1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
|
/*
* errors.go - File which contains common error handling code for fscrypt
* commands. This includes handling for bad usage, invalid commands, and errors
* from the other packages
*
* Copyright 2017 Google Inc.
* Author: Joe Richey (joerichey@google.com)
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package main
import (
"bytes"
"fmt"
"os"
"path/filepath"
"unicode/utf8"
"github.com/pkg/errors"
"github.com/urfave/cli"
"github.com/google/fscrypt/actions"
"github.com/google/fscrypt/crypto"
"github.com/google/fscrypt/filesystem"
"github.com/google/fscrypt/metadata"
"github.com/google/fscrypt/security"
"github.com/google/fscrypt/util"
)
// failureExitCode is the value fscrypt will return on failure.
const failureExitCode = 1
// Various errors used for the top level user interface
var (
ErrCanceled = errors.New("operation canceled")
ErrNoDestructiveOps = errors.New("operation would be destructive")
ErrMaxPassphrase = util.SystemError("max passphrase length exceeded")
ErrInvalidSource = errors.New("invalid source type")
ErrPassphraseMismatch = errors.New("entered passphrases do not match")
ErrSpecifyProtector = errors.New("multiple protectors available")
ErrWrongKey = errors.New("incorrect key provided")
ErrSpecifyKeyFile = errors.New("no key file specified")
ErrKeyFileLength = errors.Errorf("key file must be %d bytes", metadata.InternalKeyLen)
ErrAllLoadsFailed = errors.New("could not load any protectors")
ErrMustBeRoot = errors.New("this command must be run as root")
ErrPolicyUnlocked = errors.New("this file or directory is already unlocked")
ErrBadOwners = errors.New("you do not own this directory")
ErrNotEmptyDir = errors.New("not an empty directory")
ErrNotPassphrase = errors.New("protector does not use a passphrase")
ErrUnknownUser = errors.New("unknown user")
ErrDropCachesPerm = errors.New("inode cache can only be dropped as root")
ErrSpecifyUser = errors.New("user must be specified when run as root")
)
var loadHelpText = fmt.Sprintf("You may need to mount a linked filesystem. Run with %s for more information.", shortDisplay(verboseFlag))
// getFullName returns the full name of the application or command being used.
func getFullName(c *cli.Context) string {
if c.Command.HelpName != "" {
return c.Command.HelpName
}
return c.App.HelpName
}
// getErrorSuggestions returns a string containing suggestions about how to fix
// an error. If no suggestion is necessary or available, return empty string.
func getErrorSuggestions(err error) string {
switch errors.Cause(err) {
case filesystem.ErrNotSetup:
return fmt.Sprintf(`Run "fscrypt setup %s" to use fscrypt on this filesystem.`, mountpointArg)
case crypto.ErrKeyLock:
return `Too much memory was requested to be locked in RAM. The
current limit for this user can be checked with "ulimit
-l". The limit can be modified by either changing the
"memlock" item in /etc/security/limits.conf or by
changing the "LimitMEMLOCK" value in systemd.`
case metadata.ErrEncryptionNotSupported:
return `Encryption for this type of filesystem is not supported
on this kernel version.`
case metadata.ErrEncryptionNotEnabled:
return `Encryption is either disabled in the kernel config, or
needs to be enabled for this filesystem. See the
documentation on how to enable encryption on ext4
systems (and the risks of doing so).`
case security.ErrSessionUserKeying:
return `This is usually the result of a bad PAM configuration.
Either correct the problem in your PAM stack, enable
pam_keyinit.so, or run "keyctl link @u @s".`
case security.ErrAccessUserKeyring:
return fmt.Sprintf(`You can only use %s to access the user
keyring of another user if you are running as root.`,
shortDisplay(userFlag))
case actions.ErrBadConfigFile:
return `Run "sudo fscrypt setup" to recreate the file.`
case actions.ErrNoConfigFile:
return `Run "sudo fscrypt setup" to create the file.`
case actions.ErrMissingPolicyMetadata:
return `This file or directory has either been encrypted with
another tool (such as e4crypt) or the corresponding
filesystem metadata has been deleted.`
case actions.ErrPolicyMetadataMismatch:
return `The metadata for this encrypted directory is in an
inconsistent state. This most likely means the filesystem
metadata is corrupted.`
case actions.ErrMissingProtectorName:
return fmt.Sprintf("Use %s to specify a protector name.", shortDisplay(nameFlag))
case ErrNoDestructiveOps:
return fmt.Sprintf("Use %s to automatically run destructive operations.", shortDisplay(forceFlag))
case ErrSpecifyProtector:
return fmt.Sprintf("Use %s to specify a protector.", shortDisplay(protectorFlag))
case ErrSpecifyKeyFile:
return fmt.Sprintf("Use %s to specify a key file.", shortDisplay(keyFileFlag))
case ErrBadOwners:
return `Encryption can only be setup on directories you own,
even if you have write permission for the directory.`
case ErrNotEmptyDir:
return `Encryption can only be setup on empty directories; files
cannot be encrypted in-place. Instead, encrypt an empty
directory, copy the files into that encrypted directory,
and securely delete the originals with "shred".`
case ErrDropCachesPerm:
return fmt.Sprintf(`Either this command should be run as root to
properly clear the inode cache, or it should be run with
%s=false (this may leave encrypted files and directories
in an accessible state).`, shortDisplay(dropCachesFlag))
case ErrSpecifyUser:
return fmt.Sprintf(`When running this command as root, you
usually still want to provision/remove keys for a normal
user's keyring and use a normal user's login passphrase
as a protector (so the corresponding files will be
accessible for that user). This can be done with %s. To
use the root user's keyring or passphrase, use
--%s=root.`, shortDisplay(userFlag), userFlag.GetName())
case ErrAllLoadsFailed:
return loadHelpText
default:
return ""
}
}
// newExitError creates a new error for a given context and normal error. The
// returned error prepends the name of the relevant command and will make
// fscrypt return a non-zero exit value.
func newExitError(c *cli.Context, err error) error {
// Prepend the full name and append suggestions (if any)
fullNamePrefix := getFullName(c) + ": "
message := fullNamePrefix + wrapText(err.Error(), utf8.RuneCountInString(fullNamePrefix))
if suggestion := getErrorSuggestions(err); suggestion != "" {
message += "\n\n" + wrapText(suggestion, 0)
}
return cli.NewExitError(message, failureExitCode)
}
// usageError implements cli.ExitCoder to print the usage and return a non-zero
// value. This error should be used when a command is used incorrectly.
type usageError struct {
c *cli.Context
message string
}
func (u *usageError) Error() string {
return fmt.Sprintf("%s: %s", getFullName(u.c), u.message)
}
// We get the help to print after the error by having it run right before the
// application exits. This is very nasty, but there isn't a better way to do it
// with the constraints of urfave/cli.
func (u *usageError) ExitCode() int {
// Redirect help output to a buffer, so we can customize it.
buf := new(bytes.Buffer)
oldWriter := u.c.App.Writer
u.c.App.Writer = buf
// Get the appropriate help
if getFullName(u.c) == filepath.Base(os.Args[0]) {
cli.ShowAppHelp(u.c)
} else {
cli.ShowCommandHelp(u.c, u.c.Command.Name)
}
// Remove first line from help and print it out
buf.ReadBytes('\n')
buf.WriteTo(oldWriter)
u.c.App.Writer = oldWriter
return failureExitCode
}
// expectedArgsErr creates a usage error for the incorrect number of arguments
// being specified. atMost should be true only if any number of arguments from 0
// to expectedArgs would be acceptable.
func expectedArgsErr(c *cli.Context, expectedArgs int, atMost bool) error {
message := "expected "
if atMost {
message += "at most "
}
message += fmt.Sprintf("%s, got %s",
pluralize(expectedArgs, "argument"), pluralize(c.NArg(), "argument"))
return &usageError{c, message}
}
// onUsageError is a function handler for the application and each command.
func onUsageError(c *cli.Context, err error, _ bool) error {
return &usageError{c, err.Error()}
}
// checkRequiredFlags makes sure that all of the specified string flags have
// been given nonempty values. Returns a usage error on failure.
func checkRequiredFlags(c *cli.Context, flags []*stringFlag) error {
for _, flag := range flags {
if flag.Value == "" {
message := fmt.Sprintf("required flag %s not provided", shortDisplay(flag))
return &usageError{c, message}
}
}
return nil
}
|
