#include <getopt.h>
#include <dirent.h>
#include <errno.h>
+#include <stdbool.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
return;
} else if ((rc == -1) && (errno != ENOKEY)) {
printf("keyctl_search failed: %s\n", strerror(errno));
- if (errno == -EINVAL)
+ if (errno == EINVAL)
printf("Keyring [%s] is not available.\n", keyring);
exit(1);
}
#define add_key_desc "adds a key to the user's keyring"
#define add_key_help \
-"e4crypt add_key -S salt [ -k keyring ] [-v] [-q] [ path ... ]\n\n" \
+"e4crypt add_key -S salt [ -k keyring ] [-v] [-q] [ -p pad ] [ path ... ]\n\n" \
"Prompts the user for a passphrase and inserts it into the specified\n" \
"keyring. If no keyring is specified, e4crypt will use the session\n" \
"keyring if it exists or the user session keyring if it does not.\n\n" \
static void do_add_key(int argc, char **argv, const struct cmd_desc *cmd)
{
struct salt *salt;
+ bool explicit_salt = false;
char *keyring = NULL;
int i, opt, pad = 4;
unsigned j;
pad = atoi(optarg);
break;
case 'S':
+ if (explicit_salt) {
+ fputs("May only provide -S once\n", stderr);
+ exit(1);
+ }
/* Salt value for passphrase. */
parse_salt(optarg, 0);
+ explicit_salt = true;
break;
case 'v':
options |= OPT_VERBOSE;
options |= OPT_QUIET;
break;
default:
- fprintf(stderr, "Unrecognized option: %c\n", opt);
case '?':
+ if (opt != '?')
+ fprintf(stderr, "Unrecognized option: %c\n",
+ opt);
fputs("USAGE:\n ", stderr);
fputs(cmd->cmd_help, stderr);
exit(1);
exit(1);
}
validate_paths(argc, argv, optind);
- for (i = optind; i < argc; i++)
- parse_salt(argv[i], PARSE_FLAGS_FORCE_FN);
+ if (!explicit_salt)
+ for (i = optind; i < argc; i++)
+ parse_salt(argv[i], PARSE_FLAGS_FORCE_FN);
printf("Enter passphrase (echo disabled): ");
get_passphrase(in_passphrase, sizeof(in_passphrase));
for (j = 0, salt = salt_list; j < num_salt; j++, salt++) {
generate_key_ref_str(salt);
insert_key_into_keyring(keyring, salt);
}
- if (optind != argc)
- set_policy(NULL, pad, argc, argv, optind);
+ if (optind != argc) {
+ salt = explicit_salt ? salt_list : NULL;
+ set_policy(salt, pad, argc, argv, optind);
+ }
clear_secrets();
exit(0);
}
#define set_policy_desc "sets a policy for directories"
#define set_policy_help \
-"e4crypt set_policy policy path ... \n\n" \
+"e4crypt set_policy [ -p pad ] policy path ... \n\n" \
"Sets the policy for the directories specified on the command line.\n" \
"All directories must be empty to set the policy; if the directory\n" \
"already has a policy established, e4crypt will validate that it the\n" \
static void do_get_policy(int argc, char **argv, const struct cmd_desc *cmd)
{
struct ext4_encryption_policy policy;
- struct stat st;
int i, j, fd, rc;
if (argc < 2) {
}
for (i = 1; i < argc; i++) {
- if (stat(argv[i], &st) < 0) {
- perror(argv[i]);
- continue;
- }
- fd = open(argv[i],
- S_ISDIR(st.st_mode) ? O_DIRECTORY : O_RDONLY);
+ fd = open(argv[i], O_RDONLY);
if (fd == -1) {
perror(argv[i]);
exit(1);