--- util-linux-2.12q/mount/lomount.c +++ util-linux-2.12q/mount/lomount.c @@ -52,6 +52,24 @@ extern void show_all_loops(void); extern int read_options_from_fstab(char *, char **); +int passphrase_timeout=0; +struct sigaction alrmact; + +static void +alrmhandler() { + /* let the SIGINT handler do the work: */ + kill(getpid(),SIGINT); + usleep(1000000); + kill(getpid(),SIGTERM); + usleep(1000000); + /* stubborn... */ + exit(0); +} + + + + + #if !defined(LOOP_PASSWORD_MIN_LENGTH) # define LOOP_PASSWORD_MIN_LENGTH 20 #endif @@ -460,6 +478,15 @@ int i, ask2; if(!passFDnumber) { + + if(passphrase_timeout) { + alrmact.sa_handler = &alrmhandler; + memset(&alrmact.sa_mask, 0, sizeof(alrmact.sa_mask)); + alrmact.sa_flags = 0; + sigaction(SIGALRM, &alrmact, NULL); + alarm(passphrase_timeout); + } + p = getpass(_("Password: ")); ask2 = passAskTwice ? 1 : 0; } else { @@ -493,6 +520,15 @@ s = malloc(i + 1); if(!s) goto nomem; strcpy(s, p); + + if(passphrase_timeout) { + alrmact.sa_handler = &alrmhandler; + memset(&alrmact.sa_mask, 0, sizeof(alrmact.sa_mask)); + alrmact.sa_flags = 0; + sigaction(SIGALRM, &alrmact, NULL); + alarm(passphrase_timeout); + } + p = getpass(_("Retype password: ")); if(!p) goto nomem; if(strcmp(s, p)) goto compareErr; @@ -524,6 +560,15 @@ strcpy(s, p); memset(p, 0, i); if(ask2) { + + if(passphrase_timeout) { + alrmact.sa_handler = &alrmhandler; + memset(&alrmact.sa_mask, 0, sizeof(alrmact.sa_mask)); + alrmact.sa_flags = 0; + sigaction(SIGALRM, &alrmact, NULL); + alarm(passphrase_timeout); + } + p = getpass(_("Retype password: ")); if(!p) goto nomem; if(strcmp(s, p)) { @@ -738,7 +783,7 @@ struct loop_info64 loopinfo; int fd, ffd, mode, i; char *pass, *apiName = NULL; - void (*hashFunc)(unsigned char *, int, unsigned char *, int); + void (*hashFunc)(unsigned char *, int, unsigned char *, int) = NULL; unsigned char multiKeyBits[65][32]; int minPassLen = LOOP_PASSWORD_MIN_LENGTH; int run_mkfs_command = 0; @@ -762,8 +807,23 @@ memset (&loopinfo, 0, sizeof (loopinfo)); xstrncpy (loopinfo.lo_file_name, file, LO_NAME_SIZE); - if (loopEncryptionType) + if (loopEncryptionType) { + if (strcasecmp(loopEncryptionType,"twofish")==0 + && !passHashFuncName) { + loopinfo.lo_encrypt_type = 3; /*LO_CRYPT_FISH*/ + loopinfo.lo_encrypt_key_size = 20; + passHashFuncName = strdup("rmd160"); + fprintf(stderr,"Switching to old S.u.S.E. loop_fish2 compatibility mode.\n"); + } else if (strcasecmp(loopEncryptionType,"twofishSL92")==0 + && !passHashFuncName) { + loopinfo.lo_encrypt_type = 3; /*LO_CRYPT_FISH*/ + loopinfo.lo_encrypt_key_size = 32; + passHashFuncName = strdup("sha512"); + fprintf(stderr,"Switching to SuSE 9.2 loop_fish2 compatibility mode.\n"); + } else { loopinfo.lo_encrypt_type = loop_crypt_type (loopEncryptionType, &loopinfo.lo_encrypt_key_size, &apiName); + } + } if (loopOffsetBytes) loopinfo.lo_offset = mystrtoull(loopOffsetBytes, 1); if (loopSizeBytes) @@ -995,7 +1055,7 @@ %s loop_device # give info\n\ %s -a # give info of all loops\n\ %s -d loop_device # delete\n\ -options: -o offset -s sizelimit -p passwdfd -S pseed -H phash\n\ +options: -o offset -s sizelimit -p passwdfd -S pseed -H phash -t timeout\n\ -I loinit -T -K gpgkey -G gpghome -C itercountk -v -r\n"), progname, progname, progname, progname, progname); exit(1); @@ -1139,7 +1199,7 @@ delete = 0; progname = argv[0]; - while ((c = getopt(argc,argv,"aC:de:FG:H:I:K:o:p:rs:S:Tv")) != -1) { + while ((c = getopt(argc,argv,"aC:de:FG:H:I:K:o:p:rs:S:t:Tv")) != -1) { switch (c) { case 'a': /* show status of all loops */ option_a = 1; @@ -1183,6 +1243,9 @@ case 'S': /* optional seed for passphrase */ passSeedString = optarg; break; + case 't': + passphrase_timeout = atoi(optarg); + break; case 'T': /* ask passphrase _twice_ */ passAskTwice = "T"; break; --- util-linux-2.12q/mount/losetup.8 +++ util-linux-2.12q/mount/losetup.8 @@ -128,6 +128,9 @@ password before hashing. Using different seeds for different partitions makes dictionary attacks slower but does not prevent them if user supplied password is guessable. Seed is not used in multi-key mode. +.IP "\fB\-t \fItimeout\fP" +make the password prompt time out after \fItimeout\fP seconds have +passed by. .IP "\fB\-T\fP" Asks password twice. .IP "\fB\-v\fP"