PERFORCE change 194956 for review
Ilya Putsikau
ilya at FreeBSD.org
Sun Jun 19 09:33:24 UTC 2011
http://p4web.freebsd.org/@@194956?ac=10
Change 194956 by ilya at ilya_triton2011 on 2011/06/19 09:32:34
Merge fuse_internal_access, change arguments order
Change fdisp_make arguments order to same as macfuse
Affected files ...
.. //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_internal.c#9 edit
.. //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_internal.h#10 edit
.. //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_ipc.c#5 edit
.. //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_ipc.h#7 edit
.. //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_vfsops.c#12 edit
.. //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_vnops.c#15 edit
Differences ...
==== //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_internal.c#9 (text+ko) ====
@@ -47,154 +47,112 @@
/* access */
-static __inline int fuse_check_spyable(struct fuse_dispatcher *fdip,
- struct mount *mp, struct thread *td,
- struct ucred *cred);
static __inline int fuse_match_cred(struct ucred *daemoncred,
struct ucred *usercred);
int
fuse_internal_access(struct vnode *vp,
mode_t mode,
- struct ucred *cred,
+ struct fuse_access_param *facp,
struct thread *td,
- struct fuse_access_param *facp)
+ struct ucred *cred)
{
int err = 0;
+ uint32_t mask = 0;
+ int dataflag;
+ int vtype;
+ struct mount *mp;
struct fuse_dispatcher fdi;
+ struct fuse_access_in *fai;
+ struct fuse_data *data;
- /*
- * Disallow write attempts on read-only file systems; unless the file
- * is a socket, fifo, or a block or character device resident on the
- * file system.
- */
+ /* NOT YET DONE */
+ /* If this vnop gives you trouble, just return 0 here for a lazy kludge. */
+ // return 0;
- DEBUG("ro? %#x vp #%llu mode %#x\n",
- vp->v_mount->mnt_flag & MNT_RDONLY, VTOILLU(vp), mode);
+ fuse_trace_printf_func();
- RECTIFY_TDCR(td, cred);
+ mp = vnode_mount(vp);
+ vtype = vnode_vtype(vp);
- if (mode & VWRITE) {
- switch (vp->v_type) {
- case VDIR:
- case VLNK:
- case VREG:
- if (vp->v_mount->mnt_flag & MNT_RDONLY) {
- DEBUG("no write access (read-only fs)\n");
- return (EROFS);
- }
- break;
- default:
- break;
- }
- }
+ data = fusefs_get_data(mp);
+ dataflag = data->dataflag;
- bzero(&fdi, sizeof(fdi));
- if (vp->v_vflag & VV_ROOT && ! (facp->facc_flags & FACCESS_NOCHECKSPY)) {
- if ((err = fuse_check_spyable(&fdi, vp->v_mount, td, cred)))
- return (err);
- facp->facc_flags |= FACCESS_NOCHECKSPY;
+ if ((mode & VWRITE) && vfs_isrdonly(mp)) {
+ return EACCES;
}
- if (fusefs_get_data(vp->v_mount)->dataflag & FSESS_DEFAULT_PERMISSIONS ||
- /*
- * According to Linux code, we fall back to in-kernel check
- * when it comes to executing a file
- */
- (vp->v_type == VREG && mode == VEXEC)) {
- /* We are to do the check in-kernel */
-
- if (! (facp->facc_flags & FACCESS_VA_VALID)) {
- err = VOP_GETATTR(vp, VTOVA(vp), cred);
- if (err)
- return (err);
- facp->facc_flags |= FACCESS_VA_VALID;
+ // Unless explicitly permitted, deny everyone except the fs owner.
+ if (vnode_isvroot(vp) && !(facp->facc_flags & FACCESS_NOCHECKSPY)) {
+ if (!(dataflag & FSESS_DAEMON_CAN_SPY)) {
+ int denied = fuse_match_cred(data->daemoncred,
+ cred);
+ if (denied) {
+ return EACCES;
}
+ }
+ facp->facc_flags |= FACCESS_NOCHECKSPY;
+ }
- err = vaccess(VTOVA(vp)->va_type,
- VTOVA(vp)->va_mode,
- VTOVA(vp)->va_uid,
- VTOVA(vp)->va_gid,
- mode, cred, NULL);
+ if (!(facp->facc_flags & FACCESS_DO_ACCESS)) {
+ return 0;
+ }
- if (err)
- return (err);
+ if (((vtype == VREG) && (mode & VEXEC))) {
+#ifdef NEED_MOUNT_ARGUMENT_FOR_THIS
+ // Let the kernel handle this through open/close heuristics.
+ return ENOTSUP;
+#else
+ // Let the kernel handle this.
+ return 0;
+#endif
+ }
- if (facp->facc_flags & FACCESS_STICKY) {
- if (vp->v_type == VDIR && VTOVA(vp)->va_mode & S_ISTXT &&
- mode == VWRITE) {
- if (cred->cr_uid != facp->xuid &&
- cred->cr_uid != VTOVA(vp)->va_uid)
- err = priv_check_cred(cred,
- PRIV_VFS_ADMIN,
- 0);
- }
- /*
- * We return here because this flags is exlusive
- * with the others
- */
- KASSERT(facp->facc_flags == FACCESS_STICKY,
- ("sticky access check comes in mixed"));
- return (err);
- }
+ if (fusefs_get_data(mp)->dataflag & FSESS_NOACCESS) {
+ // Let the kernel handle this.
+ return 0;
+ }
- if (mode != VADMIN)
- return (err);
+ if (dataflag & FSESS_DEFAULT_PERMISSIONS) {
+ // Let the kernel handle this.
+ return 0;
+ }
- if (facp->facc_flags & FACCESS_CHOWN) {
- if ((cred->cr_uid != facp->xuid &&
- facp->xuid != (uid_t)VNOVAL) ||
- (cred->cr_gid != facp->xgid &&
- facp->xgid != (gid_t)VNOVAL &&
- ! groupmember(facp->xgid, cred)))
- err = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
- if (err)
- return (err);
- }
+ if ((mode & VADMIN) != 0) {
+ err = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
+ if (err) {
+ return err;
+ }
+ }
- if (facp->facc_flags & FACCESS_SETGID) {
- gid_t sgid = facp->xgid;
+ if ((mode & (VWRITE | VAPPEND | VADMIN)) != 0) {
+ mask |= W_OK;
+ }
+ if ((mode & VREAD) != 0) {
+ mask |= R_OK;
+ }
+ if ((mode & VEXEC) != 0) {
+ mask |= X_OK;
+ }
- if (sgid == (gid_t)VNOVAL)
- sgid = VTOVA(vp)->va_gid;
+ bzero(&fdi, sizeof(fdi));
- if (! groupmember(sgid, cred))
- err = priv_check_cred(cred, PRIV_VFS_SETGID, 0);
- return (err);
- }
+ fdisp_init(&fdi, sizeof(*fai));
+ fdisp_make_vp(&fdi, FUSE_ACCESS, vp, td, cred);
- } else {
-#if FUSE_HAS_ACCESS
- struct fuse_access_in *fai;
+ fai = fdi.indata;
+ fai->mask = F_OK;
+ fai->mask |= mask;
- if (! (facp->facc_flags & FACCESS_DO_ACCESS))
- return (0);
+ if (!(err = fdisp_wait_answ(&fdi))) {
+ fuse_ticket_drop(fdi.tick);
+ }
- if (fusefs_get_data(vp->v_mount)->dataflag & FSESS_NOACCESS)
- return (0);
-
- fdisp_init(&fdi, sizeof(*fai));
- fdisp_make_vp(&fdi, FUSE_ACCESS, vp, td, cred);
-
- fai = fdi.indata;
-
- fai->mask = F_OK;
- if (mode & VREAD)
- fai->mask |= R_OK;
- if (mode & VWRITE)
- fai->mask |= W_OK;
- if (mode & VEXEC)
- fai->mask |= X_OK;
+ if (err == ENOSYS) {
+ fusefs_get_data(mp)->dataflag |= FSESS_NOACCESS;
+ err = 0; // ENOTSUP;
+ }
- if (! (err = fdisp_wait_answ(&fdi)))
- fuse_ticket_drop(fdi.tick);
-
- if (err == ENOSYS) {
- fusefs_get_data(vp->v_mount)->dataflag |= FSESS_NOACCESS;
- err = 0;
- }
-#endif
- }
return err;
}
@@ -220,14 +178,6 @@
return (EPERM);
}
-
-static __inline int
-fuse_check_spyable(struct fuse_dispatcher *fdip, struct mount *mp,
- struct thread *td, struct ucred *cred)
-{
- return (0);
-}
-
/* fsync */
int
@@ -487,7 +437,7 @@
int err = 0;
fdisp_init(&fdi, sizeof(*fri) + fcnp->cn_namelen + tcnp->cn_namelen + 2);
- fdisp_make_vp(&fdi, FUSE_RENAME, fdvp, curthread, NULL);
+ fdisp_make_vp(&fdi, FUSE_RENAME, fdvp, tcnp->cn_thread, tcnp->cn_cred);
fri = fdi.indata;
fri->newdir = VTOI(tdvp);
@@ -528,9 +478,8 @@
fdip->iosize = bufsize + cnp->cn_namelen + 1;
- fdisp_make(fdip, mp, op, dnid, curthread, NULL);
+ fdisp_make(fdip, op, mp, dnid, curthread, NULL);
memcpy(fdip->indata, buf, bufsize);
-
memcpy((char *)fdip->indata + bufsize, cnp->cn_nameptr, cnp->cn_namelen);
((char *)fdip->indata)[bufsize + cnp->cn_namelen] = '\0';
@@ -632,7 +581,7 @@
*/
fdisp_init(fdip, sizeof(*ffi));
- fdisp_make(fdip, mp, FUSE_FORGET, nodeid, td, cred);
+ fdisp_make(fdip, FUSE_FORGET, mp, nodeid, td, cred);
ffi = fdip->indata;
ffi->nlookup = nlookup;
@@ -703,7 +652,7 @@
struct fuse_dispatcher fdi;
fdisp_init(&fdi, sizeof(*fiii));
- fdisp_make(&fdi, data->mp, FUSE_INIT, 0, td, NULL);
+ fdisp_make(&fdi, FUSE_INIT, data->mp, 0, td, NULL);
fiii = fdi.indata;
fiii->major = FUSE_KERNEL_VERSION;
fiii->minor = FUSE_KERNEL_MINOR_VERSION;
==== //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_internal.h#10 (text+ko) ====
@@ -102,9 +102,9 @@
int
fuse_internal_access(struct vnode *vp,
mode_t mode,
- struct ucred *cred,
+ struct fuse_access_param *facp,
struct thread *td,
- struct fuse_access_param *facp);
+ struct ucred *cred);
/* attributes */
==== //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_ipc.c#5 (text+ko) ====
@@ -789,8 +789,8 @@
void
fdisp_make_pid(struct fuse_dispatcher *fdip,
+ enum fuse_opcode op,
struct mount *mp,
- enum fuse_opcode op,
uint64_t nid,
pid_t pid,
struct ucred *cred)
@@ -818,15 +818,15 @@
void
fdisp_make(struct fuse_dispatcher *fdip,
+ enum fuse_opcode op,
struct mount *mp,
- enum fuse_opcode op,
uint64_t nid,
struct thread *td,
struct ucred *cred)
{
RECTIFY_TDCR(td, cred);
- return (fdisp_make_pid(fdip, mp, op, nid, td->td_proc->p_pid, cred));
+ return (fdisp_make_pid(fdip, op, mp, nid, td->td_proc->p_pid, cred));
}
void
@@ -838,7 +838,7 @@
{
debug_printf("fdip=%p, op=%d, vp=%p, context=%p\n", fdip, op, vp, context);
RECTIFY_TDCR(td, cred);
- return (fdisp_make_pid(fdip, vnode_mount(vp), op, VTOI(vp),
+ return (fdisp_make_pid(fdip, op, vnode_mount(vp), VTOI(vp),
td->td_proc->p_pid, cred));
}
==== //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_ipc.h#7 (text+ko) ====
@@ -279,12 +279,12 @@
}
-void fdisp_make(struct fuse_dispatcher *fdip, struct mount *mp,
- enum fuse_opcode op, uint64_t nid, struct thread *td,
+void fdisp_make(struct fuse_dispatcher *fdip, enum fuse_opcode op,
+ struct mount *mp, uint64_t nid, struct thread *td,
struct ucred *cred);
-void fdisp_make_pid(struct fuse_dispatcher *fdip, struct mount *mp,
- enum fuse_opcode op, uint64_t nid, pid_t pid,
+void fdisp_make_pid(struct fuse_dispatcher *fdip, enum fuse_opcode op,
+ struct mount *mp, uint64_t nid, pid_t pid,
struct ucred *cred);
void fdisp_make_vp(struct fuse_dispatcher *fdip, enum fuse_opcode op,
@@ -307,7 +307,7 @@
struct mount *mp)
{
fdisp_init(fdip, 0);
- fdisp_make(fdip, mp, FUSE_STATFS, FUSE_ROOT_ID, NULL, NULL);
+ fdisp_make(fdip, FUSE_STATFS, mp, FUSE_ROOT_ID, NULL, NULL);
return (fdisp_wait_answ(fdip));
}
==== //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_vfsops.c#12 (text+ko) ====
@@ -303,7 +303,7 @@
}
fdisp_init(&fdi, 0);
- fdisp_make(&fdi, mp, FUSE_DESTROY, 0, td, NULL);
+ fdisp_make(&fdi, FUSE_DESTROY, mp, 0, td, NULL);
err = fdisp_wait_answ(&fdi);
if (!err) {
fuse_ticket_drop(fdi.tick);
==== //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_vnops.c#15 (text+ko) ====
@@ -151,7 +151,7 @@
facp.facc_flags |= FACCESS_DO_ACCESS;
}
- return fuse_internal_access(vp, ap->a_accmode, ap->a_cred, ap->a_td, &facp);
+ return fuse_internal_access(vp, ap->a_accmode, &facp, ap->a_td, ap->a_cred);
}
/*
@@ -250,7 +250,7 @@
goto good_old;
}
- fdisp_make(fdip, vnode_mount(dvp), FUSE_CREATE, parentnid, td, cred);
+ fdisp_make(fdip, FUSE_CREATE, vnode_mount(dvp), parentnid, td, cred);
foi = fdip->indata;
foi->mode = mode;
@@ -308,7 +308,7 @@
uint64_t fh_id = ((struct fuse_open_out *)(feo + 1))->fh;
fdisp_init(fdip, sizeof(*fri));
- fdisp_make(fdip, mp, FUSE_RELEASE, nodeid, td, cred);
+ fdisp_make(fdip, FUSE_RELEASE, mp, nodeid, td, cred);
fri = fdip->indata;
fri->fh = fh_id;
fri->flags = OFLAGS(mode);
@@ -632,7 +632,7 @@
bzero(&facp, sizeof(facp));
if (vnode_isvroot(dvp)) { /* early permission check hack */
- if ((err = fuse_internal_access(dvp, VEXEC, cred, td, &facp))) {
+ if ((err = fuse_internal_access(dvp, VEXEC, &facp, td, cred))) {
return err;
}
}
@@ -675,7 +675,7 @@
op = FUSE_LOOKUP;
calldaemon:
- fdisp_make(&fdi, vnode_mount(dvp), op, nid, td, cred);
+ fdisp_make(&fdi, op, vnode_mount(dvp), nid, td, cred);
if (op == FUSE_LOOKUP) {
memcpy(fdi.indata, cnp->cn_nameptr, cnp->cn_namelen);
@@ -781,7 +781,7 @@
*/
facp.xuid = fattr->uid;
facp.facc_flags |= FACCESS_STICKY;
- err = fuse_internal_access(dvp, VWRITE, cred, td, &facp);
+ err = fuse_internal_access(dvp, VWRITE, &facp, td, cred);
facp.facc_flags &= ~FACCESS_XQUERIES;
if (err) {
@@ -973,7 +973,7 @@
err = ENOTDIR;
if (!err && !vnode_mountedhere(*vpp)) {
- err = fuse_internal_access(*vpp, VEXEC, cred, td, &facp);
+ err = fuse_internal_access(*vpp, VEXEC, &facp, td, cred);
}
if (err) {
@@ -1621,7 +1621,7 @@
if (err && !(fsai->valid & ~(FATTR_ATIME | FATTR_MTIME)) &&
vap->va_vaflags & VA_UTIMES_NULL) {
- err = fuse_internal_access(vp, VWRITE, cred, td, &facp);
+ err = fuse_internal_access(vp, VWRITE, &facp, td, cred);
}
if (err) {
More information about the p4-projects
mailing list