summaryrefslogtreecommitdiff
path: root/internal/fusefrontend_reverse/rpath.go
AgeCommit message (Collapse)Author
2020-08-01v2api/reverse: add missing decryptPath call openBackingDirJakob Unterwurzacher
2020-08-01v2api/reverse: implement Lookup & GetattrJakob Unterwurzacher
2020-08-01v2api/reverse: move old fusefrontend_reverse out of the wayJakob Unterwurzacher
fusefrontend_reverse -> fusefrontend_reverse_v1api
2019-03-26reverse mode: support wildcard exclude (--exclude-wildcard)Eduardo M KALINOWSKI
This adds support for gitignore-like wildcards and exclude patters in reverse mode. It (somewhat) fixes #273: no regexp support, but the syntax should be powerful enough to satisfy most needs. Also, since adding a lot of --exclude options can be tedious, it adds the --exclude-from option to read patterns from a file (or files).
2018-09-08syscallcompat: untangle OpenNofollow and rename to OpenDirNofollowJakob Unterwurzacher
The function used to do two things: 1) Walk the directory tree in a manner safe from symlink attacks 2) Open the final component in the mode requested by the caller This change drops (2), which was only used once, and lets the caller handle it. This simplifies the function and makes it fit for reuse in forward mode in openBackingPath(), and for using O_PATH on Linux.
2018-01-17fusefrontend_reverse: use OpenNofollow in findLongnameParentJakob Unterwurzacher
Protects findLongnameParent against symlink races. Also add comments to several functions along the way. Reported at https://github.com/rfjakob/gocryptfs/issues/165
2017-12-07fusefrontend_reverse: secure Access against symlink races (somewhat)Jakob Unterwurzacher
Unfortunately, faccessat in Linux ignores AT_SYMLINK_NOFOLLOW, so this is not completely atomic. Given that the information you get from access is not very interesting, it seems good enough. https://github.com/rfjakob/gocryptfs/issues/165
2017-08-06nametransform: add Dir() functionJakob Unterwurzacher
Dir is like filepath.Dir but returns "" instead of ".". This was already implemented in fusefrontend_reverse as saneDir(). We will need it in nametransform for the improved diriv caching.
2017-07-27fusefrontend_reverse: return ENOENT for undecryptable namesJakob Unterwurzacher
This was working until DecryptName switched to returning EBADMSG instead of EINVAL. Add a test to catch the regression next time.
2017-05-30fusefrontend_reverse: move pathiv to its own packageJakob Unterwurzacher
We will also need it in forward mode.
2017-04-01fusefrontend_reverse: switch to stable inode numbersJakob Unterwurzacher
The volatile inode numbers that we used before cause "find" to complain and error out. Virtual inode numbers are derived from their parent file inode number by adding 10^19, which is hopefully large enough no never cause problems in practice. If the backing directory contains inode numbers higher than that, stat() on these files will return EOVERFLOW. Example directory lising after this change: $ ls -i 926473 gocryptfs.conf 1000000000000926466 gocryptfs.diriv 944878 gocryptfs.longname.hmZojMqC6ns47eyVxLlH2ailKjN9bxfosi3C-FR8mjA 1000000000000944878 gocryptfs.longname.hmZojMqC6ns47eyVxLlH2ailKjN9bxfosi3C-FR8mjA.name 934408 Tdfbf02CKsTaGVYnAsSypA
2017-02-16tests: reverse: check Access() callJakob Unterwurzacher
2017-01-03reverse: add single-entry path cacheJakob Unterwurzacher
Speeds up the "ls -lR" benchmark from 2.6 seconds to 2.0.
2017-01-03reverse: factor out rDecryptNameJakob Unterwurzacher
This prepares the code for the introduction of a path cache.
2016-11-10ctlsock: prevent panic on invalid decrypt requestJakob Unterwurzacher
2016-11-10reverse: fix longname decoding bugJakob Unterwurzacher
This could have caused spurious ENOENT errors. That it did not cause these errors all the time is interesting and probably because an earlier readdir would place the entry in the cache. This masks the bug.
2016-11-10Fix golint warningsJakob Unterwurzacher
$ golint ./... | grep -v underscore | grep -v ALL_CAPS internal/fusefrontend_reverse/rfs.go:52:36: exported func NewFS returns unexported type *fusefrontend_reverse.reverseFS, which can be annoying to use internal/nametransform/raw64_go1.5.go:10:2: exported const HaveRaw64 should have comment (or a comment on this block) or be unexported
2016-10-24Fix misspellingsJakob Unterwurzacher
Close https://github.com/rfjakob/gocryptfs/issues/54
2016-10-08reverse: merge config translation check into isTranslatedConfigJakob Unterwurzacher
Also get rid of useless isFiltered function.
2016-09-29reverse: use per-purpose nonce generationJakob Unterwurzacher
Also pull all the deterministic nonce code into fusefrontend_reverse to greatly simplify the normal code path.
2016-09-28reverse: move newDirIVFile into virtualfile.goJakob Unterwurzacher
After all, is's a virtual file.
2016-09-25reverse: add symlink encryption and Readlink supportJakob Unterwurzacher
2016-09-25reverse: derive file ID and block IVs from file pathsJakob Unterwurzacher
2016-09-25reverse: resolve long names in Open and GetAttrJakob Unterwurzacher
The last patch added functionality for generating gocryptfs.longname.* files, this patch adds support for mapping them back to the full filenames. Note that resolving a long name needs a full readdir. A cache will be implemented later on to improve performance.
2016-09-25reverse: implement dynamic dirivJakob Unterwurzacher
Introduce a unique per-directory diriv that is generated by hashing the encrypted directory path.
2016-09-25reverse: rename types to reverseXYZJakob Unterwurzacher
...to prevent confusion with the forward variants. FS -> reverseFS file -> reverseFile Also add an incomplete read implementation.
2016-09-25reverse: add skeletonJakob Unterwurzacher
Compiles but does not do much else.