Re: bioctl should retry passphrase

Sat, 15 Jan 2011 08:52:17 -0800 

On 01/15/11 03:06, Ted Unangst wrote:
> On Thu, 13 Jan 2011, Ted Unangst wrote:
> 
>> If I type the wrong password into bioctl at boot, disks don't exist, 
>> filesystems don't get mounted, and generally lots of things go wrong.  All 
>> I need is a second chance to remind me to type the right password.
> 
> After some feedback, here's a revised edition.  Keep prompting until the 
> user gets it right.  If you want out, ^C, ^D, or just plain enter will 
> quit.
> 
> This also tweaks the password length check to abort on empty passwords.  
> (readpassphrase 'succeeds' after hitting ^D.)
> 
> Index: bioctl.c
> ===================================================================
> RCS file: /home/tedu/cvs/src/sbin/bioctl/bioctl.c,v
> retrieving revision 1.98
> diff -u -r1.98 bioctl.c
> --- bioctl.c  1 Dec 2010 19:40:18 -0000       1.98
> +++ bioctl.c  15 Jan 2011 02:04:14 -0000
> @@ -738,6 +738,7 @@
>       if (level == 'C' && no_dev != min_disks)
>               errx(1, "not exactly one partition");
>  
> +again:
>       memset(&create, 0, sizeof(create));
>       create.bc_cookie = bl.bl_cookie;
>       create.bc_level = level;
> @@ -802,8 +803,10 @@
>       memset(&kdfinfo, 0, sizeof(kdfinfo));
>       memset(&create, 0, sizeof(create));
>       if (rv == -1) {
> -             if (errno == EPERM)
> -                     errx(1, "Incorrect passphrase");
> +             if (errno == EPERM) {
> +                     warnx("Incorrect passphrase. Try again.");
> +                     goto again;
> +             }
>               err(1, "BIOCCREATERAID");
>       }

I haven't looked very close but should not the handling differ between
the key_disk vs passphrase cases? I bet there would be a way to make it
loop... :-)

/Alexander


>  
> @@ -1065,18 +1068,17 @@
>  
>               if (fgets(passphrase, sizeof(passphrase), f) == NULL)
>                       err(1, "can't read passphrase file");
> -             pl = strlen(passphrase);
> -             if (pl > 0 && passphrase[pl - 1] == '\n')
> -                     passphrase[pl - 1] = '\0';
> -             else
> -                     errx(1, "invalid passphrase length");
> -
>               fclose(f);
>       } else {
>               if (readpassphrase(prompt, passphrase, sizeof(passphrase),
>                   rpp_flag) == NULL)
>                       errx(1, "unable to read passphrase");
>       }
> +     pl = strlen(passphrase);
> +     if (pl > 0 && passphrase[pl - 1] == '\n')
> +             passphrase[--pl] = '\0';
> +     if (pl == 0)
> +             errx(1, "invalid passphrase length");
>  
>       if (verify) {
>               /* request user to re-type it */

Reply via email to