Commit Graph

206 Commits

Author SHA1 Message Date
Valient Gough
05a749d32f
replace INFO log level 2016-04-25 21:18:08 -07:00
Valient Gough
46a5c9f4f9
replace rlog with easylogging++ 2016-04-24 23:15:43 -07:00
Valient Gough
f7149eaf7a
correct return code, fixes #142 2016-04-23 22:19:07 -07:00
Valient Gough
e78d1659e3
replace boost serialization with tinyxml2 2016-04-14 23:56:59 -07:00
benrubson
252f15e33d Add method to check password 2016-03-26 17:20:33 +01:00
Valient Gough
0426051a3e Merge pull request #148 from jetwhiz/fork-master
Bugfix: Labels are backwards for "Block" and "Block32" encoding
Set default to Block32 on OSX and Windows.
2016-03-24 10:31:12 -07:00
Valient Gough
0602d89e03 Merge pull request #149 from jetwhiz/fork-origin-15
add buffer size assertions when handling names
2016-03-24 10:29:51 -07:00
Charles Munson
6db69c2b0a Consolidate rAssert statements in BlockNameIO
Whitespace cleanup
StreamNameIO rAssert statements should be the same
2016-03-24 16:34:52 +01:00
Charles Munson
80a2492b9f Fix whitespace issues
Replace tabs with spaces
2016-03-24 15:57:06 +01:00
Charles Munson
a0e02cb3ea Bugfix: Possible Out of Bounds Write in StreamNameIO and BlockNameIO #15
Issue #15, the encodeName functions fail to verify buffer length can
  store encoded filenames
For good measure and interface consistency, also check decodeName fnc
2016-03-23 14:07:52 +01:00
Charles Munson
3d30e064ba Choose Block32 by default for Apple and Windows (Issue #8)
Default to Block32 when choosing standard or paranoid mode on
  case-insensitive systems (Apple and Windows)
2016-03-22 14:55:34 +01:00
Charles Munson
b015f0c294 Amend: Labels are backwards for "Block" and "Block32" (Issue #8)
Forgot to update header declaration for CurrentInterface
2016-03-22 14:55:02 +01:00
Charles Munson
aa08c382d9 Bugfix: Labels are backwards for "Block" and "Block32" encoding
Block32 should be used for case-insensitive systems (not Block)
2016-03-21 22:43:22 +01:00
Samuel Loury
cde0103a85 Allow to use extpass in encfsctl 2016-01-27 09:17:46 +01:00
Bryan Vyhmeister
d84d46c21d Fix typo in man page 2015-11-30 13:51:38 -08:00
Jakob Unterwurzacher
c2e046b694 Remove open_readonly_workaround
Since commit 82ceb88998 has removed
libfuse permissions checking, this function has caused read-only
files to writeable.

There seems to be no valid use case for writing to a read-only file (anymore?),
remove the function.

Fixes issue 112.
2015-11-30 08:43:41 +01:00
Jakob Unterwurzacher
ed058fabcd Handle getSize errors in BlockFileIO::write
getSize can return -1 if the file was deleted.
Just return an error to the user instead of
crashing in a segmentation fault.
2015-11-23 08:16:05 +01:00
Tobias Geerinckx-Rice
5803be109d encfs.pod: remove duplicate full stops 2015-11-18 00:43:25 +01:00
Walter Doekes
07fb5b8990 Perform checks to ensure that we're not descending into ourself.
It's possible to mount this filesystem in a descendant of the real
(source) filesystem. For instance, one could do this:

    encfs --reverse / /home/encrypted/rootfs

At that point, all files in `/` (like `/root/.bashrc`) are also in
`/home/encrypted/rootfs` (like `/home/encrypted/rootfs/root/.bashrc`).

This can be useful when you want to export an encrypted copy of the
filesystem: the remote backup machine can fetch any file, but all files
will be encrypted.

However, the mountpoint itself is also there:

    /home/encrypted/rootfs/home/encrypted/rootfs

This would cause a `find /` of the filesystem to take infinite time. And
what's worse; trying to read files from there would cause the filesystem
to lock up:

    cat /home/encrypted/rootfs/home/encrypted/rootfs/root/.bashrc
    (infinite hang)

This patch adds an extra check so the filesystem refuses to descend into
itself.
2015-11-12 11:08:31 +01:00
Valient Gough
2d3780bb64 Merge pull request #113 from cloehle/patch-1
Fixed typo
2015-10-11 21:55:42 -07:00
Matt Bogosian
95d6ae8bec Use umount on systems where fusermount is not available. 2015-10-11 13:33:49 -07:00
Christian Loehle
1e52f2126c Fixed typo then -> than
Signed-off-by: Christian Loehle <cloehle@linutronix.de>
2015-09-18 12:20:04 +02:00
Valient Gough
3b751dde57 Replace check for GNU internal hashmap with std unordered_map. 2015-06-17 22:59:34 -07:00
Valient Gough
98b2d50b40 Make encfs include paths consistent. 2015-06-17 22:59:04 -07:00
Valient Gough
32fe6e104a run IYWU to fixup includes 2015-06-17 22:44:11 -07:00
Valient Gough
1682f365d9 run clang-format 2015-06-17 21:16:50 -07:00
Valient Gough
0b813eb50b Revert "re-add basic support for tr1 memory", breaks drone check. 2015-06-17 21:07:55 -07:00
Valient Gough
1f111e2e1a re-add basic support for tr1 memory 2015-06-17 20:45:19 -07:00
Valient Gough
772054e7cf change readpassphrase include 2015-06-15 19:45:50 -07:00
Valient Gough
44aef545ab remove autoconf scripts, update build docs 2015-06-15 19:45:50 -07:00
Valient Gough
852887d38d add cmake config 2015-06-15 19:45:50 -07:00
bruins
e407e3c78f only build man if BUILD_MANHTML is true 2015-04-04 23:49:29 +10:30
Valient Gough
5753151b09 Merge pull request #74 from rfjakob/next
Release 1.8.2
2015-04-01 20:45:13 -07:00
Valient Gough
72bb7ab375 strip whitespace from translation text 2015-04-01 20:39:30 -07:00
Valient Gough
c4c643948a add local flag on apple 2015-04-01 20:39:26 -07:00
Jakob Unterwurzacher
5aec2078ee Fix include directories for "make distcheck"
Used to fail with:

    ../../encfs/i18n.h:25:26: fatal error: intl/gettext.h: No such file or directory
     #include "intl/gettext.h"
                              ^
2015-03-29 17:53:12 +02:00
Felix Janda
6333bbc7cb Add shared_ptr.h to tarball generated by make dist 2015-03-29 15:57:09 +01:00
Eric Swanson
9d06412f1c Work around #14 (Editing Configuration File Disables MACs) with "--require-macs"
This patch implements the workaround proposed by
https://defuse.ca/audits/encfs.htm to create a --require-macs command
line argument. If this argument is passed, encfs will refuse to mount
with MACs disabled. When creating a filesystem, encfs will force MACs to
be enabled.

Addressed CR comments, and added docs.
2015-03-22 21:04:16 +01:00
Jakob Unterwurzacher
82ceb88998 Remove "-o default_permissions" unless needed.
It is only needed when "-o allow_other" is specified.

"-o default_permissions" causes libfuse to check file access
in userspace. This costs CPU cycles and causes additional
stat() calls - libfuse has to walk up the whole path to check
for "x" permissions on directories.

This improves "make benchmark-reverse" performance
by 30% when caching is disabled. It also gives a slight
improvement with caches on.

Before:

  tests/benchmark-reverse.pl /var/tmp
  * rsync 1 (initial copy)... 12179 ms
  * rsync 2 (no changes)... 1840 ms
  cleaning up... done
  tests/benchmark-reverse.pl /var/tmp --nocache
  * rsync 1 (initial copy)... 30696 ms
  * rsync 2 (no changes)... 10552 ms
  cleaning up... done

After:

  tests/benchmark-reverse.pl /var/tmp
  * rsync 1 (initial copy)... 12095 ms
  * rsync 2 (no changes)... 1693 ms
  cleaning up... done
  tests/benchmark-reverse.pl /var/tmp --nocache
  * rsync 1 (initial copy)... 21266 ms
  * rsync 2 (no changes)... 6486 ms
  cleaning up... done
2015-03-22 21:04:16 +01:00
Jakob Unterwurzacher
21b3811f86 reverse mode: Disable unique IV by default
Commit 76424a58cb enabled unique IV
for reverse mode by default, to get more testing and to increase
security of reverse mode.

The downside is that all IVs change when the inode numbers change,
which means that all of the ciphertext changes.

This may bite people who copied the plaintext to a new filesystem
- they will find out that they have to rsync everything again.

This commit disables unique IV for reverse mode by default. It can
still be enabled through expert mode.
2015-03-16 08:31:25 +01:00
Jakob Unterwurzacher
d14bedfff6 encfs manpage: Document --nocache 2015-03-15 17:55:44 +01:00
Jakob Unterwurzacher
5ef4ab0a41 reverse: re-enable kernel cache
Disabling the kernel cache make sure the encrypted view is always
up-to-date, however, it causes a factor 3 slowdown.
Please use --nocache manually if you want to disable caching.
Closes #60.

Also replaces the magic identifiers 513 and 514 by proper defines.
2015-03-15 17:54:56 +01:00
Valient Gough
b8ed8abbab add comment about misuse of ngettext 2015-03-13 21:59:01 -07:00
Valient Gough
65bd22f55a fix typo in man page 2015-01-27 22:49:40 -08:00
Jakob Unterwurzacher
d494d18f73 encfs manpage: Document ENCFS6_CONFIG 2015-01-13 23:13:48 +01:00
Sam Gleske
8889e5ea5b doc: encfs spelling and grammar corrections
Conflicts:
	encfs/encfs.pod
2015-01-03 18:53:05 -08:00
Sam Gleske
9d5730e808 doc: encfs add file-hole pass-through doc
Previously undocumented though file-hole pass-through has been
available in encfs since 1.4.1.
2015-01-03 18:51:29 -08:00
Valient Gough
35bf0469cf Merge pull request #44 from Ledest/master
encfssh: use mktemp(1) for create unique unenc_dir
2014-12-27 22:44:59 -08:00
Jakob Unterwurzacher
f8a563bdcd encfsctl: define a default PATH_MAX
Unless it is already defined. Fixes build errors with musl libc.
2014-12-27 15:00:58 +01:00
Led
d9a3759cfd encfssh: use mktemp(1) for create unique unenc_dir 2014-12-25 01:24:17 +02:00
Jakob Unterwurzacher
0a920fa733 Use standard "[y]/n" / "y/[n]" prompt
This removes the need for a translated prompt. Fixes issue #20.

Also,
* merge boolDefaultNo() and boolDefaultYes() into boolDefault()
* do not accept arbitrary answers, but prompt again
2014-12-13 13:01:03 +01:00
Jakob Unterwurzacher
8c7cf98af6 Clarify read-only handling of reverse mounts without uniqueIV
Also, delete unused define

Both issues spottet by Valient Gough's review
2014-12-01 20:13:40 +01:00
Jakob Unterwurzacher
73b2f7c850 Replace ternary operators in cipherPathWithoutRoot with if clause
Adds a few lines but makes clear what is happening.
2014-11-30 23:13:02 +01:00
Jakob Unterwurzacher
8eea3be2db Add comments to path-handling functions in DirNode.cpp 2014-11-30 22:42:51 +01:00
Jakob Unterwurzacher
34d15bbeaa Remove buggy prefix check from plainPath
In reverse mode, this caused symlinks pointing to the absolute
plaintext directory to be stripped. This is what the test in
commit

	tests: reverse: symlink absolute path inside the plaintext dir

checks for.

Ignoring encfsctl, plainPath() is only called from encfs.cpp, in
_do_readlink() and _do_getattr(). Both functions get the path passed in from
FUSE. Paths from FUSE are always anchored at the mountpoint (they start with
"/", and "/" means the root of the mount). This suggests that the check can
never trigger - I have verified that it does not trigger when running the
test suite.

With this patch, the full test suite passes.
2014-11-30 22:28:12 +01:00
Jakob Unterwurzacher
52f189b232 encfs_symlink: Fix argument naming (was reversed)
It is symlink(target, link_name), see man 3 symlink
2014-11-30 20:55:18 +01:00
Jakob Unterwurzacher
32102447e0 reverse: Filesystem is read-only of uniqueIV is enabled
Writing to the ciphertext files can rewrite the header. This
would mean we had to re-encrypt the whole file with the new IV.

This could be made more fine-grained, for example allowing
writes to everywhere but the header. However, this is
something that needs a lot of testing to ensure correctness.
Writing to the ciphertext is a niche use case of the niche
use case of using reverse mode, so it is unlikely it would
get the test coverage it needs.

To be safe, we deny all modifications of the ciphertext with
read-only filesystem error (EROFS) if uniqueIV is enabled.

Reverse mode with uniqueIV disabled still supports writing,
if somebody really needs it. This use case is not covered
by the test suite at the moment.
2014-11-30 14:23:35 +01:00
Jakob Unterwurzacher
d1363578fc reverse: Make uniqueIV configurable in expert mode 2014-11-29 20:04:31 +01:00
Valient Gough
89513f273a Merge pull request #34 from rfjakob/reverse-iv
reverse: Implement unique IV derived from the inode number
2014-11-24 21:00:50 -08:00
Jakob Unterwurzacher
73a5accb8e reverse: Derive IV from inode number
The truncated SHA1 hash of the inode number is used as the IV
for files encrypted in reverse mode.
Passes the test suite.

Closes #24.
2014-11-23 21:21:51 +01:00
Jakob Unterwurzacher
3fce933f65 Document SSL_Cipher::setIVec 2014-11-23 21:19:25 +01:00
Jakob Unterwurzacher
76424a58cb Implement uniqueIV for reverse mode
For now, the IVs are constant. This is fixed in a later commit.
They are enabled by default to make testing easier.
The whole thing passes the test suite on x86 and x86_64.
2014-11-23 18:24:22 +01:00
Jakob Unterwurzacher
dee3f628e3 Implement --nocache
Disable block cache (in EncFS) and stat cache (in kernel).
This is needed if the backing files may be modified
behind the back of EncFS (for example, when you mount
an encrypted filesystem exported by encfs --reverse).

The reverse grow tests fail when this option is not passed to the
decrypting mount.
2014-11-17 21:57:06 +01:00
Jakob Unterwurzacher
9f9e30a73f Check the assertions in cacheReadOneBlock explicitely
...to make the code more robust w.r.t. refactoring.

Also add comments about the last block handling.
2014-11-17 20:21:44 +01:00
Jakob Unterwurzacher
84dae17d4e Disable unsafe kernel caching for --reverse
By default, the kernel caches file metadata for one second.
This is fine for EncFS' normal mode, but for --reverse, this
means that the encrypted view will be up to one second out of
date.
This causes the reverse grow tests to fail because stale stat()
data is returned.
2014-11-17 00:32:54 +01:00
Jakob Unterwurzacher
68485500fd Log offending filename "too small" errors 2014-11-17 00:32:54 +01:00
Jakob Unterwurzacher
5e834968b2 Handle ENCFS6_CONFIG set to non-existing file
This used to give the confusing error

	Found config file %s, but failed to load - exiting
2014-11-17 00:32:54 +01:00
Jakob Unterwurzacher
1227df72e2 Add function descriptions to BlockFileIO 2014-11-10 23:15:29 +01:00
Jakob Unterwurzacher
7565fb149a Add comments documenting the filesystem config options 2014-11-09 13:59:35 +01:00
Jakob Unterwurzacher
00811625cf Add comments describing the config load functions 2014-11-09 13:58:33 +01:00
Jakob Unterwurzacher
5d3b246a0d V6SubVersion: Add comment explaining that the effective version is 20
..for boost 1.42+.

Note that RHEL 6 uses boost 1.41, so there may still be a few users
that are not running 1.42+.
2014-11-09 13:08:39 +01:00
Jakob Unterwurzacher
0053cd7a70 Actually print error message in withCipherPath and withFileNode 2014-11-09 12:40:39 +01:00
Jakob Unterwurzacher
cc274dca63 Exit on corrupt config file instead of overwriting it
This is something that should really not happen, it makes
sense to have the user examine the situation himself.

Behavoir was:

	23:00:42 (FileUtils.cpp:379) Archive exception: XML start/end tag mismatch - uniqueIV
	23:00:42 (FileUtils.cpp:337) Found config file /tmp/a/ciphertext/.encfs6.xml, but failed to load
	Creating new encrypted volume.
	Please choose from one of the following options:
	...

Now it exits with:

	23:13:04 (FileUtils.cpp:337) Found config file /tmp/a/ciphertext/.encfs6.xml, but failed to load - exiting
2014-11-05 21:34:30 +01:00
Felix Janda
4a2c53a4f9 encfs/encfsctl.cpp: add missing #include <limits.h> 2014-11-01 08:22:45 +01:00
Felix Janda
8034da6a59 Use sys/xattr.h instead of attr/xattr.h by default 2014-11-01 08:22:10 +01:00
Valient Gough
8ae9282efe fix uninitialized memory error in tests 2014-10-26 15:10:28 -07:00
Valient Gough
8d515fda07 show verbose output for failed test 2014-10-26 14:50:43 -07:00
Valient Gough
264f3735d9 fix clang warning 2014-10-26 11:59:20 -07:00
Valient Gough
766564b55f return 1 on failure 2014-10-26 11:58:03 -07:00
Valient Gough
19aba9fa77 reduce boost dependencies
enables c++11 mode on GCC
also fix soft links to root paths in reverse mode
2014-10-26 10:23:10 -07:00
Jakob Unterwurzacher
0e8e1dd20c tests: Move perl tests to tests/, make them callable from top-level Makefile
Use "make test" or "make test-verbose" to run.
Note that "make test" seems to be more common than "make tests", hence the
change.

Also, use a new clean directory directory as a working area for each run
Created using mkdtemp and deleted in cleanup()
2014-10-20 20:55:02 +02:00
Jakob Unterwurzacher
38970c75bd tests: Port bash tests to perl
This integrates the tests written in bash into the existing perl infrastructure.
2014-10-20 20:46:29 +02:00
Jakob Unterwurzacher
d9c7d52b89 tests: Fix fusermount detection in tests.t
Used to fail with

	Unsuccessful stat on filename containing newline at tests.t line 196.
	umount: /tmp/crypt-11388: Permission denied
	not ok 44 - unmount ok, mount point removed
	#   Failed test 'unmount ok, mount point removed'
	#   at tests.t line 205

now all tests pass.
2014-10-20 20:46:29 +02:00
Valient Gough
b3c851982f reformat using clang 2014-10-18 19:19:33 -07:00
Jakob Unterwurzacher
87fac6af57 Compare MACs in constant time to prevent timing attacks
Fixes bug #12.
2014-10-17 19:42:06 +02:00
Jakob Unterwurzacher
61dc26fd8b Fix syntax error in encfsctl.pod (misplaced "=pod")
Error was:

	/usr/bin/pod2man --section=1 --release=1.7.5 --center="Encrypted Filesystem" encfsctl.pod encfsctl.1
	encfsctl.pod around line 1: =cut found outside a pod block.  Skipping to next block.
	POD document had syntax errors at /usr/bin/pod2man line 69.
	make[2]: *** [encfsctl.1] Error 255
2014-10-12 18:42:59 +02:00
Valient Gough
15eb697a48 fix std::shared_ptr check
git-svn-id: http://encfs.googlecode.com/svn/branches/1.x@132 db9cf616-1c43-0410-9cb8-a902689de0d6
2013-11-17 06:36:14 +00:00
Valient Gough
b5352f2381 1.x: backport support for std::shared_ptr, use __APPLE__ instead of __FreeBSD__
git-svn-id: http://encfs.googlecode.com/svn/branches/1.x@130 db9cf616-1c43-0410-9cb8-a902689de0d6
2013-11-16 18:24:07 +00:00
Valient Gough
3373886fdf 1.x: update gettext, replace autosprintf with boost::format
git-svn-id: http://encfs.googlecode.com/svn/branches/1.x@129 db9cf616-1c43-0410-9cb8-a902689de0d6
2013-11-13 06:45:46 +00:00
Valient Gough
07b35f2b49 1.x: update autoconf, allow building with NLS disabled
git-svn-id: http://encfs.googlecode.com/svn/branches/1.x@128 db9cf616-1c43-0410-9cb8-a902689de0d6
2013-11-13 05:31:57 +00:00
Valient Gough
96d21a4d54 fix compiler warnings on osx 10.9
git-svn-id: http://encfs.googlecode.com/svn/branches/1.x@127 db9cf616-1c43-0410-9cb8-a902689de0d6
2013-11-11 06:19:49 +00:00
Valient Gough
5fa5f02109 [issue 177] move pod statement in encfs.pod
git-svn-id: http://encfs.googlecode.com/svn/branches/1.x@118 db9cf616-1c43-0410-9cb8-a902689de0d6
2013-10-03 05:28:40 +00:00
Valient Gough
231ebe9239 add delaymount option which delays initial mount. Patch by Jeff King
git-svn-id: http://encfs.googlecode.com/svn/branches/1.x@113 db9cf616-1c43-0410-9cb8-a902689de0d6
2013-10-03 04:58:17 +00:00
Valient Gough
75837b902c apply license change
git-svn-id: http://encfs.googlecode.com/svn/branches/1.7.x_lgpl@91 db9cf616-1c43-0410-9cb8-a902689de0d6
2012-10-22 05:30:55 +00:00
Valient Gough
b28b97999e fix encfsctl cat when iv chaining is enabled. Fixes issue #132
git-svn-id: http://encfs.googlecode.com/svn/trunk@77 db9cf616-1c43-0410-9cb8-a902689de0d6
2012-04-26 02:15:38 +00:00
Valient Gough
687b51a7e5 add base32 encoding support, fixes #103
git-svn-id: http://encfs.googlecode.com/svn/trunk@76 db9cf616-1c43-0410-9cb8-a902689de0d6
2011-12-30 00:18:28 +00:00
Valient Gough
eccdf3c9e6 bump version to 1.7.5, revert unmount change
git-svn-id: http://encfs.googlecode.com/svn/trunk@74 db9cf616-1c43-0410-9cb8-a902689de0d6
2011-12-29 22:26:28 +00:00
Valient Gough
9fa5deb196 rework fuse detection to allow OSX to work out of the box using OSXFuse
git-svn-id: http://encfs.googlecode.com/svn/trunk@73 db9cf616-1c43-0410-9cb8-a902689de0d6
2011-12-28 23:37:34 +00:00
Valient Gough
478cc1c90f wrap PUSHARG macro for correctness. Report by Pedro Rocha
git-svn-id: http://encfs.googlecode.com/svn/trunk@72 db9cf616-1c43-0410-9cb8-a902689de0d6
2011-12-28 23:35:42 +00:00
Valient Gough
b4f090d564 merge patch from issue 102
git-svn-id: http://encfs.googlecode.com/svn/trunk@69 db9cf616-1c43-0410-9cb8-a902689de0d6
2011-06-14 05:42:54 +00:00