fusefrontend_reverse: use OpenNofollow in virtualFile.GetAttr
Makes it robust against symlink races. Final piece, closes https://github.com/rfjakob/gocryptfs/issues/165
This commit is contained in:
parent
959e1fc1e2
commit
a2677bce2a
@ -113,6 +113,6 @@ func (rfs *ReverseFS) newNameFile(relPath string) (nodefs.File, fuse.Status) {
|
|||||||
return nil, fuse.ToStatus(err)
|
return nil, fuse.ToStatus(err)
|
||||||
}
|
}
|
||||||
content := []byte(rfs.nameTransform.EncryptName(pName, dirIV))
|
content := []byte(rfs.nameTransform.EncryptName(pName, dirIV))
|
||||||
parentFile := filepath.Join(rfs.args.Cipherdir, pDir, pName)
|
parentFile := filepath.Join(pDir, pName)
|
||||||
return rfs.newVirtualFile(content, parentFile, inoBaseNameFile)
|
return rfs.newVirtualFile(content, rfs.args.Cipherdir, parentFile, inoBaseNameFile)
|
||||||
}
|
}
|
||||||
|
@ -2,13 +2,17 @@ package fusefrontend_reverse
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"log"
|
"log"
|
||||||
|
"path/filepath"
|
||||||
"syscall"
|
"syscall"
|
||||||
|
|
||||||
|
"golang.org/x/sys/unix"
|
||||||
|
|
||||||
"github.com/hanwen/go-fuse/fuse"
|
"github.com/hanwen/go-fuse/fuse"
|
||||||
"github.com/hanwen/go-fuse/fuse/nodefs"
|
"github.com/hanwen/go-fuse/fuse/nodefs"
|
||||||
|
|
||||||
"github.com/rfjakob/gocryptfs/internal/nametransform"
|
"github.com/rfjakob/gocryptfs/internal/nametransform"
|
||||||
"github.com/rfjakob/gocryptfs/internal/pathiv"
|
"github.com/rfjakob/gocryptfs/internal/pathiv"
|
||||||
|
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
|
||||||
"github.com/rfjakob/gocryptfs/internal/tlog"
|
"github.com/rfjakob/gocryptfs/internal/tlog"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -33,11 +37,12 @@ const (
|
|||||||
|
|
||||||
func (rfs *ReverseFS) newDirIVFile(cRelPath string) (nodefs.File, fuse.Status) {
|
func (rfs *ReverseFS) newDirIVFile(cRelPath string) (nodefs.File, fuse.Status) {
|
||||||
cDir := nametransform.Dir(cRelPath)
|
cDir := nametransform.Dir(cRelPath)
|
||||||
absDir, err := rfs.abs(rfs.decryptPath(cDir))
|
dir, err := rfs.decryptPath(cDir)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fuse.ToStatus(err)
|
return nil, fuse.ToStatus(err)
|
||||||
}
|
}
|
||||||
return rfs.newVirtualFile(pathiv.Derive(cDir, pathiv.PurposeDirIV), absDir, inoBaseDirIV)
|
iv := pathiv.Derive(cDir, pathiv.PurposeDirIV)
|
||||||
|
return rfs.newVirtualFile(iv, rfs.args.Cipherdir, dir, inoBaseDirIV)
|
||||||
}
|
}
|
||||||
|
|
||||||
type virtualFile struct {
|
type virtualFile struct {
|
||||||
@ -45,7 +50,9 @@ type virtualFile struct {
|
|||||||
nodefs.File
|
nodefs.File
|
||||||
// file content
|
// file content
|
||||||
content []byte
|
content []byte
|
||||||
// absolute path to a parent file
|
// backing directory
|
||||||
|
cipherdir string
|
||||||
|
// path to a parent file (relative to cipherdir)
|
||||||
parentFile string
|
parentFile string
|
||||||
// inode number of a virtual file is inode of parent file plus inoBase
|
// inode number of a virtual file is inode of parent file plus inoBase
|
||||||
inoBase uint64
|
inoBase uint64
|
||||||
@ -53,15 +60,17 @@ type virtualFile struct {
|
|||||||
|
|
||||||
// newVirtualFile creates a new in-memory file that does not have a representation
|
// newVirtualFile creates a new in-memory file that does not have a representation
|
||||||
// on disk. "content" is the file content. Timestamps and file owner are copied
|
// on disk. "content" is the file content. Timestamps and file owner are copied
|
||||||
// from "parentFile" (absolute plaintext path). For a "gocryptfs.diriv" file, you
|
// from "parentFile" (plaintext path relative to "cipherdir").
|
||||||
// would use the parent directory as "parentFile".
|
// For a "gocryptfs.diriv" file, you would use the parent directory as
|
||||||
func (rfs *ReverseFS) newVirtualFile(content []byte, parentFile string, inoBase uint64) (nodefs.File, fuse.Status) {
|
// "parentFile".
|
||||||
|
func (rfs *ReverseFS) newVirtualFile(content []byte, cipherdir string, parentFile string, inoBase uint64) (nodefs.File, fuse.Status) {
|
||||||
if inoBase < inoBaseMin {
|
if inoBase < inoBaseMin {
|
||||||
log.Panicf("BUG: virtual inode number base %d is below reserved space", inoBase)
|
log.Panicf("BUG: virtual inode number base %d is below reserved space", inoBase)
|
||||||
}
|
}
|
||||||
return &virtualFile{
|
return &virtualFile{
|
||||||
File: nodefs.NewDefaultFile(),
|
File: nodefs.NewDefaultFile(),
|
||||||
content: content,
|
content: content,
|
||||||
|
cipherdir: cipherdir,
|
||||||
parentFile: parentFile,
|
parentFile: parentFile,
|
||||||
inoBase: inoBase,
|
inoBase: inoBase,
|
||||||
}, fuse.OK
|
}, fuse.OK
|
||||||
@ -81,10 +90,17 @@ func (f *virtualFile) Read(buf []byte, off int64) (resultData fuse.ReadResult, s
|
|||||||
|
|
||||||
// GetAttr - FUSE call
|
// GetAttr - FUSE call
|
||||||
func (f *virtualFile) GetAttr(a *fuse.Attr) fuse.Status {
|
func (f *virtualFile) GetAttr(a *fuse.Attr) fuse.Status {
|
||||||
var st syscall.Stat_t
|
dir := filepath.Dir(f.parentFile)
|
||||||
err := syscall.Lstat(f.parentFile, &st)
|
dirfd, err := syscallcompat.OpenNofollow(f.cipherdir, dir, syscall.O_RDONLY|syscall.O_DIRECTORY, 0)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
tlog.Debug.Printf("GetAttr: Lstat %q: %v\n", f.parentFile, err)
|
return fuse.ToStatus(err)
|
||||||
|
}
|
||||||
|
defer syscall.Close(dirfd)
|
||||||
|
name := filepath.Base(f.parentFile)
|
||||||
|
var st unix.Stat_t
|
||||||
|
err = syscallcompat.Fstatat(dirfd, name, &st, unix.AT_SYMLINK_NOFOLLOW)
|
||||||
|
if err != nil {
|
||||||
|
tlog.Debug.Printf("GetAttr: Fstatat %q: %v\n", f.parentFile, err)
|
||||||
return fuse.ToStatus(err)
|
return fuse.ToStatus(err)
|
||||||
}
|
}
|
||||||
if st.Ino > inoBaseMin {
|
if st.Ino > inoBaseMin {
|
||||||
@ -96,6 +112,7 @@ func (f *virtualFile) GetAttr(a *fuse.Attr) fuse.Status {
|
|||||||
st.Size = int64(len(f.content))
|
st.Size = int64(len(f.content))
|
||||||
st.Mode = virtualFileMode
|
st.Mode = virtualFileMode
|
||||||
st.Nlink = 1
|
st.Nlink = 1
|
||||||
a.FromStat(&st)
|
st2 := syscallcompat.Unix2syscall(st)
|
||||||
|
a.FromStat(&st2)
|
||||||
return fuse.OK
|
return fuse.OK
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user