libgocryptfs/internal/fusefrontend/ctlsock_interface.go

package fusefrontend

import (
	"path"
	"path/filepath"
	"strings"
	"syscall"

	"github.com/rfjakob/gocryptfs/v2/internal/ctlsocksrv"
	"github.com/rfjakob/gocryptfs/v2/internal/nametransform"
	"github.com/rfjakob/gocryptfs/v2/internal/syscallcompat"
	"github.com/rfjakob/gocryptfs/v2/internal/tlog"
)

var _ ctlsocksrv.Interface = &RootNode{} // Verify that interface is implemented.

// EncryptPath implements ctlsock.Backend
//
// Symlink-safe through openBackingDir().
func (rn *RootNode) EncryptPath(plainPath string) (cipherPath string, err error) {
	if rn.args.PlaintextNames || plainPath == "" {
		return plainPath, nil
	}

	dirfd, _, errno := rn.prepareAtSyscallMyself()
	if errno != 0 {
		return "", errno
	}
	defer syscall.Close(dirfd)

	// Encrypt path level by level
	parts := strings.Split(plainPath, "/")
	wd := dirfd
	for i, part := range parts {
		dirIV, err := rn.nameTransform.ReadDirIVAt(wd)
		if err != nil {
			return "", err
		}
		cPart, err := rn.nameTransform.EncryptAndHashName(part, dirIV)
		if err != nil {
			return "", err
		}
		cipherPath = filepath.Join(cipherPath, cPart)
		// Last path component? We are done.
		if i == len(parts)-1 {
			break
		}
		// Descend into next directory
		wd, err = syscallcompat.Openat(wd, cPart, syscall.O_NOFOLLOW|syscall.O_DIRECTORY|syscallcompat.O_PATH, 0)
		if err != nil {
			return "", err
		}
		// Yes this is somewhat wasteful in terms of used file descriptors:
		// we keep them all open until the function returns. But it is simple
		// and reliable.
		defer syscall.Close(wd)
	}
	tlog.Debug.Printf("EncryptPath %q -> %q", plainPath, cipherPath)
	return cipherPath, nil
}

// DecryptPath implements ctlsock.Backend
//
// DecryptPath is symlink-safe because openBackingDir() and decryptPathAt()
// are symlink-safe.
func (rn *RootNode) DecryptPath(cipherPath string) (plainPath string, err error) {
	if rn.args.PlaintextNames || cipherPath == "" {
		return cipherPath, nil
	}

	dirfd, _, errno := rn.prepareAtSyscallMyself()
	if errno != 0 {
		return "", errno
	}
	defer syscall.Close(dirfd)

	// Decrypt path level by level
	parts := strings.Split(cipherPath, "/")
	wd := dirfd
	for i, part := range parts {
		dirIV, err := rn.nameTransform.ReadDirIVAt(wd)
		if err != nil {
			return "", err
		}
		longPart := part
		if nametransform.IsLongContent(part) {
			longPart, err = nametransform.ReadLongNameAt(wd, part)
			if err != nil {
				return "", err
			}
		}
		name, err := rn.nameTransform.DecryptName(longPart, dirIV)
		if err != nil {
			return "", err
		}
		plainPath = path.Join(plainPath, name)
		// Last path component? We are done.
		if i == len(parts)-1 {
			break
		}
		// Descend into next directory
		wd, err = syscallcompat.Openat(wd, part, syscall.O_NOFOLLOW|syscall.O_DIRECTORY|syscallcompat.O_PATH, 0)
		if err != nil {
			return "", err
		}
		// Yes this is somewhat wasteful in terms of used file descriptors:
		// we keep them all open until the function returns. But it is simple
		// and reliable.
		defer syscall.Close(wd)
	}
	return plainPath, nil
}
ctlsock: add initial limited implementation At the moment, in forward mode you can only encrypt paths and in reverse mode you can only decrypt paths. 2016-11-10 00:27:08 +01:00			`package fusefrontend`

			`import (`
fusefrontend: implement path decryption via ctlsock Closes https://github.com/rfjakob/gocryptfs/issues/84 . 2017-05-07 21:01:39 +02:00			`"path"`
fusefronted: make EncryptPath symlink-safe Finally allows us to delete EncryptPathDirIV. 2019-01-02 21:45:40 +01:00			`"path/filepath"`
fusefrontend: implement path decryption via ctlsock Closes https://github.com/rfjakob/gocryptfs/issues/84 . 2017-05-07 21:01:39 +02:00			`"strings"`
fusefrontend: make DecryptPath() symlink-safe DecryptPath is now symlink-safe through the use of *at() functions. 2018-10-01 21:28:54 +02:00			`"syscall"`
ctlsock: add initial limited implementation At the moment, in forward mode you can only encrypt paths and in reverse mode you can only decrypt paths. 2016-11-10 00:27:08 +01:00
go mod: declare module version v2 Our git version is v2+ for some time now, but go.mod still declared v1. Hopefully making both match makes https://pkg.go.dev/github.com/rfjakob/gocryptfs/v2 work. All the import paths have been fixed like this: find . -name \*.go \| xargs sed -i s%github.com/rfjakob/gocryptfs/%github.com/rfjakob/gocryptfs/v2/% 2021-08-23 15:05:15 +02:00			`"github.com/rfjakob/gocryptfs/v2/internal/ctlsocksrv"`
			`"github.com/rfjakob/gocryptfs/v2/internal/nametransform"`
			`"github.com/rfjakob/gocryptfs/v2/internal/syscallcompat"`
			`"github.com/rfjakob/gocryptfs/v2/internal/tlog"`
ctlsock: add initial limited implementation At the moment, in forward mode you can only encrypt paths and in reverse mode you can only decrypt paths. 2016-11-10 00:27:08 +01:00			`)`

v2api: implement ctlsocksrv.Interface 2020-07-17 22:14:40 +02:00			`var _ ctlsocksrv.Interface = &RootNode{} // Verify that interface is implemented.`
ctlsock: add initial limited implementation At the moment, in forward mode you can only encrypt paths and in reverse mode you can only decrypt paths. 2016-11-10 00:27:08 +01:00
			`// EncryptPath implements ctlsock.Backend`
fusefrontend: use openBackingDir in ctlsock interface Instead of calling syscall.Open() ourselves, rely on openBackingDir(). 2018-11-04 21:27:13 +01:00			`//`
fusefronted: make EncryptPath symlink-safe Finally allows us to delete EncryptPathDirIV. 2019-01-02 21:45:40 +01:00			`// Symlink-safe through openBackingDir().`
fusefrontend: convert ctlsock from openBackingDir to prepareAtSyscall openBackingDir will be removed. Also, remove leftover debug printfs. 2021-06-26 18:39:23 +02:00			`func (rn *RootNode) EncryptPath(plainPath string) (cipherPath string, err error) {`
fusefrontend: ctlsock: get rid of unneccessary wrapper function 2021-06-26 18:42:36 +02:00			`if rn.args.PlaintextNames \|\| plainPath == "" {`
fusefronted: make EncryptPath symlink-safe Finally allows us to delete EncryptPathDirIV. 2019-01-02 21:45:40 +01:00			`return plainPath, nil`
			`}`
fusefrontend: convert ctlsock from openBackingDir to prepareAtSyscall openBackingDir will be removed. Also, remove leftover debug printfs. 2021-06-26 18:39:23 +02:00
			`dirfd, _, errno := rn.prepareAtSyscallMyself()`
			`if errno != 0 {`
			`return "", errno`
			`}`
			`defer syscall.Close(dirfd)`

			`// Encrypt path level by level`
fusefronted: make EncryptPath symlink-safe Finally allows us to delete EncryptPathDirIV. 2019-01-02 21:45:40 +01:00			`parts := strings.Split(plainPath, "/")`
fusefrontend: convert ctlsock from openBackingDir to prepareAtSyscall openBackingDir will be removed. Also, remove leftover debug printfs. 2021-06-26 18:39:23 +02:00			`wd := dirfd`
			`for i, part := range parts {`
Implement -deterministic-names: extended -zerodiriv -deterministc-names uses all-zero dirivs but does not write them to disk anymore. 2021-08-20 10:57:26 +02:00			`dirIV, err := rn.nameTransform.ReadDirIVAt(wd)`
fusefrontend: convert ctlsock from openBackingDir to prepareAtSyscall openBackingDir will be removed. Also, remove leftover debug printfs. 2021-06-26 18:39:23 +02:00			`if err != nil {`
			`return "", err`
			`}`
			`cPart, err := rn.nameTransform.EncryptAndHashName(part, dirIV)`
fusefronted: make EncryptPath symlink-safe Finally allows us to delete EncryptPathDirIV. 2019-01-02 21:45:40 +01:00			`if err != nil {`
			`return "", err`
			`}`
fusefrontend: convert ctlsock from openBackingDir to prepareAtSyscall openBackingDir will be removed. Also, remove leftover debug printfs. 2021-06-26 18:39:23 +02:00			`cipherPath = filepath.Join(cipherPath, cPart)`
			`// Last path component? We are done.`
			`if i == len(parts)-1 {`
			`break`
			`}`
			`// Descend into next directory`
			`wd, err = syscallcompat.Openat(wd, cPart, syscall.O_NOFOLLOW\|syscall.O_DIRECTORY\|syscallcompat.O_PATH, 0)`
			`if err != nil {`
			`return "", err`
			`}`
			`// Yes this is somewhat wasteful in terms of used file descriptors:`
			`// we keep them all open until the function returns. But it is simple`
			`// and reliable.`
			`defer syscall.Close(wd)`
fusefronted: make EncryptPath symlink-safe Finally allows us to delete EncryptPathDirIV. 2019-01-02 21:45:40 +01:00			`}`
fusefrontend: convert ctlsock from openBackingDir to prepareAtSyscall openBackingDir will be removed. Also, remove leftover debug printfs. 2021-06-26 18:39:23 +02:00			`tlog.Debug.Printf("EncryptPath %q -> %q", plainPath, cipherPath)`
			`return cipherPath, nil`
ctlsock: add initial limited implementation At the moment, in forward mode you can only encrypt paths and in reverse mode you can only decrypt paths. 2016-11-10 00:27:08 +01:00			`}`

			`// DecryptPath implements ctlsock.Backend`
fusefrontend: use openBackingDir in ctlsock interface Instead of calling syscall.Open() ourselves, rely on openBackingDir(). 2018-11-04 21:27:13 +01:00			`//`
			`// DecryptPath is symlink-safe because openBackingDir() and decryptPathAt()`
			`// are symlink-safe.`
v2api: implement ctlsocksrv.Interface 2020-07-17 22:14:40 +02:00			`func (rn *RootNode) DecryptPath(cipherPath string) (plainPath string, err error) {`
fusefrontend: ctlsock: get rid of unneccessary wrapper function 2021-06-26 18:42:36 +02:00			`if rn.args.PlaintextNames \|\| cipherPath == "" {`
			`return cipherPath, nil`
			`}`

fusefrontend: convert ctlsock from openBackingDir to prepareAtSyscall openBackingDir will be removed. Also, remove leftover debug printfs. 2021-06-26 18:39:23 +02:00			`dirfd, _, errno := rn.prepareAtSyscallMyself()`
			`if errno != 0 {`
			`return "", errno`
fusefrontend: make DecryptPath() symlink-safe DecryptPath is now symlink-safe through the use of *at() functions. 2018-10-01 21:28:54 +02:00			`}`
			`defer syscall.Close(dirfd)`

fusefrontend: ctlsock: get rid of unneccessary wrapper function 2021-06-26 18:42:36 +02:00			`// Decrypt path level by level`
fusefrontend: implement path decryption via ctlsock Closes https://github.com/rfjakob/gocryptfs/issues/84 . 2017-05-07 21:01:39 +02:00			`parts := strings.Split(cipherPath, "/")`
fusefrontend: make DecryptPath() symlink-safe DecryptPath is now symlink-safe through the use of *at() functions. 2018-10-01 21:28:54 +02:00			`wd := dirfd`
			`for i, part := range parts {`
Implement -deterministic-names: extended -zerodiriv -deterministc-names uses all-zero dirivs but does not write them to disk anymore. 2021-08-20 10:57:26 +02:00			`dirIV, err := rn.nameTransform.ReadDirIVAt(wd)`
fusefrontend: implement path decryption via ctlsock Closes https://github.com/rfjakob/gocryptfs/issues/84 . 2017-05-07 21:01:39 +02:00			`if err != nil {`
			`return "", err`
			`}`
			`longPart := part`
			`if nametransform.IsLongContent(part) {`
fusefrontend: make DecryptPath() symlink-safe DecryptPath is now symlink-safe through the use of *at() functions. 2018-10-01 21:28:54 +02:00			`longPart, err = nametransform.ReadLongNameAt(wd, part)`
fusefrontend: implement path decryption via ctlsock Closes https://github.com/rfjakob/gocryptfs/issues/84 . 2017-05-07 21:01:39 +02:00			`if err != nil {`
			`return "", err`
			`}`
			`}`
v2api: implement ctlsocksrv.Interface 2020-07-17 22:14:40 +02:00			`name, err := rn.nameTransform.DecryptName(longPart, dirIV)`
fusefrontend: implement path decryption via ctlsock Closes https://github.com/rfjakob/gocryptfs/issues/84 . 2017-05-07 21:01:39 +02:00			`if err != nil {`
			`return "", err`
			`}`
			`plainPath = path.Join(plainPath, name)`
fusefrontend: make DecryptPath() symlink-safe DecryptPath is now symlink-safe through the use of *at() functions. 2018-10-01 21:28:54 +02:00			`// Last path component? We are done.`
			`if i == len(parts)-1 {`
			`break`
			`}`
			`// Descend into next directory`
fusefrontend: Use appropriate flags in decryptPathAt. 2019-01-03 17:54:38 +01:00			`wd, err = syscallcompat.Openat(wd, part, syscall.O_NOFOLLOW\|syscall.O_DIRECTORY\|syscallcompat.O_PATH, 0)`
fusefrontend: make DecryptPath() symlink-safe DecryptPath is now symlink-safe through the use of *at() functions. 2018-10-01 21:28:54 +02:00			`if err != nil {`
			`return "", err`
			`}`
fusefrontend: fix fd leak in error path 2019-01-01 20:49:56 +01:00			`// Yes this is somewhat wasteful in terms of used file descriptors:`
			`// we keep them all open until the function returns. But it is simple`
			`// and reliable.`
			`defer syscall.Close(wd)`
fusefrontend: implement path decryption via ctlsock Closes https://github.com/rfjakob/gocryptfs/issues/84 . 2017-05-07 21:01:39 +02:00			`}`
			`return plainPath, nil`
ctlsock: add initial limited implementation At the moment, in forward mode you can only encrypt paths and in reverse mode you can only decrypt paths. 2016-11-10 00:27:08 +01:00			`}`