Changeset 9163
- Timestamp:
- 12/15/11 12:46:53 (18 months ago)
- Location:
- trunk/src
- Files:
-
- 2 modified
-
apps/fuse/pvfs2fuse.c (modified) (32 diffs)
-
common/security/security-util.c (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/apps/fuse/pvfs2fuse.c
r9147 r9163 34 34 #include "pint-util.h" 35 35 #include "str-utils.h" 36 #include "pvfs2-util.h" 37 #include "pint-security.h" 38 #include "security-util.h" 36 39 37 40 typedef struct { 38 41 PVFS_object_ref ref; 39 PVFS_credential s creds;42 PVFS_credential cred; 40 43 } pvfs_fuse_handle_t; 41 44 … … 71 74 #endif 72 75 73 static void pvfs_fuse_gen_credentials( 74 PVFS_credentials *credentials) 75 { 76 credentials->uid = fuse_get_context()->uid; 77 credentials->gid = fuse_get_context()->gid; 76 #define pvfs_fuse_cleanup_credential(cred) PINT_cleanup_credential(cred) 77 78 static int pvfs_fuse_gen_credential( 79 PVFS_credential *credential) 80 { 81 struct fuse_context *ctx = fuse_get_context(); 82 PVFS_credential *new_cred; 83 char uid[16], gid[16]; 84 int ret; 85 86 /* convert uid/gid to strings */ 87 ret = snprintf(uid, sizeof(uid), "%u", ctx->uid); 88 if (ret < 0 || ret >= sizeof(uid)) 89 { 90 return -1; 91 } 92 93 ret = snprintf(gid, sizeof(gid), "%u", ctx->gid); 94 if (ret < 0 || ret >= sizeof(gid)) 95 { 96 return -1; 97 } 98 99 /* allocate new credential */ 100 new_cred = (PVFS_credential *) malloc(sizeof(PVFS_credential)); 101 if (!new_cred) 102 { 103 return -ENOMEM; 104 } 105 memset(new_cred, 0, sizeof(PVFS_credential)); 106 107 /* generate credential -- this process must be running as root */ 108 ret = PVFS_util_gen_credential(uid, 109 gid, 110 PVFS_DEFAULT_CREDENTIAL_TIMEOUT, 111 NULL, 112 new_cred); 113 114 if (ret == 0) 115 { 116 /* copy credential to provided buffer */ 117 ret = PINT_copy_credential(new_cred, credential); 118 } 119 120 /* free generated credential */ 121 pvfs_fuse_cleanup_credential(new_cred); 122 free(new_cred); 123 124 return ret; 78 125 } 79 126 … … 88 135 */ 89 136 90 pvfs_fuse_gen_credentials(&pfh->creds); 137 ret = pvfs_fuse_gen_credential(&pfh->cred); 138 if (ret < 0) 139 { 140 return ret; 141 } 91 142 92 143 memset(&lk_response, 0, sizeof(lk_response)); 93 144 ret = PVFS_sys_lookup(pvfs2fuse.fs_id, 94 145 (char *)path, 95 &pfh->cred s,146 &pfh->cred, 96 147 &lk_response, 97 148 follow_link); 98 149 if ( ret < 0 ) { 150 pvfs_fuse_cleanup_credential(&pfh->cred); 99 151 return ret; 100 152 } … … 117 169 ret = PVFS_sys_getattr(pfhp->ref, 118 170 PVFS_ATTR_SYS_ALL_NOHINT, 119 (PVFS_credential s *) &pfhp->creds,171 (PVFS_credential *) &pfhp->cred, 120 172 &getattr_response); 121 173 if ( ret < 0 ) … … 248 300 ret = lookup( path, &pfh, PVFS2_LOOKUP_LINK_NO_FOLLOW ); 249 301 if ( ret < 0 ) 250 return PVFS_ERROR_TO_ERRNO_N( ret ); 251 252 return pvfs_fuse_getattr_pfhp( &pfh, stbuf ); 302 { 303 return PVFS_ERROR_TO_ERRNO_N( ret ); 304 } 305 306 ret = pvfs_fuse_getattr_pfhp( &pfh, stbuf ); 307 308 pvfs_fuse_cleanup_credential(&pfh.cred); 309 310 return ret; 253 311 } 254 312 … … 268 326 ret = lookup( path, &pfh, PVFS2_LOOKUP_LINK_NO_FOLLOW ); 269 327 if ( ret < 0 ) 270 return PVFS_ERROR_TO_ERRNO_N( ret ); 271 328 { 329 return PVFS_ERROR_TO_ERRNO_N( ret ); 330 } 331 272 332 ret = PVFS_sys_getattr(pfh.ref, 273 333 PVFS_ATTR_SYS_ALL_NOHINT, 274 (PVFS_credential s *) &pfh.creds,334 (PVFS_credential *) &pfh.cred, 275 335 &getattr_response); 336 337 pvfs_fuse_cleanup_credential(&pfh.cred); 338 276 339 if ( ret < 0 ) 277 340 return PVFS_ERROR_TO_ERRNO_N( ret ); … … 313 376 } 314 377 315 lookup( parent, &parent_pfh, PVFS2_LOOKUP_LINK_FOLLOW ); 378 rc = lookup( parent, &parent_pfh, PVFS2_LOOKUP_LINK_FOLLOW ); 379 if (rc) 380 { 381 return PVFS_ERROR_TO_ERRNO_N( rc ); 382 } 316 383 317 384 /* Set attributes */ 318 385 memset(&attr, 0, sizeof(PVFS_sys_attr)); 319 attr.owner = parent_pfh.cred s.uid;320 attr.group = parent_pfh.cred s.gid;386 attr.owner = parent_pfh.cred.userid; 387 attr.group = parent_pfh.cred.group_array[0]; 321 388 attr.perms = mode; 322 389 attr.mask = PVFS_ATTR_SYS_ALL_SETABLE; … … 325 392 parent_pfh.ref, 326 393 attr, 327 &parent_pfh.cred s,394 &parent_pfh.cred, 328 395 &resp_mkdir); 396 397 pvfs_fuse_cleanup_credential(&parent_pfh.cred); 398 329 399 if (rc) 330 400 { … … 354 424 } 355 425 356 lookup( parent, &parent_pfh, PVFS2_LOOKUP_LINK_FOLLOW ); 357 358 rc = PVFS_sys_remove(filename, parent_pfh.ref, &parent_pfh.creds); 426 rc = lookup( parent, &parent_pfh, PVFS2_LOOKUP_LINK_FOLLOW ); 359 427 if (rc) 360 428 { 429 return PVFS_ERROR_TO_ERRNO_N( rc ); 430 } 431 432 rc = PVFS_sys_remove(filename, parent_pfh.ref, &parent_pfh.cred); 433 434 pvfs_fuse_cleanup_credential(&parent_pfh.cred); 435 436 if (rc) 437 { 361 438 return PVFS_ERROR_TO_ERRNO_N( rc ); 362 439 } … … 377 454 static int pvfs_fuse_symlink(const char *from, const char *to) 378 455 { 379 int ret 456 int ret = 0; 380 457 PVFS_sys_attr attr; 381 458 PVFS_sysresp_lookup resp_lookup; 382 459 PVFS_object_ref parent_ref; 383 460 PVFS_sysresp_symlink resp_sym; 384 PVFS_credential s credentials;461 PVFS_credential credential; 385 462 pvfs_fuse_handle_t dir_pfh; 386 463 char *tofile, *todir, *cp; 387 464 388 pvfs_fuse_gen_credential s(&credentials);465 pvfs_fuse_gen_credential(&credential); 389 466 390 467 /* Initialize any variables */ … … 395 472 396 473 /* Set the attributes for the new directory */ 397 attr.owner = credential s.uid;398 attr.group = credential s.gid;474 attr.owner = credential.userid; 475 attr.group = credential.group_array[0]; 399 476 attr.perms = 0777; 400 477 attr.mask = (PVFS_ATTR_SYS_ALL_SETABLE); … … 435 512 (char *) from, 436 513 attr, 437 &credential s,514 &credential, 438 515 &resp_sym); 516 517 pvfs_fuse_cleanup_credential(&credential); 518 pvfs_fuse_cleanup_credential(&dir_pfh.cred); 439 519 440 520 if (ret < 0) … … 491 571 toname, 492 572 todir_pfh.ref, 493 &todir_pfh.creds); 573 &todir_pfh.cred); 574 575 pvfs_fuse_cleanup_credential(&fromdir_pfh.cred); 576 pvfs_fuse_cleanup_credential(&todir_pfh.cred); 577 494 578 if (rc) 495 579 return PVFS_ERROR_TO_ERRNO_N( rc ); … … 512 596 new_attr.mask = PVFS_ATTR_SYS_PERM; 513 597 514 ret = PVFS_sys_setattr(pfh.ref,new_attr,&pfh.creds); 598 ret = PVFS_sys_setattr(pfh.ref,new_attr,&pfh.cred); 599 600 pvfs_fuse_cleanup_credential(&pfh.cred); 601 515 602 if (ret < 0) 516 603 return PVFS_ERROR_TO_ERRNO_N( ret ); … … 534 621 new_attr.mask = PVFS_ATTR_SYS_UID | PVFS_ATTR_SYS_GID; 535 622 536 ret = PVFS_sys_setattr(pfh.ref,new_attr,&pfh.creds); 623 ret = PVFS_sys_setattr(pfh.ref,new_attr,&pfh.cred); 624 625 pvfs_fuse_cleanup_credential(&pfh.cred); 626 537 627 if (ret < 0) 538 628 return PVFS_ERROR_TO_ERRNO_N( ret ); … … 550 640 return PVFS_ERROR_TO_ERRNO_N( ret ); 551 641 552 ret = PVFS_sys_truncate(pfh.ref,size,&pfh.creds); 642 ret = PVFS_sys_truncate(pfh.ref,size,&pfh.cred); 643 644 pvfs_fuse_cleanup_credential(&pfh.cred); 645 553 646 if (ret < 0) 554 647 return PVFS_ERROR_TO_ERRNO_N( ret ); … … 572 665 new_attr.mask = PVFS_ATTR_SYS_ATIME | PVFS_ATTR_SYS_MTIME; 573 666 574 ret = PVFS_sys_setattr(pfh.ref,new_attr,&pfh.creds); 667 ret = PVFS_sys_setattr(pfh.ref,new_attr,&pfh.cred); 668 669 pvfs_fuse_cleanup_credential(&pfh.cred); 670 575 671 if (ret < 0) 576 672 return PVFS_ERROR_TO_ERRNO_N( ret ); … … 615 711 616 712 ret = PVFS_sys_read(pfh->ref, file_req, offset, buf, 617 mem_req, &pfh->creds, &resp_io); 713 mem_req, &pfh->cred, &resp_io); 714 618 715 if (ret == 0) 619 716 { … … 639 736 640 737 ret = PVFS_sys_write(pfh->ref, file_req, offset, (char*)buf, 641 mem_req, &pfh->cred s, &resp_io);738 mem_req, &pfh->cred, &resp_io); 642 739 if (ret == 0) 643 740 { … … 652 749 { 653 750 int ret; 654 PVFS_credential s creds;751 PVFS_credential cred; 655 752 PVFS_sysresp_statfs resp_statfs; 656 753 657 pvfs_fuse_gen_credentials(&creds); 754 ret = pvfs_fuse_gen_credential(&cred); 755 if (ret < 0) 756 { 757 return PVFS_ERROR_TO_ERRNO_N(ret); 758 } 658 759 659 760 /* gather normal statfs statistics from system interface */ 660 761 661 ret = PVFS_sys_statfs(pvfs2fuse.fs_id, &creds, &resp_statfs); 762 ret = PVFS_sys_statfs(pvfs2fuse.fs_id, &cred, &resp_statfs); 763 764 pvfs_fuse_cleanup_credential(&cred); 765 662 766 if (ret < 0) 663 767 { … … 691 795 692 796 if ( pfh != NULL ) { 797 pvfs_fuse_cleanup_credential(&pfh->cred); 693 798 free( pfh ); 694 799 SET_FUSE_HANDLE( fi, NULL ); … … 736 841 ret = PVFS_sys_readdir( 737 842 pfh.ref, (!token ? PVFS_READDIR_START : token), 738 pvfs_dirent_incount, &pfh.cred s, &rd_response);843 pvfs_dirent_incount, &pfh.cred, &rd_response); 739 844 if(ret < 0) 740 return PVFS_ERROR_TO_ERRNO_N( ret ); 845 { 846 pvfs_fuse_cleanup_credential(&pfh.cred); 847 return PVFS_ERROR_TO_ERRNO_N( ret ); 848 } 741 849 742 850 for(i = 0; i < rd_response.pvfs_dirent_outcount; i++) … … 756 864 757 865 } while(rd_response.pvfs_dirent_outcount == pvfs_dirent_incount); 866 867 pvfs_fuse_cleanup_credential(&pfh.cred); 758 868 759 869 return 0; … … 767 877 pvfs_fuse_handle_t pfh; 768 878 int in_group_flag = 0; 879 PVFS_uid uid; 880 PVFS_gid gid; 769 881 770 882 ret = lookup( path, &pfh, PVFS2_LOOKUP_LINK_FOLLOW ); … … 773 885 774 886 /* give root permission, no matter what */ 775 if ( pfh.cred s.uid == 0 )887 if ( pfh.cred.userid == 0 ) 776 888 return 0; 777 889 … … 782 894 ret = PVFS_sys_getattr(pfh.ref, 783 895 PVFS_ATTR_SYS_ALL_NOHINT, 784 (PVFS_credential s *) &pfh.creds,896 (PVFS_credential *) &pfh.cred, 785 897 &getattr_response); 898 899 /* copy uid and gid so credential can be freed */ 900 uid = pfh.cred.userid; 901 gid = pfh.cred.group_array[0]; 902 pvfs_fuse_cleanup_credential(&pfh.cred); 903 786 904 if ( ret < 0 ) 787 return PVFS_ERROR_TO_ERRNO_N( ret ); 905 { 906 return PVFS_ERROR_TO_ERRNO_N( ret ); 907 } 788 908 789 909 attrs = &getattr_response.attr; … … 792 912 793 913 /* see if uid matches object owner */ 794 if ( attrs->owner == pfh.creds.uid )914 if ( attrs->owner == uid ) 795 915 { 796 916 /* see if object user permissions match access type */ … … 823 943 } 824 944 825 /* see if gid matches object group */ 826 if(attrs->group == pfh.creds.gid) 945 /* see if gid matches object group 946 TODO: check all groups */ 947 if(attrs->group == gid) 827 948 { 828 949 /* default group match */ … … 833 954 #if 0 834 955 /* no default group match, check supplementary groups */ 835 ret = PINT_check_group( pfh.creds.uid, attrs->group);956 ret = PINT_check_group(uid, attrs->group); 836 957 if(ret == 0) 837 958 { … … 899 1020 /* Set attributes */ 900 1021 memset(&attr, 0, sizeof(PVFS_sys_attr)); 901 attr.owner = dir_pfh.cred s.uid;902 attr.group = dir_pfh.cred s.gid;1022 attr.owner = dir_pfh.cred.userid; 1023 attr.group = dir_pfh.cred.group_array[0]; 903 1024 attr.perms = mode; 904 1025 attr.atime = time(NULL); … … 910 1031 dir_pfh.ref, 911 1032 attr, 912 &dir_pfh.cred s,1033 &dir_pfh.cred, 913 1034 NULL, 914 1035 &resp_create); … … 936 1057 937 1058 pfhp->ref = resp_create.ref; 938 pfhp->cred s = dir_pfh.creds;1059 pfhp->cred = dir_pfh.cred; 939 1060 940 1061 SET_FUSE_HANDLE( fi, pfhp ); -
trunk/src/common/security/security-util.c
r9133 r9163 222 222 if (cap) 223 223 { 224 free(cap->handle_array); 225 free(cap->signature); 226 free(cap->issuer); 227 224 if (cap->handle_array) 225 { 226 free(cap->handle_array); 227 } 228 if (cap->signature) 229 { 230 free(cap->signature); 231 } 232 if (cap->issuer) 233 { 234 free(cap->issuer); 235 } 236 228 237 cap->handle_array = NULL; 229 238 cap->signature = NULL; … … 366 375 if (cred) 367 376 { 368 free(cred->group_array); 369 free(cred->issuer); 370 free(cred->signature); 371 377 if (cred->group_array) 378 { 379 free(cred->group_array); 380 } 381 if (cred->issuer) 382 { 383 free(cred->issuer); 384 } 385 if (cred->signature) 386 { 387 free(cred->signature); 388 } 389 372 390 cred->group_array = NULL; 373 391 cred->issuer = NULL;
