Add pathfs frontend (uses go-fuse instead of bazil-fuse), part I

Currently fails main_test.go, will be fixed in part II

2 files changed, 401 insertions, 0 deletions

diff --git a/pathfs_frontend/file.go b/pathfs_frontend/file.go
new file mode 100644
index 0000000..8b6d61d
--- /dev/null
+++ b/pathfs_frontend/file.go
@@ -0,0 +1,235 @@
+package pathfs_frontend
+
+import (
+	"io"
+	"bytes"
+	"fmt"
+	"os"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/hanwen/go-fuse/fuse"
+	"github.com/hanwen/go-fuse/fuse/nodefs"
+	"github.com/rfjakob/gocryptfs/cryptfs"
+)
+
+// File - based on loopbackFile in go-fuse/fuse/nodefs/files.go
+type file struct {
+	fd *os.File
+
+	// os.File is not threadsafe. Although fd themselves are
+	// constant during the lifetime of an open file, the OS may
+	// reuse the fd number after it is closed. When open races
+	// with another close, they may lead to confusion as which
+	// file gets written in the end.
+	lock sync.Mutex
+
+	// Was the file opened O_WRONLY?
+	writeOnly bool
+
+	// Parent CryptFS
+	cfs *cryptfs.CryptFS
+}
+
+func NewFile(fd *os.File, writeOnly bool, cfs *cryptfs.CryptFS) nodefs.File {
+	return &file{
+		fd: fd,
+		writeOnly: writeOnly,
+		cfs: cfs,
+	}
+}
+
+func (f *file) InnerFile() nodefs.File {
+	return nil
+}
+
+func (f *file) SetInode(n *nodefs.Inode) {
+}
+
+func (f *file) String() string {
+	return fmt.Sprintf("cryptFile(%s)", f.fd.Name())
+}
+
+// Read - FUSE call
+func (f *file) Read(buf []byte, off int64) (resultData fuse.ReadResult, code fuse.Status) {
+	cryptfs.Debug.Printf("\n\nGot read request: len=%d off=%d\n", len(buf), off)
+
+	if f.writeOnly {
+		return nil, fuse.EBADF
+	}
+
+	// Read the backing ciphertext in one go
+	alignedOffset, alignedLength, skip := f.cfs.CiphertextRange(uint64(off), uint64(len(buf)))
+	ciphertext := make([]byte, int(alignedLength))
+	_, err := f.fd.ReadAt(ciphertext, int64(alignedOffset))
+	if err != nil && err != io.EOF {
+		cryptfs.Warn.Printf("Read error: %s\n", err.Error())
+		return nil, fuse.ToStatus(err)
+	}
+
+	// Decrypt it
+	plaintext, err := f.cfs.DecryptBlocks(ciphertext)
+	if err != nil {
+		cryptfs.Warn.Printf("Decryption error: %s\n", err.Error())
+		return nil, fuse.EIO
+	}
+
+	// Crop down to the relevant part
+	var out []byte
+	lenHave := len(plaintext)
+	lenWant := skip + len(buf)
+	if lenHave > lenWant {
+		out = plaintext[skip:skip + len(buf)]
+	} else if lenHave > skip {
+		out = plaintext[skip:lenHave]
+	}
+	// else: out stays empty
+
+	fmt.Printf("Read: returning %d bytes\n", len(plaintext))
+
+	return fuse.ReadResultData(out), fuse.OK
+}
+
+// Write - FUSE call
+func (f *file) Write(data []byte, off int64) (uint32, fuse.Status) {
+	var written uint32
+	var status fuse.Status
+	dataBuf := bytes.NewBuffer(data)
+	blocks := f.cfs.SplitRange(uint64(off), uint64(len(data)))
+	for _, b := range(blocks) {
+
+		blockData := dataBuf.Next(int(b.Length))
+
+		// Incomplete block -> Read-Modify-Write
+		if b.IsPartial() {
+			// Read
+			oldData := make([]byte, f.cfs.PlainBS())
+			o, _ := b.PlaintextRange()
+			res, status := f.Read(oldData, int64(o))
+			oldData, _ = res.Bytes(oldData)
+			if status != fuse.OK {
+				return written, status
+			}
+			// Modify
+			blockData = f.cfs.MergeBlocks(oldData, blockData, int(b.Offset))
+		}
+		// Write
+		blockOffset, _ := b.CiphertextRange()
+		blockData = f.cfs.EncryptBlock(blockData)
+		_, err := f.fd.WriteAt(blockData, int64(blockOffset))
+
+		if err != nil {
+			cryptfs.Warn.Printf("Write failed: %s\n", err.Error())
+			status = fuse.ToStatus(err)
+			break
+		}
+		written += uint32(b.Length)
+	}
+
+	return written, status
+}
+
+// Release - FUSE call, forget file
+func (f *file) Release() {
+	f.lock.Lock()
+	f.fd.Close()
+	f.lock.Unlock()
+}
+
+// Flush - FUSE call
+func (f *file) Flush() fuse.Status {
+	f.lock.Lock()
+
+	// Since Flush() may be called for each dup'd fd, we don't
+	// want to really close the file, we just want to flush. This
+	// is achieved by closing a dup'd fd.
+	newFd, err := syscall.Dup(int(f.fd.Fd()))
+	f.lock.Unlock()
+
+	if err != nil {
+		return fuse.ToStatus(err)
+	}
+	err = syscall.Close(newFd)
+	return fuse.ToStatus(err)
+}
+
+func (f *file) Fsync(flags int) (code fuse.Status) {
+	f.lock.Lock()
+	r := fuse.ToStatus(syscall.Fsync(int(f.fd.Fd())))
+	f.lock.Unlock()
+
+	return r
+}
+
+func (f *file) Truncate(size uint64) fuse.Status {
+	f.lock.Lock()
+	r := fuse.ToStatus(syscall.Ftruncate(int(f.fd.Fd()), int64(size)))
+	f.lock.Unlock()
+
+	return r
+}
+
+func (f *file) Chmod(mode uint32) fuse.Status {
+	f.lock.Lock()
+	r := fuse.ToStatus(f.fd.Chmod(os.FileMode(mode)))
+	f.lock.Unlock()
+
+	return r
+}
+
+func (f *file) Chown(uid uint32, gid uint32) fuse.Status {
+	f.lock.Lock()
+	r := fuse.ToStatus(f.fd.Chown(int(uid), int(gid)))
+	f.lock.Unlock()
+
+	return r
+}
+
+func (f *file) GetAttr(a *fuse.Attr) fuse.Status {
+	st := syscall.Stat_t{}
+	f.lock.Lock()
+	err := syscall.Fstat(int(f.fd.Fd()), &st)
+	f.lock.Unlock()
+	if err != nil {
+		return fuse.ToStatus(err)
+	}
+	a.FromStat(&st)
+
+	return fuse.OK
+}
+
+func (f *file) Allocate(off uint64, sz uint64, mode uint32) fuse.Status {
+	f.lock.Lock()
+	err := syscall.Fallocate(int(f.fd.Fd()), mode, int64(off), int64(sz))
+	f.lock.Unlock()
+	if err != nil {
+		return fuse.ToStatus(err)
+	}
+	return fuse.OK
+}
+
+const _UTIME_NOW = ((1 << 30) - 1)
+const _UTIME_OMIT = ((1 << 30) - 2)
+
+func (f *file) Utimens(a *time.Time, m *time.Time) fuse.Status {
+	tv := make([]syscall.Timeval, 2)
+	if a == nil {
+		tv[0].Usec = _UTIME_OMIT
+	} else {
+		n := a.UnixNano()
+		tv[0] = syscall.NsecToTimeval(n)
+	}
+
+	if m == nil {
+		tv[1].Usec = _UTIME_OMIT
+	} else {
+		n := a.UnixNano()
+		tv[1] = syscall.NsecToTimeval(n)
+	}
+
+	f.lock.Lock()
+	err := syscall.Futimes(int(f.fd.Fd()), tv)
+	f.lock.Unlock()
+	return fuse.ToStatus(err)
+}
diff --git a/pathfs_frontend/fs.go b/pathfs_frontend/fs.go
new file mode 100644
index 0000000..2f73462
--- /dev/null
+++ b/pathfs_frontend/fs.go
@@ -0,0 +1,166 @@
+package pathfs_frontend
+
+import (
+	"os"
+	"path/filepath"
+	"time"
+	"fmt"
+
+	"github.com/hanwen/go-fuse/fuse"
+	"github.com/hanwen/go-fuse/fuse/nodefs"
+	"github.com/hanwen/go-fuse/fuse/pathfs"
+	"github.com/rfjakob/gocryptfs/cryptfs"
+)
+
+type FS struct {
+	*cryptfs.CryptFS
+	pathfs.FileSystem    // loopbackFileSystem
+	backing string       // Backing directory
+}
+
+// Encrypted FUSE overlay filesystem
+func NewFS(key [16]byte, backing string, useOpenssl bool) *FS {
+	return &FS{
+		CryptFS:     cryptfs.NewCryptFS(key, useOpenssl),
+		FileSystem:  pathfs.NewLoopbackFileSystem(backing),
+		backing:     backing,
+
+	}
+}
+
+// GetPath - get the absolute path of the backing file
+func (fs *FS) GetPath(relPath string) string {
+	return filepath.Join(fs.backing, fs.EncryptPath(relPath))
+}
+
+func (fs *FS) GetAttr(name string, context *fuse.Context) (*fuse.Attr, fuse.Status) {
+	a, status := fs.FileSystem.GetAttr(fs.EncryptPath(name), context)
+	if a == nil {
+		return a, status
+	}
+
+	a.Size = fs.PlainSize(a.Size)
+	return a, status
+}
+
+func (fs *FS) OpenDir(name string, context *fuse.Context) ([]fuse.DirEntry, fuse.Status) {
+	cipherEntries, status := fs.FileSystem.OpenDir(fs.EncryptPath(name), context);
+	var plain []fuse.DirEntry
+	var skipped int
+	if cipherEntries != nil {
+		for i := range cipherEntries {
+			n, err := fs.DecryptPath(cipherEntries[i].Name)
+			if err != nil {
+				fmt.Printf("Skipping invalid filename \"%s\": %s\n", cipherEntries[i].Name, err)
+				skipped++
+				continue
+			}
+			cipherEntries[i].Name = n
+			plain = append(plain, cipherEntries[i])
+		}
+	}
+	return plain, status
+}
+
+// We always need read access to do read-modify-write cycles
+func (fs *FS) mangleOpenFlags(flags uint32) (newFlags int, writeOnly bool) {
+	newFlags = int(flags)
+	if newFlags & os.O_WRONLY > 0 {
+		writeOnly = true
+		newFlags = newFlags ^ os.O_WRONLY | os.O_RDWR
+	}
+	// We also cannot open the file in append mode, we need to seek back for RMW
+	newFlags = newFlags &^ os.O_APPEND
+
+	return newFlags, writeOnly
+}
+
+func (fs *FS) Open(name string, flags uint32, context *fuse.Context) (fuseFile nodefs.File, status fuse.Status) {
+	cryptfs.Debug.Printf("Open(%s)\n", name)
+
+	iflags, writeOnly := fs.mangleOpenFlags(flags)
+	f, err := os.OpenFile(fs.GetPath(name), iflags, 0666)
+	if err != nil {
+		return nil, fuse.ToStatus(err)
+	}
+
+	return NewFile(f, writeOnly, fs.CryptFS), fuse.OK
+}
+
+func (fs *FS) Create(path string, flags uint32, mode uint32, context *fuse.Context) (fuseFile nodefs.File, code fuse.Status) {
+	iflags, writeOnly := fs.mangleOpenFlags(flags)
+	f, err := os.OpenFile(fs.GetPath(path), iflags|os.O_CREATE, os.FileMode(mode))
+	if err != nil {
+		return nil, fuse.ToStatus(err)
+	}
+	return NewFile(f, writeOnly, fs.CryptFS), fuse.OK
+}
+
+func (fs *FS) Chmod(path string, mode uint32, context *fuse.Context) (code fuse.Status) {
+	return fs.FileSystem.Chmod(fs.EncryptPath(path), mode, context)
+}
+
+func (fs *FS) Chown(path string, uid uint32, gid uint32, context *fuse.Context) (code fuse.Status) {
+	return fs.FileSystem.Chmod(fs.EncryptPath(path), gid, context)
+}
+
+func (fs *FS) Truncate(path string, offset uint64, context *fuse.Context) (code fuse.Status) {
+	return fs.FileSystem.Truncate(fs.EncryptPath(path), offset, context)
+}
+
+func (fs *FS) Utimens(path string, Atime *time.Time, Mtime *time.Time, context *fuse.Context) (code fuse.Status) {
+	return fs.FileSystem.Utimens(fs.EncryptPath(path), Atime, Mtime, context)
+}
+
+func (fs *FS) Readlink(name string, context *fuse.Context) (out string, code fuse.Status) {
+	return fs.FileSystem.Readlink(fs.EncryptPath(name), context)
+}
+
+func (fs *FS) Mknod(name string, mode uint32, dev uint32, context *fuse.Context) (code fuse.Status) {
+	return fs.FileSystem.Mknod(fs.EncryptPath(name), mode, dev, context)
+}
+
+func (fs *FS) Mkdir(path string, mode uint32, context *fuse.Context) (code fuse.Status) {
+	return fs.FileSystem.Mkdir(fs.EncryptPath(path), mode, context)
+}
+
+func (fs *FS) Unlink(name string, context *fuse.Context) (code fuse.Status) {
+	return fs.FileSystem.Unlink(fs.EncryptPath(name), context)
+}
+
+func (fs *FS) Rmdir(name string, context *fuse.Context) (code fuse.Status) {
+	return fs.FileSystem.Rmdir(fs.EncryptPath(name), context)
+}
+
+func (fs *FS) Symlink(pointedTo string, linkName string, context *fuse.Context) (code fuse.Status) {
+	// TODO symlink encryption
+	return fs.FileSystem.Symlink(fs.EncryptPath(pointedTo), fs.EncryptPath(linkName), context)
+}
+
+func (fs *FS) Rename(oldPath string, newPath string, context *fuse.Context) (codee fuse.Status) {
+	return fs.FileSystem.Rename(fs.EncryptPath(oldPath), fs.EncryptPath(newPath), context)
+}
+
+func (fs *FS) Link(orig string, newName string, context *fuse.Context) (code fuse.Status) {
+	return fs.FileSystem.Link(fs.EncryptPath(orig), fs.EncryptPath(newName), context)
+}
+
+func (fs *FS) Access(name string, mode uint32, context *fuse.Context) (code fuse.Status) {
+	return fs.FileSystem.Access(fs.EncryptPath(name), mode, context)
+}
+
+func (fs *FS) GetXAttr(name string, attr string, context *fuse.Context) ([]byte, fuse.Status) {
+	return nil, fuse.ENOSYS
+}
+
+func (fs *FS) SetXAttr(name string, attr string, data []byte, flags int, context *fuse.Context) fuse.Status {
+	return fuse.ENOSYS
+}
+
+func (fs *FS) ListXAttr(name string, context *fuse.Context) ([]string, fuse.Status) {
+	return nil, fuse.ENOSYS
+}
+
+func (fs *FS) RemoveXAttr(name string, attr string, context *fuse.Context) fuse.Status {
+	return fuse.ENOSYS
+}