summaryrefslogtreecommitdiff
path: root/tests/cli/cli_test.go
AgeCommit message (Collapse)Author
2021-08-20-deterministic-names: accept flag on -initJakob Unterwurzacher
And store it in gocryptfs.conf (=remove DirIV feature flag).
2021-08-17tests/cli/TestBadname: make sure case 5 is never decodableJakob Unterwurzacher
Sometimes, by chance, case 5 resulted in valid decrypted data: --- FAIL: TestBadname (0.08s) cli_test.go:885: Case 5 failed: "J7Rbo1BvfXojpBEr0Qrt_invalid_file GOCRYPTFS_BAD_NAME" in ["file GOCRYPTFS_BAD_NAME,\x9e$O\xc3j\x8c\xd0\x06\x01#\f%k\x02\xcanvalid_file GOCRYPTFS_BAD_NAME,mzaZRF9_0IU-_5vv2wPC_invalid_file GOCRYPTFS_BAD_NAME,file,file_invalid_file GOCRYPTFS_BAD_NAME,mzaZRF9_0IU-_5vv2wP_invalid_file GOCRYPTFS_BAD_NAME"] Add percent signs so base64 decoding always fails. Fixes https://github.com/rfjakob/gocryptfs/runs/3347883728
2021-08-16tests/cli: escape filenames in TestBadname logsJakob Unterwurzacher
I just got this message (not reproducible) with unescaped binary garbage. UnmountErr: "/var/tmp/gocryptfs-test-parent-1026/114471933/TestMountBackground.899727687.mnt" was not found in MountInfo, cannot check for FD leaks UnmountErr: "/var/tmp/gocryptfs-test-parent-1026/114471933/TestConfigPipe.212912444.mnt" was not found in MountInfo, cannot check for FD leaks DecryptName "mzaZRF9_0IU-_5vv2wPC_i": unPad16 error: Padding too long, padLen=49 > 16 OpenDir ".": invalid entry "KqQ346cuOAFHv_qSta5PhAwrongPattern": bad message DecryptName "mzaZRF9_0IU-_5vv2wP_in": unPad16 error: Padding byte at i=10 is invalid --- FAIL: TestBadname (0.11s) cli_test.go:885: Case 5 failed: 'KqQ346cuOAFHv_qSta5P_invalid_file GOCRYPTFS_BAD_NAME' in [file_invalid_file GOCRYPTFS_BAD_NAME,file,mzaZRF9_0IU-_5vv2wPC_invalid_file GOCRYPTFS_BAD_NAME,file GOCRYPTFS_BAD_NAME,�*A���y���Gfnvalid_file GOCRYPTFS_BAD_NAME,mzaZRF9_0IU-_5vv2wP_invalid_file GOCRYPTFS_BAD_NAME] Invalid cipherdir: directory /var/tmp/gocryptfs-test-parent-1026/114471933/TestInitNotEmpty not empty FAIL FAIL github.com/rfjakob/gocryptfs/tests/cli 4.817s
2021-07-31fusefrontend: -sharedstorage: present stable inode numbersJakob Unterwurzacher
Use the Gen field (inode generation) to distinguish hard links while passing the real inode numbers to userspace. Fixes https://github.com/rfjakob/gocryptfs/issues/584
2021-06-21nametransform: rename BadNameFlag to BadnameSuffixJakob Unterwurzacher
2021-06-20Badname file content accessDerDonut
This proposal is the counterpart of the modifications from the `-badname` parameter. It modifies the plain -> cipher mapping for filenames when using `-badname` parameter. The new function `EncryptAndHashBadName` tries to find a cipher filename for the given plain name with the following steps: 1. If `badname` is disabled or direct mapping is successful: Map directly (default and current behaviour) 2. If a file with badname flag has a valid cipher file, this is returned (=File just ends with the badname flag) 3. If a file with a badname flag exists where only the badname flag was added, this is returned (=File cipher name could not be decrypted by function `DecryptName` and just the badname flag was added) 4. Search for all files which cipher file name extists when cropping more and more characters from the end. If only 1 file is found, return this 5. Return an error otherwise This allows file access in the file browsers but most important it allows that you rename files with undecryptable cipher names in the plain directories. Renaming those files will then generate a proper cipher filename One backdraft: When mounting the cipher dir with -badname parameter, you can never create (or rename to) files whose file name ends with the badname file flag (at the moment this is " GOCRYPTFS_BAD_NAME"). This will cause an error. I modified the CLI test function to cover additional test cases. Test [Case 7](https://github.com/DerDonut/gocryptfs/blob/badnamecontent/tests/cli/cli_test.go#L712) cannot be performed since the cli tests are executed in panic mode. The testing is stopped on error. Since the function`DecryptName` produces internal errors when hitting non-decryptable file names, this test was omitted. This implementation is a proposal where I tried to change the minimum amount of existing code. Another possibility would be instead of creating the new function `EncryptAndHashBadName` to modify the signature of the existing function `EncryptAndHashName(name string, iv []byte)` to `EncryptAndHashName(name string, iv []byte, dirfd int)` and integrate the functionality into this function directly. You may allow calling with dirfd=-1 or other invalid values an then performing the current functionality.
2021-03-20tests: MountOrFatal creates mnt dir itselfJakob Unterwurzacher
Allows to drop a few Mkdir()s.
2021-03-12tests: add TestDiskFullJakob Unterwurzacher
Also fix incomplete uid restoration in TestSupplementaryGroups and replace syscall.Setregid and friends with unix.Setregid and friends. This test is added to check if have problems handling a full disk. The ticket https://github.com/rfjakob/gocryptfs/issues/550 states that the full disk was not where the backing gocryptfs filesystem was, but this has no effect on gocryptfs, so we test the harder case.
2021-03-07v2api: -sharestorage: disable hard link tracking & add testsJakob Unterwurzacher
Hard link tracking was not correctly disabled since the migration to the go-fuse v2 api. Add a test to ensure it stays off. Fixes https://github.com/rfjakob/gocryptfs/issues/525
2021-01-10nametransform: make `gocryptfs.diriv` and `gocryptfs.xxx.name` files ↵Jakob Unterwurzacher
world-readable Make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable to make encrypted backups easier when mounting via fstab. Having the files follow chmod/chown of their parent does not seem to be worth the hassle. The content of the diriv files is not secret, and both diriv and name files are protected by the perms of the parent dir. Fixes https://github.com/rfjakob/gocryptfs/issues/539
2020-09-06gocryptfs -init: fix wrong exit code on non-empty dirJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/pull/503
2020-06-06tests: TestBadname: simplify test by using empty filesJakob Unterwurzacher
Simplify the tests by using empty files. Empty files are valid, and we don't check the content anyway. Also adjust comment style a little and add a missing break statement.
2020-06-06Added auto decryption of invalid file namesDerDonut
Changed invalid file decoding and decryption. Function DecryptName now shortens the filename until the filename is decodable and decryptable. Will work with valid **and** invalid Base64URL delimiter (valid delimiter [0-9a-zA-z_\\-]. If the filename is not decryptable at all, it returns the original cipher name with flag suffix Changed cli tests to generate decryptable and undecryptable file names with correct encrypted content. Replacing #474, extends #393
2020-05-17main: accept multiple -passfile optionsJakob Unterwurzacher
Each file will be read and then concatenated for the effictive password. This can be used as a kind of multi-factor authenticiton. Fixes https://github.com/rfjakob/gocryptfs/issues/288
2020-05-09tests: add TestPasswdMasterkeyStdinJakob Unterwurzacher
Tests that `gocryptfs -passwd -masterkey=stdin` works. This was fixed by ff04b1d83ab1201. Fixes https://github.com/rfjakob/gocryptfs/issues/461
2020-05-09tests: cli: rename TestBypass -> TestBadnameJakob Unterwurzacher
The command line option is now called `-badname`, so adjust the test name to match.
2020-02-28Show undecryptable filenames if they match supplied globorcas
Resolves https://github.com/rfjakob/gocryptfs/issues/393
2020-01-25tests: cli: add TestSymlinkedCipherdirJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/450
2019-10-06tests: filter leaked fds by prefixJakob Unterwurzacher
When running $ go test ./tests/matrix/ in isolation, it failed like this: fd leak? before, after: [0r=/dev/null 3w=/dev/null 5r=/proc/8078/fd (hidden:4)] [0r=/dev/null 3w=/dev/null 5w=/tmp/go-build366655199/b001/testlog.txt 7r=/proc/8078/fd (hidden:4)] Filter by prefix to get rid of this spurious test failure.
2019-10-06tests: clarify which process seems to be leaking fdsJakob Unterwurzacher
The tests check if they leak fds themselves, but we also check if gocryptfs leaks fds. Clarify what is what in the error message.
2019-09-08tests: add TestNotIdleJakob Unterwurzacher
Mount with idle timeout of 100ms read something every 10ms. The fs should NOT get unmounted. Regression test for https://github.com/rfjakob/gocryptfs/issues/421
2019-05-13-passwd now takes a passed -scryptn flag into accountJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/400
2019-04-08readpassword: delete CheckTrailingGarbageJakob Unterwurzacher
CheckTrailingGarbage was called even when "-passfile" was used, which is stupid, and causes false positives: https://github.com/rfjakob/gocryptfs/issues/391 (false error "Received trailing garbage after the password" when using -passfile in .bash_profile) Instead of trying to improve the logic to handle that case and make everything even more complicated, delete the function. It is unclear if actually helps in some cases, and it definitely harms as shown by the above bug report.
2019-03-31Allow "nofail" for /etc/fstab useJakob Unterwurzacher
2019-03-30forward mode: create gocryptfs.diriv files with 0440 permissionsJakob Unterwurzacher
Makes it easier to share an encrypted folder via a network drive. https://github.com/rfjakob/gocryptfs/issues/387
2019-01-01tests: teach ListFds() to check other processesJakob Unterwurzacher
2018-10-11tests: fix golint errorJakob Unterwurzacher
Error was: tests/cli/cli_test.go:552: declaration of "err" shadows declaration at tests/cli/cli_test.go:544
2018-10-11tests: add idle timeout testJakob Unterwurzacher
Mount with idle timeout 10ms and check that the process exits by itself within 5 seconds.
2018-09-18main: sanitize commas from fsnameJakob Unterwurzacher
The cipherdir path is used as the fsname, as displayed in "df -T". Now, having a comma in fsname triggers a sanity check in go-fuse, aborting the mount with: /bin/fusermount: mount failed: Invalid argument fuse.NewServer failed: fusermount exited with code 256 Sanitize fsname by replacing any commas with underscores. https://github.com/rfjakob/gocryptfs/issues/262
2018-09-08main: don't read the config file twice (fix pipe bug)Jakob Unterwurzacher
Instead, first Load() the file, then DecryptMasterKey(). Fixes https://github.com/rfjakob/gocryptfs/issues/258
2018-09-08configfile: add LoadAndDecrypt wrapperJakob Unterwurzacher
Callers that do not want to decrypt the masterkey should call plain Load(). https://github.com/rfjakob/gocryptfs/issues/258
2018-08-11reverse mode: add --exclude optionJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/235
2018-07-01configfile: reduce function name stutterJakob Unterwurzacher
configfile.LoadConfFile() -> configfile.Load() configfile.CreateConfFile() -> configfile.Create()
2018-06-07main: accept -dev, -nodev, -suid, -nosuid, -exec, -noexecJakob Unterwurzacher
When mounted via /etc/fstab like this, /a /b fuse.gocryptfs default 0 0 we always get extra options passed. As reported by @mahkoh at https://github.com/rfjakob/gocryptfs/pull/233 : mount passes `-o noexec` if `-o user` is set and `-o exec` is not set. If both `-o user` and `-o exec` are set, it passes `-o exec`. Make these options work, and in addtion, also make -suid and -rw work the same way. Reported-by: @mahkoh
2018-06-05main: make prefixOArgs errors testableJakob Unterwurzacher
By returning an error instead of calling os.Exit, error cases can be tested easily. Error cases were not tested until now.
2018-04-07tests: cli_test: fix fd leakJakob Unterwurzacher
One fd leak found in TestMountBackground.
2018-04-02fsck: add initial implementationJakob Unterwurzacher
Most corruption cases except xattr should be covered. With test filesystem. The output is still pretty ugly. xattr support will be added in the next commits.
2018-04-01main: add "-fsck" flagJakob Unterwurzacher
The fsck operation is not yet implemented, this commits just adds the flag and improves cli flag handling.
2018-02-18readpassword: convert from string to []byteJakob Unterwurzacher
This will allows us to overwrite the password with zeros once we are done with it. https://github.com/rfjakob/gocryptfs/issues/211
2017-11-21main: Add '-devrandom' commandline optionSebastian Lackner
Allows to use /dev/random for generating the master key instead of the default Go implementation. When the kernel random generator has been properly initialized both are considered equally secure, however: * Versions of Go prior to 1.9 just fall back to /dev/urandom if the getrandom() syscall would be blocking (Go Bug #19274) * Kernel versions prior to 3.17 do not support getrandom(), and there is no check if the random generator has been properly initialized before reading from /dev/urandom This is especially useful for embedded hardware with low-entroy. Please note that generation of the master key might block indefinitely if the kernel cannot harvest enough entropy.
2017-07-24tests: check if we close stderr and stdout correctly on mountJakob Unterwurzacher
Currently fails, as reported at https://github.com/rfjakob/gocryptfs/issues/130 .
2017-05-14main: password change: exit with code 12 on wrong passwordJakob Unterwurzacher
We used to return code 8, now we return code 12 as documented in the man page. Also adds a test.
2017-05-07exitcodes: pull all exit code definitions into the packageJakob Unterwurzacher
This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
2017-02-12Check for trailing garbage after the passwordJakob Unterwurzacher
From the comment: // CheckTrailingGarbage tries to read one byte from stdin and exits with a // fatal error if the read returns any data. // This is meant to be called after reading the password, when there is no more // data expected. This helps to catch problems with third-party tools that // interface with gocryptfs.
2016-10-16tests: add test for -password -masterkeyJakob Unterwurzacher
Also, make the other password tests more rigorous by verifying the fs content.
2016-10-16tests: fix stdin password change testJakob Unterwurzacher
It was actually testing extpass a second time.
2016-10-16tests: split "normal" tests into "cli" and "defaults"Jakob Unterwurzacher
Also fixes the failure to run the benchmarks do to the missing gocryptfs.diriv.