* Fix wrong output for remaining key at key deletion.

author Clemens Fruhwirth <clemens@endorphin.org>

Fri, 19 Dec 2008 19:39:42 +0000 (19:39 +0000)

committer Clemens Fruhwirth <clemens@endorphin.org>

Fri, 19 Dec 2008 19:39:42 +0000 (19:39 +0000)
author Clemens Fruhwirth <clemens@endorphin.org>
Fri, 19 Dec 2008 19:39:42 +0000 (19:39 +0000)
committer Clemens Fruhwirth <clemens@endorphin.org>
Fri, 19 Dec 2008 19:39:42 +0000 (19:39 +0000)
diff --git a/lib/setup.c b/lib/setup.c

index 7f3ef65..5b6f1bf 100644 (file)
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -595,10 +595,9 @@ static int __crypt_luks_add_key(int arg, struct setup_backend *backend, struct c
         struct luks_masterkey *mk=NULL;
         struct luks_phdr hdr;
         char *password=NULL; unsigned int passwordLen;
-       unsigned int i; unsigned int keyIndex;
+        unsigned int keyIndex;
         const char *device = options->device;
         int r;
-       int key_slot = options->key_slot;
         
         if (!LUKS_device_ready(options->device, O_RDWR)) {
                 set_error("Can not access device");
@@ -694,22 +693,32 @@ static int luks_remove_helper(int arg, struct setup_backend *backend, struct cry
         } 
  
         if(options->flags & CRYPT_FLAG_VERIFY_ON_DELKEY) {
+                int r;
+
                 options->flags &= ~CRYPT_FLAG_VERIFY_ON_DELKEY;
                 get_key("Enter any remaining LUKS passphrase: ",&password,&passwordLen, 0, options->key_file, options->passphrase_fd, options->timeout, options->flags);
                 if(!password) {
                         r = -EINVAL; goto out;
                 }
-               openedIndex = LUKS_open_any_key(device, password, passwordLen, &hdr, &mk, backend);
+
+                r = LUKS_read_phdr(device, &hdr);
+                if(r < 0) { 
+                        options->icb->log(CRYPT_LOG_ERROR,"Failed to access device.\n");
+                        r = -EIO; goto out;
+                }
+                hdr.keyblock[keyIndex].active = LUKS_KEY_DISABLED;
+
+               openedIndex = LUKS_open_any_key_with_hdr(device, password, passwordLen, &hdr, &mk, backend);
                  /* Clean up */
                  if (openedIndex >= 0) {
                          LUKS_dealloc_masterkey(mk);
                          mk = NULL;
                  }
-               if(openedIndex < 0 || keyIndex == openedIndex) {
+               if(openedIndex < 0) {
                              options->icb->log(CRYPT_LOG_ERROR,"No remaining key available with this passphrase.\n");
                             r = -EPERM; goto out;
                 } else
-                        logger(options, CRYPT_LOG_NORMAL,"key slot %d verified.\n", keyIndex);
+                        logger(options, CRYPT_LOG_NORMAL,"key slot %d verified.\n", openedIndex);
         }
         r = LUKS_del_key(device, keyIndex);
         if(r < 0) goto out;
diff --git a/luks/keymanage.c b/luks/keymanage.c

index 53147e9..f6f8d1f 100644 (file)
--- a/luks/keymanage.c
+++ b/luks/keymanage.c
@@ -331,6 +331,8 @@ out:
         return r;
  }
  
+
+/* Tries to open any key from a given LUKS device reading the header on its own */
  int LUKS_open_any_key(const char *device, 
                       const char *password, 
                       size_t passwordLen,
@@ -338,12 +340,24 @@ int LUKS_open_any_key(const char *device,
                       struct luks_masterkey **mk,
                       struct setup_backend *backend)
  {
-       unsigned int i;
         int r;
  
         r = LUKS_read_phdr(device, hdr);
         if(r < 0) 
                 return r;
+        return LUKS_open_any_key_with_hdr(device,password,passwordLen,hdr,mk,backend);
+}
+
+
+int LUKS_open_any_key_with_hdr(const char *device, 
+                     const char *password, 
+                     size_t passwordLen,
+                     struct luks_phdr *hdr, 
+                     struct luks_masterkey **mk,
+                     struct setup_backend *backend)
+{
+       unsigned int i;
+       int r;
  
         *mk=LUKS_alloc_masterkey(hdr->keyBytes);
         for(i=0; i<LUKS_NUMKEYS; i++) {
diff --git a/luks/luks.h b/luks/luks.h

index 17f7b08..9a6a6ec 100644 (file)
--- a/luks/luks.h
+++ b/luks/luks.h
@@ -117,6 +117,14 @@ int LUKS_open_any_key(const char *device,
                                         struct luks_masterkey **mk,
                                         struct setup_backend *backend);
  
+int LUKS_open_any_key_with_hdr(const char *device, 
+                                       const char *password, 
+                                       size_t passwordLen, 
+                                       struct luks_phdr *hdr, 
+                                       struct luks_masterkey **mk,
+                                       struct setup_backend *backend);
+
+
  int LUKS_del_key(const char *device, unsigned int keyIndex);
  int LUKS_is_last_keyslot(const char *device, unsigned int keyIndex);
  int LUKS_benchmarkt_iterations();
author	Clemens Fruhwirth <clemens@endorphin.org>
	Fri, 19 Dec 2008 19:39:42 +0000 (19:39 +0000)
committer	Clemens Fruhwirth <clemens@endorphin.org>
	Fri, 19 Dec 2008 19:39:42 +0000 (19:39 +0000)
lib/setup.c		patch \| blob \| history
luks/keymanage.c		patch \| blob \| history
luks/luks.h		patch \| blob \| history