From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 1FA3B60D80 for ; Fri, 14 Aug 2020 17:01:12 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 1656622CF9 for ; Fri, 14 Aug 2020 17:01:12 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id EDBCD22CE8 for ; Fri, 14 Aug 2020 17:01:10 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id B5A48445FC for ; Fri, 14 Aug 2020 17:01:10 +0200 (CEST) From: Mira Limbeck To: pbs-devel@lists.proxmox.com Date: Fri, 14 Aug 2020 17:01:06 +0200 Message-Id: <20200814150107.7425-1-m.limbeck@proxmox.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.121 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods NO_DNS_FOR_FROM 0.379 Envelope sender has no MX or A DNS records RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [fs.rs] Subject: [pbs-devel] [PATCH v4 proxmox] Add tempfile() helper function X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Aug 2020 15:01:12 -0000 The tempfile() helper function tries to create a temporary file in /tmp with the O_TMPFILE option. If that fails it falls back to using mkstemp(). This happens in /tmp/proxmox- which is either created, or if it already exists, checked for the right owner and permissions. As O_TMPFILE was introduced in kernel 3.11 this fallback can help with CentOS 7 and its 3.10 kernel as well as with WSL (Windows Subsystem for Linux). Signed-off-by: Mira Limbeck --- v4: - changed directory from proxmox-backup- to proxmox- - added check for owner and permissions v3: - O_TMPFILE support is tested on first run of tempfile() - EISDIR is handled specifically to test for O_TMPFILE support - AtomicBool is used as it provides a safe interface, but 'static mut' could also be used - mkstemp() now creates the tempfile in a subdirectory called proxmox-backup- proxmox/src/tools/fs.rs | 77 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 75 insertions(+), 2 deletions(-) diff --git a/proxmox/src/tools/fs.rs b/proxmox/src/tools/fs.rs index b1a95b5..7e13ede 100644 --- a/proxmox/src/tools/fs.rs +++ b/proxmox/src/tools/fs.rs @@ -1,17 +1,20 @@ //! File related utilities such as `replace_file`. use std::ffi::CStr; -use std::fs::{File, OpenOptions}; +use std::fs::{DirBuilder, File, OpenOptions}; use std::io::{self, BufRead, BufReader, Write}; +use std::os::unix::fs::{DirBuilderExt, MetadataExt, OpenOptionsExt, PermissionsExt}; use std::os::unix::io::{AsRawFd, FromRawFd, RawFd}; use std::path::Path; +use std::sync::atomic::{AtomicBool, Ordering}; use std::time::Duration; use anyhow::{bail, format_err, Error}; +use lazy_static::lazy_static; use nix::errno::Errno; use nix::fcntl::OFlag; use nix::sys::stat; -use nix::unistd::{self, Gid, Uid}; +use nix::unistd::{self, geteuid, mkstemp, unlink, Gid, Uid}; use serde_json::Value; use crate::sys::error::SysResult; @@ -518,3 +521,73 @@ pub fn open_file_locked>(path: P, timeout: Duration) -> Result bail!("Unable to acquire lock {:?} - {}", path, err), } } + +static O_TMPFILE_SUPPORT: AtomicBool = AtomicBool::new(true); +lazy_static! { + static ref MKSTEMP_PATH: String = { + let uid = geteuid(); + format!("/tmp/proxmox-{}", uid) + }; + static ref MKSTEMP_FILE: String = { format!("{}/tmpfile_XXXXXX", MKSTEMP_PATH.as_str()) }; +} + +/// Create a new tempfile by using O_TMPFILE with a fallback to mkstemp() if it fails (e.g. not supported). +pub fn tempfile() -> Result { + if O_TMPFILE_SUPPORT.load(Ordering::Relaxed) { + match std::fs::OpenOptions::new() + .write(true) + .read(true) + .custom_flags(libc::O_TMPFILE) + .open("/tmp") + { + Ok(file) => return Ok(file), + Err(err) => { + let raw_os_error = match err.raw_os_error() { + Some(v) => v, + None => -1, + }; + if raw_os_error == 21 { + O_TMPFILE_SUPPORT.store(false, Ordering::Relaxed); + eprintln!( + "Error creating tempfile: 'EISDIR', falling back to mkstemp() instead", + ); + } else { + bail!("creating tempfile failed: '{}'", err); + } + } + } + } + + match DirBuilder::new().mode(0o700).create(MKSTEMP_PATH.as_str()) { + Err(err) => { + if err.kind() != std::io::ErrorKind::AlreadyExists { + bail!("creating directory failed: '{}'", MKSTEMP_PATH.as_str()); + } else { + // check owner + let metadata = std::fs::metadata(MKSTEMP_PATH.as_str())?; + if metadata.uid() != geteuid().as_raw() { + bail!( + "directory '{}' has wrong owner: {}", + MKSTEMP_PATH.as_str(), + metadata.uid() + ); + } + + // check permissions + let perm = metadata.permissions(); + if (perm.mode() & 0o077) != 0 { + bail!( + "directory '{}' already exists with wrong permissions: {:o}", + MKSTEMP_PATH.as_str(), + perm.mode() & 0o777 + ); + } + } + } + _ => {} + } + let (fd, path) = mkstemp(MKSTEMP_FILE.as_str())?; + unlink(path.as_path())?; + let file = unsafe { File::from_raw_fd(fd) }; + Ok(file) +} -- 2.20.1