emacs/lisp/net/tramp-crypt.el

910 lines
37 KiB
EmacsLisp
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;;; tramp-crypt.el --- Tramp crypt utilities -*- lexical-binding:t -*-
;; Copyright (C) 2020-2024 Free Software Foundation, Inc.
;; Author: Michael Albinus <michael.albinus@gmx.de>
;; Keywords: comm, processes
;; Package: tramp
;; This file is part of GNU Emacs.
;; GNU Emacs is free software: you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation, either version 3 of the License, or
;; (at your option) any later version.
;; GNU Emacs is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU General Public License for more details.
;; You should have received a copy of the GNU General Public License
;; along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>.
;;; Commentary:
;; Access functions for encrypted remote files. It uses encfs to
;; encrypt / decrypt the files on a remote directory. A remote
;; directory where you wish files to be encrypted must be declared in
;; `tramp-crypt-directories' via command `tramp-crypt-add-directory'.
;; All files in that directory, including all subdirectories, are
;; stored encrypted. This includes file names and directory
;; names.
;; This package is just responsible for the encryption part. Copying
;; of the encrypted files is still the responsibility of the remote
;; file name handlers.
;; A password protected encfs configuration file is created the very
;; first time you access an encrypted remote directory. It is kept in
;; your user directory (usually "~/.emacs.d/") with the url-encoded
;; directory name as part of the basename, and ".encfs6.xml" as
;; suffix. Do not lose this file and the corresponding password;
;; otherwise there is no way to decrypt your encrypted files.
;; If the user option `tramp-crypt-save-encfs-config-remote' is
;; non-nil (the default), the encfs configuration file ".encfs6.xml"
;; is also kept in the encrypted remote directory. It depends on you,
;; whether you regard the password protection of this file as
;; sufficient security.
;; If you use a remote file name with a quoted localname part, this
;; localname and the corresponding file will not be encrypted/
;; decrypted. For example, if you have an encrypted remote directory
;; "/nextcloud:user@host:/encrypted_dir", the command
;;
;; C-x d /nextcloud:user@host:/encrypted_dir
;;
;; will show the directory listing with the plain file names, and the
;; command
;;
;; C-x d /nextcloud:user@host:/:/encrypted_dir
;;
;; will show the directory with the encrypted file names, and visiting
;; a file will show its encrypted contents. However, it is highly
;; discouraged to mix encrypted and non-encrypted files in the same
;; directory.
;; To disable encryption for a particular remote directory, use the
;; command `tramp-crypt-remove-directory'.
;;; Code:
(eval-when-compile (require 'cl-lib))
(require 'tramp)
(autoload 'prop-match-beginning "text-property-search")
(autoload 'prop-match-end "text-property-search")
(autoload 'text-property-search-forward "text-property-search")
(defconst tramp-crypt-method "crypt"
"Method name for encrypted remote directories.")
(defcustom tramp-crypt-encfs-program "encfs"
"Name of the encfs program."
:group 'tramp
:version "28.1"
:type 'string
:link '(info-link :tag "Tramp manual" "(tramp) Keeping files encrypted"))
(defcustom tramp-crypt-encfsctl-program "encfsctl"
"Name of the encfsctl program."
:group 'tramp
:version "28.1"
:type 'string
:link '(info-link :tag "Tramp manual" "(tramp) Keeping files encrypted"))
(defcustom tramp-crypt-encfs-option "--standard"
"Configuration option for encfs.
This could be either \"--standard\" or \"--paranoia\". The file
name IV chaining mode mode will always be disabled when
initializing a new encrypted remote directory."
:group 'tramp
:version "28.1"
:type '(choice (const "--standard")
(const "--paranoia"))
:link '(info-link :tag "Tramp manual" "(tramp) Keeping files encrypted"))
;; We check only for encfs, assuming that encfsctl will be available
;; as well. The autoloaded value is nil, the check will run when
;; tramp-crypt.el is loaded by `tramp-crypt-add-directory'. It is a
;; common technique to let-bind this variable to nil in order to
;; suppress the file name operation of this package.
;;;###tramp-autoload
(defvar tramp-crypt-enabled nil
"Non-nil when encryption support is available.")
(setq tramp-crypt-enabled (executable-find tramp-crypt-encfs-program))
;; This function takes action, when `read-extended-command-predicate'
;; is set to `command-completion-default-include-p'.
(defun tramp-crypt-command-completion-p (symbol _buffer)
"A predicate for Tramp interactive commands.
They are completed by `M-x TAB' only when encryption support is enabled."
(and tramp-crypt-enabled
;; `tramp-crypt-remove-directory' needs to be completed only in
;; case we have already encrypted directories.
(or (not (eq symbol #'tramp-crypt-remove-directory))
tramp-crypt-directories)))
;;;###tramp-autoload
(defconst tramp-crypt-encfs-config ".encfs6.xml"
"Encfs configuration file name.")
(defcustom tramp-crypt-save-encfs-config-remote t
"Whether to keep the encfs configuration file in the encrypted remote directory."
:group 'tramp
:version "28.1"
:type 'boolean
:link '(info-link :tag "Tramp manual" "(tramp) Keeping files encrypted"))
;;;###tramp-autoload
(defvar tramp-crypt-directories nil
"List of encrypted remote directories.")
;; It must be a `defsubst' in order to push the whole code into
;; tramp-loaddefs.el. Otherwise, there would be recursive autoloading.
;;;###tramp-autoload
(defsubst tramp-crypt-file-name-p (name)
"Return the encrypted remote directory NAME belongs to.
If NAME doesn't belong to an encrypted remote directory, return nil."
(catch 'crypt-file-name-p
(and tramp-crypt-enabled (stringp name)
(not (file-name-quoted-p name))
(not (string-suffix-p tramp-crypt-encfs-config name))
;; No lock file name.
(not (string-prefix-p ".#" (file-name-nondirectory name)))
(dolist (dir tramp-crypt-directories)
(and (string-prefix-p
dir (file-name-as-directory (expand-file-name name)))
(throw 'crypt-file-name-p dir))))))
;; New handlers should be added here.
;;;###tramp-autoload
(defconst tramp-crypt-file-name-handler-alist
'((abbreviate-file-name . identity)
(access-file . tramp-crypt-handle-access-file)
(add-name-to-file . tramp-handle-add-name-to-file)
;; `byte-compiler-base-file-name' performed by default handler.
(copy-directory . tramp-handle-copy-directory)
(copy-file . tramp-crypt-handle-copy-file)
(delete-directory . tramp-crypt-handle-delete-directory)
(delete-file . tramp-crypt-handle-delete-file)
;; `diff-latest-backup-file' performed by default handler.
;; `directory-file-name' performed by default handler.
(directory-files . tramp-crypt-handle-directory-files)
(directory-files-and-attributes
. tramp-handle-directory-files-and-attributes)
(dired-compress-file . ignore)
(dired-uncache . tramp-handle-dired-uncache)
(exec-path . ignore)
;; `expand-file-name' performed by default handler.
(file-accessible-directory-p . tramp-handle-file-accessible-directory-p)
(file-acl . ignore)
(file-attributes . tramp-crypt-handle-file-attributes)
(file-directory-p . tramp-handle-file-directory-p)
(file-equal-p . tramp-handle-file-equal-p)
(file-executable-p . tramp-crypt-handle-file-executable-p)
(file-exists-p . tramp-crypt-handle-file-exists-p)
;; `file-group-gid' performed by default-handler.
(file-in-directory-p . tramp-handle-file-in-directory-p)
(file-local-copy . tramp-handle-file-local-copy)
(file-locked-p . tramp-crypt-handle-file-locked-p)
(file-modes . tramp-handle-file-modes)
(file-name-all-completions . tramp-crypt-handle-file-name-all-completions)
;; `file-name-as-directory' performed by default handler.
(file-name-case-insensitive-p . ignore)
(file-name-completion . tramp-handle-file-name-completion)
;; `file-name-directory' performed by default handler.
;; `file-name-nondirectory' performed by default handler.
;; `file-name-sans-versions' performed by default handler.
(file-newer-than-file-p . tramp-handle-file-newer-than-file-p)
(file-notify-add-watch . tramp-handle-file-notify-add-watch)
(file-notify-rm-watch . tramp-handle-file-notify-rm-watch)
(file-notify-valid-p . tramp-handle-file-notify-valid-p)
(file-ownership-preserved-p . tramp-crypt-handle-file-ownership-preserved-p)
(file-readable-p . tramp-crypt-handle-file-readable-p)
(file-regular-p . tramp-handle-file-regular-p)
;; `file-remote-p' performed by default handler.
(file-selinux-context . ignore)
(file-symlink-p . tramp-handle-file-symlink-p)
(file-system-info . tramp-crypt-handle-file-system-info)
;; `file-truename' performed by default handler.
;; `file-user-uid' performed by default-handler.
(file-writable-p . tramp-crypt-handle-file-writable-p)
(find-backup-file-name . tramp-handle-find-backup-file-name)
;; `get-file-buffer' performed by default handler.
(insert-directory . tramp-crypt-handle-insert-directory)
(insert-file-contents . tramp-handle-insert-file-contents)
(list-system-processes . ignore)
(load . tramp-handle-load)
(lock-file . tramp-crypt-handle-lock-file)
(make-auto-save-file-name . tramp-handle-make-auto-save-file-name)
(make-directory . tramp-crypt-handle-make-directory)
(make-directory-internal . ignore)
(make-lock-file-name . tramp-handle-make-lock-file-name)
(make-nearby-temp-file . tramp-handle-make-nearby-temp-file)
(make-process . ignore)
(make-symbolic-link . tramp-handle-make-symbolic-link)
(memory-info . ignore)
(process-attributes . ignore)
(process-file . ignore)
(rename-file . tramp-crypt-handle-rename-file)
(set-file-acl . ignore)
(set-file-modes . tramp-crypt-handle-set-file-modes)
(set-file-selinux-context . ignore)
(set-file-times . tramp-crypt-handle-set-file-times)
(set-visited-file-modtime . tramp-crypt-handle-set-visited-file-modtime)
(shell-command . ignore)
(start-file-process . ignore)
;; `substitute-in-file-name' performed by default handler.
(temporary-file-directory . tramp-handle-temporary-file-directory)
;; `tramp-get-home-directory' performed by default-handler.
;; `tramp-get-remote-gid' performed by default handler.
;; `tramp-get-remote-groups' performed by default handler.
;; `tramp-get-remote-uid' performed by default handler.
(tramp-set-file-uid-gid . tramp-crypt-handle-set-file-uid-gid)
(unhandled-file-name-directory . ignore)
(unlock-file . tramp-crypt-handle-unlock-file)
(vc-registered . ignore)
(verify-visited-file-modtime
. tramp-crypt-handle-verify-visited-file-modtime)
(write-region . tramp-handle-write-region))
"Alist of handler functions for crypt method.
Operations not mentioned here will be handled by the default Emacs primitives.")
(defsubst tramp-crypt-file-name-for-operation (operation &rest args)
"Like `tramp-file-name-for-operation', but for encrypted remote files."
(let ((tfnfo (apply #'tramp-file-name-for-operation operation args)))
;; `tramp-file-name-for-operation' returns already the first argument
;; if it is remote. So we check a possible second argument.
(unless (tramp-crypt-file-name-p tfnfo)
(setq tfnfo (apply
#'tramp-file-name-for-operation operation
(cons tramp-compat-temporary-file-directory (cdr args)))))
tfnfo))
(defun tramp-crypt-run-real-handler (operation args)
"Invoke normal file name handler for OPERATION.
First arg specifies the OPERATION, second arg ARGS is a list of
arguments to pass to the OPERATION."
(let* ((inhibit-file-name-handlers
`(tramp-crypt-file-name-handler
.
,(and (eq inhibit-file-name-operation operation)
inhibit-file-name-handlers)))
(inhibit-file-name-operation operation))
(apply operation args)))
;;;###tramp-autoload
(defun tramp-crypt-file-name-handler (operation &rest args)
"Invoke the encrypted remote file related OPERATION.
First arg specifies the OPERATION, second arg is a list of
arguments to pass to the OPERATION."
(if-let* ((filename
(apply #'tramp-crypt-file-name-for-operation operation args))
((tramp-crypt-file-name-p filename))
(fn (assoc operation tramp-crypt-file-name-handler-alist)))
(prog1 (save-match-data (apply (cdr fn) args))
(setq tramp-debug-message-fnh-function (cdr fn)))
(prog1 (tramp-crypt-run-real-handler operation args)
(setq tramp-debug-message-fnh-function operation))))
;;;###tramp-autoload
(progn (defun tramp-register-crypt-file-name-handler ()
"Add crypt file name handler to `file-name-handler-alist'."
(when (and tramp-crypt-enabled tramp-crypt-directories)
(add-to-list 'file-name-handler-alist
(cons tramp-file-name-regexp #'tramp-crypt-file-name-handler))
(put #'tramp-crypt-file-name-handler 'safe-magic t))))
(tramp-register-file-name-handlers)
;; Mark `operations' the handler is responsible for.
(put #'tramp-crypt-file-name-handler 'operations
(mapcar #'car tramp-crypt-file-name-handler-alist))
;; File name conversions.
(defun tramp-crypt-config-file-name (vec)
"Return the encfs config file name for VEC."
(expand-file-name
(locate-user-emacs-file
(concat "tramp-" (tramp-file-name-host vec) tramp-crypt-encfs-config))))
(defun tramp-crypt-maybe-open-connection (vec)
"Maybe open a connection VEC.
Does not do anything if a connection is already open, but re-opens the
connection if a previous connection has died for some reason."
;; For password handling, we need a process bound to the connection
;; buffer. Therefore, we create a dummy process. Maybe there is a
;; better solution?
(with-tramp-debug-message vec "Opening connection"
(unless (get-buffer-process (tramp-get-connection-buffer vec))
(let ((p (make-network-process
:name (tramp-get-connection-name vec)
:buffer (tramp-get-connection-buffer vec)
:server t :host 'local :service t :noquery t)))
(tramp-post-process-creation p vec)))
;; The following operations must be performed without
;; `tramp-crypt-file-name-handler'.
(let* (tramp-crypt-enabled
;; Don't check for a proper method.
(non-essential t)
(remote-config
(expand-file-name
tramp-crypt-encfs-config (tramp-crypt-get-remote-dir vec)))
(local-config (tramp-crypt-config-file-name vec)))
;; There is no local encfs6 config file.
(unless (file-exists-p local-config)
(if (and tramp-crypt-save-encfs-config-remote
(file-exists-p remote-config))
;; Copy remote encfs6 config file if possible.
(copy-file remote-config local-config 'ok 'keep)
;; Create local encfs6 config file otherwise.
(let* ((default-directory tramp-compat-temporary-file-directory)
(tmpdir1 (file-name-as-directory
(tramp-compat-make-temp-file " .crypt" 'dir-flag)))
(tmpdir2 (file-name-as-directory
(tramp-compat-make-temp-file " .nocrypt" 'dir-flag))))
;; Enable `auth-source', unless "emacs -Q" has been called.
(tramp-set-connection-property
vec " first-password-request" tramp-cache-read-persistent-data)
(with-temp-buffer
(insert
(tramp-read-passwd
(tramp-get-connection-process vec)
(format
"New EncFS Password for %s " (tramp-crypt-get-remote-dir vec))))
(when
(zerop
(tramp-call-process-region
vec (point-min) (point-max)
tramp-crypt-encfs-program nil
(tramp-get-connection-buffer vec) nil
tramp-crypt-encfs-option "--extpass=cat" tmpdir1 tmpdir2))
;; Save the password.
(ignore-errors
(and (functionp tramp-password-save-function)
(funcall tramp-password-save-function)))))
;; Write local config file. Suppress file name IV chaining mode.
(with-temp-file local-config
(insert-file-contents
(expand-file-name tramp-crypt-encfs-config tmpdir1))
(when (search-forward
"<chainedNameIV>1</chainedNameIV>" nil 'noerror)
(replace-match "<chainedNameIV>0</chainedNameIV>")))
;; Unmount encfs. Delete temporary directories.
(tramp-call-process
vec tramp-crypt-encfs-program nil nil nil
"--unmount" tmpdir1 tmpdir2)
(delete-directory tmpdir1 'recursive)
(delete-directory tmpdir2)
;; Copy local encfs6 config file to remote.
(when tramp-crypt-save-encfs-config-remote
(copy-file local-config remote-config 'ok 'keep))))))))
(defun tramp-crypt-send-command (vec &rest args)
"Send encfsctl command to connection VEC.
ARGS are the arguments. It returns t if ran successful, and nil otherwise."
(tramp-crypt-maybe-open-connection vec)
(with-current-buffer (tramp-get-connection-buffer vec)
(erase-buffer)
(set-buffer-multibyte nil))
(with-temp-buffer
(let* (;; Don't check for a proper method.
(non-essential t)
(default-directory tramp-compat-temporary-file-directory)
;; We cannot add it to `process-environment', because
;; `tramp-call-process-region' doesn't use it.
(encfs-config
(format "ENCFS6_CONFIG=%s" (tramp-crypt-config-file-name vec)))
(args (delq nil args)))
;; Enable `auth-source', unless "emacs -Q" has been called.
(tramp-set-connection-property
vec " first-password-request" tramp-cache-read-persistent-data)
(insert
(tramp-read-passwd
(tramp-get-connection-process vec)
(format "EncFS Password for %s " (tramp-crypt-get-remote-dir vec))))
(when (zerop
(apply
#'tramp-call-process-region vec (point-min) (point-max)
"env" nil (tramp-get-connection-buffer vec)
nil encfs-config tramp-crypt-encfsctl-program
(car args) "--extpass=cat" (cdr args)))
;; Save the password.
(ignore-errors
(and (functionp tramp-password-save-function)
(funcall tramp-password-save-function)))
t))))
(defun tramp-crypt-do-encrypt-or-decrypt-file-name (op name)
"Return encrypted / decrypted NAME if NAME belongs to an encrypted directory.
OP must be `encrypt' or `decrypt'. Raise an error if this fails.
Otherwise, return NAME."
(if-let* ((tramp-crypt-enabled t)
(dir (tramp-crypt-file-name-p name))
;; It must be absolute for the cache.
(localname (substring name (1- (length dir))))
(crypt-vec (tramp-crypt-dissect-file-name dir)))
;; Preserve trailing "/".
(funcall
(if (directory-name-p name) #'file-name-as-directory #'identity)
(concat
dir
(unless (string-match-p (rx bos (? "/") eos) localname)
(with-tramp-file-property
crypt-vec localname (concat (symbol-name op) "-file-name")
(unless (tramp-crypt-send-command
crypt-vec (if (eq op 'encrypt) "encode" "decode")
tramp-compat-temporary-file-directory localname)
(tramp-error
crypt-vec 'file-error "%s of file name %s failed"
(if (eq op 'encrypt) "Encoding" "Decoding") name))
(with-current-buffer (tramp-get-connection-buffer crypt-vec)
(goto-char (point-min))
(buffer-substring (point-min) (line-end-position)))))))
;; Nothing to do.
name))
(defsubst tramp-crypt-encrypt-file-name (name)
"Return encrypted NAME if NAME belongs to an encrypted directory.
Otherwise, return NAME."
(tramp-crypt-do-encrypt-or-decrypt-file-name 'encrypt name))
(defsubst tramp-crypt-decrypt-file-name (name)
"Return decrypted NAME if NAME belongs to an encrypted directory.
Otherwise, return NAME."
(tramp-crypt-do-encrypt-or-decrypt-file-name 'decrypt name))
(defun tramp-crypt-do-encrypt-or-decrypt-file (op root infile outfile)
"Encrypt / decrypt file INFILE to OUTFILE according to encrypted directory ROOT.
Both files must be local files. OP must be `encrypt' or `decrypt'.
If OP is `decrypt', the basename of INFILE must be an encrypted file name.
Raise an error if this fails."
(when-let* ((tramp-crypt-enabled t)
(dir (tramp-crypt-file-name-p root))
(crypt-vec (tramp-crypt-dissect-file-name dir)))
(let ((coding-system-for-read
(if (eq op 'decrypt) 'binary coding-system-for-read))
(coding-system-for-write
(if (eq op 'encrypt) 'binary coding-system-for-write)))
(unless (tramp-crypt-send-command
crypt-vec "cat" (and (eq op 'encrypt) "--reverse")
(file-name-directory infile)
(concat "/" (file-name-nondirectory infile)))
(tramp-error
crypt-vec 'file-error "%s of file %s failed"
(if (eq op 'encrypt) "Encrypting" "Decrypting") infile))
(with-current-buffer (tramp-get-connection-buffer crypt-vec)
(write-region nil nil outfile)))))
(defsubst tramp-crypt-encrypt-file (root infile outfile)
"Encrypt file INFILE to OUTFILE according to encrypted directory ROOT.
See `tramp-crypt-do-encrypt-or-decrypt-file'."
(tramp-crypt-do-encrypt-or-decrypt-file 'encrypt root infile outfile))
(defsubst tramp-crypt-decrypt-file (root infile outfile)
"Decrypt file INFILE to OUTFILE according to encrypted directory ROOT.
See `tramp-crypt-do-encrypt-or-decrypt-file'."
(tramp-crypt-do-encrypt-or-decrypt-file 'decrypt root infile outfile))
;;;###tramp-autoload
(defun tramp-crypt-add-directory (name)
"Mark expanded remote directory NAME for encryption.
Files in that directory and all subdirectories will be encrypted
before copying to, and decrypted after copying from that
directory. File names will be also encrypted."
;; (declare (completion tramp-crypt-command-completion-p))
(interactive "DRemote directory name: ")
(unless tramp-crypt-enabled
(tramp-user-error nil "Feature is not enabled"))
(unless (and (tramp-tramp-file-p name) (file-directory-p name))
(tramp-user-error nil "%s must be an existing remote directory" name))
(when (file-name-quoted-p name)
(tramp-user-error nil "%s must not be quoted" name))
(setq name (file-name-as-directory (expand-file-name name)))
(unless (member name tramp-crypt-directories)
(setq tramp-crypt-directories (cons name tramp-crypt-directories)))
(tramp-register-file-name-handlers))
;; `tramp-crypt-command-completion-p' is not autoloaded, and this
;; setting isn't either.
(function-put
#'tramp-crypt-add-directory 'completion-predicate
#'tramp-crypt-command-completion-p)
(defun tramp-crypt-remove-directory (name)
"Unmark expanded remote directory NAME for encryption.
Existing files in that directory and its subdirectories will be
kept in their encrypted form."
(declare (completion tramp-crypt-command-completion-p))
(interactive "DRemote directory name: ")
(unless tramp-crypt-enabled
(tramp-user-error nil "Feature is not enabled"))
(setq name (file-name-as-directory (expand-file-name name)))
(when (and (member name tramp-crypt-directories)
(delete
tramp-crypt-encfs-config
(directory-files name nil directory-files-no-dot-files-regexp))
(yes-or-no-p
"There exist encrypted files, do you want to continue?"))
(setq tramp-crypt-directories (delete name tramp-crypt-directories))
(tramp-register-file-name-handlers)))
;; `auth-source' requires a user.
(defun tramp-crypt-dissect-file-name (name)
"Return a `tramp-file-name' structure for NAME.
The structure consists of the `tramp-crypt-method' method, the
local user name, the hexlified directory NAME as host, and the
localname."
(save-match-data
(if-let* ((dir (tramp-crypt-file-name-p name)))
(make-tramp-file-name
:method tramp-crypt-method :user (user-login-name)
:host (url-hexify-string dir))
(tramp-user-error nil "Not an encrypted remote directory: \"%s\"" name))))
(defun tramp-crypt-get-remote-dir (vec)
"Return the name of the encrypted remote directory to be used for encfs."
(url-unhex-string (tramp-file-name-host vec)))
;; File name primitives.
(defun tramp-crypt-handle-access-file (filename string)
"Like `access-file' for Tramp files."
(let* ((encrypt-filename (tramp-crypt-encrypt-file-name filename))
(encrypt-regexp (rx (literal encrypt-filename) eos))
tramp-crypt-enabled)
(condition-case err
(access-file encrypt-filename string)
(error
(when (and (eq (car err) 'file-missing) (stringp (cadr err))
(string-match-p encrypt-regexp (cadr err)))
(setcar
(cdr err)
(replace-regexp-in-string encrypt-regexp filename (cadr err))))
(signal (car err) (cdr err))))))
(defun tramp-crypt-do-copy-or-rename-file
(op filename newname &optional ok-if-already-exists keep-date
preserve-uid-gid preserve-extended-attributes)
"Copy or rename a remote file.
OP must be `copy' or `rename' and indicates the operation to perform.
FILENAME specifies the file to copy or rename, NEWNAME is the name of
the new file (for copy) or the new name of the file (for rename).
OK-IF-ALREADY-EXISTS means don't barf if NEWNAME exists already.
KEEP-DATE means to make sure that NEWNAME has the same timestamp
as FILENAME. PRESERVE-UID-GID, when non-nil, instructs to keep
the uid and gid if both files are on the same host.
PRESERVE-EXTENDED-ATTRIBUTES is ignored.
This function is invoked by `tramp-crypt-handle-copy-file' and
`tramp-crypt-handle-rename-file'. It is an error if OP is
neither of `copy' and `rename'. FILENAME and NEWNAME must be
absolute file names."
;; FILENAME and NEWNAME are already expanded.
(unless (memq op '(copy rename))
(error "Unknown operation `%s', must be `copy' or `rename'" op))
(setq filename (file-truename filename))
(let ((t1 (tramp-crypt-file-name-p filename))
(t2 (tramp-crypt-file-name-p newname))
(encrypt-filename (tramp-crypt-encrypt-file-name filename))
(encrypt-newname (tramp-crypt-encrypt-file-name newname))
(msg-operation (if (eq op 'copy) "Copying" "Renaming")))
(if (file-directory-p filename)
(progn
(copy-directory filename newname keep-date t)
(when (eq op 'rename)
(delete-directory filename 'recursive)))
(with-parsed-tramp-file-name (if t1 filename newname) nil
(tramp-barf-if-file-missing v filename
(when (and (not ok-if-already-exists) (file-exists-p newname))
(tramp-error v 'file-already-exists newname))
(when (and (file-directory-p newname)
(not (directory-name-p newname)))
(tramp-error v 'file-error "File is a directory %s" newname))
(with-tramp-progress-reporter
v 0 (format "%s %s to %s" msg-operation filename newname)
(if (and t1 t2 (string-equal t1 t2))
;; Both files are on the same encrypted remote directory.
(let (tramp-crypt-enabled)
(if (eq op 'copy)
(copy-file
encrypt-filename encrypt-newname ok-if-already-exists
keep-date preserve-uid-gid preserve-extended-attributes)
(rename-file
encrypt-filename encrypt-newname ok-if-already-exists)))
(let* ((tmpdir (tramp-compat-make-temp-file filename 'dir))
(tmpfile1
(expand-file-name
(file-name-nondirectory encrypt-filename) tmpdir))
(tmpfile2
(expand-file-name
(file-name-nondirectory encrypt-newname) tmpdir))
tramp-crypt-enabled)
(cond
;; Source and target file are on an encrypted remote directory.
((and t1 t2)
(if (eq op 'copy)
(copy-file
encrypt-filename encrypt-newname ok-if-already-exists
keep-date preserve-uid-gid preserve-extended-attributes)
(rename-file
encrypt-filename encrypt-newname ok-if-already-exists)))
;; Source file is on an encrypted remote directory.
(t1
(if (eq op 'copy)
(copy-file
encrypt-filename tmpfile1 t keep-date preserve-uid-gid
preserve-extended-attributes)
(rename-file encrypt-filename tmpfile1 t))
(tramp-crypt-decrypt-file t1 tmpfile1 tmpfile2)
(rename-file tmpfile2 newname ok-if-already-exists))
;; Target file is on an encrypted remote directory.
(t2
(if (eq op 'copy)
(copy-file
filename tmpfile1 t keep-date preserve-uid-gid
preserve-extended-attributes)
(rename-file filename tmpfile1 t))
(tramp-crypt-encrypt-file t2 tmpfile1 tmpfile2)
(rename-file tmpfile2 encrypt-newname ok-if-already-exists)))
(delete-directory tmpdir 'recursive)))))))
(when (and t1 (eq op 'rename))
(with-parsed-tramp-file-name filename v1
(tramp-flush-file-properties v1 v1-localname)))
(when t2
(with-parsed-tramp-file-name newname v2
(tramp-flush-file-properties v2 v2-localname)))))
(defun tramp-crypt-handle-copy-file
(filename newname &optional ok-if-already-exists keep-date
preserve-uid-gid preserve-extended-attributes)
"Like `copy-file' for Tramp files."
(setq filename (expand-file-name filename)
newname (expand-file-name newname))
;; At least one file a Tramp file?
(if (or (tramp-tramp-file-p filename)
(tramp-tramp-file-p newname))
(tramp-crypt-do-copy-or-rename-file
'copy filename newname ok-if-already-exists keep-date
preserve-uid-gid preserve-extended-attributes)
(tramp-run-real-handler
#'copy-file
(list filename newname ok-if-already-exists keep-date
preserve-uid-gid preserve-extended-attributes))))
;; Encrypted files won't be trashed.
(defun tramp-crypt-handle-delete-directory
(directory &optional recursive _trash)
"Like `delete-directory' for Tramp files."
(with-parsed-tramp-file-name (expand-file-name directory) nil
(let (tramp-crypt-enabled)
(delete-directory (tramp-crypt-encrypt-file-name directory) recursive))
(tramp-flush-directory-properties v localname)))
;; Encrypted files won't be trashed.
(defun tramp-crypt-handle-delete-file (filename &optional _trash)
"Like `delete-file' for Tramp files."
(with-parsed-tramp-file-name (expand-file-name filename) nil
(let (tramp-crypt-enabled)
(delete-file (tramp-crypt-encrypt-file-name filename)))
(tramp-flush-file-properties v localname)))
(defun tramp-crypt-handle-directory-files
(directory &optional full match nosort count)
"Like `directory-files' for Tramp files."
(tramp-skeleton-directory-files directory full match nosort count
(let (tramp-crypt-enabled)
(mapcar
(lambda (x)
(replace-regexp-in-string
(rx bos (literal directory)) "" (tramp-crypt-decrypt-file-name x)))
(directory-files (tramp-crypt-encrypt-file-name directory) 'full)))))
(defun tramp-crypt-handle-file-attributes (filename &optional id-format)
"Like `file-attributes' for Tramp files."
(let (tramp-crypt-enabled)
(file-attributes (tramp-crypt-encrypt-file-name filename) id-format)))
(defun tramp-crypt-handle-file-executable-p (filename)
"Like `file-executable-p' for Tramp files."
(let (tramp-crypt-enabled)
(file-executable-p (tramp-crypt-encrypt-file-name filename))))
(defun tramp-crypt-handle-file-exists-p (filename)
"Like `file-exists-p' for Tramp files."
(let (tramp-crypt-enabled)
(file-exists-p (tramp-crypt-encrypt-file-name filename))))
(defun tramp-crypt-handle-file-locked-p (filename)
"Like `file-locked-p' for Tramp files."
(let (tramp-crypt-enabled)
(file-locked-p (tramp-crypt-encrypt-file-name filename))))
(defun tramp-crypt-handle-file-name-all-completions (filename directory)
"Like `file-name-all-completions' for Tramp files."
(tramp-skeleton-file-name-all-completions filename directory
(all-completions
filename
(let* (completion-regexp-list
tramp-crypt-enabled
(directory (file-name-as-directory directory))
(enc-dir (tramp-crypt-encrypt-file-name directory)))
(mapcar
(lambda (x)
(substring
(tramp-crypt-decrypt-file-name (concat enc-dir x))
(length directory)))
(file-name-all-completions "" enc-dir))))))
(defun tramp-crypt-handle-file-readable-p (filename)
"Like `file-readable-p' for Tramp files."
(let (tramp-crypt-enabled)
(file-readable-p (tramp-crypt-encrypt-file-name filename))))
(defun tramp-crypt-handle-file-ownership-preserved-p (filename &optional group)
"Like `file-ownership-preserved-p' for Tramp files."
(let (tramp-crypt-enabled)
(file-ownership-preserved-p (tramp-crypt-encrypt-file-name filename) group)))
(defun tramp-crypt-handle-file-system-info (filename)
"Like `file-system-info' for Tramp files."
(let (tramp-crypt-enabled)
(file-system-info (tramp-crypt-encrypt-file-name filename))))
(defun tramp-crypt-handle-file-writable-p (filename)
"Like `file-writable-p' for Tramp files."
(let (tramp-crypt-enabled)
(file-writable-p (tramp-crypt-encrypt-file-name filename))))
(defun tramp-crypt-handle-insert-directory
(filename switches &optional wildcard full-directory-p)
"Like `insert-directory' for Tramp files.
WILDCARD is not supported."
(require 'text-property-search)
(let (tramp-crypt-enabled)
(tramp-handle-insert-directory
(tramp-crypt-encrypt-file-name filename)
switches wildcard full-directory-p)
(let* ((filename (file-name-as-directory filename))
(enc (tramp-crypt-encrypt-file-name filename))
match string)
(goto-char (point-min))
(while (setq match (text-property-search-forward 'dired-filename t t))
(setq string
(buffer-substring
(prop-match-beginning match) (prop-match-end match))
string (if (file-name-absolute-p string)
(tramp-crypt-decrypt-file-name string)
(substring
(tramp-crypt-decrypt-file-name (concat enc string))
(length filename))))
(delete-region (prop-match-beginning match) (prop-match-end match))
(insert (propertize string 'dired-filename t))))))
(defun tramp-crypt-handle-lock-file (filename)
"Like `lock-file' for Tramp files."
;; `tramp-handle-lock-file' calls `verify-visited-file-modtime', so
;; we must care `buffer-file-name'.
(let (tramp-crypt-enabled
(buffer-file-name (tramp-crypt-encrypt-file-name (buffer-file-name))))
(lock-file (tramp-crypt-encrypt-file-name filename))))
(defun tramp-crypt-handle-make-directory (dir &optional parents)
"Like `make-directory' for Tramp files."
(tramp-skeleton-make-directory dir parents
(let (tramp-crypt-enabled)
(make-directory (tramp-crypt-encrypt-file-name dir) parents))))
(defun tramp-crypt-handle-rename-file
(filename newname &optional ok-if-already-exists)
"Like `rename-file' for Tramp files."
(setq filename (expand-file-name filename)
newname (expand-file-name newname))
;; At least one file a Tramp file?
(if (or (tramp-tramp-file-p filename)
(tramp-tramp-file-p newname))
(tramp-crypt-do-copy-or-rename-file
'rename filename newname ok-if-already-exists
'keep-date 'preserve-uid-gid)
(tramp-run-real-handler
#'rename-file (list filename newname ok-if-already-exists))))
(defun tramp-crypt-handle-set-file-modes (filename mode &optional flag)
"Like `set-file-modes' for Tramp files."
(tramp-skeleton-set-file-modes-times-uid-gid filename
(let (tramp-crypt-enabled)
(set-file-modes (tramp-crypt-encrypt-file-name filename) mode flag))))
(defun tramp-crypt-handle-set-file-times (filename &optional time flag)
"Like `set-file-times' for Tramp files."
(tramp-skeleton-set-file-modes-times-uid-gid filename
(let (tramp-crypt-enabled)
(set-file-times (tramp-crypt-encrypt-file-name filename) time flag))))
(defun tramp-crypt-handle-set-file-uid-gid (filename &optional uid gid)
"Like `tramp-set-file-uid-gid' for Tramp files."
(tramp-skeleton-set-file-modes-times-uid-gid filename
(let (tramp-crypt-enabled)
(tramp-set-file-uid-gid
(tramp-crypt-encrypt-file-name filename) uid gid))))
(defun tramp-crypt-handle-set-visited-file-modtime (&optional time-list)
"Like `set-visited-file-modtime' for Tramp files."
(unless (buffer-file-name)
(error "Can't set-visited-file-modtime: buffer `%s' not visiting a file"
(buffer-name)))
(let (tramp-crypt-enabled
(buffer-file-name (tramp-crypt-encrypt-file-name (buffer-file-name))))
(set-visited-file-modtime time-list)))
(defun tramp-crypt-handle-unlock-file (filename)
"Like `unlock-file' for Tramp files."
(let (tramp-crypt-enabled)
(unlock-file (tramp-crypt-encrypt-file-name filename))))
(defun tramp-crypt-handle-verify-visited-file-modtime (&optional buf)
"Like `verify-visited-file-modtime' for Tramp files."
(with-current-buffer (or buf (current-buffer))
(let (tramp-crypt-enabled
(buffer-file-name
(tramp-crypt-encrypt-file-name (buffer-file-name buf))))
(verify-visited-file-modtime buf))))
(defun tramp-crypt-cleanup-connection (vec)
"Cleanup crypt resources determined by VEC."
(let ((tramp-cleanup-connection-hook
(remove
#'tramp-crypt-cleanup-connection tramp-cleanup-connection-hook))
(tramp-crypt-enabled t))
(dolist (dir tramp-crypt-directories)
(when (tramp-file-name-equal-p vec (tramp-dissect-file-name dir))
(tramp-cleanup-connection (tramp-crypt-dissect-file-name dir))))))
;; Add cleanup hooks.
(add-hook 'tramp-cleanup-connection-hook #'tramp-crypt-cleanup-connection)
(add-hook 'tramp-crypt-unload-hook
(lambda ()
(remove-hook 'tramp-cleanup-connection-hook
#'tramp-crypt-cleanup-connection)))
(with-eval-after-load 'bookmark
(add-hook 'bookmark-inhibit-context-functions
#'tramp-crypt-file-name-p)
(add-hook 'tramp-crypt-unload-hook
(lambda ()
(remove-hook 'bookmark-inhibit-context-functions
#'tramp-crypt-file-name-p))))
(add-hook 'tramp-unload-hook
(lambda ()
(unload-feature 'tramp-crypt 'force)))
(provide 'tramp-crypt)
;;; TODO:
;; * I suggest having a feature where the user can specify to always
;; use encryption for certain host names. So if you specify a host
;; name which is on that list (of names, or perhaps regexps?), tramp
;; would modify the request so as to do the encryption. (Richard Stallman)
;;; tramp-crypt.el ends here