Commit Graph

241 Commits

Author SHA1 Message Date
Sebastian Lackner
5055f39bd5 fusefrontend: Allow to set/remove xattr on directory without read permission.
Setting/removing extended attributes on directories was partially fixed with
commit eff35e60b6. However, on most file systems
it is also possible to do these operations without read access (see tests).

Since we cannot open a write-access fd to a directory, we have to use the
/proc/self/fd trick (already used for ListXAttr) for the other operations aswell.
For simplicity, let's separate the Linux and Darwin code again (basically revert
commit f320b76fd1), and always use the
/proc/self/fd trick on Linux. On Darwin we use the best-effort approach with
openBackingFile() as a fallback.

More discussion about the available options is available in
https://github.com/rfjakob/gocryptfs/issues/308.
2019-01-05 12:34:40 +01:00
Sebastian Lackner
f17721c364 A few more spelling fixes. 2019-01-05 12:27:55 +01:00
Jakob Unterwurzacher
65eded4a22 tests: bump maxCacheFds to 3
As the dirCache now has 3 entries, the tests should accept
up to 3 extra fds without declaring an fd leak.
2019-01-04 23:50:01 +01:00
Jakob Unterwurzacher
eff35e60b6 fusefrontend: fix setting xattrs on directories
Directories cannot be opened read-write. Retry with RDONLY.
2019-01-04 22:22:24 +01:00
Jakob Unterwurzacher
58f62ada46 tests: reverse: verify that longname .name files are exluded as well
Currently fails, will be fixed in the next commit.

https://github.com/rfjakob/gocryptfs/issues/286
2019-01-04 17:57:57 +01:00
Jakob Unterwurzacher
a2f83acc30 tests: fix VerifyExistence() helper, it missed unstat()able files
VerifyExistence missed unstat()able files in the directory listing
because ioutil.ReadDir() filtered them out.

https://github.com/rfjakob/gocryptfs/issues/285
2019-01-04 17:36:06 +01:00
Jakob Unterwurzacher
1c9fb707fe tests: overengineer extractloop_plot_csv.m a little
Plot iteration time on second y axis, adjust line styles
2019-01-03 18:24:14 +01:00
Sebastian Lackner
a1ba4b6576 Omit syscall.O_RDONLY flag when passing O_PATH.
When O_PATH is specified in flags, flag bits other than O_CLOEXEC, O_DIRECTORY,
and O_NOFOLLOW are ignored.
2019-01-03 18:24:05 +01:00
Jakob Unterwurzacher
71d07b7c73 tests: extractloop: renice to level 19
Run at low priority to not annoy the user too much.
2019-01-03 16:14:05 +01:00
Jakob Unterwurzacher
bb9884549b tests: allow one extra fd in fd leak detector (dirCache)
The gocryptfs process may keep one fd open for up to one second
in the dirCache.
2019-01-03 15:38:51 +01:00
Jakob Unterwurzacher
f6dad8d0fa nametransform: simplify WriteDirIV to WriteDirIVAt
Un-spaghettify the function and let the callers open
the directory.
2019-01-03 15:31:13 +01:00
Jakob Unterwurzacher
59f1300591 tests: retry longer when we see a fd leak
Hopefully gets rid of the false positives on travis.
2019-01-02 21:03:26 +01:00
Jakob Unterwurzacher
d269c28d16 tests: xattr: set on 0200 file, list on 0000 file
https://github.com/rfjakob/gocryptfs/issues/308
2019-01-02 20:45:55 +01:00
Jakob Unterwurzacher
55a27a47df tests: better error message for TestBase64XattrRead
Make clear what we have and what we want.
2019-01-02 16:55:51 +01:00
Jakob Unterwurzacher
772afa93f9 tests: add fd leak retry logic to UnmountErr, really return error
Give the gocryptfs process one extra millisecond to close
files. Allows us to drop several other sleeps.

UnmountErr now really returns an error when it detects an fd leak
instead of just printing a message.
2019-01-02 01:09:09 +01:00
Jakob Unterwurzacher
d5a74d2a3e tests: ListFds(): filter out pipe and eventpoll fds
These are created on demand by the Go runtime and are usually
not interesting.
2019-01-02 00:09:17 +01:00
Jakob Unterwurzacher
b1819143c5 tests: make MountInfo field accessible
Tests outside the test_helpers package may want to look
at this.
2019-01-02 00:09:17 +01:00
Jakob Unterwurzacher
035b3367b7 tests: reverse: add ctlsocket cleanup delay 2019-01-02 00:09:17 +01:00
Jakob Unterwurzacher
035834dd51 tests: ListFds: show r/w status
Also, drop entries that disappear while we stat them.
2019-01-01 22:27:40 +01:00
Jakob Unterwurzacher
e276e255dc tests: split mount_unmount.go from helpers.go
With the FD leak logic, the mount/unmount functions have
become complex enough to give them their own file.
2019-01-01 22:27:10 +01:00
Jakob Unterwurzacher
10de105c13 tests: detect fd leaks on unmount
For now, this only prints a message but does not fail the tests.
2019-01-01 22:01:49 +01:00
Jakob Unterwurzacher
887d5aa8e7 tests: teach ListFds() to check other processes 2019-01-01 20:05:38 +01:00
Jakob Unterwurzacher
817c485bb7 tests: save gocryptfs process id in test_helpers.MountPID
This will allow to tests to monitor fd usage and maybe other things.
2019-01-01 19:34:12 +01:00
Jakob Unterwurzacher
60e7a0ca9f fusefrontend: xattr: fix hang on FIFOs
An Open() a fifo blocks until it is opened for writing.
This meant that xattr operations on FIFOs would block.
Pass O_NONBLOCK to fix that, and add a test.
2019-01-01 16:24:25 +01:00
Jakob Unterwurzacher
2286372603 fusefrontend: make GetXAttr() symlink-safe on Linux
Uses the /proc/self/fd trick, which does not work
on Darwin.
2019-01-01 16:24:25 +01:00
Jakob Unterwurzacher
b97d7d1d33 tests: add Flistxattr/Fgetxattr/Fremovexattr tests
Test for the upcoming fd-based xattr support.
2019-01-01 16:24:25 +01:00
Jakob Unterwurzacher
ed6ed513d7 fusefrontend: make Access() symlink-safe.
Make Access() symlink-safe through use of faccessat.
2019-01-01 16:24:09 +01:00
Sebastian Lackner
874eaf9734 Assorted spelling fixes.
Mostly detected with the 'codespell' utility, but also includes some
manual grammar fixes.
2018-12-27 15:19:55 +01:00
Jakob Unterwurzacher
e537ecbe2e tests: fix golint error
Error was:

  tests/cli/cli_test.go:552: declaration of "err" shadows declaration at tests/cli/cli_test.go:544
2018-10-11 20:57:52 +02:00
Jakob Unterwurzacher
04241455a2 tests: add idle timeout test
Mount with idle timeout 10ms and check that the process exits by itself
within 5 seconds.
2018-10-11 20:43:28 +02:00
Jakob Unterwurzacher
4f2feb1be7 tests: catch "name too long" symlink failure on XFS
Retry with length 1000 if length 4000 fails, which
should work on all filesystems.

Failure was:

  --- FAIL: TestTooLongSymlink (0.00s)
      correctness_test.go:198: symlink xxx[...]xxxx /tmp/xfs.mnt/gocryptfs-test-parent/549823072/365091391/TooLongSymlink: file name too long

https://github.com/rfjakob/gocryptfs/issues/267
2018-10-10 22:40:55 +02:00
Jakob Unterwurzacher
5a1ebdb4f7 tests: respect TMPDIR if set
Setting TMPDIR now allows to run the tests against
a directory of your choice, making it easier to test
different filesystems.
2018-10-10 22:24:20 +02:00
Jakob Unterwurzacher
c270b21efc fusefrontend: get rid of os.File* wrapping
Directly use int file descriptors for the dirfd
and get rid of one level of indirection.
2018-09-23 12:17:26 +02:00
Jakob Unterwurzacher
05c8d4a1c4 tests: add symlink_race tool
Help uncover symlink races.
2018-09-23 12:17:26 +02:00
Jakob Unterwurzacher
9e6ee47bc9 tests: detect and report chmod failures earlier
Instead of reporting the consequence:

    matrix_test.go:906: modeHave 0664 != modeWant 0777

Report it if chmod itself fails, and also report the old file mode:

    matrix_test.go:901: chmod 000 -> 777 failed: bad file descriptor
2018-09-22 13:39:17 +02:00
Jakob Unterwurzacher
5ca6243eeb main: sanitize commas from fsname
The cipherdir path is used as the fsname, as displayed
in "df -T". Now, having a comma in fsname triggers a sanity check
in go-fuse, aborting the mount with:

  /bin/fusermount: mount failed: Invalid argument
  fuse.NewServer failed: fusermount exited with code 256

Sanitize fsname by replacing any commas with underscores.

https://github.com/rfjakob/gocryptfs/issues/262
2018-09-18 19:39:52 +02:00
Jakob Unterwurzacher
e8d8ae54d3 fusefrontend: use OpenDirNofollow in openBackingDir
Rename openBackingPath to openBackingDir and use OpenDirNofollow
to be safe against symlink races. Note that openBackingDir is
not used in several important code paths like Create().

But it is used in Unlink, and the performance impact in the RM benchmark
to be acceptable:

Before

	$ ./benchmark.bash
	Testing gocryptfs at /tmp/benchmark.bash.bYO: gocryptfs v1.6-12-g930c37e-dirty; go-fuse v20170619-49-gb11e293; 2018-09-08 go1.10.3
	WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 1.07979 s, 243 MB/s
	READ:  262144000 bytes (262 MB, 250 MiB) copied, 0.882413 s, 297 MB/s
	UNTAR: 16.703
	MD5:   7.606
	LS:    1.349
	RM:    3.237

After

	$ ./benchmark.bash
	Testing gocryptfs at /tmp/benchmark.bash.jK3: gocryptfs v1.6-13-g84d6faf-dirty; go-fuse v20170619-49-gb11e293; 2018-09-08 go1.10.3
	WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 1.06261 s, 247 MB/s
	READ:  262144000 bytes (262 MB, 250 MiB) copied, 0.947228 s, 277 MB/s
	UNTAR: 17.197
	MD5:   7.540
	LS:    1.364
	RM:    3.410
2018-09-08 19:27:33 +02:00
Jakob Unterwurzacher
84d6fafeca tests: restore Go 1.7 compatibility
Go 1.7 does not have t.Name() yet.
2018-09-08 18:19:53 +02:00
Jakob Unterwurzacher
930c37e03d syscallcompat: use O_PATH in OpenDirNofollow
This fixes the "0100 directory" problem in reverse mode,
and should be slightly faster.
2018-09-08 18:06:33 +02:00
Jakob Unterwurzacher
bc14f8dcb6 tests: add chmod test
Makes sure we don't add regressions when fixing
https://github.com/rfjakob/gocryptfs/issues/259
2018-09-08 17:00:23 +02:00
Jakob Unterwurzacher
21b5fae0e6 tests: restore TestUtimesNanoSymlink
The function seems to have been renamed by 426b9536 by mistake.
Rename it back so the test is run again.
2018-09-08 16:36:01 +02:00
Jakob Unterwurzacher
ca24c20694 main: don't read the config file twice (fix pipe bug)
Instead, first Load() the file, then DecryptMasterKey().

Fixes https://github.com/rfjakob/gocryptfs/issues/258
2018-09-08 13:04:33 +02:00
Jakob Unterwurzacher
2bdf7d5172 configfile: add LoadAndDecrypt wrapper
Callers that do not want to decrypt the masterkey should
call plain Load().

https://github.com/rfjakob/gocryptfs/issues/258
2018-09-08 12:40:29 +02:00
Jakob Unterwurzacher
5acfbc1b2f main: add -e as an alias for -exclude 2018-08-15 13:12:13 +02:00
Jakob Unterwurzacher
ec2fdc19cf reverse mode: add --exclude option
https://github.com/rfjakob/gocryptfs/issues/235
2018-08-11 23:26:49 +02:00
Jakob Unterwurzacher
06f1ea951b tests: VerifyExistence: panic on inconsistent results
In the past we did not check whether all methods of checking
the file return the same result. We should.
2018-08-11 22:37:22 +02:00
Jakob Unterwurzacher
2d68b06f9d fsck: handle sparse files efficiently, fix xfstests generic/285
If we encounter a 128KB block of zeros, try to skip to the next
data section by calling File.SeekData().

This fixes xfstests generic/285, which creates a 17TB sparse file,
and runs fsck afterwards. Without this optimization, fsck would
take ages.
2018-07-01 21:48:51 +02:00
Jakob Unterwurzacher
9a15dfa494 trezor: add TrezorPayload
TrezorPayload stores 32 random bytes used for unlocking
the master key using a Trezor security module. The randomness makes sure
that a unique unlock value is used for each gocryptfs filesystem.
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
91de77943f configfile: reduce function name stutter
configfile.LoadConfFile()   -> configfile.Load()
configfile.CreateConfFile() -> configfile.Create()
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
8e5ca7299a trezor: exit with usage error if used together with -extpass
Using an external program for the Trezor PIN is not supported
at the moment.
2018-07-01 20:56:22 +02:00