hardcoresushi
/
libgocryptfs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Refuse mounting of v0.6 and older filesystems

This commit is contained in:
Jakob Unterwurzacher 2016-06-19 20:01:04 +02:00
parent 1dcafb99ff
commit f0b4d2354d
2 changed files with 12 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
internal/configfile/config_file.go
View File

@ -109,23 +109,23 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
deprecatedFs := false deprecatedFs := false
for _, i := range requiredFlags { for _, i := range requiredFlags {
if !cf.IsFeatureFlagSet(i) { if !cf.IsFeatureFlagSet(i) {
// For now, warn but continue. fmt.Fprintf(os.Stderr, "Required feature flag %q is missing\n", knownFlags[i])
fmt.Printf("Deprecated filesystem: feature flag %q is missing\n", knownFlags[i])
deprecatedFs = true deprecatedFs = true
//return nil, nil, fmt.Errorf("Required feature flag %q is missing", knownFlags[i])
} }
} }
if deprecatedFs { if deprecatedFs {
fmt.Printf("\033[33m" + ` fmt.Fprintf(os.Stderr, "\033[33m"+`
This filesystem was created by gocryptfs v0.6 or earlier. You are missing The filesystem was created by gocryptfs v0.6 or earlier. This version of
security improvements. Mounting read-only, please upgrade! gocryptfs can no longer mount the filesystem.
Instructions: https://github.com/rfjakob/gocryptfs/wiki/Upgrading Please download gocryptfs v0.11 and upgrade your filesystem,
see https://github.com/rfjakob/gocryptfs/wiki/Upgrading for instructions.
gocryptfs v1.0 is scheduled to drop support for this filesystem completely. If you have trouble upgrading, join the discussion at
If you disagree with the plan or have trouble upgrading, please join https://github.com/rfjakob/gocryptfs/issues/29 .
the discussion at https://github.com/rfjakob/gocryptfs/issues/29 .
` + "\033[0m") `+"\033[0m")
return nil, nil, fmt.Errorf("Deprecated filesystem")
} }
// Generate derived key from password // Generate derived key from password
@ -145,17 +145,9 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
return nil, nil, fmt.Errorf("Password incorrect.") return nil, nil, fmt.Errorf("Password incorrect.")
} }
if deprecatedFs {
err = DeprecatedFsError{}
}
return key, &cf, err return key, &cf, err
} }
// The filesystem is deprecated.
type DeprecatedFsError struct{}
func (e DeprecatedFsError) Error() string { return "deprecated filesystem" }
// EncryptKey - encrypt "key" using an scrypt hash generated from "password" // EncryptKey - encrypt "key" using an scrypt hash generated from "password"
// and store it in cf.EncryptedKey. // and store it in cf.EncryptedKey.
// Uses scrypt with cost parameter logN and stores the scrypt parameters in // Uses scrypt with cost parameter logN and stores the scrypt parameters in

5
main.go
View File

@ -122,10 +122,7 @@ func loadConfig(args *argContainer) (masterkey []byte, confFile *configfile.Conf
pw := readpassword.Once(args.extpass) pw := readpassword.Once(args.extpass)
tlog.Info.Println("Decrypting master key") tlog.Info.Println("Decrypting master key")
masterkey, confFile, err = configfile.LoadConfFile(args.config, pw) masterkey, confFile, err = configfile.LoadConfFile(args.config, pw)
if _, ok := err.(configfile.DeprecatedFsError); ok { if err != nil {
// Force read-only mode
args.ro = true
} else if err != nil {
tlog.Fatal.Println(err) tlog.Fatal.Println(err)
os.Exit(ERREXIT_LOADCONF) os.Exit(ERREXIT_LOADCONF)
} }