linux/fs/9p/v9fs.c
Latchesar Ionkov ba17674fe0 9p: attach-per-user
The 9P2000 protocol requires the authentication and permission checks to be
done in the file server. For that reason every user that accesses the file
server tree has to authenticate and attach to the server separately.
Multiple users can share the same connection to the server.

Currently v9fs does a single attach and executes all I/O operations as a
single user. This makes using v9fs in multiuser environment unsafe as it
depends on the client doing the permission checking.

This patch improves the 9P2000 support by allowing every user to attach
separately. The patch defines three modes of access (new mount option
'access'):

- attach-per-user (access=user) (default mode for 9P2000.u)
 If a user tries to access a file served by v9fs for the first time, v9fs
 sends an attach command to the server (Tattach) specifying the user. If
 the attach succeeds, the user can access the v9fs tree.
 As there is no uname->uid (string->integer) mapping yet, this mode works
 only with the 9P2000.u dialect.

- allow only one user to access the tree (access=<uid>)
 Only the user with uid can access the v9fs tree. Other users that attempt
 to access it will get EPERM error.

- do all operations as a single user (access=any) (default for 9P2000)
 V9fs does a single attach and all operations are done as a single user.
 If this mode is selected, the v9fs behavior is identical with the current
 one.

Signed-off-by: Latchesar Ionkov <lucho@ionkov.net>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
2007-10-17 14:31:07 -05:00

369 lines
8.3 KiB
C

/*
* linux/fs/9p/v9fs.c
*
* This file contains functions assisting in mapping VFS to 9P2000
*
* Copyright (C) 2004 by Eric Van Hensbergen <ericvh@gmail.com>
* Copyright (C) 2002 by Ron Minnich <rminnich@lanl.gov>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to:
* Free Software Foundation
* 51 Franklin Street, Fifth Floor
* Boston, MA 02111-1301 USA
*
*/
#include <linux/module.h>
#include <linux/errno.h>
#include <linux/fs.h>
#include <linux/sched.h>
#include <linux/parser.h>
#include <linux/idr.h>
#include <net/9p/9p.h>
#include <net/9p/transport.h>
#include <net/9p/conn.h>
#include <net/9p/client.h>
#include "v9fs.h"
#include "v9fs_vfs.h"
/*
* Dynamic Transport Registration Routines
*
*/
static LIST_HEAD(v9fs_trans_list);
static struct p9_trans_module *v9fs_default_trans;
/**
* v9fs_register_trans - register a new transport with 9p
* @m - structure describing the transport module and entry points
*
*/
void v9fs_register_trans(struct p9_trans_module *m)
{
list_add_tail(&m->list, &v9fs_trans_list);
if (m->def)
v9fs_default_trans = m;
}
EXPORT_SYMBOL(v9fs_register_trans);
/**
* v9fs_match_trans - match transport versus registered transports
* @arg: string identifying transport
*
*/
static struct p9_trans_module *v9fs_match_trans(const substring_t *name)
{
struct list_head *p;
struct p9_trans_module *t = NULL;
list_for_each(p, &v9fs_trans_list) {
t = list_entry(p, struct p9_trans_module, list);
if (strncmp(t->name, name->from, name->to-name->from) == 0) {
P9_DPRINTK(P9_DEBUG_TRANS, "trans=%s\n", t->name);
break;
}
}
return t;
}
/*
* Option Parsing (code inspired by NFS code)
* NOTE: each transport will parse its own options
*/
enum {
/* Options that take integer arguments */
Opt_debug, Opt_msize, Opt_dfltuid, Opt_dfltgid, Opt_afid,
/* String options */
Opt_uname, Opt_remotename, Opt_trans,
/* Options that take no arguments */
Opt_legacy, Opt_nodevmap,
/* Cache options */
Opt_cache_loose,
/* Access options */
Opt_access,
/* Error token */
Opt_err
};
static match_table_t tokens = {
{Opt_debug, "debug=%x"},
{Opt_msize, "msize=%u"},
{Opt_dfltuid, "dfltuid=%u"},
{Opt_dfltgid, "dfltgid=%u"},
{Opt_afid, "afid=%u"},
{Opt_uname, "uname=%s"},
{Opt_remotename, "aname=%s"},
{Opt_trans, "trans=%s"},
{Opt_legacy, "noextend"},
{Opt_nodevmap, "nodevmap"},
{Opt_cache_loose, "cache=loose"},
{Opt_cache_loose, "loose"},
{Opt_access, "access=%s"},
{Opt_err, NULL}
};
/**
* v9fs_parse_options - parse mount options into session structure
* @options: options string passed from mount
* @v9ses: existing v9fs session information
*
*/
static void v9fs_parse_options(struct v9fs_session_info *v9ses)
{
char *options = v9ses->options;
substring_t args[MAX_OPT_ARGS];
char *p;
int option;
int ret;
char *s, *e;
/* setup defaults */
v9ses->maxdata = 8192;
v9ses->afid = ~0;
v9ses->debug = 0;
v9ses->cache = 0;
v9ses->trans = v9fs_default_trans;
if (!options)
return;
while ((p = strsep(&options, ",")) != NULL) {
int token;
if (!*p)
continue;
token = match_token(p, tokens, args);
if (token < Opt_uname) {
if ((ret = match_int(&args[0], &option)) < 0) {
P9_DPRINTK(P9_DEBUG_ERROR,
"integer field, but no integer?\n");
continue;
}
}
switch (token) {
case Opt_debug:
v9ses->debug = option;
#ifdef CONFIG_NET_9P_DEBUG
p9_debug_level = option;
#endif
break;
case Opt_msize:
v9ses->maxdata = option;
break;
case Opt_dfltuid:
v9ses->dfltuid = option;
break;
case Opt_dfltgid:
v9ses->dfltgid = option;
break;
case Opt_afid:
v9ses->afid = option;
break;
case Opt_trans:
v9ses->trans = v9fs_match_trans(&args[0]);
break;
case Opt_uname:
match_strcpy(v9ses->uname, &args[0]);
break;
case Opt_remotename:
match_strcpy(v9ses->aname, &args[0]);
break;
case Opt_legacy:
v9ses->flags &= ~V9FS_EXTENDED;
break;
case Opt_nodevmap:
v9ses->nodev = 1;
break;
case Opt_cache_loose:
v9ses->cache = CACHE_LOOSE;
break;
case Opt_access:
s = match_strdup(&args[0]);
v9ses->flags &= ~V9FS_ACCESS_MASK;
if (strcmp(s, "user") == 0)
v9ses->flags |= V9FS_ACCESS_USER;
else if (strcmp(s, "any") == 0)
v9ses->flags |= V9FS_ACCESS_ANY;
else {
v9ses->flags |= V9FS_ACCESS_SINGLE;
v9ses->uid = simple_strtol(s, &e, 10);
if (*e != '\0')
v9ses->uid = ~0;
}
break;
default:
continue;
}
}
}
/**
* v9fs_session_init - initialize session
* @v9ses: session information structure
* @dev_name: device being mounted
* @data: options
*
*/
struct p9_fid *v9fs_session_init(struct v9fs_session_info *v9ses,
const char *dev_name, char *data)
{
int retval = -EINVAL;
struct p9_trans *trans = NULL;
struct p9_fid *fid;
v9ses->uname = __getname();
if (!v9ses->uname)
return ERR_PTR(-ENOMEM);
v9ses->aname = __getname();
if (!v9ses->aname) {
__putname(v9ses->uname);
return ERR_PTR(-ENOMEM);
}
v9ses->flags = V9FS_EXTENDED | V9FS_ACCESS_USER;
strcpy(v9ses->uname, V9FS_DEFUSER);
strcpy(v9ses->aname, V9FS_DEFANAME);
v9ses->uid = ~0;
v9ses->dfltuid = V9FS_DEFUID;
v9ses->dfltgid = V9FS_DEFGID;
v9ses->options = kstrdup(data, GFP_KERNEL);
v9fs_parse_options(v9ses);
if ((v9ses->trans == NULL) && !list_empty(&v9fs_trans_list))
v9ses->trans = list_first_entry(&v9fs_trans_list,
struct p9_trans_module, list);
if (v9ses->trans == NULL) {
retval = -EPROTONOSUPPORT;
P9_DPRINTK(P9_DEBUG_ERROR,
"No transport defined or default transport\n");
goto error;
}
trans = v9ses->trans->create(dev_name, v9ses->options);
if (IS_ERR(trans)) {
retval = PTR_ERR(trans);
trans = NULL;
goto error;
}
if ((v9ses->maxdata+P9_IOHDRSZ) > v9ses->trans->maxsize)
v9ses->maxdata = v9ses->trans->maxsize-P9_IOHDRSZ;
v9ses->clnt = p9_client_create(trans, v9ses->maxdata+P9_IOHDRSZ,
v9fs_extended(v9ses));
if (IS_ERR(v9ses->clnt)) {
retval = PTR_ERR(v9ses->clnt);
v9ses->clnt = NULL;
P9_DPRINTK(P9_DEBUG_ERROR, "problem initializing 9p client\n");
goto error;
}
if (!v9ses->clnt->dotu)
v9ses->flags &= ~V9FS_EXTENDED;
/* for legacy mode, fall back to V9FS_ACCESS_ANY */
if (!v9fs_extended(v9ses) &&
((v9ses->flags&V9FS_ACCESS_MASK) == V9FS_ACCESS_USER)) {
v9ses->flags &= ~V9FS_ACCESS_MASK;
v9ses->flags |= V9FS_ACCESS_ANY;
v9ses->uid = ~0;
}
fid = p9_client_attach(v9ses->clnt, NULL, v9ses->uname, ~0,
v9ses->aname);
if (IS_ERR(fid)) {
retval = PTR_ERR(fid);
fid = NULL;
P9_DPRINTK(P9_DEBUG_ERROR, "cannot attach\n");
goto error;
}
if ((v9ses->flags & V9FS_ACCESS_MASK) == V9FS_ACCESS_SINGLE)
fid->uid = v9ses->uid;
else
fid->uid = ~0;
return fid;
error:
v9fs_session_close(v9ses);
return ERR_PTR(retval);
}
/**
* v9fs_session_close - shutdown a session
* @v9ses: session information structure
*
*/
void v9fs_session_close(struct v9fs_session_info *v9ses)
{
if (v9ses->clnt) {
p9_client_destroy(v9ses->clnt);
v9ses->clnt = NULL;
}
__putname(v9ses->uname);
__putname(v9ses->aname);
kfree(v9ses->options);
}
/**
* v9fs_session_cancel - mark transport as disconnected
* and cancel all pending requests.
*/
void v9fs_session_cancel(struct v9fs_session_info *v9ses) {
P9_DPRINTK(P9_DEBUG_ERROR, "cancel session %p\n", v9ses);
p9_client_disconnect(v9ses->clnt);
}
extern int v9fs_error_init(void);
/**
* v9fs_init - Initialize module
*
*/
static int __init init_v9fs(void)
{
printk(KERN_INFO "Installing v9fs 9p2000 file system support\n");
/* TODO: Setup list of registered trasnport modules */
return register_filesystem(&v9fs_fs_type);
}
/**
* v9fs_init - shutdown module
*
*/
static void __exit exit_v9fs(void)
{
unregister_filesystem(&v9fs_fs_type);
}
module_init(init_v9fs)
module_exit(exit_v9fs)
MODULE_AUTHOR("Latchesar Ionkov <lucho@ionkov.net>");
MODULE_AUTHOR("Eric Van Hensbergen <ericvh@gmail.com>");
MODULE_AUTHOR("Ron Minnich <rminnich@lanl.gov>");
MODULE_LICENSE("GPL");