hw/9pfs: Use export flag for indicating security model
This helps to remove some of the structure members
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
diff --git a/fsdev/file-op-9p.h b/fsdev/file-op-9p.h
index 272f018..908e2a5 100644
--- a/fsdev/file-op-9p.h
+++ b/fsdev/file-op-9p.h
@@ -23,23 +23,6 @@
#define SM_LOCAL_MODE_BITS 0600
#define SM_LOCAL_DIR_MODE_BITS 0700
-typedef enum
-{
- /*
- * Server will try to set uid/gid.
- * On failure ignore the error.
- */
- SM_NONE = 0,
- /*
- * uid/gid set on fileserver files
- */
- SM_PASSTHROUGH = 1,
- /*
- * uid/gid part of xattr
- */
- SM_MAPPED,
-} SecModel;
-
typedef struct FsCred
{
uid_t fc_uid;
@@ -60,12 +43,27 @@
/* export flags */
#define V9FS_IMMEDIATE_WRITEOUT 0x00000001
#define V9FS_PATHNAME_FSCONTEXT 0x00000002
+/*
+ * uid/gid set on fileserver files
+ */
+#define V9FS_SM_PASSTHROUGH 0x00000004
+/*
+ * uid/gid part of xattr
+ */
+#define V9FS_SM_MAPPED 0x00000008
+/*
+ * Server will try to set uid/gid.
+ * On failure ignore the error.
+ */
+#define V9FS_SM_NONE 0x00000010
+
+
+#define V9FS_SEC_MASK 0x0000001C
typedef struct FsContext
{
- char *fs_root;
- SecModel fs_sm;
uid_t uid;
+ char *fs_root;
int export_flags;
struct xattr_operations **xops;
struct extended_ops exops;
diff --git a/fsdev/qemu-fsdev.c b/fsdev/qemu-fsdev.c
index fcec494..ce920d6 100644
--- a/fsdev/qemu-fsdev.c
+++ b/fsdev/qemu-fsdev.c
@@ -72,14 +72,29 @@
fsle->fse.fsdev_id = g_strdup(fsdev_id);
fsle->fse.path = g_strdup(path);
- fsle->fse.security_model = g_strdup(sec_model);
fsle->fse.ops = FsDrivers[i].ops;
fsle->fse.export_flags = 0;
if (writeout) {
if (!strcmp(writeout, "immediate")) {
- fsle->fse.export_flags = V9FS_IMMEDIATE_WRITEOUT;
+ fsle->fse.export_flags |= V9FS_IMMEDIATE_WRITEOUT;
}
}
+
+ if (!strcmp(sec_model, "passthrough")) {
+ fsle->fse.export_flags |= V9FS_SM_PASSTHROUGH;
+ } else if (!strcmp(sec_model, "mapped")) {
+ fsle->fse.export_flags |= V9FS_SM_MAPPED;
+ } else if (!strcmp(sec_model, "none")) {
+ fsle->fse.export_flags |= V9FS_SM_NONE;
+ } else {
+ fprintf(stderr, "Default to security_model=none. You may want"
+ " enable advanced security model using "
+ "security option:\n\t security_model=passthrough\n\t "
+ "security_model=mapped\n");
+
+ fsle->fse.export_flags |= V9FS_SM_NONE;
+ }
+
QTAILQ_INSERT_TAIL(&fsdriver_entries, fsle, next);
return 0;
}
diff --git a/fsdev/qemu-fsdev.h b/fsdev/qemu-fsdev.h
index 69baafc..5099085 100644
--- a/fsdev/qemu-fsdev.h
+++ b/fsdev/qemu-fsdev.h
@@ -40,7 +40,6 @@
typedef struct FsDriverEntry {
char *fsdev_id;
char *path;
- char *security_model;
int export_flags;
FileOperations *ops;
} FsDriverEntry;
diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c
index af230b6..bba4c54 100644
--- a/hw/9pfs/virtio-9p-device.c
+++ b/hw/9pfs/virtio-9p-device.c
@@ -83,35 +83,18 @@
exit(1);
}
- if (!strcmp(fse->security_model, "passthrough")) {
- /* Files on the Fileserver set to client user credentials */
- s->ctx.fs_sm = SM_PASSTHROUGH;
- s->ctx.xops = passthrough_xattr_ops;
- } else if (!strcmp(fse->security_model, "mapped")) {
- /* Files on the fileserver are set to QEMU credentials.
- * Client user credentials are saved in extended attributes.
- */
- s->ctx.fs_sm = SM_MAPPED;
- s->ctx.xops = mapped_xattr_ops;
- } else if (!strcmp(fse->security_model, "none")) {
- /*
- * Files on the fileserver are set to QEMU credentials.
- */
- s->ctx.fs_sm = SM_NONE;
- s->ctx.xops = none_xattr_ops;
- } else {
- fprintf(stderr, "Default to security_model=none. You may want"
- " enable advanced security model using "
- "security option:\n\t security_model=passthrough\n\t "
- "security_model=mapped\n");
- s->ctx.fs_sm = SM_NONE;
- s->ctx.xops = none_xattr_ops;
- }
-
s->ctx.export_flags = fse->export_flags;
s->ctx.fs_root = g_strdup(fse->path);
s->ctx.exops.get_st_gen = NULL;
+ if (fse->export_flags & V9FS_SM_PASSTHROUGH) {
+ s->ctx.xops = passthrough_xattr_ops;
+ } else if (fse->export_flags & V9FS_SM_MAPPED) {
+ s->ctx.xops = mapped_xattr_ops;
+ } else if (fse->export_flags & V9FS_SM_NONE) {
+ s->ctx.xops = none_xattr_ops;
+ }
+
len = strlen(conf->tag);
if (len > MAX_TAG_LEN) {
fprintf(stderr, "mount tag '%s' (%d bytes) is longer than "
diff --git a/hw/9pfs/virtio-9p-local.c b/hw/9pfs/virtio-9p-local.c
index 0bb4cad..d561de8 100644
--- a/hw/9pfs/virtio-9p-local.c
+++ b/hw/9pfs/virtio-9p-local.c
@@ -49,7 +49,7 @@
if (err) {
return err;
}
- if (fs_ctx->fs_sm == SM_MAPPED) {
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
/* Actual credentials are part of extended attrs */
uid_t tmp_uid;
gid_t tmp_gid;
@@ -124,7 +124,7 @@
* If we fail to change ownership and if we are
* using security model none. Ignore the error
*/
- if (fs_ctx->fs_sm != SM_NONE) {
+ if ((fs_ctx->export_flags & V9FS_SEC_MASK) != V9FS_SM_NONE) {
return -1;
}
}
@@ -138,7 +138,7 @@
char buffer[PATH_MAX];
char *path = fs_path->data;
- if (fs_ctx->fs_sm == SM_MAPPED) {
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
int fd;
fd = open(rpath(fs_ctx, path, buffer), O_RDONLY);
if (fd == -1) {
@@ -149,8 +149,8 @@
} while (tsize == -1 && errno == EINTR);
close(fd);
return tsize;
- } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
- (fs_ctx->fs_sm == SM_NONE)) {
+ } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
+ (fs_ctx->export_flags & V9FS_SM_NONE)) {
tsize = readlink(rpath(fs_ctx, path, buffer), buf, bufsz);
}
return tsize;
@@ -252,10 +252,10 @@
char buffer[PATH_MAX];
char *path = fs_path->data;
- if (fs_ctx->fs_sm == SM_MAPPED) {
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
return local_set_xattr(rpath(fs_ctx, path, buffer), credp);
- } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
- (fs_ctx->fs_sm == SM_NONE)) {
+ } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
+ (fs_ctx->export_flags & V9FS_SM_NONE)) {
return chmod(rpath(fs_ctx, path, buffer), credp->fc_mode);
}
return -1;
@@ -275,7 +275,7 @@
path = fullname.data;
/* Determine the security model */
- if (fs_ctx->fs_sm == SM_MAPPED) {
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
err = mknod(rpath(fs_ctx, path, buffer),
SM_LOCAL_MODE_BITS|S_IFREG, 0);
if (err == -1) {
@@ -286,8 +286,8 @@
serrno = errno;
goto err_end;
}
- } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
- (fs_ctx->fs_sm == SM_NONE)) {
+ } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
+ (fs_ctx->export_flags & V9FS_SM_NONE)) {
err = mknod(rpath(fs_ctx, path, buffer), credp->fc_mode,
credp->fc_rdev);
if (err == -1) {
@@ -323,7 +323,7 @@
path = fullname.data;
/* Determine the security model */
- if (fs_ctx->fs_sm == SM_MAPPED) {
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
err = mkdir(rpath(fs_ctx, path, buffer), SM_LOCAL_DIR_MODE_BITS);
if (err == -1) {
goto out;
@@ -334,8 +334,8 @@
serrno = errno;
goto err_end;
}
- } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
- (fs_ctx->fs_sm == SM_NONE)) {
+ } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
+ (fs_ctx->export_flags & V9FS_SM_NONE)) {
err = mkdir(rpath(fs_ctx, path, buffer), credp->fc_mode);
if (err == -1) {
goto out;
@@ -363,7 +363,7 @@
if (err) {
return err;
}
- if (fs_ctx->fs_sm == SM_MAPPED) {
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
/* Actual credentials are part of extended attrs */
uid_t tmp_uid;
gid_t tmp_gid;
@@ -401,7 +401,7 @@
path = fullname.data;
/* Determine the security model */
- if (fs_ctx->fs_sm == SM_MAPPED) {
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
fd = open(rpath(fs_ctx, path, buffer), flags, SM_LOCAL_MODE_BITS);
if (fd == -1) {
err = fd;
@@ -414,8 +414,8 @@
serrno = errno;
goto err_end;
}
- } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
- (fs_ctx->fs_sm == SM_NONE)) {
+ } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
+ (fs_ctx->export_flags & V9FS_SM_NONE)) {
fd = open(rpath(fs_ctx, path, buffer), flags, credp->fc_mode);
if (fd == -1) {
err = fd;
@@ -454,7 +454,7 @@
newpath = fullname.data;
/* Determine the security model */
- if (fs_ctx->fs_sm == SM_MAPPED) {
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
int fd;
ssize_t oldpath_size, write_size;
fd = open(rpath(fs_ctx, newpath, buffer), O_CREAT|O_EXCL|O_RDWR,
@@ -483,8 +483,8 @@
serrno = errno;
goto err_end;
}
- } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
- (fs_ctx->fs_sm == SM_NONE)) {
+ } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
+ (fs_ctx->export_flags & V9FS_SM_NONE)) {
err = symlink(oldpath, rpath(fs_ctx, newpath, buffer));
if (err) {
goto out;
@@ -496,7 +496,7 @@
* If we fail to change ownership and if we are
* using security model none. Ignore the error
*/
- if (fs_ctx->fs_sm != SM_NONE) {
+ if ((fs_ctx->export_flags & V9FS_SEC_MASK) != V9FS_SM_NONE) {
serrno = errno;
goto err_end;
} else
@@ -551,13 +551,13 @@
char *path = fs_path->data;
if ((credp->fc_uid == -1 && credp->fc_gid == -1) ||
- (fs_ctx->fs_sm == SM_PASSTHROUGH)) {
+ (fs_ctx->export_flags & V9FS_SM_PASSTHROUGH)) {
return lchown(rpath(fs_ctx, path, buffer), credp->fc_uid,
credp->fc_gid);
- } else if (fs_ctx->fs_sm == SM_MAPPED) {
+ } else if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
return local_set_xattr(rpath(fs_ctx, path, buffer), credp);
- } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
- (fs_ctx->fs_sm == SM_NONE)) {
+ } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
+ (fs_ctx->export_flags & V9FS_SM_NONE)) {
return lchown(rpath(fs_ctx, path, buffer), credp->fc_uid,
credp->fc_gid);
}