Print this page
5857 add -o option to lofiadm
*** 23,32 ****
--- 23,33 ----
* Use is subject to license terms.
* Copyright 2012 Joyent, Inc. All rights reserved.
*
* Copyright 2013 Nexenta Systems, Inc. All rights reserved.
* Copyright (c) 2014 Gary Mills
+ * Copyright (c) 2016 Andrey Sokolov
*/
/*
* lofiadm - administer lofi(7d). Very simple, add and remove file<->device
* associations, and display status. All the ioctls are private between
*** 66,76 ****
#include <des/des_impl.h>
#include <blowfish/blowfish_impl.h>
static const char USAGE[] =
"Usage: %s [-r] -a file [ device ]\n"
! " %s [-r] -c crypto_algorithm -a file [device]\n"
" %s [-r] -c crypto_algorithm -k raw_key_file -a file [device]\n"
" %s [-r] -c crypto_algorithm -T [token]:[manuf]:[serial]:key "
"-a file [device]\n"
" %s [-r] -c crypto_algorithm -T [token]:[manuf]:[serial]:key "
"-k wrapped_key_file -a file [device]\n"
--- 67,77 ----
#include <des/des_impl.h>
#include <blowfish/blowfish_impl.h>
static const char USAGE[] =
"Usage: %s [-r] -a file [ device ]\n"
! " %s [-r] [-o] -c crypto_algorithm -a file [device]\n"
" %s [-r] -c crypto_algorithm -k raw_key_file -a file [device]\n"
" %s [-r] -c crypto_algorithm -T [token]:[manuf]:[serial]:key "
"-a file [device]\n"
" %s [-r] -c crypto_algorithm -T [token]:[manuf]:[serial]:key "
"-k wrapped_key_file -a file [device]\n"
*** 833,843 ****
/*
* PBE the passphrase into a raw key
*/
static void
! getkeyfromuser(mech_alias_t *cipher, char **raw_key, size_t *raw_key_sz)
{
CK_SESSION_HANDLE sess;
CK_RV rv;
char *pass = NULL;
size_t passlen = 0;
--- 834,845 ----
/*
* PBE the passphrase into a raw key
*/
static void
! getkeyfromuser(mech_alias_t *cipher, char **raw_key, size_t *raw_key_sz,
! boolean_t with_confirmation)
{
CK_SESSION_HANDLE sess;
CK_RV rv;
char *pass = NULL;
size_t passlen = 0;
*** 864,874 ****
rv = C_OpenSession(cipher->slot, CKF_SERIAL_SESSION, NULL, NULL, &sess);
if (rv != CKR_OK)
goto cleanup;
/* get user passphrase with 8 byte minimum */
! if (pkcs11_get_pass(NULL, &pass, &passlen, MIN_PASSLEN, B_TRUE) < 0) {
die(gettext("passphrases do not match\n"));
}
/*
* salt should not be NULL, or else pkcs11_PasswdToKey() will
--- 866,877 ----
rv = C_OpenSession(cipher->slot, CKF_SERIAL_SESSION, NULL, NULL, &sess);
if (rv != CKR_OK)
goto cleanup;
/* get user passphrase with 8 byte minimum */
! if (pkcs11_get_pass(NULL, &pass, &passlen, MIN_PASSLEN,
! with_confirmation) < 0) {
die(gettext("passphrases do not match\n"));
}
/*
* salt should not be NULL, or else pkcs11_PasswdToKey() will
*** 1818,1827 ****
--- 1821,1831 ----
boolean_t compressflag = B_FALSE;
boolean_t uncompressflag = B_FALSE;
/* the next two work together for -c, -k, -T, -e options only */
boolean_t need_crypto = B_FALSE; /* if any -c, -k, -T, -e */
boolean_t cipher_only = B_TRUE; /* if -c only */
+ boolean_t with_confirmation = B_TRUE;
const char *keyfile = NULL;
mech_alias_t *cipher = NULL;
token_spec_t *token = NULL;
char *rkey = NULL;
size_t rksz = 0;
*** 1830,1840 ****
pname = getpname(argv[0]);
(void) setlocale(LC_ALL, "");
(void) textdomain(TEXT_DOMAIN);
! while ((c = getopt(argc, argv, "a:c:Cd:efk:o:rs:T:U")) != EOF) {
switch (c) {
case 'a':
addflag = B_TRUE;
if ((filename = realpath(optarg, realfilename)) == NULL)
die("%s", optarg);
--- 1834,1844 ----
pname = getpname(argv[0]);
(void) setlocale(LC_ALL, "");
(void) textdomain(TEXT_DOMAIN);
! while ((c = getopt(argc, argv, "a:c:Cd:efk:ors:T:U")) != EOF) {
switch (c) {
case 'a':
addflag = B_TRUE;
if ((filename = realpath(optarg, realfilename)) == NULL)
die("%s", optarg);
*** 1908,1917 ****
--- 1912,1924 ----
cipher_only = B_FALSE; /* need to unset cipher_only */
break;
case 'U':
uncompressflag = B_TRUE;
break;
+ case 'o':
+ with_confirmation = B_FALSE;
+ break;
case '?':
default:
errflag = B_TRUE;
break;
}
*** 1920,1929 ****
--- 1927,1937 ----
/* Check for mutually exclusive combinations of options */
if (errflag ||
(addflag && deleteflag) ||
(rdflag && !addflag) ||
(!addflag && need_crypto) ||
+ (!with_confirmation && (!cipher_only || !need_crypto)) ||
((compressflag || uncompressflag) && (addflag || deleteflag)))
usage(pname);
/* ephemeral key, and key from either file or token are incompatible */
if (ephflag && (keyfile != NULL || token != NULL)) {
*** 2019,2029 ****
"mechanisms\n"));
init_crypto(token, cipher, &sess);
if (cipher_only) {
! getkeyfromuser(cipher, &rkey, &rksz);
} else if (token != NULL) {
getkeyfromtoken(sess, token, keyfile, cipher,
&rkey, &rksz);
} else {
/* this also handles ephemeral keys */
--- 2027,2037 ----
"mechanisms\n"));
init_crypto(token, cipher, &sess);
if (cipher_only) {
! getkeyfromuser(cipher, &rkey, &rksz, with_confirmation);
} else if (token != NULL) {
getkeyfromtoken(sess, token, keyfile, cipher,
&rkey, &rksz);
} else {
/* this also handles ephemeral keys */