Ok, I can reproduce the problem. Paranoia mode enables iv-chaining, so a rename of a directory requires a recursive rename. And external-iv-chaining is also enabled, so a file rename requires a re-encoding of the per-file header. However a symbolic link doesn't have a per-file header, so it fails, causing the rename to be aborted and any changes to be undone.
Please try the attached patch. I've only done a quick sanity check to make sure it fixes this particular problem -- I will do more testing on this in a few days when I have more time. thanks, Valient On Sunday 26 June 2005 19:05, Tim Freeman wrote: > Aha. I left out how I configured the filesystem. I specified "p" to > get paranoid mode, and apparently you selected the default option. On > my machine (using your recent encfs 1.2.2.2-1 deb), I reliably see the > problem when I specify paranoid mode, and I don't see it when I take > the default. > > Can you reproduce the problem now? To save you digging through email, > here's what I did: > > [EMAIL PROTECTED]:/tmp$ rm -rf foo foo.bits > [EMAIL PROTECTED]:/tmp$ mkdir foo foo.bits > [EMAIL PROTECTED]:/tmp$ encfs /tmp/foo.bits /tmp/foo > Creating new encrypted volume. > Please choose from one of the following options: > enter "x" for expert configuration mode, > enter "p" for pre-configured paranoia mode, > anything else, or an empty line will select standard mode. > ?> p > > Paranoia configuration selected. > > Configuration finished. The filesystem to be created has > the following properties: > Filesystem cipher: "ssl/aes", version 2:1:1 > Filename encoding: "nameio/block", version 3:0:1 > Key Size: 256 bits > Block Size: 512 bytes, including 8 byte MAC header > Each file contains 8 byte header with unique IV data. > Filenames encoded using IV chaining mode. > File data IV is chained to filename IV. > > -------------------------- WARNING -------------------------- > The external initialization-vector chaining option has been > enabled. This option disables the use of hard links on the > filesystem. Without hard links, some programs may not work. > The programs 'mutt' and 'procmail' are known to fail. For > more information, please see the encfs mailing list. > If you would like to choose another configuration setting, > please press CTRL-C now to abort and start over. > > Now you will need to enter a password for your filesystem. > You will need to remember this password, as there is absolutely > no recovery mechanism. However, the password can be changed > later using encfsctl. > > New Encfs Password: x > > Verify Encfs Password: x > > [EMAIL PROTECTED]:/tmp$ cd foo > [EMAIL PROTECTED]:/tmp/foo$ mkdir bar > [EMAIL PROTECTED]:/tmp/foo$ ln -s ../baz bar/baz > [EMAIL PROTECTED]:/tmp/foo$ mv bar bozzo > mv: cannot move `bar' to `bozzo': Permission denied > [EMAIL PROTECTED]:/tmp/foo$
--- old-encfs-1.2/encfs/FileNode.cpp 2005-05-17 21:01:55.000000000 +0200
+++ new-encfs-1.2/encfs/FileNode.cpp 2005-06-28 14:31:26.000000000 +0200
@@ -21,6 +21,7 @@
#include <errno.h>
#include <sys/stat.h>
+#include <sys/types.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/fsuid.h>
@@ -129,6 +130,19 @@
return _pname.c_str();
}
+static bool setIV(const Ptr<FileIO> &io, uint64_t iv)
+{
+ struct stat stbuf;
+ if(io->getAttr(&stbuf) < 0)
+ return false;
+
+ // only use setIV if the file is a regular (not link, etc)
+ if(S_ISREG(stbuf.st_mode))
+ return io->setIV( iv );
+ else
+ return true;
+}
+
bool FileNode::setName( const char *plaintextName_, const char *cipherName_,
uint64_t iv, bool setIVFirst )
{
@@ -137,7 +151,7 @@
rDebug("calling setIV on %s", cipherName_);
if(setIVFirst)
{
- if(externalIVChaining && !io->setIV( iv ))
+ if(externalIVChaining && !setIV(io, iv))
return false;
// now change the name..
@@ -161,7 +175,7 @@
io->setFileName( cipherName_ );
}
- if(externalIVChaining && !io->setIV( iv ))
+ if(externalIVChaining && !setIV(io, iv))
{
_pname = oldPName;
_cname = oldCName;
pgpVjdfKgkCth.pgp
Description: PGP signature
