fusefronted: make EncryptPath symlink-safe

Finally allows us to delete EncryptPathDirIV.

2 files changed, 2 insertions, 70 deletions

diff --git a/internal/nametransform/diriv.go b/internal/nametransform/diriv.go
index b98de0c..93c4c68 100644
--- a/internal/nametransform/diriv.go
+++ b/internal/nametransform/diriv.go
@@ -25,26 +25,6 @@ const (
 	DirIVFilename = "gocryptfs.diriv"
 )
 
-// ReadDirIV - read the "gocryptfs.diriv" file from "dir" (absolute ciphertext path)
-// This function is exported because it allows for an efficient readdir implementation.
-// If the directory itself cannot be opened, a syscall error will be returned.
-// Otherwise, a fmt.Errorf() error value is returned with the details.
-//
-// TODO: this function is not symlink-safe and should be deleted once the only
-// remaining user, EncryptPathDirIV(), is gone.
-func ReadDirIV(dir string) (iv []byte, err error) {
-	fd, err := os.Open(filepath.Join(dir, DirIVFilename))
-	if err != nil {
-		// Note: getting errors here is normal because of concurrent deletes.
-		// Strip the useless annotation that os.Open has added and return
-		// the plain syscall error. The caller will log a nice message.
-		err2 := err.(*os.PathError)
-		return nil, err2.Err
-	}
-	defer fd.Close()
-	return fdReadDirIV(fd)
-}
-
 // ReadDirIVAt reads "gocryptfs.diriv" from the directory that is opened as "dirfd".
 // Using the dirfd makes it immune to concurrent renames of the directory.
 func ReadDirIVAt(dirfd int) (iv []byte, err error) {
@@ -132,53 +112,6 @@ func (be *NameTransform) EncryptAndHashName(name string, iv []byte) string {
 	return cName
 }
 
-// EncryptPathDirIV - encrypt relative plaintext path "plainPath" using EME with
-// DirIV. "rootDir" is the backing storage root directory.
-// Components that are longer than 255 bytes are hashed if be.longnames == true.
-//
-// TODO: EncryptPathDirIV is NOT SAFE against symlink races. This function
-// should eventually be deleted.
-func (be *NameTransform) EncryptPathDirIV(plainPath string, rootDir string) (string, error) {
-	var err error
-	// Empty string means root directory
-	if plainPath == "" {
-		return plainPath, nil
-	}
-	// Reject names longer than 255 bytes.
-	baseName := filepath.Base(plainPath)
-	if len(baseName) > unix.NAME_MAX {
-		return "", syscall.ENAMETOOLONG
-	}
-	// If we have the iv and the encrypted directory name in the cache, we
-	// can skip the directory walk. This optimization yields a 10% improvement
-	// in the tar extract benchmark.
-	parentDir := Dir(plainPath)
-	if iv, cParentDir := be.DirIVCache.Lookup(parentDir); iv != nil {
-		cBaseName := be.EncryptAndHashName(baseName, iv)
-		return filepath.Join(cParentDir, cBaseName), nil
-	}
-	// We have to walk the directory tree, starting at the root directory.
-	// ciphertext working directory (relative path)
-	cipherWD := ""
-	// plaintext working directory (relative path)
-	plainWD := ""
-	plainNames := strings.Split(plainPath, "/")
-	for _, plainName := range plainNames {
-		iv, _ := be.DirIVCache.Lookup(plainWD)
-		if iv == nil {
-			iv, err = ReadDirIV(filepath.Join(rootDir, cipherWD))
-			if err != nil {
-				return "", err
-			}
-			be.DirIVCache.Store(plainWD, iv, cipherWD)
-		}
-		cipherName := be.EncryptAndHashName(plainName, iv)
-		cipherWD = filepath.Join(cipherWD, cipherName)
-		plainWD = filepath.Join(plainWD, plainName)
-	}
-	return cipherWD, nil
-}
-
 // Dir is like filepath.Dir but returns "" instead of ".".
 func Dir(path string) string {
 	d := filepath.Dir(path)
diff --git a/internal/nametransform/names.go b/internal/nametransform/names.go
index 22e639a..33128b9 100644
--- a/internal/nametransform/names.go
+++ b/internal/nametransform/names.go
@@ -74,11 +74,10 @@ func (n *NameTransform) DecryptName(cipherName string, iv []byte) (string, error
 }
 
 // EncryptName encrypts "plainName", returns a base64-encoded "cipherName64".
-// Used internally by EncryptPathDirIV().
 // The encryption is either CBC or EME, depending on "useEME".
 //
-// This function is exported because fusefrontend needs access to the full (not hashed)
-// name if longname is used. Otherwise you should use EncryptPathDirIV()
+// This function is exported because in some cases, fusefrontend needs access
+// to the full (not hashed) name if longname is used.
 func (n *NameTransform) EncryptName(plainName string, iv []byte) (cipherName64 string) {
 	bin := []byte(plainName)
 	bin = pad16(bin)