Commit Graph

93 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
6b0e63c1a8 Improve startup debug output
The startup debug output was very verbose but still missing some
effective crypto settings.
2021-06-21 11:32:04 +02:00
Jakob Unterwurzacher
c5d8fa83ae nametransform: pass badname patterns via New
This means we can unexport the field.
2021-06-20 19:09:46 +02:00
Jakob Unterwurzacher
203e65066f main: use JSONDump helper for debug output 2021-06-20 18:25:07 +02:00
Jakob Unterwurzacher
0650a512bb fsck: redirect go-fuse noise to syslog 2021-05-18 18:38:23 +02:00
Jakob Unterwurzacher
86d8336b43 Add -acl flag to enable ACL enforcement
With test to verify that it actually works this
time: Run "make root_test".

Depends-on: https://github.com/rfjakob/gocryptfs/issues/536
Fixes: https://github.com/rfjakob/gocryptfs/issues/536
2021-05-15 17:58:37 +02:00
Jakob Unterwurzacher
f73aee72f8 fusefrontend: print dirCache stats after unmount 2021-04-05 18:20:17 +02:00
Jakob Unterwurzacher
e2dc52a965 v2api: -sharestorage: disable hard link tracking & add tests
Hard link tracking was not correctly disabled
since the migration to the go-fuse v2 api.

Add a test to ensure it stays off.

Fixes https://github.com/rfjakob/gocryptfs/issues/525
2021-03-07 17:22:29 +01:00
Jakob Unterwurzacher
de108d3fc0 -idle: don't lazy-unmount
When a process has its working dir inside the mount,
the only way we notice is that we get EBUSY when trying
to unmount.

We used to lazy-unmount in this case, but this means
pulling the rug from under the process.

For example, bash will start throwing

  cd: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory

messages.

Fixes https://github.com/rfjakob/gocryptfs/issues/533
2021-01-02 18:19:41 +01:00
gmd20
c20c7992a0 main: add "-kernel_cache" flag
This option is similar to fuse(8) kernel_cache

Verified using vmtouch.

Without -kernel_cache:

$ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0,0242321 s, 433 MB/s
           Files: 1
     Directories: 0
   Touched Pages: 2560 (10M)
         Elapsed: 0.011159 seconds
           Files: 1
     Directories: 0
  Resident Pages: 0/2560  0/10M  0%
         Elapsed: 0.000993 seconds

With -kernel_cache:

$ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0,0244015 s, 430 MB/s
           Files: 1
     Directories: 0
   Touched Pages: 2560 (10M)
         Elapsed: 0.011564 seconds
           Files: 1
     Directories: 0
  Resident Pages: 2560/2560  10M/10M  100%
         Elapsed: 0.000369 seconds
2020-12-20 09:55:04 +01:00
Jakob Unterwurzacher
6697ffd6e2 fusefronted: reject GETXATTR "security.capability"
Unless we are mounted with -suid, we can reject
these requests, and gain back some lost speed.

Closes https://github.com/rfjakob/gocryptfs/issues/515
2020-10-18 21:07:30 +02:00
Jakob Unterwurzacher
871f305f90 main: show microseconds in go-fuse logs
Suppress the date but show microseconds in fuse debug logs
(-fusedebug) and go-fuse warnings.
2020-10-14 15:37:37 +02:00
Jakob Unterwurzacher
13f1980dc4 v2api: pass fusedebug option via MountOptions
srv.SetDebug() is deprecated and only enables the debug
output after the init sequence, so we missed the first
few transaction in the debug output.
2020-07-27 23:31:57 +02:00
Jakob Unterwurzacher
8915785acf v2api: fsck: use a temporary mount
Directly accessing the Nodes does not work properly,
as there is no way to attach a newly LOOKUPped Node
to the tree. This means Path() does not work.

Use an actual mount instead and walk the tree.
2020-07-19 23:03:47 +02:00
Jakob Unterwurzacher
015a884090 v2api: enable go-fuse warnings on mount & fsck 2020-07-19 12:48:29 +02:00
Jakob Unterwurzacher
751f237993 v2api: make fsck compile again
Horribly broken, but it compiles.

.../tests/fsck$ ./run_fsck.bash
Reading password from extpass program "echo", arguments: ["test"]
Decrypting master key
OpenDir ".": invalid entry "invalid_file_name.3": illegal base64 data at input byte 17
OpenDir ".": invalid entry "invalid_file_name_2": bad message
fsck: corrupt entry in dir "": "invalid_file_name.3"
fsck: corrupt entry in dir "": "invalid_file_name_2"
OpenDir ".": invalid entry "invalid_file_name____1": bad message
fsck: corrupt entry in dir "": "invalid_file_name____1"
fsck: error stating file ".go-fuse.5577006791947779410/deleted": no such file or directory
fsck: error listing xattrs on ".go-fuse.13260572831089785859/deleted": no such file or directory
fsck: error opening dir "i10488239 (dir): ": no such file or directory
fsck: error reading symlink ".go-fuse.10667007354186551956/deleted": no such file or directory
fsck: error listing xattrs on ".go-fuse.11998794077335055257/deleted": no such file or directory
[...]
2020-07-18 23:42:25 +02:00
Jakob Unterwurzacher
9e69334400 v2api: set NullPermissions = true
Don't let go-fuse mess úp 0000 permissions.
2020-07-12 20:39:19 +02:00
Jakob Unterwurzacher
a39fc8ab2e v2api: fix crash on umount
fs.Mount already called srv.Serve() for us.
2020-07-08 22:21:27 +02:00
Jakob Unterwurzacher
2aad58f9ec v2api (go-fuse v2 api): initial noop implementation
Compiles and mounts but does nothing useful.
2020-06-21 12:01:24 +02:00
Jakob Unterwurzacher
ec74d1d2f4 Update go-fuse import path to github.com/hanwen/go-fuse/v2
We need
fd7328faf9
to fix a crash reported in https://github.com/rfjakob/gocryptfs/issues/430 :

  2019/10/30 17:14:16 Unknown opcode 2016
  panic: runtime error: invalid memory address or nil pointer dereference
  [signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x508d38]

This patch is only in the v2.x.x branch. Upgrade to v2, as the
old API is also supported there.

Running

  git grep hanwen/go-fuse | grep -v hanwen/go-fuse/v2

to check for forgotten references comes back clean.
2020-05-17 14:23:47 +02:00
Jakob Unterwurzacher
16221facb9 ctlsock: create exported ctlsock client library
The former interal ctlsock server package is renamed
to ctlsocksrv.
2020-05-09 17:36:41 +02:00
Jakob Unterwurzacher
ff04b1d83a main: untangle -masterkey handling and config loading
This was handled both in getMasterKey(). Split it apart.
2020-05-09 16:53:12 +02:00
orcas
9ec042f2f6 Show undecryptable filenames if they match supplied glob
Resolves https://github.com/rfjakob/gocryptfs/issues/393
2020-02-28 22:17:59 +01:00
Jakob Unterwurzacher
a48d7fac2c main: haveFusermount2: respect PATH environment variable
Use exec.LookPath() to find fusermount in the user's PATH
first. Fall back to /bin/fusermount for the case that PATH
is not set, like go-fuse does.

Fixes https://github.com/rfjakob/gocryptfs/issues/448
2020-01-14 23:12:56 +01:00
Jakob Unterwurzacher
db43bfc4c0 main: detect fusermount3 and don't add nonempty
fusermount3 (i.e. fusermount from libfuse 3.x) has dropped
the `nonempty` option.

Detect fusermount3 and don't add `nonempty` in this case.

Fixes https://github.com/rfjakob/gocryptfs/pull/440
2019-12-28 23:51:45 +01:00
Jakob Unterwurzacher
0a4db7d9e9 Fix -idle unmounting despite activity
Fixes https://github.com/rfjakob/gocryptfs/issues/421
2019-09-08 16:29:20 +02:00
Jakob Unterwurzacher
f1b538ef24 Fix "constant 2435016766 overflows int32" build failure on arm
Cast to uint32 to fix the int32 overflow, and define BTRFS_SUPER_MAGIC
locally to fix the next failure on darwin.
2019-08-04 19:43:07 +02:00
Jakob Unterwurzacher
b1d09b0f17 Rename isDirEmpty -> isEmptyDir
The function actually answers the question:
"is this an empty dir"?
2019-08-04 14:13:00 +02:00
Jakob Unterwurzacher
13055278f5 Force -noprealloc on Btrfs
Preallocation on Btrfs is broken ( https://github.com/rfjakob/gocryptfs/issues/395 ,
https://lore.kernel.org/linux-btrfs/CAPv9Zmk46As_P9Gyf_icET53xRda63h7iC1meES9xbdDEt9qow@mail.gmail.com/ )
and slow ( https://github.com/rfjakob/gocryptfs/issues/63 ).
2019-08-04 13:46:33 +02:00
Eduardo M KALINOWSKI
3bc100aeb3 reverse mode: support wildcard exclude (--exclude-wildcard)
This adds support for gitignore-like wildcards and exclude patters in
reverse mode. It (somewhat) fixes #273: no regexp support, but the
syntax should be powerful enough to satisfy most needs.

Also, since adding a lot of --exclude options can be tedious, it adds
the --exclude-from option to read patterns from a file (or files).
2019-03-26 20:56:37 +01:00
Sebastian Lackner
8a520ee77f mount: Replace commas in volume name.
Fixes the following test failure:

    cli_test.go:534: Failed to mount "[...]/542399800,foo,bar" on "[...]/542399800,foo,bar.mnt": exit status 19
2019-01-15 22:08:20 +01:00
Jakob Unterwurzacher
3cd892ccde main: also redirect Fatal logger to syslog on daemonization
The messages would still be collected via gocryptfs-logger,
but let's do it right.

Before:

  Oct 17 21:58:12 brikett gocryptfs[9926]: testing info
  Oct 17 21:58:12 brikett gocryptfs[9926]: testing warn
  Oct 17 21:58:12 brikett gocryptfs-9926-logger[9935]: testing fatal

After:

  Oct 17 22:00:53 brikett gocryptfs[10314]: testing info
  Oct 17 22:00:53 brikett gocryptfs[10314]: testing warn
  Oct 17 22:00:53 brikett gocryptfs[10314]: testing fatal
2018-10-17 22:18:03 +02:00
Jesse Dunietz
87d3ed9187 Add option for autounmount
Even though filesystem notifications aren't implemented for FUSE, I decided to
try my hand at implementing the autounmount feature (#128). I based it on the
EncFS autounmount code, which records filesystem accesses and checks every X
seconds whether it's idled long enough to unmount.

I've tested the feature locally, but I haven't added any tests for this flag.
I also haven't worked with Go before. So please let me know if there's
anything that should be done differently.

One particular concern: I worked from the assumption that the open files table
is unique per-filesystem. If that's not true, I'll need to add an open file
count and associated lock to the Filesystem type instead.

https://github.com/rfjakob/gocryptfs/pull/265
2018-10-11 20:16:45 +02:00
Jakob Unterwurzacher
5ca6243eeb main: sanitize commas from fsname
The cipherdir path is used as the fsname, as displayed
in "df -T". Now, having a comma in fsname triggers a sanity check
in go-fuse, aborting the mount with:

  /bin/fusermount: mount failed: Invalid argument
  fuse.NewServer failed: fusermount exited with code 256

Sanitize fsname by replacing any commas with underscores.

https://github.com/rfjakob/gocryptfs/issues/262
2018-09-18 19:39:52 +02:00
Jakob Unterwurzacher
ca24c20694 main: don't read the config file twice (fix pipe bug)
Instead, first Load() the file, then DecryptMasterKey().

Fixes https://github.com/rfjakob/gocryptfs/issues/258
2018-09-08 13:04:33 +02:00
Jakob Unterwurzacher
ec2fdc19cf reverse mode: add --exclude option
https://github.com/rfjakob/gocryptfs/issues/235
2018-08-11 23:26:49 +02:00
Jakob Unterwurzacher
52c9ff1ded main: improve fuse.NewServer error message
Before: fuse.NewServer failed: "fusermount exited with code 256\n"
After:  fuse.NewServer failed: fusermount exited with code 256
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
53d6a9999d main: accept -dev, -nodev, -suid, -nosuid, -exec, -noexec
When mounted via /etc/fstab like this,

  /a /b fuse.gocryptfs default 0 0

we always get extra options passed. As reported by @mahkoh
at https://github.com/rfjakob/gocryptfs/pull/233 :

  mount passes `-o noexec` if `-o user` is set and `-o exec` is not set.
  If both `-o user` and `-o exec` are set, it passes `-o exec`.

Make these options work, and in addtion, also make -suid and -rw
work the same way.

Reported-by: @mahkoh
2018-06-07 22:50:30 +02:00
Jakob Unterwurzacher
bcc8378a2c Fix the easy golint warnings
Reported by https://goreportcard.com/report/github.com/rfjakob/gocryptfs
2018-04-08 20:26:25 +02:00
Jakob Unterwurzacher
93849e28d8 main: move getMasterKey into initFuseFrontend
This is where the results are used, so call it
there.

This simplifies doMount a bit because we can get
rid of the block protecting masterkey.
2018-04-01 15:47:35 +02:00
Jakob Unterwurzacher
a4f3a7dca2 main: move masterkey logic into new helper getMasterKey
The new helper will also be used by fsck.
2018-04-01 14:51:53 +02:00
Jakob Unterwurzacher
85056def90 main: move and rename checkDir*() helper
To avoid confusion with fsck, rename to isDir*()
and move the functions into init_dir.go.
2018-04-01 12:31:44 +02:00
Jakob Unterwurzacher
9bc039a4ba Add -masterkey=stdin functionality
https://github.com/rfjakob/gocryptfs/issues/218
2018-03-22 00:02:10 +01:00
Jakob Unterwurzacher
b96e3ee271 tlog: stop embedding log.Logger to prevent mistakes
A few places have called tlog.Warn.Print, which directly
calls into log.Logger due to embedding, losing all features
of tlog.

Stop embedding log.Logger to make sure the internal functions
cannot be called accidentially and fix (several!) instances
that did.
2018-02-28 09:02:18 +01:00
Jakob Unterwurzacher
14c063428d main: doMount: use a deferred function for wipeKeys
Also drop the unused int return.
2018-02-18 12:55:20 +01:00
Jakob Unterwurzacher
5b5c7a0a5d main: overwrite keys and let them run out of scope
As soon as we don't need them anymore, overwrite
keys with zeros. Make sure they run out of scope
so we don't create a risk of inadvertedly using
all-zero keys for encryption.

https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18 12:42:22 +01:00
Jakob Unterwurzacher
18f6c6106c main: try to wipe cryptocore's secret keys on unmount
Raise the bar for recovering keys from memory.

https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18 11:39:10 +01:00
Jakob Unterwurzacher
719693ec5d fusefrontend[_reverse]: move crypto init up to caller
Both fusefrontend and fusefrontend_reverse were doing
essentially the same thing, move it into main's
initFuseFrontend.

A side-effect is that we have a reference to cryptocore
in main, which will help with wiping the keys on exit
(https://github.com/rfjakob/gocryptfs/issues/211).
2018-02-18 11:21:58 +01:00
Jakob Unterwurzacher
bac7ef4834 MacOS: rely on OSXFuse to create the mountpoint
As reported in https://github.com/rfjakob/gocryptfs/issues/194 ,
OSXFuse creates the mountpoint if it does not exist.
2018-01-20 13:42:29 +01:00
Jakob Unterwurzacher
7d477d692b MacOS: rely on OSXFuse to create mountpoint below /Volumes
OSXFuse automatically creates the mountpoint if it is
below /Volumes because this would require root permissions
which the user might not have.

Reported at https://github.com/rfjakob/gocryptfs/issues/194
2018-01-16 23:18:53 +01:00
Jakob Unterwurzacher
e36a0ebf18 main: add "-sharedstorage" flag
At the moment, it does two things:

1. Disable stat() caching so changes to the backing storage show up
   immediately.
2. Disable hard link tracking, as the inode numbers on the backing
   storage are not stable when files are deleted and re-created behind
   our back. This would otherwise produce strange "file does not exist"
   and other errors.

Mitigates https://github.com/rfjakob/gocryptfs/issues/156
2017-11-12 20:06:13 +01:00