Commit fc2cfe7a authored by Milan Broz's avatar Milan Broz

Allow removal of last slot in luksRemoveKey and luksKillSlot.



git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@65 36d66b0a-2a48-0410-832c-cd162a569da5
parent eccc31e9
2009-07-16 Milan Broz <mbroz@redhat.com>
* Allow removal of last slot in luksRemoveKey and luksKillSlot.
2009-07-11 Milan Broz <mbroz@redhat.com>
* Add --disable-selinux option and fix static build if selinux is required.
......
......@@ -673,7 +673,7 @@ static int luks_remove_helper(int arg, struct setup_backend *backend, struct cry
const char *device = options->device;
int keyIndex;
int openedIndex;
int r;
int r, last_slot;
if (!LUKS_device_ready(options->device, O_RDWR))
return -ENOTBLK;
......@@ -694,11 +694,10 @@ static int luks_remove_helper(int arg, struct setup_backend *backend, struct cry
keyIndex = options->key_slot;
}
if(LUKS_is_last_keyslot(options->device, keyIndex) &&
!(options->icb->yesDialog(_("This is the last keyslot. Device will become unusable after purging this key.")))) {
r = -EINVAL;
goto out;
}
last_slot = LUKS_is_last_keyslot(options->device, keyIndex);
if(last_slot && !(options->icb->yesDialog(_("This is the last keyslot. Device will become unusable after purging this key.")))) {
r = -EINVAL; goto out;
}
if(options->flags & CRYPT_FLAG_VERIFY_ON_DELKEY) {
options->flags &= ~CRYPT_FLAG_VERIFY_ON_DELKEY;
......@@ -712,7 +711,9 @@ static int luks_remove_helper(int arg, struct setup_backend *backend, struct cry
options->icb->log(CRYPT_LOG_ERROR,"Failed to access device.\n");
r = -EIO; goto out;
}
hdr.keyblock[keyIndex].active = LUKS_KEY_DISABLED;
if(!last_slot)
hdr.keyblock[keyIndex].active = LUKS_KEY_DISABLED;
openedIndex = LUKS_open_any_key_with_hdr(device, password, passwordLen, &hdr, &mk, backend);
/* Clean up */
......
......@@ -157,7 +157,16 @@ test:
@../src/cryptsetup -v remove dummy
@echo "success"
# Format test for ESSIV, and some other parameters.
# Delete last slot
@echo Case: delete last key
@cp $(IMG) $(ORIG_IMG)
@echo "key0" | ../src/cryptsetup -v luksFormat $(LOOPDEV)
echo "key0" | ../src/cryptsetup -v luksKillSlot $(LOOPDEV) 0
@sync
echo "key0" | ../src/cryptsetup -v luksOpen $(LOOPDEV) dummy 2>/dev/null || true
@echo "success"
# Format test for ESSIV, and some other parameters.
@echo Case: parameter variation test
@dd if=/dev/zero of=$(IMG) count=20000
@cp $(IMG) $(ORIG_IMG)
......
......@@ -124,7 +124,7 @@ set up a read-only mapping.
The number of milliseconds to spend with PBKDF2 password processing. This option is only relevant to the LUKS operations as \fIluksFormat\fR or \fIluksAddKey\fR.
.TP
.B "\-\-batch-mode, \-q"
Do not ask for confirmation. This option is only relevant for \fIluksFormat\fR.
Do not ask for confirmation. Use with care! This option is only relevant for \fIluksFormat\fR,\fIluksAddKey\fR,\fIluksRemoveKey\fR or \fIluksKillSlot\fR.
.TP
.B "\-\-timeout, \-t"
The number of seconds to wait before timeout. This option is relevant every time a password is asked, like \fIcreate\fR, \fIluksOpen\fR, \fIluksFormat\fR or \fIluksAddKey\fR. It has no effect if used in conjunction with \-\-key-file.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment