diff options
author | Jakob Unterwurzacher | 2018-09-08 17:41:17 +0200 |
---|---|---|
committer | Jakob Unterwurzacher | 2018-09-08 17:41:17 +0200 |
commit | 9ec9d0c49cfbdc9ceba10d7534b77e527c0a3cdc (patch) | |
tree | a7beb635c6ac0d7580e95811d1803f9750c431aa /internal/fusefrontend_reverse | |
parent | bc14f8dcb65740dac792b50f2582372762e782b8 (diff) |
syscallcompat: untangle OpenNofollow and rename to OpenDirNofollow
The function used to do two things:
1) Walk the directory tree in a manner safe from symlink attacks
2) Open the final component in the mode requested by the caller
This change drops (2), which was only used once, and lets the caller
handle it. This simplifies the function and makes it fit for reuse in
forward mode in openBackingPath(), and for using O_PATH on Linux.
Diffstat (limited to 'internal/fusefrontend_reverse')
-rw-r--r-- | internal/fusefrontend_reverse/reverse_longnames.go | 2 | ||||
-rw-r--r-- | internal/fusefrontend_reverse/rfile.go | 9 | ||||
-rw-r--r-- | internal/fusefrontend_reverse/rfs.go | 2 | ||||
-rw-r--r-- | internal/fusefrontend_reverse/rpath.go | 2 | ||||
-rw-r--r-- | internal/fusefrontend_reverse/virtualfile.go | 2 |
5 files changed, 12 insertions, 5 deletions
diff --git a/internal/fusefrontend_reverse/reverse_longnames.go b/internal/fusefrontend_reverse/reverse_longnames.go index 46f7399..f826d1b 100644 --- a/internal/fusefrontend_reverse/reverse_longnames.go +++ b/internal/fusefrontend_reverse/reverse_longnames.go @@ -63,7 +63,7 @@ func (rfs *ReverseFS) findLongnameParent(dir string, dirIV []byte, longname stri if hit != "" { return hit, nil } - fd, err := syscallcompat.OpenNofollow(rfs.args.Cipherdir, dir, syscall.O_RDONLY|syscall.O_DIRECTORY, 0) + fd, err := syscallcompat.OpenDirNofollow(rfs.args.Cipherdir, dir) if err != nil { tlog.Warn.Printf("findLongnameParent: opendir failed: %v\n", err) return "", err diff --git a/internal/fusefrontend_reverse/rfile.go b/internal/fusefrontend_reverse/rfile.go index 7df0906..75932cb 100644 --- a/internal/fusefrontend_reverse/rfile.go +++ b/internal/fusefrontend_reverse/rfile.go @@ -4,6 +4,7 @@ import ( "bytes" "io" "os" + "path/filepath" "syscall" // In newer Go versions, this has moved to just "sync/syncmap". @@ -46,7 +47,13 @@ func (rfs *ReverseFS) newFile(relPath string) (*reverseFile, fuse.Status) { if err != nil { return nil, fuse.ToStatus(err) } - fd, err := syscallcompat.OpenNofollow(rfs.args.Cipherdir, pRelPath, syscall.O_RDONLY, 0) + dir := filepath.Dir(pRelPath) + dirfd, err := syscallcompat.OpenDirNofollow(rfs.args.Cipherdir, dir) + if err != nil { + return nil, fuse.ToStatus(err) + } + fd, err := syscallcompat.Openat(dirfd, filepath.Base(pRelPath), syscall.O_RDONLY|syscall.O_NOFOLLOW, 0) + syscall.Close(dirfd) if err != nil { return nil, fuse.ToStatus(err) } diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go index 1ca0b28..4f94f3c 100644 --- a/internal/fusefrontend_reverse/rfs.go +++ b/internal/fusefrontend_reverse/rfs.go @@ -305,7 +305,7 @@ func (rfs *ReverseFS) OpenDir(cipherPath string, context *fuse.Context) ([]fuse. return nil, fuse.ToStatus(err) } // Read plaintext dir - fd, err := syscallcompat.OpenNofollow(rfs.args.Cipherdir, relPath, syscall.O_RDONLY|syscall.O_DIRECTORY, 0) + fd, err := syscallcompat.OpenDirNofollow(rfs.args.Cipherdir, relPath) if err != nil { return nil, fuse.ToStatus(err) } diff --git a/internal/fusefrontend_reverse/rpath.go b/internal/fusefrontend_reverse/rpath.go index b783686..7115426 100644 --- a/internal/fusefrontend_reverse/rpath.go +++ b/internal/fusefrontend_reverse/rpath.go @@ -108,7 +108,7 @@ func (rfs *ReverseFS) openBackingDir(cRelPath string) (dirfd int, pName string, } // Open directory, safe against symlink races pDir := filepath.Dir(pRelPath) - dirfd, err = syscallcompat.OpenNofollow(rfs.args.Cipherdir, pDir, syscall.O_RDONLY|syscall.O_DIRECTORY, 0) + dirfd, err = syscallcompat.OpenDirNofollow(rfs.args.Cipherdir, pDir) if err != nil { return -1, "", err } diff --git a/internal/fusefrontend_reverse/virtualfile.go b/internal/fusefrontend_reverse/virtualfile.go index 8509b87..963c801 100644 --- a/internal/fusefrontend_reverse/virtualfile.go +++ b/internal/fusefrontend_reverse/virtualfile.go @@ -91,7 +91,7 @@ func (f *virtualFile) Read(buf []byte, off int64) (resultData fuse.ReadResult, s // GetAttr - FUSE call func (f *virtualFile) GetAttr(a *fuse.Attr) fuse.Status { dir := filepath.Dir(f.parentFile) - dirfd, err := syscallcompat.OpenNofollow(f.cipherdir, dir, syscall.O_RDONLY|syscall.O_DIRECTORY, 0) + dirfd, err := syscallcompat.OpenDirNofollow(f.cipherdir, dir) if err != nil { return fuse.ToStatus(err) } |