aboutsummaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
authorJakob Unterwurzacher2018-08-11 23:26:49 +0200
committerJakob Unterwurzacher2018-08-11 23:26:49 +0200
commitec2fdc19cf9358ae7ba09c528a5807b6b0760f9b (patch)
tree1a9a26d9f70ac26f3df2c44a6e5ed6ff9108ab76 /internal
parenteaa5aecd422bc4f6b01b6257383521ad512e08f7 (diff)
reverse mode: add --exclude option
https://github.com/rfjakob/gocryptfs/issues/235
Diffstat (limited to 'internal')
-rw-r--r--internal/exitcodes/exitcodes.go2
-rw-r--r--internal/fusefrontend/args.go2
-rw-r--r--internal/fusefrontend/fs.go3
-rw-r--r--internal/fusefrontend_reverse/rfile.go6
-rw-r--r--internal/fusefrontend_reverse/rfs.go74
5 files changed, 85 insertions, 2 deletions
diff --git a/internal/exitcodes/exitcodes.go b/internal/exitcodes/exitcodes.go
index 3fbfdc6..b8173c7 100644
--- a/internal/exitcodes/exitcodes.go
+++ b/internal/exitcodes/exitcodes.go
@@ -68,6 +68,8 @@ const (
// TrezorError - an error was encountered while interacting with a Trezor
// device
TrezorError = 28
+ // ExcludeError - an error occoured while processing "-exclude"
+ ExcludeError = 29
)
// Err wraps an error with an associated numeric exit code
diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go
index 8a64e99..5fb72cd 100644
--- a/internal/fusefrontend/args.go
+++ b/internal/fusefrontend/args.go
@@ -30,4 +30,6 @@ type Args struct {
SerializeReads bool
// Force decode even if integrity check fails (openSSL only)
ForceDecode bool
+ // Exclude is a list of paths to make inaccessible
+ Exclude []string
}
diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go
index 23f5513..45b5b40 100644
--- a/internal/fusefrontend/fs.go
+++ b/internal/fusefrontend/fs.go
@@ -56,6 +56,9 @@ func NewFS(args Args, c *contentenc.ContentEnc, n *nametransform.NameTransform)
if args.SerializeReads {
serialize_reads.InitSerializer()
}
+ if len(args.Exclude) > 0 {
+ tlog.Warn.Printf("Forward mode does not support -exclude")
+ }
return &FS{
FileSystem: pathfs.NewLoopbackFileSystem(args.Cipherdir),
args: args,
diff --git a/internal/fusefrontend_reverse/rfile.go b/internal/fusefrontend_reverse/rfile.go
index 26756a3..7df0906 100644
--- a/internal/fusefrontend_reverse/rfile.go
+++ b/internal/fusefrontend_reverse/rfile.go
@@ -36,6 +36,12 @@ var inodeTable syncmap.Map
// newFile decrypts and opens the path "relPath" and returns a reverseFile
// object. The backing file descriptor is always read-only.
func (rfs *ReverseFS) newFile(relPath string) (*reverseFile, fuse.Status) {
+ if rfs.isExcluded(relPath) {
+ // Excluded paths should have been filtered out beforehand. Better safe
+ // than sorry.
+ tlog.Warn.Printf("BUG: newFile: received excluded path %q. This should not happen.", relPath)
+ return nil, fuse.ENOENT
+ }
pRelPath, err := rfs.decryptPath(relPath)
if err != nil {
return nil, fuse.ToStatus(err)
diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go
index 829983b..ba8810c 100644
--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@@ -2,7 +2,9 @@ package fusefrontend_reverse
import (
"fmt"
+ "os"
"path/filepath"
+ "strings"
"syscall"
"golang.org/x/sys/unix"
@@ -14,6 +16,8 @@ import (
"github.com/rfjakob/gocryptfs/internal/configfile"
"github.com/rfjakob/gocryptfs/internal/contentenc"
"github.com/rfjakob/gocryptfs/internal/cryptocore"
+ "github.com/rfjakob/gocryptfs/internal/ctlsock"
+ "github.com/rfjakob/gocryptfs/internal/exitcodes"
"github.com/rfjakob/gocryptfs/internal/fusefrontend"
"github.com/rfjakob/gocryptfs/internal/nametransform"
"github.com/rfjakob/gocryptfs/internal/pathiv"
@@ -34,6 +38,8 @@ type ReverseFS struct {
nameTransform *nametransform.NameTransform
// Content encryption helper
contentEnc *contentenc.ContentEnc
+ // Relative ciphertext paths to exclude (hide) from the user. Used by -exclude.
+ cExclude []string
}
var _ pathfs.FileSystem = &ReverseFS{}
@@ -43,7 +49,7 @@ var _ pathfs.FileSystem = &ReverseFS{}
// ReverseFS provides an encrypted view.
func NewFS(args fusefrontend.Args, c *contentenc.ContentEnc, n *nametransform.NameTransform) *ReverseFS {
initLongnameCache()
- return &ReverseFS{
+ fs := &ReverseFS{
// pathfs.defaultFileSystem returns ENOSYS for all operations
FileSystem: pathfs.NewDefaultFileSystem(),
loopbackfs: pathfs.NewLoopbackFileSystem(args.Cipherdir),
@@ -51,6 +57,22 @@ func NewFS(args fusefrontend.Args, c *contentenc.ContentEnc, n *nametransform.Na
nameTransform: n,
contentEnc: c,
}
+ if len(args.Exclude) > 0 {
+ for _, dirty := range args.Exclude {
+ clean := ctlsock.SanitizePath(dirty)
+ if clean != dirty {
+ tlog.Warn.Printf("-exclude: non-canonical path %q has been interpreted as %q", dirty, clean)
+ }
+ cPath, err := fs.EncryptPath(clean)
+ if err != nil {
+ tlog.Fatal.Printf("-exclude: EncryptPath %q failed: %v", clean, err)
+ os.Exit(exitcodes.ExcludeError)
+ }
+ fs.cExclude = append(fs.cExclude, cPath)
+ }
+ tlog.Debug.Printf("-exclude: %v -> %v", fs.args.Exclude, fs.cExclude)
+ }
+ return fs
}
// relDir is identical to filepath.Dir excepts that it returns "" when
@@ -64,6 +86,21 @@ func relDir(path string) string {
return dir
}
+// isExcluded finds out if relative ciphertext path "relPath" is excluded
+// (used when -exclude is passed by the user)
+func (rfs *ReverseFS) isExcluded(relPath string) bool {
+ for _, e := range rfs.cExclude {
+ if e == relPath {
+ return true
+ }
+ // Files inside an excluded directory are also excluded
+ if strings.HasPrefix(relPath, e+"/") {
+ return true
+ }
+ }
+ return false
+}
+
// isDirIV determines if the path points to a gocryptfs.diriv file
func (rfs *ReverseFS) isDirIV(relPath string) bool {
if rfs.args.PlaintextNames {
@@ -99,6 +136,9 @@ func (rfs *ReverseFS) isTranslatedConfig(relPath string) bool {
// GetAttr - FUSE call
// "relPath" is the relative ciphertext path
func (rfs *ReverseFS) GetAttr(relPath string, context *fuse.Context) (*fuse.Attr, fuse.Status) {
+ if rfs.isExcluded(relPath) {
+ return nil, fuse.ENOENT
+ }
// Handle "gocryptfs.conf"
if rfs.isTranslatedConfig(relPath) {
absConfPath, _ := rfs.abs(configfile.ConfReverseName, nil)
@@ -180,6 +220,9 @@ func (rfs *ReverseFS) GetAttr(relPath string, context *fuse.Context) (*fuse.Attr
// Access - FUSE call
func (rfs *ReverseFS) Access(relPath string, mode uint32, context *fuse.Context) fuse.Status {
+ if rfs.isExcluded(relPath) {
+ return fuse.ENOENT
+ }
if rfs.isTranslatedConfig(relPath) || rfs.isDirIV(relPath) || rfs.isNameFile(relPath) {
// access(2) R_OK flag for checking if the file is readable, always 4 as defined in POSIX.
ROK := uint32(0x4)
@@ -203,6 +246,9 @@ func (rfs *ReverseFS) Access(relPath string, mode uint32, context *fuse.Context)
// Open - FUSE call
func (rfs *ReverseFS) Open(relPath string, flags uint32, context *fuse.Context) (fuseFile nodefs.File, status fuse.Status) {
+ if rfs.isExcluded(relPath) {
+ return nil, fuse.ENOENT
+ }
if rfs.isTranslatedConfig(relPath) {
return rfs.loopbackfs.Open(configfile.ConfReverseName, flags, context)
}
@@ -242,6 +288,9 @@ func (rfs *ReverseFS) openDirPlaintextnames(relPath string, entries []fuse.DirEn
// OpenDir - FUSE readdir call
func (rfs *ReverseFS) OpenDir(cipherPath string, context *fuse.Context) ([]fuse.DirEntry, fuse.Status) {
+ if rfs.isExcluded(cipherPath) {
+ return nil, fuse.ENOENT
+ }
relPath, err := rfs.decryptPath(cipherPath)
if err != nil {
return nil, fuse.ToStatus(err)
@@ -292,6 +341,21 @@ func (rfs *ReverseFS) OpenDir(cipherPath string, context *fuse.Context) ([]fuse.
}
entries[i].Name = cName
}
+ // Filter out excluded entries
+ if rfs.cExclude != nil {
+ filtered := make([]fuse.DirEntry, 0, len(entries))
+ for _, entry := range entries {
+ // filepath.Join handles the case of cipherPath="" correctly:
+ // Join("", "foo") -> "foo". This does not: cipherPath + "/" + name"
+ p := filepath.Join(cipherPath, entry.Name)
+ if rfs.isExcluded(p) {
+ // Skip file
+ continue
+ }
+ filtered = append(filtered, entry)
+ }
+ entries = filtered
+ }
entries = append(entries, virtualFiles[:nVirtual]...)
return entries, fuse.OK
}
@@ -301,7 +365,10 @@ func (rfs *ReverseFS) OpenDir(cipherPath string, context *fuse.Context) ([]fuse.
// Securing statfs against symlink races seems to be more trouble than
// it's worth, so we just ignore the path and always return info about the
// backing storage root dir.
-func (rfs *ReverseFS) StatFs(path string) *fuse.StatfsOut {
+func (rfs *ReverseFS) StatFs(relPath string) *fuse.StatfsOut {
+ if rfs.isExcluded(relPath) {
+ return nil
+ }
var s syscall.Statfs_t
err := syscall.Statfs(rfs.args.Cipherdir, &s)
if err != nil {
@@ -314,6 +381,9 @@ func (rfs *ReverseFS) StatFs(path string) *fuse.StatfsOut {
// Readlink - FUSE call
func (rfs *ReverseFS) Readlink(relPath string, context *fuse.Context) (string, fuse.Status) {
+ if rfs.isExcluded(relPath) {
+ return "", fuse.ENOENT
+ }
dirfd, name, err := rfs.openBackingDir(relPath)
if err != nil {
return "", fuse.ToStatus(err)