Commit Graph

1499 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
a2af1fb5da fusefrontend: export "File" type
"gocryptfs -fsck" will need access to helper functions,
and to get that, it will need to cast a gofuse.File to a
fusefrontend.File. Make fusefrontend.File exported to make
this work.
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
4a73637782 fsck: get rid of channel read closures
Create proper functions instead to declutter the logic.
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
1a18d8e609 fsck: rename "CorruptItems" channel to "MitigatedCorruptions"
Make it clear that this channel is only used to report corruptions
that are transparently mitigated and do not return an error to
the user.
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
283184dd5a fsck: suppress "no problems found" when running quiet
Passing "-q" now disables the "fsck summary: no problems found\n"
message.
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
52c9ff1ded main: improve fuse.NewServer error message
Before: fuse.NewServer failed: "fusermount exited with code 256\n"
After:  fuse.NewServer failed: fusermount exited with code 256
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
6d64dfe8f7 Only print masterkey once on -init
It is no longer printed at all when mounting a filesystem,
printing on -init can be disabled with -q.

https://github.com/rfjakob/gocryptfs/issues/76
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
991891a5c4 trezor: add sanity checks for decrypted value
Check that the value has changed, is not all-zero
and has the right length.
2018-07-01 20:56:22 +02:00
Dmitry Yu Okunev
978f1f3f6d Implemented the support of Trezor devices. 2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
3f9a4bbcaa main: replace naked panic with log.Panic
Fix the check that failed to find the case as well.
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
1a5e9cfb1e trezor: reject password change on Trezor-enabled fs
This is not supported (yet? does it make sense?).
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
9a15dfa494 trezor: add TrezorPayload
TrezorPayload stores 32 random bytes used for unlocking
the master key using a Trezor security module. The randomness makes sure
that a unique unlock value is used for each gocryptfs filesystem.
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
91de77943f configfile: reduce function name stutter
configfile.LoadConfFile()   -> configfile.Load()
configfile.CreateConfFile() -> configfile.Create()
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
8e5ca7299a trezor: exit with usage error if used together with -extpass
Using an external program for the Trezor PIN is not supported
at the moment.
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher
4bf02f4760 trezor: add basic "-init -trezor" test
Verify that the Trezor feature flag is set after "-init -trezor".
2018-07-01 20:56:09 +02:00
Jakob Unterwurzacher
c6f6e8ec4d trezor: add skeleton for Trezor support
readpassword.Trezor() is not implemented yet and returns
a hardcoded dummy key.
2018-07-01 20:56:04 +02:00
Jakob Unterwurzacher
02ab358451 README: Add folders side-by-side animation gif
10 second animation that shows what gocryptfs does.
2018-07-01 15:28:22 +02:00
Jakob Unterwurzacher
743c7705b2 configfile: use tlog.ColorYellow instead of hardcoded color code 2018-06-24 19:52:47 +02:00
Jakob Unterwurzacher
1bab400fca Fix three golint warnings
We are clean again.

Warnings were:

internal/fusefrontend/fs.go:443:14: should omit type string from declaration
of var cTarget; it will be inferred from the right-hand side
internal/fusefrontend/xattr.go:26:1: comment on exported method FS.GetXAttr
should be of the form "GetXAttr ..."
internal/syscallcompat/sys_common.go:9:7: exported const PATH_MAX should have
comment or be unexported
2018-06-19 20:16:21 +02:00
Jakob Unterwurzacher
009cc0ae8b Update README and MANPAGE for v1.5
Also update the performance numbers. I see some slowdown, reason
is not yet clear, but nothing to block the release.
2018-06-12 23:07:42 +02:00
Jakob Unterwurzacher
e925e1b78e dep: fix constraints and update dependencies
Gopkg.toml was emptied out by commit c3e12b5e68 which
seemed to work fine at the time. It turns out that, in
absence of a

  branch = "master"

constraint, dep will use the last tag. We want latest
master, as this is what "go get" fetches, and hence
what Travis uses for testing.
2018-06-12 23:05:53 +02:00
Jakob Unterwurzacher
bfa50517e9 xattr: return EOPNOTSUPP instead of ENODATA in GetXattr
Reading system.posix_acl_access and system.posix_acl_default
should return EOPNOTSUPP to inform user-space that we do not
support ACLs.

xftestest essientially does

	chacl -l | grep "Operation not supported"

to determine if the filesystem supports ACLs, and used to
wrongly believe that gocryptfs does.
2018-06-12 23:05:53 +02:00
Jakob Unterwurzacher
bde7ba57b0 darwin does not have PATH_MAX
Define our own, with the value from Linux.
2018-06-08 00:47:48 +02:00
Jakob Unterwurzacher
5ad26495fc main: cut down "flag provided but not defined" error message
Don't dump the help text on the unsuspecting user, but
give a short error message:

  $ gocryptfs -foobar
  flag provided but not defined: -foobar
  Invalid command line: gocryptfs -foobar. Try 'gocryptfs -help'.

For comparison: This is what cp does:

  $ cp --foo
  cp: unrecognized option '--foo'
  Try 'cp --help' for more information.

And this what we used to do:

  $ gocryptfs -foobar
  flag provided but not defined: -foobar
  gocryptfs v1.4.4-45-gfb772da; go-fuse v20170619-35-gb16719c; 2018-06-08 go1.10.2

  Usage: gocryptfs -init|-passwd|-info [OPTIONS] CIPHERDIR
    or   gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT

  Common Options (use -hh to show all):
    -aessiv            Use AES-SIV encryption (with -init)
    -allow_other       Allow other users to access the mount
    -config            Custom path to config file
    -ctlsock           Create control socket at location
    -extpass           Call external program to prompt for the password
    -fg                Stay in the foreground
    -fusedebug         Debug FUSE calls
    -h, -help          This short help text
    -hh                Long help text with all options
    -init              Initialize encrypted directory
    -info              Display information about encrypted directory
    -masterkey         Mount with explicit master key instead of password
    -nonempty          Allow mounting over non-empty directory
    -nosyslog          Do not redirect log messages to syslog
    -passfile          Read password from file
    -passwd            Change password
    -plaintextnames    Do not encrypt file names (with -init)
    -q, -quiet         Silence informational messages
    -reverse           Enable reverse mode
    -ro                Mount read-only
    -speed             Run crypto speed test
    -version           Print version information
    --                 Stop option parsing
  You passed: "-foobar"
  flag provided but not defined: -foobar
2018-06-08 00:03:23 +02:00
Jakob Unterwurzacher
fb772da697 main: forkChild: try to read /proc/self/exe
On Linux, where /proc exists, this makes sure that we are
executing ourselves again, and not some other copy of the
gocryptfs executable.

This usually does not matter, but mount(1) unsets $PATH
and sets argv[0] to just "gocryptfs".
2018-06-07 23:09:27 +02:00
Julian Orth
10212d791a Set a default PATH if PATH is empty or unset
mount(1) unsets PATH before calling mount.fuse. Therefore it's not set
in gocrpytfs either and daemonization fails if gocryptfs was not
executed via an absolute path.

mount.fuse handles this by leaving the execution of the helper to
/bin/sh. /bin/sh handles an empty PATH by searching a few default
locations.

This patch sets the PATH to a sane default if it's empty or unset.
2018-06-07 22:57:57 +02:00
Jakob Unterwurzacher
53d6a9999d main: accept -dev, -nodev, -suid, -nosuid, -exec, -noexec
When mounted via /etc/fstab like this,

  /a /b fuse.gocryptfs default 0 0

we always get extra options passed. As reported by @mahkoh
at https://github.com/rfjakob/gocryptfs/pull/233 :

  mount passes `-o noexec` if `-o user` is set and `-o exec` is not set.
  If both `-o user` and `-o exec` are set, it passes `-o exec`.

Make these options work, and in addtion, also make -suid and -rw
work the same way.

Reported-by: @mahkoh
2018-06-07 22:50:30 +02:00
Jakob Unterwurzacher
e29a81efc3 main: make prefixOArgs errors testable
By returning an error instead of calling os.Exit,
error cases can be tested easily. Error cases
were not tested until now.
2018-06-05 21:02:35 +02:00
Jakob Unterwurzacher
98aa9cb176 dep: update xattr dependency
We need LGet support from the newest release.
2018-05-27 21:39:40 +02:00
Jakob Unterwurzacher
ae02ca1ded xattr: use LGet/LSet etc
Support has been merged into the xattr package
( https://github.com/pkg/xattr/pull/29 ), use it.
2018-05-27 20:09:48 +02:00
Jakob Unterwurzacher
44caf21deb tests: add "mv broken symlink" test
This currently fails because we do not use llistxattr
yet.
2018-05-17 23:14:33 +02:00
Jakob Unterwurzacher
e25d551e18 crossbuild.bash: call "set -x" late
Fedora 28 executes A LOT of stuff from /usr/share/Modules/
on bash startup. Having -x in the shebang means we see
it all.
2018-05-15 23:05:39 +02:00
Jakob Unterwurzacher
7b00681807 xattr: return EOPNOTSUPP for unsupported attributes
mv is unhappy when we return EPERM when it tries to set
system.posix_acl_access:

   mv: preserving permissions for ‘b/x’: Operation not permitted

Now we return EOPNOTSUPP like tmpfs does and mv seems happy.
2018-05-15 23:00:47 +02:00
Jakob Unterwurzacher
f7a6f4d468 fsck: update testcases with binary xattrs 2018-05-10 23:26:00 +02:00
Bolshevik
a41ec2028c xattr: optimize storage, store as binary instead of bae64
Values a binary-safe, there is no need to base64-encode them.

Old, base64-encoded values are supported transparently
on reading. Writing xattr values now always writes them binary.
2018-05-10 23:25:49 +02:00
Jakob Unterwurzacher
a276321dea stupidgcm: return error on too short input instead of panicing
This is what Go GCM does as well.
2018-05-10 23:00:02 +02:00
Bolshevik
5ccc06d5cb xattr: added passing of a "flags" parameter
Pass the "flags" parameter to the lower layer syscall.
This makes Apple applications being able to successfully save data.
2018-05-07 21:45:40 +02:00
Bolshevik
95964fb5f0 Updated dependencies. 2018-05-07 21:45:40 +02:00
Jakob Unterwurzacher
fc8fca04a8 tests: example_filesystems: create a private copy in /tmp
The tests write to the example_filesystems folder, which
1) May leave your source tree in a modified state
2) Triggers test failures when the fsck tests run concurrently,
   which happens on Travis CI every now and then.

Fix both problem by copying the example_filesystems folder
to a private location in /tmp.
2018-05-04 22:27:59 +02:00
Jakob Unterwurzacher
fe3890688a fusefrontend: xattr: return ENOSYS on unsupported flags
We previously returned EPERM to prevent the kernel from
blacklisting our xattr support once we get an unsupported
flag, but this causes lots of trouble on MacOS:
Cannot save files from GUI apps, see
https://github.com/rfjakob/gocryptfs/issues/229

Returning ENOSYS triggers the dotfiles fallback on MacOS
and fixes the issue.
2018-05-01 23:30:53 +02:00
Jakob Unterwurzacher
996d2f141b tests: helpers: fix a few error reports
These were using stale err values.
2018-04-27 20:19:51 +02:00
bolshevik
12b32aa06c Improved xattr handling on non-linux systems (#227)
* Fixed xattr filtering for MacOS. "system." and "user." prefixes are only relevant for Linux.
* Small cleanup and additional tests.
2018-04-17 20:33:04 +02:00
Jakob Unterwurzacher
12832851c6 daemonize: try /bin/logger if /usr/bin/logger fails
SUSE has /bin/logger, everybody else has /usr/bin/logger,
so try both.

Fixes https://github.com/rfjakob/gocryptfs/issues/225
2018-04-11 20:31:02 +02:00
Jakob Unterwurzacher
bcc8378a2c Fix the easy golint warnings
Reported by https://goreportcard.com/report/github.com/rfjakob/gocryptfs
2018-04-08 20:26:25 +02:00
Jakob Unterwurzacher
cab0cda449 tests: retry umount
Gnome may still have files open causing spurious test
failures.
2018-04-08 20:09:05 +02:00
Jakob Unterwurzacher
9d7392a5be tests: cli_test: fix fd leak
One fd leak found in TestMountBackground.
2018-04-07 15:46:41 +02:00
Jakob Unterwurzacher
22031d7e53 tests: matrix: check for fd leaks
And fix two in test_helpers.Mount().

Leftover fds can cause an unmount failure like this later:
fusermount: failed to unmount /tmp/gocryptfs-test-parent/873632270/default-plain: Device or resource busy
so try to catch them early.
2018-04-07 15:24:00 +02:00
Jakob Unterwurzacher
4e5783591f fsck: report skipped corrupt files
OpenDir and ListXAttr skip over corrupt entries,
readFileID treats files the are too small as empty.
This improves usability in the face of corruption,
but hides the problem in a log message instead of
putting it in the return code.

Create a channel to report these corruptions to fsck
so it can report them to the user.

Also update the manpage and the changelog with the -fsck option.

Closes https://github.com/rfjakob/gocryptfs/issues/191
2018-04-03 21:24:48 +02:00
Jakob Unterwurzacher
8b443c8484 fsck: add xattr support
With testcases.
2018-04-02 20:25:59 +02:00
Jakob Unterwurzacher
4407ca3a4d fusefrontend: xattr: return ENODATA for security.* and system.*
"ls -l" queries security.selinux, system.posix_acl_access, system.posix_acl_default
and throws error messages if it gets something else than ENODATA.
2018-04-02 18:59:14 +02:00
Jakob Unterwurzacher
a0fd3eca98 fsck: test against example_filesystems 2018-04-02 18:43:50 +02:00