150 lines
4.5 KiB
Diff
150 lines
4.5 KiB
Diff
--- util-linux-2.12q/mount/lomount.c
|
|
+++ util-linux-2.12q/mount/lomount.c
|
|
@@ -52,6 +52,24 @@
|
|
extern void show_all_loops(void);
|
|
extern int read_options_from_fstab(char *, char **);
|
|
|
|
+int passphrase_timeout=0;
|
|
+struct sigaction alrmact;
|
|
+
|
|
+static void
|
|
+alrmhandler() {
|
|
+ /* let the SIGINT handler do the work: */
|
|
+ kill(getpid(),SIGINT);
|
|
+ usleep(1000000);
|
|
+ kill(getpid(),SIGTERM);
|
|
+ usleep(1000000);
|
|
+ /* stubborn... */
|
|
+ exit(0);
|
|
+}
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
#if !defined(LOOP_PASSWORD_MIN_LENGTH)
|
|
# define LOOP_PASSWORD_MIN_LENGTH 20
|
|
#endif
|
|
@@ -460,6 +478,15 @@
|
|
int i, ask2;
|
|
|
|
if(!passFDnumber) {
|
|
+
|
|
+ if(passphrase_timeout) {
|
|
+ alrmact.sa_handler = &alrmhandler;
|
|
+ memset(&alrmact.sa_mask, 0, sizeof(alrmact.sa_mask));
|
|
+ alrmact.sa_flags = 0;
|
|
+ sigaction(SIGALRM, &alrmact, NULL);
|
|
+ alarm(passphrase_timeout);
|
|
+ }
|
|
+
|
|
p = getpass(_("Password: "));
|
|
ask2 = passAskTwice ? 1 : 0;
|
|
} else {
|
|
@@ -493,6 +520,15 @@
|
|
s = malloc(i + 1);
|
|
if(!s) goto nomem;
|
|
strcpy(s, p);
|
|
+
|
|
+ if(passphrase_timeout) {
|
|
+ alrmact.sa_handler = &alrmhandler;
|
|
+ memset(&alrmact.sa_mask, 0, sizeof(alrmact.sa_mask));
|
|
+ alrmact.sa_flags = 0;
|
|
+ sigaction(SIGALRM, &alrmact, NULL);
|
|
+ alarm(passphrase_timeout);
|
|
+ }
|
|
+
|
|
p = getpass(_("Retype password: "));
|
|
if(!p) goto nomem;
|
|
if(strcmp(s, p)) goto compareErr;
|
|
@@ -524,6 +560,15 @@
|
|
strcpy(s, p);
|
|
memset(p, 0, i);
|
|
if(ask2) {
|
|
+
|
|
+ if(passphrase_timeout) {
|
|
+ alrmact.sa_handler = &alrmhandler;
|
|
+ memset(&alrmact.sa_mask, 0, sizeof(alrmact.sa_mask));
|
|
+ alrmact.sa_flags = 0;
|
|
+ sigaction(SIGALRM, &alrmact, NULL);
|
|
+ alarm(passphrase_timeout);
|
|
+ }
|
|
+
|
|
p = getpass(_("Retype password: "));
|
|
if(!p) goto nomem;
|
|
if(strcmp(s, p)) {
|
|
@@ -738,7 +783,7 @@
|
|
struct loop_info64 loopinfo;
|
|
int fd, ffd, mode, i;
|
|
char *pass, *apiName = NULL;
|
|
- void (*hashFunc)(unsigned char *, int, unsigned char *, int);
|
|
+ void (*hashFunc)(unsigned char *, int, unsigned char *, int) = NULL;
|
|
unsigned char multiKeyBits[65][32];
|
|
int minPassLen = LOOP_PASSWORD_MIN_LENGTH;
|
|
int run_mkfs_command = 0;
|
|
@@ -762,8 +807,23 @@
|
|
|
|
memset (&loopinfo, 0, sizeof (loopinfo));
|
|
xstrncpy (loopinfo.lo_file_name, file, LO_NAME_SIZE);
|
|
- if (loopEncryptionType)
|
|
+ if (loopEncryptionType) {
|
|
+ if (strcasecmp(loopEncryptionType,"twofish")==0
|
|
+ && !passHashFuncName) {
|
|
+ loopinfo.lo_encrypt_type = 3; /*LO_CRYPT_FISH*/
|
|
+ loopinfo.lo_encrypt_key_size = 20;
|
|
+ passHashFuncName = strdup("rmd160");
|
|
+ fprintf(stderr,"Switching to old S.u.S.E. loop_fish2 compatibility mode.\n");
|
|
+ } else if (strcasecmp(loopEncryptionType,"twofishSL92")==0
|
|
+ && !passHashFuncName) {
|
|
+ loopinfo.lo_encrypt_type = 3; /*LO_CRYPT_FISH*/
|
|
+ loopinfo.lo_encrypt_key_size = 32;
|
|
+ passHashFuncName = strdup("sha512");
|
|
+ fprintf(stderr,"Switching to SuSE 9.2 loop_fish2 compatibility mode.\n");
|
|
+ } else {
|
|
loopinfo.lo_encrypt_type = loop_crypt_type (loopEncryptionType, &loopinfo.lo_encrypt_key_size, &apiName);
|
|
+ }
|
|
+ }
|
|
if (loopOffsetBytes)
|
|
loopinfo.lo_offset = mystrtoull(loopOffsetBytes, 1);
|
|
if (loopSizeBytes)
|
|
@@ -995,7 +1055,7 @@
|
|
%s loop_device # give info\n\
|
|
%s -a # give info of all loops\n\
|
|
%s -d loop_device # delete\n\
|
|
-options: -o offset -s sizelimit -p passwdfd -S pseed -H phash\n\
|
|
+options: -o offset -s sizelimit -p passwdfd -S pseed -H phash -t timeout\n\
|
|
-I loinit -T -K gpgkey -G gpghome -C itercountk -v -r\n"),
|
|
progname, progname, progname, progname, progname);
|
|
exit(1);
|
|
@@ -1139,7 +1199,7 @@
|
|
|
|
delete = 0;
|
|
progname = argv[0];
|
|
- while ((c = getopt(argc,argv,"aC:de:FG:H:I:K:o:p:rs:S:Tv")) != -1) {
|
|
+ while ((c = getopt(argc,argv,"aC:de:FG:H:I:K:o:p:rs:S:t:Tv")) != -1) {
|
|
switch (c) {
|
|
case 'a': /* show status of all loops */
|
|
option_a = 1;
|
|
@@ -1183,6 +1243,9 @@
|
|
case 'S': /* optional seed for passphrase */
|
|
passSeedString = optarg;
|
|
break;
|
|
+ case 't':
|
|
+ passphrase_timeout = atoi(optarg);
|
|
+ break;
|
|
case 'T': /* ask passphrase _twice_ */
|
|
passAskTwice = "T";
|
|
break;
|
|
--- util-linux-2.12q/mount/losetup.8
|
|
+++ util-linux-2.12q/mount/losetup.8
|
|
@@ -128,6 +128,9 @@
|
|
password before hashing. Using different seeds for different partitions
|
|
makes dictionary attacks slower but does not prevent them if user supplied
|
|
password is guessable. Seed is not used in multi-key mode.
|
|
+.IP "\fB\-t \fItimeout\fP"
|
|
+make the password prompt time out after \fItimeout\fP seconds have
|
|
+passed by.
|
|
.IP "\fB\-T\fP"
|
|
Asks password twice.
|
|
.IP "\fB\-v\fP"
|