Changeset View
Changeset View
Standalone View
Standalone View
kded/engine/backends/gocryptfs/gocryptfsbackend.cpp
- This file was added.
1 | /* | ||||
---|---|---|---|---|---|
2 | * Copyright 2020 by Martino Pilia <martino.pilia (at) gmail.com> | ||||
3 | * | ||||
4 | * This program is free software; you can redistribute it and/or | ||||
5 | * modify it under the terms of the GNU General Public License as | ||||
6 | * published by the Free Software Foundation; either version 2 of | ||||
7 | * the License or (at your option) version 3 or any later version | ||||
8 | * accepted by the membership of KDE e.V. (or its successor approved | ||||
9 | * by the membership of KDE e.V.), which shall act as a proxy | ||||
10 | * defined in Section 14 of version 3 of the license. | ||||
11 | * | ||||
12 | * This program is distributed in the hope that it will be useful, | ||||
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
15 | * GNU General Public License for more details. | ||||
16 | * | ||||
17 | * You should have received a copy of the GNU General Public License | ||||
18 | * along with this program. If not, see <http://www.gnu.org/licenses/>. | ||||
19 | */ | ||||
20 | | ||||
21 | #include "gocryptfsbackend.h" | ||||
22 | | ||||
23 | #include <QDir> | ||||
24 | #include <QProcess> | ||||
25 | | ||||
26 | #include <KConfigGroup> | ||||
27 | #include <KLocalizedString> | ||||
28 | #include <KMountPoint> | ||||
29 | #include <KSharedConfig> | ||||
30 | | ||||
31 | #include <algorithm> | ||||
32 | | ||||
33 | #include <asynqt/basic/all.h> | ||||
34 | #include <asynqt/operations/collect.h> | ||||
35 | #include <asynqt/operations/transform.h> | ||||
36 | #include <asynqt/wrappers/process.h> | ||||
37 | | ||||
38 | #include <singleton_p.h> | ||||
39 | | ||||
40 | using namespace AsynQt; | ||||
41 | | ||||
42 | namespace PlasmaVault { | ||||
43 | | ||||
44 | // See `man gocryptfs`, section EXIT CODES. | ||||
45 | enum class ExitCode : int{ | ||||
46 | Success = 0, | ||||
47 | | ||||
48 | // CIPHERDIR is not an emtpy directory (on "-init") | ||||
49 | NonEmptyCipherDir = 6, | ||||
50 | | ||||
51 | // MOUNTPOINT is not an empty directory | ||||
52 | NonEmptyMountPoint = 10, | ||||
53 | | ||||
54 | // Password incorrect | ||||
55 | WrongPassword = 12, | ||||
56 | | ||||
57 | // Password is empty (on "-init") | ||||
58 | EmptyPassword = 22, | ||||
59 | | ||||
60 | // Could not read gocryptfs.conf | ||||
61 | CannotReadConfig = 23, | ||||
62 | | ||||
63 | // Could not write gocryptfs.conf (on "-init" or "-password") | ||||
64 | CannotWriteConfig = 24, | ||||
65 | | ||||
66 | // fsck found errors | ||||
67 | FsckError = 26, | ||||
68 | }; | ||||
69 | | ||||
70 | | ||||
71 | | ||||
72 | GocryptfsBackend::GocryptfsBackend() | ||||
73 | { | ||||
74 | } | ||||
75 | | ||||
76 | | ||||
77 | | ||||
78 | GocryptfsBackend::~GocryptfsBackend() | ||||
79 | { | ||||
80 | } | ||||
81 | | ||||
82 | | ||||
83 | | ||||
84 | Backend::Ptr GocryptfsBackend::instance() | ||||
85 | { | ||||
86 | return singleton::instance<GocryptfsBackend>(); | ||||
87 | } | ||||
88 | | ||||
89 | | ||||
90 | | ||||
91 | FutureResult<> GocryptfsBackend::mount(const Device &device, | ||||
92 | const MountPoint &mountPoint, | ||||
93 | const Vault::Payload &payload) | ||||
94 | { | ||||
95 | QDir dir; | ||||
96 | | ||||
97 | const auto password = payload[KEY_PASSWORD].toString(); | ||||
98 | | ||||
99 | if (!dir.mkpath(device.data()) || !dir.mkpath(mountPoint.data())) { | ||||
100 | return errorResult(Error::BackendError, i18n("Failed to create directories, check your permissions")); | ||||
101 | } | ||||
102 | | ||||
103 | if (isInitialized(device)) { | ||||
104 | auto mountProcess = gocryptfs({ | ||||
105 | device.data(), // cypher data directory | ||||
106 | mountPoint.data() // mount point | ||||
107 | }); | ||||
108 | | ||||
109 | auto mountResult = makeFuture(mountProcess, hasProcessFinishedSuccessfully); | ||||
110 | | ||||
111 | // Write password | ||||
112 | mountProcess->write(password.toUtf8() + "\n"); | ||||
113 | | ||||
114 | return mountResult; | ||||
115 | } else { | ||||
116 | // Initialise cipherdir | ||||
117 | auto initProcess = gocryptfs({ | ||||
118 | "-init", | ||||
119 | device.data(), | ||||
120 | }); | ||||
121 | | ||||
122 | auto initResult = makeFuture(initProcess, [=] (QProcess *process) { | ||||
123 | auto const exitCode = static_cast<ExitCode>(process->exitCode()); | ||||
124 | | ||||
125 | switch (exitCode) { | ||||
126 | case ExitCode::Success: | ||||
127 | return AsynQt::await(mount(device, mountPoint, payload)); | ||||
128 | | ||||
129 | case ExitCode::NonEmptyCipherDir: | ||||
130 | return Result<>::error(Error::BackendError, | ||||
131 | i18n("The cipher directory is not empty, cannot initialise the vault.")); | ||||
132 | | ||||
133 | case ExitCode::EmptyPassword: | ||||
134 | return Result<>::error(Error::BackendError, | ||||
135 | i18n("The password is empty, cannot initialise the vault.")); | ||||
136 | | ||||
137 | case ExitCode::CannotWriteConfig: | ||||
138 | return Result<>::error(Error::BackendError, | ||||
139 | i18n("Cannot write gocryptfs.conf inside cipher directory, check your permissions.")); | ||||
140 | | ||||
141 | default: | ||||
142 | return Result<>::error(Error::CommandError, | ||||
143 | i18n("Unable to perform the operation (error code %1).", QString::number((int) exitCode)), | ||||
144 | process->readAllStandardOutput(), | ||||
145 | process->readAllStandardError()); | ||||
146 | } | ||||
147 | }); | ||||
148 | | ||||
149 | // Write password twice (insert and confirm) | ||||
150 | for (int i = 0; i < 2; ++i) { | ||||
151 | initProcess->write(password.toUtf8() + "\n"); | ||||
152 | } | ||||
153 | | ||||
154 | return initResult; | ||||
155 | } | ||||
156 | } | ||||
157 | | ||||
158 | | ||||
159 | | ||||
160 | FutureResult<> GocryptfsBackend::validateBackend() | ||||
161 | { | ||||
162 | using namespace AsynQt::operators; | ||||
163 | | ||||
164 | // We need to check whether all the commands are installed | ||||
165 | // and whether the user has permissions to run them | ||||
166 | return | ||||
167 | collect(checkVersion(gocryptfs({ "--version" }), std::make_tuple(1, 7, 1)), | ||||
168 | checkVersion(fusermount({ "--version" }), std::make_tuple(2, 9, 7))) | ||||
169 | | ||||
170 | | transform([this] (const QPair<bool, QString> &gocryptfs, | ||||
171 | const QPair<bool, QString> &fusermount) { | ||||
172 | | ||||
173 | bool success = gocryptfs.first && fusermount.first; | ||||
174 | QString message = formatMessageLine("gocryptfs", gocryptfs) | ||||
175 | + formatMessageLine("fusermount", fusermount); | ||||
176 | | ||||
177 | return success ? Result<>::success() | ||||
178 | : Result<>::error(Error::BackendError, message); | ||||
179 | }); | ||||
180 | } | ||||
181 | | ||||
182 | | ||||
183 | | ||||
184 | bool GocryptfsBackend::isInitialized(const Device &device) const | ||||
185 | { | ||||
186 | QFile gocryptfsConfig(getConfigFilePath(device)); | ||||
187 | return gocryptfsConfig.exists(); | ||||
188 | } | ||||
189 | | ||||
190 | | ||||
191 | | ||||
192 | QProcess *GocryptfsBackend::gocryptfs(const QStringList &arguments) const | ||||
193 | { | ||||
194 | auto config = KSharedConfig::openConfig(PLASMAVAULT_CONFIG_FILE); | ||||
195 | KConfigGroup backendConfig(config, "GocryptfsBackend"); | ||||
196 | | ||||
197 | return process("gocryptfs", | ||||
198 | arguments + backendConfig.readEntry("extraMountOptions", QStringList{}), | ||||
199 | {}); | ||||
200 | } | ||||
201 | | ||||
202 | | ||||
203 | | ||||
204 | QString GocryptfsBackend::getConfigFilePath(const Device &device) const | ||||
205 | { | ||||
206 | return device.data() + QStringLiteral("/gocryptfs.conf"); | ||||
207 | } | ||||
208 | | ||||
209 | | ||||
210 | | ||||
211 | } // namespace PlasmaVault | ||||
212 | |