"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/utils_password.c" between
cryptsetup-2.3.6.tar.xz and cryptsetup-2.4.0.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

utils_password.c  (cryptsetup-2.3.6.tar.xz):utils_password.c  (cryptsetup-2.4.0.tar.xz)
skipping to change at line 25 skipping to change at line 25
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#include "cryptsetup.h" #include "cryptsetup.h"
#include <termios.h> #include <termios.h>
int opt_force_password = 0;
#if defined ENABLE_PWQUALITY #if defined ENABLE_PWQUALITY
#include <pwquality.h> #include <pwquality.h>
static int tools_check_pwquality(const char *password) static int tools_check_pwquality(const char *password)
{ {
int r; int r;
void *auxerror; void *auxerror;
pwquality_settings_t *pwq; pwquality_settings_t *pwq;
log_dbg("Checking new password using default pwquality settings."); log_dbg("Checking new password using default pwquality settings.");
skipping to change at line 184 skipping to change at line 182
/* Read and write to /dev/tty if available */ /* Read and write to /dev/tty if available */
infd = open("/dev/tty", O_RDWR); infd = open("/dev/tty", O_RDWR);
if (infd == -1) { if (infd == -1) {
infd = STDIN_FILENO; infd = STDIN_FILENO;
outfd = STDERR_FILENO; outfd = STDERR_FILENO;
} else } else
outfd = infd; outfd = infd;
if (tcgetattr(infd, &orig)) if (tcgetattr(infd, &orig))
goto out_err; goto out;
memcpy(&tmp, &orig, sizeof(tmp)); memcpy(&tmp, &orig, sizeof(tmp));
tmp.c_lflag &= ~ECHO; tmp.c_lflag &= ~ECHO;
if (prompt && write(outfd, prompt, strlen(prompt)) < 0) if (prompt && write(outfd, prompt, strlen(prompt)) < 0)
goto out_err; goto out;
tcsetattr(infd, TCSAFLUSH, &tmp); tcsetattr(infd, TCSAFLUSH, &tmp);
if (timeout) if (timeout)
failed = timed_read(infd, pass, maxlen, timeout); failed = timed_read(infd, pass, maxlen, timeout);
else else
failed = untimed_read(infd, pass, maxlen); failed = untimed_read(infd, pass, maxlen);
tcsetattr(infd, TCSAFLUSH, &orig); tcsetattr(infd, TCSAFLUSH, &orig);
out:
out_err:
if (!failed && write(outfd, "\n", 1)) {}; if (!failed && write(outfd, "\n", 1)) {};
if (infd != STDIN_FILENO) if (infd != STDIN_FILENO)
close(infd); close(infd);
return failed; return failed;
} }
static int crypt_get_key_tty(const char *prompt, static int crypt_get_key_tty(const char *prompt,
char **key, size_t *key_size, char **key, size_t *key_size,
int timeout, int verify, int timeout, int verify)
struct crypt_device *cd)
{ {
int key_size_max = DEFAULT_PASSPHRASE_SIZE_MAX; int key_size_max = DEFAULT_PASSPHRASE_SIZE_MAX;
int r = -EINVAL; int r = -EINVAL;
char *pass = NULL, *pass_verify = NULL; char *pass = NULL, *pass_verify = NULL;
*key = NULL; *key = NULL;
*key_size = 0; *key_size = 0;
log_dbg("Interactive passphrase entry requested."); log_dbg("Interactive passphrase entry requested.");
pass = crypt_safe_alloc(key_size_max + 1); pass = crypt_safe_alloc(key_size_max + 1);
if (!pass) { if (!pass) {
log_err( _("Out of memory while reading passphrase.")); log_err( _("Out of memory while reading passphrase."));
return -ENOMEM; return -ENOMEM;
} }
if (interactive_pass(prompt, pass, key_size_max, timeout)) { if (interactive_pass(prompt, pass, key_size_max, timeout)) {
log_err(_("Error reading passphrase from terminal.")); log_err(_("Error reading passphrase from terminal."));
goto out_err; goto out;
} }
if (verify) { if (verify) {
pass_verify = crypt_safe_alloc(key_size_max + 1); pass_verify = crypt_safe_alloc(key_size_max + 1);
if (!pass_verify) { if (!pass_verify) {
log_err(_("Out of memory while reading passphrase.")); log_err(_("Out of memory while reading passphrase."));
r = -ENOMEM; r = -ENOMEM;
goto out_err; goto out;
} }
if (interactive_pass(_("Verify passphrase: "), if (interactive_pass(_("Verify passphrase: "),
pass_verify, key_size_max, timeout)) { pass_verify, key_size_max, timeout)) {
log_err(_("Error reading passphrase from terminal.")); log_err(_("Error reading passphrase from terminal."));
goto out_err; goto out;
} }
if (strncmp(pass, pass_verify, key_size_max)) { if (strncmp(pass, pass_verify, key_size_max)) {
log_err(_("Passphrases do not match.")); log_err(_("Passphrases do not match."));
r = -EPERM; r = -EPERM;
goto out_err; goto out;
} }
} }
*key = pass; *key = pass;
*key_size = strlen(pass); *key_size = strlen(pass);
r = 0; r = 0;
out_err: out:
crypt_safe_free(pass_verify); crypt_safe_free(pass_verify);
if (r) if (r)
crypt_safe_free(pass); crypt_safe_free(pass);
return r; return r;
} }
/* /*
* Note: --key-file=- is interpreted as a read from a binary file (stdin) * Note: --key-file=- is interpreted as a read from a binary file (stdin)
* key_size_max == 0 means detect maximum according to input type (tty/file) * key_size_max == 0 means detect maximum according to input type (tty/file)
*/ */
skipping to change at line 293 skipping to change at line 289
if (keyfile_offset) { if (keyfile_offset) {
log_err(_("Cannot use offset with terminal input. ")); log_err(_("Cannot use offset with terminal input. "));
} else { } else {
if (!prompt && !crypt_get_device_name(cd)) if (!prompt && !crypt_get_device_name(cd))
snprintf(tmp, sizeof(tmp), _("Enter passp hrase: ")); snprintf(tmp, sizeof(tmp), _("Enter passp hrase: "));
else if (!prompt) { else if (!prompt) {
backing_file = crypt_loop_backing_file(cr ypt_get_device_name(cd)); backing_file = crypt_loop_backing_file(cr ypt_get_device_name(cd));
snprintf(tmp, sizeof(tmp), _("Enter passp hrase for %s: "), backing_file ?: crypt_get_device_name(cd)); snprintf(tmp, sizeof(tmp), _("Enter passp hrase for %s: "), backing_file ?: crypt_get_device_name(cd));
free(backing_file); free(backing_file);
} }
r = crypt_get_key_tty(prompt ?: tmp, key, key_siz e, timeout, verify, cd); r = crypt_get_key_tty(prompt ?: tmp, key, key_siz e, timeout, verify);
} }
} else { } else {
log_dbg("STDIN descriptor passphrase entry requested."); log_dbg("STDIN descriptor passphrase entry requested.");
/* No keyfile means STDIN with EOL handling (\n will end input)). */ /* No keyfile means STDIN with EOL handling (\n will end input)). */
r = crypt_keyfile_device_read(cd, NULL, key, key_size, r = crypt_keyfile_device_read(cd, NULL, key, key_size,
keyfile_offset, keyfile_size_max, keyfile_offset, keyfile_size_max,
key_file ? 0 : CRYPT_KEYFILE_STOP_EOL); key_file ? 0 : CRYPT_KEYFILE_STOP_EOL);
} }
} else { } else {
log_dbg("File descriptor passphrase entry requested."); log_dbg("File descriptor passphrase entry requested.");
r = crypt_keyfile_device_read(cd, key_file, key, key_size, r = crypt_keyfile_device_read(cd, key_file, key, key_size,
keyfile_offset, keyfile_size_max, 0 ); keyfile_offset, keyfile_size_max, 0 );
} }
if (block && !quit) if (block && !quit)
set_int_block(1); set_int_block(1);
/* Check pwquality for password (not keyfile) */ /* Check pwquality for password (not keyfile) */
if (pwquality && !opt_force_password && !key_file && !r) if (pwquality && !key_file && !r)
r = tools_check_password(*key); r = tools_check_password(*key);
return r; return r;
} }
void tools_passphrase_msg(int r) void tools_passphrase_msg(int r)
{ {
if (r == -EPERM) if (r == -EPERM)
log_err(_("No key available with this passphrase.")); log_err(_("No key available with this passphrase."));
else if (r == -ENOENT) else if (r == -ENOENT)
log_err(_("No usable keyslot is available.")); log_err(_("No usable keyslot is available."));
} }
int tools_read_mk(const char *file, char **key, int keysize) int tools_read_mk(const char *file, char **key, int keysize)
{ {
int fd; int fd = -1, r = -EINVAL;
if (keysize <= 0 || !key) if (keysize <= 0 || !key)
return -EINVAL; return -EINVAL;
*key = crypt_safe_alloc(keysize); *key = crypt_safe_alloc(keysize);
if (!*key) if (!*key)
return -ENOMEM; return -ENOMEM;
fd = open(file, O_RDONLY); fd = open(file, O_RDONLY);
if (fd == -1) { if (fd == -1) {
log_err(_("Cannot read keyfile %s."), file); log_err(_("Cannot read keyfile %s."), file);
goto fail; goto out;
} }
if (read_buffer(fd, *key, keysize) != keysize) { if (read_buffer(fd, *key, keysize) != keysize) {
log_err(_("Cannot read %d bytes from keyfile %s."), keysize, file ); log_err(_("Cannot read %d bytes from keyfile %s."), keysize, file );
goto out;
}
r = 0;
out:
if (fd != -1)
close(fd); close(fd);
goto fail;
if (r) {
crypt_safe_free(*key);
*key = NULL;
} }
close(fd);
return 0; return r;
fail:
crypt_safe_free(*key);
*key = NULL;
return -EINVAL;
} }
int tools_write_mk(const char *file, const char *key, int keysize) int tools_write_mk(const char *file, const char *key, int keysize)
{ {
int fd, r = -EINVAL; int fd, r = -EINVAL;
if (keysize <= 0 || !key) if (keysize <= 0 || !key)
return -EINVAL; return -EINVAL;
fd = open(file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR); fd = open(file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR);
 End of changes. 17 change blocks. 
24 lines changed or deleted 24 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)