lofiadm：通过脚本输入密码

Question

根据源代码，lofiadm使用pkcs11_get_pass从libcryptoutil.so获取密码：

864 rv = C_OpenSession(cipher->slot, CKF_SERIAL_SESSION, NULL, NULL, &sess);
865 if (rv != CKR_OK)
866     goto cleanup;
867
868 /* get user passphrase with 8 byte minimum */
869 if (pkcs11_get_pass(NULL, &pass, &passlen, MIN_PASSLEN, B_TRUE) < 0) {
870     die(gettext("passphrases do not match\n"));
871 }
872
873 /*
874  * salt should not be NULL, or else pkcs11_PasswdToKey() will
875  * complain about CKR_MECHANISM_PARAM_INVALID; the following is
876  * to make up for not having a salt until a proper one is used
877  */
878 salt = pass;
879 saltlen = passlen;
880
881 klen = cipher->max_keysize;
882 rv = pkcs11_PasswdToKey(sess, pass, passlen, salt, saltlen, ktype,
883     cipher->max_keysize, &kvalue, &klen);

并pkcs11_get_pass使用getpassphrase():

72  if (token_name != NULL)
73      (void) snprintf(prompt, sizeof (prompt), DEFAULT_TOKEN_PROMPT,
74          token_name);
75  else
76      (void) snprintf(prompt, sizeof (prompt), DEFAULT_USER_PROMPT);
77
78  for (tries = MAX_PASS_TRIES; tries > 0; tries--) {
79      tmpbuf = getpassphrase(prompt);
80      if (tmpbuf == NULL)
81          return (-1);
82
83      if (strnlen(tmpbuf, min_psize) >= min_psize)
84          break;
85
86      if (token_name != NULL)
87          (void) printf(DEFAULT_TOKEN_MINSIZE, min_psize);
88      else
89          (void) printf(DEFAULT_USER_MINSIZE, min_psize);
90  }
91  if (tries == 0) {
92      (void) printf(gettext("Exceeded number of attempts.\n"));
93      return (-1);
94  }

这手册页forgetpassphrase()表示如果不访问终端它将无法工作：

getpass() 函数打开进程的控制终端，将空终止字符串提示写入该设备，禁用回显，读取字符串直到下一个换行符或 EOF，恢复终端状态并关闭终端。

getpassphrase() 函数与 getpass() 相同，只是它读取并返回长度最多为 257 个字符的字符串。

...

恩熙

该进程没有控制终端。

因此，似乎没有简单的方法来编写密码输入脚本。

Answer 1

根据源代码，lofiadm使用pkcs11_get_pass从libcryptoutil.so获取密码：

864 rv = C_OpenSession(cipher->slot, CKF_SERIAL_SESSION, NULL, NULL, &sess);
865 if (rv != CKR_OK)
866     goto cleanup;
867
868 /* get user passphrase with 8 byte minimum */
869 if (pkcs11_get_pass(NULL, &pass, &passlen, MIN_PASSLEN, B_TRUE) < 0) {
870     die(gettext("passphrases do not match\n"));
871 }
872
873 /*
874  * salt should not be NULL, or else pkcs11_PasswdToKey() will
875  * complain about CKR_MECHANISM_PARAM_INVALID; the following is
876  * to make up for not having a salt until a proper one is used
877  */
878 salt = pass;
879 saltlen = passlen;
880
881 klen = cipher->max_keysize;
882 rv = pkcs11_PasswdToKey(sess, pass, passlen, salt, saltlen, ktype,
883     cipher->max_keysize, &kvalue, &klen);

并pkcs11_get_pass使用getpassphrase():

72  if (token_name != NULL)
73      (void) snprintf(prompt, sizeof (prompt), DEFAULT_TOKEN_PROMPT,
74          token_name);
75  else
76      (void) snprintf(prompt, sizeof (prompt), DEFAULT_USER_PROMPT);
77
78  for (tries = MAX_PASS_TRIES; tries > 0; tries--) {
79      tmpbuf = getpassphrase(prompt);
80      if (tmpbuf == NULL)
81          return (-1);
82
83      if (strnlen(tmpbuf, min_psize) >= min_psize)
84          break;
85
86      if (token_name != NULL)
87          (void) printf(DEFAULT_TOKEN_MINSIZE, min_psize);
88      else
89          (void) printf(DEFAULT_USER_MINSIZE, min_psize);
90  }
91  if (tries == 0) {
92      (void) printf(gettext("Exceeded number of attempts.\n"));
93      return (-1);
94  }

这手册页forgetpassphrase()表示如果不访问终端它将无法工作：

getpass() 函数打开进程的控制终端，将空终止字符串提示写入该设备，禁用回显，读取字符串直到下一个换行符或 EOF，恢复终端状态并关闭终端。

getpassphrase() 函数与 getpass() 相同，只是它读取并返回长度最多为 257 个字符的字符串。

...

恩熙

该进程没有控制终端。

因此，似乎没有简单的方法来编写密码输入脚本。

lofiadm：通过脚本输入密码

答案1

相关内容