prepareForS3Sleep: work with secure mode and userid

UtilFunction · Jun 6, 2019 · c1689c7 · c1689c7
1 parent feb841a
commit c1689c7
Show file tree

Hide file tree

Showing 9 changed files with 35 additions and 13 deletions.
diff --git a/Common/DtaDev.cpp b/Common/DtaDev.cpp
@@ -320,7 +320,7 @@ void DtaDev::puke()
 		cout << "**** " << (uint16_t)disk_info.Unknown << " **** Unknown function codes IGNORED " << std::endl;
 }
 
-uint8_t DtaDev::prepareForS3Sleep(uint8_t lockingrange, char* password)
+uint8_t DtaDev::prepareForS3Sleep(uint8_t lockingrange, const char* userid, char* password)
 {
     LOG(E) << "S3 sleep not supported on this platform";
     return 1;

diff --git a/Common/DtaDev.h b/Common/DtaDev.h
@@ -260,9 +260,10 @@ class DtaDev {
 	virtual uint8_t eraseLockingRange(uint8_t lockingrange, char * password) = 0;
     /** Optionally implemented s3 sleep support.
      * On Linux, it saves the password to the kernel to use on resume.
+     * @param userid the user to save along with the password
      * @param password the password to save to the kernel
      */
-    virtual uint8_t prepareForS3Sleep(uint8_t lockingrange, char* password);
+    virtual uint8_t prepareForS3Sleep(uint8_t lockingrange, const char* userid, char* password);
 	/** Dumps an object for diagnostic purposes
 	 * @param sp index into the OPALUID table for the SP the object is in
 	 * @param auth the authority ti use for the dump

diff --git a/Common/DtaDevOpal.h b/Common/DtaDevOpal.h
@@ -124,7 +124,7 @@ class DtaDevOpal : public DtaDevOS {
           *  @param column UID or CPIN to be returned
           *  @param userData The UIS or CPIN of the USER
           */
-	uint8_t getAuth4User(const char * userid, uint8_t column, std::vector<uint8_t> &userData);
+	static uint8_t getAuth4User(const char * userid, uint8_t column, std::vector<uint8_t> &userData);
         /**  Enable a user in the Locking SP  
          * @param password the password of the Locking SP administrative authority 
          * @param userid Character name of the user to be enabled

diff --git a/Common/DtaOptions.cpp b/Common/DtaOptions.cpp
@@ -103,7 +103,7 @@ void usage()
     printf("--printPasswordHash <password> <device>\n");
     printf("                                print the hash of the password \n");
     printf("                                as computed by sedutil. Hex-ecoded.\n");
-    printf("--prepareForS3Sleep <0...n> <Admin1password> <device>\n");
+    printf("--prepareForS3Sleep <0...n> <userid> <password> <device>\n");
     printf("                                Automatically unlock range after S3 resume\n");
     printf("                                This command will save the password to kernel memory\n");
     printf("\n");
@@ -556,7 +556,7 @@ uint8_t DtaOptions(int argc, char * argv[], DTA_OPTIONS * opts)
             OPTION_IS(password)
             OPTION_IS(device)
         END_OPTION
-		BEGIN_OPTION(prepareForS3Sleep, 3, 3)
+		BEGIN_OPTION(prepareForS3Sleep, 4, 3)
 			TESTARG(0, lockingrange, 0)
 			TESTARG(1, lockingrange, 1)
 			TESTARG(2, lockingrange, 2)
@@ -574,6 +574,7 @@ uint8_t DtaOptions(int argc, char * argv[], DTA_OPTIONS * opts)
 			TESTARG(14, lockingrange, 14)
 			TESTARG(15, lockingrange, 15)
 			TESTFAIL("Invalid Locking Range (0-15)")
+			OPTION_IS(userid)
 			OPTION_IS(password)
 			OPTION_IS(device)
 		END_OPTION

diff --git a/Common/sedutil.cpp b/Common/sedutil.cpp
@@ -274,7 +274,7 @@ int main(int argc, char * argv[])
         break;
 	case sedutiloption::prepareForS3Sleep:
         LOG(D) << "Preparing for S3 sleep " << (uint16_t) opts.lockingrange;
-        return d->prepareForS3Sleep(opts.lockingrange, argv[opts.password]);
+        return d->prepareForS3Sleep(opts.lockingrange, argv[opts.userid], GET_PASSWORD());
 		break;
 	case sedutiloption::rawCmd:
 		LOG(D) << "Performing cmdDump ";

diff --git a/linux/DtaDevLinuxDrive.cpp b/linux/DtaDevLinuxDrive.cpp
@@ -24,15 +24,29 @@ along with sedutil.  If not, see <http://www.gnu.org/licenses/>.
 
 using namespace std;
 
-uint8_t DtaDevLinuxDrive::prepareForS3Sleep(uint8_t lockingrange, const std::shared_ptr<SecureByteVector> &hash)
+uint8_t DtaDevLinuxDrive::prepareForS3Sleep(uint8_t lockingrange, const char *userid, const std::shared_ptr<SecureByteVector> &hash)
 {
     LOG(D1) << "Entering DtaDevLinuxDrive::prepareForS3Sleep";
 
     opal_lock_unlock opal_ioctl_data={};
     opal_ioctl_data.l_state = OPAL_RW;
-    opal_ioctl_data.session.who = OPAL_ADMIN1;
     opal_ioctl_data.session.opal_key.lr = 0;
 
+    if (!strcmp("Admin1", userid))
+    {
+        opal_ioctl_data.session.who = OPAL_ADMIN1;
+    }
+    else if (!memcmp("User", userid, 4))
+    {
+        int n = atoi(&userid[4]);
+        opal_ioctl_data.session.who = OPAL_USER1 + n - 1;
+    }
+    else
+    {
+        LOG(E) << "Invalid userid \"" << userid << "\"specified for prepareForS3Sleep";
+        return -1;
+    }
+
     size_t hash_len = min(hash->size(), sizeof(opal_ioctl_data.session.opal_key.key));
     LOG(D2) << "Setting a hash of length" << hash_len;
 

diff --git a/linux/DtaDevLinuxDrive.h b/linux/DtaDevLinuxDrive.h
@@ -48,6 +48,6 @@ class DtaDevLinuxDrive {
     /** Routine to send an identify to the device */
     virtual void identify(OPAL_DiskInfo& disk_info) = 0;
     /** Save the password hash to the kernel for S3 sleep wakeup */
-    uint8_t prepareForS3Sleep(uint8_t lockingrange, const std::shared_ptr<SecureByteVector> &hash);
+    uint8_t prepareForS3Sleep(uint8_t lockingrange, const char *userid, const std::shared_ptr<SecureByteVector> &hash);
     int fd; /**< Linux handle for the device  */
 };
diff --git a/linux/DtaDevOS.cpp b/linux/DtaDevOS.cpp
@@ -168,7 +168,7 @@ int  DtaDevOS::diskScan()
 	return 0;
 }
 
-uint8_t DtaDevOS::prepareForS3Sleep(uint8_t lockingrange, char* password)
+uint8_t DtaDevOS::prepareForS3Sleep(uint8_t lockingrange, const char* userid, char* password)
 {
     LOG(D1) << "Entering DtaDevOS::prepareForS3Sleep ";
     LOG(D2) << "Starting testing of password ";
@@ -178,7 +178,13 @@ uint8_t DtaDevOS::prepareForS3Sleep(uint8_t lockingrange, char* password)
 		return DTAERROR_OBJECT_CREATE_FAILED;
 	}
     int err;
-	if ((err = session->start(OPAL_UID::OPAL_LOCKINGSP_UID, password, OPAL_UID::OPAL_ADMIN1_UID)) != 0) {
+	vector<uint8_t> userUID;
+	if ((err = DtaDevOpal::getAuth4User(userid, 0, userUID)) != 0) {
+		LOG(E) << "Unable to find user " << userid << " in Authority Table";
+		delete session;
+		return err;
+	}
+	if ((err = session->start(OPAL_UID::OPAL_LOCKINGSP_UID, password, userUID)) != 0) {
 		delete session;
 		LOG(E) << "Unable to authenticate with the given password";
 		return err;
@@ -189,7 +195,7 @@ uint8_t DtaDevOS::prepareForS3Sleep(uint8_t lockingrange, char* password)
     DtaHashPwd(hash, password, this);
     hash->erase(hash->begin(), hash->begin()+2);
 
-    err = drive->prepareForS3Sleep(0, hash);
+    err = drive->prepareForS3Sleep(0, userid, hash);
     if (err)
     {
         LOG(E) << "Error saving the password to  the kernel errno = " << errno;

diff --git a/linux/DtaDevOS.h b/linux/DtaDevOS.h
@@ -50,7 +50,7 @@ class DtaDevOS : public DtaDev {
     /** A static class to scan for supported drives */
     static int diskScan();
     /** Save device key to kernel for S3 sleep resume */
-    uint8_t prepareForS3Sleep(uint8_t lockingrange, char* password);
+    uint8_t prepareForS3Sleep(uint8_t lockingrange, const char* userid, char* password);
 protected:
     /** OS specific command to Wait for specified number of milliseconds 
      * @param ms  number of milliseconds to wait