nametransform: pass badname patterns via New

This means we can unexport the field.
This commit is contained in:
Jakob Unterwurzacher 2021-06-20 19:09:46 +02:00
parent 203e65066f
commit c5d8fa83ae
4 changed files with 23 additions and 20 deletions

View File

@ -10,6 +10,7 @@ import (
"fmt"
"net"
"os"
"path/filepath"
"strconv"
"strings"
"time"
@ -290,6 +291,15 @@ func parseCliOpts() (args argContainer) {
tlog.Fatal.Printf("Idle timeout cannot be less than 0")
os.Exit(exitcodes.Usage)
}
// Make sure all badname patterns are valid
for _, pattern := range args.badname {
_, err := filepath.Match(pattern, "")
if err != nil {
tlog.Fatal.Printf("-badname: invalid pattern %q supplied", pattern)
os.Exit(exitcodes.Usage)
}
}
return args
}

View File

@ -19,7 +19,7 @@ func newTestFS(args Args) *RootNode {
key := make([]byte, cryptocore.KeyLen)
cCore := cryptocore.New(key, cryptocore.BackendGoGCM, contentenc.DefaultIVBits, true, false)
cEnc := contentenc.New(cCore, contentenc.DefaultBS, false)
n := nametransform.New(cCore.EMECipher, true, true)
n := nametransform.New(cCore.EMECipher, true, true, nil)
rn := NewRootNode(args, cEnc, n)
oneSec := time.Second
options := &fs.Options{

View File

@ -44,11 +44,14 @@ type NameTransform struct {
// on the Raw64 feature flag
B64 *base64.Encoding
// Patterns to bypass decryption
BadnamePatterns []string
badnamePatterns []string
}
// New returns a new NameTransform instance.
func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform {
func New(e *eme.EMECipher, longNames bool, raw64 bool, badname []string) *NameTransform {
tlog.Debug.Printf("nametransform.New: longNames=%v, raw64=%v, badname=%q",
longNames, raw64, badname)
b64 := base64.URLEncoding
if raw64 {
b64 = base64.RawURLEncoding
@ -57,6 +60,7 @@ func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform {
emeCipher: e,
longNames: longNames,
B64: b64,
badnamePatterns: badname,
}
}
@ -65,7 +69,7 @@ func New(e *eme.EMECipher, longNames bool, raw64 bool) *NameTransform {
func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error) {
res, err := n.decryptName(cipherName, iv)
if err != nil {
for _, pattern := range n.BadnamePatterns {
for _, pattern := range n.badnamePatterns {
match, err := filepath.Match(pattern, cipherName)
if err == nil && match { // Pattern should have been validated already
// Find longest decryptable substring
@ -142,5 +146,5 @@ func (n *NameTransform) B64DecodeString(s string) ([]byte, error) {
// HaveBadnamePatterns returns true if BadName patterns were provided
func (n *NameTransform) HaveBadnamePatterns() bool {
return len(n.BadnamePatterns) > 0
return len(n.badnamePatterns) > 0
}

View File

@ -313,18 +313,7 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f
// Init crypto backend
cCore := cryptocore.New(masterkey, cryptoBackend, contentenc.DefaultIVBits, args.hkdf, args.forcedecode)
cEnc := contentenc.New(cCore, contentenc.DefaultBS, args.forcedecode)
nameTransform := nametransform.New(cCore.EMECipher, frontendArgs.LongNames, args.raw64)
// Init badname patterns
nameTransform.BadnamePatterns = make([]string, 0)
for _, pattern := range args.badname {
_, err := filepath.Match(pattern, "") // Make sure pattern is valid
if err != nil {
tlog.Fatal.Printf("-badname: invalid pattern %q supplied", pattern)
os.Exit(exitcodes.Usage)
} else {
nameTransform.BadnamePatterns = append(nameTransform.BadnamePatterns, pattern)
}
}
nameTransform := nametransform.New(cCore.EMECipher, frontendArgs.LongNames, args.raw64, []string(args.badname))
// After the crypto backend is initialized,
// we can purge the master key from memory.
for i := range masterkey {