OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity

hw/9pfs: Use export flag for indicating security model

Browse Source 
This helps to remove some of the structure members

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
This commit is contained in:
Aneesh Kumar K.V 2011-10-13 13:21:00 +05:30
parent fbcbf101aa
commit b97400caef
5 changed files with 68 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
fsdev/file-op-9p.h
View File

@ -23,23 +23,6 @@
#define SM_LOCAL_MODE_BITS 0600
#define SM_LOCAL_DIR_MODE_BITS 0700
typedef enum
{
/*
* Server will try to set uid/gid.
* On failure ignore the error.
*/
SM_NONE = 0,
/*
* uid/gid set on fileserver files
*/
SM_PASSTHROUGH = 1,
/*
* uid/gid part of xattr
*/
SM_MAPPED,
} SecModel;
typedef struct FsCred
{
uid_t fc_uid;
@ -60,12 +43,27 @@ typedef struct extended_ops {
/* export flags */
#define V9FS_IMMEDIATE_WRITEOUT 0x00000001
#define V9FS_PATHNAME_FSCONTEXT 0x00000002
/*
* uid/gid set on fileserver files
*/
#define V9FS_SM_PASSTHROUGH 0x00000004
/*
* uid/gid part of xattr
*/
#define V9FS_SM_MAPPED 0x00000008
/*
* Server will try to set uid/gid.
* On failure ignore the error.
*/
#define V9FS_SM_NONE 0x00000010
#define V9FS_SEC_MASK 0x0000001C
typedef struct FsContext
{
char *fs_root;
SecModel fs_sm;
uid_t uid;
char *fs_root;
int export_flags;
struct xattr_operations **xops;
struct extended_ops exops;

19
fsdev/qemu-fsdev.c
View File

@ -72,14 +72,29 @@ int qemu_fsdev_add(QemuOpts *opts)
fsle->fse.fsdev_id = g_strdup(fsdev_id);
fsle->fse.path = g_strdup(path);
fsle->fse.security_model = g_strdup(sec_model);
fsle->fse.ops = FsDrivers[i].ops;
fsle->fse.export_flags = 0;
if (writeout) {
if (!strcmp(writeout, "immediate")) {
fsle->fse.export_flags = V9FS_IMMEDIATE_WRITEOUT;
fsle->fse.export_flags |= V9FS_IMMEDIATE_WRITEOUT;
}
}
if (!strcmp(sec_model, "passthrough")) {
fsle->fse.export_flags |= V9FS_SM_PASSTHROUGH;
} else if (!strcmp(sec_model, "mapped")) {
fsle->fse.export_flags |= V9FS_SM_MAPPED;
} else if (!strcmp(sec_model, "none")) {
fsle->fse.export_flags |= V9FS_SM_NONE;
} else {
fprintf(stderr, "Default to security_model=none. You may want"
" enable advanced security model using "
"security option:\n\t security_model=passthrough\n\t "
"security_model=mapped\n");
fsle->fse.export_flags |= V9FS_SM_NONE;
}
QTAILQ_INSERT_TAIL(&fsdriver_entries, fsle, next);
return 0;
}

1
fsdev/qemu-fsdev.h
View File

@ -40,7 +40,6 @@ typedef struct FsDriverTable {
typedef struct FsDriverEntry {
char *fsdev_id;
char *path;
char *security_model;
int export_flags;
FileOperations *ops;
} FsDriverEntry;

33
hw/9pfs/virtio-9p-device.c
View File

@ -83,35 +83,18 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
exit(1);
}
if (!strcmp(fse->security_model, "passthrough")) {
/* Files on the Fileserver set to client user credentials */
s->ctx.fs_sm = SM_PASSTHROUGH;
s->ctx.xops = passthrough_xattr_ops;
} else if (!strcmp(fse->security_model, "mapped")) {
/* Files on the fileserver are set to QEMU credentials.
* Client user credentials are saved in extended attributes.
*/
s->ctx.fs_sm = SM_MAPPED;
s->ctx.xops = mapped_xattr_ops;
} else if (!strcmp(fse->security_model, "none")) {
/*
* Files on the fileserver are set to QEMU credentials.
*/
s->ctx.fs_sm = SM_NONE;
s->ctx.xops = none_xattr_ops;
} else {
fprintf(stderr, "Default to security_model=none. You may want"
" enable advanced security model using "
"security option:\n\t security_model=passthrough\n\t "
"security_model=mapped\n");
s->ctx.fs_sm = SM_NONE;
s->ctx.xops = none_xattr_ops;
}
s->ctx.export_flags = fse->export_flags;
s->ctx.fs_root = g_strdup(fse->path);
s->ctx.exops.get_st_gen = NULL;
if (fse->export_flags & V9FS_SM_PASSTHROUGH) {
s->ctx.xops = passthrough_xattr_ops;
} else if (fse->export_flags & V9FS_SM_MAPPED) {
s->ctx.xops = mapped_xattr_ops;
} else if (fse->export_flags & V9FS_SM_NONE) {
s->ctx.xops = none_xattr_ops;
}
len = strlen(conf->tag);
if (len > MAX_TAG_LEN) {
fprintf(stderr, "mount tag '%s' (%d bytes) is longer than "

52
hw/9pfs/virtio-9p-local.c
View File

@ -49,7 +49,7 @@ static int local_lstat(FsContext *fs_ctx, V9fsPath *fs_path, struct stat *stbuf)
if (err) {
return err;
}
if (fs_ctx->fs_sm == SM_MAPPED) {
if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
/* Actual credentials are part of extended attrs */
uid_t tmp_uid;
gid_t tmp_gid;
@ -124,7 +124,7 @@ static int local_post_create_passthrough(FsContext *fs_ctx, const char *path,
* If we fail to change ownership and if we are
* using security model none. Ignore the error
*/
if (fs_ctx->fs_sm != SM_NONE) {
if ((fs_ctx->export_flags & V9FS_SEC_MASK) != V9FS_SM_NONE) {
return -1;
}
}
@ -138,7 +138,7 @@ static ssize_t local_readlink(FsContext *fs_ctx, V9fsPath *fs_path,
char buffer[PATH_MAX];
char *path = fs_path->data;
if (fs_ctx->fs_sm == SM_MAPPED) {
if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
int fd;
fd = open(rpath(fs_ctx, path, buffer), O_RDONLY);
if (fd == -1) {
@ -149,8 +149,8 @@ static ssize_t local_readlink(FsContext *fs_ctx, V9fsPath *fs_path,
} while (tsize == -1 && errno == EINTR);
close(fd);
return tsize;
} else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) {
} else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
(fs_ctx->export_flags & V9FS_SM_NONE)) {
tsize = readlink(rpath(fs_ctx, path, buffer), buf, bufsz);
}
return tsize;
@ -252,10 +252,10 @@ static int local_chmod(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)
char buffer[PATH_MAX];
char *path = fs_path->data;
if (fs_ctx->fs_sm == SM_MAPPED) {
if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
return local_set_xattr(rpath(fs_ctx, path, buffer), credp);
} else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) {
} else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
(fs_ctx->export_flags & V9FS_SM_NONE)) {
return chmod(rpath(fs_ctx, path, buffer), credp->fc_mode);
}
return -1;
@ -275,7 +275,7 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
path = fullname.data;
/* Determine the security model */
if (fs_ctx->fs_sm == SM_MAPPED) {
if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
err = mknod(rpath(fs_ctx, path, buffer),
SM_LOCAL_MODE_BITS|S_IFREG, 0);
if (err == -1) {
@ -286,8 +286,8 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
serrno = errno;
goto err_end;
}
} else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) {
} else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
(fs_ctx->export_flags & V9FS_SM_NONE)) {
err = mknod(rpath(fs_ctx, path, buffer), credp->fc_mode,
credp->fc_rdev);
if (err == -1) {
@ -323,7 +323,7 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
path = fullname.data;
/* Determine the security model */
if (fs_ctx->fs_sm == SM_MAPPED) {
if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
err = mkdir(rpath(fs_ctx, path, buffer), SM_LOCAL_DIR_MODE_BITS);
if (err == -1) {
goto out;
@ -334,8 +334,8 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
serrno = errno;
goto err_end;
}
} else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) {
} else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
(fs_ctx->export_flags & V9FS_SM_NONE)) {
err = mkdir(rpath(fs_ctx, path, buffer), credp->fc_mode);
if (err == -1) {
goto out;
@ -363,7 +363,7 @@ static int local_fstat(FsContext *fs_ctx, int fd, struct stat *stbuf)
if (err) {
return err;
}
if (fs_ctx->fs_sm == SM_MAPPED) {
if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
/* Actual credentials are part of extended attrs */
uid_t tmp_uid;
gid_t tmp_gid;
@ -401,7 +401,7 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
path = fullname.data;
/* Determine the security model */
if (fs_ctx->fs_sm == SM_MAPPED) {
if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
fd = open(rpath(fs_ctx, path, buffer), flags, SM_LOCAL_MODE_BITS);
if (fd == -1) {
err = fd;
@ -414,8 +414,8 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
serrno = errno;
goto err_end;
}
} else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) {
} else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
(fs_ctx->export_flags & V9FS_SM_NONE)) {
fd = open(rpath(fs_ctx, path, buffer), flags, credp->fc_mode);
if (fd == -1) {
err = fd;
@ -454,7 +454,7 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
newpath = fullname.data;
/* Determine the security model */
if (fs_ctx->fs_sm == SM_MAPPED) {
if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
int fd;
ssize_t oldpath_size, write_size;
fd = open(rpath(fs_ctx, newpath, buffer), O_CREAT|O_EXCL|O_RDWR,
@ -483,8 +483,8 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
serrno = errno;
goto err_end;
}
} else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) {
} else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
(fs_ctx->export_flags & V9FS_SM_NONE)) {
err = symlink(oldpath, rpath(fs_ctx, newpath, buffer));
if (err) {
goto out;
@ -496,7 +496,7 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
* If we fail to change ownership and if we are
* using security model none. Ignore the error
*/
if (fs_ctx->fs_sm != SM_NONE) {
if ((fs_ctx->export_flags & V9FS_SEC_MASK) != V9FS_SM_NONE) {
serrno = errno;
goto err_end;
} else
@ -551,13 +551,13 @@ static int local_chown(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)
char *path = fs_path->data;
if ((credp->fc_uid == -1 && credp->fc_gid == -1) ||
(fs_ctx->fs_sm == SM_PASSTHROUGH)) {
(fs_ctx->export_flags & V9FS_SM_PASSTHROUGH)) {
return lchown(rpath(fs_ctx, path, buffer), credp->fc_uid,
credp->fc_gid);
} else if (fs_ctx->fs_sm == SM_MAPPED) {
} else if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
return local_set_xattr(rpath(fs_ctx, path, buffer), credp);
} else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) {
} else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
(fs_ctx->export_flags & V9FS_SM_NONE)) {
return lchown(rpath(fs_ctx, path, buffer), credp->fc_uid,
credp->fc_gid);
}