From 361600b992fef285832fcc0e1deb3da99b6dda8b Mon Sep 17 00:00:00 2001 From: Michihiro NAKAJIMA Date: Tue, 16 Sep 2014 21:55:20 +0900 Subject: [PATCH] Add --passphrase option to bsdtar and bsdcpio. --- cpio/bsdcpio.1 | 11 ++++++++++- cpio/cmdline.c | 1 + cpio/cpio.c | 19 +++++++++++++++++++ cpio/cpio.h | 2 ++ tar/bsdtar.1 | 11 ++++++++++- tar/bsdtar.c | 3 +++ tar/bsdtar.h | 2 ++ tar/cmdline.c | 1 + tar/read.c | 5 +++++ tar/write.c | 10 ++++++++++ 10 files changed, 63 insertions(+), 2 deletions(-) diff --git a/cpio/bsdcpio.1 b/cpio/bsdcpio.1 index 9dee0eee8..f966aa06b 100644 --- a/cpio/bsdcpio.1 +++ b/cpio/bsdcpio.1 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 14, 2014 +.Dd September 16, 2014 .Dt CPIO 1 .Os .Sh NAME @@ -196,6 +196,15 @@ automatically on input. Compress the resulting archive with .Xr lzop 1 . In input mode, this option is ignored. +.It Fl Fl passphrase Ar passphrase +The +.Pa passphrase +is used to extract or create an encrypted archive. +Currently, zip is only a format that +.Nm +can handle encrypted archives. +You shouldn't use this option unless you realize how insecure +use of this option is. .It Fl m , Fl Fl preserve-modification-time (i and p modes) Set file modification time on created files to match diff --git a/cpio/cmdline.c b/cpio/cmdline.c index da44574f0..7e5953695 100644 --- a/cpio/cmdline.c +++ b/cpio/cmdline.c @@ -81,6 +81,7 @@ static const struct option { { "null", 0, '0' }, { "numeric-uid-gid", 0, 'n' }, { "owner", 1, 'R' }, + { "passphrase", 1, OPTION_PASSPHRASE }, { "pass-through", 0, 'p' }, { "preserve-modification-time", 0, 'm' }, { "preserve-owner", 0, OPTION_PRESERVE_OWNER }, diff --git a/cpio/cpio.c b/cpio/cpio.c index f1317505a..569e4edd4 100644 --- a/cpio/cpio.c +++ b/cpio/cpio.c @@ -291,6 +291,9 @@ main(int argc, char *argv[]) cpio->mode = opt; cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NODOTDOT; break; + case OPTION_PASSPHRASE: + cpio->passphrase = cpio->argument; + break; case OPTION_PRESERVE_OWNER: cpio->extract_flags |= ARCHIVE_EXTRACT_OWNER; break; @@ -571,6 +574,12 @@ mode_out(struct cpio *cpio) cpio->linkresolver = archive_entry_linkresolver_new(); archive_entry_linkresolver_set_strategy(cpio->linkresolver, archive_format(cpio->archive)); + if (cpio->passphrase != NULL) { + if (archive_write_set_passphrase(cpio->archive, + cpio->passphrase) != ARCHIVE_OK) + lafe_errc(1, 0, "%s", + archive_error_string(cpio->archive)); + } /* * The main loop: Copy each file into the output archive. @@ -937,6 +946,11 @@ mode_in(struct cpio *cpio) lafe_errc(1, 0, "Couldn't allocate archive object"); archive_read_support_filter_all(a); archive_read_support_format_all(a); + if (cpio->passphrase != NULL) { + if (archive_read_add_passphrase(a, + cpio->passphrase) != ARCHIVE_OK) + lafe_errc(1, 0, "%s", archive_error_string(a)); + } if (archive_read_open_filename(a, cpio->filename, cpio->bytes_per_block)) @@ -1040,6 +1054,11 @@ mode_list(struct cpio *cpio) lafe_errc(1, 0, "Couldn't allocate archive object"); archive_read_support_filter_all(a); archive_read_support_format_all(a); + if (cpio->passphrase != NULL) { + if (archive_read_add_passphrase(a, + cpio->passphrase) != ARCHIVE_OK) + lafe_errc(1, 0, "%s", archive_error_string(a)); + } if (archive_read_open_filename(a, cpio->filename, cpio->bytes_per_block)) diff --git a/cpio/cpio.h b/cpio/cpio.h index c70ec5781..227ba53fe 100644 --- a/cpio/cpio.h +++ b/cpio/cpio.h @@ -71,6 +71,7 @@ struct cpio { int gid_override; char *gname_override; int day_first; /* true if locale prefers day/mon */ + const char *passphrase; /* If >= 0, then close this when done. */ int fd; @@ -104,6 +105,7 @@ enum { OPTION_LZ4, OPTION_LZMA, OPTION_LZOP, + OPTION_PASSPHRASE, OPTION_NO_PRESERVE_OWNER, OPTION_PRESERVE_OWNER, OPTION_QUIET, diff --git a/tar/bsdtar.1 b/tar/bsdtar.1 index 4926245e9..09402400f 100644 --- a/tar/bsdtar.1 +++ b/tar/bsdtar.1 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 10, 2014 +.Dd September 16, 2014 .Dt TAR 1 .Os .Sh NAME @@ -587,6 +587,15 @@ is being run by root and can be overridden by also specifying .Fl Fl no-same-owner and .Fl Fl no-same-permissions . +.It Fl Fl passphrase Ar passphrase +The +.Pa passphrase +is used to extract or create an encrypted archive. +Currently, zip is only a format that +.Nm +can handle encrypted archives. +You shouldn't use this option unless you realize how insecure +use of this option is. .It Fl Fl posix (c, r, u mode only) Synonym for diff --git a/tar/bsdtar.c b/tar/bsdtar.c index 30fbe0d7a..68c36579c 100644 --- a/tar/bsdtar.c +++ b/tar/bsdtar.c @@ -549,6 +549,9 @@ main(int argc, char **argv) bsdtar->extract_flags |= ARCHIVE_EXTRACT_FFLAGS; bsdtar->extract_flags |= ARCHIVE_EXTRACT_MAC_METADATA; break; + case OPTION_PASSPHRASE: + bsdtar->passphrase = bsdtar->argument; + break; case OPTION_POSIX: /* GNU tar */ cset_set_format(bsdtar->cset, "pax"); break; diff --git a/tar/bsdtar.h b/tar/bsdtar.h index 53745adfa..43893ca21 100644 --- a/tar/bsdtar.h +++ b/tar/bsdtar.h @@ -57,6 +57,7 @@ struct bsdtar { const char *gname; /* --gname */ int uid; /* --uid */ const char *uname; /* --uname */ + const char *passphrase; /* --passphrase */ char mode; /* Program mode: 'c', 't', 'r', 'u', 'x' */ char symlink_mode; /* H or L, per BSD conventions */ char option_absolute_paths; /* -P */ @@ -149,6 +150,7 @@ enum { OPTION_OLDER_MTIME_THAN, OPTION_ONE_FILE_SYSTEM, OPTION_OPTIONS, + OPTION_PASSPHRASE, OPTION_POSIX, OPTION_SAME_OWNER, OPTION_STRIP_COMPONENTS, diff --git a/tar/cmdline.c b/tar/cmdline.c index a3562ffcd..974b6af89 100644 --- a/tar/cmdline.c +++ b/tar/cmdline.c @@ -129,6 +129,7 @@ static const struct bsdtar_option { { "older-than", 1, OPTION_OLDER_CTIME_THAN }, { "one-file-system", 0, OPTION_ONE_FILE_SYSTEM }, { "options", 1, OPTION_OPTIONS }, + { "passphrase", 1, OPTION_PASSPHRASE }, { "posix", 0, OPTION_POSIX }, { "preserve-permissions", 0, 'p' }, { "read-full-blocks", 0, 'B' }, diff --git a/tar/read.c b/tar/read.c index fdf34b887..9ae33a645 100644 --- a/tar/read.c +++ b/tar/read.c @@ -205,6 +205,11 @@ read_archive(struct bsdtar *bsdtar, char mode, struct archive *writer) if (archive_read_set_options(a, "read_concatenated_archives") != ARCHIVE_OK) lafe_errc(1, 0, "%s", archive_error_string(a)); + if (bsdtar->passphrase != NULL) { + if (archive_read_add_passphrase(a, + bsdtar->passphrase) != ARCHIVE_OK) + lafe_errc(1, 0, "%s", archive_error_string(a)); + } if (archive_read_open_filename(a, bsdtar->filename, bsdtar->bytes_per_block)) lafe_errc(1, 0, "Error opening archive: %s", diff --git a/tar/write.c b/tar/write.c index 7e8cb13f8..dd326bd70 100644 --- a/tar/write.c +++ b/tar/write.c @@ -236,6 +236,11 @@ tar_mode_c(struct bsdtar *bsdtar) } set_writer_options(bsdtar, a); + if (bsdtar->passphrase != NULL) { + if (archive_write_set_passphrase(a, + bsdtar->passphrase) != ARCHIVE_OK) + lafe_errc(1, 0, "%s", archive_error_string(a)); + } if (ARCHIVE_OK != archive_write_open_filename(a, bsdtar->filename)) lafe_errc(1, 0, "%s", archive_error_string(a)); write_archive(a, bsdtar); @@ -649,6 +654,11 @@ append_archive_filename(struct bsdtar *bsdtar, struct archive *a, archive_read_support_filter_all(ina); set_reader_options(bsdtar, a); archive_read_set_options(ina, "mtree:checkfs"); + if (bsdtar->passphrase != NULL) { + if (archive_read_add_passphrase(a, + bsdtar->passphrase) != ARCHIVE_OK) + lafe_errc(1, 0, "%s", archive_error_string(a)); + } if (archive_read_open_filename(ina, filename, bsdtar->bytes_per_block)) { lafe_warnc(0, "%s", archive_error_string(ina)); -- 2.47.2