diff mbox

[-V4,7/7] virtio-9p: Implemented security model for chown and chgrp.

Message ID 1274916106-25616-8-git-send-email-jvrao@linux.vnet.ibm.com
State New
Headers show

Commit Message

jvrao May 26, 2010, 11:21 p.m. UTC 
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
---
 hw/file-op-9p.h      |    4 ++--
 hw/virtio-9p-local.c |   18 ++++++++++++++----
 hw/virtio-9p.c       |   15 ++++++++++++---
 3 files changed, 28 insertions(+), 9 deletions(-)

Comments

Aneesh Kumar K.V June 1, 2010, 5:33 p.m. UTC | #1 
On Wed, May 26, 2010 at 04:21:46PM -0700, Venkateswararao Jujjuri (JV) wrote:
> Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
> ---
>  hw/file-op-9p.h      |    4 ++--
>  hw/virtio-9p-local.c |   18 ++++++++++++++----
>  hw/virtio-9p.c       |   15 ++++++++++++---
>  3 files changed, 28 insertions(+), 9 deletions(-)
> 
> diff --git a/hw/file-op-9p.h b/hw/file-op-9p.h
> index c1c08b4..877faf2 100644
> --- a/hw/file-op-9p.h
> +++ b/hw/file-op-9p.h
> @@ -49,8 +49,8 @@ typedef struct FileOperations
>  {
>      int (*lstat)(FsContext *, const char *, struct stat *);
>      ssize_t (*readlink)(FsContext *, const char *, char *, size_t);
> -    int (*chmod)(FsContext *, const char *, mode_t);
> -    int (*chown)(FsContext *, const char *, uid_t, gid_t);
> +    int (*chmod)(FsContext *, const char *, FsCred *);
> +    int (*chown)(FsContext *, const char *, FsCred *);
>      int (*mknod)(FsContext *, const char *, FsCred *);
>      int (*utime)(FsContext *, const char *, const struct utimbuf *);
>      int (*remove)(FsContext *, const char *);
> diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c
> index 11f3650..f46acac 100644
> --- a/hw/virtio-9p-local.c
> +++ b/hw/virtio-9p-local.c
> @@ -173,9 +173,14 @@ static ssize_t local_writev(FsContext *ctx, int fd, const struct iovec *iov,
>      return writev(fd, iov, iovcnt);
>  }
>  
> -static int local_chmod(FsContext *ctx, const char *path, mode_t mode)
> +static int local_chmod(FsContext *fs_ctx, const char *path, FsCred *credp)
>  {
> -    return chmod(rpath(ctx, path), mode);
> +    if (fs_ctx->fs_sm == SM_MAPPED) {
> +        return local_set_xattr(rpath(fs_ctx, path), credp);
> +    } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
> +        return chmod(rpath(fs_ctx, path), credp->fc_mode);
> +    }
> +    return -1;
>  }

You should use this in open2.



>  
>  static int local_mknod(FsContext *fs_ctx, const char *path, FsCred *credp)
> @@ -436,9 +441,14 @@ static int local_rename(FsContext *ctx, const char *oldpath,
>  
>  }
>  
> -static int local_chown(FsContext *ctx, const char *path, uid_t uid, gid_t gid)
> +static int local_chown(FsContext *fs_ctx, const char *path, FsCred *credp)
>  {
> -    return chown(rpath(ctx, path), uid, gid);
> +    if (fs_ctx->fs_sm == SM_MAPPED) {
> +        return local_set_xattr(rpath(fs_ctx, path), credp);
> +    } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
> +        return chown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid);
> +    }
> +    return -1;
>  }
>  

Same here. So that we don't have 

if (fs_ctx->fs_sm == SM_MAPPED) spread in the open2 code but is logically 
grouped at the right place.


>  static int local_utime(FsContext *ctx, const char *path,
> diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
> index 90620aa..dceb5fc 100644
> --- a/hw/virtio-9p.c
> +++ b/hw/virtio-9p.c
> @@ -154,7 +154,11 @@ static int v9fs_do_writev(V9fsState *s, int fd, const struct iovec *iov,
>  
>  static int v9fs_do_chmod(V9fsState *s, V9fsString *path, mode_t mode)
>  {
> -    return s->ops->chmod(&s->ctx, path->data, mode);
> +    FsCred cred;
> +    cred_init(&cred);
> +    cred.fc_mode = mode;
> +
> +    return s->ops->chmod(&s->ctx, path->data, &cred);
>  }
>  
>  static int v9fs_do_mknod(V9fsState *s, V9fsCreateState *vs, mode_t mode,
> @@ -231,7 +235,12 @@ static int v9fs_do_rename(V9fsState *s, V9fsString *oldpath,
>  
>  static int v9fs_do_chown(V9fsState *s, V9fsString *path, uid_t uid, gid_t gid)
>  {
> -    return s->ops->chown(&s->ctx, path->data, uid, gid);
> +    FsCred cred;
> +    cred_init(&cred);
> +    cred.fc_uid = uid;
> +    cred.fc_gid = gid;
> +
> +    return s->ops->chown(&s->ctx, path->data, &cred);
>  }
>  
>  static int v9fs_do_utime(V9fsState *s, V9fsString *path,
> @@ -2022,7 +2031,7 @@ static void v9fs_wstat_post_utime(V9fsState *s, V9fsWstatState *vs, int err)
>          goto out;
>      }
>  
> -    if (vs->v9stat.n_gid != -1) {
> +    if (vs->v9stat.n_gid != -1 || vs->v9stat.n_uid != -1) {
>          if (v9fs_do_chown(s, &vs->fidp->path, vs->v9stat.n_uid,
>                      vs->v9stat.n_gid)) {
>              err = -errno;
> -- 
> 1.6.5.2
> 
> 

-aneesh
diff mbox

Patch

diff --git a/hw/file-op-9p.h b/hw/file-op-9p.h
index c1c08b4..877faf2 100644
--- a/hw/file-op-9p.h
+++ b/hw/file-op-9p.h
@@ -49,8 +49,8 @@  typedef struct FileOperations
 {
     int (*lstat)(FsContext *, const char *, struct stat *);
     ssize_t (*readlink)(FsContext *, const char *, char *, size_t);
-    int (*chmod)(FsContext *, const char *, mode_t);
-    int (*chown)(FsContext *, const char *, uid_t, gid_t);
+    int (*chmod)(FsContext *, const char *, FsCred *);
+    int (*chown)(FsContext *, const char *, FsCred *);
     int (*mknod)(FsContext *, const char *, FsCred *);
     int (*utime)(FsContext *, const char *, const struct utimbuf *);
     int (*remove)(FsContext *, const char *);
diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c
index 11f3650..f46acac 100644
--- a/hw/virtio-9p-local.c
+++ b/hw/virtio-9p-local.c
@@ -173,9 +173,14 @@  static ssize_t local_writev(FsContext *ctx, int fd, const struct iovec *iov,
     return writev(fd, iov, iovcnt);
 }
 
-static int local_chmod(FsContext *ctx, const char *path, mode_t mode)
+static int local_chmod(FsContext *fs_ctx, const char *path, FsCred *credp)
 {
-    return chmod(rpath(ctx, path), mode);
+    if (fs_ctx->fs_sm == SM_MAPPED) {
+        return local_set_xattr(rpath(fs_ctx, path), credp);
+    } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+        return chmod(rpath(fs_ctx, path), credp->fc_mode);
+    }
+    return -1;
 }
 
 static int local_mknod(FsContext *fs_ctx, const char *path, FsCred *credp)
@@ -436,9 +441,14 @@  static int local_rename(FsContext *ctx, const char *oldpath,
 
 }
 
-static int local_chown(FsContext *ctx, const char *path, uid_t uid, gid_t gid)
+static int local_chown(FsContext *fs_ctx, const char *path, FsCred *credp)
 {
-    return chown(rpath(ctx, path), uid, gid);
+    if (fs_ctx->fs_sm == SM_MAPPED) {
+        return local_set_xattr(rpath(fs_ctx, path), credp);
+    } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+        return chown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid);
+    }
+    return -1;
 }
 
 static int local_utime(FsContext *ctx, const char *path,
diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
index 90620aa..dceb5fc 100644
--- a/hw/virtio-9p.c
+++ b/hw/virtio-9p.c
@@ -154,7 +154,11 @@  static int v9fs_do_writev(V9fsState *s, int fd, const struct iovec *iov,
 
 static int v9fs_do_chmod(V9fsState *s, V9fsString *path, mode_t mode)
 {
-    return s->ops->chmod(&s->ctx, path->data, mode);
+    FsCred cred;
+    cred_init(&cred);
+    cred.fc_mode = mode;
+
+    return s->ops->chmod(&s->ctx, path->data, &cred);
 }
 
 static int v9fs_do_mknod(V9fsState *s, V9fsCreateState *vs, mode_t mode,
@@ -231,7 +235,12 @@  static int v9fs_do_rename(V9fsState *s, V9fsString *oldpath,
 
 static int v9fs_do_chown(V9fsState *s, V9fsString *path, uid_t uid, gid_t gid)
 {
-    return s->ops->chown(&s->ctx, path->data, uid, gid);
+    FsCred cred;
+    cred_init(&cred);
+    cred.fc_uid = uid;
+    cred.fc_gid = gid;
+
+    return s->ops->chown(&s->ctx, path->data, &cred);
 }
 
 static int v9fs_do_utime(V9fsState *s, V9fsString *path,
@@ -2022,7 +2031,7 @@  static void v9fs_wstat_post_utime(V9fsState *s, V9fsWstatState *vs, int err)
         goto out;
     }
 
-    if (vs->v9stat.n_gid != -1) {
+    if (vs->v9stat.n_gid != -1 || vs->v9stat.n_uid != -1) {
         if (v9fs_do_chown(s, &vs->fidp->path, vs->v9stat.n_uid,
                     vs->v9stat.n_gid)) {
             err = -errno;