9p: attach-per-user

The 9P2000 protocol requires the authentication and permission checks to be done in the file server. For that reason every user that accesses the file server tree has to authenticate and attach to the server separately. Multiple users can share the same connection to the server. Currently v9fs does a single attach and executes all I/O operations as a single user. This makes using v9fs in multiuser environment unsafe as it depends on the client doing the permission checking. This patch improves the 9P2000 support by allowing every user to attach separately. The patch defines three modes of access (new mount option 'access'): - attach-per-user (access=user) (default mode for 9P2000.u) If a user tries to access a file served by v9fs for the first time, v9fs sends an attach command to the server (Tattach) specifying the user. If the attach succeeds, the user can access the v9fs tree. As there is no uname->uid (string->integer) mapping yet, this mode works only with the 9P2000.u dialect. - allow only one user to access the tree (access=<uid>) Only the user with uid can access the v9fs tree. Other users that attempt to access it will get EPERM error. - do all operations as a single user (access=any) (default for 9P2000) V9fs does a single attach and all operations are done as a single user. If this mode is selected, the v9fs behavior is identical with the current one. Signed-off-by: Latchesar Ionkov <lucho@ionkov.net> Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
author: Latchesar Ionkov <lucho@ionkov.net> 2007-10-17 15:31:07 -0400
committer: Eric Van Hensbergen <ericvh@ericvh-desktop.austin.ibm.com> 2007-10-17 15:31:07 -0400
commit: ba17674fe02909fef049fd4b620a2805bdb8c693 (patch)
tree: faa05f8705324ac0b70031dbfb08b65b1339391a /fs/9p/fid.c
parent: bd32b82df9876af439f1760a599c0e2da9198bda (diff)
1 files changed, 125 insertions, 32 deletions
diff --git a/fs/9p/fid.c b/fs/9p/fid.c
index 15e05a15b575..b364da70ff28 100644
--- a/fs/9p/fid.c
+++ b/fs/9p/fid.c
@@ -1,6 +1,7 @@
 /*
 * V9FS FID Management
 *
+ *  Copyright (C) 2007 by Latchesar Ionkov <lucho@ionkov.net>
 *  Copyright (C) 2005, 2006 by Eric Van Hensbergen <ericvh@gmail.com>
 *
 *  This program is free software; you can redistribute it and/or modify
@@ -34,9 +35,9 @@
 #include "fid.h"
 /**
- * v9fs_fid_insert - add a fid to a dentry
+ * v9fs_fid_add - add a fid to a dentry
+ * @dentry: dentry that the fid is being added to
 * @fid: fid to add
- * @dentry: dentry that it is being added to
 *
 */
@@ -66,52 +67,144 @@ int v9fs_fid_add(struct dentry *dentry, struct p9_fid *fid)
 }
 /**
- * v9fs_fid_lookup - return a locked fid from a dentry
+ * v9fs_fid_find - retrieve a fid that belongs to the specified uid
 * @dentry: dentry to look for fid in
- *
+ * @uid: return fid that belongs to the specified user
- * find a fid in the dentry, obtain its semaphore and return a reference to it.
+ * @any: if non-zero, return any fid associated with the dentry
- * code calling lookup is responsible for releasing lock
- *
- * TODO: only match fids that have the same uid as current user
 *
 */
-struct p9_fid *v9fs_fid_lookup(struct dentry *dentry)
+static struct p9_fid *v9fs_fid_find(struct dentry *dentry, u32 uid, int any)
 {
        struct v9fs_dentry *dent;
-        struct p9_fid *fid;
+        struct p9_fid *fid, *ret;
-        P9_DPRINTK(P9_DEBUG_VFS, " dentry: %s (%p)\n", dentry->d_iname, dentry);
+        P9_DPRINTK(P9_DEBUG_VFS, " dentry: %s (%p) uid %d any %d\n",
-        dent = dentry->d_fsdata;
+                dentry->d_iname, dentry, uid, any);
-        if (dent)
+        dent = (struct v9fs_dentry *) dentry->d_fsdata;
-                fid = list_entry(dent->fidlist.next, struct p9_fid, dlist);
+        ret = NULL;
-        else
+        if (dent) {
-                fid = ERR_PTR(-EBADF);
+                spin_lock(&dent->lock);
+                list_for_each_entry(fid, &dent->fidlist, dlist) {
+                        if (any || fid->uid == uid) {
+                                ret = fid;
+                                break;
+                        }
+                }
+                spin_unlock(&dent->lock);
+        }
-        P9_DPRINTK(P9_DEBUG_VFS, " fid: %p\n", fid);
+        return ret;
-        return fid;
 }
 /**
- * v9fs_fid_clone - lookup the fid for a dentry, clone a private copy and
+ * v9fs_fid_lookup - lookup for a fid, try to walk if not found
- *      release it
 * @dentry: dentry to look for fid in
 *
- * find a fid in the dentry and then clone to a new private fid
+ * Look for a fid in the specified dentry for the current user.
- *
+ * If no fid is found, try to create one walking from a fid from the parent
- * TODO: only match fids that have the same uid as current user
+ * dentry (if it has one), or the root dentry. If the user haven't accessed
- *
+ * the fs yet, attach now and walk from the root.
 */
-struct p9_fid *v9fs_fid_clone(struct dentry *dentry)
+struct p9_fid *v9fs_fid_lookup(struct dentry *dentry)
 {
-        struct p9_fid *ofid, *fid;
+        int i, n, l, clone, any, access;
+        u32 uid;
+        struct p9_fid *fid;
+        struct dentry *d, *ds;
+        struct v9fs_session_info *v9ses;
+        char **wnames, *uname;
+        v9ses = v9fs_inode2v9ses(dentry->d_inode);
+        access = v9ses->flags & V9FS_ACCESS_MASK;
+        switch (access) {
+        case V9FS_ACCESS_SINGLE:
+        case V9FS_ACCESS_USER:
+                uid = current->fsuid;
+                any = 0;
+                break;
+        case V9FS_ACCESS_ANY:
+                uid = v9ses->uid;
+                any = 1;
+                break;
+        default:
+                uid = ~0;
+                any = 0;
+                break;
+        }
-        P9_DPRINTK(P9_DEBUG_VFS, " dentry: %s (%p)\n", dentry->d_iname, dentry);
+        fid = v9fs_fid_find(dentry, uid, any);
-        ofid = v9fs_fid_lookup(dentry);
+        if (fid)
-        if (IS_ERR(ofid))
+                return fid;
-                return ofid;
+        ds = dentry->d_parent;
+        fid = v9fs_fid_find(ds, uid, any);
+        if (!fid) { /* walk from the root */
+                n = 0;
+                for (ds = dentry; !IS_ROOT(ds); ds = ds->d_parent)
+                        n++;
+                fid = v9fs_fid_find(ds, uid, any);
+                if (!fid) { /* the user is not attached to the fs yet */
+                        if (access == V9FS_ACCESS_SINGLE)
+                                return ERR_PTR(-EPERM);
+                        if (v9fs_extended(v9ses))
+                                uname = NULL;
+                        else
+                                uname = v9ses->uname;
+                        fid = p9_client_attach(v9ses->clnt, NULL, uname, uid,
+                                v9ses->aname);
+                        if (IS_ERR(fid))
+                                return fid;
+                        v9fs_fid_add(ds, fid);
+                }
+        } else /* walk from the parent */
+                n = 1;
+        if (ds == dentry)
+                return fid;
+        wnames = kmalloc(sizeof(char *) * n, GFP_KERNEL);
+        if (!wnames)
+                return ERR_PTR(-ENOMEM);
+        for (d = dentry, i = n; i >= 0; i--, d = d->d_parent)
+                wnames[i] = (char *) d->d_name.name;
+        clone = 1;
+        i = 0;
+        while (i < n) {
+                l = min(n - i, P9_MAXWELEM);
+                fid = p9_client_walk(fid, l, &wnames[i], clone);
+                if (!fid) {
+                        kfree(wnames);
+                        return fid;
+                }
+                i += l;
+                clone = 0;
+        }
-        fid = p9_client_walk(ofid, 0, NULL, 1);
+        kfree(wnames);
+        v9fs_fid_add(dentry, fid);
        return fid;
 }
+struct p9_fid *v9fs_fid_clone(struct dentry *dentry)
+{
+        struct p9_fid *fid, *ret;
+        fid = v9fs_fid_lookup(dentry);
+        if (IS_ERR(fid))
+                return fid;
+        ret = p9_client_walk(fid, 0, NULL, 1);
+        return ret;
+}
author	Latchesar Ionkov <lucho@ionkov.net>	2007-10-17 15:31:07 -0400
committer	Eric Van Hensbergen <ericvh@ericvh-desktop.austin.ibm.com>	2007-10-17 15:31:07 -0400
commit	ba17674fe02909fef049fd4b620a2805bdb8c693 (patch)
tree	faa05f8705324ac0b70031dbfb08b65b1339391a /fs/9p/fid.c
parent	bd32b82df9876af439f1760a599c0e2da9198bda (diff)

diff --git a/fs/9p/fid.c b/fs/9p/fid.c index 15e05a15b575..b364da70ff28 100644 --- a/fs/9p/fid.c +++ b/fs/9p/fid.c
@@ -1,6 +1,7 @@
1	/*	1	/*
2	* V9FS FID Management	2	* V9FS FID Management
3	*	3	*
		4	* Copyright (C) 2007 by Latchesar Ionkov <lucho@ionkov.net>
4	* Copyright (C) 2005, 2006 by Eric Van Hensbergen <ericvh@gmail.com>	5	* Copyright (C) 2005, 2006 by Eric Van Hensbergen <ericvh@gmail.com>
5	*	6	*
6	* This program is free software; you can redistribute it and/or modify	7	* This program is free software; you can redistribute it and/or modify
@@ -34,9 +35,9 @@
34	#include "fid.h"	35	#include "fid.h"
35		36
36	/**	37	/**
37	* v9fs_fid_insert - add a fid to a dentry	38	* v9fs_fid_add - add a fid to a dentry
		39	* @dentry: dentry that the fid is being added to
38	* @fid: fid to add	40	* @fid: fid to add
39	* @dentry: dentry that it is being added to
40	*	41	*
41	*/	42	*/
42		43
@@ -66,52 +67,144 @@ int v9fs_fid_add(struct dentry dentry, struct p9_fid fid)
66	}	67	}
67		68
68	/**	69	/**
69	* v9fs_fid_lookup - return a locked fid from a dentry	70	* v9fs_fid_find - retrieve a fid that belongs to the specified uid
70	* @dentry: dentry to look for fid in	71	* @dentry: dentry to look for fid in
71	*	72	* @uid: return fid that belongs to the specified user
72	* find a fid in the dentry, obtain its semaphore and return a reference to it.	73	* @any: if non-zero, return any fid associated with the dentry
73	* code calling lookup is responsible for releasing lock
74	*
75	* TODO: only match fids that have the same uid as current user
76	*	74	*
77	*/	75	*/
78		76
79	struct p9_fid v9fs_fid_lookup(struct dentry dentry)	77	static struct p9_fid v9fs_fid_find(struct dentry dentry, u32 uid, int any)
80	{	78	{
81	struct v9fs_dentry *dent;	79	struct v9fs_dentry *dent;
82	struct p9_fid *fid;	80	struct p9_fid fid, ret;
83		81
84	P9_DPRINTK(P9_DEBUG_VFS, " dentry: %s (%p)\n", dentry->d_iname, dentry);	82	P9_DPRINTK(P9_DEBUG_VFS, " dentry: %s (%p) uid %d any %d\n",
85	dent = dentry->d_fsdata;	83	dentry->d_iname, dentry, uid, any);
86	if (dent)	84	dent = (struct v9fs_dentry *) dentry->d_fsdata;
87	fid = list_entry(dent->fidlist.next, struct p9_fid, dlist);	85	ret = NULL;
88	else	86	if (dent) {
89	fid = ERR_PTR(-EBADF);	87	spin_lock(&dent->lock);
		88	list_for_each_entry(fid, &dent->fidlist, dlist) {
		89	if (any \|\| fid->uid == uid) {
		90	ret = fid;
		91	break;
		92	}
		93	}
		94	spin_unlock(&dent->lock);
		95	}
90		96
91	P9_DPRINTK(P9_DEBUG_VFS, " fid: %p\n", fid);	97	return ret;
92	return fid;
93	}	98	}
94		99
95	/**	100	/**
96	* v9fs_fid_clone - lookup the fid for a dentry, clone a private copy and	101	* v9fs_fid_lookup - lookup for a fid, try to walk if not found
97	* release it
98	* @dentry: dentry to look for fid in	102	* @dentry: dentry to look for fid in
99	*	103	*
100	* find a fid in the dentry and then clone to a new private fid	104	* Look for a fid in the specified dentry for the current user.
101	*	105	* If no fid is found, try to create one walking from a fid from the parent
102	* TODO: only match fids that have the same uid as current user	106	* dentry (if it has one), or the root dentry. If the user haven't accessed
103	*	107	* the fs yet, attach now and walk from the root.
104	*/	108	*/
105		109
106	struct p9_fid v9fs_fid_clone(struct dentry dentry)	110	struct p9_fid v9fs_fid_lookup(struct dentry dentry)
107	{	111	{
108	struct p9_fid ofid, fid;	112	int i, n, l, clone, any, access;
		113	u32 uid;
		114	struct p9_fid *fid;
		115	struct dentry d, ds;
		116	struct v9fs_session_info *v9ses;
		117	char *wnames, uname;
		118
		119	v9ses = v9fs_inode2v9ses(dentry->d_inode);
		120	access = v9ses->flags & V9FS_ACCESS_MASK;
		121	switch (access) {
		122	case V9FS_ACCESS_SINGLE:
		123	case V9FS_ACCESS_USER:
		124	uid = current->fsuid;
		125	any = 0;
		126	break;
		127
		128	case V9FS_ACCESS_ANY:
		129	uid = v9ses->uid;
		130	any = 1;
		131	break;
		132
		133	default:
		134	uid = ~0;
		135	any = 0;
		136	break;
		137	}
109		138
110	P9_DPRINTK(P9_DEBUG_VFS, " dentry: %s (%p)\n", dentry->d_iname, dentry);	139	fid = v9fs_fid_find(dentry, uid, any);
111	ofid = v9fs_fid_lookup(dentry);	140	if (fid)
112	if (IS_ERR(ofid))	141	return fid;
113	return ofid;	142
		143	ds = dentry->d_parent;
		144	fid = v9fs_fid_find(ds, uid, any);
		145	if (!fid) { /* walk from the root */
		146	n = 0;
		147	for (ds = dentry; !IS_ROOT(ds); ds = ds->d_parent)
		148	n++;
		149
		150	fid = v9fs_fid_find(ds, uid, any);
		151	if (!fid) { /* the user is not attached to the fs yet */
		152	if (access == V9FS_ACCESS_SINGLE)
		153	return ERR_PTR(-EPERM);
		154
		155	if (v9fs_extended(v9ses))
		156	uname = NULL;
		157	else
		158	uname = v9ses->uname;
		159
		160	fid = p9_client_attach(v9ses->clnt, NULL, uname, uid,
		161	v9ses->aname);
		162
		163	if (IS_ERR(fid))
		164	return fid;
		165
		166	v9fs_fid_add(ds, fid);
		167	}
		168	} else /* walk from the parent */
		169	n = 1;
		170
		171	if (ds == dentry)
		172	return fid;
		173
		174	wnames = kmalloc(sizeof(char ) n, GFP_KERNEL);
		175	if (!wnames)
		176	return ERR_PTR(-ENOMEM);
		177
		178	for (d = dentry, i = n; i >= 0; i--, d = d->d_parent)
		179	wnames[i] = (char *) d->d_name.name;
		180
		181	clone = 1;
		182	i = 0;
		183	while (i < n) {
		184	l = min(n - i, P9_MAXWELEM);
		185	fid = p9_client_walk(fid, l, &wnames[i], clone);
		186	if (!fid) {
		187	kfree(wnames);
		188	return fid;
		189	}
		190
		191	i += l;
		192	clone = 0;
		193	}
114		194
115	fid = p9_client_walk(ofid, 0, NULL, 1);	195	kfree(wnames);
		196	v9fs_fid_add(dentry, fid);
116	return fid;	197	return fid;
117	}	198	}
		199
		200	struct p9_fid v9fs_fid_clone(struct dentry dentry)
		201	{
		202	struct p9_fid fid, ret;
		203
		204	fid = v9fs_fid_lookup(dentry);
		205	if (IS_ERR(fid))
		206	return fid;
		207
		208	ret = p9_client_walk(fid, 0, NULL, 1);
		209	return ret;
		210	}