summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cryptfs/filter.go14
-rw-r--r--pathfs_frontend/fs.go68
2 files changed, 42 insertions, 40 deletions
diff --git a/cryptfs/filter.go b/cryptfs/filter.go
new file mode 100644
index 0000000..079b64f
--- /dev/null
+++ b/cryptfs/filter.go
@@ -0,0 +1,14 @@
+package cryptfs
+
+// IsFiltered - check if "path" should be forbidden
+//
+// Used to prevent name clashes with gocryptfs.conf
+// when file names are not encrypted
+func (be *CryptFS) IsFiltered(path string) bool {
+ // gocryptfs.conf in the root directory is forbidden
+ if be.plaintextNames == true && path == "gocryptfs.conf" {
+ Warn.Printf("The name \"/gocryptfs.conf\" is reserved when \"--plaintextnames\" is used\n")
+ return true
+ }
+ return false
+}
diff --git a/pathfs_frontend/fs.go b/pathfs_frontend/fs.go
index 1ef19d2..bd97f9a 100644
--- a/pathfs_frontend/fs.go
+++ b/pathfs_frontend/fs.go
@@ -34,8 +34,8 @@ func (fs *FS) GetPath(relPath string) string {
func (fs *FS) GetAttr(name string, context *fuse.Context) (*fuse.Attr, fuse.Status) {
cryptfs.Debug.Printf("FS.GetAttr('%s')\n", name)
- if name == cryptfs.ConfDefaultName {
- return nil, fuse.EPERM // See comment in Open()
+ if fs.CryptFS.IsFiltered(name) {
+ return nil, fuse.EPERM
}
cName := fs.EncryptPath(name)
a, status := fs.FileSystem.GetAttr(cName, context)
@@ -60,7 +60,7 @@ func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, f
for i := range cipherEntries {
cName := cipherEntries[i].Name
if dirName == "" && cName == cryptfs.ConfDefaultName {
- // ignore "gocryptfs.conf" in the top level dir
+ // silently ignore "gocryptfs.conf" in the top level dir
continue
}
name, err := fs.DecryptPath(cName)
@@ -90,14 +90,9 @@ func (fs *FS) mangleOpenFlags(flags uint32) (newFlags int, writeOnly bool) {
func (fs *FS) Open(path string, flags uint32, context *fuse.Context) (fuseFile nodefs.File, status fuse.Status) {
cryptfs.Debug.Printf("Open(%s)\n", path)
-
- if path == cryptfs.ConfDefaultName {
- // "gocryptfs.conf" in the top level dir is forbidden
- // to protect the config file of this filesystem if
- // "--plaintextnames" is enabled
+ if fs.CryptFS.IsFiltered(path){
return nil, fuse.EPERM
}
-
iflags, writeOnly := fs.mangleOpenFlags(flags)
f, err := os.OpenFile(fs.GetPath(path), iflags, 0666)
if err != nil {
@@ -108,10 +103,9 @@ func (fs *FS) Open(path string, flags uint32, context *fuse.Context) (fuseFile n
}
func (fs *FS) Create(path string, flags uint32, mode uint32, context *fuse.Context) (fuseFile nodefs.File, code fuse.Status) {
- if path == cryptfs.ConfDefaultName {
- return nil, fuse.EPERM // See comment in Open()
+ if fs.CryptFS.IsFiltered(path){
+ return nil, fuse.EPERM
}
-
iflags, writeOnly := fs.mangleOpenFlags(flags)
f, err := os.OpenFile(fs.GetPath(path), iflags|os.O_CREATE, os.FileMode(mode))
if err != nil {
@@ -121,26 +115,23 @@ func (fs *FS) Create(path string, flags uint32, mode uint32, context *fuse.Conte
}
func (fs *FS) Chmod(path string, mode uint32, context *fuse.Context) (code fuse.Status) {
- if path == cryptfs.ConfDefaultName {
- return fuse.EPERM // See comment in Open()
+ if fs.CryptFS.IsFiltered(path){
+ return fuse.EPERM
}
-
return fs.FileSystem.Chmod(fs.EncryptPath(path), mode, context)
}
func (fs *FS) Chown(path string, uid uint32, gid uint32, context *fuse.Context) (code fuse.Status) {
- if path == cryptfs.ConfDefaultName {
- return fuse.EPERM // See comment in Open()
+ if fs.CryptFS.IsFiltered(path){
+ return fuse.EPERM
}
-
return fs.FileSystem.Chown(fs.EncryptPath(path), uid, gid, context)
}
func (fs *FS) Mknod(name string, mode uint32, dev uint32, context *fuse.Context) (code fuse.Status) {
- if name == cryptfs.ConfDefaultName {
- return fuse.EPERM // See comment in Open()
+ if fs.CryptFS.IsFiltered(name){
+ return fuse.EPERM
}
-
return fs.FileSystem.Mknod(fs.EncryptPath(name), mode, dev, context)
}
@@ -150,10 +141,9 @@ func (fs *FS) Truncate(path string, offset uint64, context *fuse.Context) (code
}
func (fs *FS) Utimens(path string, Atime *time.Time, Mtime *time.Time, context *fuse.Context) (code fuse.Status) {
- if path == cryptfs.ConfDefaultName {
- return fuse.EPERM // See comment in Open()
+ if fs.CryptFS.IsFiltered(path){
+ return fuse.EPERM
}
-
return fs.FileSystem.Utimens(fs.EncryptPath(path), Atime, Mtime, context)
}
@@ -171,18 +161,16 @@ func (fs *FS) Readlink(name string, context *fuse.Context) (out string, status f
}
func (fs *FS) Mkdir(path string, mode uint32, context *fuse.Context) (code fuse.Status) {
- if path == cryptfs.ConfDefaultName {
- return fuse.EPERM // See comment in Open()
+ if fs.CryptFS.IsFiltered(path){
+ return fuse.EPERM
}
-
return fs.FileSystem.Mkdir(fs.EncryptPath(path), mode, context)
}
func (fs *FS) Unlink(name string, context *fuse.Context) (code fuse.Status) {
- if name == cryptfs.ConfDefaultName {
- return fuse.EPERM // See comment in Open()
+ if fs.CryptFS.IsFiltered(name){
+ return fuse.EPERM
}
-
cName := fs.EncryptPath(name)
code = fs.FileSystem.Unlink(cName, context)
if code != fuse.OK {
@@ -196,32 +184,32 @@ func (fs *FS) Rmdir(name string, context *fuse.Context) (code fuse.Status) {
}
func (fs *FS) Symlink(pointedTo string, linkName string, context *fuse.Context) (code fuse.Status) {
- if linkName == cryptfs.ConfDefaultName {
- return fuse.EPERM // See comment in Open()
+ if fs.CryptFS.IsFiltered(linkName){
+ return fuse.EPERM
}
-
// TODO symlink encryption
cryptfs.Debug.Printf("Symlink(\"%s\", \"%s\")\n", pointedTo, linkName)
return fs.FileSystem.Symlink(fs.EncryptPath(pointedTo), fs.EncryptPath(linkName), context)
}
-func (fs *FS) Rename(oldPath string, newPath string, context *fuse.Context) (codee fuse.Status) {
- if newPath == cryptfs.ConfDefaultName {
- return fuse.EPERM // See comment in Open()
+func (fs *FS) Rename(oldPath string, newPath string, context *fuse.Context) (code fuse.Status) {
+ if fs.CryptFS.IsFiltered(newPath){
+ return fuse.EPERM
}
-
return fs.FileSystem.Rename(fs.EncryptPath(oldPath), fs.EncryptPath(newPath), context)
}
func (fs *FS) Link(orig string, newName string, context *fuse.Context) (code fuse.Status) {
- if newName == cryptfs.ConfDefaultName {
- return fuse.EPERM // See comment in Open()
+ if fs.CryptFS.IsFiltered(newName){
+ return fuse.EPERM
}
-
return fs.FileSystem.Link(fs.EncryptPath(orig), fs.EncryptPath(newName), context)
}
func (fs *FS) Access(name string, mode uint32, context *fuse.Context) (code fuse.Status) {
+ if fs.CryptFS.IsFiltered(name){
+ return fuse.EPERM
+ }
return fs.FileSystem.Access(fs.EncryptPath(name), mode, context)
}