diff options
| author | Andrey Sokolov <keremet@solaris.kirov.ru> | 2016-03-10 22:31:08 +0300 |
|---|---|---|
| committer | Dan McDonald <danmcd@omniti.com> | 2016-03-13 14:15:51 -0400 |
| commit | a1b1a2a0aac3d3c0533efa646a9d7a7dca91fc7c (patch) | |
| tree | f0d96fefa3fe0b3cf47428d72d4f1a936a016653 /usr/src/cmd/lofiadm | |
| parent | 3b4315d3f6ce29d16d3f8e2c62b2f9c24192c3a8 (diff) | |
| download | illumos-joyent-a1b1a2a0aac3d3c0533efa646a9d7a7dca91fc7c.tar.gz | |
5857 lofiadm should ask passphrase once if the crypto is already set up
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Dan McDonald <danmcd@omniti.com>
Diffstat (limited to 'usr/src/cmd/lofiadm')
| -rw-r--r-- | usr/src/cmd/lofiadm/main.c | 46 |
1 files changed, 43 insertions, 3 deletions
diff --git a/usr/src/cmd/lofiadm/main.c b/usr/src/cmd/lofiadm/main.c index 991ca7b994..542bec8063 100644 --- a/usr/src/cmd/lofiadm/main.c +++ b/usr/src/cmd/lofiadm/main.c @@ -154,6 +154,8 @@ lofi_compress_info_t lofi_compress_table[LOFI_COMPRESS_FUNCTIONS] = { #define GIGABYTE (KILOBYTE * MEGABYTE) #define LIBZ "libz.so.1" +const char lofi_crypto_magic[6] = LOFI_CRYPTO_MAGIC; + static void usage(const char *pname) { @@ -836,7 +838,8 @@ parsetoken(char *spec) * PBE the passphrase into a raw key */ static void -getkeyfromuser(mech_alias_t *cipher, char **raw_key, size_t *raw_key_sz) +getkeyfromuser(mech_alias_t *cipher, char **raw_key, size_t *raw_key_sz, + boolean_t with_confirmation) { CK_SESSION_HANDLE sess; CK_RV rv; @@ -867,7 +870,8 @@ getkeyfromuser(mech_alias_t *cipher, char **raw_key, size_t *raw_key_sz) goto cleanup; /* get user passphrase with 8 byte minimum */ - if (pkcs11_get_pass(NULL, &pass, &passlen, MIN_PASSLEN, B_TRUE) < 0) { + if (pkcs11_get_pass(NULL, &pass, &passlen, MIN_PASSLEN, + with_confirmation) < 0) { die(gettext("passphrases do not match\n")); } @@ -1760,6 +1764,41 @@ check_file_validity(const char *filename) } } +static boolean_t +check_file_is_encrypted(const char *filename) +{ + int fd; + char buf[sizeof (lofi_crypto_magic)]; + int got; + int rest = sizeof (lofi_crypto_magic); + + fd = open64(filename, O_RDONLY); + if (fd == -1) + die(gettext("failed to open: %s"), filename); + + if (lseek(fd, CRYOFF, SEEK_SET) != CRYOFF) + die(gettext("failed to seek to offset 0x%lx in file %s"), + CRYOFF, filename); + + do { + got = read(fd, buf + sizeof (lofi_crypto_magic) - rest, rest); + if ((got == 0) || ((got == -1) && (errno != EINTR))) + die(gettext("failed to read crypto header" + " at offset 0x%lx in file %s"), CRYOFF, filename); + + if (got > 0) + rest -= got; + } while (rest > 0); + + while (close(fd) == -1) { + if (errno != EINTR) + die(gettext("failed to close file %s"), filename); + } + + return (strncmp(buf, lofi_crypto_magic, + sizeof (lofi_crypto_magic)) == 0); +} + static uint32_t convert_to_num(const char *str) { @@ -2022,7 +2061,8 @@ main(int argc, char *argv[]) init_crypto(token, cipher, &sess); if (cipher_only) { - getkeyfromuser(cipher, &rkey, &rksz); + getkeyfromuser(cipher, &rkey, &rksz, + !check_file_is_encrypted(filename)); } else if (token != NULL) { getkeyfromtoken(sess, token, keyfile, cipher, &rkey, &rksz); |