summaryrefslogtreecommitdiff
path: root/pathfs_frontend/fs.go
diff options
context:
space:
mode:
authorJakob Unterwurzacher2015-11-25 19:30:32 +0100
committerJakob Unterwurzacher2015-11-25 20:57:16 +0100
commit4d466c3412918346144dff609d8f706c6f002581 (patch)
tree2624a1b9573295e6f70df6eb74be5d0f241436e7 /pathfs_frontend/fs.go
parentd8bf6e7836a22c755fa0881f89d482b5e8f47e29 (diff)
diriv: Create gocryptfs.diriv in every directory
Diffstat (limited to 'pathfs_frontend/fs.go')
-rw-r--r--pathfs_frontend/fs.go39
1 files changed, 32 insertions, 7 deletions
diff --git a/pathfs_frontend/fs.go b/pathfs_frontend/fs.go
index c0a3a41..3d6d79c 100644
--- a/pathfs_frontend/fs.go
+++ b/pathfs_frontend/fs.go
@@ -1,7 +1,8 @@
package pathfs_frontend
import (
- "fmt"
+ "syscall"
+ "io/ioutil"
"os"
"path/filepath"
"time"
@@ -14,7 +15,7 @@ import (
type FS struct {
*cryptfs.CryptFS
- pathfs.FileSystem // loopbackFileSystem
+ pathfs.FileSystem // loopbackFileSystem, see go-fuse/fuse/pathfs/loopback.go
backing string // Backing directory
}
@@ -27,7 +28,8 @@ func NewFS(key []byte, backing string, useOpenssl bool, plaintextNames bool) *FS
}
}
-// GetPath - get the absolute path of the backing file
+// GetPath - get the absolute encrypted path of the backing file
+// from the relative plaintext path "relPath"
func (fs *FS) GetPath(relPath string) string {
return filepath.Join(fs.backing, fs.EncryptPath(relPath))
}
@@ -63,9 +65,13 @@ func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, f
// silently ignore "gocryptfs.conf" in the top level dir
continue
}
+ if cName == cryptfs.DIRIV_FILENAME {
+ // silently ignore "gocryptfs.diriv" everywhere
+ continue
+ }
name, err := fs.DecryptPath(cName)
if err != nil {
- fmt.Printf("Invalid name \"%s\" in dir \"%s\": %s\n", cName, name, err)
+ cryptfs.Warn.Printf("Invalid name \"%s\" in dir \"%s\": %s\n", cName, dirName, err)
continue
}
cipherEntries[i].Name = name
@@ -160,11 +166,30 @@ func (fs *FS) Readlink(name string, context *fuse.Context) (out string, status f
return dstPlain, status
}
-func (fs *FS) Mkdir(path string, mode uint32, context *fuse.Context) (code fuse.Status) {
- if fs.CryptFS.IsFiltered(path) {
+func (fs *FS) Mkdir(relPath string, mode uint32, context *fuse.Context) (code fuse.Status) {
+ if fs.CryptFS.IsFiltered(relPath) {
return fuse.EPERM
}
- return fs.FileSystem.Mkdir(fs.EncryptPath(path), mode, context)
+ encPath := fs.GetPath(relPath)
+ diriv := cryptfs.RandBytes(cryptfs.DIRIV_LEN)
+ dirivPath := filepath.Join(encPath, cryptfs.DIRIV_FILENAME)
+ // Create directory
+ err := os.Mkdir(encPath, os.FileMode(mode))
+ if err != nil {
+ return fuse.ToStatus(err)
+ }
+ // Create gocryptfs.diriv inside
+ // 0444 permissions: the file is not secret but should not be written to
+ err = ioutil.WriteFile(dirivPath, diriv, 0444)
+ if err != nil {
+ cryptfs.Warn.Printf("Creating %s in dir %s failed: %v\n", cryptfs.DIRIV_FILENAME, encPath, err)
+ err2 := syscall.Rmdir(encPath)
+ if err2 != nil {
+ cryptfs.Warn.Printf("Removing broken directory failed: %v\n", err2)
+ }
+ return fuse.ToStatus(err)
+ }
+ return fuse.OK
}
func (fs *FS) Unlink(name string, context *fuse.Context) (code fuse.Status) {