9p: attach-per-user

The 9P2000 protocol requires the authentication and permission checks to be done in the file server. For that reason every user that accesses the file server tree has to authenticate and attach to the server separately. Multiple users can share the same connection to the server. Currently v9fs does a single attach and executes all I/O operations as a single user. This makes using v9fs in multiuser environment unsafe as it depends on the client doing the permission checking. This patch improves the 9P2000 support by allowing every user to attach separately. The patch defines three modes of access (new mount option 'access'): - attach-per-user (access=user) (default mode for 9P2000.u) If a user tries to access a file served by v9fs for the first time, v9fs sends an attach command to the server (Tattach) specifying the user. If the attach succeeds, the user can access the v9fs tree. As there is no uname->uid (string->integer) mapping yet, this mode works only with the 9P2000.u dialect. - allow only one user to access the tree (access=<uid>) Only the user with uid can access the v9fs tree. Other users that attempt to access it will get EPERM error. - do all operations as a single user (access=any) (default for 9P2000) V9fs does a single attach and all operations are done as a single user. If this mode is selected, the v9fs behavior is identical with the current one. Signed-off-by: Latchesar Ionkov <lucho@ionkov.net> Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
author: Latchesar Ionkov <lucho@ionkov.net> 2007-10-17 15:31:07 -0400
committer: Eric Van Hensbergen <ericvh@ericvh-desktop.austin.ibm.com> 2007-10-17 15:31:07 -0400
commit: ba17674fe02909fef049fd4b620a2805bdb8c693 (patch)
tree: faa05f8705324ac0b70031dbfb08b65b1339391a /net/9p/client.c
parent: bd32b82df9876af439f1760a599c0e2da9198bda (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/net/9p/client.c b/net/9p/client.c
index e1610125a882..d83cc1247f1e 100644
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -146,7 +146,7 @@ void p9_client_disconnect(struct p9_client *clnt)
 EXPORT_SYMBOL(p9_client_disconnect);
 struct p9_fid *p9_client_attach(struct p9_client *clnt, struct p9_fid *afid,
-        char *uname, char *aname)
+        char *uname, u32 n_uname, char *aname)
 {
        int err;
        struct p9_fcall *tc, *rc;
@@ -165,7 +165,8 @@ struct p9_fid *p9_client_attach(struct p9_client *clnt, struct p9_fid *afid,
                goto error;
        }
-        tc = p9_create_tattach(fid->fid, afid?afid->fid:P9_NOFID, uname, aname);
+        tc = p9_create_tattach(fid->fid, afid?afid->fid:P9_NOFID, uname, aname,
+                n_uname, clnt->dotu);
        if (IS_ERR(tc)) {
                err = PTR_ERR(tc);
                tc = NULL;
@@ -190,7 +191,8 @@ error:
 }
 EXPORT_SYMBOL(p9_client_attach);
-struct p9_fid *p9_client_auth(struct p9_client *clnt, char *uname, char *aname)
+struct p9_fid *p9_client_auth(struct p9_client *clnt, char *uname,
+        u32 n_uname, char *aname)
 {
        int err;
        struct p9_fcall *tc, *rc;
@@ -209,7 +211,7 @@ struct p9_fid *p9_client_auth(struct p9_client *clnt, char *uname, char *aname)
                goto error;
        }
-        tc = p9_create_tauth(fid->fid, uname, aname);
+        tc = p9_create_tauth(fid->fid, uname, aname, n_uname, clnt->dotu);
        if (IS_ERR(tc)) {
                err = PTR_ERR(tc);
                tc = NULL;
author	Latchesar Ionkov <lucho@ionkov.net>	2007-10-17 15:31:07 -0400
committer	Eric Van Hensbergen <ericvh@ericvh-desktop.austin.ibm.com>	2007-10-17 15:31:07 -0400
commit	ba17674fe02909fef049fd4b620a2805bdb8c693 (patch)
tree	faa05f8705324ac0b70031dbfb08b65b1339391a /net/9p/client.c
parent	bd32b82df9876af439f1760a599c0e2da9198bda (diff)