aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-01-01fusefrontend: mark symlink-safe FUSE callsJakob Unterwurzacher
Document which FUSE calls are already symlink-safe in the function comment.
2019-01-01fusefrontend: make DecryptPath() symlink-safeJakob Unterwurzacher
DecryptPath is now symlink-safe through the use of *at() functions.
2019-01-01fusefrontend: make Access() symlink-safe.Jakob Unterwurzacher
Make Access() symlink-safe through use of faccessat.
2019-01-01nametransform: comments: directly link to ioutil.WriteFile fixJakob Unterwurzacher
So the reader does not have to read through the whole ticket. The commit message has a nice summary of the problem.
2019-01-01fusefrontend: Fix debug message in doWrite() method.Sebastian Lackner
2019-01-01fusefrontend: Fix order of arguments in debug message for Read() FUSE call.Sebastian Lackner
2019-01-01nametransform: Delete incomplete longname files on error.Sebastian Lackner
2018-12-30main: Remove a duplicate word in a comment.Sebastian Lackner
2018-12-28configfile: Fix a copy&paste error in validateParams method.Sebastian Lackner
2018-12-27configfile: Explicitly wipe scrypt derived key after decrypting/encrypting ↵Sebastian Lackner
master key. Further raises the bar for recovering keys from memory.
2018-12-27Assorted spelling fixes.Sebastian Lackner
Mostly detected with the 'codespell' utility, but also includes some manual grammar fixes.
2018-12-27fusefrontend: Remove unnecessary check in doRead function.Sebastian Lackner
The same condition is already checked a few lines above, and 'err' is not changed inbetween.
2018-12-27fusefrontend: Don't treat Fchownat error as failure in Mkdir.Sebastian Lackner
The directory was already created, so return success even if Fchownat fails. The same error handling is already used if fs.args.PlaintextNames is false.
2018-12-27fusefrontend: Check the correct 'err' variable.Sebastian Lackner
2018-12-27build.bash: Escape LDFLAGS before passing them to 'go build'.Sebastian Lackner
This ensures that ./build.bash still works when the LDFLAGS environment variable contains multiple options, e.g., LDFLAGS="-lpthread -lm". The correct way of passing multiple options is discussed here: https://github.com/golang/go/issues/6234 For some unknown reason, the method only works when -extldflags is the last argument - is this a bug in Go?
2018-12-16build.bash: support user-set LDFLAGSJakob Unterwurzacher
As requested at https://github.com/rfjakob/gocryptfs/pull/280
2018-12-16build.bash: use -trimpath for reproducible buildsJakob Unterwurzacher
Support both Go 1.7...1.9 and Go 1.10 by checking the version and using the appropropriate syntax. We trim GOPATH/src and use both -gcflags and -asmflags like Debian does in https://salsa.debian.org/go-team/packages/dh-golang/blob/ab2bbcfc00b1229066cc3d3d1195ac901a2b9411/lib/Debian/Debhelper/Buildsystem/golang.pm#L465 .
2018-12-16build.bash: respect SOURCE_DATE_EPOCHJakob Unterwurzacher
SOURCE_DATE_EPOCH seems to be the standard env variable for faking a build date for reproducible builds.
2018-12-16README: replace openssl-gcm.md with link to wikiJakob Unterwurzacher
The CPU-Benchmarks wiki page has a lot more info than openssl-gcm.md had.
2018-12-16tests: fix TestPassfileNewlineJakob Unterwurzacher
Due to a copy-paste error, we ran the wrong test in the subprocess. Thanks @slackner for noticing at https://github.com/rfjakob/gocryptfs/commit/295d432175292dbaef572093d784aab55f5c0b8f#r31690478 !
2018-12-15passfile: directly read file instead of invoking catJakob Unterwurzacher
Allows better error handling, gets rid of the call to an external program, and fixes https://github.com/rfjakob/gocryptfs/issues/278 .
2018-12-12Add v1.6.1 to changelogJakob Unterwurzacher
2018-11-17syscallcompat: downgrade DT_UNKNOWN message level on XFSJakob Unterwurzacher
Old XFS filesystems always return DT_UNKNOWN. Downgrade the message to "info" level if we are on XFS. Using the "warning" level means that users on old XFS filesystems cannot run the test suite as it intentionally aborts on any warnings. Fixes https://github.com/rfjakob/gocryptfs/issues/267
2018-11-17main: drop hardcoded /usr/bin/logger pathJakob Unterwurzacher
The hardcoded full paths were introduced to handle the case of an empty PATH environment variable. However, since commit 10212d791a3196c2c870 we set PATH to a default value if empty. The hardcoded paths are no longer neccessary, and cause problems on some distros: User voobscout on https://github.com/rfjakob/gocryptfs/issues/225#issuecomment-438682034 : just to chime in - please don't hardcode paths, for example I'm on NixOS and logger lives in /run/current-system/sw/bin/logger Drop the hardcoded paths.
2018-10-17tlog: disable color codes when switching to syslogJakob Unterwurzacher
When gocryptfs was started on a terminal and later daemonized, the color codes stayed active in the syslog output. The codes are not visible in "journalctl -f", which is why I have not noticed it yet, but they do show up in normal syslog as the usual "#033[33m" crap.
2018-10-17fusefronted: log more details on WriteAt failuresJakob Unterwurzacher
Also log inode number, fd number, offset and length. Maybe help debugging https://github.com/rfjakob/gocryptfs/issues/269 .
2018-10-17main: also redirect Fatal logger to syslog on daemonizationJakob Unterwurzacher
The messages would still be collected via gocryptfs-logger, but let's do it right. Before: Oct 17 21:58:12 brikett gocryptfs[9926]: testing info Oct 17 21:58:12 brikett gocryptfs[9926]: testing warn Oct 17 21:58:12 brikett gocryptfs-9926-logger[9935]: testing fatal After: Oct 17 22:00:53 brikett gocryptfs[10314]: testing info Oct 17 22:00:53 brikett gocryptfs[10314]: testing warn Oct 17 22:00:53 brikett gocryptfs[10314]: testing fatal
2018-10-11Updated manpage for -idle flagJesse Dunietz
2018-10-11tests: fix golint errorJakob Unterwurzacher
Error was: tests/cli/cli_test.go:552: declaration of "err" shadows declaration at tests/cli/cli_test.go:544
2018-10-11tests: add idle timeout testJakob Unterwurzacher
Mount with idle timeout 10ms and check that the process exits by itself within 5 seconds.
2018-10-11Add option for autounmountJesse Dunietz
Even though filesystem notifications aren't implemented for FUSE, I decided to try my hand at implementing the autounmount feature (#128). I based it on the EncFS autounmount code, which records filesystem accesses and checks every X seconds whether it's idled long enough to unmount. I've tested the feature locally, but I haven't added any tests for this flag. I also haven't worked with Go before. So please let me know if there's anything that should be done differently. One particular concern: I worked from the assumption that the open files table is unique per-filesystem. If that's not true, I'll need to add an open file count and associated lock to the Filesystem type instead. https://github.com/rfjakob/gocryptfs/pull/265
2018-10-11tests: syscallcompat: allow failure for symlinks > 1000Jakob Unterwurzacher
MacOS and old XFS versions do not support very long symlinks, but let's not make the tests fail because of that. https://github.com/rfjakob/gocryptfs/issues/267
2018-10-10tests: catch "name too long" symlink failure on XFSJakob Unterwurzacher
Retry with length 1000 if length 4000 fails, which should work on all filesystems. Failure was: --- FAIL: TestTooLongSymlink (0.00s) correctness_test.go:198: symlink xxx[...]xxxx /tmp/xfs.mnt/gocryptfs-test-parent/549823072/365091391/TooLongSymlink: file name too long https://github.com/rfjakob/gocryptfs/issues/267
2018-10-10tests: respect TMPDIR if setJakob Unterwurzacher
Setting TMPDIR now allows to run the tests against a directory of your choice, making it easier to test different filesystems.
2018-09-23fusefrontend: Fix uint16 build failure on DarwinJakob Unterwurzacher
Error was: # github.com/rfjakob/gocryptfs/internal/fusefrontend internal/fusefrontend/fs.go:179: cannot use perms | 256 (type uint16) as type uint32 in argument to syscall.Fchmod internal/fusefrontend/fs.go:185: cannot use perms (type uint16) as type uint32 in argument to syscall.Fchmod
2018-09-23fusefrontend: make Rename() symlink-safeJakob Unterwurzacher
Use Openat() and the openBackingDir() helper so we never follow symlinks.
2018-09-23fusefrontend: make Create() symlink-safeJakob Unterwurzacher
Use Openat() and the openBackingDir() helper so we never follow symlinks.
2018-09-23fusefrontend: Open(): fix dirfd leakJakob Unterwurzacher
Close was missing.
2018-09-23fusefrontend: add named parameters to openBackingDirJakob Unterwurzacher
Named parameters make using the function easier.
2018-09-23fusefrontend: get rid of os.File* wrappingJakob Unterwurzacher
Directly use int file descriptors for the dirfd and get rid of one level of indirection.
2018-09-23fusefrontent: make Open() symlink-safeJakob Unterwurzacher
2018-09-23tests: add symlink_race toolJakob Unterwurzacher
Help uncover symlink races.
2018-09-23tlog: always trim trailing newlinesJakob Unterwurzacher
The messages we print through tlog sometimes do, sometimes do not contain a trailing newline. The stdlib logger usually drops trailing newlines automatically, but tlog postfixes ColorReset to the caller's message, so the logger logic does not work when we print colored output. Drop the newlines on our own, and add a test. Fixes the blank lines in fsck output: ~/go/src/github.com/rfjakob/gocryptfs/tests/fsck$ ./run_fsck.bash Reading password from extpass program Decrypting master key OpenDir "": invalid entry "invalid_file_name.3": illegal base64 data at input byte 17 OpenDir "": invalid entry "invalid_file_name_2": bad message fsck: corrupt entry in dir "": "invalid_file_name.3" fsck: corrupt entry in dir "": "invalid_file_name_2" OpenDir "": invalid entry "invalid_file_name____1": bad message fsck: corrupt entry in dir "": "invalid_file_name____1" doRead 4327225: corrupt block #0: stupidgcm: message authentication failed fsck: error reading file "corrupt_file" (inum 4327225): 5=input/output error cipherSize 40 < overhead 50: corrupt file doRead 4327074: corrupt header: ParseHeader: invalid version, want=2 have=22616 cipherSize 40 < overhead 50: corrupt file fsck: error reading file "corrupt_file_2" (inum 4327074): 5=input/output error Readlink "s-P7PcQDUcVkoeMDnC3EYA": decrypting target failed: stupidgcm: message authentication failed fsck: error reading symlink "corrupt_symlink": 5=input/output error Readlink "iI0MtUdzELPeOAZYwYZFee169hpGgd3l2PXQBcc9sl4": decrypting target failed: illegal base64 data at input byte 0 fsck: error reading symlink "corrupt_symlink_2": 5=input/output error OpenDir "yrwcjj2qoC4IYvhw9sbfRg": could not read gocryptfs.diriv: wanted 16 bytes, got 17 fsck: error opening dir "diriv_too_long": 5=input/output error OpenDir "trqecbMNXdzLqzpk7fSfKw": could not read gocryptfs.diriv: wanted 16 bytes, got 3 fsck: error opening dir "diriv_too_short": 5=input/output error cipherSize 8 < header size 18: corrupt file readFileID 4327049: incomplete file, got 8 instead of 19 bytes fsck: corrupt file "incomplete_file_1" (inode 4327049) readFileID 4327038: incomplete file, got 18 instead of 19 bytes fsck: corrupt file "incomplete_file_2" (inode 4327038) cipherSize 1 < header size 18: corrupt file readFileID 4327063: incomplete file, got 1 instead of 19 bytes fsck: corrupt file "incomplete_file_3" (inode 4327063) fsck: error opening dir "missing_diriv": 2=no such file or directory ListXAttr: invalid xattr name "user.gocryptfs.0a5e7yWl0SGUGeWB0Sy2K0": bad message fsck: corrupt xattr name on file "xattr_corrupt_name": "user.gocryptfs.0a5e7yWl0SGUGeWB0Sy2K0" GetXAttr: stupidgcm: message authentication failed fsck: error reading xattr "user.foo" from "xattr_corrupt_value": 5=input/output error fsck summary: 15 corrupt files
2018-09-22syscallcompat: untangle Openat flag checkJakob Unterwurzacher
Check for O_NWFOLLOW and O_EXCL separately to make the logic clearer.
2018-09-22tests: detect and report chmod failures earlierJakob Unterwurzacher
Instead of reporting the consequence: matrix_test.go:906: modeHave 0664 != modeWant 0777 Report it if chmod itself fails, and also report the old file mode: matrix_test.go:901: chmod 000 -> 777 failed: bad file descriptor
2018-09-18main: sanitize commas from fsnameJakob Unterwurzacher
The cipherdir path is used as the fsname, as displayed in "df -T". Now, having a comma in fsname triggers a sanity check in go-fuse, aborting the mount with: /bin/fusermount: mount failed: Invalid argument fuse.NewServer failed: fusermount exited with code 256 Sanitize fsname by replacing any commas with underscores. https://github.com/rfjakob/gocryptfs/issues/262
2018-09-08fusefrontend: use OpenDirNofollow in openBackingDirJakob Unterwurzacher
Rename openBackingPath to openBackingDir and use OpenDirNofollow to be safe against symlink races. Note that openBackingDir is not used in several important code paths like Create(). But it is used in Unlink, and the performance impact in the RM benchmark to be acceptable: Before $ ./benchmark.bash Testing gocryptfs at /tmp/benchmark.bash.bYO: gocryptfs v1.6-12-g930c37e-dirty; go-fuse v20170619-49-gb11e293; 2018-09-08 go1.10.3 WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 1.07979 s, 243 MB/s READ: 262144000 bytes (262 MB, 250 MiB) copied, 0.882413 s, 297 MB/s UNTAR: 16.703 MD5: 7.606 LS: 1.349 RM: 3.237 After $ ./benchmark.bash Testing gocryptfs at /tmp/benchmark.bash.jK3: gocryptfs v1.6-13-g84d6faf-dirty; go-fuse v20170619-49-gb11e293; 2018-09-08 go1.10.3 WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 1.06261 s, 247 MB/s READ: 262144000 bytes (262 MB, 250 MiB) copied, 0.947228 s, 277 MB/s UNTAR: 17.197 MD5: 7.540 LS: 1.364 RM: 3.410
2018-09-08tests: restore Go 1.7 compatibilityJakob Unterwurzacher
Go 1.7 does not have t.Name() yet.
2018-09-08syscallcompat: use O_PATH in OpenDirNofollowJakob Unterwurzacher
This fixes the "0100 directory" problem in reverse mode, and should be slightly faster.
2018-09-08syscallcompat: untangle OpenNofollow and rename to OpenDirNofollowJakob Unterwurzacher
The function used to do two things: 1) Walk the directory tree in a manner safe from symlink attacks 2) Open the final component in the mode requested by the caller This change drops (2), which was only used once, and lets the caller handle it. This simplifies the function and makes it fit for reuse in forward mode in openBackingPath(), and for using O_PATH on Linux.