Print this page
5857 add -o option to lofiadm
@@ -23,10 +23,11 @@
* Use is subject to license terms.
* Copyright 2012 Joyent, Inc. All rights reserved.
*
* Copyright 2013 Nexenta Systems, Inc. All rights reserved.
* Copyright (c) 2014 Gary Mills
+ * Copyright (c) 2016 Andrey Sokolov
*/
/*
* lofiadm - administer lofi(7d). Very simple, add and remove file<->device
* associations, and display status. All the ioctls are private between
@@ -66,11 +67,11 @@
#include <des/des_impl.h>
#include <blowfish/blowfish_impl.h>
static const char USAGE[] =
"Usage: %s [-r] -a file [ device ]\n"
- " %s [-r] -c crypto_algorithm -a file [device]\n"
+ " %s [-r] [-o] -c crypto_algorithm -a file [device]\n"
" %s [-r] -c crypto_algorithm -k raw_key_file -a file [device]\n"
" %s [-r] -c crypto_algorithm -T [token]:[manuf]:[serial]:key "
"-a file [device]\n"
" %s [-r] -c crypto_algorithm -T [token]:[manuf]:[serial]:key "
"-k wrapped_key_file -a file [device]\n"
@@ -833,11 +834,12 @@
/*
* PBE the passphrase into a raw key
*/
static void
-getkeyfromuser(mech_alias_t *cipher, char **raw_key, size_t *raw_key_sz)
+getkeyfromuser(mech_alias_t *cipher, char **raw_key, size_t *raw_key_sz,
+ boolean_t with_confirmation)
{
CK_SESSION_HANDLE sess;
CK_RV rv;
char *pass = NULL;
size_t passlen = 0;
@@ -864,11 +866,12 @@
rv = C_OpenSession(cipher->slot, CKF_SERIAL_SESSION, NULL, NULL, &sess);
if (rv != CKR_OK)
goto cleanup;
/* get user passphrase with 8 byte minimum */
- if (pkcs11_get_pass(NULL, &pass, &passlen, MIN_PASSLEN, B_TRUE) < 0) {
+ if (pkcs11_get_pass(NULL, &pass, &passlen, MIN_PASSLEN,
+ with_confirmation) < 0) {
die(gettext("passphrases do not match\n"));
}
/*
* salt should not be NULL, or else pkcs11_PasswdToKey() will
@@ -1818,10 +1821,11 @@
boolean_t compressflag = B_FALSE;
boolean_t uncompressflag = B_FALSE;
/* the next two work together for -c, -k, -T, -e options only */
boolean_t need_crypto = B_FALSE; /* if any -c, -k, -T, -e */
boolean_t cipher_only = B_TRUE; /* if -c only */
+ boolean_t with_confirmation = B_TRUE;
const char *keyfile = NULL;
mech_alias_t *cipher = NULL;
token_spec_t *token = NULL;
char *rkey = NULL;
size_t rksz = 0;
@@ -1830,11 +1834,11 @@
pname = getpname(argv[0]);
(void) setlocale(LC_ALL, "");
(void) textdomain(TEXT_DOMAIN);
- while ((c = getopt(argc, argv, "a:c:Cd:efk:o:rs:T:U")) != EOF) {
+ while ((c = getopt(argc, argv, "a:c:Cd:efk:ors:T:U")) != EOF) {
switch (c) {
case 'a':
addflag = B_TRUE;
if ((filename = realpath(optarg, realfilename)) == NULL)
die("%s", optarg);
@@ -1908,10 +1912,13 @@
cipher_only = B_FALSE; /* need to unset cipher_only */
break;
case 'U':
uncompressflag = B_TRUE;
break;
+ case 'o':
+ with_confirmation = B_FALSE;
+ break;
case '?':
default:
errflag = B_TRUE;
break;
}
@@ -1920,10 +1927,11 @@
/* Check for mutually exclusive combinations of options */
if (errflag ||
(addflag && deleteflag) ||
(rdflag && !addflag) ||
(!addflag && need_crypto) ||
+ (!with_confirmation && (!cipher_only || !need_crypto)) ||
((compressflag || uncompressflag) && (addflag || deleteflag)))
usage(pname);
/* ephemeral key, and key from either file or token are incompatible */
if (ephflag && (keyfile != NULL || token != NULL)) {
@@ -2019,11 +2027,11 @@
"mechanisms\n"));
init_crypto(token, cipher, &sess);
if (cipher_only) {
- getkeyfromuser(cipher, &rkey, &rksz);
+ getkeyfromuser(cipher, &rkey, &rksz, with_confirmation);
} else if (token != NULL) {
getkeyfromtoken(sess, token, keyfile, cipher,
&rkey, &rksz);
} else {
/* this also handles ephemeral keys */