@@ -18,13 +18,33 @@
#include <utime.h>
#include <sys/stat.h>
#include <sys/uio.h>
+#include <sys/vfs.h>
+#define SM_LOCAL_MODE_BITS 0600
+#define SM_LOCAL_DIR_MODE_BITS 0700
+
+typedef enum
+{
+ SM_PASSTHROUGH = 1, /* uid/gid set on fileserver files */
+ SM_MAPPED, /* uid/gid part of xattr */
+} SecModel;
+
+typedef struct FsCred
+{
+ uid_t fc_uid;
+ gid_t fc_gid;
+ mode_t fc_mode;
+ dev_t fc_rdev;
+} FsCred;
typedef struct FsContext
{
char *fs_root;
+ SecModel fs_sm;
uid_t uid;
} FsContext;
+extern void cred_init(FsCred *);
+
typedef struct FileOperations
{
int (*lstat)(FsContext *, const char *, struct stat *);
@@ -17,6 +17,7 @@
#include <grp.h>
#include <sys/socket.h>
#include <sys/un.h>
+#include <attr/xattr.h>
static const char *rpath(FsContext *ctx, const char *path)
{
@@ -31,45 +32,37 @@ static int local_lstat(FsContext *ctx, const char *path, struct stat *stbuf)
return lstat(rpath(ctx, path), stbuf);
}
-static int local_setuid(FsContext *ctx, uid_t uid)
+static int local_set_xattr(const char *path, FsCred *credp)
{
- struct passwd *pw;
- gid_t groups[33];
- int ngroups;
- static uid_t cur_uid = -1;
-
- if (cur_uid == uid) {
- return 0;
- }
-
- if (setreuid(0, 0)) {
- return -1;
- }
-
- pw = getpwuid(uid);
- if (pw == NULL) {
- return -1;
- }
-
- ngroups = 33;
- if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups) == -1) {
- return -1;
+ int err;
+ if (credp->fc_uid != -1) {
+ err = setxattr(path, "user.virtfs.uid", &credp->fc_uid, sizeof(uid_t),
+ 0);
+ if (err) {
+ return err;
+ }
}
-
- if (setgroups(ngroups, groups)) {
- return -1;
+ if (credp->fc_gid != -1) {
+ err = setxattr(path, "user.virtfs.gid", &credp->fc_gid, sizeof(gid_t),
+ 0);
+ if (err) {
+ return err;
+ }
}
-
- if (setregid(-1, pw->pw_gid)) {
- return -1;
+ if (credp->fc_mode != -1) {
+ err = setxattr(path, "user.virtfs.mode", &credp->fc_mode,
+ sizeof(mode_t), 0);
+ if (err) {
+ return err;
+ }
}
-
- if (setreuid(-1, uid)) {
- return -1;
+ if (credp->fc_rdev != -1) {
+ err = setxattr(path, "user.virtfs.rdev", &credp->fc_rdev,
+ sizeof(dev_t), 0);
+ if (err) {
+ return err;
+ }
}
-
- cur_uid = uid;
-
return 0;
}
@@ -183,6 +176,7 @@ static int local_open2(FsContext *ctx, const char *path, int flags, mode_t mode)
return open(rpath(ctx, path), flags, mode);
}
+
static int local_symlink(FsContext *ctx, const char *oldpath,
const char *newpath)
{
@@ -259,12 +253,13 @@ static int local_remove(FsContext *ctx, const char *path)
static int local_fsync(FsContext *ctx, int fd)
{
+ if (0) /* Just to supress the warning. Will be removed in next patch. */
+ (void)local_set_xattr(NULL, NULL);
return fsync(fd);
}
FileOperations local_ops = {
.lstat = local_lstat,
- .setuid = local_setuid,
.readlink = local_readlink,
.close = local_close,
.closedir = local_closedir,
@@ -67,14 +67,17 @@ static int omode_to_uflags(int8_t mode)
return ret;
}
-static int v9fs_do_lstat(V9fsState *s, V9fsString *path, struct stat *stbuf)
+void cred_init(FsCred *credp)
{
- return s->ops->lstat(&s->ctx, path->data, stbuf);
+ credp->fc_uid = -1;
+ credp->fc_gid = -1;
+ credp->fc_mode = -1;
+ credp->fc_rdev = -1;
}
-static int v9fs_do_setuid(V9fsState *s, uid_t uid)
+static int v9fs_do_lstat(V9fsState *s, V9fsString *path, struct stat *stbuf)
{
- return s->ops->setuid(&s->ctx, uid);
+ return s->ops->lstat(&s->ctx, path->data, stbuf);
}
static ssize_t v9fs_do_readlink(V9fsState *s, V9fsString *path, V9fsString *buf)
@@ -348,7 +351,6 @@ static V9fsFidState *lookup_fid(V9fsState *s, int32_t fid)
for (f = s->fid_list; f; f = f->next) {
if (f->fid == fid) {
- v9fs_do_setuid(s, f->uid);
return f;
}
}
@@ -2253,8 +2255,15 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
exit(1);
}
- if (!strcmp(fse->security_model, "passthrough") &&
- !strcmp(fse->security_model, "mapped")) {
+ if (!strcmp(fse->security_model, "passthrough")) {
+ /* Files on the Fileserver set to client user credentials */
+ s->ctx.fs_sm = SM_PASSTHROUGH;
+ } else if (!strcmp(fse->security_model, "mapped")) {
+ /* Files on the fileserver are set to QEMU credentials.
+ * Client user credentials are saved in extended attributes.
+ */
+ s->ctx.fs_sm = SM_MAPPED;
+ } else {
/* user haven't specified a correct security option */
fprintf(stderr, "one of the following must be specified as the"
"security option:\n\t security_model=passthrough \n\t "
This patch adds required infrastructure for the new security model. Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com> --- hw/file-op-9p.h | 20 +++++++++++++++ hw/virtio-9p-local.c | 65 +++++++++++++++++++++++--------------------------- hw/virtio-9p.c | 23 ++++++++++++----- 3 files changed, 66 insertions(+), 42 deletions(-)