On Sun, Feb 20, 2011 at 07:48:59PM -0600, Russell Bryant wrote:
> Add -l option to corosync-keygen.
You should also update the man page:
man/corosync-keygen.8
-Angus
>
> This option (-l or --less-secure) causes corosync-keygen to read from
> /dev/urandom instead of /dev/random to ensure that no input is required
> from the user. It may be useful when this command is used from a
> script.
> ---
> tools/corosync-keygen.c | 49 ++++++++++++++++++++++++++++++++++++++++++----
> 1 files changed, 44 insertions(+), 5 deletions(-)
>
> diff --git a/tools/corosync-keygen.c b/tools/corosync-keygen.c
> index c842fd1..73ba8d4 100644
> --- a/tools/corosync-keygen.c
> +++ b/tools/corosync-keygen.c
> @@ -39,6 +39,7 @@
> #include <unistd.h>
> #include <fcntl.h>
> #include <errno.h>
> +#include <getopt.h>
> #include <sys/types.h>
> #include <sys/stat.h>
>
> @@ -46,12 +47,45 @@
>
> #define KEYFILE COROSYSCONFDIR "/authkey"
>
> -int main (void) {
> +static const char usage[] =
> + "Usage: corosync-keygen [-l]\n"
> + " -l / --less-secure - Use a less secure random number source\n"
> + " (/dev/urandom) that is guaranteed not to require user\n"
> + " input for entropy. This can be used when this\n"
> + " application is used from a script.\n";
> +
> +
> +int main (int argc, char *argv[])
> +{
> int authkey_fd;
> int random_fd;
> unsigned char key[128];
> ssize_t res;
> ssize_t bytes_read;
> + int c;
> + int option_index;
> + int less_secure = 0;
> + static struct option long_options[] = {
> + { "less-secure", no_argument, NULL, 'l' },
> + { "help", no_argument, NULL, 'h' },
> + { 0, 0, NULL, 0 },
> + };
> +
> + while ((c = getopt_long (argc, argv, "lh",
> + long_options, &option_index)) != -1) {
> + switch (c) {
> + case 'l':
> + less_secure = 1;
> + break;
> + case 'h':
> + printf ("%s\n", usage);
> + exit(0);
> + break;
> + default:
> + printf ("Error parsing command line options.\n");
> + exit (1);
> + }
> + }
>
> printf ("Corosync Cluster Engine Authentication key generator.\n");
> if (geteuid() != 0) {
> @@ -65,11 +99,16 @@ int main (void) {
> }
> }
>
> - printf ("Gathering %lu bits for key from /dev/random.\n", (unsigned
> long)(sizeof (key) * 8));
> - printf ("Press keys on your keyboard to generate entropy.\n");
> - random_fd = open ("/dev/random", O_RDONLY);
> + if (less_secure) {
> + random_fd = open ("/dev/urandom", O_RDONLY);
> + } else {
> + printf ("Gathering %lu bits for key from /dev/random.\n",
> (unsigned long)(sizeof (key) * 8));
> + printf ("Press keys on your keyboard to generate entropy.\n");
> + random_fd = open ("/dev/random", O_RDONLY);
> + }
> +
> if (random_fd == -1) {
> - perror ("Is /dev/random present? Opening /dev/random");
> + perror ("Failed to open random source\n");
> exit (errno);
> }
>
> --
> 1.7.4
>
> _______________________________________________
> Openais mailing list
> [email protected]
> https://lists.linux-foundation.org/mailman/listinfo/openais
_______________________________________________
Openais mailing list
[email protected]
https://lists.linux-foundation.org/mailman/listinfo/openais
