fusefrontend: mark a few more functions as symlink-safe / unsafe

internal/fusefrontend/names.go

@@ -33,6 +33,8 @@ func (fs *FS) isFiltered(path string) bool {
 
 // GetBackingPath - get the absolute encrypted path of the backing file
 // from the relative plaintext path "relPath"
+//
+// TODO: this function is NOT symlink-safe.
 func (fs *FS) getBackingPath(relPath string) (string, error) {
 	cPath, err := fs.encryptPath(relPath)
 	if err != nil {
@@ -96,6 +98,9 @@ func (fs *FS) openBackingDir(relPath string) (dirfd int, cName string, err error
 }
 
 // encryptPath - encrypt relative plaintext path
+//
+// TODO: this function is NOT symlink-safe because EncryptPathDirIV is not
+// symlink-safe.
 func (fs *FS) encryptPath(plainPath string) (string, error) {
 	if plainPath != "" { // Empty path gets encrypted all the time without actual file accesses.
 		fs.AccessedSinceLastCheck = 1

internal/fusefrontend/xattr.go

@@ -24,6 +24,7 @@ var xattrNameIV = []byte("xattr_name_iv_xx")
 var xattrStorePrefix = "user.gocryptfs."
 
 // GetXAttr - FUSE call. Reads the value of extended attribute "attr".
+//
 // TODO: Make symlink-safe. Blocker: package xattr does not provide fgetxattr(2).
 func (fs *FS) GetXAttr(path string, attr string, context *fuse.Context) ([]byte, fuse.Status) {
 	if fs.isFiltered(path) {
@@ -86,6 +87,7 @@ func (fs *FS) RemoveXAttr(path string, attr string, context *fuse.Context) fuse.
 }
 
 // ListXAttr - FUSE call. Lists extended attributes on the file at "path".
+//
 // TODO: Make symlink-safe. Blocker: package xattr does not provide
 // flistxattr(2).
 func (fs *FS) ListXAttr(path string, context *fuse.Context) ([]string, fuse.Status) {

internal/nametransform/longnames.go

@@ -24,6 +24,8 @@ const (
 
 // HashLongName - take the hash of a long string "name" and return
 // "gocryptfs.longname.[sha256]"
+//
+// This function does not do any I/O.
 func (n *NameTransform) HashLongName(name string) string {
 	hashBin := sha256.Sum256([]byte(name))
 	hashBase64 := n.B64.EncodeToString(hashBin[:])
@@ -47,6 +49,8 @@ const (
 // gocryptfs.longname.[sha256]  ........ LongNameContent (content of a long name file)
 // gocryptfs.longname.[sha256].name .... LongNameFilename (full file name of a long name file)
 // else ................................ LongNameNone (normal file)
+//
+// This function does not do any I/O.
 func NameType(cName string) int {
 	if !strings.HasPrefix(cName, longNamePrefix) {
 		return LongNameNone
@@ -59,11 +63,15 @@ func NameType(cName string) int {
 
 // IsLongContent returns true if "cName" is the content store of a long name
 // file (looks like "gocryptfs.longname.[sha256]").
+//
+// This function does not do any I/O.
 func IsLongContent(cName string) bool {
 	return NameType(cName) == LongNameContent
 }
 
-// ReadLongName - read "$path.name"
+// ReadLongName - read cName + ".name" from the directory opened as dirfd.
+//
+// Symlink-safe through Openat().
 func ReadLongNameAt(dirfd int, cName string) (string, error) {
 	cName += LongNameSuffix
 	fd, err := syscallcompat.Openat(dirfd, cName, syscall.O_NOFOLLOW, 0)