/
ops.c
282 lines (252 loc) · 7.97 KB
/
ops.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
/*****************************************************************************
* Copyright (C) 2010 Lawrence Livermore National Security, LLC.
* Written by Jim Garlick <garlick@llnl.gov> LLNL-CODE-423279
* All Rights Reserved.
*
* This file is part of the Distributed I/O Daemon (diod).
* For details, see <http://code.google.com/p/diod/>.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License (as published by the
* Free Software Foundation) version 2, dated June 1991.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the IMPLIED WARRANTY OF MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the terms and conditions of the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA or see
* <http://www.gnu.org/licenses/>.
*****************************************************************************/
/* ops.c - file ops for diodctl */
#if HAVE_CONFIG_H
#include "config.h"
#endif
#define _BSD_SOURCE /* daemon */
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#if HAVE_GETOPT_H
#include <getopt.h>
#endif
#include <errno.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/param.h>
#include <string.h>
#include <sys/resource.h>
#include <poll.h>
#include <assert.h>
#include "npfs.h"
#include "list.h"
#include "diod_log.h"
#include "diod_conf.h"
#include "diod_trans.h"
#include "diod_upool.h"
#include "diod_sock.h"
#include "serv.h"
static Npfile *_ctl_root_create (void);
static Npfcall *_ctl_attach (Npfid *fid, Npfid *nafid, Npstr *uname,
Npstr *aname);
void
diodctl_register_ops (Npsrv *srv)
{
npfile_init_srv (srv, _ctl_root_create ());
srv->debuglevel = diod_conf_get_debuglevel ();
srv->debugprintf = msg;
srv->upool = diod_upool;
srv->attach = _ctl_attach;
}
/* Tattach - announce a new user, and associate her fid with the root dir.
*/
static Npfcall*
_ctl_attach (Npfid *fid, Npfid *nafid, Npstr *uname, Npstr *aname)
{
char *host = diod_trans_get_host (fid->conn->trans);
char *ip = diod_trans_get_ip (fid->conn->trans);
Npfile *root = (Npfile *)fid->conn->srv->treeaux;
Npfcall *ret = NULL;
Npfilefid *f;
uid_t auid;
if (nafid) { /* 9P Tauth not supported */
np_werror (Enoauth, EIO);
msg ("diodctl_attach: 9P Tauth is not supported");
goto done;
}
if (np_strcmp (aname, "/diodctl") != 0) {
np_uerror (EPERM);
msg ("diodctl_attach: mount attempt for aname other than /diodctl");
goto done;
}
/* Munge authentication involves the upool and trans layers:
* - we ask the upool layer if the user now attaching has a munge cred
* - we stash the uid of the last successful munge auth in the trans layer
* - subsequent attaches on the same trans get to leverage the last auth
* By the time we get here, invalid munge creds have already been rejected.
*/
if (diod_conf_get_munge ()) {
if (diod_user_has_mungecred (fid->user)) {
diod_trans_set_authuser (fid->conn->trans, fid->user->uid);
} else {
if (diod_trans_get_authuser (fid->conn->trans, &auid) < 0) {
np_uerror (EPERM);
msg ("diodctl_attach: attach rejected from unauthenticated user");
goto done;
}
if (auid != 0 && auid != fid->user->uid) {
np_uerror (EPERM);
msg ("diodctl_attach: attach rejected from unauthenticated user");
goto done;
}
}
}
if (!npfile_checkperm (root, fid->user, 4)) {
np_uerror (EPERM);
msg ("diodctl_attach: root file mode denies access for user");
goto done;
}
if (!(f = npfile_fidalloc (root, fid))) {
msg ("diodctl_attach: out of memory");
np_uerror (ENOMEM);
goto done;
}
if (!(ret = np_create_rattach (&root->qid))) {
msg ("diodctl_attach: out of memory");
np_uerror (ENOMEM);
goto done;
}
fid->aux = f;
np_fid_incref (fid);
done:
msg ("attach user %s path %.*s host %s(%s): %s",
fid->user->uname, aname->len, aname->str,
host, ip, np_haserror () ? "DENIED" : "ALLOWED");
if (np_haserror ())
npfile_fiddestroy (fid); /* frees fid->aux as Npfilefid* if not NULL */
return ret;
}
/* Callback for root dir.
*/
static Npfile *
_root_first (Npfile *dir)
{
if (dir->dirfirst)
npfile_incref(dir->dirfirst);
return dir->dirfirst;
}
/* Callback for root dir.
*/
static Npfile *
_root_next (Npfile *dir, Npfile *prevchild)
{
if (prevchild->next)
npfile_incref (prevchild->next);
return prevchild->next;
}
/* Handle a read from the 'exports' file.
*/
static int
_exports_read (Npfilefid *f, u64 offset, u32 count, u8 *data, Npreq *req)
{
char *buf = f->file->aux;
int cpylen = strlen (buf) - offset;
if (cpylen > count)
cpylen = count;
if (cpylen < 0)
cpylen = 0;
memcpy (data, buf + offset, cpylen);
return cpylen;
}
/* Handle a read from the 'server' file.
*/
static int
_server_read (Npfilefid* file, u64 offset, u32 count, u8* data, Npreq *req)
{
Npfid *fid = file->fid;
return diodctl_serv_getname (fid->user, offset, count, data);
}
/* Handle a write to the 'ctl' file.
* Content of the write is ignored since we only have one action.
*/
static int
_ctl_write (Npfilefid* file, u64 offset, u32 count, u8* data, Npreq *req)
{
Npfid *fid = file->fid;
int ret = 0;
if (!diod_conf_get_allowprivate ()) {
np_uerror (EPERM);
msg ("diodctl_write: diodctl is not configured for private mounts");
} else if (diodctl_serv_create (fid->user))
ret = count;
return ret;
}
/* A no-op (no error) wstat.
*/
static int
_noop_wstat (Npfile* file, Npstat* stat)
{
return 1; /* 0 = fail */
}
static Npdirops root_ops = {
.first = _root_first,
.next = _root_next,
};
static Npfileops exports_ops = {
.read = _exports_read,
};
static Npfileops server_ops = {
.read = _server_read,
};
static Npfileops ctl_ops = {
.write = _ctl_write,
.wstat = _noop_wstat, /* needed because mtime is set before a write */
};
/* Create the file system representation for /diodctl.
*/
static Npfile *
_ctl_root_create (void)
{
Npfile *root, *exports, *server, *ctl;
Npuser *user;
char *tmpstr;
if (!(user = diod_upool->uid2user (diod_upool, 0)))
msg_exit ("out of memory");
if (!(tmpstr = strdup ("")))
msg_exit ("out of memory");
if (!(root = npfile_alloc (NULL, tmpstr, 0555|Dmdir, 0, &root_ops, NULL)))
msg_exit ("out of memory");
root->parent = root;
npfile_incref(root);
root->atime = time(NULL);
root->mtime = root->atime;
root->uid = user;
root->gid = user->dfltgroup;
root->muid = user;
if (!(tmpstr = strdup ("exports")))
msg_exit ("out of memory");
if (!(exports = npfile_alloc(root, tmpstr, 0444, 1, &exports_ops, NULL)))
msg_exit ("out of memory");
npfile_incref(exports);
if (!(exports->aux = diod_conf_cat_exports ()))
msg_exit ("out of memory");
if (!(tmpstr = strdup ("server")))
msg_exit ("out of memory");
if (!(server = npfile_alloc(root, tmpstr, 0444, 1, &server_ops, NULL)))
msg_exit ("out of memory");
npfile_incref(server);
if (!(tmpstr = strdup ("ctl")))
msg_exit ("out of memory");
if (!(ctl = npfile_alloc(root, tmpstr, 0666, 1, &ctl_ops, NULL)))
msg_exit ("out of memory");
npfile_incref(ctl);
root->dirfirst = exports;
exports->next = server;
server->next = ctl;
root->dirlast = ctl;
return root;
}
/*
* vi:tabstop=4 shiftwidth=4 expandtab
*/