Centralize path filter decision in CryptFS.IsFiltered()
This commit is contained in:
Jakob Unterwurzacher
parent
b80167b39d
commit
050005fd7b
|
|
@ -0,0 +1,14 @@
|
|||
package cryptfs
|
||||
|
||||
// IsFiltered - check if "path" should be forbidden
|
||||
//
|
||||
// Used to prevent name clashes with gocryptfs.conf
|
||||
// when file names are not encrypted
|
||||
func (be *CryptFS) IsFiltered(path string) bool {
|
||||
// gocryptfs.conf in the root directory is forbidden
|
||||
if be.plaintextNames == true && path == "gocryptfs.conf" {
|
||||
Warn.Printf("The name \"/gocryptfs.conf\" is reserved when \"--plaintextnames\" is used\n")
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
|
@ -34,8 +34,8 @@ func (fs *FS) GetPath(relPath string) string {
|
|||
|
||||
func (fs *FS) GetAttr(name string, context *fuse.Context) (*fuse.Attr, fuse.Status) {
|
||||
cryptfs.Debug.Printf("FS.GetAttr('%s')\n", name)
|
||||
if name == cryptfs.ConfDefaultName {
|
||||
return nil, fuse.EPERM // See comment in Open()
|
||||
if fs.CryptFS.IsFiltered(name) {
|
||||
return nil, fuse.EPERM
|
||||
}
|
||||
cName := fs.EncryptPath(name)
|
||||
a, status := fs.FileSystem.GetAttr(cName, context)
|
||||
|
|
@ -60,7 +60,7 @@ func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, f
|
|||
for i := range cipherEntries {
|
||||
cName := cipherEntries[i].Name
|
||||
if dirName == "" && cName == cryptfs.ConfDefaultName {
|
||||
// ignore "gocryptfs.conf" in the top level dir
|
||||
// silently ignore "gocryptfs.conf" in the top level dir
|
||||
continue
|
||||
}
|
||||
name, err := fs.DecryptPath(cName)
|
||||
|
|
@ -90,14 +90,9 @@ func (fs *FS) mangleOpenFlags(flags uint32) (newFlags int, writeOnly bool) {
|
|||
|
||||
func (fs *FS) Open(path string, flags uint32, context *fuse.Context) (fuseFile nodefs.File, status fuse.Status) {
|
||||
cryptfs.Debug.Printf("Open(%s)\n", path)
|
||||
|
||||
if path == cryptfs.ConfDefaultName {
|
||||
// "gocryptfs.conf" in the top level dir is forbidden
|
||||
// to protect the config file of this filesystem if
|
||||
// "--plaintextnames" is enabled
|
||||
if fs.CryptFS.IsFiltered(path){
|
||||
return nil, fuse.EPERM
|
||||
}
|
||||
|
||||
iflags, writeOnly := fs.mangleOpenFlags(flags)
|
||||
f, err := os.OpenFile(fs.GetPath(path), iflags, 0666)
|
||||
if err != nil {
|
||||
|
|
@ -108,10 +103,9 @@ func (fs *FS) Open(path string, flags uint32, context *fuse.Context) (fuseFile n
|
|||
}
|
||||
|
||||
func (fs *FS) Create(path string, flags uint32, mode uint32, context *fuse.Context) (fuseFile nodefs.File, code fuse.Status) {
|
||||
if path == cryptfs.ConfDefaultName {
|
||||
return nil, fuse.EPERM // See comment in Open()
|
||||
if fs.CryptFS.IsFiltered(path){
|
||||
return nil, fuse.EPERM
|
||||
}
|
||||
|
||||
iflags, writeOnly := fs.mangleOpenFlags(flags)
|
||||
f, err := os.OpenFile(fs.GetPath(path), iflags|os.O_CREATE, os.FileMode(mode))
|
||||
if err != nil {
|
||||
|
|
@ -121,26 +115,23 @@ func (fs *FS) Create(path string, flags uint32, mode uint32, context *fuse.Conte
|
|||
}
|
||||
|
||||
func (fs *FS) Chmod(path string, mode uint32, context *fuse.Context) (code fuse.Status) {
|
||||
if path == cryptfs.ConfDefaultName {
|
||||
return fuse.EPERM // See comment in Open()
|
||||
if fs.CryptFS.IsFiltered(path){
|
||||
return fuse.EPERM
|
||||
}
|
||||
|
||||
return fs.FileSystem.Chmod(fs.EncryptPath(path), mode, context)
|
||||
}
|
||||
|
||||
func (fs *FS) Chown(path string, uid uint32, gid uint32, context *fuse.Context) (code fuse.Status) {
|
||||
if path == cryptfs.ConfDefaultName {
|
||||
return fuse.EPERM // See comment in Open()
|
||||
if fs.CryptFS.IsFiltered(path){
|
||||
return fuse.EPERM
|
||||
}
|
||||
|
||||
return fs.FileSystem.Chown(fs.EncryptPath(path), uid, gid, context)
|
||||
}
|
||||
|
||||
func (fs *FS) Mknod(name string, mode uint32, dev uint32, context *fuse.Context) (code fuse.Status) {
|
||||
if name == cryptfs.ConfDefaultName {
|
||||
return fuse.EPERM // See comment in Open()
|
||||
if fs.CryptFS.IsFiltered(name){
|
||||
return fuse.EPERM
|
||||
}
|
||||
|
||||
return fs.FileSystem.Mknod(fs.EncryptPath(name), mode, dev, context)
|
||||
}
|
||||
|
||||
|
|
@ -150,10 +141,9 @@ func (fs *FS) Truncate(path string, offset uint64, context *fuse.Context) (code
|
|||
}
|
||||
|
||||
func (fs *FS) Utimens(path string, Atime *time.Time, Mtime *time.Time, context *fuse.Context) (code fuse.Status) {
|
||||
if path == cryptfs.ConfDefaultName {
|
||||
return fuse.EPERM // See comment in Open()
|
||||
if fs.CryptFS.IsFiltered(path){
|
||||
return fuse.EPERM
|
||||
}
|
||||
|
||||
return fs.FileSystem.Utimens(fs.EncryptPath(path), Atime, Mtime, context)
|
||||
}
|
||||
|
||||
|
|
@ -171,18 +161,16 @@ func (fs *FS) Readlink(name string, context *fuse.Context) (out string, status f
|
|||
}
|
||||
|
||||
func (fs *FS) Mkdir(path string, mode uint32, context *fuse.Context) (code fuse.Status) {
|
||||
if path == cryptfs.ConfDefaultName {
|
||||
return fuse.EPERM // See comment in Open()
|
||||
if fs.CryptFS.IsFiltered(path){
|
||||
return fuse.EPERM
|
||||
}
|
||||
|
||||
return fs.FileSystem.Mkdir(fs.EncryptPath(path), mode, context)
|
||||
}
|
||||
|
||||
func (fs *FS) Unlink(name string, context *fuse.Context) (code fuse.Status) {
|
||||
if name == cryptfs.ConfDefaultName {
|
||||
return fuse.EPERM // See comment in Open()
|
||||
if fs.CryptFS.IsFiltered(name){
|
||||
return fuse.EPERM
|
||||
}
|
||||
|
||||
cName := fs.EncryptPath(name)
|
||||
code = fs.FileSystem.Unlink(cName, context)
|
||||
if code != fuse.OK {
|
||||
|
|
@ -196,32 +184,32 @@ func (fs *FS) Rmdir(name string, context *fuse.Context) (code fuse.Status) {
|
|||
}
|
||||
|
||||
func (fs *FS) Symlink(pointedTo string, linkName string, context *fuse.Context) (code fuse.Status) {
|
||||
if linkName == cryptfs.ConfDefaultName {
|
||||
return fuse.EPERM // See comment in Open()
|
||||
if fs.CryptFS.IsFiltered(linkName){
|
||||
return fuse.EPERM
|
||||
}
|
||||
|
||||
// TODO symlink encryption
|
||||
cryptfs.Debug.Printf("Symlink(\"%s\", \"%s\")\n", pointedTo, linkName)
|
||||
return fs.FileSystem.Symlink(fs.EncryptPath(pointedTo), fs.EncryptPath(linkName), context)
|
||||
}
|
||||
|
||||
func (fs *FS) Rename(oldPath string, newPath string, context *fuse.Context) (codee fuse.Status) {
|
||||
if newPath == cryptfs.ConfDefaultName {
|
||||
return fuse.EPERM // See comment in Open()
|
||||
func (fs *FS) Rename(oldPath string, newPath string, context *fuse.Context) (code fuse.Status) {
|
||||
if fs.CryptFS.IsFiltered(newPath){
|
||||
return fuse.EPERM
|
||||
}
|
||||
|
||||
return fs.FileSystem.Rename(fs.EncryptPath(oldPath), fs.EncryptPath(newPath), context)
|
||||
}
|
||||
|
||||
func (fs *FS) Link(orig string, newName string, context *fuse.Context) (code fuse.Status) {
|
||||
if newName == cryptfs.ConfDefaultName {
|
||||
return fuse.EPERM // See comment in Open()
|
||||
if fs.CryptFS.IsFiltered(newName){
|
||||
return fuse.EPERM
|
||||
}
|
||||
|
||||
return fs.FileSystem.Link(fs.EncryptPath(orig), fs.EncryptPath(newName), context)
|
||||
}
|
||||
|
||||
func (fs *FS) Access(name string, mode uint32, context *fuse.Context) (code fuse.Status) {
|
||||
if fs.CryptFS.IsFiltered(name){
|
||||
return fuse.EPERM
|
||||
}
|
||||
return fs.FileSystem.Access(fs.EncryptPath(name), mode, context)
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue