configfile: warn about missing feature flags
The plan is to drop support for the oldest filesystem versions in gocryptfs v1.0. For now, we only warn the user.
This commit is contained in:
parent
cc5d5a3fcd
commit
0f4d350136
@ -92,12 +92,40 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
|
|||||||
return nil, nil, fmt.Errorf("Unsupported on-disk format %d", cf.Version)
|
return nil, nil, fmt.Errorf("Unsupported on-disk format %d", cf.Version)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check that all set feature flags are known
|
||||||
for _, flag := range cf.FeatureFlags {
|
for _, flag := range cf.FeatureFlags {
|
||||||
if cf.isFeatureFlagKnown(flag) == false {
|
if !cf.isFeatureFlagKnown(flag) {
|
||||||
return nil, nil, fmt.Errorf("Unsupported feature flag %s", flag)
|
return nil, nil, fmt.Errorf("Unsupported feature flag %q", flag)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check that all required feature flags are set
|
||||||
|
var requiredFlags []flagIota
|
||||||
|
if cf.IsFeatureFlagSet(FlagPlaintextNames) {
|
||||||
|
requiredFlags = requiredFlagsPlaintextNames
|
||||||
|
} else {
|
||||||
|
requiredFlags = requiredFlagsNormal
|
||||||
|
}
|
||||||
|
deprecatedFs := false
|
||||||
|
for _, i := range requiredFlags {
|
||||||
|
if !cf.IsFeatureFlagSet(i) {
|
||||||
|
// For now, warn but continue.
|
||||||
|
fmt.Printf("Deprecated filesystem: feature flag %q is missing\n", knownFlags[i])
|
||||||
|
deprecatedFs = true
|
||||||
|
//return nil, nil, fmt.Errorf("Required feature flag %q is missing", knownFlags[i])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if deprecatedFs {
|
||||||
|
fmt.Printf("\033[33m" + `
|
||||||
|
This filesystem was created by gocryptfs v0.6 or earlier. You are missing
|
||||||
|
security improvements. gocryptfs v1.0 is scheduled to drop support for this
|
||||||
|
filesystem, please upgrade!
|
||||||
|
If you disagree with the plan or have trouble upgrading, please join the
|
||||||
|
discussion at https://github.com/rfjakob/gocryptfs/issues/29 .
|
||||||
|
|
||||||
|
` + "\033[0m")
|
||||||
|
}
|
||||||
|
|
||||||
// Generate derived key from password
|
// Generate derived key from password
|
||||||
scryptHash := cf.ScryptObject.DeriveKey(password)
|
scryptHash := cf.ScryptObject.DeriveKey(password)
|
||||||
|
|
||||||
|
@ -19,6 +19,19 @@ var knownFlags map[flagIota]string = map[flagIota]string{
|
|||||||
FlagLongNames: "LongNames",
|
FlagLongNames: "LongNames",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Filesystems that do not have these feature flags set are deprecated.
|
||||||
|
var requiredFlagsNormal []flagIota = []flagIota{
|
||||||
|
FlagDirIV,
|
||||||
|
FlagEMENames,
|
||||||
|
FlagGCMIV128,
|
||||||
|
}
|
||||||
|
|
||||||
|
// Filesystems without filename encryption obviously don't have or need the
|
||||||
|
// related feature flags.
|
||||||
|
var requiredFlagsPlaintextNames []flagIota = []flagIota{
|
||||||
|
FlagGCMIV128,
|
||||||
|
}
|
||||||
|
|
||||||
// isFeatureFlagKnown verifies that we understand a feature flag
|
// isFeatureFlagKnown verifies that we understand a feature flag
|
||||||
func (cf *ConfFile) isFeatureFlagKnown(flag string) bool {
|
func (cf *ConfFile) isFeatureFlagKnown(flag string) bool {
|
||||||
for _, knownFlag := range knownFlags {
|
for _, knownFlag := range knownFlags {
|
||||||
|
Loading…
Reference in New Issue
Block a user