int e4crypt_delete_user_key(const char *user_handle) {
SLOGD("e4crypt_delete_user_key(\"%s\")", user_handle);
auto key_path = get_key_path(DATA_MNT_POINT, user_handle);
auto key = e4crypt_get_key(key_path, false);
auto ext4_key = fill_key(key);
auto ref = keyname(generate_key_ref(ext4_key.raw, ext4_key.size));
auto key_serial = keyctl_search(e4crypt_keyring(), "logon", ref.c_str(), 0);
if (keyctl_revoke(key_serial) == 0) {
SLOGD("Revoked key with serial %ld ref %s\n", key_serial, ref.c_str());
} else {
SLOGE("Failed to revoke key with serial %ld ref %s: %s\n",
key_serial, ref.c_str(), strerror(errno));
}
int pid = fork();
if (pid < 0) {
SLOGE("Unable to fork: %s", strerror(errno));
return -1;
}
if (pid == 0) {
SLOGD("Forked for secdiscard");
execl("/system/bin/secdiscard",
"/system/bin/secdiscard",
key_path.c_str(),
NULL);
SLOGE("Unable to launch secdiscard on %s: %s\n", key_path.c_str(),
strerror(errno));
exit(-1);
}
// ext4enc:TODO reap the zombie
return 0;
}
static int e4crypt_set_user_policy(const char *mount_path, const char *user_handle,
const char *path, bool create_if_absent)
{
SLOGD("e4crypt_set_user_policy for %s", user_handle);
auto user_key = e4crypt_get_key(
get_key_path(mount_path, user_handle),
create_if_absent);
if (user_key.empty()) {
return -1;
}
auto raw_ref = e4crypt_install_key(user_key);
if (raw_ref.empty()) {
return -1;
}
return do_policy_set(path, raw_ref.c_str(), raw_ref.size());
}
static _noreturn_ void add_keys(char **keys, int count)
{
/* command + end-of-opts + NULL + keys */
const char *home_dir = get_home_dir();
char *args[count + 3];
int i;
args[0] = "/usr/bin/ssh-add";
args[1] = "--";
for (i = 0; i < count; i++)
args[2 + i] = get_key_path(home_dir, keys[i]);
args[2 + count] = NULL;
execv(args[0], args);
err(EXIT_FAILURE, "failed to launch ssh-add");
}
wchar_t *get_full_key_pathW(HKEY registry, const wchar_t *in, PKEY_NAME_INFORMATION keybuf, unsigned int len)
{
OBJECT_ATTRIBUTES objattr;
UNICODE_STRING keystr;
const wchar_t *p;
wchar_t *u;
wchar_t *ret;
unsigned short idx = 0;
memset(&objattr, 0, sizeof(objattr));
keystr.Buffer = calloc(1, MAX_KEY_BUFLEN);
keystr.MaximumLength = MAX_KEY_BUFLEN;
objattr.ObjectName = &keystr;
if (in) {
for (p = in, u = keystr.Buffer; *p && idx < (MAX_KEY_BUFLEN / sizeof(wchar_t) - 1); p++, u++, idx++) {
*u = *p;
// normalize duplicate backslashes in the user-provided string as the registry APIs will use them without error
if (*p == L'\\') {
while (*(p + 1) == L'\\')
p++;
}
}
keystr.Length = idx * sizeof(wchar_t);
}
else {
keystr.Buffer[0] = L'\0';
keystr.Length = 0;
}
objattr.RootDirectory = registry;
ret = get_key_path(&objattr, keybuf, len);
free(keystr.Buffer);
return ret;
}
