[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Patch for vnconfig to read key from a file

To: tech_(_at_)_openbsd_(_dot_)_org
Subject: Patch for vnconfig to read key from a file
From: "Nikolai N. Fetissov" <nickf_(_at_)_peachisland_(_dot_)_com>
Date: Sun, 18 Jul 2004 12:33:39 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The following patch enables vnconfig to read encryption
key from a file, thus making it usable for scripting.
Any input, corrections and clues are welcome.

Cheers,
- --
 nickf3

- -------------------------------------------------------------------

Index: vnconfig.8
===================================================================
RCS file: /cvs/src/usr.sbin/vnconfig/vnconfig.8,v
retrieving revision 1.20
diff -u -r1.20 vnconfig.8
- --- vnconfig.8	2004/06/20 19:16:37	1.20
+++ vnconfig.8	2004/07/18 16:12:43
@@ -44,6 +44,7 @@
 .Nm
 .Op Fl c
 .Op Fl vk
+.Op Fl f Ar key_file
 .Ar rawdev
 .Ar regular_file
 .Nm
@@ -92,6 +93,20 @@
 .It Fl k
 Associate an encryption key with the device.
 All data will be encrypted before it is written to the disk.
+The key is requested interactively. This option cannot be
+combined with
+.Nm -f .
+Encryption only works with
+.Pa svnd .
+.It Fl f
+Associate an encryption key with the device.
+All data will be encrypted before it is written to the disk.
+The key is read from
+.Ar key_file .
+At most _PASSWORD_LEN (as defined in <pwd.h>)
+characters of the first line, not including newline, are
+used for the key. This option cannot be combined with
+.Nm -k .
 Encryption only works with
 .Pa svnd .
 .It Fl l
Index: vnconfig.c
===================================================================
RCS file: /cvs/src/usr.sbin/vnconfig/vnconfig.c,v
retrieving revision 1.15
diff -u -r1.15 vnconfig.c
- --- vnconfig.c	2004/06/27 22:14:38	1.15
+++ vnconfig.c	2004/07/18 16:12:43
@@ -60,23 +60,32 @@
 #define VND_UNCONFIG	2
 #define VND_GET		3

+#define KEY_LEN (_PASSWORD_LEN+1)
+
 int verbose = 0;

 __dead void usage(void);
 int config(char *, char *, int, char *);
 int getinfo(const char *);
+char* readkey(const char *);

 int
 main(int argc, char **argv)
 {
 	int ch, rv, action = VND_CONFIG;
+	int filekey = 0;
 	char *key = NULL;

- -	while ((ch = getopt(argc, argv, "cluvk")) != -1) {
+	while ((ch = getopt(argc, argv, "cfluvk")) != -1) {
 		switch (ch) {
 		case 'c':
 			action = VND_CONFIG;
 			break;
+		case 'f':
+			if (key != NULL)
+				usage();
+			filekey = 1;
+			break;
 		case 'l':
 			action = VND_GET;
 			break;
@@ -87,6 +96,8 @@
 			verbose = 1;
 			break;
 		case 'k':
+			if (filekey)
+				usage();
 			key = getpass("Encryption key: ");
 			break;
 		default:
@@ -100,6 +111,10 @@

 	if (action == VND_CONFIG && argc == 2)
 		rv = config(argv[0], argv[1], action, key);
+	else if (filekey && action == VND_CONFIG && argc == 3 ) {
+		key = readkey(argv[0]);
+		rv  = config(argv[1], argv[2], action, key);
+	}
 	else if (action == VND_UNCONFIG && argc == 1)
 		rv = config(argv[0], NULL, action, key);
 	else if (action == VND_GET)
@@ -110,6 +125,43 @@
 	exit(rv);
 }

+char*
+readkey(const char *filename)
+{
+	static char key[KEY_LEN];
+	FILE *f;
+
+	memset(key, 0, KEY_LEN);
+	f = fopen(filename, "r");
+
+	if (f == NULL) {
+		fprintf(stderr, "failed opening keyfile %s\n", filename);
+		fflush(stdout);
+		exit(1);
+	}
+
+	if (fgets(key, KEY_LEN, f) == NULL) {
+		fprintf(stderr, "failed reading keyfile %s\n", filename);
+		fflush(stdout);
+		exit(1);
+	} else {
+		/*
+		 * remove newline if any
+		 */
+		int len = strlen(key);
+		if (len > 0 && key[len-1] == '\n')
+			key[len-1] = '\0';
+	}
+
+	fclose(f);
+
+	if (strlen(key) == 0)
+		fprintf(stderr,"WARNING: empty key from %s\n",
+		    filename);
+
+	return (key);
+}
+
 int
 getinfo(const char *vname)
 {
@@ -207,7 +259,7 @@
 	extern char *__progname;

 	(void)fprintf(stderr,
- -	    "usage: %s [-c] [-vk] rawdev regular-file\n"
+	    "usage: %s [-c] [-vk] [-f keyfile] rawdev regular-file\n"
 	    "       %s -u [-v] rawdev\n"
 	    "       %s -l [rawdev]\n", __progname, __progname, __progname);
 	exit(1);

- -------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFA+qZwVY6iReLVvUYRAmV+AJ4uCCLzeoix3q2k2h3eqYLnJGwZggCffIO4
OmWF2QrKtWMkuyPfoLzAbcA=
=aNp9
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Patch for vnconfig to read key from a file
  - From: Nikolai N. Fetissov

Prev by Date: Some more stuff to try out with locks and SMP machines
Next by Date: kbd(8)/keyboard encoding traversal question
Previous by thread: Some more stuff to try out with locks and SMP machines
Next by thread: Re: Patch for vnconfig to read key from a file
Index(es):
- Date
- Thread

Visit your host, monkey.org