syscallcompat: check that we get NOFOLLOW wherever possible
...and fix the instances where the AT_SYMLINK_NOFOLLOW / O_NOFOLLOW / O_EXCL flag was missing.
This commit is contained in:
parent
22282aefe6
commit
e97c23e083
@ -211,7 +211,7 @@ func (fs *FS) Create(path string, flags uint32, mode uint32, context *fuse.Conte
|
|||||||
|
|
||||||
// Create content
|
// Create content
|
||||||
var fdRaw int
|
var fdRaw int
|
||||||
fdRaw, err = syscallcompat.Openat(int(dirfd.Fd()), cName, newFlags|os.O_CREATE, mode)
|
fdRaw, err = syscallcompat.Openat(int(dirfd.Fd()), cName, newFlags|os.O_CREATE|os.O_EXCL, mode)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
nametransform.DeleteLongName(dirfd, cName)
|
nametransform.DeleteLongName(dirfd, cName)
|
||||||
return nil, fuse.ToStatus(err)
|
return nil, fuse.ToStatus(err)
|
||||||
@ -219,7 +219,7 @@ func (fs *FS) Create(path string, flags uint32, mode uint32, context *fuse.Conte
|
|||||||
fd = os.NewFile(uintptr(fdRaw), cName)
|
fd = os.NewFile(uintptr(fdRaw), cName)
|
||||||
} else {
|
} else {
|
||||||
// Normal (short) file name
|
// Normal (short) file name
|
||||||
fd, err = os.OpenFile(cPath, newFlags|os.O_CREATE, os.FileMode(mode))
|
fd, err = os.OpenFile(cPath, newFlags|os.O_CREATE|os.O_EXCL, os.FileMode(mode))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fuse.ToStatus(err)
|
return nil, fuse.ToStatus(err)
|
||||||
}
|
}
|
||||||
|
@ -146,7 +146,7 @@ func (fs *FS) Rmdir(path string, context *fuse.Context) (code fuse.Status) {
|
|||||||
|
|
||||||
cName := filepath.Base(cPath)
|
cName := filepath.Base(cPath)
|
||||||
dirfdRaw, err := syscallcompat.Openat(int(parentDirFd.Fd()), cName,
|
dirfdRaw, err := syscallcompat.Openat(int(parentDirFd.Fd()), cName,
|
||||||
syscall.O_RDONLY, 0)
|
syscall.O_RDONLY|syscall.O_NOFOLLOW, 0)
|
||||||
if err == syscall.EACCES {
|
if err == syscall.EACCES {
|
||||||
// We need permission to read and modify the directory
|
// We need permission to read and modify the directory
|
||||||
tlog.Debug.Printf("Rmdir: handling EACCESS")
|
tlog.Debug.Printf("Rmdir: handling EACCESS")
|
||||||
@ -168,7 +168,7 @@ func (fs *FS) Rmdir(path string, context *fuse.Context) (code fuse.Status) {
|
|||||||
var st syscall.Stat_t
|
var st syscall.Stat_t
|
||||||
syscall.Lstat(cPath, &st)
|
syscall.Lstat(cPath, &st)
|
||||||
dirfdRaw, err = syscallcompat.Openat(int(parentDirFd.Fd()), cName,
|
dirfdRaw, err = syscallcompat.Openat(int(parentDirFd.Fd()), cName,
|
||||||
syscall.O_RDONLY, 0)
|
syscall.O_RDONLY|syscall.O_NOFOLLOW, 0)
|
||||||
// Undo the chmod if removing the directory failed
|
// Undo the chmod if removing the directory failed
|
||||||
defer func() {
|
defer func() {
|
||||||
if code != fuse.OK {
|
if code != fuse.OK {
|
||||||
|
@ -36,7 +36,8 @@ func ReadDirIV(dir string) (iv []byte, err error) {
|
|||||||
// ReadDirIVAt reads "gocryptfs.diriv" from the directory that is opened as "dirfd".
|
// ReadDirIVAt reads "gocryptfs.diriv" from the directory that is opened as "dirfd".
|
||||||
// Using the dirfd makes it immune to concurrent renames of the directory.
|
// Using the dirfd makes it immune to concurrent renames of the directory.
|
||||||
func ReadDirIVAt(dirfd *os.File) (iv []byte, err error) {
|
func ReadDirIVAt(dirfd *os.File) (iv []byte, err error) {
|
||||||
fdRaw, err := syscallcompat.Openat(int(dirfd.Fd()), DirIVFilename, syscall.O_RDONLY, 0)
|
fdRaw, err := syscallcompat.Openat(int(dirfd.Fd()), DirIVFilename,
|
||||||
|
syscall.O_RDONLY|syscall.O_NOFOLLOW, 0)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
tlog.Warn.Printf("ReadDirIVAt: opening %q in dir %q failed: %v",
|
tlog.Warn.Printf("ReadDirIVAt: opening %q in dir %q failed: %v",
|
||||||
DirIVFilename, dirfd.Name(), err)
|
DirIVFilename, dirfd.Name(), err)
|
||||||
|
@ -136,12 +136,12 @@ func emulateFchmodat(dirfd int, path string, mode uint32, flags int) (err error)
|
|||||||
}
|
}
|
||||||
defer syscall.Fchdir(cwd)
|
defer syscall.Fchdir(cwd)
|
||||||
// We also don't have Lchmod, so emulate it (poorly).
|
// We also don't have Lchmod, so emulate it (poorly).
|
||||||
if flags&unix.AT_SYMLINK_NOFOLLOW > 0 {
|
if flags&unix.AT_SYMLINK_NOFOLLOW != 0 {
|
||||||
fi, err := os.Lstat(path)
|
fi, err := os.Lstat(path)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if fi.Mode()&os.ModeSymlink > 0 {
|
if fi.Mode()&os.ModeSymlink != 0 {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -6,6 +6,8 @@ import (
|
|||||||
"syscall"
|
"syscall"
|
||||||
"unsafe"
|
"unsafe"
|
||||||
|
|
||||||
|
"golang.org/x/sys/unix"
|
||||||
|
|
||||||
"github.com/rfjakob/gocryptfs/internal/tlog"
|
"github.com/rfjakob/gocryptfs/internal/tlog"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -46,6 +48,11 @@ func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
|
|||||||
|
|
||||||
// Openat wraps the Openat syscall.
|
// Openat wraps the Openat syscall.
|
||||||
func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
|
func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
|
||||||
|
// Why would we ever want to call this without O_NOFOLLOW and O_EXCL?
|
||||||
|
if !(flags&syscall.O_CREAT != 0 && flags&syscall.O_EXCL != 0) && flags&syscall.O_NOFOLLOW == 0 {
|
||||||
|
tlog.Warn.Printf("Openat: adding missing O_NOFOLLOW flag")
|
||||||
|
flags |= syscall.O_NOFOLLOW
|
||||||
|
}
|
||||||
return syscall.Openat(dirfd, path, flags, mode)
|
return syscall.Openat(dirfd, path, flags, mode)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -82,11 +89,21 @@ func Dup3(oldfd int, newfd int, flags int) (err error) {
|
|||||||
|
|
||||||
// Fchmodat syscall.
|
// Fchmodat syscall.
|
||||||
func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
|
func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
|
||||||
|
// Why would we ever want to call this without AT_SYMLINK_NOFOLLOW?
|
||||||
|
if flags&unix.AT_SYMLINK_NOFOLLOW == 0 {
|
||||||
|
tlog.Warn.Printf("Fchmodat: adding missing AT_SYMLINK_NOFOLLOW flag")
|
||||||
|
flags |= unix.AT_SYMLINK_NOFOLLOW
|
||||||
|
}
|
||||||
return syscall.Fchmodat(dirfd, path, mode, flags)
|
return syscall.Fchmodat(dirfd, path, mode, flags)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Fchownat syscall.
|
// Fchownat syscall.
|
||||||
func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
|
func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
|
||||||
|
// Why would we ever want to call this without AT_SYMLINK_NOFOLLOW?
|
||||||
|
if flags&unix.AT_SYMLINK_NOFOLLOW == 0 {
|
||||||
|
tlog.Warn.Printf("Fchownat: adding missing AT_SYMLINK_NOFOLLOW flag")
|
||||||
|
flags |= unix.AT_SYMLINK_NOFOLLOW
|
||||||
|
}
|
||||||
return syscall.Fchownat(dirfd, path, uid, gid, flags)
|
return syscall.Fchownat(dirfd, path, uid, gid, flags)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user