summaryrefslogtreecommitdiff
path: root/internal/fusefrontend/fs.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/fusefrontend/fs.go')
-rw-r--r--internal/fusefrontend/fs.go381
1 files changed, 381 insertions, 0 deletions
diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go
new file mode 100644
index 0000000..0331215
--- /dev/null
+++ b/internal/fusefrontend/fs.go
@@ -0,0 +1,381 @@
+package fusefrontend
+
+// FUSE operations on paths
+
+import (
+ "encoding/base64"
+ "os"
+ "path/filepath"
+ "sync"
+ "syscall"
+ "time"
+
+ "github.com/hanwen/go-fuse/fuse"
+ "github.com/hanwen/go-fuse/fuse/nodefs"
+ "github.com/hanwen/go-fuse/fuse/pathfs"
+
+ "github.com/rfjakob/gocryptfs/internal/toggledlog"
+ "github.com/rfjakob/gocryptfs/internal/cryptocore"
+ "github.com/rfjakob/gocryptfs/internal/nametransform"
+ "github.com/rfjakob/gocryptfs/internal/contentenc"
+ "github.com/rfjakob/gocryptfs/internal/configfile"
+)
+
+const plainBS = 4096
+
+type FS struct {
+ pathfs.FileSystem // loopbackFileSystem, see go-fuse/fuse/pathfs/loopback.go
+ args Args // Stores configuration arguments
+ // dirIVLock: Lock()ed if any "gocryptfs.diriv" file is modified
+ // Readers must RLock() it to prevent them from seeing intermediate
+ // states
+ dirIVLock sync.RWMutex
+ // Filename encryption helper
+ nameTransform *nametransform.NameTransform
+ // Content encryption helper
+ contentEnc *contentenc.ContentEnc
+}
+
+// Encrypted FUSE overlay filesystem
+func NewFS(args Args) *FS {
+
+ cryptoCore := cryptocore.New(args.Masterkey, args.OpenSSL, args.GCMIV128)
+ contentEnc := contentenc.New(cryptoCore, plainBS)
+ nameTransform := nametransform.New(cryptoCore, args.EMENames)
+
+ return &FS{
+ FileSystem: pathfs.NewLoopbackFileSystem(args.Cipherdir),
+ args: args,
+ nameTransform: nameTransform,
+ contentEnc: contentEnc,
+ }
+}
+
+// GetBackingPath - get the absolute encrypted path of the backing file
+// from the relative plaintext path "relPath"
+func (fs *FS) getBackingPath(relPath string) (string, error) {
+ cPath, err := fs.encryptPath(relPath)
+ if err != nil {
+ return "", err
+ }
+ cAbsPath := filepath.Join(fs.args.Cipherdir, cPath)
+ toggledlog.Debug.Printf("getBackingPath: %s + %s -> %s", fs.args.Cipherdir, relPath, cAbsPath)
+ return cAbsPath, nil
+}
+
+func (fs *FS) GetAttr(name string, context *fuse.Context) (*fuse.Attr, fuse.Status) {
+ toggledlog.Debug.Printf("FS.GetAttr('%s')", name)
+ if fs.isFiltered(name) {
+ return nil, fuse.EPERM
+ }
+ cName, err := fs.encryptPath(name)
+ if err != nil {
+ return nil, fuse.ToStatus(err)
+ }
+ a, status := fs.FileSystem.GetAttr(cName, context)
+ if a == nil {
+ toggledlog.Debug.Printf("FS.GetAttr failed: %s", status.String())
+ return a, status
+ }
+ if a.IsRegular() {
+ a.Size = fs.contentEnc.CipherSizeToPlainSize(a.Size)
+ } else if a.IsSymlink() {
+ target, _ := fs.Readlink(name, context)
+ a.Size = uint64(len(target))
+ }
+ return a, status
+}
+
+func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, fuse.Status) {
+ toggledlog.Debug.Printf("OpenDir(%s)", dirName)
+ cDirName, err := fs.encryptPath(dirName)
+ if err != nil {
+ return nil, fuse.ToStatus(err)
+ }
+ // Read ciphertext directory
+ cipherEntries, status := fs.FileSystem.OpenDir(cDirName, context)
+ if cipherEntries == nil {
+ return nil, status
+ }
+ // Get DirIV (stays nil if DirIV if off)
+ var cachedIV []byte
+ if fs.args.DirIV {
+ // Read the DirIV once and use it for all later name decryptions
+ cDirAbsPath := filepath.Join(fs.args.Cipherdir, cDirName)
+ cachedIV, err = fs.nameTransform.ReadDirIV(cDirAbsPath)
+ if err != nil {
+ return nil, fuse.ToStatus(err)
+ }
+ }
+ // Filter and decrypt filenames
+ var plain []fuse.DirEntry
+ for i := range cipherEntries {
+ cName := cipherEntries[i].Name
+ if dirName == "" && cName == configfile.ConfDefaultName {
+ // silently ignore "gocryptfs.conf" in the top level dir
+ continue
+ }
+ if fs.args.DirIV && cName == nametransform.DirIVFilename {
+ // silently ignore "gocryptfs.diriv" everywhere if dirIV is enabled
+ continue
+ }
+ var name string = cName
+ if !fs.args.PlaintextNames {
+ name, err = fs.nameTransform.DecryptName(cName, cachedIV)
+ if err != nil {
+ toggledlog.Warn.Printf("Invalid name \"%s\" in dir \"%s\": %s", cName, cDirName, err)
+ continue
+ }
+ }
+ cipherEntries[i].Name = name
+ plain = append(plain, cipherEntries[i])
+ }
+ return plain, status
+}
+
+// We always need read access to do read-modify-write cycles
+func (fs *FS) mangleOpenFlags(flags uint32) (newFlags int, writeOnly bool) {
+ newFlags = int(flags)
+ if newFlags&os.O_WRONLY > 0 {
+ writeOnly = true
+ newFlags = newFlags ^ os.O_WRONLY | os.O_RDWR
+ }
+ // We also cannot open the file in append mode, we need to seek back for RMW
+ newFlags = newFlags &^ os.O_APPEND
+
+ return newFlags, writeOnly
+}
+
+func (fs *FS) Open(path string, flags uint32, context *fuse.Context) (fuseFile nodefs.File, status fuse.Status) {
+ if fs.isFiltered(path) {
+ return nil, fuse.EPERM
+ }
+ iflags, writeOnly := fs.mangleOpenFlags(flags)
+ cPath, err := fs.getBackingPath(path)
+ if err != nil {
+ toggledlog.Debug.Printf("Open: getBackingPath: %v", err)
+ return nil, fuse.ToStatus(err)
+ }
+ toggledlog.Debug.Printf("Open: %s", cPath)
+ f, err := os.OpenFile(cPath, iflags, 0666)
+ if err != nil {
+ return nil, fuse.ToStatus(err)
+ }
+
+ return NewFile(f, writeOnly, fs.contentEnc), fuse.OK
+}
+
+func (fs *FS) Create(path string, flags uint32, mode uint32, context *fuse.Context) (fuseFile nodefs.File, code fuse.Status) {
+ if fs.isFiltered(path) {
+ return nil, fuse.EPERM
+ }
+ iflags, writeOnly := fs.mangleOpenFlags(flags)
+ cPath, err := fs.getBackingPath(path)
+ if err != nil {
+ return nil, fuse.ToStatus(err)
+ }
+ f, err := os.OpenFile(cPath, iflags|os.O_CREATE, os.FileMode(mode))
+ if err != nil {
+ return nil, fuse.ToStatus(err)
+ }
+ return NewFile(f, writeOnly, fs.contentEnc), fuse.OK
+}
+
+func (fs *FS) Chmod(path string, mode uint32, context *fuse.Context) (code fuse.Status) {
+ if fs.isFiltered(path) {
+ return fuse.EPERM
+ }
+ cPath, err := fs.encryptPath(path)
+ if err != nil {
+ return fuse.ToStatus(err)
+ }
+ return fs.FileSystem.Chmod(cPath, mode, context)
+}
+
+func (fs *FS) Chown(path string, uid uint32, gid uint32, context *fuse.Context) (code fuse.Status) {
+ if fs.isFiltered(path) {
+ return fuse.EPERM
+ }
+ cPath, err := fs.encryptPath(path)
+ if err != nil {
+ return fuse.ToStatus(err)
+ }
+ return fs.FileSystem.Chown(cPath, uid, gid, context)
+}
+
+func (fs *FS) Mknod(path string, mode uint32, dev uint32, context *fuse.Context) (code fuse.Status) {
+ if fs.isFiltered(path) {
+ return fuse.EPERM
+ }
+ cPath, err := fs.encryptPath(path)
+ if err != nil {
+ return fuse.ToStatus(err)
+ }
+ return fs.FileSystem.Mknod(cPath, mode, dev, context)
+}
+
+var truncateWarned bool
+
+func (fs *FS) Truncate(path string, offset uint64, context *fuse.Context) (code fuse.Status) {
+ // Only warn once
+ if !truncateWarned {
+ toggledlog.Warn.Printf("truncate(2) is not supported, returning ENOSYS - use ftruncate(2)")
+ truncateWarned = true
+ }
+ return fuse.ENOSYS
+}
+
+func (fs *FS) Utimens(path string, Atime *time.Time, Mtime *time.Time, context *fuse.Context) (code fuse.Status) {
+ if fs.isFiltered(path) {
+ return fuse.EPERM
+ }
+ cPath, err := fs.encryptPath(path)
+ if err != nil {
+ return fuse.ToStatus(err)
+ }
+ return fs.FileSystem.Utimens(cPath, Atime, Mtime, context)
+}
+
+func (fs *FS) Readlink(path string, context *fuse.Context) (out string, status fuse.Status) {
+ cPath, err := fs.encryptPath(path)
+ if err != nil {
+ return "", fuse.ToStatus(err)
+ }
+ cTarget, status := fs.FileSystem.Readlink(cPath, context)
+ if status != fuse.OK {
+ return "", status
+ }
+ // Old filesystem: symlinks are encrypted like paths (CBC)
+ if !fs.args.DirIV {
+ target, err := fs.decryptPath(cTarget)
+ if err != nil {
+ toggledlog.Warn.Printf("Readlink: CBC decryption failed: %v", err)
+ return "", fuse.EIO
+ }
+ return target, fuse.OK
+ }
+ // Since gocryptfs v0.5 symlinks are encrypted like file contents (GCM)
+ cBinTarget, err := base64.URLEncoding.DecodeString(cTarget)
+ if err != nil {
+ toggledlog.Warn.Printf("Readlink: %v", err)
+ return "", fuse.EIO
+ }
+ target, err := fs.contentEnc.DecryptBlock([]byte(cBinTarget), 0, nil)
+ if err != nil {
+ toggledlog.Warn.Printf("Readlink: %v", err)
+ return "", fuse.EIO
+ }
+ return string(target), fuse.OK
+}
+
+func (fs *FS) Unlink(path string, context *fuse.Context) (code fuse.Status) {
+ if fs.isFiltered(path) {
+ return fuse.EPERM
+ }
+ cPath, err := fs.getBackingPath(path)
+ if err != nil {
+ return fuse.ToStatus(err)
+ }
+ return fuse.ToStatus(syscall.Unlink(cPath))
+}
+
+func (fs *FS) Symlink(target string, linkName string, context *fuse.Context) (code fuse.Status) {
+ toggledlog.Debug.Printf("Symlink(\"%s\", \"%s\")", target, linkName)
+ if fs.isFiltered(linkName) {
+ return fuse.EPERM
+ }
+ cPath, err := fs.getBackingPath(linkName)
+ if err != nil {
+ return fuse.ToStatus(err)
+ }
+ // Old filesystem: symlinks are encrypted like paths (CBC)
+ if !fs.args.DirIV {
+ cTarget, err := fs.encryptPath(target)
+ if err != nil {
+ toggledlog.Warn.Printf("Symlink: BUG: we should not get an error here: %v", err)
+ return fuse.ToStatus(err)
+ }
+ err = os.Symlink(cTarget, cPath)
+ return fuse.ToStatus(err)
+ }
+ // Since gocryptfs v0.5 symlinks are encrypted like file contents (GCM)
+ cBinTarget := fs.contentEnc.EncryptBlock([]byte(target), 0, nil)
+ cTarget := base64.URLEncoding.EncodeToString(cBinTarget)
+
+ err = os.Symlink(cTarget, cPath)
+ toggledlog.Debug.Printf("Symlink: os.Symlink(%s, %s) = %v", cTarget, cPath, err)
+ return fuse.ToStatus(err)
+}
+
+func (fs *FS) Rename(oldPath string, newPath string, context *fuse.Context) (code fuse.Status) {
+ if fs.isFiltered(newPath) {
+ return fuse.EPERM
+ }
+ cOldPath, err := fs.getBackingPath(oldPath)
+ if err != nil {
+ return fuse.ToStatus(err)
+ }
+ cNewPath, err := fs.getBackingPath(newPath)
+ if err != nil {
+ return fuse.ToStatus(err)
+ }
+ // The Rename may cause a directory to take the place of another directory.
+ // That directory may still be in the DirIV cache, clear it.
+ fs.nameTransform.DirIVCache.Clear()
+
+ err = os.Rename(cOldPath, cNewPath)
+
+ if lerr, ok := err.(*os.LinkError); ok && lerr.Err == syscall.ENOTEMPTY {
+ // If an empty directory is overwritten we will always get
+ // ENOTEMPTY as the "empty" directory will still contain gocryptfs.diriv.
+ // Handle that case by removing the target directory and trying again.
+ toggledlog.Debug.Printf("Rename: Handling ENOTEMPTY")
+ if fs.Rmdir(newPath, context) == fuse.OK {
+ err = os.Rename(cOldPath, cNewPath)
+ }
+ }
+
+ return fuse.ToStatus(err)
+}
+
+func (fs *FS) Link(oldPath string, newPath string, context *fuse.Context) (code fuse.Status) {
+ if fs.isFiltered(newPath) {
+ return fuse.EPERM
+ }
+ cOldPath, err := fs.getBackingPath(oldPath)
+ if err != nil {
+ return fuse.ToStatus(err)
+ }
+ cNewPath, err := fs.getBackingPath(newPath)
+ if err != nil {
+ return fuse.ToStatus(err)
+ }
+ return fuse.ToStatus(os.Link(cOldPath, cNewPath))
+}
+
+func (fs *FS) Access(path string, mode uint32, context *fuse.Context) (code fuse.Status) {
+ if fs.isFiltered(path) {
+ return fuse.EPERM
+ }
+ cPath, err := fs.getBackingPath(path)
+ if err != nil {
+ return fuse.ToStatus(err)
+ }
+ return fuse.ToStatus(syscall.Access(cPath, mode))
+}
+
+func (fs *FS) GetXAttr(name string, attr string, context *fuse.Context) ([]byte, fuse.Status) {
+ return nil, fuse.ENOSYS
+}
+
+func (fs *FS) SetXAttr(name string, attr string, data []byte, flags int, context *fuse.Context) fuse.Status {
+ return fuse.ENOSYS
+}
+
+func (fs *FS) ListXAttr(name string, context *fuse.Context) ([]string, fuse.Status) {
+ return nil, fuse.ENOSYS
+}
+
+func (fs *FS) RemoveXAttr(name string, attr string, context *fuse.Context) fuse.Status {
+ return fuse.ENOSYS
+}