![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package util-linux-crypto checked in at Wed May 9 15:16:56 CEST 2007. -------- --- util-linux-crypto/util-linux-crypto.changes 2007-05-09 09:40:45.000000000 +0200 +++ /mounts/work_src_done/STABLE/util-linux-crypto/util-linux-crypto.changes 2007-05-09 14:52:45.000000000 +0200 @@ -1,0 +2,11 @@ +Wed May 9 14:52:00 CEST 2007 - lnussel@suse.de + +- boot.crypto: implement 'status' +- boot.crypto: accept argument to start/stop single devices + +------------------------------------------------------------------- +Wed May 9 10:40:28 CEST 2007 - lnussel@suse.de + +- hashalot: add timeout option + +------------------------------------------------------------------- New: ---- hashalot-manpage.diff hashalot-timeout.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ util-linux-crypto.spec ++++++ --- /var/tmp/diff_new_pack.i25515/_old 2007-05-09 15:16:44.000000000 +0200 +++ /var/tmp/diff_new_pack.i25515/_new 2007-05-09 15:16:44.000000000 +0200 @@ -22,7 +22,7 @@ Group: System/Base Autoreqprov: on Version: 2.12r -Release: 32 +Release: 33 Summary: A Collection of Basic File System Encryption Utilities Source: cryptsetup-luks-%csver.tar.bz2 Source1: hashalot-%haver.tar.bz2 @@ -39,6 +39,8 @@ Patch10: hashalot-fixes.diff Patch11: hashalot-libgcrypt.diff Patch12: hashalot-ctrl-d.diff +Patch13: hashalot-timeout.diff +Patch14: hashalot-manpage.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build Provides: aaa_base:/etc/init.d/boot.crypto # we need losetup @@ -81,6 +83,8 @@ %patch10 %patch11 %patch12 +%patch13 +%patch14 %build # cryptsetup build @@ -172,6 +176,11 @@ %changelog * Wed May 09 2007 - lnussel@suse.de +- boot.crypto: implement 'status' +- boot.crypto: accept argument to start/stop single devices +* Wed May 09 2007 - lnussel@suse.de +- hashalot: add timeout option +* Wed May 09 2007 - lnussel@suse.de - fix build * Tue May 08 2007 - lnussel@suse.de - boot.crypto: switch off splash screen only when needed ++++++ boot.crypto ++++++ --- util-linux-crypto/boot.crypto 2007-05-08 14:48:36.000000000 +0200 +++ /mounts/work_src_done/STABLE/util-linux-crypto/boot.crypto 2007-05-09 14:51:18.000000000 +0200 @@ -87,11 +87,11 @@ trap "exit 0" SIGTERM trap "echo" SIGINT SIGSEGV usleep 15000 - while test $TIMEOUT -gt 0 ; do + while test $timeout -gt 0 ; do # cursor to start of line, erase line, print prompt echo -en "\r\e[2K${prmt}" sleep 2 - : $((TIMEOUT-=2)) + : $((timeout-=2)) done ) & ppid=$! else @@ -210,7 +210,7 @@ # run sulogin only during boot if test "$base" != "$link"; then PS1="(repair filesystem) # " - /sbin/sulogin -t "$TIMEOUT" $REDIRECT < $REDIRECT > $REDIRECT 2>&1 + /sbin/sulogin -t "$timeout" $REDIRECT < $REDIRECT > $REDIRECT 2>&1 sync if ! paranoid_safety_checks "$filesys" "$device" "$mp" "$physdev" 'quiet'; then @@ -237,17 +237,20 @@ start_cryptotab () { - test -s $CRYPTOTAB || return 0 - local stat=0 local haveone='' + timeout="$TIMEOUT" - echo "Activating crypto devices using $CRYPTOTAB ... " + test -n "$tostart" || echo "Activating crypto devices using $CRYPTOTAB ... " while read loopdev physdev access filesys crypto mopt info rest ; do case "$loopdev" in \#*|"") continue ;; esac + if test -n "$tostart" -a "$loopdev" != "$tostart" -a "$physdev" != "$tostart" -a "$access" != "$tostart"; then + continue + fi + haveone=1 redirect @@ -322,7 +325,7 @@ continue 2 fi - params="-t $TIMEOUT -c $cipher -s $keylen -h $hashalgo" + params="-t $timeout -c $cipher -s $keylen -h $hashalgo" setprompt /sbin/cryptsetup $params create "$name" "$device" < $REDIRECT > $REDIRECT 2>&1 @@ -375,7 +378,7 @@ report $stat "$physdev..." done < $CRYPTOTAB - if test -z "$haveone"; then + if test -z "$haveone" -a -z "$tostart"; then rc_failed 6 rc_status -v1 fi @@ -383,22 +386,24 @@ hashalotcryptsetup() { - /sbin/hashalot ${halgo:+$halgo} ${pseed:+-s $pseed} ${itercountk:+-C $itercountk} | /sbin/cryptsetup "$@" + /sbin/hashalot ${halgo:+$halgo} -t $timeout ${pseed:+-s $pseed} ${itercountk:+-C $itercountk} | /sbin/cryptsetup "$@" } start_crypttab () { - test -s $CRYPTTAB || return 0 - local stat=0 local haveone='' - echo "Activating crypto devices using $CRYPTTAB ... " + test -n "$tostart" || echo "Activating crypto devices using $CRYPTTAB ... " while read name physdev keyfile options dummy; do case "$name" in \#*|"") continue ;; esac + if test -n "$tostart" -a "$name" != "$tostart" -a "$physdev" != "$tostart"; then + continue + fi + haveone=1 redirect @@ -430,7 +435,6 @@ luks="" check="" checkargs="" - noauto="" loopdev="" param_ro="" cipher="" @@ -501,7 +505,6 @@ ;; pseed) pseed="$value" ;; itercountk) itercountk="$value" ;; - noauto) noauto=yes ;; precheck|loud|ssl|gpg|keyscript|*) echo "unsupported crypttab option: '$param'" skip='yes' @@ -521,7 +524,7 @@ fi fi - if test "$skip" = "yes" -o "$noauto" = "yes" ; then + if test "$skip" = "yes" -o \( "$noauto" = "yes" -a -z "$tostart" \); then report 5 "$physdev" continue fi @@ -704,7 +707,7 @@ report $stat "$physdev..." done < $CRYPTTAB - if test -z "$haveone"; then + if test -z "$haveone" -a -z "$tostart"; then rc_failed 6 rc_status -v1 fi @@ -731,21 +734,28 @@ stop_cryptotab () { - test -s $CRYPTOTAB || return 0 + local haveone='' + + test -n "$tostop" || echo "Turning off crypto devices using $CRYPTOTAB ... " - echo "Turning off crypto devices using $CRYPTOTAB ... " while read loopdev physdev access filesys crypto mopt rest ; do case "$loopdev" in \#*|"") continue ;; esac + if test -n "$tostop" -a "$loopdev" != "$tostop" -a "$physdev" != "$tostop" -a "$access" != "$tostop"; then + continue + fi + + haveone=1 + name="${loopdev#/dev/}" name="cryptotab_${name//[^A-Za-z0-9]/_}" if test -b "/dev/mapper/$name"; then if ! umount_or_swapoff; then - rc_failed 1 + report 1 "$physdev..." continue fi @@ -756,26 +766,39 @@ losetup -d $loopdev || rc_failed 1 fi + echo -n "$physdev..." + rc_status -v + done < <(reverse < $CRYPTOTAB) - rc_status -v1 + if test -z "$haveone" -a -z "$tostop"; then + rc_status -v1 + fi } stop_crypttab () { - test -s $CRYPTTAB || return 0 + local haveone='' - echo "Turning off crypto devices using $CRYPTTAB ... " - while read name device keyfile options dummy; do + test -n "$tostop" || echo "Turning off crypto devices using $CRYPTTAB ... " + + while read name physdev keyfile options dummy; do case "$name" in \#*|"") continue ;; esac + if test -n "$tostop" -a "$name" != "$tostop" -a "$physdev" != "$tostop"; then + continue + fi + + haveone=1 + loopdev="" + device="$physdev" if test -b "/dev/mapper/$name"; then if ! umount_or_swapoff; then - rc_failed 1 + report 1 "$physdev..." continue fi @@ -783,21 +806,140 @@ fi # delete the loop device - if test -f "$device"; then - while read line; do - case "$line" in - *\(${device}\)*) device=${line%%:*}; loopdev='yes' ;; - esac - done < <(/sbin/losetup -a) - fi + while read line; do + case "$line" in + *\(${physdev}\)*) device=${line%%:*}; loopdev='yes' ;; + esac + done < <(/sbin/losetup -a) if test -n "$loopdev" && losetup $device >/dev/null 2>&1; then /sbin/losetup -d $device || rc_failed 1 fi + echo -n "$physdev..." + rc_status -v + done < <(reverse < $CRYPTTAB) - rc_status -v1 + if test -z "$haveone" -a -z "$tostop"; then + rc_status -v1 + fi +} + +status_cryptotab() +{ + local state str + local haveone='' + while read loopdev physdev access filesys crypto mopt info rest ; do + case "$loopdev" in + \#*|"") continue ;; + esac + + haveone=1 + + name="${loopdev#/dev/}" + name="cryptotab_${name//[^A-Za-z0-9]/_}" + + echo -n "$physdev" + state=0 + str='' + + if losetup "$loopdev" > /dev/null 2>&1; then + str="$str ${loopdev#/dev/}" + state=$((state+1)) + fi + if test -b "/dev/mapper/$name"; then + str="$str mapped" + state=$((state+1)) + fi + if /bin/grep -q "^/dev/mapper/$name[ \t]" /proc/mounts; then + str="$str mounted" + state=$((state+1)) + fi + + if test "$state" = 3; then + rc_failed 0 + elif test "$state" != 0; then + rc_failed 4 + else + rc_failed 3 + fi + + if test -n "$str"; then + echo -n " [$str ]" + fi + rc_status -v + + done < $CRYPTOTAB + + if test -z "$haveone"; then + report 3 "$CRYPTOTAB" + fi +} + +status_crypttab() +{ + local state str + local haveone='' + + while read name physdev keyfile options dummy; do + case "$name" in + \#*|"") continue ;; + esac + + haveone=1 + + echo -n "$physdev" + state=0 + str='' + + loopdev='' + # find the loop device + while read line; do + case "$line" in + *\(${physdev}\)*) loopdev=${line%%:*};; + esac + done < <(/sbin/losetup -a) + + if test -n "$loopdev" && losetup "$loopdev" > /dev/null 2>&1; then + str="$str ${loopdev#/dev/}" + state=$((state|1)) + fi + if test -b "/dev/mapper/$name"; then + str="$str mapped" + state=$((state|2)) + fi + if /bin/grep -q "^/dev/mapper/$name[ \t]" /proc/mounts; then + str="$str mounted" + state=$((state|4)) + elif /bin/grep -q "^/dev/mapper/$name[ \t]" /proc/swaps; then + str="$str swap" + state=$((state|4)) + fi + + if test -n "$str"; then + echo -n " [$str ]" + fi + if test "$state" != 0; then + if test $((state&2)) = 0; then + rc_failed 4 + else + if ! test -e "$physdev"; then + rc_failed 1 + else + rc_failed 0 + fi + fi + else + rc_failed 3 + fi + rc_status -v + + done < $CRYPTTAB + + if test -z "$haveone"; then + report 3 "$CRYPTTAB" + fi } # @@ -868,8 +1010,15 @@ rc_exit fi - start_cryptotab - start_crypttab + tostart="$2" + + if test -s $CRYPTOTAB; then + start_cryptotab + fi + + if test -s $CRYPTTAB; then + start_crypttab + fi rc_failed 0 @@ -878,17 +1027,30 @@ cutomize_start_hook ;; stop) - stop_cryptotab - stop_crypttab + tostop="$2" + + if test -s $CRYPTOTAB; then + stop_cryptotab + fi + + if test -s $CRYPTTAB; then + stop_crypttab + fi rc_failed 0 cutomize_stop_hook ;; status) - rc_failed 4 - rc_status -v + if test -s $CRYPTOTAB; then + status_cryptotab + fi + + if test -s $CRYPTTAB; then + status_crypttab + fi + rc_failed 0 ;; restart) $0 stop ++++++ crypttab.5 ++++++ --- util-linux-crypto/crypttab.5 2007-05-08 15:16:33.000000000 +0200 +++ /mounts/work_src_done/STABLE/util-linux-crypto/crypttab.5 2007-05-09 15:06:14.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: crypttab .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: 05/08/2007 +.\" Date: 05/09/2007 .\" Manual: .\" Source: .\" -.TH "CRYPTTAB" "5" "05/08/2007" "" "" +.TH "CRYPTTAB" "5" "05/09/2007" "" "" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -162,7 +162,7 @@ .PP \fBitercountk=<num>\fR .RS 4 -Encrypts the hashed password <num> times using AES\-256. Use for compatability with loop\-AES. +Encrypts the hashed password <num> thousand times using AES\-256. Use for compatability with loop\-AES. .RE .PP \fBloud\fR, \fBssl\fR, \fBgpg\fR, \fBkeyscript\fR ++++++ crypttab.5.txt ++++++ --- util-linux-crypto/crypttab.5.txt 2007-05-08 15:16:25.000000000 +0200 +++ /mounts/work_src_done/STABLE/util-linux-crypto/crypttab.5.txt 2007-05-09 10:46:32.000000000 +0200 @@ -120,8 +120,8 @@ dictionary attacks harder. Use for compatability with loop-AES. *itercountk=<num>*:: -Encrypts the hashed password <num> times using AES-256. Use for -compatability with loop-AES. +Encrypts the hashed password <num> thousand times using AES-256. Use +for compatability with loop-AES. *loud*, *ssl*, *gpg*, *keyscript*:: not supported. Listed here as they are supported by Debian. ++++++ hashalot-ctrl-d.diff ++++++ --- /var/tmp/diff_new_pack.i25515/_old 2007-05-09 15:16:45.000000000 +0200 +++ /var/tmp/diff_new_pack.i25515/_new 2007-05-09 15:16:45.000000000 +0200 @@ -4,7 +4,7 @@ Index: hashalot-0.3/hashalot.c =================================================================== ---- hashalot-0.3/hashalot.c +--- hashalot-0.3/hashalot.c.orig +++ hashalot-0.3/hashalot.c @@ -275,6 +275,10 @@ main(int argc, char *argv[]) ++++++ hashalot-manpage.diff ++++++ document -C and -t options in manpage Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de> Index: hashalot-0.3/hashalot.1 =================================================================== --- hashalot-0.3/hashalot.1.orig +++ hashalot-0.3/hashalot.1 @@ -2,9 +2,9 @@ .SH NAME hashalot \- read a passphrase and print a hash .SH SYNOPSIS -.B hashalot [ \-s SALT ] [ \-x ] [ \-n #BYTES ] HASHTYPE +.B hashalot [ \-t secs ] [ \-s SALT ] [ \-x ] [ \-n #BYTES ] [ \-C itercountk ] HASHTYPE .br -.B HASHTYPE [ \-s SALT ] [ \-x ] [ \-n #BYTES ] +.B HASHTYPE [ \-t secs ] [ \-s SALT ] [ \-x ] [ \-n #BYTES ] [ \-C itercountk ] .SH DESCRIPTION .PP \fIhashalot\fP is a small tool that reads a passphrase from standard @@ -36,6 +36,18 @@ option can be used to limit (or increase default is as appropriate for the specified hash algorithm: 20 bytes for RIPEMD160, 32 bytes for SHA256, etc. The default for the "rmd160compat" hash is 16 bytes, for compatibility with the old kerneli.org utilities. +.PP +The +.B \-t +option specifies a timeout for reading the passphrase from the terminal. +.PP +The +.B \-C +option specifies that the hashed password has to be encrypted +itercountk thousand times using AES-256. Use for compatability with +loop-AES. +.PP +The options \-t and \-C are currently SUSE specific .SH AUTHOR Ben Slusky <sluskyb@paranoiacs.org> .PP ++++++ hashalot-timeout.diff ++++++ add timeout option -t Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de> Index: hashalot-0.3/hashalot.c =================================================================== --- hashalot-0.3/hashalot.c.orig +++ hashalot-0.3/hashalot.c @@ -21,6 +21,7 @@ #include <string.h> #include <unistd.h> #include <assert.h> +#include <signal.h> #include <sys/types.h> #include <sys/mman.h> @@ -36,6 +37,12 @@ typedef int (*phash_func_t)(char dest[], size_t dest_len, const char src[], size_t src_len); +static int got_timeout; +void alrm_handler(int num) +{ + got_timeout = 1; +} + static int phash_rmd160(char dest[], size_t dest_len, const char src[], size_t src_len) { @@ -101,9 +108,9 @@ show_usage(const char argv0[]) fprintf (stdout, "usage:\n" - " hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ] HASHTYPE\n" + " hashalot [ -t secs ] [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ] HASHTYPE\n" " or\n" - " HASHTYPE [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ]\n" + " HASHTYPE [ -t secs ] [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ]\n" "\n" "supported values for HASHTYPE: "); @@ -219,8 +226,9 @@ main(int argc, char *argv[]) phash_func_t func; int hex_output = 0, c; unsigned long itercountk = 0; + unsigned timeout = 0; - while ((c = getopt(argc, argv, "n:s:xC:")) != -1) { + while ((c = getopt(argc, argv, "n:s:xC:t:")) != -1) { switch (c) { case 'n': hashlen = strtoul(optarg, &p, 0); @@ -235,6 +243,9 @@ main(int argc, char *argv[]) case 's': salt = optarg; break; + case 't': + timeout = atoi(optarg); + break; case 'x': hex_output++; break; @@ -273,12 +284,25 @@ main(int argc, char *argv[]) fputs("Warning: couldn't lock memory, are you root?\n", stderr); } + if(timeout) { + struct sigaction sa; + sa.sa_handler = alrm_handler; + sigemptyset (&sa.sa_mask); + sa.sa_flags = 0; + sigaction(SIGALRM, &sa, NULL); + alarm(timeout); + } + /* here we acquire the precious passphrase... */ pass = xgetpass("Enter passphrase: "); - if(!*pass) { + if(got_timeout || !*pass) { exit(EXIT_FAILURE); } + if(timeout) { + alarm(0); + } + if (salt) pass = salt_passphrase(pass, salt); hashlen = func(passhash, hashlen, pass, strlen(pass)); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org