gnupg/g13/be-encfs.c

/* be-encfs.c - The EncFS based backend
 * Copyright (C) 2009 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
 * GnuPG is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * GnuPG is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see <https://www.gnu.org/licenses/>.
 */

#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <assert.h>

#include "g13.h"
#include "../common/i18n.h"
#include "keyblob.h"
#include "../common/sysutils.h"
#include "runner.h"
#include "be-encfs.h"


/* Command values used to run the encfs tool.  */
enum encfs_cmds
  {
    ENCFS_CMD_CREATE,
    ENCFS_CMD_MOUNT,
    ENCFS_CMD_UMOUNT
  };


/* An object to keep the private state of the encfs tool.  It is
   released by encfs_handler_cleanup.  */
struct encfs_parm_s
{
  enum encfs_cmds cmd;  /* The current command. */
  tupledesc_t tuples;   /* NULL or the tuples object.  */
  char *mountpoint;     /* The mountpoint.  */
};
typedef struct encfs_parm_s *encfs_parm_t;


static gpg_error_t
send_cmd_bin (runner_t runner, const void *data, size_t datalen)
{
  return runner_send_line (runner, data, datalen);
}


static gpg_error_t
send_cmd (runner_t runner, const char *string)
{
  log_debug ("sending command  -->%s<--\n", string);
  return send_cmd_bin (runner, string, strlen (string));
}



static void
run_umount_helper (const char *mountpoint)
{
  gpg_error_t err;
  const char pgmname[] = FUSERMOUNT;
  const char *args[3];

  args[0] = "-u";
  args[1] = mountpoint;
  args[2] = NULL;

  err = gpgrt_process_spawn (pgmname, args,
                             GPGRT_PROCESS_DETACHED,
                             NULL, NULL);
  if (err)
    log_error ("failed to run '%s': %s\n",
               pgmname, gpg_strerror (err));
}


/* Handle one line of the encfs tool's output.  This function is
   allowed to modify the content of BUFFER.  */
static gpg_error_t
handle_status_line (runner_t runner, const char *line,
                    enum encfs_cmds cmd, tupledesc_t tuples)
{
  gpg_error_t err;

  /* Check that encfs understands our new options.  */
  if (!strncmp (line, "$STATUS$", 8))
    {
      for (line +=8; *line && spacep (line); line++)
        ;
      log_info ("got status '%s'\n", line);
      if (!strcmp (line, "fuse_main_start"))
        {
          /* Send a special error code back to let the caller know
             that everything has been setup by encfs.  */
          err = gpg_error (GPG_ERR_UNFINISHED);
        }
      else
        err = 0;
    }
  else if (!strncmp (line, "$PROMPT$", 8))
    {
      for (line +=8; *line && spacep (line); line++)
        ;
      log_info ("got prompt '%s'\n", line);
      if (!strcmp (line, "create_root_dir"))
        err = send_cmd (runner, cmd == ENCFS_CMD_CREATE? "y":"n");
      else if (!strcmp (line, "create_mount_point"))
        err = send_cmd (runner, "y");
      else if (!strcmp (line, "passwd")
               || !strcmp (line, "new_passwd"))
        {
          if (tuples)
            {
              size_t n;
              const void *value;

              value = find_tuple (tuples, KEYBLOB_TAG_ENCKEY, &n);
              if (!value)
                err = gpg_error (GPG_ERR_INV_SESSION_KEY);
              else if ((err = send_cmd_bin (runner, value, n)))
                {
                  if (gpg_err_code (err) == GPG_ERR_BUG
                      && gpg_err_source (err) == GPG_ERR_SOURCE_DEFAULT)
                    err = gpg_error (GPG_ERR_INV_SESSION_KEY);
                }
            }
          else
            err = gpg_error (GPG_ERR_NO_DATA);
        }
      else
        err = send_cmd (runner, ""); /* Default to send an empty line.  */
    }
  else if (strstr (line, "encfs: unrecognized option '"))
    err = gpg_error (GPG_ERR_INV_ENGINE);
  else
    err = 0;

  return err;
}


/* The main processing function as used by the runner.  */
static gpg_error_t
encfs_handler (void *opaque, runner_t runner, const char *status_line)
{
  encfs_parm_t parm = opaque;
  gpg_error_t err;

  if (!parm || !runner)
    return gpg_error (GPG_ERR_BUG);
  if (!status_line)
    {
      /* Runner requested internal flushing - nothing to do here. */
      return 0;
    }

  err = handle_status_line (runner, status_line, parm->cmd, parm->tuples);
  if (gpg_err_code (err) == GPG_ERR_UNFINISHED
      && gpg_err_source (err) == GPG_ERR_SOURCE_DEFAULT)
    {
      err = 0;
      /* No more need for the tuples.  */
      destroy_tupledesc (parm->tuples);
      parm->tuples = NULL;

      if (parm->cmd == ENCFS_CMD_CREATE)
        {
          /* The encfs tool keeps on running after creation of the
             container.  We don't want that and thus need to stop the
             encfs process. */
          run_umount_helper (parm->mountpoint);
          /* In case the umount helper does not work we try to kill
             the engine.  FIXME: We should figure out how to make
             fusermount work.  */
          runner_cancel (runner);
        }
    }

  return err;
}


/* Called by the runner to cleanup the private data. */
static void
encfs_handler_cleanup (void *opaque)
{
  encfs_parm_t parm = opaque;

  if (!parm)
    return;

  destroy_tupledesc (parm->tuples);
  xfree (parm->mountpoint);
  xfree (parm);
}


/* Run the encfs tool.  */
static gpg_error_t
run_encfs_tool (ctrl_t ctrl, enum encfs_cmds cmd,
                const char *rawdir, const char *mountpoint, tupledesc_t tuples,
                unsigned int *r_id)
{
  gpg_error_t err;
  encfs_parm_t parm;
  runner_t runner = NULL;
  const char *pgmname;
  const char *argv[10];
  int idx;
  gpgrt_process_t proc;
  int inbound, outbound;

  (void)ctrl;

  parm = xtrycalloc (1, sizeof *parm);
  if (!parm)
    {
      err = gpg_error_from_syserror ();
      goto leave;
    }
  parm->cmd = cmd;
  parm->tuples = ref_tupledesc (tuples);
  parm->mountpoint = xtrystrdup (mountpoint);
  if (!parm->mountpoint)
    {
      err = gpg_error_from_syserror ();
      goto leave;
    }

  err = runner_new (&runner, "encfs");
  if (err)
    goto leave;

  pgmname = ENCFS;
  idx = 0;
  argv[idx++] = "-f";
  if (opt.verbose)
    argv[idx++] = "-v";
  argv[idx++] = "--stdinpass";
  argv[idx++] = "--annotate";
  argv[idx++] = rawdir;
  argv[idx++] = mountpoint;
  argv[idx++] = NULL;
  assert (idx <= DIM (argv));

  err = gpgrt_process_spawn (pgmname, argv,
                             (GPGRT_PROCESS_STDIN_PIPE
                              | GPGRT_PROCESS_STDERR_PIPE),
                             NULL, &proc);
  if (err)
    {
      log_error ("error spawning '%s': %s\n", pgmname, gpg_strerror (err));
      goto leave;
    }

  err = gpgrt_process_get_fds (proc, 0, &outbound, NULL, &inbound);
  if (err)
    {
      log_error ("error get fds '%s': %s\n", pgmname, gpg_strerror (err));
      gpgrt_process_release (proc);
      goto leave;
    }

  runner_set_fds (runner, inbound, outbound);

  runner_set_handler (runner, encfs_handler, encfs_handler_cleanup, parm);
  parm = NULL; /* Now owned by RUNNER.  */

  runner_set_proc (runner, proc);

  err = runner_spawn (runner);
  if (err)
    {
      gpgrt_process_release (proc);
      goto leave;
    }

  *r_id = runner_get_rid (runner);
  log_info ("running '%s' in the background\n", pgmname);

 leave:
  runner_release (runner);
  encfs_handler_cleanup (parm);
  return err;
}





/* See be_get_detached_name for a description.  Note that the
   dispatcher code makes sure that NULL is stored at R_NAME before
   calling us. */
gpg_error_t
be_encfs_get_detached_name (const char *fname, char **r_name, int *r_isdir)
{
  char *result;

  if (!fname || !*fname)
    return gpg_error (GPG_ERR_INV_ARG);

  result = strconcat (fname, ".d", NULL);
  if (!result)
    return gpg_error_from_syserror ();
  *r_name = result;
  *r_isdir = 1;
  return 0;
}


/* Create a new session key and append it as a tuple to the memory
   buffer MB.

   The EncFS daemon takes a passphrase from stdin and internally
   mangles it by means of some KDF from OpenSSL.  We want to store a
   binary key but we need to make sure that certain characters are not
   used because the EncFS utility reads it from stdin and obviously
   acts on some of the characters.  This we replace CR (in case of an
   MSDOS version of EncFS), LF (the delimiter used by EncFS) and Nul
   (because it is unlikely to work).  We use 32 bytes (256 bit)
   because that is sufficient for the largest cipher (AES-256) and in
   addition gives enough margin for a possible entropy degradation by
   the KDF.  */
gpg_error_t
be_encfs_create_new_keys (membuf_t *mb)
{
  char *buffer;
  int i, j;

  /* Allocate a buffer of 32 bytes plus 8 spare bytes we may need to
     replace the unwanted values.  */
  buffer = xtrymalloc_secure (32+8);
  if (!buffer)
    return gpg_error_from_syserror ();

  /* Randomize the buffer.  STRONG random should be enough as it is a
     good compromise between security and performance.  The
     anticipated usage of this tool is the quite often creation of new
     containers and thus this should not deplete the system's entropy
     tool too much.  */
  gcry_randomize (buffer, 32+8, GCRY_STRONG_RANDOM);
  for (i=j=0; i < 32; i++)
    {
      if (buffer[i] == '\r' || buffer[i] == '\n' || buffer[i] == 0 )
        {
          /* Replace.  */
          if (j == 8)
            {
              /* Need to get more random.  */
              gcry_randomize (buffer+32, 8, GCRY_STRONG_RANDOM);
              j = 0;
            }
          buffer[i] = buffer[32+j];
          j++;
        }
    }

  /* Store the key.  */
  append_tuple (mb, KEYBLOB_TAG_ENCKEY, buffer, 32);

  /* Free the temporary buffer.  */
  wipememory (buffer, 32+8);  /*  A failsafe extra wiping.  */
  xfree (buffer);

  return 0;
}


/* Create the container described by the filename FNAME and the keyblob
   information in TUPLES. */
gpg_error_t
be_encfs_create_container (ctrl_t ctrl, const char *fname, tupledesc_t tuples,
                           unsigned int *r_id)
{
  gpg_error_t err;
  int dummy;
  char *containername = NULL;
  char *mountpoint = NULL;

  err = be_encfs_get_detached_name (fname, &containername, &dummy);
  if (err)
    goto leave;

  mountpoint = xtrystrdup ("/tmp/.#g13_XXXXXX");
  if (!mountpoint)
    {
      err = gpg_error_from_syserror ();
      goto leave;
    }
  if (!gnupg_mkdtemp (mountpoint))
    {
      err = gpg_error_from_syserror ();
      log_error (_("can't create directory '%s': %s\n"),
                 "/tmp/.#g13_XXXXXX", gpg_strerror (err));
      goto leave;
    }

  err = run_encfs_tool (ctrl, ENCFS_CMD_CREATE, containername, mountpoint,
                        tuples, r_id);

  /* In any case remove the temporary mount point.  */
  if (rmdir (mountpoint))
    log_error ("error removing temporary mount point '%s': %s\n",
               mountpoint, gpg_strerror (gpg_error_from_syserror ()));


 leave:
  xfree (containername);
  xfree (mountpoint);
  return err;
}


/* Mount the container described by the filename FNAME and the keyblob
   information in TUPLES.  On success the runner id is stored at R_ID. */
gpg_error_t
be_encfs_mount_container (ctrl_t ctrl,
                          const char *fname, const char *mountpoint,
                          tupledesc_t tuples, unsigned int *r_id)
{
  gpg_error_t err;
  int dummy;
  char *containername = NULL;

  if (!mountpoint)
    {
      log_error ("the encfs backend requires an explicit mountpoint\n");
      err = gpg_error (GPG_ERR_NOT_SUPPORTED);
      goto leave;
    }

  err = be_encfs_get_detached_name (fname, &containername, &dummy);
  if (err)
    goto leave;

  err = run_encfs_tool (ctrl, ENCFS_CMD_MOUNT, containername, mountpoint,
                        tuples, r_id);

 leave:
  xfree (containername);
  return err;
}