diff options
author | Chris Kuethe <ckuethe@cvs.openbsd.org> | 2010-12-01 19:40:19 +0000 |
---|---|---|
committer | Chris Kuethe <ckuethe@cvs.openbsd.org> | 2010-12-01 19:40:19 +0000 |
commit | cdfeaea1c8fd5507c7968785797db0f959868ffe (patch) | |
tree | 4e4388a8d07764257fbbc587915a6f649c4c327f | |
parent | 94350de7609351938d5996faf0c521db72d6da9b (diff) |
Allow add a -s switch to make bioctl read the passphrase from stdin. Handy
for scripting a big batch of remote unlocks. ok marco
-rw-r--r-- | sbin/bioctl/bioctl.8 | 11 | ||||
-rw-r--r-- | sbin/bioctl/bioctl.c | 22 |
2 files changed, 21 insertions, 12 deletions
diff --git a/sbin/bioctl/bioctl.8 b/sbin/bioctl/bioctl.8 index 6c9e792613e..2cbfae9ff34 100644 --- a/sbin/bioctl/bioctl.8 +++ b/sbin/bioctl/bioctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bioctl.8,v 1.82 2010/11/20 17:46:24 stsp Exp $ +.\" $OpenBSD: bioctl.8,v 1.83 2010/12/01 19:40:18 ckuethe Exp $ .\" .\" Copyright (c) 2004, 2005 Marco Peereboom .\" @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: November 20 2010 $ +.Dd $Mdocdate: December 1 2010 $ .Dt BIOCTL 8 .Os .Sh NAME @@ -43,7 +43,7 @@ .Pp .Nm bioctl .Bk -words -.Op Fl dhiPqv +.Op Fl dhiPqsv .Op Fl C Ar flag[,flag,...] .Op Fl c Ar raidlevel .Op Fl k Ar keydisk @@ -235,6 +235,11 @@ the PBKDF2 algorithm used to convert a passphrase into a key. Higher iteration counts take more time, but offer more resistance to key guessing attacks. The minimum is 1000 rounds and the default is 8192. +.It Fl s +Read the passphrase for the selected crypto volume from +.Pa /dev/stdin +rather than +.Pa /dev/tty . .El .Sh EXAMPLES The following command, executed from the command line, would configure diff --git a/sbin/bioctl/bioctl.c b/sbin/bioctl/bioctl.c index d2db929c7f2..78a41b98fe4 100644 --- a/sbin/bioctl/bioctl.c +++ b/sbin/bioctl/bioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bioctl.c,v 1.97 2010/07/10 02:56:16 matthew Exp $ */ +/* $OpenBSD: bioctl.c,v 1.98 2010/12/01 19:40:18 ckuethe Exp $ */ /* * Copyright (c) 2004, 2005 Marco Peereboom @@ -86,6 +86,7 @@ int rflag = 8192; char *password; struct bio_locate bl; +int rpp_flag = RPP_REQUIRE_TTY; int main(int argc, char *argv[]) @@ -106,7 +107,7 @@ main(int argc, char *argv[]) if (argc < 2) usage(); - while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:Pp:qr:R:vu:")) != + while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:Pp:qr:R:svu:")) != -1) { switch (ch) { case 'a': /* alarm */ @@ -174,6 +175,9 @@ main(int argc, char *argv[]) ss_func = BIOC_SSREBUILD; al_arg = optarg; break; + case 's': + rpp_flag = RPP_STDIN; + break; case 'v': verbose = 1; break; @@ -252,12 +256,12 @@ usage(void) "[-R device | channel:target[.lun]\n" "\t[-u channel:target[.lun]] " "device\n" - " %s [-dhiPqv] " - "[-C flag[,flag,...]] [-c raidlevel] [-k keydisk]\n" - "\t[-l special[,special,...]] [-p passfile]\n" - "\t[-R device | channel:target[.lun] [-r rounds] " + " %s [-dhiPqsv] " + "[-C flag[,flag,...]] [-c raidlevel] [-k keydisk]\n" + "\t[-l special[,special,...]] [-p passfile]\n" + "\t[-R device | channel:target[.lun] [-r rounds] " "device\n", __progname, __progname); - + exit(1); } @@ -1070,14 +1074,14 @@ derive_key_pkcs(int rounds, u_int8_t *key, size_t keysz, u_int8_t *salt, fclose(f); } else { if (readpassphrase(prompt, passphrase, sizeof(passphrase), - RPP_REQUIRE_TTY) == NULL) + rpp_flag) == NULL) errx(1, "unable to read passphrase"); } if (verify) { /* request user to re-type it */ if (readpassphrase("Re-type passphrase: ", verifybuf, - sizeof(verifybuf), RPP_REQUIRE_TTY) == NULL) { + sizeof(verifybuf), rpp_flag) == NULL) { memset(passphrase, 0, sizeof(passphrase)); errx(1, "unable to read passphrase"); } |