proxmox-mirrors/mirror_corosync
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_corosync synced 2025-08-15 18:36:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
mirror_corosync/tools/corosync-keygen.c
Jan Friesse c260bce45b keygen: Reflect change in knet 
Knet commit 1cb36f0cffd4559971826ca4774a88c5b05882fb reduced minimal
key length to 1024-bit. Keygen should keep compatibility with already
released 3.0.[0-1] so default key length should be 2048 bits. It's
possible to use -s argument to generate shorter key - keygen respects
minimum/maximum as defined by knet.

Also fix man page to reflect this change.

Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
2019-04-11 15:14:06 +02:00

192 lines
5.5 KiB
C
Raw Permalink Blame History

/*
* Copyright (c) 2004 MontaVista Software, Inc.
* Copyright (c) 2005-2019 Red Hat, Inc.
*
* All rights reserved.
*
* Author: Steven Dake (sdake@redhat.com)
* Jan Friesse (jfriesse@redhat.com)
*
* This software licensed under BSD license, the text of which follows:
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* - Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* - Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* - Neither the name of the MontaVista Software, Inc. nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <config.h>
#include <err.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
#include <getopt.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <netinet/in.h>
#include <corosync/totem/totem.h>
#define DEFAULT_KEYFILE COROSYSCONFDIR "/authkey"
#define DEFAULT_KEYFILE_LEN 256
#define DEFAULT_RANDOM_DEV "/dev/urandom"
static const char usage[] =
"Usage: corosync-keygen [-k <keyfile>] [-s size] [-m <randomfile>] [-l] [-h]\n"
" -k / --key-file=<filename> - Write to the specified keyfile\n"
" instead of the default " DEFAULT_KEYFILE ".\n"
" -r / --random-file - Random number source file. Default is \n"
" /dev/urandom. As an example /dev/random may be requested\n"
" (that may require user input for entropy).\n"
" -l / --less-secure - Not used, option is kept only\n"
" for compatibility.\n"
" -s / --size - Length of key.\n"
" -h / --help - Print basic usage.\n";
int main (int argc, char *argv[])
{
int authkey_fd;
int random_fd;
char *keyfile = NULL;
unsigned char key[TOTEM_PRIVATE_KEY_LEN_MAX];
ssize_t res;
ssize_t bytes_read;
size_t key_len = DEFAULT_KEYFILE_LEN;
const char *random_dev = DEFAULT_RANDOM_DEV;
long long int tmpll;
char *ep;
int c;
int option_index;
static struct option long_options[] = {
{ "key-file", required_argument, NULL, 'k' },
{ "less-secure", no_argument, NULL, 'l' },
{ "random-file", required_argument, NULL, 'r' },
{ "size", required_argument, NULL, 's' },
{ "help", no_argument, NULL, 'h' },
{ 0, 0, NULL, 0 },
};
while ((c = getopt_long (argc, argv, "k:r:s:lh",
long_options, &option_index)) != -1) {
switch (c) {
case 'k':
keyfile = optarg;
break;
case 'l':
/*
* Only kept for compatibility
*/
break;
case 'r':
random_dev = optarg;
break;
case 's':
tmpll = strtoll(optarg, &ep, 10);
if (tmpll < TOTEM_PRIVATE_KEY_LEN_MIN ||
tmpll > TOTEM_PRIVATE_KEY_LEN_MAX ||
errno != 0 || *ep != '\0') {
errx (1, "Unsupported key size (supported <%u,%u>)\n",
TOTEM_PRIVATE_KEY_LEN_MIN,
TOTEM_PRIVATE_KEY_LEN_MAX);
}
key_len = (size_t)tmpll;
break;
case 'h':
printf ("%s\n", usage);
exit(0);
break;
default:
printf ("Error parsing command line options.\n");
exit (1);
}
}
printf ("Corosync Cluster Engine Authentication key generator.\n");
if (!keyfile) {
keyfile = (char *)DEFAULT_KEYFILE;
}
printf ("Gathering %lu bits for key from %s.\n", (unsigned long)(key_len * 8), random_dev);
random_fd = open (random_dev, O_RDONLY);
if (random_fd == -1) {
err (1, "Failed to open random source");
}
if (strcmp(random_dev, "/dev/random") == 0) {
printf ("Press keys on your keyboard to generate entropy.\n");
}
/*
* Read random data
*/
bytes_read = 0;
retry_read:
res = read (random_fd, &key[bytes_read], key_len - bytes_read);
if (res == -1) {
err (1, "Could not read /dev/random");
}
bytes_read += res;
if (bytes_read != key_len) {
printf ("Press keys on your keyboard to generate entropy (%d bits still needed).\n",
(int)((key_len - bytes_read) * 8));
goto retry_read;
}
close (random_fd);
/*
* Open key
*/
authkey_fd = open (keyfile, O_CREAT|O_WRONLY|O_TRUNC, 0600);
if (authkey_fd == -1) {
err (2, "Could not create %s", keyfile);
}
if (fchmod (authkey_fd, 0400)) {
err (3, "Failed to set key file permissions to 0400");
}
printf ("Writing corosync key to %s.\n", keyfile);
/*
* Write key
*/
res = write (authkey_fd, key, key_len);
if (res != key_len) {
err (4, "Could not write %s", keyfile);
}
if (close (authkey_fd)) {
err (5, "Could not close %s", keyfile);
}
return (0);
}
Reference in New Issue View Git Blame Copy Permalink