Module Name: src Committed By: martin Date: Tue Jul 31 16:01:12 UTC 2018
Modified Files: src/sbin/cgdconfig [netbsd-8]: cgdconfig.8 cgdconfig.c Log Message: Pull up following revision(s) (requested by kre in ticket #946): sbin/cgdconfig/cgdconfig.c: revision 1.42 sbin/cgdconfig/cgdconfig.c: revision 1.43 sbin/cgdconfig/cgdconfig.c: revision 1.44 sbin/cgdconfig/cgdconfig.c: revision 1.45 sbin/cgdconfig/cgdconfig.8: revision 1.37 sbin/cgdconfig/cgdconfig.8: revision 1.38 Check whether the cgd device selected is available to be configured,that is, not already in use, before requesting passwords from the user (or elsewhere). Fix usage for rump. Fixes test breakage caused by previous commit. Check arg count in configure() at entry, rather than later. This avoids the stupid null deref I added a couple of commits ago (on bad usage) and also simplifies the rest of the routine which no longer needs to check the arg count nearly as much. Thanks to Alexander Nasonov for finding the null deref bug. Fix missing -p in usage message (noted by Christoph Badura, thanks), and update -l usage as well. While here fix man page synopses and a few other odds and ends. Add commas in enumeration. To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.36.6.1 src/sbin/cgdconfig/cgdconfig.8 cvs rdiff -u -r1.41 -r1.41.6.1 src/sbin/cgdconfig/cgdconfig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.36 src/sbin/cgdconfig/cgdconfig.8:1.36.6.1 --- src/sbin/cgdconfig/cgdconfig.8:1.36 Sun Sep 11 01:09:34 2016 +++ src/sbin/cgdconfig/cgdconfig.8 Tue Jul 31 16:01:12 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.36 2016/09/11 01:09:34 sevan Exp $ +.\" $NetBSD: cgdconfig.8,v 1.36.6.1 2018/07/31 16:01:12 martin Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd September 11, 2016 +.Dd May 9, 2018 .Dt CGDCONFIG 8 .Os .Sh NAME @@ -41,11 +41,11 @@ .Op Ar paramsfile .Nm .Fl C -.Op Fl nv +.Op Fl npv .Op Fl f Ar configfile .Nm .Fl G -.Op Fl nv +.Op Fl npv .Op Fl i Ar ivmeth .Op Fl k Ar kgmeth .Op Fl o Ar outfile @@ -60,7 +60,8 @@ .Op Ar keylen .Nm .Fl l -.Op Fl cgd +.Op Fl v Ns Op Cm v +.Op Ar cgd .Nm .Fl s .Op Fl nv @@ -96,7 +97,7 @@ configuration file Generate a new paramsfile (to stdout) using the values from .Ar paramsfile which will generate the same key. -This may need to prompt for multiple passphrases. +This may need to obtain multiple passphrases. .It Fl g Generate a paramsfile (to stdout). .It Fl i Ar ivmeth @@ -116,6 +117,9 @@ When generating a .Ar paramsfile , store it in .Ar outfile . +If +.Fl o +is not given, any paramsfile content is written to standard output. .It Fl p Read all passphrases from stdin rather than .Pa /dev/tty . @@ -126,7 +130,7 @@ If this flag is specified then verificat in question to be unconfigured rather than prompting for the passphrase again. .It Fl s -Read the key from stdin. +Read the key (nb: not the passphrase) from stdin. .It Fl U Unconfigure all the devices listed in the cgd configuration file. .It Fl u @@ -421,7 +425,7 @@ And use the entered passphrase to genera .Pp Although not required, the partition type .Ar cgd -should be used in the disklabel for the cgd partition. +should be used in the disklabel or GPT type field for the cgd partition. .Sh DIAGNOSTICS .Bl -diag .It "cgdconfig: could not calibrate pkcs5_pbkdf2" @@ -431,7 +435,9 @@ Ensure that the processor clock frequenc program's execution. .El .Sh SEE ALSO -.Xr cgd 4 +.Xr cgd 4 , +.Xr disklabel 8 , +.Xr gpt 8 .Pp .Dq PKCS #5 v2.0: Password-Based Cryptography Standard , RSA Laboratories, March 25, 1999. @@ -443,6 +449,12 @@ utility appeared in .Sh BUGS Since .Nm +without +.Fl p uses .Xr getpass 3 -to read in the passphrase, it is limited to 128 characters. +to read in the passphrase, +it is limited to sysconf(_SC_PASS_MAX) (128) characters. +With +.Fl p +the limit is 1023 characters. Index: src/sbin/cgdconfig/cgdconfig.c diff -u src/sbin/cgdconfig/cgdconfig.c:1.41 src/sbin/cgdconfig/cgdconfig.c:1.41.6.1 --- src/sbin/cgdconfig/cgdconfig.c:1.41 Tue Jan 10 20:45:19 2017 +++ src/sbin/cgdconfig/cgdconfig.c Tue Jul 31 16:01:12 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: cgdconfig.c,v 1.41 2017/01/10 20:45:19 christos Exp $ */ +/* $NetBSD: cgdconfig.c,v 1.41.6.1 2018/07/31 16:01:12 martin Exp $ */ /*- * Copyright (c) 2002, 2003 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ #ifndef lint __COPYRIGHT("@(#) Copyright (c) 2002, 2003\ The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: cgdconfig.c,v 1.41 2017/01/10 20:45:19 christos Exp $"); +__RCSID("$NetBSD: cgdconfig.c,v 1.41.6.1 2018/07/31 16:01:12 martin Exp $"); #endif #include <err.h> @@ -136,17 +136,19 @@ static void usage(void) { - (void)fprintf(stderr, "usage: %s [-nv] [-V vmeth] cgd dev [paramsfile]\n", + (void)fprintf(stderr, "usage: %s [-npv] [-V vmeth] cgd dev " + "[paramsfile]\n", getprogname()); + (void)fprintf(stderr, " %s -C [-npv] [-f configfile]\n", getprogname()); - (void)fprintf(stderr, " %s -C [-nv] [-f configfile]\n", getprogname()); - (void)fprintf(stderr, " %s -G [-nv] [-i ivmeth] [-k kgmeth] " + (void)fprintf(stderr, " %s -G [-npv] [-i ivmeth] [-k kgmeth] " "[-o outfile] paramsfile\n", getprogname()); (void)fprintf(stderr, " %s -g [-nv] [-i ivmeth] [-k kgmeth] " "[-o outfile] alg [keylen]\n", getprogname()); - (void)fprintf(stderr, " %s -l\n", getprogname()); + (void)fprintf(stderr, " %s -l [-v[v]] [cgd]\n", getprogname()); (void)fprintf(stderr, " %s -s [-nv] [-i ivmeth] cgd dev alg " "[keylen]\n", getprogname()); - (void)fprintf(stderr, " %s -U [-nv] [-f configfile]\n", getprogname()); + (void)fprintf(stderr, " %s -U [-nv] [-f configfile]\n", + getprogname()); (void)fprintf(stderr, " %s -u [-nv] cgd\n", getprogname()); exit(EXIT_FAILURE); } @@ -515,12 +517,33 @@ configure(int argc, char **argv, struct char devicename[PATH_MAX]; const char *dev = NULL; /* XXX: gcc */ - if (argc == 2 || argc == 3) { - dev = getfsspecname(devicename, sizeof(devicename), argv[1]); - if (dev == NULL) { - warnx("getfsspecname failed: %s", devicename); + if (argc < 2 || argc > 3) { + /* print usage and exit, only if called from main() */ + if (flags == CONFIG_FLAGS_FROMMAIN) { + warnx("wrong number of args"); + usage(); + } + return -1; + } + + if (( + fd = opendisk1(*argv, O_RDWR, cgdname, sizeof(cgdname), 1, prog_open) + ) != -1) { + struct cgd_user cgu; + + cgu.cgu_unit = -1; + if (prog_ioctl(fd, CGDIOCGET, &cgu) != -1 && cgu.cgu_dev != 0) { + warnx("device %s already in use", *argv); + prog_close(fd); return -1; } + prog_close(fd); + } + + dev = getfsspecname(devicename, sizeof(devicename), argv[1]); + if (dev == NULL) { + warnx("getfsspecname failed: %s", devicename); + return -1; } if (argc == 2) { @@ -529,16 +552,8 @@ configure(int argc, char **argv, struct /* make string writable for basename */ strlcpy(pfile, dev, sizeof(pfile)); p = params_cget(basename(pfile)); - } else if (argc == 3) { + } else p = params_cget(argv[2]); - } else { - /* print usage and exit, only if called from main() */ - if (flags == CONFIG_FLAGS_FROMMAIN) { - warnx("wrong number of args"); - usage(); - } - return -1; - } if (!p) return -1;