int main(int argc, char **argv)
{
int quit, rc, selection;
uint32_t version;
char passphrase[ECRYPTFS_MAX_PASSWORD_LENGTH];
char salt[ECRYPTFS_SALT_SIZE];
struct ecryptfs_ctx ecryptfs_ctx;
struct val_node *dummy_mnt_params;
char auth_tok_sig[ECRYPTFS_SIG_SIZE_HEX+1];
if ((rc = ecryptfs_validate_keyring())) {
printf("Error attempting to validate keyring integrity; "
"rc = [%d]\n", rc);
return 1;
}
memset(passphrase, 0, ECRYPTFS_MAX_PASSWORD_LENGTH);
memset(salt, 0, ECRYPTFS_SALT_SIZE);
selection:
quit = 0;
selection = manager_menu();
switch (selection) {
case MME_MOUNT_PASSPHRASE:
if ((rc = read_passphrase_salt(passphrase, salt)))
goto out_wipe;
if (!(*salt))
memcpy(salt, common_salt, ECRYPTFS_SALT_SIZE);
rc = ecryptfs_add_passphrase_key_to_keyring(auth_tok_sig,
passphrase, salt);
if (rc == 1) {
rc = 0;
printf("\nThat key was already in the keyring.\n\n");
} else if (!rc)
printf("\nAdded key to keyring with signature [%s]."
"\n\n", auth_tok_sig);
memset(passphrase, 0, ECRYPTFS_MAX_PASSWORD_LENGTH);
memset(salt, 0, ECRYPTFS_SALT_SIZE);
break;
case MME_MOUNT_PUBKEY:
if ((rc = ecryptfs_get_version(&version))) {
printf("\nUnable to get the version number of the kernel\n");
printf("module. Please make sure that you have the eCryptfs\n");
printf("kernel module loaded, you have sysfs mounted, and\n");
printf("the sysfs mount point is in /etc/mtab. This is\n");
printf("necessary so that the mount helper knows which \n");
printf("kernel options are supported.\n\n");
printf("Make sure that your system is set up to auto-load\n"
"your filesystem kernel module on mount.\n\n");
printf("Enabling passphrase-mode only for now.\n\n");
version = ECRYPTFS_VERSIONING_PASSPHRASE;
}
ecryptfs_ctx.get_string = &get_string_stdin;
if ((dummy_mnt_params = malloc(sizeof(struct val_node)))
== NULL) {
rc = -ENOMEM;
goto out;
}
if ((rc = ecryptfs_process_decision_graph(
&ecryptfs_ctx, &dummy_mnt_params, version, "",
ECRYPTFS_KEY_MODULE_ONLY))) {
printf("Error processing key generation decision graph;"
" rc = [%d]\n", rc);
goto out;
}
if ((rc = ecryptfs_free_key_mod_list(&ecryptfs_ctx))) {
printf("\nUnable to free key modules\n");
}
printf("Returning to main menu\n");
break;
case MME_GEN_PUBKEY:
memset(&ecryptfs_ctx, 0, sizeof(struct ecryptfs_ctx));
if ((rc = ecryptfs_get_version(&version))) {
printf("\nUnable to get the version number of the kernel\n");
printf("module. Please make sure that you have the eCryptfs\n");
printf("kernel module loaded, you have sysfs mounted, and\n");
printf("the sysfs mount point is in /etc/mtab. This is\n");
printf("necessary so that the mount helper knows which \n");
printf("kernel options are supported.\n\n");
printf("Make sure that your system is set up to auto-load\n"
"your filesystem kernel module on mount.\n\n");
printf("Enabling passphrase-mode only for now.\n\n");
version = ECRYPTFS_VERSIONING_PASSPHRASE;
}
ecryptfs_ctx.get_string = &get_string_stdin;
if ((rc = ecryptfs_process_key_gen_decision_graph(&ecryptfs_ctx,
version))) {
printf("Error processing key generation decision graph;"
" rc = [%d]\n", rc);
goto out;
}
if ((rc = ecryptfs_free_key_mod_list(&ecryptfs_ctx))) {
printf("\nUnable to free key modules\n");
}
printf("Returning to main menu\n");
goto selection;
case MME_ABORT:
quit = 1;
goto out_wipe;
default:
fprintf(stderr, "Unknown option, aborting\n");
quit = 1;
rc = -1;
goto out_wipe;
}
out_wipe:
memset(passphrase, 0, ECRYPTFS_MAX_PASSWORD_LENGTH);
memset(salt, 0, ECRYPTFS_SALT_SIZE);
if (!quit)
goto selection;
out:
if (selection == MME_MOUNT_PUBKEY || selection == MME_GEN_PUBKEY)
rc = ecryptfs_free_key_mod_list(&ecryptfs_ctx);
return rc;
}
int main(int argc, char **argv)
{
uint32_t version;
char *opts_str;
struct val_node *mnt_params;
struct ecryptfs_ctx ctx;
int sig_cache = 1;
int rc;
struct passwd *pw;
rc = mlockall(MCL_FUTURE);
if (rc) {
fprintf(stderr, "Exiting. Unable to mlockall address space: %m\n");
return -1;
}
pw = getpwuid(getuid());
if (!pw) {
fprintf(stderr, "Exiting. Unable to obtain passwd info\n");
rc = -EIO;
goto out;
}
if (dump_args) {
int i;
for (i = 0; i < argc; i++)
printf("argv[%d] = [%s]\n", i, argv[i]);
}
if (argc < NUM_REQUIRED_ARGS) {
fprintf(stderr, "Insufficient number of arguments\n");
usage();
rc = -EINVAL;
goto out;
}
rc = ecryptfs_get_version(&version);
if (rc) {
printf("\nUnable to get the version number of the kernel\n");
printf("module. Please make sure that you have the eCryptfs\n");
printf("kernel module loaded, you have sysfs mounted, and\n");
printf("the sysfs mount point is in /etc/mtab. This is\n");
printf("necessary so that the mount helper knows which \n");
printf("kernel options are supported.\n\n");
printf("Make sure that your system is set up to auto-load\n"
"your filesystem kernel module on mount.\n\n");
printf("Enabling passphrase-mode only for now.\n\n");
version = ECRYPTFS_VERSIONING_PASSPHRASE;
}
if ((rc = ecryptfs_validate_keyring())) {
printf("Unable to link the KEY_SPEC_USER_KEYRING into the "
"KEY_SPEC_SESSION_KEYRING; there is something wrong "
"with your kernel keyring. Did you build key retention "
"support into your kernel?\n");
goto out;
}
mnt_params = malloc(sizeof(struct val_node));
memset(mnt_params, 0, sizeof(struct val_node));
memset(&ctx, 0, sizeof(struct ecryptfs_ctx));
ctx.get_string = &get_string_stdin;
if ((rc = parse_arguments(argc, argv, NULL, NULL, &opts_str)))
goto out;
if (opts_str_contains_option(opts_str, "verbose"))
ecryptfs_verbosity = 1;
if (!opts_str_contains_option(opts_str, "remount")) {
if (opts_str_contains_option(opts_str, "no_sig_cache"))
sig_cache = 0;
if (opts_str_contains_option(opts_str, "no_prompt")
|| opts_str_contains_option(opts_str, "wild_ass_guess")) {
if (!opts_str_contains_option(opts_str,
"verbosity=0")) {
char *tmp;
rc = asprintf(&tmp, "%s,verbosity=0", opts_str);
if (rc == -1) {
rc = -ENOMEM;
goto out;
}
rc = 0;
opts_str = tmp;
}
}
if (opts_str_contains_option(opts_str, "verbosity=0"))
sig_cache = 0;
rc = ecryptfs_process_decision_graph(
&ctx, &mnt_params, version, opts_str,
ECRYPTFS_ASK_FOR_ALL_MOUNT_OPTIONS);
if (rc) {
if (rc > 0)
rc = -EINVAL;
printf("Error attempting to evaluate mount options: "
"[%d] %s\nCheck your system logs for details "
"on why this happened.\nTry updating your "
"ecryptfs-utils package, and/or\nsubmit a bug "
"report on https://bugs.launchpad.net/ecryptfs\n",
rc, strerror(-rc));
goto out;
}
rc = ecryptfs_do_mount(argc, argv, mnt_params, sig_cache, pw);
if (rc == ECANCELED) {
rc = 0;
goto out;
}
if (rc) {
if (rc > 0)
rc = -rc;
printf("Error mounting eCryptfs: [%d] %s\n"
"Check your system logs; visit "
"<http://ecryptfs.org/support.html>\n",
rc, strerror(-rc));
if (rc == -ENODEV)
printf("Try ``modprobe ecryptfs''\n");
} else
printf("Mounted eCryptfs\n");
} else {
fprintf(stderr, "When remounting eCryptfs, you need "
"to pass the mount utility the -i parameter to avoid "
"calling the mount helper\n");
rc = -EINVAL;
}
out:
munlockall();
return rc;
}