From 5f2199705df039fb82c164ef15090482a3a3693c Mon Sep 17 00:00:00 2001 From: kn Date: Fri, 18 Aug 2023 14:09:19 +0000 Subject: [PATCH] Make -s read passphrases without prompts or confirmation -s for non-interactive usage disables prompts, but still silently expects two inputs, which is neither intuitive nor ergonomic. Fix this get sane scriptable behaviour and documentation. Feedback OK jsing op --- sbin/bioctl/bioctl.8 | 6 +++--- sbin/bioctl/bioctl.c | 11 +++++++---- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/sbin/bioctl/bioctl.8 b/sbin/bioctl/bioctl.8 index d6617b14595..e8c6bcbce96 100644 --- a/sbin/bioctl/bioctl.8 +++ b/sbin/bioctl/bioctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bioctl.8,v 1.111 2023/07/06 21:08:50 kn Exp $ +.\" $OpenBSD: bioctl.8,v 1.112 2023/08/18 14:09:19 kn Exp $ .\" .\" Copyright (c) 2004, 2005 Marco Peereboom .\" @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: July 6 2023 $ +.Dd $Mdocdate: August 18 2023 $ .Dt BIOCTL 8 .Os .Sh NAME @@ -288,7 +288,7 @@ is specified as "auto", the number of rounds will be automatically determined based on system performance. Otherwise the minimum is 4 rounds and the default is 16. .It Fl s -Read the passphrase for the selected crypto volume from +Omit prompts and read passphrases without confirmation from .Pa /dev/stdin rather than .Pa /dev/tty . diff --git a/sbin/bioctl/bioctl.c b/sbin/bioctl/bioctl.c index 2928cfba3d5..920f997606e 100644 --- a/sbin/bioctl/bioctl.c +++ b/sbin/bioctl/bioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bioctl.c,v 1.151 2022/10/18 07:04:20 kn Exp $ */ +/* $OpenBSD: bioctl.c,v 1.152 2023/08/18 14:09:19 kn Exp $ */ /* * Copyright (c) 2004, 2005 Marco Peereboom @@ -94,7 +94,7 @@ char *password; void *bio_cookie; -int rpp_flag = RPP_REQUIRE_TTY; +int interactive = 1; int main(int argc, char *argv[]) @@ -200,7 +200,7 @@ main(int argc, char *argv[]) al_arg = optarg; break; case 's': - rpp_flag = RPP_STDIN; + interactive = 0; break; case 't': /* patrol */ func |= BIOC_PATROL; @@ -989,7 +989,7 @@ bio_kdf_generate(struct sr_crypto_kdfinfo *kdfinfo) derive_key(kdfinfo->pbkdf.generic.type, kdfinfo->pbkdf.rounds, kdfinfo->maskkey, sizeof(kdfinfo->maskkey), kdfinfo->pbkdf.salt, sizeof(kdfinfo->pbkdf.salt), - "New passphrase: ", 1); + "New passphrase: ", interactive); } int @@ -1316,6 +1316,7 @@ derive_key(u_int32_t type, int rounds, u_int8_t *key, size_t keysz, size_t pl; struct stat sb; char passphrase[1024], verifybuf[1024]; + int rpp_flag = RPP_ECHO_OFF; if (!key) errx(1, "Invalid key"); @@ -1351,6 +1352,8 @@ derive_key(u_int32_t type, int rounds, u_int8_t *key, size_t keysz, fclose(f); } else { + rpp_flag |= interactive ? RPP_REQUIRE_TTY : RPP_STDIN; + if (readpassphrase(prompt, passphrase, sizeof(passphrase), rpp_flag) == NULL) err(1, "unable to read passphrase"); -- 2.20.1