From owner-svn-src-projects@freebsd.org Tue May 7 01:27:25 2019 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0DF22159B373 for ; Tue, 7 May 2019 01:27:25 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A70906BC4D; Tue, 7 May 2019 01:27:24 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 81946F2E5; Tue, 7 May 2019 01:27:24 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x471ROLt000121; Tue, 7 May 2019 01:27:24 GMT (envelope-from asomers@FreeBSD.org) Received: (from asomers@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x471ROvf000119; Tue, 7 May 2019 01:27:24 GMT (envelope-from asomers@FreeBSD.org) Message-Id: <201905070127.x471ROvf000119@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: asomers set sender to asomers@FreeBSD.org using -f From: Alan Somers Date: Tue, 7 May 2019 01:27:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r347217 - in projects/fuse2: sys/fs/fuse tests/sys/fs/fusefs X-SVN-Group: projects X-SVN-Commit-Author: asomers X-SVN-Commit-Paths: in projects/fuse2: sys/fs/fuse tests/sys/fs/fusefs X-SVN-Commit-Revision: 347217 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: A70906BC4D X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.95 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.95)[-0.953,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 May 2019 01:27:25 -0000 Author: asomers Date: Tue May 7 01:27:23 2019 New Revision: 347217 URL: https://svnweb.freebsd.org/changeset/base/347217 Log: fusefs: allow the null chown and null chgrp Even an unprivileged user should be able to chown a file to its current owner, or chgrp it to its current group. Those are no-ops. Reported by: pjdfstest Sponsored by: The FreeBSD Foundation Modified: projects/fuse2/sys/fs/fuse/fuse_vnops.c projects/fuse2/tests/sys/fs/fusefs/default_permissions.cc Modified: projects/fuse2/sys/fs/fuse/fuse_vnops.c ============================================================================== --- projects/fuse2/sys/fs/fuse/fuse_vnops.c Tue May 7 01:18:57 2019 (r347216) +++ projects/fuse2/sys/fs/fuse/fuse_vnops.c Tue May 7 01:27:23 2019 (r347217) @@ -1519,15 +1519,21 @@ fuse_vnop_setattr(struct vop_setattr_args *ap) struct thread *td = curthread; struct mount *mp; struct fuse_data *data; + struct vattr old_va; int dataflags; - int err = 0; + int err = 0, err2; accmode_t accmode = 0; bool checkperm; + gid_t cr_gid; mp = vnode_mount(vp); data = fuse_get_mpdata(mp); dataflags = data->dataflags; checkperm = dataflags & FSESS_DEFAULT_PERMISSIONS; + if (cred->cr_ngroups > 0) + cr_gid = cred->cr_groups[0]; + else + cr_gid = 0; if (fuse_isdeadfs(vp)) { return ENXIO; @@ -1537,10 +1543,20 @@ fuse_vnop_setattr(struct vop_setattr_args *ap) if (checkperm) { /* Only root may change a file's owner */ err = priv_check_cred(cred, PRIV_VFS_CHOWN); - if (err) - return err;; - } - accmode |= VADMIN; + if (err) { + /* As a special case, allow the null chown */ + err2 = fuse_internal_getattr(vp, &old_va, cred, + td); + if (err2) + return (err2); + if (vap->va_uid != old_va.va_uid) + return err; + else + accmode |= VADMIN; + } else + accmode |= VADMIN; + } else + accmode |= VADMIN; } if (vap->va_gid != (gid_t)VNOVAL) { if (checkperm && !groupmember(vap->va_gid, cred)) @@ -1550,10 +1566,20 @@ fuse_vnop_setattr(struct vop_setattr_args *ap) * groups */ err = priv_check_cred(cred, PRIV_VFS_CHOWN); - if (err) - return err; - } - accmode |= VADMIN; + if (err) { + /* As a special case, allow the null chgrp */ + err2 = fuse_internal_getattr(vp, &old_va, cred, + td); + if (err2) + return (err2); + if (vap->va_gid != old_va.va_gid) + return err; + else + accmode |= VADMIN; + } else + accmode |= VADMIN; + } else + accmode |= VADMIN; } if (vap->va_size != VNOVAL) { switch (vp->v_type) { @@ -1591,7 +1617,6 @@ fuse_vnop_setattr(struct vop_setattr_args *ap) && priv_check_cred(cred, PRIV_VFS_STICKYFILE)) return EFTYPE; if (checkperm && (vap->va_mode & S_ISGID)) { - struct vattr old_va; err = fuse_internal_getattr(vp, &old_va, cred, td); if (err) return (err); Modified: projects/fuse2/tests/sys/fs/fusefs/default_permissions.cc ============================================================================== --- projects/fuse2/tests/sys/fs/fusefs/default_permissions.cc Tue May 7 01:18:57 2019 (r347216) +++ projects/fuse2/tests/sys/fs/fusefs/default_permissions.cc Tue May 7 01:27:23 2019 (r347217) @@ -294,6 +294,34 @@ TEST_F(Access, ok) ASSERT_EQ(0, access(FULLPATH, access_mode)) << strerror(errno); } +/* Unprivileged users may chown a file to their own uid */ +TEST_F(Chown, chown_to_self) +{ + const char FULLPATH[] = "mountpoint/some_file.txt"; + const char RELPATH[] = "some_file.txt"; + const uint64_t ino = 42; + const mode_t mode = 0755; + uid_t uid; + + uid = geteuid(); + + expect_getattr(1, S_IFDIR | 0755, UINT64_MAX, 1, uid); + expect_lookup(RELPATH, ino, S_IFREG | mode, UINT64_MAX, uid); + /* The OS may optimize chown by omitting the redundant setattr */ + EXPECT_CALL(*m_mock, process( + ResultOf([](auto in) { + return (in->header.opcode == FUSE_SETATTR); + }, Eq(true)), + _) + ).WillRepeatedly(Invoke(ReturnImmediate([=](auto in __unused, auto out){ + SET_OUT_HEADER_LEN(out, attr); + out->body.attr.attr.mode = S_IFREG | mode; + out->body.attr.attr.uid = uid; + }))); + + EXPECT_EQ(0, chown(FULLPATH, uid, -1)) << strerror(errno); +} + /* Only root may change a file's owner */ TEST_F(Chown, eperm) { @@ -357,19 +385,14 @@ TEST_F(Chgrp, ok) expect_getattr(1, S_IFDIR | 0755, UINT64_MAX, 1, uid, gid); expect_lookup(RELPATH, ino, S_IFREG | mode, UINT64_MAX, uid, gid); + /* The OS may optimize chgrp by omitting the redundant setattr */ EXPECT_CALL(*m_mock, process( ResultOf([](auto in) { - return (in->header.opcode == FUSE_SETATTR); - }, Eq(true)), - _) - ).Times(0); - EXPECT_CALL(*m_mock, process( - ResultOf([](auto in) { return (in->header.opcode == FUSE_SETATTR && in->header.nodeid == ino); }, Eq(true)), _) - ).WillOnce(Invoke(ReturnImmediate([=](auto in __unused, auto out) { + ).WillRepeatedly(Invoke(ReturnImmediate([=](auto in __unused, auto out){ SET_OUT_HEADER_LEN(out, attr); out->body.attr.attr.mode = S_IFREG | mode; out->body.attr.attr.uid = uid;