[-v] <-n number> name"
},
{ "stop", G_FLAG_VERBOSE, NULL,
{
- { 'f', "force", NULL, G_TYPE_NONE },
+ { 'f', "force", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "[-fv] name ..."
+ NULL, "[-fv] name ..."
},
G_CMD_SENTINEL
};
@@ -142,7 +145,8 @@
const char *str;
unsigned sectorsize, ssize;
off_t mediasize, msize;
- int error, i, nargs, hardcode, noautosync, round_robin, verify;
+ int hardcode, round_robin, verify;
+ int error, i, nargs;
nargs = gctl_get_int(req, "nargs");
if (nargs < 4) {
@@ -165,9 +169,10 @@
md.md_genid = 0;
md.md_syncid = 1;
md.md_sync_offset = 0;
- noautosync = gctl_get_int(req, "noautosync");
- if (noautosync)
+ if (gctl_get_int(req, "noautosync"))
md.md_mflags |= G_RAID3_DEVICE_FLAG_NOAUTOSYNC;
+ if (gctl_get_int(req, "nofailsync"))
+ md.md_mflags |= G_RAID3_DEVICE_FLAG_NOFAILSYNC;
round_robin = gctl_get_int(req, "round_robin");
if (round_robin)
md.md_mflags |= G_RAID3_DEVICE_FLAG_ROUND_ROBIN;
@@ -205,6 +210,7 @@
}
md.md_mediasize = mediasize * (nargs - 2);
md.md_sectorsize = sectorsize * (nargs - 2);
+ md.md_mediasize -= (md.md_mediasize % md.md_sectorsize);
/*
* Clear last sector first, to spoil all components if device exists.
Index: geom_shsec.c
===================================================================
RCS file: /home/cvs/src/sbin/geom/class/shsec/geom_shsec.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -L sbin/geom/class/shsec/geom_shsec.c -L sbin/geom/class/shsec/geom_shsec.c -u -r1.2 -r1.3
--- sbin/geom/class/shsec/geom_shsec.c
+++ sbin/geom/class/shsec/geom_shsec.c
@@ -25,7 +25,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sbin/geom/class/shsec/geom_shsec.c,v 1.5.2.2 2006/04/05 22:20:43 pjd Exp $");
+__FBSDID("$FreeBSD: src/sbin/geom/class/shsec/geom_shsec.c,v 1.10 2007/05/15 20:25:17 marcel Exp $");
#include <sys/param.h>
#include <errno.h>
@@ -52,25 +52,25 @@
static void shsec_label(struct gctl_req *req);
struct g_command class_commands[] = {
- { "clear", G_FLAG_VERBOSE, shsec_main, G_NULL_OPTS,
+ { "clear", G_FLAG_VERBOSE, shsec_main, G_NULL_OPTS, NULL,
"[-v] prov ..."
},
- { "dump", 0, shsec_main, G_NULL_OPTS,
+ { "dump", 0, shsec_main, G_NULL_OPTS, NULL,
"prov ..."
},
{ "label", G_FLAG_VERBOSE | G_FLAG_LOADKLD, shsec_main,
{
- { 'h', "hardcode", NULL, G_TYPE_NONE },
+ { 'h', "hardcode", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "[-hv] name prov prov ..."
+ NULL, "[-hv] name prov prov ..."
},
{ "stop", G_FLAG_VERBOSE, NULL,
{
- { 'f', "force", NULL, G_TYPE_NONE },
+ { 'f', "force", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "[-fv] name ..."
+ NULL, "[-fv] name ..."
},
G_CMD_SENTINEL
};
Index: geom_stripe.c
===================================================================
RCS file: /home/cvs/src/sbin/geom/class/stripe/geom_stripe.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -L sbin/geom/class/stripe/geom_stripe.c -L sbin/geom/class/stripe/geom_stripe.c -u -r1.2 -r1.3
--- sbin/geom/class/stripe/geom_stripe.c
+++ sbin/geom/class/stripe/geom_stripe.c
@@ -25,7 +25,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sbin/geom/class/stripe/geom_stripe.c,v 1.11.2.2 2006/04/05 22:20:43 pjd Exp $");
+__FBSDID("$FreeBSD: src/sbin/geom/class/stripe/geom_stripe.c,v 1.16 2007/05/24 09:21:20 ru Exp $");
#include <sys/param.h>
#include <errno.h>
@@ -54,7 +54,7 @@
static void stripe_label(struct gctl_req *req);
struct g_command class_commands[] = {
- { "clear", G_FLAG_VERBOSE, stripe_main, G_NULL_OPTS,
+ { "clear", G_FLAG_VERBOSE, stripe_main, G_NULL_OPTS, NULL,
"[-v] prov ..."
},
{ "create", G_FLAG_VERBOSE | G_FLAG_LOADKLD, NULL,
@@ -62,32 +62,32 @@
{ 's', "stripesize", &default_stripesize, G_TYPE_NUMBER },
G_OPT_SENTINEL
},
- "[-hv] [-s stripesize] name prov prov ..."
+ NULL, "[-hv] [-s stripesize] name prov prov ..."
},
{ "destroy", G_FLAG_VERBOSE, NULL,
{
- { 'f', "force", NULL, G_TYPE_NONE },
+ { 'f', "force", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "[-fv] name ..."
+ NULL, "[-fv] name ..."
},
- { "dump", 0, stripe_main, G_NULL_OPTS,
- "dump prov ..."
+ { "dump", 0, stripe_main, G_NULL_OPTS, NULL,
+ "prov ..."
},
{ "label", G_FLAG_VERBOSE | G_FLAG_LOADKLD, stripe_main,
{
- { 'h', "hardcode", NULL, G_TYPE_NONE },
+ { 'h', "hardcode", NULL, G_TYPE_BOOL },
{ 's', "stripesize", &default_stripesize, G_TYPE_NUMBER },
G_OPT_SENTINEL
},
- "[-hv] [-s stripesize] name prov prov ..."
+ NULL, "[-hv] [-s stripesize] name prov prov ..."
},
{ "stop", G_FLAG_VERBOSE, NULL,
{
- { 'f', "force", NULL, G_TYPE_NONE },
+ { 'f', "force", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
- "[-fv] name ..."
+ NULL, "[-fv] name ..."
},
G_CMD_SENTINEL
};
More information about the Midnightbsd-cvs
mailing list