gnupg2/g13/be-encfs.c

472 lines
12 KiB
C
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/* be-encfs.c - The EncFS based backend
* Copyright (C) 2009 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <https://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <assert.h>
#include "g13.h"
#include "../common/i18n.h"
#include "keyblob.h"
#include "be-encfs.h"
#include "runner.h"
#include "../common/sysutils.h"
#include "../common/exechelp.h"
/* Command values used to run the encfs tool. */
enum encfs_cmds
{
ENCFS_CMD_CREATE,
ENCFS_CMD_MOUNT,
ENCFS_CMD_UMOUNT
};
/* An object to keep the private state of the encfs tool. It is
released by encfs_handler_cleanup. */
struct encfs_parm_s
{
enum encfs_cmds cmd; /* The current command. */
tupledesc_t tuples; /* NULL or the tuples object. */
char *mountpoint; /* The mountpoint. */
};
typedef struct encfs_parm_s *encfs_parm_t;
static gpg_error_t
send_cmd_bin (runner_t runner, const void *data, size_t datalen)
{
return runner_send_line (runner, data, datalen);
}
static gpg_error_t
send_cmd (runner_t runner, const char *string)
{
log_debug ("sending command -->%s<--\n", string);
return send_cmd_bin (runner, string, strlen (string));
}
static void
run_umount_helper (const char *mountpoint)
{
gpg_error_t err;
const char pgmname[] = FUSERMOUNT;
const char *args[3];
args[0] = "-u";
args[1] = mountpoint;
args[2] = NULL;
err = gnupg_spawn_process_detached (pgmname, args, NULL);
if (err)
log_error ("failed to run '%s': %s\n",
pgmname, gpg_strerror (err));
}
/* Handle one line of the encfs tool's output. This function is
allowed to modify the content of BUFFER. */
static gpg_error_t
handle_status_line (runner_t runner, const char *line,
enum encfs_cmds cmd, tupledesc_t tuples)
{
gpg_error_t err;
/* Check that encfs understands our new options. */
if (!strncmp (line, "$STATUS$", 8))
{
for (line +=8; *line && spacep (line); line++)
;
log_info ("got status '%s'\n", line);
if (!strcmp (line, "fuse_main_start"))
{
/* Send a special error code back to let the caller know
that everything has been setup by encfs. */
err = gpg_error (GPG_ERR_UNFINISHED);
}
else
err = 0;
}
else if (!strncmp (line, "$PROMPT$", 8))
{
for (line +=8; *line && spacep (line); line++)
;
log_info ("got prompt '%s'\n", line);
if (!strcmp (line, "create_root_dir"))
err = send_cmd (runner, cmd == ENCFS_CMD_CREATE? "y":"n");
else if (!strcmp (line, "create_mount_point"))
err = send_cmd (runner, "y");
else if (!strcmp (line, "passwd")
|| !strcmp (line, "new_passwd"))
{
if (tuples)
{
size_t n;
const void *value;
value = find_tuple (tuples, KEYBLOB_TAG_ENCKEY, &n);
if (!value)
err = gpg_error (GPG_ERR_INV_SESSION_KEY);
else if ((err = send_cmd_bin (runner, value, n)))
{
if (gpg_err_code (err) == GPG_ERR_BUG
&& gpg_err_source (err) == GPG_ERR_SOURCE_DEFAULT)
err = gpg_error (GPG_ERR_INV_SESSION_KEY);
}
}
else
err = gpg_error (GPG_ERR_NO_DATA);
}
else
err = send_cmd (runner, ""); /* Default to send an empty line. */
}
else if (strstr (line, "encfs: unrecognized option '"))
err = gpg_error (GPG_ERR_INV_ENGINE);
else
err = 0;
return err;
}
/* The main processing function as used by the runner. */
static gpg_error_t
encfs_handler (void *opaque, runner_t runner, const char *status_line)
{
encfs_parm_t parm = opaque;
gpg_error_t err;
if (!parm || !runner)
return gpg_error (GPG_ERR_BUG);
if (!status_line)
{
/* Runner requested internal flushing - nothing to do here. */
return 0;
}
err = handle_status_line (runner, status_line, parm->cmd, parm->tuples);
if (gpg_err_code (err) == GPG_ERR_UNFINISHED
&& gpg_err_source (err) == GPG_ERR_SOURCE_DEFAULT)
{
err = 0;
/* No more need for the tuples. */
destroy_tupledesc (parm->tuples);
parm->tuples = NULL;
if (parm->cmd == ENCFS_CMD_CREATE)
{
/* The encfs tool keeps on running after creation of the
container. We don't want that and thus need to stop the
encfs process. */
run_umount_helper (parm->mountpoint);
/* In case the umount helper does not work we try to kill
the engine. FIXME: We should figure out how to make
fusermount work. */
runner_cancel (runner);
}
}
return err;
}
/* Called by the runner to cleanup the private data. */
static void
encfs_handler_cleanup (void *opaque)
{
encfs_parm_t parm = opaque;
if (!parm)
return;
destroy_tupledesc (parm->tuples);
xfree (parm->mountpoint);
xfree (parm);
}
/* Run the encfs tool. */
static gpg_error_t
run_encfs_tool (ctrl_t ctrl, enum encfs_cmds cmd,
const char *rawdir, const char *mountpoint, tupledesc_t tuples,
unsigned int *r_id)
{
gpg_error_t err;
encfs_parm_t parm;
runner_t runner = NULL;
int outbound[2] = { -1, -1 };
int inbound[2] = { -1, -1 };
const char *pgmname;
const char *argv[10];
pid_t pid = (pid_t)(-1);
int idx;
(void)ctrl;
parm = xtrycalloc (1, sizeof *parm);
if (!parm)
{
err = gpg_error_from_syserror ();
goto leave;
}
parm->cmd = cmd;
parm->tuples = ref_tupledesc (tuples);
parm->mountpoint = xtrystrdup (mountpoint);
if (!parm->mountpoint)
{
err = gpg_error_from_syserror ();
goto leave;
}
err = runner_new (&runner, "encfs");
if (err)
goto leave;
err = gnupg_create_inbound_pipe (inbound, NULL, 0);
if (!err)
err = gnupg_create_outbound_pipe (outbound, NULL, 0);
if (err)
{
log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
goto leave;
}
pgmname = ENCFS;
idx = 0;
argv[idx++] = "-f";
if (opt.verbose)
argv[idx++] = "-v";
argv[idx++] = "--stdinpass";
argv[idx++] = "--annotate";
argv[idx++] = rawdir;
argv[idx++] = mountpoint;
argv[idx++] = NULL;
assert (idx <= DIM (argv));
err = gnupg_spawn_process_fd (pgmname, argv,
outbound[0], -1, inbound[1], &pid);
if (err)
{
log_error ("error spawning '%s': %s\n", pgmname, gpg_strerror (err));
goto leave;
}
close (outbound[0]); outbound[0] = -1;
close ( inbound[1]); inbound[1] = -1;
runner_set_fds (runner, inbound[0], outbound[1]);
inbound[0] = -1; /* Now owned by RUNNER. */
outbound[1] = -1; /* Now owned by RUNNER. */
runner_set_handler (runner, encfs_handler, encfs_handler_cleanup, parm);
parm = NULL; /* Now owned by RUNNER. */
runner_set_pid (runner, pid);
pid = (pid_t)(-1); /* The process is now owned by RUNNER. */
err = runner_spawn (runner);
if (err)
goto leave;
*r_id = runner_get_rid (runner);
log_info ("running '%s' in the background\n", pgmname);
leave:
if (inbound[0] != -1)
close (inbound[0]);
if (inbound[1] != -1)
close (inbound[1]);
if (outbound[0] != -1)
close (outbound[0]);
if (outbound[1] != -1)
close (outbound[1]);
if (pid != (pid_t)(-1))
{
gnupg_wait_process (pgmname, pid, 1, NULL);
gnupg_release_process (pid);
}
runner_release (runner);
encfs_handler_cleanup (parm);
return err;
}
/* See be_get_detached_name for a description. Note that the
dispatcher code makes sure that NULL is stored at R_NAME before
calling us. */
gpg_error_t
be_encfs_get_detached_name (const char *fname, char **r_name, int *r_isdir)
{
char *result;
if (!fname || !*fname)
return gpg_error (GPG_ERR_INV_ARG);
result = strconcat (fname, ".d", NULL);
if (!result)
return gpg_error_from_syserror ();
*r_name = result;
*r_isdir = 1;
return 0;
}
/* Create a new session key and append it as a tuple to the memory
buffer MB.
The EncFS daemon takes a passphrase from stdin and internally
mangles it by means of some KDF from OpenSSL. We want to store a
binary key but we need to make sure that certain characters are not
used because the EncFS utility reads it from stdin and obviously
acts on some of the characters. This we replace CR (in case of an
MSDOS version of EncFS), LF (the delimiter used by EncFS) and Nul
(because it is unlikely to work). We use 32 bytes (256 bit)
because that is sufficient for the largest cipher (AES-256) and in
addition gives enough margin for a possible entropy degradation by
the KDF. */
gpg_error_t
be_encfs_create_new_keys (membuf_t *mb)
{
char *buffer;
int i, j;
/* Allocate a buffer of 32 bytes plus 8 spare bytes we may need to
replace the unwanted values. */
buffer = xtrymalloc_secure (32+8);
if (!buffer)
return gpg_error_from_syserror ();
/* Randomize the buffer. STRONG random should be enough as it is a
good compromise between security and performance. The
anticipated usage of this tool is the quite often creation of new
containers and thus this should not deplete the system's entropy
tool too much. */
gcry_randomize (buffer, 32+8, GCRY_STRONG_RANDOM);
for (i=j=0; i < 32; i++)
{
if (buffer[i] == '\r' || buffer[i] == '\n' || buffer[i] == 0 )
{
/* Replace. */
if (j == 8)
{
/* Need to get more random. */
gcry_randomize (buffer+32, 8, GCRY_STRONG_RANDOM);
j = 0;
}
buffer[i] = buffer[32+j];
j++;
}
}
/* Store the key. */
append_tuple (mb, KEYBLOB_TAG_ENCKEY, buffer, 32);
/* Free the temporary buffer. */
wipememory (buffer, 32+8); /* A failsafe extra wiping. */
xfree (buffer);
return 0;
}
/* Create the container described by the filename FNAME and the keyblob
information in TUPLES. */
gpg_error_t
be_encfs_create_container (ctrl_t ctrl, const char *fname, tupledesc_t tuples,
unsigned int *r_id)
{
gpg_error_t err;
int dummy;
char *containername = NULL;
char *mountpoint = NULL;
err = be_encfs_get_detached_name (fname, &containername, &dummy);
if (err)
goto leave;
mountpoint = xtrystrdup ("/tmp/.#g13_XXXXXX");
if (!mountpoint)
{
err = gpg_error_from_syserror ();
goto leave;
}
if (!gnupg_mkdtemp (mountpoint))
{
err = gpg_error_from_syserror ();
log_error (_("can't create directory '%s': %s\n"),
"/tmp/.#g13_XXXXXX", gpg_strerror (err));
goto leave;
}
err = run_encfs_tool (ctrl, ENCFS_CMD_CREATE, containername, mountpoint,
tuples, r_id);
/* In any case remove the temporary mount point. */
if (rmdir (mountpoint))
log_error ("error removing temporary mount point '%s': %s\n",
mountpoint, gpg_strerror (gpg_error_from_syserror ()));
leave:
xfree (containername);
xfree (mountpoint);
return err;
}
/* Mount the container described by the filename FNAME and the keyblob
information in TUPLES. On success the runner id is stored at R_ID. */
gpg_error_t
be_encfs_mount_container (ctrl_t ctrl,
const char *fname, const char *mountpoint,
tupledesc_t tuples, unsigned int *r_id)
{
gpg_error_t err;
int dummy;
char *containername = NULL;
if (!mountpoint)
{
log_error ("the encfs backend requires an explicit mountpoint\n");
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
goto leave;
}
err = be_encfs_get_detached_name (fname, &containername, &dummy);
if (err)
goto leave;
err = run_encfs_tool (ctrl, ENCFS_CMD_MOUNT, containername, mountpoint,
tuples, r_id);
leave:
xfree (containername);
return err;
}