libgocryptfs/init_dir.go

package main

import (
	"fmt"
	"io/ioutil"
	"os"
	"path/filepath"
	"strings"
	"syscall"

	"github.com/rfjakob/gocryptfs/internal/configfile"
	"github.com/rfjakob/gocryptfs/internal/cryptocore"
	"github.com/rfjakob/gocryptfs/internal/exitcodes"
	"github.com/rfjakob/gocryptfs/internal/nametransform"
	"github.com/rfjakob/gocryptfs/internal/readpassword"
	"github.com/rfjakob/gocryptfs/internal/syscallcompat"
	"github.com/rfjakob/gocryptfs/internal/tlog"
)

// isEmptyDir checks if "dir" exists and is an empty directory.
// Returns an *os.PathError if Stat() on the path fails.
func isEmptyDir(dir string) error {
	err := isDir(dir)
	if err != nil {
		return err
	}
	entries, err := ioutil.ReadDir(dir)
	if err != nil {
		return err
	}
	if len(entries) == 0 {
		return nil
	}
	return fmt.Errorf("directory %s not empty", dir)
}

// isDir checks if "dir" exists and is a directory.
func isDir(dir string) error {
	fi, err := os.Stat(dir)
	if err != nil {
		return err
	}
	if !fi.IsDir() {
		return fmt.Errorf("%s is not a directory", dir)
	}
	return nil
}

// initDir handles "gocryptfs -init". It prepares a directory for use as a
// gocryptfs storage directory.
// In forward mode, this means creating the gocryptfs.conf and gocryptfs.diriv
// files in an empty directory.
// In reverse mode, we create .gocryptfs.reverse.conf and the directory does
// not need to be empty.
func initDir(args *argContainer) {
	var err error
	if args.reverse {
		_, err = os.Stat(args.config)
		if err == nil {
			tlog.Fatal.Printf("Config file %q already exists", args.config)
			os.Exit(exitcodes.Init)
		}
	} else {
		err = isEmptyDir(args.cipherdir)
		if err != nil {
			tlog.Fatal.Printf("Invalid cipherdir: %v", err)
			os.Exit(exitcodes.Init)
		}
	}
	// Choose password for config file
	if args.extpass.Empty() {
		tlog.Info.Printf("Choose a password for protecting your files.")
	}
	{
		var password []byte
		var trezorPayload []byte
		if args.trezor {
			trezorPayload = cryptocore.RandBytes(readpassword.TrezorPayloadLen)
			// Get binary data from from Trezor
			password = readpassword.Trezor(trezorPayload)
		} else {
			// Normal password entry
			password = readpassword.Twice([]string(args.extpass), args.passfile)
		}
		creator := tlog.ProgramName + " " + GitVersion
		err = configfile.Create(args.config, password, args.plaintextnames,
			args.scryptn, creator, args.aessiv, args.devrandom, trezorPayload)
		if err != nil {
			tlog.Fatal.Println(err)
			os.Exit(exitcodes.WriteConf)
		}
		for i := range password {
			password[i] = 0
		}
		// password runs out of scope here
	}
	// Forward mode with filename encryption enabled needs a gocryptfs.diriv file
	// in the root dir
	if !args.plaintextnames && !args.reverse {
		// Open cipherdir (following symlinks)
		dirfd, err := syscall.Open(args.cipherdir, syscall.O_DIRECTORY|syscallcompat.O_PATH, 0)
		if err == nil {
			err = nametransform.WriteDirIVAt(dirfd)
			syscall.Close(dirfd)
		}
		if err != nil {
			tlog.Fatal.Println(err)
			os.Exit(exitcodes.Init)
		}
	}
	mountArgs := ""
	fsName := "gocryptfs"
	if args.reverse {
		mountArgs = " -reverse"
		fsName = "gocryptfs-reverse"
	}
	tlog.Info.Printf(tlog.ColorGreen+"The %s filesystem has been created successfully."+tlog.ColorReset,
		fsName)
	wd, _ := os.Getwd()
	friendlyPath, _ := filepath.Rel(wd, args.cipherdir)
	if strings.HasPrefix(friendlyPath, "../") {
		// A relative path that starts with "../" is pretty unfriendly, just
		// keep the absolute path.
		friendlyPath = args.cipherdir
	}
	if strings.Contains(friendlyPath, " ") {
		friendlyPath = "\"" + friendlyPath + "\""
	}
	tlog.Info.Printf(tlog.ColorGrey+"You can now mount it using: %s%s %s MOUNTPOINT"+tlog.ColorReset,
		tlog.ProgramName, mountArgs, friendlyPath)
}
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`package main`

			`import (`
main: move and rename checkDir() helper To avoid confusion with fsck, rename to isDir() and move the functions into init_dir.go. 2018-04-01 12:31:44 +02:00			`"fmt"`
			`"io/ioutil"`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`"os"`
			`"path/filepath"`
			`"strings"`
nametransform: simplify WriteDirIV to WriteDirIVAt Un-spaghettify the function and let the callers open the directory. 2019-01-03 13:32:13 +01:00			`"syscall"`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00
			`"github.com/rfjakob/gocryptfs/internal/configfile"`
trezor: add TrezorPayload TrezorPayload stores 32 random bytes used for unlocking the master key using a Trezor security module. The randomness makes sure that a unique unlock value is used for each gocryptfs filesystem. 2018-06-25 22:27:15 +02:00			`"github.com/rfjakob/gocryptfs/internal/cryptocore"`
exitcodes: pull all exit code definitions into the package This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 . 2017-05-07 22:15:01 +02:00			`"github.com/rfjakob/gocryptfs/internal/exitcodes"`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`"github.com/rfjakob/gocryptfs/internal/nametransform"`
			`"github.com/rfjakob/gocryptfs/internal/readpassword"`
nametransform: simplify WriteDirIV to WriteDirIVAt Un-spaghettify the function and let the callers open the directory. 2019-01-03 13:32:13 +01:00			`"github.com/rfjakob/gocryptfs/internal/syscallcompat"`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`"github.com/rfjakob/gocryptfs/internal/tlog"`
			`)`

Rename isDirEmpty -> isEmptyDir The function actually answers the question: "is this an empty dir"? 2019-08-04 14:13:00 +02:00			`// isEmptyDir checks if "dir" exists and is an empty directory.`
main: move and rename checkDir() helper To avoid confusion with fsck, rename to isDir() and move the functions into init_dir.go. 2018-04-01 12:31:44 +02:00			`// Returns an *os.PathError if Stat() on the path fails.`
Rename isDirEmpty -> isEmptyDir The function actually answers the question: "is this an empty dir"? 2019-08-04 14:13:00 +02:00			`func isEmptyDir(dir string) error {`
main: move and rename checkDir() helper To avoid confusion with fsck, rename to isDir() and move the functions into init_dir.go. 2018-04-01 12:31:44 +02:00			`err := isDir(dir)`
			`if err != nil {`
			`return err`
			`}`
			`entries, err := ioutil.ReadDir(dir)`
			`if err != nil {`
			`return err`
			`}`
			`if len(entries) == 0 {`
			`return nil`
			`}`
			`return fmt.Errorf("directory %s not empty", dir)`
			`}`

			`// isDir checks if "dir" exists and is a directory.`
			`func isDir(dir string) error {`
			`fi, err := os.Stat(dir)`
			`if err != nil {`
			`return err`
			`}`
			`if !fi.IsDir() {`
			`return fmt.Errorf("%s is not a directory", dir)`
			`}`
			`return nil`
			`}`

trezor: add skeleton for Trezor support readpassword.Trezor() is not implemented yet and returns a hardcoded dummy key. 2018-06-17 15:25:09 +02:00			`// initDir handles "gocryptfs -init". It prepares a directory for use as a`
			`// gocryptfs storage directory.`
reverse: enable init functionality 2016-09-20 20:15:55 +02:00			`// In forward mode, this means creating the gocryptfs.conf and gocryptfs.diriv`
			`// files in an empty directory.`
			`// In reverse mode, we create .gocryptfs.reverse.conf and the directory does`
trezor: add skeleton for Trezor support readpassword.Trezor() is not implemented yet and returns a hardcoded dummy key. 2018-06-17 15:25:09 +02:00			`// not need to be empty.`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`func initDir(args *argContainer) {`
reverse: enable init functionality 2016-09-20 20:15:55 +02:00			`var err error`
main: init: refuse overwriting .gocryptfs.reverse.conf 2016-09-20 22:49:23 +02:00			`if args.reverse {`
			`_, err = os.Stat(args.config)`
			`if err == nil {`
			`tlog.Fatal.Printf("Config file %q already exists", args.config)`
exitcodes: pull all exit code definitions into the package This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 . 2017-05-07 22:15:01 +02:00			`os.Exit(exitcodes.Init)`
main: init: refuse overwriting .gocryptfs.reverse.conf 2016-09-20 22:49:23 +02:00			`}`
			`} else {`
Rename isDirEmpty -> isEmptyDir The function actually answers the question: "is this an empty dir"? 2019-08-04 14:13:00 +02:00			`err = isEmptyDir(args.cipherdir)`
reverse: enable init functionality 2016-09-20 20:15:55 +02:00			`if err != nil {`
			`tlog.Fatal.Printf("Invalid cipherdir: %v", err)`
exitcodes: pull all exit code definitions into the package This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 . 2017-05-07 22:15:01 +02:00			`os.Exit(exitcodes.Init)`
reverse: enable init functionality 2016-09-20 20:15:55 +02:00			`}`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`}`
reverse: enable init functionality 2016-09-20 20:15:55 +02:00			`// Choose password for config file`
Allow multiple -extpass arguments To support arguments containing spaces, -extpass can now be passed multiple times. https://github.com/rfjakob/gocryptfs/issues/289 2019-03-03 13:25:30 +01:00			`if args.extpass.Empty() {`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`tlog.Info.Printf("Choose a password for protecting your files.")`
			`}`
main: overwrite keys and let them run out of scope As soon as we don't need them anymore, overwrite keys with zeros. Make sure they run out of scope so we don't create a risk of inadvertedly using all-zero keys for encryption. https://github.com/rfjakob/gocryptfs/issues/211 2018-02-18 12:42:22 +01:00			`{`
trezor: add skeleton for Trezor support readpassword.Trezor() is not implemented yet and returns a hardcoded dummy key. 2018-06-17 15:25:09 +02:00			`var password []byte`
trezor: add TrezorPayload TrezorPayload stores 32 random bytes used for unlocking the master key using a Trezor security module. The randomness makes sure that a unique unlock value is used for each gocryptfs filesystem. 2018-06-25 22:27:15 +02:00			`var trezorPayload []byte`
trezor: add skeleton for Trezor support readpassword.Trezor() is not implemented yet and returns a hardcoded dummy key. 2018-06-17 15:25:09 +02:00			`if args.trezor {`
trezor: add TrezorPayload TrezorPayload stores 32 random bytes used for unlocking the master key using a Trezor security module. The randomness makes sure that a unique unlock value is used for each gocryptfs filesystem. 2018-06-25 22:27:15 +02:00			`trezorPayload = cryptocore.RandBytes(readpassword.TrezorPayloadLen)`
trezor: add skeleton for Trezor support readpassword.Trezor() is not implemented yet and returns a hardcoded dummy key. 2018-06-17 15:25:09 +02:00			`// Get binary data from from Trezor`
trezor: add TrezorPayload TrezorPayload stores 32 random bytes used for unlocking the master key using a Trezor security module. The randomness makes sure that a unique unlock value is used for each gocryptfs filesystem. 2018-06-25 22:27:15 +02:00			`password = readpassword.Trezor(trezorPayload)`
trezor: add skeleton for Trezor support readpassword.Trezor() is not implemented yet and returns a hardcoded dummy key. 2018-06-17 15:25:09 +02:00			`} else {`
			`// Normal password entry`
Allow multiple -extpass arguments To support arguments containing spaces, -extpass can now be passed multiple times. https://github.com/rfjakob/gocryptfs/issues/289 2019-03-03 13:25:30 +01:00			`password = readpassword.Twice([]string(args.extpass), args.passfile)`
trezor: add skeleton for Trezor support readpassword.Trezor() is not implemented yet and returns a hardcoded dummy key. 2018-06-17 15:25:09 +02:00			`}`
main: overwrite keys and let them run out of scope As soon as we don't need them anymore, overwrite keys with zeros. Make sure they run out of scope so we don't create a risk of inadvertedly using all-zero keys for encryption. https://github.com/rfjakob/gocryptfs/issues/211 2018-02-18 12:42:22 +01:00			`creator := tlog.ProgramName + " " + GitVersion`
configfile: reduce function name stutter configfile.LoadConfFile() -> configfile.Load() configfile.CreateConfFile() -> configfile.Create() 2018-06-25 22:02:05 +02:00			`err = configfile.Create(args.config, password, args.plaintextnames,`
trezor: add TrezorPayload TrezorPayload stores 32 random bytes used for unlocking the master key using a Trezor security module. The randomness makes sure that a unique unlock value is used for each gocryptfs filesystem. 2018-06-25 22:27:15 +02:00			`args.scryptn, creator, args.aessiv, args.devrandom, trezorPayload)`
main: overwrite keys and let them run out of scope As soon as we don't need them anymore, overwrite keys with zeros. Make sure they run out of scope so we don't create a risk of inadvertedly using all-zero keys for encryption. https://github.com/rfjakob/gocryptfs/issues/211 2018-02-18 12:42:22 +01:00			`if err != nil {`
			`tlog.Fatal.Println(err)`
			`os.Exit(exitcodes.WriteConf)`
			`}`
main: zero password once we are done with it Overwrite the password we have got from the user with zeros once we don't need it anymore, and make sure the variable runs out of scope. 2018-02-18 15:22:22 +01:00			`for i := range password {`
			`password[i] = 0`
			`}`
main: overwrite keys and let them run out of scope As soon as we don't need them anymore, overwrite keys with zeros. Make sure they run out of scope so we don't create a risk of inadvertedly using all-zero keys for encryption. https://github.com/rfjakob/gocryptfs/issues/211 2018-02-18 12:42:22 +01:00			`// password runs out of scope here`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`}`
trezor: add skeleton for Trezor support readpassword.Trezor() is not implemented yet and returns a hardcoded dummy key. 2018-06-17 15:25:09 +02:00			`// Forward mode with filename encryption enabled needs a gocryptfs.diriv file`
reverse: enable init functionality 2016-09-20 20:15:55 +02:00			`// in the root dir`
			`if !args.plaintextnames && !args.reverse {`
nametransform: simplify WriteDirIV to WriteDirIVAt Un-spaghettify the function and let the callers open the directory. 2019-01-03 13:32:13 +01:00			`// Open cipherdir (following symlinks)`
Omit syscall.O_RDONLY flag when passing O_PATH. When O_PATH is specified in flags, flag bits other than O_CLOEXEC, O_DIRECTORY, and O_NOFOLLOW are ignored. 2019-01-03 18:11:07 +01:00			`dirfd, err := syscall.Open(args.cipherdir, syscall.O_DIRECTORY\|syscallcompat.O_PATH, 0)`
nametransform: simplify WriteDirIV to WriteDirIVAt Un-spaghettify the function and let the callers open the directory. 2019-01-03 13:32:13 +01:00			`if err == nil {`
			`err = nametransform.WriteDirIVAt(dirfd)`
			`syscall.Close(dirfd)`
			`}`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`if err != nil {`
			`tlog.Fatal.Println(err)`
exitcodes: pull all exit code definitions into the package This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 . 2017-05-07 22:15:01 +02:00			`os.Exit(exitcodes.Init)`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`}`
			`}`
reverse: add gcmsiv flag and associated tests 2016-09-25 15:05:09 +02:00			`mountArgs := ""`
			`fsName := "gocryptfs"`
			`if args.reverse {`
			`mountArgs = " -reverse"`
			`fsName = "gocryptfs-reverse"`
			`}`
			`tlog.Info.Printf(tlog.ColorGreen+"The %s filesystem has been created successfully."+tlog.ColorReset,`
			`fsName)`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`wd, _ := os.Getwd()`
			`friendlyPath, _ := filepath.Rel(wd, args.cipherdir)`
			`if strings.HasPrefix(friendlyPath, "../") {`
			`// A relative path that starts with "../" is pretty unfriendly, just`
			`// keep the absolute path.`
			`friendlyPath = args.cipherdir`
			`}`
main: init: handle spaces in mount suggestion message Before: You can now mount it using: gocryptfs a x MOUNTPOINT After: You can now mount it using: gocryptfs "a x" MOUNTPOINT This is still not bulletproof but should handle the common case of having a space in the directory name. After all, it's only a suggestion. 2016-10-09 18:27:03 +02:00			`if strings.Contains(friendlyPath, " ") {`
			`friendlyPath = "\"" + friendlyPath + "\""`
			`}`
reverse: add gcmsiv flag and associated tests 2016-09-25 15:05:09 +02:00			`tlog.Info.Printf(tlog.ColorGrey+"You can now mount it using: %s%s %s MOUNTPOINT"+tlog.ColorReset,`
			`tlog.ProgramName, mountArgs, friendlyPath)`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`}`