main: untangle -masterkey
handling and config loading
This was handled both in getMasterKey(). Split it apart.
This commit is contained in:
parent
7622c9f538
commit
ff04b1d83a
9
main.go
9
main.go
@ -32,7 +32,8 @@ var BuildDate = "0000-00-00"
|
|||||||
// raceDetector is set to true by race.go if we are compiled with "go build -race"
|
// raceDetector is set to true by race.go if we are compiled with "go build -race"
|
||||||
var raceDetector bool
|
var raceDetector bool
|
||||||
|
|
||||||
// loadConfig loads the config file "args.config", prompting the user for the password
|
// loadConfig loads the config file `args.config` and decrypts the masterkey,
|
||||||
|
// or gets via the `-masterkey` or `-zerokey` command line options, if specified.
|
||||||
func loadConfig(args *argContainer) (masterkey []byte, cf *configfile.ConfFile, err error) {
|
func loadConfig(args *argContainer) (masterkey []byte, cf *configfile.ConfFile, err error) {
|
||||||
// First check if the file can be read at all.
|
// First check if the file can be read at all.
|
||||||
cf, err = configfile.Load(args.config)
|
cf, err = configfile.Load(args.config)
|
||||||
@ -40,10 +41,10 @@ func loadConfig(args *argContainer) (masterkey []byte, cf *configfile.ConfFile,
|
|||||||
tlog.Fatal.Printf("Cannot open config file: %v", err)
|
tlog.Fatal.Printf("Cannot open config file: %v", err)
|
||||||
return nil, nil, err
|
return nil, nil, err
|
||||||
}
|
}
|
||||||
// The user has passed the master key on the command line (probably because
|
// The user may have passed the master key on the command line (probably because
|
||||||
// he forgot the password).
|
// he forgot the password).
|
||||||
if args.masterkey != "" {
|
masterkey = handleArgsMasterkey(args)
|
||||||
masterkey = unhexMasterKey(args.masterkey, false)
|
if masterkey != nil {
|
||||||
return masterkey, cf, nil
|
return masterkey, cf, nil
|
||||||
}
|
}
|
||||||
pw := readpassword.Once([]string(args.extpass), args.passfile, "")
|
pw := readpassword.Once([]string(args.extpass), args.passfile, "")
|
||||||
|
35
masterkey.go
35
masterkey.go
@ -5,7 +5,6 @@ import (
|
|||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/rfjakob/gocryptfs/internal/configfile"
|
|
||||||
"github.com/rfjakob/gocryptfs/internal/cryptocore"
|
"github.com/rfjakob/gocryptfs/internal/cryptocore"
|
||||||
"github.com/rfjakob/gocryptfs/internal/exitcodes"
|
"github.com/rfjakob/gocryptfs/internal/exitcodes"
|
||||||
"github.com/rfjakob/gocryptfs/internal/readpassword"
|
"github.com/rfjakob/gocryptfs/internal/readpassword"
|
||||||
@ -34,21 +33,18 @@ func unhexMasterKey(masterkey string, fromStdin bool) []byte {
|
|||||||
return key
|
return key
|
||||||
}
|
}
|
||||||
|
|
||||||
// getMasterKey looks at "args" to determine where the master key should come
|
// handleArgsMasterkey looks at `args.masterkey` and `args.zerokey`, gets the
|
||||||
// from (-masterkey=a-b-c-d or stdin or from the config file).
|
// masterkey from the source the user wanted (string on the command line, stdin, all-zero),
|
||||||
// If it comes from the config file, the user is prompted for the password
|
// and returns it in binary. Returns nil if no masterkey source was specified.
|
||||||
// and a ConfFile instance is returned.
|
func handleArgsMasterkey(args *argContainer) (masterkey []byte) {
|
||||||
// Calls os.Exit on failure.
|
|
||||||
func getMasterKey(args *argContainer) (masterkey []byte, confFile *configfile.ConfFile) {
|
|
||||||
masterkeyFromStdin := false
|
|
||||||
// "-masterkey=stdin"
|
// "-masterkey=stdin"
|
||||||
if args.masterkey == "stdin" {
|
if args.masterkey == "stdin" {
|
||||||
args.masterkey = string(readpassword.Once(nil, "", "Masterkey"))
|
in := string(readpassword.Once(nil, "", "Masterkey"))
|
||||||
masterkeyFromStdin = true
|
return unhexMasterKey(in, true)
|
||||||
}
|
}
|
||||||
// "-masterkey=941a6029-3adc6a1c-..."
|
// "-masterkey=941a6029-3adc6a1c-..."
|
||||||
if args.masterkey != "" {
|
if args.masterkey != "" {
|
||||||
return unhexMasterKey(args.masterkey, masterkeyFromStdin), nil
|
return unhexMasterKey(args.masterkey, false)
|
||||||
}
|
}
|
||||||
// "-zerokey"
|
// "-zerokey"
|
||||||
if args.zerokey {
|
if args.zerokey {
|
||||||
@ -56,18 +52,9 @@ func getMasterKey(args *argContainer) (masterkey []byte, confFile *configfile.Co
|
|||||||
tlog.Info.Printf(tlog.ColorYellow +
|
tlog.Info.Printf(tlog.ColorYellow +
|
||||||
"ZEROKEY MODE PROVIDES NO SECURITY AT ALL AND SHOULD ONLY BE USED FOR TESTING." +
|
"ZEROKEY MODE PROVIDES NO SECURITY AT ALL AND SHOULD ONLY BE USED FOR TESTING." +
|
||||||
tlog.ColorReset)
|
tlog.ColorReset)
|
||||||
return make([]byte, cryptocore.KeyLen), nil
|
return make([]byte, cryptocore.KeyLen)
|
||||||
}
|
}
|
||||||
var err error
|
// No master key source specified on the command line. Caller must parse
|
||||||
// Load master key from config file (normal operation).
|
// the config file.
|
||||||
// Prompts the user for the password.
|
return nil
|
||||||
masterkey, confFile, err = loadConfig(args)
|
|
||||||
if err != nil {
|
|
||||||
if args._ctlsockFd != nil {
|
|
||||||
// Close the socket file (which also deletes it)
|
|
||||||
args._ctlsockFd.Close()
|
|
||||||
}
|
|
||||||
exitcodes.Exit(err)
|
|
||||||
}
|
|
||||||
return masterkey, confFile
|
|
||||||
}
|
}
|
||||||
|
18
mount.go
18
mount.go
@ -232,8 +232,22 @@ type ctlsockFs interface {
|
|||||||
// initFuseFrontend - initialize gocryptfs/fusefrontend
|
// initFuseFrontend - initialize gocryptfs/fusefrontend
|
||||||
// Calls os.Exit on errors
|
// Calls os.Exit on errors
|
||||||
func initFuseFrontend(args *argContainer) (pfs pathfs.FileSystem, wipeKeys func()) {
|
func initFuseFrontend(args *argContainer) (pfs pathfs.FileSystem, wipeKeys func()) {
|
||||||
// Get master key (may prompt for the password) and read config file
|
var err error
|
||||||
masterkey, confFile := getMasterKey(args)
|
var confFile *configfile.ConfFile
|
||||||
|
// Get the masterkey from the command line if it was specified
|
||||||
|
masterkey := handleArgsMasterkey(args)
|
||||||
|
// Otherwise, load masterkey from config file (normal operation).
|
||||||
|
// Prompts the user for the password.
|
||||||
|
if masterkey == nil {
|
||||||
|
masterkey, confFile, err = loadConfig(args)
|
||||||
|
if err != nil {
|
||||||
|
if args._ctlsockFd != nil {
|
||||||
|
// Close the socket file (which also deletes it)
|
||||||
|
args._ctlsockFd.Close()
|
||||||
|
}
|
||||||
|
exitcodes.Exit(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
// Reconciliate CLI and config file arguments into a fusefrontend.Args struct
|
// Reconciliate CLI and config file arguments into a fusefrontend.Args struct
|
||||||
// that is passed to the filesystem implementation
|
// that is passed to the filesystem implementation
|
||||||
cryptoBackend := cryptocore.BackendGoGCM
|
cryptoBackend := cryptocore.BackendGoGCM
|
||||||
|
Loading…
Reference in New Issue
Block a user