From 0ec17c3939ea89b353d9419da591a75fe44df6a2 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Mon, 2 Nov 2015 23:08:51 +0100 Subject: [PATCH] Add "--plaintextnames" option Also, gather all the command line arguments into an anonymous struct "args". --- cryptfs/config_file.go | 10 +++-- main.go | 83 ++++++++++++++++++++++-------------------- 2 files changed, 50 insertions(+), 43 deletions(-) diff --git a/cryptfs/config_file.go b/cryptfs/config_file.go index 16a3eec..de3054a 100644 --- a/cryptfs/config_file.go +++ b/cryptfs/config_file.go @@ -22,11 +22,13 @@ type ConfFile struct { ScryptObject scryptKdf // The On-Disk-Format version this filesystem uses Version uint16 + // Do not encrypt filenames + PlaintextNames bool } // CreateConfFile - create a new config with a random key encrypted with // "password" and write it to "filename" -func CreateConfFile(filename string, password string) error { +func CreateConfFile(filename string, password string, plaintextNames bool) error { var cf ConfFile cf.filename = filename @@ -39,10 +41,10 @@ func CreateConfFile(filename string, password string) error { cf.Version = HEADER_CURRENT_VERSION - // Write file to disk - err := cf.WriteFile() + cf.PlaintextNames = plaintextNames - return err + // Write file to disk + return cf.WriteFile() } // LoadConfFile - read config file from disk and decrypt the diff --git a/main.go b/main.go index 6a1ac3e..cf82ad2 100644 --- a/main.go +++ b/main.go @@ -36,7 +36,7 @@ const ( // GitVersion will be set by the build script "build.bash" var GitVersion = "[version not set - please compile using ./build.bash]" -func initDir(dirArg string) { +func initDir(dirArg string, plaintextNames bool) { dir, _ := filepath.Abs(dirArg) err := checkDirEmpty(dir) @@ -48,7 +48,7 @@ func initDir(dirArg string) { confName := filepath.Join(dir, cryptfs.ConfDefaultName) fmt.Printf("Choose a password for protecting your files.\n") password := readPasswordTwice() - err = cryptfs.CreateConfFile(confName, password) + err = cryptfs.CreateConfFile(confName, password, plaintextNames) if err != nil { fmt.Println(err) os.Exit(ERREXIT_INIT) @@ -67,55 +67,60 @@ func main() { runtime.GOMAXPROCS(4) // Parse command line arguments - var debug, init, zerokey, fusedebug, openssl, passwd, foreground, version bool - var masterkey, mountpoint, cipherdir string + var args struct { + debug, init, zerokey, fusedebug, openssl, passwd, foreground, version, + plaintextnames bool + masterkey, mountpoint, cipherdir string + cpuprofile *string + } flag.Usage = usageText - flag.BoolVar(&debug, "debug", false, "Enable debug output") - flag.BoolVar(&fusedebug, "fusedebug", false, "Enable fuse library debug output") - flag.BoolVar(&init, "init", false, "Initialize encrypted directory") - flag.BoolVar(&zerokey, "zerokey", false, "Use all-zero dummy master key") - flag.BoolVar(&openssl, "openssl", true, "Use OpenSSL instead of built-in Go crypto") - flag.BoolVar(&passwd, "passwd", false, "Change password") - flag.BoolVar(&foreground, "f", false, "Stay in the foreground") - flag.BoolVar(&version, "version", false, "Print version and exit") - flag.StringVar(&masterkey, "masterkey", "", "Mount with explicit master key") - var cpuprofile = flag.String("cpuprofile", "", "Write cpu profile to specified file") + flag.BoolVar(&args.debug, "debug", false, "Enable debug output") + flag.BoolVar(&args.fusedebug, "fusedebug", false, "Enable fuse library debug output") + flag.BoolVar(&args.init, "init", false, "Initialize encrypted directory") + flag.BoolVar(&args.zerokey, "zerokey", false, "Use all-zero dummy master key") + flag.BoolVar(&args.openssl, "openssl", true, "Use OpenSSL instead of built-in Go crypto") + flag.BoolVar(&args.passwd, "passwd", false, "Change password") + flag.BoolVar(&args.foreground, "f", false, "Stay in the foreground") + flag.BoolVar(&args.version, "version", false, "Print version and exit") + flag.BoolVar(&args.plaintextnames, "plaintextnames", false, "Do not encrypt file names") + flag.StringVar(&args.masterkey, "masterkey", "", "Mount with explicit master key") + args.cpuprofile = flag.String("cpuprofile", "", "Write cpu profile to specified file") flag.Parse() - if version { + if args.version { fmt.Printf("%s %s; ", PROGRAM_NAME, GitVersion) fmt.Printf("on-disk format %d\n", cryptfs.HEADER_CURRENT_VERSION) os.Exit(0) } - if !foreground { + if !args.foreground { daemonize() // does not return } - if *cpuprofile != "" { - f, err := os.Create(*cpuprofile) + if *args.cpuprofile != "" { + f, err := os.Create(*args.cpuprofile) if err != nil { fmt.Println(err) os.Exit(ERREXIT_INIT) } - fmt.Printf("Writing CPU profile to %s\n", *cpuprofile) + fmt.Printf("Writing CPU profile to %s\n", *args.cpuprofile) pprof.StartCPUProfile(f) defer pprof.StopCPUProfile() } - if debug { + if args.debug { cryptfs.Debug.Enable() cryptfs.Debug.Printf("Debug output enabled\n") } - if openssl == false { + if args.openssl == false { fmt.Printf("Openssl disabled\n") } - if init { + if args.init { if flag.NArg() != 1 { fmt.Printf("Usage: %s --init CIPHERDIR\n", PROGRAM_NAME) os.Exit(ERREXIT_USAGE) } - initDir(flag.Arg(0)) // does not return + initDir(flag.Arg(0), args.plaintextnames) // does not return } - if passwd { + if args.passwd { if flag.NArg() != 1 { fmt.Printf("Usage: %s --passwd CIPHERDIR\n", PROGRAM_NAME) os.Exit(ERREXIT_USAGE) @@ -126,15 +131,15 @@ func main() { usageText() os.Exit(ERREXIT_USAGE) } - mountpoint, _ = filepath.Abs(flag.Arg(1)) - err := checkDirEmpty(mountpoint) + args.mountpoint, _ = filepath.Abs(flag.Arg(1)) + err := checkDirEmpty(args.mountpoint) if err != nil { fmt.Printf("Invalid MOUNTPOINT: %v\n", err) os.Exit(ERREXIT_MOUNTPOINT) } } - cipherdir, _ = filepath.Abs(flag.Arg(0)) - err := checkDir(cipherdir) + args.cipherdir, _ = filepath.Abs(flag.Arg(0)) + err := checkDir(args.cipherdir) if err != nil { fmt.Printf("Invalid CIPHERDIR: %v\n", err) os.Exit(ERREXIT_CIPHERDIR) @@ -143,20 +148,20 @@ func main() { var cf *cryptfs.ConfFile var currentPassword string key := make([]byte, cryptfs.KEY_LEN) - if zerokey { + if args.zerokey { fmt.Printf("Zerokey mode active: using all-zero dummy master key.\n") - } else if len(masterkey) > 0 { - key = parseMasterKey(masterkey) + } else if len(args.masterkey) > 0 { + key = parseMasterKey(args.masterkey) fmt.Printf("Using explicit master key.\n") } else { - cfname := filepath.Join(cipherdir, cryptfs.ConfDefaultName) + cfname := filepath.Join(args.cipherdir, cryptfs.ConfDefaultName) _, err = os.Stat(cfname) if err != nil { fmt.Printf("Error: %s not found in CIPHERDIR\n", cryptfs.ConfDefaultName) fmt.Printf("Please run \"%s --init %s\" first\n", os.Args[0], flag.Arg(0)) os.Exit(ERREXIT_LOADCONF) } - if passwd == true { + if args.passwd == true { fmt.Printf("Old password: ") } else { fmt.Printf("Password: ") @@ -172,7 +177,7 @@ func main() { } fmt.Printf("done.\n") } - if passwd == true { + if args.passwd == true { fmt.Printf("Please enter the new password.\n") newPassword := readPasswordTwice() if newPassword == currentPassword { @@ -189,13 +194,13 @@ func main() { os.Exit(0) } - srv := pathfsFrontend(key, cipherdir, mountpoint, fusedebug, openssl) + srv := pathfsFrontend(key, args.cipherdir, args.mountpoint, args.fusedebug, args.openssl) - if zerokey == false && len(masterkey) == 0 { + if args.zerokey == false && len(args.masterkey) == 0 { printMasterKey(key) - } else if zerokey == true { + } else if args.zerokey == true { fmt.Printf("ZEROKEY MODE PROVIDES NO SECURITY AT ALL AND SHOULD ONLY BE USED FOR TESTING.\n") - } else if len(masterkey) > 0 { + } else if len(args.masterkey) > 0 { fmt.Printf("THE MASTER KEY IS VISIBLE VIA \"ps -auxwww\", ONLY USE THIS MODE FOR EMERGENCIES.\n") } @@ -204,7 +209,7 @@ func main() { sendUsr1() // Wait for SIGING in the background and unmount ourselves if we get it // This prevents a dangling "Transport endpoint is not connected" mountpoint - handleSigint(srv, mountpoint) + handleSigint(srv, args.mountpoint) // Jump into server loop. Returns when it gets an umount request from the kernel. srv.Serve() // main returns with code 0