aboutsummaryrefslogtreecommitdiff
path: root/internal/readpassword
AgeCommit message (Collapse)Author
2024-12-04passfile: drop byte counter from trailing garbage warningJakob Unterwurzacher
We don't know the exact value as we only read 2kiB. Relates-to: https://github.com/rfjakob/gocryptfs/discussions/882
2024-08-23readpassword: show where stdin is connectedJakob Unterwurzacher
Should make debugging situations like https://github.com/rfjakob/gocryptfs/issues/852 Empty stdin in mkinitcpio hook easier. Examples: $ echo -n "" | ./gocryptfs -init a Choose a password for protecting your files. Reading Password from stdin (connected to "pipe:[749878]") Got empty Password from stdin $ ./gocryptfs -init a < /dev/null Choose a password for protecting your files. Reading Password from stdin (connected to "/dev/null") Got empty Password from stdin $ ./gocryptfs -init a < /dev/zero Choose a password for protecting your files. Reading Password from stdin (connected to "/dev/zero") fatal: maximum password length of 2048 bytes exceeded $ ./gocryptfs -init a < /dev/full Choose a password for protecting your files. Reading Password from stdin (connected to "/dev/full") fatal: maximum password length of 2048 bytes exceeded $ jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs$ ./gocryptfs -init a < /dev/urandom Choose a password for protecting your files. Reading Password from stdin (connected to "/dev/urandom") Your master key is: 4e45a317-595d8a2d-46493a30-97de86ef- 540c7364-f0acc297-dd6f2592-7d9a5c97 If the gocryptfs.conf file becomes corrupted or you ever forget your password, there is only one hope for recovery: The master key. Print it to a piece of paper and store it in a drawer. This message is only printed once. The gocryptfs filesystem has been created successfully. You can now mount it using: gocryptfs a MOUNTPOINT
2022-08-28Replace remaining golang.org/x/crypto/ssh/terminal ref with golang.org/x/termJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/681 Fixes 2a25c3a8fda1f0918fd76687561b1a9c615298b9
2022-01-03readpassword: bubble up errors instead of exiting the processJakob Unterwurzacher
This allows cleanups to happen in the caller, like removing the control socket. Fixes https://github.com/rfjakob/gocryptfs/issues/634
2021-08-23go mod: declare module version v2Jakob Unterwurzacher
Our git version is v2+ for some time now, but go.mod still declared v1. Hopefully making both match makes https://pkg.go.dev/github.com/rfjakob/gocryptfs/v2 work. All the import paths have been fixed like this: find . -name \*.go | xargs sed -i s%github.com/rfjakob/gocryptfs/%github.com/rfjakob/gocryptfs/v2/%
2021-08-19golangci-lint: fix issues found by "unused" and "deadcode"Jakob Unterwurzacher
Except xattrSupported, this is a false positive. $ golangci-lint run --disable-all --enable unused --enable deadcode gocryptfs-xray/xray_main.go:24:5: `GitVersionFuse` is unused (deadcode) var GitVersionFuse = "[GitVersionFuse not set - please compile using ./build.bash]" ^ tests/symlink_race/main.go:47:6: `chmodLoop` is unused (deadcode) func chmodLoop() { ^ internal/readpassword/extpass_test.go:11:5: `testPw` is unused (deadcode) var testPw = []byte("test") ^ tests/reverse/xattr_test.go:13:6: func `xattrSupported` is unused (unused) func xattrSupported(path string) bool { ^ internal/fusefrontend_reverse/rpath.go:20:22: func `(*RootNode).abs` is unused (unused) func (rfs *RootNode) abs(relPath string, err error) (string, error) { ^ tests/matrix/matrix_test.go:310:6: `sContains` is unused (deadcode) func sContains(haystack []string, needle string) bool {
2020-05-17main: accept multiple -passfile optionsJakob Unterwurzacher
Each file will be read and then concatenated for the effictive password. This can be used as a kind of multi-factor authenticiton. Fixes https://github.com/rfjakob/gocryptfs/issues/288
2019-12-28remove Trezor supportPavol Rusnak
2019-04-08readpassword: delete CheckTrailingGarbageJakob Unterwurzacher
CheckTrailingGarbage was called even when "-passfile" was used, which is stupid, and causes false positives: https://github.com/rfjakob/gocryptfs/issues/391 (false error "Received trailing garbage after the password" when using -passfile in .bash_profile) Instead of trying to improve the logic to handle that case and make everything even more complicated, delete the function. It is unclear if actually helps in some cases, and it definitely harms as shown by the above bug report.
2019-03-03Allow multiple -extpass argumentsJakob Unterwurzacher
To support arguments containing spaces, -extpass can now be passed multiple times. https://github.com/rfjakob/gocryptfs/issues/289
2019-02-04Disable Trezor supportJakob Unterwurzacher
Trezor support has been broken since Sept 2018 ( https://github.com/rfjakob/gocryptfs/issues/261 ). Disable trezor.go by renaming to trezor.go.broken. This keeps "dep" from having to pull in A LOT OF dependencies: Before: $ du -sh vendor/ 49M vendor/ After: $ du -sh vendor/ 16M vendor/
2018-12-16tests: fix TestPassfileNewlineJakob Unterwurzacher
Due to a copy-paste error, we ran the wrong test in the subprocess. Thanks @slackner for noticing at https://github.com/rfjakob/gocryptfs/commit/295d432175292dbaef572093d784aab55f5c0b8f#r31690478 !
2018-12-15passfile: directly read file instead of invoking catJakob Unterwurzacher
Allows better error handling, gets rid of the call to an external program, and fixes https://github.com/rfjakob/gocryptfs/issues/278 .
2018-08-15trezor: show support in version stringJakob Unterwurzacher
Show enable_trezor in the version string if we were compiled with `-tags enable_trezor`. And hide the `-trezor` flag from the help output if we were not.
2018-07-01Fix golint warningsJakob Unterwurzacher
2018-07-01trezor: hide behind compile tagJakob Unterwurzacher
The trezor libraries are not yet stable enough to build gocryptfs with trezor support by default. It does not even compile at the moment: $ ./build.bash -tags enable_trezor # github.com/conejoninja/tesoro/vendor/github.com/trezor/usbhid ../../conejoninja/tesoro/vendor/github.com/trezor/usbhid/hid.go:32:11: fatal error: os/threads_posix.c: No such file or directory #include "os/threads_posix.c" ^~~~~~~~~~~~~~~~~~~~ compilation terminated. https://github.com/conejoninja/tesoro/issues/9
2018-07-01trezor: add sanity checks for decrypted valueJakob Unterwurzacher
Check that the value has changed, is not all-zero and has the right length.
2018-07-01Implemented the support of Trezor devices.Dmitry Yu Okunev
2018-07-01trezor: add TrezorPayloadJakob Unterwurzacher
TrezorPayload stores 32 random bytes used for unlocking the master key using a Trezor security module. The randomness makes sure that a unique unlock value is used for each gocryptfs filesystem.
2018-07-01trezor: add skeleton for Trezor supportJakob Unterwurzacher
readpassword.Trezor() is not implemented yet and returns a hardcoded dummy key.
2018-03-22Add `-masterkey=stdin` functionalityJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/218
2018-02-18main: changePassword: zero masterkeyJakob Unterwurzacher
Overwrite the masterkey with zeros once we have encrypted it, and let it run out of scope. Also get rid of the password duplicate in readpassword.Twice.
2018-02-18readpassword: convert from string to []byteJakob Unterwurzacher
This will allows us to overwrite the password with zeros once we are done with it. https://github.com/rfjakob/gocryptfs/issues/211
2017-05-14exitcodes: add code 22 for "password is empty"Jakob Unterwurzacher
Empty passwords are not allowed. Let's give the error it's own exit code.
2017-05-07exitcodes: pull all exit code definitions into the packageJakob Unterwurzacher
This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
2017-04-29readpassword: increase max password size to 2048Jakob Unterwurzacher
This is the value EncFS uses, so let's follow suit. Suggested at https://github.com/rfjakob/gocryptfs/issues/77 .
2017-03-20readpassword: increase max password length to 2000Jakob Unterwurzacher
1000 was too low as at least one user had a password that was longer. Fixes https://github.com/rfjakob/gocryptfs/issues/93
2017-02-13readpassword: limit password length to 1000 bytesJakob Unterwurzacher
This used to hang at 100% CPU: cat /dev/zero | gocryptfs -init a ...and would ultimately send the box into out-of-memory. The number 1000 is chosen arbitrarily and seems big enough given that the password must be one line. Suggested by @mhogomchungu in https://github.com/rfjakob/gocryptfs/issues/77 .
2017-02-12Check for trailing garbage after the passwordJakob Unterwurzacher
From the comment: // CheckTrailingGarbage tries to read one byte from stdin and exits with a // fatal error if the read returns any data. // This is meant to be called after reading the password, when there is no more // data expected. This helps to catch problems with third-party tools that // interface with gocryptfs.
2017-02-12readpassword: improve comment on readPasswordStdinJakob Unterwurzacher
2017-01-29readpassword: support spaces in "-passfile" filenameJakob Unterwurzacher
...and while we are at it, also filenames starting with "-".
2016-10-16readpassword: check extpass return codeJakob Unterwurzacher
...and exit if it is not zero.
2016-10-04lint fixesValient Gough
2016-07-06Add godoc comments to all internal packagesJakob Unterwurzacher
2016-06-16tests: exit with correct error code from TestMainJakob Unterwurzacher
extpass_test and example_filesystems_test did it wrong, always returning 0.
2016-06-16readpassword: clean up leftover debug commitJakob Unterwurzacher
2016-06-15Rename internal "toggledlog" package to "tlog"Jakob Unterwurzacher
tlog is used heavily everywhere and deserves a shorter name. Renamed using sed magic, without any manual rework: find * -type f -exec sed -i 's/toggledlog/tlog/g' {} +
2016-06-15toggledlog: assume command of color handlingJakob Unterwurzacher
We want to use colored error messages also outside of main, so let's handle it in the logging package. The fatal logger now automatically prints red.
2016-06-15readpassword: create internal package for password readingJakob Unterwurzacher
* Supports stdin * Add tests for extpass and stdin As per user request at https://github.com/rfjakob/gocryptfs/issues/30