procyberian/emacs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'emacs-28' of git.savannah.gnu.org:/srv/git/emacs into emacs-28

Browse source
This commit is contained in:
Eli Zaretskii 2022-07-18 15:32:10 +03:00
commit cba30431ff
2 changed files with 42 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

81
lisp/net/tramp-crypt.el
View file

@ -23,49 +23,48 @@
;;; Commentary: ;;; Commentary:
;; Access functions for crypted remote files. It uses encfs to ;; Access functions for encrypted remote files. It uses encfs to
;; encrypt / decrypt the files on a remote directory. A remote ;; encrypt / decrypt the files on a remote directory. A remote
;; directory, which shall include crypted files, must be declared in ;; directory, which shall include encrypted files, must be declared in
;; `tramp-crypt-directories' via command `tramp-crypt-add-directory'. ;; `tramp-crypt-directories' via command `tramp-crypt-add-directory'.
;; All files in that directory, including all subdirectories, are ;; All files in that directory, including all subdirectories, are
;; stored there encrypted. This includes file names and directory ;; stored there encrypted. This includes file names and directory
;; names. ;; names.
;; This package is just responsible for the encryption part. Copying ;; This package is just responsible for the encryption part. Copying
;; of the crypted files is still the responsibility of the remote file ;; of the encrypted files is still the responsibility of the remote
;; name handlers. ;; file name handlers.
;; A password protected encfs configuration file is created the very ;; A password protected encfs configuration file is created the very
;; first time you access a crypted remote directory. It is kept in ;; first time you access a encrypted remote directory. It is kept in
;; your user directory "~/.emacs.d/" with the url-encoded directory ;; your user directory "~/.emacs.d/" with the url-encoded directory
;; name as part of the basename, and ".encfs6.xml" as suffix. Do not ;; name as part of the basename, and ".encfs6.xml" as suffix. Do not
;; lose this file and the corresponding password; otherwise there is ;; lose this file and the corresponding password; otherwise there is
;; no way to decrypt your crypted files. ;; no way to decrypt your encrypted files.
;; If the user option `tramp-crypt-save-encfs-config-remote' is ;; If the user option `tramp-crypt-save-encfs-config-remote' is non-nil (the
;; non-nil (the default), the encfs configuration file ".encfs6.xml" ;; default), the encfs configuration file ".encfs6.xml" is also kept
;; is also kept in the crypted remote directory. It depends on you, ;; in the encrypted remote directory. It depends on you, whether you
;; whether you regard the password protection of this file as ;; regard the password protection of this file as sufficient.
;; sufficient.
;; If you use a remote file name with a quoted localname part, this ;; If you use a remote file name with a quoted localname part, this
;; localname and the corresponding file will not be encrypted/ ;; localname and the corresponding file will not be encrypted/
;; decrypted. For example, if you have a crypted remote directory ;; decrypted. For example, if you have a encrypted remote directory
;; "/nextcloud:user@host:/crypted_dir", the command ;; "/nextcloud:user@host:/encrypted_dir", the command
;; ;;
;; C-x d /nextcloud:user@host:/crypted_dir ;; C-x d /nextcloud:user@host:/encrypted_dir
;; ;;
;; will show the directory listing with the plain file names, and the ;; will show the directory listing with the plain file names, and the
;; command ;; command
;; ;;
;; C-x d /nextcloud:user@host:/:/crypted_dir ;; C-x d /nextcloud:user@host:/:/encrypted_dir
;; ;;
;; will show the directory with the encrypted file names, and visiting ;; will show the directory with the encrypted file names, and visiting
;; a file will show its crypted contents. However, it is highly ;; a file will show its encrypted contents. However, it is highly
;; discouraged to mix crypted and not crypted files in the same ;; discouraged to mix encrypted and not encrypted files in the same
;; directory. ;; directory.
;; If a remote directory shall not include crypted files anymore, it ;; If a remote directory shall not include encrypted files anymore, it
;; must be indicated by the command `tramp-crypt-remove-directory'. ;; must be indicated by the command `tramp-crypt-remove-directory'.
;;; Code: ;;; Code:
@ -78,7 +77,7 @@
(autoload 'text-property-search-forward "text-property-search") (autoload 'text-property-search-forward "text-property-search")
(defconst tramp-crypt-method "crypt" (defconst tramp-crypt-method "crypt"
"Method name for crypted remote directories.") "Method name for encrypted remote directories.")
(defcustom tramp-crypt-encfs-program "encfs" (defcustom tramp-crypt-encfs-program "encfs"
"Name of the encfs program." "Name of the encfs program."
@ -96,7 +95,7 @@
"Configuration option for encfs. "Configuration option for encfs.
This could be either \"--standard\" or \"--paranoia\". The file This could be either \"--standard\" or \"--paranoia\". The file
name IV chaining mode mode will always be disabled when name IV chaining mode mode will always be disabled when
initializing a new crypted remote directory." initializing a new encrypted remote directory."
:group 'tramp :group 'tramp
:version "28.1" :version "28.1"
:type '(choice (const "--standard") :type '(choice (const "--standard")
@ -120,7 +119,7 @@ initializing a new crypted remote directory."
They are completed by \"M-x TAB\" only when encryption support is enabled." They are completed by \"M-x TAB\" only when encryption support is enabled."
(and tramp-crypt-enabled (and tramp-crypt-enabled
;; `tramp-crypt-remove-directory' needs to be completed only in ;; `tramp-crypt-remove-directory' needs to be completed only in
;; case we have already crypted directories. ;; case we have already encrypted directories.
(or (not (eq symbol #'tramp-crypt-remove-directory)) (or (not (eq symbol #'tramp-crypt-remove-directory))
tramp-crypt-directories))) tramp-crypt-directories)))
@ -129,21 +128,21 @@ They are completed by \"M-x TAB\" only when encryption support is enabled."
"Encfs configuration file name.") "Encfs configuration file name.")
(defcustom tramp-crypt-save-encfs-config-remote t (defcustom tramp-crypt-save-encfs-config-remote t
"Whether to keep the encfs configuration file in the crypted remote directory." "Whether to keep the encfs configuration file in the encrypted remote directory."
:group 'tramp :group 'tramp
:version "28.1" :version "28.1"
:type 'boolean) :type 'boolean)
;;;###tramp-autoload ;;;###tramp-autoload
(defvar tramp-crypt-directories nil (defvar tramp-crypt-directories nil
"List of crypted remote directories.") "List of encrypted remote directories.")
;; It must be a `defsubst' in order to push the whole code into ;; It must be a `defsubst' in order to push the whole code into
;; tramp-loaddefs.el. Otherwise, there would be recursive autoloading. ;; tramp-loaddefs.el. Otherwise, there would be recursive autoloading.
;;;###tramp-autoload ;;;###tramp-autoload
(defsubst tramp-crypt-file-name-p (name) (defsubst tramp-crypt-file-name-p (name)
"Return the crypted remote directory NAME belongs to. "Return the encrypted remote directory NAME belongs to.
If NAME doesn't belong to a crypted remote directory, retun nil." If NAME doesn't belong to a encrypted remote directory, retun nil."
(catch 'crypt-file-name-p (catch 'crypt-file-name-p
(and tramp-crypt-enabled (stringp name) (and tramp-crypt-enabled (stringp name)
(not (tramp-compat-file-name-quoted-p name)) (not (tramp-compat-file-name-quoted-p name))
@ -240,7 +239,7 @@ If NAME doesn't belong to a crypted remote directory, retun nil."
Operations not mentioned here will be handled by the default Emacs primitives.") Operations not mentioned here will be handled by the default Emacs primitives.")
(defsubst tramp-crypt-file-name-for-operation (operation &rest args) (defsubst tramp-crypt-file-name-for-operation (operation &rest args)
"Like `tramp-file-name-for-operation', but for crypted remote files." "Like `tramp-file-name-for-operation', but for encrypted remote files."
(let ((tfnfo (apply #'tramp-file-name-for-operation operation args))) (let ((tfnfo (apply #'tramp-file-name-for-operation operation args)))
;; `tramp-file-name-for-operation' returns already the first argument ;; `tramp-file-name-for-operation' returns already the first argument
;; if it is remote. So we check a possible second argument. ;; if it is remote. So we check a possible second argument.
@ -264,7 +263,7 @@ arguments to pass to the OPERATION."
;;;###tramp-autoload ;;;###tramp-autoload
(defun tramp-crypt-file-name-handler (operation &rest args) (defun tramp-crypt-file-name-handler (operation &rest args)
"Invoke the crypted remote file related OPERATION. "Invoke the encrypted remote file related OPERATION.
First arg specifies the OPERATION, second arg is a list of First arg specifies the OPERATION, second arg is a list of
arguments to pass to the OPERATION." arguments to pass to the OPERATION."
(if-let ((filename (if-let ((filename
@ -409,7 +408,7 @@ ARGS are the arguments. It returns t if ran successful, and nil otherwise."
t)))) t))))
(defun tramp-crypt-do-encrypt-or-decrypt-file-name (op name) (defun tramp-crypt-do-encrypt-or-decrypt-file-name (op name)
"Return encrypted / decrypted NAME if NAME belongs to a crypted directory. "Return encrypted / decrypted NAME if NAME belongs to an encrypted directory.
OP must be `encrypt' or `decrypt'. Raise an error if this fails. OP must be `encrypt' or `decrypt'. Raise an error if this fails.
Otherwise, return NAME." Otherwise, return NAME."
(if-let ((tramp-crypt-enabled t) (if-let ((tramp-crypt-enabled t)
@ -438,17 +437,17 @@ Otherwise, return NAME."
name)) name))
(defsubst tramp-crypt-encrypt-file-name (name) (defsubst tramp-crypt-encrypt-file-name (name)
"Return encrypted NAME if NAME belongs to a crypted directory. "Return encrypted NAME if NAME belongs to an encrypted directory.
Otherwise, return NAME." Otherwise, return NAME."
(tramp-crypt-do-encrypt-or-decrypt-file-name 'encrypt name)) (tramp-crypt-do-encrypt-or-decrypt-file-name 'encrypt name))
(defsubst tramp-crypt-decrypt-file-name (name) (defsubst tramp-crypt-decrypt-file-name (name)
"Return decrypted NAME if NAME belongs to a crypted directory. "Return decrypted NAME if NAME belongs to an encrypted directory.
Otherwise, return NAME." Otherwise, return NAME."
(tramp-crypt-do-encrypt-or-decrypt-file-name 'decrypt name)) (tramp-crypt-do-encrypt-or-decrypt-file-name 'decrypt name))
(defun tramp-crypt-do-encrypt-or-decrypt-file (op root infile outfile) (defun tramp-crypt-do-encrypt-or-decrypt-file (op root infile outfile)
"Encrypt / decrypt file INFILE to OUTFILE according to crypted directory ROOT. "Encrypt / decrypt file INFILE to OUTFILE according to encrypted directory ROOT.
Both files must be local files. OP must be `encrypt' or `decrypt'. Both files must be local files. OP must be `encrypt' or `decrypt'.
If OP ist `decrypt', the basename of INFILE must be an encrypted file name. If OP ist `decrypt', the basename of INFILE must be an encrypted file name.
Raise an error if this fails." Raise an error if this fails."
@ -470,12 +469,12 @@ Raise an error if this fails."
(write-region nil nil outfile))))) (write-region nil nil outfile)))))
(defsubst tramp-crypt-encrypt-file (root infile outfile) (defsubst tramp-crypt-encrypt-file (root infile outfile)
"Encrypt file INFILE to OUTFILE according to crypted directory ROOT. "Encrypt file INFILE to OUTFILE according to encrypted directory ROOT.
See `tramp-crypt-do-encrypt-or-decrypt-file'." See `tramp-crypt-do-encrypt-or-decrypt-file'."
(tramp-crypt-do-encrypt-or-decrypt-file 'encrypt root infile outfile)) (tramp-crypt-do-encrypt-or-decrypt-file 'encrypt root infile outfile))
(defsubst tramp-crypt-decrypt-file (root infile outfile) (defsubst tramp-crypt-decrypt-file (root infile outfile)
"Decrypt file INFILE to OUTFILE according to crypted directory ROOT. "Decrypt file INFILE to OUTFILE according to encrypted directory ROOT.
See `tramp-crypt-do-encrypt-or-decrypt-file'." See `tramp-crypt-do-encrypt-or-decrypt-file'."
(tramp-crypt-do-encrypt-or-decrypt-file 'decrypt root infile outfile)) (tramp-crypt-do-encrypt-or-decrypt-file 'decrypt root infile outfile))
@ -537,10 +536,10 @@ localname."
(make-tramp-file-name (make-tramp-file-name
:method tramp-crypt-method :user (user-login-name) :method tramp-crypt-method :user (user-login-name)
:host (url-hexify-string dir)) :host (url-hexify-string dir))
(tramp-user-error nil "Not a crypted remote directory: \"%s\"" name)))) (tramp-user-error nil "Not an encrypted remote directory: \"%s\"" name))))
(defun tramp-crypt-get-remote-dir (vec) (defun tramp-crypt-get-remote-dir (vec)
"Return the name of the crypted remote directory to be used for encfs." "Return the name of the encrypted remote directory to be used for encfs."
(url-unhex-string (tramp-file-name-host vec))) (url-unhex-string (tramp-file-name-host vec)))
@ -606,7 +605,7 @@ absolute file names."
(with-tramp-progress-reporter (with-tramp-progress-reporter
v 0 (format "%s %s to %s" msg-operation filename newname) v 0 (format "%s %s to %s" msg-operation filename newname)
(if (and t1 t2 (string-equal t1 t2)) (if (and t1 t2 (string-equal t1 t2))
;; Both files are on the same crypted remote directory. ;; Both files are on the same encrypted remote directory.
(let (tramp-crypt-enabled) (let (tramp-crypt-enabled)
(if (eq op 'copy) (if (eq op 'copy)
(copy-file (copy-file
@ -624,7 +623,7 @@ absolute file names."
(file-name-nondirectory encrypt-newname) tmpdir)) (file-name-nondirectory encrypt-newname) tmpdir))
tramp-crypt-enabled) tramp-crypt-enabled)
(cond (cond
;; Source and target file are on a crypted remote directory. ;; Source and target file are on a encrypted remote directory.
((and t1 t2) ((and t1 t2)
(if (eq op 'copy) (if (eq op 'copy)
(copy-file (copy-file
@ -632,7 +631,7 @@ absolute file names."
keep-date preserve-uid-gid preserve-extended-attributes) keep-date preserve-uid-gid preserve-extended-attributes)
(rename-file (rename-file
encrypt-filename encrypt-newname ok-if-already-exists))) encrypt-filename encrypt-newname ok-if-already-exists)))
;; Source file is on a crypted remote directory. ;; Source file is on a encrypted remote directory.
(t1 (t1
(if (eq op 'copy) (if (eq op 'copy)
(copy-file (copy-file
@ -641,7 +640,7 @@ absolute file names."
(rename-file encrypt-filename tmpfile1 t)) (rename-file encrypt-filename tmpfile1 t))
(tramp-crypt-decrypt-file t1 tmpfile1 tmpfile2) (tramp-crypt-decrypt-file t1 tmpfile1 tmpfile2)
(rename-file tmpfile2 newname ok-if-already-exists)) (rename-file tmpfile2 newname ok-if-already-exists))
;; Target file is on a crypted remote directory. ;; Target file is on a encrypted remote directory.
(t2 (t2
(if (eq op 'copy) (if (eq op 'copy)
(copy-file (copy-file
@ -677,7 +676,7 @@ absolute file names."
(list filename newname ok-if-already-exists keep-date (list filename newname ok-if-already-exists keep-date
preserve-uid-gid preserve-extended-attributes)))) preserve-uid-gid preserve-extended-attributes))))
;; Crypted files won't be trashed. ;; Encrypted files won't be trashed.
(defun tramp-crypt-handle-delete-directory (defun tramp-crypt-handle-delete-directory
(directory &optional recursive _trash) (directory &optional recursive _trash)
"Like `delete-directory' for Tramp files." "Like `delete-directory' for Tramp files."
@ -686,7 +685,7 @@ absolute file names."
(let (tramp-crypt-enabled) (let (tramp-crypt-enabled)
(delete-directory (tramp-crypt-encrypt-file-name directory) recursive)))) (delete-directory (tramp-crypt-encrypt-file-name directory) recursive))))
;; Crypted files won't be trashed. ;; Encrypted files won't be trashed.
(defun tramp-crypt-handle-delete-file (filename &optional _trash) (defun tramp-crypt-handle-delete-file (filename &optional _trash)
"Like `delete-file' for Tramp files." "Like `delete-file' for Tramp files."
(with-parsed-tramp-file-name (expand-file-name filename) nil (with-parsed-tramp-file-name (expand-file-name filename) nil

4
lisp/net/tramp.el
View file

@ -3818,7 +3818,7 @@ Let-bind it when necessary.")
;; When we shall insert only a part of the file, we ;; When we shall insert only a part of the file, we
;; copy this part. This works only for the shell file ;; copy this part. This works only for the shell file
;; name handlers. It doesn't work for crypted files. ;; name handlers. It doesn't work for encrypted files.
(when (and (or beg end) (when (and (or beg end)
(tramp-sh-file-name-handler-p v) (tramp-sh-file-name-handler-p v)
(null tramp-crypt-enabled)) (null tramp-crypt-enabled))
@ -5439,7 +5439,7 @@ This handles also chrooted environments, which are not regarded as local."
;; handlers. `tramp-local-host-p' is also called for "smb" and ;; handlers. `tramp-local-host-p' is also called for "smb" and
;; alike, where it must fail. ;; alike, where it must fail.
(tramp-sh-file-name-handler-p vec) (tramp-sh-file-name-handler-p vec)
;; Direct actions aren't possible for crypted directories. ;; Direct actions aren't possible for encrypted directories.
(null tramp-crypt-enabled) (null tramp-crypt-enabled)
;; The local temp directory must be writable for the other user. ;; The local temp directory must be writable for the other user.
(file-writable-p (file-writable-p