diff options
-rw-r--r-- | main.go | 9 | ||||
-rw-r--r-- | masterkey.go | 35 | ||||
-rw-r--r-- | mount.go | 18 |
3 files changed, 32 insertions, 30 deletions
@@ -32,7 +32,8 @@ var BuildDate = "0000-00-00" // raceDetector is set to true by race.go if we are compiled with "go build -race" var raceDetector bool -// loadConfig loads the config file "args.config", prompting the user for the password +// loadConfig loads the config file `args.config` and decrypts the masterkey, +// or gets via the `-masterkey` or `-zerokey` command line options, if specified. func loadConfig(args *argContainer) (masterkey []byte, cf *configfile.ConfFile, err error) { // First check if the file can be read at all. cf, err = configfile.Load(args.config) @@ -40,10 +41,10 @@ func loadConfig(args *argContainer) (masterkey []byte, cf *configfile.ConfFile, tlog.Fatal.Printf("Cannot open config file: %v", err) return nil, nil, err } - // The user has passed the master key on the command line (probably because + // The user may have passed the master key on the command line (probably because // he forgot the password). - if args.masterkey != "" { - masterkey = unhexMasterKey(args.masterkey, false) + masterkey = handleArgsMasterkey(args) + if masterkey != nil { return masterkey, cf, nil } pw := readpassword.Once([]string(args.extpass), args.passfile, "") diff --git a/masterkey.go b/masterkey.go index 3d3b951..7b6779d 100644 --- a/masterkey.go +++ b/masterkey.go @@ -5,7 +5,6 @@ import ( "os" "strings" - "github.com/rfjakob/gocryptfs/internal/configfile" "github.com/rfjakob/gocryptfs/internal/cryptocore" "github.com/rfjakob/gocryptfs/internal/exitcodes" "github.com/rfjakob/gocryptfs/internal/readpassword" @@ -34,21 +33,18 @@ func unhexMasterKey(masterkey string, fromStdin bool) []byte { return key } -// getMasterKey looks at "args" to determine where the master key should come -// from (-masterkey=a-b-c-d or stdin or from the config file). -// If it comes from the config file, the user is prompted for the password -// and a ConfFile instance is returned. -// Calls os.Exit on failure. -func getMasterKey(args *argContainer) (masterkey []byte, confFile *configfile.ConfFile) { - masterkeyFromStdin := false +// handleArgsMasterkey looks at `args.masterkey` and `args.zerokey`, gets the +// masterkey from the source the user wanted (string on the command line, stdin, all-zero), +// and returns it in binary. Returns nil if no masterkey source was specified. +func handleArgsMasterkey(args *argContainer) (masterkey []byte) { // "-masterkey=stdin" if args.masterkey == "stdin" { - args.masterkey = string(readpassword.Once(nil, "", "Masterkey")) - masterkeyFromStdin = true + in := string(readpassword.Once(nil, "", "Masterkey")) + return unhexMasterKey(in, true) } // "-masterkey=941a6029-3adc6a1c-..." if args.masterkey != "" { - return unhexMasterKey(args.masterkey, masterkeyFromStdin), nil + return unhexMasterKey(args.masterkey, false) } // "-zerokey" if args.zerokey { @@ -56,18 +52,9 @@ func getMasterKey(args *argContainer) (masterkey []byte, confFile *configfile.Co tlog.Info.Printf(tlog.ColorYellow + "ZEROKEY MODE PROVIDES NO SECURITY AT ALL AND SHOULD ONLY BE USED FOR TESTING." + tlog.ColorReset) - return make([]byte, cryptocore.KeyLen), nil - } - var err error - // Load master key from config file (normal operation). - // Prompts the user for the password. - masterkey, confFile, err = loadConfig(args) - if err != nil { - if args._ctlsockFd != nil { - // Close the socket file (which also deletes it) - args._ctlsockFd.Close() - } - exitcodes.Exit(err) + return make([]byte, cryptocore.KeyLen) } - return masterkey, confFile + // No master key source specified on the command line. Caller must parse + // the config file. + return nil } @@ -232,8 +232,22 @@ type ctlsockFs interface { // initFuseFrontend - initialize gocryptfs/fusefrontend // Calls os.Exit on errors func initFuseFrontend(args *argContainer) (pfs pathfs.FileSystem, wipeKeys func()) { - // Get master key (may prompt for the password) and read config file - masterkey, confFile := getMasterKey(args) + var err error + var confFile *configfile.ConfFile + // Get the masterkey from the command line if it was specified + masterkey := handleArgsMasterkey(args) + // Otherwise, load masterkey from config file (normal operation). + // Prompts the user for the password. + if masterkey == nil { + masterkey, confFile, err = loadConfig(args) + if err != nil { + if args._ctlsockFd != nil { + // Close the socket file (which also deletes it) + args._ctlsockFd.Close() + } + exitcodes.Exit(err) + } + } // Reconciliate CLI and config file arguments into a fusefrontend.Args struct // that is passed to the filesystem implementation cryptoBackend := cryptocore.BackendGoGCM |