04858ddd22
xfstests generic/523 discovered that we allowed to set xattrs with "/" in the name, but did not allow to read them later. With this change we do not allow to set them in the first place.
43 lines
1.1 KiB
Go
43 lines
1.1 KiB
Go
package fusefrontend_reverse
|
|
|
|
import (
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"golang.org/x/sys/unix"
|
|
|
|
"github.com/rfjakob/gocryptfs/internal/ctlsocksrv"
|
|
"github.com/rfjakob/gocryptfs/internal/pathiv"
|
|
)
|
|
|
|
// Verify that the interface is implemented.
|
|
var _ ctlsocksrv.Interface = &RootNode{}
|
|
|
|
// EncryptPath implements ctlsock.Backend.
|
|
// This is used for the control socket and for the "-exclude" logic.
|
|
func (rn *RootNode) EncryptPath(plainPath string) (string, error) {
|
|
if rn.args.PlaintextNames || plainPath == "" {
|
|
return plainPath, nil
|
|
}
|
|
cipherPath := ""
|
|
parts := strings.Split(plainPath, "/")
|
|
for _, part := range parts {
|
|
dirIV := pathiv.Derive(cipherPath, pathiv.PurposeDirIV)
|
|
encryptedPart, err := rn.nameTransform.EncryptName(part, dirIV)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
if rn.args.LongNames && len(encryptedPart) > unix.NAME_MAX {
|
|
encryptedPart = rn.nameTransform.HashLongName(encryptedPart)
|
|
}
|
|
cipherPath = filepath.Join(cipherPath, encryptedPart)
|
|
}
|
|
return cipherPath, nil
|
|
}
|
|
|
|
// DecryptPath implements ctlsock.Backend
|
|
func (rn *RootNode) DecryptPath(cipherPath string) (string, error) {
|
|
p, err := rn.decryptPath(cipherPath)
|
|
return p, err
|
|
}
|