2016-09-20 19:59:08 +02:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2018-04-01 12:31:44 +02:00
|
|
|
"fmt"
|
|
|
|
"io/ioutil"
|
2016-09-20 19:59:08 +02:00
|
|
|
"os"
|
|
|
|
"path/filepath"
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
"github.com/rfjakob/gocryptfs/internal/configfile"
|
2018-06-25 22:27:15 +02:00
|
|
|
"github.com/rfjakob/gocryptfs/internal/cryptocore"
|
2017-05-07 22:15:01 +02:00
|
|
|
"github.com/rfjakob/gocryptfs/internal/exitcodes"
|
2016-09-20 19:59:08 +02:00
|
|
|
"github.com/rfjakob/gocryptfs/internal/nametransform"
|
|
|
|
"github.com/rfjakob/gocryptfs/internal/readpassword"
|
|
|
|
"github.com/rfjakob/gocryptfs/internal/tlog"
|
|
|
|
)
|
|
|
|
|
2018-04-01 12:31:44 +02:00
|
|
|
// isDirEmpty checks if "dir" exists and is an empty directory.
|
|
|
|
// Returns an *os.PathError if Stat() on the path fails.
|
|
|
|
func isDirEmpty(dir string) error {
|
|
|
|
err := isDir(dir)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
entries, err := ioutil.ReadDir(dir)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if len(entries) == 0 {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return fmt.Errorf("directory %s not empty", dir)
|
|
|
|
}
|
|
|
|
|
|
|
|
// isDir checks if "dir" exists and is a directory.
|
|
|
|
func isDir(dir string) error {
|
|
|
|
fi, err := os.Stat(dir)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if !fi.IsDir() {
|
|
|
|
return fmt.Errorf("%s is not a directory", dir)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-06-17 15:25:09 +02:00
|
|
|
// initDir handles "gocryptfs -init". It prepares a directory for use as a
|
|
|
|
// gocryptfs storage directory.
|
2016-09-20 20:15:55 +02:00
|
|
|
// In forward mode, this means creating the gocryptfs.conf and gocryptfs.diriv
|
|
|
|
// files in an empty directory.
|
|
|
|
// In reverse mode, we create .gocryptfs.reverse.conf and the directory does
|
2018-06-17 15:25:09 +02:00
|
|
|
// not need to be empty.
|
2016-09-20 19:59:08 +02:00
|
|
|
func initDir(args *argContainer) {
|
2016-09-20 20:15:55 +02:00
|
|
|
var err error
|
2016-09-20 22:49:23 +02:00
|
|
|
if args.reverse {
|
|
|
|
_, err = os.Stat(args.config)
|
|
|
|
if err == nil {
|
|
|
|
tlog.Fatal.Printf("Config file %q already exists", args.config)
|
2017-05-07 22:15:01 +02:00
|
|
|
os.Exit(exitcodes.Init)
|
2016-09-20 22:49:23 +02:00
|
|
|
}
|
|
|
|
} else {
|
2018-04-01 12:31:44 +02:00
|
|
|
err = isDirEmpty(args.cipherdir)
|
2016-09-20 20:15:55 +02:00
|
|
|
if err != nil {
|
|
|
|
tlog.Fatal.Printf("Invalid cipherdir: %v", err)
|
2017-05-07 22:15:01 +02:00
|
|
|
os.Exit(exitcodes.Init)
|
2016-09-20 20:15:55 +02:00
|
|
|
}
|
2016-09-20 19:59:08 +02:00
|
|
|
}
|
2016-09-20 20:15:55 +02:00
|
|
|
// Choose password for config file
|
2016-09-20 19:59:08 +02:00
|
|
|
if args.extpass == "" {
|
|
|
|
tlog.Info.Printf("Choose a password for protecting your files.")
|
|
|
|
}
|
2018-02-18 12:42:22 +01:00
|
|
|
{
|
2018-06-17 15:25:09 +02:00
|
|
|
var password []byte
|
2018-06-25 22:27:15 +02:00
|
|
|
var trezorPayload []byte
|
2018-06-17 15:25:09 +02:00
|
|
|
if args.trezor {
|
2018-06-25 22:27:15 +02:00
|
|
|
trezorPayload = cryptocore.RandBytes(readpassword.TrezorPayloadLen)
|
2018-06-17 15:25:09 +02:00
|
|
|
// Get binary data from from Trezor
|
2018-06-25 22:27:15 +02:00
|
|
|
password = readpassword.Trezor(trezorPayload)
|
2018-06-17 15:25:09 +02:00
|
|
|
} else {
|
|
|
|
// Normal password entry
|
|
|
|
password = readpassword.Twice(args.extpass)
|
|
|
|
readpassword.CheckTrailingGarbage()
|
|
|
|
}
|
2018-02-18 12:42:22 +01:00
|
|
|
creator := tlog.ProgramName + " " + GitVersion
|
2018-06-25 22:02:05 +02:00
|
|
|
err = configfile.Create(args.config, password, args.plaintextnames,
|
2018-06-25 22:27:15 +02:00
|
|
|
args.scryptn, creator, args.aessiv, args.devrandom, trezorPayload)
|
2018-02-18 12:42:22 +01:00
|
|
|
if err != nil {
|
|
|
|
tlog.Fatal.Println(err)
|
|
|
|
os.Exit(exitcodes.WriteConf)
|
|
|
|
}
|
2018-02-18 15:22:22 +01:00
|
|
|
for i := range password {
|
|
|
|
password[i] = 0
|
|
|
|
}
|
2018-02-18 12:42:22 +01:00
|
|
|
// password runs out of scope here
|
2016-09-20 19:59:08 +02:00
|
|
|
}
|
2018-06-17 15:25:09 +02:00
|
|
|
// Forward mode with filename encryption enabled needs a gocryptfs.diriv file
|
2016-09-20 20:15:55 +02:00
|
|
|
// in the root dir
|
|
|
|
if !args.plaintextnames && !args.reverse {
|
2017-11-29 13:21:28 +01:00
|
|
|
err = nametransform.WriteDirIV(nil, args.cipherdir)
|
2016-09-20 19:59:08 +02:00
|
|
|
if err != nil {
|
|
|
|
tlog.Fatal.Println(err)
|
2017-05-07 22:15:01 +02:00
|
|
|
os.Exit(exitcodes.Init)
|
2016-09-20 19:59:08 +02:00
|
|
|
}
|
|
|
|
}
|
2016-09-25 15:05:09 +02:00
|
|
|
mountArgs := ""
|
|
|
|
fsName := "gocryptfs"
|
|
|
|
if args.reverse {
|
|
|
|
mountArgs = " -reverse"
|
|
|
|
fsName = "gocryptfs-reverse"
|
|
|
|
}
|
|
|
|
tlog.Info.Printf(tlog.ColorGreen+"The %s filesystem has been created successfully."+tlog.ColorReset,
|
|
|
|
fsName)
|
2016-09-20 19:59:08 +02:00
|
|
|
wd, _ := os.Getwd()
|
|
|
|
friendlyPath, _ := filepath.Rel(wd, args.cipherdir)
|
|
|
|
if strings.HasPrefix(friendlyPath, "../") {
|
|
|
|
// A relative path that starts with "../" is pretty unfriendly, just
|
|
|
|
// keep the absolute path.
|
|
|
|
friendlyPath = args.cipherdir
|
|
|
|
}
|
2016-10-09 18:27:03 +02:00
|
|
|
if strings.Contains(friendlyPath, " ") {
|
|
|
|
friendlyPath = "\"" + friendlyPath + "\""
|
|
|
|
}
|
2016-09-25 15:05:09 +02:00
|
|
|
tlog.Info.Printf(tlog.ColorGrey+"You can now mount it using: %s%s %s MOUNTPOINT"+tlog.ColorReset,
|
|
|
|
tlog.ProgramName, mountArgs, friendlyPath)
|
2016-09-20 19:59:08 +02:00
|
|
|
}
|