...
 
Commits (2)
  • Ondrej Holy's avatar
    admin: Allow changing file owner · daf1163a
    Ondrej Holy authored
    CAP_CHOWN is dropped together with other privilages and thus the backend
    can't change file owner. This might be probably e.g. in case of copy
    operation when G_FILE_COPY_ALL_METADATA is used. Let's keep CAP_CHOWN
    to fix this.
    daf1163a
  • Ondrej Holy's avatar
    admin: Use fsuid to ensure correct file ownership · 3895e09d
    Ondrej Holy authored
    Files created over admin backend should be owned by root, but they are
    owned by the user itself. This is because the daemon drops the uid to
    make dbus connection work. Use fsuid and euid to fix this issue.
    
    Closes: #21
    3895e09d
......@@ -157,19 +157,6 @@ complete_job (GVfsJob *job,
g_vfs_job_succeeded (job);
}
static void
fix_file_info (GFileInfo *info)
{
/* Override read/write flags, since the above call will use access()
* to determine permissions, which does not honor our privileged
* capabilities.
*/
g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE);
g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE);
g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE);
g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE);
}
static void
do_query_info (GVfsBackend *backend,
GVfsJobQueryInfo *query_info_job,
......@@ -195,7 +182,6 @@ do_query_info (GVfsBackend *backend,
if (error != NULL)
goto out;
fix_file_info (real_info);
g_file_info_copy_into (real_info, info);
g_object_unref (real_info);
......@@ -220,7 +206,6 @@ do_query_info_on_read (GVfsBackend *backend,
if (error != NULL)
goto out;
fix_file_info (real_info);
g_file_info_copy_into (real_info, info);
g_object_unref (real_info);
......@@ -245,7 +230,6 @@ do_query_info_on_write (GVfsBackend *backend,
if (error != NULL)
goto out;
fix_file_info (real_info);
g_file_info_copy_into (real_info, info);
g_object_unref (real_info);
......@@ -968,7 +952,8 @@ g_vfs_backend_admin_init (GVfsBackendAdmin *self)
#define REQUIRED_CAPS (CAP_TO_MASK(CAP_FOWNER) | \
CAP_TO_MASK(CAP_DAC_OVERRIDE) | \
CAP_TO_MASK(CAP_DAC_READ_SEARCH))
CAP_TO_MASK(CAP_DAC_READ_SEARCH) | \
CAP_TO_MASK(CAP_CHOWN))
static void
acquire_caps (uid_t uid)
......@@ -976,14 +961,15 @@ acquire_caps (uid_t uid)
struct __user_cap_header_struct hdr;
struct __user_cap_data_struct data;
/* Tell kernel not clear capabilities when dropping root */
if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0)
g_error ("prctl(PR_SET_KEEPCAPS) failed");
/* Drop root uid, but retain the required permitted caps */
if (setuid (uid) < 0)
/* Set euid to user to make dbus work */
if (seteuid (uid) < 0)
g_error ("unable to drop privs");
/* Set fsuid to still behave like root when working with files */
setfsuid (0);
if (setfsuid (-1) != 0)
g_error ("setfsuid failed");
memset (&hdr, 0, sizeof(hdr));
hdr.version = _LINUX_CAPABILITY_VERSION;
......