summaryrefslogtreecommitdiff
path: root/internal
AgeCommit message (Collapse)Author
2016-07-03nametransform: hide detailed padding error behind the debug flagJakob Unterwurzacher
unPad16 returns detailed errors including the position of the incorrect bytes. Kill a possible padding oracle by lumping everything into a generic error. The detailed error is only logged if debug is active.
2016-07-02fusefrontend: add fallocate supportJakob Unterwurzacher
Mode=0 (default) and mode=1 (keep size) are supported. The patch includes test cases and the whole thing passed xfstests. Fixes https://github.com/rfjakob/gocryptfs/issues/1 .
2016-07-02fusefronted: move Truncate() and Allocate() to their own fileJakob Unterwurzacher
These are large complicated implementations that will share some code.
2016-07-02contentenc: rename PlaintextRange and CiphertextRangeJakob Unterwurzacher
The name could be misunderstood and actually caused a bug: doWrite used to always preallocate 4128 instead of the actual data length.
2016-07-01fusefrontend: coalesce grows in Truncate()Jakob Unterwurzacher
We were growing the file block-by-block which was pretty inefficient. We now coalesce all the grows into a single Ftruncate. Also simplifies the code! Simplistic benchmark: Before: $ time truncate -s 1000M foo real 0m0.568s After: $ time truncate -s 1000M foo real 0m0.205s
2016-07-01fusefrontend: better comments for TruncateJakob Unterwurzacher
2016-06-30fusefrontend: handle dir-overwrites-dir on XFSJakob Unterwurzacher
XFS returns a different error code if you try to overwrite a non-empty directory with a directory: XFS: mv: cannot move ‘foo’ to ‘bar/foo’: File exists ext4: mv: cannot move 'foo' to 'bar/foo': Directory not empty So have EEXIST trigger the Rmdir logic as well. Fixes issue #20 Link: https://github.com/rfjakob/gocryptfs/issues/20
2016-06-27tlog: clean up messages from the go-fuse libraryJakob Unterwurzacher
Drop the date and add the "go-fuse: " prefix so you can see where the message is coming from. Before: Jun 27 09:03:15 brikett gocryptfs[4150]: 2016/06/27 09:03:15 Unimplemented opcode INTERRUPT After: Jun 27 09:10:58 brikett gocryptfs[4961]: go-fuse: Unimplemented opcode INTERRUPT
2016-06-27fusefrontend: fix PlaintextNames versions of Mkdir, RmdirJakob Unterwurzacher
The "!fs.args.DirIV" special case was removed by b17f0465c7 but that, by accident, also removed the handling for PlaintextNames. Re-add it as an explicit PlaintextNames special case. Also adds support for removing directories that miss their gocryptfs.diriv file for some reason.
2016-06-26tlog: switch default logger to syslogJakob Unterwurzacher
...unless "-nosyslog" is passed. All gocryptfs messages already go to syslog, but the messages that the go-fuse lib emits were still printed to stdout. Fixes issue #13 ( https://github.com/rfjakob/gocryptfs/issues/13 )
2016-06-26main, fusefrontend: enable suid functionalityJakob Unterwurzacher
FUSE filesystems are mounted with "nosuid" by default. If we run as root, we can use device files by passing the opposite mount option, "suid". Also we have to use syscall.Chmod instead of os.Chmod because the portability translation layer "syscallMode" messes up the sgid and suid bits. Fixes 70% of the failures in xfstests generic/193. The remaining are related to truncate, but we err on the safe side: $ diff -u tests/generic/193.out /home/jakob/src/fuse-xfstests/results//generic/193.out.bad [...] check that suid/sgid bits are cleared after successful truncate... with no exec perm before: -rwSr-Sr-- -after: -rw-r-Sr-- +after: -rw-r--r--
2016-06-26fusefronted: preserve owner if running as rootJakob Unterwurzacher
If allow_other is set and we run as root, try to give newly created files to the right user.
2016-06-26fuserfrontend: support truncate(2) by wrapping ftruncate(2)Jakob Unterwurzacher
Support truncate(2) by opening the file and calling ftruncate(2) While the glibc "truncate" wrapper seems to always use ftruncate, fsstress from xfstests uses this a lot by calling "truncate64" directly.
2016-06-23Drop deprecated "-gcmiv128" optionJakob Unterwurzacher
The GCMIV128 feature flag is already mandatory, dropping the command line option is the final step. Completes https://github.com/rfjakob/gocryptfs/issues/29 .
2016-06-23Drop deprecated "-emenames" optionJakob Unterwurzacher
The EMENames feature flag is already mandatory, dropping the command line option is the final step.
2016-06-23nametransform: drop unused noiv functionsJakob Unterwurzacher
As DirIV is now mandatory there is no user for the noiv functions.
2016-06-23Drop deprecated "-diriv" optionJakob Unterwurzacher
The DirIV feature flag is already mandatory, dropping the command line option is the final step.
2016-06-19Refuse mounting of v0.6 and older filesystemsJakob Unterwurzacher
2016-06-16Mount v0.6 and older filesystems as read-onlyJakob Unterwurzacher
This is part of the phase-out of very old filesystems. See https://github.com/rfjakob/gocryptfs/wiki/Compatibility for more info.
2016-06-16tests: update config_test example filesJakob Unterwurzacher
Recreate the files so they carry all feature flags. Also, create them with "-scryptn 10" to speed up the tests.
2016-06-16tests: exit with correct error code from TestMainJakob Unterwurzacher
extpass_test and example_filesystems_test did it wrong, always returning 0.
2016-06-16readpassword: clean up leftover debug commitJakob Unterwurzacher
2016-06-16Rename nametransform, contentenc source filesJakob Unterwurzacher
Let's have shorter names, and merge *_api.go into the "main" file. No code changes.
2016-06-15Rename internal "toggledlog" package to "tlog"Jakob Unterwurzacher
tlog is used heavily everywhere and deserves a shorter name. Renamed using sed magic, without any manual rework: find * -type f -exec sed -i 's/toggledlog/tlog/g' {} +
2016-06-15toggledlog: assume command of color handlingJakob Unterwurzacher
We want to use colored error messages also outside of main, so let's handle it in the logging package. The fatal logger now automatically prints red.
2016-06-15readpassword: create internal package for password readingJakob Unterwurzacher
* Supports stdin * Add tests for extpass and stdin As per user request at https://github.com/rfjakob/gocryptfs/issues/30
2016-06-14Fix warnings reported by Go 1.6 "go tool vet -shadow=true"Jakob Unterwurzacher
Warnings were: main.go:234: declaration of err shadows declaration at main.go:163: internal/fusefrontend/file.go:401: declaration of err shadows declaration at internal/fusefrontend/file.go:379: internal/fusefrontend/file.go:419: declaration of err shadows declaration at internal/fusefrontend/file.go:379: internal/fusefrontend/fs_dir.go:140: declaration of err shadows declaration at internal/fusefrontend/fs_dir.go:97:
2016-06-09fusefrontend: Utimens: convert ENOENT to EBADFJakob Unterwurzacher
If /proc/self/fd/X did not exist, the actual error is that the file descriptor was invalid. go-fuse's pathfs prefers using an open fd even for path-based operations but does not take any locks to prevent the fd from being closed. Instead, it retries the operation by path if it get EBADF. So this change allows the retry logic to work correctly. This fixes the error rsync: failed to set times on "/tmp/ping.Kgw.mnt/linux-3.0/[...]/.dvb_demux.c.N7YlEM": No such file or directory (2) that was triggered by pingpong-rsync.bash.
2016-06-08fusefrontend: fix chown on dangling symlinksJakob Unterwurzacher
We (actually, go-fuse) used to call Chown() instead of Lchown() which meant that the operation would fail on dangling symlinks. Fix this by calling os.Lchown() ourself. Also add a test case for this.
2016-06-06configfile: warn about missing feature flagsJakob Unterwurzacher
The plan is to drop support for the oldest filesystem versions in gocryptfs v1.0. For now, we only warn the user.
2016-06-05toggledlog: convert remaing naked fmt.Print*Jakob Unterwurzacher
Several fatal errors were just printed to stdout, which meant they were invisible when running the test suite. Fix this by introducing toggledlog.Fatal and convert as follows: Fatal errors -> toggledlog.Fatal Warnings -> toggledlog.Warn Password prompts -> fmt.Fprintf
2016-06-05main: print actual error from LoadConfFile()Jakob Unterwurzacher
It may not have been a "Wrong password" after all. Also, push down disabling the warning so LoadConfFile() can warn about things that matter.
2016-06-05configfile: use map[flagIota] for feature flagsJakob Unterwurzacher
This should make things saner and more extensible. It prepares the infrastructure for "required feature flags" that will be used to deprecate old gocryptfs version.
2016-06-05configfile: bake the "Creator" gocryptfs version into the fileJakob Unterwurzacher
This field is added for the convenience of users and may help them to identify which gocryptfs version they need to mount a filesystem. The same information is essentially contained in FeatureFlags, but this is more difficult to decode for humans. It is completely ignored programmatically (also by older gocryptfs versions).
2016-06-04fusefrontend: report an error if all files in a directory were invalidJakob Unterwurzacher
Just presenting an empty directory means that the user does not know that things went wrong unless he checks the syslog or tries to delete the directory. It would be nice to report the error even if only some files were invalid. However, go-fuse does not allow returning the valid directory entries AND an error.
2016-06-01nametransform, main: better error messagesJakob Unterwurzacher
2016-05-30fusefrontend: replace unreliable "fd < 0" checkJakob Unterwurzacher
... with the "released" boolean. For some reason, the "f.fd.Fd() < 0" check did not work reliably, leading to nil pointer panics on the following wlock.lock(). The problem was discovered during fsstress testing and is unlikely to happen in normal operations. With this change, we passed 1700+ fsstress iterations.
2016-05-30toggledlog: wpanic: use Logger.Panic instead of naked panicJakob Unterwurzacher
This makes sure the panic message also ends up in syslog (if enabled).
2016-05-29fusefrontend: use sync.Once for one-time warningsJakob Unterwurzacher
Using a simple boolean was racy (which was harmless in this case) and non-idomatic.
2016-05-29fusefronted: check Fstat return value on file createJakob Unterwurzacher
The Fstat call should never fail, but still, if it does return an error it should be handled properly.
2016-05-29fusefrontend: simplify wlockMapJakob Unterwurzacher
mapMutex can be anonymous and using an RWMutex is overkill because the lock protects very short sections.
2016-05-29fusefrontend: remove unused "forgotten" variableJakob Unterwurzacher
The functionality has long been replaced by the fd < 0 check.
2016-05-22stupidgcm: add benchmark.bash wrapperJakob Unterwurzacher
Add a simple bash wrapper to make it easier to run the GCM benchmarks.
2016-05-12Encrypt path in statfs() callsDavid Gnedt
Paths in statfs() calls were not encrypted resulting in an Function not implemented error, when the unencrypted path didn't exist in the underlying (encrypted) filesystem. $ df plain/existingdir df: ‘plain/existingdir’: Function not implemented
2016-05-12prefer_openssl: add amd64 constraintJakob Unterwurzacher
Optimized assembly versions for Go GCM are only available on amd64.
2016-05-12prefer_openssl: autodetect whether to use OpenSSL or Go GCMJakob Unterwurzacher
Go GCM is faster than OpenSSL if the CPU has AES instructions and you are running Go 1.6+. The "-openssl" option now defaults to "auto". "gocryptfs -debug -version" displays the result of the autodetection. See https://github.com/rfjakob/gocryptfs/issues/23 for details and benchmarks.
2016-05-08fusefrontend: fix panic due to concurrently unregistered wlockJakob Unterwurzacher
Commit 730291feab properly freed wlock when the file descriptor is closed. However, concurrently running Write and Truncates may still want to lock it. Check if the fd has been closed first.
2016-05-05fusefrontend: fix wlock memory leakJakob Unterwurzacher
The write lock was not freed on release, causing a slow memory leak. This was noticed by running extractloop.bash for 10 hours.
2016-05-05stupidgcm: set dummy locking callback.v0.10-rc2Jakob Unterwurzacher
In general, OpenSSL is only threadsafe if you provide a locking function through CRYPTO_set_locking_callback. However, the GCM operations that stupidgcm uses never call that function. To guard against that ever changing, set a dummy locking callback that crashes the app.
2016-05-05stupidgcm: skip tests on Go 1.4 and olderJakob Unterwurzacher
Quoting from the patch: We compare against Go's built-in GCM implementation. Since stupidgcm only supports 128-bit IVs and Go only supports that from 1.5 onward, we cannot run these tests on older Go versions.