diff options
author | Jakob Unterwurzacher | 2015-09-08 00:54:24 +0200 |
---|---|---|
committer | Jakob Unterwurzacher | 2015-09-08 00:55:03 +0200 |
commit | 889ae900814aac1c17c38a76882b1aafa5744be6 (patch) | |
tree | 67b5c1e873574e208971ec6f98fa5febb76f3fa7 /pathfs_frontend | |
parent | b65882985dd7aa3ea7ae76c49d592ff30b353a8b (diff) |
Add pathfs frontend (uses go-fuse instead of bazil-fuse), part I
Currently fails main_test.go, will be fixed in part II
Diffstat (limited to 'pathfs_frontend')
-rw-r--r-- | pathfs_frontend/file.go | 235 | ||||
-rw-r--r-- | pathfs_frontend/fs.go | 166 |
2 files changed, 401 insertions, 0 deletions
diff --git a/pathfs_frontend/file.go b/pathfs_frontend/file.go new file mode 100644 index 0000000..8b6d61d --- /dev/null +++ b/pathfs_frontend/file.go @@ -0,0 +1,235 @@ +package pathfs_frontend + +import ( + "io" + "bytes" + "fmt" + "os" + "sync" + "syscall" + "time" + + "github.com/hanwen/go-fuse/fuse" + "github.com/hanwen/go-fuse/fuse/nodefs" + "github.com/rfjakob/gocryptfs/cryptfs" +) + +// File - based on loopbackFile in go-fuse/fuse/nodefs/files.go +type file struct { + fd *os.File + + // os.File is not threadsafe. Although fd themselves are + // constant during the lifetime of an open file, the OS may + // reuse the fd number after it is closed. When open races + // with another close, they may lead to confusion as which + // file gets written in the end. + lock sync.Mutex + + // Was the file opened O_WRONLY? + writeOnly bool + + // Parent CryptFS + cfs *cryptfs.CryptFS +} + +func NewFile(fd *os.File, writeOnly bool, cfs *cryptfs.CryptFS) nodefs.File { + return &file{ + fd: fd, + writeOnly: writeOnly, + cfs: cfs, + } +} + +func (f *file) InnerFile() nodefs.File { + return nil +} + +func (f *file) SetInode(n *nodefs.Inode) { +} + +func (f *file) String() string { + return fmt.Sprintf("cryptFile(%s)", f.fd.Name()) +} + +// Read - FUSE call +func (f *file) Read(buf []byte, off int64) (resultData fuse.ReadResult, code fuse.Status) { + cryptfs.Debug.Printf("\n\nGot read request: len=%d off=%d\n", len(buf), off) + + if f.writeOnly { + return nil, fuse.EBADF + } + + // Read the backing ciphertext in one go + alignedOffset, alignedLength, skip := f.cfs.CiphertextRange(uint64(off), uint64(len(buf))) + ciphertext := make([]byte, int(alignedLength)) + _, err := f.fd.ReadAt(ciphertext, int64(alignedOffset)) + if err != nil && err != io.EOF { + cryptfs.Warn.Printf("Read error: %s\n", err.Error()) + return nil, fuse.ToStatus(err) + } + + // Decrypt it + plaintext, err := f.cfs.DecryptBlocks(ciphertext) + if err != nil { + cryptfs.Warn.Printf("Decryption error: %s\n", err.Error()) + return nil, fuse.EIO + } + + // Crop down to the relevant part + var out []byte + lenHave := len(plaintext) + lenWant := skip + len(buf) + if lenHave > lenWant { + out = plaintext[skip:skip + len(buf)] + } else if lenHave > skip { + out = plaintext[skip:lenHave] + } + // else: out stays empty + + fmt.Printf("Read: returning %d bytes\n", len(plaintext)) + + return fuse.ReadResultData(out), fuse.OK +} + +// Write - FUSE call +func (f *file) Write(data []byte, off int64) (uint32, fuse.Status) { + var written uint32 + var status fuse.Status + dataBuf := bytes.NewBuffer(data) + blocks := f.cfs.SplitRange(uint64(off), uint64(len(data))) + for _, b := range(blocks) { + + blockData := dataBuf.Next(int(b.Length)) + + // Incomplete block -> Read-Modify-Write + if b.IsPartial() { + // Read + oldData := make([]byte, f.cfs.PlainBS()) + o, _ := b.PlaintextRange() + res, status := f.Read(oldData, int64(o)) + oldData, _ = res.Bytes(oldData) + if status != fuse.OK { + return written, status + } + // Modify + blockData = f.cfs.MergeBlocks(oldData, blockData, int(b.Offset)) + } + // Write + blockOffset, _ := b.CiphertextRange() + blockData = f.cfs.EncryptBlock(blockData) + _, err := f.fd.WriteAt(blockData, int64(blockOffset)) + + if err != nil { + cryptfs.Warn.Printf("Write failed: %s\n", err.Error()) + status = fuse.ToStatus(err) + break + } + written += uint32(b.Length) + } + + return written, status +} + +// Release - FUSE call, forget file +func (f *file) Release() { + f.lock.Lock() + f.fd.Close() + f.lock.Unlock() +} + +// Flush - FUSE call +func (f *file) Flush() fuse.Status { + f.lock.Lock() + + // Since Flush() may be called for each dup'd fd, we don't + // want to really close the file, we just want to flush. This + // is achieved by closing a dup'd fd. + newFd, err := syscall.Dup(int(f.fd.Fd())) + f.lock.Unlock() + + if err != nil { + return fuse.ToStatus(err) + } + err = syscall.Close(newFd) + return fuse.ToStatus(err) +} + +func (f *file) Fsync(flags int) (code fuse.Status) { + f.lock.Lock() + r := fuse.ToStatus(syscall.Fsync(int(f.fd.Fd()))) + f.lock.Unlock() + + return r +} + +func (f *file) Truncate(size uint64) fuse.Status { + f.lock.Lock() + r := fuse.ToStatus(syscall.Ftruncate(int(f.fd.Fd()), int64(size))) + f.lock.Unlock() + + return r +} + +func (f *file) Chmod(mode uint32) fuse.Status { + f.lock.Lock() + r := fuse.ToStatus(f.fd.Chmod(os.FileMode(mode))) + f.lock.Unlock() + + return r +} + +func (f *file) Chown(uid uint32, gid uint32) fuse.Status { + f.lock.Lock() + r := fuse.ToStatus(f.fd.Chown(int(uid), int(gid))) + f.lock.Unlock() + + return r +} + +func (f *file) GetAttr(a *fuse.Attr) fuse.Status { + st := syscall.Stat_t{} + f.lock.Lock() + err := syscall.Fstat(int(f.fd.Fd()), &st) + f.lock.Unlock() + if err != nil { + return fuse.ToStatus(err) + } + a.FromStat(&st) + + return fuse.OK +} + +func (f *file) Allocate(off uint64, sz uint64, mode uint32) fuse.Status { + f.lock.Lock() + err := syscall.Fallocate(int(f.fd.Fd()), mode, int64(off), int64(sz)) + f.lock.Unlock() + if err != nil { + return fuse.ToStatus(err) + } + return fuse.OK +} + +const _UTIME_NOW = ((1 << 30) - 1) +const _UTIME_OMIT = ((1 << 30) - 2) + +func (f *file) Utimens(a *time.Time, m *time.Time) fuse.Status { + tv := make([]syscall.Timeval, 2) + if a == nil { + tv[0].Usec = _UTIME_OMIT + } else { + n := a.UnixNano() + tv[0] = syscall.NsecToTimeval(n) + } + + if m == nil { + tv[1].Usec = _UTIME_OMIT + } else { + n := a.UnixNano() + tv[1] = syscall.NsecToTimeval(n) + } + + f.lock.Lock() + err := syscall.Futimes(int(f.fd.Fd()), tv) + f.lock.Unlock() + return fuse.ToStatus(err) +} diff --git a/pathfs_frontend/fs.go b/pathfs_frontend/fs.go new file mode 100644 index 0000000..2f73462 --- /dev/null +++ b/pathfs_frontend/fs.go @@ -0,0 +1,166 @@ +package pathfs_frontend + +import ( + "os" + "path/filepath" + "time" + "fmt" + + "github.com/hanwen/go-fuse/fuse" + "github.com/hanwen/go-fuse/fuse/nodefs" + "github.com/hanwen/go-fuse/fuse/pathfs" + "github.com/rfjakob/gocryptfs/cryptfs" +) + +type FS struct { + *cryptfs.CryptFS + pathfs.FileSystem // loopbackFileSystem + backing string // Backing directory +} + +// Encrypted FUSE overlay filesystem +func NewFS(key [16]byte, backing string, useOpenssl bool) *FS { + return &FS{ + CryptFS: cryptfs.NewCryptFS(key, useOpenssl), + FileSystem: pathfs.NewLoopbackFileSystem(backing), + backing: backing, + + } +} + +// GetPath - get the absolute path of the backing file +func (fs *FS) GetPath(relPath string) string { + return filepath.Join(fs.backing, fs.EncryptPath(relPath)) +} + +func (fs *FS) GetAttr(name string, context *fuse.Context) (*fuse.Attr, fuse.Status) { + a, status := fs.FileSystem.GetAttr(fs.EncryptPath(name), context) + if a == nil { + return a, status + } + + a.Size = fs.PlainSize(a.Size) + return a, status +} + +func (fs *FS) OpenDir(name string, context *fuse.Context) ([]fuse.DirEntry, fuse.Status) { + cipherEntries, status := fs.FileSystem.OpenDir(fs.EncryptPath(name), context); + var plain []fuse.DirEntry + var skipped int + if cipherEntries != nil { + for i := range cipherEntries { + n, err := fs.DecryptPath(cipherEntries[i].Name) + if err != nil { + fmt.Printf("Skipping invalid filename \"%s\": %s\n", cipherEntries[i].Name, err) + skipped++ + continue + } + cipherEntries[i].Name = n + plain = append(plain, cipherEntries[i]) + } + } + return plain, status +} + +// We always need read access to do read-modify-write cycles +func (fs *FS) mangleOpenFlags(flags uint32) (newFlags int, writeOnly bool) { + newFlags = int(flags) + if newFlags & os.O_WRONLY > 0 { + writeOnly = true + newFlags = newFlags ^ os.O_WRONLY | os.O_RDWR + } + // We also cannot open the file in append mode, we need to seek back for RMW + newFlags = newFlags &^ os.O_APPEND + + return newFlags, writeOnly +} + +func (fs *FS) Open(name string, flags uint32, context *fuse.Context) (fuseFile nodefs.File, status fuse.Status) { + cryptfs.Debug.Printf("Open(%s)\n", name) + + iflags, writeOnly := fs.mangleOpenFlags(flags) + f, err := os.OpenFile(fs.GetPath(name), iflags, 0666) + if err != nil { + return nil, fuse.ToStatus(err) + } + + return NewFile(f, writeOnly, fs.CryptFS), fuse.OK +} + +func (fs *FS) Create(path string, flags uint32, mode uint32, context *fuse.Context) (fuseFile nodefs.File, code fuse.Status) { + iflags, writeOnly := fs.mangleOpenFlags(flags) + f, err := os.OpenFile(fs.GetPath(path), iflags|os.O_CREATE, os.FileMode(mode)) + if err != nil { + return nil, fuse.ToStatus(err) + } + return NewFile(f, writeOnly, fs.CryptFS), fuse.OK +} + +func (fs *FS) Chmod(path string, mode uint32, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Chmod(fs.EncryptPath(path), mode, context) +} + +func (fs *FS) Chown(path string, uid uint32, gid uint32, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Chmod(fs.EncryptPath(path), gid, context) +} + +func (fs *FS) Truncate(path string, offset uint64, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Truncate(fs.EncryptPath(path), offset, context) +} + +func (fs *FS) Utimens(path string, Atime *time.Time, Mtime *time.Time, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Utimens(fs.EncryptPath(path), Atime, Mtime, context) +} + +func (fs *FS) Readlink(name string, context *fuse.Context) (out string, code fuse.Status) { + return fs.FileSystem.Readlink(fs.EncryptPath(name), context) +} + +func (fs *FS) Mknod(name string, mode uint32, dev uint32, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Mknod(fs.EncryptPath(name), mode, dev, context) +} + +func (fs *FS) Mkdir(path string, mode uint32, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Mkdir(fs.EncryptPath(path), mode, context) +} + +func (fs *FS) Unlink(name string, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Unlink(fs.EncryptPath(name), context) +} + +func (fs *FS) Rmdir(name string, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Rmdir(fs.EncryptPath(name), context) +} + +func (fs *FS) Symlink(pointedTo string, linkName string, context *fuse.Context) (code fuse.Status) { + // TODO symlink encryption + return fs.FileSystem.Symlink(fs.EncryptPath(pointedTo), fs.EncryptPath(linkName), context) +} + +func (fs *FS) Rename(oldPath string, newPath string, context *fuse.Context) (codee fuse.Status) { + return fs.FileSystem.Rename(fs.EncryptPath(oldPath), fs.EncryptPath(newPath), context) +} + +func (fs *FS) Link(orig string, newName string, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Link(fs.EncryptPath(orig), fs.EncryptPath(newName), context) +} + +func (fs *FS) Access(name string, mode uint32, context *fuse.Context) (code fuse.Status) { + return fs.FileSystem.Access(fs.EncryptPath(name), mode, context) +} + +func (fs *FS) GetXAttr(name string, attr string, context *fuse.Context) ([]byte, fuse.Status) { + return nil, fuse.ENOSYS +} + +func (fs *FS) SetXAttr(name string, attr string, data []byte, flags int, context *fuse.Context) fuse.Status { + return fuse.ENOSYS +} + +func (fs *FS) ListXAttr(name string, context *fuse.Context) ([]string, fuse.Status) { + return nil, fuse.ENOSYS +} + +func (fs *FS) RemoveXAttr(name string, attr string, context *fuse.Context) fuse.Status { + return fuse.ENOSYS +} |