From patchwork Wed Mar  9 17:38:59 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Cole Robinson <crobinso@redhat.com>
X-Patchwork-Id: 63722
Delivered-To: patch@linaro.org
Received: by 10.112.199.169 with SMTP id jl9csp2779778lbc;
 Wed, 9 Mar 2016 09:42:18 -0800 (PST)
X-Received: by 10.194.216.40 with SMTP id on8mr40287569wjc.40.1457545337551; 
 Wed, 09 Mar 2016 09:42:17 -0800 (PST)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx4-phx2.redhat.com (mx4-phx2.redhat.com. [209.132.183.25])
 by mx.google.com with ESMTPS id
 n9si11203010wja.248.2016.03.09.09.42.16
 (version=TLS1 cipher=AES128-SHA bits=128/128);
 Wed, 09 Mar 2016 09:42:17 -0800 (PST)
Received-SPF: pass (google.com: domain of libvir-list-bounces@redhat.com
 designates 209.132.183.25 as permitted sender)
 client-ip=209.132.183.25; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of libvir-list-bounces@redhat.com
 designates 209.132.183.25 as permitted sender)
 smtp.mailfrom=libvir-list-bounces@redhat.com
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
 by mx4-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id u29HdhMk007945; 
 Wed, 9 Mar 2016 12:39:43 -0500
Received: from int-mx13.intmail.prod.int.phx2.redhat.com
 (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26])
 by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with
 ESMTP
 id u29Hd7wY024032 for <libvir-list@listman.util.phx.redhat.com>;
 Wed, 9 Mar 2016 12:39:07 -0500
Received: from colepc.redhat.com (ovpn-113-126.phx2.redhat.com [10.3.113.126])
 by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
 ESMTP id u29Hd28m003895; Wed, 9 Mar 2016 12:39:06 -0500
From: Cole Robinson <crobinso@redhat.com>
To: libvirt-list@redhat.com
Date: Wed,  9 Mar 2016 12:38:59 -0500
Message-Id: <18e8059e2f3d083ebcf453abd533d6a02deecd76.1457544659.git.crobinso@redhat.com>
In-Reply-To: <cover.1457544659.git.crobinso@redhat.com>
References: <cover.1457544659.git.crobinso@redhat.com>
In-Reply-To: <cover.1457544659.git.crobinso@redhat.com>
References: <cover.1457544659.git.crobinso@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26
X-loop: libvir-list@redhat.com
Cc: Pavel Hrdina <phrdina@redhat.com>
Subject: [libvirt] [PATCH 2/3] util: virfile: Clarify setuid usage for
 virFileRemove
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com

Break these checks out into their own function, and clearly document
each one. This shouldn't change behavior
---
 src/util/virfile.c | 33 +++++++++++++++++++++++++++------
 1 file changed, 27 insertions(+), 6 deletions(-)

-- 
2.5.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

diff --git a/src/util/virfile.c b/src/util/virfile.c
index f45e18f..cea2674 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -2314,6 +2314,32 @@ virFileOpenAs(const char *path, int openflags, mode_t mode,
 }
 
 
+/* virFileRemoveNeedsSetuid:
+ * @uid: file uid to check
+ * @gid: file gid to check
+ *
+ * Return true if we should use setuid/setgid before deleting a file
+ * owned by the passed uid/gid pair. Needed for NFS with root-squash
+ */
+static bool
+virFileRemoveNeedsSetuid(uid_t uid, gid_t gid)
+{
+    /* If running unprivileged, setuid isn't going to work */
+    if (geteuid() != 0)
+        return false;
+
+    /* uid/gid weren'd specified */
+    if ((uid == (uid_t) -1) && (gid == (gid_t) -1))
+        return false;
+
+    /* already running as proper uid/gid */
+    if (uid == geteuid() && gid == getegid())
+        return false;
+
+    return true;
+}
+
+
 /* virFileRemove:
  * @path: file to unlink or directory to remove
  * @uid: uid that was used to create the file (not required)
@@ -2335,12 +2361,7 @@ virFileRemove(const char *path,
     gid_t *groups;
     int ngroups;
 
-    /* If not running as root or if a non explicit uid/gid was being used for
-     * the file/volume or the explicit uid/gid matches, then use unlink directly
-     */
-    if ((geteuid() != 0) ||
-        ((uid == (uid_t) -1) && (gid == (gid_t) -1)) ||
-        (uid == geteuid() && gid == getegid())) {
+    if (!virFileRemoveNeedsSetuid(uid, gid)) {
         if (virFileIsDir(path))
             return rmdir(path);
         else