Merge encryption_keys_{post,put}

Replace the very similar encryption_keys_post and encryption_keys_put callback functions by a single handler function, with a boolean flag to separate the two variants.

Merge encryption_keys_{post,put}
Replace the very similar encryption_keys_post and encryption_keys_put callback functions by a single handler function, with a boolean flag to separate the two variants.
c138264d · Arie Peterson · d28b0d27 · d28b0d27 · c138264d · c138264d
Commit c138264d authored 7 years ago by Arie Peterson
--- a/src/api/encryption_keys_put.c
+++ b/src/api/encryption_keys_put.c
-/**
- * Callback function to change a luks encryption password.
- * @param[in]   request   incoming HTTP request
- * @param[out]  response  HTTP response to the request
- * @param[in]   user_data extra data to pass between main thread and callbacks
- * @return                internal status code
- */
-int callback_encryption_keys_put(const struct _u_request * request,
-    struct _u_response * response, void * user_data)
-{
-    int r;
-
-    // Read in json request body.
-    json_t * json_input = ulfius_get_json_body_request(request, NULL);
-
-    // Read (current) password from request.
-    const char * password;
-    password = json_string_value(json_object_get(json_input, "password"));
-    if (password == NULL)
-    {
-        return send_simple_response(response, 400, "error", "missing password");
-    }
-
-    // Read new password from request.
-    const char * new_password;
-    new_password = json_string_value(json_object_get(json_input,
-        "new-password"));
-    if (new_password == NULL)
-    {
-        return send_simple_response(response, 400, "error",
-            "missing new password");
-    }
-
-    // Read keyslot from request URI.
-    const char * keyslot_string = u_map_get(request->map_url, "slot");
-    if (keyslot_string == NULL)
-    {
-        return send_simple_response(response, 400, "error",
-            "missing url parameter `slot`");
-    }
-    int keyslot;
-    r = parse_int(keyslot_string, &keyslot);
-    if (r != 0)
-    {
-        printf("invalid url parameter `slot`: %s\n", keyslot_string);
-        return send_simple_response(response, 400, "error",
-            "invalid url parameter `slot`");
-    }
-
-    // Initialise encrypted container.
-    struct crypt_device * cd = NULL;
-    r = container_initialise(&cd, DATA_PARTITION_DEVICE, true);
-    if (r < 0)
-    {
-        crypt_free(cd);
-    }
-    if (r != 0)
-    {
-        printf("container_initialise failed with status %d\n", r);
-        return send_simple_response(response, 500, "error",
-            "initialising encrypted container failed");
-    }
-
-    // Add encryption password.
-    r = crypt_keyslot_change_by_passphrase(cd, keyslot, keyslot,
-        password, strlen(password), new_password, strlen(new_password));
-  
-    if (r == -1)
-    {
-        // Experience learns that -1 is returned when the password is wrong.
-        return send_simple_response(response, 403, "error",
-           "incorrect password");
-    }
-  
-    if (r < 0)
-    {
-        // Something else went wrong.
-        printf("crypt_keyslot_change_by_passphrase failed with status %d\n", r);
-        return send_simple_response(response, 500, "error",
-            "error changing password");
-    }
-  
-    // If we reach this point, apparently everything went well.
-    return send_simple_response(response, 200, "status", "ok");
-}
--- a/src/api/encryption_keys_post.c
+++ b/src/api/encryption_keys_post.c
 /**
- * Callback function to add a luks encryption password.
+ * Combined handler for adding and changing luks encryption passwords.
 * @param[in]   request   incoming HTTP request
 * @param[out]  response  HTTP response to the request
- * @param[in]   user_data extra data to pass between main thread and callbacks
+ * @param[in]   is_post   this is a post request (true) or a put (false)
 * @return                internal status code
 */
-int callback_encryption_keys_post(const struct _u_request * request,
-    struct _u_response * response, void * user_data)
+int encryption_keys_change(const struct _u_request * request,
+    struct _u_response * response, bool is_post)
 {
    int r;

@@ -31,6 +31,31 @@ int callback_encryption_keys_post(const struct _u_request * request,
            "missing new password");
    }

+    int keyslot;
+    // Posting a new password, put it in the first available slot.
+    if (is_post)
+    {
+        keyslot = CRYPT_ANY_SLOT;
+    }
+    // Changing an existing password, so read the slot from the url.
+    else
+    {
+        // Read keyslot from request URI.
+        const char * keyslot_string = u_map_get(request->map_url, "slot");
+        if (keyslot_string == NULL)
+        {
+            return send_simple_response(response, 400, "error",
+                "missing url parameter `slot`");
+        }
+        r = parse_int(keyslot_string, &keyslot);
+        if (r != 0)
+        {
+            printf("invalid url parameter `slot`: %s\n", keyslot_string);
+            return send_simple_response(response, 400, "error",
+                "invalid url parameter `slot`");
+        }
+    }
+
    // Initialise encrypted container.
    struct crypt_device * cd = NULL;
    r = container_initialise(&cd, DATA_PARTITION_DEVICE, true);
@@ -45,9 +70,18 @@ int callback_encryption_keys_post(const struct _u_request * request,
            "initialising encrypted container failed");
    }

-    // Add encryption password.
-    r = crypt_keyslot_add_by_passphrase(cd, CRYPT_ANY_SLOT,
-        password, strlen(password), new_password, strlen(new_password));
+    if (is_post)
+    {
+        // Add encryption password.
+        r = crypt_keyslot_add_by_passphrase(cd, keyslot,
+            password, strlen(password), new_password, strlen(new_password));
+    }
+    else
+    {
+        // Change encryption password.
+        r = crypt_keyslot_change_by_passphrase(cd, keyslot, keyslot,
+            password, strlen(password), new_password, strlen(new_password));
+    }
  
    if (r == -1)
    {
@@ -67,3 +101,28 @@ int callback_encryption_keys_post(const struct _u_request * request,
    // If we reach this point, apparently everything went well.
    return send_simple_response(response, 200, "status", "ok");
 }
+
+/**
+ * Callback function to add a luks encryption password.
+ * @param[in]   request   incoming HTTP request
+ * @param[out]  response  HTTP response to the request
+ * @param[in]   user_data extra data to pass between main thread and callbacks
+ * @return                internal status code
+ */
+int callback_encryption_keys_post(const struct _u_request * request,
+    struct _u_response * response, void * user_data)
+{
+    return encryption_keys_change(request, response, true);
+}
+/**
+ * Callback function to change a luks encryption password.
+ * @param[in]   request   incoming HTTP request
+ * @param[out]  response  HTTP response to the request
+ * @param[in]   user_data extra data to pass between main thread and callbacks
+ * @return                internal status code
+ */
+int callback_encryption_keys_put(const struct _u_request * request,
+    struct _u_response * response, void * user_data)
+{
+    return encryption_keys_change(request, response, false);
+}
--- a/src/cryptops-api.c
+++ b/src/cryptops-api.c
@@ -11,8 +11,7 @@
 #include <api/encryption_remove_post.c>
 #include <api/encryption_unlock_post.c>
 #include <api/encryption_keys_get.c>
-#include <api/encryption_keys_post.c>
-#include <api/encryption_keys_put.c>
+#include <api/encryption_keys_put_post.c>
 #include <api/ssh_keys_get.c>
 #include <api/ssh_keys_put.c>
 #include <api/ssh_keys_post.c>