Great work Reviewed-by: Steven Dake <[email protected]>
On 02/27/2011 07:47 PM, Open SA Forum AIS Services mailing list wrote: > This option (-l or --less-secure) causes corosync-keygen to read from > /dev/urandom instead of /dev/random to ensure that no input is required > from the user. It may be useful when this command is used from a > script. > > Signed-off-by: Russell Bryant <[email protected]> > --- > man/corosync-keygen.8 | 10 +++++++- > tools/corosync-keygen.c | 49 ++++++++++++++++++++++++++++++++++++++++++---- > 2 files changed, 52 insertions(+), 7 deletions(-) > > diff --git a/man/corosync-keygen.8 b/man/corosync-keygen.8 > index b161569..5dc3f45 100644 > --- a/man/corosync-keygen.8 > +++ b/man/corosync-keygen.8 > @@ -35,7 +35,7 @@ > .SH NAME > corosync-keygen \- Generate an authentication key for Corosync. > .SH SYNOPSIS > -.B "corosync-keygen" > +.B "corosync-keygen [\-l]" > .SH DESCRIPTION > > If you want to configure corosync to use cryptographic techniques to ensure > authenticity > @@ -62,7 +62,13 @@ If a message "Invalid digest" appears from the corosync > executive, the keys > are not consistent between processors. > .PP > .B Note: corosync-keygen > -will ask for user input to assist in generating entropy. > +will ask for user input to assist in generating entropy unless the -l option > is used. > +.SH OPTIONS > +.TP > +.B -l > +Use a less secure random data source that will not require user input to > help generate > +.br > +entropy. This may be useful when this utility is used from a script. > .SH EXAMPLES > .TP > Generate the key. > diff --git a/tools/corosync-keygen.c b/tools/corosync-keygen.c > index c842fd1..73ba8d4 100644 > --- a/tools/corosync-keygen.c > +++ b/tools/corosync-keygen.c > @@ -39,6 +39,7 @@ > #include <unistd.h> > #include <fcntl.h> > #include <errno.h> > +#include <getopt.h> > #include <sys/types.h> > #include <sys/stat.h> > > @@ -46,12 +47,45 @@ > > #define KEYFILE COROSYSCONFDIR "/authkey" > > -int main (void) { > +static const char usage[] = > + "Usage: corosync-keygen [-l]\n" > + " -l / --less-secure - Use a less secure random number source\n" > + " (/dev/urandom) that is guaranteed not to require user\n" > + " input for entropy. This can be used when this\n" > + " application is used from a script.\n"; > + > + > +int main (int argc, char *argv[]) > +{ > int authkey_fd; > int random_fd; > unsigned char key[128]; > ssize_t res; > ssize_t bytes_read; > + int c; > + int option_index; > + int less_secure = 0; > + static struct option long_options[] = { > + { "less-secure", no_argument, NULL, 'l' }, > + { "help", no_argument, NULL, 'h' }, > + { 0, 0, NULL, 0 }, > + }; > + > + while ((c = getopt_long (argc, argv, "lh", > + long_options, &option_index)) != -1) { > + switch (c) { > + case 'l': > + less_secure = 1; > + break; > + case 'h': > + printf ("%s\n", usage); > + exit(0); > + break; > + default: > + printf ("Error parsing command line options.\n"); > + exit (1); > + } > + } > > printf ("Corosync Cluster Engine Authentication key generator.\n"); > if (geteuid() != 0) { > @@ -65,11 +99,16 @@ int main (void) { > } > } > > - printf ("Gathering %lu bits for key from /dev/random.\n", (unsigned > long)(sizeof (key) * 8)); > - printf ("Press keys on your keyboard to generate entropy.\n"); > - random_fd = open ("/dev/random", O_RDONLY); > + if (less_secure) { > + random_fd = open ("/dev/urandom", O_RDONLY); > + } else { > + printf ("Gathering %lu bits for key from /dev/random.\n", > (unsigned long)(sizeof (key) * 8)); > + printf ("Press keys on your keyboard to generate entropy.\n"); > + random_fd = open ("/dev/random", O_RDONLY); > + } > + > if (random_fd == -1) { > - perror ("Is /dev/random present? Opening /dev/random"); > + perror ("Failed to open random source\n"); > exit (errno); > } > _______________________________________________ Openais mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/openais
