To get GEOM Eli working in our project (http://www.freenas.org) I had to enhance the geli userland application. The original code does not support non-interactive scripting, e.g. when creating or initializing GEOM Eli filesystem, because the password has to be entered interactively on the console. Because our project is administrated via WebGUI it is not possible to do that. With the patch you can enter the password non- interactively as following: (/bin/echo $passphrase; /bin/echo $passphrase) | /sbin/geli init -t -v -e $ealgo $disk The code has been taken from the Samba tool 'smbpasswd'. The patch itself has been done for CURRENT. I think this is also useful for other users. Greetings Volker /usr/src/sbin/geom/class/eli: --- geom_eli.c.orig Mon Aug 6 10:18:42 2007 +++ geom_eli.c Mon Aug 6 10:36:02 2007 @@ -73,13 +73,15 @@ static void eli_restore(struct gctl_req *req); static void eli_clear(struct gctl_req *req); static void eli_dump(struct gctl_req *req); +static char *eli_get_passwd(struct gctl_req *, const char *, char *, size_t); +static char *eli_get_stdin_passwd(void); /* * Available commands: * - * init [-bhPv] [-a aalgo] [-e ealgo] [-i iterations] [-l keylen] [-K newkeyfile] prov + * init [-bhPtv] [-a aalgo] [-e ealgo] [-i iterations] [-l keylen] [-K newkeyfile] prov * label - alias for 'init' - * attach [-dprv] [-k keyfile] prov + * attach [-dprtv] [-k keyfile] prov * detach [-fl] prov ... * stop - alias for 'detach' * onetime [-d] [-a aalgo] [-e ealgo] [-l keylen] prov ... @@ -103,9 +105,10 @@ { 'l', "keylen", &keylen, G_TYPE_NUMBER }, { 'P', "nonewpassphrase", NULL, G_TYPE_BOOL }, { 's', "sectorsize", §orsize, G_TYPE_NUMBER }, + { 't', "password-from-stdin", NULL, G_TYPE_NONE }, G_OPT_SENTINEL }, - NULL, "[-bPv] [-a aalgo] [-e ealgo] [-i iterations] [-l keylen] [-K newkeyfile] [-s sectorsize] prov" + NULL, "[-bPtv] [-a aalgo] [-e ealgo] [-i iterations] [-l keylen] [-K newkeyfile] [-s sectorsize] prov" }, { "label", G_FLAG_VERBOSE, eli_main, { @@ -117,6 +120,7 @@ { 'l', "keylen", &keylen, G_TYPE_NUMBER }, { 'P', "nonewpassphrase", NULL, G_TYPE_BOOL }, { 's', "sectorsize", §orsize, G_TYPE_NUMBER }, + { 't', "password-from-stdin", NULL, G_TYPE_NONE }, G_OPT_SENTINEL }, NULL, "- an alias for 'init'" @@ -127,9 +131,10 @@ { 'k', "keyfile", keyfile, G_TYPE_STRING }, { 'p', "nopassphrase", NULL, G_TYPE_BOOL }, { 'r', "readonly", NULL, G_TYPE_BOOL }, + { 't', "password-from-stdin", NULL, G_TYPE_NONE }, G_OPT_SENTINEL }, - NULL, "[-dprv] [-k keyfile] prov" + NULL, "[-dprtv] [-k keyfile] prov" }, { "detach", 0, NULL, { @@ -174,9 +179,10 @@ { 'n', "keyno", &keyno, G_TYPE_NUMBER }, { 'p', "nopassphrase", NULL, G_TYPE_BOOL }, { 'P', "nonewpassphrase", NULL, G_TYPE_BOOL }, + { 't', "password-from-stdin", NULL, G_TYPE_NONE }, G_OPT_SENTINEL }, - NULL, "[-pPv] [-n keyno] [-i iterations] [-k keyfile] [-K newkeyfile] prov" + NULL, "[-pPtv] [-n keyno] [-i iterations] [-k keyfile] [-K newkeyfile] prov" }, { "delkey", G_FLAG_VERBOSE, eli_main, { @@ -359,9 +365,9 @@ return (NULL); } for (;;) { - p = readpassphrase( - new ? "Enter new passphrase:" : "Enter passphrase:", - buf1, sizeof(buf1), RPP_ECHO_OFF | RPP_REQUIRE_TTY); + p = eli_get_passwd(req, + new ? "Enter new passphrase: " : "Enter passphrase: ", + buf1, sizeof(buf1)); if (p == NULL) { bzero(buf1, sizeof(buf1)); gctl_error(req, "Cannot read passphrase: %s.", @@ -370,9 +376,8 @@ } if (new) { - p = readpassphrase("Reenter new passphrase: ", - buf2, sizeof(buf2), - RPP_ECHO_OFF | RPP_REQUIRE_TTY); + p = eli_get_passwd(req, "Reenter new passphrase: ", + buf2, sizeof(buf2)); if (p == NULL) { bzero(buf1, sizeof(buf1)); gctl_error(req, @@ -383,7 +388,11 @@ if (strcmp(buf1, buf2) != 0) { bzero(buf2, sizeof(buf2)); - fprintf(stderr, "They didn't match.\n"); + gctl_error(req, "Passphrases didn't match."); + /* Exit immediately if reading passwords from stdin. */ + if (gctl_get_int(req, "password-from-stdin")) { + return (NULL); + } continue; } bzero(buf2, sizeof(buf2)); @@ -1244,3 +1253,42 @@ printf("\n"); } } + +static char * +eli_get_passwd(struct gctl_req *req, const char *prompt, char *buf, size_t bufsiz) +{ + char *p = NULL; + + if (gctl_get_int(req, "password-from-stdin")) { + p = eli_get_stdin_passwd(); + strlcpy(buf, p, bufsiz); + } else { + p = readpassphrase(prompt, buf, bufsiz, RPP_ECHO_OFF | RPP_REQUIRE_TTY); + } + + return p; +} + +static char * +eli_get_stdin_passwd(void) +{ + static char buf[BUFSIZ]; + size_t len; + + bzero(buf, sizeof(buf)); + + /* + * if no error is reported from fgets() and string at least contains + * the newline that ends the password, then replace the newline with + * a null terminator. + */ + if (fgets(buf, sizeof(buf), stdin) != NULL) { + if ((len = strlen(buf)) > 0) { + if (buf[len-1] == '\n') + buf[len - 1] = 0; + } + } + + return buf; +} +
Responsible Changed From-To: freebsd-bugs->freebsd-geom Over to maintainer(s).
You can also use volker@freenas.org Patch for 0.7 can be found here: http://freenas.svn.sourceforge.net/viewvc/freenas/trunk/build/ports/geom_eli/files/geom_eli.c.diff?view=markup Regards Volker -------- Original-Nachricht -------- > Datum: Sun, 1 Jun 2008 21:29:34 GMT > Von: pjd@FreeBSD.org > An: votdev@gmx.de, pjd@FreeBSD.org, freebsd-geom@FreeBSD.org > Betreff: Re: kern/115547: [geom] [patch] [request] let GEOM Eli get password from stdin (useful for non-interactive scripting) > Synopsis: [geom] [patch] [request] let GEOM Eli get password from stdin > (useful for non-interactive scripting) > > State-Changed-From-To: open->suspended > State-Changed-By: pjd > State-Changed-When: ndz 1 cze 21:28:29 2008 UTC > State-Changed-Why: > Suspend PR, because I can't contact PR author due misconfigured mail > server, which refuses e-mail from my mail server. > > http://www.freebsd.org/cgi/query-pr.cgi?pr=115547 -- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger
State Changed From-To: feedback->open Mark as open, There seems to be no reason for this to be marked as awaiting feedback.
State Changed From-To: open->suspended Suspend PR, because I can't contact PR author due misconfigured mail server, which refuses e-mail from my mail server.
State Changed From-To: suspended->feedback
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped