/* * Given a list of directories to search, find all pools stored on disk. This * includes partial pools which are not available to import. If no args are * given (argc is 0), then the default directory (/dev/dsk) is searched. * poolname or guid (but not both) are provided by the caller when trying * to import a specific pool. */ static nvlist_t * zpool_find_import_impl(libzfs_handle_t *hdl, importargs_t *iarg) { int i, dirs = iarg->paths; struct dirent *dp; char path[MAXPATHLEN]; char *end, **dir = iarg->path; size_t pathleft; nvlist_t *ret = NULL; pool_list_t pools = { 0 }; pool_entry_t *pe, *penext; vdev_entry_t *ve, *venext; config_entry_t *ce, *cenext; name_entry_t *ne, *nenext; avl_tree_t slice_cache; rdsk_node_t *slice; void *cookie; verify(iarg->poolname == NULL || iarg->guid == 0); if (dirs == 0) { #ifdef HAVE_LIBBLKID /* Use libblkid to scan all device for their type */ if (zpool_find_import_blkid(hdl, &pools) == 0) goto skip_scanning; (void) zfs_error_fmt(hdl, EZFS_BADCACHE, dgettext(TEXT_DOMAIN, "blkid failure falling back " "to manual probing")); #endif /* HAVE_LIBBLKID */ dir = zpool_default_import_path; dirs = DEFAULT_IMPORT_PATH_SIZE; } /* * Go through and read the label configuration information from every * possible device, organizing the information according to pool GUID * and toplevel GUID. */ for (i = 0; i < dirs; i++) { taskq_t *t; char *rdsk; int dfd; boolean_t config_failed = B_FALSE; DIR *dirp; /* use realpath to normalize the path */ if (realpath(dir[i], path) == 0) { /* it is safe to skip missing search paths */ if (errno == ENOENT) continue; zfs_error_aux(hdl, strerror(errno)); (void) zfs_error_fmt(hdl, EZFS_BADPATH, dgettext(TEXT_DOMAIN, "cannot open '%s'"), dir[i]); goto error; } end = &path[strlen(path)]; *end++ = '/'; *end = 0; pathleft = &path[sizeof (path)] - end; /* * Using raw devices instead of block devices when we're * reading the labels skips a bunch of slow operations during * close(2) processing, so we replace /dev/dsk with /dev/rdsk. */ if (strcmp(path, "/dev/dsk/") == 0) rdsk = "/dev/rdsk/"; else rdsk = path; if ((dfd = open(rdsk, O_RDONLY)) < 0 || (dirp = fdopendir(dfd)) == NULL) { if (dfd >= 0) (void) close(dfd); zfs_error_aux(hdl, strerror(errno)); (void) zfs_error_fmt(hdl, EZFS_BADPATH, dgettext(TEXT_DOMAIN, "cannot open '%s'"), rdsk); goto error; } avl_create(&slice_cache, slice_cache_compare, sizeof (rdsk_node_t), offsetof(rdsk_node_t, rn_node)); /* * This is not MT-safe, but we have no MT consumers of libzfs */ while ((dp = readdir(dirp)) != NULL) { const char *name = dp->d_name; if (name[0] == '.' && (name[1] == 0 || (name[1] == '.' && name[2] == 0))) continue; slice = zfs_alloc(hdl, sizeof (rdsk_node_t)); slice->rn_name = zfs_strdup(hdl, name); slice->rn_avl = &slice_cache; slice->rn_dfd = dfd; slice->rn_hdl = hdl; slice->rn_nozpool = B_FALSE; avl_add(&slice_cache, slice); } /* * create a thread pool to do all of this in parallel; * rn_nozpool is not protected, so this is racy in that * multiple tasks could decide that the same slice can * not hold a zpool, which is benign. Also choose * double the number of processors; we hold a lot of * locks in the kernel, so going beyond this doesn't * buy us much. */ thread_init(); t = taskq_create("z_import", 2 * max_ncpus, defclsyspri, 2 * max_ncpus, INT_MAX, TASKQ_PREPOPULATE); for (slice = avl_first(&slice_cache); slice; (slice = avl_walk(&slice_cache, slice, AVL_AFTER))) (void) taskq_dispatch(t, zpool_open_func, slice, TQ_SLEEP); taskq_wait(t); taskq_destroy(t); thread_fini(); cookie = NULL; while ((slice = avl_destroy_nodes(&slice_cache, &cookie)) != NULL) { if (slice->rn_config != NULL && !config_failed) { nvlist_t *config = slice->rn_config; boolean_t matched = B_TRUE; if (iarg->poolname != NULL) { char *pname; matched = nvlist_lookup_string(config, ZPOOL_CONFIG_POOL_NAME, &pname) == 0 && strcmp(iarg->poolname, pname) == 0; } else if (iarg->guid != 0) { uint64_t this_guid; matched = nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &this_guid) == 0 && iarg->guid == this_guid; } if (!matched) { nvlist_free(config); } else { /* * use the non-raw path for the config */ (void) strlcpy(end, slice->rn_name, pathleft); if (add_config(hdl, &pools, path, i+1, slice->rn_num_labels, config) != 0) config_failed = B_TRUE; } } free(slice->rn_name); free(slice); } avl_destroy(&slice_cache); (void) closedir(dirp); if (config_failed) goto error; } #ifdef HAVE_LIBBLKID skip_scanning: #endif ret = get_configs(hdl, &pools, iarg->can_be_active); error: for (pe = pools.pools; pe != NULL; pe = penext) { penext = pe->pe_next; for (ve = pe->pe_vdevs; ve != NULL; ve = venext) { venext = ve->ve_next; for (ce = ve->ve_configs; ce != NULL; ce = cenext) { cenext = ce->ce_next; if (ce->ce_config) nvlist_free(ce->ce_config); free(ce); } free(ve); } free(pe); } for (ne = pools.names; ne != NULL; ne = nenext) { nenext = ne->ne_next; free(ne->ne_name); free(ne); } return (ret); }
static int pbkdf2(uint8_t *passphrase, size_t passphraselen, uint8_t *salt, size_t saltlen, uint64_t iterations, uint8_t *output, size_t outputlen) { int ret; uint64_t iter; uint32_t blockptr, i; uint16_t hmac_key_len; uint8_t *hmac_key; uint8_t block[SHA1_DIGEST_LEN * 2]; uint8_t *hmacresult = block + SHA1_DIGEST_LEN; crypto_mechanism_t mech; crypto_key_t key; crypto_data_t in_data, out_data; crypto_ctx_template_t tmpl = NULL; /* initialize output */ memset(output, 0, outputlen); /* initialize icp for use */ thread_init(); icp_init(); /* HMAC key size is max(sizeof(uint32_t) + salt len, sha 256 len) */ if (saltlen > SHA1_DIGEST_LEN) { hmac_key_len = saltlen + sizeof (uint32_t); } else { hmac_key_len = SHA1_DIGEST_LEN; } hmac_key = calloc(hmac_key_len, 1); if (!hmac_key) { ret = ENOMEM; goto error; } /* initialize sha 256 hmac mechanism */ mech.cm_type = crypto_mech2id(SUN_CKM_SHA1_HMAC); mech.cm_param = NULL; mech.cm_param_len = 0; /* initialize passphrase as a crypto key */ key.ck_format = CRYPTO_KEY_RAW; key.ck_length = CRYPTO_BYTES2BITS(passphraselen); key.ck_data = passphrase; /* * initialize crypto data for the input data. length will change * after the first iteration, so we will initialize it in the loop. */ in_data.cd_format = CRYPTO_DATA_RAW; in_data.cd_offset = 0; in_data.cd_raw.iov_base = (char *)hmac_key; /* initialize crypto data for the output data */ out_data.cd_format = CRYPTO_DATA_RAW; out_data.cd_offset = 0; out_data.cd_length = SHA1_DIGEST_LEN; out_data.cd_raw.iov_base = (char *)hmacresult; out_data.cd_raw.iov_len = out_data.cd_length; /* initialize the context template */ ret = crypto_create_ctx_template(&mech, &key, &tmpl, KM_SLEEP); if (ret != CRYPTO_SUCCESS) { ret = EIO; goto error; } /* main loop */ for (blockptr = 0; blockptr < outputlen; blockptr += SHA1_DIGEST_LEN) { /* * for the first iteration, the HMAC key is the user-provided * salt concatenated with the block index (1-indexed) */ i = htobe32(1 + (blockptr / SHA1_DIGEST_LEN)); memmove(hmac_key, salt, saltlen); memmove(hmac_key + saltlen, (uint8_t *)(&i), sizeof (uint32_t)); /* block initializes to zeroes (no XOR) */ memset(block, 0, SHA1_DIGEST_LEN); for (iter = 0; iter < iterations; iter++) { if (iter > 0) { in_data.cd_length = SHA1_DIGEST_LEN; in_data.cd_raw.iov_len = in_data.cd_length; } else { in_data.cd_length = saltlen + sizeof (uint32_t); in_data.cd_raw.iov_len = in_data.cd_length; } ret = crypto_mac(&mech, &in_data, &key, tmpl, &out_data, NULL); if (ret != CRYPTO_SUCCESS) { ret = EIO; goto error; } /* HMAC key now becomes the output of this iteration */ memmove(hmac_key, hmacresult, SHA1_DIGEST_LEN); /* XOR this iteration's result with the current block */ for (i = 0; i < SHA1_DIGEST_LEN; i++) { block[i] ^= hmacresult[i]; } } /* * compute length of this block, make sure we don't write * beyond the end of the output, truncating if necessary */ if (blockptr + SHA1_DIGEST_LEN > outputlen) { memmove(output + blockptr, block, outputlen - blockptr); } else { memmove(output + blockptr, block, SHA1_DIGEST_LEN); } } crypto_destroy_ctx_template(tmpl); free(hmac_key); icp_fini(); thread_fini(); return (0); error: crypto_destroy_ctx_template(tmpl); if (hmac_key != NULL) free(hmac_key); icp_fini(); thread_fini(); return (ret); }