Commit Graph

193 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
3784901fce readpassword: limit password length to 1000 bytes
This used to hang at 100% CPU:

    cat /dev/zero | gocryptfs -init a

...and would ultimately send the box into out-of-memory.

The number 1000 is chosen arbitrarily and seems big enough
given that the password must be one line.

Suggested by @mhogomchungu in https://github.com/rfjakob/gocryptfs/issues/77 .
2017-02-13 09:13:22 +01:00
Jakob Unterwurzacher
8adfbf2dc3 Check for trailing garbage after the password
From the comment:

// CheckTrailingGarbage tries to read one byte from stdin and exits with a
// fatal error if the read returns any data.
// This is meant to be called after reading the password, when there is no more
// data expected. This helps to catch problems with third-party tools that
// interface with gocryptfs.
2017-02-12 17:59:09 +01:00
Jakob Unterwurzacher
2dd90ac19c readpassword: improve comment on readPasswordStdin 2017-02-12 13:55:30 +01:00
Jakob Unterwurzacher
0f40afc832 ctlsock: handle non-canonical empty paths
We have to check if the input path is empty AFTER canonicalizing it,
too!
2017-02-05 18:17:30 +01:00
Jakob Unterwurzacher
8bcae63a5a ctlsock: sanitize: handle multiple leading slashes 2017-02-05 18:05:35 +01:00
Jakob Unterwurzacher
2bdd0ec802 golint comment fix
internal/ctlsock/ctlsock_serve.go:73:1: comment on exported const
ReadBufSize should be of the form "ReadBufSize ..."
2017-01-29 19:01:16 +01:00
Jakob Unterwurzacher
1273d7edae ctlsock: better error message for forward mode path decryption 2017-01-29 18:55:52 +01:00
Jakob Unterwurzacher
53fe6f5690 ctlsock: abort message processing on JSON error
The code was missing a "continue" in that branch.

Also improve the error messages a bit.
2017-01-29 18:25:46 +01:00
Jakob Unterwurzacher
532ef15417 ctlsock: interpret paths that point above CWD as ""
Paths that start with ".." were previously accepted as-is.
2017-01-29 15:24:47 +01:00
Jakob Unterwurzacher
6166dad05c readpassword: support spaces in "-passfile" filename
...and while we are at it, also filenames starting with "-".
2017-01-29 00:34:12 +01:00
Jakob Unterwurzacher
39eca53677 main: make sure the ctlsock file is deleted on incorrect password
Otherwise the next try to mount ends in
"ctlsock: listen unix ctl.sock: bind: address already in use"
2017-01-26 21:32:08 +01:00
Jakob Unterwurzacher
a7c7588deb fusefrontend: fix hard-linking with long name
This used to incorrectly try to link twice and return EEXIST.
2017-01-26 20:56:42 +01:00
Jakob Unterwurzacher
de87a256ab tlog: better comment for the terminal colors 2017-01-26 20:01:45 +01:00
Jakob Unterwurzacher
fe1705c55b reverse: add single-entry path cache
Speeds up the "ls -lR" benchmark from 2.6 seconds to 2.0.
2017-01-03 18:14:01 +01:00
Jakob Unterwurzacher
ef089c9f80 reverse: factor out rDecryptName
This prepares the code for the introduction of a path cache.
2017-01-03 17:46:11 +01:00
Jakob Unterwurzacher
8be54bf3f8 prefer_openssl: default to Go GCM on OSX 2016-12-10 21:04:17 +01:00
Jakob Unterwurzacher
12374be9c5 ctlsock: abort the connection if the request is too big
Reading partial JSON would cause a mess. Just kill the connection.

Also, stop using syscall.PathMax that is not defined on Darwin
( https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-264253024 )
2016-12-10 20:43:08 +01:00
Jakob Unterwurzacher
8945f4db95 ctlsock: add a note about Accept() throwing errors on Close() 2016-12-10 15:01:00 +01:00
Jakob Unterwurzacher
6af725ff09 ctlsock: exit early if socket cannot be created; delete on exit
Both are achieved by opening the socket from main and passing
it to the ctlsock package instead of passing the path.
2016-12-10 14:54:06 +01:00
Jakob Unterwurzacher
967e7bd125 stupidgcm: Fix without_openssl build failure
Also, always call build-without-openssl.bash from test.bash.

Failure was:

  internal/stupidgcm/without_openssl.go:29: missing return at end of function
2016-12-10 13:15:19 +01:00
Jakob Unterwurzacher
2758c75cae ctlsock: sanitize paths before passing them to the backend
You used to be able to crash gocryptfs by passing "/foo"
of "foo/" to the ctlsock.

Fixes https://github.com/rfjakob/gocryptfs/issues/66
2016-12-10 12:59:54 +01:00
Jakob Unterwurzacher
c9f4400e6d Replace all calls to naked panic() with log.Panic()
We want all panics to show up in the syslog.
2016-12-10 11:54:36 +01:00
Jakob Unterwurzacher
55df8acac3 fusefrontend: preserve owner for symlinks
https://github.com/rfjakob/gocryptfs/issues/64
2016-11-28 23:15:24 +01:00
Jakob Unterwurzacher
e3c5e3f1c8 fusefronted: preserve owner for device nodes and sockets
https://github.com/rfjakob/gocryptfs/issues/64
2016-11-28 23:09:47 +01:00
Jakob Unterwurzacher
a66440c668 fusefrontend: use Lchown when preserving owner
This prevents (unlikely) symlink race attacks
2016-11-28 22:46:04 +01:00
Jakob Unterwurzacher
0f8d3318a3 main, fusefrontend: add "-noprealloc" option
Preallocation is very slow on hdds that run btrfs. Give the
user the option to disable it. This greatly speeds up small file
operations but reduces the robustness against out-of-space errors.

Also add the option to the man page.

More info: https://github.com/rfjakob/gocryptfs/issues/63
2016-11-25 09:19:14 +01:00
Jakob Unterwurzacher
024511d9c7 fusefrontend: coalesce 4kB writes
This improves performance on hdds running ext4, and improves
streaming write performance on hdds running btrfs. Tar extract
slows down on btrfs for some reason.

See https://github.com/rfjakob/gocryptfs/issues/63

Benchmarks:

encfs v1.9.1
============

$ ./benchmark.bash -encfs /mnt/hdd-ext4
Testing EncFS at /mnt/hdd-ext4/benchmark.bash.u0g
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,48354 s, 88,4 MB/s
UNTAR: 20.79
LS:    3.04
RM:    6.62

$ ./benchmark.bash -encfs /mnt/hdd-btrfs
Testing EncFS at /mnt/hdd-btrfs/benchmark.bash.h40
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,52552 s, 85,9 MB/s
UNTAR: 24.51
LS:    2.73
RM:    5.32

gocryptfs v1.1.1-26-g4a7f8ef
============================

$ ./benchmark.bash /mnt/hdd-ext4
Testing gocryptfs at /mnt/hdd-ext4/benchmark.bash.1KG
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,55782 s, 84,1 MB/s
UNTAR: 22.23
LS:    1.47
RM:    4.17

$ ./benchmark.bash /mnt/hdd-btrfs
Testing gocryptfs at /mnt/hdd-btrfs/benchmark.bash.2t8
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 6,87206 s, 19,1 MB/s
UNTAR: 69.87
LS:    1.52
RM:    5.33

gocryptfs v1.1.1-32
===================

$ ./benchmark.bash /mnt/hdd-ext4
Testing gocryptfs at /mnt/hdd-ext4/benchmark.bash.Qt3
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,22577 s, 107 MB/s
UNTAR: 23.46
LS:    1.46
RM:    4.67

$ ./benchmark.bash /mnt/hdd-btrfs/
Testing gocryptfs at /mnt/hdd-btrfs//benchmark.bash.XVk
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 3,68735 s, 35,5 MB/s
UNTAR: 116.87
LS:    1.84
RM:    6.34
2016-11-25 09:03:32 +01:00
Jakob Unterwurzacher
6f475da116 Fix golint warnings, add helper script 2016-11-17 23:40:03 +01:00
Jakob Unterwurzacher
0489d08ae2 fusefrontend: get the file ID from the open files table
This fixes the problem that a truncate can reset the file
ID without the other open FDs noticing it.
2016-11-17 22:29:45 +01:00
Jakob Unterwurzacher
e04dc05012 fusefrontend: upgrade wlockMap to use device AND inode number
If there are multiple filesystems backing the gocryptfs filesystems
inode numbers are not guaranteed to be unique.
2016-11-17 20:32:19 +01:00
Jakob Unterwurzacher
d8fb28a1c3 ctlsock: prevent panic on invalid decrypt request 2016-11-10 23:51:47 +01:00
Jakob Unterwurzacher
c03fc46a51 ctlsock: implement EncryptPath for reverse mode, add tests 2016-11-10 23:32:51 +01:00
Jakob Unterwurzacher
d3764b7753 reverse: fix longname decoding bug
This could have caused spurious ENOENT errors.

That it did not cause these errors all the time is interesting
and probably because an earlier readdir would place the entry
in the cache. This masks the bug.
2016-11-10 23:30:30 +01:00
Jakob Unterwurzacher
e7f57695a6 Fix golint warnings
$ golint ./... | grep -v underscore | grep -v ALL_CAPS
internal/fusefrontend_reverse/rfs.go:52:36: exported func NewFS returns unexported type *fusefrontend_reverse.reverseFS, which can be annoying to use
internal/nametransform/raw64_go1.5.go:10:2: exported const HaveRaw64 should have comment (or a comment on this block) or be unexported
2016-11-10 00:38:01 +01:00
Jakob Unterwurzacher
75ebb28a62 ctlsock: add initial limited implementation
At the moment, in forward mode you can only encrypt paths
and in reverse mode you can only decrypt paths.
2016-11-10 00:27:08 +01:00
Jakob Unterwurzacher
df28fc5a11 nametransform: get rid of leading "./"
Paths in the root directory were encrypted to this:

    foobar -> ./N9vPc0gXUY4PDSt0-muYXQ==
2016-11-09 23:41:47 +01:00
Jakob Unterwurzacher
df1e3a10c4 nametransform: nicer error message on empty gocryptfs.diriv
Old:

	Nov 06 13:34:38 brikett gocryptfs[16228]: ReadDirIVAt: Read failed: EOF
	Nov 06 13:34:38 brikett gocryptfs[16228]: go-fuse: can't convert error type: EOF

New:

	Nov 06 14:08:43 brikett gocryptfs[17361]: ReadDirIVAt: wanted 16 bytes, got 0. Returning EINVAL.
2016-11-06 14:09:34 +01:00
Jakob Unterwurzacher
d15122d3d6 Add Go 1.4 compatibility layer for raw64
Using raw64 will not work, but at least it will compile.
2016-11-01 19:25:59 +01:00
Jakob Unterwurzacher
2b991c9743 Add support for unpadded base64 filenames, "-raw64"
Through base64.RawURLEncoding.

New command-line parameter "-raw64".
2016-11-01 18:43:22 +01:00
Jakob Unterwurzacher
944eaf2fb5 fusefronted: expire dir IV cache after one second
The Back In Time backup tool (https://github.com/bit-team/backintime)
wants to write directly into the ciphertext dir.
This may cause the cached directory IV to become out-of-date.
Having an expiry time limits the inconstency to one second, like
attr_timeout does for the kernel getattr cache.
2016-11-01 10:57:39 +01:00
Jakob Unterwurzacher
a9c7565b80 fusefrontend: refactor dirIVCache
Simplify the code a bit.
2016-11-01 10:34:41 +01:00
Jakob Unterwurzacher
c2192cfcad fusefrontend: drop atime workarounds
The fix at https://github.com/hanwen/go-fuse/pull/131 has been merged.
Drop the workarounds and re-enable the tests.
2016-10-30 16:29:36 +01:00
Jakob Unterwurzacher
85f1fd0b0f fusefronted: more concise corrupt block log message
Calculating the block offset is easy enough, even more now
that gocryptfs-xray exists.
2016-10-28 21:18:36 +02:00
Jakob Unterwurzacher
012152f3d1 fusefrontend: I/O error instead of panic on all-zero nonce
Running xfstests generic/075 on tmpfs often triggered a panic
for what seems to be a tmpfs bug.

Quoting from the email to lkml,
http://www.spinics.net/lists/kernel/msg2370127.html :

	tmpfs seems to be incorrectly returning 0-bytes when reading from
	a file that is concurrently being truncated.
2016-10-28 21:18:36 +02:00
Jakob Unterwurzacher
a08d55f42d fusefronted: optimize NFS streaming writes by saving one Stat()
Stat() calls are expensive on NFS as they need a full network
round-trip. We detect when a write immediately follows the
last one and skip the Stat in this case because the write
cannot create a file hole.

On my (slow) NAS, this takes the write speed from 24MB/s to
41MB/s.
2016-10-28 21:17:53 +02:00
Jakob Unterwurzacher
d64ccf7cf4 fusefrontend: move hole padding check out of Write()
The details of the hole handling don't have to be in
Write, so move it away.
2016-10-25 22:37:45 +02:00
Jakob Unterwurzacher
6538dc15af fusefrontend: rename "createsHole" to clearer "createsCiphertextHole"
...and add comments for what is happening.
2016-10-25 21:19:37 +02:00
Jakob Unterwurzacher
aeda9721d0 Fix misspellings
Close https://github.com/rfjakob/gocryptfs/issues/54
2016-10-24 19:18:13 +02:00
Jakob Unterwurzacher
a74a7e7f54 configfile: add newline at the end
For convenience for the user, add a newline at the end.
Reported as #51 .
2016-10-21 08:43:39 +02:00
Jakob Unterwurzacher
589748548f tests: add 1980.tar.gz extract test
Test that we get the right timestamp when extracting a tarball.

Also simplify the workaround in doTestUtimesNano() and fix the
fact that it was running no test at all.
2016-10-19 22:25:54 +02:00