2cf050d69e
Overwrite the password we have got from the user with zeros once we don't need it anymore, and make sure the variable runs out of scope.
84 lines
2.5 KiB
Go
84 lines
2.5 KiB
Go
package main
|
|
|
|
import (
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"github.com/rfjakob/gocryptfs/internal/configfile"
|
|
"github.com/rfjakob/gocryptfs/internal/exitcodes"
|
|
"github.com/rfjakob/gocryptfs/internal/nametransform"
|
|
"github.com/rfjakob/gocryptfs/internal/readpassword"
|
|
"github.com/rfjakob/gocryptfs/internal/tlog"
|
|
)
|
|
|
|
// initDir prepares a directory for use as a gocryptfs storage directory.
|
|
// In forward mode, this means creating the gocryptfs.conf and gocryptfs.diriv
|
|
// files in an empty directory.
|
|
// In reverse mode, we create .gocryptfs.reverse.conf and the directory does
|
|
// not to be empty.
|
|
func initDir(args *argContainer) {
|
|
var err error
|
|
if args.reverse {
|
|
_, err = os.Stat(args.config)
|
|
if err == nil {
|
|
tlog.Fatal.Printf("Config file %q already exists", args.config)
|
|
os.Exit(exitcodes.Init)
|
|
}
|
|
} else {
|
|
err = checkDirEmpty(args.cipherdir)
|
|
if err != nil {
|
|
tlog.Fatal.Printf("Invalid cipherdir: %v", err)
|
|
os.Exit(exitcodes.Init)
|
|
}
|
|
}
|
|
// Choose password for config file
|
|
if args.extpass == "" {
|
|
tlog.Info.Printf("Choose a password for protecting your files.")
|
|
}
|
|
{
|
|
creator := tlog.ProgramName + " " + GitVersion
|
|
password := readpassword.Twice(args.extpass)
|
|
readpassword.CheckTrailingGarbage()
|
|
err = configfile.CreateConfFile(args.config, password, args.plaintextnames, args.scryptn, creator, args.aessiv, args.devrandom)
|
|
if err != nil {
|
|
tlog.Fatal.Println(err)
|
|
os.Exit(exitcodes.WriteConf)
|
|
}
|
|
for i := range password {
|
|
password[i] = 0
|
|
}
|
|
// password runs out of scope here
|
|
}
|
|
// Forward mode with filename encryption enabled needs a gocryptfs.diriv
|
|
// in the root dir
|
|
if !args.plaintextnames && !args.reverse {
|
|
err = nametransform.WriteDirIV(nil, args.cipherdir)
|
|
if err != nil {
|
|
tlog.Fatal.Println(err)
|
|
os.Exit(exitcodes.Init)
|
|
}
|
|
}
|
|
mountArgs := ""
|
|
fsName := "gocryptfs"
|
|
if args.reverse {
|
|
mountArgs = " -reverse"
|
|
fsName = "gocryptfs-reverse"
|
|
}
|
|
tlog.Info.Printf(tlog.ColorGreen+"The %s filesystem has been created successfully."+tlog.ColorReset,
|
|
fsName)
|
|
wd, _ := os.Getwd()
|
|
friendlyPath, _ := filepath.Rel(wd, args.cipherdir)
|
|
if strings.HasPrefix(friendlyPath, "../") {
|
|
// A relative path that starts with "../" is pretty unfriendly, just
|
|
// keep the absolute path.
|
|
friendlyPath = args.cipherdir
|
|
}
|
|
if strings.Contains(friendlyPath, " ") {
|
|
friendlyPath = "\"" + friendlyPath + "\""
|
|
}
|
|
tlog.Info.Printf(tlog.ColorGrey+"You can now mount it using: %s%s %s MOUNTPOINT"+tlog.ColorReset,
|
|
tlog.ProgramName, mountArgs, friendlyPath)
|
|
os.Exit(0)
|
|
}
|