From nobody@FreeBSD.org  Wed Aug 15 12:45:10 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7F1EE16A41B
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 15 Aug 2007 12:45:10 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 69E7213C465
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 15 Aug 2007 12:45:10 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.1/8.14.1) with ESMTP id l7FCjA5E011006
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 15 Aug 2007 12:45:10 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.1/8.14.1/Submit) id l7FCjAqp011005;
	Wed, 15 Aug 2007 12:45:10 GMT
	(envelope-from nobody)
Message-Id: <200708151245.l7FCjAqp011005@www.freebsd.org>
Date: Wed, 15 Aug 2007 12:45:10 GMT
From: Volker <volker@freenas.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [PATCH] for GEOM Eli to get password from stdin (useful for non-interactive scripting)
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         115547
>Category:       kern
>Synopsis:       [geom] [patch] [request] let GEOM Eli get password from stdin (useful for non-interactive scripting)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-geom
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 15 12:50:03 GMT 2007
>Closed-Date:    
>Last-Modified:  Fri Apr 17 14:04:48 UTC 2009
>Originator:     Volker
>Release:        
>Organization:
FreeNAS main developer
>Environment:
>Description:
To get GEOM Eli working in our project (http://www.freenas.org) I had
to enhance the geli userland application. The original code does not
support non-interactive scripting, e.g. when creating or initializing
GEOM Eli filesystem, because the password has to be entered interactively
on the console. Because our project is administrated via WebGUI it is
not possible to do that. With the patch you can enter the password non-
interactively as following:

(/bin/echo $passphrase; /bin/echo $passphrase) | /sbin/geli init -t -v -e $ealgo $disk

The code has been taken from the Samba tool 'smbpasswd'. The patch itself
has been done for CURRENT.

I think this is also useful for other users.

Greetings
Volker

/usr/src/sbin/geom/class/eli:

--- geom_eli.c.orig	Mon Aug  6 10:18:42 2007
+++ geom_eli.c	Mon Aug  6 10:36:02 2007
@@ -73,13 +73,15 @@
 static void eli_restore(struct gctl_req *req);
 static void eli_clear(struct gctl_req *req);
 static void eli_dump(struct gctl_req *req);
+static char *eli_get_passwd(struct gctl_req *, const char *, char *, size_t);
+static char *eli_get_stdin_passwd(void);
 
 /*
  * Available commands:
  *
- * init [-bhPv] [-a aalgo] [-e ealgo] [-i iterations] [-l keylen] [-K newkeyfile] prov
+ * init [-bhPtv] [-a aalgo] [-e ealgo] [-i iterations] [-l keylen] [-K newkeyfile] prov
  * label - alias for 'init'
- * attach [-dprv] [-k keyfile] prov
+ * attach [-dprtv] [-k keyfile] prov
  * detach [-fl] prov ...
  * stop - alias for 'detach'
  * onetime [-d] [-a aalgo] [-e ealgo] [-l keylen] prov ...
@@ -103,9 +105,10 @@
 		{ 'l', "keylen", &keylen, G_TYPE_NUMBER },
 		{ 'P', "nonewpassphrase", NULL, G_TYPE_BOOL },
 		{ 's', "sectorsize", &sectorsize, G_TYPE_NUMBER },
+		{ 't', "password-from-stdin", NULL, G_TYPE_NONE },
 		G_OPT_SENTINEL
 	    },
-	    NULL, "[-bPv] [-a aalgo] [-e ealgo] [-i iterations] [-l keylen] [-K newkeyfile] [-s sectorsize] prov"
+	    NULL, "[-bPtv] [-a aalgo] [-e ealgo] [-i iterations] [-l keylen] [-K newkeyfile] [-s sectorsize] prov"
 	},
 	{ "label", G_FLAG_VERBOSE, eli_main,
 	    {
@@ -117,6 +120,7 @@
 		{ 'l', "keylen", &keylen, G_TYPE_NUMBER },
 		{ 'P', "nonewpassphrase", NULL, G_TYPE_BOOL },
 		{ 's', "sectorsize", &sectorsize, G_TYPE_NUMBER },
+		{ 't', "password-from-stdin", NULL, G_TYPE_NONE },
 		G_OPT_SENTINEL
 	    },
 	    NULL, "- an alias for 'init'"
@@ -127,9 +131,10 @@
 		{ 'k', "keyfile", keyfile, G_TYPE_STRING },
 		{ 'p', "nopassphrase", NULL, G_TYPE_BOOL },
 		{ 'r', "readonly", NULL, G_TYPE_BOOL },
+		{ 't', "password-from-stdin", NULL, G_TYPE_NONE },
 		G_OPT_SENTINEL
 	    },
-	    NULL, "[-dprv] [-k keyfile] prov"
+	    NULL, "[-dprtv] [-k keyfile] prov"
 	},
 	{ "detach", 0, NULL,
 	    {
@@ -174,9 +179,10 @@
 		{ 'n', "keyno", &keyno, G_TYPE_NUMBER },
 		{ 'p', "nopassphrase", NULL, G_TYPE_BOOL },
 		{ 'P', "nonewpassphrase", NULL, G_TYPE_BOOL },
+		{ 't', "password-from-stdin", NULL, G_TYPE_NONE },
 		G_OPT_SENTINEL
 	    },
-	    NULL, "[-pPv] [-n keyno] [-i iterations] [-k keyfile] [-K newkeyfile] prov"
+	    NULL, "[-pPtv] [-n keyno] [-i iterations] [-k keyfile] [-K newkeyfile] prov"
 	},
 	{ "delkey", G_FLAG_VERBOSE, eli_main,
 	    {
@@ -359,9 +365,9 @@
 			return (NULL);
 		}
 		for (;;) {
-			p = readpassphrase(
-			    new ? "Enter new passphrase:" : "Enter passphrase:",
-			    buf1, sizeof(buf1), RPP_ECHO_OFF | RPP_REQUIRE_TTY);
+			p = eli_get_passwd(req,
+			    new ? "Enter new passphrase: " : "Enter passphrase: ",
+			    buf1, sizeof(buf1));
 			if (p == NULL) {
 				bzero(buf1, sizeof(buf1));
 				gctl_error(req, "Cannot read passphrase: %s.",
@@ -370,9 +376,8 @@
 			}
 	
 			if (new) {
-				p = readpassphrase("Reenter new passphrase: ",
-				    buf2, sizeof(buf2),
-				    RPP_ECHO_OFF | RPP_REQUIRE_TTY);
+				p = eli_get_passwd(req, "Reenter new passphrase: ",
+				    buf2, sizeof(buf2));
 				if (p == NULL) {
 					bzero(buf1, sizeof(buf1));
 					gctl_error(req,
@@ -383,7 +388,11 @@
 	
 				if (strcmp(buf1, buf2) != 0) {
 					bzero(buf2, sizeof(buf2));
-					fprintf(stderr, "They didn't match.\n");
+					gctl_error(req, "Passphrases didn't match.");
+					/* Exit immediately if reading passwords from stdin. */
+					if (gctl_get_int(req, "password-from-stdin")) {
+						return (NULL);
+					}
 					continue;
 				}
 				bzero(buf2, sizeof(buf2));
@@ -1244,3 +1253,42 @@
 		printf("\n");
 	}
 }
+
+static char *
+eli_get_passwd(struct gctl_req *req, const char *prompt, char *buf, size_t bufsiz)
+{
+	char *p = NULL;
+
+	if (gctl_get_int(req, "password-from-stdin")) {
+		p = eli_get_stdin_passwd();
+		strlcpy(buf, p, bufsiz);
+	} else {
+		p = readpassphrase(prompt, buf, bufsiz, RPP_ECHO_OFF | RPP_REQUIRE_TTY);
+	}
+
+	return p;
+}
+
+static char *
+eli_get_stdin_passwd(void)
+{
+	static char buf[BUFSIZ];
+	size_t len;
+
+	bzero(buf, sizeof(buf));
+
+	/*
+	 * if no error is reported from fgets() and string at least contains
+	 * the newline that ends the password, then replace the newline with
+	 * a null terminator.
+	 */
+	if (fgets(buf, sizeof(buf), stdin) != NULL) {
+		if ((len = strlen(buf)) > 0) {
+			if (buf[len-1] == '\n')
+				buf[len - 1] = 0;
+		}
+	}
+
+	return buf;
+}
+

>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-geom 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Aug 15 18:33:39 UTC 2007 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115547 
State-Changed-From-To: open->suspended 
State-Changed-By: pjd 
State-Changed-When: ndz 1 cze 21:28:29 2008 UTC 
State-Changed-Why:  
Suspend PR, because I can't contact PR author due misconfigured mail server, which refuses e-mail from my mail server. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115547 

From: "Volker Theile" <votdev@gmx.de>
To: bug-followup@FreeBSD.org, pjd@FreeBSD.org, freebsd-geom@FreeBSD.org,
 pjd@FreeBSD.org
Cc:  
Subject: Re: kern/115547: [geom] [patch] [request] let GEOM Eli get password
 from stdin (useful for non-interactive scripting)
Date: Tue, 03 Jun 2008 10:00:18 +0200

 You can also use volker@freenas.org
 
 Patch for 0.7 can be found here:
 http://freenas.svn.sourceforge.net/viewvc/freenas/trunk/build/ports/geom_eli/files/geom_eli.c.diff?view=markup
 
 Regards
 Volker
 
 -------- Original-Nachricht --------
 > Datum: Sun, 1 Jun 2008 21:29:34 GMT
 > Von: pjd@FreeBSD.org
 > An: votdev@gmx.de, pjd@FreeBSD.org, freebsd-geom@FreeBSD.org
 > Betreff: Re: kern/115547: [geom] [patch] [request] let GEOM Eli get password from stdin (useful for non-interactive scripting)
 
 > Synopsis: [geom] [patch] [request] let GEOM Eli get password from stdin
 > (useful for non-interactive scripting)
 > 
 > State-Changed-From-To: open->suspended
 > State-Changed-By: pjd
 > State-Changed-When: ndz 1 cze 21:28:29 2008 UTC
 > State-Changed-Why: 
 > Suspend PR, because I can't contact PR author due misconfigured mail
 > server, which refuses e-mail from my mail server.
 > 
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=115547
 
 -- 
 Psssst! Schon vom neuen GMX MultiMessenger gehrt?
 Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger
State-Changed-From-To: suspended->feedback 
State-Changed-By: pjd 
State-Changed-When: wto 3 cze 09:09:59 2008 UTC 
State-Changed-Why:  


http://www.freebsd.org/cgi/query-pr.cgi?pr=115547 
State-Changed-From-To: feedback->open 
State-Changed-By: gavin 
State-Changed-When: Fri Apr 17 13:54:01 UTC 2009 
State-Changed-Why:  
Mark as open, There seems to be no reason for this to be marked as 
awaiting feedback. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115547 
>Unformatted:
