1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
package main
import (
"flag"
"fmt"
"os"
"strconv"
"strings"
"github.com/rfjakob/gocryptfs/internal/configfile"
"github.com/rfjakob/gocryptfs/internal/prefer_openssl"
"github.com/rfjakob/gocryptfs/internal/tlog"
)
// argContainer stores the parsed CLI options and arguments
type argContainer struct {
debug, init, zerokey, fusedebug, openssl, passwd, foreground, version,
plaintextnames, quiet, nosyslog, wpanic,
longnames, allow_other, ro, reverse, aessiv, nonempty bool
masterkey, mountpoint, cipherdir, cpuprofile, extpass,
memprofile, ko, passfile string
// Configuration file name override
config string
notifypid, scryptn int
// _configCustom is true when the user sets a custom config file name.
// This is not a CLI option.
_configCustom bool
}
var flagSet *flag.FlagSet
// prefixOArgs transform options passed via "-o foo,bar" into regular options
// like "-foo -bar" and prefixes them to the command line.
func prefixOArgs(osArgs []string) []string {
l := len(osArgs)
// Need at least 3, example: gocryptfs -o foo,bar
if l < 3 {
return osArgs
}
if osArgs[l-2] != "-o" {
return osArgs
}
oOpts := strings.Split(osArgs[l-1], ",")
osArgs = osArgs[:l-2]
newArgs := []string{osArgs[0]}
// Add options from "-o"
for _, a := range oOpts {
newArgs = append(newArgs, "-"+a)
}
newArgs = append(newArgs, osArgs[1:]...)
return newArgs
}
// parseCliOpts - parse command line options (i.e. arguments that start with "-")
func parseCliOpts() (args argContainer) {
os.Args = prefixOArgs(os.Args)
var err error
var opensslAuto string
flagSet = flag.NewFlagSet(tlog.ProgramName, flag.ContinueOnError)
flagSet.Usage = usageText
flagSet.BoolVar(&args.debug, "d", false, "")
flagSet.BoolVar(&args.debug, "debug", false, "Enable debug output")
flagSet.BoolVar(&args.fusedebug, "fusedebug", false, "Enable fuse library debug output")
flagSet.BoolVar(&args.init, "init", false, "Initialize encrypted directory")
flagSet.BoolVar(&args.zerokey, "zerokey", false, "Use all-zero dummy master key")
// Tri-state true/false/auto
flagSet.StringVar(&opensslAuto, "openssl", "auto", "Use OpenSSL instead of built-in Go crypto")
flagSet.BoolVar(&args.passwd, "passwd", false, "Change password")
flagSet.BoolVar(&args.foreground, "f", false, "Stay in the foreground")
flagSet.BoolVar(&args.version, "version", false, "Print version and exit")
flagSet.BoolVar(&args.plaintextnames, "plaintextnames", false, "Do not encrypt file names")
flagSet.BoolVar(&args.quiet, "q", false, "")
flagSet.BoolVar(&args.quiet, "quiet", false, "Quiet - silence informational messages")
flagSet.BoolVar(&args.nosyslog, "nosyslog", false, "Do not redirect output to syslog when running in the background")
flagSet.BoolVar(&args.wpanic, "wpanic", false, "When encountering a warning, panic and exit immediately")
flagSet.BoolVar(&args.longnames, "longnames", true, "Store names longer than 176 bytes in extra files")
flagSet.BoolVar(&args.allow_other, "allow_other", false, "Allow other users to access the filesystem. "+
"Only works if user_allow_other is set in /etc/fuse.conf.")
flagSet.BoolVar(&args.ro, "ro", false, "Mount the filesystem read-only")
flagSet.BoolVar(&args.reverse, "reverse", false, "Reverse mode")
flagSet.BoolVar(&args.aessiv, "aessiv", false, "AES-SIV encryption")
flagSet.BoolVar(&args.nonempty, "nonempty", false, "Allow mounting over non-empty directories")
flagSet.StringVar(&args.masterkey, "masterkey", "", "Mount with explicit master key")
flagSet.StringVar(&args.cpuprofile, "cpuprofile", "", "Write cpu profile to specified file")
flagSet.StringVar(&args.memprofile, "memprofile", "", "Write memory profile to specified file")
flagSet.StringVar(&args.config, "config", "", "Use specified config file instead of CIPHERDIR/gocryptfs.conf")
flagSet.StringVar(&args.extpass, "extpass", "", "Use external program for the password prompt")
flagSet.StringVar(&args.passfile, "passfile", "", "Read password from file")
flagSet.StringVar(&args.ko, "ko", "", "Pass additional options directly to the kernel, comma-separated list")
flagSet.IntVar(&args.notifypid, "notifypid", 0, "Send USR1 to the specified process after "+
"successful mount - used internally for daemonization")
flagSet.IntVar(&args.scryptn, "scryptn", configfile.ScryptDefaultLogN, "scrypt cost parameter logN. "+
"Setting this to a lower value speeds up mounting but makes the password susceptible to brute-force attacks")
// Ignored otions
var ignoredBool bool
ignoreText := "(ignored for compatability)"
flagSet.BoolVar(&ignoredBool, "rw", false, ignoreText)
flagSet.BoolVar(&ignoredBool, "nosuid", false, ignoreText)
flagSet.BoolVar(&ignoredBool, "nodev", false, ignoreText)
// Actual parsing
err = flagSet.Parse(os.Args[1:])
if err != nil {
tlog.Warn.Printf("You passed: %s", prettyArgs())
tlog.Fatal.Printf("%v", err)
os.Exit(2)
}
// "-openssl" needs some post-processing
if opensslAuto == "auto" {
args.openssl = prefer_openssl.PreferOpenSSL()
} else {
args.openssl, err = strconv.ParseBool(opensslAuto)
if err != nil {
tlog.Fatal.Printf("Invalid \"-openssl\" setting: %v", err)
os.Exit(ErrExitUsage)
}
}
// "-passfile FILE" is a shortcut for "-extpass=/bin/cat FILE"
if args.passfile != "" {
args.extpass = "/bin/cat " + args.passfile
}
return args
}
// prettyArgs pretty-prints the command-line arguments.
func prettyArgs() string {
pa := fmt.Sprintf("%q", os.Args[1:])
// Get rid of "[" and "]"
pa = pa[1 : len(pa)-1]
return pa
}
|
