From 1be0c3bdc64db78b252c17c1077d9743910bd37c Mon Sep 17 00:00:00 2001 From: Russell Bryant Date: Sat, 5 Mar 2011 10:02:25 -0600 Subject: [PATCH] Add -l option to corosync-keygen. This option (-l or --less-secure) causes corosync-keygen to read from /dev/urandom instead of /dev/random to ensure that no input is required from the user. It may be useful when this command is used from a script. Signed-off-by: Russell Bryant Reviewed-by: Steven Dake --- man/corosync-keygen.8 | 10 +++++++-- tools/corosync-keygen.c | 49 ++++++++++++++++++++++++++++++++++++----- 2 files changed, 52 insertions(+), 7 deletions(-) diff --git a/man/corosync-keygen.8 b/man/corosync-keygen.8 index b161569c..5dc3f45c 100644 --- a/man/corosync-keygen.8 +++ b/man/corosync-keygen.8 @@ -35,7 +35,7 @@ .SH NAME corosync-keygen \- Generate an authentication key for Corosync. .SH SYNOPSIS -.B "corosync-keygen" +.B "corosync-keygen [\-l]" .SH DESCRIPTION If you want to configure corosync to use cryptographic techniques to ensure authenticity @@ -62,7 +62,13 @@ If a message "Invalid digest" appears from the corosync executive, the keys are not consistent between processors. .PP .B Note: corosync-keygen -will ask for user input to assist in generating entropy. +will ask for user input to assist in generating entropy unless the -l option is used. +.SH OPTIONS +.TP +.B -l +Use a less secure random data source that will not require user input to help generate +.br +entropy. This may be useful when this utility is used from a script. .SH EXAMPLES .TP Generate the key. diff --git a/tools/corosync-keygen.c b/tools/corosync-keygen.c index c842fd19..73ba8d41 100644 --- a/tools/corosync-keygen.c +++ b/tools/corosync-keygen.c @@ -39,6 +39,7 @@ #include #include #include +#include #include #include @@ -46,12 +47,45 @@ #define KEYFILE COROSYSCONFDIR "/authkey" -int main (void) { +static const char usage[] = + "Usage: corosync-keygen [-l]\n" + " -l / --less-secure - Use a less secure random number source\n" + " (/dev/urandom) that is guaranteed not to require user\n" + " input for entropy. This can be used when this\n" + " application is used from a script.\n"; + + +int main (int argc, char *argv[]) +{ int authkey_fd; int random_fd; unsigned char key[128]; ssize_t res; ssize_t bytes_read; + int c; + int option_index; + int less_secure = 0; + static struct option long_options[] = { + { "less-secure", no_argument, NULL, 'l' }, + { "help", no_argument, NULL, 'h' }, + { 0, 0, NULL, 0 }, + }; + + while ((c = getopt_long (argc, argv, "lh", + long_options, &option_index)) != -1) { + switch (c) { + case 'l': + less_secure = 1; + break; + case 'h': + printf ("%s\n", usage); + exit(0); + break; + default: + printf ("Error parsing command line options.\n"); + exit (1); + } + } printf ("Corosync Cluster Engine Authentication key generator.\n"); if (geteuid() != 0) { @@ -65,11 +99,16 @@ int main (void) { } } - printf ("Gathering %lu bits for key from /dev/random.\n", (unsigned long)(sizeof (key) * 8)); - printf ("Press keys on your keyboard to generate entropy.\n"); - random_fd = open ("/dev/random", O_RDONLY); + if (less_secure) { + random_fd = open ("/dev/urandom", O_RDONLY); + } else { + printf ("Gathering %lu bits for key from /dev/random.\n", (unsigned long)(sizeof (key) * 8)); + printf ("Press keys on your keyboard to generate entropy.\n"); + random_fd = open ("/dev/random", O_RDONLY); + } + if (random_fd == -1) { - perror ("Is /dev/random present? Opening /dev/random"); + perror ("Failed to open random source\n"); exit (errno); }