From patchwork Wed May 26 23:21:42 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: jvrao X-Patchwork-Id: 53668 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [199.232.76.165]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id B57D9B7D1B for ; Thu, 27 May 2010 09:22:02 +1000 (EST) Received: from localhost ([127.0.0.1]:33404 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OHPv6-0005AS-Ah for incoming@patchwork.ozlabs.org; Wed, 26 May 2010 19:21:52 -0400 Received: from [140.186.70.92] (port=51667 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OHPrY-0003P5-2K for qemu-devel@nongnu.org; Wed, 26 May 2010 19:18:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1OHPrW-0006iA-J7 for qemu-devel@nongnu.org; Wed, 26 May 2010 19:18:12 -0400 Received: from e31.co.us.ibm.com ([32.97.110.149]:36330) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OHPrW-0006i4-AD for qemu-devel@nongnu.org; Wed, 26 May 2010 19:18:10 -0400 Received: from d03relay01.boulder.ibm.com (d03relay01.boulder.ibm.com [9.17.195.226]) by e31.co.us.ibm.com (8.14.3/8.13.1) with ESMTP id o4QN7tYY029816 for ; Wed, 26 May 2010 17:07:55 -0600 Received: from d03av02.boulder.ibm.com (d03av02.boulder.ibm.com [9.17.195.168]) by d03relay01.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id o4QNI8T1177550 for ; Wed, 26 May 2010 17:18:08 -0600 Received: from d03av02.boulder.ibm.com (loopback [127.0.0.1]) by d03av02.boulder.ibm.com (8.14.3/8.13.1/NCO v10.0 AVout) with ESMTP id o4QNI8w2016424 for ; Wed, 26 May 2010 17:18:08 -0600 Received: from localhost.localdomain (elm9m80.beaverton.ibm.com [9.47.81.80]) by d03av02.boulder.ibm.com (8.14.3/8.13.1/NCO v10.0 AVin) with ESMTP id o4QNI065016065; Wed, 26 May 2010 17:18:06 -0600 From: "Venkateswararao Jujjuri (JV)" To: qemu-devel@nongnu.org Date: Wed, 26 May 2010 16:21:42 -0700 Message-Id: <1274916106-25616-4-git-send-email-jvrao@linux.vnet.ibm.com> X-Mailer: git-send-email 1.6.0.6 In-Reply-To: <1274916106-25616-1-git-send-email-jvrao@linux.vnet.ibm.com> References: <1274916106-25616-1-git-send-email-jvrao@linux.vnet.ibm.com> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) Cc: aliguori@us.ibm.com, "Venkateswararao Jujjuri \(JV\)" Subject: [Qemu-devel] [PATCH -V4 3/7] virtio-9p: modify create/open2 and mkdir for new security model. X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Add required infrastructure and modify create/open2 and mkdir per the new security model. Signed-off-by: Venkateswararao Jujjuri --- hw/file-op-9p.h | 23 +++++++- hw/virtio-9p-local.c | 149 ++++++++++++++++++++++++++++++++++++-------------- hw/virtio-9p.c | 42 ++++++++++---- 3 files changed, 158 insertions(+), 56 deletions(-) diff --git a/hw/file-op-9p.h b/hw/file-op-9p.h index 2934ff1..73d59b2 100644 --- a/hw/file-op-9p.h +++ b/hw/file-op-9p.h @@ -19,13 +19,32 @@ #include #include #include +#define SM_LOCAL_MODE_BITS 0600 +#define SM_LOCAL_DIR_MODE_BITS 0700 + +typedef enum +{ + SM_PASSTHROUGH = 1, /* uid/gid set on fileserver files */ + SM_MAPPED, /* uid/gid part of xattr */ +} SecModel; + +typedef struct FsCred +{ + uid_t fc_uid; + gid_t fc_gid; + mode_t fc_mode; + dev_t fc_rdev; +} FsCred; typedef struct FsContext { char *fs_root; + SecModel fs_sm; uid_t uid; } FsContext; +extern void cred_init(FsCred *); + typedef struct FileOperations { int (*lstat)(FsContext *, const char *, struct stat *); @@ -43,7 +62,7 @@ typedef struct FileOperations int (*closedir)(FsContext *, DIR *); DIR *(*opendir)(FsContext *, const char *); int (*open)(FsContext *, const char *, int); - int (*open2)(FsContext *, const char *, int, mode_t); + int (*open2)(FsContext *, const char *, int, FsCred *); void (*rewinddir)(FsContext *, DIR *); off_t (*telldir)(FsContext *, DIR *); struct dirent *(*readdir)(FsContext *, DIR *); @@ -51,7 +70,7 @@ typedef struct FileOperations ssize_t (*readv)(FsContext *, int, const struct iovec *, int); ssize_t (*writev)(FsContext *, int, const struct iovec *, int); off_t (*lseek)(FsContext *, int, off_t, int); - int (*mkdir)(FsContext *, const char *, mode_t); + int (*mkdir)(FsContext *, const char *, FsCred *); int (*fstat)(FsContext *, int, struct stat *); int (*rename)(FsContext *, const char *, const char *); int (*truncate)(FsContext *, const char *, off_t); diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c index 78960ac..f6c2fe2 100644 --- a/hw/virtio-9p-local.c +++ b/hw/virtio-9p-local.c @@ -17,6 +17,7 @@ #include #include #include +#include static const char *rpath(FsContext *ctx, const char *path) { @@ -31,47 +32,39 @@ static int local_lstat(FsContext *ctx, const char *path, struct stat *stbuf) return lstat(rpath(ctx, path), stbuf); } -static int local_setuid(FsContext *ctx, uid_t uid) +static int local_set_xattr(const char *path, FsCred *credp) { - struct passwd *pw; - gid_t groups[33]; - int ngroups; - static uid_t cur_uid = -1; - - if (cur_uid == uid) { - return 0; - } - - if (setreuid(0, 0)) { - return -1; - } - - pw = getpwuid(uid); - if (pw == NULL) { - return -1; + int err; + if (credp->fc_uid != -1) { + err = setxattr(path, "user.virtfs.uid", &credp->fc_uid, sizeof(uid_t), + 0); + if (err) { + return err; + } } - - ngroups = 33; - if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups) == -1) { - return -1; + if (credp->fc_gid != -1) { + err = setxattr(path, "user.virtfs.gid", &credp->fc_gid, sizeof(gid_t), + 0); + if (err) { + return err; + } } - - if (setgroups(ngroups, groups)) { - return -1; - } - - if (setregid(-1, pw->pw_gid)) { - return -1; + if (credp->fc_mode != -1) { + err = setxattr(path, "user.virtfs.mode", &credp->fc_mode, + sizeof(mode_t), 0); + if (err) { + return err; + } } - - if (setreuid(-1, uid)) { - return -1; + if (credp->fc_rdev != -1) { + err = setxattr(path, "user.virtfs.rdev", &credp->fc_rdev, + sizeof(dev_t), 0); + if (err) { + return err; + } } - - cur_uid = uid; - - return 0; -} + return 0; + } static ssize_t local_readlink(FsContext *ctx, const char *path, char *buf, size_t bufsz) @@ -168,9 +161,44 @@ static int local_mksock(FsContext *ctx2, const char *path) return 0; } -static int local_mkdir(FsContext *ctx, const char *path, mode_t mode) +static int local_mkdir(FsContext *fs_ctx, const char *path, FsCred *credp) { - return mkdir(rpath(ctx, path), mode); + int err = -1; + int serrno = 0; + /* Determine the security model */ + if (fs_ctx->fs_sm == SM_MAPPED) { + err = mkdir(rpath(fs_ctx, path), SM_LOCAL_DIR_MODE_BITS); + if (err == -1) { + return err; + } + credp->fc_mode = credp->fc_mode|S_IFDIR; + err = local_set_xattr(rpath(fs_ctx, path), credp); + if (err == -1) { + serrno = errno; + goto err_end; + } + } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + err = mkdir(rpath(fs_ctx, path), credp->fc_mode); + if (err == -1) { + return err; + } + err = chmod(rpath(fs_ctx, path), credp->fc_mode & 07777); + if (err == -1) { + serrno = errno; + goto err_end; + } + err = chown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid); + if (err == -1) { + serrno = errno; + goto err_end; + } + } + return err; + +err_end: + remove(rpath(fs_ctx, path)); + errno = serrno; + return err; } static int local_fstat(FsContext *ctx, int fd, struct stat *stbuf) @@ -178,9 +206,49 @@ static int local_fstat(FsContext *ctx, int fd, struct stat *stbuf) return fstat(fd, stbuf); } -static int local_open2(FsContext *ctx, const char *path, int flags, mode_t mode) +static int local_open2(FsContext *fs_ctx, const char *path, int flags, + FsCred *credp) { - return open(rpath(ctx, path), flags, mode); + int fd = -1; + int err = -1; + int serrno = 0; + /* Determine the security model */ + if (fs_ctx->fs_sm == SM_MAPPED) { + int err; + fd = open(rpath(fs_ctx, path), flags, SM_LOCAL_MODE_BITS); + if (fd == -1) { + return fd; + } + credp->fc_mode = credp->fc_mode|S_IFREG; + /* Set cleint credentials in xattr */ + err = local_set_xattr(rpath(fs_ctx, path), credp); + if (err == -1) { + serrno = errno; + goto err_end; + } + } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + fd = open(rpath(fs_ctx, path), flags, credp->fc_mode); + if (fd == -1) { + return fd; + } + err = chmod(rpath(fs_ctx, path), credp->fc_mode & 07777); + if (err == -1) { + serrno = errno; + goto err_end; + } + err = chown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid); + if (err == -1) { + serrno = errno; + goto err_end; + } + } + return fd; + +err_end: + close(fd); + remove(rpath(fs_ctx, path)); + errno = serrno; + return err; } static int local_symlink(FsContext *ctx, const char *oldpath, @@ -269,7 +337,6 @@ static int local_statfs(FsContext *s, const char *path, struct statfs *stbuf) FileOperations local_ops = { .lstat = local_lstat, - .setuid = local_setuid, .readlink = local_readlink, .close = local_close, .closedir = local_closedir, diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c index 6feaa53..ef870a3 100644 --- a/hw/virtio-9p.c +++ b/hw/virtio-9p.c @@ -67,14 +67,17 @@ static int omode_to_uflags(int8_t mode) return ret; } -static int v9fs_do_lstat(V9fsState *s, V9fsString *path, struct stat *stbuf) +void cred_init(FsCred *credp) { - return s->ops->lstat(&s->ctx, path->data, stbuf); + credp->fc_uid = -1; + credp->fc_gid = -1; + credp->fc_mode = -1; + credp->fc_rdev = -1; } -static int v9fs_do_setuid(V9fsState *s, uid_t uid) +static int v9fs_do_lstat(V9fsState *s, V9fsString *path, struct stat *stbuf) { - return s->ops->setuid(&s->ctx, uid); + return s->ops->lstat(&s->ctx, path->data, stbuf); } static ssize_t v9fs_do_readlink(V9fsState *s, V9fsString *path, V9fsString *buf) @@ -164,9 +167,15 @@ static int v9fs_do_mksock(V9fsState *s, V9fsString *path) return s->ops->mksock(&s->ctx, path->data); } -static int v9fs_do_mkdir(V9fsState *s, V9fsString *path, mode_t mode) +static int v9fs_do_mkdir(V9fsState *s, V9fsCreateState *vs) { - return s->ops->mkdir(&s->ctx, path->data, mode); + FsCred cred; + + cred_init(&cred); + cred.fc_uid = vs->fidp->uid; + cred.fc_mode = vs->perm & 0777; + + return s->ops->mkdir(&s->ctx, vs->fullname.data, &cred); } static int v9fs_do_fstat(V9fsState *s, int fd, struct stat *stbuf) @@ -174,9 +183,17 @@ static int v9fs_do_fstat(V9fsState *s, int fd, struct stat *stbuf) return s->ops->fstat(&s->ctx, fd, stbuf); } -static int v9fs_do_open2(V9fsState *s, V9fsString *path, int flags, mode_t mode) +static int v9fs_do_open2(V9fsState *s, V9fsCreateState *vs) { - return s->ops->open2(&s->ctx, path->data, flags, mode); + FsCred cred; + int flags; + + cred_init(&cred); + cred.fc_uid = vs->fidp->uid; + cred.fc_mode = vs->perm & 0777; + flags = omode_to_uflags(vs->mode) | O_CREAT; + + return s->ops->open2(&s->ctx, vs->fullname.data, flags, &cred); } static int v9fs_do_symlink(V9fsState *s, V9fsString *oldpath, @@ -348,7 +365,6 @@ static V9fsFidState *lookup_fid(V9fsState *s, int32_t fid) for (f = s->fid_list; f; f = f->next) { if (f->fid == fid) { - v9fs_do_setuid(s, f->uid); return f; } } @@ -1762,7 +1778,7 @@ static void v9fs_create_post_lstat(V9fsState *s, V9fsCreateState *vs, int err) } if (vs->perm & P9_STAT_MODE_DIR) { - err = v9fs_do_mkdir(s, &vs->fullname, vs->perm & 0777); + err = v9fs_do_mkdir(s, vs); v9fs_create_post_mkdir(s, vs, err); } else if (vs->perm & P9_STAT_MODE_SYMLINK) { err = v9fs_do_symlink(s, &vs->extension, &vs->fullname); @@ -1809,9 +1825,7 @@ static void v9fs_create_post_lstat(V9fsState *s, V9fsCreateState *vs, int err) err = v9fs_do_mksock(s, &vs->fullname); v9fs_create_post_mksock(s, vs, err); } else { - vs->fidp->fd = v9fs_do_open2(s, &vs->fullname, - omode_to_uflags(vs->mode) | O_CREAT, - vs->perm & 0777); + vs->fidp->fd = v9fs_do_open2(s, vs); v9fs_create_post_open2(s, vs, err); } @@ -2322,10 +2336,12 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf) if (!strcmp(fse->security_model, "passthrough")) { /* Files on the Fileserver set to client user credentials */ + s->ctx.fs_sm = SM_PASSTHROUGH; } else if (!strcmp(fse->security_model, "mapped")) { /* Files on the fileserver are set to QEMU credentials. * Client user credentials are saved in extended attributes. */ + s->ctx.fs_sm = SM_MAPPED; } else { /* user haven't specified a correct security option */ fprintf(stderr, "one of the following must be specified as the"