Add [keyring-pin] arg to keyring load command

commandline.c

@@ -1784,15 +1784,18 @@ int app_keyring_load(const struct cli_parsed *parsed, struct cli_context *contex
   const char *path;
   if (cli_arg(parsed, "file", &path, cli_path_regular, NULL) == -1)
     return -1;
+  const char *kpin;
+  if (cli_arg(parsed, "keyring-pin", &kpin, NULL, "") == -1)
+    return -1;
   unsigned pinc = 0;
   unsigned i;
   for (i = 0; i < parsed->labelc; ++i)
-    if (strn_str_cmp(parsed->labelv[i].label, parsed->labelv[i].len, "pin") == 0)
+    if (strn_str_cmp(parsed->labelv[i].label, parsed->labelv[i].len, "entry-pin") == 0)
       ++pinc;
   const char *pinv[pinc];
   unsigned pc = 0;
   for (i = 0; i < parsed->labelc; ++i)
-    if (strn_str_cmp(parsed->labelv[i].label, parsed->labelv[i].len, "pin") == 0) {
+    if (strn_str_cmp(parsed->labelv[i].label, parsed->labelv[i].len, "entry-pin") == 0) {
       assert(pc < pinc);
       pinv[pc++] = parsed->labelv[i].text;
     }
@@ -1805,7 +1808,7 @@ int app_keyring_load(const struct cli_parsed *parsed, struct cli_context *contex
     keyring_free(k);
     return -1;
   }
-  if (keyring_load(k, 0, pinc, pinv, fp) == -1) {
+  if (keyring_load(k, kpin, pinc, pinv, fp) == -1) {
     keyring_free(k);
     return -1;
   }
@@ -2432,7 +2435,7 @@ struct cli_schema command_line_options[]={
    "Create a new keyring file."},
   {app_keyring_dump,{"keyring","dump" KEYRING_PIN_OPTIONS,"[--secret]","[<file>]",NULL}, 0,
    "Dump all keyring identities that can be accessed using the specified PINs"},
-  {app_keyring_load,{"keyring","load" KEYRING_PIN_OPTIONS,"<file>","[<pin>]...",NULL}, 0,
+  {app_keyring_load,{"keyring","load" KEYRING_PIN_OPTIONS,"<file>","[<keyring-pin>]","[<entry-pin>]...",NULL}, 0,
    "Load identities from the given dump text and insert them into the keyring using the specified entry PINs"},
   {app_keyring_list,{"keyring","list" KEYRING_PIN_OPTIONS,NULL}, 0,
    "List identities that can be accessed using the supplied PINs"},

keyring.c

@@ -279,14 +279,12 @@ void keyring_free_identity(keyring_identity *id)
   return;
 }
 
-/* Create a new keyring context for the loaded keyring file.
+/* Create a new keyring context for the loaded keyring file.  Returns the index of the context.  We
-   We don't need to load any identities etc, as that happens when we enter
+ * don't need to load any identities etc, as that happens when we enter an identity pin.  If the pin
-   an identity pin.
+ * is NULL, it is assumed to be blank.  The pin does NOT have to be numeric, and has no practical
-   If the pin is NULL, it is assumed to be blank.
+ * length limitation, as it is used as an input into a hashing function.  But for sanity sake, let's
-   The pin does NOT have to be numeric, and has no practical length limitation,
+ * limit it to 16KB.
-   as it is used as an input into a hashing function.  But for sanity sake, let's
+ */
-   limit it to 16KB.
-*/
 int keyring_enter_keyringpin(keyring_file *k, const char *pin)
 {
   if (config.debug.keyring)
@@ -300,7 +298,7 @@ int keyring_enter_keyringpin(keyring_file *k, const char *pin)
   int cn;
   for (cn = 0; cn < k->context_count; ++cn)
     if (strcmp(k->contexts[cn]->KeyRingPin, pin) == 0)
-      return 1;
+      return cn;
   keyring_context *c = emalloc_zero(sizeof(keyring_context));
   if (c == NULL)
     return -1;
@@ -314,8 +312,8 @@ int keyring_enter_keyringpin(keyring_file *k, const char *pin)
     return -1;
   }
   bcopy(k->contexts[0]->KeyRingSalt, c->KeyRingSalt, c->KeyRingSaltLen);
-  k->contexts[k->context_count++] = c;
+  k->contexts[k->context_count] = c;
-  return 0;
+  return k->context_count++;
 }
 
 /*
@@ -1880,9 +1878,11 @@ int keyring_dump(keyring_file *k, XPRINTF xpf, int include_secret)
   return 0;
 }
 
-int keyring_load(keyring_file *k, int cn, unsigned pinc, const char **pinv, FILE *input)
+int keyring_load(keyring_file *k, const char *keyring_pin, unsigned entry_pinc, const char **entry_pinv, FILE *input)
 {
-  assert(cn < k->context_count);
+  int cn = keyring_enter_keyringpin(k, keyring_pin);
+  if (cn == -1)
+    return -1;
   keyring_context *cx = k->contexts[cn];
   clearerr(input);
   char line[1024];
@@ -1930,7 +1930,7 @@ int keyring_load(keyring_file *k, int cn, unsigned pinc, const char **pinv, FILE
 	keyring_free_keypair(kp);
 	return -1;
       }
-      if ((id->PKRPin = str_edup(pini < pinc ? pinv[pini++] : "")) == NULL) {
+      if ((id->PKRPin = str_edup(pini < entry_pinc ? entry_pinv[pini++] : "")) == NULL) {
 	keyring_free_keypair(kp);
 	keyring_free_identity(id);
 	return -1;

serval.h

@@ -283,7 +283,7 @@ int keyring_commit(keyring_file *k);
 keyring_identity *keyring_create_identity(keyring_file *k,keyring_context *c, const char *pin);
 int keyring_seed(keyring_file *k);
 void keyring_identity_extract(const keyring_identity *id, const unsigned char **sidp, const char **didp, const char **namep);
-int keyring_load(keyring_file *k, int cn, unsigned pinc, const char **pinv, FILE *input);
+int keyring_load(keyring_file *k, const char *keyring_pin, unsigned entry_pinc, const char **entry_pinv, FILE *input);
 int keyring_dump(keyring_file *k, XPRINTF xpf, int include_secret);
 
 /* Make sure we have space to put bytes of the packet as we go along */

tests/keyring

@@ -287,10 +287,13 @@ setup_LoadPins() {
 }
 test_LoadPins() {
    set_instance +B
-   executeOk_servald keyring load dA pin1 '' pin3
+   executeOk_servald keyring load dA krpin pin1 '' pin3
+   executeOk_servald keyring dump --secret dBA
+   tfw_cat dBA
+   assert cmp dB dBA
    tfw_cat --stderr
    for pin in '' pin1 pin3; do
-      executeOk_servald keyring dump --entry-pin="$pin" --secret dBA
+      executeOk_servald keyring dump --keyring-pin=krpin --entry-pin="$pin" --secret dBA
       tfw_cat --stderr dBA
       let n=0
       while read line; do