some fixes
This commit is contained in:
parent
8001017338
commit
3b96f75c94
@ -76,9 +76,16 @@ impl ServicesContext {
|
|||||||
}
|
}
|
||||||
self.protected_store = Some(protected_store.clone());
|
self.protected_store = Some(protected_store.clone());
|
||||||
|
|
||||||
// Set up tablestore
|
// Set up tablestore and crypto system
|
||||||
trace!("init table store");
|
trace!("create table store and crypto system");
|
||||||
let table_store = TableStore::new(self.config.clone(), protected_store.clone());
|
let table_store = TableStore::new(self.config.clone(), protected_store.clone());
|
||||||
|
let crypto = Crypto::new(self.config.clone(), table_store.clone());
|
||||||
|
table_store.set_crypto(crypto.clone());
|
||||||
|
|
||||||
|
// Initialize table store first, so crypto code can load caches
|
||||||
|
// Tablestore can use crypto during init, just not any cached operations or things
|
||||||
|
// that require flushing back to the tablestore
|
||||||
|
trace!("init table store");
|
||||||
if let Err(e) = table_store.init().await {
|
if let Err(e) = table_store.init().await {
|
||||||
error!("failed to init table store: {}", e);
|
error!("failed to init table store: {}", e);
|
||||||
self.shutdown().await;
|
self.shutdown().await;
|
||||||
@ -88,7 +95,6 @@ impl ServicesContext {
|
|||||||
|
|
||||||
// Set up crypto
|
// Set up crypto
|
||||||
trace!("init crypto");
|
trace!("init crypto");
|
||||||
let crypto = Crypto::new(self.config.clone(), table_store.clone());
|
|
||||||
if let Err(e) = crypto.init().await {
|
if let Err(e) = crypto.init().await {
|
||||||
error!("failed to init crypto: {}", e);
|
error!("failed to init crypto: {}", e);
|
||||||
self.shutdown().await;
|
self.shutdown().await;
|
||||||
|
@ -132,10 +132,6 @@ impl Crypto {
|
|||||||
pub async fn init(&self) -> EyreResult<()> {
|
pub async fn init(&self) -> EyreResult<()> {
|
||||||
trace!("Crypto::init");
|
trace!("Crypto::init");
|
||||||
let table_store = self.unlocked_inner.table_store.clone();
|
let table_store = self.unlocked_inner.table_store.clone();
|
||||||
|
|
||||||
// Set crypto for table store
|
|
||||||
table_store.set_crypto(self.clone());
|
|
||||||
|
|
||||||
// Init node id from config
|
// Init node id from config
|
||||||
if let Err(e) = self
|
if let Err(e) = self
|
||||||
.unlocked_inner
|
.unlocked_inner
|
||||||
|
@ -48,7 +48,7 @@ impl TableStore {
|
|||||||
inner.crypto = Some(crypto);
|
inner.crypto = Some(crypto);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Flush internal control state
|
// Flush internal control state (must not use crypto)
|
||||||
async fn flush(&self) {
|
async fn flush(&self) {
|
||||||
let (all_table_names_value, all_tables_db) = {
|
let (all_table_names_value, all_tables_db) = {
|
||||||
let inner = self.inner.lock();
|
let inner = self.inner.lock();
|
||||||
@ -220,6 +220,7 @@ impl TableStore {
|
|||||||
) -> EyreResult<Vec<u8>> {
|
) -> EyreResult<Vec<u8>> {
|
||||||
// Check if we are to protect the key
|
// Check if we are to protect the key
|
||||||
if device_encryption_key_password.is_empty() {
|
if device_encryption_key_password.is_empty() {
|
||||||
|
debug!("no dek password");
|
||||||
// Return the unprotected key bytes
|
// Return the unprotected key bytes
|
||||||
let mut out = Vec::with_capacity(4 + SHARED_SECRET_LENGTH);
|
let mut out = Vec::with_capacity(4 + SHARED_SECRET_LENGTH);
|
||||||
out.extend_from_slice(&dek.kind.0);
|
out.extend_from_slice(&dek.kind.0);
|
||||||
@ -260,6 +261,7 @@ impl TableStore {
|
|||||||
.load_user_secret("device_encryption_key")
|
.load_user_secret("device_encryption_key")
|
||||||
.await?;
|
.await?;
|
||||||
let Some(dek_bytes) = dek_bytes else {
|
let Some(dek_bytes) = dek_bytes else {
|
||||||
|
debug!("no device encryption key");
|
||||||
return Ok(None);
|
return Ok(None);
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -284,7 +286,7 @@ impl TableStore {
|
|||||||
.protected_store
|
.protected_store
|
||||||
.remove_user_secret("device_encryption_key")
|
.remove_user_secret("device_encryption_key")
|
||||||
.await?;
|
.await?;
|
||||||
trace!("removed device encryption key. existed: {}", existed);
|
debug!("removed device encryption key. existed: {}", existed);
|
||||||
return Ok(());
|
return Ok(());
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -296,6 +298,7 @@ impl TableStore {
|
|||||||
let device_encryption_key_password =
|
let device_encryption_key_password =
|
||||||
if let Some(new_device_encryption_key_password) = new_device_encryption_key_password {
|
if let Some(new_device_encryption_key_password) = new_device_encryption_key_password {
|
||||||
// Change password
|
// Change password
|
||||||
|
debug!("changing dek password");
|
||||||
self.config
|
self.config
|
||||||
.with_mut(|c| {
|
.with_mut(|c| {
|
||||||
c.protected_store.device_encryption_key_password =
|
c.protected_store.device_encryption_key_password =
|
||||||
@ -305,6 +308,7 @@ impl TableStore {
|
|||||||
.unwrap()
|
.unwrap()
|
||||||
} else {
|
} else {
|
||||||
// Get device encryption key protection password if we have it
|
// Get device encryption key protection password if we have it
|
||||||
|
debug!("saving with existing dek password");
|
||||||
let c = self.config.get();
|
let c = self.config.get();
|
||||||
c.protected_store.device_encryption_key_password.clone()
|
c.protected_store.device_encryption_key_password.clone()
|
||||||
};
|
};
|
||||||
@ -319,7 +323,7 @@ impl TableStore {
|
|||||||
.protected_store
|
.protected_store
|
||||||
.save_user_secret("device_encryption_key", &dek_bytes)
|
.save_user_secret("device_encryption_key", &dek_bytes)
|
||||||
.await?;
|
.await?;
|
||||||
trace!("saving device encryption key. existed: {}", existed);
|
debug!("saving device encryption key. existed: {}", existed);
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -244,6 +244,13 @@ pub fn process_command_line() -> EyreResult<(Settings, ArgMatches)> {
|
|||||||
if matches.occurrences_of("delete-table-store") != 0 {
|
if matches.occurrences_of("delete-table-store") != 0 {
|
||||||
settingsrw.core.table_store.delete = true;
|
settingsrw.core.table_store.delete = true;
|
||||||
}
|
}
|
||||||
|
if matches.occurrences_of("password") != 0 {
|
||||||
|
settingsrw.core.protected_store.device_encryption_key_password = matches.value_of("password").unwrap().to_owned();
|
||||||
|
}
|
||||||
|
if matches.occurrences_of("new-password") != 0 {
|
||||||
|
settingsrw.core.protected_store.new_device_encryption_key_password = Some(matches.value_of("new-password").unwrap().to_owned());
|
||||||
|
}
|
||||||
|
|
||||||
if matches.occurrences_of("dump-txt-record") != 0 {
|
if matches.occurrences_of("dump-txt-record") != 0 {
|
||||||
// Turn off terminal logging so we can be interactive
|
// Turn off terminal logging so we can be interactive
|
||||||
settingsrw.logging.terminal.enabled = false;
|
settingsrw.logging.terminal.enabled = false;
|
||||||
|
Loading…
Reference in New Issue
Block a user