summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChris Kuethe <ckuethe@cvs.openbsd.org>2010-12-01 19:40:19 +0000
committerChris Kuethe <ckuethe@cvs.openbsd.org>2010-12-01 19:40:19 +0000
commitcdfeaea1c8fd5507c7968785797db0f959868ffe (patch)
tree4e4388a8d07764257fbbc587915a6f649c4c327f
parent94350de7609351938d5996faf0c521db72d6da9b (diff)
Allow add a -s switch to make bioctl read the passphrase from stdin. Handy
for scripting a big batch of remote unlocks. ok marco
-rw-r--r--sbin/bioctl/bioctl.811
-rw-r--r--sbin/bioctl/bioctl.c22
2 files changed, 21 insertions, 12 deletions
diff --git a/sbin/bioctl/bioctl.8 b/sbin/bioctl/bioctl.8
index 6c9e792613e..2cbfae9ff34 100644
--- a/sbin/bioctl/bioctl.8
+++ b/sbin/bioctl/bioctl.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: bioctl.8,v 1.82 2010/11/20 17:46:24 stsp Exp $
+.\" $OpenBSD: bioctl.8,v 1.83 2010/12/01 19:40:18 ckuethe Exp $
.\"
.\" Copyright (c) 2004, 2005 Marco Peereboom
.\"
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd $Mdocdate: November 20 2010 $
+.Dd $Mdocdate: December 1 2010 $
.Dt BIOCTL 8
.Os
.Sh NAME
@@ -43,7 +43,7 @@
.Pp
.Nm bioctl
.Bk -words
-.Op Fl dhiPqv
+.Op Fl dhiPqsv
.Op Fl C Ar flag[,flag,...]
.Op Fl c Ar raidlevel
.Op Fl k Ar keydisk
@@ -235,6 +235,11 @@ the PBKDF2 algorithm used to convert a passphrase into a key.
Higher iteration counts take more time, but offer more resistance to key
guessing attacks.
The minimum is 1000 rounds and the default is 8192.
+.It Fl s
+Read the passphrase for the selected crypto volume from
+.Pa /dev/stdin
+rather than
+.Pa /dev/tty .
.El
.Sh EXAMPLES
The following command, executed from the command line, would configure
diff --git a/sbin/bioctl/bioctl.c b/sbin/bioctl/bioctl.c
index d2db929c7f2..78a41b98fe4 100644
--- a/sbin/bioctl/bioctl.c
+++ b/sbin/bioctl/bioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bioctl.c,v 1.97 2010/07/10 02:56:16 matthew Exp $ */
+/* $OpenBSD: bioctl.c,v 1.98 2010/12/01 19:40:18 ckuethe Exp $ */
/*
* Copyright (c) 2004, 2005 Marco Peereboom
@@ -86,6 +86,7 @@ int rflag = 8192;
char *password;
struct bio_locate bl;
+int rpp_flag = RPP_REQUIRE_TTY;
int
main(int argc, char *argv[])
@@ -106,7 +107,7 @@ main(int argc, char *argv[])
if (argc < 2)
usage();
- while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:Pp:qr:R:vu:")) !=
+ while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:Pp:qr:R:svu:")) !=
-1) {
switch (ch) {
case 'a': /* alarm */
@@ -174,6 +175,9 @@ main(int argc, char *argv[])
ss_func = BIOC_SSREBUILD;
al_arg = optarg;
break;
+ case 's':
+ rpp_flag = RPP_STDIN;
+ break;
case 'v':
verbose = 1;
break;
@@ -252,12 +256,12 @@ usage(void)
"[-R device | channel:target[.lun]\n"
"\t[-u channel:target[.lun]] "
"device\n"
- " %s [-dhiPqv] "
- "[-C flag[,flag,...]] [-c raidlevel] [-k keydisk]\n"
- "\t[-l special[,special,...]] [-p passfile]\n"
- "\t[-R device | channel:target[.lun] [-r rounds] "
+ " %s [-dhiPqsv] "
+ "[-C flag[,flag,...]] [-c raidlevel] [-k keydisk]\n"
+ "\t[-l special[,special,...]] [-p passfile]\n"
+ "\t[-R device | channel:target[.lun] [-r rounds] "
"device\n", __progname, __progname);
-
+
exit(1);
}
@@ -1070,14 +1074,14 @@ derive_key_pkcs(int rounds, u_int8_t *key, size_t keysz, u_int8_t *salt,
fclose(f);
} else {
if (readpassphrase(prompt, passphrase, sizeof(passphrase),
- RPP_REQUIRE_TTY) == NULL)
+ rpp_flag) == NULL)
errx(1, "unable to read passphrase");
}
if (verify) {
/* request user to re-type it */
if (readpassphrase("Re-type passphrase: ", verifybuf,
- sizeof(verifybuf), RPP_REQUIRE_TTY) == NULL) {
+ sizeof(verifybuf), rpp_flag) == NULL) {
memset(passphrase, 0, sizeof(passphrase));
errx(1, "unable to read passphrase");
}