107 lines
3.2 KiB
Go
107 lines
3.2 KiB
Go
package fusefrontend
|
|
|
|
// This file forwards file encryption operations to cryptfs
|
|
|
|
import (
|
|
"path/filepath"
|
|
"strings"
|
|
"syscall"
|
|
|
|
"github.com/rfjakob/gocryptfs/internal/configfile"
|
|
"github.com/rfjakob/gocryptfs/internal/nametransform"
|
|
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
|
|
"github.com/rfjakob/gocryptfs/internal/tlog"
|
|
)
|
|
|
|
// isFiltered - check if plaintext "path" should be forbidden
|
|
//
|
|
// Prevents name clashes with internal files when file names are not encrypted
|
|
func (fs *FS) isFiltered(path string) bool {
|
|
if !fs.args.PlaintextNames {
|
|
return false
|
|
}
|
|
// gocryptfs.conf in the root directory is forbidden
|
|
if path == configfile.ConfDefaultName {
|
|
tlog.Info.Printf("The name /%s is reserved when -plaintextnames is used\n",
|
|
configfile.ConfDefaultName)
|
|
return true
|
|
}
|
|
// Note: gocryptfs.diriv is NOT forbidden because diriv and plaintextnames
|
|
// are exclusive
|
|
return false
|
|
}
|
|
|
|
// openBackingDir opens the parent ciphertext directory of plaintext path
|
|
// "relPath" and returns the dirfd and the encrypted basename.
|
|
//
|
|
// The caller should then use Openat(dirfd, cName, ...) and friends.
|
|
// For convenience, if relPath is "", cName is going to be ".".
|
|
//
|
|
// openBackingDir is secure against symlink races by using Openat and
|
|
// ReadDirIVAt.
|
|
func (fs *FS) openBackingDir(relPath string) (dirfd int, cName string, err error) {
|
|
// With PlaintextNames, we don't need to read DirIVs. Easy.
|
|
if fs.args.PlaintextNames {
|
|
dir := nametransform.Dir(relPath)
|
|
dirfd, err = syscallcompat.OpenDirNofollow(fs.args.Cipherdir, dir)
|
|
if err != nil {
|
|
return -1, "", err
|
|
}
|
|
// If relPath is empty, cName is ".".
|
|
cName = filepath.Base(relPath)
|
|
return dirfd, cName, nil
|
|
}
|
|
// Open cipherdir (following symlinks)
|
|
dirfd, err = syscall.Open(fs.args.Cipherdir, syscall.O_RDONLY|syscall.O_DIRECTORY|syscallcompat.O_PATH, 0)
|
|
if err != nil {
|
|
return -1, "", err
|
|
}
|
|
// If relPath is empty, cName is ".".
|
|
if relPath == "" {
|
|
return dirfd, ".", nil
|
|
}
|
|
// Walk the directory tree
|
|
parts := strings.Split(relPath, "/")
|
|
for i, name := range parts {
|
|
iv, err := nametransform.ReadDirIVAt(dirfd)
|
|
if err != nil {
|
|
syscall.Close(dirfd)
|
|
return -1, "", err
|
|
}
|
|
cName = fs.nameTransform.EncryptAndHashName(name, iv)
|
|
// Last part? We are done.
|
|
if i == len(parts)-1 {
|
|
break
|
|
}
|
|
// Not the last part? Descend into next directory.
|
|
dirfd2, err := syscallcompat.Openat(dirfd, cName, syscall.O_RDONLY|syscall.O_NOFOLLOW|syscall.O_DIRECTORY|syscallcompat.O_PATH, 0)
|
|
syscall.Close(dirfd)
|
|
if err != nil {
|
|
return -1, "", err
|
|
}
|
|
dirfd = dirfd2
|
|
}
|
|
return dirfd, cName, nil
|
|
}
|
|
|
|
// encryptPath - encrypt relative plaintext path
|
|
//
|
|
// TODO: this function is NOT symlink-safe because EncryptPathDirIV is not
|
|
// symlink-safe.
|
|
func (fs *FS) encryptPath(plainPath string) (string, error) {
|
|
if plainPath != "" { // Empty path gets encrypted all the time without actual file accesses.
|
|
fs.AccessedSinceLastCheck = 1
|
|
} else { // Empty string gets encrypted as empty string
|
|
return plainPath, nil
|
|
}
|
|
if fs.args.PlaintextNames {
|
|
return plainPath, nil
|
|
}
|
|
|
|
fs.dirIVLock.RLock()
|
|
cPath, err := fs.nameTransform.EncryptPathDirIV(plainPath, fs.args.Cipherdir)
|
|
tlog.Debug.Printf("encryptPath '%s' -> '%s' (err: %v)", plainPath, cPath, err)
|
|
fs.dirIVLock.RUnlock()
|
|
return cPath, err
|
|
}
|