summaryrefslogtreecommitdiff
path: root/usr/src/cmd/dumpadm
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/cmd/dumpadm')
-rw-r--r--usr/src/cmd/dumpadm/Makefile8
-rw-r--r--usr/src/cmd/dumpadm/dconf.c39
-rw-r--r--usr/src/cmd/dumpadm/dconf.h2
-rw-r--r--usr/src/cmd/dumpadm/dumpadm.conf11
-rw-r--r--usr/src/cmd/dumpadm/main.c14
-rw-r--r--usr/src/cmd/dumpadm/svc-dumpadm14
6 files changed, 78 insertions, 10 deletions
diff --git a/usr/src/cmd/dumpadm/Makefile b/usr/src/cmd/dumpadm/Makefile
index e1303c5d0e..c6b80188fa 100644
--- a/usr/src/cmd/dumpadm/Makefile
+++ b/usr/src/cmd/dumpadm/Makefile
@@ -26,12 +26,12 @@
PROG = dumpadm
MANIFEST = dumpadm.xml
SVCMETHOD= svc-dumpadm
+ETCFILES= dumpadm.conf
OBJS = main.o dconf.o minfree.o utils.o swap.o
SRCS = $(OBJS:.o=.c)
-
-lint := LINTFLAGS = -mx
+ROOTETCFILES= $(ETCFILES:%=$(ROOTETC)/%)
include ../Makefile.cmd
@@ -52,13 +52,11 @@ $(PROG): $(OBJS)
$(LINK.c) -o $@ $(OBJS) $(LDLIBS)
$(POST_PROCESS)
-install: all $(ROOTUSRSBINPROG) $(ROOTMANIFEST) $(ROOTSVCMETHOD)
+install: all $(ROOTUSRSBINPROG) $(ROOTMANIFEST) $(ROOTSVCMETHOD) $(ROOTETCFILES)
check: $(CHKMANIFEST)
clean:
$(RM) $(OBJS)
-lint: lint_SRCS
-
include ../Makefile.targ
diff --git a/usr/src/cmd/dumpadm/dconf.c b/usr/src/cmd/dumpadm/dconf.c
index dc5355ba48..6e549afaa7 100644
--- a/usr/src/cmd/dumpadm/dconf.c
+++ b/usr/src/cmd/dumpadm/dconf.c
@@ -28,6 +28,7 @@
#include <sys/stat.h>
#include <sys/swap.h>
#include <sys/dumpadm.h>
+#include <sys/dumphdr.h>
#include <sys/utsname.h>
#include <unistd.h>
@@ -539,6 +540,42 @@ dconf_get_dumpsize(dumpconf_t *dcp)
return (0);
}
+int
+dconf_set_crypt(dumpconf_t *dcp, const char *keyfile)
+{
+ int fd;
+ uint8_t key[DUMP_CRYPT_KEYLEN];
+
+ if ((fd = open(keyfile, O_RDONLY)) == -1) {
+ warn(gettext("failed to open %s"), keyfile);
+ return (-1);
+ }
+
+ if (read(fd, key, sizeof (key)) != sizeof (key)) {
+ warn(gettext("failed to read %d byte key from %s"),
+ DUMP_CRYPT_KEYLEN, keyfile);
+ (void) close(fd);
+ return (-1);
+ }
+
+ (void) close(fd);
+
+ if (ioctl(dcp->dc_dump_fd, DIOCSCRYPTKEY, key) == -1) {
+ warn(gettext("failed to set encryption key"));
+ return (-1);
+ }
+
+ /*
+ * Reload our config flags as they may have changed.
+ */
+ if ((dcp->dc_cflags = ioctl(dcp->dc_dump_fd, DIOCGETCONF, 0)) == -1) {
+ warn(gettext("failed to get kernel dump settings"));
+ return (-1);
+ }
+
+ return (0);
+}
+
void
dconf_print(dumpconf_t *dcp, FILE *fp)
{
@@ -580,6 +617,8 @@ dconf_print(dumpconf_t *dcp, FILE *fp)
(void) fprintf(fp, gettext(" Save compressed: %s\n"),
(dcp->dc_csave == DC_UNCOMPRESSED) ? gettext("off") :
gettext("on"));
+ (void) fprintf(fp, gettext(" Dump encrypted: %s\n"),
+ (dcp->dc_cflags & DUMP_ENCRYPT) ? gettext("yes") : gettext("no"));
}
int
diff --git a/usr/src/cmd/dumpadm/dconf.h b/usr/src/cmd/dumpadm/dconf.h
index 74920f0def..e2f609cee7 100644
--- a/usr/src/cmd/dumpadm/dconf.h
+++ b/usr/src/cmd/dumpadm/dconf.h
@@ -21,6 +21,7 @@
/*
* Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright 2015 Nexenta Systems, Inc. All rights reserved.
+ * Copyright 2019 Joyent, Inc.
*/
#ifndef _DCONF_H
@@ -73,6 +74,7 @@ extern int dconf_update(dumpconf_t *, int);
extern void dconf_print(dumpconf_t *, FILE *);
extern int dconf_write_uuid(dumpconf_t *);
extern int dconf_get_dumpsize(dumpconf_t *);
+extern int dconf_set_crypt(dumpconf_t *, const char *);
extern int dconf_str2device(dumpconf_t *, char *);
extern int dconf_str2savdir(dumpconf_t *, char *);
diff --git a/usr/src/cmd/dumpadm/dumpadm.conf b/usr/src/cmd/dumpadm/dumpadm.conf
new file mode 100644
index 0000000000..804e1da11a
--- /dev/null
+++ b/usr/src/cmd/dumpadm/dumpadm.conf
@@ -0,0 +1,11 @@
+#
+# dumpadm.conf
+#
+# Configuration parameters for system crash dump.
+# Do NOT edit this file by hand -- use dumpadm(1m) instead.
+#
+DUMPADM_DEVICE=/dev/zvol/dsk/zones/dump
+DUMPADM_SAVDIR=/var/crash/volatile
+DUMPADM_CONTENT=kernel
+DUMPADM_ENABLE=no
+DUMPADM_CSAVE=on
diff --git a/usr/src/cmd/dumpadm/main.c b/usr/src/cmd/dumpadm/main.c
index 07a7dd5207..dccafbba33 100644
--- a/usr/src/cmd/dumpadm/main.c
+++ b/usr/src/cmd/dumpadm/main.c
@@ -21,6 +21,7 @@
/*
* Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright 2015 Nexenta Systems, Inc. All rights reserved.
+ * Copyright 2019 Joyent, Inc.
*/
#include <sys/stat.h>
@@ -36,10 +37,10 @@
static const char USAGE[] = "\
Usage: %s [-enuy] [-c kernel | curproc | all ]\n\
- [-d dump-device | swap | none ] [-m min {k|m|%%} ] [-s savecore-dir]\n\
- [-r root-dir] [-z on|off]\n";
+ [-d dump-device | swap | none ] [-k key-file] [-m min {k|m|%%} ]\n\
+ [-s savecore-dir] [-r root-dir] [-z on|off]\n";
-static const char OPTS[] = "einuyc:d:m:s:r:z:";
+static const char OPTS[] = "einuyc:d:m:s:r:z:k:";
static const char PATH_DEVICE[] = "/dev/dump";
static const char PATH_CONFIG[] = "/etc/dumpadm.conf";
@@ -57,6 +58,7 @@ main(int argc, char *argv[])
int dcmode = DC_CURRENT; /* kernel settings override unless -u */
int modified = 0; /* have we modified the dump config? */
char *minfstr = NULL; /* string value of -m argument */
+ char *keyfile = NULL; /* key file for -k argument */
dumpconf_t dc; /* current configuration */
int chrooted = 0;
int douuid = 0;
@@ -136,6 +138,9 @@ main(int argc, char *argv[])
}
douuid++;
break;
+ case 'k':
+ keyfile = optarg;
+ break;
case 'm':
minfstr = optarg;
@@ -191,6 +196,9 @@ main(int argc, char *argv[])
return (E_ERROR);
}
+ if (keyfile != NULL && dconf_set_crypt(&dc, keyfile) == -1)
+ return (E_ERROR);
+
if (dcmode == DC_OVERRIDE) {
/*
* In override mode, we try to force an update. If this
diff --git a/usr/src/cmd/dumpadm/svc-dumpadm b/usr/src/cmd/dumpadm/svc-dumpadm
index 316e075754..488ba8d54d 100644
--- a/usr/src/cmd/dumpadm/svc-dumpadm
+++ b/usr/src/cmd/dumpadm/svc-dumpadm
@@ -21,6 +21,7 @@
#
#
# Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright 2020 Joyent, Inc.
#
. /lib/svc/share/smf_include.sh
@@ -100,7 +101,7 @@ fi
# how to modify the dump settings.
#
if [ -x /usr/sbin/dumpadm ]; then
- /usr/sbin/dumpadm -u || $SMF_EXIT_ERR_CONFIG
+ /usr/sbin/dumpadm -u || exit $SMF_EXIT_ERR_CONFIG
else
echo "WARNING: /usr/sbin/dumpadm is missing or not executable" >& 2
exit $SMF_EXIT_ERR_CONFIG
@@ -113,6 +114,11 @@ else
exit $SMF_EXIT_ERR_CONFIG
fi
+if [[ -f $DUMPADM_SAVDIR/keyfile ]]; then
+ /usr/sbin/dumpadm -k $DUMPADM_SAVDIR/keyfile || \
+ exit $SMT_EXIT_ERR_CONFIG
+fi
+
#
# If the savecore executable is absent then we're done
#
@@ -147,11 +153,15 @@ if [ "x$DUMPADM_ENABLE" != xno ]; then
mksavedir && /usr/bin/savecore $DUMPADM_SAVDIR &
fi
else
+ keyarg=""
+ [[ -f "$DUMPADM_SAVDIR/keyfile" ]] && \
+ keyarg="-k $DUMPADM_SAVDIR/keyfile"
+
#
# The dump device couldn't have been dedicated before we
# ran dumpadm, so we must execute savecore again.
#
- mksavedir && /usr/bin/savecore $DUMPADM_SAVDIR &
+ mksavedir && /usr/bin/savecore $keyarg $DUMPADM_SAVDIR &
fi
else
#
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-14 10:08:19 +0000