Add "-extpass" cli option and associated tests
This commit is contained in:
parent
066c2c90eb
commit
d95fc2333a
@ -39,6 +39,11 @@ Options:
|
||||
**-debug**
|
||||
: Enable debug output
|
||||
|
||||
**-extpass string**
|
||||
: Use an external program (like ssh-askpass) for the password prompt.
|
||||
The program should return the password on stdout, a trailing newline is
|
||||
stripped by gocryptfs.
|
||||
|
||||
**-f**
|
||||
: Stay in the foreground
|
||||
|
||||
|
@ -6,8 +6,9 @@ package cryptfs
|
||||
// when file names are not encrypted
|
||||
func (be *CryptFS) IsFiltered(path string) bool {
|
||||
// gocryptfs.conf in the root directory is forbidden
|
||||
if be.plaintextNames == true && path == "gocryptfs.conf" {
|
||||
Warn.Printf("The name \"/gocryptfs.conf\" is reserved when \"--plaintextnames\" is used\n")
|
||||
if be.plaintextNames == true && path == ConfDefaultName {
|
||||
Warn.Printf("The name /%s is reserved when -plaintextnames is used\n",
|
||||
ConfDefaultName)
|
||||
return true
|
||||
}
|
||||
return false
|
||||
|
46
integration_tests/cli_test.go
Normal file
46
integration_tests/cli_test.go
Normal file
@ -0,0 +1,46 @@
|
||||
package integration_tests
|
||||
|
||||
// Test CLI operations like "-init", "-password" etc
|
||||
|
||||
import (
|
||||
"os"
|
||||
"os/exec"
|
||||
"testing"
|
||||
|
||||
"github.com/rfjakob/gocryptfs/cryptfs"
|
||||
)
|
||||
|
||||
func TestInit(t *testing.T) {
|
||||
dir := tmpDir + "TestInit/"
|
||||
err := os.Mkdir(dir, 0777)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
cmd := exec.Command(gocryptfsBinary, "-init", "-extpass", "echo test", dir)
|
||||
if testing.Verbose() {
|
||||
cmd.Stdout = os.Stdout
|
||||
cmd.Stderr = os.Stderr
|
||||
}
|
||||
err = cmd.Run()
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
_, err = os.Stat(dir + cryptfs.ConfDefaultName)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
}
|
||||
|
||||
// "dir" has been initialized by TestInit
|
||||
func TestPasswd(t *testing.T) {
|
||||
dir := tmpDir + "TestInit/"
|
||||
cmd := exec.Command(gocryptfsBinary, "-passwd", "-extpass", "echo test", dir)
|
||||
if testing.Verbose() {
|
||||
cmd.Stdout = os.Stdout
|
||||
cmd.Stderr = os.Stderr
|
||||
}
|
||||
err := cmd.Run()
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
}
|
@ -10,13 +10,13 @@ import (
|
||||
"testing"
|
||||
)
|
||||
|
||||
// Note: the code assumes that all have a trailing slash
|
||||
const tmpDir = "/tmp/gocryptfs_main_test/"
|
||||
|
||||
// Mountpoint
|
||||
// Note: the code assumes that both have a trailing slash!
|
||||
const plainDir = tmpDir + "plain/"
|
||||
const cipherDir = tmpDir + "cipher/"
|
||||
|
||||
const gocryptfsBinary = "../gocryptfs"
|
||||
|
||||
func resetTmpDir() {
|
||||
fu := exec.Command("fusermount", "-z", "-u", plainDir)
|
||||
fu.Run()
|
||||
@ -40,11 +40,11 @@ func mount(extraArgs ...string) {
|
||||
//args = append(args, "--fusedebug")
|
||||
args = append(args, cipherDir)
|
||||
args = append(args, plainDir)
|
||||
c := exec.Command("../gocryptfs", args...)
|
||||
// Warning messages clutter the test output. Uncomment if you want to debug
|
||||
// failures.
|
||||
//c.Stdout = os.Stdout
|
||||
//c.Stderr = os.Stderr
|
||||
c := exec.Command(gocryptfsBinary, args...)
|
||||
if testing.Verbose() {
|
||||
c.Stdout = os.Stdout
|
||||
c.Stderr = os.Stderr
|
||||
}
|
||||
err := c.Run()
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
|
23
main.go
23
main.go
@ -44,7 +44,7 @@ func initDir(args *argContainer) {
|
||||
}
|
||||
|
||||
cryptfs.Info.Printf("Choose a password for protecting your files.\n")
|
||||
password := readPasswordTwice()
|
||||
password := readPasswordTwice(args.extpass)
|
||||
err = cryptfs.CreateConfFile(args.config, password, args.plaintextnames)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
@ -66,25 +66,25 @@ func usageText() {
|
||||
type argContainer struct {
|
||||
debug, init, zerokey, fusedebug, openssl, passwd, foreground, version,
|
||||
plaintextnames, quiet bool
|
||||
masterkey, mountpoint, cipherdir, cpuprofile, config string
|
||||
masterkey, mountpoint, cipherdir, cpuprofile, config, extpass string
|
||||
notifypid int
|
||||
}
|
||||
|
||||
var flagSet *flag.FlagSet
|
||||
|
||||
// loadConfig - load the config file "filename", prompting the user for the password
|
||||
func loadConfig(filename string) (masterkey []byte, confFile *cryptfs.ConfFile) {
|
||||
func loadConfig(args *argContainer) (masterkey []byte, confFile *cryptfs.ConfFile) {
|
||||
// Check if the file exists at all before prompting for a password
|
||||
_, err := os.Stat(filename)
|
||||
_, err := os.Stat(args.config)
|
||||
if err != nil {
|
||||
fmt.Print(err)
|
||||
os.Exit(ERREXIT_LOADCONF)
|
||||
}
|
||||
fmt.Printf("Password: ")
|
||||
pw := readPassword()
|
||||
pw := readPassword(args.extpass)
|
||||
cryptfs.Info.Printf("Decrypting master key... ")
|
||||
cryptfs.Warn.Disable() // Silence DecryptBlock() error messages on incorrect password
|
||||
masterkey, confFile, err = cryptfs.LoadConfFile(filename, pw)
|
||||
masterkey, confFile, err = cryptfs.LoadConfFile(args.config, pw)
|
||||
cryptfs.Warn.Enable()
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
@ -97,10 +97,10 @@ func loadConfig(filename string) (masterkey []byte, confFile *cryptfs.ConfFile)
|
||||
}
|
||||
|
||||
// changePassword - change the password of config file "filename"
|
||||
func changePassword(filename string) {
|
||||
masterkey, confFile := loadConfig(filename)
|
||||
func changePassword(args *argContainer) {
|
||||
masterkey, confFile := loadConfig(args)
|
||||
fmt.Printf("Please enter your new password.\n")
|
||||
newPw := readPasswordTwice()
|
||||
newPw := readPasswordTwice(args.extpass)
|
||||
confFile.EncryptKey(masterkey, newPw)
|
||||
err := confFile.WriteFile()
|
||||
if err != nil {
|
||||
@ -139,6 +139,7 @@ func main() {
|
||||
flagSet.StringVar(&args.masterkey, "masterkey", "", "Mount with explicit master key")
|
||||
flagSet.StringVar(&args.cpuprofile, "cpuprofile", "", "Write cpu profile to specified file")
|
||||
flagSet.StringVar(&args.config, "config", "", "Use specified config file instead of CIPHERDIR/gocryptfs.conf")
|
||||
flagSet.StringVar(&args.extpass, "extpass", "", "Use external program for the password prompt")
|
||||
flagSet.IntVar(&args.notifypid, "notifypid", 0, "Send USR1 to the specified process after "+
|
||||
"successful mount - used internally for daemonization")
|
||||
flagSet.Parse(os.Args[1:])
|
||||
@ -215,7 +216,7 @@ func main() {
|
||||
fmt.Printf("Usage: %s -passwd [OPTIONS] CIPHERDIR\n", PROGRAM_NAME)
|
||||
os.Exit(ERREXIT_USAGE)
|
||||
}
|
||||
changePassword(args.config) // does not return
|
||||
changePassword(&args) // does not return
|
||||
}
|
||||
// Mount
|
||||
// Check mountpoint
|
||||
@ -248,7 +249,7 @@ func main() {
|
||||
} else {
|
||||
// Load master key from config file
|
||||
var confFile *cryptfs.ConfFile
|
||||
masterkey, confFile = loadConfig(args.config)
|
||||
masterkey, confFile = loadConfig(&args)
|
||||
printMasterKey(masterkey)
|
||||
args.plaintextnames = confFile.PlaintextNames()
|
||||
}
|
||||
|
50
password.go
50
password.go
@ -2,15 +2,18 @@ package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"golang.org/x/crypto/ssh/terminal"
|
||||
"os"
|
||||
"os/exec"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/crypto/ssh/terminal"
|
||||
)
|
||||
|
||||
func readPasswordTwice() string {
|
||||
func readPasswordTwice(extpass string) string {
|
||||
fmt.Printf("Password: ")
|
||||
p1 := readPassword()
|
||||
p1 := readPassword(extpass)
|
||||
fmt.Printf("Repeat: ")
|
||||
p2 := readPassword()
|
||||
p2 := readPassword(extpass)
|
||||
if p1 != p2 {
|
||||
fmt.Printf("Passwords do not match\n")
|
||||
os.Exit(ERREXIT_PASSWORD)
|
||||
@ -18,14 +21,39 @@ func readPasswordTwice() string {
|
||||
return p1
|
||||
}
|
||||
|
||||
// Get password from terminal
|
||||
func readPassword() string {
|
||||
fd := int(os.Stdin.Fd())
|
||||
p, err := terminal.ReadPassword(fd)
|
||||
fmt.Printf("\n")
|
||||
// readPassword - get password from terminal
|
||||
// or from the "extpass" program
|
||||
func readPassword(extpass string) string {
|
||||
var password string
|
||||
var err error
|
||||
var output []byte
|
||||
if extpass != "" {
|
||||
parts := strings.Split(extpass, " ")
|
||||
cmd := exec.Command(parts[0], parts[1:]...)
|
||||
cmd.Stderr = os.Stderr
|
||||
output, err = cmd.Output()
|
||||
if err != nil {
|
||||
fmt.Printf("Error: Could not read password: %v\n", err)
|
||||
fmt.Printf("extpass program returned error: %v\n", err)
|
||||
os.Exit(ERREXIT_PASSWORD)
|
||||
}
|
||||
return string(p)
|
||||
fmt.Printf("(extpass)\n")
|
||||
// Trim trailing newline like terminal.ReadPassword() does
|
||||
if output[len(output)-1] == '\n' {
|
||||
output = output[:len(output)-1]
|
||||
}
|
||||
} else {
|
||||
fd := int(os.Stdin.Fd())
|
||||
output, err = terminal.ReadPassword(fd)
|
||||
if err != nil {
|
||||
fmt.Printf("Error: Could not read password from terminal: %v\n", err)
|
||||
os.Exit(ERREXIT_PASSWORD)
|
||||
}
|
||||
fmt.Printf("\n")
|
||||
}
|
||||
password = string(output)
|
||||
if password == "" {
|
||||
fmt.Printf("Error: password is empty\n")
|
||||
os.Exit(ERREXIT_PASSWORD)
|
||||
}
|
||||
return password
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user