fedir/ICFS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: fedir:aea6e94ad79acc1a5cef61691f7ff57a6c1021ad
Branches Tags
fedir:main
fedir:new-dialogue
fedir:profiling
fedir:setuid
fedir:creation_permissions
fedir:Temp_permission_table
fedir:Testing
fedir:API
fedir:basic-passthough
...
compare: fedir:beec6f4a4c6ad23a6ce743c4eeb0c6c1875e1537
Branches Tags
fedir:main
fedir:new-dialogue
fedir:profiling
fedir:setuid
fedir:creation_permissions
fedir:Temp_permission_table
fedir:Testing
fedir:API
fedir:basic-passthough

2 Commits
aea6e94ad7 ... beec6f4a4c

Author SHA1 Message Date
BritishTeapot
beec6f4a4c Changed tests to use the database file argument 2025-04-07 19:38:56 +02:00
BritishTeapot
16b8d77fb9 Improved code readability and added database file argument. 2025-04-07 19:38:33 +02:00
5 changed files with 48 additions and 38 deletions
Show Stats Expand all files Collapse all files

52
src/fuse_operations.c
View File

@ -39,20 +39,20 @@
#include "sourcefs.h" #include "sourcefs.h"
#include "ui-socket.h" #include "ui-socket.h"
// TODO: move this to other file
const char *get_process_name_by_pid(const int pid) { const char *get_process_name_by_pid(const int pid) {
char *name = (char *)calloc(1024, sizeof(char)); char *name = (char *)calloc(1024, sizeof(char));
if (name) { if (name) {
sprintf(name, "/proc/%d/cmdline", pid); sprintf(name, "/proc/%d/cmdline", pid);
FILE *f = fopen(name, "r"); FILE *file = fopen(name, "r");
if (f) { if (file) {
size_t size; size_t size = 0;
size = fread(name, sizeof(char), 1024, f); size = fread(name, sizeof(char), 1024, file);
if (size > 0) { if (size > 0) {
if ('\n' == name[size - 1]) if ('\n' == name[size - 1]) {
name[size - 1] = '\0'; name[size - 1] = '\0';
}
} }
fclose(f); fclose(file);
} }
} }
return name; return name;
@ -70,8 +70,8 @@ static void *xmp_init(struct fuse_conn_info *conn, struct fuse_config *cfg) {
To make parallel_direct_writes valid, need either set cfg->direct_io To make parallel_direct_writes valid, need either set cfg->direct_io
in current function (recommended in high level API) or set fi->direct_io in current function (recommended in high level API) or set fi->direct_io
in xmp_create() or xmp_open(). */ in xmp_create() or xmp_open(). */
// cfg->direct_io = 1; cfg->direct_io = 1;
// cfg->parallel_direct_writes = 1; cfg->parallel_direct_writes = 1;
/* Pick up changes from lower filesystem right away. This is /* Pick up changes from lower filesystem right away. This is
also necessary for better hardlink support. When the kernel also necessary for better hardlink support. When the kernel
@ -88,13 +88,13 @@ static void *xmp_init(struct fuse_conn_info *conn, struct fuse_config *cfg) {
} }
static int xmp_getattr(const char *path, struct stat *stbuf, static int xmp_getattr(const char *path, struct stat *stbuf,
struct fuse_file_info *fi) { struct fuse_file_info *file_info) {
int res; int res;
(void)path; (void)path;
if (fi) if (file_info)
res = fstat(fi->fh, stbuf); res = fstat(file_info->fh, stbuf);
else else
res = source_stat(path, stbuf); res = source_stat(path, stbuf);
if (res == -1) { if (res == -1) {
@ -106,38 +106,39 @@ static int xmp_getattr(const char *path, struct stat *stbuf,
} }
static int xmp_access(const char *path, int mask) { static int xmp_access(const char *path, int mask) {
int res; int res = -1;
// if mask is F_OK, then we don't need to check the permissions // if mask is F_OK, then we don't need to check the permissions
// (is that possible?) // (is that possible?)
if (mask != F_OK) { if (mask != F_OK) {
struct process_info pi; struct process_info proc_info;
struct fuse_context *fc = fuse_get_context(); struct fuse_context *context = fuse_get_context();
pi.PID = fc->pid; proc_info.PID = context->pid;
pi.name = get_process_name_by_pid(pi.PID); proc_info.name = get_process_name_by_pid(proc_info.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi)); // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(path), pi, 0)) { if (!interactive_access(real_filename(path), proc_info, 0)) {
free(pi.name); free((void *)proc_info.name);
return -EACCES; return -EACCES;
} }
free(pi.name); free((void *)proc_info.name);
} }
res = source_access(path, mask); res = source_access(path, mask);
if (res == -1) if (res == -1) {
return -errno; return -errno;
}
return 0; return 0;
} }
static int xmp_readlink(const char *path, char *buf, size_t size) { static int xmp_readlink(const char *path, char *buf, size_t size) {
int res; int res = -1;
res = readlink(path, buf, size - 1); res = readlink(path, buf, size - 1);
if (res == -1) if (res == -1)
@ -264,17 +265,18 @@ static int xmp_mknod(const char *path, mode_t mode, dev_t rdev) {
*/ */
static int xmp_mkdir(const char *path, mode_t mode) { static int xmp_mkdir(const char *path, mode_t mode) {
int res; int res = -1;
res = source_mkdir(path, mode); res = source_mkdir(path, mode);
if (res == -1) if (res == -1) {
return -errno; return -errno;
}
return 0; return 0;
} }
static int xmp_unlink(const char *path) { static int xmp_unlink(const char *path) {
int res; int res = -1;
struct process_info pi; struct process_info pi;
struct fuse_context *fc = fuse_get_context(); struct fuse_context *fc = fuse_get_context();

23
src/main.c
View File

@ -10,16 +10,15 @@
See the file LICENSE. See the file LICENSE.
*/ */
#include <sys/types.h>
#include <unistd.h>
#define FUSE_USE_VERSION 31 #define FUSE_USE_VERSION 31
#define _GNU_SOURCE #define _GNU_SOURCE
#include <fuse3/fuse.h> #include <fuse3/fuse.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
#include "fuse_operations.h" #include "fuse_operations.h"
#include "sourcefs.h" #include "sourcefs.h"
@ -28,15 +27,25 @@
const char *mountpoint = NULL; const char *mountpoint = NULL;
int main(int argc, char *argv[]) { int main(int argc, char *argv[]) {
if (argc < 3) {
fprintf(stderr, "Usage: icfs <FUSE arguments> [target directory] [path to "
"the permanent permissions database\n");
return EXIT_FAILURE;
}
// if umask != 0, the filesystem will create files with more restrictive
// permissions than it's caller reqested
umask(0); umask(0);
int ret = init_ui_socket(); // ui socket should always be initialized before anything else, since it
// handles the setuid bits!
int ret = init_ui_socket(argv[argc - 1]);
if (ret != 0) { if (ret != 0) {
fprintf(stderr, "Could not initalize ui-socket.\n"); fprintf(stderr, "Could not initalize ui-socket.\n");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
mountpoint = realpath(argv[argc - 1], NULL); mountpoint = realpath(argv[argc - 2], NULL);
ret = source_init(mountpoint); ret = source_init(mountpoint);
if (ret != 0) { if (ret != 0) {
@ -44,9 +53,9 @@ int main(int argc, char *argv[]) {
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
ret = fuse_main(argc, argv, get_fuse_operations(), NULL); ret = fuse_main(argc - 1, argv, get_fuse_operations(), NULL);
free(mountpoint); free((void *)mountpoint);
destroy_ui_socket(); destroy_ui_socket();
return ret; return ret;
} }

5
src/ui-socket.c
View File

@ -22,7 +22,7 @@
#include <sys/un.h> #include <sys/un.h>
#include <unistd.h> #include <unistd.h>
int init_ui_socket() { int init_ui_socket(const char *perm_permissions_db_filename) {
char line[256]; char line[256];
FILE *fp; FILE *fp;
@ -31,8 +31,7 @@ int init_ui_socket() {
return 1; return 1;
} }
if (init_perm_permissions_table( if (init_perm_permissions_table(perm_permissions_db_filename)) {
"/home/fedir/Developement/uni/ICFS/test/.pt.db")) {
fprintf(stderr, "Could not initialize permanent permissions table.\n"); fprintf(stderr, "Could not initialize permanent permissions table.\n");
return 1; return 1;
} }

2
src/ui-socket.h
View File

@ -21,7 +21,7 @@
* *
* @return: 0 on success, -1 on faliure. * @return: 0 on success, -1 on faliure.
*/ */
int init_ui_socket(void); int init_ui_socket(const char *perm_permissions_db_filename);
/** /**
* Close the GUI communication. * Close the GUI communication.

4
test/test.bash
View File

@ -23,12 +23,12 @@ if [[ $1 == "--setuid" ]]; then
sudo chown icfs: ../build/icfs && sudo chmod 4777 ../build/icfs sudo chown icfs: ../build/icfs && sudo chmod 4777 ../build/icfs
chmod g+w . # needed for icfs to be able to create the database chmod g+w . # needed for icfs to be able to create the database
echo "Valgrind will not be used due to setuid compatibility issues." echo "Valgrind will not be used due to setuid compatibility issues."
../build/icfs -o default_permissions ./protected & ../build/icfs -o default_permissions ./protected ./.pt.db &
sleep 1 sleep 1
else else
echo "Database protection will not be tested due to the lack of setuid capabilites." echo "Database protection will not be tested due to the lack of setuid capabilites."
echo "To test it, run this script with '--setuid'." echo "To test it, run this script with '--setuid'."
valgrind -s ../build/icfs -o default_permissions ./protected & valgrind -s ../build/icfs -o default_permissions ./protected ./.pt.db &
sleep 5 sleep 5
fi fi