encfs/integration/normal.t.pl

469 lines
14 KiB
Perl
Raw Normal View History

#!/usr/bin/perl -w
2020-03-04 22:04:40 +01:00
# Test EncFS standard and paranoid mode
2014-10-21 22:13:36 +02:00
2020-03-04 22:04:40 +01:00
use Test::More tests => 144;
use File::Path;
use File::Copy;
use File::Temp;
use IO::Handle;
require("integration/common.pl");
my $tempDir = $ENV{'TMPDIR'} || "/tmp";
if($^O eq "linux" and $tempDir eq "/tmp") {
2020-03-04 22:04:40 +01:00
# On Linux, /tmp is often a tmpfs mount that does not
# support extended attributes. Use /var/tmp instead.
$tempDir = "/var/tmp";
}
2020-03-04 22:04:40 +01:00
# Find attr binary, Linux
my $setattr = "attr -s encfs -V hello";
my $getattr = "attr -g encfs";
2020-03-04 22:04:40 +01:00
if(system("which xattr >/dev/null 2>&1") == 0)
{
# Mac OS X
$setattr = "xattr -sw encfs hello";
$getattr = "xattr -sp encfs";
}
2020-03-04 22:04:40 +01:00
if(system("which lsextattr >/dev/null 2>&1") == 0)
{
# FreeBSD
$setattr = "setextattr -h user encfs hello";
$getattr = "getextattr -h user encfs";
}
2017-08-26 11:50:01 +02:00
# Do we support xattr ?
my $have_xattr = 1;
if(system("./build/encfs --verbose --version 2>&1 | grep -q HAVE_XATTR") != 0)
{
$have_xattr = 0;
}
2017-08-26 11:50:01 +02:00
# Did we ask, or are we simply able to run "sudo" tests ?
my $sudo_cmd;
2017-08-27 09:50:13 +02:00
if ($> == 0)
2017-08-26 11:50:01 +02:00
{
$sudo_cmd="";
}
elsif (defined($ENV{'SUDO_TESTS'}))
{
$sudo_cmd="sudo";
}
2020-03-04 22:04:40 +01:00
# Test filesystem in standard config mode
my $mode="standard";
&runTests();
2020-03-04 22:04:40 +01:00
# Test filesystem in paranoia config mode
$mode="paranoia";
&runTests();
2020-03-04 22:04:40 +01:00
# Run all tests in the specified mode
sub runTests
{
2020-03-04 22:04:40 +01:00
print STDERR "\nrunTests: mode=$mode xattr=$have_xattr sudo=";
print STDERR (defined($sudo_cmd) ? "1" : "0")."\n";
&newWorkingDir;
2020-03-04 22:04:40 +01:00
&mount;
&remount;
&configFromPipe;
&fileCreation;
&renames;
2020-03-04 22:04:40 +01:00
&links;
&grow;
2020-03-04 22:04:40 +01:00
&truncate;
&internalModification;
&umask0777;
2020-03-04 22:04:40 +01:00
&corruption;
&checkReadError;
&checkWriteError;
&cleanup;
}
2020-03-04 22:04:40 +01:00
# Helper to convert plain-text filename to encrypted filename
sub encName
{
my $plain = shift;
my $enc = qx(./build/encfsctl encode --extpass="echo test" $ciphertext $plain);
chomp($enc);
return $enc;
}
# Create a new empty working directory
sub newWorkingDir
{
2020-03-04 22:04:40 +01:00
our $workingDir = mkdtemp("$tempDir/encfs-normal-tests-XXXX") || BAIL_OUT("Could not create temporary directory");
our $ciphertext = "$workingDir/ciphertext";
mkdir($ciphertext) || BAIL_OUT("Could not create $ciphertext: $!");
2020-03-04 22:04:40 +01:00
our $decrypted = "$workingDir/decrypted";
2018-03-26 23:22:00 +02:00
if ($^O eq "cygwin")
{
2020-03-04 22:04:40 +01:00
$decrypted = "/cygdrive/x";
}
else
{
mkdir($decrypted) || BAIL_OUT("Could not create $decrypted: $!");
2018-03-26 23:22:00 +02:00
}
}
2020-03-04 22:04:40 +01:00
# Unmount and delete mountpoint
sub cleanup
{
2020-03-04 22:04:40 +01:00
portable_unmount($decrypted);
ok(waitForFile("$decrypted/mount", 5, 1), "mount test file gone") || BAIL_OUT("");
2020-03-04 22:04:40 +01:00
rmdir $decrypted;
ok(! -d $decrypted, "unmount ok, mount point removed");
2020-03-04 22:04:40 +01:00
rmtree($workingDir);
ok(! -d $workingDir, "working dir removed");
}
2020-03-04 22:04:40 +01:00
# Mount the filesystem
sub mount
{
2020-03-04 22:04:40 +01:00
delete $ENV{"ENCFS6_CONFIG"};
2020-03-04 22:04:40 +01:00
system("./build/encfs --extpass=\"echo test\" --$mode $ciphertext $decrypted");
ok($? == 0, "encfs mount command returns 0") || BAIL_OUT("");
ok(-f "$ciphertext/.encfs6.xml", "created control file") || BAIL_OUT("");
2020-03-04 22:04:40 +01:00
open(OUT, "> $ciphertext/" . encName("mount"));
close OUT;
ok(waitForFile("$decrypted/mount"), "mount test file exists") || BAIL_OUT("");
}
2020-03-04 22:04:40 +01:00
# Remount and verify content, testing -c option at the same time
sub remount
{
my $contents = "hello world";
open(OUT, "> $decrypted/remount");
print OUT $contents;
close OUT;
2020-03-04 22:04:40 +01:00
portable_unmount($decrypted);
ok(waitForFile("$decrypted/mount", 5, 1), "mount test file gone") || BAIL_OUT("");
2020-03-04 22:04:40 +01:00
rename("$ciphertext/.encfs6.xml", "$ciphertext/.encfs6_moved.xml");
system("./build/encfs -c $ciphertext/.encfs6_moved.xml --extpass=\"echo test\" $ciphertext $decrypted");
ok($? == 0, "encfs remount command returns 0") || BAIL_OUT("");
ok(waitForFile("$decrypted/mount"), "mount test file exists") || BAIL_OUT("");
rename("$ciphertext/.encfs6_moved.xml", "$ciphertext/.encfs6.xml");
2020-03-04 22:04:40 +01:00
checkContents("$decrypted/remount", $contents);
}
2020-03-04 22:04:40 +01:00
# Read the configuration from a named pipe (https://github.com/vgough/encfs/issues/253)
sub configFromPipe
{
2020-03-04 22:04:40 +01:00
portable_unmount($decrypted);
ok(waitForFile("$decrypted/mount", 5, 1), "mount test file gone") || BAIL_OUT("");
2020-03-04 22:04:40 +01:00
rename("$ciphertext/.encfs6.xml", "$ciphertext/.encfs6_moved.xml");
system("mkfifo $ciphertext/.encfs6.xml");
my $child = fork();
unless ($child) {
system("./build/encfs --extpass=\"echo test\" $ciphertext $decrypted");
exit($? >> 8);
}
system("cat $ciphertext/.encfs6_moved.xml > $ciphertext/.encfs6.xml");
waitpid($child, 0);
ok($? == 0, "encfs piped command returns 0") || BAIL_OUT("");
ok(waitForFile("$decrypted/mount"), "mount test file exists") || BAIL_OUT("");
2020-03-17 22:27:36 +01:00
unlink("$ciphertext/.encfs6.xml");
2020-03-04 22:04:40 +01:00
rename("$ciphertext/.encfs6_moved.xml", "$ciphertext/.encfs6.xml");
}
2020-03-04 22:04:40 +01:00
# Test file creation and removal
sub fileCreation
{
# first be sure .encfs6.xml does not show up
my $f = encName(".encfs6.xml");
cmp_ok(length($f), '>', 8, "encrypted name ok");
ok(! -f "$ciphertext/$f", "configuration file .encfs6.xml not visible in $ciphertext");
2020-03-04 22:04:40 +01:00
# create a file
system("cat $0 > $decrypted/create");
ok(-f "$decrypted/create", "file created" ) || BAIL_OUT("file create failed");
2020-03-04 22:04:40 +01:00
# ensure there is an encrypted version.
my $c = encName("create");
cmp_ok(length($c), '>', 8, "encrypted name ok");
ok(-f "$ciphertext/$c", "encrypted file $ciphertext/$c created");
2020-03-04 22:04:40 +01:00
# check contents
system("diff $0 $decrypted/create");
ok($? == 0, "encrypted file readable");
2020-03-04 22:04:40 +01:00
unlink "$decrypted/create";
ok(! -f "$decrypted/create", "file removal");
ok(! -f "$ciphertext/$c", "file removal");
}
2020-03-04 22:04:40 +01:00
# Test renames
sub renames
{
2020-03-04 22:04:40 +01:00
ok(open(F, ">$decrypted/rename-orig") && close F, "create file for rename test");
ok(-f "$decrypted/rename-orig", "file exists");
2020-03-04 22:04:40 +01:00
ok(rename("$decrypted/rename-orig", "$decrypted/rename-new"), "rename");
ok(! -f "$decrypted/rename-orig", "file exists");
ok(-f "$decrypted/rename-new", "file exists");
2020-03-04 22:04:40 +01:00
# rename directory with contents
ok(mkpath("$decrypted/rename-dir-orig/foo"), "mkdir for rename test");
ok(open(F, ">$decrypted/rename-dir-orig/foo/bar") && close F, "make file");
2020-03-04 22:04:40 +01:00
ok(rename("$decrypted/rename-dir-orig", "$decrypted/rename-dir-new"), "rename dir");
ok(-f "$decrypted/rename-dir-new/foo/bar", "dir rename contents");
2020-03-04 22:04:40 +01:00
# TODO: rename failure? (check undo works)
2020-03-04 22:04:40 +01:00
# check time stamps of files on rename
my $mtime = (stat "$decrypted/rename-new")[9];
# change time to 60 seconds earlier
my $olderTime = $mtime - 60;
ok(utime($olderTime, $olderTime, "$decrypted/rename-new"), "change time");
2020-03-04 22:04:40 +01:00
ok(rename("$decrypted/rename-new", "$decrypted/rename-time"), "rename");
is((stat "$decrypted/rename-time")[9], $olderTime, "time unchanged by rename");
2020-03-04 22:04:40 +01:00
# TODO: # check time stamps of directories on rename (https://github.com/vgough/encfs/pull/541)
}
2020-03-04 22:04:40 +01:00
# Test symlinks & hardlinks, and extended attributes
sub links
{
2020-03-04 22:04:40 +01:00
my $contents = "hello world";
ok(open(OUT, "> $decrypted/link-data"), "create file for link test");
print OUT $contents;
close OUT;
2020-03-04 22:04:40 +01:00
# symlinks
ok(symlink("$decrypted/link-data", "$decrypted/link-data-fqn") , "fqn symlink");
checkContents("$decrypted/link-data-fqn", $contents, "fqn link traversal");
is(readlink("$decrypted/link-data-fqn"), "$decrypted/link-data", "read fqn symlink");
2020-03-04 22:04:40 +01:00
ok(symlink("link-data", "$decrypted/link-data-rel"), "local symlink");
checkContents("$decrypted/link-data-rel", $contents, "rel link traversal");
is(readlink("$decrypted/link-data-rel"), "link-data", "read rel symlink");
2020-03-04 22:04:40 +01:00
if ($mode eq "standard")
{
ok(link("$decrypted/link-data", "$decrypted/link-data-hard"), "hard link");
checkContents("$decrypted/link-data-hard", $contents, "hardlink read");
}
2020-03-04 22:04:40 +01:00
# extended attributes
SKIP: {
skip "No xattr support", 3 unless ($have_xattr);
system("$setattr $decrypted/link-data");
my $rc = $?;
is($rc, 0, "extended attributes can be set (return code was $rc)");
system("$getattr $decrypted/link-data");
$rc = $?;
is($rc, 0, "extended attributes can be get (return code was $rc)");
# this is suppused to fail, so get rid of the error message
system("$getattr $decrypted/link-data-rel 2>/dev/null");
$rc = $?;
isnt($rc, 0, "extended attributes operations do not follow symlinks (return code was $rc)");
};
}
# Test file growth
sub grow
{
2020-03-04 22:04:40 +01:00
open(my $fh_a, "+>$decrypted/grow");
open(my $fh_b, "+>$workingDir/grow");
my $d = "1234567"; # Length 7 so we are not aligned to the block size
my $len = 7;
my $old = "";
my $errs = 0;
my $i;
2020-03-04 22:04:40 +01:00
for ($i=1; $i<1000; $i++)
{
print($fh_a $d);
print($fh_b $d);
my $a = md5fh($fh_a);
my $b = md5fh($fh_b);
my $size = $len * $i;
# md5sums must be identical but must have changed
if($a ne $b || $a eq $old)
{
$errs++;
}
$old = $a;
}
ok($errs == 0, "grow file by $len bytes, $i times");
close($fh_a);
close($fh_b);
}
2020-03-04 22:04:40 +01:00
# Test truncate and grow
sub truncate
{
2020-03-04 22:04:40 +01:00
# write to file, then truncate it
ok(open(OUT, "+> $decrypted/truncate"), "create truncate-test file");
autoflush OUT 1;
print OUT "1234567890ABCDEFGHIJ";
2020-03-04 22:04:40 +01:00
is(-s "$decrypted/truncate", 20, "initial file size");
2020-03-04 22:04:40 +01:00
ok(truncate(OUT, 10), "truncate");
2020-03-04 22:04:40 +01:00
is(-s "$decrypted/truncate", 10, "truncated file size");
is(qx(cat "$decrypted/truncate"), "1234567890", "truncated file contents");
2020-03-04 22:04:40 +01:00
# try growing the file as well.
ok(truncate(OUT, 30), "truncate extend");
is(-s "$decrypted/truncate", 30, "truncated file size");
2020-03-04 22:04:40 +01:00
seek(OUT, 30, 0);
print OUT "12345";
is(-s "$decrypted/truncate", 35, "truncated file size");
2020-03-04 22:04:40 +01:00
is(md5fh(*OUT), "5f170cc34b1944d75d86cc01496292df", "content digest");
2020-03-04 22:04:40 +01:00
# try crossing block boundaries
seek(OUT, 10000,0);
print OUT "abcde";
2020-03-04 22:04:40 +01:00
is(md5fh(*OUT), "117a51c980b64dcd21df097d02206f98", "content digest");
2020-03-04 22:04:40 +01:00
# then truncate back to 35 chars
truncate(OUT, 35);
is(md5fh(*OUT), "5f170cc34b1944d75d86cc01496292df", "content digest");
2020-03-04 22:04:40 +01:00
close OUT;
}
2020-03-04 22:04:40 +01:00
# Test internal modification
# Create a file of fixed size and overwrite data at different offsets
# (like a database would do)
sub internalModification
{
2020-03-04 22:04:40 +01:00
$ofile = "$workingDir/internal";
writeZeroes($ofile, 2*1024);
ok(copy($ofile, "$decrypted/internal"), "copying crypt-internal file");
2020-03-04 22:04:40 +01:00
open(my $out1, "+<", "$decrypted/internal");
open(my $out2, "+<", $ofile);
2020-03-04 22:04:40 +01:00
@fhs = ($out1, $out2);
2020-03-04 22:04:40 +01:00
$ori = md5fh($out1);
$b = md5fh($out2);
2020-03-04 22:04:40 +01:00
ok($ori eq $b, "random file md5 matches");
2020-03-04 22:04:40 +01:00
my @offsets = (10, 30, 1020, 1200);
foreach my $o (@offsets)
{
foreach my $fh (@fhs)
{
seek($fh, $o, 0);
print($fh "garbagegarbagegarbagegarbagegarbage");
}
$a = md5fh($out1);
$b = md5fh($out2);
ok(($a eq $b) && ($a ne $ori), "internal modification at $o");
}
2020-03-04 22:04:40 +01:00
close($out1);
close($out2);
}
2020-03-04 22:04:40 +01:00
# Test that we can create and write to a a 0777 file (https://github.com/vgough/encfs/issues/181)
sub umask0777
{
my $old = umask(0777);
2020-03-04 22:04:40 +01:00
ok(open(my $fh, "+>$decrypted/umask0777"), "open with umask 0777");
close($fh);
umask($old);
}
2020-03-04 22:04:40 +01:00
# Test Corruption
# Modify the encrypted file and verify that the MAC check detects it
sub corruption
{
2020-03-04 22:04:40 +01:00
if ($mode ne "paranoia")
2018-03-26 23:22:00 +02:00
{
2020-03-04 22:04:40 +01:00
return;
2018-03-26 23:22:00 +02:00
}
2020-03-04 22:04:40 +01:00
ok(open(OUT, "+> $decrypted/corruption") && print(OUT "12345678901234567890")
&& close(OUT), "create corruption-test file");
2020-03-04 22:04:40 +01:00
$e = encName("corruption");
ok(open(OUT, ">> $ciphertext/$e") && print(OUT "garbage") && close(OUT), "corrupting raw file");
2020-03-04 22:04:40 +01:00
ok(open(IN, "< $decrypted/corruption"), "open corrupted file");
my $content;
$result = read(IN, $content, 20);
# Cygwin returns EINVAL for now
ok(($!{EBADMSG} || $!{EINVAL}) && (! defined $result), "corrupted file with MAC returns read error: $!");
}
# Test that read errors are correctly thrown up to us
sub checkReadError
{
# Not sure how to implement this, so feel free !
ok(1, "read error");
}
# Test that write errors are correctly thrown up to us
sub checkWriteError
{
2017-08-26 11:50:01 +02:00
# No OSX impl (for now, feel free to find how to), and requires "sudo".
2020-03-04 22:04:40 +01:00
SKIP: {
skip "No tmpfs/sudo support", 6 unless ($^O ne "darwin" && defined($sudo_cmd));
rename("$ciphertext/.encfs6.xml", "$workingDir/.encfs6.xml");
$ENV{"ENCFS6_CONFIG"} = "$workingDir/.encfs6.xml";
my $ciphertext = "$ciphertext.tmpfs";
mkdir($ciphertext) || BAIL_OUT("Could not create $ciphertext: $!");
my $decrypted = "$decrypted.tmpfs";
if ($^O eq "cygwin")
{
$decrypted = "/cygdrive/y";
}
else
{
mkdir($decrypted) || BAIL_OUT("Could not create $decrypted: $!");
}
system("$sudo_cmd mount -t tmpfs -o size=1m tmpfs $ciphertext");
ok($? == 0, "mount command returns 0") || BAIL_OUT("");
system("./build/encfs --extpass=\"echo test\" $ciphertext $decrypted");
ok($? == 0, "encfs tmpfs command returns 0") || BAIL_OUT("");
open(OUT, "> $ciphertext/" . encName("mount"));
close OUT;
ok(waitForFile("$decrypted/mount"), "mount test file exists") || BAIL_OUT("");
ok(open(OUT , "> $decrypted/file"), "write content");
while (print OUT "0123456789") {}
ok($!{ENOSPC}, "write returned $! instead of ENOSPC");
close OUT;
portable_unmount($decrypted);
ok(waitForFile("$decrypted/mount", 5, 1), "mount test file gone") || BAIL_OUT("");
system("$sudo_cmd umount $ciphertext");
};
}