File: [local] / src / sbin / mount_vnd / mount_vnd.c (download)
Revision 1.4, Sat Sep 29 07:10:09 2007 UTC (16 years, 8 months ago) by fkr
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE, OPENBSD_4_3 Changes since 1.3: +2 -2 lines
default to svnds now to accomodate change in the vnd driver.
from Piotr Durlej with man-page nits from me
tested henning@, krw@, thib@ and myself.
ok thib@, grunk@, krw@
|
/* $OpenBSD: mount_vnd.c,v 1.4 2007/09/29 07:10:09 fkr Exp $ */
/*
* Copyright (c) 1993 University of Utah.
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* the Systems Programming Group of the University of Utah Computer
* Science Department.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* from: Utah $Hdr: vnconfig.c 1.1 93/12/15$
*
* @(#)vnconfig.c 8.1 (Berkeley) 12/15/93
*/
#include <sys/param.h>
#include <sys/ioctl.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <dev/vndioctl.h>
#include <blf.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <util.h>
#include "pkcs5_pbkdf2.h"
#define DEFAULT_VND "svnd0"
#define VND_CONFIG 1
#define VND_UNCONFIG 2
#define VND_GET 3
int verbose = 0;
int run_mount_vnd = 0;
__dead void usage(void);
int config(char *, char *, int, char *, size_t);
int getinfo(const char *);
char *get_pkcs_key(char *, char *);
int
main(int argc, char **argv)
{
int ch, rv, action, opt_c, opt_k, opt_K, opt_l, opt_u;
char *key, *mntopts, *rounds, *saltopt;
size_t keylen = 0;
extern char *__progname;
if (strcasecmp(__progname, "mount_vnd") == 0)
run_mount_vnd = 1;
opt_c = opt_k = opt_K = opt_l = opt_u = 0;
key = mntopts = rounds = saltopt = NULL;
action = VND_CONFIG;
while ((ch = getopt(argc, argv, "ckK:lo:S:uv")) != -1) {
switch (ch) {
case 'c':
opt_c = 1;
break;
case 'k':
opt_k = 1;
break;
case 'K':
opt_K = 1;
rounds = optarg;
break;
case 'l':
opt_l = 1;
break;
case 'o':
mntopts = optarg;
break;
case 'S':
saltopt = optarg;
break;
case 'u':
opt_u = 1;
break;
case 'v':
verbose = 1;
break;
default:
usage();
/* NOTREACHED */
}
}
argc -= optind;
argv += optind;
if (opt_c + opt_l + opt_u > 1)
errx(1, "-c, -l and -u are mutually exclusive options");
if (opt_l)
action = VND_GET;
else if (opt_u)
action = VND_UNCONFIG;
else
action = VND_CONFIG; /* default behavior */
if (saltopt && (!opt_K))
errx(1, "-S only makes sense when used with -K");
if (action == VND_CONFIG && argc == 2) {
int ind_raw, ind_reg;
if (opt_k) {
if (opt_K)
errx(1, "-k and -K are mutually exclusive");
key = getpass("Encryption key: ");
if (key == NULL || (keylen = strlen(key)) == 0)
errx(1, "Need an encryption key");
} else if (opt_K) {
key = get_pkcs_key(rounds, saltopt);
keylen = BLF_MAXUTILIZED;
}
/* fix order of arguments. */
if (run_mount_vnd) {
ind_raw = 1;
ind_reg = 0;
} else {
ind_raw = 0;
ind_reg = 1;
}
rv = config(argv[ind_raw], argv[ind_reg], action, key, keylen);
} else if (action == VND_UNCONFIG && argc == 1)
rv = config(argv[0], NULL, action, NULL, 0);
else if (action == VND_GET)
rv = getinfo(argc ? argv[0] : NULL);
else
usage();
exit(rv);
}
char *
get_pkcs_key(char *arg, char *saltopt)
{
char keybuf[128], saltbuf[128], saltfilebuf[PATH_MAX];
char *saltfile;
char *key = NULL;
const char *errstr;
int rounds;
rounds = strtonum(arg, 1000, INT_MAX, &errstr);
if (errstr)
err(1, "rounds: %s", errstr);
key = getpass("Encryption key: ");
if (!key || strlen(key) == 0)
errx(1, "Need an encryption key");
strncpy(keybuf, key, sizeof(keybuf));
if (saltopt)
saltfile = saltopt;
else {
printf("Salt file: ");
fflush(stdout);
saltfile = fgets(saltfilebuf, sizeof(saltfilebuf), stdin);
if (saltfile)
saltfile[strcspn(saltfile, "\n")] = '\0';
}
if (!saltfile || saltfile[0] == '\0') {
warnx("Skipping salt file, insecure");
memset(saltbuf, 0, sizeof(saltbuf));
} else {
int fd;
fd = open(saltfile, O_RDONLY);
if (fd == -1) {
int *s;
fprintf(stderr, "Salt file not found, attempting to create one\n");
fd = open(saltfile, O_RDWR|O_CREAT|O_EXCL, 0600);
if (fd == -1)
err(1, "Unable to create salt file: '%s'",
saltfile);
for (s = (int *)saltbuf;
s < (int *)(saltbuf + sizeof(saltbuf)); s++)
*s = arc4random();
if (write(fd, saltbuf, sizeof(saltbuf))
!= sizeof(saltbuf))
err(1, "Unable to write salt file: '%s'", saltfile);
fprintf(stderr, "Salt file created as '%s'\n", saltfile);
} else {
if (read(fd, saltbuf, sizeof(saltbuf))
!= sizeof(saltbuf))
err(1, "Unable to read salt file: '%s'", saltfile);
}
close(fd);
}
if (pkcs5_pbkdf2((u_int8_t**)&key, BLF_MAXUTILIZED, keybuf,
sizeof(keybuf), saltbuf, sizeof(saltbuf), rounds, 0))
errx(1, "pkcs5_pbkdf2 failed");
return (key);
}
int
getinfo(const char *vname)
{
int vd, print_all = 0;
struct vnd_user vnu;
if (vname == NULL) {
vname = DEFAULT_VND;
print_all = 1;
}
vd = opendev((char *)vname, O_RDONLY, OPENDEV_PART, NULL);
if (vd < 0)
err(1, "open: %s", vname);
vnu.vnu_unit = -1;
query:
if (ioctl(vd, VNDIOCGET, &vnu) == -1) {
if (print_all && errno == ENXIO && vnu.vnu_unit > 0) {
close(vd);
return (0);
} else {
err(1, "ioctl: %s", vname);
}
}
fprintf(stdout, "vnd%d: ", vnu.vnu_unit);
if (!vnu.vnu_ino)
fprintf(stdout, "not in use\n");
else
fprintf(stdout, "covering %s on %s, inode %d\n", vnu.vnu_file,
devname(vnu.vnu_dev, S_IFBLK), vnu.vnu_ino);
if (print_all) {
vnu.vnu_unit++;
goto query;
}
close(vd);
return (0);
}
int
config(char *dev, char *file, int action, char *key, size_t keylen)
{
struct vnd_ioctl vndio;
FILE *f;
char *rdev;
int rv;
if (opendev(dev, O_RDONLY, OPENDEV_PART, &rdev) < 0)
err(4, "%s", rdev);
f = fopen(rdev, "r");
if (f == NULL) {
warn("%s", rdev);
rv = -1;
goto out;
}
vndio.vnd_file = file;
vndio.vnd_key = (u_char *)key;
vndio.vnd_keylen = keylen;
/*
* Clear (un-configure) the device
*/
if (action == VND_UNCONFIG) {
rv = ioctl(fileno(f), VNDIOCCLR, &vndio);
if (rv)
warn("VNDIOCCLR");
else if (verbose)
printf("%s: cleared\n", dev);
}
/*
* Configure the device
*/
if (action == VND_CONFIG) {
rv = ioctl(fileno(f), VNDIOCSET, &vndio);
if (rv)
warn("VNDIOCSET");
else if (verbose)
printf("%s: %llu bytes on %s\n", dev, vndio.vnd_size,
file);
}
fclose(f);
fflush(stdout);
out:
if (key)
memset(key, 0, keylen);
return (rv < 0);
}
__dead void
usage(void)
{
extern char *__progname;
if (run_mount_vnd)
(void)fprintf(stderr,
"usage: %s [-k] [-K rounds] [-o options] "
"[-S saltfile] image vnd_dev\n", __progname);
else
(void)fprintf(stderr,
"usage: %s [-ckluv] [-K rounds] [-S saltfile] vnd_dev "
"image\n", __progname);
exit(1);
}