main: don't read the config file twice (fix pipe bug)
Instead, first Load() the file, then DecryptMasterKey(). Fixes https://github.com/rfjakob/gocryptfs/issues/258
This commit is contained in:
parent
2bdf7d5172
commit
ca24c20694
14
main.go
14
main.go
@ -33,10 +33,10 @@ var BuildDate = "0000-00-00"
|
|||||||
var raceDetector bool
|
var raceDetector bool
|
||||||
|
|
||||||
// loadConfig loads the config file "args.config", prompting the user for the password
|
// loadConfig loads the config file "args.config", prompting the user for the password
|
||||||
func loadConfig(args *argContainer) (masterkey []byte, confFile *configfile.ConfFile, err error) {
|
func loadConfig(args *argContainer) (masterkey []byte, cf *configfile.ConfFile, err error) {
|
||||||
// First check if the file can be read at all, and find out if a Trezor should
|
// First check if the file can be read at all, and find out if a Trezor should
|
||||||
// be used instead of a password.
|
// be used instead of a password.
|
||||||
cf1, err := configfile.Load(args.config)
|
cf, err = configfile.Load(args.config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
tlog.Fatal.Printf("Cannot open config file: %v", err)
|
tlog.Fatal.Printf("Cannot open config file: %v", err)
|
||||||
return nil, nil, err
|
return nil, nil, err
|
||||||
@ -45,18 +45,18 @@ func loadConfig(args *argContainer) (masterkey []byte, confFile *configfile.Conf
|
|||||||
// he forgot the password).
|
// he forgot the password).
|
||||||
if args.masterkey != "" {
|
if args.masterkey != "" {
|
||||||
masterkey = parseMasterKey(args.masterkey, false)
|
masterkey = parseMasterKey(args.masterkey, false)
|
||||||
return masterkey, cf1, nil
|
return masterkey, cf, nil
|
||||||
}
|
}
|
||||||
var pw []byte
|
var pw []byte
|
||||||
if cf1.IsFeatureFlagSet(configfile.FlagTrezor) {
|
if cf.IsFeatureFlagSet(configfile.FlagTrezor) {
|
||||||
// Get binary data from from Trezor
|
// Get binary data from from Trezor
|
||||||
pw = readpassword.Trezor(cf1.TrezorPayload)
|
pw = readpassword.Trezor(cf.TrezorPayload)
|
||||||
} else {
|
} else {
|
||||||
// Normal password entry
|
// Normal password entry
|
||||||
pw = readpassword.Once(args.extpass, "")
|
pw = readpassword.Once(args.extpass, "")
|
||||||
}
|
}
|
||||||
tlog.Info.Println("Decrypting master key")
|
tlog.Info.Println("Decrypting master key")
|
||||||
masterkey, confFile, err = configfile.LoadAndDecrypt(args.config, pw)
|
masterkey, err = cf.DecryptMasterKey(pw)
|
||||||
for i := range pw {
|
for i := range pw {
|
||||||
pw[i] = 0
|
pw[i] = 0
|
||||||
}
|
}
|
||||||
@ -65,7 +65,7 @@ func loadConfig(args *argContainer) (masterkey []byte, confFile *configfile.Conf
|
|||||||
tlog.Fatal.Println(err)
|
tlog.Fatal.Println(err)
|
||||||
return nil, nil, err
|
return nil, nil, err
|
||||||
}
|
}
|
||||||
return masterkey, confFile, nil
|
return masterkey, cf, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// changePassword - change the password of config file "filename"
|
// changePassword - change the password of config file "filename"
|
||||||
|
2
mount.go
2
mount.go
@ -94,7 +94,7 @@ func doMount(args *argContainer) {
|
|||||||
}
|
}
|
||||||
// We cannot use JSON for pretty-printing as the fields are unexported
|
// We cannot use JSON for pretty-printing as the fields are unexported
|
||||||
tlog.Debug.Printf("cli args: %#v", args)
|
tlog.Debug.Printf("cli args: %#v", args)
|
||||||
// Initialize gocryptfs
|
// Initialize gocryptfs (read config file, ask for password, ...)
|
||||||
fs, wipeKeys := initFuseFrontend(args)
|
fs, wipeKeys := initFuseFrontend(args)
|
||||||
// Initialize go-fuse FUSE server
|
// Initialize go-fuse FUSE server
|
||||||
srv := initGoFuse(fs, args)
|
srv := initGoFuse(fs, args)
|
||||||
|
@ -495,3 +495,26 @@ func TestExcludeForward(t *testing.T) {
|
|||||||
}
|
}
|
||||||
t.Log(err)
|
t.Log(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check that the config file can be read from a named pipe.
|
||||||
|
// Make sure bug https://github.com/rfjakob/gocryptfs/issues/258 does not come
|
||||||
|
// back.
|
||||||
|
func TestConfigPipe(t *testing.T) {
|
||||||
|
dir := test_helpers.InitFS(t)
|
||||||
|
mnt := dir + ".mnt"
|
||||||
|
err := os.Mkdir(mnt, 0700)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
bashLine := fmt.Sprintf("%s -q -extpass \"echo test\" -config <(cat %s/gocryptfs.conf) %s %s", test_helpers.GocryptfsBinary, dir, dir, mnt)
|
||||||
|
cmd := exec.Command("bash", "-c", bashLine)
|
||||||
|
cmd.Stdout = os.Stdout
|
||||||
|
cmd.Stderr = os.Stdout
|
||||||
|
err = cmd.Run()
|
||||||
|
exitCode := test_helpers.ExtractCmdExitCode(err)
|
||||||
|
if exitCode != 0 {
|
||||||
|
t.Errorf("bash command\n%q\nresulted in exit code %d", bashLine, exitCode)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
test_helpers.UnmountPanic(mnt)
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user