mirror of
https://github.com/xemu-project/xemu.git
synced 2024-12-05 02:06:40 +00:00
24df3371d9
The utimensat() and futimens() syscalls have been around for ages (ie, glibc 2.6 and linux 2.6.22), and the decision was already taken to switch to utimensat() anyway when fixing CVE-2016-9602 in 2.9. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Eric Blake <eblake@redhat.com>
1169 lines
31 KiB
C
1169 lines
31 KiB
C
/*
|
|
* Helper for QEMU Proxy FS Driver
|
|
* Copyright IBM, Corp. 2011
|
|
*
|
|
* Authors:
|
|
* M. Mohan Kumar <mohan@in.ibm.com>
|
|
*
|
|
* This work is licensed under the terms of the GNU GPL, version 2. See
|
|
* the COPYING file in the top-level directory.
|
|
*/
|
|
|
|
#include "qemu/osdep.h"
|
|
#include <sys/resource.h>
|
|
#include <getopt.h>
|
|
#include <syslog.h>
|
|
#include <sys/capability.h>
|
|
#include <sys/fsuid.h>
|
|
#include <sys/vfs.h>
|
|
#include <sys/ioctl.h>
|
|
#include <linux/fs.h>
|
|
#ifdef CONFIG_LINUX_MAGIC_H
|
|
#include <linux/magic.h>
|
|
#endif
|
|
#include "qemu-common.h"
|
|
#include "qemu/sockets.h"
|
|
#include "qemu/xattr.h"
|
|
#include "9p-iov-marshal.h"
|
|
#include "hw/9pfs/9p-proxy.h"
|
|
#include "fsdev/9p-iov-marshal.h"
|
|
|
|
#define PROGNAME "virtfs-proxy-helper"
|
|
|
|
#ifndef XFS_SUPER_MAGIC
|
|
#define XFS_SUPER_MAGIC 0x58465342
|
|
#endif
|
|
#ifndef EXT2_SUPER_MAGIC
|
|
#define EXT2_SUPER_MAGIC 0xEF53
|
|
#endif
|
|
#ifndef REISERFS_SUPER_MAGIC
|
|
#define REISERFS_SUPER_MAGIC 0x52654973
|
|
#endif
|
|
#ifndef BTRFS_SUPER_MAGIC
|
|
#define BTRFS_SUPER_MAGIC 0x9123683E
|
|
#endif
|
|
|
|
static struct option helper_opts[] = {
|
|
{"fd", required_argument, NULL, 'f'},
|
|
{"path", required_argument, NULL, 'p'},
|
|
{"nodaemon", no_argument, NULL, 'n'},
|
|
{"socket", required_argument, NULL, 's'},
|
|
{"uid", required_argument, NULL, 'u'},
|
|
{"gid", required_argument, NULL, 'g'},
|
|
{},
|
|
};
|
|
|
|
static bool is_daemon;
|
|
static bool get_version; /* IOC getversion IOCTL supported */
|
|
|
|
static void GCC_FMT_ATTR(2, 3) do_log(int loglevel, const char *format, ...)
|
|
{
|
|
va_list ap;
|
|
|
|
va_start(ap, format);
|
|
if (is_daemon) {
|
|
vsyslog(LOG_CRIT, format, ap);
|
|
} else {
|
|
vfprintf(stderr, format, ap);
|
|
}
|
|
va_end(ap);
|
|
}
|
|
|
|
static void do_perror(const char *string)
|
|
{
|
|
if (is_daemon) {
|
|
syslog(LOG_CRIT, "%s:%s", string, strerror(errno));
|
|
} else {
|
|
fprintf(stderr, "%s:%s\n", string, strerror(errno));
|
|
}
|
|
}
|
|
|
|
static int do_cap_set(cap_value_t *cap_value, int size, int reset)
|
|
{
|
|
cap_t caps;
|
|
if (reset) {
|
|
/*
|
|
* Start with an empty set and set permitted and effective
|
|
*/
|
|
caps = cap_init();
|
|
if (caps == NULL) {
|
|
do_perror("cap_init");
|
|
return -1;
|
|
}
|
|
if (cap_set_flag(caps, CAP_PERMITTED, size, cap_value, CAP_SET) < 0) {
|
|
do_perror("cap_set_flag");
|
|
goto error;
|
|
}
|
|
} else {
|
|
caps = cap_get_proc();
|
|
if (!caps) {
|
|
do_perror("cap_get_proc");
|
|
return -1;
|
|
}
|
|
}
|
|
if (cap_set_flag(caps, CAP_EFFECTIVE, size, cap_value, CAP_SET) < 0) {
|
|
do_perror("cap_set_flag");
|
|
goto error;
|
|
}
|
|
if (cap_set_proc(caps) < 0) {
|
|
do_perror("cap_set_proc");
|
|
goto error;
|
|
}
|
|
cap_free(caps);
|
|
return 0;
|
|
|
|
error:
|
|
cap_free(caps);
|
|
return -1;
|
|
}
|
|
|
|
static int init_capabilities(void)
|
|
{
|
|
/* helper needs following capabilities only */
|
|
cap_value_t cap_list[] = {
|
|
CAP_CHOWN,
|
|
CAP_DAC_OVERRIDE,
|
|
CAP_FOWNER,
|
|
CAP_FSETID,
|
|
CAP_SETGID,
|
|
CAP_MKNOD,
|
|
CAP_SETUID,
|
|
};
|
|
return do_cap_set(cap_list, ARRAY_SIZE(cap_list), 1);
|
|
}
|
|
|
|
static int socket_read(int sockfd, void *buff, ssize_t size)
|
|
{
|
|
ssize_t retval, total = 0;
|
|
|
|
while (size) {
|
|
retval = read(sockfd, buff, size);
|
|
if (retval == 0) {
|
|
return -EIO;
|
|
}
|
|
if (retval < 0) {
|
|
if (errno == EINTR) {
|
|
continue;
|
|
}
|
|
return -errno;
|
|
}
|
|
size -= retval;
|
|
buff += retval;
|
|
total += retval;
|
|
}
|
|
return total;
|
|
}
|
|
|
|
static int socket_write(int sockfd, void *buff, ssize_t size)
|
|
{
|
|
ssize_t retval, total = 0;
|
|
|
|
while (size) {
|
|
retval = write(sockfd, buff, size);
|
|
if (retval < 0) {
|
|
if (errno == EINTR) {
|
|
continue;
|
|
}
|
|
return -errno;
|
|
}
|
|
size -= retval;
|
|
buff += retval;
|
|
total += retval;
|
|
}
|
|
return total;
|
|
}
|
|
|
|
static int read_request(int sockfd, struct iovec *iovec, ProxyHeader *header)
|
|
{
|
|
int retval;
|
|
|
|
/*
|
|
* read the request header.
|
|
*/
|
|
iovec->iov_len = 0;
|
|
retval = socket_read(sockfd, iovec->iov_base, PROXY_HDR_SZ);
|
|
if (retval < 0) {
|
|
return retval;
|
|
}
|
|
iovec->iov_len = PROXY_HDR_SZ;
|
|
retval = proxy_unmarshal(iovec, 0, "dd", &header->type, &header->size);
|
|
if (retval < 0) {
|
|
return retval;
|
|
}
|
|
/*
|
|
* We can't process message.size > PROXY_MAX_IO_SZ.
|
|
* Treat it as fatal error
|
|
*/
|
|
if (header->size > PROXY_MAX_IO_SZ) {
|
|
return -ENOBUFS;
|
|
}
|
|
retval = socket_read(sockfd, iovec->iov_base + PROXY_HDR_SZ, header->size);
|
|
if (retval < 0) {
|
|
return retval;
|
|
}
|
|
iovec->iov_len += header->size;
|
|
return 0;
|
|
}
|
|
|
|
static int send_fd(int sockfd, int fd)
|
|
{
|
|
struct msghdr msg;
|
|
struct iovec iov;
|
|
int retval, data;
|
|
struct cmsghdr *cmsg;
|
|
union MsgControl msg_control;
|
|
|
|
iov.iov_base = &data;
|
|
iov.iov_len = sizeof(data);
|
|
|
|
memset(&msg, 0, sizeof(msg));
|
|
msg.msg_iov = &iov;
|
|
msg.msg_iovlen = 1;
|
|
/* No ancillary data on error */
|
|
if (fd < 0) {
|
|
/* fd is really negative errno if the request failed */
|
|
data = fd;
|
|
} else {
|
|
data = V9FS_FD_VALID;
|
|
msg.msg_control = &msg_control;
|
|
msg.msg_controllen = sizeof(msg_control);
|
|
|
|
cmsg = &msg_control.cmsg;
|
|
cmsg->cmsg_len = CMSG_LEN(sizeof(fd));
|
|
cmsg->cmsg_level = SOL_SOCKET;
|
|
cmsg->cmsg_type = SCM_RIGHTS;
|
|
memcpy(CMSG_DATA(cmsg), &fd, sizeof(fd));
|
|
}
|
|
|
|
do {
|
|
retval = sendmsg(sockfd, &msg, 0);
|
|
} while (retval < 0 && errno == EINTR);
|
|
if (fd >= 0) {
|
|
close(fd);
|
|
}
|
|
if (retval < 0) {
|
|
return retval;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static int send_status(int sockfd, struct iovec *iovec, int status)
|
|
{
|
|
ProxyHeader header;
|
|
int retval, msg_size;
|
|
|
|
if (status < 0) {
|
|
header.type = T_ERROR;
|
|
} else {
|
|
header.type = T_SUCCESS;
|
|
}
|
|
header.size = sizeof(status);
|
|
/*
|
|
* marshal the return status. We don't check error.
|
|
* because we are sure we have enough space for the status
|
|
*/
|
|
msg_size = proxy_marshal(iovec, 0, "ddd", header.type,
|
|
header.size, status);
|
|
if (msg_size < 0) {
|
|
return msg_size;
|
|
}
|
|
retval = socket_write(sockfd, iovec->iov_base, msg_size);
|
|
if (retval < 0) {
|
|
return retval;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* from man 7 capabilities, section
|
|
* Effect of User ID Changes on Capabilities:
|
|
* If the effective user ID is changed from nonzero to 0, then the permitted
|
|
* set is copied to the effective set. If the effective user ID is changed
|
|
* from 0 to nonzero, then all capabilities are are cleared from the effective
|
|
* set.
|
|
*
|
|
* The setfsuid/setfsgid man pages warn that changing the effective user ID may
|
|
* expose the program to unwanted signals, but this is not true anymore: for an
|
|
* unprivileged (without CAP_KILL) program to send a signal, the real or
|
|
* effective user ID of the sending process must equal the real or saved user
|
|
* ID of the target process. Even when dropping privileges, it is enough to
|
|
* keep the saved UID to a "privileged" value and virtfs-proxy-helper won't
|
|
* be exposed to signals. So just use setresuid/setresgid.
|
|
*/
|
|
static int setugid(int uid, int gid, int *suid, int *sgid)
|
|
{
|
|
int retval;
|
|
|
|
/*
|
|
* We still need DAC_OVERRIDE because we don't change
|
|
* supplementary group ids, and hence may be subjected DAC rules
|
|
*/
|
|
cap_value_t cap_list[] = {
|
|
CAP_DAC_OVERRIDE,
|
|
};
|
|
|
|
*suid = geteuid();
|
|
*sgid = getegid();
|
|
|
|
if (setresgid(-1, gid, *sgid) == -1) {
|
|
retval = -errno;
|
|
goto err_out;
|
|
}
|
|
|
|
if (setresuid(-1, uid, *suid) == -1) {
|
|
retval = -errno;
|
|
goto err_sgid;
|
|
}
|
|
|
|
if (uid != 0 || gid != 0) {
|
|
if (do_cap_set(cap_list, ARRAY_SIZE(cap_list), 0) < 0) {
|
|
retval = -errno;
|
|
goto err_suid;
|
|
}
|
|
}
|
|
return 0;
|
|
|
|
err_suid:
|
|
if (setresuid(-1, *suid, *suid) == -1) {
|
|
abort();
|
|
}
|
|
err_sgid:
|
|
if (setresgid(-1, *sgid, *sgid) == -1) {
|
|
abort();
|
|
}
|
|
err_out:
|
|
return retval;
|
|
}
|
|
|
|
/*
|
|
* This is used to reset the ugid back with the saved values
|
|
* There is nothing much we can do checking error values here.
|
|
*/
|
|
static void resetugid(int suid, int sgid)
|
|
{
|
|
if (setresgid(-1, sgid, sgid) == -1) {
|
|
abort();
|
|
}
|
|
if (setresuid(-1, suid, suid) == -1) {
|
|
abort();
|
|
}
|
|
}
|
|
|
|
/*
|
|
* send response in two parts
|
|
* 1) ProxyHeader
|
|
* 2) Response or error status
|
|
* This function should be called with marshaled response
|
|
* send_response constructs header part and error part only.
|
|
* send response sends {ProxyHeader,Response} if the request was success
|
|
* otherwise sends {ProxyHeader,error status}
|
|
*/
|
|
static int send_response(int sock, struct iovec *iovec, int size)
|
|
{
|
|
int retval;
|
|
ProxyHeader header;
|
|
|
|
/*
|
|
* If response size exceeds available iovec->iov_len,
|
|
* we return ENOBUFS
|
|
*/
|
|
if (size > PROXY_MAX_IO_SZ) {
|
|
size = -ENOBUFS;
|
|
}
|
|
|
|
if (size < 0) {
|
|
/*
|
|
* In case of error we would not have got the error encoded
|
|
* already so encode the error here.
|
|
*/
|
|
header.type = T_ERROR;
|
|
header.size = sizeof(size);
|
|
proxy_marshal(iovec, PROXY_HDR_SZ, "d", size);
|
|
} else {
|
|
header.type = T_SUCCESS;
|
|
header.size = size;
|
|
}
|
|
proxy_marshal(iovec, 0, "dd", header.type, header.size);
|
|
retval = socket_write(sock, iovec->iov_base, header.size + PROXY_HDR_SZ);
|
|
if (retval < 0) {
|
|
return retval;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* gets generation number
|
|
* returns -errno on failure and sizeof(generation number) on success
|
|
*/
|
|
static int do_getversion(struct iovec *iovec, struct iovec *out_iovec)
|
|
{
|
|
uint64_t version;
|
|
int retval = -ENOTTY;
|
|
#ifdef FS_IOC_GETVERSION
|
|
int fd;
|
|
V9fsString path;
|
|
#endif
|
|
|
|
|
|
/* no need to issue ioctl */
|
|
if (!get_version) {
|
|
version = 0;
|
|
retval = proxy_marshal(out_iovec, PROXY_HDR_SZ, "q", version);
|
|
return retval;
|
|
}
|
|
#ifdef FS_IOC_GETVERSION
|
|
retval = proxy_unmarshal(iovec, PROXY_HDR_SZ, "s", &path);
|
|
if (retval < 0) {
|
|
return retval;
|
|
}
|
|
|
|
fd = open(path.data, O_RDONLY);
|
|
if (fd < 0) {
|
|
retval = -errno;
|
|
goto err_out;
|
|
}
|
|
if (ioctl(fd, FS_IOC_GETVERSION, &version) < 0) {
|
|
retval = -errno;
|
|
} else {
|
|
retval = proxy_marshal(out_iovec, PROXY_HDR_SZ, "q", version);
|
|
}
|
|
close(fd);
|
|
err_out:
|
|
v9fs_string_free(&path);
|
|
#endif
|
|
return retval;
|
|
}
|
|
|
|
static int do_getxattr(int type, struct iovec *iovec, struct iovec *out_iovec)
|
|
{
|
|
int size = 0, offset, retval;
|
|
V9fsString path, name, xattr;
|
|
|
|
v9fs_string_init(&xattr);
|
|
v9fs_string_init(&path);
|
|
retval = proxy_unmarshal(iovec, PROXY_HDR_SZ, "ds", &size, &path);
|
|
if (retval < 0) {
|
|
return retval;
|
|
}
|
|
offset = PROXY_HDR_SZ + retval;
|
|
|
|
if (size) {
|
|
xattr.data = g_malloc(size);
|
|
xattr.size = size;
|
|
}
|
|
switch (type) {
|
|
case T_LGETXATTR:
|
|
v9fs_string_init(&name);
|
|
retval = proxy_unmarshal(iovec, offset, "s", &name);
|
|
if (retval > 0) {
|
|
retval = lgetxattr(path.data, name.data, xattr.data, size);
|
|
if (retval < 0) {
|
|
retval = -errno;
|
|
} else {
|
|
xattr.size = retval;
|
|
}
|
|
}
|
|
v9fs_string_free(&name);
|
|
break;
|
|
case T_LLISTXATTR:
|
|
retval = llistxattr(path.data, xattr.data, size);
|
|
if (retval < 0) {
|
|
retval = -errno;
|
|
} else {
|
|
xattr.size = retval;
|
|
}
|
|
break;
|
|
}
|
|
if (retval < 0) {
|
|
goto err_out;
|
|
}
|
|
|
|
if (!size) {
|
|
proxy_marshal(out_iovec, PROXY_HDR_SZ, "d", retval);
|
|
retval = sizeof(retval);
|
|
} else {
|
|
retval = proxy_marshal(out_iovec, PROXY_HDR_SZ, "s", &xattr);
|
|
}
|
|
err_out:
|
|
v9fs_string_free(&xattr);
|
|
v9fs_string_free(&path);
|
|
return retval;
|
|
}
|
|
|
|
static void stat_to_prstat(ProxyStat *pr_stat, struct stat *stat)
|
|
{
|
|
memset(pr_stat, 0, sizeof(*pr_stat));
|
|
pr_stat->st_dev = stat->st_dev;
|
|
pr_stat->st_ino = stat->st_ino;
|
|
pr_stat->st_nlink = stat->st_nlink;
|
|
pr_stat->st_mode = stat->st_mode;
|
|
pr_stat->st_uid = stat->st_uid;
|
|
pr_stat->st_gid = stat->st_gid;
|
|
pr_stat->st_rdev = stat->st_rdev;
|
|
pr_stat->st_size = stat->st_size;
|
|
pr_stat->st_blksize = stat->st_blksize;
|
|
pr_stat->st_blocks = stat->st_blocks;
|
|
pr_stat->st_atim_sec = stat->st_atim.tv_sec;
|
|
pr_stat->st_atim_nsec = stat->st_atim.tv_nsec;
|
|
pr_stat->st_mtim_sec = stat->st_mtim.tv_sec;
|
|
pr_stat->st_mtim_nsec = stat->st_mtim.tv_nsec;
|
|
pr_stat->st_ctim_sec = stat->st_ctim.tv_sec;
|
|
pr_stat->st_ctim_nsec = stat->st_ctim.tv_nsec;
|
|
}
|
|
|
|
static void statfs_to_prstatfs(ProxyStatFS *pr_stfs, struct statfs *stfs)
|
|
{
|
|
memset(pr_stfs, 0, sizeof(*pr_stfs));
|
|
pr_stfs->f_type = stfs->f_type;
|
|
pr_stfs->f_bsize = stfs->f_bsize;
|
|
pr_stfs->f_blocks = stfs->f_blocks;
|
|
pr_stfs->f_bfree = stfs->f_bfree;
|
|
pr_stfs->f_bavail = stfs->f_bavail;
|
|
pr_stfs->f_files = stfs->f_files;
|
|
pr_stfs->f_ffree = stfs->f_ffree;
|
|
pr_stfs->f_fsid[0] = stfs->f_fsid.__val[0];
|
|
pr_stfs->f_fsid[1] = stfs->f_fsid.__val[1];
|
|
pr_stfs->f_namelen = stfs->f_namelen;
|
|
pr_stfs->f_frsize = stfs->f_frsize;
|
|
}
|
|
|
|
/*
|
|
* Gets stat/statfs information and packs in out_iovec structure
|
|
* on success returns number of bytes packed in out_iovec struture
|
|
* otherwise returns -errno
|
|
*/
|
|
static int do_stat(int type, struct iovec *iovec, struct iovec *out_iovec)
|
|
{
|
|
int retval;
|
|
V9fsString path;
|
|
ProxyStat pr_stat;
|
|
ProxyStatFS pr_stfs;
|
|
struct stat st_buf;
|
|
struct statfs stfs_buf;
|
|
|
|
v9fs_string_init(&path);
|
|
retval = proxy_unmarshal(iovec, PROXY_HDR_SZ, "s", &path);
|
|
if (retval < 0) {
|
|
return retval;
|
|
}
|
|
|
|
switch (type) {
|
|
case T_LSTAT:
|
|
retval = lstat(path.data, &st_buf);
|
|
if (retval < 0) {
|
|
retval = -errno;
|
|
} else {
|
|
stat_to_prstat(&pr_stat, &st_buf);
|
|
retval = proxy_marshal(out_iovec, PROXY_HDR_SZ,
|
|
"qqqdddqqqqqqqqqq", pr_stat.st_dev,
|
|
pr_stat.st_ino, pr_stat.st_nlink,
|
|
pr_stat.st_mode, pr_stat.st_uid,
|
|
pr_stat.st_gid, pr_stat.st_rdev,
|
|
pr_stat.st_size, pr_stat.st_blksize,
|
|
pr_stat.st_blocks,
|
|
pr_stat.st_atim_sec, pr_stat.st_atim_nsec,
|
|
pr_stat.st_mtim_sec, pr_stat.st_mtim_nsec,
|
|
pr_stat.st_ctim_sec, pr_stat.st_ctim_nsec);
|
|
}
|
|
break;
|
|
case T_STATFS:
|
|
retval = statfs(path.data, &stfs_buf);
|
|
if (retval < 0) {
|
|
retval = -errno;
|
|
} else {
|
|
statfs_to_prstatfs(&pr_stfs, &stfs_buf);
|
|
retval = proxy_marshal(out_iovec, PROXY_HDR_SZ,
|
|
"qqqqqqqqqqq", pr_stfs.f_type,
|
|
pr_stfs.f_bsize, pr_stfs.f_blocks,
|
|
pr_stfs.f_bfree, pr_stfs.f_bavail,
|
|
pr_stfs.f_files, pr_stfs.f_ffree,
|
|
pr_stfs.f_fsid[0], pr_stfs.f_fsid[1],
|
|
pr_stfs.f_namelen, pr_stfs.f_frsize);
|
|
}
|
|
break;
|
|
}
|
|
v9fs_string_free(&path);
|
|
return retval;
|
|
}
|
|
|
|
static int do_readlink(struct iovec *iovec, struct iovec *out_iovec)
|
|
{
|
|
char *buffer;
|
|
int size, retval;
|
|
V9fsString target, path;
|
|
|
|
v9fs_string_init(&path);
|
|
retval = proxy_unmarshal(iovec, PROXY_HDR_SZ, "sd", &path, &size);
|
|
if (retval < 0) {
|
|
v9fs_string_free(&path);
|
|
return retval;
|
|
}
|
|
buffer = g_malloc(size);
|
|
v9fs_string_init(&target);
|
|
retval = readlink(path.data, buffer, size - 1);
|
|
if (retval > 0) {
|
|
buffer[retval] = '\0';
|
|
v9fs_string_sprintf(&target, "%s", buffer);
|
|
retval = proxy_marshal(out_iovec, PROXY_HDR_SZ, "s", &target);
|
|
} else {
|
|
retval = -errno;
|
|
}
|
|
g_free(buffer);
|
|
v9fs_string_free(&target);
|
|
v9fs_string_free(&path);
|
|
return retval;
|
|
}
|
|
|
|
/*
|
|
* create other filesystem objects and send 0 on success
|
|
* return -errno on error
|
|
*/
|
|
static int do_create_others(int type, struct iovec *iovec)
|
|
{
|
|
dev_t rdev;
|
|
int retval = 0;
|
|
int offset = PROXY_HDR_SZ;
|
|
V9fsString oldpath, path;
|
|
int mode, uid, gid, cur_uid, cur_gid;
|
|
|
|
v9fs_string_init(&path);
|
|
v9fs_string_init(&oldpath);
|
|
|
|
retval = proxy_unmarshal(iovec, offset, "dd", &uid, &gid);
|
|
if (retval < 0) {
|
|
return retval;
|
|
}
|
|
offset += retval;
|
|
retval = setugid(uid, gid, &cur_uid, &cur_gid);
|
|
if (retval < 0) {
|
|
goto unmarshal_err_out;
|
|
}
|
|
switch (type) {
|
|
case T_MKNOD:
|
|
retval = proxy_unmarshal(iovec, offset, "sdq", &path, &mode, &rdev);
|
|
if (retval < 0) {
|
|
goto err_out;
|
|
}
|
|
retval = mknod(path.data, mode, rdev);
|
|
break;
|
|
case T_MKDIR:
|
|
retval = proxy_unmarshal(iovec, offset, "sd", &path, &mode);
|
|
if (retval < 0) {
|
|
goto err_out;
|
|
}
|
|
retval = mkdir(path.data, mode);
|
|
break;
|
|
case T_SYMLINK:
|
|
retval = proxy_unmarshal(iovec, offset, "ss", &oldpath, &path);
|
|
if (retval < 0) {
|
|
goto err_out;
|
|
}
|
|
retval = symlink(oldpath.data, path.data);
|
|
break;
|
|
}
|
|
if (retval < 0) {
|
|
retval = -errno;
|
|
}
|
|
|
|
err_out:
|
|
resetugid(cur_uid, cur_gid);
|
|
unmarshal_err_out:
|
|
v9fs_string_free(&path);
|
|
v9fs_string_free(&oldpath);
|
|
return retval;
|
|
}
|
|
|
|
/*
|
|
* create a file and send fd on success
|
|
* return -errno on error
|
|
*/
|
|
static int do_create(struct iovec *iovec)
|
|
{
|
|
int ret;
|
|
V9fsString path;
|
|
int flags, mode, uid, gid, cur_uid, cur_gid;
|
|
|
|
v9fs_string_init(&path);
|
|
ret = proxy_unmarshal(iovec, PROXY_HDR_SZ, "sdddd",
|
|
&path, &flags, &mode, &uid, &gid);
|
|
if (ret < 0) {
|
|
goto unmarshal_err_out;
|
|
}
|
|
ret = setugid(uid, gid, &cur_uid, &cur_gid);
|
|
if (ret < 0) {
|
|
goto unmarshal_err_out;
|
|
}
|
|
ret = open(path.data, flags, mode);
|
|
if (ret < 0) {
|
|
ret = -errno;
|
|
}
|
|
|
|
resetugid(cur_uid, cur_gid);
|
|
unmarshal_err_out:
|
|
v9fs_string_free(&path);
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* open a file and send fd on success
|
|
* return -errno on error
|
|
*/
|
|
static int do_open(struct iovec *iovec)
|
|
{
|
|
int flags, ret;
|
|
V9fsString path;
|
|
|
|
v9fs_string_init(&path);
|
|
ret = proxy_unmarshal(iovec, PROXY_HDR_SZ, "sd", &path, &flags);
|
|
if (ret < 0) {
|
|
goto err_out;
|
|
}
|
|
ret = open(path.data, flags);
|
|
if (ret < 0) {
|
|
ret = -errno;
|
|
}
|
|
err_out:
|
|
v9fs_string_free(&path);
|
|
return ret;
|
|
}
|
|
|
|
/* create unix domain socket and return the descriptor */
|
|
static int proxy_socket(const char *path, uid_t uid, gid_t gid)
|
|
{
|
|
int sock, client;
|
|
struct sockaddr_un proxy, qemu;
|
|
socklen_t size;
|
|
|
|
/* requested socket already exists, refuse to start */
|
|
if (!access(path, F_OK)) {
|
|
do_log(LOG_CRIT, "socket already exists\n");
|
|
return -1;
|
|
}
|
|
|
|
if (strlen(path) >= sizeof(proxy.sun_path)) {
|
|
do_log(LOG_CRIT, "UNIX domain socket path exceeds %zu characters\n",
|
|
sizeof(proxy.sun_path));
|
|
return -1;
|
|
}
|
|
|
|
sock = socket(AF_UNIX, SOCK_STREAM, 0);
|
|
if (sock < 0) {
|
|
do_perror("socket");
|
|
return -1;
|
|
}
|
|
|
|
/* mask other part of mode bits */
|
|
umask(7);
|
|
|
|
proxy.sun_family = AF_UNIX;
|
|
strcpy(proxy.sun_path, path);
|
|
if (bind(sock, (struct sockaddr *)&proxy,
|
|
sizeof(struct sockaddr_un)) < 0) {
|
|
do_perror("bind");
|
|
goto error;
|
|
}
|
|
if (chown(proxy.sun_path, uid, gid) < 0) {
|
|
do_perror("chown");
|
|
goto error;
|
|
}
|
|
if (listen(sock, 1) < 0) {
|
|
do_perror("listen");
|
|
goto error;
|
|
}
|
|
|
|
size = sizeof(qemu);
|
|
client = accept(sock, (struct sockaddr *)&qemu, &size);
|
|
if (client < 0) {
|
|
do_perror("accept");
|
|
goto error;
|
|
}
|
|
close(sock);
|
|
return client;
|
|
|
|
error:
|
|
close(sock);
|
|
return -1;
|
|
}
|
|
|
|
static void usage(char *prog)
|
|
{
|
|
fprintf(stderr, "usage: %s\n"
|
|
" -p|--path <path> 9p path to export\n"
|
|
" {-f|--fd <socket-descriptor>} socket file descriptor to be used\n"
|
|
" {-s|--socket <socketname> socket file used for communication\n"
|
|
" \t-u|--uid <uid> -g|--gid <gid>} - uid:gid combination to give "
|
|
" access to this socket\n"
|
|
" \tNote: -s & -f can not be used together\n"
|
|
" [-n|--nodaemon] Run as a normal program\n",
|
|
basename(prog));
|
|
}
|
|
|
|
static int process_reply(int sock, int type,
|
|
struct iovec *out_iovec, int retval)
|
|
{
|
|
switch (type) {
|
|
case T_OPEN:
|
|
case T_CREATE:
|
|
if (send_fd(sock, retval) < 0) {
|
|
return -1;
|
|
}
|
|
break;
|
|
case T_MKNOD:
|
|
case T_MKDIR:
|
|
case T_SYMLINK:
|
|
case T_LINK:
|
|
case T_CHMOD:
|
|
case T_CHOWN:
|
|
case T_TRUNCATE:
|
|
case T_UTIME:
|
|
case T_RENAME:
|
|
case T_REMOVE:
|
|
case T_LSETXATTR:
|
|
case T_LREMOVEXATTR:
|
|
if (send_status(sock, out_iovec, retval) < 0) {
|
|
return -1;
|
|
}
|
|
break;
|
|
case T_LSTAT:
|
|
case T_STATFS:
|
|
case T_READLINK:
|
|
case T_LGETXATTR:
|
|
case T_LLISTXATTR:
|
|
case T_GETVERSION:
|
|
if (send_response(sock, out_iovec, retval) < 0) {
|
|
return -1;
|
|
}
|
|
break;
|
|
default:
|
|
return -1;
|
|
break;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static int process_requests(int sock)
|
|
{
|
|
int flags;
|
|
int size = 0;
|
|
int retval = 0;
|
|
uint64_t offset;
|
|
ProxyHeader header;
|
|
int mode, uid, gid;
|
|
V9fsString name, value;
|
|
struct timespec spec[2];
|
|
V9fsString oldpath, path;
|
|
struct iovec in_iovec, out_iovec;
|
|
|
|
in_iovec.iov_base = g_malloc(PROXY_MAX_IO_SZ + PROXY_HDR_SZ);
|
|
in_iovec.iov_len = PROXY_MAX_IO_SZ + PROXY_HDR_SZ;
|
|
out_iovec.iov_base = g_malloc(PROXY_MAX_IO_SZ + PROXY_HDR_SZ);
|
|
out_iovec.iov_len = PROXY_MAX_IO_SZ + PROXY_HDR_SZ;
|
|
|
|
while (1) {
|
|
/*
|
|
* initialize the header type, so that we send
|
|
* response to proper request type.
|
|
*/
|
|
header.type = 0;
|
|
retval = read_request(sock, &in_iovec, &header);
|
|
if (retval < 0) {
|
|
goto err_out;
|
|
}
|
|
|
|
switch (header.type) {
|
|
case T_OPEN:
|
|
retval = do_open(&in_iovec);
|
|
break;
|
|
case T_CREATE:
|
|
retval = do_create(&in_iovec);
|
|
break;
|
|
case T_MKNOD:
|
|
case T_MKDIR:
|
|
case T_SYMLINK:
|
|
retval = do_create_others(header.type, &in_iovec);
|
|
break;
|
|
case T_LINK:
|
|
v9fs_string_init(&path);
|
|
v9fs_string_init(&oldpath);
|
|
retval = proxy_unmarshal(&in_iovec, PROXY_HDR_SZ,
|
|
"ss", &oldpath, &path);
|
|
if (retval > 0) {
|
|
retval = link(oldpath.data, path.data);
|
|
if (retval < 0) {
|
|
retval = -errno;
|
|
}
|
|
}
|
|
v9fs_string_free(&oldpath);
|
|
v9fs_string_free(&path);
|
|
break;
|
|
case T_LSTAT:
|
|
case T_STATFS:
|
|
retval = do_stat(header.type, &in_iovec, &out_iovec);
|
|
break;
|
|
case T_READLINK:
|
|
retval = do_readlink(&in_iovec, &out_iovec);
|
|
break;
|
|
case T_CHMOD:
|
|
v9fs_string_init(&path);
|
|
retval = proxy_unmarshal(&in_iovec, PROXY_HDR_SZ,
|
|
"sd", &path, &mode);
|
|
if (retval > 0) {
|
|
retval = chmod(path.data, mode);
|
|
if (retval < 0) {
|
|
retval = -errno;
|
|
}
|
|
}
|
|
v9fs_string_free(&path);
|
|
break;
|
|
case T_CHOWN:
|
|
v9fs_string_init(&path);
|
|
retval = proxy_unmarshal(&in_iovec, PROXY_HDR_SZ, "sdd", &path,
|
|
&uid, &gid);
|
|
if (retval > 0) {
|
|
retval = lchown(path.data, uid, gid);
|
|
if (retval < 0) {
|
|
retval = -errno;
|
|
}
|
|
}
|
|
v9fs_string_free(&path);
|
|
break;
|
|
case T_TRUNCATE:
|
|
v9fs_string_init(&path);
|
|
retval = proxy_unmarshal(&in_iovec, PROXY_HDR_SZ, "sq",
|
|
&path, &offset);
|
|
if (retval > 0) {
|
|
retval = truncate(path.data, offset);
|
|
if (retval < 0) {
|
|
retval = -errno;
|
|
}
|
|
}
|
|
v9fs_string_free(&path);
|
|
break;
|
|
case T_UTIME:
|
|
v9fs_string_init(&path);
|
|
retval = proxy_unmarshal(&in_iovec, PROXY_HDR_SZ, "sqqqq", &path,
|
|
&spec[0].tv_sec, &spec[0].tv_nsec,
|
|
&spec[1].tv_sec, &spec[1].tv_nsec);
|
|
if (retval > 0) {
|
|
retval = utimensat(AT_FDCWD, path.data, spec,
|
|
AT_SYMLINK_NOFOLLOW);
|
|
if (retval < 0) {
|
|
retval = -errno;
|
|
}
|
|
}
|
|
v9fs_string_free(&path);
|
|
break;
|
|
case T_RENAME:
|
|
v9fs_string_init(&path);
|
|
v9fs_string_init(&oldpath);
|
|
retval = proxy_unmarshal(&in_iovec, PROXY_HDR_SZ,
|
|
"ss", &oldpath, &path);
|
|
if (retval > 0) {
|
|
retval = rename(oldpath.data, path.data);
|
|
if (retval < 0) {
|
|
retval = -errno;
|
|
}
|
|
}
|
|
v9fs_string_free(&oldpath);
|
|
v9fs_string_free(&path);
|
|
break;
|
|
case T_REMOVE:
|
|
v9fs_string_init(&path);
|
|
retval = proxy_unmarshal(&in_iovec, PROXY_HDR_SZ, "s", &path);
|
|
if (retval > 0) {
|
|
retval = remove(path.data);
|
|
if (retval < 0) {
|
|
retval = -errno;
|
|
}
|
|
}
|
|
v9fs_string_free(&path);
|
|
break;
|
|
case T_LGETXATTR:
|
|
case T_LLISTXATTR:
|
|
retval = do_getxattr(header.type, &in_iovec, &out_iovec);
|
|
break;
|
|
case T_LSETXATTR:
|
|
v9fs_string_init(&path);
|
|
v9fs_string_init(&name);
|
|
v9fs_string_init(&value);
|
|
retval = proxy_unmarshal(&in_iovec, PROXY_HDR_SZ, "sssdd", &path,
|
|
&name, &value, &size, &flags);
|
|
if (retval > 0) {
|
|
retval = lsetxattr(path.data,
|
|
name.data, value.data, size, flags);
|
|
if (retval < 0) {
|
|
retval = -errno;
|
|
}
|
|
}
|
|
v9fs_string_free(&path);
|
|
v9fs_string_free(&name);
|
|
v9fs_string_free(&value);
|
|
break;
|
|
case T_LREMOVEXATTR:
|
|
v9fs_string_init(&path);
|
|
v9fs_string_init(&name);
|
|
retval = proxy_unmarshal(&in_iovec,
|
|
PROXY_HDR_SZ, "ss", &path, &name);
|
|
if (retval > 0) {
|
|
retval = lremovexattr(path.data, name.data);
|
|
if (retval < 0) {
|
|
retval = -errno;
|
|
}
|
|
}
|
|
v9fs_string_free(&path);
|
|
v9fs_string_free(&name);
|
|
break;
|
|
case T_GETVERSION:
|
|
retval = do_getversion(&in_iovec, &out_iovec);
|
|
break;
|
|
default:
|
|
goto err_out;
|
|
break;
|
|
}
|
|
|
|
if (process_reply(sock, header.type, &out_iovec, retval) < 0) {
|
|
goto err_out;
|
|
}
|
|
}
|
|
err_out:
|
|
g_free(in_iovec.iov_base);
|
|
g_free(out_iovec.iov_base);
|
|
return -1;
|
|
}
|
|
|
|
int main(int argc, char **argv)
|
|
{
|
|
int sock;
|
|
uid_t own_u;
|
|
gid_t own_g;
|
|
char *rpath = NULL;
|
|
char *sock_name = NULL;
|
|
struct stat stbuf;
|
|
int c, option_index;
|
|
#ifdef FS_IOC_GETVERSION
|
|
int retval;
|
|
struct statfs st_fs;
|
|
#endif
|
|
|
|
is_daemon = true;
|
|
sock = -1;
|
|
own_u = own_g = -1;
|
|
while (1) {
|
|
option_index = 0;
|
|
c = getopt_long(argc, argv, "p:nh?f:s:u:g:", helper_opts,
|
|
&option_index);
|
|
if (c == -1) {
|
|
break;
|
|
}
|
|
switch (c) {
|
|
case 'p':
|
|
rpath = g_strdup(optarg);
|
|
break;
|
|
case 'n':
|
|
is_daemon = false;
|
|
break;
|
|
case 'f':
|
|
sock = atoi(optarg);
|
|
break;
|
|
case 's':
|
|
sock_name = g_strdup(optarg);
|
|
break;
|
|
case 'u':
|
|
own_u = atoi(optarg);
|
|
break;
|
|
case 'g':
|
|
own_g = atoi(optarg);
|
|
break;
|
|
case '?':
|
|
case 'h':
|
|
default:
|
|
usage(argv[0]);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
}
|
|
|
|
/* Parameter validation */
|
|
if ((sock_name == NULL && sock == -1) || rpath == NULL) {
|
|
fprintf(stderr, "socket, socket descriptor or path not specified\n");
|
|
usage(argv[0]);
|
|
return -1;
|
|
}
|
|
|
|
if (sock_name && sock != -1) {
|
|
fprintf(stderr, "both named socket and socket descriptor specified\n");
|
|
usage(argv[0]);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
if (sock_name && (own_u == -1 || own_g == -1)) {
|
|
fprintf(stderr, "owner uid:gid not specified, ");
|
|
fprintf(stderr,
|
|
"owner uid:gid specifies who can access the socket file\n");
|
|
usage(argv[0]);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
if (lstat(rpath, &stbuf) < 0) {
|
|
fprintf(stderr, "invalid path \"%s\" specified, %s\n",
|
|
rpath, strerror(errno));
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
if (!S_ISDIR(stbuf.st_mode)) {
|
|
fprintf(stderr, "specified path \"%s\" is not directory\n", rpath);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
if (is_daemon) {
|
|
if (daemon(0, 0) < 0) {
|
|
fprintf(stderr, "daemon call failed\n");
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
openlog(PROGNAME, LOG_PID, LOG_DAEMON);
|
|
}
|
|
|
|
do_log(LOG_INFO, "Started\n");
|
|
if (sock_name) {
|
|
sock = proxy_socket(sock_name, own_u, own_g);
|
|
if (sock < 0) {
|
|
goto error;
|
|
}
|
|
}
|
|
|
|
if (chroot(rpath) < 0) {
|
|
do_perror("chroot");
|
|
goto error;
|
|
}
|
|
if (chdir("/") < 0) {
|
|
do_perror("chdir");
|
|
goto error;
|
|
}
|
|
|
|
get_version = false;
|
|
#ifdef FS_IOC_GETVERSION
|
|
/* check whether underlying FS support IOC_GETVERSION */
|
|
retval = statfs("/", &st_fs);
|
|
if (!retval) {
|
|
switch (st_fs.f_type) {
|
|
case EXT2_SUPER_MAGIC:
|
|
case BTRFS_SUPER_MAGIC:
|
|
case REISERFS_SUPER_MAGIC:
|
|
case XFS_SUPER_MAGIC:
|
|
get_version = true;
|
|
break;
|
|
}
|
|
}
|
|
#endif
|
|
|
|
umask(0);
|
|
if (init_capabilities() < 0) {
|
|
goto error;
|
|
}
|
|
|
|
process_requests(sock);
|
|
error:
|
|
do_log(LOG_INFO, "Done\n");
|
|
closelog();
|
|
return 0;
|
|
}
|