diff options
author | Christian Hesse <mail@eworm.de> | 2016-05-06 20:07:30 +0200 |
---|---|---|
committer | Christian Hesse <mail@eworm.de> | 2016-05-06 20:07:30 +0200 |
commit | b6cc20e9c27ddf4b4ca8a58ef7aa990885229157 (patch) | |
tree | bea97c4f616e1cc112348c4d7c3a427b28f502e1 /bin | |
parent | 0224529f0a335c54b218c49d84be3bd223556011 (diff) | |
download | mkinitcpio-ykfde-b6cc20e9c27ddf4b4ca8a58ef7aa990885229157.tar.gz mkinitcpio-ykfde-b6cc20e9c27ddf4b4ca8a58ef7aa990885229157.tar.zst |
use own function to ask for LUKS passphrase
Diffstat (limited to 'bin')
-rw-r--r-- | bin/ykfde.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/bin/ykfde.c b/bin/ykfde.c index b581f19..05a96b3 100644 --- a/bin/ykfde.c +++ b/bin/ykfde.c @@ -59,7 +59,7 @@ const static struct option options_long[] = { { 0, 0, 0, 0 } }; -char * ask_factor(const char * text) { +char * ask_secret(const char * text) { struct termios tp, tp_save; char * factor = NULL; size_t len; @@ -117,6 +117,7 @@ int main(int argc, char **argv) { struct crypt_device *cryptdevice; crypt_status_info cryptstatus; crypt_keyslot_info cryptkeyslot; + char * passphrase = NULL; /* keyutils */ key_serial_t key; void * payload = NULL; @@ -144,10 +145,10 @@ int main(int argc, char **argv) { } if (optarg == NULL) { /* N */ - if ((new_2nd_factor = ask_factor("new second factor")) == NULL) + if ((new_2nd_factor = ask_secret("new second factor")) == NULL) goto out10; - if ((new_2nd_factor_verify = ask_factor("new second factor for verification")) == NULL) + if ((new_2nd_factor_verify = ask_secret("new second factor for verification")) == NULL) goto out10; if (strcmp(new_2nd_factor, new_2nd_factor_verify) != 0) { @@ -168,7 +169,7 @@ int main(int argc, char **argv) { } if (optarg == NULL) { /* S */ - second_factor = ask_factor("current second factor"); + second_factor = ask_secret("current second factor"); } else { /* s */ second_factor = strdup(optarg); memset(optarg, '*', strlen(optarg)); @@ -374,7 +375,11 @@ int main(int argc, char **argv) { goto out60; } } else { /* ck == CRYPT_SLOT_INACTIVE */ - if (crypt_keyslot_add_by_passphrase(cryptdevice, luks_slot, NULL, 0, + if ((passphrase = ask_secret("existing LUKS passphrase")) == NULL) + goto out60; + + if (crypt_keyslot_add_by_passphrase(cryptdevice, luks_slot, + passphrase, strlen(passphrase), passphrase_new, PASSPHRASELEN) < 0) { fprintf(stderr, "Could not add passphrase for key slot %d.\n", luks_slot); goto out60; @@ -425,6 +430,7 @@ out10: memset(passphrase_old, 0, PASSPHRASELEN + 1); memset(passphrase_new, 0, PASSPHRASELEN + 1); + free(passphrase); free(new_2nd_factor_verify); free(new_2nd_factor); free(second_factor); |