| Age | Commit message (Collapse) | Author |
|---|
|
This means we can unexport the field.
|
|
This proposal is the counterpart of the modifications from the `-badname`
parameter. It modifies the plain -> cipher mapping for filenames when using
`-badname` parameter. The new function `EncryptAndHashBadName` tries to find a
cipher filename for the given plain name with the following steps:
1. If `badname` is disabled or direct mapping is successful: Map directly
(default and current behaviour)
2. If a file with badname flag has a valid cipher file, this is returned
(=File just ends with the badname flag)
3. If a file with a badname flag exists where only the badname flag was added,
this is returned (=File cipher name could not be decrypted by function
`DecryptName` and just the badname flag was added)
4. Search for all files which cipher file name extists when cropping more and
more characters from the end. If only 1 file is found, return this
5. Return an error otherwise
This allows file access in the file browsers but most important it allows that
you rename files with undecryptable cipher names in the plain directories.
Renaming those files will then generate a proper cipher filename One
backdraft: When mounting the cipher dir with -badname parameter, you can never
create (or rename to) files whose file name ends with the badname file flag
(at the moment this is " GOCRYPTFS_BAD_NAME"). This will cause an error.
I modified the CLI test function to cover additional test cases. Test [Case
7](https://github.com/DerDonut/gocryptfs/blob/badnamecontent/tests/cli/cli_test.go#L712)
cannot be performed since the cli tests are executed in panic mode. The
testing is stopped on error. Since the function`DecryptName` produces internal
errors when hitting non-decryptable file names, this test was omitted.
This implementation is a proposal where I tried to change the minimum amount
of existing code. Another possibility would be instead of creating the new
function `EncryptAndHashBadName` to modify the signature of the existing
function `EncryptAndHashName(name string, iv []byte)` to
`EncryptAndHashName(name string, iv []byte, dirfd int)` and integrate the
functionality into this function directly. You may allow calling with dirfd=-1
or other invalid values an then performing the current functionality.
|
|
gocryptfs 2.0 introduced the regression that the size
reported at symlink creation was the ciphertext size,
which is wrong.
Report the plaintext size.
Fixes https://github.com/rfjakob/gocryptfs/issues/574
|
|
These are now available cross-platform in the unix
package.
|
|
The result of setting an acl depends on who runs the
operation!
Fixes fuse-xfstests generic/375
(see https://github.com/rfjakob/fuse-xfstests/wiki/results_2021-05-19)
|
|
Discovered by xfstests generic/564 .
Failure was:
generic/564 - output mismatch (see /opt/fuse-xfstests/results//generic/564.out.bad)
--- tests/generic/564.out 2021-05-08 21:11:05.307395966 +0200
+++ /opt/fuse-xfstests/results//generic/564.out.bad 2021-05-19 19:01:16.912888879 +0200
@@ -31,7 +31,7 @@
source range beyond 8TiB returns 0
destination range beyond 8TiB returns EFBIG
-copy_range: File too large
+copy_range: Function not implemented
|
|
xfstests generic/523 discovered that we allowed to set
xattrs with "/" in the name, but did not allow to read
them later.
With this change we do not allow to set them in the first
place.
|
|
Fixes xfstests generic/401
|
|
In response to the discussion of the xfstests mailing list [1],
I looked at the Lseek implementation, which was naive and
did not handle all cases correctly.
The new implementation aligns the returned values to 4096 bytes
as most callers expect.
A lot of tests are added to verify that we handle all
cases correctly now.
[1]: https://www.spinics.net/lists/fstests/msg16554.html
|
|
Let's have MkdiratUser take fuse.Context like everybody
else.
|
|
Error was:
internal/fusefrontend/node.go:371:2: duplicate case syscallcompat.RENAME_NOREPLACE (value 0) in switch
previous case at internal/fusefrontend/node.go:368:7
Rewrite using "if"s instead.
|
|
RENAME_NOREPLACE is already defined in syscallcompat.
|
|
Discovered by xfstests generic/013: or implementation for
RENAME_EXCHANGE and RENAME_WHITEOUT is incomplete. Reject the
flags so that the caller retries with regular rename.
|
|
"node itself" can be converted to node + child by
ascending one level.
Performance gains are spectacular, as will be seen
in the next commit.
|
|
|
|
|
|
dirfd caching was temporarily removed when moving
to the v2api. Add it back to gain back some lost speed.
|
|
This test only worked accidentially, and would
break once dirfd caching is added.
fs.Mkdir(..., "dir1/dir2", ...) is illegal
(child name cannot contain slashes).
|
|
Use the n.prepareAtSyscall() wrapper instead. Prepares
for adding caching into n.prepareAtSyscall().
|
|
And deduplicate the code a little.
|
|
The Open() and Create() paths used different inode numbers,
which broke openfiletable locking against concurred readers.
|
|
Hard link tracking was not correctly disabled
since the migration to the go-fuse v2 api.
Add a test to ensure it stays off.
Fixes https://github.com/rfjakob/gocryptfs/issues/525
|
|
Pass through system.posix_acl_access and system.posix_acl_default
unencrypted to fix "cp -a" problems.
"cp -a" uses "setxattr" even to set normal permissions, see
https://www.spinics.net/lists/linux-nfs/msg63986.html .
Fixes https://github.com/rfjakob/gocryptfs/issues/543
|
|
world-readable
Make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable to make encrypted backups easier
when mounting via fstab.
Having the files follow chmod/chown of their parent does not seem
to be worth the hassle. The content of the diriv files is not
secret, and both diriv and name files are protected by the
perms of the parent dir.
Fixes https://github.com/rfjakob/gocryptfs/issues/539
|
|
This option is similar to fuse(8) kernel_cache
Verified using vmtouch.
Without -kernel_cache:
$ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0,0242321 s, 433 MB/s
Files: 1
Directories: 0
Touched Pages: 2560 (10M)
Elapsed: 0.011159 seconds
Files: 1
Directories: 0
Resident Pages: 0/2560 0/10M 0%
Elapsed: 0.000993 seconds
With -kernel_cache:
$ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0,0244015 s, 430 MB/s
Files: 1
Directories: 0
Touched Pages: 2560 (10M)
Elapsed: 0.011564 seconds
Files: 1
Directories: 0
Resident Pages: 2560/2560 10M/10M 100%
Elapsed: 0.000369 seconds
|
|
Unless we are mounted with -suid, we can reject
these requests, and gain back some lost speed.
Closes https://github.com/rfjakob/gocryptfs/issues/515
|
|
After Close() returns, the fd is dead, even if we
received EINTR. Don't retry, we could shoot down
an unrelated fd that received the same fd number.
|
|
Retry operations that have been shown to throw EINTR
errors on CIFS.
Todo: Solution for this pain in the back:
warning: unix.Getdents returned errno 2 in the middle of data
rm: cannot remove 'linux-3.0.old3/Documentation/ABI/removed': Input/output error
Progress towards fixing https://github.com/rfjakob/gocryptfs/issues/483 .
|
|
|
|
|
|
|
|
Rename the symbols and the files.
|
|
|
|
|
|
All the functionality in these files has been reimplemented
for the v2 api. Drop the old files.
|
|
This also fixes the last remaining tests/fsck failure.
|
|
|
|
Helpful for fsck.
|
|
|
|
gocryptfs/tests/xattr passes.
|
|
|
|
|
|
We used to always open a *File2 and letting the *File2
handle Setattr. This does not work it we cannot open the file!
Before:
$ go test
2020/07/12 20:14:57 writer: Write/Writev failed, err: 2=no such file or directory. opcode: INTERRUPT
2020/07/12 20:14:57 writer: Write/Writev failed, err: 2=no such file or directory. opcode: INTERRUPT
--- FAIL: TestLchown (0.00s)
matrix_test.go:634: lchown /tmp/gocryptfs-test-parent-1026/014500839/default-plain/symlink: too many levels of symbolic links
touch: setting times of '/tmp/gocryptfs-test-parent-1026/014500839/default-plain/utimesnano_symlink': Too many levels of symbolic links
--- FAIL: TestUtimesNanoSymlink (0.00s)
matrix_test.go:655: exit status 1
--- FAIL: TestMkfifo (0.00s)
matrix_test.go:755: file exists
--- FAIL: TestMagicNames (0.00s)
matrix_test.go:773: Testing n="gocryptfs.longname.QhUr5d9FHerwEs--muUs6_80cy6JRp89c1otLwp92Cs"
matrix_test.go:773: Testing n="gocryptfs.diriv"
matrix_test.go:815: open /tmp/gocryptfs-test-parent-1026/014500839/default-plain/linktarget: permission denied
--- FAIL: TestChmod (0.00s)
matrix_test.go:840: chmod 444 -> 000 failed: permission denied
matrix_test.go:840: chmod 444 -> 111 failed: permission denied
matrix_test.go:840: chmod 444 -> 123 failed: permission denied
matrix_test.go:840: chmod 444 -> 321 failed: permission denied
FAIL
exit status 1
FAIL github.com/rfjakob/gocryptfs/tests/matrix 0.790s
After:
$ go test
--- FAIL: TestMkfifo (0.00s)
matrix_test.go:755: file exists
--- FAIL: TestMagicNames (0.00s)
matrix_test.go:773: Testing n="gocryptfs.longname.QhUr5d9FHerwEs--muUs6_80cy6JRp89c1otLwp92Cs"
matrix_test.go:773: Testing n="gocryptfs.diriv"
matrix_test.go:815: open /tmp/gocryptfs-test-parent-1026/501766059/default-plain/linktarget: permission denied
--- FAIL: TestChmod (0.00s)
matrix_test.go:849: modeHave 0644 != modeWant 0
FAIL
exit status 1
FAIL github.com/rfjakob/gocryptfs/tests/matrix 0.787s
|
|
|
|
|
|
If we don't, reads hang with -serialize_reads.
|
|
We used to do this
[pid 99182] renameat2(14, "Y_4DAxKvj1QnXmJx2AkrKA", 15, ".", RENAME_NOREPLACE <unfinished ...>
which was not the intention.
|
|
|
|
|
|
Fortunately, this just means fixing up the function
signatures.
|
