fusefronted: make EncryptPath symlink-safe
Finally allows us to delete EncryptPathDirIV.
This commit is contained in:
parent
59f1300591
commit
2b12bba274
|
@ -3,21 +3,45 @@ package fusefrontend
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"path"
|
"path"
|
||||||
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
"syscall"
|
"syscall"
|
||||||
|
|
||||||
"github.com/rfjakob/gocryptfs/internal/ctlsock"
|
"github.com/rfjakob/gocryptfs/internal/ctlsock"
|
||||||
"github.com/rfjakob/gocryptfs/internal/nametransform"
|
"github.com/rfjakob/gocryptfs/internal/nametransform"
|
||||||
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
|
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
|
||||||
|
"github.com/rfjakob/gocryptfs/internal/tlog"
|
||||||
)
|
)
|
||||||
|
|
||||||
var _ ctlsock.Interface = &FS{} // Verify that interface is implemented.
|
var _ ctlsock.Interface = &FS{} // Verify that interface is implemented.
|
||||||
|
|
||||||
// EncryptPath implements ctlsock.Backend
|
// EncryptPath implements ctlsock.Backend
|
||||||
//
|
//
|
||||||
// TODO: this function is NOT symlink-safe.
|
// Symlink-safe through openBackingDir().
|
||||||
func (fs *FS) EncryptPath(plainPath string) (string, error) {
|
func (fs *FS) EncryptPath(plainPath string) (string, error) {
|
||||||
return fs.encryptPath(plainPath)
|
if plainPath == "" {
|
||||||
|
// Empty string gets encrypted as empty string
|
||||||
|
return plainPath, nil
|
||||||
|
}
|
||||||
|
if fs.args.PlaintextNames {
|
||||||
|
return plainPath, nil
|
||||||
|
}
|
||||||
|
// Encrypt path level by level using openBackingDir. Pretty inefficient,
|
||||||
|
// but does not matter here.
|
||||||
|
parts := strings.Split(plainPath, "/")
|
||||||
|
wd := ""
|
||||||
|
cPath := ""
|
||||||
|
for _, part := range parts {
|
||||||
|
wd = filepath.Join(wd, part)
|
||||||
|
dirfd, cName, err := fs.openBackingDir(wd)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
syscall.Close(dirfd)
|
||||||
|
cPath = filepath.Join(cPath, cName)
|
||||||
|
}
|
||||||
|
tlog.Debug.Printf("encryptPath '%s' -> '%s'", plainPath, cPath)
|
||||||
|
return cPath, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// DecryptPath implements ctlsock.Backend
|
// DecryptPath implements ctlsock.Backend
|
||||||
|
|
|
@ -83,24 +83,3 @@ func (fs *FS) openBackingDir(relPath string) (dirfd int, cName string, err error
|
||||||
}
|
}
|
||||||
return dirfd, cName, nil
|
return dirfd, cName, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// encryptPath - encrypt relative plaintext path
|
|
||||||
//
|
|
||||||
// TODO: this function is NOT symlink-safe because EncryptPathDirIV is not
|
|
||||||
// symlink-safe.
|
|
||||||
func (fs *FS) encryptPath(plainPath string) (string, error) {
|
|
||||||
if plainPath != "" { // Empty path gets encrypted all the time without actual file accesses.
|
|
||||||
fs.AccessedSinceLastCheck = 1
|
|
||||||
} else { // Empty string gets encrypted as empty string
|
|
||||||
return plainPath, nil
|
|
||||||
}
|
|
||||||
if fs.args.PlaintextNames {
|
|
||||||
return plainPath, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
fs.dirIVLock.RLock()
|
|
||||||
cPath, err := fs.nameTransform.EncryptPathDirIV(plainPath, fs.args.Cipherdir)
|
|
||||||
tlog.Debug.Printf("encryptPath '%s' -> '%s' (err: %v)", plainPath, cPath, err)
|
|
||||||
fs.dirIVLock.RUnlock()
|
|
||||||
return cPath, err
|
|
||||||
}
|
|
||||||
|
|
|
@ -25,26 +25,6 @@ const (
|
||||||
DirIVFilename = "gocryptfs.diriv"
|
DirIVFilename = "gocryptfs.diriv"
|
||||||
)
|
)
|
||||||
|
|
||||||
// ReadDirIV - read the "gocryptfs.diriv" file from "dir" (absolute ciphertext path)
|
|
||||||
// This function is exported because it allows for an efficient readdir implementation.
|
|
||||||
// If the directory itself cannot be opened, a syscall error will be returned.
|
|
||||||
// Otherwise, a fmt.Errorf() error value is returned with the details.
|
|
||||||
//
|
|
||||||
// TODO: this function is not symlink-safe and should be deleted once the only
|
|
||||||
// remaining user, EncryptPathDirIV(), is gone.
|
|
||||||
func ReadDirIV(dir string) (iv []byte, err error) {
|
|
||||||
fd, err := os.Open(filepath.Join(dir, DirIVFilename))
|
|
||||||
if err != nil {
|
|
||||||
// Note: getting errors here is normal because of concurrent deletes.
|
|
||||||
// Strip the useless annotation that os.Open has added and return
|
|
||||||
// the plain syscall error. The caller will log a nice message.
|
|
||||||
err2 := err.(*os.PathError)
|
|
||||||
return nil, err2.Err
|
|
||||||
}
|
|
||||||
defer fd.Close()
|
|
||||||
return fdReadDirIV(fd)
|
|
||||||
}
|
|
||||||
|
|
||||||
// ReadDirIVAt reads "gocryptfs.diriv" from the directory that is opened as "dirfd".
|
// ReadDirIVAt reads "gocryptfs.diriv" from the directory that is opened as "dirfd".
|
||||||
// Using the dirfd makes it immune to concurrent renames of the directory.
|
// Using the dirfd makes it immune to concurrent renames of the directory.
|
||||||
func ReadDirIVAt(dirfd int) (iv []byte, err error) {
|
func ReadDirIVAt(dirfd int) (iv []byte, err error) {
|
||||||
|
@ -132,53 +112,6 @@ func (be *NameTransform) EncryptAndHashName(name string, iv []byte) string {
|
||||||
return cName
|
return cName
|
||||||
}
|
}
|
||||||
|
|
||||||
// EncryptPathDirIV - encrypt relative plaintext path "plainPath" using EME with
|
|
||||||
// DirIV. "rootDir" is the backing storage root directory.
|
|
||||||
// Components that are longer than 255 bytes are hashed if be.longnames == true.
|
|
||||||
//
|
|
||||||
// TODO: EncryptPathDirIV is NOT SAFE against symlink races. This function
|
|
||||||
// should eventually be deleted.
|
|
||||||
func (be *NameTransform) EncryptPathDirIV(plainPath string, rootDir string) (string, error) {
|
|
||||||
var err error
|
|
||||||
// Empty string means root directory
|
|
||||||
if plainPath == "" {
|
|
||||||
return plainPath, nil
|
|
||||||
}
|
|
||||||
// Reject names longer than 255 bytes.
|
|
||||||
baseName := filepath.Base(plainPath)
|
|
||||||
if len(baseName) > unix.NAME_MAX {
|
|
||||||
return "", syscall.ENAMETOOLONG
|
|
||||||
}
|
|
||||||
// If we have the iv and the encrypted directory name in the cache, we
|
|
||||||
// can skip the directory walk. This optimization yields a 10% improvement
|
|
||||||
// in the tar extract benchmark.
|
|
||||||
parentDir := Dir(plainPath)
|
|
||||||
if iv, cParentDir := be.DirIVCache.Lookup(parentDir); iv != nil {
|
|
||||||
cBaseName := be.EncryptAndHashName(baseName, iv)
|
|
||||||
return filepath.Join(cParentDir, cBaseName), nil
|
|
||||||
}
|
|
||||||
// We have to walk the directory tree, starting at the root directory.
|
|
||||||
// ciphertext working directory (relative path)
|
|
||||||
cipherWD := ""
|
|
||||||
// plaintext working directory (relative path)
|
|
||||||
plainWD := ""
|
|
||||||
plainNames := strings.Split(plainPath, "/")
|
|
||||||
for _, plainName := range plainNames {
|
|
||||||
iv, _ := be.DirIVCache.Lookup(plainWD)
|
|
||||||
if iv == nil {
|
|
||||||
iv, err = ReadDirIV(filepath.Join(rootDir, cipherWD))
|
|
||||||
if err != nil {
|
|
||||||
return "", err
|
|
||||||
}
|
|
||||||
be.DirIVCache.Store(plainWD, iv, cipherWD)
|
|
||||||
}
|
|
||||||
cipherName := be.EncryptAndHashName(plainName, iv)
|
|
||||||
cipherWD = filepath.Join(cipherWD, cipherName)
|
|
||||||
plainWD = filepath.Join(plainWD, plainName)
|
|
||||||
}
|
|
||||||
return cipherWD, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Dir is like filepath.Dir but returns "" instead of ".".
|
// Dir is like filepath.Dir but returns "" instead of ".".
|
||||||
func Dir(path string) string {
|
func Dir(path string) string {
|
||||||
d := filepath.Dir(path)
|
d := filepath.Dir(path)
|
||||||
|
|
|
@ -74,11 +74,10 @@ func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error
|
||||||
}
|
}
|
||||||
|
|
||||||
// EncryptName encrypts "plainName", returns a base64-encoded "cipherName64".
|
// EncryptName encrypts "plainName", returns a base64-encoded "cipherName64".
|
||||||
// Used internally by EncryptPathDirIV().
|
|
||||||
// The encryption is either CBC or EME, depending on "useEME".
|
// The encryption is either CBC or EME, depending on "useEME".
|
||||||
//
|
//
|
||||||
// This function is exported because fusefrontend needs access to the full (not hashed)
|
// This function is exported because in some cases, fusefrontend needs access
|
||||||
// name if longname is used. Otherwise you should use EncryptPathDirIV()
|
// to the full (not hashed) name if longname is used.
|
||||||
func (n *NameTransform) EncryptName(plainName string, iv []byte) (cipherName64 string) {
|
func (n *NameTransform) EncryptName(plainName string, iv []byte) (cipherName64 string) {
|
||||||
bin := []byte(plainName)
|
bin := []byte(plainName)
|
||||||
bin = pad16(bin)
|
bin = pad16(bin)
|
||||||
|
|
Loading…
Reference in New Issue