Commit Graph

419 Commits

Author SHA1 Message Date
leilaes
cc0a603ef8 Add CodeLingo Tenet to fix missing close file 2019-04-10 13:33:58 +02:00
Jakob Unterwurzacher
24036ab89f tests: speed up new tests a little
Before: ok  	github.com/rfjakob/gocryptfs/tests/matrix	18.560s
After:  ok  	github.com/rfjakob/gocryptfs/tests/matrix	13.425s
2019-04-08 20:34:24 +02:00
Jakob Unterwurzacher
d851cf8055 tests: add TestConcurrentReadCreate, move to new file
https://github.com/rfjakob/gocryptfs/issues/363
2019-04-08 20:27:13 +02:00
Jakob Unterwurzacher
d22ccf68b2 tests: add TestConcurrentReadWrite
Another attempt to find out what is going on behind
https://github.com/rfjakob/gocryptfs/issues/363
2019-04-08 20:27:13 +02:00
Jakob Unterwurzacher
311c34af4b tests: add additional TestWrite10Tight test
Try to find out what goes wrong in
https://github.com/rfjakob/gocryptfs/issues/363
2019-04-08 20:27:13 +02:00
Jakob Unterwurzacher
fe06e9f456 readpassword: delete CheckTrailingGarbage
CheckTrailingGarbage was called even when "-passfile" was
used, which is stupid, and causes false positives:

https://github.com/rfjakob/gocryptfs/issues/391
(false error "Received trailing garbage after the password"
when using -passfile in .bash_profile)

Instead of trying to improve the logic to handle that case
and make everything even more complicated, delete the function.

It is unclear if actually helps in some cases, and it definitely
harms as shown by the above bug report.
2019-04-08 20:18:45 +02:00
Jakob Unterwurzacher
8f2723b387 Allow "nofail" for /etc/fstab use 2019-03-31 14:33:02 +02:00
Jakob Unterwurzacher
ec17445b99 forward mode: create gocryptfs.diriv files with 0440 permissions
Makes it easier to share an encrypted folder via a network drive.

https://github.com/rfjakob/gocryptfs/issues/387
2019-03-30 20:06:40 +01:00
Eduardo M KALINOWSKI
3bc100aeb3 reverse mode: support wildcard exclude (--exclude-wildcard)
This adds support for gitignore-like wildcards and exclude patters in
reverse mode. It (somewhat) fixes #273: no regexp support, but the
syntax should be powerful enough to satisfy most needs.

Also, since adding a lot of --exclude options can be tedious, it adds
the --exclude-from option to read patterns from a file (or files).
2019-03-26 20:56:37 +01:00
Jakob Unterwurzacher
cd7a686211 tests: fix data race in TestDirIVRace
Ironically, the test for DirIV races had a data race itself
by writing to a bool without taking a lock.

Found by running "./test.bash -race":

WARNING: DATA RACE
Write at 0x00c00001dea5 by goroutine 22:
  github.com/rfjakob/gocryptfs/tests/defaults.TestDirIVRace.func1()
      /home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/defaults/diriv_test.go:39 +0x38
  github.com/rfjakob/gocryptfs/tests/defaults.TestDirIVRace()
      /home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/defaults/diriv_test.go:73 +0x65c
  testing.tRunner()
      /usr/local/go/src/testing/testing.go:865 +0x163

Previous read at 0x00c00001dea5 by goroutine 23:
  github.com/rfjakob/gocryptfs/tests/defaults.TestDirIVRace.func2()
      /home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/defaults/diriv_test.go:51 +0x8b

Goroutine 22 (running) created at:
  testing.(*T).Run()
      /usr/local/go/src/testing/testing.go:916 +0x699
  testing.runTests.func1()
      /usr/local/go/src/testing/testing.go:1157 +0xa8
  testing.tRunner()
      /usr/local/go/src/testing/testing.go:865 +0x163
  testing.runTests()
      /usr/local/go/src/testing/testing.go:1155 +0x523
  testing.(*M).Run()
      /usr/local/go/src/testing/testing.go:1072 +0x2eb
  github.com/rfjakob/gocryptfs/tests/defaults.TestMain()
      /home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/defaults/main_test.go:21 +0xe1
  main.main()
      _testmain.go:76 +0x222

Goroutine 23 (running) created at:
  github.com/rfjakob/gocryptfs/tests/defaults.TestDirIVRace()
      /home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/defaults/diriv_test.go:43 +0x48d
  testing.tRunner()
      /usr/local/go/src/testing/testing.go:865 +0x163
==================
--- FAIL: TestDirIVRace (0.00s)
    testing.go:809: race detected during execution of test
FAIL
2019-03-03 14:09:33 +01:00
Jakob Unterwurzacher
173218895c tests: fix compile error in matrix_test.go
Error was:

tests/matrix/matrix_test.go:101:9: no new variables on left side of :=
2019-02-17 17:25:41 +01:00
Jakob Unterwurzacher
179471b648 ParseHeader: print hexdump on error
Should help debugging https://github.com/rfjakob/gocryptfs/issues/363
2019-02-17 17:13:20 +01:00
Jakob Unterwurzacher
19cb6d046a nametransform: reject names longer than 255 chars
Looks like we allowed creating longer names by accident.
Fix that, and add a test that verifies it.
2019-02-17 17:05:05 +01:00
Jakob Unterwurzacher
26286a5f8c test: len2elen.sh: fix first line output 2019-02-17 16:06:05 +01:00
Jakob Unterwurzacher
fa98664d8a tests: add len2elen.sh
Check plaintext file name length -> encrypted file name length relation

Example output:

0 22
2 22
3 22
4 22
5 22
6 22
7 22
8 22
9 22
10 22
11 22
12 22
13 22
14 22
15 22
16 43
17 43
18 43
19 43
20 43
21 43
22 43
23 43
24 43
25 43
26 43
27 43
28 43
29 43
30 43
31 43
32 64
33 64
34 64
35 64
36 64
37 64
38 64
39 64
40 64
41 64
42 64
43 64
44 64
45 64
46 64
47 64
48 86
49 86
50 86
51 86
52 86
53 86
54 86
55 86
56 86
57 86
58 86
59 86
60 86
61 86
62 86
63 86
64 107
65 107
66 107
67 107
68 107
69 107
70 107
71 107
72 107
73 107
74 107
75 107
76 107
77 107
78 107
79 107
80 128
81 128
82 128
83 128
84 128
85 128
86 128
87 128
88 128
89 128
90 128
91 128
92 128
93 128
94 128
95 128
96 150
97 150
98 150
99 150
100 150
101 150
102 150
103 150
104 150
105 150
106 150
107 150
108 150
109 150
110 150
111 150
112 171
113 171
114 171
115 171
116 171
117 171
118 171
119 171
120 171
121 171
122 171
123 171
124 171
125 171
126 171
127 171
128 192
129 192
130 192
131 192
132 192
133 192
134 192
135 192
136 192
137 192
138 192
139 192
140 192
141 192
142 192
143 192
144 214
145 214
146 214
147 214
148 214
149 214
150 214
151 214
152 214
153 214
154 214
155 214
156 214
157 214
158 214
159 214
160 235
161 235
162 235
163 235
164 235
165 235
166 235
167 235
168 235
169 235
170 235
171 235
172 235
173 235
174 235
175 235
176 67
177 67
178 67
179 67
180 67
181 67
182 67
183 67
184 67
185 67
186 67
187 67
188 67
189 67
190 67
191 67
192 67
193 67
194 67
195 67
196 67
197 67
198 67
199 67
200 67
201 67
202 67
203 67
204 67
205 67
206 67
207 67
208 67
209 67
210 67
211 67
212 67
213 67
214 67
215 67
216 67
217 67
218 67
219 67
220 67
221 67
222 67
223 67
224 67
225 67
226 67
227 67
228 67
229 67
230 67
231 67
232 67
233 67
234 67
235 67
236 67
237 67
238 67
239 67
240 67
241 67
242 67
243 67
244 67
245 67
246 67
247 67
248 67
249 67
250 67
251 67
252 67
253 67
254 67
255 67
2019-02-17 16:03:43 +01:00
Jakob Unterwurzacher
5826ff8c9c tests: parallel_cp.sh: automount fs
Teach the script to automatically mount and unmount.
2019-02-17 16:02:30 +01:00
Jakob Unterwurzacher
b86cc3304f tests: simplify parallel_cp.sh
Get rid of one extra directory level. Hopefully makes it
easier to follow the debug logs.
2019-01-23 22:14:31 +01:00
Jakob Unterwurzacher
da3ba5e7f5 tests: darwin: ignore error in TestMvWarningSymlink
https://github.com/rfjakob/gocryptfs/issues/349
2019-01-20 17:20:30 +01:00
Jakob Unterwurzacher
ec4c9f2adb tests: check that we can delete directories with all permission
Regression test for https://github.com/rfjakob/gocryptfs/issues/354
2019-01-20 14:32:59 +01:00
Jakob Unterwurzacher
fab585ec01 tests: matrix: split out directory tests into their own file
matrix_test.go is already too big.
2019-01-20 13:41:20 +01:00
Jakob Unterwurzacher
3d6b2685fb Revert "syscallcompat: drop Faccessat AT_SYMLINK_NOFOLLOW helper"
Breaks mounting on MacOS: unix.Faccessat on Darwin does NOT (yet)
support AT_SYMLINK_NOFOLLOW. See d44fe89ba4 .

This reverts commit 0805a63df1.
2019-01-20 13:10:59 +01:00
Jakob Unterwurzacher
0805a63df1 syscallcompat: drop Faccessat AT_SYMLINK_NOFOLLOW helper
unix.Faccessat has added support for AT_SYMLINK_NOFOLLOW in July 2018,
bd9dbc187b (diff-341484dbbe3180cd7a31ef2ad2d679b6)
which means we no longer need our own helper.

Closes https://github.com/rfjakob/gocryptfs/issues/347
2019-01-20 12:59:59 +01:00
Sebastian Lackner
1d2ce9c213 tests: Increase timeout in Mount() function.
This avoids sporadic test failures on macOS.
2019-01-15 22:08:20 +01:00
Jakob Unterwurzacher
20140e24ed tests: reduce noise on MacOS
This should get rid of

    Openat: O_NOFOLLOW missing: flags = 0x0
    Fchmodat: adding missing AT_SYMLINK_NOFOLLOW flag
    sys_common_test.go:203: chmod on symlink should have failed, but did not. New mode=0333
    UnmountErr: "[...]/057376762.mnt" was not found in MountInfo, cannot check for FD leak

and add some context to

    --- FAIL: TestUtimesNano (0.00s)
    matrix_test.go:628: no such file or directory

See https://github.com/rfjakob/gocryptfs/pull/343#issuecomment-453888006
for full test output
2019-01-14 22:11:15 +01:00
Jakob Unterwurzacher
5c8e7feabd tests: check that fallocate does not over-allocate space
We currently allocate 18 bytes too much:
https://github.com/rfjakob/gocryptfs/issues/311
2019-01-06 20:56:53 +01:00
Jakob Unterwurzacher
c83aa417e4 tests: move fallocate tests to its own file
matrix_test.go is already too big.
2019-01-06 20:31:41 +01:00
Jakob Unterwurzacher
db425cab9e tests: TestFallocate: comment what "d" and "h" means
Document what "d" and "h" means in the fancy ASCII diagrams.
https://github.com/rfjakob/gocryptfs/pull/326
2019-01-06 12:49:27 +01:00
Jakob Unterwurzacher
fb705f9978 tests: add parallel_cp stress test
Modeled after xfstests generic/273
https://github.com/rfjakob/gocryptfs/issues/322
2019-01-05 18:20:04 +01:00
Sebastian Lackner
5055f39bd5 fusefrontend: Allow to set/remove xattr on directory without read permission.
Setting/removing extended attributes on directories was partially fixed with
commit eff35e60b6. However, on most file systems
it is also possible to do these operations without read access (see tests).

Since we cannot open a write-access fd to a directory, we have to use the
/proc/self/fd trick (already used for ListXAttr) for the other operations aswell.
For simplicity, let's separate the Linux and Darwin code again (basically revert
commit f320b76fd1), and always use the
/proc/self/fd trick on Linux. On Darwin we use the best-effort approach with
openBackingFile() as a fallback.

More discussion about the available options is available in
https://github.com/rfjakob/gocryptfs/issues/308.
2019-01-05 12:34:40 +01:00
Sebastian Lackner
f17721c364 A few more spelling fixes. 2019-01-05 12:27:55 +01:00
Jakob Unterwurzacher
65eded4a22 tests: bump maxCacheFds to 3
As the dirCache now has 3 entries, the tests should accept
up to 3 extra fds without declaring an fd leak.
2019-01-04 23:50:01 +01:00
Jakob Unterwurzacher
eff35e60b6 fusefrontend: fix setting xattrs on directories
Directories cannot be opened read-write. Retry with RDONLY.
2019-01-04 22:22:24 +01:00
Jakob Unterwurzacher
58f62ada46 tests: reverse: verify that longname .name files are exluded as well
Currently fails, will be fixed in the next commit.

https://github.com/rfjakob/gocryptfs/issues/286
2019-01-04 17:57:57 +01:00
Jakob Unterwurzacher
a2f83acc30 tests: fix VerifyExistence() helper, it missed unstat()able files
VerifyExistence missed unstat()able files in the directory listing
because ioutil.ReadDir() filtered them out.

https://github.com/rfjakob/gocryptfs/issues/285
2019-01-04 17:36:06 +01:00
Jakob Unterwurzacher
1c9fb707fe tests: overengineer extractloop_plot_csv.m a little
Plot iteration time on second y axis, adjust line styles
2019-01-03 18:24:14 +01:00
Sebastian Lackner
a1ba4b6576 Omit syscall.O_RDONLY flag when passing O_PATH.
When O_PATH is specified in flags, flag bits other than O_CLOEXEC, O_DIRECTORY,
and O_NOFOLLOW are ignored.
2019-01-03 18:24:05 +01:00
Jakob Unterwurzacher
71d07b7c73 tests: extractloop: renice to level 19
Run at low priority to not annoy the user too much.
2019-01-03 16:14:05 +01:00
Jakob Unterwurzacher
bb9884549b tests: allow one extra fd in fd leak detector (dirCache)
The gocryptfs process may keep one fd open for up to one second
in the dirCache.
2019-01-03 15:38:51 +01:00
Jakob Unterwurzacher
f6dad8d0fa nametransform: simplify WriteDirIV to WriteDirIVAt
Un-spaghettify the function and let the callers open
the directory.
2019-01-03 15:31:13 +01:00
Jakob Unterwurzacher
59f1300591 tests: retry longer when we see a fd leak
Hopefully gets rid of the false positives on travis.
2019-01-02 21:03:26 +01:00
Jakob Unterwurzacher
d269c28d16 tests: xattr: set on 0200 file, list on 0000 file
https://github.com/rfjakob/gocryptfs/issues/308
2019-01-02 20:45:55 +01:00
Jakob Unterwurzacher
55a27a47df tests: better error message for TestBase64XattrRead
Make clear what we have and what we want.
2019-01-02 16:55:51 +01:00
Jakob Unterwurzacher
772afa93f9 tests: add fd leak retry logic to UnmountErr, really return error
Give the gocryptfs process one extra millisecond to close
files. Allows us to drop several other sleeps.

UnmountErr now really returns an error when it detects an fd leak
instead of just printing a message.
2019-01-02 01:09:09 +01:00
Jakob Unterwurzacher
d5a74d2a3e tests: ListFds(): filter out pipe and eventpoll fds
These are created on demand by the Go runtime and are usually
not interesting.
2019-01-02 00:09:17 +01:00
Jakob Unterwurzacher
b1819143c5 tests: make MountInfo field accessible
Tests outside the test_helpers package may want to look
at this.
2019-01-02 00:09:17 +01:00
Jakob Unterwurzacher
035b3367b7 tests: reverse: add ctlsocket cleanup delay 2019-01-02 00:09:17 +01:00
Jakob Unterwurzacher
035834dd51 tests: ListFds: show r/w status
Also, drop entries that disappear while we stat them.
2019-01-01 22:27:40 +01:00
Jakob Unterwurzacher
e276e255dc tests: split mount_unmount.go from helpers.go
With the FD leak logic, the mount/unmount functions have
become complex enough to give them their own file.
2019-01-01 22:27:10 +01:00
Jakob Unterwurzacher
10de105c13 tests: detect fd leaks on unmount
For now, this only prints a message but does not fail the tests.
2019-01-01 22:01:49 +01:00
Jakob Unterwurzacher
887d5aa8e7 tests: teach ListFds() to check other processes 2019-01-01 20:05:38 +01:00
Jakob Unterwurzacher
817c485bb7 tests: save gocryptfs process id in test_helpers.MountPID
This will allow to tests to monitor fd usage and maybe other things.
2019-01-01 19:34:12 +01:00
Jakob Unterwurzacher
60e7a0ca9f fusefrontend: xattr: fix hang on FIFOs
An Open() a fifo blocks until it is opened for writing.
This meant that xattr operations on FIFOs would block.
Pass O_NONBLOCK to fix that, and add a test.
2019-01-01 16:24:25 +01:00
Jakob Unterwurzacher
2286372603 fusefrontend: make GetXAttr() symlink-safe on Linux
Uses the /proc/self/fd trick, which does not work
on Darwin.
2019-01-01 16:24:25 +01:00
Jakob Unterwurzacher
b97d7d1d33 tests: add Flistxattr/Fgetxattr/Fremovexattr tests
Test for the upcoming fd-based xattr support.
2019-01-01 16:24:25 +01:00
Jakob Unterwurzacher
ed6ed513d7 fusefrontend: make Access() symlink-safe.
Make Access() symlink-safe through use of faccessat.
2019-01-01 16:24:09 +01:00
Sebastian Lackner
874eaf9734 Assorted spelling fixes.
Mostly detected with the 'codespell' utility, but also includes some
manual grammar fixes.
2018-12-27 15:19:55 +01:00
Jakob Unterwurzacher
e537ecbe2e tests: fix golint error
Error was:

  tests/cli/cli_test.go:552: declaration of "err" shadows declaration at tests/cli/cli_test.go:544
2018-10-11 20:57:52 +02:00
Jakob Unterwurzacher
04241455a2 tests: add idle timeout test
Mount with idle timeout 10ms and check that the process exits by itself
within 5 seconds.
2018-10-11 20:43:28 +02:00
Jakob Unterwurzacher
4f2feb1be7 tests: catch "name too long" symlink failure on XFS
Retry with length 1000 if length 4000 fails, which
should work on all filesystems.

Failure was:

  --- FAIL: TestTooLongSymlink (0.00s)
      correctness_test.go:198: symlink xxx[...]xxxx /tmp/xfs.mnt/gocryptfs-test-parent/549823072/365091391/TooLongSymlink: file name too long

https://github.com/rfjakob/gocryptfs/issues/267
2018-10-10 22:40:55 +02:00
Jakob Unterwurzacher
5a1ebdb4f7 tests: respect TMPDIR if set
Setting TMPDIR now allows to run the tests against
a directory of your choice, making it easier to test
different filesystems.
2018-10-10 22:24:20 +02:00
Jakob Unterwurzacher
c270b21efc fusefrontend: get rid of os.File* wrapping
Directly use int file descriptors for the dirfd
and get rid of one level of indirection.
2018-09-23 12:17:26 +02:00
Jakob Unterwurzacher
05c8d4a1c4 tests: add symlink_race tool
Help uncover symlink races.
2018-09-23 12:17:26 +02:00
Jakob Unterwurzacher
9e6ee47bc9 tests: detect and report chmod failures earlier
Instead of reporting the consequence:

    matrix_test.go:906: modeHave 0664 != modeWant 0777

Report it if chmod itself fails, and also report the old file mode:

    matrix_test.go:901: chmod 000 -> 777 failed: bad file descriptor
2018-09-22 13:39:17 +02:00
Jakob Unterwurzacher
5ca6243eeb main: sanitize commas from fsname
The cipherdir path is used as the fsname, as displayed
in "df -T". Now, having a comma in fsname triggers a sanity check
in go-fuse, aborting the mount with:

  /bin/fusermount: mount failed: Invalid argument
  fuse.NewServer failed: fusermount exited with code 256

Sanitize fsname by replacing any commas with underscores.

https://github.com/rfjakob/gocryptfs/issues/262
2018-09-18 19:39:52 +02:00
Jakob Unterwurzacher
e8d8ae54d3 fusefrontend: use OpenDirNofollow in openBackingDir
Rename openBackingPath to openBackingDir and use OpenDirNofollow
to be safe against symlink races. Note that openBackingDir is
not used in several important code paths like Create().

But it is used in Unlink, and the performance impact in the RM benchmark
to be acceptable:

Before

	$ ./benchmark.bash
	Testing gocryptfs at /tmp/benchmark.bash.bYO: gocryptfs v1.6-12-g930c37e-dirty; go-fuse v20170619-49-gb11e293; 2018-09-08 go1.10.3
	WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 1.07979 s, 243 MB/s
	READ:  262144000 bytes (262 MB, 250 MiB) copied, 0.882413 s, 297 MB/s
	UNTAR: 16.703
	MD5:   7.606
	LS:    1.349
	RM:    3.237

After

	$ ./benchmark.bash
	Testing gocryptfs at /tmp/benchmark.bash.jK3: gocryptfs v1.6-13-g84d6faf-dirty; go-fuse v20170619-49-gb11e293; 2018-09-08 go1.10.3
	WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 1.06261 s, 247 MB/s
	READ:  262144000 bytes (262 MB, 250 MiB) copied, 0.947228 s, 277 MB/s
	UNTAR: 17.197
	MD5:   7.540
	LS:    1.364
	RM:    3.410
2018-09-08 19:27:33 +02:00
Jakob Unterwurzacher
84d6fafeca tests: restore Go 1.7 compatibility
Go 1.7 does not have t.Name() yet.
2018-09-08 18:19:53 +02:00
Jakob Unterwurzacher
930c37e03d syscallcompat: use O_PATH in OpenDirNofollow
This fixes the "0100 directory" problem in reverse mode,
and should be slightly faster.
2018-09-08 18:06:33 +02:00
Jakob Unterwurzacher
bc14f8dcb6 tests: add chmod test
Makes sure we don't add regressions when fixing
https://github.com/rfjakob/gocryptfs/issues/259
2018-09-08 17:00:23 +02:00
Jakob Unterwurzacher
21b5fae0e6 tests: restore TestUtimesNanoSymlink
The function seems to have been renamed by 426b9536 by mistake.
Rename it back so the test is run again.
2018-09-08 16:36:01 +02:00
Jakob Unterwurzacher
ca24c20694 main: don't read the config file twice (fix pipe bug)
Instead, first Load() the file, then DecryptMasterKey().

Fixes https://github.com/rfjakob/gocryptfs/issues/258
2018-09-08 13:04:33 +02:00
Jakob Unterwurzacher
2bdf7d5172 configfile: add LoadAndDecrypt wrapper
Callers that do not want to decrypt the masterkey should
call plain Load().

https://github.com/rfjakob/gocryptfs/issues/258
2018-09-08 12:40:29 +02:00
Jakob Unterwurzacher
5acfbc1b2f main: add -e as an alias for -exclude 2018-08-15 13:12:13 +02:00
Jakob Unterwurzacher
ec2fdc19cf reverse mode: add --exclude option
https://github.com/rfjakob/gocryptfs/issues/235
2018-08-11 23:26:49 +02:00
Jakob Unterwurzacher
06f1ea951b tests: VerifyExistence: panic on inconsistent results
In the past we did not check whether all methods of checking
the file return the same result. We should.
2018-08-11 22:37:22 +02:00
Jakob Unterwurzacher
2d68b06f9d fsck: handle sparse files efficiently, fix xfstests generic/285
If we encounter a 128KB block of zeros, try to skip to the next
data section by calling File.SeekData().

This fixes xfstests generic/285, which creates a 17TB sparse file,
and runs fsck afterwards. Without this optimization, fsck would
take ages.
2018-07-01 21:48:51 +02:00
Jakob Unterwurzacher
9a15dfa494 trezor: add TrezorPayload
TrezorPayload stores 32 random bytes used for unlocking
the master key using a Trezor security module. The randomness makes sure
that a unique unlock value is used for each gocryptfs filesystem.
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
91de77943f configfile: reduce function name stutter
configfile.LoadConfFile()   -> configfile.Load()
configfile.CreateConfFile() -> configfile.Create()
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
8e5ca7299a trezor: exit with usage error if used together with -extpass
Using an external program for the Trezor PIN is not supported
at the moment.
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
4bf02f4760 trezor: add basic "-init -trezor" test
Verify that the Trezor feature flag is set after "-init -trezor".
2018-07-01 20:56:09 +02:00
Jakob Unterwurzacher
c6f6e8ec4d trezor: add skeleton for Trezor support
readpassword.Trezor() is not implemented yet and returns
a hardcoded dummy key.
2018-07-01 20:56:04 +02:00
Jakob Unterwurzacher
53d6a9999d main: accept -dev, -nodev, -suid, -nosuid, -exec, -noexec
When mounted via /etc/fstab like this,

  /a /b fuse.gocryptfs default 0 0

we always get extra options passed. As reported by @mahkoh
at https://github.com/rfjakob/gocryptfs/pull/233 :

  mount passes `-o noexec` if `-o user` is set and `-o exec` is not set.
  If both `-o user` and `-o exec` are set, it passes `-o exec`.

Make these options work, and in addtion, also make -suid and -rw
work the same way.

Reported-by: @mahkoh
2018-06-07 22:50:30 +02:00
Jakob Unterwurzacher
e29a81efc3 main: make prefixOArgs errors testable
By returning an error instead of calling os.Exit,
error cases can be tested easily. Error cases
were not tested until now.
2018-06-05 21:02:35 +02:00
Jakob Unterwurzacher
ae02ca1ded xattr: use LGet/LSet etc
Support has been merged into the xattr package
( https://github.com/pkg/xattr/pull/29 ), use it.
2018-05-27 20:09:48 +02:00
Jakob Unterwurzacher
44caf21deb tests: add "mv broken symlink" test
This currently fails because we do not use llistxattr
yet.
2018-05-17 23:14:33 +02:00
Jakob Unterwurzacher
7b00681807 xattr: return EOPNOTSUPP for unsupported attributes
mv is unhappy when we return EPERM when it tries to set
system.posix_acl_access:

   mv: preserving permissions for ‘b/x’: Operation not permitted

Now we return EOPNOTSUPP like tmpfs does and mv seems happy.
2018-05-15 23:00:47 +02:00
Jakob Unterwurzacher
f7a6f4d468 fsck: update testcases with binary xattrs 2018-05-10 23:26:00 +02:00
Bolshevik
a41ec2028c xattr: optimize storage, store as binary instead of bae64
Values a binary-safe, there is no need to base64-encode them.

Old, base64-encoded values are supported transparently
on reading. Writing xattr values now always writes them binary.
2018-05-10 23:25:49 +02:00
Jakob Unterwurzacher
fc8fca04a8 tests: example_filesystems: create a private copy in /tmp
The tests write to the example_filesystems folder, which
1) May leave your source tree in a modified state
2) Triggers test failures when the fsck tests run concurrently,
   which happens on Travis CI every now and then.

Fix both problem by copying the example_filesystems folder
to a private location in /tmp.
2018-05-04 22:27:59 +02:00
Jakob Unterwurzacher
996d2f141b tests: helpers: fix a few error reports
These were using stale err values.
2018-04-27 20:19:51 +02:00
Jakob Unterwurzacher
bcc8378a2c Fix the easy golint warnings
Reported by https://goreportcard.com/report/github.com/rfjakob/gocryptfs
2018-04-08 20:26:25 +02:00
Jakob Unterwurzacher
cab0cda449 tests: retry umount
Gnome may still have files open causing spurious test
failures.
2018-04-08 20:09:05 +02:00
Jakob Unterwurzacher
9d7392a5be tests: cli_test: fix fd leak
One fd leak found in TestMountBackground.
2018-04-07 15:46:41 +02:00
Jakob Unterwurzacher
22031d7e53 tests: matrix: check for fd leaks
And fix two in test_helpers.Mount().

Leftover fds can cause an unmount failure like this later:
fusermount: failed to unmount /tmp/gocryptfs-test-parent/873632270/default-plain: Device or resource busy
so try to catch them early.
2018-04-07 15:24:00 +02:00
Jakob Unterwurzacher
8b443c8484 fsck: add xattr support
With testcases.
2018-04-02 20:25:59 +02:00
Jakob Unterwurzacher
a0fd3eca98 fsck: test against example_filesystems 2018-04-02 18:43:50 +02:00
Jakob Unterwurzacher
b6c8960b01 fsck: clean up log output
Make sure we get only 1 warning output per
problem.

Also, add new corruption types to broken_fs_v1.4.
2018-04-02 18:32:30 +02:00
Jakob Unterwurzacher
f28d85fad5 fsck: add initial implementation
Most corruption cases except xattr should be covered.
With test filesystem.

The output is still pretty ugly. xattr support will
be added in the next commits.
2018-04-02 16:38:18 +02:00
Jakob Unterwurzacher
6e637f38ff tests: add a few explicit file Close() in matrix_test
These can cause EBUSY errors when unmounting.
2018-04-01 14:51:07 +02:00
Jakob Unterwurzacher
8fcd39a3b0 main: add "-fsck" flag
The fsck operation is not yet implemented, this commits
just adds the flag and improves cli flag handling.
2018-04-01 14:25:10 +02:00
Jakob Unterwurzacher
1a3d04ab87 Switch from private copy to pkg/xattr
Now that https://github.com/pkg/xattr/pull/24
has been merged there is no reason to keep
our private copy.

Switch to the upstream version.
2018-03-28 19:19:58 +02:00
Jakob Unterwurzacher
b1f362d28a tests: replace xattr.Supported
This function has been deprecated by the pkg/xattr
upstream, so write our own.
2018-03-26 21:54:17 +02:00
Jakob Unterwurzacher
db778aae7d fusefrontend: handle empty xattrs efficiently
We handle empty files by storing an actual empty file
on disk. Handle xattrs similarily and encrypt the
empty value to the empty value.
2018-03-25 21:06:10 +02:00
Jakob Unterwurzacher
1ed3d51df1 fusefrontend: add xattr support
At the moment, only for reverse mode.

https://github.com/rfjakob/gocryptfs/issues/217
2018-03-25 21:06:10 +02:00
Jakob Unterwurzacher
f20974c4da test_helpers: add SwitchTestParentDir
SwitchTestParentDir changes testParentDir. This is used when you want
to perform tests on a special filesystem. For example, the xattr tests
cannot run on tmpfs and use /var/tmp instead of /tmp.
2018-03-24 21:40:11 +01:00
Jakob Unterwurzacher
9bc039a4ba Add -masterkey=stdin functionality
https://github.com/rfjakob/gocryptfs/issues/218
2018-03-22 00:02:10 +01:00
Jakob Unterwurzacher
4b75b578a2 tests: extractloop.sh: better cleanup logic, handle missing /proc
macos does not have /proc, so don't try to read it.
2018-03-13 22:41:26 +01:00
Jakob Unterwurzacher
e46f6b940f tests: extractloop.sh: don't abort if md5sum is missing
MacOS does not have it installed by default.
2018-03-13 22:16:15 +01:00
Jakob Unterwurzacher
8373410678 macos: extractloop.sh: exclude symlink & mute ln error message
Extracting the symlink fails with

	linux-3.0/arch/microblaze/boot/dts/system.dts: Can't set permissions to 0755

so just exclude it.

The ln error Looks scary but is harmless, so get rid of it.
The symlink is only created to make it more convenient to view the
csv log.
2018-03-07 21:36:52 +01:00
Jakob Unterwurzacher
51de6cd940 macos: tests: make extractloop.bash work on macos
macos' bash and ln lack a few features we used.
2018-03-07 20:37:10 +01:00
Jakob Unterwurzacher
02693912e5 tests: convert remaining wget calls to dl-linux-tarball.bash helper
Makes the scripts work when wget is not available (macos)
2018-03-07 09:45:20 +01:00
Jakob Unterwurzacher
d09a51b80a macos: tests: use curl of wget is not available 2018-03-07 09:40:48 +01:00
Jakob Unterwurzacher
98f735ff6e tests: drop "-z" from fusermount to catch forgotten fds
macos does not have lazy unmount, so let's not use it
on linux either.
If the unmount fails, run "lsof" to find the open file.

Also fix the first bug we found this way.
2018-03-06 21:28:09 +01:00
Jakob Unterwurzacher
18d4159d18 macos: fix fd leak in reverse tests
Causes "Resource busy" unmount failures on macos
2018-03-05 23:21:08 +01:00
Jakob Unterwurzacher
1789a5ea5b tests: matrix_test: skip cases when without_openssl is set
Fixes test-without-openssl.bash.
2018-03-05 23:11:27 +01:00
Jakob Unterwurzacher
35192abb57 test_helpers: add missing newline 2018-03-05 23:06:27 +01:00
Jakob Unterwurzacher
870779ab1d macos: doTestUtimesNano: skip UTIME_OMIT and nanoseconds testcases
Not supported on macos.

Beef up the first test case a little by using different second
values.
2018-03-05 22:52:05 +01:00
Jakob Unterwurzacher
426b9536df tests: TestUtimesNano: replace ugly compareUtimes wrapper 2018-03-05 22:22:35 +01:00
Jakob Unterwurzacher
3064d72b97 tests: fix a few fd leaks
We relied on the finalizer to close a few fds.
For some reason, this did not cause problems on Linux,
but on MacOS, it causes unmount failures:

umount(/private/tmp/gocryptfs-test-parent/194654785/default-plain): Resource busy -- try 'diskutil unmount'
2018-03-05 22:00:59 +01:00
Jakob Unterwurzacher
aa65091bb9 macos: skip TestUtimesNanoSymlink early
Gets rid of the touch error message upon running the tests.
2018-03-05 21:36:16 +01:00
Jakob Unterwurzacher
b820fa691d macos: adjust TestTooLongSymlink length for darwin
Limit is much lower than on linux
2018-03-05 21:23:57 +01:00
Jakob Unterwurzacher
29496baa70 MacOS: skip TestUtimesNanoSymlink and TestUtimesNanoFd
These cannot work on MacOS.
2018-02-28 20:48:33 +01:00
Jakob Unterwurzacher
48d5f10c79 test_helpers: use an intermediate pipe for subprocess stdout
To Go test logic waits for stderr and stdout to close, so
when we share it with a subprocess, it will wait for it to
exit as well.

We don't want the tests to hang when the unmount fails.

Seen on MacOS as reported at
https://github.com/rfjakob/gocryptfs/issues/213
2018-02-28 20:03:54 +01:00
Jakob Unterwurzacher
3b8f5cbb17 readpassword: convert from string to []byte
This will allows us to overwrite the password
with zeros once we are done with it.

https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18 14:26:54 +01:00
Jakob Unterwurzacher
991708af01 Documentation: add extractloop example output 2018-01-21 20:04:37 +01:00
Jakob Unterwurzacher
8951eb2472 fusefronted: add PlaintextNames special-cases for Create & Rename
gocryptfs.longname.XXX files were considered magic in PlaintextNames
mode, which was wrong.

Fix that and add tests.

Fixes https://github.com/rfjakob/gocryptfs/issues/174
2018-01-17 00:25:36 +01:00
Sebastian Lackner
a24342f656 fusefrontend: Handle PlaintextNames mode in Link
In PlaintextNames mode the "gocryptfs.longname." prefix does not have any
special meaning.

https://github.com/rfjakob/gocryptfs/issues/174
2017-12-25 15:07:37 +01:00
Jakob Unterwurzacher
87736eb833 fusefrontend_reverse: secure Access against symlink races (somewhat)
Unfortunately, faccessat in Linux ignores AT_SYMLINK_NOFOLLOW,
so this is not completely atomic.

Given that the information you get from access is not very
interesting, it seems good enough.

https://github.com/rfjakob/gocryptfs/issues/165
2017-12-07 00:11:35 +01:00
Jakob Unterwurzacher
6bd2da89d3 tets_helpers: handle t=nil in InitFS
The reverse tests call InitFS with t=nil. By
calling panic we get a better error message instead
of a generic nil pointer dereference.
2017-12-06 23:03:37 +01:00
Sebastian Lackner
614745ee57 fusefrontend: allow_other: close race between mkdir and chown
Fixes the same problem as described in 72b975867a,
except for directories instead of device nodes.
2017-11-29 13:28:04 +01:00
Sebastian Lackner
2591900b69 fusefrontend: Handle PlaintextNames mode in Unlink
In PlaintextNames mode the "gocryptfs.longname." prefix does not have any
special meaning. We should not attempt to delete any .name files.

Partially fixes https://github.com/rfjakob/gocryptfs/issues/174
2017-11-28 09:28:06 +01:00
Sebastian Lackner
3f68b0c09a fusefrontend: Handle PlaintextNames mode in Mknod
In PlaintextNames mode the "gocryptfs.longname." prefix does not have any
special meaning. We should not attempt to read the directory IV or to
create special .name files.

Partially fixes https://github.com/rfjakob/gocryptfs/issues/174
2017-11-28 09:28:06 +01:00
Jakob Unterwurzacher
72b975867a fusefronted: allow_other: close race between mknod and chown
If the user manages to replace the directory with
a symlink at just the right time, we could be tricked
into chown'ing the wrong file.

This change fixes the race by using fchownat, which
unfortunately is not available on darwin, hence a compat
wrapper is added.

Scenario, as described by @slackner at
https://github.com/rfjakob/gocryptfs/issues/177 :

1. Create a forward mount point with `plaintextnames` enabled
2. Mount as root user with `allow_other`
3. For testing purposes create a file `/tmp/file_owned_by_root`
   which is owned by the root user
4. As a regular user run inside of the GoCryptFS mount:

```
mkdir tempdir
mknod tempdir/file_owned_by_root p &
mv tempdir tempdir2
ln -s /tmp tempdir
```

When the steps are done fast enough and in the right order
(run in a loop!), the device file will be created in
`tempdir`, but the `lchown` will be executed by following
the symlink. As a result, the ownership of the file located
at `/tmp/file_owned_by_root` will be changed.
2017-11-27 21:04:45 +01:00
Jakob Unterwurzacher
1bb47b6796 reverse: reject too-long symlink target reads with ENAMETOOLONG
If the symlink target gets too long due to base64 encoding, we should
return ENAMETOOLONG instead of having the kernel reject the data and
returning an I/O error to the user.

Fixes https://github.com/rfjakob/gocryptfs/issues/167
2017-11-26 21:37:12 +01:00
Sebastian Lackner
90687215a4 fusefrontend_reverse: Do not mix up cache information for different directories
Fixes https://github.com/rfjakob/gocryptfs/issues/168

Steps to reproduce the problem:

* Create a regular reverse mount point
* Create files with the same very long name in multiple directories - so far
  everything works as expected, and it will appear with a different name each
  time, for example, gocryptfs.longname.A in directory A and
  gocryptfs.longname.B in directory B
* Try to access a path with A/gocryptfs.longname.B or B/gocryptfs.longname.A -
  this should fail, but it actually works.

The problem is that the longname cache only uses the path as key and not the
dir or divIV. Assume an attacker can directly interact with a reverse mount and
knows the relation longname path -> unencoded path in one directory, it allows
to test if the same unencoded filename appears in any other directory.
2017-11-25 16:20:48 +01:00
Sebastian Lackner
9f56b33e0c fusefrontend: Fix longname handling for renames with existing target
Fixes https://github.com/rfjakob/gocryptfs/issues/170

Steps to reproduce the problem:

* Create a regular forward mount point
* Create a file with a shortname and one with a long filename
* Try to run 'mv <shortname> <longname>'

This should actually work and replace the existing file, but instead it
fails with:

    mv: cannot move '<shortname>' to '<longname>': File exists

The problem is the creation of the .name file. If the target already exists
we can safely ignore the EEXIST error and just keep the existing .name file.
2017-11-25 16:19:09 +01:00
Sebastian Lackner
d257bb34c1 tests: Add test for access to encrypted version of '.' and '..'
To show that https://github.com/rfjakob/gocryptfs/issues/163 has been fixed.
2017-11-23 08:48:00 +01:00
Sebastian Lackner
f3c777d5ea main: Add '-devrandom' commandline option
Allows to use /dev/random for generating the master key instead of the
default Go implementation. When the kernel random generator has been
properly initialized both are considered equally secure, however:

* Versions of Go prior to 1.9 just fall back to /dev/urandom if the
  getrandom() syscall would be blocking (Go Bug #19274)

* Kernel versions prior to 3.17 do not support getrandom(), and there
  is no check if the random generator has been properly initialized
  before reading from /dev/urandom

This is especially useful for embedded hardware with low-entroy. Please
note that generation of the master key might block indefinitely if the
kernel cannot harvest enough entropy.
2017-11-21 23:37:06 +01:00
Jakob Unterwurzacher
64e5906ffa fusefrontend_reverse: workaround ext4 test failure
The extended TestLongnameStat() exposes a pathological case
when run on ext4, as ext4 reuses inode numbers immediately.

This change modifies the test to not delete the files immediately,
so the inode numbers cannot be reused immediately.

Fix for the underlying issue is a TODO.
2017-10-03 21:15:17 +02:00
Jakob Unterwurzacher
4da245c69d fusefrontend_reverse: fix 176-byte names
A file with a name of exactly 176 bytes length caused this error:

  ls: cannot access ./tmp/dsg/sXSGJLTuZuW1FarwIkJs0w/b6mGjdxIRpaeanTo0rbh0A/QjMRrQZC_4WLhmHI1UOBcA/gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY: No such file or directory
  ls: cannot access ./tmp/dsg/sXSGJLTuZuW1FarwIkJs0w/b6mGjdxIRpaeanTo0rbh0A/QjMRrQZC_4WLhmHI1UOBcA/gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY.name: No such file or directory
  -????????? ? ?     ?             ?            ? gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY
  -????????? ? ?     ?             ?            ? gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY.name

Root cause was a wrong shortNameMax constant that failed to
account for the obligatory padding byte.

Fix the constant and also expand the TestLongnameStat test case
to test ALL file name lengths from 1-255 bytes.

Fixes https://github.com/rfjakob/gocryptfs/issues/143 .
2017-10-01 13:50:25 +02:00
Jakob Unterwurzacher
f59479736b tests: add diriv cache race test
Passes.
2017-08-10 21:01:19 +02:00
Jakob Unterwurzacher
d5133ca5ac fusefrontend_reverse: return ENOENT for undecryptable names
This was working until DecryptName switched to returning
EBADMSG instead of EINVAL.

Add a test to catch the regression next time.
2017-07-27 20:31:22 +02:00
Jakob Unterwurzacher
318c41827c tests: check if we close stderr and stdout correctly on mount
Currently fails, as reported at
https://github.com/rfjakob/gocryptfs/issues/130 .
2017-07-24 00:05:29 +02:00
Jakob Unterwurzacher
74e58ae8e6 tests: fsstress-gocryptfs.bash: sync up with EncFS
I have added a subset of fsstress-gocryptfs.bash to EncFS as
fsstress-encfs.sh, improving the code a bit.

This change forward-ports these improvements to
fsstress-gocryptfs.bash.
2017-07-21 23:34:44 +02:00
Jakob Unterwurzacher
3062de6187 fusefronted: enable writing to write-only files
Due to RMW, we always need read permissions on the backing file. This is a
problem if the file permissions do not allow reading (i.e. 0200 permissions).
This patch works around that problem by chmod'ing the file, obtaining a fd,
and chmod'ing it back.

Test included.

Issue reported at: https://github.com/rfjakob/gocryptfs/issues/125
2017-07-11 23:19:58 +02:00
Jakob Unterwurzacher
c12a50d4c8 benchmarks: add streaming read benchmark 2017-06-27 00:04:58 +02:00
Jakob Unterwurzacher
f44902aaae Fix two comments
One out-of-date and the other with a typo.
2017-06-01 18:53:57 +02:00
Jakob Unterwurzacher
e43eb36da3 tests: add v1.3-reverse example filesystem
We check the md5 sum of the encrypted version of a file to make sure we don't
accidentially change the ciphertext generation.
2017-05-30 17:04:46 +02:00
Jakob Unterwurzacher
18f354d84b main: password change: exit with code 12 on wrong password
We used to return code 8, now we return code 12 as documented in
the man page.

Also adds a test.
2017-05-14 13:14:00 +02:00
Jakob Unterwurzacher
d5adde1eeb exitcodes: pull all exit code definitions into the package
This commit defines all exit codes in one place in the exitcodes
package.

Also, it adds a test to verify the exit code on incorrect
password, which is what SiriKali cares about the most.

Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
2017-05-07 22:16:22 +02:00
Jakob Unterwurzacher
ad7942f434 fusefrontend: implement path decryption via ctlsock
Closes https://github.com/rfjakob/gocryptfs/issues/84 .
2017-05-07 21:01:39 +02:00
Jakob Unterwurzacher
68387b470c Fix typos found by Misspell
Misspell Finds commonly misspelled English words
gocryptfs/internal/configfile/scrypt.go
Line 41: warning: "paramter" is a misspelling of "parameter" (misspell)
gocryptfs/internal/ctlsock/ctlsock_serve.go
Line 1: warning: "implementes" is a misspelling of "implements" (misspell)
gocryptfs/tests/test_helpers/helpers.go
Line 27: warning: "compatability" is a misspelling of "compatibility" (misspell)
2017-05-07 12:22:15 +02:00
Jakob Unterwurzacher
daada9d7c6 tests: support encfs in the fsstress script
May be helpful for https://github.com/vgough/encfs/issues/214 .
2017-05-01 23:50:49 +02:00
Jakob Unterwurzacher
9768376bd1 tests: add TestXfs124
This test reproduces the problem xfstests generic/124 uncovered.
The warning itself is harmless, but we should either (1) add locking
so that this cannot happen anymore or (2) drop the warning.

Currently fails:

$ go test -v
=== RUN   Test1980Tar
--- PASS: Test1980Tar (0.00s)
=== RUN   TestCtlSock
--- PASS: TestCtlSock (0.10s)
=== RUN   TestOpenTruncateRead
--- PASS: TestOpenTruncateRead (0.00s)
=== RUN   TestWORead
--- PASS: TestWORead (0.00s)
=== RUN   TestXfs124
cipherSize 18 == header size: interrupted write?
-wpanic turns this warning into a panic: cipherSize 18 == header size: interrupted write?
2017-05-01 18:44:03 +02:00
Jakob Unterwurzacher
9ab11aa4d7 fusefrontend: drop writeOnly flag
We do not have to track the writeOnly status because the kernel
will not forward read requests on a write-only FD to us anyway.

I have verified this behavoir manually on a 4.10.8 kernel and also
added a testcase.
2017-05-01 17:49:37 +02:00
Jakob Unterwurzacher
f1dbd19fe9 tests: add hkdf_sanity tests with broken example filesystem
These are deliberately corrupt.
2017-03-18 16:48:58 +01:00
Jakob Unterwurzacher
61502f9b94 benchmark: add md5sum read performance benchmark 2017-03-18 16:23:33 +01:00
Jakob Unterwurzacher
efc88346be cli: enable "-raw64" by default
This brings the CLI options back in sync with the default
feature flags.
2017-03-07 20:56:50 +01:00
Jakob Unterwurzacher
f1244b6d06 tests: recreate v1.3 example filesystem
The filesystem was created with a gocryptfs version that ignored
the HKDF flag (hence everything was actually encrypted WITHOUT hkdf).

Fix it by recreating it.
2017-03-07 20:56:50 +01:00
Jakob Unterwurzacher
2362e67a9e cli: add "-hkdf" option
This commit also enables actually passing the HKDF setting to
fusefrontend, this was missing till now.
2017-03-07 20:56:50 +01:00
Jakob Unterwurzacher
a80d798c2d tests: reverse: don't run tests that ignore "-plaintextnames" twice
TestMain() runs all tests twice, once with plaintextnames=true and once
with false. Several tests mount their own filesystem and ignore the
plaintextnames variable. It makes no sense to run them twice, so
skip execution when plaintextnames is set.
2017-03-07 20:53:58 +01:00
M. Vefa Bicakci
d48ccb3dda Report correct symbolic link dentry sizes
Prior to this commit, gocryptfs's reverse mode did not report correct
directory entry sizes for symbolic links, where the dentry size needs to
be the same as the length of a string containing the target path.

This commit corrects this issue and adds a test case to verify the
correctness of the implementation.

This issue was discovered during the use of a strict file copying program
on a reverse-mounted gocryptfs file system.
2017-03-07 20:46:58 +01:00
Jakob Unterwurzacher
b7538fc026 tests: add v1.3 example filesystem
This filesystem has both HKDF and Raw64 enabled.
2017-03-05 23:07:52 +01:00
Jakob Unterwurzacher
966308eeb7 Drop Go 1.4 compatability code everywhere
Yields a nice reduction in code size.
2017-03-05 17:44:14 +01:00
Jakob Unterwurzacher
b2f154a9a9 tests: stop calling t.Fatal from example_test_helpers
Calling t.Fatal immeadiately aborts the test, which means the
filesystem will not get unmounted, which means test.bash will
hang.
2017-03-05 13:39:25 +01:00
Jakob Unterwurzacher
d2c0fae4f6 tests: somewhat support testing without openssl
You will still get lots of test error, but at least the tests
will run.
2017-02-26 19:53:29 +01:00
Jakob Unterwurzacher
b056776a01 tests: adapt dir overwrite test for Go 1.8
In Go 1.8, os.Rename refuses to overwrite an empty directory.
Switch to syscall.Rename, which still does the right thing.
2017-02-20 21:27:37 +01:00
Jakob Unterwurzacher
e406eb22ba Get rid of remaining $GOPATH dependencies 2017-02-20 21:26:42 +01:00
Jakob Unterwurzacher
62e7eb7d04 tests: reverse: check Access() call 2017-02-16 21:20:29 +01:00
Jakob Unterwurzacher
0b19e637c9 tests: OSX compat: wrap Stat_t atime extract
Linux has st.Atim, st.Mtim,
OSX hat st.Atimespec, st.Mtimespec.

Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16 19:39:56 +01:00
Jakob Unterwurzacher
e5bee6a6aa tests: OSX compat: use OSX-style "stat -f"
Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16 19:10:36 +01:00
Jakob Unterwurzacher
9f6841373d benchmarks: OSX compat: replace /usr/bin/time with bash builtin
On OSX, /usr/bin/time does not support "-f".

Reported in https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217 .
2017-02-16 19:01:24 +01:00
Jakob Unterwurzacher
ca5c06ef4e tests: get rid of syscall.PathMax
Does not exist on OSX

Reported in https://github.com/rfjakob/gocryptfs/issues/15
2017-02-16 18:47:04 +01:00
Jakob Unterwurzacher
6ac9dcaae0 tests: use fuse-unmount.bash
...instead of having separate compatability logic.
2017-02-15 23:13:33 +01:00
Jakob Unterwurzacher
ce2e610428 OSX compat: replace fusermount calls with fuse-unmount.bash
Mac OS X does not have fusermount and uses umount instead.
The fuse-unmount.bash calls the appropriate command.
2017-02-15 23:02:01 +01:00
Jakob Unterwurzacher
8adfbf2dc3 Check for trailing garbage after the password
From the comment:

// CheckTrailingGarbage tries to read one byte from stdin and exits with a
// fatal error if the read returns any data.
// This is meant to be called after reading the password, when there is no more
// data expected. This helps to catch problems with third-party tools that
// interface with gocryptfs.
2017-02-12 17:59:09 +01:00
Jakob Unterwurzacher
357307cbcf tests: ctlsock: check warning for non-canonical paths 2017-02-12 12:22:25 +01:00
Jakob Unterwurzacher
d2224aec58 tests: add TestLongLink (currently broken) 2017-01-26 20:49:35 +01:00
Jakob Unterwurzacher
94b66ee1b2 tests: only check the size in dl-linux-tarball.bash
Getting rid of the MD5 calculation makes calling the script
virtually free, where it took 0.2 seconds before.
2017-01-03 14:33:55 +01:00
Jakob Unterwurzacher
53555fec1c tests: factor out dl-linux-tarball.bash
This will be also used by the reverse benchmarks.
2017-01-03 14:17:42 +01:00
Jakob Unterwurzacher
2bacbdf99d benchmark.bash: OSX dd does not support "K" postfix 2016-12-13 22:13:12 +01:00
Jakob Unterwurzacher
2758c75cae ctlsock: sanitize paths before passing them to the backend
You used to be able to crash gocryptfs by passing "/foo"
of "foo/" to the ctlsock.

Fixes https://github.com/rfjakob/gocryptfs/issues/66
2016-12-10 12:59:54 +01:00
Jakob Unterwurzacher
3f5c48e058 tests: don't call t.Fatal in checkExampleFS
Calling t.Fatal means that the parent test has no chance
to clean up.
2016-11-26 15:20:54 +01:00
Jakob Unterwurzacher
10884603d8 benchmark.bash: double write length
Writing 1000 128KB blocks takes only 1 second and yielded
inconsistent results. With 2000, things look saner.
2016-11-26 12:36:55 +01:00
Jakob Unterwurzacher
41af353dcb tests: rename fsstress-loopback.bash to fsstress-gocryptfs.bash
The primary use is testing gocryptfs, after all.
2016-11-17 22:51:25 +01:00
Jakob Unterwurzacher
1bae06a16a tests: add OpenTruncateRead test
This is a regression test for the issue that was fixed by the
last commit.
2016-11-17 22:48:50 +01:00
Jakob Unterwurzacher
d8fb28a1c3 ctlsock: prevent panic on invalid decrypt request 2016-11-10 23:51:47 +01:00
Jakob Unterwurzacher
c2629bd9b5 tests: allow overriding hardcoded arguments in Mount helper 2016-11-10 23:47:04 +01:00
Jakob Unterwurzacher
c03fc46a51 ctlsock: implement EncryptPath for reverse mode, add tests 2016-11-10 23:32:51 +01:00
Jakob Unterwurzacher
75ebb28a62 ctlsock: add initial limited implementation
At the moment, in forward mode you can only encrypt paths
and in reverse mode you can only decrypt paths.
2016-11-10 00:27:08 +01:00
Jakob Unterwurzacher
d15122d3d6 Add Go 1.4 compatibility layer for raw64
Using raw64 will not work, but at least it will compile.
2016-11-01 19:25:59 +01:00
Jakob Unterwurzacher
964e0e6b36 tests: add raw64 tests
Also, use "%#v" instead of JSON for debug output.
This means we can unexport all fields.
2016-11-01 18:42:10 +01:00
Jakob Unterwurzacher
c2192cfcad fusefrontend: drop atime workarounds
The fix at https://github.com/hanwen/go-fuse/pull/131 has been merged.
Drop the workarounds and re-enable the tests.
2016-10-30 16:29:36 +01:00
Jakob Unterwurzacher
9b7135224b tests: fetch the example tarball from cdn.kernel.org
www.kernel.org is painfully slow at times.
2016-10-25 23:13:44 +02:00
Jakob Unterwurzacher
aeda9721d0 Fix misspellings
Close https://github.com/rfjakob/gocryptfs/issues/54
2016-10-24 19:18:13 +02:00
Jakob Unterwurzacher
1e66499af8 tests: add example tar 2016-10-19 22:32:21 +02:00
Jakob Unterwurzacher
77ebd62721 tests: fix forgotten variable rename 2016-10-19 22:31:03 +02:00
Jakob Unterwurzacher
589748548f tests: add 1980.tar.gz extract test
Test that we get the right timestamp when extracting a tarball.

Also simplify the workaround in doTestUtimesNano() and fix the
fact that it was running no test at all.
2016-10-19 22:25:54 +02:00
Jakob Unterwurzacher
600ceece35 lint fixes 2016-10-19 01:12:45 +02:00
Jakob Unterwurzacher
891a3b4c8a fusefrontend: Utimens: one more band-aid
Revert once https://github.com/hanwen/go-fuse/pull/131 is merged.
2016-10-16 20:20:00 +02:00
Jakob Unterwurzacher
4866785f4b tests: add test for -password -masterkey
Also, make the other password tests more rigorous by verifying the
fs content.
2016-10-16 19:13:00 +02:00