fusefrontend: make SetXAttr() symlink-safe on Linux
Uses the /proc/self/fd trick.
This commit is contained in:
parent
2286372603
commit
810d2a8b47
@ -26,8 +26,8 @@ var xattrStorePrefix = "user.gocryptfs."
|
||||
// GetXAttr - FUSE call. Reads the value of extended attribute "attr".
|
||||
//
|
||||
// This function is symlink-safe on Linux.
|
||||
// Darwin does not have fgetxattr(2) nor /proc. How to implement this on Darwin
|
||||
// in a symlink-safe way?
|
||||
// Darwin does not have fgetxattr(2) nor /proc/self/fd. How to implement this
|
||||
// on Darwin in a symlink-safe way?
|
||||
func (fs *FS) GetXAttr(relPath string, attr string, context *fuse.Context) ([]byte, fuse.Status) {
|
||||
if fs.isFiltered(relPath) {
|
||||
return nil, fuse.EPERM
|
||||
@ -48,27 +48,22 @@ func (fs *FS) GetXAttr(relPath string, attr string, context *fuse.Context) ([]by
|
||||
return data, fuse.OK
|
||||
}
|
||||
|
||||
// SetXAttr - FUSE call.
|
||||
// SetXAttr - FUSE call. Set extended attribute.
|
||||
//
|
||||
// TODO: Make symlink-safe. Currently blocked because the xattr package does
|
||||
// not provide fsetxattr.
|
||||
func (fs *FS) SetXAttr(path string, attr string, data []byte, flags int, context *fuse.Context) fuse.Status {
|
||||
if fs.isFiltered(path) {
|
||||
// This function is symlink-safe on Linux.
|
||||
// Darwin does not have fsetxattr(2) nor /proc/self/fd. How to implement this
|
||||
// on Darwin in a symlink-safe way?
|
||||
func (fs *FS) SetXAttr(relPath string, attr string, data []byte, flags int, context *fuse.Context) fuse.Status {
|
||||
if fs.isFiltered(relPath) {
|
||||
return fuse.EPERM
|
||||
}
|
||||
if disallowedXAttrName(attr) {
|
||||
return _EOPNOTSUPP
|
||||
}
|
||||
|
||||
flags = filterXattrSetFlags(flags)
|
||||
|
||||
cPath, err := fs.getBackingPath(path)
|
||||
if err != nil {
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
cAttr := fs.encryptXattrName(attr)
|
||||
cData := fs.encryptXattrValue(data)
|
||||
return unpackXattrErr(xattr.LSetWithFlags(cPath, cAttr, cData, flags))
|
||||
return fs.setXattr(relPath, cAttr, cData, flags, context)
|
||||
}
|
||||
|
||||
// RemoveXAttr - FUSE call.
|
||||
@ -175,7 +170,7 @@ func (fs *FS) decryptXattrValue(cData []byte) (data []byte, err error) {
|
||||
}
|
||||
|
||||
// unpackXattrErr unpacks an error value that we got from xattr.LGet/LSet/etc
|
||||
// and converts it to a fuse status.
|
||||
// and converts it to a fuse status. If err == nil, it returns fuse.OK.
|
||||
func unpackXattrErr(err error) fuse.Status {
|
||||
if err == nil {
|
||||
return fuse.OK
|
||||
|
@ -30,3 +30,12 @@ func (fs *FS) getXattr(relPath string, cAttr string, context *fuse.Context) ([]b
|
||||
}
|
||||
return cData, fuse.OK
|
||||
}
|
||||
|
||||
func (fs *FS) setXattr(relPath string, cAttr string, cData []byte, flags int, context *fuse.Context) fuse.Status {
|
||||
cPath, err := fs.getBackingPath(relPath)
|
||||
if err != nil {
|
||||
return fuse.ToStatus(err)
|
||||
}
|
||||
err = xattr.LSetWithFlags(cPath, cAttr, cData, flags)
|
||||
return unpackXattrErr(err)
|
||||
}
|
||||
|
@ -28,6 +28,7 @@ func filterXattrSetFlags(flags int) int {
|
||||
return flags
|
||||
}
|
||||
|
||||
// procFd returns the path to file descriptor "fd" in /proc/self/fd.
|
||||
func procFd(fd int) string {
|
||||
return fmt.Sprintf("/proc/self/fd/%d", fd)
|
||||
}
|
||||
@ -51,10 +52,10 @@ func (fs *FS) getFileFd(relPath string, context *fuse.Context) (*File, int, fuse
|
||||
return file, file.intFd(), fuse.OK
|
||||
}
|
||||
|
||||
// getXattr - read encrypted xattr name "cAttr" from the file at relative
|
||||
// getXattr - read encrypted xattr name "cAttr" from relative
|
||||
// plaintext path "relPath". Returns the encrypted xattr value.
|
||||
//
|
||||
// This function is symlink-safe.
|
||||
// This function is symlink-safe by using /proc/self/fd.
|
||||
func (fs *FS) getXattr(relPath string, cAttr string, context *fuse.Context) ([]byte, fuse.Status) {
|
||||
file, fd, status := fs.getFileFd(relPath, context)
|
||||
if !status.Ok() {
|
||||
@ -68,3 +69,18 @@ func (fs *FS) getXattr(relPath string, cAttr string, context *fuse.Context) ([]b
|
||||
}
|
||||
return cData, fuse.OK
|
||||
}
|
||||
|
||||
// setXattr - set encrypted xattr name "cAttr" to value "cData" on plaintext
|
||||
// path "relPath".
|
||||
//
|
||||
// This function is symlink-safe by using /proc/self/fd.
|
||||
func (fs *FS) setXattr(relPath string, cAttr string, cData []byte, flags int, context *fuse.Context) fuse.Status {
|
||||
file, fd, status := fs.getFileFd(relPath, context)
|
||||
if !status.Ok() {
|
||||
return status
|
||||
}
|
||||
defer file.Release()
|
||||
|
||||
err := xattr.SetWithFlags(procFd(fd), cAttr, cData, flags)
|
||||
return unpackXattrErr(err)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user