mirror of
https://github.com/vgough/encfs.git
synced 2024-11-21 23:43:26 +01:00
Add a new option --reversewrite
to clearly indicate we want to mount reverse in write mode.
This commit is contained in:
parent
209d681564
commit
44c7576f21
@ -1064,14 +1064,6 @@ RootPtr createV6Config(EncFS_Context *ctx,
|
||||
if (opts->requireMac) {
|
||||
blockMACBytes = 8;
|
||||
}
|
||||
if (reverseEncryption) {
|
||||
/* Reverse mounts are read-only by default (set in main.cpp).
|
||||
* If uniqueIV is off, writing can be allowed, because there
|
||||
* is no header that could be overwritten */
|
||||
if (!uniqueIV) {
|
||||
opts->readOnly = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (answer[0] == 'x' || alg.name.empty()) {
|
||||
@ -1095,11 +1087,11 @@ RootPtr createV6Config(EncFS_Context *ctx,
|
||||
if (reverseEncryption) {
|
||||
cout << _("reverse encryption - chained IV and MAC disabled") << "\n";
|
||||
uniqueIV = selectUniqueIV(false);
|
||||
/* Reverse mounts are read-only by default (set in main.cpp).
|
||||
* If uniqueIV is off, writing can be allowed, because there
|
||||
* is no header that could be overwritten */
|
||||
if (!uniqueIV) {
|
||||
opts->readOnly = false;
|
||||
/* If uniqueIV is off, writing can be allowed, because there
|
||||
* is no header that could be overwritten.
|
||||
* So if it is on, enforce readOnly. */
|
||||
if (uniqueIV) {
|
||||
opts->readOnly = true;
|
||||
}
|
||||
} else {
|
||||
chainedIV = selectChainedIV();
|
||||
@ -1581,11 +1573,11 @@ RootPtr initFS(EncFS_Context *ctx, const std::shared_ptr<EncFS_Opts> &opts) {
|
||||
"The configuration loaded is not compatible with --reverse\n");
|
||||
return rootInfo;
|
||||
}
|
||||
/* Reverse mounts are read-only by default (set in main.cpp).
|
||||
* If uniqueIV is off, writing can be allowed, because there
|
||||
* is no header that could be overwritten */
|
||||
if (!config->uniqueIV) {
|
||||
opts->readOnly = false;
|
||||
/* If uniqueIV is off, writing can be allowed, because there
|
||||
* is no header that could be overwritten.
|
||||
* So if it is on, enforce readOnly. */
|
||||
if (config->uniqueIV) {
|
||||
opts->readOnly = true;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -18,7 +18,7 @@ encfs - mounts or creates an encrypted virtual filesystem
|
||||
|
||||
B<encfs> [B<--version>] [B<-v>|B<--verbose>] [B<-t>|B<--syslogtag>]
|
||||
[B<-s>] [B<-f>] [B<--annotate>] [B<--standard>] [B<--paranoia>]
|
||||
[B<--reverse>] [B<--extpass=program>] [B<-S>|B<--stdinpass>]
|
||||
[B<--reverse>] [B<--reversewrite>] [B<--extpass=program>] [B<-S>|B<--stdinpass>]
|
||||
[B<--anykey>] [B<--forcedecode>] [B<-require-macs>]
|
||||
[B<-i MINUTES>|B<--idle=MINUTES>] [B<-m>|B<--ondemand>] [B<--delaymount>]
|
||||
[B<--public>] [B<--nocache>] [B<--no-default-flags>]
|
||||
@ -115,7 +115,13 @@ reproduce the unencrypted data:
|
||||
Now /tmp/plain-view contains the same data as /home/me
|
||||
|
||||
Note that B<--reverse> mode only works with limited configuration options, so
|
||||
many settings may be disabled when used.
|
||||
many settings may be disabled when used. Incompatible options as for now :
|
||||
Filename Initialization Vector Chaining and External IV Chaining.
|
||||
|
||||
=item B<--reversewrite>
|
||||
|
||||
Same as B<--reverse> but will allow writes, if possible (configuration must have
|
||||
UniqueIV disabled). Incompatible option : Per-File Initialization Vectors.
|
||||
|
||||
=item B<--extpass=program>
|
||||
|
||||
@ -500,6 +506,9 @@ initialization vector, so that each file is encrypted in a different way.
|
||||
|
||||
This option is enabled by default.
|
||||
|
||||
Reverse mode derivates IV from inode number, it may then change for example
|
||||
when source files are copied from one FS to another.
|
||||
|
||||
=item I<External IV Chaining>
|
||||
|
||||
B<New in 1.1.3>. This option is closely related to Per-File Initialization
|
||||
|
@ -160,6 +160,8 @@ static void usage(const char *name) {
|
||||
"\t\t\t(encfs must be run as root)\n")
|
||||
<< _(" --reverse\t\t"
|
||||
"reverse encryption\n")
|
||||
<< _(" --reversewrite\t\t"
|
||||
"reverse encryption with writes enabled\n")
|
||||
|
||||
// xgroup(usage)
|
||||
<< _(" --extpass=program\tUse external program for password prompt\n"
|
||||
@ -249,6 +251,7 @@ static bool processArgs(int argc, char *argv[],
|
||||
{"verbose", 0, nullptr, 'v'}, // verbose mode
|
||||
{"version", 0, nullptr, 'V'}, // version
|
||||
{"reverse", 0, nullptr, 'r'}, // reverse encryption
|
||||
{"reversewrite", 0, nullptr, 'R'}, // reverse encryption with write enabled
|
||||
{"standard", 0, nullptr, '1'}, // standard configuration
|
||||
{"paranoia", 0, nullptr, '2'}, // standard configuration
|
||||
{"require-macs", 0, nullptr, LONG_OPT_REQUIRE_MAC}, // require MACs
|
||||
@ -336,6 +339,12 @@ static bool processArgs(int argc, char *argv[],
|
||||
* slowdown. If you are concerned about inconsistencies,
|
||||
* please use --nocache. */
|
||||
break;
|
||||
case 'R':
|
||||
out->opts->reverseEncryption = true;
|
||||
/* At least this is what the user wants, we will see later
|
||||
if it is possible */
|
||||
out->opts->readOnly = false;
|
||||
break;
|
||||
case LONG_OPT_NOCACHE:
|
||||
/* Disable EncFS block cache
|
||||
* Causes reverse grow tests to fail because short reads
|
||||
|
@ -3,7 +3,7 @@
|
||||
# Test EncFS --reverse mode
|
||||
|
||||
use warnings;
|
||||
use Test::More tests => 25;
|
||||
use Test::More tests => 31;
|
||||
use File::Path;
|
||||
use File::Temp;
|
||||
use IO::Handle;
|
||||
@ -212,7 +212,7 @@ symlink_test("foo"); # relative
|
||||
symlink_test("/1/2/3/4/5/6/7/8/9/10/11/12/13/14/15/15/17/18"); # long
|
||||
symlink_test("!§\$%&/()\\<>#+="); # special characters
|
||||
symlink_test("$plain/foo");
|
||||
# writesDenied(); # disabled as writes are allowed when (uniqueIV == false), we would need a specific reverse conf with (uniqueIV == true).
|
||||
writesDenied();
|
||||
|
||||
# Umount and delete files
|
||||
cleanup();
|
||||
|
Loading…
Reference in New Issue
Block a user