nametransform: pass badname patterns via New

This means we can unexport the field.

cli_args.go

@@ -10,6 +10,7 @@ import (
 	"fmt"
 	"net"
 	"os"
+	"path/filepath"
 	"strconv"
 	"strings"
 	"time"
@@ -290,6 +291,15 @@ func parseCliOpts() (args argContainer) {
 		tlog.Fatal.Printf("Idle timeout cannot be less than 0")
 		os.Exit(exitcodes.Usage)
 	}
+	// Make sure all badname patterns are valid
+	for _, pattern := range args.badname {
+		_, err := filepath.Match(pattern, "")
+		if err != nil {
+			tlog.Fatal.Printf("-badname: invalid pattern %q supplied", pattern)
+			os.Exit(exitcodes.Usage)
+		}
+	}
+
 	return args
 }
 

internal/fusefrontend/xattr_unit_test.go

@@ -19,7 +19,7 @@ func newTestFS(args Args) *RootNode {
 	key := make([]byte, cryptocore.KeyLen)
 	cCore := cryptocore.New(key, cryptocore.BackendGoGCM, contentenc.DefaultIVBits, true, false)
 	cEnc := contentenc.New(cCore, contentenc.DefaultBS, false)
-	n := nametransform.New(cCore.EMECipher, true, true)
+	n := nametransform.New(cCore.EMECipher, true, true, nil)
 	rn := NewRootNode(args, cEnc, n)
 	oneSec := time.Second
 	options := &fs.Options{

internal/nametransform/names.go

@@ -44,19 +44,23 @@ type NameTransform struct {
 	// on the Raw64 feature flag
 	B64 *base64.Encoding
 	// Patterns to bypass decryption
-	BadnamePatterns []string
+	badnamePatterns []string
 }
 
 // New returns a new NameTransform instance.
-func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform {
+func New(e *eme.EMECipher, longNames bool, raw64 bool, badname []string) *NameTransform {
+	tlog.Debug.Printf("nametransform.New: longNames=%v, raw64=%v, badname=%q",
+		longNames, raw64, badname)
+
 	b64 := base64.URLEncoding
 	if raw64 {
 		b64 = base64.RawURLEncoding
 	}
 	return &NameTransform{
-		emeCipher: e,
-		longNames: longNames,
-		B64:       b64,
+		emeCipher:       e,
+		longNames:       longNames,
+		B64:             b64,
+		badnamePatterns: badname,
 	}
 }
 
@@ -65,7 +69,7 @@ func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform {
 func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error) {
 	res, err := n.decryptName(cipherName, iv)
 	if err != nil {
-		for _, pattern := range n.BadnamePatterns {
+		for _, pattern := range n.badnamePatterns {
 			match, err := filepath.Match(pattern, cipherName)
 			if err == nil && match { // Pattern should have been validated already
 				// Find longest decryptable substring
@@ -142,5 +146,5 @@ func (n *NameTransform) B64DecodeString(s string) ([]byte, error) {
 
 // HaveBadnamePatterns returns true if BadName patterns were provided
 func (n *NameTransform) HaveBadnamePatterns() bool {
-	return len(n.BadnamePatterns) > 0
+	return len(n.badnamePatterns) > 0
 }

mount.go

@@ -313,18 +313,7 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f
 	// Init crypto backend
 	cCore := cryptocore.New(masterkey, cryptoBackend, contentenc.DefaultIVBits, args.hkdf, args.forcedecode)
 	cEnc := contentenc.New(cCore, contentenc.DefaultBS, args.forcedecode)
-	nameTransform := nametransform.New(cCore.EMECipher, frontendArgs.LongNames, args.raw64)
-	// Init badname patterns
-	nameTransform.BadnamePatterns = make([]string, 0)
-	for _, pattern := range args.badname {
-		_, err := filepath.Match(pattern, "") // Make sure pattern is valid
-		if err != nil {
-			tlog.Fatal.Printf("-badname: invalid pattern %q supplied", pattern)
-			os.Exit(exitcodes.Usage)
-		} else {
-			nameTransform.BadnamePatterns = append(nameTransform.BadnamePatterns, pattern)
-		}
-	}
+	nameTransform := nametransform.New(cCore.EMECipher, frontendArgs.LongNames, args.raw64, []string(args.badname))
 	// After the crypto backend is initialized,
 	// we can purge the master key from memory.
 	for i := range masterkey {