aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-02-04dep: update dependenciesv1.7-rc2Jakob Unterwurzacher
This also drops now-unused dependencies.
2019-02-04Disable Trezor supportJakob Unterwurzacher
Trezor support has been broken since Sept 2018 ( https://github.com/rfjakob/gocryptfs/issues/261 ). Disable trezor.go by renaming to trezor.go.broken. This keeps "dep" from having to pull in A LOT OF dependencies: Before: $ du -sh vendor/ 49M vendor/ After: $ du -sh vendor/ 16M vendor/
2019-01-23tests: simplify parallel_cp.shJakob Unterwurzacher
Get rid of one extra directory level. Hopefully makes it easier to follow the debug logs.
2019-01-20tests: darwin: ignore error in TestMvWarningSymlinkJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/349
2019-01-20fusefronted: comment why Access() does not check context.UidJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/347
2019-01-20tests: check that we can delete directories with all permissionJakob Unterwurzacher
Regression test for https://github.com/rfjakob/gocryptfs/issues/354
2019-01-20fusefrontend: ensure directories without W or X perms can be deletedJakob Unterwurzacher
This fixed the "Permission denied" bug, but still has the problem that the directory may be replaced behind our back. Mitigated by the fact that we skip the workaround when running as root with -allow_other. https://github.com/rfjakob/gocryptfs/issues/354
2019-01-20tests: matrix: split out directory tests into their own fileJakob Unterwurzacher
matrix_test.go is already too big.
2019-01-20Revert "syscallcompat: drop Faccessat AT_SYMLINK_NOFOLLOW helper"Jakob Unterwurzacher
Breaks mounting on MacOS: unix.Faccessat on Darwin does NOT (yet) support AT_SYMLINK_NOFOLLOW. See d44fe89ba4f3252c5bd00c4f7730197732f2a26a . This reverts commit 0805a63df1b5f915b228727f6074c2506922d0ad.
2019-01-20syscallcompat: drop Faccessat AT_SYMLINK_NOFOLLOW helperJakob Unterwurzacher
unix.Faccessat has added support for AT_SYMLINK_NOFOLLOW in July 2018, https://github.com/golang/sys/commit/bd9dbc187b6e1dacfdd2722a87e83093c2d7bd6e#diff-341484dbbe3180cd7a31ef2ad2d679b6 which means we no longer need our own helper. Closes https://github.com/rfjakob/gocryptfs/issues/347
2019-01-20ctlsock: fix buffer truncation of JSON unmarshal errorJakob Unterwurzacher
In the error case, buf was not restored to the original capacity. Instead of truncating "buf" and restoring (or forgetting to restore) later, introduce the "data" slice. Fixes https://github.com/rfjakob/gocryptfs/issues/356
2019-01-16fusefrontend: Always use intFd() method instead of int(f.fd.Fd()).Sebastian Lackner
2019-01-16fusefrontend: Rework the Utimens handling on macOS.Sebastian Lackner
For Linux, everything effectively stays the same. For both path-based and fd-based Utimens() calls, we use unix.UtimesNanoAt(). To avoid introducing a separate syscall wrapper for futimens() (as done in go-fuse, for example), we instead use the /proc/self/fd - trick. On macOS, this changes quite a lot: * Path-based Utimens() calls were previously completely broken, since unix.UtimensNanoAt() ignores the passed file descriptor. Note that this cannot be fixed easily since there IS no appropriate syscall available on macOS prior to High Sierra (10.13). We emulate this case by using Fchdir() + setattrlist(). * Fd-based Utimens() calls were previously translated to f.GetAttr() (to fill any empty parameters) and syscall.Futimes(), which does not does support nanosecond precision. Both issues can be fixed by switching to fsetattrlist(). Fixes https://github.com/rfjakob/gocryptfs/issues/350
2019-01-15tests: Increase timeout in Mount() function.Sebastian Lackner
This avoids sporadic test failures on macOS.
2019-01-15mount: Replace commas in volume name.Sebastian Lackner
Fixes the following test failure: cli_test.go:534: Failed to mount "[...]/542399800,foo,bar" on "[...]/542399800,foo,bar.mnt": exit status 19
2019-01-15fusefrontend: Print 'too many open files' warning for both short and long names.Sebastian Lackner
While we're at it, also replace os.* constants with syscall.* constants.
2019-01-15fusefrontend_reverse: Delete leftover debug statement.Sebastian Lackner
2019-01-14tests: reduce noise on MacOSJakob Unterwurzacher
This should get rid of Openat: O_NOFOLLOW missing: flags = 0x0 Fchmodat: adding missing AT_SYMLINK_NOFOLLOW flag sys_common_test.go:203: chmod on symlink should have failed, but did not. New mode=0333 UnmountErr: "[...]/057376762.mnt" was not found in MountInfo, cannot check for FD leak and add some context to --- FAIL: TestUtimesNano (0.00s) matrix_test.go:628: no such file or directory See https://github.com/rfjakob/gocryptfs/pull/343#issuecomment-453888006 for full test output
2019-01-14syscallcompat: fix FchmodatNofollow testsJakob Unterwurzacher
FchmodatNofollow dropped the flags parameter.
2019-01-14syscallcompat: rework Fchmodat to FchmodatNofollowJakob Unterwurzacher
We never want Fchmodat to follow symlinks, so follow what Qemu does, and call our function FchmodatNofollow.
2019-01-14syscallcompat: Drop Fstatat emulation on macOS.Sebastian Lackner
2019-01-14syscallcompat: Drop Mkdirat emulation on macOS.Sebastian Lackner
2019-01-14syscallcompat: Drop Symlinkat emulation on macOS.Sebastian Lackner
2019-01-14syscallcompat: Drop Fchownat emulation on macOS.Sebastian Lackner
2019-01-14syscallcompat: Drop Fchmodat emulation on macOS.Sebastian Lackner
On macOS the function has a flags argument, so we don't need the /proc/self/fd trick used on Linux.
2019-01-14syscallcompat: Drop Unlinkat emulation on macOS.Sebastian Lackner
2019-01-14syscallcompat: Drop Renameat emulation on macOS.Sebastian Lackner
2019-01-14syscallcompat: Drop Openat emulation on macOS.Sebastian Lackner
2019-01-14syscallcompat: Use pthread_setugid_np() to implement *User() functions on macOS.Sebastian Lackner
Fixes -allow_other mode on macOS.
2019-01-13fusefrontend: drop last remaining call into loopbackFileSystemJakob Unterwurzacher
The only call forwarded to loopbackFileSystem was Statfs, which is trivial to implement. Implement it and drop loopbackFileSystem, as having it carries the risk that a coding error bypasses the usual encryption/decryption chain.
2019-01-13fusefrontend: Do not pass unsupported flags to Faccessat on macOS.Sebastian Lackner
Fixes mounting of forward mounts on macOS High Sierra.
2019-01-13macos: filter SUID and SGID bits in OpenatUser, MknodatUser, MkdiratUserJakob Unterwurzacher
When gocryptfs runs as root, we don't want to allow people to create SUID root files.
2019-01-12fusefrontend: Preserve SUID/SGID/sticky-bits in openWriteOnlyFile and Rmdir.Sebastian Lackner
Fixes https://github.com/rfjakob/gocryptfs/issues/336 and https://github.com/rfjakob/gocryptfs/issues/337.
2019-01-12fusefrontend: -allow_other: Use SymlinkatUser in Symlink FUSE call.Sebastian Lackner
Instead of manually adjusting the user after creating the symlink, adjust effective permissions and let the kernel deal with it. Related to https://github.com/rfjakob/gocryptfs/issues/338.
2019-01-12fusefrontend: -allow_other: Use MknodatUser in Mknod FUSE call.Sebastian Lackner
Instead of manually adjusting the user and mode after creating the device file, adjust effective permissions and let the kernel deal with it. Related to https://github.com/rfjakob/gocryptfs/issues/338.
2019-01-12fusefrontend: -allow_other: Use MkdiratUser in Mkdir FUSE call.Sebastian Lackner
Revert commit fcaca5fc94d981aa637beb752edc8cb3c2265e96. Instead of manually adjusting the user and mode after creating the directory, adjust effective permissions and let the kernel deal with it. Related to https://github.com/rfjakob/gocryptfs/issues/338.
2019-01-12fusefrontend: -allow_other: Use OpenatUser in Create FUSE call.Sebastian Lackner
Revert commit b22cc03c7516b2003880db8375d26c76d6dff093. Instead of manually adjusting the user and mode after creating the file, adjust effective permissions and let the kernel deal with it. Related to https://github.com/rfjakob/gocryptfs/issues/338.
2019-01-12fusefrontend: Don't chown gocryptfs.diriv files.Sebastian Lackner
The current code has a risk of race-conditions, since we pass a path containing "/" to Fchownat. We could fix this by opening a file descriptor, however, this does not seem worth the effort. We also don't chown *.name files.
2019-01-09fusefrontend: -allow_other: set file mode after chown in Mkdir().Sebastian Lackner
Make sure that the directory belongs to the correct owner before users can access it. For directories with SUID/SGID mode, there is a risk of race-conditions when files are created before the correct owner is set. They will then inherit the wrong user and/or group. See https://github.com/rfjakob/gocryptfs/issues/327 for more details.
2019-01-09nametransform: Create *.name files with 0400 permission.Sebastian Lackner
Similar to gocryptfs.iv files they are never modified.
2019-01-08fusefrontend: -allow_other: set file mode *after* chown in Create()Jakob Unterwurzacher
Reported by @slackner at https://github.com/rfjakob/gocryptfs/issues/327 : Possible race-conditions between file creation and Fchownat * Assume a system contains a gocryptfs mount as root user with -allow_other * As a regular user create a new file with mode containing the SUID flag and write access for other users * Before gocryptfs executes the Fchownat call, try to open the file again, write some exploit code to it, and try to run it. For a short time, the file is owned by root and has the SUID flag, so this is pretty dangerous.
2019-01-07syscallcompat: Implement workaround for Fchmodat with AT_SYMLINK_NOFOLLOW.Sebastian Lackner
Fixes https://github.com/rfjakob/gocryptfs/issues/259
2019-01-07tests: add Fchmodat testJakob Unterwurzacher
Test that we handle symlinks correctly.
2019-01-07fusefrontend: Clarify access mode check related to O_WRONLY handling.Sebastian Lackner
Use O_ACCMODE mask in openWriteOnlyFile for improved readability.
2019-01-07fusefrontend: Filter O_CREAT in mangleOpenFlags.Sebastian Lackner
2019-01-06fusefrontend: Check result of Fchmod syscall.Sebastian Lackner
Fixes https://github.com/rfjakob/gocryptfs/issues/328
2019-01-06fusefrontend: Fix computation of cipherSz in Allocate FUSE call.Sebastian Lackner
Do not use PlainSizeToCipherSize() since this adds the 18 bytes file header. Partially fixes https://github.com/rfjakob/gocryptfs/issues/311
2019-01-06tests: check that fallocate does not over-allocate spaceJakob Unterwurzacher
We currently allocate 18 bytes too much: https://github.com/rfjakob/gocryptfs/issues/311
2019-01-06tests: move fallocate tests to its own fileJakob Unterwurzacher
matrix_test.go is already too big.
2019-01-06tests: TestFallocate: comment what "d" and "h" meansJakob Unterwurzacher
Document what "d" and "h" means in the fancy ASCII diagrams. https://github.com/rfjakob/gocryptfs/pull/326