Re: bioctl should retry passphrase

Fri, 14 Jan 2011 01:31:36 -0800 

On Fri, Jan 14, 2011 at 07:10, Christopher Zimmermann
<madro...@zakweb.de> wrote:
> On 01/14/11 00:51, Ted Unangst wrote:
>> If I type the wrong password into bioctl at boot, disks don't exist,
>> filesystems don't get mounted, and generally lots of things go wrong.  All
>> I need is a second chance to remind me to type the right password.
>
> In /etc/rc I simply do this:
>
> [...]
>
> # XXX - my own changes - enable encrypted softraid
> echo -n 'wd0p '
> until bioctl -c C -l /dev/wd0p softraid0
> do echo -n 'try again wd0p '
> done
>
> # Check parity on raid devices.
> raidctl -P all
>
> swapctl -A -t blk
>
>
>
> Christopher
>
>>
>> Index: bioctl.c
>> ===================================================================
>> RCS file: /home/tedu/cvs/src/sbin/bioctl/bioctl.c,v
>> retrieving revision 1.98
>> diff -u -r1.98 bioctl.c
>> --- bioctl.c  1 Dec 2010 19:40:18 -0000       1.98
>> +++ bioctl.c  13 Jan 2011 23:47:24 -0000
>> @@ -699,6 +699,7 @@
>>       int                     rv, no_dev, fd;
>>       dev_t                   *dt;
>>       u_int16_t               min_disks = 0;
>> +     int                     retry = 0;
>>
>>       if (!dev_list)
>>               errx(1, "no devices specified");
>> @@ -738,6 +739,7 @@
>>       if (level == 'C' && no_dev != min_disks)
>>               errx(1, "not exactly one partition");
>>
>> +again:
>>       memset(&create, 0, sizeof(create));
>>       create.bc_cookie = bl.bl_cookie;
>>       create.bc_level = level;
>> @@ -802,8 +804,14 @@
>>       memset(&kdfinfo, 0, sizeof(kdfinfo));
>>       memset(&create, 0, sizeof(create));
>>       if (rv == -1) {
>> -             if (errno == EPERM)
>> +             if (errno == EPERM) {
>> +                     if (!retry) {
>> +                             warnx("Incorrect passphrase. Try again.");
>> +                             retry = 1;
>> +                             goto again;
>> +                     }
>>                       errx(1, "Incorrect passphrase");
>> +             }
>>               err(1, "BIOCCREATERAID");
>>       }
>
>

This might be a flag in bioctl to force looping until the password is
correct. This way, you can force correct pasword for /usr, /var or
other and keep the current behaviour for partition like
/home/user1/encypted

I only have the former so my /etc/rc contains:

if [ X"${bioctl_flags}" != X"NO" ]; then
        trap '' EXIT TERM KILL
        echo 'mounting softraid';               until bioctl
$bioctl_flags 2>/dev/null ; do done
        trap - EXIT TERM KILL
fi

# Check parity on raid devices.
raidctl -P all

--
Thomas Jeunet

Reply via email to