Skip to content

Commit

Permalink
Add password verification for stratis-min
Browse files Browse the repository at this point in the history
  • Loading branch information
jbaublitz committed Aug 21, 2024
1 parent 090e15c commit 113e402
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 6 deletions.
5 changes: 3 additions & 2 deletions dracut/90stratis/stratis-rootfs-setup
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,9 @@ if $(stratis-min pool is-stopped "$STRATIS_ROOTFS_UUID"); then
ATTEMPTS_REMAINING=3
if
! while [ $((ATTEMPTS_REMAINING--)) -gt 0 ]; do
systemd-ask-password --id="stratis:$STRATIS_ROOTFS_UUID" "Enter password for Stratis pool with UUID $STRATIS_ROOTFS_UUID containing root filesystem" |
stratis-min pool start --prompt --unlock-method=keyring "$STRATIS_ROOTFS_UUID" && break
PASSWORD=$(systemd-ask-password --id="stratis:$STRATIS_ROOTFS_UUID" "Enter password for Stratis pool with UUID $STRATIS_ROOTFS_UUID containing root filesystem")

echo -e "$PASSWORD\n$PASSWORD\n" | stratis-min pool start --prompt --unlock-method=keyring "$STRATIS_ROOTFS_UUID" && break
done
then
echo Failed to start pool with UUID $STRATIS_ROOTFS_UUID using a passphrase >&2
Expand Down
16 changes: 13 additions & 3 deletions src/jsonrpc/client/utils.rs
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ use std::{
use nix::unistd::isatty;
use termios::{tcsetattr, Termios, ECHO, ECHONL, TCSADRAIN};

use crate::stratis::StratisResult;
use crate::stratis::{StratisError, StratisResult};

#[macro_export]
macro_rules! do_request {
Expand Down Expand Up @@ -217,8 +217,8 @@ pub fn to_suffix_repr(size: u128) -> String {
})
}

pub fn prompt_password() -> StratisResult<Option<String>> {
print!("Enter passphrase followed by return: ");
pub fn get_passphrase(msg: &str) -> StratisResult<Option<String>> {
print!("{}", msg);
stdout().flush()?;

let stdin = stdin();
Expand Down Expand Up @@ -252,6 +252,16 @@ pub fn prompt_password() -> StratisResult<Option<String>> {
}
}

pub fn prompt_password() -> StratisResult<Option<String>> {
let pass = get_passphrase("Enter passphrase followed by return: ")?;
let verify_pass = get_passphrase("Verify passphrase: ")?;
if pass != verify_pass {
Err(StratisError::Msg("Passphrases did not match".to_string()))
} else {
Ok(pass)
}
}

#[cfg(test)]
mod tests {
use super::*;
Expand Down
12 changes: 11 additions & 1 deletion tests/stratis_min.rs
Original file line number Diff line number Diff line change
Expand Up @@ -634,7 +634,7 @@ fn test_stratis_min_list_defaults() {

fn stratis_min_key_set() {
let mut cmd = Command::cargo_bin("stratis-min").unwrap();
cmd.write_stdin("thisisatestpassphrase\n")
cmd.write_stdin("thisisatestpassphrase\nthisisatestpassphrase\n")
.arg("key")
.arg("set")
.arg("--capture-key")
Expand All @@ -643,6 +643,16 @@ fn stratis_min_key_set() {
let mut cmd = Command::cargo_bin("stratis-min").unwrap();
cmd.arg("key").arg("unset").arg("testkey");
cmd.assert().success();

let mut cmd = Command::cargo_bin("stratis-min").unwrap();
cmd.write_stdin("thisisatestpassphrase\ndoesnotmatch\n")
.arg("key")
.arg("set")
.arg("--capture-key")
.arg("testkey1");
cmd.assert()
.failure()
.stderr(predicate::str::contains("Passphrases did not match"));
}

#[test]
Expand Down

0 comments on commit 113e402

Please sign in to comment.