nametransform: simplify WriteDirIV to WriteDirIVAt

Un-spaghettify the function and let the callers open
the directory.
This commit is contained in:
Jakob Unterwurzacher 2019-01-03 13:32:13 +01:00
parent 0fd7637624
commit f6dad8d0fa
4 changed files with 35 additions and 24 deletions

View File

@ -6,12 +6,14 @@ import (
"os" "os"
"path/filepath" "path/filepath"
"strings" "strings"
"syscall"
"github.com/rfjakob/gocryptfs/internal/configfile" "github.com/rfjakob/gocryptfs/internal/configfile"
"github.com/rfjakob/gocryptfs/internal/cryptocore" "github.com/rfjakob/gocryptfs/internal/cryptocore"
"github.com/rfjakob/gocryptfs/internal/exitcodes" "github.com/rfjakob/gocryptfs/internal/exitcodes"
"github.com/rfjakob/gocryptfs/internal/nametransform" "github.com/rfjakob/gocryptfs/internal/nametransform"
"github.com/rfjakob/gocryptfs/internal/readpassword" "github.com/rfjakob/gocryptfs/internal/readpassword"
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
"github.com/rfjakob/gocryptfs/internal/tlog" "github.com/rfjakob/gocryptfs/internal/tlog"
) )
@ -96,7 +98,12 @@ func initDir(args *argContainer) {
// Forward mode with filename encryption enabled needs a gocryptfs.diriv file // Forward mode with filename encryption enabled needs a gocryptfs.diriv file
// in the root dir // in the root dir
if !args.plaintextnames && !args.reverse { if !args.plaintextnames && !args.reverse {
err = nametransform.WriteDirIV(-1, args.cipherdir) // Open cipherdir (following symlinks)
dirfd, err := syscall.Open(args.cipherdir, syscall.O_RDONLY|syscall.O_DIRECTORY|syscallcompat.O_PATH, 0)
if err == nil {
err = nametransform.WriteDirIVAt(dirfd)
syscall.Close(dirfd)
}
if err != nil { if err != nil {
tlog.Fatal.Println(err) tlog.Fatal.Println(err)
os.Exit(exitcodes.Init) os.Exit(exitcodes.Init)

View File

@ -37,9 +37,14 @@ func (fs *FS) mkdirWithIv(dirfd int, cName string, mode uint32) error {
if err != nil { if err != nil {
return err return err
} }
dirfd2, err := syscallcompat.Openat(dirfd, cName, syscall.O_DIRECTORY|syscall.O_NOFOLLOW|syscallcompat.O_PATH, 0)
if err == nil {
// Create gocryptfs.diriv // Create gocryptfs.diriv
err = nametransform.WriteDirIV(dirfd, cName) err = nametransform.WriteDirIVAt(dirfd2)
syscall.Close(dirfd2)
}
if err != nil { if err != nil {
// Delete inconsistent directory (missing gocryptfs.diriv!)
err2 := syscallcompat.Unlinkat(dirfd, cName, unix.AT_REMOVEDIR) err2 := syscallcompat.Unlinkat(dirfd, cName, unix.AT_REMOVEDIR)
if err2 != nil { if err2 != nil {
tlog.Warn.Printf("mkdirWithIv: rollback failed: %v", err2) tlog.Warn.Printf("mkdirWithIv: rollback failed: %v", err2)

View File

@ -4,10 +4,8 @@ import (
"bytes" "bytes"
"fmt" "fmt"
"io" "io"
"log"
"os" "os"
"path/filepath" "path/filepath"
"strings"
"syscall" "syscall"
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
@ -60,43 +58,38 @@ func fdReadDirIV(fd *os.File) (iv []byte, err error) {
return iv, nil return iv, nil
} }
// WriteDirIV - create diriv file inside of the specified directory. If dirfd // WriteDirIVAt - create a new gocryptfs.diriv file in the directory opened at
// is nil "dir" should be the absolute path to the directory. If dirfd != nil // "dirfd". On error we try to delete the incomplete file.
// "dir" should be a path (without slashes) relative to the directory // This function is exported because it is used from fusefrontend, main,
// described by "dirfd". This function is exported because it is used from // and also the automated tests.
// pathfs_frontend, main, and also the automated tests. func WriteDirIVAt(dirfd int) error {
func WriteDirIV(dirfd int, dir string) error {
// For relative paths we do not expect that "dir" contains slashes
if dirfd >= 0 && strings.Contains(dir, "/") {
log.Panicf("WriteDirIV: Relative path should not contain slashes: %v", dir)
}
iv := cryptocore.RandBytes(DirIVLen) iv := cryptocore.RandBytes(DirIVLen)
file := filepath.Join(dir, DirIVFilename)
// 0400 permissions: gocryptfs.diriv should never be modified after creation. // 0400 permissions: gocryptfs.diriv should never be modified after creation.
// Don't use "ioutil.WriteFile", it causes trouble on NFS: // Don't use "ioutil.WriteFile", it causes trouble on NFS:
// https://github.com/rfjakob/gocryptfs/commit/7d38f80a78644c8ec4900cc990bfb894387112ed // https://github.com/rfjakob/gocryptfs/commit/7d38f80a78644c8ec4900cc990bfb894387112ed
fdRaw, err := syscallcompat.Openat(dirfd, file, os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0400) fd, err := syscallcompat.Openat(dirfd, DirIVFilename, os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0400)
if err != nil { if err != nil {
tlog.Warn.Printf("WriteDirIV: Openat: %v", err) tlog.Warn.Printf("WriteDirIV: Openat: %v", err)
return err return err
} }
fd := os.NewFile(uintptr(fdRaw), file) // Wrap the fd in an os.File - we need the write retry logic.
_, err = fd.Write(iv) f := os.NewFile(uintptr(fd), DirIVFilename)
_, err = f.Write(iv)
if err != nil { if err != nil {
fd.Close() f.Close()
// It is normal to get ENOSPC here // It is normal to get ENOSPC here
if !syscallcompat.IsENOSPC(err) { if !syscallcompat.IsENOSPC(err) {
tlog.Warn.Printf("WriteDirIV: Write: %v", err) tlog.Warn.Printf("WriteDirIV: Write: %v", err)
} }
// Delete incomplete gocryptfs.diriv file // Delete incomplete gocryptfs.diriv file
syscallcompat.Unlinkat(dirfd, file, 0) syscallcompat.Unlinkat(dirfd, DirIVFilename, 0)
return err return err
} }
err = fd.Close() err = f.Close()
if err != nil { if err != nil {
tlog.Warn.Printf("WriteDirIV: Close: %v", err) tlog.Warn.Printf("WriteDirIV: Close: %v", err)
// Delete incomplete gocryptfs.diriv file // Delete incomplete gocryptfs.diriv file
syscallcompat.Unlinkat(dirfd, file, 0) syscallcompat.Unlinkat(dirfd, DirIVFilename, 0)
return err return err
} }
return nil return nil

View File

@ -18,6 +18,7 @@ import (
"github.com/rfjakob/gocryptfs/internal/ctlsock" "github.com/rfjakob/gocryptfs/internal/ctlsock"
"github.com/rfjakob/gocryptfs/internal/nametransform" "github.com/rfjakob/gocryptfs/internal/nametransform"
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
) )
// TmpDir will be created inside this directory, set in init() to // TmpDir will be created inside this directory, set in init() to
@ -112,7 +113,12 @@ func ResetTmpDir(createDirIV bool) {
panic(err) panic(err)
} }
if createDirIV { if createDirIV {
err = nametransform.WriteDirIV(-1, DefaultCipherDir) // Open cipherdir (following symlinks)
dirfd, err := syscall.Open(DefaultCipherDir, syscall.O_RDONLY|syscall.O_DIRECTORY|syscallcompat.O_PATH, 0)
if err == nil {
err = nametransform.WriteDirIVAt(dirfd)
syscall.Close(dirfd)
}
if err != nil { if err != nil {
panic(err) panic(err)
} }