1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
package fusefrontend_reverse
import (
"log"
"strings"
"syscall"
"golang.org/x/sys/unix"
"github.com/hanwen/go-fuse/v2/fs"
"github.com/rfjakob/gocryptfs/internal/contentenc"
"github.com/rfjakob/gocryptfs/internal/fusefrontend"
"github.com/rfjakob/gocryptfs/internal/inomap"
"github.com/rfjakob/gocryptfs/internal/nametransform"
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
"github.com/sabhiram/go-gitignore"
)
// RootNode is the root directory in a `gocryptfs -reverse` mount
type RootNode struct {
Node
// Stores configuration arguments
args fusefrontend.Args
// Filename encryption helper
nameTransform nametransform.NameTransformer
// Content encryption helper
contentEnc *contentenc.ContentEnc
// Tests whether a path is excluded (hidden) from the user. Used by -exclude.
excluder *ignore.GitIgnore
// inoMap translates inode numbers from different devices to unique inode
// numbers.
inoMap *inomap.InoMap
}
// NewRootNode returns an encrypted FUSE overlay filesystem.
// In this case (reverse mode) the backing directory is plain-text and
// ReverseFS provides an encrypted view.
func NewRootNode(args fusefrontend.Args, c *contentenc.ContentEnc, n nametransform.NameTransformer) *RootNode {
return &RootNode{
args: args,
nameTransform: n,
contentEnc: c,
inoMap: inomap.New(),
excluder: prepareExcluder(args),
}
}
// You can pass either gocryptfs.longname.XYZ.name or gocryptfs.longname.XYZ.
func (rn *RootNode) findLongnameParent(fd int, diriv []byte, longname string) (pName string, cFullName string, errno syscall.Errno) {
if strings.HasSuffix(longname, nametransform.LongNameSuffix) {
longname = nametransform.RemoveLongNameSuffix(longname)
}
entries, err := syscallcompat.Getdents(fd)
if err != nil {
errno = fs.ToErrno(err)
return
}
for _, entry := range entries {
if len(entry.Name) <= shortNameMax {
continue
}
cFullName = rn.nameTransform.EncryptName(entry.Name, diriv)
if len(cFullName) <= unix.NAME_MAX {
// Entry should have been skipped by the "continue" above
log.Panic("logic error or wrong shortNameMax constant?")
}
hName := rn.nameTransform.HashLongName(cFullName)
if longname == hName {
pName = entry.Name
break
}
}
if pName == "" {
errno = syscall.ENOENT
return
}
return
}
// isExcludedPlain finds out if the plaintext path "pPath" is
// excluded (used when -exclude is passed by the user).
func (rn *RootNode) isExcludedPlain(pPath string) bool {
return rn.excluder != nil && rn.excluder.MatchesPath(pPath)
}
|