aboutsummaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
authorLatchesar Ionkov <lucho@ionkov.net>2007-10-17 15:31:07 -0400
committerEric Van Hensbergen <ericvh@ericvh-desktop.austin.ibm.com>2007-10-17 15:31:07 -0400
commitba17674fe02909fef049fd4b620a2805bdb8c693 (patch)
treefaa05f8705324ac0b70031dbfb08b65b1339391a /include/net
parentbd32b82df9876af439f1760a599c0e2da9198bda (diff)
9p: attach-per-user
The 9P2000 protocol requires the authentication and permission checks to be done in the file server. For that reason every user that accesses the file server tree has to authenticate and attach to the server separately. Multiple users can share the same connection to the server. Currently v9fs does a single attach and executes all I/O operations as a single user. This makes using v9fs in multiuser environment unsafe as it depends on the client doing the permission checking. This patch improves the 9P2000 support by allowing every user to attach separately. The patch defines three modes of access (new mount option 'access'): - attach-per-user (access=user) (default mode for 9P2000.u) If a user tries to access a file served by v9fs for the first time, v9fs sends an attach command to the server (Tattach) specifying the user. If the attach succeeds, the user can access the v9fs tree. As there is no uname->uid (string->integer) mapping yet, this mode works only with the 9P2000.u dialect. - allow only one user to access the tree (access=<uid>) Only the user with uid can access the v9fs tree. Other users that attempt to access it will get EPERM error. - do all operations as a single user (access=any) (default for 9P2000) V9fs does a single attach and all operations are done as a single user. If this mode is selected, the v9fs behavior is identical with the current one. Signed-off-by: Latchesar Ionkov <lucho@ionkov.net> Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/9p/9p.h7
-rw-r--r--include/net/9p/client.h5
2 files changed, 8 insertions, 4 deletions
diff --git a/include/net/9p/9p.h b/include/net/9p/9p.h
index 7726ff41c3e6..7a448a30e39b 100644
--- a/include/net/9p/9p.h
+++ b/include/net/9p/9p.h
@@ -216,6 +216,7 @@ struct p9_tauth {
216 u32 afid; 216 u32 afid;
217 struct p9_str uname; 217 struct p9_str uname;
218 struct p9_str aname; 218 struct p9_str aname;
219 u32 n_uname; /* 9P2000.u extensions */
219}; 220};
220 221
221struct p9_rauth { 222struct p9_rauth {
@@ -239,6 +240,7 @@ struct p9_tattach {
239 u32 afid; 240 u32 afid;
240 struct p9_str uname; 241 struct p9_str uname;
241 struct p9_str aname; 242 struct p9_str aname;
243 u32 n_uname; /* 9P2000.u extensions */
242}; 244};
243 245
244struct p9_rattach { 246struct p9_rattach {
@@ -382,8 +384,9 @@ int p9_deserialize_fcall(void *buf, u32 buflen, struct p9_fcall *fc, int dotu);
382void p9_set_tag(struct p9_fcall *fc, u16 tag); 384void p9_set_tag(struct p9_fcall *fc, u16 tag);
383struct p9_fcall *p9_create_tversion(u32 msize, char *version); 385struct p9_fcall *p9_create_tversion(u32 msize, char *version);
384struct p9_fcall *p9_create_tattach(u32 fid, u32 afid, char *uname, 386struct p9_fcall *p9_create_tattach(u32 fid, u32 afid, char *uname,
385 char *aname); 387 char *aname, u32 n_uname, int dotu);
386struct p9_fcall *p9_create_tauth(u32 afid, char *uname, char *aname); 388struct p9_fcall *p9_create_tauth(u32 afid, char *uname, char *aname,
389 u32 n_uname, int dotu);
387struct p9_fcall *p9_create_tflush(u16 oldtag); 390struct p9_fcall *p9_create_tflush(u16 oldtag);
388struct p9_fcall *p9_create_twalk(u32 fid, u32 newfid, u16 nwname, 391struct p9_fcall *p9_create_twalk(u32 fid, u32 newfid, u16 nwname,
389 char **wnames); 392 char **wnames);
diff --git a/include/net/9p/client.h b/include/net/9p/client.h
index 0adafdb273f0..9b9221a21392 100644
--- a/include/net/9p/client.h
+++ b/include/net/9p/client.h
@@ -57,8 +57,9 @@ struct p9_client *p9_client_create(struct p9_trans *trans, int msize,
57void p9_client_destroy(struct p9_client *clnt); 57void p9_client_destroy(struct p9_client *clnt);
58void p9_client_disconnect(struct p9_client *clnt); 58void p9_client_disconnect(struct p9_client *clnt);
59struct p9_fid *p9_client_attach(struct p9_client *clnt, struct p9_fid *afid, 59struct p9_fid *p9_client_attach(struct p9_client *clnt, struct p9_fid *afid,
60 char *uname, char *aname); 60 char *uname, u32 n_uname, char *aname);
61struct p9_fid *p9_client_auth(struct p9_client *clnt, char *uname, char *aname); 61struct p9_fid *p9_client_auth(struct p9_client *clnt, char *uname,
62 u32 n_uname, char *aname);
62struct p9_fid *p9_client_walk(struct p9_fid *oldfid, int nwname, char **wnames, 63struct p9_fid *p9_client_walk(struct p9_fid *oldfid, int nwname, char **wnames,
63 int clone); 64 int clone);
64int p9_client_open(struct p9_fid *fid, int mode); 65int p9_client_open(struct p9_fid *fid, int mode);