a consideration on cwfs

a consideration on cwfs

[Kenji Arisawa]

Hello,

my server is running on plan9 (9front). of course the file system is cwfs.
the original file system is unable to accept because I am afraid that the allow mode
might make a problem.
I need maintenance and then need allow mode.
I don't want to disconnect network cable when cwfs is in allow mode.
it is curious for me that no one have complained this problem.
(fossil enables allow mode that restricts only to glenda)
I have been obliged to add patch to cwfs.
the patch enables
	allow [user]
which restricts allow mode only to specified user.
I am happy if 9front people support this feature.
you will find the patch at http://plan9.ar.aichi-u.ac.jp/netlib/cwfs/
that has some other premiums.

Kenji Arisawa

Re: [9front] a consideration on cwfs

[cinap_lenrek]

i cant resolve the domain here, but this seems to work:

http://plan9.aichi-u.ac.jp/netlib/cwfs/

--
cinap

Re: [9front] a consideration on cwfs

[cinap_lenrek]

thanks! this is a good idea. just commited the change but also
used the opportunity to unify the permission override code to
get rid of wstatallow flag and all the extra code in the callers
of iaccess().

--
cinap

Re: [9front] a consideration on cwfs

[arisawa]

Hello cinap,

sorry, some lines in 9p2.c have slipped off when I updated cwfs.

static int
fs_open(Chan* chan, Fcall* f, Fcall* r)
{
	Iobuf *p;
	Dentry *d;
	File *file;
	Tlock *t;
	Qid qid;
	int error, ro, fmod, wok;

	wok = 0;
	p = nil;

	if(chan == cons.chan || writeallow)
		wok = 1;

	if((file = filep(chan, f->fid, 0)) == nil){
		error = Efid;
		goto out;
	}
	if(file->open != 0){
		error = Emode;
		goto out;
	}

+	if(allowed && (allowed == file->uid)){
+		if(chatty > 1)
+			fprint(2, "fs_open: chan=%s who=%s uid=%d\n",
+				chan->whochan, chan->whoname, file->uid);
+		wok = 1;
+	}


you write much better codes than I.
I'll leave it up to you.

Kenji Arisawa

2014/08/11 5:40、cinap_lenrek@felloff.net のメール：

> thanks! this is a good idea. just commited the change but also
> used the opportunity to unify the permission override code to
> get rid of wstatallow flag and all the extra code in the callers
> of iaccess().
> 
> --
> cinap

Re: [9front] a consideration on cwfs

[arisawa]

Hello cinap,

sorry again. another slip off in sub.c

int
iaccess(File *f, Dentry *d, int m)
{
...
	/*
	 * various forms of superuser
	 */
	if(wstatallow)
		return 0;
+    if(allowed && allowed == f->uid) //Kenar
+		return 0;
	if(duallow != 0 && duallow == f->uid)
		if((d->mode & DDIR) && (m == DREAD || m == DEXEC))
			return 0;

	return 1;
}

Re: [9front] a consideration on cwfs

[cinap_lenrek]

what do you mean? i'm not doing it like that.
i defined a function:

int
isallowed(File *f)
{
	if(f->cp == cons.chan)
		return 1;
	switch(allowed){
	case 0:
		return 0;
	case -1:
		return 1;
	default:
		return f->uid == allowed;
	}
}

which is used both in iaccess() (see last line)
and 9p1.c and 9p2.c to handle wstat. i didnt
want to spread this godmode logic all over the
place but have just *one* place for it. you
see, this function also handles direct commands
from the console (f->cp == cons.chan) and
"allow all" (allow == -1) (for backwards compatibility
with the uid-less "allow" console command).

--
cinap

Re: [9front] a consideration on cwfs

[arisawa]

sorry I have not looked your changes.
I did hg update just now.
I will try.

my mail is about my cwfs.

Kenji Arisawa

On 2014/08/17, at 8:02, cinap_lenrek@felloff.net wrote:

> what do you mean? i'm not doing it like that.
> i defined a function:
> 
> int
> isallowed(File *f)
> {
> 	if(f->cp == cons.chan)
> 		return 1;
> 	switch(allowed){
> 	case 0:
> 		return 0;
> 	case -1:
> 		return 1;
> 	default:
> 		return f->uid == allowed;
> 	}
> }
> 
> which is used both in iaccess() (see last line)
> and 9p1.c and 9p2.c to handle wstat. i didnt
> want to spread this godmode logic all over the
> place but have just *one* place for it. you
> see, this function also handles direct commands
> from the console (f->cp == cons.chan) and
> "allow all" (allow == -1) (for backwards compatibility
> with the uid-less "allow" console command).
> 
> --
> cinap