static int
populate_create_encryption_params_nvlists(libzfs_handle_t *hdl,
zfs_handle_t *zhp, boolean_t newkey, zfs_keyformat_t keyformat,
char *keylocation, nvlist_t *props, uint8_t **wkeydata, uint_t *wkeylen)
{
int ret;
uint64_t iters = 0, salt = 0;
uint8_t *key_material = NULL;
size_t key_material_len = 0;
uint8_t *key_data = NULL;
const char *fsname = (zhp) ? zfs_get_name(zhp) : NULL;
/* get key material from keyformat and keylocation */
ret = get_key_material(hdl, B_TRUE, newkey, keyformat, keylocation,
fsname, &key_material, &key_material_len, NULL);
if (ret != 0)
goto error;
/* passphrase formats require a salt and pbkdf2 iters property */
if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
/* always generate a new salt */
random_init();
ret = random_get_bytes((uint8_t *)&salt, sizeof (uint64_t));
if (ret != 0) {
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
"Failed to generate salt."));
goto error;
}
random_fini();
ret = nvlist_add_uint64(props,
zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT), salt);
if (ret != 0) {
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
"Failed to add salt to properties."));
goto error;
}
/*
* If not otherwise specified, use the default number of
* pbkdf2 iterations. If specified, we have already checked
* that the given value is greater than MIN_PBKDF2_ITERATIONS
* during zfs_valid_proplist().
*/
ret = nvlist_lookup_uint64(props,
zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
if (ret == ENOENT) {
iters = DEFAULT_PBKDF2_ITERATIONS;
ret = nvlist_add_uint64(props,
zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), iters);
if (ret != 0)
goto error;
} else if (ret != 0) {
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
"Failed to get pbkdf2 iterations."));
goto error;
}
} else {
/* check that pbkdf2iters was not specified by the user */
ret = nvlist_lookup_uint64(props,
zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
if (ret == 0) {
ret = EINVAL;
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
"Cannot specify pbkdf2iters with a non-passphrase "
"keyformat."));
goto error;
}
}
/* derive a key from the key material */
ret = derive_key(hdl, keyformat, iters, key_material, key_material_len,
salt, &key_data);
if (ret != 0)
goto error;
free(key_material);
*wkeydata = key_data;
*wkeylen = WRAPPING_KEY_LEN;
return (0);
error:
if (key_material != NULL)
free(key_material);
if (key_data != NULL)
free(key_data);
*wkeydata = NULL;
*wkeylen = 0;
return (ret);
}
int
main (int argc, char *argv[])
{
int fd = -1;
char *log_identity = argv[0];
int log_priority = LOG_INFO;
int log_options = LOG_OPT_PRIORITY;
#ifndef NDEBUG
log_priority = LOG_DEBUG;
log_options |= LOG_OPT_TIMESTAMP;
#endif /* NDEBUG */
log_open_file (stderr, log_identity, log_priority, log_options);
disable_core_dumps ();
conf = create_conf ();
parse_cmdline (conf, argc, argv);
auth_recv_init (conf->auth_server_dir, conf->auth_client_dir,
conf->got_force);
if (!conf->got_foreground) {
fd = daemonize_init (argv[0]);
if (conf->got_syslog) {
log_open_file (NULL, NULL, 0, 0);
log_open_syslog (log_identity, LOG_DAEMON);
}
else {
open_logfile (conf->logfile_name, log_priority, conf->got_force);
}
}
handle_signals ();
lookup_ip_addr (conf);
write_pidfile (conf->pidfile_name, conf->got_force);
if (conf->got_mlockall) {
lock_memory ();
}
crypto_init ();
if (random_init (conf->seed_name) < 0) {
if (conf->seed_name) {
free (conf->seed_name);
conf->seed_name = NULL;
}
}
create_subkeys (conf);
conf->gids = gids_create (conf->gids_update_secs, conf->got_group_stat);
replay_init ();
timer_init ();
sock_create (conf);
if (!conf->got_foreground) {
daemonize_fini (fd);
}
log_msg (LOG_NOTICE, "Starting %s daemon (pid %d)",
META_ALIAS, (int) getpid ());
job_accept (conf);
sock_destroy (conf);
timer_fini ();
replay_fini ();
gids_destroy (conf->gids);
random_fini (conf->seed_name);
crypto_fini ();
destroy_conf (conf);
log_msg (LOG_NOTICE, "Stopping %s daemon (pid %d)",
META_ALIAS, (int) getpid ());
exit (EMUNGE_SUCCESS);
}
