some fixes

This commit is contained in:
John Smith 2023-05-26 22:29:26 +01:00
parent 8001017338
commit 3b96f75c94
4 changed files with 23 additions and 10 deletions

View File

@ -76,9 +76,16 @@ impl ServicesContext {
}
self.protected_store = Some(protected_store.clone());
// Set up tablestore
trace!("init table store");
// Set up tablestore and crypto system
trace!("create table store and crypto system");
let table_store = TableStore::new(self.config.clone(), protected_store.clone());
let crypto = Crypto::new(self.config.clone(), table_store.clone());
table_store.set_crypto(crypto.clone());
// Initialize table store first, so crypto code can load caches
// Tablestore can use crypto during init, just not any cached operations or things
// that require flushing back to the tablestore
trace!("init table store");
if let Err(e) = table_store.init().await {
error!("failed to init table store: {}", e);
self.shutdown().await;
@ -88,7 +95,6 @@ impl ServicesContext {
// Set up crypto
trace!("init crypto");
let crypto = Crypto::new(self.config.clone(), table_store.clone());
if let Err(e) = crypto.init().await {
error!("failed to init crypto: {}", e);
self.shutdown().await;

View File

@ -132,10 +132,6 @@ impl Crypto {
pub async fn init(&self) -> EyreResult<()> {
trace!("Crypto::init");
let table_store = self.unlocked_inner.table_store.clone();
// Set crypto for table store
table_store.set_crypto(self.clone());
// Init node id from config
if let Err(e) = self
.unlocked_inner

View File

@ -48,7 +48,7 @@ impl TableStore {
inner.crypto = Some(crypto);
}
// Flush internal control state
// Flush internal control state (must not use crypto)
async fn flush(&self) {
let (all_table_names_value, all_tables_db) = {
let inner = self.inner.lock();
@ -220,6 +220,7 @@ impl TableStore {
) -> EyreResult<Vec<u8>> {
// Check if we are to protect the key
if device_encryption_key_password.is_empty() {
debug!("no dek password");
// Return the unprotected key bytes
let mut out = Vec::with_capacity(4 + SHARED_SECRET_LENGTH);
out.extend_from_slice(&dek.kind.0);
@ -260,6 +261,7 @@ impl TableStore {
.load_user_secret("device_encryption_key")
.await?;
let Some(dek_bytes) = dek_bytes else {
debug!("no device encryption key");
return Ok(None);
};
@ -284,7 +286,7 @@ impl TableStore {
.protected_store
.remove_user_secret("device_encryption_key")
.await?;
trace!("removed device encryption key. existed: {}", existed);
debug!("removed device encryption key. existed: {}", existed);
return Ok(());
};
@ -296,6 +298,7 @@ impl TableStore {
let device_encryption_key_password =
if let Some(new_device_encryption_key_password) = new_device_encryption_key_password {
// Change password
debug!("changing dek password");
self.config
.with_mut(|c| {
c.protected_store.device_encryption_key_password =
@ -305,6 +308,7 @@ impl TableStore {
.unwrap()
} else {
// Get device encryption key protection password if we have it
debug!("saving with existing dek password");
let c = self.config.get();
c.protected_store.device_encryption_key_password.clone()
};
@ -319,7 +323,7 @@ impl TableStore {
.protected_store
.save_user_secret("device_encryption_key", &dek_bytes)
.await?;
trace!("saving device encryption key. existed: {}", existed);
debug!("saving device encryption key. existed: {}", existed);
Ok(())
}

View File

@ -244,6 +244,13 @@ pub fn process_command_line() -> EyreResult<(Settings, ArgMatches)> {
if matches.occurrences_of("delete-table-store") != 0 {
settingsrw.core.table_store.delete = true;
}
if matches.occurrences_of("password") != 0 {
settingsrw.core.protected_store.device_encryption_key_password = matches.value_of("password").unwrap().to_owned();
}
if matches.occurrences_of("new-password") != 0 {
settingsrw.core.protected_store.new_device_encryption_key_password = Some(matches.value_of("new-password").unwrap().to_owned());
}
if matches.occurrences_of("dump-txt-record") != 0 {
// Turn off terminal logging so we can be interactive
settingsrw.logging.terminal.enabled = false;