Georg/luksrku
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Disabled command line default timeout

Browse Source 
The command line default timeout of 60 seconds always took precedence,
we removed it. Also added a debug statement that lets the user know how
long they will have to wait.
This commit is contained in:
Johannes Bauer 2021-06-27 13:29:43 +02:00
parent 46b2cdb184
commit 78a8cd70c2
9 changed files with 40 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -6,7 +6,7 @@ INSTALL_PREFIX := /usr/local/
CFLAGS := -Wall -Wextra -Wshadow -Wswitch -Wpointer-arith -Wcast-qual -Wstrict-prototypes -Wmissing-prototypes -Werror=implicit-function-declaration -Werror=format -Wno-unused-parameter CFLAGS := -Wall -Wextra -Wshadow -Wswitch -Wpointer-arith -Wcast-qual -Wstrict-prototypes -Wmissing-prototypes -Werror=implicit-function-declaration -Werror=format -Wno-unused-parameter
CFLAGS += -O3 -std=c11 -pthread -D_POSIX_SOURCE -D_POSIX_C_SOURCE=200112L -D_XOPEN_SOURCE=500 -DBUILD_REVISION='"$(BUILD_REVISION)"' CFLAGS += -O3 -std=c11 -pthread -D_POSIX_SOURCE -D_POSIX_C_SOURCE=200112L -D_XOPEN_SOURCE=500 -DBUILD_REVISION='"$(BUILD_REVISION)"'
CFLAGS += `pkg-config --cflags openssl` CFLAGS += `pkg-config --cflags openssl`
#CFLAGS += -ggdb3 -DDEBUG -fsanitize=address -fsanitize=undefined -fsanitize=leak CFLAGS += -ggdb3 -DDEBUG -fsanitize=address -fsanitize=undefined -fsanitize=leak
PYPGMOPTS := ../Python/pypgmopts/pypgmopts PYPGMOPTS := ../Python/pypgmopts/pypgmopts
LDFLAGS := `pkg-config --libs openssl` LDFLAGS := `pkg-config --libs openssl`

23
argparse_client.c
View File

@ -5,7 +5,7 @@
* *
* Do not edit it by hand, your changes will be overwritten. * Do not edit it by hand, your changes will be overwritten.
* *
* Generated at: 2019-10-25 20:39:16 * Generated at: 2021-06-27 13:24:40
*/ */
#include <stdint.h> #include <stdint.h>
@ -154,21 +154,18 @@ void argparse_client_show_syntax(void) {
fprintf(stderr, "Connects to a luksrku key server and unlocks local LUKS volumes.\n"); fprintf(stderr, "Connects to a luksrku key server and unlocks local LUKS volumes.\n");
fprintf(stderr, "\n"); fprintf(stderr, "\n");
fprintf(stderr, "positional arguments:\n"); fprintf(stderr, "positional arguments:\n");
fprintf(stderr, " filename Exported database file to load TLS-PSKs and list of\n"); fprintf(stderr, " filename Exported database file to load TLS-PSKs and list of disks from.\n");
fprintf(stderr, " disks from.\n"); fprintf(stderr, " hostname When hostname is given, auto-searching for suitable servers is disabled and\n");
fprintf(stderr, " hostname When hostname is given, auto-searching for suitable\n"); fprintf(stderr, " only a connection to the given hostname is attempted.\n");
fprintf(stderr, " servers is disabled and only a connection to the given\n");
fprintf(stderr, " hostname is attempted.\n");
fprintf(stderr, "\n"); fprintf(stderr, "\n");
fprintf(stderr, "optional arguments:\n"); fprintf(stderr, "optional arguments:\n");
fprintf(stderr, " -t secs, --timeout secs\n"); fprintf(stderr, " -t secs, --timeout secs\n");
fprintf(stderr, " When searching for a keyserver and not all volumes can\n"); fprintf(stderr, " When searching for a keyserver and not all volumes can be unlocked, abort\n");
fprintf(stderr, " be unlocked, abort after this period of time, given in\n"); fprintf(stderr, " after this period of time, given in seconds. Defaults to infinity. This\n");
fprintf(stderr, " seconds. Defaults to 60 seconds.\n"); fprintf(stderr, " argument can be specified as a host-based configuration parameter as well;\n");
fprintf(stderr, " -p port, --port port Port that is used for both UDP and TCP communication.\n"); fprintf(stderr, " the command-line argument always takes precedence.\n");
fprintf(stderr, " Defaults to 23170.\n"); fprintf(stderr, " -p port, --port port Port that is used for both UDP and TCP communication. Defaults to 23170.\n");
fprintf(stderr, " --no-luks Do not call LUKS/cryptsetup. Useful for testing\n"); fprintf(stderr, " --no-luks Do not call LUKS/cryptsetup. Useful for testing unlocking procedure.\n");
fprintf(stderr, " unlocking procedure.\n");
fprintf(stderr, " -v, --verbose Increase verbosity. Can be specified multiple times.\n"); fprintf(stderr, " -v, --verbose Increase verbosity. Can be specified multiple times.\n");
} }

4
argparse_client.h
View File

@ -5,7 +5,7 @@
* *
* Do not edit it by hand, your changes will be overwritten. * Do not edit it by hand, your changes will be overwritten.
* *
* Generated at: 2019-10-25 20:39:16 * Generated at: 2021-06-27 13:24:40
*/ */
#ifndef __ARGPARSE_CLIENT_H__ #ifndef __ARGPARSE_CLIENT_H__
@ -13,7 +13,7 @@
#include <stdbool.h> #include <stdbool.h>
#define ARGPARSE_CLIENT_DEFAULT_TIMEOUT 60 #define ARGPARSE_CLIENT_DEFAULT_TIMEOUT 0
#define ARGPARSE_CLIENT_DEFAULT_PORT 23170 #define ARGPARSE_CLIENT_DEFAULT_PORT 23170
#define ARGPARSE_CLIENT_DEFAULT_VERBOSE 0 #define ARGPARSE_CLIENT_DEFAULT_VERBOSE 0

2
argparse_edit.c
View File

@ -5,7 +5,7 @@
* *
* Do not edit it by hand, your changes will be overwritten. * Do not edit it by hand, your changes will be overwritten.
* *
* Generated at: 2019-10-25 20:39:15 * Generated at: 2021-06-27 13:24:40
*/ */
#include <stdint.h> #include <stdint.h>

2
argparse_edit.h
View File

@ -5,7 +5,7 @@
* *
* Do not edit it by hand, your changes will be overwritten. * Do not edit it by hand, your changes will be overwritten.
* *
* Generated at: 2019-10-25 20:39:15 * Generated at: 2021-06-27 13:24:40
*/ */
#ifndef __ARGPARSE_EDIT_H__ #ifndef __ARGPARSE_EDIT_H__

9
argparse_server.c
View File

@ -5,7 +5,7 @@
* *
* Do not edit it by hand, your changes will be overwritten. * Do not edit it by hand, your changes will be overwritten.
* *
* Generated at: 2019-10-25 20:39:15 * Generated at: 2021-06-27 13:24:40
*/ */
#include <stdint.h> #include <stdint.h>
@ -133,10 +133,9 @@ void argparse_server_show_syntax(void) {
fprintf(stderr, " filename Database file to load keys from.\n"); fprintf(stderr, " filename Database file to load keys from.\n");
fprintf(stderr, "\n"); fprintf(stderr, "\n");
fprintf(stderr, "optional arguments:\n"); fprintf(stderr, "optional arguments:\n");
fprintf(stderr, " -p port, --port port Port that is used for both UDP and TCP communication.\n"); fprintf(stderr, " -p port, --port port Port that is used for both UDP and TCP communication. Defaults to 23170.\n");
fprintf(stderr, " Defaults to 23170.\n"); fprintf(stderr, " -s, --silent Do not answer UDP queries for clients trying to find a key server, only\n");
fprintf(stderr, " -s, --silent Do not answer UDP queries for clients trying to find a\n"); fprintf(stderr, " serve key database using TCP.\n");
fprintf(stderr, " key server, only serve key database using TCP.\n");
fprintf(stderr, " -v, --verbose Increase verbosity. Can be specified multiple times.\n"); fprintf(stderr, " -v, --verbose Increase verbosity. Can be specified multiple times.\n");
} }

2
argparse_server.h
View File

@ -5,7 +5,7 @@
* *
* Do not edit it by hand, your changes will be overwritten. * Do not edit it by hand, your changes will be overwritten.
* *
* Generated at: 2019-10-25 20:39:15 * Generated at: 2021-06-27 13:24:40
*/ */
#ifndef __ARGPARSE_SERVER_H__ #ifndef __ARGPARSE_SERVER_H__

25
client.c
View File

@ -225,12 +225,7 @@ static bool all_volumes_unlocked(struct keyclient_t *keyclient) {
return locked_volume_count(keyclient) == 0; return locked_volume_count(keyclient) == 0;
} }
static bool abort_searching_for_keyserver(struct keyclient_t *keyclient) { static unsigned int determine_timeout(struct keyclient_t *keyclient) {
if (all_volumes_unlocked(keyclient)) {
log_msg(LLVL_DEBUG, "All volumes unlocked successfully.");
return true;
}
unsigned int client_timeout_secs = 0; unsigned int client_timeout_secs = 0;
if (keyclient->opts->timeout_seconds) { if (keyclient->opts->timeout_seconds) {
/* Command line always has precedence */ /* Command line always has precedence */
@ -239,8 +234,16 @@ static bool abort_searching_for_keyserver(struct keyclient_t *keyclient) {
/* Alternatively, take the one in the configuration file */ /* Alternatively, take the one in the configuration file */
client_timeout_secs = keyclient->keydb->hosts[0].client_default_timeout_secs; client_timeout_secs = keyclient->keydb->hosts[0].client_default_timeout_secs;
} }
return client_timeout_secs;
}
static bool abort_searching_for_keyserver(struct keyclient_t *keyclient) {
if (all_volumes_unlocked(keyclient)) {
log_msg(LLVL_DEBUG, "All volumes unlocked successfully.");
return true;
}
unsigned int client_timeout_secs = determine_timeout(keyclient);
if (client_timeout_secs) { if (client_timeout_secs) {
double time_passed = now() - keyclient->broadcast_start_time; double time_passed = now() - keyclient->broadcast_start_time;
if (time_passed >= client_timeout_secs) { if (time_passed >= client_timeout_secs) {
@ -253,11 +256,21 @@ static bool abort_searching_for_keyserver(struct keyclient_t *keyclient) {
} }
static bool broadcast_for_keyserver(struct keyclient_t *keyclient) { static bool broadcast_for_keyserver(struct keyclient_t *keyclient) {
{
unsigned int client_timeout_secs = determine_timeout(keyclient);
if (client_timeout_secs) {
log_msg(LLVL_DEBUG, "Searching luksrku keyserver, will give up after %u seconds", client_timeout_secs);
} else {
log_msg(LLVL_DEBUG, "Searching luksrku keyserver, will not give up until all volumes unlocked");
}
}
int sd = create_udp_socket(0, true, 1000); int sd = create_udp_socket(0, true, 1000);
if (sd == -1) { if (sd == -1) {
return false; return false;
} }
keyclient->broadcast_start_time = now(); keyclient->broadcast_start_time = now();
struct udp_query_t query; struct udp_query_t query;
memcpy(query.magic, UDP_MESSAGE_MAGIC, sizeof(query.magic)); memcpy(query.magic, UDP_MESSAGE_MAGIC, sizeof(query.magic));

2
parsers/parser_client.py
View File

@ -1,6 +1,6 @@
import argparse import argparse
parser = argparse.ArgumentParser(prog = "luksrku client", description = "Connects to a luksrku key server and unlocks local LUKS volumes.", add_help = False) parser = argparse.ArgumentParser(prog = "luksrku client", description = "Connects to a luksrku key server and unlocks local LUKS volumes.", add_help = False)
parser.add_argument("-t", "--timeout", metavar = "secs", default = 60, help = "When searching for a keyserver and not all volumes can be unlocked, abort after this period of time, given in seconds. Defaults to %(default)d seconds.") parser.add_argument("-t", "--timeout", metavar = "secs", default = 0, help = "When searching for a keyserver and not all volumes can be unlocked, abort after this period of time, given in seconds. Defaults to infinity. This argument can be specified as a host-based configuration parameter as well; the command-line argument always takes precedence.")
parser.add_argument("-p", "--port", metavar = "port", default = 23170, help = "Port that is used for both UDP and TCP communication. Defaults to %(default)d.") parser.add_argument("-p", "--port", metavar = "port", default = 23170, help = "Port that is used for both UDP and TCP communication. Defaults to %(default)d.")
parser.add_argument("--no-luks", action = "store_true", help = "Do not call LUKS/cryptsetup. Useful for testing unlocking procedure.") parser.add_argument("--no-luks", action = "store_true", help = "Do not call LUKS/cryptsetup. Useful for testing unlocking procedure.")
parser.add_argument("-v", "--verbose", action = "count", default = 0, help = "Increase verbosity. Can be specified multiple times.") parser.add_argument("-v", "--verbose", action = "count", default = 0, help = "Increase verbosity. Can be specified multiple times.")