Patchwork [PATCH-V6,06/10] virtio-9p: Security model for create/open2

login
register
mail settings
Submitter jvrao
Date June 10, 2010, 8:32 p.m.
Message ID <1276201979-17825-7-git-send-email-jvrao@linux.vnet.ibm.com>
Download mbox | patch
Permalink /patch/55256/
State New
Headers show

Comments

jvrao - June 10, 2010, 8:32 p.m.
In the mapped security model, VirtFS server intercepts and maps
the file object create and get/set attribute requests. Files on the fileserver
will be created with VirtFS servers (QEMU) user credentials and the
client-users credentials are stored in extended attributes. On the request
to get attributes, server extracts the client-users credentials
from extended attributes and sends them to the client.

On Host/Fileserver:
-rw-------. 2 virfsuid virtfsgid 0 2010-05-11 09:19 afile

On Guest/Client:
-rw-r--r-- 2 guestuser guestuser 0 2010-05-11 12:19 afile

Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
---
 hw/file-op-9p.h      |    2 +-
 hw/virtio-9p-local.c |   51 ++++++++++++++++++++++++++++++++++++++++++++++++-
 hw/virtio-9p.c       |   16 ++++++++++----
 3 files changed, 61 insertions(+), 8 deletions(-)

Patch

diff --git a/hw/file-op-9p.h b/hw/file-op-9p.h
index a53cd35..b345189 100644
--- a/hw/file-op-9p.h
+++ b/hw/file-op-9p.h
@@ -62,7 +62,7 @@  typedef struct FileOperations
     int (*closedir)(FsContext *, DIR *);
     DIR *(*opendir)(FsContext *, const char *);
     int (*open)(FsContext *, const char *, int);
-    int (*open2)(FsContext *, const char *, int, mode_t);
+    int (*open2)(FsContext *, const char *, int, FsCred *);
     void (*rewinddir)(FsContext *, DIR *);
     off_t (*telldir)(FsContext *, DIR *);
     struct dirent *(*readdir)(FsContext *, DIR *);
diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c
index 74c81a6..bb5140e 100644
--- a/hw/virtio-9p-local.c
+++ b/hw/virtio-9p-local.c
@@ -95,6 +95,18 @@  static int local_set_xattr(const char *path, FsCred *credp)
     return 0;
 }
 
+static int local_post_create_passthrough(FsContext *fs_ctx, const char *path,
+        FsCred *credp)
+{
+    if (chmod(rpath(fs_ctx, path), credp->fc_mode & 07777) < 0) {
+        return -1;
+    }
+    if (chown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid) < 0) {
+        return -1;
+    }
+    return 0;
+}
+
 static ssize_t local_readlink(FsContext *ctx, const char *path,
                                 char *buf, size_t bufsz)
 {
@@ -230,9 +242,44 @@  static int local_fstat(FsContext *fs_ctx, int fd, struct stat *stbuf)
     return err;
 }
 
-static int local_open2(FsContext *ctx, const char *path, int flags, mode_t mode)
+static int local_open2(FsContext *fs_ctx, const char *path, int flags,
+        FsCred *credp)
 {
-    return open(rpath(ctx, path), flags, mode);
+    int fd = -1;
+    int err = -1;
+    int serrno = 0;
+
+    /* Determine the security model */
+    if (fs_ctx->fs_sm == SM_MAPPED) {
+        fd = open(rpath(fs_ctx, path), flags, SM_LOCAL_MODE_BITS);
+        if (fd == -1) {
+            return fd;
+        }
+        credp->fc_mode = credp->fc_mode|S_IFREG;
+        /* Set cleint credentials in xattr */
+        err = local_set_xattr(rpath(fs_ctx, path), credp);
+        if (err == -1) {
+            serrno = errno;
+            goto err_end;
+        }
+    } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+        fd = open(rpath(fs_ctx, path), flags, credp->fc_mode);
+        if (fd == -1) {
+            return fd;
+        }
+        err = local_post_create_passthrough(fs_ctx, path, credp);
+        if (err == -1) {
+            serrno = errno;
+            goto err_end;
+        }
+    }
+    return fd;
+
+err_end:
+    close(fd);
+    remove(rpath(fs_ctx, path));
+    errno = serrno;
+    return err;
 }
 
 
diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
index fa459c9..49a3065 100644
--- a/hw/virtio-9p.c
+++ b/hw/virtio-9p.c
@@ -180,9 +180,17 @@  static int v9fs_do_fstat(V9fsState *s, int fd, struct stat *stbuf)
     return s->ops->fstat(&s->ctx, fd, stbuf);
 }
 
-static int v9fs_do_open2(V9fsState *s, V9fsString *path, int flags, mode_t mode)
+static int v9fs_do_open2(V9fsState *s, V9fsCreateState *vs)
 {
-    return s->ops->open2(&s->ctx, path->data, flags, mode);
+    FsCred cred;
+    int flags;
+
+    cred_init(&cred);
+    cred.fc_uid = vs->fidp->uid;
+    cred.fc_mode = vs->perm & 0777;
+    flags = omode_to_uflags(vs->mode) | O_CREAT;
+
+    return s->ops->open2(&s->ctx, vs->fullname.data, flags, &cred);
 }
 
 static int v9fs_do_symlink(V9fsState *s, V9fsString *oldpath,
@@ -1815,9 +1823,7 @@  static void v9fs_create_post_lstat(V9fsState *s, V9fsCreateState *vs, int err)
         err = v9fs_do_mksock(s, &vs->fullname);
         v9fs_create_post_mksock(s, vs, err);
     } else {
-        vs->fidp->fd = v9fs_do_open2(s, &vs->fullname,
-                                omode_to_uflags(vs->mode) | O_CREAT,
-                                vs->perm & 0777);
+        vs->fidp->fd = v9fs_do_open2(s, vs);
         v9fs_create_post_open2(s, vs, err);
     }