Check-in [e9fcc6d8f5]
Overview
Comment:Allow administrators to provide additional/replaced permissions for files, fixed suidRoot setting
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: e9fcc6d8f52f28a19bad96be870994ef91b05e5a
User & Date: rkeene on 2015-03-19 16:09:20
Other Links: manifest | tags
Context
2015-03-20
01:46
Updated to lowercase permissions read from the database, for security check-in: 0ab26b4975 user: rkeene tags: trunk
2015-03-19
16:09
Allow administrators to provide additional/replaced permissions for files, fixed suidRoot setting check-in: e9fcc6d8f5 user: rkeene tags: trunk
15:43
Updated to indicate local files are not world-accessible (good idea ?) check-in: 9be4aa6a4a user: rkeene tags: trunk
Changes

Modified appfsd.c from [3e9adabf49] to [fe7e6328bd].

139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
	unsigned long long inode;
	union {
		struct {
			int childcount;
		} dir;
		struct {
			int executable;
			int suid;
			int worldaccessible;
			off_t size;
		} file;
		struct {
			off_t size;
			char source[256];
		} symlink;







|







139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
	unsigned long long inode;
	union {
		struct {
			int childcount;
		} dir;
		struct {
			int executable;
			int suidRoot;
			int worldaccessible;
			off_t size;
		} file;
		struct {
			off_t size;
			char source[256];
		} symlink;
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
				}

				break;
			case 'f': /* file */
				pathinfo->type = APPFS_PATHTYPE_FILE;
				pathinfo->typeinfo.file.size = 0;
				pathinfo->typeinfo.file.executable = 0;
				pathinfo->typeinfo.file.suid = 0;
				pathinfo->typeinfo.file.worldaccessible = 0;

				Tcl_DictObjGet(interp, attrs_dict, attr_key_size, &attr_value);
				if (attr_value != NULL) {
					tcl_ret = Tcl_GetWideIntFromObj(NULL, attr_value, &attr_value_wide);
					if (tcl_ret == TCL_OK) {
						pathinfo->typeinfo.file.size = attr_value_wide;
					}
				}

				Tcl_DictObjGet(interp, attrs_dict, attr_key_perms, &attr_value);
				if (attr_value != NULL) {
					attr_value_str = Tcl_GetString(attr_value);
					for (attr_value_str_i = &attr_value_str[0]; *attr_value_str_i != '\0'; attr_value_str_i++) {
						switch (*attr_value_str_i) {
							case 'x':
								pathinfo->typeinfo.file.executable = 1;

								break;
							case 'U':
								pathinfo->typeinfo.file.suid = 1;

								break;
							case '-':
								pathinfo->typeinfo.file.worldaccessible = 1;

								break;
						}







|




















|







932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
				}

				break;
			case 'f': /* file */
				pathinfo->type = APPFS_PATHTYPE_FILE;
				pathinfo->typeinfo.file.size = 0;
				pathinfo->typeinfo.file.executable = 0;
				pathinfo->typeinfo.file.suidRoot = 0;
				pathinfo->typeinfo.file.worldaccessible = 0;

				Tcl_DictObjGet(interp, attrs_dict, attr_key_size, &attr_value);
				if (attr_value != NULL) {
					tcl_ret = Tcl_GetWideIntFromObj(NULL, attr_value, &attr_value_wide);
					if (tcl_ret == TCL_OK) {
						pathinfo->typeinfo.file.size = attr_value_wide;
					}
				}

				Tcl_DictObjGet(interp, attrs_dict, attr_key_perms, &attr_value);
				if (attr_value != NULL) {
					attr_value_str = Tcl_GetString(attr_value);
					for (attr_value_str_i = &attr_value_str[0]; *attr_value_str_i != '\0'; attr_value_str_i++) {
						switch (*attr_value_str_i) {
							case 'x':
								pathinfo->typeinfo.file.executable = 1;

								break;
							case 'U':
								pathinfo->typeinfo.file.suidRoot = 1;

								break;
							case '-':
								pathinfo->typeinfo.file.worldaccessible = 1;

								break;
						}
1148
1149
1150
1151
1152
1153
1154

1155
1156
1157
1158
1159
1160
1161
	memcpy(buf, pathinfo.typeinfo.symlink.source, strlen(pathinfo.typeinfo.symlink.source) + 1);

	return(0);
}

static int appfs_fuse_getattr(const char *path, struct stat *stbuf) {
	struct appfs_pathinfo pathinfo;

	int retval;

	retval = 0;

	APPFS_DEBUG("Enter (path = %s, ...)", path);

#if (defined(DEBUG) && defined(APPFS_EXIT_PATH)) || defined(APPFS_EXIT_PATH_ENABLE_MAJOR_SECURITY_HOLE)







>







1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
	memcpy(buf, pathinfo.typeinfo.symlink.source, strlen(pathinfo.typeinfo.symlink.source) + 1);

	return(0);
}

static int appfs_fuse_getattr(const char *path, struct stat *stbuf) {
	struct appfs_pathinfo pathinfo;
	int changeOwnerToUserIfPackaged;
	int retval;

	retval = 0;

	APPFS_DEBUG("Enter (path = %s, ...)", path);

#if (defined(DEBUG) && defined(APPFS_EXIT_PATH)) || defined(APPFS_EXIT_PATH_ENABLE_MAJOR_SECURITY_HOLE)
1186
1187
1188
1189
1190
1191
1192


1193
1194
1195
1196
1197
1198
1199
1200
1201

1202
1203
1204
1205


1206
1207
1208
1209
1210
1211
1212
1213

	stbuf->st_mtime = pathinfo.time;
	stbuf->st_ctime = pathinfo.time;
	stbuf->st_atime = pathinfo.time;
	stbuf->st_ino   = pathinfo.inode;
	stbuf->st_mode  = 0;



	switch (pathinfo.type) {
		case APPFS_PATHTYPE_DIRECTORY:
			stbuf->st_mode = S_IFDIR | 0555;
			stbuf->st_nlink = 2 + pathinfo.typeinfo.dir.childcount;
			break;
		case APPFS_PATHTYPE_FILE:
			if (pathinfo.typeinfo.file.executable) {
				stbuf->st_mode = S_IFREG | 0555;
			} else {

				stbuf->st_mode = S_IFREG | 0444;
			}

			if (pathinfo.typeinfo.file.suid) {


				stbuf->st_mode = S_IFREG | 04000;
			}

			if (pathinfo.typeinfo.file.worldaccessible) {
				stbuf->st_mode &= ~077;
			}

			stbuf->st_nlink = 1;







>
>






<
|
|
>
|


|
>
>
|







1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201

1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218

	stbuf->st_mtime = pathinfo.time;
	stbuf->st_ctime = pathinfo.time;
	stbuf->st_atime = pathinfo.time;
	stbuf->st_ino   = pathinfo.inode;
	stbuf->st_mode  = 0;

	changeOwnerToUserIfPackaged = 1;

	switch (pathinfo.type) {
		case APPFS_PATHTYPE_DIRECTORY:
			stbuf->st_mode = S_IFDIR | 0555;
			stbuf->st_nlink = 2 + pathinfo.typeinfo.dir.childcount;
			break;
		case APPFS_PATHTYPE_FILE:

			stbuf->st_mode = S_IFREG | 0444;

			if (pathinfo.typeinfo.file.executable) {
				stbuf->st_mode |= 0111;
			}

			if (pathinfo.typeinfo.file.suidRoot) {
				changeOwnerToUserIfPackaged = 0;

				stbuf->st_mode |= 04000;
			}

			if (pathinfo.typeinfo.file.worldaccessible) {
				stbuf->st_mode &= ~077;
			}

			stbuf->st_nlink = 1;
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
			break;
		case APPFS_PATHTYPE_INVALID:
			retval = -EIO;

			break;
	}

	if (pathinfo.packaged) {
		stbuf->st_uid   = appfs_get_fsuid();
		stbuf->st_gid   = appfs_get_fsgid();
		stbuf->st_mode |= 0200;
	}

	return(retval);
}







|







1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
			break;
		case APPFS_PATHTYPE_INVALID:
			retval = -EIO;

			break;
	}

	if (pathinfo.packaged && changeOwnerToUserIfPackaged) {
		stbuf->st_uid   = appfs_get_fsuid();
		stbuf->st_gid   = appfs_get_fsgid();
		stbuf->st_mode |= 0200;
	}

	return(retval);
}
2006
2007
2008
2009
2010
2011
2012







2013
2014
2015
2016
2017
2018
2019
	 ** Add FUSE arguments which we always supply
	 **/
	fuse_opt_add_arg(args, "-odefault_permissions,fsname=appfs,subtype=appfsd,use_ino,kernel_cache,entry_timeout=0,attr_timeout=0,big_writes,intr,hard_remove");

	if (getuid() == 0) {
		fuse_opt_parse(args, NULL, NULL, NULL);
		fuse_opt_add_arg(args, "-oallow_other");







	}

	while ((ch = getopt(argc, argv, "dfshvo:")) != -1) {
		switch (ch) {
			case 'v':
				/* Ignored */
				break;







>
>
>
>
>
>
>







2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
	 ** Add FUSE arguments which we always supply
	 **/
	fuse_opt_add_arg(args, "-odefault_permissions,fsname=appfs,subtype=appfsd,use_ino,kernel_cache,entry_timeout=0,attr_timeout=0,big_writes,intr,hard_remove");

	if (getuid() == 0) {
		fuse_opt_parse(args, NULL, NULL, NULL);
		fuse_opt_add_arg(args, "-oallow_other");

		/*
		 * This should generally be avoided, but if there are security
		 * concerns suid can be disabled completely on the commandline
		 */
		fuse_opt_parse(args, NULL, NULL, NULL);
		fuse_opt_add_arg(args, "-osuid");
	}

	while ((ch = getopt(argc, argv, "dfshvo:")) != -1) {
		switch (ch) {
			case 'v':
				/* Ignored */
				break;

Modified appfsd.tcl from [c5b01df3b2] to [ca14ca67ab].

36
37
38
39
40
41
42









43
44
45
46
47
48
49
		return "http://$hostname/appfs/$method/$hash"
	}

	# User-replaceable function get the home directory of the current user
	proc get_homedir {} {
		return [::appfsd::get_homedir]
	}









}

namespace eval ::appfs {
	variable cachedir "/tmp/appfs-cache"
	variable ttl 3600
	variable nttl 60
	variable trusted_cas [list]







>
>
>
>
>
>
>
>
>







36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
		return "http://$hostname/appfs/$method/$hash"
	}

	# User-replaceable function get the home directory of the current user
	proc get_homedir {} {
		return [::appfsd::get_homedir]
	}

	# User-replacable function to update permissions
	proc change_perms {file perms} {
		if {[info exists ::appfs::user::add_perms($file)]} {
			append perms $::appfs::user::add_perms($file)
		}

		return $perms
	}
}

namespace eval ::appfs {
	variable cachedir "/tmp/appfs-cache"
	variable ttl 3600
	variable nttl 60
	variable trusted_cas [list]
751
752
753
754
755
756
757




758
759
760
761
762
763
764
							"directory" {
								set retval(type) "directory"
								set retval(childcount) [llength [getchildren $path]]
							}
							"file" {
								set retval(type) "file"
								set retval(size) $localpathinfo(size)




								_as_user {
									if {[file executable $localpath]} {
										set retval(perms) "x-"
									} else {
										set retval(perms) "-"
									}
								}







>
>
>
>







760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
							"directory" {
								set retval(type) "directory"
								set retval(childcount) [llength [getchildren $path]]
							}
							"file" {
								set retval(type) "file"
								set retval(size) $localpathinfo(size)

								# Once the user writes to a file, all its other
								# attributes (such as suid) are lost

								_as_user {
									if {[file executable $localpath]} {
										set retval(perms) "x-"
									} else {
										set retval(perms) "-"
									}
								}
789
790
791
792
793
794
795





796
797
798
799
800
801
802
						set file [lindex $work end]

						if {$directory == "" && $file == ""} {
							array set retval [list type directory]
						}

						::appfs::db eval {SELECT type, time, source, size, perms FROM files WHERE package_sha1 = $pathinfo(package_sha1) AND file_directory = $directory AND file_name = $file;} retval {}






						if {[info exists retval(type)] && $retval(type) == "directory"} {
							set retval(childcount) [llength [getchildren $path]]
						}

						unset -nocomplain retval(*)
					}







>
>
>
>
>







802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
						set file [lindex $work end]

						if {$directory == "" && $file == ""} {
							array set retval [list type directory]
						}

						::appfs::db eval {SELECT type, time, source, size, perms FROM files WHERE package_sha1 = $pathinfo(package_sha1) AND file_directory = $directory AND file_name = $file;} retval {}

						# Allow an administrator to supply additional permissions to remote files
						if {[info exists retval(perms)]} {
							set retval(perms) [::appfs::user::change_perms $path $retval(perms)]
						}

						if {[info exists retval(type)] && $retval(type) == "directory"} {
							set retval(childcount) [llength [getchildren $path]]
						}

						unset -nocomplain retval(*)
					}