From 51dd2762a9bfb637a659d26e462101dd1d63bae2 Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Thu, 10 Jan 2019 14:52:49 +0100 Subject: [PATCH] Add --debug-json switch and log level. The JSON structures should not be printed by default to debug log. This flag introduces new debug level that prints JSON structures and keeps default debug output separate. --- lib/libcryptsetup.h | 4 ++++ lib/luks2/luks2_digest_pbkdf2.c | 2 +- lib/luks2/luks2_json_format.c | 2 +- lib/luks2/luks2_json_metadata.c | 5 ++--- lib/luks2/luks2_keyslot_luks2.c | 2 +- man/cryptsetup.8 | 3 ++- src/cryptsetup.c | 6 ++++-- src/cryptsetup.h | 1 + src/utils_tools.c | 2 ++ tests/test_utils.c | 2 +- 10 files changed, 19 insertions(+), 10 deletions(-) diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h index f1cd6e40..fb839543 100644 --- a/lib/libcryptsetup.h +++ b/lib/libcryptsetup.h @@ -189,6 +189,8 @@ int crypt_set_data_offset(struct crypt_device *cd, uint64_t data_offset); #define CRYPT_LOG_VERBOSE 2 /** debug log level - always on stdout */ #define CRYPT_LOG_DEBUG -1 +/** debug log level - additional JSON output (for LUKS2) */ +#define CRYPT_LOG_DEBUG_JSON -2 /** * Set log function. @@ -1726,6 +1728,8 @@ int crypt_header_restore(struct crypt_device *cd, /** Debug all */ #define CRYPT_DEBUG_ALL -1 +/** Debug all with adidtional JSON dump (for LUKS2) */ +#define CRYPT_DEBUG_JSON -2 /** Debug none */ #define CRYPT_DEBUG_NONE 0 diff --git a/lib/luks2/luks2_digest_pbkdf2.c b/lib/luks2/luks2_digest_pbkdf2.c index 03a5afa9..8f1e8d10 100644 --- a/lib/luks2/luks2_digest_pbkdf2.c +++ b/lib/luks2/luks2_digest_pbkdf2.c @@ -166,7 +166,7 @@ static int PBKDF2_digest_store(struct crypt_device *cd, if (jobj_digests) json_object_object_add_by_uint(jobj_digests, digest, jobj_digest); - JSON_DBG(cd, jobj_digest, "Digest JSON"); + JSON_DBG(cd, jobj_digest, "Digest JSON:"); return 0; } diff --git a/lib/luks2/luks2_json_format.c b/lib/luks2/luks2_json_format.c index bce6e9b4..313e9f51 100644 --- a/lib/luks2/luks2_json_format.c +++ b/lib/luks2/luks2_json_format.c @@ -233,7 +233,7 @@ int LUKS2_generate_hdr( json_object_object_add(jobj_config, "json_size", json_object_new_uint64(metadata_size - LUKS2_HDR_BIN_LEN)); json_object_object_add(jobj_config, "keyslots_size", json_object_new_uint64(keyslots_size)); - JSON_DBG(cd, hdr->jobj, "Header JSON"); + JSON_DBG(cd, hdr->jobj, "Header JSON:"); return 0; } diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c index 0d40e9f3..e0fc8136 100644 --- a/lib/luks2/luks2_json_metadata.c +++ b/lib/luks2/luks2_json_metadata.c @@ -56,10 +56,9 @@ void hexprint_base64(struct crypt_device *cd, json_object *jobj, void JSON_DBG(struct crypt_device *cd, json_object *jobj, const char *desc) { - /* FIXME: make this conditional and disable for stable release. */ if (desc) - log_dbg(cd, "%s:", desc); - log_dbg(cd, "%s", json_object_to_json_string_ext(jobj, + crypt_log(cd, CRYPT_LOG_DEBUG_JSON, desc); + crypt_log(cd, CRYPT_LOG_DEBUG_JSON, json_object_to_json_string_ext(jobj, JSON_C_TO_STRING_PRETTY | JSON_C_TO_STRING_NOSLASHESCAPE)); } diff --git a/lib/luks2/luks2_keyslot_luks2.c b/lib/luks2/luks2_keyslot_luks2.c index 96ba6bcd..d7f066d7 100644 --- a/lib/luks2/luks2_keyslot_luks2.c +++ b/lib/luks2/luks2_keyslot_luks2.c @@ -440,7 +440,7 @@ static int luks2_keyslot_update_json(struct crypt_device *cd, /* update 'af' hash */ json_object_object_add(jobj_af, "hash", json_object_new_string(params->af.luks1.hash)); - JSON_DBG(cd, jobj_keyslot, "Keyslot JSON"); + JSON_DBG(cd, jobj_keyslot, "Keyslot JSON:"); return 0; } diff --git a/man/cryptsetup.8 b/man/cryptsetup.8 index 95f24ad3..d945554c 100644 --- a/man/cryptsetup.8 +++ b/man/cryptsetup.8 @@ -740,9 +740,10 @@ If you are configuring kernel yourself, enable .B "\-\-verbose, \-v" Print more information on command execution. .TP -.B "\-\-debug" +.B "\-\-debug or \-\-debug\-json" Run in debug mode with full diagnostic logs. Debug output lines are always prefixed by '#'. +If \-\-debug\-json is used, additional LUKS2 JSON data structures are printed. .TP .B "\-\-type Specifies required device type, for more info diff --git a/src/cryptsetup.c b/src/cryptsetup.c index 08fa4f1e..13461b2b 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -2497,6 +2497,7 @@ int main(int argc, const char **argv) { "version", '\0', POPT_ARG_NONE, &opt_version_mode, 0, N_("Print package version"), NULL }, { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL }, { "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL }, + { "debug-json", '\0', POPT_ARG_NONE, &opt_debug_json, 0, N_("Show debug messages including JSON metadata"), NULL }, { "cipher", 'c', POPT_ARG_STRING, &opt_cipher, 0, N_("The cipher used to encrypt the disk (see /proc/crypto)"), NULL }, { "hash", 'h', POPT_ARG_STRING, &opt_hash, 0, N_("The hash used to create the encryption key from the passphrase"), NULL }, { "verify-passphrase", 'y', POPT_ARG_NONE, &opt_verify_passphrase, 0, N_("Verifies the passphrase by asking for it twice"), NULL }, @@ -2934,9 +2935,10 @@ int main(int argc, const char **argv) _("Option --refresh may be used only with open action.\n"), poptGetInvocationName(popt_context)); - if (opt_debug) { + if (opt_debug || opt_debug_json) { + opt_debug = 1; opt_verbose = 1; - crypt_set_debug_level(CRYPT_DEBUG_ALL); + crypt_set_debug_level(opt_debug_json? CRYPT_DEBUG_JSON : CRYPT_DEBUG_ALL); dbg_version_and_cmd(argc, argv); } diff --git a/src/cryptsetup.h b/src/cryptsetup.h index 60128ce7..b6694144 100644 --- a/src/cryptsetup.h +++ b/src/cryptsetup.h @@ -57,6 +57,7 @@ #define DEFAULT_WIPE_BLOCK 1048576 /* 1 MiB */ extern int opt_debug; +extern int opt_debug_json; extern int opt_verbose; extern int opt_batch_mode; extern int opt_force_password; diff --git a/src/utils_tools.c b/src/utils_tools.c index 63817b7a..b6271b07 100644 --- a/src/utils_tools.c +++ b/src/utils_tools.c @@ -27,6 +27,7 @@ int opt_verbose = 0; int opt_debug = 0; +int opt_debug_json = 0; int opt_batch_mode = 0; int opt_progress_frequency = 0; @@ -112,6 +113,7 @@ void tool_log(int level, const char *msg, void *usrptr __attribute__((unused))) case CRYPT_LOG_ERROR: fprintf(stderr, "%s", msg); break; + case CRYPT_LOG_DEBUG_JSON: case CRYPT_LOG_DEBUG: if (opt_debug) fprintf(stdout, "# %s\n", msg); diff --git a/tests/test_utils.c b/tests/test_utils.c index 1e5dd669..060253ed 100644 --- a/tests/test_utils.c +++ b/tests/test_utils.c @@ -263,7 +263,7 @@ void global_log_callback(int level, const char *msg, void *usrptr) fprintf(stdout, "%s", msg); } - if (level == CRYPT_LOG_DEBUG) + if (level <= CRYPT_LOG_DEBUG) return; strncat(global_log, msg, sizeof(global_log) - strlen(global_log));