Commit be2d443d authored by Yathindra Naik's avatar Yathindra Naik

- Checkpoint - successful build.

- Some design points still not clear.
- Construct_node does not memdup from parents.
- get_perms is EACCES in capability model.
- set_perms, read/write node hopefully works.
parent ca2e26ef
......@@ -1044,9 +1044,13 @@ static struct node *construct_node(struct connection *conn, const char *name)
node->perms = talloc_memdup(node, parent->perms,
node->num_perms * sizeof(node->perms[0]));
#ifdef CONFIG_XENCAP
node->num_caps = parent->num_caps;
node->caps = talloc_memdup(node, parent->caps,
node->num_caps * sizeof(node->caps[0]));
//node->num_caps = parent->num_caps;
//node->caps = talloc_memdup(node, parent->caps,
// node->num_caps * sizeof(node->caps[0]));
/* We need to init this later. */
node->num_caps = 0;
node->caps = NULL;
#endif
if (domain_is_unprivileged(conn))
node->perms[0].id = conn->id;
......@@ -1062,9 +1066,6 @@ static struct node *construct_node(struct connection *conn, const char *name)
static int destroy_node(void *_node)
{
struct node *node = _node;
#ifdef CONFIG_XENCAP
int i;
#endif
TDB_DATA key;
if (streq(node->name, "/"))
......@@ -1073,10 +1074,6 @@ static int destroy_node(void *_node)
key.dptr = (void *)node->name;
key.dsize = strlen(node->name);
#ifdef CONFIG_XENCAP
for (i = 0; i < node->num_caps; ++i)
free(((void*)node->caps[i]));
#endif
tdb_delete(node->tdb, key);
return 0;
}
......@@ -1303,12 +1300,85 @@ static void do_rm(struct connection *conn, const char *name)
}
}
#if 0
/* For a given node, iterate through the domain list.
Find out which domains has the reqd capabilities
to access this node.
*/
static char *caps_to_strings(struct node *node, unsigned int *len)
{
xc_dominfo_t dominfo;
struct domain *domain, *tmp;
struct xs_permissions perm;
char *strings = NULL;
char buffer[MAX_STRLEN(unsigned int) + 1];
xc_interface *xch;
const void *ctx = node;
static LIST_HEAD(domains);
*len = 0;
xch = xc_interface_open(0,0,0);
if(xch == 0)
{
printf("xc_interface_open failed to get xc_handle!\n");
return NULL;
}
list_for_each_entry_safe(domain, tmp, &domains, list) {
if (xc_domain_getinfo(xch, domain->domid, 1,
&dominfo) == 1 &&
dominfo.domid == domain->domid) {
/* If domain has crashed or its shutdown then move on. */
if ((dominfo.crashed || dominfo.shutdown)
&& !domain->shutdown) {
domain->shutdown = 1;
continue;
}
if (!dominfo.dying)
continue;
/* Continue if this is not in cap mode. */
if (!dominfo.cap_flag)
continue;
}
/* Init the perm struct. */
perm[0].id = -1;
perm[0].perms = XS_PERM_NONE;
/* Check if this domain has the read capability. */
if (xc_cap_check(xch, domain->domid, node->caps[0]))
{
perm[0].id = domain->domid;
perm[0].perms = XS_PERM_READ;
}
/* Check if this domain has the write capability. */
if (xc_cap_check(xch, domain->domid, node->caps[1]))
{
perm[0].id = domain->domid;
perm[0].perms |= XS_PERM_WRITE;
}
if (!xs_perm_to_string(&perm, buffer, sizeof(buffer)))
return NULL;
strings = talloc_realloc(ctx, strings, char,
*len + strlen(buffer) + 1);
strcpy(strings + *len, buffer);
*len += strlen(buffer) + 1;
}
return strings;
}
#endif
static void do_get_perms(struct connection *conn, const char *name)
{
struct node *node;
char *strings;
unsigned int len;
char *strings = NULL;
unsigned int len = 0;
name = canonicalize(conn, name);
node = get_node(conn, name, XS_PERM_READ);
......@@ -1320,7 +1390,9 @@ static void do_get_perms(struct connection *conn, const char *name)
#ifdef CONFIG_XENCAP
if (domain_is_cap(conn))
{
strings = caps_to_strings(node, &len);
//strings = caps_to_strings(node, &len);
errno = EACCES;
send_error(conn, errno);
}
else
strings = perms_to_strings(node, node->perms, node->num_perms, &len);
......@@ -1339,7 +1411,7 @@ static void do_set_perms(struct connection *conn, struct buffered_data *in)
struct node *node;
#ifdef CONFIG_XENCAP
xc_interface *xch;
int domid = get_domid(conn);
//int domid = get_domid(conn);
#endif
num = xs_count_strings(in->buffer, in->used);
......@@ -1370,13 +1442,13 @@ static void do_set_perms(struct connection *conn, struct buffered_data *in)
if(xch == 0)
{
printf("xc_interface_open failed to get xc_handle!\n");
return NULL;
return;
}
xprintf("construct_node: Before xs_strings_to_caps\n");
if (!xs_strings_to_caps(num,strings)) {
if (!xs_strings_to_caps(num, permstr)) {
send_error(conn,errno);
xs_interface_close(xch);
xc_interface_close(xch);
return;
}
......@@ -1384,29 +1456,31 @@ static void do_set_perms(struct connection *conn, struct buffered_data *in)
return;
}
#endif
perms = talloc_array(node, struct xs_permissions, num);
if (!xs_strings_to_perms(perms, num, permstr)) {
send_error(conn, errno);
else
{
perms = talloc_array(node, struct xs_permissions, num);
if (!xs_strings_to_perms(perms, num, permstr)) {
send_error(conn, errno);
return;
}
/* Unprivileged domains may not change the owner. */
if (domain_is_unprivileged(conn) &&
perms[0].id != node->perms[0].id) {
send_error(conn, EPERM);
return;
}
/* Unprivileged domains may not change the owner. */
if (domain_is_unprivileged(conn) &&
perms[0].id != node->perms[0].id) {
send_error(conn, EPERM);
return;
}
}
domain_entry_dec(conn, node);
node->perms = perms;
node->num_perms = num;
domain_entry_inc(conn, node);
domain_entry_dec(conn, node);
node->perms = perms;
node->num_perms = num;
domain_entry_inc(conn, node);
}
if (!write_node(conn, node)) {
send_error(conn, errno);
return;
}
add_change_node(conn->transaction, name, false);
fire_watches(conn, name, false);
send_ack(conn, XS_SET_PERMS);
......@@ -1703,19 +1777,14 @@ static void manual_node(const char *name, const char *child)
{
struct node *node;
struct xs_permissions perms = { .id = 0, .perms = XS_PERM_NONE };
#ifdef CONFIG_XENCAP
struct capability *cap = (struct capability *)malloc(2*sizeof(struct capability));
#endif
node = talloc_zero(NULL, struct node);
node->name = name;
node->perms = &perms;
node->num_perms = 1;
#ifdef CONFIG_XENCAP
node->caps = cap;
node->caps[0] = NULL;
node->caps[1] = NULL;
node->num_caps = 2;
node->caps = NULL;
node->num_caps = 0;
#endif
node->children = (char *)child;
if (child)
......
......@@ -277,15 +277,16 @@ bool domain_is_cap(struct connection *conn)
return (conn && conn->domain && conn->domain->cap_flag);
}
#if 0
/* For a given node, iterate through the domain list.
Find out which domains has the reqd capabilities
to access this node.
*/
char *caps_to_strings(struct node *node, unsigned int *len)
static char *caps_to_strings(struct connection *conn, unsigned int *len)
{
xc_dominfo_t dominfo;
struct domain *domain, *tmp;
struct xs_permissions perm;
//struct xs_permissions perm;
char *strings = NULL;
char buffer[MAX_STRLEN(unsigned int) + 1];
*len = 0;
......@@ -306,26 +307,26 @@ char *caps_to_strings(struct node *node, unsigned int *len)
if (!dominfo.cap_flag)
continue;
}
/* Init the perm struct. */
perm[0].id = -1;
perm[0].perms = XS_PERM_NONE;
/* Check if this domain has the reqd capability. */
if (xc_cap_check(domain->domid, node->cap[0]))
/* Check if this domain has the read capability. */
if (xc_cap_check(*xc_handle, domain->domid, node->cap[0]))
{
perm[0].id = domain->domid;
perm[0].perms = XS_PERM_READ;
}
/* Check if this domain has the write capability. */
if (xc_cap_check(domain->domid, node->cap[1]))
if (xc_cap_check(*xc_handle, domain->domid, node->cap[1]))
{
perm[0].id = domain->domid;
perm[0].perms |= XS_PERM_WRITE;
}
if (!xs_perm_to_string(&perms, buffer, sizeof(buffer)))
if (!xs_perm_to_string(&perm, buffer, sizeof(buffer)))
return NULL;
strings = talloc_realloc(ctx, strings, char,
......@@ -333,10 +334,10 @@ char *caps_to_strings(struct node *node, unsigned int *len)
strcpy(strings + *len, buffer);
*len += strlen(buffer) + 1;
}
return strings;
}
#endif
#endif
bool domain_can_write(struct connection *conn)
......
......@@ -65,7 +65,7 @@ int get_domid(struct connection *conn);
bool domain_is_cap(struct connection *conn);
//char *caps_to_strings(struct node *node, unsigned int *len)
//static char *caps_to_strings(struct connection *conn, unsigned int *len)
#endif
/* Quota manipulation */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment