summaryrefslogtreecommitdiff
path: root/internal/fusefrontend
AgeCommit message (Collapse)Author
2019-01-12fusefrontend: -allow_other: Use MknodatUser in Mknod FUSE call.Sebastian Lackner
Instead of manually adjusting the user and mode after creating the device file, adjust effective permissions and let the kernel deal with it. Related to https://github.com/rfjakob/gocryptfs/issues/338.
2019-01-12fusefrontend: -allow_other: Use MkdiratUser in Mkdir FUSE call.Sebastian Lackner
Revert commit fcaca5fc94d981aa637beb752edc8cb3c2265e96. Instead of manually adjusting the user and mode after creating the directory, adjust effective permissions and let the kernel deal with it. Related to https://github.com/rfjakob/gocryptfs/issues/338.
2019-01-12fusefrontend: -allow_other: Use OpenatUser in Create FUSE call.Sebastian Lackner
Revert commit b22cc03c7516b2003880db8375d26c76d6dff093. Instead of manually adjusting the user and mode after creating the file, adjust effective permissions and let the kernel deal with it. Related to https://github.com/rfjakob/gocryptfs/issues/338.
2019-01-12fusefrontend: Don't chown gocryptfs.diriv files.Sebastian Lackner
The current code has a risk of race-conditions, since we pass a path containing "/" to Fchownat. We could fix this by opening a file descriptor, however, this does not seem worth the effort. We also don't chown *.name files.
2019-01-09fusefrontend: -allow_other: set file mode after chown in Mkdir().Sebastian Lackner
Make sure that the directory belongs to the correct owner before users can access it. For directories with SUID/SGID mode, there is a risk of race-conditions when files are created before the correct owner is set. They will then inherit the wrong user and/or group. See https://github.com/rfjakob/gocryptfs/issues/327 for more details.
2019-01-08fusefrontend: -allow_other: set file mode *after* chown in Create()Jakob Unterwurzacher
Reported by @slackner at https://github.com/rfjakob/gocryptfs/issues/327 : Possible race-conditions between file creation and Fchownat * Assume a system contains a gocryptfs mount as root user with -allow_other * As a regular user create a new file with mode containing the SUID flag and write access for other users * Before gocryptfs executes the Fchownat call, try to open the file again, write some exploit code to it, and try to run it. For a short time, the file is owned by root and has the SUID flag, so this is pretty dangerous.
2019-01-07fusefrontend: Clarify access mode check related to O_WRONLY handling.Sebastian Lackner
Use O_ACCMODE mask in openWriteOnlyFile for improved readability.
2019-01-07fusefrontend: Filter O_CREAT in mangleOpenFlags.Sebastian Lackner
2019-01-06fusefrontend: Check result of Fchmod syscall.Sebastian Lackner
Fixes https://github.com/rfjakob/gocryptfs/issues/328
2019-01-06fusefrontend: Fix computation of cipherSz in Allocate FUSE call.Sebastian Lackner
Do not use PlainSizeToCipherSize() since this adds the 18 bytes file header. Partially fixes https://github.com/rfjakob/gocryptfs/issues/311
2019-01-06fusefrontend: Properly convert plaintext <-> ciphertext offsets in SeekData().Sebastian Lackner
Fixes https://github.com/rfjakob/gocryptfs/issues/304
2019-01-05main: Run 'ensure fds' code early during the program startup.Sebastian Lackner
The files are apparently processed in alphabetic order, so cli_args.go is processed before main.go. In order to run before the go-fuse imports, put the 'ensure fds' code in a separate package. Debug messages are omitted to avoid additional imports (that might contain other code messing up our file descriptors).
2019-01-05fusefrontend: Allow to set/remove xattr on directory without read permission.Sebastian Lackner
Setting/removing extended attributes on directories was partially fixed with commit eff35e60b63331e3e10f921792baa10b236a721d. However, on most file systems it is also possible to do these operations without read access (see tests). Since we cannot open a write-access fd to a directory, we have to use the /proc/self/fd trick (already used for ListXAttr) for the other operations aswell. For simplicity, let's separate the Linux and Darwin code again (basically revert commit f320b76fd189a363a34bffe981aa67ab97df3362), and always use the /proc/self/fd trick on Linux. On Darwin we use the best-effort approach with openBackingFile() as a fallback. More discussion about the available options is available in https://github.com/rfjakob/gocryptfs/issues/308.
2019-01-05A few more spelling fixes.Sebastian Lackner
2019-01-04tests: bump maxCacheFds to 3Jakob Unterwurzacher
As the dirCache now has 3 entries, the tests should accept up to 3 extra fds without declaring an fd leak.
2019-01-04fusefrontend: fix fd leak in dirCacheJakob Unterwurzacher
The missing break meant that we may find a second hit in the cache, Dup() a second fd, and leak the first one. Thanks @slackner for finding this.
2019-01-04fusefrontend: print warning when Create() runs out of file descriptorsJakob Unterwurzacher
We alread have this warning in Open(), but xfstests generic/488 causes "too many open files" via Create. Add the same message so the user sees what is going on.
2019-01-04fusefrontend: fix setting xattrs on directoriesJakob Unterwurzacher
Directories cannot be opened read-write. Retry with RDONLY.
2019-01-04fusefrontend: disable dirCache stats printingJakob Unterwurzacher
This was inadvertedly kept enabled after benchmarking.
2019-01-04fusefrontend: upgrade to three-entry dirCachev1.7-rc1Jakob Unterwurzacher
3 entries should work well for up to three parallel users. It works well for extractloop.bash (two parallel tar extracts).
2019-01-04fusefrontend: Allow to create sparse file of size 4096.Sebastian Lackner
When the old size is zero, there are no existing blocks to merge the new data with. Directly use Ftruncate if the size is block-aligned. Fixes https://github.com/rfjakob/gocryptfs/issues/305
2019-01-04A few more spelling fixes.Sebastian Lackner
Found with the 'codespell' utility.
2019-01-03Omit syscall.O_RDONLY flag when passing O_PATH.Sebastian Lackner
When O_PATH is specified in flags, flag bits other than O_CLOEXEC, O_DIRECTORY, and O_NOFOLLOW are ignored.
2019-01-03fusefrontend: Use appropriate flags in decryptPathAt.Sebastian Lackner
2019-01-03fusefrontend: Open directory with syscall.O_DIRECTORY in OpenDir.Sebastian Lackner
2019-01-03fusefrontend: Open directory with syscall.O_DIRECTORY in Rmdir.Sebastian Lackner
2019-01-03fusefrontend: Do not Clear cache at end of Rmdir function.Sebastian Lackner
We already do 'defer fs.dirCache.Clear()', so this is no longer required.
2019-01-03fusefrontend: Remove debug code.Sebastian Lackner
This code was accidentially added in 4f66d66755da63c78b09201c6c72353009251cf2.
2019-01-03fusefronted: dirCache: fix bug handling ""Jakob Unterwurzacher
Bug looked like this: $ ls -l . total 0 drwxrwxr-x. 2 jakob jakob 60 Jan 3 15:42 foo -rw-rw-r--. 1 jakob jakob 0 Jan 3 15:46 x $ ls -l . ls: cannot access '.': No such file or directory (only happened when "" was in the dirCache)
2019-01-03fusefrontend: add dirCacheJakob Unterwurzacher
2019-01-03nametransform: simplify WriteDirIV to WriteDirIVAtJakob Unterwurzacher
Un-spaghettify the function and let the callers open the directory.
2019-01-02fusefrontend: use O_RDONLY in the ListXAttr fallback pathJakob Unterwurzacher
Copy-paste error. https://github.com/rfjakob/gocryptfs/issues/308
2019-01-02fusefrontend: move openBackingDir into its own fileJakob Unterwurzacher
This function is in all fastpaths, will get a cache, and needs its own file. renamed: internal/fusefrontend/names.go -> internal/fusefrontend/openbackingdir.go renamed: internal/fusefrontend/names_test.go -> internal/fusefrontend/openbackingdir_test.go
2019-01-02fusefronted: make EncryptPath symlink-safeJakob Unterwurzacher
Finally allows us to delete EncryptPathDirIV.
2019-01-02fusefrontend: xattr: fix operations on files without read permissionsJakob Unterwurzacher
* listxattr is fixed via the /proc/self/fd trick * setxattr,removexattr are fixed by opening the file O_WRONLY Fixes https://github.com/rfjakob/gocryptfs/issues/308
2019-01-02fusefrontend: don't downgrade type needlesslyJakob Unterwurzacher
2019-01-02fusefrontend: use Fsetxattr/Fgetxattr/etc on all platformsJakob Unterwurzacher
Darwin now also has these functions, use them. Simplifies the code and makes it symlink-safe on Darwin as well.
2019-01-02fusefrontend: openBackingDir: fix fd leak in error pathJakob Unterwurzacher
Reported by @slackner at https://github.com/rfjakob/gocryptfs/commit/932efbd4593fe6be6c86f0dafeaea32910b7c246#r31813373 thanks!
2019-01-01fusefrontend: fix fd leak in error pathJakob Unterwurzacher
2019-01-01fusefrontend: fix fd leak in Access()Jakob Unterwurzacher
Thanks @slackner! Fixes https://github.com/rfjakob/gocryptfs/issues/306
2019-01-01fusefrontend: xattr: fix hang on FIFOsJakob Unterwurzacher
An Open() a fifo blocks until it is opened for writing. This meant that xattr operations on FIFOs would block. Pass O_NONBLOCK to fix that, and add a test.
2019-01-01fusefrontend: only compile getBackingPath() on DarwinJakob Unterwurzacher
This function is NOT symlink-safe. Darwin needs it because it lacks fgetxattr(2) and friends.
2019-01-01fusefrontend: make ListXAttr symlink-safe on LinuxJakob Unterwurzacher
Uses /proc/self/fd.
2019-01-01fusefrontend: make RemoveXAttr() symlink-safeJakob Unterwurzacher
Uses /proc/self/fd on Linux.
2019-01-01fusefrontend: make SetXAttr() symlink-safe on LinuxJakob Unterwurzacher
Uses the /proc/self/fd trick.
2019-01-01fusefrontend: make GetXAttr() symlink-safe on LinuxJakob Unterwurzacher
Uses the /proc/self/fd trick, which does not work on Darwin.
2019-01-01fusefrontend: make Utimens symlink-safeJakob Unterwurzacher
unix.UtimesNanoAt now also exists on Darwin, yay!
2019-01-01fusefrontend: fix compile failure on DarwinJakob Unterwurzacher
Failure was: + GOOS=darwin + GOARCH=amd64 + go build -tags without_openssl # github.com/rfjakob/gocryptfs/internal/fusefrontend internal/fusefrontend/fs_dir.go:159:60: cannot use origMode | 448 (type uint16) as type uint32 in argument to syscallcompat.Fchmodat internal/fusefrontend/fs_dir.go:170:33: cannot use origMode (type uint16) as type uint32 in argument to syscallcompat.Fchmodat
2019-01-01fusefrontend: mark Truncate, Unlink, Symlink symlink-safeJakob Unterwurzacher
No changes needed.
2019-01-01fusefrontend: make Rmdir symlink-safeJakob Unterwurzacher
Now uses Unlinkat.