OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity

hw/9pfs: Use export flag for indicating security model

Browse Source 
This helps to remove some of the structure members

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
This commit is contained in:
Aneesh Kumar K.V 2011-10-13 13:21:00 +05:30
parent fbcbf101aa
commit b97400caef
5 changed files with 68 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
fsdev/file-op-9p.h
View File

@ -23,23 +23,6 @@
#define SM_LOCAL_MODE_BITS 0600 #define SM_LOCAL_MODE_BITS 0600
#define SM_LOCAL_DIR_MODE_BITS 0700 #define SM_LOCAL_DIR_MODE_BITS 0700
typedef enum
{
/*
* Server will try to set uid/gid.
* On failure ignore the error.
*/
SM_NONE = 0,
/*
* uid/gid set on fileserver files
*/
SM_PASSTHROUGH = 1,
/*
* uid/gid part of xattr
*/
SM_MAPPED,
} SecModel;
typedef struct FsCred typedef struct FsCred
{ {
uid_t fc_uid; uid_t fc_uid;
@ -60,12 +43,27 @@ typedef struct extended_ops {
/* export flags */ /* export flags */
#define V9FS_IMMEDIATE_WRITEOUT 0x00000001 #define V9FS_IMMEDIATE_WRITEOUT 0x00000001
#define V9FS_PATHNAME_FSCONTEXT 0x00000002 #define V9FS_PATHNAME_FSCONTEXT 0x00000002
/*
* uid/gid set on fileserver files
*/
#define V9FS_SM_PASSTHROUGH 0x00000004
/*
* uid/gid part of xattr
*/
#define V9FS_SM_MAPPED 0x00000008
/*
* Server will try to set uid/gid.
* On failure ignore the error.
*/
#define V9FS_SM_NONE 0x00000010
#define V9FS_SEC_MASK 0x0000001C
typedef struct FsContext typedef struct FsContext
{ {
char *fs_root;
SecModel fs_sm;
uid_t uid; uid_t uid;
char *fs_root;
int export_flags; int export_flags;
struct xattr_operations **xops; struct xattr_operations **xops;
struct extended_ops exops; struct extended_ops exops;

19
fsdev/qemu-fsdev.c
View File

@ -72,14 +72,29 @@ int qemu_fsdev_add(QemuOpts *opts)
fsle->fse.fsdev_id = g_strdup(fsdev_id); fsle->fse.fsdev_id = g_strdup(fsdev_id);
fsle->fse.path = g_strdup(path); fsle->fse.path = g_strdup(path);
fsle->fse.security_model = g_strdup(sec_model);
fsle->fse.ops = FsDrivers[i].ops; fsle->fse.ops = FsDrivers[i].ops;
fsle->fse.export_flags = 0; fsle->fse.export_flags = 0;
if (writeout) { if (writeout) {
if (!strcmp(writeout, "immediate")) { if (!strcmp(writeout, "immediate")) {
fsle->fse.export_flags = V9FS_IMMEDIATE_WRITEOUT; fsle->fse.export_flags |= V9FS_IMMEDIATE_WRITEOUT;
} }
} }
if (!strcmp(sec_model, "passthrough")) {
fsle->fse.export_flags |= V9FS_SM_PASSTHROUGH;
} else if (!strcmp(sec_model, "mapped")) {
fsle->fse.export_flags |= V9FS_SM_MAPPED;
} else if (!strcmp(sec_model, "none")) {
fsle->fse.export_flags |= V9FS_SM_NONE;
} else {
fprintf(stderr, "Default to security_model=none. You may want"
" enable advanced security model using "
"security option:\n\t security_model=passthrough\n\t "
"security_model=mapped\n");
fsle->fse.export_flags |= V9FS_SM_NONE;
}
QTAILQ_INSERT_TAIL(&fsdriver_entries, fsle, next); QTAILQ_INSERT_TAIL(&fsdriver_entries, fsle, next);
return 0; return 0;
} }

1
fsdev/qemu-fsdev.h
View File

@ -40,7 +40,6 @@ typedef struct FsDriverTable {
typedef struct FsDriverEntry { typedef struct FsDriverEntry {
char *fsdev_id; char *fsdev_id;
char *path; char *path;
char *security_model;
int export_flags; int export_flags;
FileOperations *ops; FileOperations *ops;
} FsDriverEntry; } FsDriverEntry;

33
hw/9pfs/virtio-9p-device.c
View File

@ -83,35 +83,18 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
exit(1); exit(1);
} }
if (!strcmp(fse->security_model, "passthrough")) {
/* Files on the Fileserver set to client user credentials */
s->ctx.fs_sm = SM_PASSTHROUGH;
s->ctx.xops = passthrough_xattr_ops;
} else if (!strcmp(fse->security_model, "mapped")) {
/* Files on the fileserver are set to QEMU credentials.
* Client user credentials are saved in extended attributes.
*/
s->ctx.fs_sm = SM_MAPPED;
s->ctx.xops = mapped_xattr_ops;
} else if (!strcmp(fse->security_model, "none")) {
/*
* Files on the fileserver are set to QEMU credentials.
*/
s->ctx.fs_sm = SM_NONE;
s->ctx.xops = none_xattr_ops;
} else {
fprintf(stderr, "Default to security_model=none. You may want"
" enable advanced security model using "
"security option:\n\t security_model=passthrough\n\t "
"security_model=mapped\n");
s->ctx.fs_sm = SM_NONE;
s->ctx.xops = none_xattr_ops;
}
s->ctx.export_flags = fse->export_flags; s->ctx.export_flags = fse->export_flags;
s->ctx.fs_root = g_strdup(fse->path); s->ctx.fs_root = g_strdup(fse->path);
s->ctx.exops.get_st_gen = NULL; s->ctx.exops.get_st_gen = NULL;
if (fse->export_flags & V9FS_SM_PASSTHROUGH) {
s->ctx.xops = passthrough_xattr_ops;
} else if (fse->export_flags & V9FS_SM_MAPPED) {
s->ctx.xops = mapped_xattr_ops;
} else if (fse->export_flags & V9FS_SM_NONE) {
s->ctx.xops = none_xattr_ops;
}
len = strlen(conf->tag); len = strlen(conf->tag);
if (len > MAX_TAG_LEN) { if (len > MAX_TAG_LEN) {
fprintf(stderr, "mount tag '%s' (%d bytes) is longer than " fprintf(stderr, "mount tag '%s' (%d bytes) is longer than "

52
hw/9pfs/virtio-9p-local.c
View File

@ -49,7 +49,7 @@ static int local_lstat(FsContext *fs_ctx, V9fsPath *fs_path, struct stat *stbuf)
if (err) { if (err) {
return err; return err;
} }
if (fs_ctx->fs_sm == SM_MAPPED) { if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
/* Actual credentials are part of extended attrs */ /* Actual credentials are part of extended attrs */
uid_t tmp_uid; uid_t tmp_uid;
gid_t tmp_gid; gid_t tmp_gid;
@ -124,7 +124,7 @@ static int local_post_create_passthrough(FsContext *fs_ctx, const char *path,
* If we fail to change ownership and if we are * If we fail to change ownership and if we are
* using security model none. Ignore the error * using security model none. Ignore the error
*/ */
if (fs_ctx->fs_sm != SM_NONE) { if ((fs_ctx->export_flags & V9FS_SEC_MASK) != V9FS_SM_NONE) {
return -1; return -1;
} }
} }
@ -138,7 +138,7 @@ static ssize_t local_readlink(FsContext *fs_ctx, V9fsPath *fs_path,
char buffer[PATH_MAX]; char buffer[PATH_MAX];
char *path = fs_path->data; char *path = fs_path->data;
if (fs_ctx->fs_sm == SM_MAPPED) { if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
int fd; int fd;
fd = open(rpath(fs_ctx, path, buffer), O_RDONLY); fd = open(rpath(fs_ctx, path, buffer), O_RDONLY);
if (fd == -1) { if (fd == -1) {
@ -149,8 +149,8 @@ static ssize_t local_readlink(FsContext *fs_ctx, V9fsPath *fs_path,
} while (tsize == -1 && errno == EINTR); } while (tsize == -1 && errno == EINTR);
close(fd); close(fd);
return tsize; return tsize;
} else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) { (fs_ctx->export_flags & V9FS_SM_NONE)) {
tsize = readlink(rpath(fs_ctx, path, buffer), buf, bufsz); tsize = readlink(rpath(fs_ctx, path, buffer), buf, bufsz);
} }
return tsize; return tsize;
@ -252,10 +252,10 @@ static int local_chmod(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)
char buffer[PATH_MAX]; char buffer[PATH_MAX];
char *path = fs_path->data; char *path = fs_path->data;
if (fs_ctx->fs_sm == SM_MAPPED) { if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
return local_set_xattr(rpath(fs_ctx, path, buffer), credp); return local_set_xattr(rpath(fs_ctx, path, buffer), credp);
} else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) { (fs_ctx->export_flags & V9FS_SM_NONE)) {
return chmod(rpath(fs_ctx, path, buffer), credp->fc_mode); return chmod(rpath(fs_ctx, path, buffer), credp->fc_mode);
} }
return -1; return -1;
@ -275,7 +275,7 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
path = fullname.data; path = fullname.data;
/* Determine the security model */ /* Determine the security model */
if (fs_ctx->fs_sm == SM_MAPPED) { if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
err = mknod(rpath(fs_ctx, path, buffer), err = mknod(rpath(fs_ctx, path, buffer),
SM_LOCAL_MODE_BITS|S_IFREG, 0); SM_LOCAL_MODE_BITS|S_IFREG, 0);
if (err == -1) { if (err == -1) {
@ -286,8 +286,8 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
serrno = errno; serrno = errno;
goto err_end; goto err_end;
} }
} else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) { (fs_ctx->export_flags & V9FS_SM_NONE)) {
err = mknod(rpath(fs_ctx, path, buffer), credp->fc_mode, err = mknod(rpath(fs_ctx, path, buffer), credp->fc_mode,
credp->fc_rdev); credp->fc_rdev);
if (err == -1) { if (err == -1) {
@ -323,7 +323,7 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
path = fullname.data; path = fullname.data;
/* Determine the security model */ /* Determine the security model */
if (fs_ctx->fs_sm == SM_MAPPED) { if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
err = mkdir(rpath(fs_ctx, path, buffer), SM_LOCAL_DIR_MODE_BITS); err = mkdir(rpath(fs_ctx, path, buffer), SM_LOCAL_DIR_MODE_BITS);
if (err == -1) { if (err == -1) {
goto out; goto out;
@ -334,8 +334,8 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
serrno = errno; serrno = errno;
goto err_end; goto err_end;
} }
} else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) { (fs_ctx->export_flags & V9FS_SM_NONE)) {
err = mkdir(rpath(fs_ctx, path, buffer), credp->fc_mode); err = mkdir(rpath(fs_ctx, path, buffer), credp->fc_mode);
if (err == -1) { if (err == -1) {
goto out; goto out;
@ -363,7 +363,7 @@ static int local_fstat(FsContext *fs_ctx, int fd, struct stat *stbuf)
if (err) { if (err) {
return err; return err;
} }
if (fs_ctx->fs_sm == SM_MAPPED) { if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
/* Actual credentials are part of extended attrs */ /* Actual credentials are part of extended attrs */
uid_t tmp_uid; uid_t tmp_uid;
gid_t tmp_gid; gid_t tmp_gid;
@ -401,7 +401,7 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
path = fullname.data; path = fullname.data;
/* Determine the security model */ /* Determine the security model */
if (fs_ctx->fs_sm == SM_MAPPED) { if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
fd = open(rpath(fs_ctx, path, buffer), flags, SM_LOCAL_MODE_BITS); fd = open(rpath(fs_ctx, path, buffer), flags, SM_LOCAL_MODE_BITS);
if (fd == -1) { if (fd == -1) {
err = fd; err = fd;
@ -414,8 +414,8 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
serrno = errno; serrno = errno;
goto err_end; goto err_end;
} }
} else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) { (fs_ctx->export_flags & V9FS_SM_NONE)) {
fd = open(rpath(fs_ctx, path, buffer), flags, credp->fc_mode); fd = open(rpath(fs_ctx, path, buffer), flags, credp->fc_mode);
if (fd == -1) { if (fd == -1) {
err = fd; err = fd;
@ -454,7 +454,7 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
newpath = fullname.data; newpath = fullname.data;
/* Determine the security model */ /* Determine the security model */
if (fs_ctx->fs_sm == SM_MAPPED) { if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
int fd; int fd;
ssize_t oldpath_size, write_size; ssize_t oldpath_size, write_size;
fd = open(rpath(fs_ctx, newpath, buffer), O_CREAT|O_EXCL|O_RDWR, fd = open(rpath(fs_ctx, newpath, buffer), O_CREAT|O_EXCL|O_RDWR,
@ -483,8 +483,8 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
serrno = errno; serrno = errno;
goto err_end; goto err_end;
} }
} else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) { (fs_ctx->export_flags & V9FS_SM_NONE)) {
err = symlink(oldpath, rpath(fs_ctx, newpath, buffer)); err = symlink(oldpath, rpath(fs_ctx, newpath, buffer));
if (err) { if (err) {
goto out; goto out;
@ -496,7 +496,7 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
* If we fail to change ownership and if we are * If we fail to change ownership and if we are
* using security model none. Ignore the error * using security model none. Ignore the error
*/ */
if (fs_ctx->fs_sm != SM_NONE) { if ((fs_ctx->export_flags & V9FS_SEC_MASK) != V9FS_SM_NONE) {
serrno = errno; serrno = errno;
goto err_end; goto err_end;
} else } else
@ -551,13 +551,13 @@ static int local_chown(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)
char *path = fs_path->data; char *path = fs_path->data;
if ((credp->fc_uid == -1 && credp->fc_gid == -1) || if ((credp->fc_uid == -1 && credp->fc_gid == -1) ||
(fs_ctx->fs_sm == SM_PASSTHROUGH)) { (fs_ctx->export_flags & V9FS_SM_PASSTHROUGH)) {
return lchown(rpath(fs_ctx, path, buffer), credp->fc_uid, return lchown(rpath(fs_ctx, path, buffer), credp->fc_uid,
credp->fc_gid); credp->fc_gid);
} else if (fs_ctx->fs_sm == SM_MAPPED) { } else if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
return local_set_xattr(rpath(fs_ctx, path, buffer), credp); return local_set_xattr(rpath(fs_ctx, path, buffer), credp);
} else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) { (fs_ctx->export_flags & V9FS_SM_NONE)) {
return lchown(rpath(fs_ctx, path, buffer), credp->fc_uid, return lchown(rpath(fs_ctx, path, buffer), credp->fc_uid,
credp->fc_gid); credp->fc_gid);
} }