184 lines
4.9 KiB
Go
184 lines
4.9 KiB
Go
package main
|
|
|
|
import (
|
|
"path/filepath"
|
|
"strings"
|
|
"syscall"
|
|
|
|
"libgocryptfs/v2/internal/configfile"
|
|
"libgocryptfs/v2/internal/nametransform"
|
|
"libgocryptfs/v2/internal/syscallcompat"
|
|
)
|
|
|
|
// isFiltered - check if plaintext "path" should be forbidden
|
|
//
|
|
// Prevents name clashes with internal files when file names are not encrypted
|
|
func (volume *Volume) isFiltered(path string) bool {
|
|
if !volume.plainTextNames {
|
|
return false
|
|
}
|
|
// gocryptfs.conf in the root directory is forbidden
|
|
if path == configfile.ConfDefaultName {
|
|
return true
|
|
}
|
|
// Note: gocryptfs.diriv is NOT forbidden because diriv and plaintextnames
|
|
// are exclusive
|
|
return false
|
|
}
|
|
|
|
func (volume *Volume) openBackingDir(relPath string) (dirfd int, cName string, err error) {
|
|
dirRelPath := nametransform.Dir(relPath)
|
|
// With PlaintextNames, we don't need to read DirIVs. Easy.
|
|
if volume.plainTextNames {
|
|
dirfd, err = syscallcompat.OpenDirNofollow(volume.rootCipherDir, dirRelPath)
|
|
if err != nil {
|
|
return -1, "", err
|
|
}
|
|
// If relPath is empty, cName is ".".
|
|
cName = filepath.Base(relPath)
|
|
return dirfd, cName, nil
|
|
}
|
|
// Open cipherdir (following symlinks)
|
|
dirfd, err = syscallcompat.Open(volume.rootCipherDir, syscall.O_DIRECTORY|syscallcompat.O_PATH, 0)
|
|
if err != nil {
|
|
return -1, "", err
|
|
}
|
|
// If relPath is empty, cName is ".".
|
|
if relPath == "" {
|
|
return dirfd, ".", nil
|
|
}
|
|
// Walk the directory tree
|
|
parts := strings.Split(relPath, "/")
|
|
for i, name := range parts {
|
|
iv, err := volume.nameTransform.ReadDirIVAt(dirfd)
|
|
if err != nil {
|
|
syscall.Close(dirfd)
|
|
return -1, "", err
|
|
}
|
|
cName, err = volume.nameTransform.EncryptAndHashName(name, iv)
|
|
if err != nil {
|
|
syscall.Close(dirfd)
|
|
return -1, "", err
|
|
}
|
|
// Last part? We are done.
|
|
if i == len(parts)-1 {
|
|
break
|
|
}
|
|
// Not the last part? Descend into next directory.
|
|
dirfd2, err := syscallcompat.Openat(dirfd, cName, syscall.O_NOFOLLOW|syscall.O_DIRECTORY|syscallcompat.O_PATH, 0)
|
|
syscall.Close(dirfd)
|
|
if err != nil {
|
|
return -1, "", err
|
|
}
|
|
dirfd = dirfd2
|
|
}
|
|
return dirfd, cName, nil
|
|
}
|
|
|
|
func (volume *Volume) prepareAtSyscall(path string) (dirfd int, cName string, err error) {
|
|
// root node itself is special
|
|
if path == "" {
|
|
return volume.openBackingDir(path)
|
|
}
|
|
|
|
// Cache lookup
|
|
// TODO make it work for plaintextnames as well?
|
|
if !volume.plainTextNames {
|
|
directory, ok := volume.dirCache[path]
|
|
if ok {
|
|
if directory.fd > 0 {
|
|
cName, err := volume.nameTransform.EncryptAndHashName(filepath.Base(path), directory.iv)
|
|
if err != nil {
|
|
return -1, "", err
|
|
}
|
|
dirfd, err = syscall.Dup(directory.fd)
|
|
if err != nil {
|
|
return -1, "", err
|
|
}
|
|
return dirfd, cName, nil
|
|
}
|
|
}
|
|
}
|
|
|
|
// Slowpath
|
|
if volume.isFiltered(path) {
|
|
return -1, "", syscall.EPERM
|
|
}
|
|
dirfd, cName, err = volume.openBackingDir(path)
|
|
if err != nil {
|
|
return -1, "", err
|
|
}
|
|
|
|
// Cache store
|
|
if !volume.plainTextNames {
|
|
// TODO: openBackingDir already calls ReadDirIVAt(). Avoid duplicate work?
|
|
iv, err := volume.nameTransform.ReadDirIVAt(dirfd)
|
|
if err != nil {
|
|
syscall.Close(dirfd)
|
|
return -1, "", err
|
|
}
|
|
dirfdDup, err := syscall.Dup(dirfd)
|
|
if err == nil {
|
|
var pathCopy strings.Builder
|
|
pathCopy.WriteString(path)
|
|
volume.dirCache[pathCopy.String()] = Directory{dirfdDup, iv}
|
|
}
|
|
}
|
|
return
|
|
}
|
|
|
|
// decryptSymlinkTarget: "cData64" is base64-decoded and decrypted
|
|
// like file contents (GCM).
|
|
// The empty string decrypts to the empty string.
|
|
//
|
|
// This function does not do any I/O and is hence symlink-safe.
|
|
func (volume *Volume) decryptSymlinkTarget(cData64 string) (string, error) {
|
|
if cData64 == "" {
|
|
return "", nil
|
|
}
|
|
cData, err := volume.nameTransform.B64DecodeString(cData64)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
data, err := volume.contentEnc.DecryptBlock([]byte(cData), 0, nil)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return string(data), nil
|
|
}
|
|
|
|
// readlink reads and decrypts a symlink. Used by Readlink, Getattr, Lookup.
|
|
func (volume *Volume) readlink(dirfd int, cName string) []byte {
|
|
cTarget, err := syscallcompat.Readlinkat(dirfd, cName)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
if volume.plainTextNames {
|
|
return []byte(cTarget)
|
|
}
|
|
// Symlinks are encrypted like file contents (GCM) and base64-encoded
|
|
target, err := volume.decryptSymlinkTarget(cTarget)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
return []byte(target)
|
|
}
|
|
|
|
func isRegular(mode uint32) bool { return (mode & syscall.S_IFMT) == syscall.S_IFREG }
|
|
|
|
func isSymlink(mode uint32) bool { return (mode & syscall.S_IFMT) == syscall.S_IFLNK }
|
|
|
|
// translateSize translates the ciphertext size in `out` into plaintext size.
|
|
// Handles regular files & symlinks (and finds out what is what by looking at
|
|
// `out.Mode`).
|
|
func (volume *Volume) translateSize(dirfd int, cName string, st *syscall.Stat_t) uint64 {
|
|
size := uint64(st.Size)
|
|
if isRegular(st.Mode) {
|
|
size = volume.contentEnc.CipherSizeToPlainSize(uint64(st.Size))
|
|
} else if isSymlink(st.Mode) {
|
|
target := volume.readlink(dirfd, cName)
|
|
size = uint64(len(target))
|
|
}
|
|
return size
|
|
}
|