search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Sync usage with man page.
[netbsd-mini2440.git] / sbin / cgdconfig / cgdconfig.c
blobdebe0fb90a491fd6162dfe2856270e2f9018b4db
1 /* $NetBSD: cgdconfig.c,v 1.27 2008/07/24 19:07:36 christos Exp $ */
2
3 /*-
4 * Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Roland C. Dowdeswell.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 #include <sys/cdefs.h>
33 #ifndef lint
34 __COPYRIGHT("@(#) Copyright (c) 2002, 2003\
35 The NetBSD Foundation, Inc. All rights reserved.");
36 __RCSID("$NetBSD: cgdconfig.c,v 1.27 2008/07/24 19:07:36 christos Exp $");
37 #endif
38
39 #include <err.h>
40 #include <errno.h>
41 #include <fcntl.h>
42 #include <libgen.h>
43 #include <stdio.h>
44 #include <stdlib.h>
45 #include <string.h>
46 #include <unistd.h>
47 #include <util.h>
48
49 #include <sys/ioctl.h>
50 #include <sys/disklabel.h>
51 #include <sys/mman.h>
52 #include <sys/param.h>
53 #include <sys/resource.h>
54
55 #include <dev/cgdvar.h>
56
57 #include <ufs/ffs/fs.h>
58
59 #include "params.h"
60 #include "pkcs5_pbkdf2.h"
61 #include "utils.h"
62 #include "cgd_kernelops.h"
63 #include "cgdconfig.h"
64
65 #define CGDCONFIG_DIR "/etc/cgd"
66 #define CGDCONFIG_CFILE CGDCONFIG_DIR "/cgd.conf"
67
68 enum action {
69 ACTION_DEFAULT, /* default -> configure */
70 ACTION_CONFIGURE, /* configure, with paramsfile */
71 ACTION_UNCONFIGURE, /* unconfigure */
72 ACTION_GENERATE, /* generate a paramsfile */
73 ACTION_GENERATE_CONVERT, /* generate a ``dup'' paramsfile */
74 ACTION_CONFIGALL, /* configure all from config file */
75 ACTION_UNCONFIGALL, /* unconfigure all from config file */
76 ACTION_CONFIGSTDIN /* configure, key from stdin */
77 };
78
79 /* if nflag is set, do not configure/unconfigure the cgd's */
80
81 int nflag = 0;
82
83 /* if pflag is set to PFLAG_STDIN read from stdin rather than getpass(3) */
84
85 #define PFLAG_GETPASS 0x01
86 #define PFLAG_STDIN 0x02
87 int pflag = PFLAG_GETPASS;
88
89 static int configure(int, char **, struct params *, int);
90 static int configure_stdin(struct params *, int argc, char **);
91 static int generate(struct params *, int, char **, const char *);
92 static int generate_convert(struct params *, int, char **, const char *);
93 static int unconfigure(int, char **, struct params *, int);
94 static int do_all(const char *, int, char **,
95 int (*)(int, char **, struct params *, int));
96
97 #define CONFIG_FLAGS_FROMALL 1 /* called from configure_all() */
98 #define CONFIG_FLAGS_FROMMAIN 2 /* called from main() */
99
100 static int configure_params(int, const char *, const char *,
101 struct params *);
102 static void eliminate_cores(void);
103 static bits_t *getkey(const char *, struct keygen *, size_t);
104 static bits_t *getkey_storedkey(const char *, struct keygen *, size_t);
105 static bits_t *getkey_randomkey(const char *, struct keygen *, size_t, int);
106 static bits_t *getkey_pkcs5_pbkdf2(const char *, struct keygen *, size_t,
107 int);
108 static bits_t *getkey_shell_cmd(const char *, struct keygen *, size_t);
109 static char *maybe_getpass(char *);
110 static int opendisk_werror(const char *, char *, size_t);
111 static int unconfigure_fd(int);
112 static int verify(struct params *, int);
113 static int verify_disklabel(int);
114 static int verify_ffs(int);
115 static int verify_reenter(struct params *);
116
117 static void usage(void);
118
119 /* Verbose Framework */
120 unsigned verbose = 0;
121
122 #define VERBOSE(x,y) if (verbose >= x) y
123 #define VPRINTF(x,y) if (verbose >= x) (void)printf y
124
125 static void
126 usage(void)
127 {
128
129 (void)fprintf(stderr, "usage: %s [-nv] [-V vmeth] cgd dev [paramsfile]\n",
130 getprogname());
131 (void)fprintf(stderr, " %s -C [-nv] [-f configfile]\n", getprogname());
132 (void)fprintf(stderr, " %s -U [-nv] [-f configfile]\n", getprogname());
133 (void)fprintf(stderr, " %s -G [-nv] [-i ivmeth] [-k kgmeth] "
134 "[-o outfile] paramsfile\n", getprogname());
135 (void)fprintf(stderr, " %s -g [-nv] [-i ivmeth] [-k kgmeth] "
136 "[-o outfile] alg [keylen]\n", getprogname());
137 (void)fprintf(stderr, " %s -s [-nv] [-i ivmeth] cgd dev alg "
138 "[keylen]\n", getprogname());
139 (void)fprintf(stderr, " %s -u [-nv] cgd\n", getprogname());
140 exit(EXIT_FAILURE);
141 }
142
143 static int
144 parse_size_t(const char *s, size_t *l)
145 {
146 char *endptr;
147 long v;
148
149 errno = 0;
150 v = strtol(s, &endptr, 10);
151 if ((v == LONG_MIN || v == LONG_MAX) && errno)
152 return -1;
153 if (v < INT_MIN || v > INT_MAX) {
154 errno = ERANGE;
155 return -1;
156 }
157 if (endptr == s) {
158 errno = EINVAL;
159 return -1;
160 }
161 *l = (size_t)v;
162 return 0;
163 }
164
165 static void
166 set_action(enum action *action, enum action value)
167 {
168 if (*action != ACTION_DEFAULT)
169 usage();
170 *action = value;
171 }
172
173 #ifndef CGDCONFIG_AS_LIB
174 int
175 main(int argc, char **argv)
176 {
177
178 return cgdconfig(argc, argv);
179 }
180 #endif
181
182 int
183 cgdconfig(int argc, char *argv[])
184 {
185 struct params *p;
186 struct params *tp;
187 struct keygen *kg;
188 enum action action = ACTION_DEFAULT;
189 int ch;
190 const char *cfile = NULL;
191 const char *outfile = NULL;
192
193 setprogname(*argv);
194 eliminate_cores();
195 if (mlockall(MCL_FUTURE))
196 err(EXIT_FAILURE, "Can't lock memory");
197 p = params_new();
198 kg = NULL;
199
200 while ((ch = getopt(argc, argv, "CGUV:b:f:gi:k:no:spuv")) != -1)
201 switch (ch) {
202 case 'C':
203 set_action(&action, ACTION_CONFIGALL);
204 break;
205 case 'G':
206 set_action(&action, ACTION_GENERATE_CONVERT);
207 break;
208 case 'U':
209 set_action(&action, ACTION_UNCONFIGALL);
210 break;
211 case 'V':
212 tp = params_verify_method(string_fromcharstar(optarg));
213 if (!tp)
214 usage();
215 p = params_combine(p, tp);
216 break;
217 case 'b':
218 {
219 size_t size;
220
221 if (parse_size_t(optarg, &size) == -1)
222 usage();
223 tp = params_bsize(size);
224 if (!tp)
225 usage();
226 p = params_combine(p, tp);
227 }
228 break;
229 case 'f':
230 if (cfile)
231 usage();
232 cfile = estrdup(optarg);
233 break;
234 case 'g':
235 set_action(&action, ACTION_GENERATE);
236 break;
237 case 'i':
238 tp = params_ivmeth(string_fromcharstar(optarg));
239 p = params_combine(p, tp);
240 break;
241 case 'k':
242 kg = keygen_method(string_fromcharstar(optarg));
243 if (!kg)
244 usage();
245 keygen_addlist(&p->keygen, kg);
246 break;
247 case 'n':
248 nflag = 1;
249 break;
250 case 'o':
251 if (outfile)
252 usage();
253 outfile = estrdup(optarg);
254 break;
255 case 'p':
256 pflag = PFLAG_STDIN;
257 break;
258 case 's':
259 set_action(&action, ACTION_CONFIGSTDIN);
260 break;
261
262 case 'u':
263 set_action(&action, ACTION_UNCONFIGURE);
264 break;
265 case 'v':
266 verbose++;
267 break;
268 default:
269 usage();
270 /* NOTREACHED */
271 }
272
273 argc -= optind;
274 argv += optind;
275
276 if (!outfile)
277 outfile = "";
278 if (!cfile)
279 cfile = "";
280
281 /* validate the consistency of the arguments */
282
283 switch (action) {
284 case ACTION_DEFAULT: /* ACTION_CONFIGURE is the default */
285 case ACTION_CONFIGURE:
286 return configure(argc, argv, p, CONFIG_FLAGS_FROMMAIN);
287 case ACTION_UNCONFIGURE:
288 return unconfigure(argc, argv, NULL, CONFIG_FLAGS_FROMMAIN);
289 case ACTION_GENERATE:
290 return generate(p, argc, argv, outfile);
291 case ACTION_GENERATE_CONVERT:
292 return generate_convert(p, argc, argv, outfile);
293 case ACTION_CONFIGALL:
294 return do_all(cfile, argc, argv, configure);
295 case ACTION_UNCONFIGALL:
296 return do_all(cfile, argc, argv, unconfigure);
297 case ACTION_CONFIGSTDIN:
298 return configure_stdin(p, argc, argv);
299 default:
300 errx(EXIT_FAILURE, "undefined action");
301 /* NOTREACHED */
302 }
303 }
304
305 static bits_t *
306 getkey(const char *dev, struct keygen *kg, size_t len)
307 {
308 bits_t *ret = NULL;
309 bits_t *tmp;
310
311 VPRINTF(3, ("getkey(\"%s\", %p, %zu) called\n", dev, kg, len));
312 for (; kg; kg=kg->next) {
313 switch (kg->kg_method) {
314 case KEYGEN_STOREDKEY:
315 tmp = getkey_storedkey(dev, kg, len);
316 break;
317 case KEYGEN_RANDOMKEY:
318 tmp = getkey_randomkey(dev, kg, len, 1);
319 break;
320 case KEYGEN_URANDOMKEY:
321 tmp = getkey_randomkey(dev, kg, len, 0);
322 break;
323 case KEYGEN_PKCS5_PBKDF2_SHA1:
324 tmp = getkey_pkcs5_pbkdf2(dev, kg, len, 0);
325 break;
326 /* provide backwards compatibility for old config files */
327 case KEYGEN_PKCS5_PBKDF2_OLD:
328 tmp = getkey_pkcs5_pbkdf2(dev, kg, len, 1);
329 break;
330 case KEYGEN_SHELL_CMD:
331 tmp = getkey_shell_cmd(dev, kg, len);
332 break;
333 default:
334 warnx("unrecognised keygen method %d in getkey()",
335 kg->kg_method);
336 if (ret)
337 bits_free(ret);
338 return NULL;
339 }
340
341 if (ret)
342 ret = bits_xor_d(tmp, ret);
343 else
344 ret = tmp;
345 }
346
347 return ret;
348 }
349
350 /*ARGSUSED*/
351 static bits_t *
352 getkey_storedkey(const char *target, struct keygen *kg, size_t keylen)
353 {
354 return bits_dup(kg->kg_key);
355 }
356
357 /*ARGSUSED*/
358 static bits_t *
359 getkey_randomkey(const char *target, struct keygen *kg, size_t keylen, int hard)
360 {
361 return bits_getrandombits(keylen, hard);
362 }
363
364 static char *
365 maybe_getpass(char *prompt)
366 {
367 char buf[1024];
368 char *p = buf;
369 char *tmp;
370
371 switch (pflag) {
372 case PFLAG_GETPASS:
373 p = getpass(prompt);
374 break;
375
376 case PFLAG_STDIN:
377 p = fgets(buf, sizeof(buf), stdin);
378 if (p) {
379 tmp = strchr(p, '\n');
380 if (tmp)
381 *tmp = '\0';
382 }
383 break;
384
385 default:
386 errx(EXIT_FAILURE, "pflag set inappropriately?");
387 }
388
389 if (!p)
390 err(EXIT_FAILURE, "failed to read passphrase");
391
392 return estrdup(p);
393 }
394
395 /*ARGSUSED*/
396 /*
397 * XXX take, and pass through, a compat flag that indicates whether we
398 * provide backwards compatibility with a previous bug. The previous
399 * behaviour is indicated by the keygen method pkcs5_pbkdf2, and a
400 * non-zero compat flag. The new default, and correct keygen method is
401 * called pcks5_pbkdf2/sha1. When the old method is removed, so will
402 * be the compat argument.
403 */
404 static bits_t *
405 getkey_pkcs5_pbkdf2(const char *target, struct keygen *kg, size_t keylen,
406 int compat)
407 {
408 bits_t *ret;
409 char *passp;
410 char buf[1024];
411 u_int8_t *tmp;
412
413 snprintf(buf, sizeof(buf), "%s's passphrase:", target);
414 passp = maybe_getpass(buf);
415 if (pkcs5_pbkdf2(&tmp, BITS2BYTES(keylen), (uint8_t *)passp,
416 strlen(passp),
417 bits_getbuf(kg->kg_salt), BITS2BYTES(bits_len(kg->kg_salt)),
418 kg->kg_iterations, compat)) {
419 warnx("failed to generate PKCS#5 PBKDF2 key");
420 return NULL;
421 }
422
423 ret = bits_new(tmp, keylen);
424 kg->kg_key = bits_dup(ret);
425 memset(passp, 0, strlen(passp));
426 free(passp);
427 free(tmp);
428 return ret;
429 }
430
431 /*ARGSUSED*/
432 static bits_t *
433 getkey_shell_cmd(const char *target, struct keygen *kg, size_t keylen)
434 {
435 FILE *f;
436 bits_t *ret;
437
438 f = popen(string_tocharstar(kg->kg_cmd), "r");
439 ret = bits_fget(f, keylen);
440 pclose(f);
441
442 return ret;
443 }
444
445 /*ARGSUSED*/
446 static int
447 unconfigure(int argc, char **argv, struct params *inparams, int flags)
448 {
449 int fd;
450 int ret;
451 char buf[MAXPATHLEN] = "";
452
453 /* only complain about additional arguments, if called from main() */
454 if (flags == CONFIG_FLAGS_FROMMAIN && argc != 1)
455 usage();
456
457 /* if called from do_all(), then ensure that 2 or 3 args exist */
458 if (flags == CONFIG_FLAGS_FROMALL && (argc < 2 || argc > 3))
459 return -1;
460
461 fd = opendisk1(*argv, O_RDWR, buf, sizeof(buf), 1, cgd_kops.ko_open);
462 if (fd == -1) {
463 int saved_errno = errno;
464
465 warn("can't open cgd \"%s\", \"%s\"", *argv, buf);
466
467 /* this isn't fatal with nflag != 0 */
468 if (!nflag)
469 return saved_errno;
470 }
471
472 VPRINTF(1, ("%s (%s): clearing\n", *argv, buf));
473
474 if (nflag)
475 return 0;
476
477 ret = unconfigure_fd(fd);
478 (void)cgd_kops.ko_close(fd);
479 return ret;
480 }
481
482 static int
483 unconfigure_fd(int fd)
484 {
485 struct cgd_ioctl ci;
486
487 if (cgd_kops.ko_ioctl(fd, CGDIOCCLR, &ci) == -1) {
488 warn("ioctl");
489 return -1;
490 }
491
492 return 0;
493 }
494
495 /*ARGSUSED*/
496 static int
497 configure(int argc, char **argv, struct params *inparams, int flags)
498 {
499 struct params *p;
500 struct keygen *kg;
501 int fd;
502 int loop = 0;
503 int ret;
504 char cgdname[PATH_MAX];
505
506 if (argc == 2) {
507 char *pfile;
508
509 if (asprintf(&pfile, "%s/%s",
510 CGDCONFIG_DIR, basename(argv[1])) == -1)
511 return -1;
512
513 p = params_cget(pfile);
514 free(pfile);
515 } else if (argc == 3) {
516 p = params_cget(argv[2]);
517 } else {
518 /* print usage and exit, only if called from main() */
519 if (flags == CONFIG_FLAGS_FROMMAIN) {
520 warnx("wrong number of args");
521 usage();
522 }
523 return -1;
524 }
525
526 if (!p)
527 return -1;
528
529 /*
530 * over-ride with command line specifications and fill in default
531 * values.
532 */
533
534 p = params_combine(p, inparams);
535 ret = params_filldefaults(p);
536 if (ret) {
537 params_free(p);
538 return ret;
539 }
540
541 if (!params_verify(p)) {
542 warnx("params invalid");
543 return -1;
544 }
545
546 /*
547 * loop over configuring the disk and checking to see if it
548 * verifies properly. We open and close the disk device each
549 * time, because if the user passes us the block device we
550 * need to flush the buffer cache.
551 *
552 * We only loop if one of the verification methods prompts for
553 * a password.
554 */
555
556 for (kg = p->keygen; pflag == PFLAG_GETPASS && kg; kg = kg->next)
557 if ((kg->kg_method == KEYGEN_PKCS5_PBKDF2_SHA1) ||
558 (kg->kg_method == KEYGEN_PKCS5_PBKDF2_OLD )) {
559 loop = 1;
560 break;
561 }
562
563 for (;;) {
564 fd = opendisk_werror(argv[0], cgdname, sizeof(cgdname));
565 if (fd == -1)
566 return -1;
567
568 if (p->key)
569 bits_free(p->key);
570
571 p->key = getkey(argv[1], p->keygen, p->keylen);
572 if (!p->key)
573 goto bail_err;
574
575 ret = configure_params(fd, cgdname, argv[1], p);
576 if (ret)
577 goto bail_err;
578
579 ret = verify(p, fd);
580 if (ret == -1)
581 goto bail_err;
582 if (!ret)
583 break;
584
585 (void)unconfigure_fd(fd);
586 (void)cgd_kops.ko_close(fd);
587
588 if (!loop) {
589 warnx("verification failed permanently");
590 goto bail_err;
591 }
592
593 warnx("verification failed, please reenter passphrase");
594 }
595
596 params_free(p);
597 (void)cgd_kops.ko_close(fd);
598 return 0;
599 bail_err:
600 params_free(p);
601 (void)cgd_kops.ko_close(fd);
602 return -1;
603 }
604
605 static int
606 configure_stdin(struct params *p, int argc, char **argv)
607 {
608 int fd;
609 int ret;
610 char cgdname[PATH_MAX];
611
612 if (argc < 3 || argc > 4)
613 usage();
614
615 p->algorithm = string_fromcharstar(argv[2]);
616 if (argc > 3) {
617 size_t keylen;
618
619 if (parse_size_t(argv[3], &keylen) == -1) {
620 warn("failed to parse key length");
621 return -1;
622 }
623 p->keylen = keylen;
624 }
625
626 ret = params_filldefaults(p);
627 if (ret)
628 return ret;
629
630 fd = opendisk_werror(argv[0], cgdname, sizeof(cgdname));
631 if (fd == -1)
632 return -1;
633
634 p->key = bits_fget(stdin, p->keylen);
635 if (!p->key) {
636 warnx("failed to read key from stdin");
637 return -1;
638 }
639
640 return configure_params(fd, cgdname, argv[1], p);
641 }
642
643 static int
644 opendisk_werror(const char *cgd, char *buf, size_t buflen)
645 {
646 int fd;
647
648 VPRINTF(3, ("opendisk_werror(%s, %s, %zu) called.\n", cgd, buf, buflen));
649
650 /* sanity */
651 if (!cgd || !buf)
652 return -1;
653
654 if (nflag) {
655 if (strlcpy(buf, cgd, buflen) >= buflen)
656 return -1;
657 return 0;
658 }
659
660 fd = opendisk1(cgd, O_RDWR, buf, buflen, 0, cgd_kops.ko_open);
661 if (fd == -1)
662 warnx("can't open cgd \"%s\", \"%s\"", cgd, buf);
663
664 return fd;
665 }
666
667 static int
668 configure_params(int fd, const char *cgd, const char *dev, struct params *p)
669 {
670 struct cgd_ioctl ci;
671
672 /* sanity */
673 if (!cgd || !dev)
674 return -1;
675
676 (void)memset(&ci, 0x0, sizeof(ci));
677 ci.ci_disk = dev;
678 ci.ci_alg = string_tocharstar(p->algorithm);
679 ci.ci_ivmethod = string_tocharstar(p->ivmeth);
680 ci.ci_key = bits_getbuf(p->key);
681 ci.ci_keylen = p->keylen;
682 ci.ci_blocksize = p->bsize;
683
684 VPRINTF(1, (" with alg %s keylen %zu blocksize %zu ivmethod %s\n",
685 string_tocharstar(p->algorithm), p->keylen, p->bsize,
686 string_tocharstar(p->ivmeth)));
687 VPRINTF(2, ("key: "));
688 VERBOSE(2, bits_fprint(stdout, p->key));
689 VPRINTF(2, ("\n"));
690
691 if (nflag)
692 return 0;
693
694 if (cgd_kops.ko_ioctl(fd, CGDIOCSET, &ci) == -1) {
695 int saved_errno = errno;
696 warn("ioctl");
697 return saved_errno;
698 }
699
700 return 0;
701 }
702
703 /*
704 * verify returns 0 for success, -1 for unrecoverable error, or 1 for retry.
705 */
706
707 #define SCANSIZE 8192
708
709 static int
710 verify(struct params *p, int fd)
711 {
712
713 switch (p->verify_method) {
714 case VERIFY_NONE:
715 return 0;
716 case VERIFY_DISKLABEL:
717 return verify_disklabel(fd);
718 case VERIFY_FFS:
719 return verify_ffs(fd);
720 case VERIFY_REENTER:
721 return verify_reenter(p);
722 default:
723 warnx("unimplemented verification method");
724 return -1;
725 }
726 }
727
728 static int
729 verify_disklabel(int fd)
730 {
731 struct disklabel l;
732 ssize_t ret;
733 char buf[SCANSIZE];
734
735 /*
736 * we simply scan the first few blocks for a disklabel, ignoring
737 * any MBR/filecore sorts of logic. MSDOS and RiscOS can't read
738 * a cgd, anyway, so it is unlikely that there will be non-native
739 * partition information.
740 */
741
742 ret = cgd_kops.ko_pread(fd, buf, 8192, 0);
743 if (ret < 0) {
744 warn("can't read disklabel area");
745 return -1;
746 }
747
748 /* now scan for the disklabel */
749
750 return disklabel_scan(&l, buf, (size_t)ret);
751 }
752
753 static off_t sblock_try[] = SBLOCKSEARCH;
754
755 static int
756 verify_ffs(int fd)
757 {
758 size_t i;
759
760 for (i = 0; sblock_try[i] != -1; i++) {
761 union {
762 char buf[SBLOCKSIZE];
763 struct fs fs;
764 } u;
765 ssize_t ret;
766
767 ret = cgd_kops.ko_pread(fd, &u, sizeof(u), sblock_try[i]);
768 if (ret < 0) {
769 warn("pread");
770 break;
771 } else if ((size_t)ret < sizeof(u)) {
772 warnx("pread: incomplete block");
773 break;
774 }
775 switch (u.fs.fs_magic) {
776 case FS_UFS1_MAGIC:
777 case FS_UFS2_MAGIC:
778 case FS_UFS1_MAGIC_SWAPPED:
779 case FS_UFS2_MAGIC_SWAPPED:
780 return 0;
781 default:
782 continue;
783 }
784 }
785
786 return 1; /* failure */
787 }
788
789 static int
790 verify_reenter(struct params *p)
791 {
792 struct keygen *kg;
793 bits_t *orig_key, *key;
794 int ret;
795
796 ret = 0;
797 for (kg = p->keygen; kg && !ret; kg = kg->next) {
798 if ((kg->kg_method != KEYGEN_PKCS5_PBKDF2_SHA1) &&
799 (kg->kg_method != KEYGEN_PKCS5_PBKDF2_OLD ))
800 continue;
801
802 orig_key = kg->kg_key;
803 kg->kg_key = NULL;
804
805 /* add a compat flag till the _OLD method goes away */
806 key = getkey_pkcs5_pbkdf2("re-enter device", kg,
807 bits_len(orig_key), kg->kg_method == KEYGEN_PKCS5_PBKDF2_OLD);
808 ret = !bits_match(key, orig_key);
809
810 bits_free(key);
811 bits_free(kg->kg_key);
812 kg->kg_key = orig_key;
813 }
814
815 return ret;
816 }
817
818 static int
819 generate(struct params *p, int argc, char **argv, const char *outfile)
820 {
821 int ret;
822
823 if (argc < 1 || argc > 2)
824 usage();
825
826 p->algorithm = string_fromcharstar(argv[0]);
827 if (argc > 1) {
828 size_t keylen;
829
830 if (parse_size_t(argv[1], &keylen) == -1) {
831 warn("Failed to parse key length");
832 return -1;
833 }
834 p->keylen = keylen;
835 }
836
837 ret = params_filldefaults(p);
838 if (ret)
839 return ret;
840
841 if (!p->keygen) {
842 p->keygen = keygen_generate(KEYGEN_PKCS5_PBKDF2_SHA1);
843 if (!p->keygen)
844 return -1;
845 }
846
847 if (keygen_filldefaults(p->keygen, p->keylen)) {
848 warnx("Failed to generate defaults for keygen");
849 return -1;
850 }
851
852 if (!params_verify(p)) {
853 warnx("invalid parameters generated");
854 return -1;
855 }
856
857 return params_cput(p, outfile);
858 }
859
860 static int
861 generate_convert(struct params *p, int argc, char **argv, const char *outfile)
862 {
863 struct params *oldp;
864 struct keygen *kg;
865
866 if (argc != 1)
867 usage();
868
869 oldp = params_cget(*argv);
870 if (!oldp)
871 return -1;
872
873 /* for sanity, we ensure that none of the keygens are randomkey */
874 for (kg=p->keygen; kg; kg=kg->next)
875 if (kg->kg_method == KEYGEN_RANDOMKEY)
876 goto bail;
877 for (kg=oldp->keygen; kg; kg=kg->next)
878 if (kg->kg_method == KEYGEN_RANDOMKEY)
879 goto bail;
880
881 if (!params_verify(oldp)) {
882 warnx("invalid old parameters file \"%s\"", *argv);
883 return -1;
884 }
885
886 oldp->key = getkey("old file", oldp->keygen, oldp->keylen);
887
888 /* we copy across the non-keygen info, here. */
889
890 string_free(p->algorithm);
891 string_free(p->ivmeth);
892
893 p->algorithm = string_dup(oldp->algorithm);
894 p->ivmeth = string_dup(oldp->ivmeth);
895 p->keylen = oldp->keylen;
896 p->bsize = oldp->bsize;
897 if (p->verify_method == VERIFY_UNKNOWN)
898 p->verify_method = oldp->verify_method;
899
900 params_free(oldp);
901
902 if (!p->keygen) {
903 p->keygen = keygen_generate(KEYGEN_PKCS5_PBKDF2_SHA1);
904 if (!p->keygen)
905 return -1;
906 }
907 (void)params_filldefaults(p);
908 (void)keygen_filldefaults(p->keygen, p->keylen);
909 p->key = getkey("new file", p->keygen, p->keylen);
910
911 kg = keygen_generate(KEYGEN_STOREDKEY);
912 kg->kg_key = bits_xor(p->key, oldp->key);
913 keygen_addlist(&p->keygen, kg);
914
915 if (!params_verify(p)) {
916 warnx("can't generate new parameters file");
917 return -1;
918 }
919
920 return params_cput(p, outfile);
921 bail:
922 params_free(oldp);
923 return -1;
924 }
925
926 static int
927 /*ARGSUSED*/
928 do_all(const char *cfile, int argc, char **argv,
929 int (*conf)(int, char **, struct params *, int))
930 {
931 FILE *f;
932 size_t len;
933 size_t lineno;
934 int my_argc;
935 int ret;
936 const char *fn;
937 char *line;
938 char **my_argv;
939
940 if (argc > 0)
941 usage();
942
943 if (!cfile[0])
944 fn = CGDCONFIG_CFILE;
945 else
946 fn = cfile;
947
948 f = fopen(fn, "r");
949 if (!f) {
950 warn("could not open config file \"%s\"", fn);
951 return -1;
952 }
953
954 ret = chdir(CGDCONFIG_DIR);
955 if (ret == -1)
956 warn("could not chdir to %s", CGDCONFIG_DIR);
957
958 ret = 0;
959 lineno = 0;
960 for (;;) {
961 line = fparseln(f, &len, &lineno, "\\\\#", FPARSELN_UNESCALL);
962 if (!line)
963 break;
964 if (!*line)
965 continue;
966
967 my_argv = words(line, &my_argc);
968 ret = conf(my_argc, my_argv, NULL, CONFIG_FLAGS_FROMALL);
969 if (ret) {
970 warnx("action failed on \"%s\" line %lu", fn,
971 (u_long)lineno);
972 break;
973 }
974 words_free(my_argv, my_argc);
975 }
976 return ret;
977 }
978
979 static void
980 eliminate_cores(void)
981 {
982 struct rlimit rlp;
983
984 rlp.rlim_cur = 0;
985 rlp.rlim_max = 0;
986 if (setrlimit(RLIMIT_CORE, &rlp) == -1)
987 err(EXIT_FAILURE, "Can't disable cores");
988 }
NetBSD on the FriendlyARM MINI2440