Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sbin/cgdconfig Add '-e' option (echo the passphrase) and wip...
details: https://anonhg.NetBSD.org/src/rev/9707571e23e2
branches: trunk
changeset: 361735:9707571e23e2
user: alnsn <alnsn%NetBSD.org@localhost>
date: Wed May 09 18:11:56 2018 +0000
description:
Add '-e' option (echo the passphrase) and wipe the passphrase after use.
XXX Using memset for wiping isn't a good idea because memset is likely
optimised away by gcc. This should be revisited.
diffstat:
sbin/cgdconfig/cgdconfig.8 | 10 ++++++----
sbin/cgdconfig/cgdconfig.c | 40 +++++++++++++++++++++++++++-------------
2 files changed, 33 insertions(+), 17 deletions(-)
diffs (147 lines):
diff -r ffcd5d3d4ef4 -r 9707571e23e2 sbin/cgdconfig/cgdconfig.8
--- a/sbin/cgdconfig/cgdconfig.8 Wed May 09 17:35:03 2018 +0000
+++ b/sbin/cgdconfig/cgdconfig.8 Wed May 09 18:11:56 2018 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: cgdconfig.8,v 1.38 2018/05/09 17:35:03 wiz Exp $
+.\" $NetBSD: cgdconfig.8,v 1.39 2018/05/09 18:11:56 alnsn Exp $
.\"
.\" Copyright (c) 2002, The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -35,17 +35,17 @@
.Nd configuration utility for the cryptographic disk driver
.Sh SYNOPSIS
.Nm
-.Op Fl npv
+.Op Fl enpv
.Op Fl V Ar vmeth
.Ar cgd dev
.Op Ar paramsfile
.Nm
.Fl C
-.Op Fl npv
+.Op Fl enpv
.Op Fl f Ar configfile
.Nm
.Fl G
-.Op Fl npv
+.Op Fl enpv
.Op Fl i Ar ivmeth
.Op Fl k Ar kgmeth
.Op Fl o Ar outfile
@@ -89,6 +89,8 @@
.Bl -tag -width configfilexxxx
.It Fl C
Configure all the devices listed in the cgd configuration file.
+.It Fl e
+Echo the passphase.
.It Fl f Ar configfile
Specify the configuration file explicitly, rather than using the default
configuration file
diff -r ffcd5d3d4ef4 -r 9707571e23e2 sbin/cgdconfig/cgdconfig.c
--- a/sbin/cgdconfig/cgdconfig.c Wed May 09 17:35:03 2018 +0000
+++ b/sbin/cgdconfig/cgdconfig.c Wed May 09 18:11:56 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.45 2018/05/09 14:27:41 kre Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.46 2018/05/09 18:11:56 alnsn Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.45 2018/05/09 14:27:41 kre Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.46 2018/05/09 18:11:56 alnsn Exp $");
#endif
#include <err.h>
@@ -89,8 +89,10 @@
/* if pflag is set to PFLAG_STDIN read from stdin rather than getpass(3) */
-#define PFLAG_GETPASS 0x01
-#define PFLAG_STDIN 0x02
+#define PFLAG_GETPASS 0x01
+#define PFLAG_GETPASS_ECHO 0x02
+#define PFLAG_GETPASS_MASK 0x03
+#define PFLAG_STDIN 0x04
int pflag = PFLAG_GETPASS;
static int configure(int, char **, struct params *, int);
@@ -136,11 +138,11 @@
usage(void)
{
- (void)fprintf(stderr, "usage: %s [-npv] [-V vmeth] cgd dev "
+ (void)fprintf(stderr, "usage: %s [-enpv] [-V vmeth] cgd dev "
"[paramsfile]\n", getprogname());
- (void)fprintf(stderr, " %s -C [-npv] [-f configfile]\n",
+ (void)fprintf(stderr, " %s -C [-enpv] [-f configfile]\n",
getprogname());
- (void)fprintf(stderr, " %s -G [-npv] [-i ivmeth] [-k kgmeth] "
+ (void)fprintf(stderr, " %s -G [-enpv] [-i ivmeth] [-k kgmeth] "
"[-o outfile] paramsfile\n", getprogname());
(void)fprintf(stderr, " %s -g [-nv] [-i ivmeth] [-k kgmeth] "
"[-o outfile] alg [keylen]\n", getprogname());
@@ -201,7 +203,7 @@
p = params_new();
kg = NULL;
- while ((ch = getopt(argc, argv, "CGUV:b:f:gi:k:lno:spuv")) != -1)
+ while ((ch = getopt(argc, argv, "CGUV:b:ef:gi:k:lno:spuv")) != -1)
switch (ch) {
case 'C':
set_action(&action, ACTION_CONFIGALL);
@@ -230,6 +232,9 @@
p = params_combine(p, tp);
}
break;
+ case 'e':
+ pflag = PFLAG_GETPASS_ECHO;
+ break;
case 'f':
if (cfile)
usage();
@@ -377,12 +382,17 @@
maybe_getpass(char *prompt)
{
char buf[1024];
- char *p = buf;
- char *tmp;
+ char *p = NULL;
+ char *tmp, *pass;
switch (pflag) {
case PFLAG_GETPASS:
- p = getpass(prompt);
+ p = getpass_r(prompt, buf, sizeof(buf));
+ break;
+
+ case PFLAG_GETPASS_ECHO:
+ p = getpassfd(prompt, buf, sizeof(buf), NULL,
+ GETPASS_ECHO|GETPASS_ECHO_NL|GETPASS_NEED_TTY, 0);
break;
case PFLAG_STDIN:
@@ -401,7 +411,10 @@
if (!p)
err(EXIT_FAILURE, "failed to read passphrase");
- return estrdup(p);
+ pass = estrdup(p);
+ memset(buf, 0, sizeof(buf));
+
+ return pass;
}
/*ARGSUSED*/
@@ -422,7 +435,8 @@
char buf[1024];
u_int8_t *tmp;
- snprintf(buf, sizeof(buf), "%s's passphrase:", target);
+ snprintf(buf, sizeof(buf), "%s's passphrase%s:", target,
+ pflag & PFLAG_GETPASS_ECHO ? " (echo)" : "");
passp = maybe_getpass(buf);
if (pkcs5_pbkdf2(&tmp, BITS2BYTES(keylen), (uint8_t *)passp,
strlen(passp),
Home |
Main Index |
Thread Index |
Old Index