summaryrefslogtreecommitdiff
path: root/internal/fusefrontend
AgeCommit message (Collapse)Author
2020-06-21v2api: implement GetAttr and ReaddirJakob Unterwurzacher
2020-06-21v2api: implement Lookup()Jakob Unterwurzacher
Compiles, but untested otherwise. No caching.
2020-06-21v2api (go-fuse v2 api): initial noop implementationJakob Unterwurzacher
Compiles and mounts but does nothing useful.
2020-05-24Revert "fusefrontend: don't always clear the dircache in Rename"Jakob Unterwurzacher
As noticed by @slackner in https://github.com/rfjakob/gocryptfs/commit/cb8872577d66ff0fc38bcd70493be06bc0f34ffa#commitcomment-39405233 , this is not safe. This reverts commit cb8872577d66ff0fc38bcd70493be06bc0f34ffa.
2020-05-24fusefrontend: don't always clear the dircache in RenameJakob Unterwurzacher
When filename encryption is on, we do know when we overwrite a directory, and can clear only in this case. sshfs-benchmark.bash: sshfs gocryptfs-on-sshfs git init 1.74 7.80 rsync 6.19 11.63
2020-05-24fusefrontend: don't clear dircache on MkdirJakob Unterwurzacher
Mkdir can not cause existing entries in the cache to go stale. So don't clear it. Benchmark results: sshfs-benchmark.bash: sshfs gocryptfs-on-sshfs git init 1.65 8.74 rsync 6.09 17.54
2020-05-17dircache: increase cache size & lifetimeJakob Unterwurzacher
Looking at the dircache debug output, we see that a "git status" workload has a very bad cache hit rate because the entries expire or get evicted before they can be reused. Increase both cache size and lifetime for a 4x speedup: Before: 75s After: 17s https://github.com/rfjakob/gocryptfs/issues/410
2020-05-17dircache: improve debug messagesJakob Unterwurzacher
Before: Lookup "errno.html/1/2/3/4/5": miss Store: "errno.html/1/2/3/4/5" fd=26 iv=21be6e083d60dcabfe7368264d5082b7 Lookup "errno.html": hit 25 6d68a16d217978915036a3bd55428ae7 Lookup "errno.html/1": hit 25 932a464c299b3430c5e55c924f98ac4d Lookup "errno.html/1/2": hit 25 7d53348b1692d537f017bf86b3cf5feb Lookup "errno.html/1/2/3": hit 25 2aef1c9d1ab2b55b163215053fefe703 Lookup "errno.html/1/2/3/4": hit 25 cb802be53721c46a46247c5e4e0f4ce6 Lookup "errno.html/1/2/3/4": hit 25 cb802be53721c46a46247c5e4e0f4ce6 Lookup "errno.html": hit 25 6d68a16d217978915036a3bd55428ae7 After: Lookup "earlyoom/.git/refs" hit fd=10 dup=17 iv=6ae2cecd269a25e8d946aff6afe9b8b8 Lookup "earlyoom/.git/refs/remotes" hit fd=19 dup=17 iv=f04c2d2a5bcc33ebdeaca664859c980d Lookup "earlyoom/.git/refs/remotes/origin" miss Store "earlyoom/.git/refs/remotes/origin" fd=17 iv=834a64a1697c9f5705455ba6dbed22b5 Lookup "earlyoom" hit fd=7 dup=25 iv=2303a892d6e2357c483574a8070b7679 Lookup "earlyoom/.git" hit fd=11 dup=25 iv=d43ca4aff23720c57789c9f62f0aee00 Lookup "earlyoom/.git" hit fd=11 dup=25 iv=d43ca4aff23720c57789c9f62f0aee00 Lookup "earlyoom/.git/refs" hit fd=10 dup=25 iv=6ae2cecd269a25e8d946aff6afe9b8b8 Lookup "earlyoom/.git/refs/heads" hit fd=13 dup=25 iv=f9245e7c066b9adc768a1a666da9fbc8
2020-05-17Update go-fuse import path to github.com/hanwen/go-fuse/v2Jakob Unterwurzacher
We need https://github.com/hanwen/go-fuse/commit/fd7328faf9fdf75709f7ba7df7072aaf4eeb18b3 to fix a crash reported in https://github.com/rfjakob/gocryptfs/issues/430 : 2019/10/30 17:14:16 Unknown opcode 2016 panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x508d38] This patch is only in the v2.x.x branch. Upgrade to v2, as the old API is also supported there. Running git grep hanwen/go-fuse | grep -v hanwen/go-fuse/v2 to check for forgotten references comes back clean.
2020-05-09ctlsock: create exported ctlsock client libraryJakob Unterwurzacher
The former interal ctlsock server package is renamed to ctlsocksrv.
2020-04-19inomap: rework logic to efficiently support flagsJakob Unterwurzacher
Adding flags allows to use inomap in reverse mode, replacing the clunky inoBaseDirIV/inoBaseNameFile logic that causes problems with high underlying inode numbers ( https://github.com/rfjakob/gocryptfs/issues/457 ) Microbenchmarks (values below) show that the "SingleDev" case is now much slower due to an extra map lookup, but this has no visible effects in ./test.bash results, so there was no time spent optimizing the case further. $ go test -bench=. goos: linux goarch: amd64 pkg: github.com/rfjakob/gocryptfs/internal/inomap BenchmarkTranslateSingleDev-4 18757510 61.5 ns/op BenchmarkTranslateManyDevs-4 18061515 64.5 ns/op PASS ok github.com/rfjakob/gocryptfs/internal/inomap 2.467s
2020-04-13inomap: split into separate packageJakob Unterwurzacher
inomap will also be used by fusefrontend_reverse in the future. Split if off openfiletable to make it independent.
2020-02-29fusefrontend: drop xattr user namespace restrictionJakob Unterwurzacher
We used to restrict setting xattrs to the "user." namespace. I don't see a real reason for this anymore, and it causes trouble for users who are using acls. Tests will be added in the next commit. https://github.com/rfjakob/gocryptfs/issues/453
2019-11-16fs: add uint64 cast to fix Darwin buildJakob Unterwurzacher
Error from Travis CI was: +GOOS=darwin +GOARCH=amd64 +go build -tags without_openssl # github.com/rfjakob/gocryptfs/internal/fusefrontend internal/fusefrontend/fs.go:88:45: cannot use st.Dev (type int32) as type uint64 in argument to openfiletable.NewInumMap Add uint64 to fix it.
2019-11-16fusefrontend: use inummapJakob Unterwurzacher
translate inode numbers on different devices to fix collisions. Fixes https://github.com/rfjakob/gocryptfs/issues/435
2019-11-03fusefrontend: warn about missing dirivJakob Unterwurzacher
The comment is outdated, at this point, we should really not get any errors from ReadDirIVAt. The change is best seen when running the fsck tests. Before: fsck: error opening dir "missing_diriv": 2=no such file or directory After: OpenDir "K2m0E6qzIfoLkVZJanoUiQ": could not read gocryptfs.diriv: no such file or directory fsck: error opening dir "missing_diriv": 5=input/output error See https://github.com/rfjakob/gocryptfs/issues/403 , where the extra info would have been helpful.
2019-11-03fusefrontend: don't return EIO on directory with corrupt file namesJakob Unterwurzacher
This was meant as a way to inform the user that something is very wrong, however, users are hitting the condition on MacOS due to ".DS_Store" files, and also on NFS due to ".nfsXXX" files. Drop the whole thing as it seems to cause more pain than gain. Fixes https://github.com/rfjakob/gocryptfs/issues/431
2019-10-06fusefrontend: unregister from openfiletable before closing the fdJakob Unterwurzacher
Closing the fd means the inode number may be reused immediately by a new file, so we have to get the old fileID out of the table beforehand! Hopefully fixes https://github.com/rfjakob/gocryptfs/issues/363
2019-10-06fusefrontend: print file hexdump on header errorJakob Unterwurzacher
This should help debugging https://github.com/rfjakob/gocryptfs/issues/363 , but does no harm in normal operation as it only prints ciphertext to the log.
2019-09-08Fix -idle unmounting despite activityJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/421
2019-04-09fusefrontend: get rid of last hardcoded "gocryptfs.diriv" instancesJakob Unterwurzacher
Makes it easier to change the name (as some people want to): https://github.com/rfjakob/gocryptfs/issues/37
2019-03-26reverse mode: support wildcard exclude (--exclude-wildcard)Eduardo M KALINOWSKI
This adds support for gitignore-like wildcards and exclude patters in reverse mode. It (somewhat) fixes #273: no regexp support, but the syntax should be powerful enough to satisfy most needs. Also, since adding a lot of --exclude options can be tedious, it adds the --exclude-from option to read patterns from a file (or files).
2019-02-17nametransform: reject names longer than 255 charsJakob Unterwurzacher
Looks like we allowed creating longer names by accident. Fix that, and add a test that verifies it.
2019-01-20fusefronted: comment why Access() does not check context.UidJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/347
2019-01-20fusefrontend: ensure directories without W or X perms can be deletedJakob Unterwurzacher
This fixed the "Permission denied" bug, but still has the problem that the directory may be replaced behind our back. Mitigated by the fact that we skip the workaround when running as root with -allow_other. https://github.com/rfjakob/gocryptfs/issues/354
2019-01-20Revert "syscallcompat: drop Faccessat AT_SYMLINK_NOFOLLOW helper"Jakob Unterwurzacher
Breaks mounting on MacOS: unix.Faccessat on Darwin does NOT (yet) support AT_SYMLINK_NOFOLLOW. See d44fe89ba4f3252c5bd00c4f7730197732f2a26a . This reverts commit 0805a63df1b5f915b228727f6074c2506922d0ad.
2019-01-20syscallcompat: drop Faccessat AT_SYMLINK_NOFOLLOW helperJakob Unterwurzacher
unix.Faccessat has added support for AT_SYMLINK_NOFOLLOW in July 2018, https://github.com/golang/sys/commit/bd9dbc187b6e1dacfdd2722a87e83093c2d7bd6e#diff-341484dbbe3180cd7a31ef2ad2d679b6 which means we no longer need our own helper. Closes https://github.com/rfjakob/gocryptfs/issues/347
2019-01-16fusefrontend: Always use intFd() method instead of int(f.fd.Fd()).Sebastian Lackner
2019-01-16fusefrontend: Rework the Utimens handling on macOS.Sebastian Lackner
For Linux, everything effectively stays the same. For both path-based and fd-based Utimens() calls, we use unix.UtimesNanoAt(). To avoid introducing a separate syscall wrapper for futimens() (as done in go-fuse, for example), we instead use the /proc/self/fd - trick. On macOS, this changes quite a lot: * Path-based Utimens() calls were previously completely broken, since unix.UtimensNanoAt() ignores the passed file descriptor. Note that this cannot be fixed easily since there IS no appropriate syscall available on macOS prior to High Sierra (10.13). We emulate this case by using Fchdir() + setattrlist(). * Fd-based Utimens() calls were previously translated to f.GetAttr() (to fill any empty parameters) and syscall.Futimes(), which does not does support nanosecond precision. Both issues can be fixed by switching to fsetattrlist(). Fixes https://github.com/rfjakob/gocryptfs/issues/350
2019-01-15fusefrontend: Print 'too many open files' warning for both short and long names.Sebastian Lackner
While we're at it, also replace os.* constants with syscall.* constants.
2019-01-14syscallcompat: rework Fchmodat to FchmodatNofollowJakob Unterwurzacher
We never want Fchmodat to follow symlinks, so follow what Qemu does, and call our function FchmodatNofollow.
2019-01-13fusefrontend: drop last remaining call into loopbackFileSystemJakob Unterwurzacher
The only call forwarded to loopbackFileSystem was Statfs, which is trivial to implement. Implement it and drop loopbackFileSystem, as having it carries the risk that a coding error bypasses the usual encryption/decryption chain.
2019-01-13fusefrontend: Do not pass unsupported flags to Faccessat on macOS.Sebastian Lackner
Fixes mounting of forward mounts on macOS High Sierra.
2019-01-12fusefrontend: Preserve SUID/SGID/sticky-bits in openWriteOnlyFile and Rmdir.Sebastian Lackner
Fixes https://github.com/rfjakob/gocryptfs/issues/336 and https://github.com/rfjakob/gocryptfs/issues/337.
2019-01-12fusefrontend: -allow_other: Use SymlinkatUser in Symlink FUSE call.Sebastian Lackner
Instead of manually adjusting the user after creating the symlink, adjust effective permissions and let the kernel deal with it. Related to https://github.com/rfjakob/gocryptfs/issues/338.
2019-01-12fusefrontend: -allow_other: Use MknodatUser in Mknod FUSE call.Sebastian Lackner
Instead of manually adjusting the user and mode after creating the device file, adjust effective permissions and let the kernel deal with it. Related to https://github.com/rfjakob/gocryptfs/issues/338.
2019-01-12fusefrontend: -allow_other: Use MkdiratUser in Mkdir FUSE call.Sebastian Lackner
Revert commit fcaca5fc94d981aa637beb752edc8cb3c2265e96. Instead of manually adjusting the user and mode after creating the directory, adjust effective permissions and let the kernel deal with it. Related to https://github.com/rfjakob/gocryptfs/issues/338.
2019-01-12fusefrontend: -allow_other: Use OpenatUser in Create FUSE call.Sebastian Lackner
Revert commit b22cc03c7516b2003880db8375d26c76d6dff093. Instead of manually adjusting the user and mode after creating the file, adjust effective permissions and let the kernel deal with it. Related to https://github.com/rfjakob/gocryptfs/issues/338.
2019-01-12fusefrontend: Don't chown gocryptfs.diriv files.Sebastian Lackner
The current code has a risk of race-conditions, since we pass a path containing "/" to Fchownat. We could fix this by opening a file descriptor, however, this does not seem worth the effort. We also don't chown *.name files.
2019-01-09fusefrontend: -allow_other: set file mode after chown in Mkdir().Sebastian Lackner
Make sure that the directory belongs to the correct owner before users can access it. For directories with SUID/SGID mode, there is a risk of race-conditions when files are created before the correct owner is set. They will then inherit the wrong user and/or group. See https://github.com/rfjakob/gocryptfs/issues/327 for more details.
2019-01-08fusefrontend: -allow_other: set file mode *after* chown in Create()Jakob Unterwurzacher
Reported by @slackner at https://github.com/rfjakob/gocryptfs/issues/327 : Possible race-conditions between file creation and Fchownat * Assume a system contains a gocryptfs mount as root user with -allow_other * As a regular user create a new file with mode containing the SUID flag and write access for other users * Before gocryptfs executes the Fchownat call, try to open the file again, write some exploit code to it, and try to run it. For a short time, the file is owned by root and has the SUID flag, so this is pretty dangerous.
2019-01-07fusefrontend: Clarify access mode check related to O_WRONLY handling.Sebastian Lackner
Use O_ACCMODE mask in openWriteOnlyFile for improved readability.
2019-01-07fusefrontend: Filter O_CREAT in mangleOpenFlags.Sebastian Lackner
2019-01-06fusefrontend: Check result of Fchmod syscall.Sebastian Lackner
Fixes https://github.com/rfjakob/gocryptfs/issues/328
2019-01-06fusefrontend: Fix computation of cipherSz in Allocate FUSE call.Sebastian Lackner
Do not use PlainSizeToCipherSize() since this adds the 18 bytes file header. Partially fixes https://github.com/rfjakob/gocryptfs/issues/311
2019-01-06fusefrontend: Properly convert plaintext <-> ciphertext offsets in SeekData().Sebastian Lackner
Fixes https://github.com/rfjakob/gocryptfs/issues/304
2019-01-05main: Run 'ensure fds' code early during the program startup.Sebastian Lackner
The files are apparently processed in alphabetic order, so cli_args.go is processed before main.go. In order to run before the go-fuse imports, put the 'ensure fds' code in a separate package. Debug messages are omitted to avoid additional imports (that might contain other code messing up our file descriptors).
2019-01-05fusefrontend: Allow to set/remove xattr on directory without read permission.Sebastian Lackner
Setting/removing extended attributes on directories was partially fixed with commit eff35e60b63331e3e10f921792baa10b236a721d. However, on most file systems it is also possible to do these operations without read access (see tests). Since we cannot open a write-access fd to a directory, we have to use the /proc/self/fd trick (already used for ListXAttr) for the other operations aswell. For simplicity, let's separate the Linux and Darwin code again (basically revert commit f320b76fd189a363a34bffe981aa67ab97df3362), and always use the /proc/self/fd trick on Linux. On Darwin we use the best-effort approach with openBackingFile() as a fallback. More discussion about the available options is available in https://github.com/rfjakob/gocryptfs/issues/308.
2019-01-05A few more spelling fixes.Sebastian Lackner
2019-01-04tests: bump maxCacheFds to 3Jakob Unterwurzacher
As the dirCache now has 3 entries, the tests should accept up to 3 extra fds without declaring an fd leak.