Jakob Unterwurzacher
3784901fce
readpassword: limit password length to 1000 bytes
...
This used to hang at 100% CPU:
cat /dev/zero | gocryptfs -init a
...and would ultimately send the box into out-of-memory.
The number 1000 is chosen arbitrarily and seems big enough
given that the password must be one line.
Suggested by @mhogomchungu in https://github.com/rfjakob/gocryptfs/issues/77 .
2017-02-13 09:13:22 +01:00
Jakob Unterwurzacher
54caaf4b98
Add CLI ABI documentation
...
Closes https://github.com/rfjakob/gocryptfs/issues/77
2017-02-12 19:20:21 +01:00
Jakob Unterwurzacher
8adfbf2dc3
Check for trailing garbage after the password
...
From the comment:
// CheckTrailingGarbage tries to read one byte from stdin and exits with a
// fatal error if the read returns any data.
// This is meant to be called after reading the password, when there is no more
// data expected. This helps to catch problems with third-party tools that
// interface with gocryptfs.
2017-02-12 17:59:09 +01:00
Jakob Unterwurzacher
2dd90ac19c
readpassword: improve comment on readPasswordStdin
2017-02-12 13:55:30 +01:00
Jakob Unterwurzacher
1e9d735406
Document "--" to stop option parsing in help text + man page
2017-02-12 12:49:04 +01:00
Jakob Unterwurzacher
dc2dc9f88c
main: suggest "-q" to suppress master key message
...
If the user has already saved the master key and is not
aware of "-q" the master key needlessly ends up in the terminal
buffer.
Closes https://github.com/rfjakob/gocryptfs/issues/76
2017-02-12 12:23:16 +01:00
Jakob Unterwurzacher
357307cbcf
tests: ctlsock: check warning for non-canonical paths
2017-02-12 12:22:25 +01:00
Jakob Unterwurzacher
0f40afc832
ctlsock: handle non-canonical empty paths
...
We have to check if the input path is empty AFTER canonicalizing it,
too!
2017-02-05 18:17:30 +01:00
Jakob Unterwurzacher
8bcae63a5a
ctlsock: sanitize: handle multiple leading slashes
2017-02-05 18:05:35 +01:00
Jakob Unterwurzacher
2bdd0ec802
golint comment fix
...
internal/ctlsock/ctlsock_serve.go:73:1: comment on exported const
ReadBufSize should be of the form "ReadBufSize ..."
2017-01-29 19:01:16 +01:00
Jakob Unterwurzacher
c8fb619971
contrib: add ctlsock helper scripts
2017-01-29 18:56:17 +01:00
Jakob Unterwurzacher
1273d7edae
ctlsock: better error message for forward mode path decryption
2017-01-29 18:55:52 +01:00
Jakob Unterwurzacher
53fe6f5690
ctlsock: abort message processing on JSON error
...
The code was missing a "continue" in that branch.
Also improve the error messages a bit.
2017-01-29 18:25:46 +01:00
Jakob Unterwurzacher
532ef15417
ctlsock: interpret paths that point above CWD as ""
...
Paths that start with ".." were previously accepted as-is.
2017-01-29 15:24:47 +01:00
Jakob Unterwurzacher
6166dad05c
readpassword: support spaces in "-passfile" filename
...
...and while we are at it, also filenames starting with "-".
2017-01-29 00:34:12 +01:00
Jakob Unterwurzacher
de200aad72
main: add "-fsname" option
...
As requested in https://github.com/rfjakob/gocryptfs/issues/73 .
2017-01-26 22:13:57 +01:00
Jakob Unterwurzacher
39eca53677
main: make sure the ctlsock file is deleted on incorrect password
...
Otherwise the next try to mount ends in
"ctlsock: listen unix ctl.sock: bind: address already in use"
2017-01-26 21:32:08 +01:00
Jakob Unterwurzacher
a7c7588deb
fusefrontend: fix hard-linking with long name
...
This used to incorrectly try to link twice and return EEXIST.
2017-01-26 20:56:42 +01:00
Jakob Unterwurzacher
d2224aec58
tests: add TestLongLink (currently broken)
2017-01-26 20:49:35 +01:00
Jakob Unterwurzacher
de87a256ab
tlog: better comment for the terminal colors
2017-01-26 20:01:45 +01:00
Jakob Unterwurzacher
fe1705c55b
reverse: add single-entry path cache
...
Speeds up the "ls -lR" benchmark from 2.6 seconds to 2.0.
2017-01-03 18:14:01 +01:00
Jakob Unterwurzacher
ef089c9f80
reverse: factor out rDecryptName
...
This prepares the code for the introduction of a path cache.
2017-01-03 17:46:11 +01:00
Jakob Unterwurzacher
2643dd0ea5
test.bash: don't let the test process inherit the lock file
...
This meant that dangling mounts (and gocryptfs processes) kept
the lock open.
2017-01-03 17:40:20 +01:00
Jakob Unterwurzacher
3e4b29634a
Add reverse benchmark
2017-01-03 15:16:02 +01:00
Jakob Unterwurzacher
94b66ee1b2
tests: only check the size in dl-linux-tarball.bash
...
Getting rid of the MD5 calculation makes calling the script
virtually free, where it took 0.2 seconds before.
2017-01-03 14:33:55 +01:00
Jakob Unterwurzacher
53555fec1c
tests: factor out dl-linux-tarball.bash
...
This will be also used by the reverse benchmarks.
2017-01-03 14:17:42 +01:00
Jakob Unterwurzacher
53aedc3783
main: disconnect from the controlling terminal
...
This prevents us from getting SIGINT when the user
kills the running script.
2017-01-02 23:29:52 +01:00
Jakob Unterwurzacher
9be3d2c214
benchmark.bash: reject "-openssl" option for encfs mode
2016-12-13 22:16:21 +01:00
Jakob Unterwurzacher
15d6da6c48
benchmark.bash: add proper argument handling
2016-12-13 22:13:54 +01:00
Jakob Unterwurzacher
2bacbdf99d
benchmark.bash: OSX dd does not support "K" postfix
2016-12-13 22:13:12 +01:00
Jakob Unterwurzacher
0749fbd9c9
benchmark.bash: add comments to show how to force openssl usage
2016-12-10 21:14:57 +01:00
Jakob Unterwurzacher
8be54bf3f8
prefer_openssl: default to Go GCM on OSX
2016-12-10 21:04:17 +01:00
Jakob Unterwurzacher
12374be9c5
ctlsock: abort the connection if the request is too big
...
Reading partial JSON would cause a mess. Just kill the connection.
Also, stop using syscall.PathMax that is not defined on Darwin
( https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-264253024 )
2016-12-10 20:43:08 +01:00
Jakob Unterwurzacher
8945f4db95
ctlsock: add a note about Accept() throwing errors on Close()
2016-12-10 15:01:00 +01:00
Jakob Unterwurzacher
6af725ff09
ctlsock: exit early if socket cannot be created; delete on exit
...
Both are achieved by opening the socket from main and passing
it to the ctlsock package instead of passing the path.
2016-12-10 14:54:06 +01:00
Jakob Unterwurzacher
e1833fa26a
test.bash: call vet early
2016-12-10 14:53:04 +01:00
Jakob Unterwurzacher
967e7bd125
stupidgcm: Fix without_openssl build failure
...
Also, always call build-without-openssl.bash from test.bash.
Failure was:
internal/stupidgcm/without_openssl.go:29: missing return at end of function
2016-12-10 13:15:19 +01:00
Jakob Unterwurzacher
2758c75cae
ctlsock: sanitize paths before passing them to the backend
...
You used to be able to crash gocryptfs by passing "/foo"
of "foo/" to the ctlsock.
Fixes https://github.com/rfjakob/gocryptfs/issues/66
2016-12-10 12:59:54 +01:00
Jakob Unterwurzacher
21904cd5f0
ctlsock: exit if socket cannot be created
2016-12-10 12:49:43 +01:00
Jakob Unterwurzacher
3e59041147
test.bash: check for naked "panic()" calls
2016-12-10 11:54:54 +01:00
Jakob Unterwurzacher
c9f4400e6d
Replace all calls to naked panic() with log.Panic()
...
We want all panics to show up in the syslog.
2016-12-10 11:54:36 +01:00
Jakob Unterwurzacher
6c86afb5cd
build-without-openssl: compile statically
...
$ ldd gocryptfs
not a dynamic executable
$ file gocryptfs
gocryptfs: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped
2016-12-06 22:47:18 +01:00
Jakob Unterwurzacher
9b57384574
README: v1.2 includes the rendered man page in the tarball
2016-12-04 20:38:48 +01:00
Jakob Unterwurzacher
ec89eb1d76
Update README for v1.2 release
2016-12-04 19:32:23 +01:00
Jakob Unterwurzacher
55df8acac3
fusefrontend: preserve owner for symlinks
...
https://github.com/rfjakob/gocryptfs/issues/64
2016-11-28 23:15:24 +01:00
Jakob Unterwurzacher
e3c5e3f1c8
fusefronted: preserve owner for device nodes and sockets
...
https://github.com/rfjakob/gocryptfs/issues/64
2016-11-28 23:09:47 +01:00
Jakob Unterwurzacher
a66440c668
fusefrontend: use Lchown when preserving owner
...
This prevents (unlikely) symlink race attacks
2016-11-28 22:46:04 +01:00
Jakob Unterwurzacher
7fc93ec093
main: fix USR1 race condition, fixes test flakiness
...
We could have gotten the signal before the handler was ready,
which caused the process to wait indefinitely. This was the reason
test.bash sometimes hung.
2016-11-26 18:18:14 +01:00
Jakob Unterwurzacher
3f5c48e058
tests: don't call t.Fatal in checkExampleFS
...
Calling t.Fatal means that the parent test has no chance
to clean up.
2016-11-26 15:20:54 +01:00
Jakob Unterwurzacher
a6006c0d2b
test.bash: lock against multiple parallel incovations
...
Running multiple test.bash in parallel causes all kinds of
mayham.
2016-11-26 13:43:50 +01:00