Currently bioctl invokes readpassphrase(3) with RPP_REQUIRE_TTY, which
means that there must be a controlling tty to read the password from.
This diff adds an option (-s) to force bioctl to read the passphrase
from stdin. Without this option existing behavior is maintained.
Index: bioctl.8
===================================================================
RCS file: /cvs/src/sbin/bioctl/bioctl.8,v
retrieving revision 1.82
diff -u -p -r1.82 bioctl.8
--- bioctl.8 20 Nov 2010 17:46:24 -0000 1.82
+++ bioctl.8 29 Nov 2010 22:17:03 -0000
@@ -43,7 +43,7 @@
.Pp
.Nm bioctl
.Bk -words
-.Op Fl dhiPqv
+.Op Fl dhiPqsv
.Op Fl C Ar flag[,flag,...]
.Op Fl c Ar raidlevel
.Op Fl k Ar keydisk
@@ -235,6 +235,11 @@ the PBKDF2 algorithm used to convert a p
Higher iteration counts take more time, but offer more resistance to key
guessing attacks.
The minimum is 1000 rounds and the default is 8192.
+.It Fl s
+Read the passphrase for the selected crypto volume from
+.Pa /dev/stdin
+rather than
+.Pa /dev/tty .
.El
.Sh EXAMPLES
The following command, executed from the command line, would configure
Index: bioctl.c
===================================================================
RCS file: /cvs/src/sbin/bioctl/bioctl.c,v
retrieving revision 1.97
diff -u -p -r1.97 bioctl.c
--- bioctl.c 10 Jul 2010 02:56:16 -0000 1.97
+++ bioctl.c 29 Nov 2010 22:17:03 -0000
@@ -86,6 +86,7 @@ int rflag = 8192;
char *password;
struct bio_locate bl;
+int rpp_flag = RPP_REQUIRE_TTY;
int
main(int argc, char *argv[])
@@ -106,7 +107,7 @@ main(int argc, char *argv[])
if (argc < 2)
usage();
- while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:Pp:qr:R:vu:")) !=
+ while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:Pp:qr:R:svu:")) !=
-1) {
switch (ch) {
case 'a': /* alarm */
@@ -174,6 +175,9 @@ main(int argc, char *argv[])
ss_func = BIOC_SSREBUILD;
al_arg = optarg;
break;
+ case 's':
+ rpp_flag = RPP_STDIN;
+ break;
case 'v':
verbose = 1;
break;
@@ -252,12 +256,12 @@ usage(void)
"[-R device | channel:target[.lun]\n"
"\t[-u channel:target[.lun]] "
"device\n"
- " %s [-dhiPqv] "
- "[-C flag[,flag,...]] [-c raidlevel] [-k keydisk]\n"
- "\t[-l special[,special,...]] [-p passfile]\n"
- "\t[-R device | channel:target[.lun] [-r rounds] "
+ " %s [-dhiPqsv] "
+ "[-C flag[,flag,...]] [-c raidlevel] [-k keydisk]\n"
+ "\t[-l special[,special,...]] [-p passfile]\n"
+ "\t[-R device | channel:target[.lun] [-r rounds] "
"device\n", __progname, __progname);
-
+
exit(1);
}
@@ -1070,14 +1074,14 @@ derive_key_pkcs(int rounds, u_int8_t *ke
fclose(f);
} else {
if (readpassphrase(prompt, passphrase, sizeof(passphrase),
- RPP_REQUIRE_TTY) == NULL)
+ rpp_flag) == NULL)
errx(1, "unable to read passphrase");
}
if (verify) {
/* request user to re-type it */
if (readpassphrase("Re-type passphrase: ", verifybuf,
- sizeof(verifybuf), RPP_REQUIRE_TTY) == NULL) {
+ sizeof(verifybuf), rpp_flag) == NULL) {
memset(passphrase, 0, sizeof(passphrase));
errx(1, "unable to read passphrase");
}
--
GDB has a 'break' feature; why doesn't it have 'fix' too?
