nametransform: pass badname patterns via New
This means we can unexport the field.
This commit is contained in:
parent
203e65066f
commit
c5d8fa83ae
10
cli_args.go
10
cli_args.go
@ -10,6 +10,7 @@ import (
|
||||
"fmt"
|
||||
"net"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
@ -290,6 +291,15 @@ func parseCliOpts() (args argContainer) {
|
||||
tlog.Fatal.Printf("Idle timeout cannot be less than 0")
|
||||
os.Exit(exitcodes.Usage)
|
||||
}
|
||||
// Make sure all badname patterns are valid
|
||||
for _, pattern := range args.badname {
|
||||
_, err := filepath.Match(pattern, "")
|
||||
if err != nil {
|
||||
tlog.Fatal.Printf("-badname: invalid pattern %q supplied", pattern)
|
||||
os.Exit(exitcodes.Usage)
|
||||
}
|
||||
}
|
||||
|
||||
return args
|
||||
}
|
||||
|
||||
|
@ -19,7 +19,7 @@ func newTestFS(args Args) *RootNode {
|
||||
key := make([]byte, cryptocore.KeyLen)
|
||||
cCore := cryptocore.New(key, cryptocore.BackendGoGCM, contentenc.DefaultIVBits, true, false)
|
||||
cEnc := contentenc.New(cCore, contentenc.DefaultBS, false)
|
||||
n := nametransform.New(cCore.EMECipher, true, true)
|
||||
n := nametransform.New(cCore.EMECipher, true, true, nil)
|
||||
rn := NewRootNode(args, cEnc, n)
|
||||
oneSec := time.Second
|
||||
options := &fs.Options{
|
||||
|
@ -44,11 +44,14 @@ type NameTransform struct {
|
||||
// on the Raw64 feature flag
|
||||
B64 *base64.Encoding
|
||||
// Patterns to bypass decryption
|
||||
BadnamePatterns []string
|
||||
badnamePatterns []string
|
||||
}
|
||||
|
||||
// New returns a new NameTransform instance.
|
||||
func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform {
|
||||
func New(e *eme.EMECipher, longNames bool, raw64 bool, badname []string) *NameTransform {
|
||||
tlog.Debug.Printf("nametransform.New: longNames=%v, raw64=%v, badname=%q",
|
||||
longNames, raw64, badname)
|
||||
|
||||
b64 := base64.URLEncoding
|
||||
if raw64 {
|
||||
b64 = base64.RawURLEncoding
|
||||
@ -57,6 +60,7 @@ func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform {
|
||||
emeCipher: e,
|
||||
longNames: longNames,
|
||||
B64: b64,
|
||||
badnamePatterns: badname,
|
||||
}
|
||||
}
|
||||
|
||||
@ -65,7 +69,7 @@ func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform {
|
||||
func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error) {
|
||||
res, err := n.decryptName(cipherName, iv)
|
||||
if err != nil {
|
||||
for _, pattern := range n.BadnamePatterns {
|
||||
for _, pattern := range n.badnamePatterns {
|
||||
match, err := filepath.Match(pattern, cipherName)
|
||||
if err == nil && match { // Pattern should have been validated already
|
||||
// Find longest decryptable substring
|
||||
@ -142,5 +146,5 @@ func (n *NameTransform) B64DecodeString(s string) ([]byte, error) {
|
||||
|
||||
// HaveBadnamePatterns returns true if BadName patterns were provided
|
||||
func (n *NameTransform) HaveBadnamePatterns() bool {
|
||||
return len(n.BadnamePatterns) > 0
|
||||
return len(n.badnamePatterns) > 0
|
||||
}
|
||||
|
13
mount.go
13
mount.go
@ -313,18 +313,7 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f
|
||||
// Init crypto backend
|
||||
cCore := cryptocore.New(masterkey, cryptoBackend, contentenc.DefaultIVBits, args.hkdf, args.forcedecode)
|
||||
cEnc := contentenc.New(cCore, contentenc.DefaultBS, args.forcedecode)
|
||||
nameTransform := nametransform.New(cCore.EMECipher, frontendArgs.LongNames, args.raw64)
|
||||
// Init badname patterns
|
||||
nameTransform.BadnamePatterns = make([]string, 0)
|
||||
for _, pattern := range args.badname {
|
||||
_, err := filepath.Match(pattern, "") // Make sure pattern is valid
|
||||
if err != nil {
|
||||
tlog.Fatal.Printf("-badname: invalid pattern %q supplied", pattern)
|
||||
os.Exit(exitcodes.Usage)
|
||||
} else {
|
||||
nameTransform.BadnamePatterns = append(nameTransform.BadnamePatterns, pattern)
|
||||
}
|
||||
}
|
||||
nameTransform := nametransform.New(cCore.EMECipher, frontendArgs.LongNames, args.raw64, []string(args.badname))
|
||||
// After the crypto backend is initialized,
|
||||
// we can purge the master key from memory.
|
||||
for i := range masterkey {
|
||||
|
Loading…
Reference in New Issue
Block a user