gocryptfs/internal/fusefrontend, branch v1.4

gocryptfs/internal/fusefrontend, branch v1.4 Mirror of gocryptfs source code on Github http://nuetzlich.net/cgit/gocryptfs/atom?h=v1.4 2017-06-09T20:04:56+00:00 Fix missing Owner coercion for already-open files (#117) 2017-06-09T20:04:56+00:00 Charles Duffy 2017-06-09T19:37:30+00:00 urn:sha1:da1bd742461e397abefc814bb0c0a21a6d8ec3d6 fusefrontend: write: consolidate and move encryption to contentenc 2017-06-01T20:19:27+00:00 Jakob Unterwurzacher 2017-06-01T19:39:47+00:00 urn:sha1:a24faa3ba52c66dfc1707da5c8d001f2adff9ccc Collect all the plaintext and pass everything to contentenc in one call. This will allow easier parallization of the encryption. https://github.com/rfjakob/gocryptfs/issues/116 Implement force_owner option to display ownership as a specific user. 2017-05-31T22:26:17+00:00 Charles Duffy 2017-05-30T21:01:06+00:00 urn:sha1:cf1ded5236157e2f9ec06eeea26023b67b40f16d nametransform: harden name decryption against invalid input 2017-05-23T19:26:38+00:00 Jakob Unterwurzacher 2017-05-23T18:46:24+00:00 urn:sha1:e827763f2e6226d9f5778d56c28270264950c0f5 This fixes a few issues I have found reviewing the code: 1) Limit the amount of data ReadLongName() will read. Previously, you could send gocryptfs into out-of-memory by symlinking gocryptfs.diriv to /dev/zero. 2) Handle the empty input case in unPad16() by returning an error. Previously, it would panic with an out-of-bounds array read. It is unclear to me if this could actually be triggered. 3) Reject empty names after base64-decoding in DecryptName(). An empty name crashes emeCipher.Decrypt(). It is unclear to me if B64.DecodeString() can actually return a non-error empty result, but let's guard against it anyway. fusefrontend: implement path decryption via ctlsock 2017-05-07T19:01:39+00:00 Jakob Unterwurzacher 2017-05-07T19:01:39+00:00 urn:sha1:ad7942f434fea567f24458e67a0919291b5ec8dd Closes https://github.com/rfjakob/gocryptfs/issues/84 . nametranform, fusefrontend: better errors on invalid names 2017-05-07T18:58:27+00:00 Jakob Unterwurzacher 2017-05-07T18:58:27+00:00 urn:sha1:26881538e1753e613b4143b28fa339812a9a6d16 nametransform.DecryptName() now always returns syscall.EBADMSG if the name was invalid. fusefrontend.OpenDir error messages have been normalized. fusefrontend: log "too many open files" errors 2017-05-03T21:46:52+00:00 Jakob Unterwurzacher 2017-05-03T21:46:52+00:00 urn:sha1:c52e1abc5869dd27a28f71ff43ec4e1c1917acf4 This usually indicates that the open file limit for gocryptfs is too low. We should report this to the user. openfiletable: rename WriteLock to ContentLock 2017-05-01T19:57:18+00:00 Jakob Unterwurzacher 2017-05-01T19:57:18+00:00 urn:sha1:fb3cc6ea407b83e4e1acf4e1a80e3b7d09c5b1db ...and IDLock to HeaderLock. This matches what the locks actually protect. fusefrontend: rely on nodefs.defaultFile for no-op functions 2017-05-01T17:12:37+00:00 Jakob Unterwurzacher 2017-05-01T17:12:37+00:00 urn:sha1:f322ee87e31a6ceb04c25fa62dcde4df6e45f92a Now that we embed nodefs.NewDefaultFile(), we can drop our own no-ops. fusefrontend: drop writeOnly flag 2017-05-01T15:49:37+00:00 Jakob Unterwurzacher 2017-05-01T15:49:37+00:00 urn:sha1:9ab11aa4d775f7c1242e8b044cc2f8957cc2c784 We do not have to track the writeOnly status because the kernel will not forward read requests on a write-only FD to us anyway. I have verified this behavoir manually on a 4.10.8 kernel and also added a testcase.