fusefrontend: make Rename() symlink-safe
Use Openat() and the openBackingDir() helper so we never follow symlinks.
This commit is contained in:
parent
897bb8924f
commit
a1fb456618
@ -485,65 +485,39 @@ func (fs *FS) Rename(oldPath string, newPath string, context *fuse.Context) (cod
|
|||||||
if fs.isFiltered(newPath) {
|
if fs.isFiltered(newPath) {
|
||||||
return fuse.EPERM
|
return fuse.EPERM
|
||||||
}
|
}
|
||||||
cOldPath, err := fs.getBackingPath(oldPath)
|
oldDirfd, oldCName, err := fs.openBackingDir(oldPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fuse.ToStatus(err)
|
return fuse.ToStatus(err)
|
||||||
}
|
}
|
||||||
cNewPath, err := fs.getBackingPath(newPath)
|
defer syscall.Close(oldDirfd)
|
||||||
|
newDirfd, newCName, err := fs.openBackingDir(newPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fuse.ToStatus(err)
|
return fuse.ToStatus(err)
|
||||||
}
|
}
|
||||||
|
defer syscall.Close(newDirfd)
|
||||||
// The Rename may cause a directory to take the place of another directory.
|
// The Rename may cause a directory to take the place of another directory.
|
||||||
// That directory may still be in the DirIV cache, clear it.
|
// That directory may still be in the DirIV cache, clear it.
|
||||||
fs.nameTransform.DirIVCache.Clear()
|
fs.nameTransform.DirIVCache.Clear()
|
||||||
// Easy case.
|
// Easy case.
|
||||||
if fs.args.PlaintextNames {
|
if fs.args.PlaintextNames {
|
||||||
return fuse.ToStatus(syscall.Rename(cOldPath, cNewPath))
|
return fuse.ToStatus(syscallcompat.Renameat(oldDirfd, oldCName, newDirfd, newCName))
|
||||||
}
|
}
|
||||||
// Handle long source file name
|
// Long destination file name: create .name file
|
||||||
oldDirFd := -1
|
nameFileAlreadyThere := false
|
||||||
finalOldDirFd := -1
|
if nametransform.IsLongContent(newCName) {
|
||||||
var finalOldPath = cOldPath
|
err = fs.nameTransform.WriteLongName(newDirfd, newCName, newPath)
|
||||||
cOldName := filepath.Base(cOldPath)
|
|
||||||
if nametransform.IsLongContent(cOldName) {
|
|
||||||
oldDirFd, err = syscall.Open(filepath.Dir(cOldPath), syscall.O_RDONLY|syscall.O_DIRECTORY, 0)
|
|
||||||
if err != nil {
|
|
||||||
return fuse.ToStatus(err)
|
|
||||||
}
|
|
||||||
defer syscall.Close(oldDirFd)
|
|
||||||
finalOldDirFd = oldDirFd
|
|
||||||
// Use relative path
|
|
||||||
finalOldPath = cOldName
|
|
||||||
}
|
|
||||||
// Handle long destination file name
|
|
||||||
newDirFd := -1
|
|
||||||
finalNewDirFd := -1
|
|
||||||
finalNewPath := cNewPath
|
|
||||||
cNewName := filepath.Base(cNewPath)
|
|
||||||
if nametransform.IsLongContent(cNewName) {
|
|
||||||
newDirFd, err = syscall.Open(filepath.Dir(cNewPath), syscall.O_RDONLY|syscall.O_DIRECTORY, 0)
|
|
||||||
if err != nil {
|
|
||||||
return fuse.ToStatus(err)
|
|
||||||
}
|
|
||||||
defer syscall.Close(newDirFd)
|
|
||||||
finalNewDirFd = newDirFd
|
|
||||||
// Use relative path
|
|
||||||
finalNewPath = cNewName
|
|
||||||
// Create destination .name file
|
|
||||||
err = fs.nameTransform.WriteLongName(newDirFd, cNewName, newPath)
|
|
||||||
// Failure to write the .name file is expected when the target path already
|
// Failure to write the .name file is expected when the target path already
|
||||||
// exists. Since hashes are pretty unique, there is no need to modify the
|
// exists. Since hashes are pretty unique, there is no need to modify the
|
||||||
// file anyway. We still set newDirFd to nil to ensure that we do not delete
|
// .name file in this case, and we ignore the error.
|
||||||
// the file on error.
|
|
||||||
if err == syscall.EEXIST {
|
if err == syscall.EEXIST {
|
||||||
newDirFd = -1
|
nameFileAlreadyThere = true
|
||||||
} else if err != nil {
|
} else if err != nil {
|
||||||
return fuse.ToStatus(err)
|
return fuse.ToStatus(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Actual rename
|
// Actual rename
|
||||||
tlog.Debug.Printf("Renameat oldfd=%d oldpath=%s newfd=%d newpath=%s\n", finalOldDirFd, finalOldPath, finalNewDirFd, finalNewPath)
|
tlog.Debug.Printf("Renameat %d/%s -> %d/%s\n", oldDirfd, oldCName, newDirfd, newCName)
|
||||||
err = syscallcompat.Renameat(finalOldDirFd, finalOldPath, finalNewDirFd, finalNewPath)
|
err = syscallcompat.Renameat(oldDirfd, oldCName, newDirfd, newCName)
|
||||||
if err == syscall.ENOTEMPTY || err == syscall.EEXIST {
|
if err == syscall.ENOTEMPTY || err == syscall.EEXIST {
|
||||||
// If an empty directory is overwritten we will always get an error as
|
// If an empty directory is overwritten we will always get an error as
|
||||||
// the "empty" directory will still contain gocryptfs.diriv.
|
// the "empty" directory will still contain gocryptfs.diriv.
|
||||||
@ -552,18 +526,18 @@ func (fs *FS) Rename(oldPath string, newPath string, context *fuse.Context) (cod
|
|||||||
// again.
|
// again.
|
||||||
tlog.Debug.Printf("Rename: Handling ENOTEMPTY")
|
tlog.Debug.Printf("Rename: Handling ENOTEMPTY")
|
||||||
if fs.Rmdir(newPath, context) == fuse.OK {
|
if fs.Rmdir(newPath, context) == fuse.OK {
|
||||||
err = syscallcompat.Renameat(finalOldDirFd, finalOldPath, finalNewDirFd, finalNewPath)
|
err = syscallcompat.Renameat(oldDirfd, oldCName, newDirfd, newCName)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if newDirFd >= 0 {
|
if nametransform.IsLongContent(newCName) && nameFileAlreadyThere == false {
|
||||||
// Roll back .name creation
|
// Roll back .name creation unless the .name file was already there
|
||||||
nametransform.DeleteLongName(newDirFd, cNewName)
|
nametransform.DeleteLongName(newDirfd, newCName)
|
||||||
}
|
}
|
||||||
return fuse.ToStatus(err)
|
return fuse.ToStatus(err)
|
||||||
}
|
}
|
||||||
if oldDirFd >= 0 {
|
if nametransform.IsLongContent(oldCName) {
|
||||||
nametransform.DeleteLongName(oldDirFd, cOldName)
|
nametransform.DeleteLongName(oldDirfd, oldCName)
|
||||||
}
|
}
|
||||||
return fuse.OK
|
return fuse.OK
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user