diff --git a/Common/common.h b/Common/common.h index 65edb0a..dd168f3 100644 --- a/Common/common.h +++ b/Common/common.h @@ -305,6 +305,7 @@ inline QByteArray getSystemInfo() { if (SystemStr.endsWith('|')) SystemStr.truncate(SystemStr.length() - 1); + qCritical() << SystemStr; return SystemStr; } diff --git a/SSNFS-client/fuseclient.cpp b/SSNFS-client/fuseclient.cpp index d6f427d..9dc8f93 100644 --- a/SSNFS-client/fuseclient.cpp +++ b/SSNFS-client/fuseclient.cpp @@ -159,8 +159,10 @@ int FuseClient::fs_opt_proc(void *data, const char *arg, int key, fuse_args *out case FUSE_OPT_KEY_NONOPT: { + //qInfo() << arg; QString strArg(arg); if (host.isNull() && shareName.isNull() && strArg.count(QLatin1Char('/')) == 1) { + QStringList parts = strArg.split('/'); QStringList hostParts = parts[0].split(':'); host = hostParts[0]; @@ -184,6 +186,7 @@ int FuseClient::fs_opt_proc(void *data, const char *arg, int key, fuse_args *out system(ToChr(fuseUnmount)); } QFileInfo mountPathInfo(strArg); + qCritical() << strArg ; if (mountPathInfo.exists() == false || !mountPathInfo.isDir() || mountPathInfo.isSymLink()) { qCritical() << "The specified mount path does not exist or is not a valid directory."; return -1; @@ -205,9 +208,8 @@ int FuseClient::fs_opt_proc(void *data, const char *arg, int key, fuse_args *out void FuseClient::started() { connect(&passwdWatcher, SIGNAL(fileChanged(QString)), this, SLOT(syncLocalUsers()), Qt::QueuedConnection); - struct fuse_operations fs_oper = {}; - + qInfo() << qApp->arguments(); fs_oper.init = fs_call_init; fs_oper.getattr = fs_call_getattr; fs_oper.readdir = fs_call_readdir; @@ -313,8 +315,9 @@ int FuseClient::initSocket() socket->setCaCertificates(QSslSocket::systemCaCertificates()); socket->setPeerVerifyMode(QSslSocket::VerifyNone); - socket->setPrivateKey("/home/maxwell/Coding/SSNFS/SSNFS-client/key.pem"); - socket->setLocalCertificate("/home/maxwell/Coding/SSNFS/SSNFS-client/cert.pem"); + // Does not given an error if these files are not found but does not mount as well + socket->setPrivateKey("/home/deepakchethan/Git/build-SSNFS-Desktop-Debug/SSNFS-client/key.pem"); + socket->setLocalCertificate("/home/deepakchethan/Git/build-SSNFS-Desktop-Debug/SSNFS-client/cert.pem"); socket->connectToHostEncrypted(host, port); diff --git a/SSNFSd/ssnfsworker.cpp b/SSNFSd/ssnfsworker.cpp index 10a91ad..8d94dc2 100644 --- a/SSNFSd/ssnfsworker.cpp +++ b/SSNFSd/ssnfsworker.cpp @@ -19,7 +19,10 @@ #include #include #include +#include #include +#include +#include #define STR_EXPAND(tok) #tok #define STR(tok) STR_EXPAND(tok) @@ -81,7 +84,6 @@ void SSNFSWorker::run() { SSNFSServer *parent = ((SSNFSServer*)this->parent()); configDB.open(); - socket = new QSslSocket(); socket->setPeerVerifyMode(QSslSocket::VerifyPeer); @@ -171,6 +173,22 @@ QString SSNFSWorker::getPerms(QString path, qint32 uid) { } } + QByteArray SSNFSWorker::isValidPath(QByteArray path){ + QString newPath = QTextCodec::codecForMib(1015)->toUnicode(path); + QStringList directories = newPath.split("/"); + QStack normalizer; + // Assuming the path starts and ends with / + for (int i = 1; i < directories.size()-1; ++i){ + if (QString::compare(directories.at(i),"..")){ + if (!normalizer.isEmpty()) normalizer.pop(); + else return NULL; + } + else normalizer.push(directories.at(i)); + } + return path; +} + + void SSNFSWorker::ReadyToRead() { if (working) @@ -395,13 +413,29 @@ void SSNFSWorker::ReadyToRead() qint32 uid = Common::getInt32FromBytes(Common::readExactBytes(socket, 4)); quint32 pathLength = Common::getUInt32FromBytes(Common::readExactBytes(socket, 4)); - - QByteArray targetPath = Common::readExactBytes(socket, pathLength); + // Returns QString::null if the path is not valid + QByteArray targetPath = isValidPath(Common::readExactBytes(socket, pathLength)); int res; struct stat stbuf; + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to access directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } + QString finalPath(localPath); finalPath.append(targetPath); @@ -465,8 +499,27 @@ void SSNFSWorker::ReadyToRead() int res; + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to access directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } + + QString perms = getPerms(targetPath, uid); + if (!perms.contains('r')) { + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to read directory {2} but didn't have permission.", ToChr(clientName), ToChr(shareName), targetPath.data()); @@ -529,10 +582,26 @@ void SSNFSWorker::ReadyToRead() quint16 pathLength = Common::getUInt16FromBytes(Common::readExactBytes(socket, 2)); - QByteArray targetPath = Common::readExactBytes(socket, pathLength); + QByteArray targetPath = isValidPath(Common::readExactBytes(socket, pathLength)); int res; + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to read directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } + QString finalPath(localPath); finalPath.append(targetPath); @@ -616,7 +685,26 @@ void SSNFSWorker::ReadyToRead() quint16 pathLength = Common::getUInt16FromBytes(Common::readExactBytes(socket, 2)); - QByteArray targetPath = Common::readExactBytes(socket, pathLength); + QByteArray targetPath = isValidPath(Common::readExactBytes(socket, pathLength)); + + int res; + + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to read directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } + QString finalPath(localPath); finalPath.append(targetPath); @@ -628,7 +716,6 @@ void SSNFSWorker::ReadyToRead() qint64 readOffset = Common::getInt64FromBytes(Common::readExactBytes(socket, 8)); - int res; QByteArray readBuf; readBuf.fill('\x00', readSize); @@ -685,10 +772,27 @@ void SSNFSWorker::ReadyToRead() quint16 pathLength = Common::getUInt16FromBytes(Common::readExactBytes(socket, 2)); - QByteArray targetPath = Common::readExactBytes(socket, pathLength); + QByteArray targetPath = isValidPath(Common::readExactBytes(socket, pathLength)); int res; + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to read directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } + + QString finalPath(localPath); finalPath.append(targetPath); @@ -733,10 +837,27 @@ void SSNFSWorker::ReadyToRead() quint16 pathLength = Common::getUInt16FromBytes(Common::readExactBytes(socket, 2)); - QByteArray targetPath = Common::readExactBytes(socket, pathLength); + QByteArray targetPath = isValidPath(Common::readExactBytes(socket, pathLength)); int res; + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to read directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } + + QString finalPath(localPath); finalPath.append(targetPath); @@ -772,10 +893,28 @@ void SSNFSWorker::ReadyToRead() quint16 pathLength = Common::getUInt16FromBytes(Common::readExactBytes(socket, 2)); - QByteArray targetPath = Common::readExactBytes(socket, pathLength); + QByteArray targetPath = isValidPath(Common::readExactBytes(socket, pathLength)); int res; + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to access directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } + + + QString finalPath(localPath); finalPath.append(targetPath); @@ -854,10 +993,28 @@ void SSNFSWorker::ReadyToRead() quint16 pathLength = Common::getUInt16FromBytes(Common::readExactBytes(socket, 2)); - QByteArray targetPath = Common::readExactBytes(socket, pathLength); + QByteArray targetPath = isValidPath(Common::readExactBytes(socket, pathLength)); int res; + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to access directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } + + + QString finalPath(localPath); finalPath.append(targetPath); @@ -888,10 +1045,28 @@ void SSNFSWorker::ReadyToRead() quint16 pathLength = Common::getUInt16FromBytes(Common::readExactBytes(socket, 2)); - QByteArray targetPath = Common::readExactBytes(socket, pathLength); + QByteArray targetPath = isValidPath(Common::readExactBytes(socket, pathLength)); int res; + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to access directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } + + + QString finalPath(localPath); finalPath.append(targetPath); @@ -932,10 +1107,26 @@ void SSNFSWorker::ReadyToRead() quint16 pathLength = Common::getUInt16FromBytes(Common::readExactBytes(socket, 2)); - QByteArray targetPath = Common::readExactBytes(socket, pathLength); + QByteArray targetPath = isValidPath(Common::readExactBytes(socket, pathLength)); int res; + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to access directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } + QString finalPath(localPath); finalPath.append(targetPath); @@ -976,13 +1167,31 @@ void SSNFSWorker::ReadyToRead() quint16 targetPathLength = Common::getUInt16FromBytes(Common::readExactBytes(socket, 2)); - QByteArray targetPath = Common::readExactBytes(socket, targetPathLength); + QByteArray targetPath = isValidPath(Common::readExactBytes(socket, targetPathLength)); + + int res; + + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to read directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } quint16 linkPathLength = Common::getUInt16FromBytes(Common::readExactBytes(socket, 2)); QByteArray linkPath = Common::readExactBytes(socket, linkPathLength); - int res; + QString finalPath(localPath); finalPath.append(linkPath); @@ -1070,10 +1279,28 @@ void SSNFSWorker::ReadyToRead() quint16 pathLength = Common::getUInt16FromBytes(Common::readExactBytes(socket, 2)); - QByteArray targetPath = Common::readExactBytes(socket, pathLength); + QByteArray targetPath = isValidPath(Common::readExactBytes(socket, pathLength)); int res; + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to read directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } + + + QString finalPath(localPath); finalPath.append(targetPath); @@ -1108,10 +1335,28 @@ void SSNFSWorker::ReadyToRead() quint16 pathLength = Common::getUInt16FromBytes(Common::readExactBytes(socket, 2)); - QByteArray targetPath = Common::readExactBytes(socket, pathLength); + QByteArray targetPath = isValidPath(Common::readExactBytes(socket, pathLength)); int res; + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to read directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } + + + QString finalPath(localPath); finalPath.append(targetPath); @@ -1148,10 +1393,28 @@ void SSNFSWorker::ReadyToRead() quint16 pathLength = Common::getUInt16FromBytes(Common::readExactBytes(socket, 2)); - QByteArray targetPath = Common::readExactBytes(socket, pathLength); + QByteArray targetPath = isValidPath(Common::readExactBytes(socket, pathLength)); int res; + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to read directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } + + + QString finalPath(localPath); finalPath.append(targetPath); @@ -1180,10 +1443,28 @@ void SSNFSWorker::ReadyToRead() quint16 pathLength = Common::getUInt16FromBytes(Common::readExactBytes(socket, 2)); - QByteArray targetPath = Common::readExactBytes(socket, pathLength); + QByteArray targetPath = isValidPath(Common::readExactBytes(socket, pathLength)); int res; + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to read directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } + + + QString finalPath(localPath); finalPath.append(targetPath); @@ -1220,7 +1501,25 @@ void SSNFSWorker::ReadyToRead() quint16 pathLength = Common::getUInt16FromBytes(Common::readExactBytes(socket, 2)); - QByteArray targetPath = Common::readExactBytes(socket, pathLength); + QByteArray targetPath = isValidPath(Common::readExactBytes(socket, pathLength)); + + int res; + + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to read directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } QString finalPath(localPath); finalPath.append(targetPath); @@ -1238,8 +1537,6 @@ void SSNFSWorker::ReadyToRead() dataToWrite.append(Common::readExactBytes(socket, Size)); - int res; - int actuallyWritten = -1; // Find the corresponding actual File Descriptor @@ -1302,7 +1599,25 @@ void SSNFSWorker::ReadyToRead() quint16 pathLength = Common::getUInt16FromBytes(Common::readExactBytes(socket, 2, false)); - QByteArray targetPath = Common::readExactBytes(socket, pathLength, false); + QByteArray targetPath = isValidPath(Common::readExactBytes(socket, pathLength, false)); + + int res; + + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to read directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } QString finalPath(localPath); finalPath.append(targetPath); @@ -1322,8 +1637,6 @@ void SSNFSWorker::ReadyToRead() qDebug() << "Got Data:" << timer.elapsed(); - int res; - int actuallyWritten = -1; // Find the corresponding actual File Descriptor @@ -1381,12 +1694,30 @@ void SSNFSWorker::ReadyToRead() quint16 pathLength = Common::getUInt16FromBytes(Common::readExactBytes(socket, 2)); - QByteArray targetPath = Common::readExactBytes(socket, pathLength); + QByteArray targetPath = isValidPath(Common::readExactBytes(socket, pathLength)); + + int res; + + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to read directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } QString finalPath(localPath); finalPath.append(targetPath); - int res; + qint32 fakeFd = Common::getInt32FromBytes(Common::readExactBytes(socket, 4)); @@ -1439,13 +1770,29 @@ void SSNFSWorker::ReadyToRead() quint16 pathLength = Common::getUInt16FromBytes(Common::readExactBytes(socket, 2)); - QByteArray targetPath = Common::readExactBytes(socket, pathLength); + QByteArray targetPath = isValidPath(Common::readExactBytes(socket, pathLength)); + + int res = 0; + + if (targetPath.isNull()){ + + Log::info(Log::Categories["File System"], "Client {0} Share {1}: User tried to read directory {2} but didn't have permission.", + ToChr(clientName), ToChr(shareName), targetPath.data()); + + res = -EACCES; + + socket->write(Common::getBytes(res)); + + status = WaitingForOperation; + + working = false; + + return; + } QString finalPath(localPath); finalPath.append(targetPath); - int res = 0; - struct statvfs fsInfo; // No need to expose any info about what the system drive looks like. diff --git a/SSNFSd/ssnfsworker.h b/SSNFSd/ssnfsworker.h index 59b98e1..b6e99c0 100644 --- a/SSNFSd/ssnfsworker.h +++ b/SSNFSd/ssnfsworker.h @@ -40,6 +40,7 @@ class SSNFSWorker : public QThread void run() override; QString getPerms(QString path, qint32 uid); + QByteArray isValidPath(QByteArray path); void ReadyToRead(); void processHttpRequest(char firstChar); @@ -51,7 +52,6 @@ class SSNFSWorker : public QThread bool working = false; QHash fds; QTime timer; - qint64 userKey = -1; qint64 clientKey = -1; QString clientName;