From 758e8e38eb582e3dc87fd55a1d234c25108a7b7f Mon Sep 17 00:00:00 2001 From: "Venkateswararao Jujjuri (JV)" Date: Mon, 14 Jun 2010 13:34:41 -0700 Subject: virtio-9p: Make infrastructure for the new security model. This patch adds required infrastructure for the new security model. - A new configure option for attr/xattr. - if CONFIG_VIRTFS will be defined if both CONFIG_LINUX and CONFIG_ATTR defined. - Defines routines related to both security models. Signed-off-by: Venkateswararao Jujjuri Signed-off-by: Anthony Liguori --- hw/file-op-9p.h | 20 ++++++++++++++++ hw/virtio-9p-local.c | 65 ++++++++++++++++++++++++---------------------------- hw/virtio-9p.c | 23 +++++++++++++------ hw/virtio-pci.c | 4 ++-- 4 files changed, 68 insertions(+), 44 deletions(-) (limited to 'hw') diff --git a/hw/file-op-9p.h b/hw/file-op-9p.h index f84767f..307bd1e 100644 --- a/hw/file-op-9p.h +++ b/hw/file-op-9p.h @@ -18,13 +18,33 @@ #include #include #include +#include +#define SM_LOCAL_MODE_BITS 0600 +#define SM_LOCAL_DIR_MODE_BITS 0700 + +typedef enum +{ + SM_PASSTHROUGH = 1, /* uid/gid set on fileserver files */ + SM_MAPPED, /* uid/gid part of xattr */ +} SecModel; + +typedef struct FsCred +{ + uid_t fc_uid; + gid_t fc_gid; + mode_t fc_mode; + dev_t fc_rdev; +} FsCred; typedef struct FsContext { char *fs_root; + SecModel fs_sm; uid_t uid; } FsContext; +extern void cred_init(FsCred *); + typedef struct FileOperations { int (*lstat)(FsContext *, const char *, struct stat *); diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c index 1afb731..056b4ba 100644 --- a/hw/virtio-9p-local.c +++ b/hw/virtio-9p-local.c @@ -17,6 +17,7 @@ #include #include #include +#include static const char *rpath(FsContext *ctx, const char *path) { @@ -31,45 +32,37 @@ static int local_lstat(FsContext *ctx, const char *path, struct stat *stbuf) return lstat(rpath(ctx, path), stbuf); } -static int local_setuid(FsContext *ctx, uid_t uid) +static int local_set_xattr(const char *path, FsCred *credp) { - struct passwd *pw; - gid_t groups[33]; - int ngroups; - static uid_t cur_uid = -1; - - if (cur_uid == uid) { - return 0; - } - - if (setreuid(0, 0)) { - return -1; - } - - pw = getpwuid(uid); - if (pw == NULL) { - return -1; - } - - ngroups = 33; - if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups) == -1) { - return -1; + int err; + if (credp->fc_uid != -1) { + err = setxattr(path, "user.virtfs.uid", &credp->fc_uid, sizeof(uid_t), + 0); + if (err) { + return err; + } } - - if (setgroups(ngroups, groups)) { - return -1; + if (credp->fc_gid != -1) { + err = setxattr(path, "user.virtfs.gid", &credp->fc_gid, sizeof(gid_t), + 0); + if (err) { + return err; + } } - - if (setregid(-1, pw->pw_gid)) { - return -1; + if (credp->fc_mode != -1) { + err = setxattr(path, "user.virtfs.mode", &credp->fc_mode, + sizeof(mode_t), 0); + if (err) { + return err; + } } - - if (setreuid(-1, uid)) { - return -1; + if (credp->fc_rdev != -1) { + err = setxattr(path, "user.virtfs.rdev", &credp->fc_rdev, + sizeof(dev_t), 0); + if (err) { + return err; + } } - - cur_uid = uid; - return 0; } @@ -183,6 +176,7 @@ static int local_open2(FsContext *ctx, const char *path, int flags, mode_t mode) return open(rpath(ctx, path), flags, mode); } + static int local_symlink(FsContext *ctx, const char *oldpath, const char *newpath) { @@ -259,12 +253,13 @@ static int local_remove(FsContext *ctx, const char *path) static int local_fsync(FsContext *ctx, int fd) { + if (0) /* Just to supress the warning. Will be removed in next patch. */ + (void)local_set_xattr(NULL, NULL); return fsync(fd); } FileOperations local_ops = { .lstat = local_lstat, - .setuid = local_setuid, .readlink = local_readlink, .close = local_close, .closedir = local_closedir, diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c index 2530488..a7ba4b6 100644 --- a/hw/virtio-9p.c +++ b/hw/virtio-9p.c @@ -67,14 +67,17 @@ static int omode_to_uflags(int8_t mode) return ret; } -static int v9fs_do_lstat(V9fsState *s, V9fsString *path, struct stat *stbuf) +void cred_init(FsCred *credp) { - return s->ops->lstat(&s->ctx, path->data, stbuf); + credp->fc_uid = -1; + credp->fc_gid = -1; + credp->fc_mode = -1; + credp->fc_rdev = -1; } -static int v9fs_do_setuid(V9fsState *s, uid_t uid) +static int v9fs_do_lstat(V9fsState *s, V9fsString *path, struct stat *stbuf) { - return s->ops->setuid(&s->ctx, uid); + return s->ops->lstat(&s->ctx, path->data, stbuf); } static ssize_t v9fs_do_readlink(V9fsState *s, V9fsString *path, V9fsString *buf) @@ -348,7 +351,6 @@ static V9fsFidState *lookup_fid(V9fsState *s, int32_t fid) for (f = s->fid_list; f; f = f->next) { if (f->fid == fid) { - v9fs_do_setuid(s, f->uid); return f; } } @@ -2253,8 +2255,15 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf) exit(1); } - if (!strcmp(fse->security_model, "passthrough") && - !strcmp(fse->security_model, "mapped")) { + if (!strcmp(fse->security_model, "passthrough")) { + /* Files on the Fileserver set to client user credentials */ + s->ctx.fs_sm = SM_PASSTHROUGH; + } else if (!strcmp(fse->security_model, "mapped")) { + /* Files on the fileserver are set to QEMU credentials. + * Client user credentials are saved in extended attributes. + */ + s->ctx.fs_sm = SM_MAPPED; + } else { /* user haven't specified a correct security option */ fprintf(stderr, "one of the following must be specified as the" "security option:\n\t security_model=passthrough \n\t " diff --git a/hw/virtio-pci.c b/hw/virtio-pci.c index e101fa0..9accb77 100644 --- a/hw/virtio-pci.c +++ b/hw/virtio-pci.c @@ -641,7 +641,7 @@ static int virtio_balloon_init_pci(PCIDevice *pci_dev) return 0; } -#ifdef CONFIG_LINUX +#ifdef CONFIG_VIRTFS static int virtio_9p_init_pci(PCIDevice *pci_dev) { VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev); @@ -712,7 +712,7 @@ static PCIDeviceInfo virtio_info[] = { }, .qdev.reset = virtio_pci_reset, },{ -#ifdef CONFIG_LINUX +#ifdef CONFIG_VIRTFS .qdev.name = "virtio-9p-pci", .qdev.size = sizeof(VirtIOPCIProxy), .init = virtio_9p_init_pci, -- cgit v1.1