| Age | Commit message (Collapse) | Author |
|---|
|
Otherwise some scripts may try to modify system files just because they find
they seem to be able to.
* trans/fakeroot.c (netfs_report_access): When FAKE_MODE is not set on
`np', call file_check_access on the underlying node instead of returning
O_RDWR|O_EXEC.
|
|
Fakeroot does not support faking them anyway, and they may change on the
underlying fs, e.g. when creating a local socket.
* trans/fakeroot.c (netfs_validate_stat): Return S_IFMT part of st_mode as
provided by underlying filesystem.
|
|
As well as other potential mode changes which are indeed supposed to still
work as root.
* trans/fakeroot.c (netfs_attempt_chmod): Always set S_IRUSR and S_IWUSR in
real_mode, and set S_IXUSR also when this is a directory.
|
|
Huge thanks to Svante Signell for having tracked the bug.
* trans/fakeroot.c (netfs_attempt_chmod): Make the file_chmod call
additionally include the modes from nn->openmodes.
|
|
* trans/fakeroot.c (check_openmodes): Make comment clearer about missing new
openmodes.
|
|
Thanks Svante Signell for the investigation and proposed patch.
* trans/fakeroot.c (new_node): Assert that `openmodes' includes only
O_RDWR|O_EXEC
(check_openmodes): Likewise with `newmodes'.
(netfs_S_dir_lookup): Keep only O_RDWR|O_EXEC from `flags' when calling
new_node.
|
|
* trans/fakeroot.c (netfs_set_translator): New function.
|
|
|
|
* trans/fakeroot.c (new_node): Initialize faked field to FAKE_DEFAULT.
|
|
Their faked field was not initialized.
Thanks a lot to Svante Signell for the investigation
* trans/fakeroot.c (new_node): Initialize faked field of nn to 0.
(netfs_attempt_mkfile): Call set_default_attributes on newly-allocated node,
and if the real mode is not the same as the requested mode, fake the mode.
|
|
`fsysServer' is only used by the symlink translator which does not use
libports. Therefor, it is not necessary to use the default payload to
port translation function.
* trans/Makefile (fsys-MIGSFLAGS): Disable the default payload to port
translation function.
|
|
* trans/Makefile (device_reply-MIGSFLAGS): Define MACH_PAYLOAD_TO_PORT.
|
|
* trans/Makefile (password-MIGSFLAGS): Add mutator.
|
|
* trans/Makefile (ifsock-MIGSFLAGS): Add mutator.
|
|
* trans/fakeroot.c (netfs_demuxer): Make the demuxer payload-aware.
|
|
* trans/mtab.c (struct mtab): Add a hash table to keep track of seen
ports.
(mtab_mark_as_seen): New function that records the identity port of a
given node in the hash table and reports whether it has been there
before.
(mtab_populate): Use the new function to avoid running in circles.
(main, open_hook): Initialize hash table.
(close_hook): Free ports and destroy hash table.
|
|
Fixes https://savannah.gnu.org/bugs/?15806 .
* trans/hello-mt.c (trivfs_append_args): Escape contents.
* trans/hello.c (trivfs_append_args): Likewise.
|
|
Make the memory_object parameter of default_pager_object_create
polymorphic. This fixes https://savannah.gnu.org/bugs/?26751 .
* hurd/default_pager.defs (default_pager_object_create): Make
memory_object parameter polymorphic.
* mach-defpager/default_pager.c (S_default_pager_object_create):
Adjust accordingly.
* trans/proxy-defpager.c (S_default_pager_object_create): Likewise.
|
|
* trans/mtab.c (main): Use setnullauth to drop privileges.
|
|
POSIX requires write access to the socket, not read access, to be able
to connect to it.
* trans/ifsock.c (S_ifsock_getsockaddr): Test for O_WRITE instead of
O_READ.
|
|
Found using the Clang Static Analyzer.
* trans/fakeroot.c (new_node): Do not leak a pointer to freed memory.
Store NULL at *np instead. This fixes a node use-after-free in
netfs_S_dir_lookup.
|
|
When using fat nodes, expressions of the form E->nn can be rewritten
as netfs_node_netnode (E). This is much faster as it only involves a
offset calculation. For reference, I used the following semantic
patch to create the patch:
@@
expression E;
@@
- E->nn
+ netfs_node_netnode (E)
* trans/fakeroot.c: Use netfs_node_netnode instead of np->nn.
|
|
Previously, fakeroot stored netnodes in the hash table. But we are
not interested in a cache for netnodes, we need a node cache. So
fakeroot kept pointers to the associated node object in each netnode
object.
Use fat netfs nodes, which combine node and netnode objects.
* trans/fakeroot.c (struct netnode): Remove np.
(idport_ihash): Fix ihash location pointer offset.
(new_node): Allocate fat nodes, store the node pointer in the hash
table.
(netfs_node_norefs): Adjust accordingly.
(netfs_S_dir_lookup): Likewise.
|
|
* trans/mtab.c (main): Fix initialization of mtab in one-shot mode.
|
|
As of recently, fakeroot would fail to create symlinks:
% fakeroot-hurd ln -s foo a
ln: failed to create symbolic link ‘a’: Operation not permitted
Fix this by overriding fshelp_isowner.
Various netfs functions will call fshelp_isowner to check whether USER
is allowed to do some operation. As fakeroot is not running within
the fakeauth'ed environment, USER contains the real user.
I have no explanation why this ever worked.
* trans/fakeroot.c (fshelp_isowner): New function.
|
|
* trans/fakeroot.c (main): Use C99-style struct initialization to
initialize argp. This avoids a warning about missing field
initializers.
|
|
* trans/fakeroot.c (netfs_attempt_chown): Fix comparison between
signed and unsigned integer expressions.
|
|
A spurious semicolon caused a control flow bug in check_openmodes,
leading to a port leak.
* trans/fakeroot.c (check_openmodes): Remove spurious semicolon.
|
|
GNU libc has provided the 'crypt' function in libcrypt for a long time,
making this check unnecessary.
* configure.ac: Remove libcrypt check and 'LIBCRYPT' substitution.
* config.make.in (LIBCRYPT): Remove.
* trans/Makefile (password-LDLIBS): Change $(LIBCRYPT) to -lcrypt.
* utils/Makefile (login-LDLIBS, addauth-LDLIBS, setauth-LDLIBS):
Likewise.
|
|
This enables the compiler to check that the server function
declarations match MIGs expectations. Fix a few oddities along the
way.
* console-client/trans.c: Include MIG-generated server header file(s).
* console/console.c: Likewise. Also, fix declarations.
* console/mutations.h (TIOCTL_IMPORTS): Just use libnetfs/priv.h.
* console/priv.h: Delete now unused file.
* ext2fs/storeinfo.c: Include MIG-generated server header file(s).
* fatfs/inode.c: Likewise.
* fatfs/main.c: Likewise. Also, fix declaration.
* isofs/inode.c: Likewise.
* libdiskfs/boot-start.c: Likewise.
* libdiskfs/file-chg.c: Include the correct MIG-generated server header file.
* libdiskfs/file-chmod.c: Include MIG-generated server header file(s).
* libdiskfs/file-get-fs-opts.c: Likewise.
* libdiskfs/init-startup.c: Likewise.
* libnetfs/file-get-children.c: Likewise.
* libnetfs/file-getcontrol.c: Include the correct MIG-generated server
header file.
* libnetfs/file-set-translator.c: Include MIG-generated server header file(s).
* libnetfs/fsstubs.c: Likewise.
* libtrivfs/file-access.c: Likewise.
* libtrivfs/file-chauthor.c: Likewise.
* libtrivfs/file-chflags.c: Likewise.
* libtrivfs/file-chg.c: Likewise.
* libtrivfs/file-chmod.c: Likewise.
* libtrivfs/file-chown.c: Likewise.
* libtrivfs/file-exec.c: Likewise.
* libtrivfs/file-get-children.c: Likewise.
* libtrivfs/file-get-fs-options.c: Likewise.
* libtrivfs/file-get-source.c: Likewise.
* libtrivfs/file-get-storage-info.c: Likewise.
* libtrivfs/file-get-trans.c: Likewise.
* libtrivfs/file-get-transcntl.c: Likewise.
* libtrivfs/file-getcontrol.c: Likewise.
* libtrivfs/file-getfh.c: Likewise.
* libtrivfs/file-getlinknode.c: Likewise.
* libtrivfs/file-lock.c: Likewise.
* libtrivfs/file-reparent.c: Likewise.
* libtrivfs/file-set-size.c: Likewise.
* libtrivfs/file-set-trans.c: Likewise.
* libtrivfs/file-statfs.c: Likewise.
* libtrivfs/file-sync.c: Likewise.
* libtrivfs/file-syncfs.c: Likewise.
* libtrivfs/file-utimes.c: Likewise.
* libtrivfs/fsys-forward.c: Likewise.
* libtrivfs/fsys-get-options.c: Likewise.
* libtrivfs/fsys-getroot.c: Likewise.
* libtrivfs/fsys-goaway.c: Likewise.
* libtrivfs/fsys-set-options.c: Likewise.
* libtrivfs/fsys-stubs.c: Likewise.
* libtrivfs/fsys-syncfs.c: Likewise.
* libtrivfs/io-async-icky.c: Likewise.
* libtrivfs/io-async.c: Likewise.
* libtrivfs/io-duplicate.c: Likewise.
* libtrivfs/io-identity.c: Likewise.
* libtrivfs/io-map.c: Likewise.
* libtrivfs/io-modes-get.c: Likewise.
* libtrivfs/io-modes-off.c: Likewise.
* libtrivfs/io-modes-on.c: Likewise.
* libtrivfs/io-modes-set.c: Likewise.
* libtrivfs/io-owner-get.c: Likewise.
* libtrivfs/io-owner-mod.c: Likewise.
* libtrivfs/io-pathconf.c: Likewise.
* libtrivfs/io-read.c: Likewise.
* libtrivfs/io-readable.c: Likewise.
* libtrivfs/io-reauthenticate.c: Likewise.
* libtrivfs/io-restrict-auth.c: Likewise.
* libtrivfs/io-revoke.c: Likewise.
* libtrivfs/io-seek.c: Likewise.
* libtrivfs/io-select.c: Likewise.
* libtrivfs/io-stat.c: Likewise.
* libtrivfs/io-stubs.c: Likewise.
* libtrivfs/io-version.c: Likewise.
* libtrivfs/io-write.c: Likewise.
* pfinet/tunnel.c: Likewise.
* storeio/io.c: Likewise.
* storeio/storeio.c: Likewise.
* term/users.c: Likewise.
* tmpfs/node.c: Likewise.
* trans/fakeroot.c: Likewise. Also, include all server headers that provide
the X_server_routine functions...
(netfs_demuxer): ... that were previously declared here.
* trans/fifo.c: Include MIG-generated server header file(s).
* trans/firmlink.c: Likewise.
* trans/hello-mt.c: Likewise.
* trans/hello.c: Likewise.
* trans/magic.c: Likewise.
* trans/mtab.c: Likewise.
* trans/new-fifo.c: Likewise.
* trans/null.c: Likewise.
* trans/proxy-defpager.c: Likewise.
* trans/streamio.c: Likewise.
* libdiskfs/fsmutations.h: Qualify the import with the libraries path.
Without this change, out-of-tree builds would no longer work.
* libnetfs/mutations.h: Likewise.
* libtrivfs/mig-mutate.h: Likewise.
|
|
* trans/Makefile: Add ifsock-MIGSFLAGS.
* trans/ifsock.c (S_ifsock_getsockaddr): Fix receiver lookup.
|
|
Previously, the mig mutator functions were in migsupport.c, preventing
them from being inlined into the mig-generated server functions. Put
them in mig-decls.h instead. Rename mutations.h to mig-mutate.h.
This is the naming convention used for pflocal.
* libtrivfs/fsmutations.h: Rename to mig-mutate.h, adopt imports.
* libtrivfs/Makefile: Adopt accordingly.
* libtrivfs/migsupport.c: Rename to mig-decls.h.
* libtrivfs/trivfs.h: Move dynamic classes/buckets declarations to
mig-decls.h, remove superfluous imports.
* exec/execmutations.h: Fix import.
* pfinet/mig-mutate.h: Likewise.
* trans/Makefile: Likewise.
|
|
|
|
Previously, map_device_to_path mapped unknown device strings to
"none". Return a copy of the original source string instead so that
e.g. nfs mount point points are properly handled.
* trans/mtab.c (map_device_to_path): Do not map unknown source strings
to "none".
|
|
Previously, the mtab translator would guess the source of a filesystem
translator from its last argument. This made all kinds of
non-filesystem translators appear in /proc/mounts, causing severe
problems due to umount --all removing vital passive translator
records.
Fix this by ignoring all translators that do not explicitly implement
file_get_source.
* trans/mtab.c (mtab_populate): Ignore translators that do not
implement file_get_source.
|
|
* hurd/fs.defs: Add file_get_children and file_get_source.
* hurd/fsys.defs: Remove fsys_get_children and fsys_get_source.
* libdiskfs/fsys-get-children.c: Rename and adapt accordingly.
* libdiskfs/fsys-get-source.c: Likewise.
* libnetfs/fsys-get-children.c: Likewise.
* libnetfs/fsys-get-source.c: Likewise.
* libtrivfs/fsys-get-children.c: Likewise.
* libtrivfs/fsys-get-source.c: Likewise.
* libdiskfs/diskfs.h: Adapt prototype and comment.
* libnetfs/netfs.h: Likewise.
* libtrivfs/trivfs.h: Likewise.
* libdiskfs/get-source.c: Adapt default implementation, provide
diskfs_disk_name by default.
* libnetfs/netfs.h: Adapt default implementation.
* libtrivfs/get-source.c: Likewise.
* libdiskfs/Makefile: Adapt accordingly.
* libnetfs/Makefile: Likewise.
* libtrivfs/Makefile: Likewise.
* trans/symlink.c: Likewise.
* trans/mtab.c: Likewise.
|
|
When a client finds a node from the hash table, it could happen that
another thread is still holding one reference on it before the current
thread has acquired its own. Simply checking for a non zero refcount isn't
enough, the new client must atomically acquire its own reference.
* trans/fakeroot.c (netfs_S_dir_lookup): Find and acquire node reference
while holding netfs_node_refcnt_lock.
|
|
* trans/fakeroot.c (netfs_S_dir_lookup): Fix node dereference.
|
|
Instead of the FAKE_REFERENCE flag, rework node caching so that nodes are
retained only if their attributes are actually changed. In addition, don't
remove unreferenced nodes from the hash table at protid release, since
their reference counter is unstable. Do it on node destruction, once the
reference counter has reached 0. This means lookups can return nodes not
referenced (other than by the hash table), a condition for which a check
is added. By never acquiring a reference on such nodes, their counter is
guaranteed to remain stable once unreferenced.
* trans/fakeroot.c (FAKE_REFERENCE): Remove macro.
(FAKE_DEFAULT): New macro.
(set_default_attributes): New function.
(set_faked_attribute): Likewise.
(netfs_node_norefs): Remove node from hash table, properly taking care
of all the locks involved.
(fakeroot_netfs_release_protid): Remove node handling code, merely call
netfs_release_protid.
(netfs_S_dir_lookup): Handle unreferenced nodes, call set_default_attributes
on node creation, remove call to netfs_attempt_chown.
(netfs_attempt_chown): Call set_faked_attribute instead of accessing faked
flags directly.
(netfs_attempt_chauthor): Likewise.
(netfs_attempt_chmod): Likewise.
(main): Likewise.
|
|
Unconditionally relay chmod requests instead of filtering those that
don't change the executable bit.
* trans/fakeroot.c (netfs_attempt_chmod): Unconditionally call file_chmod
with an unaltered mode.
|
|
This reverts commit 672005782e57e049c7c8f4d6d0b2a80c0df512b4.
That change is apparently not needed and introduced a deadlock.
* trans/fakeroot.c (netfs_attempt_mkfile): Unlock directory node before
creating new node.
|
|
* trans/fakeroot.c (netfs_S_dir_lookup): Deallocate rights to intermediate
file systems.
|
|
Use translation functions instead of doing the lookup manually.
* trans/Makefile (password-MIGSFLAGS): Add mutators.
* trans/password.c (S_password_check_user): Update accordingly.
(S_password_check_group): Likewise.
|
|
Traditionally, /proc/mounts includes only filesystem mount points.
Previously though, the mtab translator included any kind of
translator, like all /hurd/storeio translators. This causes problems
with umount --all as this would remove the passive translator records
from nodes in /dev.
Fix this by only listing filesystem-like translators by default.
Filesystem-like translators are identified by their response to
dir_readdir messages sent to their root node.
* trans/mtab.c (all_translators): New variable.
(options): Add flag to preserve the old behavior.
(parse_opt): Handle the new flag.
(is_filesystem_translator): New function.
(mtab_populate): Skip non-filesystem translators by default.
|
|
* trans/mtab.c (main): Use ports_manage_port_operations_multithread.
|
|
* trans/mtab.c (struct mtab): Add lock.
(open_hook): Initialize lock.
(close_hook): Destroy lock.
(trivfs_S_io_read): Lock mtab object, adjust error handling accordingly.
(trivfs_S_io_seek): Likewise.
(trivfs_S_io_readable): Likewise.
|
|
Previously the mtab detector tried to detect whether it talks to
itself by comparing the control port of the translator it currently
visits with its own. This was done to prevent deadlocks. However, this
did not detect non-trivial loops, i.e. two mtab translators would
still dead-lock each other.
Now that it is safe to actually file_name_lookup the root node of a
mtab translator without triggering the generation of content, this
logic can just be omitted.
* trans/mtab.c (mtab_populate): Remove the loop detection logic.
|
|
Previously the mtab content was generated in the open hook. Delay this
until the data is needed. A follow up patch will take advantage of
this to both simplify the logic in mtab_populate and make it more
robust at the same time.
* trans/mtab.c (open_hook): Do not eagerly populate the mtab.
(trivfs_S_io_read): Populate the mtab struct on demand.
(trivfs_S_io_seek): Likewise.
(trivfs_S_io_readable): Likewise.
|
|
Previously, fakeroot would not exit if a process outlived the original
process started by settrans. This caused bugs like this:
% fakeroot-hurd /bin/sh -c 'sleep 1&' 2>&1 | tee
<hangs>
Fix this by exiting if the last client of fakeroot goes away.
If noone has a right to any control or protid port, noone can ever
reacquire any such right. So it is safe to shutdown the fakeroot
translator in that case.
* trans/fakeroot.c (fakeroot_netfs_release_protid): Shutdown the
translator if the last protid object is destroyed and no control port
is around either.
|
|
* trans/fakeroot.c (netfs_S_dir_lookup): Remove dead code.
|
