Remove an incomplete (or corrupted) output file by default.

This commit is contained in:
LoRd_MuldeR 2021-04-03 17:04:03 +02:00
parent 874a54a665
commit 4ce6e5b828
Signed by: mulder
GPG Key ID: 2B5913365F57E03F
3 changed files with 52 additions and 14 deletions

View File

@ -32,7 +32,7 @@ The SlunkCypt command-line program is invoked as follows:
Commands
--------
One of the following commands must be chosen:
One of the following commands **must** be chosen:
- **`--encrypt` (`-e`):**
Run application in ***encrypt*** mode. Reads the given *plaintext* and generates *ciphertext*.
@ -46,7 +46,7 @@ One of the following commands must be chosen:
Options
-------
The following options are available:
The following command-line options are available:
- **`pass:<pass>`**:
* Specifies the "secret" passphrase directly on the command-line. This is considered *insecure*.
@ -62,20 +62,30 @@ The following options are available:
- **`<length>`**:
* Specifies the length of the passphrase to be generated. If *not* specified, defaults to 24.
### Remarks
- If the passphrase is **not** specified on the command-line, it will be read from the `SLUNK_PASSPHRASE` environment variable.
### Remarks {.unlisted}
- The same passphrase must be used for both, ***encrypt*** and ***decrypt*** mode. The decryption of the ciphertext will only be possible, if the "correct" passphrase is known. It is recommended to choose a "random" password that is at least 12 characters in length and consists of a mix of upper-case characters, lower-case characters, digits as well as special characters.
- Passing the passphrase directly on the command-line is insecure, because the command-line may be visible to other users.
- Passing the passphrase directly on the command-line is insecure, because the full command-line may be visible to other users!
Environment
-----------
The following environment variables may be used:
- **`SLUNK_PASSPHRASE`**:
Specifies the "secret" passphrase. This environment variables is only evaluated, if the passphrase was **not** specified on the command-line.
Passing the passphrase via environment variable is considered more secure, because environment variables are not normally visible to other (unprivileged) users.
- **`SLUNK_KEEP_INCOMPLETE`**:
If set to a *non-zero* value, incomplete or corrupted output files will **not** be deleted automatically. Default is `0`.
Examples
--------
Here are some examples on how to use the SlunkCrypt command-line application:
### Example #1
### Example #1 {.unlisted}
1. Let's generate a new random (secure) password first:
@ -101,7 +111,7 @@ Here are some examples on how to use the SlunkCrypt command-line application:
sha256sum -b plaintext.txt plaintext.out
### Example #2
### Example #2 {.unlisted}
1. Generate a new password and store it to a text file:
@ -115,7 +125,7 @@ Here are some examples on how to use the SlunkCrypt command-line application:
slunkcrypt --encrypt file:passwd.txt plaintext.txt ciphertext.enc
### Example #3
### Example #3 {.unlisted}
1. Generate a new password directly to an environment variable:
@ -158,7 +168,7 @@ Getting started
In order to use the SlunkCypt library in your C++ code, include **`<slunkcrypt.hpp>`** header and instantiate the appropriate SlunkCypt classes:
### Example #1
### Example #1 {.unlisted}
Here is a simple example on how to use the SlunkCrypt [**`Encryptor`**](#encryptor) class:
@ -186,7 +196,7 @@ Here is a simple example on how to use the SlunkCrypt [**`Encryptor`**](#encrypt
std::cout << std::hex << slunk_encrypt.get_nonce() << std::endl;
}
### Example #2
### Example #2 {.unlisted}
Here is a simple example on how to use the SlunkCrypt [**`Decryptor`**](#decryptor) class:

View File

@ -40,7 +40,9 @@
#define PW_FROM_ENV (!(argc > 4))
static const CHR* const ENV_PASSWRD = T("SLUNK_PASSPHRASE");
static const CHR* const ENV_PASSWORD = T("SLUNK_PASSPHRASE");
static const CHR* const ENV_KEEPFILE = T("SLUNK_KEEP_INCOMPLETE");
static const CHR* const PREFIX_PASS = T("pass:");
static const CHR* const PREFIX_FILE = T("file:");
@ -107,7 +109,7 @@ static void print_manpage(const CHR *const program)
FPRINTF(stderr, T(" %") T(PRISTR) T(" --encrypt [pass:<pass>|file:<file>] <input.txt> <output.enc>\n"), program);
FPRINTF(stderr, T(" %") T(PRISTR) T(" --decrypt [pass:<pass>|file:<file>] <input.enc> <output.txt>\n"), program);
FPRINTF(stderr, T(" %") T(PRISTR) T(" --make-pw [<length>]\n\n"), program);
FPRINTF(stderr, T("Optionally, reads passphrase from the %") T(PRISTR) T(" environment variable.\n\n"), ENV_PASSWRD);
FPRINTF(stderr, T("Optionally, reads passphrase from the %") T(PRISTR) T(" environment variable.\n\n"), ENV_PASSWORD);
}
static char *copy_passphrase(const CHR *const passphrase)
@ -259,6 +261,16 @@ static int open_files(FILE **const file_in, FILE **const file_out, const CHR *co
return EXIT_SUCCESS;
}
static int remove_incomplete_files(void)
{
const CHR* const keep_files = GETENV(ENV_KEEPFILE);
if (keep_files)
{
return (!STRTOUL(keep_files));
}
return 1;
}
static void sigint_handler(const int sig)
{
if (sig == SIGINT)
@ -430,6 +442,13 @@ clean_up:
if (file_out)
{
fclose(file_out);
if ((result != EXIT_SUCCESS) && remove_incomplete_files())
{
if (REMOVE(output_path))
{
FPUTS(T("Warning: Failed to remove incomplete output file!\n\n"), stderr);
}
}
}
if (file_in)
@ -620,6 +639,13 @@ clean_up:
if (file_out)
{
fclose(file_out);
if ((result != EXIT_SUCCESS) && remove_incomplete_files())
{
if (REMOVE(output_path))
{
FPUTS(T("Warning: Failed to remove incomplete output file!\n\n"), stderr);
}
}
}
if (file_in)
@ -816,7 +842,7 @@ int MAIN(const int argc, CHR *const argv[])
goto clean_up;
}
const CHR *const passphrase = PW_FROM_ENV ? GETENV(ENV_PASSWRD) : argv[2U];
const CHR *const passphrase = PW_FROM_ENV ? GETENV(ENV_PASSWORD) : argv[2U];
const CHR *const input_file = argv[PW_FROM_ENV ? 2U : 3U], *const output_file = argv[PW_FROM_ENV ? 3U : 4U];
if ((!passphrase) || (!passphrase[0U]))

View File

@ -60,6 +60,7 @@
# define STRTOUL(X) wcstoul((X), NULL, 0)
# define FPUTS(X,Y) fputws((X),(Y))
# define FPRINTF(X,Y,...) fwprintf((X),(Y),__VA_ARGS__)
# define REMOVE(X) _wremove((X))
# define FOPEN(X,Y) _wfsopen((X),(Y),_SH_SECURE)
# ifdef __USE_MINGW_ANSI_STDIO
# define PRISTR "ls"
@ -82,6 +83,7 @@
# define STRTOUL(X) strtoul((X), NULL, 0)
# define FPUTS(X,Y) fputs((X),(Y))
# define FPRINTF(X,Y,...) fprintf((X),(Y),__VA_ARGS__)
# define REMOVE(X) remove((X))
# define FOPEN(X,Y) fopen((X),(Y))
# define PRISTR "s"
# define PRIstr "s"