Add support for directories and subdirectories

Author: evilaliv3

src/globaleaks_eph_fs/__init__.py

@@ -2,7 +2,6 @@
 import atexit
 import errno
 import os
-import re
 import stat
 import sys
 import subprocess
@@ -13,18 +12,8 @@
 from cryptography.hazmat.primitives.ciphers import Cipher
 from cryptography.hazmat.primitives.ciphers.algorithms import ChaCha20
 
-CHUNK_SIZE = 4096
+CHUNK_SIZE = 64000
 
-UUID4_PATTERN = re.compile(r'^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$', re.IGNORECASE)
-
-def is_valid_uuid4(filename):
-    """
-    Validates if the given filename follows the UUIDv4 format.
-
-    :param filename: The name of the file.
-    :return: True if the filename is a valid UUIDv4, otherwise False.
-    """
-    return bool(UUID4_PATTERN.match(filename))
 
 def is_mount_point(path):
     """
@@ -51,21 +40,20 @@ def unmount_if_mounted(path):
         subprocess.run(['fusermount', '-u', path])
 
 class EphemeralFile:
+    fd = enc = dec = None
+    position = 0
+
     def __init__(self, filesdir, filename=None):
         """
         Initializes an ephemeral file with ChaCha20 encryption.
         Creates a new random file path and generates a unique encryption key and nonce.
 
         :param filesdir: The directory where the ephemeral file will be stored.
-        :param filenames: Optional filename. If not provided, a UUID4 is used.
+        :param filename: Optional filename. If not provided, a UUID4 is used.
         """
         filename = filename or str(uuid.uuid4())  # If filenames is None, generate a random UUID as a string
         self.filepath = os.path.join(filesdir, filename)
-        self.cipher = Cipher(ChaCha20(os.urandom(32), uuid.UUID(filename).bytes[:16]), mode=None)
-        self.enc = self.cipher.encryptor()
-        self.dec = self.cipher.decryptor()
-
-        self.fd = None
+        self.cipher = Cipher(ChaCha20(os.urandom(32), os.urandom(16)), mode=None)
 
     def __getattribute__(self, name):
         """
@@ -87,15 +75,24 @@ def __getattribute__(self, name):
         # For everything else, defer to the default behavior
         return super().__getattribute__(name)
 
-    def open(self, flags, mode=0o660):
+    def open(self, mode='r'):
         """
         Opens the ephemeral file for reading or writing.
 
         :param mode: 'w' for writing, 'r' for reading.
         :return: The file object.
         """
-        self.fd = os.open(self.filepath, os.O_RDWR | os.O_CREAT | os.O_APPEND, mode)
-        os.chmod(self.filepath, mode)
+        if not self.fd:
+            self.fd = os.open(self.filepath, os.O_RDWR | os.O_CREAT | os.O_APPEND)
+
+        self.enc = self.cipher.encryptor()
+        self.dec = self.cipher.decryptor()
+
+        if mode == 'r':
+            self.seek(0)
+        else:
+            self.seek(self.size)
+
         return self
 
     def write(self, data):
@@ -105,6 +102,7 @@ def write(self, data):
         :param data: Data to write to the file, can be a string or bytes.
         """
         os.write(self.fd, self.enc.update(data))
+        self.position += len(data)
 
     def read(self, size=None):
         """
@@ -125,7 +123,9 @@ def read(self, size=None):
                 break
 
             data += self.dec.update(chunk)
-            bytes_read += len(chunk)
+            chunk_length = len(chunk)
+            bytes_read += chunk_length
+            self.position += chunk_length
 
             if size is not None and bytes_read >= size:
                 break
@@ -138,32 +138,40 @@ def seek(self, offset):
 
         :param offset: The offset to seek to.
         """
-        position = 0
-        self.dec = self.cipher.decryptor()
-        self.enc = self.cipher.encryptor()
-        os.lseek(self.fd, 0, os.SEEK_SET)
-        discard_size = offset - position
+        if offset < self.position:
+            self.position = 0
+            self.dec = self.cipher.decryptor()
+            self.enc = self.cipher.encryptor()
+            os.lseek(self.fd, 0, os.SEEK_SET)
+            discard_size = offset
+        else:
+            discard_size = offset - self.position
+
         while discard_size > 0:
             to_read = min(CHUNK_SIZE, discard_size)
             data = self.dec.update(os.read(self.fd, to_read))
             data = self.enc.update(data)
             discard_size -= to_read
 
+        self.position = offset
+
     def tell(self):
         """
         Returns the current position in the file.
 
         :return: The current position in the file.
         """
-        return os.lseek(self.fd, 0, os.SEEK_CUR)
+        return self.position
 
     def close(self):
         """
         Closes the file descriptor.
         """
-        if self.fd is not None:
+        if self.fd:
             os.close(self.fd)
-            self.fd = None
+            del self.enc
+            del self.dec
+            self.fd = self.enc = self.dec = None
 
     def __enter__(self):
         """
@@ -197,9 +205,28 @@ def __init__(self, storage_directory=None):
         """
         self.storage_directory = storage_directory if storage_directory is not None else mkdtemp()
         self.files = {}  # Track open files and their secure temporary file handlers
+        self.directories = {'/': set()}
         self.mutex = threading.Lock()
 
+    def _split_path(self, path):
+        """
+        Splits a given path into its parent directory and final component.
+
+        :param path: The full file or directory path.
+        :return: A tuple (parent_path, name), where parent_path is the directory
+                 and name is the last part of the path.
+        """
+        parts = path.strip('/').split('/')
+        return '/' + '/'.join(parts[:-1]) if len(parts) > 1 else '/', parts[-1]
+
     def get_file(self, path):
+        """
+        Retrieves the file object associated with the specified path.
+
+        :param path: The full path to the file.
+        :return: The file object stored at the given path.
+        :raises FuseOSError: If the file does not exist.
+        """
         file = self.files.get(path)
         if file is None:
             raise FuseOSError(errno.ENOENT)
@@ -214,20 +241,17 @@ def getattr(self, path, fh=None):
         :return: A dictionary of file attributes.
         """
         with self.mutex:
-            if path == '/':
+            if path in self.directories:
                 return {'st_mode': (stat.S_IFDIR | 0o750), 'st_nlink': 2}
 
             file = self.get_file(path)
 
-            file_stat = os.stat(file.filepath)
-
-            st = {key: getattr(file_stat, key) for key in dir(file_stat) if not key.startswith('__')}
-
-            st['st_mode'] |= stat.S_IFDIR if stat.S_ISDIR(file_stat.st_mode) else 0
-            st['st_mode'] |= stat.S_IFREG if stat.S_ISREG(file_stat.st_mode) else 0
-            st['st_mode'] |= stat.S_IFLNK if stat.S_ISLNK(file_stat.st_mode) else 0
-
-            return st
+            st = os.stat(file.filepath)
+            return {
+                'st_mode': (stat.S_IFREG | 0o600),
+                'st_nlink': 1,
+                'st_size': st.st_size,
+            }
 
     def readdir(self, path, fh=None):
         """
@@ -238,7 +262,46 @@ def readdir(self, path, fh=None):
         :return: A list of directory contents.
         """
         with self.mutex:
-            return ['.', '..'] + [os.path.basename(f) for f in self.files]
+            if path not in self.directories:
+                raise FuseOSError(errno.ENOENT)
+            entries = list(self.directories.get(path, set()))
+            seen = set(entries)
+            for f in self.files:
+                if os.path.dirname(f) == path:
+                    name = os.path.basename(f)
+                    if name not in seen:
+                        entries.append(name)
+                        seen.add(name)
+            return ['.', '..'] + entries
+
+    def mkdir(self, path, mode):
+        """
+        Creates a new directory at the specified path.
+
+        :param path: The full path of the directory to create.
+        :param mode: Permission mode for the new directory (not used in this implementation).
+        :raises FuseOSError: If the parent directory does not exist.
+        """
+        with self.mutex:
+            parent, name = self._split_path(path)
+            if parent not in self.directories:
+                raise FuseOSError(errno.ENOENT)
+            self.directories[parent].add(name)
+            self.directories[path] = set()
+
+    def rmdir(self, path):
+        """
+        Removes an existing directory at the specified path.
+
+        :param path: The full path of the directory to remove.
+        :raises FuseOSError: If the directory does not exist or is not empty.
+        """
+        with self.mutex:
+            if path not in self.directories or self.directories[path]:
+                raise FuseOSError(errno.ENOTEMPTY)
+            parent, name = self._split_path(path)
+            self.directories[parent].remove(name)
+            del self.directories[path]
 
     def create(self, path, mode):
         """
@@ -248,14 +311,16 @@ def create(self, path, mode):
         :param mode: The mode in which the file will be opened.
         :return: The file descriptor.
         """
-        filename = os.path.basename(path)
-        if not is_valid_uuid4(filename):
-            raise FuseOSError(errno.ENOENT)
+        parent, name = self._split_path(path)
 
         with self.mutex:
-            file = EphemeralFile(self.storage_directory, filename)
-            file.open('w', mode)
-            self.files[path] = file
+            if parent not in self.directories:
+                raise FuseOSError(errno.ENOENT)
+            self.directories[parent].add(name)
+            full_path = os.path.join(parent, name)
+            file = EphemeralFile(self.storage_directory, str(uuid.uuid4()))
+            file.open('w')
+            self.files[full_path] = file
             return file.fd
 
     def open(self, path, flags):
@@ -298,6 +363,7 @@ def write(self, path, data, offset, fh=None):
         """
         with self.mutex:
             file = self.get_file(path)
+            file.seek(offset)
             file.write(data)
             return len(data)
 
@@ -308,10 +374,12 @@ def unlink(self, path):
         :param path: The file path to remove.
         """
         with self.mutex:
+            parent, name = self._split_path(path)
             file = self.files.pop(path, None)
             if file:
                 file.close()
                 os.unlink(file.filepath)
+                self.directories[parent].discard(name)
 
     def release(self, path, fh=None):
         """
@@ -342,35 +410,11 @@ def truncate(self, path, length, fh=None):
             file.seek(length)
 
             if length > file.size:
-                length = length - file.size
-                bytes_written = 0
-                while bytes_written < length:
-                    to_write = min(CHUNK_SIZE, length - bytes_written)
+                pad_len = length - file.size
+                while pad_len > 0:
+                    to_write = min(CHUNK_SIZE, pad_len)
                     file.write(b'\0' * to_write)
-                    bytes_written += to_write
-
-    def chmod(self, path, mode):
-        """
-        Changes the permissions of the file at the specified path.
-
-        :param path: The file path whose permissions will be changed.
-        :param mode: The new permissions mode (e.g., 0o777 for full permissions).
-        :raises FuseOSError: If the file does not exist.
-        """
-        file = self.get_file(path)
-        return os.chmod(file.filepath, mode)
-
-    def chown(self, path, uid, gid):
-        """
-        Changes the ownership of the file at the specified path.
-
-        :param path: The file path whose ownership will be changed.
-        :param uid: The user ID (uid) to set as the new owner.
-        :param gid: The group ID (gid) to set as the new group owner.
-        :raises FuseOSError: If the file does not exist.
-        """
-        file = self.get_file(path)
-        return os.chown(file.filepath, uid, gid)
+                    pad_len -= to_write
 
 def mount_globaleaks_eph_fs(mount_point, storage_directory=None, foreground=False):
     """