doveadm: add doveadm dump dcrypt-file

diff --git a/doc/man/doveadm-dump.1.in b/doc/man/doveadm-dump.1.in
index c0a1a976bee761ca02f942fde937a17f93cd58f4..a6b7b2d5116672061a0dd529888a94dd4bfcec77 100644 (file)
--- a/doc/man/doveadm-dump.1.in
+++ b/doc/man/doveadm-dump.1.in
@@ -55,6 +55,9 @@ directory
 Uncompress an IMAP traffic log, which contains data compressed using the
 IMAP COMPRESSION extension.
 .TP
+.B dcrypt-file
+Dump metadata of a dcrypt encrypted file.
+.TP
 .B index
 \(rA dovecot.index, dovecot.map.index
 .TP

diff --git a/src/doveadm/Makefile.am b/src/doveadm/Makefile.am
index e11256d1794a21958a5c8a84067204732558804b..80ddebf20cd8cb105500e8c817f2bce2e90cf647 100644 (file)
--- a/src/doveadm/Makefile.am
+++ b/src/doveadm/Makefile.am
@@ -22,6 +22,7 @@ AM_CPPFLAGS = \
        -I$(top_srcdir)/src/lib-storage \
        -I$(top_srcdir)/src/lib-imap-storage \
        -I$(top_srcdir)/src/lib-http \
+       -I$(top_srcdir)/src/lib-dcrypt \
        -I$(top_srcdir)/src/auth \
        -DMODULEDIR=\""$(moduledir)"\" \
        -DAUTH_MODULE_DIR=\""$(moduledir)/auth"\" \
@@ -116,6 +117,7 @@ doveadm_common_dump_cmds = \
        doveadm-dump-log.c \
        doveadm-dump-mailboxlog.c \
        doveadm-dump-thread.c \
+       doveadm-dump-dcrypt-file.c \
        doveadm-zlib.c
 
 common = \

diff --git a/src/doveadm/doveadm-dump-dcrypt-file.c b/src/doveadm/doveadm-dump-dcrypt-file.c
new file mode 100644 (file)
index 0000000..345868f
--- /dev/null
+++ b/src/doveadm/doveadm-dump-dcrypt-file.c
@@ -0,0 +1,92 @@
+/* Copyright (c) 2016 Dovecot authors, see the included COPYING file */
+
+#include "lib.h"
+#include "dcrypt.h"
+#include "istream.h"
+#include "istream-decrypt.h"
+#include "dcrypt-iostream.h"
+#include "doveadm-dump.h"
+#include <stdio.h>
+
+static int get_digest(const char *digest,
+               struct dcrypt_private_key **priv_key_r ATTR_UNUSED,
+               const char **error_r ATTR_UNUSED,
+               void *context)
+{
+       const char **digest_r = (const char**)context;
+       *digest_r = t_strdup(digest);
+       return 0;
+}
+
+static void dcrypt_istream_dump_metadata(const struct istream *stream)
+{
+       enum io_stream_encrypt_flags flags = i_stream_encrypt_get_flags(stream);
+       if ((flags & IO_STREAM_ENC_INTEGRITY_HMAC) != 0)
+               printf("flags: IO_STREAM_ENC_INTEGRITY_HMAC\n");
+       if ((flags & IO_STREAM_ENC_INTEGRITY_AEAD) != 0)
+               printf("flags: IO_STREAM_ENC_INTEGRITY_AEAD\n");
+       if ((flags & IO_STREAM_ENC_INTEGRITY_NONE) != 0)
+               printf("flags: IO_STREAM_ENC_INTEGRITY_NONE\n");
+       if ((flags & IO_STREAM_ENC_VERSION_1) != 0)
+               printf("flags: IO_STREAM_ENC_VERSION_1\n");
+
+       enum decrypt_istream_format format = i_stream_encrypt_get_format(stream);
+       switch (format) {
+       case DECRYPT_FORMAT_V1:
+               printf("format: DECRYPT_FORMAT_V1\n");
+               break;
+       case DECRYPT_FORMAT_V2:
+               printf("format: DECRYPT_FORMAT_V2\n");
+               break;
+       }
+}
+
+static int dcrypt_file_dump_metadata(const char *filename, bool print)
+{
+       bool ret = FALSE;
+       struct istream *is = i_stream_create_file(filename, IO_BLOCK_SIZE);
+       const char *key_digest = NULL;
+       struct istream *ds = i_stream_create_decrypt_callback(is,
+                       get_digest, &key_digest);
+
+       ssize_t size = i_stream_read(ds);
+       i_assert(size < 0);
+
+       if (key_digest != NULL) {
+               ret = TRUE;
+               if (print) {
+                       dcrypt_istream_dump_metadata(ds);
+                       printf("decrypt key digest: %s\n", key_digest);
+               }
+       } else if (print) {
+               i_error("%s", i_stream_get_error(ds));
+       }
+
+       i_stream_unref(&ds);
+       i_stream_unref(&is);
+       return ret;
+}
+
+static bool test_dump_dcrypt_file(const char *path)
+{
+       if (!dcrypt_initialize("openssl", NULL, NULL))
+               return FALSE;
+       bool ret = dcrypt_file_dump_metadata(path, FALSE);
+       dcrypt_deinitialize();
+       return ret;
+}
+
+static void cmd_dump_dcrypt_file(int argc ATTR_UNUSED, char *argv[])
+{
+       const char *error = NULL;
+       if (!dcrypt_initialize("openssl", NULL, &error))
+               i_fatal("dcrypt_initialize: %s", error);
+       (void)dcrypt_file_dump_metadata(argv[1], TRUE);
+       dcrypt_deinitialize();
+}
+
+struct doveadm_cmd_dump doveadm_cmd_dump_dcrypt_file = {
+       "dcrypt-file",
+       test_dump_dcrypt_file,
+       cmd_dump_dcrypt_file
+};

diff --git a/src/doveadm/doveadm-dump.c b/src/doveadm/doveadm-dump.c
index de45ddf8f826febc2f5175d17ccf2a160c403e3a..a90b20340ee228da44b47891b54978270ecc42bd 100644 (file)
--- a/src/doveadm/doveadm-dump.c
+++ b/src/doveadm/doveadm-dump.c
@@ -87,7 +87,8 @@ static const struct doveadm_cmd_dump *dumps_builtin[] = {
        &doveadm_cmd_dump_log,
        &doveadm_cmd_dump_mailboxlog,
        &doveadm_cmd_dump_thread,
-       &doveadm_cmd_dump_zlib
+       &doveadm_cmd_dump_zlib,
+       &doveadm_cmd_dump_dcrypt_file
 };
 
 void print_dump_types(void)

diff --git a/src/doveadm/doveadm-dump.h b/src/doveadm/doveadm-dump.h
index b51bd1d2a1e4c1d0bd279ac71d6b6de77d64abbd..cff366ec71fd3768a88891ea674d1b5512301dd4 100644 (file)
--- a/src/doveadm/doveadm-dump.h
+++ b/src/doveadm/doveadm-dump.h
@@ -15,6 +15,7 @@ extern struct doveadm_cmd_dump doveadm_cmd_dump_log;
 extern struct doveadm_cmd_dump doveadm_cmd_dump_mailboxlog;
 extern struct doveadm_cmd_dump doveadm_cmd_dump_thread;
 extern struct doveadm_cmd_dump doveadm_cmd_dump_zlib;
+extern struct doveadm_cmd_dump doveadm_cmd_dump_dcrypt_file;
 
 void doveadm_dump_register(const struct doveadm_cmd_dump *dump);