summaryrefslogtreecommitdiff
path: root/internal/fusefrontend/node_prepare_syscall.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/fusefrontend/node_prepare_syscall.go')
-rw-r--r--internal/fusefrontend/node_prepare_syscall.go116
1 files changed, 116 insertions, 0 deletions
diff --git a/internal/fusefrontend/node_prepare_syscall.go b/internal/fusefrontend/node_prepare_syscall.go
new file mode 100644
index 0000000..fa558e8
--- /dev/null
+++ b/internal/fusefrontend/node_prepare_syscall.go
@@ -0,0 +1,116 @@
+package fusefrontend
+
+import (
+ "sync/atomic"
+ "syscall"
+
+ "github.com/rfjakob/gocryptfs/internal/tlog"
+
+ "github.com/hanwen/go-fuse/v2/fs"
+
+ "github.com/rfjakob/gocryptfs/internal/nametransform"
+ "github.com/rfjakob/gocryptfs/internal/syscallcompat"
+)
+
+// prepareAtSyscall returns a (dirfd, cName) pair that can be used
+// with the "___at" family of system calls (openat, fstatat, unlinkat...) to
+// access the backing encrypted child file.
+func (n *Node) prepareAtSyscall(child string) (dirfd int, cName string, errno syscall.Errno) {
+ if child == "" {
+ tlog.Warn.Printf("BUG: prepareAtSyscall: child=%q, should have called prepareAtSyscallMyself", child)
+ return n.prepareAtSyscallMyself()
+ }
+
+ rn := n.rootNode()
+
+ // All filesystem operations go through here, so this is a good place
+ // to reset the idle marker.
+ atomic.StoreUint32(&rn.IsIdle, 0)
+
+ if n.IsRoot() && rn.isFiltered(child) {
+ return -1, "", syscall.EPERM
+ }
+
+ var encryptName func(int, string, []byte) (string, error)
+ if !rn.args.PlaintextNames {
+ encryptName = func(dirfd int, child string, iv []byte) (cName string, err error) {
+ // Badname allowed, try to determine filenames
+ if rn.nameTransform.HaveBadnamePatterns() {
+ return rn.nameTransform.EncryptAndHashBadName(child, iv, dirfd)
+ }
+ return rn.nameTransform.EncryptAndHashName(child, iv)
+ }
+ }
+
+ // Cache lookup
+ var iv []byte
+ dirfd, iv = rn.dirCache.Lookup(n)
+ if dirfd > 0 {
+ if rn.args.PlaintextNames {
+ return dirfd, child, 0
+ }
+ var err error
+ cName, err = encryptName(dirfd, child, iv)
+ if err != nil {
+ syscall.Close(dirfd)
+ return -1, "", fs.ToErrno(err)
+ }
+ return
+ }
+
+ // Slowpath: Open ourselves & read diriv
+ parentDirfd, myCName, errno := n.prepareAtSyscallMyself()
+ if errno != 0 {
+ return
+ }
+ defer syscall.Close(parentDirfd)
+
+ dirfd, err := syscallcompat.Openat(parentDirfd, myCName, syscall.O_NOFOLLOW|syscall.O_DIRECTORY|syscallcompat.O_PATH, 0)
+
+ // Cache store
+ if !rn.args.PlaintextNames {
+ var err error
+ iv, err = nametransform.ReadDirIVAt(dirfd)
+ if err != nil {
+ syscall.Close(dirfd)
+ return -1, "", fs.ToErrno(err)
+ }
+ }
+ rn.dirCache.Store(n, dirfd, iv)
+
+ if rn.args.PlaintextNames {
+ return dirfd, child, 0
+ }
+
+ cName, err = encryptName(dirfd, child, iv)
+ if err != nil {
+ syscall.Close(dirfd)
+ return -1, "", fs.ToErrno(err)
+ }
+
+ return
+}
+
+func (n *Node) prepareAtSyscallMyself() (dirfd int, cName string, errno syscall.Errno) {
+ dirfd = -1
+
+ // Handle root node
+ if n.IsRoot() {
+ var err error
+ rn := n.rootNode()
+ dirfd, cName, err = rn.openBackingDir("")
+ if err != nil {
+ errno = fs.ToErrno(err)
+ }
+ return
+ }
+
+ // Otherwise convert to prepareAtSyscall of parent node
+ myName, p1 := n.Parent()
+ if p1 == nil || myName == "" {
+ errno = syscall.ENOENT
+ return
+ }
+ parent := toNode(p1.Operations())
+ return parent.prepareAtSyscall(myName)
+}