Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 19 Jun 2011 09:33:23 GMT
From:      Ilya Putsikau <ilya@FreeBSD.org>
To:        Perforce Change Reviews <perforce@FreeBSD.org>
Subject:   PERFORCE change 194956 for review
Message-ID:  <201106190933.p5J9XNit070392@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://p4web.freebsd.org/@@194956?ac=10

Change 194956 by ilya@ilya_triton2011 on 2011/06/19 09:32:34

	Merge fuse_internal_access, change arguments order
	Change fdisp_make arguments order to same as macfuse

Affected files ...

.. //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_internal.c#9 edit
.. //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_internal.h#10 edit
.. //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_ipc.c#5 edit
.. //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_ipc.h#7 edit
.. //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_vfsops.c#12 edit
.. //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_vnops.c#15 edit

Differences ...

==== //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_internal.c#9 (text+ko) ====

@@ -47,154 +47,112 @@
 
 /* access */
 
-static __inline int     fuse_check_spyable(struct fuse_dispatcher *fdip,
-                                           struct mount *mp, struct thread *td,
-                                           struct ucred *cred);
 static __inline int     fuse_match_cred(struct ucred *daemoncred,
                                         struct ucred *usercred);
 
 int
 fuse_internal_access(struct vnode *vp,
                      mode_t mode,
-                     struct ucred *cred,
+                     struct fuse_access_param *facp,
                      struct thread *td,
-                     struct fuse_access_param *facp)
+                     struct ucred *cred)
 {
     int err = 0;
+    uint32_t mask = 0;
+    int dataflag;
+    int vtype;
+    struct mount *mp;
     struct fuse_dispatcher fdi;
+    struct fuse_access_in *fai;
+    struct fuse_data      *data;
 
-    /*
-     * Disallow write attempts on read-only file systems; unless the file
-     * is a socket, fifo, or a block or character device resident on the
-     * file system.
-     */
+    /* NOT YET DONE */
+    /* If this vnop gives you trouble, just return 0 here for a lazy kludge. */
+    // return 0;
 
-    DEBUG("ro? %#x vp #%llu mode %#x\n",
-          vp->v_mount->mnt_flag & MNT_RDONLY, VTOILLU(vp), mode);
+    fuse_trace_printf_func();
 
-    RECTIFY_TDCR(td, cred);
+    mp = vnode_mount(vp);
+    vtype = vnode_vtype(vp);
 
-    if (mode & VWRITE) {
-            switch (vp->v_type) {
-            case VDIR:
-            case VLNK:
-            case VREG:
-                    if (vp->v_mount->mnt_flag & MNT_RDONLY) {
-                            DEBUG("no write access (read-only fs)\n");
-                            return (EROFS);
-                    }
-                    break;
-            default:
-                    break;
-            }
-    }
+    data = fusefs_get_data(mp);
+    dataflag = data->dataflag;
 
-    bzero(&fdi, sizeof(fdi));
-    if (vp->v_vflag & VV_ROOT && ! (facp->facc_flags & FACCESS_NOCHECKSPY)) {
-            if ((err = fuse_check_spyable(&fdi, vp->v_mount, td, cred)))
-                    return (err);
-            facp->facc_flags |= FACCESS_NOCHECKSPY;
+    if ((mode & VWRITE) && vfs_isrdonly(mp)) {
+        return EACCES;
     }
 
-    if (fusefs_get_data(vp->v_mount)->dataflag & FSESS_DEFAULT_PERMISSIONS ||
-        /*
-         * According to Linux code, we fall back to in-kernel check
-         * when it comes to executing a file
-         */
-        (vp->v_type == VREG && mode == VEXEC)) {
-            /* We are to do the check in-kernel */
-
-            if (! (facp->facc_flags & FACCESS_VA_VALID)) {
-                    err = VOP_GETATTR(vp, VTOVA(vp), cred);
-                    if (err)
-                            return (err);
-                    facp->facc_flags |= FACCESS_VA_VALID;
+    // Unless explicitly permitted, deny everyone except the fs owner.
+    if (vnode_isvroot(vp) && !(facp->facc_flags & FACCESS_NOCHECKSPY)) {
+        if (!(dataflag & FSESS_DAEMON_CAN_SPY)) {
+            int denied = fuse_match_cred(data->daemoncred,
+                                         cred);
+            if (denied) {
+                return EACCES;
             }
+        }
+        facp->facc_flags |= FACCESS_NOCHECKSPY;
+    }
 
-            err = vaccess(VTOVA(vp)->va_type,
-                          VTOVA(vp)->va_mode,
-                          VTOVA(vp)->va_uid,
-                          VTOVA(vp)->va_gid,
-                          mode, cred, NULL);
+    if (!(facp->facc_flags & FACCESS_DO_ACCESS)) {
+        return 0;
+    }
 
-            if (err)
-                    return (err);
+    if (((vtype == VREG) && (mode & VEXEC))) {
+#ifdef NEED_MOUNT_ARGUMENT_FOR_THIS
+        // Let the kernel handle this through open/close heuristics.
+        return ENOTSUP;
+#else
+        // Let the kernel handle this.
+        return 0;
+#endif
+    }
 
-            if (facp->facc_flags & FACCESS_STICKY) {
-                    if (vp->v_type == VDIR && VTOVA(vp)->va_mode & S_ISTXT &&
-                        mode == VWRITE) {
-                            if (cred->cr_uid != facp->xuid &&
-                                cred->cr_uid != VTOVA(vp)->va_uid)
-                                    err = priv_check_cred(cred,
-                                                          PRIV_VFS_ADMIN,
-                                                          0);
-                    }
-                    /*
-                     * We return here because this flags is exlusive
-                     * with the others
-                     */
-                    KASSERT(facp->facc_flags == FACCESS_STICKY,
-                            ("sticky access check comes in mixed"));
-                    return (err);
-            }
+    if (fusefs_get_data(mp)->dataflag & FSESS_NOACCESS) {
+        // Let the kernel handle this.
+        return 0;
+    }
 
-            if (mode != VADMIN)
-                    return (err);
+    if (dataflag & FSESS_DEFAULT_PERMISSIONS) {
+        // Let the kernel handle this.
+        return 0;
+    }
 
-            if (facp->facc_flags & FACCESS_CHOWN) {
-                    if ((cred->cr_uid != facp->xuid &&
-                             facp->xuid != (uid_t)VNOVAL) ||
-                        (cred->cr_gid != facp->xgid &&
-                             facp->xgid != (gid_t)VNOVAL &&
-                             ! groupmember(facp->xgid, cred)))
-                            err = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
-                    if (err)
-                            return (err);
-            }
+    if ((mode & VADMIN) != 0) {
+        err = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
+        if (err) {
+            return err;
+        }
+    }
 
-            if (facp->facc_flags & FACCESS_SETGID) {
-                    gid_t sgid = facp->xgid;
+    if ((mode & (VWRITE | VAPPEND | VADMIN)) != 0) {
+        mask |= W_OK;
+    }
+    if ((mode & VREAD) != 0) {
+        mask |= R_OK;
+    }
+    if ((mode & VEXEC) != 0) {
+        mask |= X_OK;
+    }
 
-                    if (sgid == (gid_t)VNOVAL)
-                            sgid = VTOVA(vp)->va_gid;
+    bzero(&fdi, sizeof(fdi));
 
-                    if (! groupmember(sgid, cred))
-                            err = priv_check_cred(cred, PRIV_VFS_SETGID, 0);
-                    return (err);
-            }
+    fdisp_init(&fdi, sizeof(*fai));
+    fdisp_make_vp(&fdi, FUSE_ACCESS, vp, td, cred);
 
-    } else {
-#if FUSE_HAS_ACCESS
-            struct fuse_access_in *fai;
+    fai = fdi.indata;
+    fai->mask = F_OK;
+    fai->mask |= mask;
 
-            if (! (facp->facc_flags & FACCESS_DO_ACCESS))
-                    return (0);
+    if (!(err = fdisp_wait_answ(&fdi))) {
+        fuse_ticket_drop(fdi.tick);
+    }
 
-            if (fusefs_get_data(vp->v_mount)->dataflag & FSESS_NOACCESS)
-                    return (0);
-
-            fdisp_init(&fdi, sizeof(*fai));
-            fdisp_make_vp(&fdi, FUSE_ACCESS, vp, td, cred);
-
-            fai = fdi.indata;
-
-            fai->mask = F_OK;
-            if (mode & VREAD)
-                    fai->mask |= R_OK;
-            if (mode & VWRITE)
-                    fai->mask |= W_OK;
-            if (mode & VEXEC)
-                    fai->mask |= X_OK;
+    if (err == ENOSYS) {
+        fusefs_get_data(mp)->dataflag |= FSESS_NOACCESS;
+        err = 0; // ENOTSUP;
+    }
 
-            if (! (err = fdisp_wait_answ(&fdi)))
-                    fuse_ticket_drop(fdi.tick);
-
-            if (err == ENOSYS) {
-                    fusefs_get_data(vp->v_mount)->dataflag |= FSESS_NOACCESS;
-                    err = 0;
-            }
-#endif
-    }
     return err;
 }
 
@@ -220,14 +178,6 @@
 	return (EPERM);
 }
 
-
-static __inline int
-fuse_check_spyable(struct fuse_dispatcher *fdip, struct mount *mp,
-                   struct thread *td, struct ucred *cred)
-{
-	return (0);
-}
-
 /* fsync */
 
 int
@@ -487,7 +437,7 @@
     int err = 0;
 
     fdisp_init(&fdi, sizeof(*fri) + fcnp->cn_namelen + tcnp->cn_namelen + 2);
-    fdisp_make_vp(&fdi, FUSE_RENAME, fdvp, curthread, NULL);
+    fdisp_make_vp(&fdi, FUSE_RENAME, fdvp, tcnp->cn_thread, tcnp->cn_cred);
 
     fri = fdi.indata;
     fri->newdir = VTOI(tdvp);
@@ -528,9 +478,8 @@
 
     fdip->iosize = bufsize + cnp->cn_namelen + 1;
 
-    fdisp_make(fdip, mp, op, dnid, curthread, NULL);
+    fdisp_make(fdip, op, mp, dnid, curthread, NULL);
     memcpy(fdip->indata, buf, bufsize);
-
     memcpy((char *)fdip->indata + bufsize, cnp->cn_nameptr, cnp->cn_namelen);
     ((char *)fdip->indata)[bufsize + cnp->cn_namelen] = '\0';
 
@@ -632,7 +581,7 @@
      */
 
     fdisp_init(fdip, sizeof(*ffi));
-    fdisp_make(fdip, mp, FUSE_FORGET, nodeid, td, cred);
+    fdisp_make(fdip, FUSE_FORGET, mp, nodeid, td, cred);
 
     ffi = fdip->indata;
     ffi->nlookup = nlookup;
@@ -703,7 +652,7 @@
     struct fuse_dispatcher fdi;
 
     fdisp_init(&fdi, sizeof(*fiii));
-    fdisp_make(&fdi, data->mp, FUSE_INIT, 0, td, NULL);
+    fdisp_make(&fdi, FUSE_INIT, data->mp, 0, td, NULL);
     fiii = fdi.indata;
     fiii->major = FUSE_KERNEL_VERSION;
     fiii->minor = FUSE_KERNEL_MINOR_VERSION;

==== //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_internal.h#10 (text+ko) ====

@@ -102,9 +102,9 @@
 int
 fuse_internal_access(struct vnode *vp,
                      mode_t mode,
-                     struct ucred *cred,
+                     struct fuse_access_param *facp,
                      struct thread *td,
-                     struct fuse_access_param *facp);
+                     struct ucred *cred);
 
 /* attributes */
 

==== //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_ipc.c#5 (text+ko) ====

@@ -789,8 +789,8 @@
 
 void
 fdisp_make_pid(struct fuse_dispatcher *fdip,
+               enum fuse_opcode op,
                struct mount *mp,
-               enum fuse_opcode op,
                uint64_t nid,
                pid_t pid,
                struct ucred *cred)
@@ -818,15 +818,15 @@
 
 void
 fdisp_make(struct fuse_dispatcher *fdip,
+           enum fuse_opcode op,
            struct mount *mp,
-           enum fuse_opcode op,
            uint64_t nid,
            struct thread *td,
            struct ucred *cred)
 {
     RECTIFY_TDCR(td, cred);
 
-    return (fdisp_make_pid(fdip, mp, op, nid, td->td_proc->p_pid, cred));
+    return (fdisp_make_pid(fdip, op, mp, nid, td->td_proc->p_pid, cred));
 }
 
 void
@@ -838,7 +838,7 @@
 {
     debug_printf("fdip=%p, op=%d, vp=%p, context=%p\n", fdip, op, vp, context);
     RECTIFY_TDCR(td, cred);
-    return (fdisp_make_pid(fdip, vnode_mount(vp), op, VTOI(vp),
+    return (fdisp_make_pid(fdip, op, vnode_mount(vp), VTOI(vp),
             td->td_proc->p_pid, cred));
 }
 

==== //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_ipc.h#7 (text+ko) ====

@@ -279,12 +279,12 @@
 }
 
 
-void fdisp_make(struct fuse_dispatcher *fdip, struct mount *mp,
-                enum fuse_opcode op, uint64_t nid, struct thread *td,
+void fdisp_make(struct fuse_dispatcher *fdip, enum fuse_opcode op,
+                struct mount *mp, uint64_t nid, struct thread *td,
                 struct ucred *cred);
 
-void fdisp_make_pid(struct fuse_dispatcher *fdip, struct mount *mp,
-                    enum fuse_opcode op, uint64_t nid, pid_t pid,
+void fdisp_make_pid(struct fuse_dispatcher *fdip, enum fuse_opcode op,
+                    struct mount *mp, uint64_t nid, pid_t pid,
                     struct ucred *cred);
 
 void fdisp_make_vp(struct fuse_dispatcher *fdip, enum fuse_opcode op,
@@ -307,7 +307,7 @@
                          struct mount           *mp)
 {
    fdisp_init(fdip, 0);
-   fdisp_make(fdip, mp, FUSE_STATFS, FUSE_ROOT_ID, NULL, NULL);
+   fdisp_make(fdip, FUSE_STATFS, mp, FUSE_ROOT_ID, NULL, NULL);
    return (fdisp_wait_answ(fdip));
 }
 

==== //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_vfsops.c#12 (text+ko) ====

@@ -303,7 +303,7 @@
     }
 
     fdisp_init(&fdi, 0);
-    fdisp_make(&fdi, mp, FUSE_DESTROY, 0, td, NULL);
+    fdisp_make(&fdi, FUSE_DESTROY, mp, 0, td, NULL);
     err = fdisp_wait_answ(&fdi);
     if (!err) {
         fuse_ticket_drop(fdi.tick);

==== //depot/projects/soc2011/ilya_fuse/fuse_module/fuse_vnops.c#15 (text+ko) ====

@@ -151,7 +151,7 @@
         facp.facc_flags |= FACCESS_DO_ACCESS;
     }   
 
-    return fuse_internal_access(vp, ap->a_accmode, ap->a_cred, ap->a_td, &facp);
+    return fuse_internal_access(vp, ap->a_accmode, &facp, ap->a_td, ap->a_cred);
 }
 
 /*
@@ -250,7 +250,7 @@
         goto good_old;
     }
 
-    fdisp_make(fdip, vnode_mount(dvp), FUSE_CREATE, parentnid, td, cred);
+    fdisp_make(fdip, FUSE_CREATE, vnode_mount(dvp), parentnid, td, cred);
 
     foi = fdip->indata;
     foi->mode = mode;
@@ -308,7 +308,7 @@
            uint64_t fh_id = ((struct fuse_open_out *)(feo + 1))->fh;
 
            fdisp_init(fdip, sizeof(*fri));
-           fdisp_make(fdip, mp, FUSE_RELEASE, nodeid, td, cred);
+           fdisp_make(fdip, FUSE_RELEASE, mp, nodeid, td, cred);
            fri = fdip->indata;
            fri->fh = fh_id;
            fri->flags = OFLAGS(mode);
@@ -632,7 +632,7 @@
 
     bzero(&facp, sizeof(facp));
     if (vnode_isvroot(dvp)) { /* early permission check hack */
-        if ((err = fuse_internal_access(dvp, VEXEC, cred, td, &facp))) {
+        if ((err = fuse_internal_access(dvp, VEXEC, &facp, td, cred))) {
             return err;
         }
     }
@@ -675,7 +675,7 @@
     op = FUSE_LOOKUP;
 
 calldaemon:
-    fdisp_make(&fdi, vnode_mount(dvp), op, nid, td, cred);
+    fdisp_make(&fdi, op, vnode_mount(dvp), nid, td, cred);
 
     if (op == FUSE_LOOKUP) {
         memcpy(fdi.indata, cnp->cn_nameptr, cnp->cn_namelen);
@@ -781,7 +781,7 @@
              */
             facp.xuid = fattr->uid;
             facp.facc_flags |= FACCESS_STICKY;
-            err = fuse_internal_access(dvp, VWRITE, cred, td, &facp);
+            err = fuse_internal_access(dvp, VWRITE, &facp, td, cred);
             facp.facc_flags &= ~FACCESS_XQUERIES;
 
             if (err) {
@@ -973,7 +973,7 @@
                     err = ENOTDIR;
 
                 if (!err && !vnode_mountedhere(*vpp)) {
-                    err = fuse_internal_access(*vpp, VEXEC, cred, td, &facp);
+                    err = fuse_internal_access(*vpp, VEXEC, &facp, td, cred);
                 }
 
                 if (err) {
@@ -1621,7 +1621,7 @@
 
     if (err && !(fsai->valid & ~(FATTR_ATIME | FATTR_MTIME)) &&
         vap->va_vaflags & VA_UTIMES_NULL) {
-        err = fuse_internal_access(vp, VWRITE, cred, td, &facp);
+        err = fuse_internal_access(vp, VWRITE, &facp, td, cred);
     }
 
     if (err) {

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201106190933.p5J9XNit070392>