nametransform: pass badname patterns via New
This means we can unexport the field.
This commit is contained in:
Jakob Unterwurzacher
parent
203e65066f
commit
c5d8fa83ae
10
cli_args.go
10
cli_args.go
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
|
"path/filepath"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
@ -290,6 +291,15 @@ func parseCliOpts() (args argContainer) {
|
||||||
tlog.Fatal.Printf("Idle timeout cannot be less than 0")
|
tlog.Fatal.Printf("Idle timeout cannot be less than 0")
|
||||||
os.Exit(exitcodes.Usage)
|
os.Exit(exitcodes.Usage)
|
||||||
}
|
}
|
||||||
|
// Make sure all badname patterns are valid
|
||||||
|
for _, pattern := range args.badname {
|
||||||
|
_, err := filepath.Match(pattern, "")
|
||||||
|
if err != nil {
|
||||||
|
tlog.Fatal.Printf("-badname: invalid pattern %q supplied", pattern)
|
||||||
|
os.Exit(exitcodes.Usage)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return args
|
return args
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,7 @@ func newTestFS(args Args) *RootNode {
|
||||||
key := make([]byte, cryptocore.KeyLen)
|
key := make([]byte, cryptocore.KeyLen)
|
||||||
cCore := cryptocore.New(key, cryptocore.BackendGoGCM, contentenc.DefaultIVBits, true, false)
|
cCore := cryptocore.New(key, cryptocore.BackendGoGCM, contentenc.DefaultIVBits, true, false)
|
||||||
cEnc := contentenc.New(cCore, contentenc.DefaultBS, false)
|
cEnc := contentenc.New(cCore, contentenc.DefaultBS, false)
|
||||||
n := nametransform.New(cCore.EMECipher, true, true)
|
n := nametransform.New(cCore.EMECipher, true, true, nil)
|
||||||
rn := NewRootNode(args, cEnc, n)
|
rn := NewRootNode(args, cEnc, n)
|
||||||
oneSec := time.Second
|
oneSec := time.Second
|
||||||
options := &fs.Options{
|
options := &fs.Options{
|
||||||
|
|
|
||||||
|
|
@ -44,19 +44,23 @@ type NameTransform struct {
|
||||||
// on the Raw64 feature flag
|
// on the Raw64 feature flag
|
||||||
B64 *base64.Encoding
|
B64 *base64.Encoding
|
||||||
// Patterns to bypass decryption
|
// Patterns to bypass decryption
|
||||||
BadnamePatterns []string
|
badnamePatterns []string
|
||||||
}
|
}
|
||||||
|
|
||||||
// New returns a new NameTransform instance.
|
// New returns a new NameTransform instance.
|
||||||
func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform {
|
func New(e *eme.EMECipher, longNames bool, raw64 bool, badname []string) *NameTransform {
|
||||||
|
tlog.Debug.Printf("nametransform.New: longNames=%v, raw64=%v, badname=%q",
|
||||||
|
longNames, raw64, badname)
|
||||||
|
|
||||||
b64 := base64.URLEncoding
|
b64 := base64.URLEncoding
|
||||||
if raw64 {
|
if raw64 {
|
||||||
b64 = base64.RawURLEncoding
|
b64 = base64.RawURLEncoding
|
||||||
}
|
}
|
||||||
return &NameTransform{
|
return &NameTransform{
|
||||||
emeCipher: e,
|
emeCipher: e,
|
||||||
longNames: longNames,
|
longNames: longNames,
|
||||||
B64: b64,
|
B64: b64,
|
||||||
|
badnamePatterns: badname,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -65,7 +69,7 @@ func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform {
|
||||||
func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error) {
|
func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error) {
|
||||||
res, err := n.decryptName(cipherName, iv)
|
res, err := n.decryptName(cipherName, iv)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
for _, pattern := range n.BadnamePatterns {
|
for _, pattern := range n.badnamePatterns {
|
||||||
match, err := filepath.Match(pattern, cipherName)
|
match, err := filepath.Match(pattern, cipherName)
|
||||||
if err == nil && match { // Pattern should have been validated already
|
if err == nil && match { // Pattern should have been validated already
|
||||||
// Find longest decryptable substring
|
// Find longest decryptable substring
|
||||||
|
|
@ -142,5 +146,5 @@ func (n *NameTransform) B64DecodeString(s string) ([]byte, error) {
|
||||||
|
|
||||||
// HaveBadnamePatterns returns true if BadName patterns were provided
|
// HaveBadnamePatterns returns true if BadName patterns were provided
|
||||||
func (n *NameTransform) HaveBadnamePatterns() bool {
|
func (n *NameTransform) HaveBadnamePatterns() bool {
|
||||||
return len(n.BadnamePatterns) > 0
|
return len(n.badnamePatterns) > 0
|
||||||
}
|
}
|
||||||
|
|
|
||||||
13
mount.go
13
mount.go
|
|
@ -313,18 +313,7 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f
|
||||||
// Init crypto backend
|
// Init crypto backend
|
||||||
cCore := cryptocore.New(masterkey, cryptoBackend, contentenc.DefaultIVBits, args.hkdf, args.forcedecode)
|
cCore := cryptocore.New(masterkey, cryptoBackend, contentenc.DefaultIVBits, args.hkdf, args.forcedecode)
|
||||||
cEnc := contentenc.New(cCore, contentenc.DefaultBS, args.forcedecode)
|
cEnc := contentenc.New(cCore, contentenc.DefaultBS, args.forcedecode)
|
||||||
nameTransform := nametransform.New(cCore.EMECipher, frontendArgs.LongNames, args.raw64)
|
nameTransform := nametransform.New(cCore.EMECipher, frontendArgs.LongNames, args.raw64, []string(args.badname))
|
||||||
// Init badname patterns
|
|
||||||
nameTransform.BadnamePatterns = make([]string, 0)
|
|
||||||
for _, pattern := range args.badname {
|
|
||||||
_, err := filepath.Match(pattern, "") // Make sure pattern is valid
|
|
||||||
if err != nil {
|
|
||||||
tlog.Fatal.Printf("-badname: invalid pattern %q supplied", pattern)
|
|
||||||
os.Exit(exitcodes.Usage)
|
|
||||||
} else {
|
|
||||||
nameTransform.BadnamePatterns = append(nameTransform.BadnamePatterns, pattern)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
// After the crypto backend is initialized,
|
// After the crypto backend is initialized,
|
||||||
// we can purge the master key from memory.
|
// we can purge the master key from memory.
|
||||||
for i := range masterkey {
|
for i := range masterkey {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue