1
0
forked from jengelh/util-linux
util-linux/util-linux-2.12r-losetup_password.patch

248 lines
6.9 KiB
Diff

Index: util-linux-2.12r/mount/lomount.c
===================================================================
--- util-linux-2.12r.orig/mount/lomount.c
+++ util-linux-2.12r/mount/lomount.c
@@ -46,24 +46,24 @@
#include "rmd160.h"
#include "aes.h"
+#define LO_PASS_OK EXIT_SUCCESS
+#define LO_PASS_ERR EXIT_FAILURE
+#define LO_PASS_EMPTY 5
+#define LO_PASS_SHORT 6
+
extern int verbose;
extern char *xstrdup (const char *s); /* not: #include "sundries.h" */
extern void error (const char *fmt, ...); /* idem */
extern void show_all_loops(void);
extern int read_options_from_fstab(char *, char **);
+volatile int timeout=0;
int passphrase_timeout=0;
struct sigaction alrmact;
static void
alrmhandler() {
- /* let the SIGINT handler do the work: */
- kill(getpid(),SIGINT);
- usleep(1000000);
- kill(getpid(),SIGTERM);
- usleep(1000000);
- /* stubborn... */
- exit(0);
+ timeout = 1;
}
@@ -473,11 +473,14 @@ static char *do_GPG_pipe(char *pass)
return multiKeyPass[0];
}
-static char *sGetPass(int minLen, int warnLen)
+static int sGetPass(char **pass, int minLen, int warnLen)
{
char *p, *s, *seed;
int i, ask2;
+ *pass = NULL;
+ timeout = 0;
+
if(!passFDnumber) {
if(passphrase_timeout) {
@@ -489,6 +492,9 @@ static char *sGetPass(int minLen, int wa
}
p = getpass(_("Password: "));
+ alarm(0);
+ if (timeout)
+ return LO_PASS_EMPTY;
ask2 = passAskTwice ? 1 : 0;
} else {
i = atoi(passFDnumber);
@@ -504,11 +510,13 @@ static char *sGetPass(int minLen, int wa
}
if(x == 65) {
multiKeyMode = 65;
- return multiKeyPass[0];
+ *pass = multiKeyPass[0];
+ return LO_PASS_OK;
}
if(x == 64) {
multiKeyMode = 64;
- return multiKeyPass[0];
+ *pass = multiKeyPass[0];
+ return LO_PASS_OK;
}
p = multiKeyPass[0];
}
@@ -531,6 +539,9 @@ static char *sGetPass(int minLen, int wa
}
p = getpass(_("Retype password: "));
+ alarm(0);
+ if (timeout)
+ return LO_PASS_EMPTY;
if(!p) goto nomem;
if(strcmp(s, p)) goto compareErr;
memset(s, 0, i);
@@ -538,17 +549,25 @@ static char *sGetPass(int minLen, int wa
ask2 = 0;
}
p = do_GPG_pipe(p);
- if(!p) return(NULL);
+ if(!p)
+ return LO_PASS_ERR;
if(!p[0]) {
fprintf(stderr, _("Error: gpg key file decryption failed\n"));
- return(NULL);
+ return LO_PASS_ERR;
+ }
+ if(multiKeyMode) {
+ *pass = p;
+ return LO_PASS_OK;
}
- if(multiKeyMode) return(p);
}
i = strlen(p);
+ if(i == 0) {
+ fprintf(stderr, _("Error: Empty password\n"));
+ return LO_PASS_EMPTY;
+ }
if(i < minLen) {
fprintf(stderr, _("Error: Password must be at least %d characters.\n"), minLen);
- return(NULL);
+ return LO_PASS_SHORT;
}
seed = passSeedString;
if(!seed) seed = "";
@@ -556,7 +575,7 @@ static char *sGetPass(int minLen, int wa
if(!s) {
nomem:
fprintf(stderr, _("Error: Unable to allocate memory\n"));
- return(NULL);
+ return LO_PASS_ERR;
}
strcpy(s, p);
memset(p, 0, i);
@@ -571,11 +590,14 @@ static char *sGetPass(int minLen, int wa
}
p = getpass(_("Retype password: "));
+ alarm(0);
+ if (timeout)
+ return LO_PASS_EMPTY;
if(!p) goto nomem;
if(strcmp(s, p)) {
compareErr:
fprintf(stderr, _("Error: Passwords are not identical\n"));
- return(NULL);
+ return LO_PASS_ERR;
}
memset(p, 0, i);
}
@@ -583,7 +605,8 @@ static char *sGetPass(int minLen, int wa
fprintf(stderr, _("WARNING - Please use longer password (%d or more characters)\n"), SUSE_PASSWORD_MIN_LENGTH);
}
strcat(s, seed);
- return(s);
+ *pass = s;
+ return LO_PASS_OK;
}
/* this is for compatibility with historic loop-AES version */
@@ -788,6 +811,7 @@ set_loop(const char *device, const char
unsigned char multiKeyBits[65][32];
int minPassLen = SUSE_PASSWORD_MIN_LENGTH;
int run_mkfs_command = 0;
+ int ret;
loopFileName = (char *)file;
multiKeyMode = 0;
@@ -802,6 +826,7 @@ set_loop(const char *device, const char
}
if ((fd = open(device, mode)) < 0) {
perror (device);
+ ret = 1;
goto close_ffd_return1;
}
*loopro = (mode == O_RDONLY);
@@ -848,8 +873,8 @@ set_loop(const char *device, const char
loopinfo.lo_encrypt_key_size = 0;
break;
case LO_CRYPT_XOR:
- pass = sGetPass (1, 0);
- if(!pass) goto close_fd_ffd_return1;
+ ret = sGetPass (&pass, 1, 0);
+ if(ret) goto close_fd_ffd_return1;
xstrncpy (loopinfo.lo_encrypt_key, pass, LO_KEY_SIZE);
loopinfo.lo_encrypt_key_size = strlen(loopinfo.lo_encrypt_key);
break;
@@ -886,6 +911,7 @@ set_loop(const char *device, const char
/* This is not compatible with gpgkey= mount option */
if(rd_wr_retry(atoi(passFDnumber), (char *)&loopinfo.lo_encrypt_key[0], LO_KEY_SIZE, 0) < 1) {
fprintf(stderr, _("Error: couldn't read binary key\n"));
+ ret = 1;
goto close_fd_ffd_return1;
}
break; /* out of switch(loopinfo.lo_encrypt_type) */
@@ -894,6 +920,7 @@ set_loop(const char *device, const char
/* WARNING! DO NOT USE RANDOM HASH TYPE ON PARTITION WITH EXISTING */
/* IMPORTANT DATA ON IT. RANDOM HASH TYPE WILL DESTROY YOUR DATA. */
if(loop_create_random_keys((char*)file, *loopro, &multiKeyBits[0][0])) {
+ ret = 1;
goto close_fd_ffd_return1;
}
memcpy(&loopinfo.lo_encrypt_key[0], &multiKeyBits[0][0], sizeof(loopinfo.lo_encrypt_key));
@@ -901,8 +928,8 @@ set_loop(const char *device, const char
break; /* out of switch(loopinfo.lo_encrypt_type) */
}
}
- pass = sGetPass (minPassLen, SUSE_PASSWORD_MIN_LENGTH);
- if(!pass) goto close_fd_ffd_return1;
+ ret = sGetPass (&pass, minPassLen, SUSE_PASSWORD_MIN_LENGTH);
+ if(ret) goto close_fd_ffd_return1;
i = strlen(pass);
if(hashFunc == unhashed1_key_setup) {
/* this is for compatibility with historic loop-AES version */
@@ -966,6 +993,7 @@ set_loop(const char *device, const char
break;
default:
fprintf (stderr, _("Error: don't know how to get key for encryption system %d\n"), loopinfo.lo_encrypt_type);
+ ret = 1;
goto close_fd_ffd_return1;
}
@@ -985,7 +1013,7 @@ close_fd_ffd_return1:
close (fd);
close_ffd_return1:
close (ffd);
- return 1;
+ return ret;
}
/* type 18 == LO_CRYPT_CRYPTOAPI */
@@ -995,6 +1023,7 @@ close_ffd_return1:
fprintf(stderr, _("ioctl: LOOP_SET_STATUS: %s, requested cipher or key length (%d bits) not supported by kernel\n"), strerror(errno), loopinfo.lo_encrypt_key_size << 3);
loop_clr_fd_out:
(void) ioctl (fd, LOOP_CLR_FD, 0);
+ ret = 1;
goto keyclean_close_fd_ffd_return1;
}
}
Index: util-linux-2.12r/mount/losetup.8
===================================================================
--- util-linux-2.12r.orig/mount/losetup.8
+++ util-linux-2.12r/mount/losetup.8
@@ -143,6 +143,10 @@ displays the status of a loop device, it
is not configured and 2 if an error occurred which prevented
.B losetup
from determining the status of the device.
+When using encryption
+.B losetup
+returns 5 if the passphrase is empty or a timeout occurred and 6 if
+the passphrase is too short.
.SH FILES
.nf