some fixes

This commit is contained in:
John Smith 2023-05-26 22:29:26 +01:00
parent 8001017338
commit 3b96f75c94
4 changed files with 23 additions and 10 deletions

View File

@ -76,9 +76,16 @@ impl ServicesContext {
} }
self.protected_store = Some(protected_store.clone()); self.protected_store = Some(protected_store.clone());
// Set up tablestore // Set up tablestore and crypto system
trace!("init table store"); trace!("create table store and crypto system");
let table_store = TableStore::new(self.config.clone(), protected_store.clone()); let table_store = TableStore::new(self.config.clone(), protected_store.clone());
let crypto = Crypto::new(self.config.clone(), table_store.clone());
table_store.set_crypto(crypto.clone());
// Initialize table store first, so crypto code can load caches
// Tablestore can use crypto during init, just not any cached operations or things
// that require flushing back to the tablestore
trace!("init table store");
if let Err(e) = table_store.init().await { if let Err(e) = table_store.init().await {
error!("failed to init table store: {}", e); error!("failed to init table store: {}", e);
self.shutdown().await; self.shutdown().await;
@ -88,7 +95,6 @@ impl ServicesContext {
// Set up crypto // Set up crypto
trace!("init crypto"); trace!("init crypto");
let crypto = Crypto::new(self.config.clone(), table_store.clone());
if let Err(e) = crypto.init().await { if let Err(e) = crypto.init().await {
error!("failed to init crypto: {}", e); error!("failed to init crypto: {}", e);
self.shutdown().await; self.shutdown().await;

View File

@ -132,10 +132,6 @@ impl Crypto {
pub async fn init(&self) -> EyreResult<()> { pub async fn init(&self) -> EyreResult<()> {
trace!("Crypto::init"); trace!("Crypto::init");
let table_store = self.unlocked_inner.table_store.clone(); let table_store = self.unlocked_inner.table_store.clone();
// Set crypto for table store
table_store.set_crypto(self.clone());
// Init node id from config // Init node id from config
if let Err(e) = self if let Err(e) = self
.unlocked_inner .unlocked_inner

View File

@ -48,7 +48,7 @@ impl TableStore {
inner.crypto = Some(crypto); inner.crypto = Some(crypto);
} }
// Flush internal control state // Flush internal control state (must not use crypto)
async fn flush(&self) { async fn flush(&self) {
let (all_table_names_value, all_tables_db) = { let (all_table_names_value, all_tables_db) = {
let inner = self.inner.lock(); let inner = self.inner.lock();
@ -220,6 +220,7 @@ impl TableStore {
) -> EyreResult<Vec<u8>> { ) -> EyreResult<Vec<u8>> {
// Check if we are to protect the key // Check if we are to protect the key
if device_encryption_key_password.is_empty() { if device_encryption_key_password.is_empty() {
debug!("no dek password");
// Return the unprotected key bytes // Return the unprotected key bytes
let mut out = Vec::with_capacity(4 + SHARED_SECRET_LENGTH); let mut out = Vec::with_capacity(4 + SHARED_SECRET_LENGTH);
out.extend_from_slice(&dek.kind.0); out.extend_from_slice(&dek.kind.0);
@ -260,6 +261,7 @@ impl TableStore {
.load_user_secret("device_encryption_key") .load_user_secret("device_encryption_key")
.await?; .await?;
let Some(dek_bytes) = dek_bytes else { let Some(dek_bytes) = dek_bytes else {
debug!("no device encryption key");
return Ok(None); return Ok(None);
}; };
@ -284,7 +286,7 @@ impl TableStore {
.protected_store .protected_store
.remove_user_secret("device_encryption_key") .remove_user_secret("device_encryption_key")
.await?; .await?;
trace!("removed device encryption key. existed: {}", existed); debug!("removed device encryption key. existed: {}", existed);
return Ok(()); return Ok(());
}; };
@ -296,6 +298,7 @@ impl TableStore {
let device_encryption_key_password = let device_encryption_key_password =
if let Some(new_device_encryption_key_password) = new_device_encryption_key_password { if let Some(new_device_encryption_key_password) = new_device_encryption_key_password {
// Change password // Change password
debug!("changing dek password");
self.config self.config
.with_mut(|c| { .with_mut(|c| {
c.protected_store.device_encryption_key_password = c.protected_store.device_encryption_key_password =
@ -305,6 +308,7 @@ impl TableStore {
.unwrap() .unwrap()
} else { } else {
// Get device encryption key protection password if we have it // Get device encryption key protection password if we have it
debug!("saving with existing dek password");
let c = self.config.get(); let c = self.config.get();
c.protected_store.device_encryption_key_password.clone() c.protected_store.device_encryption_key_password.clone()
}; };
@ -319,7 +323,7 @@ impl TableStore {
.protected_store .protected_store
.save_user_secret("device_encryption_key", &dek_bytes) .save_user_secret("device_encryption_key", &dek_bytes)
.await?; .await?;
trace!("saving device encryption key. existed: {}", existed); debug!("saving device encryption key. existed: {}", existed);
Ok(()) Ok(())
} }

View File

@ -244,6 +244,13 @@ pub fn process_command_line() -> EyreResult<(Settings, ArgMatches)> {
if matches.occurrences_of("delete-table-store") != 0 { if matches.occurrences_of("delete-table-store") != 0 {
settingsrw.core.table_store.delete = true; settingsrw.core.table_store.delete = true;
} }
if matches.occurrences_of("password") != 0 {
settingsrw.core.protected_store.device_encryption_key_password = matches.value_of("password").unwrap().to_owned();
}
if matches.occurrences_of("new-password") != 0 {
settingsrw.core.protected_store.new_device_encryption_key_password = Some(matches.value_of("new-password").unwrap().to_owned());
}
if matches.occurrences_of("dump-txt-record") != 0 { if matches.occurrences_of("dump-txt-record") != 0 {
// Turn off terminal logging so we can be interactive // Turn off terminal logging so we can be interactive
settingsrw.logging.terminal.enabled = false; settingsrw.logging.terminal.enabled = false;