longnames part II: Rename, Unlink, Rmdir, Mknod, Mkdir + tests
This commit is contained in:
parent
2a11906963
commit
653d4a619c
@ -353,12 +353,17 @@ func TestDirOverwrite(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestLongNames(t *testing.T) {
|
||||
// Create
|
||||
fi, err := ioutil.ReadDir(defaultCipherDir)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
cnt1 := len(fi)
|
||||
wd := defaultPlainDir
|
||||
// Create file with long name
|
||||
n255x := string(bytes.Repeat([]byte("x"), 255))
|
||||
f, err := os.Create(wd + n255x)
|
||||
if err != nil {
|
||||
t.Fatalf("Could not create n255x")
|
||||
t.Fatalf("Could not create n255x: %v", err)
|
||||
}
|
||||
f.Close()
|
||||
if !verifyExistence(wd + n255x) {
|
||||
@ -368,7 +373,7 @@ func TestLongNames(t *testing.T) {
|
||||
n255y := string(bytes.Repeat([]byte("y"), 255))
|
||||
err = os.Rename(wd+n255x, wd+n255y)
|
||||
if err != nil {
|
||||
t.Fatalf("Could not rename n255x to n255y")
|
||||
t.Fatalf("Could not rename n255x to n255y: %v", err)
|
||||
}
|
||||
if !verifyExistence(wd + n255y) {
|
||||
t.Errorf("n255y is not in directory listing")
|
||||
@ -376,7 +381,7 @@ func TestLongNames(t *testing.T) {
|
||||
// Rename long to short
|
||||
err = os.Rename(wd+n255y, wd+"short")
|
||||
if err != nil {
|
||||
t.Fatalf("Could not rename n255y to short")
|
||||
t.Fatalf("Could not rename n255y to short: %v", err)
|
||||
}
|
||||
if !verifyExistence(wd + "short") {
|
||||
t.Errorf("short is not in directory listing")
|
||||
@ -384,7 +389,7 @@ func TestLongNames(t *testing.T) {
|
||||
// Rename short to long
|
||||
err = os.Rename(wd+"short", wd+n255x)
|
||||
if err != nil {
|
||||
t.Fatalf("Could not rename short to n255x")
|
||||
t.Fatalf("Could not rename short to n255x: %v", err)
|
||||
}
|
||||
if !verifyExistence(wd + n255x) {
|
||||
t.Errorf("255x is not in directory listing II")
|
||||
@ -392,9 +397,41 @@ func TestLongNames(t *testing.T) {
|
||||
// Unlink
|
||||
err = syscall.Unlink(wd + n255x)
|
||||
if err != nil {
|
||||
t.Fatalf("Could not unlink n255x")
|
||||
t.Fatalf("Could not unlink n255x: %v", err)
|
||||
}
|
||||
if verifyExistence(wd + n255x) {
|
||||
t.Errorf("n255x still there after unlink")
|
||||
}
|
||||
// Long symlink
|
||||
n255s := string(bytes.Repeat([]byte("s"), 255))
|
||||
err = os.Symlink("/etc/motd", wd+n255s)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if !verifyExistence(wd + n255s) {
|
||||
t.Errorf("n255s is not in directory listing")
|
||||
}
|
||||
err = syscall.Unlink(wd + n255s)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
// Long dir
|
||||
n255d := string(bytes.Repeat([]byte("d"), 255))
|
||||
err = os.Mkdir(wd+n255d, 0777)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
err = syscall.Rmdir(wd + n255d)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
// Check for orphaned files
|
||||
fi, err = ioutil.ReadDir(defaultCipherDir)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
cnt2 := len(fi)
|
||||
if cnt1 != cnt2 {
|
||||
t.Errorf("Leftover files, cnt1=%d cnt2=%d", cnt1, cnt2)
|
||||
}
|
||||
}
|
||||
|
@ -40,7 +40,7 @@ func (be *ContentEnc) CipherSizeToPlainSize(cipherSize uint64) uint64 {
|
||||
}
|
||||
|
||||
if cipherSize < HEADER_LEN {
|
||||
toggledlog.Warn.Printf("cipherSize %d < header size: corrupt file\n", cipherSize)
|
||||
toggledlog.Warn.Printf("cipherSize %d < header size %d: corrupt file\n", cipherSize, HEADER_LEN)
|
||||
return 0
|
||||
}
|
||||
|
||||
|
@ -5,7 +5,6 @@ package fusefrontend
|
||||
import (
|
||||
"encoding/base64"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"sync"
|
||||
"syscall"
|
||||
"time"
|
||||
@ -14,7 +13,6 @@ import (
|
||||
"github.com/hanwen/go-fuse/fuse/nodefs"
|
||||
"github.com/hanwen/go-fuse/fuse/pathfs"
|
||||
|
||||
"github.com/rfjakob/gocryptfs/internal/configfile"
|
||||
"github.com/rfjakob/gocryptfs/internal/contentenc"
|
||||
"github.com/rfjakob/gocryptfs/internal/cryptocore"
|
||||
"github.com/rfjakob/gocryptfs/internal/nametransform"
|
||||
@ -113,10 +111,9 @@ func (fs *FS) Create(path string, flags uint32, mode uint32, context *fuse.Conte
|
||||
if err != nil {
|
||||
return nil, fuse.ToStatus(err)
|
||||
}
|
||||
cBaseName := filepath.Base(cPath)
|
||||
if fs.args.LongNames && nametransform.IsLongName(cBaseName) == 1 {
|
||||
// Create the ".name" file before creating the content
|
||||
err = fs.nameTransform.WriteLongName(filepath.Dir(cPath), cBaseName, filepath.Base(path))
|
||||
// Create .name file to store the long file name if needed
|
||||
if !fs.args.PlaintextNames {
|
||||
err = fs.nameTransform.WriteLongName(cPath, path)
|
||||
if err != nil {
|
||||
return nil, fuse.ToStatus(err)
|
||||
}
|
||||
@ -158,6 +155,13 @@ func (fs *FS) Mknod(path string, mode uint32, dev uint32, context *fuse.Context)
|
||||
if err != nil {
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
if !fs.args.PlaintextNames {
|
||||
// Create .name file to store the long file name if needed
|
||||
err = fs.nameTransform.WriteLongName(cPath, path)
|
||||
if err != nil {
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
}
|
||||
return fs.FileSystem.Mknod(cPath, mode, dev, context)
|
||||
}
|
||||
|
||||
@ -223,7 +227,12 @@ func (fs *FS) Unlink(path string, context *fuse.Context) (code fuse.Status) {
|
||||
if err != nil {
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
return fuse.ToStatus(syscall.Unlink(cPath))
|
||||
err = syscall.Unlink(cPath)
|
||||
// Delete .name file
|
||||
if err == nil && !fs.args.PlaintextNames {
|
||||
nametransform.DeleteLongName(cPath)
|
||||
}
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
|
||||
func (fs *FS) Symlink(target string, linkName string, context *fuse.Context) (code fuse.Status) {
|
||||
@ -236,6 +245,7 @@ func (fs *FS) Symlink(target string, linkName string, context *fuse.Context) (co
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
// Old filesystem: symlinks are encrypted like paths (CBC)
|
||||
// TODO drop compatibility and simplify code
|
||||
if !fs.args.DirIV {
|
||||
cTarget, err := fs.encryptPath(target)
|
||||
if err != nil {
|
||||
@ -248,7 +258,13 @@ func (fs *FS) Symlink(target string, linkName string, context *fuse.Context) (co
|
||||
// Since gocryptfs v0.5 symlinks are encrypted like file contents (GCM)
|
||||
cBinTarget := fs.contentEnc.EncryptBlock([]byte(target), 0, nil)
|
||||
cTarget := base64.URLEncoding.EncodeToString(cBinTarget)
|
||||
|
||||
if !fs.args.PlaintextNames {
|
||||
// Create .name file to store the long file name if needed
|
||||
err = fs.nameTransform.WriteLongName(cPath, linkName)
|
||||
if err != nil {
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
}
|
||||
err = os.Symlink(cTarget, cPath)
|
||||
toggledlog.Debug.Printf("Symlink: os.Symlink(%s, %s) = %v", cTarget, cPath, err)
|
||||
return fuse.ToStatus(err)
|
||||
@ -270,6 +286,15 @@ func (fs *FS) Rename(oldPath string, newPath string, context *fuse.Context) (cod
|
||||
// That directory may still be in the DirIV cache, clear it.
|
||||
fs.nameTransform.DirIVCache.Clear()
|
||||
|
||||
if !fs.args.PlaintextNames {
|
||||
// Create .name file to store the new long file name if needed
|
||||
err = fs.nameTransform.WriteLongName(cNewPath, newPath)
|
||||
if err != nil {
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
}
|
||||
|
||||
// Actual rename
|
||||
err = os.Rename(cOldPath, cNewPath)
|
||||
|
||||
if lerr, ok := err.(*os.LinkError); ok && lerr.Err == syscall.ENOTEMPTY {
|
||||
@ -281,6 +306,13 @@ func (fs *FS) Rename(oldPath string, newPath string, context *fuse.Context) (cod
|
||||
err = os.Rename(cOldPath, cNewPath)
|
||||
}
|
||||
}
|
||||
if err == nil {
|
||||
// Rename succeeded - delete old long name file
|
||||
nametransform.DeleteLongName(cOldPath)
|
||||
} else {
|
||||
// Rename has failed - undo long name file creation
|
||||
nametransform.DeleteLongName(cNewPath)
|
||||
}
|
||||
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
@ -297,6 +329,13 @@ func (fs *FS) Link(oldPath string, newPath string, context *fuse.Context) (code
|
||||
if err != nil {
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
if !fs.args.PlaintextNames {
|
||||
// Create .name file to store the long file name if needed
|
||||
err = fs.nameTransform.WriteLongName(cNewPath, newPath)
|
||||
if err != nil {
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
}
|
||||
return fuse.ToStatus(os.Link(cOldPath, cNewPath))
|
||||
}
|
||||
|
||||
|
@ -10,6 +10,7 @@ import (
|
||||
|
||||
"github.com/hanwen/go-fuse/fuse"
|
||||
|
||||
"github.com/rfjakob/gocryptfs/internal/configfile"
|
||||
"github.com/rfjakob/gocryptfs/internal/cryptocore"
|
||||
"github.com/rfjakob/gocryptfs/internal/nametransform"
|
||||
"github.com/rfjakob/gocryptfs/internal/toggledlog"
|
||||
@ -30,7 +31,11 @@ func (fs *FS) Mkdir(relPath string, mode uint32, context *fuse.Context) (code fu
|
||||
// We need write and execute permissions to create gocryptfs.diriv
|
||||
origMode := mode
|
||||
mode = mode | 0300
|
||||
|
||||
// Create .name file to store the long file name if needed
|
||||
err = fs.nameTransform.WriteLongName(encPath, relPath)
|
||||
if err != nil {
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
// The new directory may take the place of an older one that is still in the cache
|
||||
fs.nameTransform.DirIVCache.Clear()
|
||||
// Create directory
|
||||
@ -151,6 +156,10 @@ func (fs *FS) Rmdir(name string, context *fuse.Context) (code fuse.Status) {
|
||||
if err != nil {
|
||||
toggledlog.Warn.Printf("Rmdir: Could not clean up %s: %v", tmpName, err)
|
||||
}
|
||||
err = nametransform.DeleteLongName(encPath)
|
||||
if err != nil {
|
||||
toggledlog.Warn.Printf("Rmdir: Could not delete long name file: %v", err)
|
||||
}
|
||||
// The now-deleted directory may have been in the DirIV cache. Clear it.
|
||||
fs.nameTransform.DirIVCache.Clear()
|
||||
return fuse.OK
|
||||
|
@ -1,12 +1,12 @@
|
||||
package nametransform
|
||||
|
||||
import (
|
||||
"syscall"
|
||||
"path/filepath"
|
||||
"io/ioutil"
|
||||
"crypto/sha256"
|
||||
"encoding/base64"
|
||||
"io/ioutil"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"syscall"
|
||||
|
||||
"github.com/rfjakob/gocryptfs/internal/toggledlog"
|
||||
)
|
||||
@ -39,28 +39,47 @@ func IsLongName(cName string) int {
|
||||
return 1
|
||||
}
|
||||
|
||||
// ReadLongName - read "path".name
|
||||
// ReadLongName - read path.name
|
||||
func ReadLongName(path string) (string, error) {
|
||||
content, err := ioutil.ReadFile(path+longNameSuffix)
|
||||
content, err := ioutil.ReadFile(path + longNameSuffix)
|
||||
if err != nil {
|
||||
toggledlog.Warn.Printf("ReadLongName: %v", err)
|
||||
}
|
||||
return string(content), err
|
||||
}
|
||||
|
||||
// WriteLongName -
|
||||
func (n *NameTransform) WriteLongName(cDir string, hashedName string, plainName string) (err error) {
|
||||
if len(plainName) > syscall.NAME_MAX {
|
||||
return syscall.ENAMETOOLONG
|
||||
// DeleteLongName - if cPath ends in "gocryptfs.longname.[sha256]",
|
||||
// delete the "gocryptfs.longname.[sha256].name" file
|
||||
func DeleteLongName(cPath string) error {
|
||||
if IsLongName(filepath.Base(cPath)) == 1 {
|
||||
err := syscall.Unlink(cPath + longNameSuffix)
|
||||
if err != nil {
|
||||
toggledlog.Warn.Printf("DeleteLongName: %v", err)
|
||||
}
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// WriteLongName - if cPath ends in "gocryptfs.longname.[sha256]", write the
|
||||
// "gocryptfs.longname.[sha256].name" file
|
||||
func (n *NameTransform) WriteLongName(cPath string, plainPath string) (err error) {
|
||||
cHashedName := filepath.Base(cPath)
|
||||
if IsLongName(cHashedName) != 1 {
|
||||
// This is not a hashed file name, nothing to do
|
||||
return nil
|
||||
}
|
||||
// Encrypt (but do not hash) the plaintext name
|
||||
cDir := filepath.Dir(cPath)
|
||||
dirIV, err := ReadDirIV(cDir)
|
||||
if err != nil {
|
||||
toggledlog.Warn.Printf("WriteLongName: %v", err)
|
||||
return err
|
||||
}
|
||||
plainName := filepath.Base(plainPath)
|
||||
cName := n.EncryptName(plainName, dirIV)
|
||||
err = ioutil.WriteFile(filepath.Join(cDir, hashedName + longNameSuffix), []byte(cName), 0600)
|
||||
// Write the encrypted name into gocryptfs.longname.[sha256].name
|
||||
err = ioutil.WriteFile(filepath.Join(cDir, cHashedName+longNameSuffix), []byte(cName), 0600)
|
||||
if err != nil {
|
||||
toggledlog.Warn.Printf("WriteLongName: %v", err)
|
||||
}
|
||||
|
@ -12,7 +12,7 @@ type NameTransform struct {
|
||||
func New(c *cryptocore.CryptoCore, useEME bool, longNames bool) *NameTransform {
|
||||
return &NameTransform{
|
||||
cryptoCore: c,
|
||||
longNames: longNames,
|
||||
longNames: longNames,
|
||||
useEME: useEME,
|
||||
}
|
||||
}
|
||||
|
@ -1,12 +1,12 @@
|
||||
package nametransform
|
||||
|
||||
import (
|
||||
"syscall"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"syscall"
|
||||
|
||||
"github.com/rfjakob/gocryptfs/internal/cryptocore"
|
||||
"github.com/rfjakob/gocryptfs/internal/toggledlog"
|
||||
@ -54,17 +54,23 @@ func WriteDirIV(dir string) error {
|
||||
return ioutil.WriteFile(file, iv, 0444)
|
||||
}
|
||||
|
||||
// EncryptPathDirIV - encrypt path using EME with DirIV
|
||||
// EncryptPathDirIV - encrypt relative plaintext path using EME with DirIV.
|
||||
// Components that are longer than 255 bytes are hashed.
|
||||
func (be *NameTransform) EncryptPathDirIV(plainPath string, rootDir string) (cipherPath string, err error) {
|
||||
// Empty string means root directory
|
||||
if plainPath == "" {
|
||||
return plainPath, nil
|
||||
}
|
||||
// Reject names longer than 255 bytes already here. This relieves everybody
|
||||
// who uses hashed long names from checking for that later.
|
||||
baseName := filepath.Base(plainPath)
|
||||
if len(baseName) > syscall.NAME_MAX {
|
||||
return "", syscall.ENAMETOOLONG
|
||||
}
|
||||
// Check if the DirIV is cached
|
||||
parentDir := filepath.Dir(plainPath)
|
||||
found, iv, cParentDir := be.DirIVCache.lookup(parentDir)
|
||||
if found {
|
||||
baseName := filepath.Base(plainPath)
|
||||
cBaseName := be.EncryptName(baseName, iv)
|
||||
if be.longNames && len(cBaseName) > syscall.NAME_MAX {
|
||||
cBaseName = HashLongName(cBaseName)
|
||||
@ -72,7 +78,7 @@ func (be *NameTransform) EncryptPathDirIV(plainPath string, rootDir string) (cip
|
||||
cipherPath = cParentDir + "/" + cBaseName
|
||||
return cipherPath, nil
|
||||
}
|
||||
// Walk the directory tree
|
||||
// Not cached - walk the directory tree
|
||||
var wd = rootDir
|
||||
var encryptedNames []string
|
||||
plainNames := strings.Split(plainPath, "/")
|
||||
@ -96,6 +102,9 @@ func (be *NameTransform) EncryptPathDirIV(plainPath string, rootDir string) (cip
|
||||
}
|
||||
|
||||
// DecryptPathDirIV - decrypt path using EME with DirIV
|
||||
//
|
||||
// TODO This has only a single user, Readlink(), and only for compatability with
|
||||
// gocryptfs v0.5. Drop?
|
||||
func (be *NameTransform) DecryptPathDirIV(encryptedPath string, rootDir string) (string, error) {
|
||||
var wd = rootDir
|
||||
var plainNames []string
|
||||
|
@ -9,6 +9,7 @@ import (
|
||||
|
||||
const (
|
||||
ProgramName = "gocryptfs"
|
||||
wpanicMsg = "-wpanic turns this warning into a panic: "
|
||||
)
|
||||
|
||||
func JSONDump(obj interface{}) string {
|
||||
@ -35,7 +36,7 @@ func (l *toggledLogger) Printf(format string, v ...interface{}) {
|
||||
}
|
||||
l.Logger.Printf(format, v...)
|
||||
if l.Wpanic {
|
||||
panic("-wpanic turns warning into panic: " + fmt.Sprintf(format, v...))
|
||||
panic(wpanicMsg + fmt.Sprintf(format, v...))
|
||||
}
|
||||
}
|
||||
func (l *toggledLogger) Println(v ...interface{}) {
|
||||
@ -44,7 +45,7 @@ func (l *toggledLogger) Println(v ...interface{}) {
|
||||
}
|
||||
l.Logger.Println(v...)
|
||||
if l.Wpanic {
|
||||
panic("-wpanic turns warning into panic: " + fmt.Sprintln(v...))
|
||||
panic(wpanicMsg + fmt.Sprintln(v...))
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user