2016-07-06 21:51:25 +02:00
|
|
|
// Package fusefrontend interfaces directly with the go-fuse library.
|
2016-02-06 19:27:59 +01:00
|
|
|
package fusefrontend
|
2015-09-08 00:54:24 +02:00
|
|
|
|
2015-12-19 13:21:15 +01:00
|
|
|
// FUSE operations on paths
|
|
|
|
|
2015-09-08 00:54:24 +02:00
|
|
|
import (
|
|
|
|
"os"
|
2016-04-10 19:32:10 +02:00
|
|
|
"path/filepath"
|
2015-11-27 22:20:01 +01:00
|
|
|
"sync"
|
|
|
|
"syscall"
|
2015-09-08 00:54:24 +02:00
|
|
|
"time"
|
|
|
|
|
2017-11-26 21:59:24 +01:00
|
|
|
"golang.org/x/sys/unix"
|
|
|
|
|
2015-09-08 00:54:24 +02:00
|
|
|
"github.com/hanwen/go-fuse/fuse"
|
|
|
|
"github.com/hanwen/go-fuse/fuse/nodefs"
|
|
|
|
"github.com/hanwen/go-fuse/fuse/pathfs"
|
2016-02-06 19:20:54 +01:00
|
|
|
|
2016-02-06 20:23:36 +01:00
|
|
|
"github.com/rfjakob/gocryptfs/internal/contentenc"
|
2016-02-06 19:20:54 +01:00
|
|
|
"github.com/rfjakob/gocryptfs/internal/nametransform"
|
2017-03-18 16:01:50 +01:00
|
|
|
"github.com/rfjakob/gocryptfs/internal/serialize_reads"
|
2016-07-03 20:05:32 +02:00
|
|
|
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
|
2016-06-15 23:30:44 +02:00
|
|
|
"github.com/rfjakob/gocryptfs/internal/tlog"
|
2015-09-08 00:54:24 +02:00
|
|
|
)
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// FS implements the go-fuse virtual filesystem interface.
|
2015-09-08 00:54:24 +02:00
|
|
|
type FS struct {
|
2015-11-29 21:55:20 +01:00
|
|
|
pathfs.FileSystem // loopbackFileSystem, see go-fuse/fuse/pathfs/loopback.go
|
|
|
|
args Args // Stores configuration arguments
|
2015-11-27 21:48:58 +01:00
|
|
|
// dirIVLock: Lock()ed if any "gocryptfs.diriv" file is modified
|
|
|
|
// Readers must RLock() it to prevent them from seeing intermediate
|
|
|
|
// states
|
|
|
|
dirIVLock sync.RWMutex
|
2016-02-06 19:20:54 +01:00
|
|
|
// Filename encryption helper
|
|
|
|
nameTransform *nametransform.NameTransform
|
|
|
|
// Content encryption helper
|
|
|
|
contentEnc *contentenc.ContentEnc
|
2017-07-11 23:19:58 +02:00
|
|
|
// This lock is used by openWriteOnlyFile() to block concurrent opens while
|
|
|
|
// it relaxes the permissions on a file.
|
|
|
|
openWriteOnlyLock sync.RWMutex
|
2018-07-01 15:48:53 +02:00
|
|
|
// MitigatedCorruptions is used to report data corruption that is internally
|
|
|
|
// mitigated by ignoring the corrupt item. For example, when OpenDir() finds
|
|
|
|
// a corrupt filename, we still return the other valid filenames.
|
|
|
|
// The corruption is logged to syslog to inform the user, and in addition,
|
|
|
|
// the corrupt filename is logged to this channel via
|
|
|
|
// reportMitigatedCorruption().
|
|
|
|
// "gocryptfs -fsck" reads from the channel to also catch these transparently-
|
|
|
|
// mitigated corruptions.
|
|
|
|
MitigatedCorruptions chan string
|
2015-09-08 00:54:24 +02:00
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
var _ pathfs.FileSystem = &FS{} // Verify that interface is implemented.
|
|
|
|
|
|
|
|
// NewFS returns a new encrypted FUSE overlay filesystem.
|
2018-02-17 16:26:35 +01:00
|
|
|
func NewFS(args Args, c *contentenc.ContentEnc, n *nametransform.NameTransform) *FS {
|
2017-03-18 16:01:50 +01:00
|
|
|
if args.SerializeReads {
|
2017-04-29 14:50:58 +02:00
|
|
|
serialize_reads.InitSerializer()
|
2017-03-18 16:01:50 +01:00
|
|
|
}
|
2018-08-11 23:26:49 +02:00
|
|
|
if len(args.Exclude) > 0 {
|
|
|
|
tlog.Warn.Printf("Forward mode does not support -exclude")
|
|
|
|
}
|
2015-09-08 00:54:24 +02:00
|
|
|
return &FS{
|
2016-02-06 20:23:36 +01:00
|
|
|
FileSystem: pathfs.NewLoopbackFileSystem(args.Cipherdir),
|
|
|
|
args: args,
|
2018-02-17 16:26:35 +01:00
|
|
|
nameTransform: n,
|
|
|
|
contentEnc: c,
|
2015-09-08 00:54:24 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// GetAttr implements pathfs.Filesystem.
|
2015-09-08 00:54:24 +02:00
|
|
|
func (fs *FS) GetAttr(name string, context *fuse.Context) (*fuse.Attr, fuse.Status) {
|
2016-06-15 23:30:44 +02:00
|
|
|
tlog.Debug.Printf("FS.GetAttr('%s')", name)
|
2015-12-08 16:13:29 +01:00
|
|
|
if fs.isFiltered(name) {
|
2015-11-03 22:25:29 +01:00
|
|
|
return nil, fuse.EPERM
|
2015-11-03 00:00:13 +01:00
|
|
|
}
|
2015-11-27 00:03:10 +01:00
|
|
|
cName, err := fs.encryptPath(name)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fuse.ToStatus(err)
|
|
|
|
}
|
2015-09-16 19:32:37 +02:00
|
|
|
a, status := fs.FileSystem.GetAttr(cName, context)
|
2015-09-08 00:54:24 +02:00
|
|
|
if a == nil {
|
2016-06-15 23:30:44 +02:00
|
|
|
tlog.Debug.Printf("FS.GetAttr failed: %s", status.String())
|
2015-09-08 00:54:24 +02:00
|
|
|
return a, status
|
|
|
|
}
|
2015-09-16 19:32:37 +02:00
|
|
|
if a.IsRegular() {
|
2016-02-06 19:20:54 +01:00
|
|
|
a.Size = fs.contentEnc.CipherSizeToPlainSize(a.Size)
|
2015-09-16 19:32:37 +02:00
|
|
|
} else if a.IsSymlink() {
|
|
|
|
target, _ := fs.Readlink(name, context)
|
|
|
|
a.Size = uint64(len(target))
|
|
|
|
}
|
2017-05-30 23:01:06 +02:00
|
|
|
if fs.args.ForceOwner != nil {
|
|
|
|
a.Owner = *fs.args.ForceOwner
|
|
|
|
}
|
2015-09-08 00:54:24 +02:00
|
|
|
return a, status
|
|
|
|
}
|
|
|
|
|
2017-05-01 17:49:37 +02:00
|
|
|
// mangleOpenFlags is used by Create() and Open() to convert the open flags the user
|
|
|
|
// wants to the flags we internally use to open the backing file.
|
|
|
|
func (fs *FS) mangleOpenFlags(flags uint32) (newFlags int) {
|
2015-09-08 00:54:24 +02:00
|
|
|
newFlags = int(flags)
|
2017-05-01 17:49:37 +02:00
|
|
|
// Convert WRONLY to RDWR. We always need read access to do read-modify-write cycles.
|
2015-10-04 14:36:20 +02:00
|
|
|
if newFlags&os.O_WRONLY > 0 {
|
2015-09-08 00:54:24 +02:00
|
|
|
newFlags = newFlags ^ os.O_WRONLY | os.O_RDWR
|
|
|
|
}
|
|
|
|
// We also cannot open the file in append mode, we need to seek back for RMW
|
|
|
|
newFlags = newFlags &^ os.O_APPEND
|
2018-07-02 23:54:37 +02:00
|
|
|
// O_DIRECT accesses must be aligned in both offset and length. Due to our
|
|
|
|
// crypto header, alignment will be off, even if userspace makes aligned
|
|
|
|
// accesses. Running xfstests generic/013 on ext4 used to trigger lots of
|
|
|
|
// EINVAL errors due to missing alignment. Just fall back to buffered IO.
|
2018-07-04 09:04:00 +02:00
|
|
|
newFlags = newFlags &^ syscallcompat.O_DIRECT
|
2015-09-08 00:54:24 +02:00
|
|
|
|
2017-05-01 17:49:37 +02:00
|
|
|
return newFlags
|
2015-09-08 00:54:24 +02:00
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// Open implements pathfs.Filesystem.
|
2015-11-03 00:00:13 +01:00
|
|
|
func (fs *FS) Open(path string, flags uint32, context *fuse.Context) (fuseFile nodefs.File, status fuse.Status) {
|
2015-12-08 16:13:29 +01:00
|
|
|
if fs.isFiltered(path) {
|
2015-11-03 00:00:13 +01:00
|
|
|
return nil, fuse.EPERM
|
|
|
|
}
|
2017-07-11 23:19:58 +02:00
|
|
|
// Taking this lock makes sure we don't race openWriteOnlyFile()
|
|
|
|
fs.openWriteOnlyLock.RLock()
|
|
|
|
defer fs.openWriteOnlyLock.RUnlock()
|
|
|
|
|
2017-05-01 17:49:37 +02:00
|
|
|
newFlags := fs.mangleOpenFlags(flags)
|
2015-11-27 00:03:10 +01:00
|
|
|
cPath, err := fs.getBackingPath(path)
|
|
|
|
if err != nil {
|
2016-06-15 23:30:44 +02:00
|
|
|
tlog.Debug.Printf("Open: getBackingPath: %v", err)
|
2015-11-27 00:03:10 +01:00
|
|
|
return nil, fuse.ToStatus(err)
|
|
|
|
}
|
2016-06-15 23:30:44 +02:00
|
|
|
tlog.Debug.Printf("Open: %s", cPath)
|
2017-07-11 23:19:58 +02:00
|
|
|
f, err := os.OpenFile(cPath, newFlags, 0)
|
2015-09-08 00:54:24 +02:00
|
|
|
if err != nil {
|
2017-07-11 23:19:58 +02:00
|
|
|
sysErr := err.(*os.PathError).Err
|
|
|
|
if sysErr == syscall.EMFILE {
|
2017-05-03 23:46:52 +02:00
|
|
|
var lim syscall.Rlimit
|
|
|
|
syscall.Getrlimit(syscall.RLIMIT_NOFILE, &lim)
|
|
|
|
tlog.Warn.Printf("Open %q: too many open files. Current \"ulimit -n\": %d", cPath, lim.Cur)
|
|
|
|
}
|
2017-07-11 23:19:58 +02:00
|
|
|
if sysErr == syscall.EACCES && (int(flags)&os.O_WRONLY > 0) {
|
|
|
|
return fs.openWriteOnlyFile(cPath, newFlags)
|
|
|
|
}
|
2015-09-08 00:54:24 +02:00
|
|
|
return nil, fuse.ToStatus(err)
|
|
|
|
}
|
2017-05-01 17:49:37 +02:00
|
|
|
return NewFile(f, fs)
|
2015-09-08 00:54:24 +02:00
|
|
|
}
|
|
|
|
|
2017-07-11 23:19:58 +02:00
|
|
|
// Due to RMW, we always need read permissions on the backing file. This is a
|
|
|
|
// problem if the file permissions do not allow reading (i.e. 0200 permissions).
|
|
|
|
// This function works around that problem by chmod'ing the file, obtaining a fd,
|
|
|
|
// and chmod'ing it back.
|
|
|
|
func (fs *FS) openWriteOnlyFile(cPath string, newFlags int) (fuseFile nodefs.File, status fuse.Status) {
|
|
|
|
woFd, err := os.OpenFile(cPath, os.O_WRONLY, 0)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fuse.ToStatus(err)
|
|
|
|
}
|
|
|
|
defer woFd.Close()
|
|
|
|
fi, err := woFd.Stat()
|
|
|
|
if err != nil {
|
|
|
|
return nil, fuse.ToStatus(err)
|
|
|
|
}
|
|
|
|
perms := fi.Mode().Perm()
|
|
|
|
// Verify that we don't have read permissions
|
|
|
|
if perms&0400 != 0 {
|
|
|
|
tlog.Warn.Printf("openWriteOnlyFile: unexpected permissions %#o, returning EPERM", perms)
|
|
|
|
return nil, fuse.ToStatus(syscall.EPERM)
|
|
|
|
}
|
|
|
|
// Upgrade the lock to block other Open()s and downgrade again on return
|
|
|
|
fs.openWriteOnlyLock.RUnlock()
|
|
|
|
fs.openWriteOnlyLock.Lock()
|
|
|
|
defer func() {
|
|
|
|
fs.openWriteOnlyLock.Unlock()
|
|
|
|
fs.openWriteOnlyLock.RLock()
|
|
|
|
}()
|
|
|
|
// Relax permissions and revert on return
|
|
|
|
err = woFd.Chmod(perms | 0400)
|
|
|
|
if err != nil {
|
|
|
|
tlog.Warn.Printf("openWriteOnlyFile: changing permissions failed: %v", err)
|
|
|
|
return nil, fuse.ToStatus(err)
|
|
|
|
}
|
|
|
|
defer func() {
|
|
|
|
err2 := woFd.Chmod(perms)
|
|
|
|
if err2 != nil {
|
|
|
|
tlog.Warn.Printf("openWriteOnlyFile: reverting permissions failed: %v", err2)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
rwFd, err := os.OpenFile(cPath, newFlags, 0)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fuse.ToStatus(err)
|
|
|
|
}
|
|
|
|
return NewFile(rwFd, fs)
|
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// Create implements pathfs.Filesystem.
|
2015-09-08 00:54:24 +02:00
|
|
|
func (fs *FS) Create(path string, flags uint32, mode uint32, context *fuse.Context) (fuseFile nodefs.File, code fuse.Status) {
|
2015-12-08 16:13:29 +01:00
|
|
|
if fs.isFiltered(path) {
|
2015-11-03 22:25:29 +01:00
|
|
|
return nil, fuse.EPERM
|
2015-11-03 00:00:13 +01:00
|
|
|
}
|
2017-05-01 17:49:37 +02:00
|
|
|
newFlags := fs.mangleOpenFlags(flags)
|
2015-11-27 00:03:10 +01:00
|
|
|
cPath, err := fs.getBackingPath(path)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fuse.ToStatus(err)
|
|
|
|
}
|
2016-04-10 19:32:10 +02:00
|
|
|
|
2016-05-29 22:41:46 +02:00
|
|
|
var fd *os.File
|
2016-04-10 19:32:10 +02:00
|
|
|
cName := filepath.Base(cPath)
|
2016-05-29 22:41:46 +02:00
|
|
|
|
|
|
|
// Handle long file name
|
2018-01-17 00:23:09 +01:00
|
|
|
if !fs.args.PlaintextNames && nametransform.IsLongContent(cName) {
|
2016-04-10 21:29:42 +02:00
|
|
|
var dirfd *os.File
|
|
|
|
dirfd, err = os.Open(filepath.Dir(cPath))
|
2016-04-10 19:32:10 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, fuse.ToStatus(err)
|
|
|
|
}
|
|
|
|
defer dirfd.Close()
|
|
|
|
|
|
|
|
// Create ".name"
|
|
|
|
err = fs.nameTransform.WriteLongName(dirfd, cName, path)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fuse.ToStatus(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create content
|
2016-04-10 21:29:42 +02:00
|
|
|
var fdRaw int
|
2017-11-30 19:40:53 +01:00
|
|
|
fdRaw, err = syscallcompat.Openat(int(dirfd.Fd()), cName, newFlags|os.O_CREATE|os.O_EXCL, mode)
|
2016-02-06 22:54:14 +01:00
|
|
|
if err != nil {
|
2016-04-10 19:32:10 +02:00
|
|
|
nametransform.DeleteLongName(dirfd, cName)
|
2016-02-06 22:54:14 +01:00
|
|
|
return nil, fuse.ToStatus(err)
|
|
|
|
}
|
2016-05-29 22:41:46 +02:00
|
|
|
fd = os.NewFile(uintptr(fdRaw), cName)
|
|
|
|
} else {
|
|
|
|
// Normal (short) file name
|
2017-11-30 19:40:53 +01:00
|
|
|
fd, err = os.OpenFile(cPath, newFlags|os.O_CREATE|os.O_EXCL, os.FileMode(mode))
|
2016-05-29 22:41:46 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, fuse.ToStatus(err)
|
|
|
|
}
|
2016-02-06 22:54:14 +01:00
|
|
|
}
|
2016-10-10 08:43:09 +02:00
|
|
|
// Set owner
|
2016-06-26 19:18:13 +02:00
|
|
|
if fs.args.PreserveOwner {
|
|
|
|
err = fd.Chown(int(context.Owner.Uid), int(context.Owner.Gid))
|
|
|
|
if err != nil {
|
2016-11-28 22:46:04 +01:00
|
|
|
tlog.Warn.Printf("Create: fd.Chown failed: %v", err)
|
2016-06-26 19:18:13 +02:00
|
|
|
}
|
|
|
|
}
|
2017-05-01 17:49:37 +02:00
|
|
|
return NewFile(fd, fs)
|
2015-09-08 00:54:24 +02:00
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// Chmod implements pathfs.Filesystem.
|
2015-09-08 00:54:24 +02:00
|
|
|
func (fs *FS) Chmod(path string, mode uint32, context *fuse.Context) (code fuse.Status) {
|
2015-12-08 16:13:29 +01:00
|
|
|
if fs.isFiltered(path) {
|
2015-11-03 22:25:29 +01:00
|
|
|
return fuse.EPERM
|
2015-11-03 00:00:13 +01:00
|
|
|
}
|
2017-11-29 12:54:34 +01:00
|
|
|
dirfd, cName, err := fs.openBackingPath(path)
|
2015-11-27 00:03:10 +01:00
|
|
|
if err != nil {
|
|
|
|
return fuse.ToStatus(err)
|
|
|
|
}
|
2017-11-29 12:54:34 +01:00
|
|
|
defer dirfd.Close()
|
2016-06-26 20:13:21 +02:00
|
|
|
// os.Chmod goes through the "syscallMode" translation function that messes
|
2017-11-29 12:54:34 +01:00
|
|
|
// up the suid and sgid bits. So use a syscall directly.
|
|
|
|
err = syscallcompat.Fchmodat(int(dirfd.Fd()), cName, mode, unix.AT_SYMLINK_NOFOLLOW)
|
2016-06-26 20:13:21 +02:00
|
|
|
return fuse.ToStatus(err)
|
2015-09-08 00:54:24 +02:00
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// Chown implements pathfs.Filesystem.
|
2015-09-08 00:54:24 +02:00
|
|
|
func (fs *FS) Chown(path string, uid uint32, gid uint32, context *fuse.Context) (code fuse.Status) {
|
2015-12-08 16:13:29 +01:00
|
|
|
if fs.isFiltered(path) {
|
2015-11-03 22:25:29 +01:00
|
|
|
return fuse.EPERM
|
2015-11-03 00:00:13 +01:00
|
|
|
}
|
2017-11-29 13:05:46 +01:00
|
|
|
dirfd, cName, err := fs.openBackingPath(path)
|
2015-11-27 00:03:10 +01:00
|
|
|
if err != nil {
|
|
|
|
return fuse.ToStatus(err)
|
|
|
|
}
|
2017-11-29 13:05:46 +01:00
|
|
|
defer dirfd.Close()
|
|
|
|
code = fuse.ToStatus(syscallcompat.Fchownat(int(dirfd.Fd()), cName, int(uid), int(gid), unix.AT_SYMLINK_NOFOLLOW))
|
2017-03-02 19:11:24 +01:00
|
|
|
if !code.Ok() {
|
|
|
|
return code
|
|
|
|
}
|
|
|
|
if !fs.args.PlaintextNames {
|
|
|
|
// When filename encryption is active, every directory contains
|
|
|
|
// a "gocryptfs.diriv" file. This file should also change the owner.
|
2017-11-29 13:05:46 +01:00
|
|
|
// Instead of checking if "cName" is a directory, we just blindly
|
|
|
|
// execute the chown on "cName/gocryptfs.diriv" and ignore errors.
|
|
|
|
dirIVPath := filepath.Join(cName, nametransform.DirIVFilename)
|
|
|
|
syscallcompat.Fchownat(int(dirfd.Fd()), dirIVPath, int(uid), int(gid), unix.AT_SYMLINK_NOFOLLOW)
|
2017-03-02 19:11:24 +01:00
|
|
|
}
|
|
|
|
return fuse.OK
|
2015-09-18 22:22:11 +02:00
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// Mknod implements pathfs.Filesystem.
|
2015-11-27 00:03:10 +01:00
|
|
|
func (fs *FS) Mknod(path string, mode uint32, dev uint32, context *fuse.Context) (code fuse.Status) {
|
2015-12-08 16:13:29 +01:00
|
|
|
if fs.isFiltered(path) {
|
2015-11-03 22:25:29 +01:00
|
|
|
return fuse.EPERM
|
2015-11-03 00:00:13 +01:00
|
|
|
}
|
2017-11-28 01:11:19 +01:00
|
|
|
dirfd, cName, err := fs.openBackingPath(path)
|
2017-11-26 21:59:24 +01:00
|
|
|
if err != nil {
|
|
|
|
return fuse.ToStatus(err)
|
|
|
|
}
|
|
|
|
defer dirfd.Close()
|
2017-11-28 00:20:42 +01:00
|
|
|
// Create ".name" file to store long file name (except in PlaintextNames mode)
|
|
|
|
if !fs.args.PlaintextNames && nametransform.IsLongContent(cName) {
|
2016-04-10 19:32:10 +02:00
|
|
|
err = fs.nameTransform.WriteLongName(dirfd, cName, path)
|
|
|
|
if err != nil {
|
|
|
|
return fuse.ToStatus(err)
|
|
|
|
}
|
2016-11-28 23:09:47 +01:00
|
|
|
// Create "gocryptfs.longfile." device node
|
|
|
|
err = syscallcompat.Mknodat(int(dirfd.Fd()), cName, mode, int(dev))
|
2016-04-10 19:32:10 +02:00
|
|
|
if err != nil {
|
|
|
|
nametransform.DeleteLongName(dirfd, cName)
|
|
|
|
}
|
2016-11-28 23:09:47 +01:00
|
|
|
} else {
|
|
|
|
// Create regular device node
|
2017-11-26 21:59:24 +01:00
|
|
|
err = syscallcompat.Mknodat(int(dirfd.Fd()), cName, mode, int(dev))
|
2016-11-28 23:09:47 +01:00
|
|
|
}
|
|
|
|
if err != nil {
|
2016-04-10 19:32:10 +02:00
|
|
|
return fuse.ToStatus(err)
|
2016-02-07 14:02:09 +01:00
|
|
|
}
|
2016-11-28 23:09:47 +01:00
|
|
|
// Set owner
|
|
|
|
if fs.args.PreserveOwner {
|
2017-11-26 21:59:24 +01:00
|
|
|
err = syscallcompat.Fchownat(int(dirfd.Fd()), cName, int(context.Owner.Uid),
|
|
|
|
int(context.Owner.Gid), unix.AT_SYMLINK_NOFOLLOW)
|
2016-11-28 23:09:47 +01:00
|
|
|
if err != nil {
|
2017-11-26 21:59:24 +01:00
|
|
|
tlog.Warn.Printf("Mknod: Fchownat failed: %v", err)
|
2016-11-28 23:09:47 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return fuse.OK
|
2015-09-08 00:54:24 +02:00
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// Truncate implements pathfs.Filesystem.
|
2016-06-26 18:35:19 +02:00
|
|
|
// Support truncate(2) by opening the file and calling ftruncate(2)
|
|
|
|
// While the glibc "truncate" wrapper seems to always use ftruncate, fsstress from
|
|
|
|
// xfstests uses this a lot by calling "truncate64" directly.
|
2015-09-08 00:54:24 +02:00
|
|
|
func (fs *FS) Truncate(path string, offset uint64, context *fuse.Context) (code fuse.Status) {
|
2016-06-26 18:35:19 +02:00
|
|
|
file, code := fs.Open(path, uint32(os.O_RDWR), context)
|
|
|
|
if code != fuse.OK {
|
|
|
|
return code
|
|
|
|
}
|
|
|
|
code = file.Truncate(offset)
|
|
|
|
file.Release()
|
|
|
|
return code
|
2015-09-08 00:54:24 +02:00
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// Utimens implements pathfs.Filesystem.
|
2016-08-09 22:18:46 +02:00
|
|
|
func (fs *FS) Utimens(path string, a *time.Time, m *time.Time, context *fuse.Context) (code fuse.Status) {
|
2015-12-08 16:13:29 +01:00
|
|
|
if fs.isFiltered(path) {
|
2015-11-03 22:25:29 +01:00
|
|
|
return fuse.EPERM
|
2015-11-03 00:00:13 +01:00
|
|
|
}
|
2016-09-25 16:30:29 +02:00
|
|
|
cPath, err := fs.encryptPath(path)
|
2015-11-27 00:03:10 +01:00
|
|
|
if err != nil {
|
|
|
|
return fuse.ToStatus(err)
|
|
|
|
}
|
2016-09-25 16:30:29 +02:00
|
|
|
return fs.FileSystem.Utimens(cPath, a, m, context)
|
2015-09-08 00:54:24 +02:00
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// StatFs implements pathfs.Filesystem.
|
2016-05-12 19:51:13 +02:00
|
|
|
func (fs *FS) StatFs(path string) *fuse.StatfsOut {
|
|
|
|
if fs.isFiltered(path) {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
cPath, err := fs.encryptPath(path)
|
|
|
|
if err != nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return fs.FileSystem.StatFs(cPath)
|
|
|
|
}
|
|
|
|
|
2018-03-24 21:36:45 +01:00
|
|
|
// decryptSymlinkTarget: "cData64" is base64-decoded and decrypted
|
|
|
|
// like file contents (GCM).
|
2018-03-25 21:02:33 +02:00
|
|
|
// The empty string decrypts to the empty string.
|
2018-03-24 21:36:45 +01:00
|
|
|
func (fs *FS) decryptSymlinkTarget(cData64 string) (string, error) {
|
2018-03-25 21:02:33 +02:00
|
|
|
if cData64 == "" {
|
|
|
|
return "", nil
|
|
|
|
}
|
2018-03-24 21:36:45 +01:00
|
|
|
cData, err := fs.nameTransform.B64.DecodeString(cData64)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
data, err := fs.contentEnc.DecryptBlock([]byte(cData), 0, nil)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
return string(data), nil
|
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// Readlink implements pathfs.Filesystem.
|
2018-04-02 18:32:30 +02:00
|
|
|
func (fs *FS) Readlink(relPath string, context *fuse.Context) (out string, status fuse.Status) {
|
|
|
|
cPath, err := fs.encryptPath(relPath)
|
2015-11-27 00:03:10 +01:00
|
|
|
if err != nil {
|
|
|
|
return "", fuse.ToStatus(err)
|
|
|
|
}
|
2018-04-02 18:32:30 +02:00
|
|
|
cAbsPath := filepath.Join(fs.args.Cipherdir, cPath)
|
|
|
|
cTarget, err := os.Readlink(cAbsPath)
|
2016-09-25 17:01:04 +02:00
|
|
|
if err != nil {
|
|
|
|
return "", fuse.ToStatus(err)
|
2015-09-09 19:32:59 +02:00
|
|
|
}
|
2016-06-23 21:29:00 +02:00
|
|
|
if fs.args.PlaintextNames {
|
|
|
|
return cTarget, fuse.OK
|
2015-11-28 16:52:57 +01:00
|
|
|
}
|
2016-06-23 21:29:00 +02:00
|
|
|
// Symlinks are encrypted like file contents (GCM) and base64-encoded
|
2018-03-24 21:36:45 +01:00
|
|
|
target, err := fs.decryptSymlinkTarget(cTarget)
|
2015-11-28 16:47:30 +01:00
|
|
|
if err != nil {
|
2018-04-02 18:32:30 +02:00
|
|
|
tlog.Warn.Printf("Readlink %q: decrypting target failed: %v", cPath, err)
|
2015-11-28 16:47:30 +01:00
|
|
|
return "", fuse.EIO
|
|
|
|
}
|
|
|
|
return string(target), fuse.OK
|
2015-09-08 00:54:24 +02:00
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// Unlink implements pathfs.Filesystem.
|
2015-11-27 00:03:10 +01:00
|
|
|
func (fs *FS) Unlink(path string, context *fuse.Context) (code fuse.Status) {
|
2015-12-08 16:13:29 +01:00
|
|
|
if fs.isFiltered(path) {
|
2015-11-03 22:25:29 +01:00
|
|
|
return fuse.EPERM
|
2015-11-03 00:00:13 +01:00
|
|
|
}
|
2017-11-28 01:28:29 +01:00
|
|
|
dirfd, cName, err := fs.openBackingPath(path)
|
2015-11-27 00:03:10 +01:00
|
|
|
if err != nil {
|
|
|
|
return fuse.ToStatus(err)
|
2015-09-16 19:32:37 +02:00
|
|
|
}
|
2017-11-28 01:28:29 +01:00
|
|
|
defer dirfd.Close()
|
|
|
|
// Delete content
|
2017-11-29 12:23:40 +01:00
|
|
|
err = syscallcompat.Unlinkat(int(dirfd.Fd()), cName, 0)
|
2017-11-28 01:28:29 +01:00
|
|
|
if err != nil {
|
|
|
|
return fuse.ToStatus(err)
|
|
|
|
}
|
|
|
|
// Delete ".name" file
|
2017-11-28 01:22:55 +01:00
|
|
|
if !fs.args.PlaintextNames && nametransform.IsLongContent(cName) {
|
2016-04-10 19:32:10 +02:00
|
|
|
err = nametransform.DeleteLongName(dirfd, cName)
|
|
|
|
if err != nil {
|
2016-06-15 23:30:44 +02:00
|
|
|
tlog.Warn.Printf("Unlink: could not delete .name file: %v", err)
|
2016-04-10 19:32:10 +02:00
|
|
|
}
|
2016-02-07 14:02:09 +01:00
|
|
|
}
|
|
|
|
return fuse.ToStatus(err)
|
2015-09-08 00:54:24 +02:00
|
|
|
}
|
|
|
|
|
2018-03-24 21:36:45 +01:00
|
|
|
// encryptSymlinkTarget: "data" is encrypted like file contents (GCM)
|
|
|
|
// and base64-encoded.
|
2018-03-25 21:02:33 +02:00
|
|
|
// The empty string encrypts to the empty string.
|
2018-03-24 21:36:45 +01:00
|
|
|
func (fs *FS) encryptSymlinkTarget(data string) (cData64 string) {
|
2018-03-25 21:02:33 +02:00
|
|
|
if data == "" {
|
|
|
|
return ""
|
|
|
|
}
|
2018-03-24 21:36:45 +01:00
|
|
|
cData := fs.contentEnc.EncryptBlock([]byte(data), 0, nil)
|
|
|
|
cData64 = fs.nameTransform.B64.EncodeToString(cData)
|
|
|
|
return cData64
|
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// Symlink implements pathfs.Filesystem.
|
2015-11-27 00:03:10 +01:00
|
|
|
func (fs *FS) Symlink(target string, linkName string, context *fuse.Context) (code fuse.Status) {
|
2016-06-15 23:30:44 +02:00
|
|
|
tlog.Debug.Printf("Symlink(\"%s\", \"%s\")", target, linkName)
|
2015-12-08 16:13:29 +01:00
|
|
|
if fs.isFiltered(linkName) {
|
2015-11-03 22:25:29 +01:00
|
|
|
return fuse.EPERM
|
2015-11-03 00:00:13 +01:00
|
|
|
}
|
2017-11-28 01:11:19 +01:00
|
|
|
dirfd, cName, err := fs.openBackingPath(linkName)
|
2017-11-28 01:02:11 +01:00
|
|
|
if err != nil {
|
|
|
|
return fuse.ToStatus(err)
|
|
|
|
}
|
|
|
|
defer dirfd.Close()
|
2018-06-19 20:13:56 +02:00
|
|
|
cTarget := target
|
2017-11-28 00:38:17 +01:00
|
|
|
if !fs.args.PlaintextNames {
|
|
|
|
// Symlinks are encrypted like file contents (GCM) and base64-encoded
|
2018-03-24 21:36:45 +01:00
|
|
|
cTarget = fs.encryptSymlinkTarget(target)
|
2015-11-28 16:52:57 +01:00
|
|
|
}
|
2017-11-28 01:02:11 +01:00
|
|
|
// Create ".name" file to store long file name (except in PlaintextNames mode)
|
2017-11-28 00:38:17 +01:00
|
|
|
if !fs.args.PlaintextNames && nametransform.IsLongContent(cName) {
|
2016-04-10 19:32:10 +02:00
|
|
|
err = fs.nameTransform.WriteLongName(dirfd, cName, linkName)
|
|
|
|
if err != nil {
|
|
|
|
return fuse.ToStatus(err)
|
|
|
|
}
|
2016-11-28 23:15:24 +01:00
|
|
|
// Create "gocryptfs.longfile." symlink
|
2017-11-28 00:54:38 +01:00
|
|
|
err = syscallcompat.Symlinkat(cTarget, int(dirfd.Fd()), cName)
|
2016-04-10 19:32:10 +02:00
|
|
|
if err != nil {
|
|
|
|
nametransform.DeleteLongName(dirfd, cName)
|
|
|
|
}
|
2016-11-28 23:15:24 +01:00
|
|
|
} else {
|
|
|
|
// Create symlink
|
2017-11-28 01:02:11 +01:00
|
|
|
err = syscallcompat.Symlinkat(cTarget, int(dirfd.Fd()), cName)
|
2016-11-28 23:15:24 +01:00
|
|
|
}
|
|
|
|
if err != nil {
|
2016-04-10 19:32:10 +02:00
|
|
|
return fuse.ToStatus(err)
|
2016-02-07 14:02:09 +01:00
|
|
|
}
|
2016-11-28 23:15:24 +01:00
|
|
|
// Set owner
|
|
|
|
if fs.args.PreserveOwner {
|
2017-11-28 01:02:11 +01:00
|
|
|
err = syscallcompat.Fchownat(int(dirfd.Fd()), cName, int(context.Owner.Uid),
|
|
|
|
int(context.Owner.Gid), unix.AT_SYMLINK_NOFOLLOW)
|
2016-11-28 23:15:24 +01:00
|
|
|
if err != nil {
|
2017-11-28 01:02:11 +01:00
|
|
|
tlog.Warn.Printf("Symlink: Fchownat failed: %v", err)
|
2016-11-28 23:15:24 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return fuse.OK
|
2015-09-08 00:54:24 +02:00
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// Rename implements pathfs.Filesystem.
|
2015-11-03 22:25:29 +01:00
|
|
|
func (fs *FS) Rename(oldPath string, newPath string, context *fuse.Context) (code fuse.Status) {
|
2015-12-08 16:13:29 +01:00
|
|
|
if fs.isFiltered(newPath) {
|
2015-11-03 22:25:29 +01:00
|
|
|
return fuse.EPERM
|
2015-11-03 00:00:13 +01:00
|
|
|
}
|
2015-11-27 00:03:10 +01:00
|
|
|
cOldPath, err := fs.getBackingPath(oldPath)
|
|
|
|
if err != nil {
|
|
|
|
return fuse.ToStatus(err)
|
|
|
|
}
|
|
|
|
cNewPath, err := fs.getBackingPath(newPath)
|
|
|
|
if err != nil {
|
|
|
|
return fuse.ToStatus(err)
|
|
|
|
}
|
2015-11-29 21:41:38 +01:00
|
|
|
// The Rename may cause a directory to take the place of another directory.
|
|
|
|
// That directory may still be in the DirIV cache, clear it.
|
2016-02-06 19:20:54 +01:00
|
|
|
fs.nameTransform.DirIVCache.Clear()
|
2018-01-17 00:23:09 +01:00
|
|
|
// Easy case.
|
|
|
|
if fs.args.PlaintextNames {
|
|
|
|
return fuse.ToStatus(syscall.Rename(cOldPath, cNewPath))
|
|
|
|
}
|
2016-04-10 19:32:10 +02:00
|
|
|
// Handle long source file name
|
|
|
|
var oldDirFd *os.File
|
|
|
|
var finalOldDirFd int
|
|
|
|
var finalOldPath = cOldPath
|
|
|
|
cOldName := filepath.Base(cOldPath)
|
|
|
|
if nametransform.IsLongContent(cOldName) {
|
|
|
|
oldDirFd, err = os.Open(filepath.Dir(cOldPath))
|
|
|
|
if err != nil {
|
|
|
|
return fuse.ToStatus(err)
|
|
|
|
}
|
|
|
|
defer oldDirFd.Close()
|
|
|
|
finalOldDirFd = int(oldDirFd.Fd())
|
2016-07-03 20:05:32 +02:00
|
|
|
// Use relative path
|
2016-04-10 19:32:10 +02:00
|
|
|
finalOldPath = cOldName
|
|
|
|
}
|
|
|
|
// Handle long destination file name
|
|
|
|
var newDirFd *os.File
|
|
|
|
var finalNewDirFd int
|
|
|
|
var finalNewPath = cNewPath
|
|
|
|
cNewName := filepath.Base(cNewPath)
|
|
|
|
if nametransform.IsLongContent(cNewName) {
|
|
|
|
newDirFd, err = os.Open(filepath.Dir(cNewPath))
|
|
|
|
if err != nil {
|
|
|
|
return fuse.ToStatus(err)
|
|
|
|
}
|
|
|
|
defer newDirFd.Close()
|
|
|
|
finalNewDirFd = int(newDirFd.Fd())
|
2016-07-03 20:05:32 +02:00
|
|
|
// Use relative path
|
2016-04-10 19:32:10 +02:00
|
|
|
finalNewPath = cNewName
|
|
|
|
// Create destination .name file
|
|
|
|
err = fs.nameTransform.WriteLongName(newDirFd, cNewName, newPath)
|
2017-11-25 01:56:56 +01:00
|
|
|
// Failure to write the .name file is expected when the target path already
|
|
|
|
// exists. Since hashes are pretty unique, there is no need to modify the
|
|
|
|
// file anyway. We still set newDirFd to nil to ensure that we do not delete
|
|
|
|
// the file on error.
|
|
|
|
if err == syscall.EEXIST {
|
|
|
|
newDirFd = nil
|
|
|
|
} else if err != nil {
|
2016-02-07 14:02:09 +01:00
|
|
|
return fuse.ToStatus(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// Actual rename
|
2016-07-03 20:08:09 +02:00
|
|
|
tlog.Debug.Printf("Renameat oldfd=%d oldpath=%s newfd=%d newpath=%s\n", finalOldDirFd, finalOldPath, finalNewDirFd, finalNewPath)
|
2016-07-03 20:05:32 +02:00
|
|
|
err = syscallcompat.Renameat(finalOldDirFd, finalOldPath, finalNewDirFd, finalNewPath)
|
2016-06-30 23:12:22 +02:00
|
|
|
if err == syscall.ENOTEMPTY || err == syscall.EEXIST {
|
|
|
|
// If an empty directory is overwritten we will always get an error as
|
2016-04-10 19:32:10 +02:00
|
|
|
// the "empty" directory will still contain gocryptfs.diriv.
|
2016-06-30 23:12:22 +02:00
|
|
|
// Interestingly, ext4 returns ENOTEMPTY while xfs returns EEXIST.
|
|
|
|
// We handle that by trying to fs.Rmdir() the target directory and trying
|
|
|
|
// again.
|
2016-06-15 23:30:44 +02:00
|
|
|
tlog.Debug.Printf("Rename: Handling ENOTEMPTY")
|
2015-12-19 13:21:15 +01:00
|
|
|
if fs.Rmdir(newPath, context) == fuse.OK {
|
2016-07-03 20:05:32 +02:00
|
|
|
err = syscallcompat.Renameat(finalOldDirFd, finalOldPath, finalNewDirFd, finalNewPath)
|
2015-12-19 13:21:15 +01:00
|
|
|
}
|
|
|
|
}
|
2016-04-10 19:32:10 +02:00
|
|
|
if err != nil {
|
|
|
|
if newDirFd != nil {
|
|
|
|
// Roll back .name creation
|
|
|
|
nametransform.DeleteLongName(newDirFd, cNewName)
|
|
|
|
}
|
|
|
|
return fuse.ToStatus(err)
|
2016-02-07 14:02:09 +01:00
|
|
|
}
|
2016-04-10 19:32:10 +02:00
|
|
|
if oldDirFd != nil {
|
|
|
|
nametransform.DeleteLongName(oldDirFd, cOldName)
|
|
|
|
}
|
|
|
|
return fuse.OK
|
2015-09-08 00:54:24 +02:00
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// Link implements pathfs.Filesystem.
|
2015-11-27 00:03:10 +01:00
|
|
|
func (fs *FS) Link(oldPath string, newPath string, context *fuse.Context) (code fuse.Status) {
|
2015-12-08 16:13:29 +01:00
|
|
|
if fs.isFiltered(newPath) {
|
2015-11-03 22:25:29 +01:00
|
|
|
return fuse.EPERM
|
2015-11-03 00:00:13 +01:00
|
|
|
}
|
2017-12-12 14:42:49 +01:00
|
|
|
oldDirFd, cOldName, err := fs.openBackingPath(oldPath)
|
2015-11-27 00:03:10 +01:00
|
|
|
if err != nil {
|
|
|
|
return fuse.ToStatus(err)
|
|
|
|
}
|
2017-12-12 14:42:49 +01:00
|
|
|
defer oldDirFd.Close()
|
|
|
|
newDirFd, cNewName, err := fs.openBackingPath(newPath)
|
2015-11-27 00:03:10 +01:00
|
|
|
if err != nil {
|
|
|
|
return fuse.ToStatus(err)
|
|
|
|
}
|
2017-12-12 14:42:49 +01:00
|
|
|
defer newDirFd.Close()
|
|
|
|
// Handle long file name (except in PlaintextNames mode)
|
2017-12-12 14:38:00 +01:00
|
|
|
if !fs.args.PlaintextNames && nametransform.IsLongContent(cNewName) {
|
2017-12-12 14:42:49 +01:00
|
|
|
err = fs.nameTransform.WriteLongName(newDirFd, cNewName, newPath)
|
2016-02-07 14:02:09 +01:00
|
|
|
if err != nil {
|
|
|
|
return fuse.ToStatus(err)
|
|
|
|
}
|
2017-12-12 14:42:49 +01:00
|
|
|
// Create "gocryptfs.longfile." link
|
|
|
|
err = syscallcompat.Linkat(int(oldDirFd.Fd()), cOldName, int(newDirFd.Fd()), cNewName, 0)
|
2016-04-10 19:32:10 +02:00
|
|
|
if err != nil {
|
2017-12-12 14:42:49 +01:00
|
|
|
nametransform.DeleteLongName(newDirFd, cNewName)
|
2016-04-10 19:32:10 +02:00
|
|
|
}
|
2017-12-12 14:42:49 +01:00
|
|
|
} else {
|
|
|
|
// Create regular link
|
|
|
|
err = syscallcompat.Linkat(int(oldDirFd.Fd()), cOldName, int(newDirFd.Fd()), cNewName, 0)
|
2016-02-07 14:02:09 +01:00
|
|
|
}
|
2017-12-12 14:42:49 +01:00
|
|
|
return fuse.ToStatus(err)
|
2015-09-08 00:54:24 +02:00
|
|
|
}
|
|
|
|
|
2016-10-02 06:14:18 +02:00
|
|
|
// Access implements pathfs.Filesystem.
|
2015-11-27 00:03:10 +01:00
|
|
|
func (fs *FS) Access(path string, mode uint32, context *fuse.Context) (code fuse.Status) {
|
2015-12-08 16:13:29 +01:00
|
|
|
if fs.isFiltered(path) {
|
2015-11-03 22:25:29 +01:00
|
|
|
return fuse.EPERM
|
|
|
|
}
|
2015-11-27 00:03:10 +01:00
|
|
|
cPath, err := fs.getBackingPath(path)
|
|
|
|
if err != nil {
|
|
|
|
return fuse.ToStatus(err)
|
|
|
|
}
|
|
|
|
return fuse.ToStatus(syscall.Access(cPath, mode))
|
2015-09-08 00:54:24 +02:00
|
|
|
}
|
2018-04-03 21:19:44 +02:00
|
|
|
|
2018-07-01 15:48:53 +02:00
|
|
|
// reportMitigatedCorruption is used to report a corruption that was transparently
|
|
|
|
// mitigated and did not return an error to the user. Pass the name of the corrupt
|
|
|
|
// item (filename for OpenDir(), xattr name for ListXAttr() etc).
|
|
|
|
// See the MitigatedCorruptions channel for more info.
|
|
|
|
func (fs *FS) reportMitigatedCorruption(item string) {
|
|
|
|
if fs.MitigatedCorruptions == nil {
|
2018-04-03 21:19:44 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
select {
|
2018-07-01 15:48:53 +02:00
|
|
|
case fs.MitigatedCorruptions <- item:
|
2018-04-03 21:19:44 +02:00
|
|
|
case <-time.After(1 * time.Second):
|
|
|
|
tlog.Warn.Printf("BUG: reportCorruptItem: timeout")
|
|
|
|
//debug.PrintStack()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|