mountlib: pass configKey to child process when daemonized - fixes #2442

This commit is contained in:
Cnly 2018-08-08 23:55:21 +08:00
parent 6156bc5806
commit 579c0b9961
2 changed files with 35 additions and 10 deletions

View file

@ -15,6 +15,7 @@ import (
"github.com/ncw/rclone/vfs/vfsflags"
"github.com/pkg/errors"
"github.com/spf13/cobra"
"github.com/ncw/rclone/fs/config"
)
// Options set by command line flags
@ -216,6 +217,11 @@ be copied to the vfs cache before opening with --vfs-cache-mode full.
` + vfs.Help,
Run: func(command *cobra.Command, args []string) {
cmd.CheckArgs(2, 2, command, args)
if Daemon {
config.SaveKeyToEnv = true
}
fdst := cmd.NewFsDir(args)
// Show stats if the user has specifically requested them

View file

@ -79,6 +79,12 @@ var (
// output of prompt for password
PasswordPromptOutput = os.Stderr
// Whether to set the environment variable `_RCLONE_CONFIG_KEY` to the configKey (base64 encoded) when
// it is calculated from the password. If `_RCLONE_CONFIG_KEY` is present, password prompt is skipped and `RCLONE_CONFIG_PASS` ignored.
// For security reasons, the `_RCLONE_CONFIG_KEY` is unset once the configKey is successfully loaded.
// This can be used to pass the configKey to a child process.
SaveKeyToEnv = false
)
func init() {
@ -249,19 +255,28 @@ func loadConfigFile() (*goconfig.ConfigFile, error) {
var out []byte
for {
if len(configKey) == 0 && envpw != "" {
err := setConfigPassword(envpw)
if envkey := os.Getenv("_RCLONE_CONFIG_KEY"); len(envkey) > 0 {
configKey, err = base64.StdEncoding.DecodeString(envkey)
if err != nil {
fmt.Println("Using RCLONE_CONFIG_PASS returned:", err)
} else {
fs.Debugf(nil, "Using RCLONE_CONFIG_PASS password.")
log.Fatalf("unable to decode configKey from environment variable _RCLONE_CONFIG_KEY: %v", err)
}
}
if len(configKey) == 0 {
if !fs.Config.AskPassword {
return nil, errors.New("unable to decrypt configuration and not allowed to ask for password - set RCLONE_CONFIG_PASS to your configuration password")
fs.Debugf(nil, "decoded configKey from environment variable _RCLONE_CONFIG_KEY")
os.Unsetenv("_RCLONE_CONFIG_KEY")
} else {
if len(configKey) == 0 && envpw != "" {
err := setConfigPassword(envpw)
if err != nil {
fmt.Println("Using RCLONE_CONFIG_PASS returned:", err)
} else {
fs.Debugf(nil, "Using RCLONE_CONFIG_PASS password.")
}
}
if len(configKey) == 0 {
if !fs.Config.AskPassword {
return nil, errors.New("unable to decrypt configuration and not allowed to ask for password - set RCLONE_CONFIG_PASS to your configuration password")
}
getConfigPassword("Enter configuration password:")
}
getConfigPassword("Enter configuration password:")
}
// Nonce is first 24 bytes of the ciphertext
@ -362,6 +377,10 @@ func setConfigPassword(password string) error {
return err
}
configKey = sha.Sum(nil)
if SaveKeyToEnv {
fs.Debugf(nil, "saving configKey to environment variable _RCLONE_CONFIG_KEY")
os.Setenv("_RCLONE_CONFIG_KEY", base64.StdEncoding.EncodeToString(configKey))
}
return nil
}