fusefrontend: make SetXAttr() symlink-safe on Linux
Uses the /proc/self/fd trick.
This commit is contained in:
parent
2286372603
commit
810d2a8b47
@ -26,8 +26,8 @@ var xattrStorePrefix = "user.gocryptfs."
|
|||||||
// GetXAttr - FUSE call. Reads the value of extended attribute "attr".
|
// GetXAttr - FUSE call. Reads the value of extended attribute "attr".
|
||||||
//
|
//
|
||||||
// This function is symlink-safe on Linux.
|
// This function is symlink-safe on Linux.
|
||||||
// Darwin does not have fgetxattr(2) nor /proc. How to implement this on Darwin
|
// Darwin does not have fgetxattr(2) nor /proc/self/fd. How to implement this
|
||||||
// in a symlink-safe way?
|
// on Darwin in a symlink-safe way?
|
||||||
func (fs *FS) GetXAttr(relPath string, attr string, context *fuse.Context) ([]byte, fuse.Status) {
|
func (fs *FS) GetXAttr(relPath string, attr string, context *fuse.Context) ([]byte, fuse.Status) {
|
||||||
if fs.isFiltered(relPath) {
|
if fs.isFiltered(relPath) {
|
||||||
return nil, fuse.EPERM
|
return nil, fuse.EPERM
|
||||||
@ -48,27 +48,22 @@ func (fs *FS) GetXAttr(relPath string, attr string, context *fuse.Context) ([]by
|
|||||||
return data, fuse.OK
|
return data, fuse.OK
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetXAttr - FUSE call.
|
// SetXAttr - FUSE call. Set extended attribute.
|
||||||
//
|
//
|
||||||
// TODO: Make symlink-safe. Currently blocked because the xattr package does
|
// This function is symlink-safe on Linux.
|
||||||
// not provide fsetxattr.
|
// Darwin does not have fsetxattr(2) nor /proc/self/fd. How to implement this
|
||||||
func (fs *FS) SetXAttr(path string, attr string, data []byte, flags int, context *fuse.Context) fuse.Status {
|
// on Darwin in a symlink-safe way?
|
||||||
if fs.isFiltered(path) {
|
func (fs *FS) SetXAttr(relPath string, attr string, data []byte, flags int, context *fuse.Context) fuse.Status {
|
||||||
|
if fs.isFiltered(relPath) {
|
||||||
return fuse.EPERM
|
return fuse.EPERM
|
||||||
}
|
}
|
||||||
if disallowedXAttrName(attr) {
|
if disallowedXAttrName(attr) {
|
||||||
return _EOPNOTSUPP
|
return _EOPNOTSUPP
|
||||||
}
|
}
|
||||||
|
|
||||||
flags = filterXattrSetFlags(flags)
|
flags = filterXattrSetFlags(flags)
|
||||||
|
|
||||||
cPath, err := fs.getBackingPath(path)
|
|
||||||
if err != nil {
|
|
||||||
return fuse.ToStatus(err)
|
|
||||||
}
|
|
||||||
cAttr := fs.encryptXattrName(attr)
|
cAttr := fs.encryptXattrName(attr)
|
||||||
cData := fs.encryptXattrValue(data)
|
cData := fs.encryptXattrValue(data)
|
||||||
return unpackXattrErr(xattr.LSetWithFlags(cPath, cAttr, cData, flags))
|
return fs.setXattr(relPath, cAttr, cData, flags, context)
|
||||||
}
|
}
|
||||||
|
|
||||||
// RemoveXAttr - FUSE call.
|
// RemoveXAttr - FUSE call.
|
||||||
@ -175,7 +170,7 @@ func (fs *FS) decryptXattrValue(cData []byte) (data []byte, err error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// unpackXattrErr unpacks an error value that we got from xattr.LGet/LSet/etc
|
// unpackXattrErr unpacks an error value that we got from xattr.LGet/LSet/etc
|
||||||
// and converts it to a fuse status.
|
// and converts it to a fuse status. If err == nil, it returns fuse.OK.
|
||||||
func unpackXattrErr(err error) fuse.Status {
|
func unpackXattrErr(err error) fuse.Status {
|
||||||
if err == nil {
|
if err == nil {
|
||||||
return fuse.OK
|
return fuse.OK
|
||||||
|
@ -30,3 +30,12 @@ func (fs *FS) getXattr(relPath string, cAttr string, context *fuse.Context) ([]b
|
|||||||
}
|
}
|
||||||
return cData, fuse.OK
|
return cData, fuse.OK
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (fs *FS) setXattr(relPath string, cAttr string, cData []byte, flags int, context *fuse.Context) fuse.Status {
|
||||||
|
cPath, err := fs.getBackingPath(relPath)
|
||||||
|
if err != nil {
|
||||||
|
return fuse.ToStatus(err)
|
||||||
|
}
|
||||||
|
err = xattr.LSetWithFlags(cPath, cAttr, cData, flags)
|
||||||
|
return unpackXattrErr(err)
|
||||||
|
}
|
||||||
|
@ -28,6 +28,7 @@ func filterXattrSetFlags(flags int) int {
|
|||||||
return flags
|
return flags
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// procFd returns the path to file descriptor "fd" in /proc/self/fd.
|
||||||
func procFd(fd int) string {
|
func procFd(fd int) string {
|
||||||
return fmt.Sprintf("/proc/self/fd/%d", fd)
|
return fmt.Sprintf("/proc/self/fd/%d", fd)
|
||||||
}
|
}
|
||||||
@ -51,10 +52,10 @@ func (fs *FS) getFileFd(relPath string, context *fuse.Context) (*File, int, fuse
|
|||||||
return file, file.intFd(), fuse.OK
|
return file, file.intFd(), fuse.OK
|
||||||
}
|
}
|
||||||
|
|
||||||
// getXattr - read encrypted xattr name "cAttr" from the file at relative
|
// getXattr - read encrypted xattr name "cAttr" from relative
|
||||||
// plaintext path "relPath". Returns the encrypted xattr value.
|
// plaintext path "relPath". Returns the encrypted xattr value.
|
||||||
//
|
//
|
||||||
// This function is symlink-safe.
|
// This function is symlink-safe by using /proc/self/fd.
|
||||||
func (fs *FS) getXattr(relPath string, cAttr string, context *fuse.Context) ([]byte, fuse.Status) {
|
func (fs *FS) getXattr(relPath string, cAttr string, context *fuse.Context) ([]byte, fuse.Status) {
|
||||||
file, fd, status := fs.getFileFd(relPath, context)
|
file, fd, status := fs.getFileFd(relPath, context)
|
||||||
if !status.Ok() {
|
if !status.Ok() {
|
||||||
@ -68,3 +69,18 @@ func (fs *FS) getXattr(relPath string, cAttr string, context *fuse.Context) ([]b
|
|||||||
}
|
}
|
||||||
return cData, fuse.OK
|
return cData, fuse.OK
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// setXattr - set encrypted xattr name "cAttr" to value "cData" on plaintext
|
||||||
|
// path "relPath".
|
||||||
|
//
|
||||||
|
// This function is symlink-safe by using /proc/self/fd.
|
||||||
|
func (fs *FS) setXattr(relPath string, cAttr string, cData []byte, flags int, context *fuse.Context) fuse.Status {
|
||||||
|
file, fd, status := fs.getFileFd(relPath, context)
|
||||||
|
if !status.Ok() {
|
||||||
|
return status
|
||||||
|
}
|
||||||
|
defer file.Release()
|
||||||
|
|
||||||
|
err := xattr.SetWithFlags(procFd(fd), cAttr, cData, flags)
|
||||||
|
return unpackXattrErr(err)
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user