X-Git-Url: http://git.annexia.org/?p=libguestfs.git;a=blobdiff_plain;f=daemon%2Ffile.c;h=98244724b6a66bb3a71edd5d84e843fec235b2df;hp=63d8dd2d857a2597b5817f21c7c309e2dc0c9e69;hb=74958b0ad44df6ed703cd3009983d04ade3a8e93;hpb=2f1a50d81671810256dce0852e6b1e0810ac44af diff --git a/daemon/file.c b/daemon/file.c index 63d8dd2..9824472 100644 --- a/daemon/file.c +++ b/daemon/file.c @@ -30,13 +30,30 @@ #include "actions.h" int -do_touch (char *path) +do_touch (const char *path) { int fd; int r; + struct stat buf; + + /* RHBZ#582484: Restrict touch to regular files. It's also OK + * here if the file does not exist, since we will create it. + */ + CHROOT_IN; + r = lstat (path, &buf); + CHROOT_OUT; - NEED_ROOT (-1); - ABS_PATH (path, -1); + if (r == -1) { + if (errno != ENOENT) { + reply_with_perror ("lstat: %s", path); + return -1; + } + } else { + if (! S_ISREG (buf.st_mode)) { + reply_with_error ("%s: touch can only be used on a regular files", path); + return -1; + } + } CHROOT_IN; fd = open (path, O_WRONLY | O_CREAT | O_NOCTTY, 0666); @@ -47,11 +64,7 @@ do_touch (char *path) return -1; } -#ifdef HAVE_FUTIMENS r = futimens (fd, NULL); -#else - r = futimes (fd, NULL); -#endif if (r == -1) { reply_with_perror ("futimens: %s", path); close (fd); @@ -67,15 +80,12 @@ do_touch (char *path) } char * -do_cat (char *path) +do_cat (const char *path) { int fd; int alloc, size, r, max; char *buf, *buf2; - NEED_ROOT (NULL); - ABS_PATH (path,NULL); - CHROOT_IN; fd = open (path, O_RDONLY); CHROOT_OUT; @@ -97,7 +107,7 @@ do_cat (char *path) if (size >= alloc) { alloc += 8192; if (alloc > max) { - reply_with_error ("cat: %s: file is too large for message buffer", + reply_with_error ("%s: file is too large for message buffer", path); free (buf); close (fd); @@ -138,7 +148,7 @@ do_cat (char *path) } char ** -do_read_lines (char *path) +do_read_lines (const char *path) { char **r = NULL; int size = 0, alloc = 0; @@ -147,9 +157,6 @@ do_read_lines (char *path) size_t len = 0; ssize_t n; - NEED_ROOT (NULL); - ABS_PATH (path, NULL); - CHROOT_IN; fp = fopen (path, "r"); CHROOT_OUT; @@ -190,19 +197,16 @@ do_read_lines (char *path) } int -do_rm (char *path) +do_rm (const char *path) { int r; - NEED_ROOT (-1); - ABS_PATH (path, -1); - CHROOT_IN; r = unlink (path); CHROOT_OUT; if (r == -1) { - reply_with_perror ("unlink: %s", path); + reply_with_perror ("%s", path); return -1; } @@ -210,19 +214,21 @@ do_rm (char *path) } int -do_chmod (int mode, char *path) +do_chmod (int mode, const char *path) { int r; - NEED_ROOT (-1); - ABS_PATH (path, -1); + if (mode < 0) { + reply_with_error ("%s: mode is negative", path); + return -1; + } CHROOT_IN; r = chmod (path, mode); CHROOT_OUT; if (r == -1) { - reply_with_perror ("chmod: %s: 0%o", path, mode); + reply_with_perror ("%s: 0%o", path, mode); return -1; } @@ -230,19 +236,16 @@ do_chmod (int mode, char *path) } int -do_chown (int owner, int group, char *path) +do_chown (int owner, int group, const char *path) { int r; - NEED_ROOT (-1); - ABS_PATH (path, -1); - CHROOT_IN; r = chown (path, owner, group); CHROOT_OUT; if (r == -1) { - reply_with_perror ("chown: %s: %d.%d", path, owner, group); + reply_with_perror ("%s: %d.%d", path, owner, group); return -1; } @@ -250,12 +253,26 @@ do_chown (int owner, int group, char *path) } int -do_exists (char *path) +do_lchown (int owner, int group, const char *path) { int r; - NEED_ROOT (-1); - ABS_PATH (path, -1); + CHROOT_IN; + r = lchown (path, owner, group); + CHROOT_OUT; + + if (r == -1) { + reply_with_perror ("%s: %d.%d", path, owner, group); + return -1; + } + + return 0; +} + +int +do_exists (const char *path) +{ + int r; CHROOT_IN; r = access (path, F_OK); @@ -265,14 +282,11 @@ do_exists (char *path) } int -do_is_file (char *path) +do_is_file (const char *path) { int r; struct stat buf; - NEED_ROOT (-1); - ABS_PATH (path, -1); - CHROOT_IN; r = lstat (path, &buf); CHROOT_OUT; @@ -290,15 +304,61 @@ do_is_file (char *path) } int -do_write_file (char *path, char *content, int size) +do_write_file (const char *path, const char *content, int size) { int fd; - NEED_ROOT (-1); - ABS_PATH (path, -1); + /* This call is deprecated, and it has a broken interface. New code + * should use the 'guestfs_write' call instead. Because we used an + * XDR string type, 'content' cannot contain ASCII NUL and 'size' + * must never be longer than the string. We must check this to + * ensure random stuff from XDR or daemon memory isn't written to + * the file (RHBZ#597135). + */ + if (size < 0) { + reply_with_error ("size cannot be negative"); + return -1; + } + + /* Note content_len must be small because of the limits on protocol + * message size. + */ + int content_len = (int) strlen (content); if (size == 0) - size = strlen (content); + size = content_len; + else if (size > content_len) { + reply_with_error ("size parameter is larger than string content"); + return -1; + } + + CHROOT_IN; + fd = open (path, O_WRONLY | O_TRUNC | O_CREAT | O_NOCTTY, 0666); + CHROOT_OUT; + + if (fd == -1) { + reply_with_perror ("open: %s", path); + return -1; + } + + if (xwrite (fd, content, size) == -1) { + reply_with_perror ("write"); + close (fd); + return -1; + } + + if (close (fd) == -1) { + reply_with_perror ("close: %s", path); + return -1; + } + + return 0; +} + +int +do_write (const char *path, const char *content, size_t size) +{ + int fd; CHROOT_IN; fd = open (path, O_WRONLY | O_TRUNC | O_CREAT | O_NOCTTY, 0666); @@ -324,15 +384,12 @@ do_write_file (char *path, char *content, int size) } char * -do_read_file (char *path, size_t *size_r) +do_read_file (const char *path, size_t *size_r) { int fd; struct stat statbuf; char *r; - NEED_ROOT (NULL); - ABS_PATH (path, NULL); - CHROOT_IN; fd = open (path, O_RDONLY); CHROOT_OUT; @@ -348,25 +405,24 @@ do_read_file (char *path, size_t *size_r) return NULL; } - *size_r = statbuf.st_size; /* The actual limit on messages is smaller than this. This * check just limits the amount of memory we'll try and allocate * here. If the message is larger than the real limit, that will * be caught later when we try to serialize the message. */ - if (*size_r >= GUESTFS_MESSAGE_MAX) { - reply_with_error ("read_file: %s: file is too large for the protocol, use guestfs_download instead", path); + if (statbuf.st_size >= GUESTFS_MESSAGE_MAX) { + reply_with_error ("%s: file is too large for the protocol, use guestfs_download instead", path); close (fd); return NULL; } - r = malloc (*size_r); + r = malloc (statbuf.st_size); if (r == NULL) { reply_with_perror ("malloc"); close (fd); return NULL; } - if (xread (fd, r, *size_r) == -1) { + if (xread (fd, r, statbuf.st_size) == -1) { reply_with_perror ("read: %s", path); close (fd); free (r); @@ -379,30 +435,115 @@ do_read_file (char *path, size_t *size_r) return NULL; } + /* Mustn't touch *size_r until we are sure that we won't return any + * error (RHBZ#589039). + */ + *size_r = statbuf.st_size; return r; } -/* This runs the 'file' command. */ char * -do_file (char *path) +do_pread (const char *path, int count, int64_t offset, size_t *size_r) { - char *out, *err; - int r, freeit = 0; + int fd; + ssize_t r; char *buf; - int len; - NEED_ROOT_OR_IS_DEVICE (path, NULL); - ABS_PATH (path, NULL); + /* The actual limit on messages is smaller than this. This check + * just limits the amount of memory we'll try and allocate in the + * function. If the message is larger than the real limit, that + * will be caught later when we try to serialize the message. + */ + if (count >= GUESTFS_MESSAGE_MAX) { + reply_with_error ("%s: count is too large for the protocol, use smaller reads", path); + return NULL; + } - if (strncmp (path, "/dev/", 5) == 0) - buf = (char *) path; - else { + CHROOT_IN; + fd = open (path, O_RDONLY); + CHROOT_OUT; + + if (fd == -1) { + reply_with_perror ("open: %s", path); + return NULL; + } + + buf = malloc (count); + if (buf == NULL) { + reply_with_perror ("malloc"); + close (fd); + return NULL; + } + + r = pread (fd, buf, count, offset); + if (r == -1) { + reply_with_perror ("pread: %s", path); + close (fd); + free (buf); + return NULL; + } + + if (close (fd) == -1) { + reply_with_perror ("close: %s", path); + close (fd); + free (buf); + return NULL; + } + + /* Mustn't touch *size_r until we are sure that we won't return any + * error (RHBZ#589039). + */ + *size_r = r; + return buf; +} + +int +do_pwrite (const char *path, const char *content, size_t size, int64_t offset) +{ + int fd; + ssize_t r; + + CHROOT_IN; + fd = open (path, O_WRONLY); + CHROOT_OUT; + + if (fd == -1) { + reply_with_perror ("open: %s", path); + return -1; + } + + r = pwrite (fd, content, size, offset); + if (r == -1) { + reply_with_perror ("pwrite: %s", path); + close (fd); + return -1; + } + + if (close (fd) == -1) { + reply_with_perror ("close: %s", path); + close (fd); + return -1; + } + + return r; +} + +/* This runs the 'file' command. */ +char * +do_file (const char *path) +{ + char *buf = NULL; + const char *display_path = path; + + int is_dev = STRPREFIX (path, "/dev/"); + + if (!is_dev) { buf = sysroot_path (path); if (!buf) { reply_with_perror ("malloc"); return NULL; } - freeit = 1; + path = buf; } /* file(1) manpage claims "file returns 0 on success, and non-zero on @@ -410,26 +551,27 @@ do_file (char *path) * every scenario I can think up. So check the target is readable * first. */ - if (access (buf, R_OK) == -1) { - if (freeit) free (buf); - reply_with_perror ("access: %s", path); + if (access (path, R_OK) == -1) { + reply_with_perror ("access: %s", display_path); + free (buf); return NULL; } - r = command (&out, &err, "file", "-zbsL", buf, NULL); - if (freeit) free (buf); + char *out, *err; + int r = command (&out, &err, "file", "-zbsL", path, NULL); + free (buf); if (r == -1) { free (out); - reply_with_error ("file: %s: %s", path, err); + reply_with_error ("%s: %s", display_path, err); free (err); return NULL; } free (err); /* We need to remove the trailing \n from output of file(1). */ - len = strlen (out); - if (out[len-1] == '\n') + size_t len = strlen (out); + if (len > 0 && out[len-1] == '\n') out[len-1] = '\0'; return out; /* caller frees */ @@ -437,7 +579,7 @@ do_file (char *path) /* zcat | file */ char * -do_zfile (char *method, char *path) +do_zfile (const char *method, const char *path) { int len; const char *zcat; @@ -445,15 +587,12 @@ do_zfile (char *method, char *path) FILE *fp; char line[256]; - NEED_ROOT (NULL); - ABS_PATH (path, NULL); - - if (strcmp (method, "gzip") == 0 || strcmp (method, "compress") == 0) + if (STREQ (method, "gzip") || STREQ (method, "compress")) zcat = "zcat"; - else if (strcmp (method, "bzip2") == 0) + else if (STREQ (method, "bzip2")) zcat = "bzcat"; else { - reply_with_error ("zfile: unknown method"); + reply_with_error ("unknown method"); return NULL; } @@ -475,13 +614,13 @@ do_zfile (char *method, char *path) free (cmd); if (fgets (line, sizeof line, fp) == NULL) { - reply_with_perror ("zfile: fgets"); + reply_with_perror ("fgets"); fclose (fp); return NULL; } if (fclose (fp) == -1) { - reply_with_perror ("zfile: fclose"); + reply_with_perror ("fclose"); return NULL; } @@ -491,3 +630,21 @@ do_zfile (char *method, char *path) return strdup (line); } + +int64_t +do_filesize (const char *path) +{ + int r; + struct stat buf; + + CHROOT_IN; + r = stat (path, &buf); /* follow symlinks */ + CHROOT_OUT; + + if (r == -1) { + reply_with_perror ("%s", path); + return -1; + } + + return buf.st_size; +}