libgocryptfs/tests/reverse/correctness_test.go

package reverse_test

import (
	"bytes"
	"fmt"
	"io/ioutil"
	"os"
	"runtime"
	"syscall"
	"testing"

	"golang.org/x/sys/unix"

	"github.com/rfjakob/gocryptfs/internal/ctlsock"
	"github.com/rfjakob/gocryptfs/internal/syscallcompat"
	"github.com/rfjakob/gocryptfs/tests/test_helpers"
)

// TestLongnameStat checks that file names of all sizes (1 to 255) show up in
// the decrypted reverse view (dirC, mounted in TestMain).
func TestLongnameStat(t *testing.T) {
	for i := 1; i <= 255; i++ {
		name := string(bytes.Repeat([]byte("x"), i))
		fd, err := os.Create(dirA + "/" + name)
		if err != nil {
			t.Fatal(err)
		}
		fd.Close()
		path := dirC + "/" + name
		if !test_helpers.VerifyExistence(path) {
			t.Fatalf("failed to verify %q", path)
		}
		test_helpers.VerifySize(t, path, 0)
		// A large number of longname files is a performance problem in
		// reverse mode. Move the file out of the way once we are done with it
		// to speed up the test (2 seconds -> 0.2 seconds).
		// We do NOT unlink it because ext4 reuses inode numbers immediately,
		// which will cause "Found linked inode, but Nlink == 1" warnings and
		// file not found errors.
		// TODO: This problem should be handled at the go-fuse level.
		syscall.Rename(dirA+"/"+name, test_helpers.TmpDir+"/"+fmt.Sprintf("x%d", i))
	}
}

func TestSymlinks(t *testing.T) {
	target := "/"
	os.Symlink(target, dirA+"/symlink")
	cSymlink := dirC + "/symlink"
	_, err := os.Lstat(cSymlink)
	if err != nil {
		t.Errorf("Lstat: %v", err)
	}
	_, err = os.Stat(cSymlink)
	if err != nil {
		t.Errorf("Stat: %v", err)
	}
	actualTarget, err := os.Readlink(cSymlink)
	if err != nil {
		t.Fatal(err)
	}
	if target != actualTarget {
		t.Errorf("wrong symlink target: want=%q have=%q", target, actualTarget)
	}
}

// Symbolic link dentry sizes should be set to the length of the string
// that contains the target path.
func TestSymlinkDentrySize(t *testing.T) {
	if plaintextnames {
		t.Skip("this only tests encrypted names")
	}
	symlink := "a_symlink"

	mnt, err := ioutil.TempDir(test_helpers.TmpDir, "reverse_mnt_")
	if err != nil {
		t.Fatal(err)
	}

	sock := mnt + ".sock"
	test_helpers.MountOrFatal(t, "ctlsock_reverse_test_fs", mnt, "-reverse", "-extpass", "echo test", "-ctlsock="+sock)
	defer test_helpers.UnmountPanic(mnt)

	req := ctlsock.RequestStruct{EncryptPath: symlink}
	symlinkResponse := test_helpers.QueryCtlSock(t, sock, req)
	if symlinkResponse.ErrNo != 0 {
		t.Errorf("Encrypt: %q ErrNo=%d ErrText=%s", symlink, symlinkResponse.ErrNo, symlinkResponse.ErrText)
	}

	fi, err := os.Lstat(mnt + "/" + symlinkResponse.Result)
	if err != nil {
		t.Errorf("Lstat: %v", err)
	}

	target, err := os.Readlink(mnt + "/" + symlinkResponse.Result)
	if err != nil {
		t.Errorf("Readlink: %v", err)
	}

	if fi.Size() != int64(len(target)) {
		t.Errorf("Lstat reports that symbolic link %q's dentry size is %d, but this does not "+
			"match the length of the string returned by readlink, which is %d.",
			symlink, fi.Size(), len(target))
	}
}

// .gocryptfs.reverse.conf in the plaintext dir should be visible as
// gocryptfs.conf
func TestConfigMapping(t *testing.T) {
	c := dirB + "/gocryptfs.conf"
	if !test_helpers.VerifyExistence(c) {
		t.Errorf("%s missing", c)
	}
	data, err := ioutil.ReadFile(c)
	if err != nil {
		t.Fatal(err)
	}
	if len(data) == 0 {
		t.Errorf("empty file")
	}
}

// Check that the access() syscall works on virtual files
func TestAccessVirtual(t *testing.T) {
	if plaintextnames {
		t.Skip("test makes no sense for plaintextnames")
	}
	var R_OK uint32 = 4
	var W_OK uint32 = 2
	var X_OK uint32 = 1
	fn := dirB + "/gocryptfs.diriv"
	err := syscall.Access(fn, R_OK)
	if err != nil {
		t.Errorf("%q should be readable, but got error: %v", fn, err)
	}
	err = syscall.Access(fn, W_OK)
	if err == nil {
		t.Errorf("should NOT be writeable")
	}
	err = syscall.Access(fn, X_OK)
	if err == nil {
		t.Errorf("should NOT be executable")
	}
}

// Check that the access() syscall works on regular files
func TestAccess(t *testing.T) {
	f, err := os.Create(dirA + "/testaccess1")
	if err != nil {
		t.Fatal(err)
	}
	f.Close()
	f, err = os.Open(dirB)
	if err != nil {
		t.Fatal(err)
	}
	defer f.Close()
	names, err := f.Readdirnames(0)
	if err != nil {
		t.Fatal(err)
	}
	for _, n := range names {
		// Check if file exists - this should never fail
		err = syscallcompat.Faccessat(unix.AT_FDCWD, dirB+"/"+n, unix.F_OK)
		if err != nil {
			t.Errorf("%s: %v", n, err)
		}
		// Check if file is readable
		err = syscallcompat.Faccessat(unix.AT_FDCWD, dirB+"/"+n, unix.R_OK)
		if err != nil {
			t.Logf("%s: %v", n, err)
		}
	}
}

// Opening a nonexistant file name should return ENOENT
// and not EBADMSG or EIO or anything else.
func TestEnoent(t *testing.T) {
	fn := dirB + "/TestEnoent"
	_, err := syscall.Open(fn, syscall.O_RDONLY, 0)
	if err != syscall.ENOENT {
		t.Errorf("want ENOENT, got: %v", err)
	}
}

// If the symlink target gets too long due to base64 encoding, we should
// return ENAMETOOLONG instead of having the kernel reject the data and
// returning an I/O error to the user.
// https://github.com/rfjakob/gocryptfs/issues/167
func TestTooLongSymlink(t *testing.T) {
	l := 4000
	if runtime.GOOS == "darwin" {
		l = 1000 // max length is much lower on darwin
	}
	fn := dirA + "/TooLongSymlink"
	target := string(bytes.Repeat([]byte("x"), l))
	err := os.Symlink(target, fn)
	if err != nil {
		t.Fatal(err)
	}
	_, err = os.Readlink(dirC + "/TooLongSymlink")
	if err == nil {
		return
	}
	err2 := err.(*os.PathError)
	if err2.Err != syscall.ENAMETOOLONG {
		t.Errorf("Expected %q error, got %q instead", syscall.ENAMETOOLONG,
			err2.Err)
	}
}

// Test that we can traverse a directory with 0100 permissions
// (execute but no read). This used to be a problem as OpenDirNofollow opened
// all directory in the path with O_RDONLY. Now it uses O_PATH, which only needs
// the executable bit.
func Test0100Dir(t *testing.T) {
	dir := dirA + "/" + t.Name()
	err := os.Mkdir(dir, 0700)
	if err != nil {
		t.Fatal(err)
	}
	file := dir + "/hello"
	err = ioutil.WriteFile(file, []byte("hello"), 0600)
	if err != nil {
		t.Fatal(err)
	}
	err = os.Chmod(dir, 0100)
	if err != nil {
		t.Fatal(err)
	}

	fileReverse := dirC + "/" + t.Name() + "/hello"
	fd, err := os.Open(fileReverse)
	// Make sure the dir can be removed after the test is done
	os.Chmod(dir, 0700)
	if err != nil {
		t.Fatal(err)
	}
	fd.Close()
}
reverse: add gcmsiv flag and associated tests 2016-09-25 15:05:09 +02:00			`package reverse_test`

			`import (`
fusefrontend_reverse: fix 176-byte names A file with a name of exactly 176 bytes length caused this error: ls: cannot access ./tmp/dsg/sXSGJLTuZuW1FarwIkJs0w/b6mGjdxIRpaeanTo0rbh0A/QjMRrQZC_4WLhmHI1UOBcA/gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY: No such file or directory ls: cannot access ./tmp/dsg/sXSGJLTuZuW1FarwIkJs0w/b6mGjdxIRpaeanTo0rbh0A/QjMRrQZC_4WLhmHI1UOBcA/gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY.name: No such file or directory -????????? ? ? ? ? ? gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY -????????? ? ? ? ? ? gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY.name Root cause was a wrong shortNameMax constant that failed to account for the obligatory padding byte. Fix the constant and also expand the TestLongnameStat test case to test ALL file name lengths from 1-255 bytes. Fixes https://github.com/rfjakob/gocryptfs/issues/143 . 2017-10-01 13:50:25 +02:00			`"bytes"`
fusefrontend_reverse: workaround ext4 test failure The extended TestLongnameStat() exposes a pathological case when run on ext4, as ext4 reuses inode numbers immediately. This change modifies the test to not delete the files immediately, so the inode numbers cannot be reused immediately. Fix for the underlying issue is a TODO. 2017-10-03 21:15:17 +02:00			`"fmt"`
reverse: make gocryptfs.conf mapping plaintextnames-aware Only in plaintextnames-mode AND with the config file at the default location it will be mapped into the mountpoint. Also adds a test for that. 2016-10-08 20:57:38 +02:00			`"io/ioutil"`
reverse: add gcmsiv flag and associated tests 2016-09-25 15:05:09 +02:00			`"os"`
macos: adjust TestTooLongSymlink length for darwin Limit is much lower than on linux 2018-03-05 21:23:57 +01:00			`"runtime"`
tests: reverse: check Access() call 2017-02-16 21:20:29 +01:00			`"syscall"`
reverse: add gcmsiv flag and associated tests 2016-09-25 15:05:09 +02:00			`"testing"`
reverse: more thorough longname stat test Now also verifies the returned file size. 2016-09-25 15:32:46 +02:00
fusefrontend_reverse: secure Access against symlink races (somewhat) Unfortunately, faccessat in Linux ignores AT_SYMLINK_NOFOLLOW, so this is not completely atomic. Given that the information you get from access is not very interesting, it seems good enough. https://github.com/rfjakob/gocryptfs/issues/165 2017-12-07 00:08:10 +01:00			`"golang.org/x/sys/unix"`

Report correct symbolic link dentry sizes Prior to this commit, gocryptfs's reverse mode did not report correct directory entry sizes for symbolic links, where the dentry size needs to be the same as the length of a string containing the target path. This commit corrects this issue and adds a test case to verify the correctness of the implementation. This issue was discovered during the use of a strict file copying program on a reverse-mounted gocryptfs file system. 2017-03-07 10:09:09 +01:00			`"github.com/rfjakob/gocryptfs/internal/ctlsock"`
fusefrontend_reverse: secure Access against symlink races (somewhat) Unfortunately, faccessat in Linux ignores AT_SYMLINK_NOFOLLOW, so this is not completely atomic. Given that the information you get from access is not very interesting, it seems good enough. https://github.com/rfjakob/gocryptfs/issues/165 2017-12-07 00:08:10 +01:00			`"github.com/rfjakob/gocryptfs/internal/syscallcompat"`
reverse: more thorough longname stat test Now also verifies the returned file size. 2016-09-25 15:32:46 +02:00			`"github.com/rfjakob/gocryptfs/tests/test_helpers"`
reverse: add gcmsiv flag and associated tests 2016-09-25 15:05:09 +02:00			`)`

fusefrontend_reverse: fix 176-byte names A file with a name of exactly 176 bytes length caused this error: ls: cannot access ./tmp/dsg/sXSGJLTuZuW1FarwIkJs0w/b6mGjdxIRpaeanTo0rbh0A/QjMRrQZC_4WLhmHI1UOBcA/gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY: No such file or directory ls: cannot access ./tmp/dsg/sXSGJLTuZuW1FarwIkJs0w/b6mGjdxIRpaeanTo0rbh0A/QjMRrQZC_4WLhmHI1UOBcA/gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY.name: No such file or directory -????????? ? ? ? ? ? gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY -????????? ? ? ? ? ? gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY.name Root cause was a wrong shortNameMax constant that failed to account for the obligatory padding byte. Fix the constant and also expand the TestLongnameStat test case to test ALL file name lengths from 1-255 bytes. Fixes https://github.com/rfjakob/gocryptfs/issues/143 . 2017-10-01 13:50:25 +02:00			`// TestLongnameStat checks that file names of all sizes (1 to 255) show up in`
			`// the decrypted reverse view (dirC, mounted in TestMain).`
reverse: add gcmsiv flag and associated tests 2016-09-25 15:05:09 +02:00			`func TestLongnameStat(t *testing.T) {`
fusefrontend_reverse: fix 176-byte names A file with a name of exactly 176 bytes length caused this error: ls: cannot access ./tmp/dsg/sXSGJLTuZuW1FarwIkJs0w/b6mGjdxIRpaeanTo0rbh0A/QjMRrQZC_4WLhmHI1UOBcA/gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY: No such file or directory ls: cannot access ./tmp/dsg/sXSGJLTuZuW1FarwIkJs0w/b6mGjdxIRpaeanTo0rbh0A/QjMRrQZC_4WLhmHI1UOBcA/gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY.name: No such file or directory -????????? ? ? ? ? ? gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY -????????? ? ? ? ? ? gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY.name Root cause was a wrong shortNameMax constant that failed to account for the obligatory padding byte. Fix the constant and also expand the TestLongnameStat test case to test ALL file name lengths from 1-255 bytes. Fixes https://github.com/rfjakob/gocryptfs/issues/143 . 2017-10-01 13:50:25 +02:00			`for i := 1; i <= 255; i++ {`
			`name := string(bytes.Repeat([]byte("x"), i))`
			`fd, err := os.Create(dirA + "/" + name)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`fd.Close()`
			`path := dirC + "/" + name`
			`if !test_helpers.VerifyExistence(path) {`
fusefrontend_reverse: workaround ext4 test failure The extended TestLongnameStat() exposes a pathological case when run on ext4, as ext4 reuses inode numbers immediately. This change modifies the test to not delete the files immediately, so the inode numbers cannot be reused immediately. Fix for the underlying issue is a TODO. 2017-10-03 21:15:17 +02:00			`t.Fatalf("failed to verify %q", path)`
fusefrontend_reverse: fix 176-byte names A file with a name of exactly 176 bytes length caused this error: ls: cannot access ./tmp/dsg/sXSGJLTuZuW1FarwIkJs0w/b6mGjdxIRpaeanTo0rbh0A/QjMRrQZC_4WLhmHI1UOBcA/gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY: No such file or directory ls: cannot access ./tmp/dsg/sXSGJLTuZuW1FarwIkJs0w/b6mGjdxIRpaeanTo0rbh0A/QjMRrQZC_4WLhmHI1UOBcA/gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY.name: No such file or directory -????????? ? ? ? ? ? gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY -????????? ? ? ? ? ? gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY.name Root cause was a wrong shortNameMax constant that failed to account for the obligatory padding byte. Fix the constant and also expand the TestLongnameStat test case to test ALL file name lengths from 1-255 bytes. Fixes https://github.com/rfjakob/gocryptfs/issues/143 . 2017-10-01 13:50:25 +02:00			`}`
			`test_helpers.VerifySize(t, path, 0)`
			`// A large number of longname files is a performance problem in`
fusefrontend_reverse: workaround ext4 test failure The extended TestLongnameStat() exposes a pathological case when run on ext4, as ext4 reuses inode numbers immediately. This change modifies the test to not delete the files immediately, so the inode numbers cannot be reused immediately. Fix for the underlying issue is a TODO. 2017-10-03 21:15:17 +02:00			`// reverse mode. Move the file out of the way once we are done with it`
			`// to speed up the test (2 seconds -> 0.2 seconds).`
			`// We do NOT unlink it because ext4 reuses inode numbers immediately,`
			`// which will cause "Found linked inode, but Nlink == 1" warnings and`
			`// file not found errors.`
			`// TODO: This problem should be handled at the go-fuse level.`
			`syscall.Rename(dirA+"/"+name, test_helpers.TmpDir+"/"+fmt.Sprintf("x%d", i))`
reverse: add gcmsiv flag and associated tests 2016-09-25 15:05:09 +02:00			`}`
			`}`
reverse: add symlink encryption and Readlink support 2016-09-25 18:01:24 +02:00
			`func TestSymlinks(t *testing.T) {`
			`target := "/"`
			`os.Symlink(target, dirA+"/symlink")`
			`cSymlink := dirC + "/symlink"`
			`_, err := os.Lstat(cSymlink)`
			`if err != nil {`
			`t.Errorf("Lstat: %v", err)`
			`}`
			`_, err = os.Stat(cSymlink)`
			`if err != nil {`
			`t.Errorf("Stat: %v", err)`
			`}`
			`actualTarget, err := os.Readlink(cSymlink)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if target != actualTarget {`
			`t.Errorf("wrong symlink target: want=%q have=%q", target, actualTarget)`
			`}`
			`}`
reverse: make gocryptfs.conf mapping plaintextnames-aware Only in plaintextnames-mode AND with the config file at the default location it will be mapped into the mountpoint. Also adds a test for that. 2016-10-08 20:57:38 +02:00
Report correct symbolic link dentry sizes Prior to this commit, gocryptfs's reverse mode did not report correct directory entry sizes for symbolic links, where the dentry size needs to be the same as the length of a string containing the target path. This commit corrects this issue and adds a test case to verify the correctness of the implementation. This issue was discovered during the use of a strict file copying program on a reverse-mounted gocryptfs file system. 2017-03-07 10:09:09 +01:00			`// Symbolic link dentry sizes should be set to the length of the string`
			`// that contains the target path.`
			`func TestSymlinkDentrySize(t *testing.T) {`
tests: reverse: don't run tests that ignore "-plaintextnames" twice TestMain() runs all tests twice, once with plaintextnames=true and once with false. Several tests mount their own filesystem and ignore the plaintextnames variable. It makes no sense to run them twice, so skip execution when plaintextnames is set. 2017-03-07 20:53:58 +01:00			`if plaintextnames {`
			`t.Skip("this only tests encrypted names")`
			`}`
Report correct symbolic link dentry sizes Prior to this commit, gocryptfs's reverse mode did not report correct directory entry sizes for symbolic links, where the dentry size needs to be the same as the length of a string containing the target path. This commit corrects this issue and adds a test case to verify the correctness of the implementation. This issue was discovered during the use of a strict file copying program on a reverse-mounted gocryptfs file system. 2017-03-07 10:09:09 +01:00			`symlink := "a_symlink"`

			`mnt, err := ioutil.TempDir(test_helpers.TmpDir, "reverse_mnt_")`
			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`sock := mnt + ".sock"`
			`test_helpers.MountOrFatal(t, "ctlsock_reverse_test_fs", mnt, "-reverse", "-extpass", "echo test", "-ctlsock="+sock)`
			`defer test_helpers.UnmountPanic(mnt)`

			`req := ctlsock.RequestStruct{EncryptPath: symlink}`
			`symlinkResponse := test_helpers.QueryCtlSock(t, sock, req)`
			`if symlinkResponse.ErrNo != 0 {`
			`t.Errorf("Encrypt: %q ErrNo=%d ErrText=%s", symlink, symlinkResponse.ErrNo, symlinkResponse.ErrText)`
			`}`

			`fi, err := os.Lstat(mnt + "/" + symlinkResponse.Result)`
			`if err != nil {`
			`t.Errorf("Lstat: %v", err)`
			`}`

			`target, err := os.Readlink(mnt + "/" + symlinkResponse.Result)`
			`if err != nil {`
			`t.Errorf("Readlink: %v", err)`
			`}`

			`if fi.Size() != int64(len(target)) {`
			`t.Errorf("Lstat reports that symbolic link %q's dentry size is %d, but this does not "+`
			`"match the length of the string returned by readlink, which is %d.",`
			`symlink, fi.Size(), len(target))`
			`}`
			`}`

reverse: make gocryptfs.conf mapping plaintextnames-aware Only in plaintextnames-mode AND with the config file at the default location it will be mapped into the mountpoint. Also adds a test for that. 2016-10-08 20:57:38 +02:00			`// .gocryptfs.reverse.conf in the plaintext dir should be visible as`
			`// gocryptfs.conf`
			`func TestConfigMapping(t *testing.T) {`
			`c := dirB + "/gocryptfs.conf"`
reverse: gocryptfs.conf was missing from the directory listings Fix the test for that and add checks in example_filesystems_test. 2016-10-08 22:25:08 +02:00			`if !test_helpers.VerifyExistence(c) {`
			`t.Errorf("%s missing", c)`
			`}`
reverse: make gocryptfs.conf mapping plaintextnames-aware Only in plaintextnames-mode AND with the config file at the default location it will be mapped into the mountpoint. Also adds a test for that. 2016-10-08 20:57:38 +02:00			`data, err := ioutil.ReadFile(c)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if len(data) == 0 {`
			`t.Errorf("empty file")`
			`}`
			`}`
tests: reverse: check Access() call 2017-02-16 21:20:29 +01:00
			`// Check that the access() syscall works on virtual files`
			`func TestAccessVirtual(t *testing.T) {`
			`if plaintextnames {`
tests: reverse: don't run tests that ignore "-plaintextnames" twice TestMain() runs all tests twice, once with plaintextnames=true and once with false. Several tests mount their own filesystem and ignore the plaintextnames variable. It makes no sense to run them twice, so skip execution when plaintextnames is set. 2017-03-07 20:53:58 +01:00			`t.Skip("test makes no sense for plaintextnames")`
tests: reverse: check Access() call 2017-02-16 21:20:29 +01:00			`}`
			`var R_OK uint32 = 4`
			`var W_OK uint32 = 2`
			`var X_OK uint32 = 1`
			`fn := dirB + "/gocryptfs.diriv"`
			`err := syscall.Access(fn, R_OK)`
			`if err != nil {`
			`t.Errorf("%q should be readable, but got error: %v", fn, err)`
			`}`
			`err = syscall.Access(fn, W_OK)`
			`if err == nil {`
			`t.Errorf("should NOT be writeable")`
			`}`
			`err = syscall.Access(fn, X_OK)`
			`if err == nil {`
			`t.Errorf("should NOT be executable")`
			`}`
			`}`
fusefrontend_reverse: return ENOENT for undecryptable names This was working until DecryptName switched to returning EBADMSG instead of EINVAL. Add a test to catch the regression next time. 2017-07-27 20:31:22 +02:00
fusefrontend_reverse: secure Access against symlink races (somewhat) Unfortunately, faccessat in Linux ignores AT_SYMLINK_NOFOLLOW, so this is not completely atomic. Given that the information you get from access is not very interesting, it seems good enough. https://github.com/rfjakob/gocryptfs/issues/165 2017-12-07 00:08:10 +01:00			`// Check that the access() syscall works on regular files`
			`func TestAccess(t *testing.T) {`
			`f, err := os.Create(dirA + "/testaccess1")`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`f.Close()`
			`f, err = os.Open(dirB)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
macos: fix fd leak in reverse tests Causes "Resource busy" unmount failures on macos 2018-03-05 23:21:08 +01:00			`defer f.Close()`
fusefrontend_reverse: secure Access against symlink races (somewhat) Unfortunately, faccessat in Linux ignores AT_SYMLINK_NOFOLLOW, so this is not completely atomic. Given that the information you get from access is not very interesting, it seems good enough. https://github.com/rfjakob/gocryptfs/issues/165 2017-12-07 00:08:10 +01:00			`names, err := f.Readdirnames(0)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`for _, n := range names {`
			`// Check if file exists - this should never fail`
			`err = syscallcompat.Faccessat(unix.AT_FDCWD, dirB+"/"+n, unix.F_OK)`
			`if err != nil {`
			`t.Errorf("%s: %v", n, err)`
			`}`
			`// Check if file is readable`
			`err = syscallcompat.Faccessat(unix.AT_FDCWD, dirB+"/"+n, unix.R_OK)`
			`if err != nil {`
			`t.Logf("%s: %v", n, err)`
			`}`
			`}`
			`}`

fusefrontend_reverse: return ENOENT for undecryptable names This was working until DecryptName switched to returning EBADMSG instead of EINVAL. Add a test to catch the regression next time. 2017-07-27 20:31:22 +02:00			`// Opening a nonexistant file name should return ENOENT`
			`// and not EBADMSG or EIO or anything else.`
			`func TestEnoent(t *testing.T) {`
			`fn := dirB + "/TestEnoent"`
			`_, err := syscall.Open(fn, syscall.O_RDONLY, 0)`
			`if err != syscall.ENOENT {`
			`t.Errorf("want ENOENT, got: %v", err)`
			`}`
			`}`
reverse: reject too-long symlink target reads with ENAMETOOLONG If the symlink target gets too long due to base64 encoding, we should return ENAMETOOLONG instead of having the kernel reject the data and returning an I/O error to the user. Fixes https://github.com/rfjakob/gocryptfs/issues/167 2017-11-26 21:27:29 +01:00
			`// If the symlink target gets too long due to base64 encoding, we should`
			`// return ENAMETOOLONG instead of having the kernel reject the data and`
			`// returning an I/O error to the user.`
			`// https://github.com/rfjakob/gocryptfs/issues/167`
			`func TestTooLongSymlink(t *testing.T) {`
macos: adjust TestTooLongSymlink length for darwin Limit is much lower than on linux 2018-03-05 21:23:57 +01:00			`l := 4000`
			`if runtime.GOOS == "darwin" {`
			`l = 1000 // max length is much lower on darwin`
			`}`
reverse: reject too-long symlink target reads with ENAMETOOLONG If the symlink target gets too long due to base64 encoding, we should return ENAMETOOLONG instead of having the kernel reject the data and returning an I/O error to the user. Fixes https://github.com/rfjakob/gocryptfs/issues/167 2017-11-26 21:27:29 +01:00			`fn := dirA + "/TooLongSymlink"`
macos: adjust TestTooLongSymlink length for darwin Limit is much lower than on linux 2018-03-05 21:23:57 +01:00			`target := string(bytes.Repeat([]byte("x"), l))`
reverse: reject too-long symlink target reads with ENAMETOOLONG If the symlink target gets too long due to base64 encoding, we should return ENAMETOOLONG instead of having the kernel reject the data and returning an I/O error to the user. Fixes https://github.com/rfjakob/gocryptfs/issues/167 2017-11-26 21:27:29 +01:00			`err := os.Symlink(target, fn)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`_, err = os.Readlink(dirC + "/TooLongSymlink")`
			`if err == nil {`
			`return`
			`}`
			`err2 := err.(*os.PathError)`
			`if err2.Err != syscall.ENAMETOOLONG {`
			`t.Errorf("Expected %q error, got %q instead", syscall.ENAMETOOLONG,`
			`err2.Err)`
			`}`
			`}`
syscallcompat: use O_PATH in OpenDirNofollow This fixes the "0100 directory" problem in reverse mode, and should be slightly faster. 2018-09-08 18:06:33 +02:00
			`// Test that we can traverse a directory with 0100 permissions`
			`// (execute but no read). This used to be a problem as OpenDirNofollow opened`
			`// all directory in the path with O_RDONLY. Now it uses O_PATH, which only needs`
			`// the executable bit.`
			`func Test0100Dir(t *testing.T) {`
			`dir := dirA + "/" + t.Name()`
			`err := os.Mkdir(dir, 0700)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`file := dir + "/hello"`
			`err = ioutil.WriteFile(file, []byte("hello"), 0600)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`err = os.Chmod(dir, 0100)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`fileReverse := dirC + "/" + t.Name() + "/hello"`
			`fd, err := os.Open(fileReverse)`
			`// Make sure the dir can be removed after the test is done`
			`os.Chmod(dir, 0700)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`fd.Close()`
			`}`