main: untangle -masterkey handling and config loading

This was handled both in getMasterKey(). Split it apart.
This commit is contained in:
Jakob Unterwurzacher 2020-05-09 16:32:11 +02:00
parent 7622c9f538
commit ff04b1d83a
3 changed files with 32 additions and 30 deletions

View File

@ -32,7 +32,8 @@ var BuildDate = "0000-00-00"
// raceDetector is set to true by race.go if we are compiled with "go build -race" // raceDetector is set to true by race.go if we are compiled with "go build -race"
var raceDetector bool var raceDetector bool
// loadConfig loads the config file "args.config", prompting the user for the password // loadConfig loads the config file `args.config` and decrypts the masterkey,
// or gets via the `-masterkey` or `-zerokey` command line options, if specified.
func loadConfig(args *argContainer) (masterkey []byte, cf *configfile.ConfFile, err error) { func loadConfig(args *argContainer) (masterkey []byte, cf *configfile.ConfFile, err error) {
// First check if the file can be read at all. // First check if the file can be read at all.
cf, err = configfile.Load(args.config) cf, err = configfile.Load(args.config)
@ -40,10 +41,10 @@ func loadConfig(args *argContainer) (masterkey []byte, cf *configfile.ConfFile,
tlog.Fatal.Printf("Cannot open config file: %v", err) tlog.Fatal.Printf("Cannot open config file: %v", err)
return nil, nil, err return nil, nil, err
} }
// The user has passed the master key on the command line (probably because // The user may have passed the master key on the command line (probably because
// he forgot the password). // he forgot the password).
if args.masterkey != "" { masterkey = handleArgsMasterkey(args)
masterkey = unhexMasterKey(args.masterkey, false) if masterkey != nil {
return masterkey, cf, nil return masterkey, cf, nil
} }
pw := readpassword.Once([]string(args.extpass), args.passfile, "") pw := readpassword.Once([]string(args.extpass), args.passfile, "")

View File

@ -5,7 +5,6 @@ import (
"os" "os"
"strings" "strings"
"github.com/rfjakob/gocryptfs/internal/configfile"
"github.com/rfjakob/gocryptfs/internal/cryptocore" "github.com/rfjakob/gocryptfs/internal/cryptocore"
"github.com/rfjakob/gocryptfs/internal/exitcodes" "github.com/rfjakob/gocryptfs/internal/exitcodes"
"github.com/rfjakob/gocryptfs/internal/readpassword" "github.com/rfjakob/gocryptfs/internal/readpassword"
@ -34,21 +33,18 @@ func unhexMasterKey(masterkey string, fromStdin bool) []byte {
return key return key
} }
// getMasterKey looks at "args" to determine where the master key should come // handleArgsMasterkey looks at `args.masterkey` and `args.zerokey`, gets the
// from (-masterkey=a-b-c-d or stdin or from the config file). // masterkey from the source the user wanted (string on the command line, stdin, all-zero),
// If it comes from the config file, the user is prompted for the password // and returns it in binary. Returns nil if no masterkey source was specified.
// and a ConfFile instance is returned. func handleArgsMasterkey(args *argContainer) (masterkey []byte) {
// Calls os.Exit on failure.
func getMasterKey(args *argContainer) (masterkey []byte, confFile *configfile.ConfFile) {
masterkeyFromStdin := false
// "-masterkey=stdin" // "-masterkey=stdin"
if args.masterkey == "stdin" { if args.masterkey == "stdin" {
args.masterkey = string(readpassword.Once(nil, "", "Masterkey")) in := string(readpassword.Once(nil, "", "Masterkey"))
masterkeyFromStdin = true return unhexMasterKey(in, true)
} }
// "-masterkey=941a6029-3adc6a1c-..." // "-masterkey=941a6029-3adc6a1c-..."
if args.masterkey != "" { if args.masterkey != "" {
return unhexMasterKey(args.masterkey, masterkeyFromStdin), nil return unhexMasterKey(args.masterkey, false)
} }
// "-zerokey" // "-zerokey"
if args.zerokey { if args.zerokey {
@ -56,18 +52,9 @@ func getMasterKey(args *argContainer) (masterkey []byte, confFile *configfile.Co
tlog.Info.Printf(tlog.ColorYellow + tlog.Info.Printf(tlog.ColorYellow +
"ZEROKEY MODE PROVIDES NO SECURITY AT ALL AND SHOULD ONLY BE USED FOR TESTING." + "ZEROKEY MODE PROVIDES NO SECURITY AT ALL AND SHOULD ONLY BE USED FOR TESTING." +
tlog.ColorReset) tlog.ColorReset)
return make([]byte, cryptocore.KeyLen), nil return make([]byte, cryptocore.KeyLen)
} }
var err error // No master key source specified on the command line. Caller must parse
// Load master key from config file (normal operation). // the config file.
// Prompts the user for the password. return nil
masterkey, confFile, err = loadConfig(args)
if err != nil {
if args._ctlsockFd != nil {
// Close the socket file (which also deletes it)
args._ctlsockFd.Close()
}
exitcodes.Exit(err)
}
return masterkey, confFile
} }

View File

@ -232,8 +232,22 @@ type ctlsockFs interface {
// initFuseFrontend - initialize gocryptfs/fusefrontend // initFuseFrontend - initialize gocryptfs/fusefrontend
// Calls os.Exit on errors // Calls os.Exit on errors
func initFuseFrontend(args *argContainer) (pfs pathfs.FileSystem, wipeKeys func()) { func initFuseFrontend(args *argContainer) (pfs pathfs.FileSystem, wipeKeys func()) {
// Get master key (may prompt for the password) and read config file var err error
masterkey, confFile := getMasterKey(args) var confFile *configfile.ConfFile
// Get the masterkey from the command line if it was specified
masterkey := handleArgsMasterkey(args)
// Otherwise, load masterkey from config file (normal operation).
// Prompts the user for the password.
if masterkey == nil {
masterkey, confFile, err = loadConfig(args)
if err != nil {
if args._ctlsockFd != nil {
// Close the socket file (which also deletes it)
args._ctlsockFd.Close()
}
exitcodes.Exit(err)
}
}
// Reconciliate CLI and config file arguments into a fusefrontend.Args struct // Reconciliate CLI and config file arguments into a fusefrontend.Args struct
// that is passed to the filesystem implementation // that is passed to the filesystem implementation
cryptoBackend := cryptocore.BackendGoGCM cryptoBackend := cryptocore.BackendGoGCM