Check-in [63e41c262c]
Overview
Comment:Updated to cache last home directory looked up and to setfsuid()/setfsgid() before accessing the filesystem so that we may be the right user
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | tcl-ops
Files: files | file ages | folders
SHA1: 63e41c262c0a18858c95c88d4475434ec813c205
User & Date: rkeene on 2014-11-10 03:34:11
Other Links: branch diff | manifest | tags
Context
2014-11-10
04:22
More work towards getting the user multiplexing right check-in: d3bb0824ec user: rkeene tags: tcl-ops
03:34
Updated to cache last home directory looked up and to setfsuid()/setfsgid() before accessing the filesystem so that we may be the right user check-in: 63e41c262c user: rkeene tags: tcl-ops
03:11
Nearly completely working write support check-in: 2160c4189b user: rkeene tags: tcl-ops
Changes

Modified appfsd.c from [227a45ec34] to [9cae19dbb7].

1
2

3
4
5
6
7
8
9
#define FUSE_USE_VERSION 26


#include <sys/types.h>
#include <pthread.h>
#include <string.h>
#include <stdarg.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>


>







1
2
3
4
5
6
7
8
9
10
#define FUSE_USE_VERSION 26

#include <sys/fsuid.h>
#include <sys/types.h>
#include <pthread.h>
#include <string.h>
#include <stdarg.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
297
298
299
300
301
302
303
































304
305
306
307
308
309
310
		/* Unable to lookup user for some reason */
		/* Return an unprivileged user ID */
		return(1);
	}

	return(ctx->uid);
}

































/*
 * Look up the home directory for a given UID
 *        Returns a C string containing the user's home directory or NULL if
 *        the user's home directory does not exist or is not correctly
 *        configured
 */







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
		/* Unable to lookup user for some reason */
		/* Return an unprivileged user ID */
		return(1);
	}

	return(ctx->uid);
}

/*
 * Determine the GID for the user making the current FUSE filesystem request.
 * This will be used to lookup the user's home directory so we can search for
 * locally modified files.
 */
static gid_t appfs_get_fsgid(void) {
	struct fuse_context *ctx;

	if (!appfs_fuse_started) {
		return(getgid());
	}

	ctx = fuse_get_context();
	if (ctx == NULL) {
		/* Unable to lookup user for some reason */
		/* Return an unprivileged user ID */
		return(1);
	}

	return(ctx->gid);
}

static void appfs_simulate_user_fs_enter(void) {
	setfsuid(appfs_get_fsuid());
	setfsgid(appfs_get_fsgid());
}

static void appfs_simulate_user_fs_leave(void) {
	setfsuid(0);
	setfsgid(0);
}

/*
 * Look up the home directory for a given UID
 *        Returns a C string containing the user's home directory or NULL if
 *        the user's home directory does not exist or is not correctly
 *        configured
 */
357
358
359
360
361
362
363




364
365
366
367
368
369









370
371
372
373
374
375
376
377
378








379
380
381
382
383
384
385

/*
 * Tcl interface to get the home directory for the user making the "current"
 * FUSE I/O request
 */
static int tcl_appfs_get_homedir(ClientData cd, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]) {
	char *homedir;





        if (objc != 1) {
                Tcl_WrongNumArgs(interp, 1, objv, NULL);
                return(TCL_ERROR);
        }










	homedir = appfs_get_homedir(appfs_get_fsuid());

	if (homedir == NULL) {
		return(TCL_ERROR);
	}

        Tcl_SetObjResult(interp, Tcl_NewStringObj(homedir, -1));

	free(homedir);









        return(TCL_OK);
}

/*
 * Generate an inode for a given path.  The inode should be computed in such
 * a way that it is unlikely to be duplicated and remains the same for a given







>
>
>
>






>
>
>
>
>
>
>
>
>
|

|
|
|

|

|
>
>
>
>
>
>
>
>







390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439

/*
 * Tcl interface to get the home directory for the user making the "current"
 * FUSE I/O request
 */
static int tcl_appfs_get_homedir(ClientData cd, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]) {
	char *homedir;
	Tcl_Obj *homedir_obj;
	uid_t fsuid;
	static __thread Tcl_Obj *last_homedir_obj = NULL;
	static __thread uid_t last_fsuid = -1;

        if (objc != 1) {
                Tcl_WrongNumArgs(interp, 1, objv, NULL);
                return(TCL_ERROR);
        }

	fsuid = appfs_get_fsuid();

	if (fsuid == last_fsuid && last_homedir_obj != NULL) {
		homedir_obj = last_homedir_obj;
	} else {
		if (last_homedir_obj != NULL) {
			Tcl_DecrRefCount(last_homedir_obj);
		}

		homedir = appfs_get_homedir(appfs_get_fsuid());

		if (homedir == NULL) {
			return(TCL_ERROR);
		}

		homedir_obj = Tcl_NewStringObj(homedir, -1);

		free(homedir);

		last_homedir_obj = homedir_obj;
		last_fsuid = fsuid;

		Tcl_IncrRefCount(last_homedir_obj);
	}

       	Tcl_SetObjResult(interp, homedir_obj);

        return(TCL_OK);
}

/*
 * Generate an inode for a given path.  The inode should be computed in such
 * a way that it is unlikely to be duplicated and remains the same for a given
628
629
630
631
632
633
634

635
636
637
638
639
640
641

	stbuf->st_mtime = pathinfo.time;
	stbuf->st_ctime = pathinfo.time;
	stbuf->st_atime = pathinfo.time;
	stbuf->st_ino   = pathinfo.inode;
	stbuf->st_mode  = 0;
	stbuf->st_uid   = appfs_get_fsuid();


	switch (pathinfo.type) {
		case APPFS_PATHTYPE_DIRECTORY:
			stbuf->st_mode = S_IFDIR | 0555;
			stbuf->st_nlink = 2 + pathinfo.typeinfo.dir.childcount;
			break;
		case APPFS_PATHTYPE_FILE:







>







682
683
684
685
686
687
688
689
690
691
692
693
694
695
696

	stbuf->st_mtime = pathinfo.time;
	stbuf->st_ctime = pathinfo.time;
	stbuf->st_atime = pathinfo.time;
	stbuf->st_ino   = pathinfo.inode;
	stbuf->st_mode  = 0;
	stbuf->st_uid   = appfs_get_fsuid();
	stbuf->st_gid   = appfs_get_fsgid();

	switch (pathinfo.type) {
		case APPFS_PATHTYPE_DIRECTORY:
			stbuf->st_mode = S_IFDIR | 0555;
			stbuf->st_nlink = 2 + pathinfo.typeinfo.dir.childcount;
			break;
		case APPFS_PATHTYPE_FILE:
742
743
744
745
746
747
748


749
750
751


752
753
754
755
756
757
758
759


760
761
762
763
764
765



766
767
768
769
770
771
772
		return(-EISDIR);
	}

	interp = appfs_TclInterp();
	if (interp == NULL) {
		return(-EIO);
	}



	tcl_ret = appfs_Tcl_Eval(interp, 3, "::appfs::openpath", path, mode);
	if (tcl_ret != TCL_OK) {


		APPFS_DEBUG("::appfs::openpath(%s, %s) failed.", path, mode);
		APPFS_DEBUG("Tcl Error is: %s", Tcl_GetStringResult(interp));

		return(-EIO);
	}

	real_path = Tcl_GetStringResult(interp);
	if (real_path == NULL) {


		return(-EIO);
	}

	APPFS_DEBUG("Translated request to open %s to opening %s (mode = \"%s\")", path, real_path, mode);

	fh = open(real_path, fi->flags, 0600);



	if (fh < 0) {
		return(-EIO);
	}

	fi->fh = fh;

	return(0);







>
>



>
>








>
>






>
>
>







797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
		return(-EISDIR);
	}

	interp = appfs_TclInterp();
	if (interp == NULL) {
		return(-EIO);
	}

	appfs_simulate_user_fs_enter();

	tcl_ret = appfs_Tcl_Eval(interp, 3, "::appfs::openpath", path, mode);
	if (tcl_ret != TCL_OK) {
		appfs_simulate_user_fs_leave();

		APPFS_DEBUG("::appfs::openpath(%s, %s) failed.", path, mode);
		APPFS_DEBUG("Tcl Error is: %s", Tcl_GetStringResult(interp));

		return(-EIO);
	}

	real_path = Tcl_GetStringResult(interp);
	if (real_path == NULL) {
		appfs_simulate_user_fs_leave();

		return(-EIO);
	}

	APPFS_DEBUG("Translated request to open %s to opening %s (mode = \"%s\")", path, real_path, mode);

	fh = open(real_path, fi->flags, 0600);

	appfs_simulate_user_fs_leave();

	if (fh < 0) {
		return(-EIO);
	}

	fi->fh = fh;

	return(0);
824
825
826
827
828
829
830


831
832
833


834
835
836
837


838
839
840
841
842
843
844
	if ((mode & S_IFCHR) == S_IFCHR) {
		return(-EPERM);
	}

	if ((mode & S_IFBLK) == S_IFBLK) {
		return(-EPERM);
	}



	real_path = appfs_prepare_to_create(path);
	if (real_path == NULL) {


		return(-EIO);
	}

	mknod_ret = mknod(real_path, mode, device);



	free(real_path);

	if (mknod_ret != 0) {
		return(errno * -1);
	}








>
>



>
>




>
>







888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
	if ((mode & S_IFCHR) == S_IFCHR) {
		return(-EPERM);
	}

	if ((mode & S_IFBLK) == S_IFBLK) {
		return(-EPERM);
	}

	appfs_simulate_user_fs_enter();

	real_path = appfs_prepare_to_create(path);
	if (real_path == NULL) {
		appfs_simulate_user_fs_leave();

		return(-EIO);
	}

	mknod_ret = mknod(real_path, mode, device);

	appfs_simulate_user_fs_leave();

	free(real_path);

	if (mknod_ret != 0) {
		return(errno * -1);
	}

854
855
856
857
858
859
860


861
862
863


864
865
866
867


868
869
870
871
872
873
874
	if ((mode & S_IFCHR) == S_IFCHR) {
		return(-EPERM);
	}

	if ((mode & S_IFBLK) == S_IFBLK) {
		return(-EPERM);
	}



	real_path = appfs_prepare_to_create(path);
	if (real_path == NULL) {


		return(-EIO);
	}

	fd = creat(real_path, mode);



	free(real_path);

	if (fd < 0) {
		return(errno * -1);
	}








>
>



>
>




>
>







924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
	if ((mode & S_IFCHR) == S_IFCHR) {
		return(-EPERM);
	}

	if ((mode & S_IFBLK) == S_IFBLK) {
		return(-EPERM);
	}

	appfs_simulate_user_fs_enter();

	real_path = appfs_prepare_to_create(path);
	if (real_path == NULL) {
		appfs_simulate_user_fs_leave();

		return(-EIO);
	}

	fd = creat(real_path, mode);

	appfs_simulate_user_fs_leave();

	free(real_path);

	if (fd < 0) {
		return(errno * -1);
	}

883
884
885
886
887
888
889
890


891


892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912


913



914
915
916
917
918
919
920
921
922
923
924
925
926
927
928


929
930
931


932
933
934
935


936
937
938
939
940
941
942

	APPFS_DEBUG("Enter (path = %s, ...)", path);

	real_path = appfs_localpath(path);
	if (real_path == NULL) {
		return(-EIO);
	}



	truncate_ret = truncate(real_path, size);



	free(real_path);

	if (truncate_ret != 0) {
		return(errno * -1);
	}

	return(0);
}

static int appfs_fuse_unlink_rmdir(const char *path) {
	Tcl_Interp *interp;
	int tcl_ret;

	APPFS_DEBUG("Enter (path = %s, ...)", path);

	interp = appfs_TclInterp();
	if (interp == NULL) {
		return(-EIO);
	}



	tcl_ret = appfs_Tcl_Eval(interp, 2, "::appfs::unlinkpath", path);



	if (tcl_ret != TCL_OK) {
		APPFS_DEBUG("::appfs::unlinkpath(%s) failed.", path);
		APPFS_DEBUG("Tcl Error is: %s", Tcl_GetStringResult(interp));

		return(-EIO);
	}

	return(0);
}

static int appfs_fuse_mkdir(const char *path, mode_t mode) {
	char *real_path;
	int mkdir_ret;

	APPFS_DEBUG("Enter (path = %s, ...)", path);



	real_path = appfs_prepare_to_create(path);
	if (real_path == NULL) {


		return(-EIO);
	}

	mkdir_ret = mkdir(real_path, mode);



	free(real_path);

	if (mkdir_ret != 0) {
		if (errno != EEXIST) {
			return(errno * -1);
		}








>
>

>
>





















>
>

>
>
>















>
>



>
>




>
>







959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033

	APPFS_DEBUG("Enter (path = %s, ...)", path);

	real_path = appfs_localpath(path);
	if (real_path == NULL) {
		return(-EIO);
	}

	appfs_simulate_user_fs_enter();

	truncate_ret = truncate(real_path, size);

	appfs_simulate_user_fs_leave();

	free(real_path);

	if (truncate_ret != 0) {
		return(errno * -1);
	}

	return(0);
}

static int appfs_fuse_unlink_rmdir(const char *path) {
	Tcl_Interp *interp;
	int tcl_ret;

	APPFS_DEBUG("Enter (path = %s, ...)", path);

	interp = appfs_TclInterp();
	if (interp == NULL) {
		return(-EIO);
	}

	appfs_simulate_user_fs_enter();

	tcl_ret = appfs_Tcl_Eval(interp, 2, "::appfs::unlinkpath", path);

	appfs_simulate_user_fs_leave();

	if (tcl_ret != TCL_OK) {
		APPFS_DEBUG("::appfs::unlinkpath(%s) failed.", path);
		APPFS_DEBUG("Tcl Error is: %s", Tcl_GetStringResult(interp));

		return(-EIO);
	}

	return(0);
}

static int appfs_fuse_mkdir(const char *path, mode_t mode) {
	char *real_path;
	int mkdir_ret;

	APPFS_DEBUG("Enter (path = %s, ...)", path);

	appfs_simulate_user_fs_enter();

	real_path = appfs_prepare_to_create(path);
	if (real_path == NULL) {
		appfs_simulate_user_fs_leave();

		return(-EIO);
	}

	mkdir_ret = mkdir(real_path, mode);

	appfs_simulate_user_fs_leave();

	free(real_path);

	if (mkdir_ret != 0) {
		if (errno != EEXIST) {
			return(errno * -1);
		}
952
953
954
955
956
957
958


959
960
961


962
963
964
965
966
967
968
969


970
971
972
973


974
975
976
977
978
979
980

	APPFS_DEBUG("Enter (path = %s, ...)", path);

	interp = appfs_TclInterp();
	if (interp == NULL) {
		return(-EIO);
	}



	tcl_ret = appfs_Tcl_Eval(interp, 3, "::appfs::openpath", path, "write");
	if (tcl_ret != TCL_OK) {


		APPFS_DEBUG("::appfs::openpath(%s, %s) failed.", path, "write");
		APPFS_DEBUG("Tcl Error is: %s", Tcl_GetStringResult(interp));

		return(-EIO);
	}

	real_path = Tcl_GetStringResult(interp);
	if (real_path == NULL) {


		return(-EIO);
	}

	chmod_ret = chmod(real_path, mode);



	return(chmod_ret);
}

/*
 * SQLite3 mode: Execute raw SQL and return success or failure
 */







>
>



>
>








>
>




>
>







1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079

	APPFS_DEBUG("Enter (path = %s, ...)", path);

	interp = appfs_TclInterp();
	if (interp == NULL) {
		return(-EIO);
	}

	appfs_simulate_user_fs_enter();

	tcl_ret = appfs_Tcl_Eval(interp, 3, "::appfs::openpath", path, "write");
	if (tcl_ret != TCL_OK) {
		appfs_simulate_user_fs_leave();

		APPFS_DEBUG("::appfs::openpath(%s, %s) failed.", path, "write");
		APPFS_DEBUG("Tcl Error is: %s", Tcl_GetStringResult(interp));

		return(-EIO);
	}

	real_path = Tcl_GetStringResult(interp);
	if (real_path == NULL) {
		appfs_simulate_user_fs_leave();

		return(-EIO);
	}

	chmod_ret = chmod(real_path, mode);

	appfs_simulate_user_fs_leave();

	return(chmod_ret);
}

/*
 * SQLite3 mode: Execute raw SQL and return success or failure
 */