From 679b14a4d848e152a721f59bb5379186ed654760 Mon Sep 17 00:00:00 2001 From: Sebastian Messmer Date: Wed, 23 Aug 2017 09:56:03 +0100 Subject: [PATCH] * Allow mounting using system mount tool and /etc/fstab (e.g. mount -t fuse.cryfs basedir mountdir) * Pass fuse options directly to cryfs (i.e. 'cryfs basedir mountdir -o allow_other' instead of 'cryfs basedir mountdir -- -o allow_other') --- ChangeLog.txt | 4 +++- src/cryfs-cli/program_options/Parser.cpp | 24 +++++++++++++++---- src/cryfs/filesystem/CryNode.cpp | 3 +++ src/cryfs/filesystem/CryOpenFile.cpp | 2 +- test/cryfs-cli/program_options/ParserTest.cpp | 20 ++++++++++++++++ 5 files changed, 47 insertions(+), 6 deletions(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index ec66c342..0bbb0fc9 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -2,10 +2,12 @@ Version 0.10.0 (unreleased) --------------- New Features: * Integrity checks ensure you notice when someone modifies your file system. -* File system nodes (files, directories, symlinks) store a parent pointer to the directory that contains them. This information can be used to resolve synchronization conflicts. +* File system nodes (files, directories, symlinks) store a parent pointer to the directory that contains them. This information can be used in later versions to resolve some synchronization conflicts. +* Allow mounting using system mount tool and /etc/fstab (e.g. mount -t fuse.cryfs basedir mountdir) Improvements: * Performance improvements +* Pass fuse options directly to cryfs (i.e. 'cryfs basedir mountdir -o allow_other' instead of 'cryfs basedir mountdir -- -o allow_other') Version 0.9.8 (unreleased) -------------- diff --git a/src/cryfs-cli/program_options/Parser.cpp b/src/cryfs-cli/program_options/Parser.cpp index fc0c4c36..0fcf652a 100644 --- a/src/cryfs-cli/program_options/Parser.cpp +++ b/src/cryfs-cli/program_options/Parser.cpp @@ -16,6 +16,7 @@ using std::endl; using std::string; using boost::optional; using boost::none; +using namespace cpputils::logging; Parser::Parser(int argc, const char *argv[]) :_options(_argsToVector(argc, argv)) { @@ -30,8 +31,15 @@ vector Parser::_argsToVector(int argc, const char *argv[]) { } ProgramOptions Parser::parse(const vector &supportedCiphers) const { - pair, vector> options = splitAtDoubleDash(_options); - po::variables_map vm = _parseOptionsOrShowHelp(options.first, supportedCiphers); + vector cryfsOptions; + vector fuseOptions; + std::tie(cryfsOptions, fuseOptions) = splitAtDoubleDash(_options); + + if (fuseOptions.size() != 0) { + LOG(WARN, "Passing fuse mount options after a double dash '--' is deprecated. Please pass them directly (e.g. 'cryfs basedir mountdir -o allow_other'"); + } + + po::variables_map vm = _parseOptionsOrShowHelp(cryfsOptions, supportedCiphers); if (!vm.count("base-dir")) { std::cerr << "Please specify a base directory.\n"; @@ -49,7 +57,7 @@ ProgramOptions Parser::parse(const vector &supportedCiphers) const { } bool foreground = vm.count("foreground"); if (foreground) { - options.second.push_back(const_cast("-f")); + fuseOptions.push_back(const_cast("-f")); } optional unmountAfterIdleMinutes = none; if (vm.count("unmount-idle")) { @@ -72,8 +80,15 @@ ProgramOptions Parser::parse(const vector &supportedCiphers) const { if (vm.count("missing-block-is-integrity-violation")) { missingBlockIsIntegrityViolation = vm["missing-block-is-integrity-violation"].as(); } + if (vm.count("fuse-option")) { + auto options = vm["fuse-option"].as>(); + for (const auto& option: options) { + fuseOptions.push_back("-o"); + fuseOptions.push_back(option); + } + } - return ProgramOptions(baseDir, mountDir, configfile, foreground, unmountAfterIdleMinutes, logfile, cipher, blocksizeBytes, missingBlockIsIntegrityViolation, options.second); + return ProgramOptions(baseDir, mountDir, configfile, foreground, unmountAfterIdleMinutes, logfile, cipher, blocksizeBytes, missingBlockIsIntegrityViolation, fuseOptions); } void Parser::_checkValidCipher(const string &cipher, const vector &supportedCiphers) { @@ -132,6 +147,7 @@ void Parser::_addAllowedOptions(po::options_description *desc) { ("help,h", "show help message") ("config,c", po::value(), "Configuration file") ("foreground,f", "Run CryFS in foreground.") + ("fuse-option,o", po::value>(), "Add a fuse mount option. Example: atime or noatime.") ("cipher", po::value(), cipher_description.c_str()) ("blocksize", po::value(), blocksize_description.c_str()) ("missing-block-is-integrity-violation", po::value(), "Whether to treat a missing block as an integrity violation. This makes sure you notice if an attacker deleted some of your files, but only works in single-client mode. You will not be able to use the file system on other devices.") diff --git a/src/cryfs/filesystem/CryNode.cpp b/src/cryfs/filesystem/CryNode.cpp index c1b2454e..05b6044f 100644 --- a/src/cryfs/filesystem/CryNode.cpp +++ b/src/cryfs/filesystem/CryNode.cpp @@ -9,6 +9,7 @@ #include #include #include +#include namespace bf = boost::filesystem; @@ -21,6 +22,7 @@ using boost::none; using std::shared_ptr; using cryfs::parallelaccessfsblobstore::FsBlobRef; using cryfs::parallelaccessfsblobstore::DirBlobRef; +using namespace cpputils::logging; //TODO Get rid of this in favor of an exception hierarchy using fspp::fuse::CHECK_RETVAL; @@ -121,6 +123,7 @@ void CryNode::_updateTargetDirModificationTimestamp(const DirBlobRef &targetDir, } void CryNode::utimens(timespec lastAccessTime, timespec lastModificationTime) { +// LOG(WARN, "---utimens called---"); device()->callFsActionCallbacks(); if (_parent == none) { //We are the root direcory. diff --git a/src/cryfs/filesystem/CryOpenFile.cpp b/src/cryfs/filesystem/CryOpenFile.cpp index 2376ccf9..e0b7483d 100644 --- a/src/cryfs/filesystem/CryOpenFile.cpp +++ b/src/cryfs/filesystem/CryOpenFile.cpp @@ -47,7 +47,7 @@ void CryOpenFile::truncate(off_t size) const { size_t CryOpenFile::read(void *buf, size_t count, off_t offset) const { _device->callFsActionCallbacks(); - _parent->updateAccessTimestampForChild(_fileBlob->key()); + //_parent->updateAccessTimestampForChild(_fileBlob->key()); return _fileBlob->read(buf, offset, count); } diff --git a/test/cryfs-cli/program_options/ParserTest.cpp b/test/cryfs-cli/program_options/ParserTest.cpp index 63d0d8c6..c345fc7c 100644 --- a/test/cryfs-cli/program_options/ParserTest.cpp +++ b/test/cryfs-cli/program_options/ParserTest.cpp @@ -181,3 +181,23 @@ TEST_F(ProgramOptionsParserTest, FuseOptionNotGiven) { EXPECT_EQ("/home/user/mountDir", options.mountDir()); EXPECT_VECTOR_EQ({}, options.fuseOptions()); } + +TEST_F(ProgramOptionsParserTest, DirectFuseOptionsGiven_AfterPositionalOptions) { + ProgramOptions options = parse({"./myExecutable", "/home/user/baseDir", "/home/user/mountDir", "-o", "my_opt"}); + EXPECT_VECTOR_EQ({"-o", "my_opt"}, options.fuseOptions()); +} + +TEST_F(ProgramOptionsParserTest, DirectFuseOptionsGiven_BeforePositionalOptions) { + ProgramOptions options = parse({"./myExecutable", "-o", "my_opt", "/home/user/baseDir", "/home/user/mountDir"}); + EXPECT_VECTOR_EQ({"-o", "my_opt"}, options.fuseOptions()); +} + +TEST_F(ProgramOptionsParserTest, DirectFuseOptionsGiven_BeforeAndAfterPositionalOptions) { + ProgramOptions options = parse({"./myExecutable", "-o", "first", "-o", "second", "/home/user/baseDir", "-o", "third", "-o", "fourth", "/home/user/mountDir", "-o", "fifth", "-o", "sixth"}); + EXPECT_VECTOR_EQ({"-o", "first", "-o", "second", "-o", "third", "-o", "fourth", "-o", "fifth", "-o", "sixth"}, options.fuseOptions()); +} + +TEST_F(ProgramOptionsParserTest, DirectAndIndirectFuseOptionsGiven) { + ProgramOptions options = parse({"./myExecutable", "/home/user/baseDir", "/home/user/mountDir", "-o", "my_opt", "--", "-o", "other_opt"}); + EXPECT_VECTOR_EQ({"-o", "other_opt", "-o", "my_opt"}, options.fuseOptions()); +}