Google Git
Sign in
vanadium / release.go.x.ref / bc05a27695e18d9d489429648fe568bf33b4ba62 / . / services / internal / pathperms / permsaccess.go
blob: 2a42d020d94f3ca88e748cff465fb5896d7f8005 [file] [log] [blame]
Jiri Simsad7616c92015-03-24 23:44:30 -0700[diff] [blame]1// Copyright 2015 The Vanadium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]5// Package pathperms provides a library to assist servers implementing
Benjamin Prosnitzb60efb92015-03-11 17:47:43 -0700[diff] [blame]6// GetPermissions/SetPermissions functions and authorizers where there are
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]7// path-specific Permissions stored individually in files.
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]8// TODO(rjkroege): Add unit tests.
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]9package pathperms
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]10
11import (
12 "io/ioutil"
13 "os"
Robert Kroeger8d7a0ef2015-01-14 17:38:40 -0800[diff] [blame]14 "path/filepath"
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]15 "sync"
16
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]17 "v.io/v23"
Todd Wang54feabe2015-04-15 23:38:26 -0700[diff] [blame]18 "v.io/v23/context"
Jiri Simsa6ac95222015-02-23 16:11:49 -0800[diff] [blame]19 "v.io/v23/security"
Todd Wang387d8a42015-03-30 17:09:05 -0700[diff] [blame]20 "v.io/v23/security/access"
Jiri Simsa6ac95222015-02-23 16:11:49 -0800[diff] [blame]21 "v.io/v23/verror"
Todd Wangb3511492015-04-07 23:32:34 -0700[diff] [blame]22 "v.io/x/ref/lib/security/serialization"
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]23)
24
25const (
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]26 pkgPath = "v.io/x/ref/services/internal/pathperms"
27 sigName = "signature"
28 permsName = "data"
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]29)
30
31var (
32 ErrOperationFailed = verror.Register(pkgPath+".OperationFailed", verror.NoRetry, "{1:}{2:} operation failed{:_}")
33)
34
Robert Kroegerfbaafa42015-06-10 16:50:22 -0700[diff] [blame]35type pathEntry struct {
36 lk sync.Mutex
37 c int
38}
39
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]40// PathStore manages storage of a set of Permissions in the filesystem where each
41// path identifies a specific Permissions in the set. PathStore synchronizes
42// access to its member Permissions.
Robert Kroegeraa23aba2015-02-27 12:55:05 -0800[diff] [blame]43type PathStore struct {
Robert Kroegerfbaafa42015-06-10 16:50:22 -0700[diff] [blame]44 pthlks map[string]*pathEntry
Robert Kroegera5c0ec52015-02-25 16:00:01 -0800[diff] [blame]45 lk sync.Mutex
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]46 ctx *context.T
Robert Kroegera5c0ec52015-02-25 16:00:01 -0800[diff] [blame]47 principal security.Principal
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]48}
49
Robert Kroegeraa23aba2015-02-27 12:55:05 -0800[diff] [blame]50// NewPathStore creates a new instance of the lock map that uses
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]51// principal to sign stored Permissions files.
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]52func NewPathStore(ctx *context.T) *PathStore {
53 return &PathStore{pthlks: make(map[string]*pathEntry), ctx: ctx, principal: v23.GetPrincipal(ctx)}
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]54}
55
Benjamin Prosnitzb60efb92015-03-11 17:47:43 -0700[diff] [blame]56// Get returns the Permissions from the data file in dir.
Asim Shankarbf9f0af2015-05-08 13:45:40 -0700[diff] [blame]57func (store *PathStore) Get(dir string) (access.Permissions, string, error) {
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]58 permspath := filepath.Join(dir, permsName)
Robert Kroeger8d7a0ef2015-01-14 17:38:40 -0800[diff] [blame]59 sigpath := filepath.Join(dir, sigName)
Robert Kroegeraa23aba2015-02-27 12:55:05 -0800[diff] [blame]60 defer store.lockPath(dir)()
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]61 return getCore(store.ctx, permspath, sigpath)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]62}
63
64// TODO(rjkroege): Improve lock handling.
Asim Shankarbf9f0af2015-05-08 13:45:40 -0700[diff] [blame]65func (store *PathStore) lockPath(dir string) func() {
Robert Kroegeraa23aba2015-02-27 12:55:05 -0800[diff] [blame]66 store.lk.Lock()
Robert Kroegerfbaafa42015-06-10 16:50:22 -0700[diff] [blame]67 pe, contains := store.pthlks[dir]
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]68 if !contains {
Robert Kroegerfbaafa42015-06-10 16:50:22 -0700[diff] [blame]69 pe = &pathEntry{}
70 store.pthlks[dir] = pe
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]71 }
Robert Kroegerfbaafa42015-06-10 16:50:22 -0700[diff] [blame]72 pe.c++
Robert Kroegeraa23aba2015-02-27 12:55:05 -0800[diff] [blame]73 store.lk.Unlock()
Robert Kroegerfbaafa42015-06-10 16:50:22 -0700[diff] [blame]74 pe.lk.Lock()
75
76 return func() {
77 pe.lk.Unlock()
78 store.lk.Lock()
79 pe.c--
80 if pe.c == 0 {
81 delete(store.pthlks, dir)
82 }
83 store.lk.Unlock()
84 }
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]85}
86
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]87func getCore(ctx *context.T, permspath, sigpath string) (access.Permissions, string, error) {
88 principal := v23.GetPrincipal(ctx)
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]89 f, err := os.Open(permspath)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]90 if err != nil {
91 // This path is rarely a fatal error so log informationally only.
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]92 ctx.VI(2).Infof("os.Open(%s) failed: %v", permspath, err)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]93 return nil, "", err
94 }
95 defer f.Close()
96
97 s, err := os.Open(sigpath)
98 if err != nil {
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]99 ctx.Errorf("Signatures for Permissions are required: %s unavailable: %v", permspath, err)
Todd Wangff73e1f2015-02-10 21:45:52 -0800[diff] [blame]100 return nil, "", verror.New(ErrOperationFailed, nil)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]101 }
102 defer s.Close()
103
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]104 // read and verify the signature of the perms file
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]105 vf, err := serialization.NewVerifyingReader(f, s, principal.PublicKey())
106 if err != nil {
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]107 ctx.Errorf("NewVerifyingReader() failed: %v (perms=%s, sig=%s)", err, permspath, sigpath)
Todd Wangff73e1f2015-02-10 21:45:52 -0800[diff] [blame]108 return nil, "", verror.New(ErrOperationFailed, nil)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]109 }
110
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]111 perms, err := access.ReadPermissions(vf)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]112 if err != nil {
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]113 ctx.Errorf("ReadPermissions(%s) failed: %v", permspath, err)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]114 return nil, "", err
115 }
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]116 version, err := ComputeVersion(perms)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]117 if err != nil {
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]118 ctx.Errorf("pathperms.ComputeVersion failed: %v", err)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]119 return nil, "", err
120 }
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]121 return perms, version, nil
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]122}
123
Adam Sadovskyb1f9e3c2015-04-08 11:03:49 -0700[diff] [blame]124// Set writes the specified Permissions to the provided directory with
125// enforcement of version synchronization mechanism and locking.
Asim Shankarbf9f0af2015-05-08 13:45:40 -0700[diff] [blame]126func (store *PathStore) Set(dir string, perms access.Permissions, version string) error {
Robert Kroeger77834062015-04-21 20:45:44 -0700[diff] [blame]127 return store.SetShareable(dir, perms, version, false)
128}
129
130// SetShareable writes the specified Permissions to the provided
131// directory with enforcement of version synchronization mechanism and
132// locking with file modes that will give the application read-only
133// access to the permissions file.
Asim Shankarbf9f0af2015-05-08 13:45:40 -0700[diff] [blame]134func (store *PathStore) SetShareable(dir string, perms access.Permissions, version string, shareable bool) error {
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]135 permspath := filepath.Join(dir, permsName)
Robert Kroeger8d7a0ef2015-01-14 17:38:40 -0800[diff] [blame]136 sigpath := filepath.Join(dir, sigName)
Robert Kroegeraa23aba2015-02-27 12:55:05 -0800[diff] [blame]137 defer store.lockPath(dir)()
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]138 _, oversion, err := getCore(store.ctx, permspath, sigpath)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]139 if err != nil && !os.IsNotExist(err) {
Todd Wangff73e1f2015-02-10 21:45:52 -0800[diff] [blame]140 return verror.New(ErrOperationFailed, nil)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]141 }
Adam Sadovskyb1f9e3c2015-04-08 11:03:49 -0700[diff] [blame]142 if len(version) > 0 && version != oversion {
143 return verror.NewErrBadVersion(nil)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]144 }
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]145 return write(store.ctx, permspath, sigpath, dir, perms, shareable)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]146}
147
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]148// write writes the specified Permissions to the permsFile with a
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]149// signature in sigFile.
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]150func write(ctx *context.T, permsFile, sigFile, dir string, perms access.Permissions, shareable bool) error {
151 principal := v23.GetPrincipal(ctx)
Robert Kroeger77834062015-04-21 20:45:44 -0700[diff] [blame]152 filemode := os.FileMode(0600)
153 dirmode := os.FileMode(0700)
154 if shareable {
155 filemode = os.FileMode(0644)
156 dirmode = os.FileMode(0711)
157 }
158
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]159 // Create dir directory if it does not exist
Robert Kroeger77834062015-04-21 20:45:44 -0700[diff] [blame]160 os.MkdirAll(dir, dirmode)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]161 // Save the object to temporary data and signature files, and then move
162 // those files to the actual data and signature file.
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]163 data, err := ioutil.TempFile(dir, permsName)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]164 if err != nil {
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]165 ctx.Errorf("Failed to open tmpfile data:%v", err)
Todd Wangff73e1f2015-02-10 21:45:52 -0800[diff] [blame]166 return verror.New(ErrOperationFailed, nil)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]167 }
168 defer os.Remove(data.Name())
169 sig, err := ioutil.TempFile(dir, sigName)
170 if err != nil {
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]171 ctx.Errorf("Failed to open tmpfile sig:%v", err)
Todd Wangff73e1f2015-02-10 21:45:52 -0800[diff] [blame]172 return verror.New(ErrOperationFailed, nil)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]173 }
174 defer os.Remove(sig.Name())
175 writer, err := serialization.NewSigningWriteCloser(data, sig, principal, nil)
176 if err != nil {
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]177 ctx.Errorf("Failed to create NewSigningWriteCloser:%v", err)
Todd Wangff73e1f2015-02-10 21:45:52 -0800[diff] [blame]178 return verror.New(ErrOperationFailed, nil)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]179 }
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]180 if err = perms.WriteTo(writer); err != nil {
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]181 ctx.Errorf("Failed to SavePermissions:%v", err)
Todd Wangff73e1f2015-02-10 21:45:52 -0800[diff] [blame]182 return verror.New(ErrOperationFailed, nil)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]183 }
184 if err = writer.Close(); err != nil {
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]185 ctx.Errorf("Failed to Close() SigningWriteCloser:%v", err)
Todd Wangff73e1f2015-02-10 21:45:52 -0800[diff] [blame]186 return verror.New(ErrOperationFailed, nil)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]187 }
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]188 if err := os.Rename(data.Name(), permsFile); err != nil {
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]189 ctx.Errorf("os.Rename() failed:%v", err)
Todd Wangff73e1f2015-02-10 21:45:52 -0800[diff] [blame]190 return verror.New(ErrOperationFailed, nil)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]191 }
Robert Kroeger77834062015-04-21 20:45:44 -0700[diff] [blame]192 if err := os.Chmod(permsFile, filemode); err != nil {
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]193 ctx.Errorf("os.Chmod() failed:%v", err)
Robert Kroeger77834062015-04-21 20:45:44 -0700[diff] [blame]194 return verror.New(ErrOperationFailed, nil)
195 }
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]196 if err := os.Rename(sig.Name(), sigFile); err != nil {
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]197 ctx.Errorf("os.Rename() failed:%v", err)
Todd Wangff73e1f2015-02-10 21:45:52 -0800[diff] [blame]198 return verror.New(ErrOperationFailed, nil)
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]199 }
Robert Kroeger77834062015-04-21 20:45:44 -0700[diff] [blame]200 if err := os.Chmod(sigFile, filemode); err != nil {
Cosmos Nicolaou7a4221f2015-06-21 08:02:23 -0700[diff] [blame]201 ctx.Errorf("os.Chmod() failed:%v", err)
Robert Kroeger77834062015-04-21 20:45:44 -0700[diff] [blame]202 return verror.New(ErrOperationFailed, nil)
203 }
Robert Kroegere95ed6d2015-01-14 17:41:04 -0800[diff] [blame]204 return nil
205}
Robert Kroeger7e368972015-02-25 15:49:10 -0800[diff] [blame]206
Cosmos Nicolaou1c33b7d2015-06-24 15:15:54 -0700[diff] [blame]207func (store *PathStore) PermsForPath(ctx *context.T, path string) (access.Permissions, bool, error) {
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]208 perms, _, err := store.Get(path)
Robert Kroeger7e368972015-02-25 15:49:10 -0800[diff] [blame]209 if os.IsNotExist(err) {
210 return nil, true, nil
211 } else if err != nil {
212 return nil, false, err
213 }
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]214 return perms, false, nil
Robert Kroeger7e368972015-02-25 15:49:10 -0800[diff] [blame]215}
Robert Kroeger03f0cc72015-04-02 10:18:01 -0700[diff] [blame]216
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]217// PrefixPatterns creates a pattern containing all of the prefix patterns of the
218// provided blessings.
Robert Kroeger03f0cc72015-04-02 10:18:01 -0700[diff] [blame]219func PrefixPatterns(blessings []string) []security.BlessingPattern {
220 var patterns []security.BlessingPattern
221 for _, b := range blessings {
222 patterns = append(patterns, security.BlessingPattern(b).PrefixPatterns()...)
223 }
224 return patterns
225}
226
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]227// PermissionsForBlessings creates the Permissions list that should be used with
228// a newly created object.
Robert Kroeger03f0cc72015-04-02 10:18:01 -0700[diff] [blame]229func PermissionsForBlessings(blessings []string) access.Permissions {
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]230 perms := make(access.Permissions)
Robert Kroeger03f0cc72015-04-02 10:18:01 -0700[diff] [blame]231
232 // Add the invoker's blessings and all its prefixes.
233 for _, p := range PrefixPatterns(blessings) {
234 for _, tag := range access.AllTypicalTags() {
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]235 perms.Add(p, string(tag))
Robert Kroeger03f0cc72015-04-02 10:18:01 -0700[diff] [blame]236 }
237 }
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]238 return perms
Robert Kroeger03f0cc72015-04-02 10:18:01 -0700[diff] [blame]239}
Robert Kroegerf9536ac2015-04-03 16:30:44 -0700[diff] [blame]240
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]241// NilAuthPermissions creates Permissions that mimics the default authorization
242// policy (i.e., Permissions is matched by all blessings that are either
243// extensions of one of the local blessings or can be extended to form one of
244// the local blessings.)
Todd Wang4264e4b2015-04-16 22:43:40 -0700[diff] [blame]245func NilAuthPermissions(ctx *context.T, call security.Call) access.Permissions {
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]246 perms := make(access.Permissions)
Todd Wang4264e4b2015-04-16 22:43:40 -0700[diff] [blame]247 lb := security.LocalBlessingNames(ctx, call)
Robert Kroegerf9536ac2015-04-03 16:30:44 -0700[diff] [blame]248 for _, p := range PrefixPatterns(lb) {
249 for _, tag := range access.AllTypicalTags() {
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]250 perms.Add(p, string(tag))
Robert Kroegerf9536ac2015-04-03 16:30:44 -0700[diff] [blame]251 }
252 }
Adam Sadovskya4d4a692015-04-20 11:36:49 -0700[diff] [blame]253 return perms
Robert Kroegerf9536ac2015-04-03 16:30:44 -0700[diff] [blame]254}