aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakob Unterwurzacher2021-01-10 07:27:04 +0100
committerJakob Unterwurzacher2021-01-10 07:27:04 +0100
commitf3394ae286d65492483579e038acb33edd8ca274 (patch)
tree51fadd715b5caab1f3b21e20f1fecc05a7d247d6
parentde108d3fc06dd9de404c497dfa9faa26956f43e3 (diff)
nametransform: move permission constants to perms.go
Prep for https://github.com/rfjakob/gocryptfs/issues/539
-rw-r--r--internal/nametransform/diriv.go8
-rw-r--r--internal/nametransform/longnames.go2
-rw-r--r--internal/nametransform/perms.go16
3 files changed, 17 insertions, 9 deletions
diff --git a/internal/nametransform/diriv.go b/internal/nametransform/diriv.go
index 6dbf028..b2f165b 100644
--- a/internal/nametransform/diriv.go
+++ b/internal/nametransform/diriv.go
@@ -62,14 +62,6 @@ func fdReadDirIV(fd *os.File) (iv []byte, err error) {
// This function is exported because it is used from fusefrontend, main,
// and also the automated tests.
func WriteDirIVAt(dirfd int) error {
- // It makes sense to have the diriv files group-readable so the FS can
- // be mounted from several users from a network drive (see
- // https://github.com/rfjakob/gocryptfs/issues/387 ).
- //
- // Note that gocryptfs.conf is still created with 0400 permissions so the
- // owner must explicitly chmod it to permit access.
- const dirivPerms = 0440
-
iv := cryptocore.RandBytes(DirIVLen)
// 0400 permissions: gocryptfs.diriv should never be modified after creation.
// Don't use "ioutil.WriteFile", it causes trouble on NFS:
diff --git a/internal/nametransform/longnames.go b/internal/nametransform/longnames.go
index 1bbcbb6..aa463a1 100644
--- a/internal/nametransform/longnames.go
+++ b/internal/nametransform/longnames.go
@@ -136,7 +136,7 @@ func (n *NameTransform) WriteLongNameAt(dirfd int, hashName string, plainName st
// Write the encrypted name into hashName.name
fdRaw, err := syscallcompat.Openat(dirfd, hashName+LongNameSuffix,
- syscall.O_WRONLY|syscall.O_CREAT|syscall.O_EXCL, 0400)
+ syscall.O_WRONLY|syscall.O_CREAT|syscall.O_EXCL, namePerms)
if err != nil {
// Don't warn if the file already exists - this is allowed for renames
// and should be handled by the caller.
diff --git a/internal/nametransform/perms.go b/internal/nametransform/perms.go
new file mode 100644
index 0000000..98b51d6
--- /dev/null
+++ b/internal/nametransform/perms.go
@@ -0,0 +1,16 @@
+package nametransform
+
+const (
+ // Permissions for gocryptfs.diriv files
+ //
+ // It makes sense to have the diriv files group-readable so the FS can
+ // be mounted from several users from a network drive (see
+ // https://github.com/rfjakob/gocryptfs/issues/387 ).
+ //
+ // Note that gocryptfs.conf is still created with 0400 permissions so the
+ // owner must explicitly chmod it to permit access.
+ dirivPerms = 0440
+
+ // Permissions for gocryptfs.longname.[sha256].name files
+ namePerms = 0400
+)