2018-04-17 20:33:04 +02:00
|
|
|
// +build linux
|
|
|
|
|
|
|
|
// Package fusefrontend interfaces directly with the go-fuse library.
|
|
|
|
package fusefrontend
|
|
|
|
|
2018-11-11 17:43:48 +01:00
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"strings"
|
|
|
|
"syscall"
|
|
|
|
|
|
|
|
"github.com/hanwen/go-fuse/fuse"
|
|
|
|
|
|
|
|
"github.com/pkg/xattr"
|
|
|
|
|
|
|
|
"github.com/rfjakob/gocryptfs/internal/tlog"
|
|
|
|
)
|
2018-04-17 20:33:04 +02:00
|
|
|
|
|
|
|
// Only allow the "user" namespace, block "trusted" and "security", as
|
|
|
|
// these may be interpreted by the system, and we don't want to cause
|
|
|
|
// trouble with our encrypted garbage.
|
|
|
|
const xattrUserPrefix = "user."
|
|
|
|
|
|
|
|
func disallowedXAttrName(attr string) bool {
|
|
|
|
return !strings.HasPrefix(attr, xattrUserPrefix)
|
|
|
|
}
|
2018-05-01 18:46:51 +02:00
|
|
|
|
|
|
|
func filterXattrSetFlags(flags int) int {
|
|
|
|
return flags
|
|
|
|
}
|
2018-11-11 17:43:48 +01:00
|
|
|
|
2018-11-11 17:57:24 +01:00
|
|
|
// procFd returns the path to file descriptor "fd" in /proc/self/fd.
|
2018-11-11 17:43:48 +01:00
|
|
|
func procFd(fd int) string {
|
|
|
|
return fmt.Sprintf("/proc/self/fd/%d", fd)
|
|
|
|
}
|
|
|
|
|
|
|
|
// getFileFd calls fs.Open() on relative plaintext path "relPath" and returns
|
|
|
|
// the resulting fusefrontend.*File along with the underlying fd. The caller
|
2018-11-12 22:22:10 +01:00
|
|
|
// MUST call file.Release() when done with the file. The O_NONBLOCK flag is
|
|
|
|
// used to not block on FIFOs.
|
2018-11-11 17:43:48 +01:00
|
|
|
//
|
|
|
|
// Used by xattrGet() and friends.
|
|
|
|
func (fs *FS) getFileFd(relPath string, context *fuse.Context) (*File, int, fuse.Status) {
|
2018-11-12 22:22:10 +01:00
|
|
|
fuseFile, status := fs.Open(relPath, syscall.O_RDONLY|syscall.O_NONBLOCK, context)
|
2018-11-11 17:43:48 +01:00
|
|
|
if !status.Ok() {
|
|
|
|
return nil, -1, status
|
|
|
|
}
|
|
|
|
file, ok := fuseFile.(*File)
|
|
|
|
if !ok {
|
|
|
|
tlog.Warn.Printf("BUG: xattrGet: cast to *File failed")
|
|
|
|
fuseFile.Release()
|
|
|
|
return nil, -1, fuse.EIO
|
|
|
|
}
|
|
|
|
return file, file.intFd(), fuse.OK
|
|
|
|
}
|
|
|
|
|
2018-11-11 17:57:24 +01:00
|
|
|
// getXattr - read encrypted xattr name "cAttr" from relative
|
2018-11-11 17:43:48 +01:00
|
|
|
// plaintext path "relPath". Returns the encrypted xattr value.
|
|
|
|
//
|
2018-11-11 17:57:24 +01:00
|
|
|
// This function is symlink-safe by using /proc/self/fd.
|
2018-11-11 17:43:48 +01:00
|
|
|
func (fs *FS) getXattr(relPath string, cAttr string, context *fuse.Context) ([]byte, fuse.Status) {
|
|
|
|
file, fd, status := fs.getFileFd(relPath, context)
|
|
|
|
if !status.Ok() {
|
|
|
|
return nil, status
|
|
|
|
}
|
|
|
|
defer file.Release()
|
|
|
|
|
|
|
|
cData, err := xattr.Get(procFd(fd), cAttr)
|
|
|
|
if err != nil {
|
|
|
|
return nil, unpackXattrErr(err)
|
|
|
|
}
|
|
|
|
return cData, fuse.OK
|
|
|
|
}
|
2018-11-11 17:57:24 +01:00
|
|
|
|
|
|
|
// setXattr - set encrypted xattr name "cAttr" to value "cData" on plaintext
|
|
|
|
// path "relPath".
|
|
|
|
//
|
|
|
|
// This function is symlink-safe by using /proc/self/fd.
|
|
|
|
func (fs *FS) setXattr(relPath string, cAttr string, cData []byte, flags int, context *fuse.Context) fuse.Status {
|
|
|
|
file, fd, status := fs.getFileFd(relPath, context)
|
|
|
|
if !status.Ok() {
|
|
|
|
return status
|
|
|
|
}
|
|
|
|
defer file.Release()
|
|
|
|
|
|
|
|
err := xattr.SetWithFlags(procFd(fd), cAttr, cData, flags)
|
|
|
|
return unpackXattrErr(err)
|
|
|
|
}
|
2018-11-11 18:04:44 +01:00
|
|
|
|
|
|
|
// removeXAttr - remove encrypted xattr name "cAttr" from
|
|
|
|
// plaintext path "relPath".
|
|
|
|
//
|
|
|
|
// This function is symlink-safe on Linux by using /proc/self/fd.
|
|
|
|
func (fs *FS) removeXAttr(relPath string, cAttr string, context *fuse.Context) fuse.Status {
|
|
|
|
file, fd, status := fs.getFileFd(relPath, context)
|
|
|
|
if !status.Ok() {
|
|
|
|
return status
|
|
|
|
}
|
|
|
|
defer file.Release()
|
|
|
|
|
|
|
|
err := xattr.Remove(procFd(fd), cAttr)
|
|
|
|
return unpackXattrErr(err)
|
|
|
|
}
|
2018-11-11 18:27:37 +01:00
|
|
|
|
|
|
|
// listXAttr - list encrypted xattr names on plaintext path "relPath".
|
|
|
|
//
|
|
|
|
// This function is symlink-safe on Linux by using /proc/self/fd.
|
|
|
|
func (fs *FS) listXAttr(relPath string, context *fuse.Context) ([]string, fuse.Status) {
|
|
|
|
file, fd, status := fs.getFileFd(relPath, context)
|
|
|
|
if !status.Ok() {
|
|
|
|
// If relPath is a symlink, getFileFd fails with ELOOP. As setXattr()
|
|
|
|
// also fails with ELOOP, there is no way to set xattrs on symlinks,
|
|
|
|
// and we can assume that the file does not have any.
|
|
|
|
if status == fuse.Status(syscall.ELOOP) {
|
|
|
|
return nil, fuse.OK
|
|
|
|
}
|
|
|
|
return nil, status
|
|
|
|
}
|
|
|
|
defer file.Release()
|
|
|
|
|
|
|
|
cNames, err := xattr.List(procFd(fd))
|
|
|
|
if err != nil {
|
|
|
|
status := unpackXattrErr(err)
|
|
|
|
return nil, status
|
|
|
|
}
|
|
|
|
return cNames, fuse.OK
|
|
|
|
}
|