nametransform: WriteDirIV: replace ioutil.WriteFile
As reported at https://github.com/rfjakob/gocryptfs/issues/105 , the "ioutil.WriteFile(file, iv, 0400)" call causes "permissions denied" errors on an NFSv4 setup. "strace"ing diriv creation and gocryptfs.conf creation shows this: conf (works on the user's NFSv4 mount): openat(AT_FDCWD, "/tmp/a/gocryptfs.conf.tmp", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0400) = 3 diriv (fails): openat(AT_FDCWD, "/tmp/a/gocryptfs.diriv", O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0400) = 3 This patch creates the diriv file with the same flags that are used for creating the conf: openat(AT_FDCWD, "/tmp/a/gocryptfs.diriv", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0400) = 3 Closes https://github.com/rfjakob/gocryptfs/issues/105
This commit is contained in:
parent
3409ade272
commit
7d38f80a78
|
@ -2,7 +2,6 @@ package nametransform
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -71,11 +70,24 @@ func fdReadDirIV(fd *os.File) (iv []byte, err error) {
|
||||||
func WriteDirIV(dir string) error {
|
func WriteDirIV(dir string) error {
|
||||||
iv := cryptocore.RandBytes(DirIVLen)
|
iv := cryptocore.RandBytes(DirIVLen)
|
||||||
file := filepath.Join(dir, DirIVFilename)
|
file := filepath.Join(dir, DirIVFilename)
|
||||||
err := ioutil.WriteFile(file, iv, 0400)
|
// 0400 permissions: gocryptfs.diriv should never be modified after creation.
|
||||||
|
// Don't use "ioutil.WriteFile", it causes trouble on NFS: https://github.com/rfjakob/gocryptfs/issues/105
|
||||||
|
fd, err := os.OpenFile(file, os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0400)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
tlog.Warn.Printf("WriteDirIV: %v", err)
|
tlog.Warn.Printf("WriteDirIV: OpenFile: %v", err)
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
return err
|
_, err = fd.Write(iv)
|
||||||
|
if err != nil {
|
||||||
|
tlog.Warn.Printf("WriteDirIV: Write: %v", err)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
err = fd.Close()
|
||||||
|
if err != nil {
|
||||||
|
tlog.Warn.Printf("WriteDirIV: Close: %v", err)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// EncryptPathDirIV - encrypt relative plaintext path using EME with DirIV.
|
// EncryptPathDirIV - encrypt relative plaintext path using EME with DirIV.
|
||||||
|
|
Loading…
Reference in New Issue