1 files changed, 48 insertions, 44 deletions
diff --git a/cmd/fscrypt/flags.go b/cmd/fscrypt/flags.go
index 5137eff..3d3c51d 100644
--- a/cmd/fscrypt/flags.go
+++ b/cmd/fscrypt/flags.go
@@ -33,7 +33,6 @@ import (
 	"github.com/urfave/cli"
 
 	"github.com/google/fscrypt/actions"
-	"github.com/google/fscrypt/security"
 	"github.com/google/fscrypt/util"
 )
 
@@ -115,9 +114,10 @@ var (
 	// UPDATE THIS ARRAY WHEN ADDING NEW FLAGS!!!
 	// TODO(joerichey) add presubmit rule to enforce this
 	allFlags = []prettyFlag{helpFlag, versionFlag, verboseFlag, quietFlag,
-		forceFlag, legacyFlag, skipUnlockFlag, timeTargetFlag,
+		forceFlag, skipUnlockFlag, timeTargetFlag,
 		sourceFlag, nameFlag, keyFileFlag, protectorFlag,
-		unlockWithFlag, policyFlag}
+		unlockWithFlag, policyFlag, allUsersLockFlag, allUsersSetupFlag,
+		noRecoveryFlag}
 	// universalFlags contains flags that should be on every command
 	universalFlags = []cli.Flag{verboseFlag, quietFlag, helpFlag}
 )
@@ -130,7 +130,7 @@ var (
 	}
 	versionFlag = &boolFlag{
 		Name:  "version",
-		Usage: `Prints version and license information.`,
+		Usage: `Prints version information.`,
 	}
 	verboseFlag = &boolFlag{
 		Name:  "verbose",
@@ -144,16 +144,10 @@ var (
 	}
 	forceFlag = &boolFlag{
 		Name: "force",
-		Usage: fmt.Sprintf(`Suppresses all confirmation prompts and
-			warnings, causing any action to automatically proceed.
-			WARNING: This bypasses confirmations for protective
-			operations, use with care.`),
-	}
-	legacyFlag = &boolFlag{
-		Name: "legacy",
-		Usage: `Allow for support of older kernels with ext4 (before
-			v4.8) and F2FS (before v4.6) filesystems.`,
-		Default: true,
+		Usage: `Suppresses all confirmation prompts and warnings,
+			causing any action to automatically proceed.  WARNING:
+			This bypasses confirmations for protective operations,
+			use with care.`,
 	}
 	skipUnlockFlag = &boolFlag{
 		Name: "skip-unlock",
@@ -163,12 +157,35 @@ var (
 	}
 	dropCachesFlag = &boolFlag{
 		Name: "drop-caches",
-		Usage: `After purging the keys from the keyring, drop the
-			associated caches for the purge to take effect. Without
-			this flag, cached encrypted files may still have their
-			plaintext visible. Requires root privileges.`,
+		Usage: `After removing the key(s) from the keyring, drop the
+			kernel's filesystem caches if needed. Without this flag,
+			files encrypted with v1 encryption policies may still be
+			accessible. This flag is not needed for v2 encryption
+			policies. This flag, if actually needed, requires root
+			privileges.`,
 		Default: true,
 	}
+	allUsersLockFlag = &boolFlag{
+		Name: "all-users",
+		Usage: `Lock the directory no matter which user(s) have unlocked
+			it. Requires root privileges. This flag is only
+			necessary if the directory was unlocked by a user
+			different from the one you're locking it as. This flag
+			is only implemented for v2 encryption policies.`,
+	}
+	allUsersSetupFlag = &boolFlag{
+		Name: "all-users",
+		Usage: `When setting up a filesystem for fscrypt, allow users
+			other than the calling user (typically root) to create
+			fscrypt policies and protectors on the filesystem. Note
+			that this will create a world-writable directory, which
+			users could use to fill up the entire filesystem. Hence,
+			this option may not be appropriate for some systems.`,
+	}
+	noRecoveryFlag = &boolFlag{
+		Name:  "no-recovery",
+		Usage: `Don't generate a recovery passphrase.`,
+	}
 )
 
 // Option flags: used to specify options instead of being prompted for them
@@ -205,12 +222,13 @@ var (
 		Usage: `Use the contents of FILE as the wrapping key when
 			creating or unlocking raw_key protectors. FILE should be
 			formatted as raw binary and should be exactly 32 bytes
-			long.`,
+			long. When running non-interactively and no key is provided,
+			will try to read the key from stdin.`,
 	}
 	userFlag = &stringFlag{
 		Name:    "user",
 		ArgName: "USERNAME",
-		Usage: `Specifiy which user should be used for login passphrases
+		Usage: `Specify which user should be used for login passphrases
 			or to which user's keyring keys should be provisioned.`,
 	}
 	protectorFlag = &stringFlag{
@@ -255,18 +273,18 @@ func matchMetadataFlag(flagValue string) (mountpoint, descriptor string, err err
 // parseMetadataFlag takes the value of either protectorFlag or policyFlag
 // formatted as MOUNTPOINT:DESCRIPTOR, and returns a context for the mountpoint
 // and a string for the descriptor.
-func parseMetadataFlag(flagValue string, target *user.User) (*actions.Context, string, error) {
+func parseMetadataFlag(flagValue string, targetUser *user.User) (*actions.Context, string, error) {
 	mountpoint, descriptor, err := matchMetadataFlag(flagValue)
 	if err != nil {
 		return nil, "", err
 	}
-	ctx, err := actions.NewContextFromMountpoint(mountpoint, target)
+	ctx, err := actions.NewContextFromMountpoint(mountpoint, targetUser)
 	return ctx, descriptor, err
 }
 
 // getProtectorFromFlag gets an existing locked protector from protectorFlag.
-func getProtectorFromFlag(flagValue string, target *user.User) (*actions.Protector, error) {
-	ctx, descriptor, err := parseMetadataFlag(flagValue, target)
+func getProtectorFromFlag(flagValue string, targetUser *user.User) (*actions.Protector, error) {
+	ctx, descriptor, err := parseMetadataFlag(flagValue, targetUser)
 	if err != nil {
 		return nil, err
 	}
@@ -274,8 +292,8 @@ func getProtectorFromFlag(flagValue string, target *user.User) (*actions.Protect
 }
 
 // getPolicyFromFlag gets an existing locked policy from policyFlag.
-func getPolicyFromFlag(flagValue string, target *user.User) (*actions.Policy, error) {
-	ctx, descriptor, err := parseMetadataFlag(flagValue, target)
+func getPolicyFromFlag(flagValue string, targetUser *user.User) (*actions.Policy, error) {
+	ctx, descriptor, err := parseMetadataFlag(flagValue, targetUser)
 	if err != nil {
 		return nil, err
 	}
@@ -283,24 +301,10 @@ func getPolicyFromFlag(flagValue string, target *user.User) (*actions.Policy, er
 }
 
 // parseUserFlag returns the user specified by userFlag or the current effective
-// user if the flag value is missing. If the effective user is root, however, a
-// user must specified in the flag. If checkKeyring is true, we also make sure
-// there are no problems accessing the user keyring.
-func parseUserFlag(checkKeyring bool) (targetUser *user.User, err error) {
+// user if the flag value is missing.
+func parseUserFlag() (targetUser *user.User, err error) {
 	if userFlag.Value != "" {
-		targetUser, err = user.Lookup(userFlag.Value)
-	} else {
-		if util.IsUserRoot() {
-			return nil, ErrSpecifyUser
-		}
-		targetUser, err = util.EffectiveUser()
-	}
-	if err != nil {
-		return nil, err
-	}
-
-	if checkKeyring {
-		_, err = security.UserKeyringID(targetUser, true)
+		return user.Lookup(userFlag.Value)
 	}
-	return targetUser, err
+	return util.EffectiveUser()
 }