Skip to content
Snippets Groups Projects
Commit 17ba154b authored by Maarten de Waard's avatar Maarten de Waard :angel:
Browse files

Merge branch '5-add-luks-key-endpoint' into 'master'

Add endpoint for adding encryption key

Closes #5

See merge request !14
parents 5e8bac28 10c29be4
No related branches found
No related tags found
No related merge requests found
/** /**
* Callback function to change a luks encryption password. * Combined handler for adding and changing luks encryption passwords.
* @param[in] request incoming HTTP request * @param[in] request incoming HTTP request
* @param[out] response HTTP response to the request * @param[out] response HTTP response to the request
* @param[in] user_data extra data to pass between main thread and callbacks * @param[in] is_post this is a post request (true) or a put (false)
* @return internal status code * @return internal status code
*/ */
int callback_encryption_keys_put(const struct _u_request * request, int encryption_keys_change(const struct _u_request * request,
struct _u_response * response, void * user_data) struct _u_response * response, bool is_post)
{ {
int r; int r;
...@@ -31,20 +31,29 @@ int callback_encryption_keys_put(const struct _u_request * request, ...@@ -31,20 +31,29 @@ int callback_encryption_keys_put(const struct _u_request * request,
"missing new password"); "missing new password");
} }
// Read keyslot from request URI. int keyslot;
const char * keyslot_string = u_map_get(request->map_url, "slot"); // Posting a new password, put it in the first available slot.
if (keyslot_string == NULL) if (is_post)
{ {
return send_simple_response(response, 400, "error", keyslot = CRYPT_ANY_SLOT;
"missing url parameter `slot`");
} }
int keyslot; // Changing an existing password, so read the slot from the url.
r = parse_int(keyslot_string, &keyslot); else
if (r != 0)
{ {
printf("invalid url parameter `slot`: %s\n", keyslot_string); // Read keyslot from request URI.
return send_simple_response(response, 400, "error", const char * keyslot_string = u_map_get(request->map_url, "slot");
"invalid url parameter `slot`"); if (keyslot_string == NULL)
{
return send_simple_response(response, 400, "error",
"missing url parameter `slot`");
}
r = parse_int(keyslot_string, &keyslot);
if (r != 0)
{
printf("invalid url parameter `slot`: %s\n", keyslot_string);
return send_simple_response(response, 400, "error",
"invalid url parameter `slot`");
}
} }
// Initialise encrypted container. // Initialise encrypted container.
...@@ -61,9 +70,18 @@ int callback_encryption_keys_put(const struct _u_request * request, ...@@ -61,9 +70,18 @@ int callback_encryption_keys_put(const struct _u_request * request,
"initialising encrypted container failed"); "initialising encrypted container failed");
} }
// Add encryption password. if (is_post)
r = crypt_keyslot_change_by_passphrase(cd, keyslot, keyslot, {
password, strlen(password), new_password, strlen(new_password)); // Add encryption password.
r = crypt_keyslot_add_by_passphrase(cd, keyslot,
password, strlen(password), new_password, strlen(new_password));
}
else
{
// Change encryption password.
r = crypt_keyslot_change_by_passphrase(cd, keyslot, keyslot,
password, strlen(password), new_password, strlen(new_password));
}
if (r == -1) if (r == -1)
{ {
...@@ -75,7 +93,14 @@ int callback_encryption_keys_put(const struct _u_request * request, ...@@ -75,7 +93,14 @@ int callback_encryption_keys_put(const struct _u_request * request,
if (r < 0) if (r < 0)
{ {
// Something else went wrong. // Something else went wrong.
printf("crypt_keyslot_add_by_passphrase failed with status %d\n", r); if (is_post)
{
printf("crypt_keyslot_add_by_passphrase failed with status %d\n", r);
}
else
{
printf("crypt_keyslot_change_by_passphrase failed with status %d\n", r);
}
return send_simple_response(response, 500, "error", return send_simple_response(response, 500, "error",
"error changing password"); "error changing password");
} }
...@@ -83,3 +108,28 @@ int callback_encryption_keys_put(const struct _u_request * request, ...@@ -83,3 +108,28 @@ int callback_encryption_keys_put(const struct _u_request * request,
// If we reach this point, apparently everything went well. // If we reach this point, apparently everything went well.
return send_simple_response(response, 200, "status", "ok"); return send_simple_response(response, 200, "status", "ok");
} }
/**
* Callback function to add a luks encryption password.
* @param[in] request incoming HTTP request
* @param[out] response HTTP response to the request
* @param[in] user_data extra data to pass between main thread and callbacks
* @return internal status code
*/
int callback_encryption_keys_post(const struct _u_request * request,
struct _u_response * response, void * user_data)
{
return encryption_keys_change(request, response, true);
}
/**
* Callback function to change a luks encryption password.
* @param[in] request incoming HTTP request
* @param[out] response HTTP response to the request
* @param[in] user_data extra data to pass between main thread and callbacks
* @return internal status code
*/
int callback_encryption_keys_put(const struct _u_request * request,
struct _u_response * response, void * user_data)
{
return encryption_keys_change(request, response, false);
}
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
#include <api/encryption_remove_post.c> #include <api/encryption_remove_post.c>
#include <api/encryption_unlock_post.c> #include <api/encryption_unlock_post.c>
#include <api/encryption_keys_get.c> #include <api/encryption_keys_get.c>
#include <api/encryption_keys_put.c> #include <api/encryption_keys_put_post.c>
#include <api/ssh_keys_get.c> #include <api/ssh_keys_get.c>
#include <api/ssh_keys_put.c> #include <api/ssh_keys_put.c>
#include <api/ssh_keys_post.c> #include <api/ssh_keys_post.c>
...@@ -58,6 +58,9 @@ int main(int argc, char ** argv) ...@@ -58,6 +58,9 @@ int main(int argc, char ** argv)
ulfius_add_endpoint_by_val(&instance, "GET" , PREFIX, ulfius_add_endpoint_by_val(&instance, "GET" , PREFIX,
"/encryption/keys", "/encryption/keys",
0, &callback_encryption_keys_get, NULL); 0, &callback_encryption_keys_get, NULL);
ulfius_add_endpoint_by_val(&instance, "POST" , PREFIX,
"/encryption/keys",
0, &callback_encryption_keys_post, NULL);
ulfius_add_endpoint_by_val(&instance, "PUT" , PREFIX, ulfius_add_endpoint_by_val(&instance, "PUT" , PREFIX,
"/encryption/keys/:slot", "/encryption/keys/:slot",
0, &callback_encryption_keys_put, NULL); 0, &callback_encryption_keys_put, NULL);
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment