octoleo/restic
2
2
Fork 0
mirror of https://github.com/octoleo/restic.git synced 2024-11-22 12:55:18 +00:00
Code Issues Releases Wiki Activity

identify keys by ID and not name

Browse Source
This commit is contained in:
Michael Eischer 2022-10-15 16:01:38 +02:00
parent 02634dce7a
commit 8d62a7adb4
4 changed files with 43 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/restic/cmd_cat.go
View File

@ -93,7 +93,7 @@ func runCat(ctx context.Context, gopts GlobalOptions, args []string) error {
Println(string(buf)) Println(string(buf))
return nil return nil
case "key": case "key":
key, err := repository.LoadKey(ctx, repo, id.String()) key, err := repository.LoadKey(ctx, repo, id)
if err != nil { if err != nil {
return err return err
} }

22
cmd/restic/cmd_key.go
View File

@ -59,14 +59,14 @@ func listKeys(ctx context.Context, s *repository.Repository, gopts GlobalOptions
var keys []keyInfo var keys []keyInfo
err := s.List(ctx, restic.KeyFile, func(id restic.ID, size int64) error { err := s.List(ctx, restic.KeyFile, func(id restic.ID, size int64) error {
k, err := repository.LoadKey(ctx, s, id.String()) k, err := repository.LoadKey(ctx, s, id)
if err != nil { if err != nil {
Warnf("LoadKey() failed: %v\n", err) Warnf("LoadKey() failed: %v\n", err)
return nil return nil
} }
key := keyInfo{ key := keyInfo{
Current: id.String() == s.KeyName(), Current: id == s.KeyID(),
ID: id.Str(), ID: id.Str(),
UserName: k.Username, UserName: k.Username,
HostName: k.Hostname, HostName: k.Hostname,
@ -141,18 +141,18 @@ func addKey(ctx context.Context, repo *repository.Repository, gopts GlobalOption
return nil return nil
} }
func deleteKey(ctx context.Context, repo *repository.Repository, name string) error { func deleteKey(ctx context.Context, repo *repository.Repository, id restic.ID) error {
if name == repo.KeyName() { if id == repo.KeyID() {
return errors.Fatal("refusing to remove key currently used to access repository") return errors.Fatal("refusing to remove key currently used to access repository")
} }
h := restic.Handle{Type: restic.KeyFile, Name: name} h := restic.Handle{Type: restic.KeyFile, Name: id.String()}
err := repo.Backend().Remove(ctx, h) err := repo.Backend().Remove(ctx, h)
if err != nil { if err != nil {
return err return err
} }
Verbosef("removed key %v\n", name) Verbosef("removed key %v\n", id)
return nil return nil
} }
@ -166,14 +166,14 @@ func changePassword(ctx context.Context, repo *repository.Repository, gopts Glob
if err != nil { if err != nil {
return errors.Fatalf("creating new key failed: %v\n", err) return errors.Fatalf("creating new key failed: %v\n", err)
} }
oldID := repo.KeyName() oldID := repo.KeyID()
err = switchToNewKeyAndRemoveIfBroken(ctx, repo, id, pw) err = switchToNewKeyAndRemoveIfBroken(ctx, repo, id, pw)
if err != nil { if err != nil {
return err return err
} }
h := restic.Handle{Type: restic.KeyFile, Name: oldID} h := restic.Handle{Type: restic.KeyFile, Name: oldID.String()}
err = repo.Backend().Remove(ctx, h) err = repo.Backend().Remove(ctx, h)
if err != nil { if err != nil {
return err return err
@ -187,10 +187,10 @@ func changePassword(ctx context.Context, repo *repository.Repository, gopts Glob
func switchToNewKeyAndRemoveIfBroken(ctx context.Context, repo *repository.Repository, key *repository.Key, pw string) error { func switchToNewKeyAndRemoveIfBroken(ctx context.Context, repo *repository.Repository, key *repository.Key, pw string) error {
// Verify new key to make sure it really works. A broken key can render the // Verify new key to make sure it really works. A broken key can render the
// whole repository inaccessible // whole repository inaccessible
err := repo.SearchKey(ctx, pw, 0, key.Name()) err := repo.SearchKey(ctx, pw, 0, key.ID().String())
if err != nil { if err != nil {
// the key is invalid, try to remove it // the key is invalid, try to remove it
h := restic.Handle{Type: restic.KeyFile, Name: key.Name()} h := restic.Handle{Type: restic.KeyFile, Name: key.ID().String()}
_ = repo.Backend().Remove(ctx, h) _ = repo.Backend().Remove(ctx, h)
return errors.Fatalf("failed to access repository with new key: %v", err) return errors.Fatalf("failed to access repository with new key: %v", err)
} }
@ -236,7 +236,7 @@ func runKey(ctx context.Context, gopts GlobalOptions, args []string) error {
return err return err
} }
return deleteKey(ctx, repo, id.String()) return deleteKey(ctx, repo, id)
case "passwd": case "passwd":
lock, ctx, err := lockRepoExclusive(ctx, repo) lock, ctx, err := lockRepoExclusive(ctx, repo)
defer unlockRepo(lock) defer unlockRepo(lock)

43
internal/repository/key.go
View File

@ -40,7 +40,7 @@ type Key struct {
user *crypto.Key user *crypto.Key
master *crypto.Key master *crypto.Key
name string id restic.ID
} }
// Params tracks the parameters used for the KDF. If not set, it will be // Params tracks the parameters used for the KDF. If not set, it will be
@ -62,10 +62,10 @@ func createMasterKey(ctx context.Context, s *Repository, password string) (*Key,
} }
// OpenKey tries do decrypt the key specified by name with the given password. // OpenKey tries do decrypt the key specified by name with the given password.
func OpenKey(ctx context.Context, s *Repository, name string, password string) (*Key, error) { func OpenKey(ctx context.Context, s *Repository, id restic.ID, password string) (*Key, error) {
k, err := LoadKey(ctx, s, name) k, err := LoadKey(ctx, s, id)
if err != nil { if err != nil {
debug.Log("LoadKey(%v) returned error %v", name, err) debug.Log("LoadKey(%v) returned error %v", id.String(), err)
return nil, err return nil, err
} }
@ -99,7 +99,7 @@ func OpenKey(ctx context.Context, s *Repository, name string, password string) (
debug.Log("Unmarshal() returned error %v", err) debug.Log("Unmarshal() returned error %v", err)
return nil, errors.Wrap(err, "Unmarshal") return nil, errors.Wrap(err, "Unmarshal")
} }
k.name = name k.id = id
if !k.Valid() { if !k.Valid() {
return nil, errors.New("Invalid key for repository") return nil, errors.New("Invalid key for repository")
@ -119,7 +119,7 @@ func SearchKey(ctx context.Context, s *Repository, password string, maxKeys int,
id, err := restic.Find(ctx, s.Backend(), restic.KeyFile, keyHint) id, err := restic.Find(ctx, s.Backend(), restic.KeyFile, keyHint)
if err == nil { if err == nil {
key, err := OpenKey(ctx, s, id.String(), password) key, err := OpenKey(ctx, s, id, password)
if err == nil { if err == nil {
debug.Log("successfully opened hinted key %v", id) debug.Log("successfully opened hinted key %v", id)
@ -136,22 +136,16 @@ func SearchKey(ctx context.Context, s *Repository, password string, maxKeys int,
defer cancel() defer cancel()
// try at most maxKeys keys in repo // try at most maxKeys keys in repo
err = s.Backend().List(listCtx, restic.KeyFile, func(fi restic.FileInfo) error { err = s.List(listCtx, restic.KeyFile, func(id restic.ID, size int64) error {
checked++ checked++
if maxKeys > 0 && checked > maxKeys { if maxKeys > 0 && checked > maxKeys {
return ErrMaxKeysReached return ErrMaxKeysReached
} }
_, err := restic.ParseID(fi.Name) debug.Log("trying key %q", id.String())
key, err := OpenKey(ctx, s, id, password)
if err != nil { if err != nil {
debug.Log("rejecting key with invalid name: %v", fi.Name) debug.Log("key %v returned error %v", id.String(), err)
return nil
}
debug.Log("trying key %q", fi.Name)
key, err := OpenKey(ctx, s, fi.Name, password)
if err != nil {
debug.Log("key %v returned error %v", fi.Name, err)
// ErrUnauthenticated means the password is wrong, try the next key // ErrUnauthenticated means the password is wrong, try the next key
if errors.Is(err, crypto.ErrUnauthenticated) { if errors.Is(err, crypto.ErrUnauthenticated) {
@ -161,7 +155,7 @@ func SearchKey(ctx context.Context, s *Repository, password string, maxKeys int,
return err return err
} }
debug.Log("successfully opened key %v", fi.Name) debug.Log("successfully opened key %v", id.String())
k = key k = key
cancel() cancel()
return nil return nil
@ -183,8 +177,8 @@ func SearchKey(ctx context.Context, s *Repository, password string, maxKeys int,
} }
// LoadKey loads a key from the backend. // LoadKey loads a key from the backend.
func LoadKey(ctx context.Context, s *Repository, name string) (k *Key, err error) { func LoadKey(ctx context.Context, s *Repository, id restic.ID) (k *Key, err error) {
h := restic.Handle{Type: restic.KeyFile, Name: name} h := restic.Handle{Type: restic.KeyFile, Name: id.String()}
data, err := backend.LoadAll(ctx, nil, s.be, h) data, err := backend.LoadAll(ctx, nil, s.be, h)
if err != nil { if err != nil {
return nil, err return nil, err
@ -274,10 +268,11 @@ func AddKey(ctx context.Context, s *Repository, password, username, hostname str
return nil, errors.Wrap(err, "Marshal") return nil, errors.Wrap(err, "Marshal")
} }
id := restic.Hash(buf)
// store in repository and return // store in repository and return
h := restic.Handle{ h := restic.Handle{
Type: restic.KeyFile, Type: restic.KeyFile,
Name: restic.Hash(buf).String(), Name: id.String(),
} }
err = s.be.Save(ctx, h, restic.NewByteReader(buf, s.be.Hasher())) err = s.be.Save(ctx, h, restic.NewByteReader(buf, s.be.Hasher()))
@ -285,7 +280,7 @@ func AddKey(ctx context.Context, s *Repository, password, username, hostname str
return nil, err return nil, err
} }
newkey.name = h.Name newkey.id = id
return newkey, nil return newkey, nil
} }
@ -297,9 +292,9 @@ func (k *Key) String() string {
return fmt.Sprintf("<Key of %s@%s, created on %s>", k.Username, k.Hostname, k.Created) return fmt.Sprintf("<Key of %s@%s, created on %s>", k.Username, k.Hostname, k.Created)
} }
// Name returns an identifier for the key. // ID returns an identifier for the key.
func (k Key) Name() string { func (k Key) ID() restic.ID {
return k.name return k.id
} }
// Valid tests whether the mac and encryption keys are valid (i.e. not zero) // Valid tests whether the mac and encryption keys are valid (i.e. not zero)

24
internal/repository/repository.go
View File

@ -35,12 +35,12 @@ const MaxPackSize = 128 * 1024 * 1024
// Repository is used to access a repository in a backend. // Repository is used to access a repository in a backend.
type Repository struct { type Repository struct {
be restic.Backend be restic.Backend
cfg restic.Config cfg restic.Config
key *crypto.Key key *crypto.Key
keyName string keyID restic.ID
idx *index.MasterIndex idx *index.MasterIndex
Cache *cache.Cache Cache *cache.Cache
opts Options opts Options
@ -709,10 +709,10 @@ func (r *Repository) SearchKey(ctx context.Context, password string, maxKeys int
} }
r.key = key.master r.key = key.master
r.keyName = key.Name() r.keyID = key.ID()
cfg, err := restic.LoadConfig(ctx, r) cfg, err := restic.LoadConfig(ctx, r)
if err == crypto.ErrUnauthenticated { if err == crypto.ErrUnauthenticated {
return errors.Fatalf("config or key %v is damaged: %v", key.Name(), err) return errors.Fatalf("config or key %v is damaged: %v", key.ID(), err)
} else if err != nil { } else if err != nil {
return errors.Fatalf("config cannot be loaded: %v", err) return errors.Fatalf("config cannot be loaded: %v", err)
} }
@ -760,7 +760,7 @@ func (r *Repository) init(ctx context.Context, password string, cfg restic.Confi
} }
r.key = key.master r.key = key.master
r.keyName = key.Name() r.keyID = key.ID()
r.setConfig(cfg) r.setConfig(cfg)
return restic.SaveConfig(ctx, r, cfg) return restic.SaveConfig(ctx, r, cfg)
} }
@ -770,9 +770,9 @@ func (r *Repository) Key() *crypto.Key {
return r.key return r.key
} }
// KeyName returns the name of the current key in the backend. // KeyID returns the id of the current key in the backend.
func (r *Repository) KeyName() string { func (r *Repository) KeyID() restic.ID {
return r.keyName return r.keyID
} }
// List runs fn for all files of type t in the repo. // List runs fn for all files of type t in the repo.