/* Tattach - attach a new user (fid->user) to aname.
* diod_auth.c::diod_checkauth first authenticates/authorizes user
*/
Npfcall*
diod_attach (Npfid *fid, Npfid *afid, Npstr *aname)
{
Npfcall* ret = NULL;
Fid *f = NULL;
Npqid qid;
struct stat sb;
int xflags;
if (aname->len == 0 || *aname->str != '/') {
np_uerror (EPERM);
goto error;
}
if (!(f = diod_fidalloc (fid, aname))) {
np_uerror (ENOMEM);
goto error;
}
if (diod_conf_opt_runasuid ()) {
if (fid->user->uid != diod_conf_get_runasuid ()) {
np_uerror (EPERM);
goto error;
}
}
if (!diod_match_exports (path_s (f->path), fid->conn, fid->user, &xflags))
goto error;
if ((xflags & XFLAGS_RO))
f->flags |= DIOD_FID_FLAGS_ROFS;
if ((xflags & XFLAGS_SHAREFD))
f->flags |= DIOD_FID_FLAGS_SHAREFD;
if (stat (path_s (f->path), &sb) < 0) { /* OK to follow symbolic links */
np_uerror (errno);
goto error;
}
/* N.B. removed S_ISDIR (sb.st_mode) || return ENOTDIR check.
* Allow a regular file or a blcok device to be exported.
*/
diod_ustat2qid (&sb, &qid);
if ((ret = np_create_rattach (&qid)) == NULL) {
np_uerror (ENOMEM);
goto error;
}
return ret;
error:
errn (np_rerror (), "diod_attach %s@%s:%.*s", fid->user->uname,
np_conn_get_client_id (fid->conn), aname->len, aname->str);
diod_fiddestroy (fid);
return NULL;
}
/* Tattach - attach a new user (fid->user) to aname.
* diod_auth.c::diod_checkauth first authenticates/authorizes user
*/
Npfcall*
diod_attach (Npfid *fid, Npfid *afid, Npstr *aname)
{
Npfcall* ret = NULL;
Fid *f = NULL;
Npqid qid;
struct stat sb;
if (aname->len == 0 || *aname->str != '/') {
np_uerror (EPERM);
goto error;
}
if (!(f = _fidalloc ()) || !(f->path = np_strdup (aname))) {
np_uerror (ENOMEM);
goto error;
}
if (diod_conf_opt_runasuid ()) {
if (fid->user->uid != diod_conf_get_runasuid ()) {
np_uerror (EPERM);
goto error;
}
}
if (!diod_match_exports (f->path, fid->conn, fid->user, &f->xflags))
goto error;
if (stat (f->path, &sb) < 0) { /* OK to follow symbolic links */
np_uerror (errno);
goto error;
}
if (!S_ISDIR (sb.st_mode)) {
np_uerror (ENOTDIR);
goto error;
}
_ustat2qid (&sb, &qid);
if ((ret = np_create_rattach (&qid)) == NULL) {
np_uerror (ENOMEM);
goto error;
}
fid->aux = f;
np_fid_incref (fid);
return ret;
error:
errn (np_rerror (), "diod_attach %s@%s:%.*s", fid->user->uname,
np_conn_get_client_id (fid->conn), aname->len, aname->str);
if (f)
_fidfree (f);
return NULL;
}
static void
_service_run (srvmode_t mode, int rfdno, int wfdno)
{
List l = diod_conf_get_listen ();
int nwthreads = diod_conf_get_nwthreads ();
int flags = diod_conf_get_debuglevel ();
uid_t euid = geteuid ();
int n;
ss.mode = mode;
ss.rfdno = rfdno;
ss.wfdno = wfdno;
ss.shutdown = 0;
ss.reload = 0;
_service_sigsetup ();
ss.fds = NULL;
ss.nfds = 0;
switch (mode) {
case SRV_FILEDES:
break;
case SRV_NORMAL:
case SRV_SOCKTEST:
if (!diod_sock_listen (l, &ss.fds, &ss.nfds))
msg_exit ("failed to set up listener");
#if WITH_RDMATRANS
ss.rdma = diod_rdma_create ();
diod_rdma_listen (ss.rdma);
#endif
break;
}
/* manipulate squash/runas users if not root */
if (euid != 0) {
if (diod_conf_get_allsquash ()) {
struct passwd *pw = getpwuid (euid);
char *su = diod_conf_get_squashuser ();
if (!pw)
msg_exit ("getpwuid on effective uid failed");
if (strcmp (pw->pw_name, su) != 0) {
if (strcmp (su, DFLT_SQUASHUSER) != 0)
msg ("changing squashuser '%s' to '%s' "
"since you are not root", su, pw->pw_name);
diod_conf_set_squashuser (pw->pw_name); /* fixes issue 41 */
}
} else { /* N.B. runasuser cannot be set in the config file */
uid_t ruid = diod_conf_get_runasuid ();
if (diod_conf_opt_runasuid () && ruid != euid)
msg ("changing runasuid %d to %d "
"since you are not root", ruid, euid);
diod_conf_set_runasuid (euid);
}
}
if (!diod_conf_get_foreground () && mode != SRV_FILEDES)
_daemonize (); /* implicit fork - no pthreads before this */
if (!diod_conf_get_foreground () && mode != SRV_FILEDES)
diod_log_set_dest (diod_conf_get_logdest ());
/* drop root */
if (euid == 0) {
if (diod_conf_get_allsquash ())
_become_user (diod_conf_get_squashuser (), -1, 1);
else if (diod_conf_opt_runasuid ())
_become_user (NULL, diod_conf_get_runasuid (), 1);
}
/* clear umask */
umask (0);
flags |= SRV_FLAGS_LOOSEFID; /* work around buggy clients */
flags |= SRV_FLAGS_AUTHCONN;
//flags |= SRV_FLAGS_FLUSHSIG; /* XXX temporarily off */
if (geteuid () == 0) {
flags |= SRV_FLAGS_SETFSID;
flags |= SRV_FLAGS_DAC_BYPASS;
if (_test_setgroups ())
flags |= SRV_FLAGS_SETGROUPS;
else
msg ("test_setgroups: groups are per-process (disabling)");
}
/* Process dumpable flag may have been cleared by uid manipulation above.
* Set it here, then maintain it in user.c::np_setfsid () as uids are
* further manipulated.
*/
if (prctl (PR_SET_DUMPABLE, 1, 0, 0, 0) < 0)
err_exit ("prctl PR_SET_DUMPABLE failed");
if (!diod_conf_get_userdb ())
flags |= SRV_FLAGS_NOUSERDB;
if (!(ss.srv = np_srv_create (nwthreads, flags))) /* starts threads */
errn_exit (np_rerror (), "np_srv_create");
if (diod_init (ss.srv) < 0)
errn_exit (np_rerror (), "diod_init");
if ((n = pthread_create (&ss.t, NULL, _service_loop, NULL)))
errn_exit (n, "pthread_create _service_loop");
#if WITH_RDMATRANS
if ((n = pthread_create (&ss.rdma_t, NULL, _service_loop_rdma, NULL)))
errn_exit (n, "pthread_create _service_loop_rdma");
#endif
switch (mode) {
case SRV_FILEDES:
case SRV_SOCKTEST:
np_srv_wait_conncount (ss.srv, 1);
pthread_kill (ss.t, SIGUSR1);
break;
case SRV_NORMAL:
break;
}
if ((n = pthread_join (ss.t, NULL)))
errn_exit (n, "pthread_join _service_loop");
#if WITH_RDMATRANS
if ((n = pthread_join (ss.rdma_t, NULL)))
errn_exit (n, "pthread_join _service_loop_rdma");
#endif
diod_fini (ss.srv);
np_srv_destroy (ss.srv);
}
