From fb1b8ced3843a449f2a85d4ee0a9d426192d82fa Mon Sep 17 00:00:00 2001 From: danim7 Date: Mon, 27 Mar 2017 22:47:45 +0200 Subject: [PATCH] fusefrontend_reverse: consistent file owners for .diriv, .name files This PR addresses the Issue #95, about "Confusing file owner for longname files in reverse mode". It affects only the reverse mode, and introduces two modifications: 1) The "gocryptfs.longname.XXXX.name" files are assigned the owner and group of the underlying plaintext file. Therefore it is consistent with the file "gocryptfs.longname.XXXX" that has the encrypted contents of the plaintext file. 2) The two virtual files mentioned above are given -r--r--r-- permissions. This is consistent with the behavior described in function Access in internal/fusefrontend_reverse/rfs.go where all virtual files are always readable. Behavior also observed in point c) in #95 . Issue #95 URL: https://github.com/rfjakob/gocryptfs/issues/95 Pull request URL: https://github.com/rfjakob/gocryptfs/pull/97 --- internal/fusefrontend_reverse/reverse_longnames.go | 2 +- internal/fusefrontend_reverse/rfs.go | 11 ++++++----- internal/fusefrontend_reverse/virtualfile.go | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/internal/fusefrontend_reverse/reverse_longnames.go b/internal/fusefrontend_reverse/reverse_longnames.go index 1d19643..f1c45ca 100644 --- a/internal/fusefrontend_reverse/reverse_longnames.go +++ b/internal/fusefrontend_reverse/reverse_longnames.go @@ -96,6 +96,6 @@ func (rfs *ReverseFS) newNameFile(relPath string) (nodefs.File, fuse.Status) { return nil, fuse.ToStatus(err) } content := []byte(rfs.nameTransform.EncryptName(e, dirIV)) - parentFile := filepath.Join(rfs.args.Cipherdir, pDir) + parentFile := filepath.Join(rfs.args.Cipherdir, pDir, e) return rfs.newVirtualFile(content, parentFile) } diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go index a3a3d3b..9dc2572 100644 --- a/internal/fusefrontend_reverse/rfs.go +++ b/internal/fusefrontend_reverse/rfs.go @@ -21,8 +21,9 @@ import ( ) const ( - // DirIVMode is the mode to use for Dir IV files. - DirIVMode = syscall.S_IFREG | 0400 + // virtualFileMode is the mode to use for virtual files (gocryptfs.diriv and gocryptfs.longname.*.name) + // they are always readable, as stated in func Access + virtualFileMode = syscall.S_IFREG | 0444 ) // ReverseFS implements the pathfs.FileSystem interface and provides an @@ -108,7 +109,7 @@ func (rfs *ReverseFS) dirIVAttr(relPath string, context *fuse.Context) (*fuse.At return nil, fuse.EPERM } // All good. Let's fake the file. We use the timestamps from the parent dir. - a.Mode = DirIVMode + a.Mode = virtualFileMode a.Size = nametransform.DirIVLen a.Nlink = 1 a.Ino = rfs.inoGen.next() @@ -312,7 +313,7 @@ func (rfs *ReverseFS) OpenDir(cipherPath string, context *fuse.Context) ([]fuse. virtualFiles := make([]fuse.DirEntry, len(entries)+1) // Virtual gocryptfs.diriv file virtualFiles[0] = fuse.DirEntry{ - Mode: syscall.S_IFREG | 0400, + Mode: virtualFileMode, Name: nametransform.DirIVFilename, } // Actually used entries @@ -330,7 +331,7 @@ func (rfs *ReverseFS) OpenDir(cipherPath string, context *fuse.Context) ([]fuse. if len(cName) > syscall.NAME_MAX { cName = rfs.nameTransform.HashLongName(cName) dotNameFile := fuse.DirEntry{ - Mode: syscall.S_IFREG | 0600, + Mode: virtualFileMode, Name: cName + nametransform.LongNameSuffix, } virtualFiles[nVirtual] = dotNameFile diff --git a/internal/fusefrontend_reverse/virtualfile.go b/internal/fusefrontend_reverse/virtualfile.go index cca4349..04de634 100644 --- a/internal/fusefrontend_reverse/virtualfile.go +++ b/internal/fusefrontend_reverse/virtualfile.go @@ -59,7 +59,7 @@ func (f *virtualFile) GetAttr(a *fuse.Attr) fuse.Status { } st.Ino = f.ino st.Size = int64(len(f.content)) - st.Mode = syscall.S_IFREG | 0400 + st.Mode = virtualFileMode st.Nlink = 1 a.FromStat(&st) return fuse.OK