Check-in [e9fcc6d8f5]
Overview
SHA1:e9fcc6d8f52f28a19bad96be870994ef91b05e5a
Date: 2015-03-19 16:09:20
User: rkeene
Comment:Allow administrators to provide additional/replaced permissions for files, fixed suidRoot setting
Timelines: family | ancestors | descendants | both | trunk
Downloads: Tarball | ZIP archive
Other Links: files | file ages | folders | manifest
Tags And Properties
Context
2015-03-20
01:46
[0ab26b4975] Updated to lowercase permissions read from the database, for security (user: rkeene, tags: trunk)
2015-03-19
16:09
[e9fcc6d8f5] Allow administrators to provide additional/replaced permissions for files, fixed suidRoot setting (user: rkeene, tags: trunk)
15:43
[9be4aa6a4a] Updated to indicate local files are not world-accessible (good idea ?) (user: rkeene, tags: trunk)
Changes

Modified appfsd.c from [3e9adabf49] to [fe7e6328bd].

139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
...
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
...
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
....
1148
1149
1150
1151
1152
1153
1154

1155
1156
1157
1158
1159
1160
1161
....
1186
1187
1188
1189
1190
1191
1192


1193
1194
1195
1196
1197
1198


1199
1200
1201
1202
1203
1204
1205


1206
1207
1208
1209
1210
1211
1212
1213
....
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
....
2006
2007
2008
2009
2010
2011
2012







2013
2014
2015
2016
2017
2018
2019
	unsigned long long inode;
	union {
		struct {
			int childcount;
		} dir;
		struct {
			int executable;
			int suid;
			int worldaccessible;
			off_t size;
		} file;
		struct {
			off_t size;
			char source[256];
		} symlink;
................................................................................
				}

				break;
			case 'f': /* file */
				pathinfo->type = APPFS_PATHTYPE_FILE;
				pathinfo->typeinfo.file.size = 0;
				pathinfo->typeinfo.file.executable = 0;
				pathinfo->typeinfo.file.suid = 0;
				pathinfo->typeinfo.file.worldaccessible = 0;

				Tcl_DictObjGet(interp, attrs_dict, attr_key_size, &attr_value);
				if (attr_value != NULL) {
					tcl_ret = Tcl_GetWideIntFromObj(NULL, attr_value, &attr_value_wide);
					if (tcl_ret == TCL_OK) {
						pathinfo->typeinfo.file.size = attr_value_wide;
................................................................................
					for (attr_value_str_i = &attr_value_str[0]; *attr_value_str_i != '\0'; attr_value_str_i++) {
						switch (*attr_value_str_i) {
							case 'x':
								pathinfo->typeinfo.file.executable = 1;

								break;
							case 'U':
								pathinfo->typeinfo.file.suid = 1;

								break;
							case '-':
								pathinfo->typeinfo.file.worldaccessible = 1;

								break;
						}
................................................................................
	memcpy(buf, pathinfo.typeinfo.symlink.source, strlen(pathinfo.typeinfo.symlink.source) + 1);

	return(0);
}

static int appfs_fuse_getattr(const char *path, struct stat *stbuf) {
	struct appfs_pathinfo pathinfo;

	int retval;

	retval = 0;

	APPFS_DEBUG("Enter (path = %s, ...)", path);

#if (defined(DEBUG) && defined(APPFS_EXIT_PATH)) || defined(APPFS_EXIT_PATH_ENABLE_MAJOR_SECURITY_HOLE)
................................................................................

	stbuf->st_mtime = pathinfo.time;
	stbuf->st_ctime = pathinfo.time;
	stbuf->st_atime = pathinfo.time;
	stbuf->st_ino   = pathinfo.inode;
	stbuf->st_mode  = 0;



	switch (pathinfo.type) {
		case APPFS_PATHTYPE_DIRECTORY:
			stbuf->st_mode = S_IFDIR | 0555;
			stbuf->st_nlink = 2 + pathinfo.typeinfo.dir.childcount;
			break;
		case APPFS_PATHTYPE_FILE:


			if (pathinfo.typeinfo.file.executable) {
				stbuf->st_mode = S_IFREG | 0555;
			} else {
				stbuf->st_mode = S_IFREG | 0444;
			}

			if (pathinfo.typeinfo.file.suid) {


				stbuf->st_mode = S_IFREG | 04000;
			}

			if (pathinfo.typeinfo.file.worldaccessible) {
				stbuf->st_mode &= ~077;
			}

			stbuf->st_nlink = 1;
................................................................................
			break;
		case APPFS_PATHTYPE_INVALID:
			retval = -EIO;

			break;
	}

	if (pathinfo.packaged) {
		stbuf->st_uid   = appfs_get_fsuid();
		stbuf->st_gid   = appfs_get_fsgid();
		stbuf->st_mode |= 0200;
	}

	return(retval);
}
................................................................................
	 ** Add FUSE arguments which we always supply
	 **/
	fuse_opt_add_arg(args, "-odefault_permissions,fsname=appfs,subtype=appfsd,use_ino,kernel_cache,entry_timeout=0,attr_timeout=0,big_writes,intr,hard_remove");

	if (getuid() == 0) {
		fuse_opt_parse(args, NULL, NULL, NULL);
		fuse_opt_add_arg(args, "-oallow_other");







	}

	while ((ch = getopt(argc, argv, "dfshvo:")) != -1) {
		switch (ch) {
			case 'v':
				/* Ignored */
				break;







|







 







|







 







|







 







>







 







>
>






>
>

|
<
<


|
>
>
|







 







|







 







>
>
>
>
>
>
>







139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
...
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
...
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
....
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
....
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205


1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
....
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
....
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
	unsigned long long inode;
	union {
		struct {
			int childcount;
		} dir;
		struct {
			int executable;
			int suidRoot;
			int worldaccessible;
			off_t size;
		} file;
		struct {
			off_t size;
			char source[256];
		} symlink;
................................................................................
				}

				break;
			case 'f': /* file */
				pathinfo->type = APPFS_PATHTYPE_FILE;
				pathinfo->typeinfo.file.size = 0;
				pathinfo->typeinfo.file.executable = 0;
				pathinfo->typeinfo.file.suidRoot = 0;
				pathinfo->typeinfo.file.worldaccessible = 0;

				Tcl_DictObjGet(interp, attrs_dict, attr_key_size, &attr_value);
				if (attr_value != NULL) {
					tcl_ret = Tcl_GetWideIntFromObj(NULL, attr_value, &attr_value_wide);
					if (tcl_ret == TCL_OK) {
						pathinfo->typeinfo.file.size = attr_value_wide;
................................................................................
					for (attr_value_str_i = &attr_value_str[0]; *attr_value_str_i != '\0'; attr_value_str_i++) {
						switch (*attr_value_str_i) {
							case 'x':
								pathinfo->typeinfo.file.executable = 1;

								break;
							case 'U':
								pathinfo->typeinfo.file.suidRoot = 1;

								break;
							case '-':
								pathinfo->typeinfo.file.worldaccessible = 1;

								break;
						}
................................................................................
	memcpy(buf, pathinfo.typeinfo.symlink.source, strlen(pathinfo.typeinfo.symlink.source) + 1);

	return(0);
}

static int appfs_fuse_getattr(const char *path, struct stat *stbuf) {
	struct appfs_pathinfo pathinfo;
	int changeOwnerToUserIfPackaged;
	int retval;

	retval = 0;

	APPFS_DEBUG("Enter (path = %s, ...)", path);

#if (defined(DEBUG) && defined(APPFS_EXIT_PATH)) || defined(APPFS_EXIT_PATH_ENABLE_MAJOR_SECURITY_HOLE)
................................................................................

	stbuf->st_mtime = pathinfo.time;
	stbuf->st_ctime = pathinfo.time;
	stbuf->st_atime = pathinfo.time;
	stbuf->st_ino   = pathinfo.inode;
	stbuf->st_mode  = 0;

	changeOwnerToUserIfPackaged = 1;

	switch (pathinfo.type) {
		case APPFS_PATHTYPE_DIRECTORY:
			stbuf->st_mode = S_IFDIR | 0555;
			stbuf->st_nlink = 2 + pathinfo.typeinfo.dir.childcount;
			break;
		case APPFS_PATHTYPE_FILE:
			stbuf->st_mode = S_IFREG | 0444;

			if (pathinfo.typeinfo.file.executable) {
				stbuf->st_mode |= 0111;


			}

			if (pathinfo.typeinfo.file.suidRoot) {
				changeOwnerToUserIfPackaged = 0;

				stbuf->st_mode |= 04000;
			}

			if (pathinfo.typeinfo.file.worldaccessible) {
				stbuf->st_mode &= ~077;
			}

			stbuf->st_nlink = 1;
................................................................................
			break;
		case APPFS_PATHTYPE_INVALID:
			retval = -EIO;

			break;
	}

	if (pathinfo.packaged && changeOwnerToUserIfPackaged) {
		stbuf->st_uid   = appfs_get_fsuid();
		stbuf->st_gid   = appfs_get_fsgid();
		stbuf->st_mode |= 0200;
	}

	return(retval);
}
................................................................................
	 ** Add FUSE arguments which we always supply
	 **/
	fuse_opt_add_arg(args, "-odefault_permissions,fsname=appfs,subtype=appfsd,use_ino,kernel_cache,entry_timeout=0,attr_timeout=0,big_writes,intr,hard_remove");

	if (getuid() == 0) {
		fuse_opt_parse(args, NULL, NULL, NULL);
		fuse_opt_add_arg(args, "-oallow_other");

		/*
		 * This should generally be avoided, but if there are security
		 * concerns suid can be disabled completely on the commandline
		 */
		fuse_opt_parse(args, NULL, NULL, NULL);
		fuse_opt_add_arg(args, "-osuid");
	}

	while ((ch = getopt(argc, argv, "dfshvo:")) != -1) {
		switch (ch) {
			case 'v':
				/* Ignored */
				break;

Modified appfsd.tcl from [c5b01df3b2] to [ca14ca67ab].

36
37
38
39
40
41
42









43
44
45
46
47
48
49
...
751
752
753
754
755
756
757




758
759
760
761
762
763
764
...
789
790
791
792
793
794
795





796
797
798
799
800
801
802
		return "http://$hostname/appfs/$method/$hash"
	}

	# User-replaceable function get the home directory of the current user
	proc get_homedir {} {
		return [::appfsd::get_homedir]
	}









}

namespace eval ::appfs {
	variable cachedir "/tmp/appfs-cache"
	variable ttl 3600
	variable nttl 60
	variable trusted_cas [list]
................................................................................
							"directory" {
								set retval(type) "directory"
								set retval(childcount) [llength [getchildren $path]]
							}
							"file" {
								set retval(type) "file"
								set retval(size) $localpathinfo(size)




								_as_user {
									if {[file executable $localpath]} {
										set retval(perms) "x-"
									} else {
										set retval(perms) "-"
									}
								}
................................................................................
						set file [lindex $work end]

						if {$directory == "" && $file == ""} {
							array set retval [list type directory]
						}

						::appfs::db eval {SELECT type, time, source, size, perms FROM files WHERE package_sha1 = $pathinfo(package_sha1) AND file_directory = $directory AND file_name = $file;} retval {}






						if {[info exists retval(type)] && $retval(type) == "directory"} {
							set retval(childcount) [llength [getchildren $path]]
						}

						unset -nocomplain retval(*)
					}







>
>
>
>
>
>
>
>
>







 







>
>
>
>







 







>
>
>
>
>







36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
...
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
...
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
		return "http://$hostname/appfs/$method/$hash"
	}

	# User-replaceable function get the home directory of the current user
	proc get_homedir {} {
		return [::appfsd::get_homedir]
	}

	# User-replacable function to update permissions
	proc change_perms {file perms} {
		if {[info exists ::appfs::user::add_perms($file)]} {
			append perms $::appfs::user::add_perms($file)
		}

		return $perms
	}
}

namespace eval ::appfs {
	variable cachedir "/tmp/appfs-cache"
	variable ttl 3600
	variable nttl 60
	variable trusted_cas [list]
................................................................................
							"directory" {
								set retval(type) "directory"
								set retval(childcount) [llength [getchildren $path]]
							}
							"file" {
								set retval(type) "file"
								set retval(size) $localpathinfo(size)

								# Once the user writes to a file, all its other
								# attributes (such as suid) are lost

								_as_user {
									if {[file executable $localpath]} {
										set retval(perms) "x-"
									} else {
										set retval(perms) "-"
									}
								}
................................................................................
						set file [lindex $work end]

						if {$directory == "" && $file == ""} {
							array set retval [list type directory]
						}

						::appfs::db eval {SELECT type, time, source, size, perms FROM files WHERE package_sha1 = $pathinfo(package_sha1) AND file_directory = $directory AND file_name = $file;} retval {}

						# Allow an administrator to supply additional permissions to remote files
						if {[info exists retval(perms)]} {
							set retval(perms) [::appfs::user::change_perms $path $retval(perms)]
						}

						if {[info exists retval(type)] && $retval(type) == "directory"} {
							set retval(childcount) [llength [getchildren $path]]
						}

						unset -nocomplain retval(*)
					}