Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add password verification for stratis-min #3595

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Add password verification for stratis-min #3595

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions dracut/90stratis/stratis-rootfs-setup
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,9 @@ if $(stratis-min pool is-stopped "$STRATIS_ROOTFS_UUID"); then
ATTEMPTS_REMAINING=3
if
! while [ $((ATTEMPTS_REMAINING--)) -gt 0 ]; do
systemd-ask-password --id="stratis:$STRATIS_ROOTFS_UUID" "Enter password for Stratis pool with UUID $STRATIS_ROOTFS_UUID containing root filesystem" |
stratis-min pool start --prompt --unlock-method=keyring "$STRATIS_ROOTFS_UUID" && break
PASSWORD=$(systemd-ask-password --id="stratis:$STRATIS_ROOTFS_UUID" "Enter password for Stratis pool with UUID $STRATIS_ROOTFS_UUID containing root filesystem")

echo -e "$PASSWORD\n$PASSWORD\n" | stratis-min pool start --prompt --unlock-method=keyring "$STRATIS_ROOTFS_UUID" && break
done
then
echo Failed to start pool with UUID $STRATIS_ROOTFS_UUID using a passphrase >&2
Expand Down
16 changes: 13 additions & 3 deletions src/jsonrpc/client/utils.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ use std::{
use nix::unistd::isatty;
use termios::{tcsetattr, Termios, ECHO, ECHONL, TCSADRAIN};

use crate::stratis::StratisResult;
use crate::stratis::{StratisError, StratisResult};

#[macro_export]
macro_rules! do_request {
Expand Down Expand Up @@ -217,8 +217,8 @@ pub fn to_suffix_repr(size: u128) -> String {
})
}

pub fn prompt_password() -> StratisResult<Option<String>> {
print!("Enter passphrase followed by return: ");
pub fn get_passphrase(msg: &str) -> StratisResult<Option<String>> {
print!("{}", msg);
stdout().flush()?;

let stdin = stdin();
Expand Down Expand Up @@ -252,6 +252,16 @@ pub fn prompt_password() -> StratisResult<Option<String>> {
}
}

pub fn prompt_password() -> StratisResult<Option<String>> {
let pass = get_passphrase("Enter passphrase followed by return: ")?;
let verify_pass = get_passphrase("Verify passphrase: ")?;
if pass != verify_pass {
Err(StratisError::Msg("Passphrases did not match".to_string()))
} else {
Ok(pass)
}
}

#[cfg(test)]
mod tests {
use super::*;
Expand Down
12 changes: 11 additions & 1 deletion tests/stratis_min.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -634,7 +634,7 @@ fn test_stratis_min_list_defaults() {

fn stratis_min_key_set() {
let mut cmd = Command::cargo_bin("stratis-min").unwrap();
cmd.write_stdin("thisisatestpassphrase\n")
cmd.write_stdin("thisisatestpassphrase\nthisisatestpassphrase\n")
.arg("key")
.arg("set")
.arg("--capture-key")
Expand All @@ -643,6 +643,16 @@ fn stratis_min_key_set() {
let mut cmd = Command::cargo_bin("stratis-min").unwrap();
cmd.arg("key").arg("unset").arg("testkey");
cmd.assert().success();

let mut cmd = Command::cargo_bin("stratis-min").unwrap();
cmd.write_stdin("thisisatestpassphrase\ndoesnotmatch\n")
.arg("key")
.arg("set")
.arg("--capture-key")
.arg("testkey1");
cmd.assert()
.failure()
.stderr(predicate::str::contains("Passphrases did not match"));
}

#[test]
Expand Down
Loading