/* Owners and tools get it all... */
if (!id || perms[0].id == id)
- return XS_PERM_READ|XS_PERM_WRITE|XS_PERM_CREATE|XS_PERM_OWNER;
+ return XS_PERM_READ|XS_PERM_WRITE|XS_PERM_OWNER;
for (i = 1; i < num; i++)
if (perms[i].id == id)
return perms[0].perms;
}
-/* We have a weird permissions system. You can allow someone into a
- * specific node without allowing it in the parents. If it's going to
- * fail, however, we don't want the errno to indicate any information
- * about the node. */
-static int check_with_parents(struct connection *conn, const char *node,
- int errnum)
+/* What do parents say? */
+static enum xs_perm_type ask_parents(struct connection *conn,
+ const char *node)
{
struct xs_permissions *perms;
unsigned int num;
- /* We always tell them about memory failures. */
- if (errnum == ENOMEM)
- return errnum;
-
do {
node = get_parent(node);
perms = get_perms(conn->transaction, node, &num);
if (!perms)
corrupt(conn, "No permissions file at root");
- if (!(perm_for_id(conn->id, perms, num) & XS_PERM_READ))
- return EACCES;
+ return perm_for_id(conn->id, perms, num);
+}
- return errnum;
+/* We have a weird permissions system. You can allow someone into a
+ * specific node without allowing it in the parents. If it's going to
+ * fail, however, we don't want the errno to indicate any information
+ * about the node. */
+static int errno_from_parents(struct connection *conn, const char *node,
+ int errnum)
+{
+ /* We always tell them about memory failures. */
+ if (errnum == ENOMEM)
+ return errnum;
+
+ if (ask_parents(conn, node) & XS_PERM_READ)
+ return errnum;
+ return EACCES;
}
char *canonicalize(struct connection *conn, const char *node)
}
perms = get_perms(conn->transaction, node, &num);
- /* No permissions. If we want to create it and
- * it doesn't exist, check parent directory. */
- if (!perms && errno == ENOENT && (perm & XS_PERM_CREATE)) {
- char *parent = get_parent(node);
- if (!parent)
- return false;
- perms = get_perms(conn->transaction, parent, &num);
- }
- if (!perms) {
- errno = check_with_parents(conn, node, errno);
+ if (perms) {
+ if (perm_for_id(conn->id, perms, num) & perm)
+ return true;
+ errno = EACCES;
return false;
}
- if (perm_for_id(conn->id, perms, num) & perm)
- return true;
+ /* If it's OK not to exist, we consult parents. */
+ if (errno == ENOENT && (perm & XS_PERM_ENOENT_OK)) {
+ if (ask_parents(conn, node) & perm)
+ return true;
+ /* Parents say they should not know. */
+ errno = EACCES;
+ return false;
+ }
- errno = check_with_parents(conn, node, EACCES);
+ /* They might not have permission to even *see* this node, in
+ * which case we return EACCES even if it's ENOENT or EIO. */
+ errno = errno_from_parents(conn, node, errno);
return false;
}
if (streq(vec[1], XS_WRITE_NONE))
mode = XS_PERM_WRITE;
else if (streq(vec[1], XS_WRITE_CREATE))
- mode = XS_PERM_WRITE|XS_PERM_CREATE;
+ mode = XS_PERM_WRITE|XS_PERM_ENOENT_OK;
else if (streq(vec[1], XS_WRITE_CREATE_EXCL))
- mode = XS_PERM_WRITE|XS_PERM_CREATE;
+ mode = XS_PERM_WRITE|XS_PERM_ENOENT_OK;
else {
send_error(conn, EINVAL);
return;
}
/* Not going to create it? */
- if (!(mode & XS_PERM_CREATE)) {
+ if (streq(vec[1], XS_WRITE_NONE)) {
send_error(conn, ENOENT);
return;
}
static void do_mkdir(struct connection *conn, const char *node)
{
node = canonicalize(conn, node);
- if (!check_node_perms(conn, node, XS_PERM_WRITE|XS_PERM_CREATE)) {
+ if (!check_node_perms(conn, node, XS_PERM_WRITE|XS_PERM_ENOENT_OK)) {
send_error(conn, errno);
return;
}
return 0;
}
-static void add_event(struct watch *watch, const char *node)
+static void add_event(struct connection *conn,
+ struct watch *watch, const char *node)
{
struct watch_event *event;
+ /* Check read permission: no permission, no watch event.
+ * If it doesn't exist, we need permission to read parent.
+ */
+ if (!check_node_perms(conn, node, XS_PERM_READ|XS_PERM_ENOENT_OK)) {
+ fprintf(stderr, "No permission for %s\n", node);
+ return;
+ }
+
if (watch->relative_path) {
node += strlen(watch->relative_path);
if (*node == '/') /* Could be "" */
list_for_each_entry(watch, &i->watches, list) {
if (is_child(node, watch->node))
- add_event(watch, node);
+ add_event(i, watch, node);
else if (recurse && is_child(watch->node, node))
- add_event(watch, watch->node);
+ add_event(i, watch, watch->node);
else
continue;
/* If connection not doing anything, queue this. */
relative = !strstarts(vec[0], "/");
vec[0] = canonicalize(conn, vec[0]);
- if (!check_node_perms(conn, vec[0], XS_PERM_READ)) {
+ if (!is_valid_nodename(vec[0])) {
send_error(conn, errno);
return;
}
projects / xen.git / commitdiff