Compare commits
2 Commits
9e98192442
...
e6e4c201db
Author | SHA1 | Date |
---|---|---|
Matéo Duparc | e6e4c201db | |
Matéo Duparc | 7afeb9f3a4 |
|
@ -1,4 +1,4 @@
|
|||
libgocryptfs is a re-desing of the original [gocryptfs](https://github.com/rfjakob/gocryptfs) code to work as a library. Volumes are not mounted with [FUSE](https://www.kernel.org/doc/html/latest/filesystems/fuse.html) but rather opened in memory and accessed through API calls. What the purpose ?
|
||||
libgocryptfs is a re-design of the original [gocryptfs](https://github.com/rfjakob/gocryptfs) code to work as a library. Volumes are not mounted with [FUSE](https://www.kernel.org/doc/html/latest/filesystems/fuse.html) but rather opened in memory and accessed through API calls. What the purpose ?
|
||||
- Allow the use of gocryptfs in embedded devices where FUSE is not available (such as Android)
|
||||
- Reduce attack surface by restricting volumes access to only one process rather than one user
|
||||
|
||||
|
|
|
@ -10,27 +10,27 @@ import (
|
|||
)
|
||||
|
||||
//export gcf_get_attrs
|
||||
func gcf_get_attrs(sessionID int, relPath string) (uint64, int64, bool) {
|
||||
func gcf_get_attrs(sessionID int, relPath string) (uint32, uint64, uint64, bool) {
|
||||
value, ok := OpenedVolumes.Load(sessionID)
|
||||
if !ok {
|
||||
return 0, 0, false
|
||||
return 0, 0, 0, false
|
||||
}
|
||||
volume := value.(*Volume)
|
||||
dirfd, cName, err := volume.prepareAtSyscall(relPath)
|
||||
if err != nil {
|
||||
return 0, 0, false
|
||||
return 0, 0, 0, false
|
||||
}
|
||||
defer syscall.Close(dirfd)
|
||||
|
||||
st, err := syscallcompat.Fstatat2(dirfd, cName, unix.AT_SYMLINK_NOFOLLOW)
|
||||
if err != nil {
|
||||
return 0, 0, false
|
||||
return 0, 0, 0, false
|
||||
}
|
||||
|
||||
// Translate ciphertext size to plaintext size
|
||||
size := volume.translateSize(dirfd, cName, st)
|
||||
|
||||
return size, int64(st.Mtim.Sec), true
|
||||
return st.Mode, size, uint64(st.Mtim.Sec), true
|
||||
}
|
||||
|
||||
// libgocryptfs: using Renameat instead of Renameat2 to support older kernels
|
||||
|
|
|
@ -77,7 +77,7 @@ func gcf_list_dir(sessionID int, dirName string) (*C.char, *C.int, C.int) {
|
|||
// Filter and decrypt filenames
|
||||
for i := range cipherEntries {
|
||||
cName := cipherEntries[i].Name
|
||||
if dirName == "" && cName == configfile.ConfDefaultName {
|
||||
if dirName == "/" && cName == configfile.ConfDefaultName {
|
||||
// silently ignore "gocryptfs.conf" in the top level dir
|
||||
continue
|
||||
}
|
||||
|
|
11
file.go
11
file.go
|
@ -328,7 +328,7 @@ func (volume *Volume) truncate(handleID int, newSize uint64) bool {
|
|||
}
|
||||
// We need the old file size to determine if we are growing or shrinking
|
||||
// the file
|
||||
oldSize, _, success := gcf_get_attrs(volume.volumeID, f.path)
|
||||
_, oldSize, _, success := gcf_get_attrs(volume.volumeID, f.path)
|
||||
if !success {
|
||||
return false
|
||||
}
|
||||
|
@ -426,13 +426,18 @@ func gcf_open_write_mode(sessionID int, path string, mode uint32) int {
|
|||
}
|
||||
|
||||
//export gcf_truncate
|
||||
func gcf_truncate(sessionID int, handleID int, offset uint64) bool {
|
||||
func gcf_truncate(sessionID int, path string, offset uint64) bool {
|
||||
value, ok := OpenedVolumes.Load(sessionID)
|
||||
if !ok {
|
||||
return false
|
||||
}
|
||||
volume := value.(*Volume)
|
||||
return volume.truncate(handleID, offset)
|
||||
for handleID, file := range volume.fileHandles {
|
||||
if file.path == path {
|
||||
return volume.truncate(handleID, offset)
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
//export gcf_read_file
|
||||
|
|
|
@ -33,7 +33,7 @@ func (volume *Volume) isFiltered(path string) bool {
|
|||
}
|
||||
|
||||
func (volume *Volume) prepareAtSyscall(path string) (dirfd int, cName string, err error) {
|
||||
if path == "" {
|
||||
if path == "/" {
|
||||
return volume.prepareAtSyscallMyself(path)
|
||||
}
|
||||
|
||||
|
@ -111,7 +111,7 @@ func (volume *Volume) prepareAtSyscallMyself(path string) (dirfd int, cName stri
|
|||
dirfd = -1
|
||||
|
||||
// Handle root node
|
||||
if path == "" {
|
||||
if path == "/" {
|
||||
var err error
|
||||
// Open cipherdir (following symlinks)
|
||||
dirfd, err = syscallcompat.Open(volume.rootCipherDir, syscall.O_DIRECTORY|syscallcompat.O_PATH, 0)
|
||||
|
|
Loading…
Reference in New Issue