1. 11 Oct, 2016 2 commits
    • Steven Murray's avatar
      Deleted mediachanger dir from castor dir · b38715e6
      Steven Murray authored
    • Victor Kotlyar's avatar
      Ported commits from castor/master for Encryption: · 1a3812e0
      Victor Kotlyar authored
        CASTOR-5350: Introduce encryption SCSI commands in tape drive
        Implementation of two methods:
          * setEncryptionKey(key): Sets encryption params to drive.
          * clearEncryptionKey: Clears encryption params from drive.
        Added support for an interface script that will setup drive
        encryption per tape
        Migrate TapeWriteSingleThread::TapeCleaning::~TapeCleaning() body to
        CASTOR-5350: Refactor support for only external key management script
        Merge branch 'encryption_backend' into 'master'
        CASTOR-5350: Encryption backend
        ## Description
          The aim of this merge request is to incorporate encryption support
          into CASTOR.
          The proposed changes are to be used in conjunction with the
          The **aim** is to enable encryption in specific tape pools of
        ## Changes
          * Introduce encryption SCSI backend to DriveGeneric.
          * Introduce encryption control wrapper
          * (`castor/tape/tapeserver/daemon/EncryptionControl`) for
          * abstracting the two sub-components of:
            * Calling the `ExternalEncryptionKeyScript`,
            * Calling the equivalent DriveGeneric function for
            * passing/clearing the encryption parameters to/from the drive.
          * Add new configuration option in `castor.conf` for the external key
          * management script.
          * Create a Subprocess wrapper for executing external commands as
          * CASTOR children (`castor/server/Subprocess.{h,c}pp`).
          * Incorporate encryption handling in the:
            * DataTransferSession
            * LabelSession
            * CleanerSession
          * Add encryption control timer in the task Watchdog.
        See merge request !1
        Clear encryption key only when encryption enabled
        Changes include:
          - Making EncryptionControl stateful
          - Calling clearEncryptionKey on the drive only when encryption is
        Also includes a minor duplicate code fix on DriveGeneric.
        Merge branch 'encryption_changes' into 'master'
        Clear encryption key only when encryption enabled
        ## Description
          Changes include:
          - Making EncryptionControl stateful
          - Calling `clearEncryptionKey()` on the drive only when encryption
            is on.
          Also includes a minor duplicate code fix on **DriveGeneric.cpp**.
        See merge request !2
        Check if the drive has encryption capability enabled:
          * Add isEncryptionCapEnabled() vendor-specific function
          * Check isEncryptionCapEnabled() before passing encryption params
          * Check isEncryptionCapEnabled() before clearing encryption params
          * Clear encryption key before unencrypted I/O
        Merge branch 'encryption_capability_enabled' into 'master'
        Drive encryption capabilities inclusion
        ## Description
          The aim of this merge request is to address issues related to
          encryption on drive without the encryption capability enabled.
          More specifically:
            * It introduces a vendor-specific way of identifying if the drive
            * has encryption capability enabled
            * **IBM**: Through the SPIN index SCSI page
            * **Oracle**: Through the general INQUIRY SCSI page
            * If the data to be written are to be encrypted, an additional check
            * of the encryption capability of the drive is made. In case of
            * encrypted data, but no encryption capability, the session fails.
            In essence, all encryption related operations are made modulo the
          encryption capability of the drive.
            Last, in case of unencrypted I/O, we clear the keys of the drive (if
          encryption capable) to avoid encrypted data with previous keys on
          CASTOR's system failure.
        ## Testing
          Before the merge request's submission, the following tests were
            On drives with **encryption capability enabled**:
              * Label session
              * Label with previously set encryption key
              * Write without encryption
              * Read without encryption
              * Write with encryption
              * Read with encryption
              * Write with previously set encryption key
              * Read with previously set encryption key
            On drive with **encryption cabability disabled**:
              * Label session
              * Write without encryption
              * Read without encryption
              * Write with encryption - session **should** fail
              * Read with encryption - session **should** fail
          See merge request !3
        Secure session against invalid encryption script output
        Changes in encryption workflow
          - VMGR tag is updated only on write operations
          - Empty key signifies no encryption
        Minor encryption log enhancements
          * Error line in Read/Write session with ErrorMesage key
          * Fix for delimiter in the end of arguments in argsToString()
        Merging in improvements on tape encryption support.
        Removed nullptr which is not supported in SLC6's gcc.
        Added automatic deletion of json objects in
        Fix log typo
  2. 09 Sep, 2016 2 commits
  3. 01 Sep, 2016 1 commit
  4. 29 Aug, 2016 1 commit
  5. 24 Aug, 2016 1 commit
  6. 18 Aug, 2016 1 commit
  7. 25 Feb, 2016 2 commits
  8. 24 Feb, 2016 2 commits
  9. 03 Feb, 2016 1 commit
  10. 06 Aug, 2015 1 commit
  11. 24 Jul, 2015 1 commit
  12. 16 Jul, 2015 2 commits
  13. 15 Jul, 2015 2 commits
  14. 18 Mar, 2015 1 commit
  15. 16 Dec, 2014 2 commits
  16. 02 Dec, 2014 1 commit
  17. 18 Nov, 2014 2 commits
  18. 14 Nov, 2014 1 commit
  19. 11 Nov, 2014 1 commit
  20. 24 Oct, 2014 2 commits
  21. 08 Oct, 2014 1 commit
  22. 06 Oct, 2014 1 commit
  23. 03 Oct, 2014 3 commits
  24. 29 Sep, 2014 1 commit
  25. 25 Sep, 2014 2 commits
  26. 24 Sep, 2014 2 commits
  27. 22 Sep, 2014 1 commit
    • Steven Murray's avatar
      Removed false/emulated nameserver check from LabelSession · e5ef6bdf
      Steven Murray authored
      It was planned to have the LabelSession of the new tapeserverd
      daemon check that a tape being labeled was empty with respect to
      the CASTOR namespace.  This feature, which currently does not
      exist within either rtcpd or taped has turned out to be more
      difficult to implement than expected.  This new additional feature
      is therefore being dropped before it gets released.