Commit Graph

123 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
04858ddd22 nametransform: check name validity on encryption
xfstests generic/523 discovered that we allowed to set
xattrs with "/" in the name, but did not allow to read
them later.

With this change we do not allow to set them in the first
place.
2021-06-02 14:29:48 +02:00
Jakob Unterwurzacher
1c1692c4d9 fusefrontend_reverse: fix GETATTR panic
We don't implement Getattr(), so don't try to call it.

Reported at https://github.com/rfjakob/gocryptfs/issues/519#issuecomment-718790790 :

15:22:53.414101 rx 3344: READ n2565 {Fh 7 [42143744 +131072)  L 0 RDONLY,0x8000}
15:22:53.414274 rx 3342: READ n2565 {Fh 7 [42012672 +131072)  L 0 RDONLY,0x8000}
15:22:53.414787 rx 3346: READ n2565 {Fh 7 [42274816 +131072)  L 0 RDONLY,0x8000}
15:22:53.414806 tx 3336:     OK,  131072b data "\xcb\xd3<\"!-\xa7\xc4"...
15:22:53.414874 rx 3348: GETATTR n1446 {Fh 0}
panic: interface conversion: *fusefrontend_reverse.File is not fs.FileGetattrer: missing method Getattr

goroutine 451 [running]:
github.com/rfjakob/gocryptfs/internal/fusefrontend_reverse.(*Node).Getattr(0xc00034c880, 0x5620579784c0, 0xc000593e60, 0x562057939800, 0xc000218050, 0xc0000fc108, 0x0)
        github.com/rfjakob/gocryptfs/internal/fusefrontend_reverse/node.go:69 +0x273
github.com/hanwen/go-fuse/v2/fs.(*rawBridge).getattr(0xc00011e000, 0x5620579784c0, 0xc000593e60, 0xc00034c880, 0x562057939800, 0xc000218050, 0xc0000fc108, 0xbfded1ef58ba7b13)
        github.com/hanwen/go-fuse/v2@v2.0.4-0.20200908172753-0b6cbc515082/fs/bridge.go:500 +0x2d4
github.com/hanwen/go-fuse/v2/fs.(*rawBridge).GetAttr(0xc00011e000, 0xc0000e0000, 0xc0000fc198, 0xc0000fc108, 0x0)
        github.com/hanwen/go-fuse/v2@v2.0.4-0.20200908172753-0b6cbc515082/fs/bridge.go:488 +0x11c
github.com/hanwen/go-fuse/v2/fuse.doGetAttr(0xc000120000, 0xc0000fc000)
        github.com/hanwen/go-fuse/v2@v2.0.4-0.20200908172753-0b6cbc515082/fuse/opcode.go:287 +0x6f
github.com/hanwen/go-fuse/v2/fuse.(*Server).handleRequest(0xc000120000, 0xc0000fc000, 0xc000000000)
        github.com/hanwen/go-fuse/v2@v2.0.4-0.20200908172753-0b6cbc515082/fuse/server.go:472 +0x2c1
github.com/hanwen/go-fuse/v2/fuse.(*Server).loop(0xc000120000, 0xc000288001)
        github.com/hanwen/go-fuse/v2@v2.0.4-0.20200908172753-0b6cbc515082/fuse/server.go:445 +0x18c
created by github.com/hanwen/go-fuse/v2/fuse.(*Server).readRequest
        github.com/hanwen/go-fuse/v2@v2.0.4-0.20200908172753-0b6cbc515082/fuse/server.go:312 +0x419
2020-11-10 19:37:49 +01:00
Jakob Unterwurzacher
598e5f385e v2api/reverse: update TODO comment on xattrs 2020-08-30 16:39:46 +02:00
Jakob Unterwurzacher
d212b246c5 v2api/reverse: implement Lseek 2020-08-16 19:58:47 +02:00
Jakob Unterwurzacher
58a2726977 v2api/reverse: implement Statfs 2020-08-16 19:41:00 +02:00
Jakob Unterwurzacher
6f3cca2cdd v2api: clean up api TODOs 2020-08-16 13:52:27 +02:00
Jakob Unterwurzacher
94e8fc12ea v2api/reverse: finish -exclude
Tests pass now.
2020-08-15 17:31:45 +02:00
Jakob Unterwurzacher
15b0b4a5fd v2api/reverse: start wiring up -exclude functionality
Exclude in readdir is missing.
2020-08-15 16:08:16 +02:00
Jakob Unterwurzacher
1ea1b179c2 v2api/reverse: fix two fd leaks 2020-08-15 15:28:40 +02:00
Jakob Unterwurzacher
35055030a1 v2api/reverse: implement ctlsocksrv.Interface 2020-08-15 15:08:28 +02:00
Jakob Unterwurzacher
b6580a87e5 v2api/reverse: implement gocryptfs.conf mapping with -plaintextnames 2020-08-15 15:05:25 +02:00
Jakob Unterwurzacher
6d4f1a6888 v2api/reverse: implement Read 2020-08-09 22:11:46 +02:00
Jakob Unterwurzacher
5276092663 v2api/reverse: implement Readlink 2020-08-08 18:45:47 +02:00
Jakob Unterwurzacher
84ed139cd2 v2api/reverse: implement Lookup for longname 2020-08-02 19:33:12 +02:00
Jakob Unterwurzacher
4674bac838 v2api/reverse: implement Lookup for gocryptfs.conf & gocryptfs.diriv 2020-08-02 13:25:53 +02:00
Jakob Unterwurzacher
47d8f56b7f v2api/reverse: add missing decryptPath call openBackingDir 2020-08-01 23:06:35 +02:00
Jakob Unterwurzacher
6c26cda531 v2api/reverse: implement Readdir 2020-08-01 22:28:25 +02:00
Jakob Unterwurzacher
f54d21c384 v2api/reverse: implement Lookup & Getattr 2020-08-01 21:14:33 +02:00
Jakob Unterwurzacher
18b3bdb158 v2api/reverse: start fusefrontend_reverse v2 API implementation 2020-08-01 21:14:17 +02:00
Jakob Unterwurzacher
13dc7657ba v2api/reverse: move old fusefrontend_reverse out of the way
fusefrontend_reverse -> fusefrontend_reverse_v1api
2020-08-01 21:14:10 +02:00
Jakob Unterwurzacher
dd3d8c100b fusefrontend_reverse: collapse getFileType 2020-08-01 20:28:06 +02:00
Jakob Unterwurzacher
2aad58f9ec v2api (go-fuse v2 api): initial noop implementation
Compiles and mounts but does nothing useful.
2020-06-21 12:01:24 +02:00
Jakob Unterwurzacher
ec74d1d2f4 Update go-fuse import path to github.com/hanwen/go-fuse/v2
We need
fd7328faf9
to fix a crash reported in https://github.com/rfjakob/gocryptfs/issues/430 :

  2019/10/30 17:14:16 Unknown opcode 2016
  panic: runtime error: invalid memory address or nil pointer dereference
  [signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x508d38]

This patch is only in the v2.x.x branch. Upgrade to v2, as the
old API is also supported there.

Running

  git grep hanwen/go-fuse | grep -v hanwen/go-fuse/v2

to check for forgotten references comes back clean.
2020-05-17 14:23:47 +02:00
Jakob Unterwurzacher
ead7008a08 Fix spelling mistakes found by misspell
https://github.com/client9/misspell
2020-05-10 00:25:49 +02:00
Jakob Unterwurzacher
16221facb9 ctlsock: create exported ctlsock client library
The former interal ctlsock server package is renamed
to ctlsocksrv.
2020-05-09 17:36:41 +02:00
Jakob Unterwurzacher
518771e4e2 fusefrontend_reverse: use inomap for inode number translation
Gets rid of static inode number value limitations.

Fixes https://github.com/rfjakob/gocryptfs/issues/457
2020-05-03 15:22:10 +02:00
Jakob Unterwurzacher
fe06e9f456 readpassword: delete CheckTrailingGarbage
CheckTrailingGarbage was called even when "-passfile" was
used, which is stupid, and causes false positives:

https://github.com/rfjakob/gocryptfs/issues/391
(false error "Received trailing garbage after the password"
when using -passfile in .bash_profile)

Instead of trying to improve the logic to handle that case
and make everything even more complicated, delete the function.

It is unclear if actually helps in some cases, and it definitely
harms as shown by the above bug report.
2019-04-08 20:18:45 +02:00
Jakob Unterwurzacher
fba9b2b995 reverse: don't show gocryptfs.conf if a custom config path was passed
GetAttr checks for this, but OpenDir did not.

https://github.com/rfjakob/gocryptfs/issues/385
2019-03-26 20:59:52 +01:00
Eduardo M KALINOWSKI
3bc100aeb3 reverse mode: support wildcard exclude (--exclude-wildcard)
This adds support for gitignore-like wildcards and exclude patters in
reverse mode. It (somewhat) fixes #273: no regexp support, but the
syntax should be powerful enough to satisfy most needs.

Also, since adding a lot of --exclude options can be tedious, it adds
the --exclude-from option to read patterns from a file (or files).
2019-03-26 20:56:37 +01:00
Jakob Unterwurzacher
3d6b2685fb Revert "syscallcompat: drop Faccessat AT_SYMLINK_NOFOLLOW helper"
Breaks mounting on MacOS: unix.Faccessat on Darwin does NOT (yet)
support AT_SYMLINK_NOFOLLOW. See d44fe89ba4 .

This reverts commit 0805a63df1.
2019-01-20 13:10:59 +01:00
Jakob Unterwurzacher
0805a63df1 syscallcompat: drop Faccessat AT_SYMLINK_NOFOLLOW helper
unix.Faccessat has added support for AT_SYMLINK_NOFOLLOW in July 2018,
bd9dbc187b (diff-341484dbbe3180cd7a31ef2ad2d679b6)
which means we no longer need our own helper.

Closes https://github.com/rfjakob/gocryptfs/issues/347
2019-01-20 12:59:59 +01:00
Sebastian Lackner
d8bb223dd3 fusefrontend_reverse: Delete leftover debug statement. 2019-01-15 22:07:37 +01:00
Sebastian Lackner
117dc3f2cc fusefrontend_reverse: Fix redeclaration of 'entries' variable.
Go version go1.10.7 linux/amd64 complains with:

 internal/fusefrontend_reverse/rfs.go:333: declaration of "entries" shadows
 declaration at internal/fusefrontend_reverse/rfs.go:327
2019-01-04 20:11:45 +01:00
Jakob Unterwurzacher
6b94f5ef51 reverse mode: -exclude: filter out excluded .name files
Fixes https://github.com/rfjakob/gocryptfs/issues/286 :

While the actual file is properly excluded, the * .name file is still leaked in the directory listing:

```
drwxr-xr-x 2 sebastian sebastian 4,0K Dez 17 14:58 .
drwxr-xr-x 7 sebastian sebastian 4,0K Dez 17 14:45 ..
-r-------- 1 sebastian sebastian  408 Dez 17 14:56 gocryptfs.conf
-r--r--r-- 1 sebastian sebastian   16 Dez 17 14:58 gocryptfs.diriv
-r--r--r-- 1 sebastian sebastian  320 Dez 17 14:58 gocryptfs.longname.3vZ_r3eDPb1_fL3j5VA4rd_bcKWLKT9eaxOVIGK5HFA.name
```
2019-01-04 17:59:00 +01:00
Jakob Unterwurzacher
75a3e2c2ee reverse mode: fix "-exclude" in "-plaintextnames" dir listings
Excluded files showed up in directory listing like this:

 drwxr-xr-x 2 sebastian sebastian 4,0K Dez 17 14:48 .
 drwxr-xr-x 7 sebastian sebastian 4,0K Dez 17 14:45 ..
 -????????? ? ?         ?            ?            ? abcd
 -r-------- 1 sebastian sebastian  366 Dez 17 14:45 gocryptfs.conf

Fixes https://github.com/rfjakob/gocryptfs/issues/285
2019-01-04 17:36:06 +01:00
Jakob Unterwurzacher
930c37e03d syscallcompat: use O_PATH in OpenDirNofollow
This fixes the "0100 directory" problem in reverse mode,
and should be slightly faster.
2018-09-08 18:06:33 +02:00
Jakob Unterwurzacher
9ec9d0c49c syscallcompat: untangle OpenNofollow and rename to OpenDirNofollow
The function used to do two things:

1) Walk the directory tree in a manner safe from symlink attacks
2) Open the final component in the mode requested by the caller

This change drops (2), which was only used once, and lets the caller
handle it. This simplifies the function and makes it fit for reuse in
forward mode in openBackingPath(), and for using O_PATH on Linux.
2018-09-08 17:41:17 +02:00
Jakob Unterwurzacher
7a02f71fc2 fusefrontend_reverse: reject excludes for the root directory ""
This is most likely a mistake by the user. Reject it.
2018-08-15 12:28:29 +02:00
Jakob Unterwurzacher
ec2fdc19cf reverse mode: add --exclude option
https://github.com/rfjakob/gocryptfs/issues/235
2018-08-11 23:26:49 +02:00
Jakob Unterwurzacher
bde7ba57b0 darwin does not have PATH_MAX
Define our own, with the value from Linux.
2018-06-08 00:47:48 +02:00
Jakob Unterwurzacher
719693ec5d fusefrontend[_reverse]: move crypto init up to caller
Both fusefrontend and fusefrontend_reverse were doing
essentially the same thing, move it into main's
initFuseFrontend.

A side-effect is that we have a reference to cryptocore
in main, which will help with wiping the keys on exit
(https://github.com/rfjakob/gocryptfs/issues/211).
2018-02-18 11:21:58 +01:00
Jakob Unterwurzacher
9f8d0d8e57 gccgo: replace syscall.NAME_MAX with unix.NAME_MAX
For some reason the syscall.NAME_MAX constant does not exist
on gccgo, and it does not hurt us to use unix.NAME_MAX instead.

https://github.com/rfjakob/gocryptfs/issues/201
2018-02-01 23:50:11 +01:00
Jakob Unterwurzacher
a2677bce2a fusefrontend_reverse: use OpenNofollow in virtualFile.GetAttr
Makes it robust against symlink races.

Final piece, closes https://github.com/rfjakob/gocryptfs/issues/165
2018-01-17 21:36:38 +01:00
Jakob Unterwurzacher
959e1fc1e2 fusefrontend_reverse: use OpenNofollow in findLongnameParent
Protects findLongnameParent against symlink races.

Also add comments to several functions along the way.

Reported at https://github.com/rfjakob/gocryptfs/issues/165
2018-01-17 20:54:05 +01:00
Jakob Unterwurzacher
36ffd813cd Run go fmt 2018-01-16 23:18:53 +01:00
Sebastian Lackner
631974f9e0 fusefrontend_reverse: Use O_DIRECTORY in OpenDir implementation
Also get rid of the defer - it is not really necessary here.
2017-12-11 21:18:20 +01:00
Sebastian Lackner
96dc2ca709 fusefrontend_reverse: Reject access to device nodes in newFile function
Steps to reproduce:

* Create a regular reverse mount point
* Create a file "test" in the original directory
* Access the corresponding encrypted directory in the mount point (ls <encrypted dir>)
* Quickly delete the file in the original data - instead create a device node
* Access the file again, it will access the device node and attempt to read from it

Fixes https://github.com/rfjakob/gocryptfs/issues/187
2017-12-11 09:55:16 +01:00
Sebastian Lackner
3af51736f3 fusefrontend_reverse: Use openBackingDir in GetAttr
Also fixes 48bd59f388 - the directory FD should
also be closed in case of an error.
2017-12-07 23:36:11 +01:00
Sebastian Lackner
ad0f110191 fusefrontend_reverse: Use openBackingDir in Readlink 2017-12-07 23:36:11 +01:00
Jakob Unterwurzacher
48bd59f388 fusefrontend_reverse: fix fd leak in GetAttr
Fixes https://github.com/rfjakob/gocryptfs/issues/184
2017-12-07 09:01:12 +01:00