summaryrefslogtreecommitdiff
path: root/netfs/daemon/daemonVolume.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'netfs/daemon/daemonVolume.cpp')
-rw-r--r--netfs/daemon/daemonVolume.cpp97
1 files changed, 79 insertions, 18 deletions
diff --git a/netfs/daemon/daemonVolume.cpp b/netfs/daemon/daemonVolume.cpp
index ef64529..0779043 100644
--- a/netfs/daemon/daemonVolume.cpp
+++ b/netfs/daemon/daemonVolume.cpp
@@ -10,6 +10,8 @@
#include "daemonFile.h"
#include "daemonDirectory.h"
#include "lockHelpers.h"
+#include "ioHelpers.h"
+#include <boost/filesystem/operations.hpp>
extern std::map<Ice::Int, int> files;
@@ -33,17 +35,36 @@ VolumeServer::disconnect(const Ice::Current & ice)
Ice::Int
VolumeServer::access(const NetFS::ReqEnv & re, const std::string & path, Ice::Int mode, const Ice::Current &)
{
- TempPrivs tp(re, uentries, gentries);
+ TempPrivs tp(re, uentries, gentries, root);
+ struct stat s;
boost::filesystem::path p(resolvePath(path));
- return ::access(p.string().c_str(), mode);
+ if (::stat(p.string().c_str(), &s) != 0) {
+ return errno;
+ }
+ if (mode == F_OK) {
+ // stat succeeded, file must exist
+ return 0;
+ }
+ tp.AssertRead(p.parent_path());
+ if (mode & R_OK && !ReadableBy(s, tp.myu, tp.myg)) {
+ return EACCES;
+ }
+ if (mode & W_OK && !WritableBy(s, tp.myu, tp.myg)) {
+ return EACCES;
+ }
+ if (mode & X_OK && !ExecutableBy(s, tp.myu, tp.myg)) {
+ return EACCES;
+ }
+ return 0;
}
NetFS::Attr
VolumeServer::getattr(const NetFS::ReqEnv & re, const std::string & path, const Ice::Current &)
{
- TempPrivs tp(re, uentries, gentries);
+ TempPrivs tp(re, uentries, gentries, root);
struct stat s;
boost::filesystem::path p(resolvePath(path));
+ tp.AssertRead(p.parent_path());
if (::lstat(p.string().c_str(), &s) != 0) {
throw NetFS::SystemError(errno);
}
@@ -55,33 +76,50 @@ VolumeServer::getattr(const NetFS::ReqEnv & re, const std::string & path, const
void
VolumeServer::symlink(const NetFS::ReqEnv & re, const std::string & path1, const std::string & path2, const Ice::Current &)
{
- TempPrivs tp(re, uentries, gentries);
+ TempPrivs tp(re, uentries, gentries, root);
errno = 0;
boost::filesystem::path p(resolvePath(path2));
+ tp.AssertWrite(p.parent_path());
if (::symlink(path1.c_str(), p.string().c_str()) != 0) {
throw NetFS::SystemError(errno);
}
+ if (::lchown(p.string().c_str(), tp.myu, tp.myg) != 0) {
+ ::unlink(p.string().c_str());
+ throw NetFS::SystemError(errno);
+ }
}
void
VolumeServer::link(const NetFS::ReqEnv & re, const std::string & path1, const std::string & path2, const Ice::Current &)
{
- TempPrivs tp(re, uentries, gentries);
+ TempPrivs tp(re, uentries, gentries, root);
errno = 0;
boost::filesystem::path p1(resolvePath(path1));
boost::filesystem::path p2(resolvePath(path2));
if (::link(p1.string().c_str(), p2.string().c_str()) != 0) {
throw NetFS::SystemError(errno);
}
+ if (::chown(p2.string().c_str(), tp.myu, tp.myg) != 0) {
+ ::unlink(p2.string().c_str());
+ throw NetFS::SystemError(errno);
+ }
}
void
VolumeServer::rename(const NetFS::ReqEnv & re, const std::string & from, const std::string & to, const Ice::Current &)
{
- TempPrivs tp(re, uentries, gentries);
+ TempPrivs tp(re, uentries, gentries, root);
errno = 0;
boost::filesystem::path f(resolvePath(from));
boost::filesystem::path t(resolvePath(to));
+ tp.AssertWrite(f.parent_path());
+ tp.AssertWrite(f);
+ if (boost::filesystem::is_directory(t)) {
+ tp.AssertWrite(t);
+ }
+ else {
+ tp.AssertWrite(t.parent_path());
+ }
if (::rename(f.string().c_str(), t.string().c_str()) != 0) {
throw NetFS::SystemError(errno);
}
@@ -90,10 +128,11 @@ VolumeServer::rename(const NetFS::ReqEnv & re, const std::string & from, const s
std::string
VolumeServer::readlink(const NetFS::ReqEnv & re, const std::string & path, const Ice::Current &)
{
- TempPrivs tp(re, uentries, gentries);
+ TempPrivs tp(re, uentries, gentries, root);
errno = 0;
char buf[PATH_MAX];
boost::filesystem::path p(resolvePath(path));
+ tp.AssertRead(p);
ssize_t rc = ::readlink(p.string().c_str(), buf, PATH_MAX);
if (rc == -1) {
throw NetFS::SystemError(errno);
@@ -104,9 +143,10 @@ VolumeServer::readlink(const NetFS::ReqEnv & re, const std::string & path, const
void
VolumeServer::chmod(const NetFS::ReqEnv & re, const std::string & path, Ice::Int mode, const Ice::Current &)
{
- TempPrivs tp(re, uentries, gentries);
+ TempPrivs tp(re, uentries, gentries, root);
errno = 0;
boost::filesystem::path p(resolvePath(path));
+ tp.AssertWrite(p);
if (::chmod(p.string().c_str(), mode) != 0) {
throw NetFS::SystemError(errno);
}
@@ -115,9 +155,10 @@ VolumeServer::chmod(const NetFS::ReqEnv & re, const std::string & path, Ice::Int
void
VolumeServer::chown(const NetFS::ReqEnv & re, const std::string & path, Ice::Int uid, Ice::Int gid, const Ice::Current &)
{
- TempPrivs tp(re, uentries, gentries);
+ TempPrivs tp(re, uentries, gentries, root);
errno = 0;
boost::filesystem::path p(resolvePath(path));
+ tp.AssertWrite(p);
if (::lchown(p.string().c_str(), uid, gid) != 0) {
throw NetFS::SystemError(errno);
}
@@ -127,7 +168,7 @@ void
VolumeServer::utimens(const NetFS::ReqEnv & re, const std::string & path,
Ice::Long s0, Ice::Long ns0, Ice::Long s1, Ice::Long ns1, const Ice::Current&)
{
- TempPrivs tp(re, uentries, gentries);
+ TempPrivs tp(re, uentries, gentries, root);
errno = 0;
struct timespec times[2];
times[0].tv_sec = s0;
@@ -135,6 +176,7 @@ VolumeServer::utimens(const NetFS::ReqEnv & re, const std::string & path,
times[1].tv_sec = s1;
times[1].tv_nsec = ns1;
boost::filesystem::path p(resolvePath(path));
+ tp.AssertWrite(p);
if (::utimensat(0, p.string().c_str(), times, AT_SYMLINK_NOFOLLOW) != 0) {
throw NetFS::SystemError(errno);
}
@@ -143,10 +185,11 @@ VolumeServer::utimens(const NetFS::ReqEnv & re, const std::string & path,
NetFS::VFS
VolumeServer::statfs(const NetFS::ReqEnv & re, const std::string & path, const Ice::Current&)
{
- TempPrivs tp(re, uentries, gentries);
+ TempPrivs tp(re, uentries, gentries, root);
errno = 0;
struct statvfs s;
boost::filesystem::path p(resolvePath(path));
+ tp.AssertRead(p);
if (::statvfs(p.string().c_str(), &s) != 0) {
throw NetFS::SystemError(errno);
}
@@ -158,9 +201,10 @@ VolumeServer::statfs(const NetFS::ReqEnv & re, const std::string & path, const I
void
VolumeServer::truncate(const NetFS::ReqEnv & re, const std::string & path, Ice::Long size, const Ice::Current&)
{
- TempPrivs tp(re, uentries, gentries);
+ TempPrivs tp(re, uentries, gentries, root);
errno = 0;
boost::filesystem::path p(resolvePath(path));
+ tp.AssertWrite(p);
if (::truncate(p.string().c_str(), size) != 0) {
throw NetFS::SystemError(errno);
}
@@ -169,9 +213,11 @@ VolumeServer::truncate(const NetFS::ReqEnv & re, const std::string & path, Ice::
void
VolumeServer::unlink(const NetFS::ReqEnv & re, const std::string & path, const Ice::Current&)
{
- TempPrivs tp(re, uentries, gentries);
+ TempPrivs tp(re, uentries, gentries, root);
errno = 0;
boost::filesystem::path p(resolvePath(path));
+ tp.AssertWrite(p);
+ tp.AssertWrite(p.parent_path());
if (::unlink(p.string().c_str()) != 0) {
throw NetFS::SystemError(errno);
}
@@ -186,9 +232,10 @@ VolumeServer::openReadOnly(const NetFS::ReqEnv & re, const std::string & path, I
NetFS::FilePrx
VolumeServer::open(const NetFS::ReqEnv & re, const std::string & path, Ice::Int flags, const Ice::Current & ice)
{
- TempPrivs tp(re, uentries, gentries);
+ TempPrivs tp(re, uentries, gentries, root);
errno = 0;
boost::filesystem::path p(resolvePath(path));
+ tp.AssertRead(p);
int fd = ::open(p.string().c_str(), flags);
if (fd == -1) {
throw NetFS::SystemError(errno);
@@ -199,22 +246,29 @@ VolumeServer::open(const NetFS::ReqEnv & re, const std::string & path, Ice::Int
NetFS::FilePrx
VolumeServer::create(const NetFS::ReqEnv & re, const std::string & path, Ice::Int flags, Ice::Int mode, const Ice::Current & ice)
{
- TempPrivs tp(re, uentries, gentries);
+ TempPrivs tp(re, uentries, gentries, root);
errno = 0;
boost::filesystem::path p(resolvePath(path));
+ tp.AssertWrite(p.parent_path());
int fd = ::open(p.string().c_str(), O_CREAT | flags, mode);
if (fd == -1) {
throw NetFS::SystemError(errno);
}
+ if (fchown(fd, tp.myu, tp.myg) != 0) {
+ ::close(fd);
+ ::unlink(p.string().c_str());
+ throw NetFS::SystemError(errno);
+ }
return NetFS::FilePrx::checkedCast(ice.adapter->addWithUUID(new FileServer(fd, uentries, gentries)));
}
NetFS::DirectoryPrx
VolumeServer::opendir(const NetFS::ReqEnv & re, const std::string & path, const Ice::Current & ice)
{
- TempPrivs tp(re, uentries, gentries);
+ TempPrivs tp(re, uentries, gentries, root);
errno = 0;
boost::filesystem::path p(resolvePath(path));
+ tp.AssertRead(p);
DIR * od = ::opendir(p.string().c_str());
if (!od) {
throw NetFS::SystemError(errno);
@@ -225,20 +279,27 @@ VolumeServer::opendir(const NetFS::ReqEnv & re, const std::string & path, const
void
VolumeServer::mkdir(const NetFS::ReqEnv & re, const std::string & path, Ice::Int mode, const Ice::Current&)
{
- TempPrivs tp(re, uentries, gentries);
+ TempPrivs tp(re, uentries, gentries, root);
errno = 0;
boost::filesystem::path p(resolvePath(path));
+ tp.AssertWrite(p.parent_path());
if (::mkdir(p.string().c_str(), mode) != 0) {
throw NetFS::SystemError(errno);
}
+ if (::chown(p.string().c_str(), tp.myu, tp.myg) != 0) {
+ ::rmdir(p.string().c_str());
+ throw NetFS::SystemError(errno);
+ }
}
void
VolumeServer::rmdir(const NetFS::ReqEnv & re, const std::string & path, const Ice::Current&)
{
- TempPrivs tp(re, uentries, gentries);
+ TempPrivs tp(re, uentries, gentries, root);
errno = 0;
boost::filesystem::path p(resolvePath(path));
+ tp.AssertWrite(p);
+ tp.AssertWrite(p.parent_path());
if (::rmdir(p.string().c_str()) != 0) {
throw NetFS::SystemError(errno);
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-11 23:34:32 +0000