コード例 #1
0
int main(int argc, char **argv)
{
	int quit, rc, selection;
	uint32_t version;
	char passphrase[ECRYPTFS_MAX_PASSWORD_LENGTH];
	char salt[ECRYPTFS_SALT_SIZE];
	struct ecryptfs_ctx ecryptfs_ctx;
	struct val_node *dummy_mnt_params;
	char auth_tok_sig[ECRYPTFS_SIG_SIZE_HEX+1];

	if ((rc = ecryptfs_validate_keyring())) {
		printf("Error attempting to validate keyring integrity; "
		       "rc = [%d]\n", rc);
		return 1;
	}
	memset(passphrase, 0, ECRYPTFS_MAX_PASSWORD_LENGTH);
	memset(salt, 0, ECRYPTFS_SALT_SIZE);
selection:
	quit = 0;
	selection = manager_menu();
	switch (selection) {
	case MME_MOUNT_PASSPHRASE:
		if ((rc = read_passphrase_salt(passphrase, salt)))
			goto out_wipe;
		if (!(*salt))
			memcpy(salt, common_salt, ECRYPTFS_SALT_SIZE);
		rc = ecryptfs_add_passphrase_key_to_keyring(auth_tok_sig,
							    passphrase, salt);
		if (rc == 1) {
			rc = 0;
			printf("\nThat key was already in the keyring.\n\n");
		} else if (!rc)
			printf("\nAdded key to keyring with signature [%s]."
			       "\n\n", auth_tok_sig);
		memset(passphrase, 0, ECRYPTFS_MAX_PASSWORD_LENGTH);
		memset(salt, 0, ECRYPTFS_SALT_SIZE);
		break;
	case MME_MOUNT_PUBKEY:
		if ((rc = ecryptfs_get_version(&version))) {
			printf("\nUnable to get the version number of the kernel\n");
			printf("module. Please make sure that you have the eCryptfs\n");
			printf("kernel module loaded, you have sysfs mounted, and\n");
			printf("the sysfs mount point is in /etc/mtab. This is\n");
			printf("necessary so that the mount helper knows which \n");
			printf("kernel options are supported.\n\n");
			printf("Make sure that your system is set up to auto-load\n"
			       "your filesystem kernel module on mount.\n\n");
			printf("Enabling passphrase-mode only for now.\n\n");
			version = ECRYPTFS_VERSIONING_PASSPHRASE;
		}
		ecryptfs_ctx.get_string = &get_string_stdin;
		if ((dummy_mnt_params = malloc(sizeof(struct val_node)))
		    == NULL) {
			rc = -ENOMEM;
			goto out;
		}
		if ((rc = ecryptfs_process_decision_graph(
			     &ecryptfs_ctx, &dummy_mnt_params, version, "",
			     ECRYPTFS_KEY_MODULE_ONLY))) {
			printf("Error processing key generation decision graph;"
			       " rc = [%d]\n", rc);
			goto out;
		}
		if ((rc = ecryptfs_free_key_mod_list(&ecryptfs_ctx))) {
			printf("\nUnable to free key modules\n");
		}
		printf("Returning to main menu\n");
		break;
	case MME_GEN_PUBKEY:
		memset(&ecryptfs_ctx, 0, sizeof(struct ecryptfs_ctx));
		if ((rc = ecryptfs_get_version(&version))) {
			printf("\nUnable to get the version number of the kernel\n");
			printf("module. Please make sure that you have the eCryptfs\n");
			printf("kernel module loaded, you have sysfs mounted, and\n");
			printf("the sysfs mount point is in /etc/mtab. This is\n");
			printf("necessary so that the mount helper knows which \n");
			printf("kernel options are supported.\n\n");
			printf("Make sure that your system is set up to auto-load\n"
			       "your filesystem kernel module on mount.\n\n");
			printf("Enabling passphrase-mode only for now.\n\n");
			version = ECRYPTFS_VERSIONING_PASSPHRASE;
		}
		ecryptfs_ctx.get_string = &get_string_stdin;
		if ((rc = ecryptfs_process_key_gen_decision_graph(&ecryptfs_ctx,
								  version))) {
			printf("Error processing key generation decision graph;"
			       " rc = [%d]\n", rc);
			goto out;
		}
		if ((rc = ecryptfs_free_key_mod_list(&ecryptfs_ctx))) {
			printf("\nUnable to free key modules\n");
		}
		printf("Returning to main menu\n");
		goto selection;
	case MME_ABORT:
		quit = 1;
		goto out_wipe;
	default:
		fprintf(stderr, "Unknown option, aborting\n");
		quit = 1;
		rc = -1;
		goto out_wipe;
	}
out_wipe:
	memset(passphrase, 0, ECRYPTFS_MAX_PASSWORD_LENGTH);
	memset(salt, 0, ECRYPTFS_SALT_SIZE);
	if (!quit)
		goto selection;
out:
	if (selection == MME_MOUNT_PUBKEY || selection == MME_GEN_PUBKEY)
		rc = ecryptfs_free_key_mod_list(&ecryptfs_ctx);
	return rc;
}
コード例 #2
0
int main(int argc, char **argv)
{
	uint32_t version;
	char *opts_str;
	struct val_node *mnt_params;
	struct ecryptfs_ctx ctx;
	int sig_cache = 1;
	int rc;
	struct passwd *pw;

	rc = mlockall(MCL_FUTURE);
	if (rc) {
		fprintf(stderr, "Exiting. Unable to mlockall address space: %m\n");
		return -1;
	}

	pw = getpwuid(getuid());
	if (!pw) {
		fprintf(stderr, "Exiting. Unable to obtain passwd info\n");
		rc = -EIO;
		goto out;
	}

	if (dump_args) {
		int i;

		for (i = 0; i < argc; i++)
			printf("argv[%d] = [%s]\n", i, argv[i]);
	}
	if (argc < NUM_REQUIRED_ARGS) {
		fprintf(stderr, "Insufficient number of arguments\n");
		usage();
		rc = -EINVAL;
		goto out;
	}
	rc = ecryptfs_get_version(&version);
	if (rc) {
		printf("\nUnable to get the version number of the kernel\n");
		printf("module. Please make sure that you have the eCryptfs\n");
		printf("kernel module loaded, you have sysfs mounted, and\n");
		printf("the sysfs mount point is in /etc/mtab. This is\n");
		printf("necessary so that the mount helper knows which \n");
		printf("kernel options are supported.\n\n");
		printf("Make sure that your system is set up to auto-load\n"
		       "your filesystem kernel module on mount.\n\n");
		printf("Enabling passphrase-mode only for now.\n\n");
		version = ECRYPTFS_VERSIONING_PASSPHRASE;
	}
	if ((rc = ecryptfs_validate_keyring())) {
		printf("Unable to link the KEY_SPEC_USER_KEYRING into the "
		       "KEY_SPEC_SESSION_KEYRING; there is something wrong "
		       "with your kernel keyring. Did you build key retention "
		       "support into your kernel?\n");
		goto out;
	}
	mnt_params = malloc(sizeof(struct val_node));
	memset(mnt_params, 0, sizeof(struct val_node));
	memset(&ctx, 0, sizeof(struct ecryptfs_ctx));
	ctx.get_string = &get_string_stdin;
	if ((rc = parse_arguments(argc, argv, NULL, NULL, &opts_str)))
		goto out;
	if (opts_str_contains_option(opts_str, "verbose"))
		ecryptfs_verbosity = 1;
	if (!opts_str_contains_option(opts_str, "remount")) {
		if (opts_str_contains_option(opts_str, "no_sig_cache"))
			sig_cache = 0;
		if (opts_str_contains_option(opts_str, "no_prompt")
		    || opts_str_contains_option(opts_str, "wild_ass_guess")) {
			if (!opts_str_contains_option(opts_str,
						      "verbosity=0")) {
				char *tmp;

				rc = asprintf(&tmp, "%s,verbosity=0", opts_str);
				if (rc == -1) {
					rc = -ENOMEM;
					goto out;
				}
				rc = 0;
				opts_str = tmp;
			}
		}
		if (opts_str_contains_option(opts_str, "verbosity=0"))
			sig_cache = 0;
		rc = ecryptfs_process_decision_graph(
			&ctx, &mnt_params, version, opts_str,
			ECRYPTFS_ASK_FOR_ALL_MOUNT_OPTIONS);
		if (rc) {
			if (rc > 0) 
				rc = -EINVAL;
			printf("Error attempting to evaluate mount options: "
			       "[%d] %s\nCheck your system logs for details "
			       "on why this happened.\nTry updating your "
			       "ecryptfs-utils package, and/or\nsubmit a bug "
			       "report on https://bugs.launchpad.net/ecryptfs\n",
				rc, strerror(-rc));
			goto out;
		}
		rc = ecryptfs_do_mount(argc, argv, mnt_params, sig_cache, pw);
		if (rc == ECANCELED) {
		    rc = 0;
		    goto out;
		}
		if (rc) {
			if (rc > 0)
				rc = -rc;
			printf("Error mounting eCryptfs: [%d] %s\n"
			       "Check your system logs; visit "
			       "<http://ecryptfs.org/support.html>\n",
			       rc, strerror(-rc));
			if (rc == -ENODEV)
				printf("Try ``modprobe ecryptfs''\n");
		} else
			printf("Mounted eCryptfs\n");
	} else {
		fprintf(stderr, "When remounting eCryptfs, you need "
			"to pass the mount utility the -i parameter to avoid "
			"calling the mount helper\n");
		rc = -EINVAL;
	}

out:
	munlockall();
	return rc;
}