cgdconfig.c revision 1.11
1 /* $NetBSD: cgdconfig.c,v 1.11 2004/08/10 02:29:34 rumble Exp $ */ 2 3 /*- 4 * Copyright (c) 2002, 2003 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Roland C. Dowdeswell. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed by the NetBSD 21 * Foundation, Inc. and its contributors. 22 * 4. Neither the name of The NetBSD Foundation nor the names of its 23 * contributors may be used to endorse or promote products derived 24 * from this software without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 27 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 28 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 29 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 30 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 36 * POSSIBILITY OF SUCH DAMAGE. 37 */ 38 39 #include <sys/cdefs.h> 40 #ifndef lint 41 __COPYRIGHT( 42 "@(#) Copyright (c) 2002, 2003\ 43 The NetBSD Foundation, Inc. All rights reserved."); 44 __RCSID("$NetBSD: cgdconfig.c,v 1.11 2004/08/10 02:29:34 rumble Exp $"); 45 #endif 46 47 #include <err.h> 48 #include <errno.h> 49 #include <fcntl.h> 50 #include <libgen.h> 51 #include <stdio.h> 52 #include <stdlib.h> 53 #include <string.h> 54 #include <unistd.h> 55 #include <util.h> 56 57 #include <sys/ioctl.h> 58 #include <sys/disklabel.h> 59 #include <sys/param.h> 60 61 #include <dev/cgdvar.h> 62 63 #include <ufs/ffs/fs.h> 64 65 #include "params.h" 66 #include "pkcs5_pbkdf2.h" 67 #include "utils.h" 68 69 #define CGDCONFIG_DIR "/etc/cgd" 70 #define CGDCONFIG_CFILE CGDCONFIG_DIR "/cgd.conf" 71 72 #define ACTION_CONFIGURE 0x1 /* configure, with paramsfile */ 73 #define ACTION_UNCONFIGURE 0x2 /* unconfigure */ 74 #define ACTION_GENERATE 0x3 /* generate a paramsfile */ 75 #define ACTION_GENERATE_CONVERT 0x4 /* generate a ``dup'' paramsfile */ 76 #define ACTION_CONFIGALL 0x5 /* configure all from config file */ 77 #define ACTION_UNCONFIGALL 0x6 /* unconfigure all from config file */ 78 #define ACTION_CONFIGSTDIN 0x7 /* configure, key from stdin */ 79 80 /* if nflag is set, do not configure/unconfigure the cgd's */ 81 82 int nflag = 0; 83 84 static int configure(int, char **, struct params *, int); 85 static int configure_stdin(struct params *, int argc, char **); 86 static int generate(struct params *, int, char **, const char *); 87 static int generate_convert(struct params *, int, char **, const char *); 88 static int unconfigure(int, char **, struct params *, int); 89 static int do_all(const char *, int, char **, 90 int (*)(int, char **, struct params *, int)); 91 92 #define CONFIG_FLAGS_FROMALL 1 /* called from configure_all() */ 93 #define CONFIG_FLAGS_FROMMAIN 2 /* called from main() */ 94 95 static int configure_params(int, const char *, const char *, 96 struct params *); 97 static bits_t *getkey(const char *, struct keygen *, int); 98 static bits_t *getkey_storedkey(const char *, struct keygen *, int); 99 static bits_t *getkey_randomkey(const char *, struct keygen *, int); 100 static bits_t *getkey_pkcs5_pbkdf2(const char *, struct keygen *, int, int); 101 static int opendisk_werror(const char *, char *, int); 102 static int unconfigure_fd(int); 103 static int verify(struct params *, int); 104 static int verify_disklabel(int); 105 static int verify_ffs(int); 106 static int verify_reenter(struct params *); 107 108 static void usage(void); 109 110 /* Verbose Framework */ 111 int verbose = 0; 112 113 #define VERBOSE(x,y) if (verbose >= x) y 114 #define VPRINTF(x,y) if (verbose >= x) printf y 115 116 static void 117 usage(void) 118 { 119 120 fprintf(stderr, "usage: %s [-nv] [-V vmeth] cgd dev [paramsfile]\n", 121 getprogname()); 122 fprintf(stderr, " %s -C [-nv] [-f configfile]\n", getprogname()); 123 fprintf(stderr, " %s -U [-nv] [-f configfile]\n", getprogname()); 124 fprintf(stderr, " %s -G [-nv] [-i ivmeth] [-k kgmeth] " 125 "[-o outfile] paramsfile\n", getprogname()); 126 fprintf(stderr, " %s -g [-nv] [-i ivmeth] [-k kgmeth] " 127 "[-o outfile] alg [keylen]\n", getprogname()); 128 fprintf(stderr, " %s -s [-nv] [-i ivmeth] cgd dev alg " 129 "[keylen]\n", getprogname()); 130 fprintf(stderr, " %s -u [-nv] cgd\n", getprogname()); 131 exit(1); 132 } 133 134 int 135 main(int argc, char **argv) 136 { 137 struct params *p; 138 struct params *tp; 139 struct keygen *kg; 140 int action = ACTION_CONFIGURE; 141 int actions = 0; 142 int ch; 143 char cfile[FILENAME_MAX] = ""; 144 char outfile[FILENAME_MAX] = ""; 145 146 setprogname(*argv); 147 p = params_new(); 148 kg = NULL; 149 150 while ((ch = getopt(argc, argv, "CGUV:b:f:gi:k:no:usv")) != -1) 151 switch (ch) { 152 case 'C': 153 action = ACTION_CONFIGALL; 154 actions++; 155 break; 156 case 'G': 157 action = ACTION_GENERATE_CONVERT; 158 actions++; 159 break; 160 case 'U': 161 action = ACTION_UNCONFIGALL; 162 actions++; 163 break; 164 case 'V': 165 tp = params_verify_method(string_fromcharstar(optarg)); 166 if (!tp) 167 usage(); 168 p = params_combine(p, tp); 169 break; 170 case 'b': 171 tp = params_bsize(atoi(optarg)); 172 if (!tp) 173 usage(); 174 p = params_combine(p, tp); 175 break; 176 case 'f': 177 strlcpy(cfile, optarg, sizeof(cfile)); 178 break; 179 case 'g': 180 action = ACTION_GENERATE; 181 actions++; 182 break; 183 case 'i': 184 tp = params_ivmeth(string_fromcharstar(optarg)); 185 p = params_combine(p, tp); 186 break; 187 case 'k': 188 kg = keygen_method(string_fromcharstar(optarg)); 189 if (!kg) 190 usage(); 191 keygen_addlist(&p->keygen, kg); 192 break; 193 case 'n': 194 nflag = 1; 195 break; 196 case 'o': 197 strlcpy(outfile, optarg, sizeof(outfile)); 198 break; 199 case 's': 200 action = ACTION_CONFIGSTDIN; 201 actions++; 202 break; 203 204 case 'u': 205 action = ACTION_UNCONFIGURE; 206 actions++; 207 break; 208 case 'v': 209 verbose++; 210 break; 211 default: 212 usage(); 213 /* NOTREACHED */ 214 } 215 216 argc -= optind; 217 argv += optind; 218 219 /* validate the consistency of the arguments */ 220 221 if (actions > 1) 222 usage(); 223 224 switch (action) { 225 case ACTION_CONFIGURE: 226 return configure(argc, argv, p, CONFIG_FLAGS_FROMMAIN); 227 case ACTION_UNCONFIGURE: 228 return unconfigure(argc, argv, NULL, CONFIG_FLAGS_FROMMAIN); 229 case ACTION_GENERATE: 230 return generate(p, argc, argv, outfile); 231 case ACTION_GENERATE_CONVERT: 232 return generate_convert(p, argc, argv, outfile); 233 case ACTION_CONFIGALL: 234 return do_all(cfile, argc, argv, configure); 235 case ACTION_UNCONFIGALL: 236 return do_all(cfile, argc, argv, unconfigure); 237 case ACTION_CONFIGSTDIN: 238 return configure_stdin(p, argc, argv); 239 default: 240 errx(EXIT_FAILURE, "undefined action"); 241 } 242 /* NOTREACHED */ 243 } 244 245 static bits_t * 246 getkey(const char *dev, struct keygen *kg, int len) 247 { 248 bits_t *ret = NULL; 249 bits_t *tmp; 250 251 VPRINTF(3, ("getkey(\"%s\", %p, %d) called\n", dev, kg, len)); 252 for (; kg; kg=kg->next) { 253 switch (kg->kg_method) { 254 case KEYGEN_STOREDKEY: 255 tmp = getkey_storedkey(dev, kg, len); 256 break; 257 case KEYGEN_RANDOMKEY: 258 tmp = getkey_randomkey(dev, kg, len); 259 break; 260 case KEYGEN_PKCS5_PBKDF2_SHA1: 261 tmp = getkey_pkcs5_pbkdf2(dev, kg, len, 0); 262 break; 263 /* provide backwards compatibility for old config files */ 264 case KEYGEN_PKCS5_PBKDF2_OLD: 265 tmp = getkey_pkcs5_pbkdf2(dev, kg, len, 1); 266 break; 267 default: 268 warnx("unrecognised keygen method %d in getkey()", 269 kg->kg_method); 270 if (ret) 271 bits_free(ret); 272 return NULL; 273 } 274 275 if (!tmp) { 276 warnx("keygen method %d failed in getkey()", 277 kg->kg_method); 278 if (ret) 279 bits_free(ret); 280 return NULL; 281 } 282 283 if (ret) 284 ret = bits_xor_d(tmp, ret); 285 else 286 ret = tmp; 287 } 288 289 return ret; 290 } 291 292 /*ARGSUSED*/ 293 static bits_t * 294 getkey_storedkey(const char *target, struct keygen *kg, int keylen) 295 { 296 297 return bits_dup(kg->kg_key); 298 } 299 300 /*ARGSUSED*/ 301 static bits_t * 302 getkey_randomkey(const char *target, struct keygen *kg, int keylen) 303 { 304 305 return bits_getrandombits(keylen); 306 } 307 308 /*ARGSUSED*/ 309 /* 310 * XXX take, and pass through, a compat flag that indicates whether we 311 * provide backwards compatibility with a previous bug. The previous 312 * behaviour is indicated by the keygen method pkcs5_pbkdf2, and a 313 * non-zero compat flag. The new default, and correct keygen method is 314 * called pcks5_pbkdf2/sha1. When the old method is removed, so will 315 * be the compat argument. 316 */ 317 static bits_t * 318 getkey_pkcs5_pbkdf2(const char *target, struct keygen *kg, int keylen, int compat) 319 { 320 bits_t *ret; 321 char *passp; 322 char buf[1024]; 323 u_int8_t *tmp; 324 325 snprintf(buf, sizeof(buf), "%s's passphrase:", target); 326 passp = getpass(buf); 327 if (pkcs5_pbkdf2(&tmp, BITS2BYTES(keylen), passp, strlen(passp), 328 bits_getbuf(kg->kg_salt), BITS2BYTES(bits_len(kg->kg_salt)), 329 kg->kg_iterations, compat)) { 330 warnx("failed to generate PKCS#5 PBKDF2 key"); 331 return NULL; 332 } 333 334 ret = bits_new(tmp, keylen); 335 kg->kg_key = bits_dup(ret); 336 free(tmp); 337 return ret; 338 } 339 340 /*ARGSUSED*/ 341 static int 342 unconfigure(int argc, char **argv, struct params *inparams, int flags) 343 { 344 int fd; 345 int ret; 346 char buf[MAXPATHLEN] = ""; 347 348 /* only complain about additional arguments, if called from main() */ 349 if (flags == CONFIG_FLAGS_FROMMAIN && argc != 1) 350 usage(); 351 352 /* if called from do_all(), then ensure that 2 or 3 args exist */ 353 if (flags == CONFIG_FLAGS_FROMALL && (argc < 2 || argc > 3)) 354 return -1; 355 356 fd = opendisk(*argv, O_RDWR, buf, sizeof(buf), 1); 357 if (fd == -1) { 358 warn("can't open cgd \"%s\", \"%s\"", *argv, buf); 359 360 /* this isn't fatal with nflag != 0 */ 361 if (!nflag) 362 return errno; 363 } 364 365 VPRINTF(1, ("%s (%s): clearing\n", *argv, buf)); 366 367 if (nflag) 368 return 0; 369 370 ret = unconfigure_fd(fd); 371 close(fd); 372 return ret; 373 } 374 375 static int 376 unconfigure_fd(int fd) 377 { 378 struct cgd_ioctl ci; 379 int ret; 380 381 ret = ioctl(fd, CGDIOCCLR, &ci); 382 if (ret == -1) { 383 perror("ioctl"); 384 return -1; 385 } 386 387 return 0; 388 } 389 390 /*ARGSUSED*/ 391 static int 392 configure(int argc, char **argv, struct params *inparams, int flags) 393 { 394 struct params *p; 395 int fd; 396 int ret; 397 char pfile[FILENAME_MAX]; 398 char cgdname[PATH_MAX]; 399 400 switch (argc) { 401 case 2: 402 strlcpy(pfile, CGDCONFIG_DIR, FILENAME_MAX); 403 strlcat(pfile, "/", FILENAME_MAX); 404 strlcat(pfile, basename(argv[1]), FILENAME_MAX); 405 break; 406 case 3: 407 strlcpy(pfile, argv[2], FILENAME_MAX); 408 break; 409 default: 410 /* print usage and exit, only if called from main() */ 411 if (flags == CONFIG_FLAGS_FROMMAIN) { 412 warnx("wrong number of args"); 413 usage(); 414 } 415 return -1; 416 /* NOTREACHED */ 417 } 418 419 p = params_cget(pfile); 420 if (!p) 421 return -1; 422 423 /* 424 * over-ride with command line specifications and fill in default 425 * values. 426 */ 427 428 p = params_combine(p, inparams); 429 ret = params_filldefaults(p); 430 if (ret) { 431 params_free(p); 432 return ret; 433 } 434 435 if (!params_verify(p)) { 436 warnx("params invalid"); 437 return -1; 438 } 439 440 /* 441 * loop over configuring the disk and checking to see if it 442 * verifies properly. We open and close the disk device each 443 * time, because if the user passes us the block device we 444 * need to flush the buffer cache. 445 */ 446 447 for (;;) { 448 fd = opendisk_werror(argv[0], cgdname, sizeof(cgdname)); 449 if (fd == -1) 450 return -1; 451 452 if (p->key) 453 bits_free(p->key); 454 455 p->key = getkey(argv[1], p->keygen, p->keylen); 456 if (!p->key) 457 goto bail_err; 458 459 ret = configure_params(fd, cgdname, argv[1], p); 460 if (ret) 461 goto bail_err; 462 463 ret = verify(p, fd); 464 if (ret == -1) 465 goto bail_err; 466 if (!ret) 467 break; 468 469 fprintf(stderr, "verification failed, please reenter " 470 "passphrase\n"); 471 472 unconfigure_fd(fd); 473 close(fd); 474 } 475 476 params_free(p); 477 close(fd); 478 return 0; 479 bail_err: 480 params_free(p); 481 close(fd); 482 return -1; 483 } 484 485 static int 486 configure_stdin(struct params *p, int argc, char **argv) 487 { 488 int fd; 489 int ret; 490 char cgdname[PATH_MAX]; 491 492 if (argc < 3 || argc > 4) 493 usage(); 494 495 p->algorithm = string_fromcharstar(argv[2]); 496 if (argc > 3) 497 p->keylen = atoi(argv[3]); 498 499 ret = params_filldefaults(p); 500 if (ret) 501 return ret; 502 503 fd = opendisk_werror(argv[0], cgdname, sizeof(cgdname)); 504 if (fd == -1) 505 return -1; 506 507 p->key = bits_fget(stdin, p->keylen); 508 if (!p->key) { 509 warnx("failed to read key from stdin"); 510 return -1; 511 } 512 513 return configure_params(fd, cgdname, argv[1], p); 514 } 515 516 static int 517 opendisk_werror(const char *cgd, char *buf, int buflen) 518 { 519 int fd; 520 521 VPRINTF(3, ("opendisk_werror(%s, %s, %d) called.\n", cgd, buf, buflen)); 522 523 /* sanity */ 524 if (!cgd || !buf) 525 return -1; 526 527 if (nflag) { 528 strlcpy(buf, cgd, buflen); 529 return 0; 530 } 531 532 fd = opendisk(cgd, O_RDWR, buf, buflen, 0); 533 if (fd == -1) 534 warnx("can't open cgd \"%s\", \"%s\"", cgd, buf); 535 536 return fd; 537 } 538 539 static int 540 configure_params(int fd, const char *cgd, const char *dev, struct params *p) 541 { 542 struct cgd_ioctl ci; 543 int ret; 544 545 /* sanity */ 546 if (!cgd || !dev) 547 return -1; 548 549 memset(&ci, 0x0, sizeof(ci)); 550 ci.ci_disk = (char *)dev; 551 ci.ci_alg = (char *)string_tocharstar(p->algorithm); 552 ci.ci_ivmethod = (char *)string_tocharstar(p->ivmeth); 553 ci.ci_key = (char *)bits_getbuf(p->key); 554 ci.ci_keylen = p->keylen; 555 ci.ci_blocksize = p->bsize; 556 557 VPRINTF(1, (" with alg %s keylen %d blocksize %d ivmethod %s\n", 558 string_tocharstar(p->algorithm), p->keylen, p->bsize, 559 string_tocharstar(p->ivmeth))); 560 VPRINTF(2, ("key: ")); 561 VERBOSE(2, bits_fprint(stdout, p->key)); 562 VPRINTF(2, ("\n")); 563 564 if (nflag) 565 return 0; 566 567 ret = ioctl(fd, CGDIOCSET, &ci); 568 if (ret == -1) { 569 perror("ioctl"); 570 return errno; 571 } 572 573 return 0; 574 } 575 576 /* 577 * verify returns 0 for success, -1 for unrecoverable error, or 1 for retry. 578 */ 579 580 #define SCANSIZE 8192 581 582 static int 583 verify(struct params *p, int fd) 584 { 585 586 switch (p->verify_method) { 587 case VERIFY_NONE: 588 return 0; 589 case VERIFY_DISKLABEL: 590 return verify_disklabel(fd); 591 case VERIFY_FFS: 592 return verify_ffs(fd); 593 case VERIFY_REENTER: 594 return verify_reenter(p); 595 default: 596 warnx("unimplemented verification method"); 597 return -1; 598 } 599 } 600 601 static int 602 verify_disklabel(int fd) 603 { 604 struct disklabel l; 605 int ret; 606 char buf[SCANSIZE]; 607 608 /* 609 * we simply scan the first few blocks for a disklabel, ignoring 610 * any MBR/filecore sorts of logic. MSDOS and RiscOS can't read 611 * a cgd, anyway, so it is unlikely that there will be non-native 612 * partition information. 613 */ 614 615 ret = pread(fd, buf, 8192, 0); 616 if (ret == -1) { 617 warn("can't read disklabel area"); 618 return -1; 619 } 620 621 /* now scan for the disklabel */ 622 623 return disklabel_scan(&l, buf, sizeof(buf)); 624 } 625 626 static off_t sblock_try[] = SBLOCKSEARCH; 627 628 static int 629 verify_ffs(int fd) 630 { 631 struct fs *fs; 632 int ret, i; 633 char buf[SBLOCKSIZE]; 634 635 for (i = 0; sblock_try[i] != -1; i++) { 636 ret = pread(fd, buf, sizeof(buf), sblock_try[i]); 637 if (ret == -1) { 638 warn("pread"); 639 return 0; 640 } 641 fs = (struct fs *)buf; 642 switch (fs->fs_magic) { 643 case FS_UFS1_MAGIC: 644 case FS_UFS2_MAGIC: 645 case FS_UFS1_MAGIC_SWAPPED: 646 case FS_UFS2_MAGIC_SWAPPED: 647 return 0; 648 default: 649 continue; 650 } 651 } 652 return 1; 653 } 654 655 static int 656 verify_reenter(struct params *p) 657 { 658 struct keygen *kg; 659 bits_t *orig_key, *key; 660 int ret; 661 662 ret = 0; 663 for (kg = p->keygen; kg && !ret; kg = kg->next) { 664 if ((kg->kg_method != KEYGEN_PKCS5_PBKDF2_SHA1) && 665 (kg->kg_method != KEYGEN_PKCS5_PBKDF2_OLD )) 666 continue; 667 668 orig_key = kg->kg_key; 669 kg->kg_key = NULL; 670 671 /* add a compat flag till the _OLD method goes away */ 672 key = getkey_pkcs5_pbkdf2("re-enter device", kg, 673 bits_len(orig_key), kg->kg_method == KEYGEN_PKCS5_PBKDF2_OLD); 674 ret = !bits_match(key, orig_key); 675 676 bits_free(key); 677 bits_free(kg->kg_key); 678 kg->kg_key = orig_key; 679 } 680 681 return ret; 682 } 683 684 static int 685 generate(struct params *p, int argc, char **argv, const char *outfile) 686 { 687 int ret; 688 689 if (argc < 1 || argc > 2) 690 usage(); 691 692 p->algorithm = string_fromcharstar(argv[0]); 693 if (argc > 1) 694 p->keylen = atoi(argv[1]); 695 696 ret = params_filldefaults(p); 697 if (ret) 698 return ret; 699 700 if (!p->keygen) { 701 p->keygen = keygen_generate(KEYGEN_PKCS5_PBKDF2_SHA1); 702 if (!p->keygen) 703 return -1; 704 } 705 706 if (keygen_filldefaults(p->keygen, p->keylen)) { 707 warnx("Failed to generate defaults for keygen"); 708 return -1; 709 } 710 711 if (!params_verify(p)) { 712 warnx("invalid parameters generated"); 713 return -1; 714 } 715 716 return params_cput(p, outfile); 717 } 718 719 static int 720 generate_convert(struct params *p, int argc, char **argv, const char *outfile) 721 { 722 struct params *oldp; 723 struct keygen *kg; 724 725 if (argc != 1) 726 usage(); 727 728 oldp = params_cget(*argv); 729 if (!oldp) 730 return -1; 731 732 /* for sanity, we ensure that none of the keygens are randomkey */ 733 for (kg=p->keygen; kg; kg=kg->next) 734 if (kg->kg_method == KEYGEN_RANDOMKEY) 735 goto bail; 736 for (kg=oldp->keygen; kg; kg=kg->next) 737 if (kg->kg_method == KEYGEN_RANDOMKEY) 738 goto bail; 739 740 if (!params_verify(oldp)) { 741 warnx("invalid old parameters file \"%s\"", *argv); 742 return -1; 743 } 744 745 oldp->key = getkey("old file", oldp->keygen, oldp->keylen); 746 if (!oldp->key) 747 goto bail; 748 749 /* we copy across the non-keygen info, here. */ 750 751 string_free(p->algorithm); 752 string_free(p->ivmeth); 753 754 p->algorithm = string_dup(oldp->algorithm); 755 p->ivmeth = string_dup(oldp->ivmeth); 756 p->keylen = oldp->keylen; 757 p->bsize = oldp->bsize; 758 if (p->verify_method == VERIFY_UNKNOWN) 759 p->verify_method = oldp->verify_method; 760 761 params_free(oldp); 762 763 if (!p->keygen) { 764 p->keygen = keygen_generate(KEYGEN_PKCS5_PBKDF2_SHA1); 765 if (!p->keygen) 766 return -1; 767 } 768 params_filldefaults(p); 769 keygen_filldefaults(p->keygen, p->keylen); 770 p->key = getkey("new file", p->keygen, p->keylen); 771 772 kg = keygen_generate(KEYGEN_STOREDKEY); 773 kg->kg_key = bits_xor(p->key, oldp->key); 774 keygen_addlist(&p->keygen, kg); 775 776 if (!params_verify(p)) { 777 warnx("can't generate new parameters file"); 778 return -1; 779 } 780 781 return params_cput(p, outfile); 782 bail: 783 params_free(oldp); 784 return -1; 785 } 786 787 static int 788 do_all(const char *cfile, int argc, char **argv, 789 int (*conf)(int, char **, struct params *, int)) 790 { 791 FILE *f; 792 size_t len; 793 size_t lineno; 794 int my_argc; 795 int ret; 796 const char *fn; 797 char *line; 798 char **my_argv; 799 800 if (argc > 0) 801 usage(); 802 803 if (!cfile[0]) 804 fn = CGDCONFIG_CFILE; 805 else 806 fn = cfile; 807 808 f = fopen(fn, "r"); 809 if (!f) { 810 warn("could not open config file \"%s\"", fn); 811 return -1; 812 } 813 814 ret = chdir(CGDCONFIG_DIR); 815 if (ret == -1) 816 warn("could not chdir to %s", CGDCONFIG_DIR); 817 818 ret = 0; 819 lineno = 0; 820 for (;;) { 821 line = fparseln(f, &len, &lineno, "\\\\#", FPARSELN_UNESCALL); 822 if (!line) 823 break; 824 if (!*line) 825 continue; 826 827 my_argv = words(line, &my_argc); 828 ret = conf(my_argc, my_argv, NULL, CONFIG_FLAGS_FROMALL); 829 if (ret) { 830 warnx("action failed on \"%s\" line %lu", fn, 831 (u_long)lineno); 832 break; 833 } 834 words_free(my_argv, my_argc); 835 } 836 return ret; 837 } 838
Indexes created Fri Oct 31 11:10:07 GMT 2025