Hi Steven, Will this patch be merged into a future stable release? I have to use this in my own work.
Thanks, -Jiaqiang 2011/3/2 Steven Dake <[email protected]>: > Great work > > Reviewed-by: Steven Dake <[email protected]> > > On 02/27/2011 07:47 PM, Open SA Forum AIS Services mailing list wrote: >> This option (-l or --less-secure) causes corosync-keygen to read from >> /dev/urandom instead of /dev/random to ensure that no input is required >> from the user. It may be useful when this command is used from a >> script. >> >> Signed-off-by: Russell Bryant <[email protected]> >> --- >> man/corosync-keygen.8 | 10 +++++++- >> tools/corosync-keygen.c | 49 >> ++++++++++++++++++++++++++++++++++++++++++---- >> 2 files changed, 52 insertions(+), 7 deletions(-) >> >> diff --git a/man/corosync-keygen.8 b/man/corosync-keygen.8 >> index b161569..5dc3f45 100644 >> --- a/man/corosync-keygen.8 >> +++ b/man/corosync-keygen.8 >> @@ -35,7 +35,7 @@ >> .SH NAME >> corosync-keygen \- Generate an authentication key for Corosync. >> .SH SYNOPSIS >> -.B "corosync-keygen" >> +.B "corosync-keygen [\-l]" >> .SH DESCRIPTION >> >> If you want to configure corosync to use cryptographic techniques to ensure >> authenticity >> @@ -62,7 +62,13 @@ If a message "Invalid digest" appears from the corosync >> executive, the keys >> are not consistent between processors. >> .PP >> .B Note: corosync-keygen >> -will ask for user input to assist in generating entropy. >> +will ask for user input to assist in generating entropy unless the -l >> option is used. >> +.SH OPTIONS >> +.TP >> +.B -l >> +Use a less secure random data source that will not require user input to >> help generate >> +.br >> +entropy. This may be useful when this utility is used from a script. >> .SH EXAMPLES >> .TP >> Generate the key. >> diff --git a/tools/corosync-keygen.c b/tools/corosync-keygen.c >> index c842fd1..73ba8d4 100644 >> --- a/tools/corosync-keygen.c >> +++ b/tools/corosync-keygen.c >> @@ -39,6 +39,7 @@ >> #include <unistd.h> >> #include <fcntl.h> >> #include <errno.h> >> +#include <getopt.h> >> #include <sys/types.h> >> #include <sys/stat.h> >> >> @@ -46,12 +47,45 @@ >> >> #define KEYFILE COROSYSCONFDIR "/authkey" >> >> -int main (void) { >> +static const char usage[] = >> + "Usage: corosync-keygen [-l]\n" >> + " -l / --less-secure - Use a less secure random number source\n" >> + " (/dev/urandom) that is guaranteed not to require user\n" >> + " input for entropy. This can be used when this\n" >> + " application is used from a script.\n"; >> + >> + >> +int main (int argc, char *argv[]) >> +{ >> int authkey_fd; >> int random_fd; >> unsigned char key[128]; >> ssize_t res; >> ssize_t bytes_read; >> + int c; >> + int option_index; >> + int less_secure = 0; >> + static struct option long_options[] = { >> + { "less-secure", no_argument, NULL, 'l' }, >> + { "help", no_argument, NULL, 'h' }, >> + { 0, 0, NULL, 0 }, >> + }; >> + >> + while ((c = getopt_long (argc, argv, "lh", >> + long_options, &option_index)) != -1) { >> + switch (c) { >> + case 'l': >> + less_secure = 1; >> + break; >> + case 'h': >> + printf ("%s\n", usage); >> + exit(0); >> + break; >> + default: >> + printf ("Error parsing command line options.\n"); >> + exit (1); >> + } >> + } >> >> printf ("Corosync Cluster Engine Authentication key generator.\n"); >> if (geteuid() != 0) { >> @@ -65,11 +99,16 @@ int main (void) { >> } >> } >> >> - printf ("Gathering %lu bits for key from /dev/random.\n", (unsigned >> long)(sizeof (key) * 8)); >> - printf ("Press keys on your keyboard to generate entropy.\n"); >> - random_fd = open ("/dev/random", O_RDONLY); >> + if (less_secure) { >> + random_fd = open ("/dev/urandom", O_RDONLY); >> + } else { >> + printf ("Gathering %lu bits for key from /dev/random.\n", >> (unsigned long)(sizeof (key) * 8)); >> + printf ("Press keys on your keyboard to generate entropy.\n"); >> + random_fd = open ("/dev/random", O_RDONLY); >> + } >> + >> if (random_fd == -1) { >> - perror ("Is /dev/random present? Opening /dev/random"); >> + perror ("Failed to open random source\n"); >> exit (errno); >> } >> > > _______________________________________________ > Openais mailing list > [email protected] > https://lists.linux-foundation.org/mailman/listinfo/openais > _______________________________________________ Openais mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/openais
