package fusefrontend_reverse import ( "log" "os" "path/filepath" "strings" "sync/atomic" "syscall" "golang.org/x/sys/unix" "github.com/hanwen/go-fuse/v2/fs" "github.com/hanwen/go-fuse/v2/fuse" "github.com/rfjakob/gocryptfs/v2/internal/contentenc" "github.com/rfjakob/gocryptfs/v2/internal/exitcodes" "github.com/rfjakob/gocryptfs/v2/internal/fusefrontend" "github.com/rfjakob/gocryptfs/v2/internal/inomap" "github.com/rfjakob/gocryptfs/v2/internal/nametransform" "github.com/rfjakob/gocryptfs/v2/internal/syscallcompat" "github.com/rfjakob/gocryptfs/v2/internal/tlog" "github.com/sabhiram/go-gitignore" ) // RootNode is the root directory in a `gocryptfs -reverse` mount type RootNode struct { Node // Stores configuration arguments args fusefrontend.Args // Filename encryption helper nameTransform *nametransform.NameTransform // Content encryption helper contentEnc *contentenc.ContentEnc // Tests whether a path is excluded (hidden) from the user. Used by -exclude. excluder ignore.IgnoreParser // inoMap translates inode numbers from different devices to unique inode // numbers. inoMap *inomap.InoMap // rootDev stores the device number of the backing directory. Used for // --one-file-system. rootDev uint64 // If a file name length is shorter than shortNameMax, there is no need to // hash it. shortNameMax int // gen is the node generation number. Normally, it is always set to 1, // but reverse mode, like -sharestorage, uses an incrementing counter for new nodes. // This makes each directory entry unique (even hard links), // makes go-fuse hand out separate FUSE Node IDs for each, and prevents // bizarre problems when inode numbers are reused behind our back, // like this one: https://github.com/rfjakob/gocryptfs/issues/802 gen uint64 // rootIno is the inode number that we report for the root node on mount rootIno uint64 } // NewRootNode returns an encrypted FUSE overlay filesystem. // In this case (reverse mode) the backing directory is plain-text and // ReverseFS provides an encrypted view. func NewRootNode(args fusefrontend.Args, c *contentenc.ContentEnc, n *nametransform.NameTransform) *RootNode { var rootDev uint64 var st syscall.Stat_t var statErr error var shortNameMax int if statErr = syscall.Stat(args.Cipherdir, &st); statErr != nil { tlog.Warn.Printf("Could not stat backing directory %q: %v", args.Cipherdir, statErr) if args.OneFileSystem { tlog.Fatal.Printf("This is a fatal error in combination with -one-file-system") os.Exit(exitcodes.CipherDir) } } else { rootDev = uint64(st.Dev) } shortNameMax = n.GetLongNameMax() * 3 / 4 shortNameMax = shortNameMax - shortNameMax%16 - 1 rn := &RootNode{ args: args, nameTransform: n, contentEnc: c, inoMap: inomap.New(rootDev), rootDev: rootDev, shortNameMax: shortNameMax, } if statErr == nil { rn.inoMap.TranslateStat(&st) rn.rootIno = st.Ino } if len(args.Exclude) > 0 || len(args.ExcludeWildcard) > 0 || len(args.ExcludeFrom) > 0 { rn.excluder = prepareExcluder(args) } return rn } // You can pass either gocryptfs.longname.XYZ.name or gocryptfs.longname.XYZ. func (rn *RootNode) findLongnameParent(fd int, diriv []byte, longname string) (pName string, cFullName string, errno syscall.Errno) { defer func() { tlog.Debug.Printf("findLongnameParent: %d %x %q -> %q %q %d\n", fd, diriv, longname, pName, cFullName, errno) }() if strings.HasSuffix(longname, nametransform.LongNameSuffix) { longname = nametransform.RemoveLongNameSuffix(longname) } entries, err := syscallcompat.Getdents(fd) if err != nil { errno = fs.ToErrno(err) return } for _, entry := range entries { if len(entry.Name) <= rn.shortNameMax { continue } cFullName, err = rn.nameTransform.EncryptName(entry.Name, diriv) if err != nil { continue } if len(cFullName) <= unix.NAME_MAX && len(cFullName) <= rn.nameTransform.GetLongNameMax() { // Entry should have been skipped by the shortNameMax check above log.Panic("logic error or wrong shortNameMax?") } hName := rn.nameTransform.HashLongName(cFullName) if longname == hName { pName = entry.Name break } } if pName == "" { errno = syscall.ENOENT return } return } // isExcludedPlain finds out if the plaintext path "pPath" is // excluded (used when -exclude is passed by the user). func (rn *RootNode) isExcludedPlain(pPath string) bool { // root dir can't be excluded if pPath == "" { return false } return rn.excluder != nil && rn.excluder.MatchesPath(pPath) } // excludeDirEntries filters out directory entries that are "-exclude"d. // pDir is the relative plaintext path to the directory these entries are // from. The entries should be plaintext files. func (rn *RootNode) excludeDirEntries(d *dirfdPlus, entries []fuse.DirEntry) (filtered []fuse.DirEntry) { if rn.excluder == nil { return entries } filtered = make([]fuse.DirEntry, 0, len(entries)) for _, entry := range entries { // filepath.Join handles the case of pDir="" correctly: // Join("", "foo") -> "foo". This does not: pDir + "/" + name" p := filepath.Join(d.pPath, entry.Name) if rn.isExcludedPlain(p) { // Skip file continue } filtered = append(filtered, entry) } return filtered } // uniqueStableAttr returns a fs.StableAttr struct with a unique generation number, // preventing files to appear hard-linked, even when they have the same inode number. // // This is good because inode numbers can be reused behind our back, which could make // unrelated files appear hard-linked. // Example: https://github.com/rfjakob/gocryptfs/issues/802 func (rn *RootNode) uniqueStableAttr(mode uint32, ino uint64) fs.StableAttr { return fs.StableAttr{ Mode: mode, Ino: ino, // Make each directory entry a unique node by using a unique generation // value. Also see the comment at RootNode.gen for details. Gen: atomic.AddUint64(&rn.gen, 1), } } func (rn *RootNode) RootIno() uint64 { return rn.rootIno }