1 /* $NetBSD: cgdconfig.c,v 1.16 2005/06/27 03:07:45 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 2002, 2003 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Roland C. Dowdeswell. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed by the NetBSD 21 * Foundation, Inc. and its contributors. 22 * 4. Neither the name of The NetBSD Foundation nor the names of its 23 * contributors may be used to endorse or promote products derived 24 * from this software without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 27 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 28 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 29 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 30 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 36 * POSSIBILITY OF SUCH DAMAGE. 37 */ 38 39 #include <sys/cdefs.h> 40 #ifndef lint 41 __COPYRIGHT( 42 "@(#) Copyright (c) 2002, 2003\ 43 The NetBSD Foundation, Inc. All rights reserved."); 44 __RCSID("$NetBSD: cgdconfig.c,v 1.16 2005/06/27 03:07:45 christos Exp $"); 45 #endif 46 47 #include <err.h> 48 #include <errno.h> 49 #include <fcntl.h> 50 #include <libgen.h> 51 #include <stdio.h> 52 #include <stdlib.h> 53 #include <string.h> 54 #include <unistd.h> 55 #include <util.h> 56 57 #include <sys/ioctl.h> 58 #include <sys/disklabel.h> 59 #include <sys/mman.h> 60 #include <sys/param.h> 61 #include <sys/resource.h> 62 63 #include <dev/cgdvar.h> 64 65 #include <ufs/ffs/fs.h> 66 67 #include "params.h" 68 #include "pkcs5_pbkdf2.h" 69 #include "utils.h" 70 71 #define CGDCONFIG_DIR "/etc/cgd" 72 #define CGDCONFIG_CFILE CGDCONFIG_DIR "/cgd.conf" 73 74 #define ACTION_CONFIGURE 0x1 /* configure, with paramsfile */ 75 #define ACTION_UNCONFIGURE 0x2 /* unconfigure */ 76 #define ACTION_GENERATE 0x3 /* generate a paramsfile */ 77 #define ACTION_GENERATE_CONVERT 0x4 /* generate a ``dup'' paramsfile */ 78 #define ACTION_CONFIGALL 0x5 /* configure all from config file */ 79 #define ACTION_UNCONFIGALL 0x6 /* unconfigure all from config file */ 80 #define ACTION_CONFIGSTDIN 0x7 /* configure, key from stdin */ 81 82 /* if nflag is set, do not configure/unconfigure the cgd's */ 83 84 int nflag = 0; 85 86 static int configure(int, char **, struct params *, int); 87 static int configure_stdin(struct params *, int argc, char **); 88 static int generate(struct params *, int, char **, const char *); 89 static int generate_convert(struct params *, int, char **, const char *); 90 static int unconfigure(int, char **, struct params *, int); 91 static int do_all(const char *, int, char **, 92 int (*)(int, char **, struct params *, int)); 93 94 #define CONFIG_FLAGS_FROMALL 1 /* called from configure_all() */ 95 #define CONFIG_FLAGS_FROMMAIN 2 /* called from main() */ 96 97 static int configure_params(int, const char *, const char *, 98 struct params *); 99 static void eliminate_cores(void); 100 static bits_t *getkey(const char *, struct keygen *, int); 101 static bits_t *getkey_storedkey(const char *, struct keygen *, int); 102 static bits_t *getkey_randomkey(const char *, struct keygen *, int, int); 103 static bits_t *getkey_pkcs5_pbkdf2(const char *, struct keygen *, int, int); 104 static int opendisk_werror(const char *, char *, int); 105 static int unconfigure_fd(int); 106 static int verify(struct params *, int); 107 static int verify_disklabel(int); 108 static int verify_ffs(int); 109 static int verify_reenter(struct params *); 110 111 static void usage(void); 112 113 /* Verbose Framework */ 114 int verbose = 0; 115 116 #define VERBOSE(x,y) if (verbose >= x) y 117 #define VPRINTF(x,y) if (verbose >= x) printf y 118 119 static void 120 usage(void) 121 { 122 123 fprintf(stderr, "usage: %s [-nv] [-V vmeth] cgd dev [paramsfile]\n", 124 getprogname()); 125 fprintf(stderr, " %s -C [-nv] [-f configfile]\n", getprogname()); 126 fprintf(stderr, " %s -U [-nv] [-f configfile]\n", getprogname()); 127 fprintf(stderr, " %s -G [-nv] [-i ivmeth] [-k kgmeth] " 128 "[-o outfile] paramsfile\n", getprogname()); 129 fprintf(stderr, " %s -g [-nv] [-i ivmeth] [-k kgmeth] " 130 "[-o outfile] alg [keylen]\n", getprogname()); 131 fprintf(stderr, " %s -s [-nv] [-i ivmeth] cgd dev alg " 132 "[keylen]\n", getprogname()); 133 fprintf(stderr, " %s -u [-nv] cgd\n", getprogname()); 134 exit(1); 135 } 136 137 int 138 main(int argc, char **argv) 139 { 140 struct params *p; 141 struct params *tp; 142 struct keygen *kg; 143 int action = ACTION_CONFIGURE; 144 int actions = 0; 145 int ch; 146 char cfile[FILENAME_MAX] = ""; 147 char outfile[FILENAME_MAX] = ""; 148 149 setprogname(*argv); 150 eliminate_cores(); 151 if (mlockall(MCL_FUTURE)) 152 err(EXIT_FAILURE, "Can't lock memory"); 153 p = params_new(); 154 kg = NULL; 155 156 while ((ch = getopt(argc, argv, "CGUV:b:f:gi:k:no:usv")) != -1) 157 switch (ch) { 158 case 'C': 159 action = ACTION_CONFIGALL; 160 actions++; 161 break; 162 case 'G': 163 action = ACTION_GENERATE_CONVERT; 164 actions++; 165 break; 166 case 'U': 167 action = ACTION_UNCONFIGALL; 168 actions++; 169 break; 170 case 'V': 171 tp = params_verify_method(string_fromcharstar(optarg)); 172 if (!tp) 173 usage(); 174 p = params_combine(p, tp); 175 break; 176 case 'b': 177 tp = params_bsize(atoi(optarg)); 178 if (!tp) 179 usage(); 180 p = params_combine(p, tp); 181 break; 182 case 'f': 183 strlcpy(cfile, optarg, sizeof(cfile)); 184 break; 185 case 'g': 186 action = ACTION_GENERATE; 187 actions++; 188 break; 189 case 'i': 190 tp = params_ivmeth(string_fromcharstar(optarg)); 191 p = params_combine(p, tp); 192 break; 193 case 'k': 194 kg = keygen_method(string_fromcharstar(optarg)); 195 if (!kg) 196 usage(); 197 keygen_addlist(&p->keygen, kg); 198 break; 199 case 'n': 200 nflag = 1; 201 break; 202 case 'o': 203 strlcpy(outfile, optarg, sizeof(outfile)); 204 break; 205 case 's': 206 action = ACTION_CONFIGSTDIN; 207 actions++; 208 break; 209 210 case 'u': 211 action = ACTION_UNCONFIGURE; 212 actions++; 213 break; 214 case 'v': 215 verbose++; 216 break; 217 default: 218 usage(); 219 /* NOTREACHED */ 220 } 221 222 argc -= optind; 223 argv += optind; 224 225 /* validate the consistency of the arguments */ 226 227 if (actions > 1) 228 usage(); 229 230 switch (action) { 231 case ACTION_CONFIGURE: 232 return configure(argc, argv, p, CONFIG_FLAGS_FROMMAIN); 233 case ACTION_UNCONFIGURE: 234 return unconfigure(argc, argv, NULL, CONFIG_FLAGS_FROMMAIN); 235 case ACTION_GENERATE: 236 return generate(p, argc, argv, outfile); 237 case ACTION_GENERATE_CONVERT: 238 return generate_convert(p, argc, argv, outfile); 239 case ACTION_CONFIGALL: 240 return do_all(cfile, argc, argv, configure); 241 case ACTION_UNCONFIGALL: 242 return do_all(cfile, argc, argv, unconfigure); 243 case ACTION_CONFIGSTDIN: 244 return configure_stdin(p, argc, argv); 245 default: 246 errx(EXIT_FAILURE, "undefined action"); 247 } 248 /* NOTREACHED */ 249 } 250 251 static bits_t * 252 getkey(const char *dev, struct keygen *kg, int len) 253 { 254 bits_t *ret = NULL; 255 bits_t *tmp; 256 257 VPRINTF(3, ("getkey(\"%s\", %p, %d) called\n", dev, kg, len)); 258 for (; kg; kg=kg->next) { 259 switch (kg->kg_method) { 260 case KEYGEN_STOREDKEY: 261 tmp = getkey_storedkey(dev, kg, len); 262 break; 263 case KEYGEN_RANDOMKEY: 264 tmp = getkey_randomkey(dev, kg, len, 1); 265 break; 266 case KEYGEN_URANDOMKEY: 267 tmp = getkey_randomkey(dev, kg, len, 0); 268 break; 269 case KEYGEN_PKCS5_PBKDF2_SHA1: 270 tmp = getkey_pkcs5_pbkdf2(dev, kg, len, 0); 271 break; 272 /* provide backwards compatibility for old config files */ 273 case KEYGEN_PKCS5_PBKDF2_OLD: 274 tmp = getkey_pkcs5_pbkdf2(dev, kg, len, 1); 275 break; 276 default: 277 warnx("unrecognised keygen method %d in getkey()", 278 kg->kg_method); 279 if (ret) 280 bits_free(ret); 281 return NULL; 282 } 283 284 if (ret) 285 ret = bits_xor_d(tmp, ret); 286 else 287 ret = tmp; 288 } 289 290 return ret; 291 } 292 293 /*ARGSUSED*/ 294 static bits_t * 295 getkey_storedkey(const char *target, struct keygen *kg, int keylen) 296 { 297 298 return bits_dup(kg->kg_key); 299 } 300 301 /*ARGSUSED*/ 302 static bits_t * 303 getkey_randomkey(const char *target, struct keygen *kg, int keylen, int hard) 304 { 305 306 return bits_getrandombits(keylen, hard); 307 } 308 309 /*ARGSUSED*/ 310 /* 311 * XXX take, and pass through, a compat flag that indicates whether we 312 * provide backwards compatibility with a previous bug. The previous 313 * behaviour is indicated by the keygen method pkcs5_pbkdf2, and a 314 * non-zero compat flag. The new default, and correct keygen method is 315 * called pcks5_pbkdf2/sha1. When the old method is removed, so will 316 * be the compat argument. 317 */ 318 static bits_t * 319 getkey_pkcs5_pbkdf2(const char *target, struct keygen *kg, int keylen, int compat) 320 { 321 bits_t *ret; 322 char *passp; 323 char buf[1024]; 324 u_int8_t *tmp; 325 326 snprintf(buf, sizeof(buf), "%s's passphrase:", target); 327 passp = getpass(buf); 328 if (pkcs5_pbkdf2(&tmp, BITS2BYTES(keylen), passp, strlen(passp), 329 bits_getbuf(kg->kg_salt), BITS2BYTES(bits_len(kg->kg_salt)), 330 kg->kg_iterations, compat)) { 331 warnx("failed to generate PKCS#5 PBKDF2 key"); 332 return NULL; 333 } 334 335 ret = bits_new(tmp, keylen); 336 kg->kg_key = bits_dup(ret); 337 free(tmp); 338 return ret; 339 } 340 341 /*ARGSUSED*/ 342 static int 343 unconfigure(int argc, char **argv, struct params *inparams, int flags) 344 { 345 int fd; 346 int ret; 347 char buf[MAXPATHLEN] = ""; 348 349 /* only complain about additional arguments, if called from main() */ 350 if (flags == CONFIG_FLAGS_FROMMAIN && argc != 1) 351 usage(); 352 353 /* if called from do_all(), then ensure that 2 or 3 args exist */ 354 if (flags == CONFIG_FLAGS_FROMALL && (argc < 2 || argc > 3)) 355 return -1; 356 357 fd = opendisk(*argv, O_RDWR, buf, sizeof(buf), 1); 358 if (fd == -1) { 359 warn("can't open cgd \"%s\", \"%s\"", *argv, buf); 360 361 /* this isn't fatal with nflag != 0 */ 362 if (!nflag) 363 return errno; 364 } 365 366 VPRINTF(1, ("%s (%s): clearing\n", *argv, buf)); 367 368 if (nflag) 369 return 0; 370 371 ret = unconfigure_fd(fd); 372 close(fd); 373 return ret; 374 } 375 376 static int 377 unconfigure_fd(int fd) 378 { 379 struct cgd_ioctl ci; 380 int ret; 381 382 ret = ioctl(fd, CGDIOCCLR, &ci); 383 if (ret == -1) { 384 perror("ioctl"); 385 return -1; 386 } 387 388 return 0; 389 } 390 391 /*ARGSUSED*/ 392 static int 393 configure(int argc, char **argv, struct params *inparams, int flags) 394 { 395 struct params *p; 396 int fd; 397 int ret; 398 char pfile[FILENAME_MAX]; 399 char cgdname[PATH_MAX]; 400 401 switch (argc) { 402 case 2: 403 strlcpy(pfile, CGDCONFIG_DIR, FILENAME_MAX); 404 strlcat(pfile, "/", FILENAME_MAX); 405 strlcat(pfile, basename(argv[1]), FILENAME_MAX); 406 break; 407 case 3: 408 strlcpy(pfile, argv[2], FILENAME_MAX); 409 break; 410 default: 411 /* print usage and exit, only if called from main() */ 412 if (flags == CONFIG_FLAGS_FROMMAIN) { 413 warnx("wrong number of args"); 414 usage(); 415 } 416 return -1; 417 /* NOTREACHED */ 418 } 419 420 p = params_cget(pfile); 421 if (!p) 422 return -1; 423 424 /* 425 * over-ride with command line specifications and fill in default 426 * values. 427 */ 428 429 p = params_combine(p, inparams); 430 ret = params_filldefaults(p); 431 if (ret) { 432 params_free(p); 433 return ret; 434 } 435 436 if (!params_verify(p)) { 437 warnx("params invalid"); 438 return -1; 439 } 440 441 /* 442 * loop over configuring the disk and checking to see if it 443 * verifies properly. We open and close the disk device each 444 * time, because if the user passes us the block device we 445 * need to flush the buffer cache. 446 */ 447 448 for (;;) { 449 fd = opendisk_werror(argv[0], cgdname, sizeof(cgdname)); 450 if (fd == -1) 451 return -1; 452 453 if (p->key) 454 bits_free(p->key); 455 456 p->key = getkey(argv[1], p->keygen, p->keylen); 457 if (!p->key) 458 goto bail_err; 459 460 ret = configure_params(fd, cgdname, argv[1], p); 461 if (ret) 462 goto bail_err; 463 464 ret = verify(p, fd); 465 if (ret == -1) 466 goto bail_err; 467 if (!ret) 468 break; 469 470 fprintf(stderr, "verification failed, please reenter " 471 "passphrase\n"); 472 473 unconfigure_fd(fd); 474 close(fd); 475 } 476 477 params_free(p); 478 close(fd); 479 return 0; 480 bail_err: 481 params_free(p); 482 close(fd); 483 return -1; 484 } 485 486 static int 487 configure_stdin(struct params *p, int argc, char **argv) 488 { 489 int fd; 490 int ret; 491 char cgdname[PATH_MAX]; 492 493 if (argc < 3 || argc > 4) 494 usage(); 495 496 p->algorithm = string_fromcharstar(argv[2]); 497 if (argc > 3) 498 p->keylen = atoi(argv[3]); 499 500 ret = params_filldefaults(p); 501 if (ret) 502 return ret; 503 504 fd = opendisk_werror(argv[0], cgdname, sizeof(cgdname)); 505 if (fd == -1) 506 return -1; 507 508 p->key = bits_fget(stdin, p->keylen); 509 if (!p->key) { 510 warnx("failed to read key from stdin"); 511 return -1; 512 } 513 514 return configure_params(fd, cgdname, argv[1], p); 515 } 516 517 static int 518 opendisk_werror(const char *cgd, char *buf, int buflen) 519 { 520 int fd; 521 522 VPRINTF(3, ("opendisk_werror(%s, %s, %d) called.\n", cgd, buf, buflen)); 523 524 /* sanity */ 525 if (!cgd || !buf) 526 return -1; 527 528 if (nflag) { 529 strlcpy(buf, cgd, buflen); 530 return 0; 531 } 532 533 fd = opendisk(cgd, O_RDWR, buf, buflen, 0); 534 if (fd == -1) 535 warnx("can't open cgd \"%s\", \"%s\"", cgd, buf); 536 537 return fd; 538 } 539 540 static int 541 configure_params(int fd, const char *cgd, const char *dev, struct params *p) 542 { 543 struct cgd_ioctl ci; 544 int ret; 545 546 /* sanity */ 547 if (!cgd || !dev) 548 return -1; 549 550 memset(&ci, 0x0, sizeof(ci)); 551 ci.ci_disk = dev; 552 ci.ci_alg = string_tocharstar(p->algorithm); 553 ci.ci_ivmethod = string_tocharstar(p->ivmeth); 554 ci.ci_key = bits_getbuf(p->key); 555 ci.ci_keylen = p->keylen; 556 ci.ci_blocksize = p->bsize; 557 558 VPRINTF(1, (" with alg %s keylen %d blocksize %d ivmethod %s\n", 559 string_tocharstar(p->algorithm), p->keylen, p->bsize, 560 string_tocharstar(p->ivmeth))); 561 VPRINTF(2, ("key: ")); 562 VERBOSE(2, bits_fprint(stdout, p->key)); 563 VPRINTF(2, ("\n")); 564 565 if (nflag) 566 return 0; 567 568 ret = ioctl(fd, CGDIOCSET, &ci); 569 if (ret == -1) { 570 perror("ioctl"); 571 return errno; 572 } 573 574 return 0; 575 } 576 577 /* 578 * verify returns 0 for success, -1 for unrecoverable error, or 1 for retry. 579 */ 580 581 #define SCANSIZE 8192 582 583 static int 584 verify(struct params *p, int fd) 585 { 586 587 switch (p->verify_method) { 588 case VERIFY_NONE: 589 return 0; 590 case VERIFY_DISKLABEL: 591 return verify_disklabel(fd); 592 case VERIFY_FFS: 593 return verify_ffs(fd); 594 case VERIFY_REENTER: 595 return verify_reenter(p); 596 default: 597 warnx("unimplemented verification method"); 598 return -1; 599 } 600 } 601 602 static int 603 verify_disklabel(int fd) 604 { 605 struct disklabel l; 606 int ret; 607 char buf[SCANSIZE]; 608 609 /* 610 * we simply scan the first few blocks for a disklabel, ignoring 611 * any MBR/filecore sorts of logic. MSDOS and RiscOS can't read 612 * a cgd, anyway, so it is unlikely that there will be non-native 613 * partition information. 614 */ 615 616 ret = pread(fd, buf, 8192, 0); 617 if (ret == -1) { 618 warn("can't read disklabel area"); 619 return -1; 620 } 621 622 /* now scan for the disklabel */ 623 624 return disklabel_scan(&l, buf, sizeof(buf)); 625 } 626 627 static off_t sblock_try[] = SBLOCKSEARCH; 628 629 static int 630 verify_ffs(int fd) 631 { 632 struct fs *fs; 633 int ret, i; 634 char buf[SBLOCKSIZE]; 635 636 for (i = 0; sblock_try[i] != -1; i++) { 637 ret = pread(fd, buf, sizeof(buf), sblock_try[i]); 638 if (ret == -1) { 639 warn("pread"); 640 return 0; 641 } 642 fs = (struct fs *)buf; 643 switch (fs->fs_magic) { 644 case FS_UFS1_MAGIC: 645 case FS_UFS2_MAGIC: 646 case FS_UFS1_MAGIC_SWAPPED: 647 case FS_UFS2_MAGIC_SWAPPED: 648 return 0; 649 default: 650 continue; 651 } 652 } 653 return 1; 654 } 655 656 static int 657 verify_reenter(struct params *p) 658 { 659 struct keygen *kg; 660 bits_t *orig_key, *key; 661 int ret; 662 663 ret = 0; 664 for (kg = p->keygen; kg && !ret; kg = kg->next) { 665 if ((kg->kg_method != KEYGEN_PKCS5_PBKDF2_SHA1) && 666 (kg->kg_method != KEYGEN_PKCS5_PBKDF2_OLD )) 667 continue; 668 669 orig_key = kg->kg_key; 670 kg->kg_key = NULL; 671 672 /* add a compat flag till the _OLD method goes away */ 673 key = getkey_pkcs5_pbkdf2("re-enter device", kg, 674 bits_len(orig_key), kg->kg_method == KEYGEN_PKCS5_PBKDF2_OLD); 675 ret = !bits_match(key, orig_key); 676 677 bits_free(key); 678 bits_free(kg->kg_key); 679 kg->kg_key = orig_key; 680 } 681 682 return ret; 683 } 684 685 static int 686 generate(struct params *p, int argc, char **argv, const char *outfile) 687 { 688 int ret; 689 690 if (argc < 1 || argc > 2) 691 usage(); 692 693 p->algorithm = string_fromcharstar(argv[0]); 694 if (argc > 1) 695 p->keylen = atoi(argv[1]); 696 697 ret = params_filldefaults(p); 698 if (ret) 699 return ret; 700 701 if (!p->keygen) { 702 p->keygen = keygen_generate(KEYGEN_PKCS5_PBKDF2_SHA1); 703 if (!p->keygen) 704 return -1; 705 } 706 707 if (keygen_filldefaults(p->keygen, p->keylen)) { 708 warnx("Failed to generate defaults for keygen"); 709 return -1; 710 } 711 712 if (!params_verify(p)) { 713 warnx("invalid parameters generated"); 714 return -1; 715 } 716 717 return params_cput(p, outfile); 718 } 719 720 static int 721 generate_convert(struct params *p, int argc, char **argv, const char *outfile) 722 { 723 struct params *oldp; 724 struct keygen *kg; 725 726 if (argc != 1) 727 usage(); 728 729 oldp = params_cget(*argv); 730 if (!oldp) 731 return -1; 732 733 /* for sanity, we ensure that none of the keygens are randomkey */ 734 for (kg=p->keygen; kg; kg=kg->next) 735 if (kg->kg_method == KEYGEN_RANDOMKEY) 736 goto bail; 737 for (kg=oldp->keygen; kg; kg=kg->next) 738 if (kg->kg_method == KEYGEN_RANDOMKEY) 739 goto bail; 740 741 if (!params_verify(oldp)) { 742 warnx("invalid old parameters file \"%s\"", *argv); 743 return -1; 744 } 745 746 oldp->key = getkey("old file", oldp->keygen, oldp->keylen); 747 748 /* we copy across the non-keygen info, here. */ 749 750 string_free(p->algorithm); 751 string_free(p->ivmeth); 752 753 p->algorithm = string_dup(oldp->algorithm); 754 p->ivmeth = string_dup(oldp->ivmeth); 755 p->keylen = oldp->keylen; 756 p->bsize = oldp->bsize; 757 if (p->verify_method == VERIFY_UNKNOWN) 758 p->verify_method = oldp->verify_method; 759 760 params_free(oldp); 761 762 if (!p->keygen) { 763 p->keygen = keygen_generate(KEYGEN_PKCS5_PBKDF2_SHA1); 764 if (!p->keygen) 765 return -1; 766 } 767 params_filldefaults(p); 768 keygen_filldefaults(p->keygen, p->keylen); 769 p->key = getkey("new file", p->keygen, p->keylen); 770 771 kg = keygen_generate(KEYGEN_STOREDKEY); 772 kg->kg_key = bits_xor(p->key, oldp->key); 773 keygen_addlist(&p->keygen, kg); 774 775 if (!params_verify(p)) { 776 warnx("can't generate new parameters file"); 777 return -1; 778 } 779 780 return params_cput(p, outfile); 781 bail: 782 params_free(oldp); 783 return -1; 784 } 785 786 static int 787 do_all(const char *cfile, int argc, char **argv, 788 int (*conf)(int, char **, struct params *, int)) 789 { 790 FILE *f; 791 size_t len; 792 size_t lineno; 793 int my_argc; 794 int ret; 795 const char *fn; 796 char *line; 797 char **my_argv; 798 799 if (argc > 0) 800 usage(); 801 802 if (!cfile[0]) 803 fn = CGDCONFIG_CFILE; 804 else 805 fn = cfile; 806 807 f = fopen(fn, "r"); 808 if (!f) { 809 warn("could not open config file \"%s\"", fn); 810 return -1; 811 } 812 813 ret = chdir(CGDCONFIG_DIR); 814 if (ret == -1) 815 warn("could not chdir to %s", CGDCONFIG_DIR); 816 817 ret = 0; 818 lineno = 0; 819 for (;;) { 820 line = fparseln(f, &len, &lineno, "\\\\#", FPARSELN_UNESCALL); 821 if (!line) 822 break; 823 if (!*line) 824 continue; 825 826 my_argv = words(line, &my_argc); 827 ret = conf(my_argc, my_argv, NULL, CONFIG_FLAGS_FROMALL); 828 if (ret) { 829 warnx("action failed on \"%s\" line %lu", fn, 830 (u_long)lineno); 831 break; 832 } 833 words_free(my_argv, my_argc); 834 } 835 return ret; 836 } 837 838 static void 839 eliminate_cores(void) 840 { 841 struct rlimit rlp; 842 int ret; 843 844 rlp.rlim_cur = 0; 845 rlp.rlim_max = 0; 846 ret = setrlimit(RLIMIT_CORE, &rlp); 847 if (ret) 848 err(EXIT_FAILURE, "Can't disable cores"); 849 } 850