//! Wrapper functions for the libc xattr calls extern crate libc; use std::os::unix::io::RawFd; use nix::errno::Errno; use proxmox::tools::vec; use crate::pxar::{PxarXAttr, PxarFCaps}; pub fn flistxattr(fd: RawFd) -> Result, nix::errno::Errno> { // Initial buffer size for the attribute list, if content does not fit // it gets dynamically increased until big enough. let mut size = 256; let mut buffer = vec::undefined(size); let mut bytes = unsafe { libc::flistxattr(fd, buffer.as_mut_ptr() as *mut i8, buffer.len()) }; while bytes < 0 { let err = Errno::last(); match err { Errno::ERANGE => { // Buffer was not big enough to fit the list, retry with double the size if size * 2 < size { return Err(Errno::ENOMEM); } size *= 2; }, _ => return Err(err), } // Retry to read the list with new buffer buffer.resize(size, 0); bytes = unsafe { libc::flistxattr(fd, buffer.as_mut_ptr() as *mut i8, buffer.len()) }; } buffer.resize(bytes as usize, 0); Ok(buffer) } pub fn fgetxattr(fd: RawFd, name: &[u8]) -> Result, nix::errno::Errno> { let mut size = 256; let mut buffer = vec::undefined(size); let mut bytes = unsafe { libc::fgetxattr(fd, name.as_ptr() as *const i8, buffer.as_mut_ptr() as *mut core::ffi::c_void, buffer.len()) }; while bytes < 0 { let err = Errno::last(); match err { Errno::ERANGE => { // Buffer was not big enough to fit the value, retry with double the size if size * 2 < size { return Err(Errno::ENOMEM); } size *= 2; }, _ => return Err(err), } buffer.resize(size, 0); bytes = unsafe { libc::fgetxattr(fd, name.as_ptr() as *const i8, buffer.as_mut_ptr() as *mut core::ffi::c_void, buffer.len()) }; } buffer.resize(bytes as usize, 0); Ok(buffer) } pub fn fsetxattr(fd: RawFd, xattr: &PxarXAttr) -> Result<(), nix::errno::Errno> { let mut name = xattr.name.clone(); name.push('\0' as u8); let flags = 0 as libc::c_int; let result = unsafe { libc::fsetxattr(fd, name.as_ptr() as *const libc::c_char, xattr.value.as_ptr() as *const libc::c_void, xattr.value.len(), flags) }; if result < 0 { let err = Errno::last(); return Err(err); } Ok(()) } pub fn fsetxattr_fcaps(fd: RawFd, fcaps: &PxarFCaps) -> Result<(), nix::errno::Errno> { // TODO casync checks and removes capabilities if they are set let name = b"security.capability\0"; let flags = 0 as libc::c_int; let result = unsafe { libc::fsetxattr(fd, name.as_ptr() as *const libc::c_char, fcaps.data.as_ptr() as *const libc::c_void, fcaps.data.len(), flags) }; if result < 0 { let err = Errno::last(); return Err(err); } Ok(()) } pub fn is_security_capability(name: &[u8]) -> bool { name == b"security.capability" } /// Check if the passed name buffer starts with a valid xattr namespace prefix /// and is within the length limit of 255 bytes pub fn is_valid_xattr_name(name: &[u8]) -> bool { if name.is_empty() || name.len() > 255 { return false; } if name.starts_with(b"user.") || name.starts_with(b"trusted.") { return true; } is_security_capability(name) } #[cfg(test)] mod tests { use super::*; use std::fs::OpenOptions; use std::os::unix::io::AsRawFd; use nix::errno::Errno; #[test] fn test_fsetxattr_fgetxattr() { let path = "./tests/xattrs.txt"; let file = OpenOptions::new() .write(true) .create(true) .open(&path) .unwrap(); let fd = file.as_raw_fd(); let valid_user = PxarXAttr { name: b"user.attribute0".to_vec(), value: b"value0".to_vec(), }; let valid_empty_value = PxarXAttr { name: b"user.empty".to_vec(), value: Vec::new(), }; let invalid_trusted = PxarXAttr { name: b"trusted.attribute0".to_vec(), value: b"value0".to_vec(), }; let invalid_name_prefix = PxarXAttr { name: b"users.attribte0".to_vec(), value: b"value".to_vec(), }; let mut name = b"user.".to_vec(); for _ in 0..260 { name.push(b'a'); } let invalid_name_length = PxarXAttr { name, value: b"err".to_vec(), }; assert!(fsetxattr(fd, &valid_user).is_ok()); assert!(fsetxattr(fd, &valid_empty_value).is_ok()); if nix::unistd::Uid::current() != nix::unistd::ROOT { assert_eq!(fsetxattr(fd, &invalid_trusted), Err(Errno::EPERM)); } assert_eq!(fsetxattr(fd, &invalid_name_prefix), Err(Errno::EOPNOTSUPP)); assert_eq!(fsetxattr(fd, &invalid_name_length), Err(Errno::ERANGE)); let v0 = fgetxattr(fd, b"user.attribute0\0".as_ref()).unwrap(); let v1 = fgetxattr(fd, b"user.empty\0".as_ref()).unwrap(); assert_eq!(v0, b"value0".as_ref()); assert_eq!(v1, b"".as_ref()); assert_eq!(fgetxattr(fd, b"user.attribute1\0".as_ref()), Err(Errno::ENODATA)); std::fs::remove_file(&path).unwrap(); } #[test] fn test_is_valid_xattr_name() { let empty = Vec::new(); let too_long = vec![b'a'; 265]; assert!(!is_valid_xattr_name(empty.as_slice())); assert!(!is_valid_xattr_name(too_long.as_slice())); assert!(!is_valid_xattr_name(b"system.attr")); assert!(is_valid_xattr_name(b"user.attr")); assert!(is_valid_xattr_name(b"trusted.attr")); assert!(is_valid_xattr_name(b"security.capability")); } }