Loading fs/src/adafs_ops/access.cpp +42 −4 Original line number Diff line number Diff line Loading @@ -61,18 +61,18 @@ int chk_uid(const Metadata& md) { if (fuse_get_context()->uid == md.uid()) return 0; // else no access return -EACCES; // else no permission return -EPERM; } /** * Changes the mode from an object to given mode * Changes the mode from an object to a given mode. Permissions are NOT checked here * @param md * @param mode * @return */ // XXX error handling int chmod(Metadata& md, mode_t mode, const bfs::path& path) { int change_access(Metadata& md, mode_t mode, const bfs::path& path) { auto path_hash = ADAFS_DATA->hashf(path.string()); md.mode((uint32_t) mode); Loading @@ -89,6 +89,44 @@ int chmod(Metadata& md, mode_t mode, const bfs::path& path) { return 0; } /** * Changes the uid and gid from an object to a given mode. Only root can actually change gid and uid for now. * Normal users can't change the uid because they only have one. * And currently normal users can't change the group either. * @param md * @param uid * @param gid * @param path * @return */ int change_permissions(Metadata& md, uid_t uid, gid_t gid, const bfs::path& path) { auto path_hash = ADAFS_DATA->hashf(path.string()); // XXX Users should be able to change the group to whatever groups they're belonging to. For now group can only // XXX be changed to the active group they're belonging to. if (fuse_get_context()->gid != gid) return -EPERM; // if nothing changed, nothing to do if (md.uid() == uid && md.gid() == gid) return 0; // root can do anything if (fuse_get_context()->uid == 0) { md.uid(uid); md.gid(gid); write_metadata_field(md.gid(), path_hash, md_field_map.at(Md_fields::gid)); write_metadata_field(md.uid(), path_hash, md_field_map.at(Md_fields::uid)); #ifdef ACMtime md.update_ACM_time(true, true, true); write_metadata_field(md.atime(), path_hash, md_field_map.at(Md_fields::atime)); write_metadata_field(md.ctime(), path_hash, md_field_map.at(Md_fields::ctime)); write_metadata_field(md.mtime(), path_hash, md_field_map.at(Md_fields::mtime)); #endif return 0; } // if we get here, users what to change uid or gid to something else which is not permitted return -EPERM; } fs/src/adafs_ops/access.h +3 −1 Original line number Diff line number Diff line Loading @@ -12,6 +12,8 @@ int chk_access(const Metadata& md, int mask); int chk_uid(const Metadata& md); int chmod(Metadata& md, mode_t mode, const bfs::path& path); int change_access(Metadata& md, mode_t mode, const bfs::path& path); int change_permissions(Metadata& md, uid_t uid, gid_t gid, const bfs::path& path); #endif //FS_ACCESS_H fs/src/configure.h +5 −2 Original line number Diff line number Diff line Loading @@ -5,11 +5,14 @@ #ifndef FS_CONFIGURE_H #define FS_CONFIGURE_H // Uncomment to enabled logging with info level // To enabled logging with info level #define LOG_INFO //#define LOG_DEBUG // Uncomment if ACM time should be considered // If ACM time should be considered #define ACMtime // If access permissions should be checked while opening a file #define CHECK_ACCESS #endif //FS_CONFIGURE_H fs/src/fuse_ops/access.cpp +14 −5 Original line number Diff line number Diff line Loading @@ -36,18 +36,18 @@ int adafs_access(const char* p, int mask) { * may also be NULL if the file is open. */ int adafs_chmod(const char* p, mode_t mode, struct fuse_file_info* fi) { ADAFS_DATA->logger->info("##### FUSE FUNC ###### adafs_chmod() enter: name '{}' mode {:o}", p, mode); ADAFS_DATA->logger->debug("##### FUSE FUNC ###### adafs_chmod() enter: name '{}' mode {:o}", p, mode); auto path = bfs::path(p); auto md = make_shared<Metadata>(); auto err = get_metadata(*md, path); if (err) return err; // for chmod only the uid matters AFAIK // for change_access only the uid matters AFAIK err = chk_uid(*md); if (err) return err; return chmod(*md, mode, path); return change_access(*md, mode, path); } /** Change the owner and group of a file Loading @@ -59,7 +59,16 @@ int adafs_chmod(const char* p, mode_t mode, struct fuse_file_info* fi) { * expected to reset the setuid and setgid bits. */ int adafs_chown(const char* p, uid_t uid, gid_t gid, struct fuse_file_info* fi) { ADAFS_DATA->logger->info("##### FUSE FUNC ###### adafs_chown() enter: name '{}' uid {} gid {}", p, uid, gid); ADAFS_DATA->logger->debug("##### FUSE FUNC ###### adafs_chown() enter: name '{}' uid {} gid {}", p, uid, gid); auto path = bfs::path(p); auto md = make_shared<Metadata>(); auto err = get_metadata(*md, path); if (err) return err; // any ownership change requires the user of the object err = chk_uid(*md); if (err) return err; return 0; return change_permissions(*md, uid, gid, path); } No newline at end of file fs/src/fuse_ops/directory.cpp +4 −0 Original line number Diff line number Diff line Loading @@ -20,6 +20,7 @@ using namespace std; */ int adafs_opendir(const char* p, struct fuse_file_info* fi) { ADAFS_DATA->logger->debug("##### FUSE FUNC ###### adafs_opendir() enter: name '{}'", p); #ifdef CHECK_ACCESS // XXX error handling auto path = bfs::path(p); auto md = make_shared<Metadata>(); Loading @@ -39,6 +40,9 @@ int adafs_opendir(const char* p, struct fuse_file_info* fi) { default: return -EACCES; } #else return 0; #endif } /** Read directory Loading Loading
fs/src/adafs_ops/access.cpp +42 −4 Original line number Diff line number Diff line Loading @@ -61,18 +61,18 @@ int chk_uid(const Metadata& md) { if (fuse_get_context()->uid == md.uid()) return 0; // else no access return -EACCES; // else no permission return -EPERM; } /** * Changes the mode from an object to given mode * Changes the mode from an object to a given mode. Permissions are NOT checked here * @param md * @param mode * @return */ // XXX error handling int chmod(Metadata& md, mode_t mode, const bfs::path& path) { int change_access(Metadata& md, mode_t mode, const bfs::path& path) { auto path_hash = ADAFS_DATA->hashf(path.string()); md.mode((uint32_t) mode); Loading @@ -89,6 +89,44 @@ int chmod(Metadata& md, mode_t mode, const bfs::path& path) { return 0; } /** * Changes the uid and gid from an object to a given mode. Only root can actually change gid and uid for now. * Normal users can't change the uid because they only have one. * And currently normal users can't change the group either. * @param md * @param uid * @param gid * @param path * @return */ int change_permissions(Metadata& md, uid_t uid, gid_t gid, const bfs::path& path) { auto path_hash = ADAFS_DATA->hashf(path.string()); // XXX Users should be able to change the group to whatever groups they're belonging to. For now group can only // XXX be changed to the active group they're belonging to. if (fuse_get_context()->gid != gid) return -EPERM; // if nothing changed, nothing to do if (md.uid() == uid && md.gid() == gid) return 0; // root can do anything if (fuse_get_context()->uid == 0) { md.uid(uid); md.gid(gid); write_metadata_field(md.gid(), path_hash, md_field_map.at(Md_fields::gid)); write_metadata_field(md.uid(), path_hash, md_field_map.at(Md_fields::uid)); #ifdef ACMtime md.update_ACM_time(true, true, true); write_metadata_field(md.atime(), path_hash, md_field_map.at(Md_fields::atime)); write_metadata_field(md.ctime(), path_hash, md_field_map.at(Md_fields::ctime)); write_metadata_field(md.mtime(), path_hash, md_field_map.at(Md_fields::mtime)); #endif return 0; } // if we get here, users what to change uid or gid to something else which is not permitted return -EPERM; }
fs/src/adafs_ops/access.h +3 −1 Original line number Diff line number Diff line Loading @@ -12,6 +12,8 @@ int chk_access(const Metadata& md, int mask); int chk_uid(const Metadata& md); int chmod(Metadata& md, mode_t mode, const bfs::path& path); int change_access(Metadata& md, mode_t mode, const bfs::path& path); int change_permissions(Metadata& md, uid_t uid, gid_t gid, const bfs::path& path); #endif //FS_ACCESS_H
fs/src/configure.h +5 −2 Original line number Diff line number Diff line Loading @@ -5,11 +5,14 @@ #ifndef FS_CONFIGURE_H #define FS_CONFIGURE_H // Uncomment to enabled logging with info level // To enabled logging with info level #define LOG_INFO //#define LOG_DEBUG // Uncomment if ACM time should be considered // If ACM time should be considered #define ACMtime // If access permissions should be checked while opening a file #define CHECK_ACCESS #endif //FS_CONFIGURE_H
fs/src/fuse_ops/access.cpp +14 −5 Original line number Diff line number Diff line Loading @@ -36,18 +36,18 @@ int adafs_access(const char* p, int mask) { * may also be NULL if the file is open. */ int adafs_chmod(const char* p, mode_t mode, struct fuse_file_info* fi) { ADAFS_DATA->logger->info("##### FUSE FUNC ###### adafs_chmod() enter: name '{}' mode {:o}", p, mode); ADAFS_DATA->logger->debug("##### FUSE FUNC ###### adafs_chmod() enter: name '{}' mode {:o}", p, mode); auto path = bfs::path(p); auto md = make_shared<Metadata>(); auto err = get_metadata(*md, path); if (err) return err; // for chmod only the uid matters AFAIK // for change_access only the uid matters AFAIK err = chk_uid(*md); if (err) return err; return chmod(*md, mode, path); return change_access(*md, mode, path); } /** Change the owner and group of a file Loading @@ -59,7 +59,16 @@ int adafs_chmod(const char* p, mode_t mode, struct fuse_file_info* fi) { * expected to reset the setuid and setgid bits. */ int adafs_chown(const char* p, uid_t uid, gid_t gid, struct fuse_file_info* fi) { ADAFS_DATA->logger->info("##### FUSE FUNC ###### adafs_chown() enter: name '{}' uid {} gid {}", p, uid, gid); ADAFS_DATA->logger->debug("##### FUSE FUNC ###### adafs_chown() enter: name '{}' uid {} gid {}", p, uid, gid); auto path = bfs::path(p); auto md = make_shared<Metadata>(); auto err = get_metadata(*md, path); if (err) return err; // any ownership change requires the user of the object err = chk_uid(*md); if (err) return err; return 0; return change_permissions(*md, uid, gid, path); } No newline at end of file
fs/src/fuse_ops/directory.cpp +4 −0 Original line number Diff line number Diff line Loading @@ -20,6 +20,7 @@ using namespace std; */ int adafs_opendir(const char* p, struct fuse_file_info* fi) { ADAFS_DATA->logger->debug("##### FUSE FUNC ###### adafs_opendir() enter: name '{}'", p); #ifdef CHECK_ACCESS // XXX error handling auto path = bfs::path(p); auto md = make_shared<Metadata>(); Loading @@ -39,6 +40,9 @@ int adafs_opendir(const char* p, struct fuse_file_info* fi) { default: return -EACCES; } #else return 0; #endif } /** Read directory Loading
