webserver: comparison src/server/daemon/vfs.c

-:9ba9f8befa80
+:6942a8c3e737
 #include "../util/pool.h"
 #include "acl.h"
 #include "vfs.h"
+#define VFS_MALLOC(pool, size) pool ? pool_malloc(pool, size) : malloc(size)
+#define VFS_FREE(pool, ptr) pool ? pool_free(pool, ptr) : free(ptr)
 static UcxMap *vfs_map;
+static VFS sys_vfs = {
+sys_vfs_open,
+sys_vfs_stat,
+sys_vfs_fstat,
+sys_vfs_opendir,
+sys_vfs_mkdir,
+sys_vfs_unlink,
+VFS_CHECKS_ACL
+};
 static VFS_IO sys_file_io = {
 sys_file_read,
 sys_file_write,
 sys_file_seek,
 WS_ASSERT(rq);
 VFSContext *ctx = pool_malloc(sn->pool, sizeof(VFSContext));
 ctx->sn = sn;
 ctx->rq = rq;
-ctx->vfs = rq->vfs;
+ctx->vfs = rq->vfs ? rq->vfs : &sys_vfs;
 ctx->user = acllist_getuser(sn, rq, rq->acllist);
 ctx->acllist = rq->acllist;
 ctx->aclreqaccess = rq->aclreqaccess;
 ctx->pool = sn->pool;
 ctx->vfs_errno = 0;
 return ctx;
 }
 SYS_FILE vfs_open(VFSContext *ctx, char *path, int oflags) {
+WS_ASSERT(ctx);
 WS_ASSERT(path);
-Session *sn;
+uint32_t access_mask = ctx->aclreqaccess | acl_oflag2mask(oflags);
-Request *rq;
-pool_handle_t *pool;
+// ctx->aclreqaccess should be the complete access mask
-uint32_t access_mask;
+uint32_t m = ctx->aclreqaccess; // save original access mask
+ctx->aclreqaccess = access_mask; // set mask for vfs->open call
-if(ctx) {
+if((ctx->vfs->flags & VFS_CHECKS_ACL) != VFS_CHECKS_ACL) {
-access_mask = ctx->aclreqaccess;
+// VFS does not evaluates the ACL itself, so we have to do it here
-access_mask |= acl_oflag2mask(oflags);
+SysACL sysacl;
-if(!ctx->pool) {
+if(sys_acl_check(ctx, access_mask, &sysacl)) {
-// TODO: log warning
+return NULL;
-// broken VFSContext
+}
 }
-if(ctx->vfs) {
+SYS_FILE file = ctx->vfs->open(ctx, path, oflags);
-// ctx->aclreqaccess should be the complete access mask
+ctx->aclreqaccess = m; // restore original access mask
-uint32_t m = ctx->aclreqaccess; // save original access mask
+return file;
-ctx->aclreqaccess = access_mask; // set mask for vfs->open call
+}
-SYS_FILE file = ctx->vfs->open(ctx, path, oflags);
-ctx->aclreqaccess = m; // restore original access mask
+SYS_FILE vfs_openRO(VFSContext *ctx, char *path) {
-return file;
+return vfs_open(ctx, path, O_RDONLY);
-} else {
+}
-pool = ctx->pool;
-}
+SYS_FILE vfs_openWO(VFSContext *ctx, char *path) {
+return vfs_open(ctx, path, O_WRONLY | O_CREAT);
+}
+SYS_FILE vfs_openRW(VFSContext *ctx, char *path) {
+return vfs_open(ctx, path, O_RDONLY | O_WRONLY | O_CREAT);
+}
+int vfs_stat(VFSContext *ctx, char *path, struct stat *buf) {
+WS_ASSERT(ctx);
+WS_ASSERT(path);
+uint32_t access_mask = ctx->aclreqaccess | ACL_READ_ATTRIBUTES;
+// ctx->aclreqaccess should be the complete access mask
+uint32_t m = ctx->aclreqaccess; // save original access mask
+ctx->aclreqaccess = access_mask; // set mask for vfs->open call
+if((ctx->vfs->flags & VFS_CHECKS_ACL) != VFS_CHECKS_ACL) {
+// VFS does not evaluates the ACL itself, so we have to do it here
+SysACL sysacl;
+if(sys_acl_check(ctx, access_mask, &sysacl)) {
+return -1;
+}
+}
+int ret = ctx->vfs->stat(ctx, path, buf);
+ctx->aclreqaccess = m; // restore original access mask
+return ret;
+}
+int vfs_fstat(VFSContext *ctx, SYS_FILE fd, struct stat *buf) {
+WS_ASSERT(ctx);
+WS_ASSERT(fd);
+WS_ASSERT(buf);
+return ctx->vfs->fstat(ctx, fd, buf);
+}
+void vfs_close(SYS_FILE fd) {
+WS_ASSERT(fd);
+fd->io->close(fd);
+if(fd->ctx) {
+pool_free(fd->ctx->pool, fd);
 } else {
-sn = NULL;
+free(fd);
-rq = NULL;
+}
-pool = NULL;
+}
-access_mask = acl_oflag2mask(oflags);
-}
+VFS_DIR vfs_opendir(VFSContext *ctx, char *path) {
+WS_ASSERT(ctx);
+WS_ASSERT(path);
+uint32_t access_mask = ctx->aclreqaccess | ACL_LIST;
+// ctx->aclreqaccess should be the complete access mask
+uint32_t m = ctx->aclreqaccess; // save original access mask
+ctx->aclreqaccess = access_mask; // set mask for vfs->open call
+if((ctx->vfs->flags & VFS_CHECKS_ACL) != VFS_CHECKS_ACL) {
+// VFS does not evaluates the ACL itself, so we have to do it here
+SysACL sysacl;
+if(sys_acl_check(ctx, access_mask, &sysacl)) {
+return NULL;
+}
+}
+VFS_DIR dir = ctx->vfs->opendir(ctx, path);
+ctx->aclreqaccess = m; // restore original access mask
+return dir;
+}
+int vfs_readdir(VFS_DIR dir, VFS_ENTRY *entry) {
+WS_ASSERT(dir);
+WS_ASSERT(entry);
+return dir->io->readdir(dir, entry, 0);
+}
+int vfs_readdir_stat(VFS_DIR dir, VFS_ENTRY *entry) {
+WS_ASSERT(dir);
+WS_ASSERT(entry);
+return dir->io->readdir(dir, entry, 1);
+}
+void vfs_closedir(VFS_DIR dir) {
+WS_ASSERT(dir);
+dir->io->close(dir);
+if(dir->ctx) {
+VFS_FREE(dir->ctx->pool, dir);
+} else {
+free(dir);
+}
+}
+int vfs_mkdir(VFSContext *ctx, char *path) {
+WS_ASSERT(ctx);
+WS_ASSERT(path);
+return vfs_path_op(ctx, path, ctx->vfs->mkdir, ACL_ADD_FILE);
+}
+int vfs_unlink(VFSContext *ctx, char *path) {
+WS_ASSERT(ctx);
+WS_ASSERT(path);
+return vfs_path_op(ctx, path, ctx->vfs->unlink, ACL_DELETE);
+}
+// private
+int vfs_path_op(VFSContext *ctx, char *path, vfs_op_f op, uint32_t access) {
+uint32_t access_mask = ctx->aclreqaccess;
+access_mask |= access;
+// ctx->aclreqaccess should be the complete access mask
+uint32_t m = ctx->aclreqaccess; // save original access mask
+ctx->aclreqaccess = access_mask; // set mask for vfs function call
+if((ctx->vfs->flags & VFS_CHECKS_ACL) != VFS_CHECKS_ACL) {
+// VFS does not evaluates the ACL itself, so we have to do it here
+SysACL sysacl;
+if(sys_acl_check(ctx, access_mask, &sysacl)) {
+return -1;
+}
+}
+int ret = op(ctx, path);
+ctx->aclreqaccess = m; // restore original access mask
+return ret;
+}
+/* system vfs implementation */
+SYS_FILE sys_vfs_open(VFSContext *ctx, char *path, int oflags) {
+uint32_t access_mask = ctx->aclreqaccess;
+pool_handle_t *pool = ctx->pool;
 // check ACLs
 SysACL sysacl;
 if(sys_acl_check(ctx, access_mask, &sysacl)) {
 return NULL;
 close(fd);
 return NULL;
 }
 }
+VFSFile *file = VFS_MALLOC(pool, sizeof(VFSFile));
-VFSFile *file = pool ?
-pool_malloc(pool, sizeof(VFSFile)) : malloc(sizeof(VFSFile));
 if(!file) {
 close(fd);
 return NULL;
 }
 file->ctx = ctx;
 file->fd = fd;
 file->io = &sys_file_io;
 return file;
 }
-SYS_FILE vfs_openRO(VFSContext *ctx, char *path) {
+int sys_vfs_stat(VFSContext *ctx, char *path, struct stat *buf) {
-return vfs_open(ctx, path, O_RDONLY);
+uint32_t access_mask = ctx->aclreqaccess;
-}
-SYS_FILE vfs_openWO(VFSContext *ctx, char *path) {
-return vfs_open(ctx, path, O_WRONLY | O_CREAT);
-}
-SYS_FILE vfs_openRW(VFSContext *ctx, char *path) {
-return vfs_open(ctx, path, O_RDONLY | O_WRONLY | O_CREAT);
-}
-int vfs_stat(VFSContext *ctx, char *path, struct stat *buf) {
-Session *sn;
-Request *rq;
-uint32_t access_mask;
-if(ctx) {
-access_mask = ctx->aclreqaccess;
-access_mask |= ACL_READ_ATTRIBUTES;
-if(!ctx->pool) {
-// TODO: log warning
-// broken VFSContext
-}
-if(ctx->vfs) {
-// ctx->aclreqaccess should be the complete access mask
-uint32_t m = ctx->aclreqaccess; // save original access mask
-ctx->aclreqaccess = access_mask; // set mask for vfs->fstat call
-int ret = ctx->vfs->stat(ctx, path, buf);
-ctx->aclreqaccess = m; // restore original access mask
-return ret;
-}
-} else {
-sn = NULL;
-rq = NULL;
-access_mask = ACL_READ_ATTRIBUTES;
-}
 // check ACLs
 SysACL sysacl;
 if(sys_acl_check(ctx, access_mask, &sysacl)) {
 return -1;
 }
 return 0;
 }
-int vfs_fstat(VFSContext *ctx, SYS_FILE fd, struct stat *buf) {
+int sys_vfs_fstat(VFSContext *ctx, SYS_FILE fd, struct stat *buf) {
-if(ctx) {
-if(!ctx->pool) {
-// TODO: log warning
-// broken VFSContext
-}
-if(ctx->vfs) {
-return ctx->vfs->fstat(ctx, fd, buf);
-}
-}
 // stat
 if(fstat(fd->fd, buf)) {
 if(ctx) {
 ctx->vfs_errno = errno;
 }
 }
 return 0;
 }
-void vfs_close(SYS_FILE fd) {
+VFS_DIR sys_vfs_opendir(VFSContext *ctx, char *path) {
-fd->io->close(fd);
+uint32_t access_mask = ctx->aclreqaccess;
-if(fd->ctx) {
+pool_handle_t *pool = ctx->pool;
-pool_free(fd->ctx->pool, fd);
-} else {
-free(fd);
-}
-}
-VFS_DIR vfs_opendir(VFSContext *ctx, char *path) {
-WS_ASSERT(path);
-Session *sn;
-Request *rq;
-pool_handle_t *pool;
-uint32_t access_mask;
-if(ctx) {
-access_mask = ctx->aclreqaccess;
-access_mask |= ACL_LIST;
-if(!ctx->pool) {
-// TODO: log warning
-// broken VFSContext
-}
-if(ctx->vfs) {
-// ctx->aclreqaccess should be the complete access mask
-uint32_t m = ctx->aclreqaccess; // save original access mask
-ctx->aclreqaccess = access_mask; // set mask for vfs->opendir call
-VFS_DIR dir = ctx->vfs->opendir(ctx, path);
-ctx->aclreqaccess = m; // restore original access mask
-return dir;
-} else {
-pool = ctx->pool;
-}
-} else {
-sn = NULL;
-rq = NULL;
-pool = NULL;
-access_mask = ACL_LIST;
-}
 // check ACLs
 SysACL sysacl;
 if(sys_acl_check(ctx, access_mask, &sysacl)) {
 return NULL;
 sys_set_error_status(ctx);
 }
 return NULL;
 }
-SysVFSDir *dir_data = pool ?
+SysVFSDir *dir_data = VFS_MALLOC(pool, sizeof(SysVFSDir));
-pool_malloc(pool, sizeof(SysVFSDir)) : malloc(sizeof(SysVFSDir));
 if(!dir_data) {
 closedir(sys_dir);
 return NULL;
 }
 long maxfilelen = fpathconf(dir_fd, _PC_NAME_MAX);
 size_t entry_len = offsetof(struct dirent, d_name) + maxfilelen + 1;
-dir_data->cur = pool ?
+dir_data->cur = VFS_MALLOC(pool, entry_len);
-pool_malloc(pool, entry_len) : malloc(entry_len);
 if(!dir_data->cur) {
 closedir(sys_dir);
+VFS_FREE(pool, dir_data);
 return NULL;
 }
 dir_data->dir = sys_dir;
-VFSDir *dir = pool ?
+VFSDir *dir = VFS_MALLOC(pool, sizeof(VFSDir));
-pool_malloc(pool, sizeof(VFSDir)) : malloc(sizeof(VFSDir));
 if(!dir) {
 closedir(sys_dir);
+VFS_FREE(pool, dir_data->cur);
+VFS_FREE(pool, dir_data);
 return NULL;
 }
 dir->ctx = ctx;
 dir->data = dir_data;
 dir->fd = dir_fd;
 dir->io = &sys_dir_io;
 return dir;
 }
-int vfs_readdir(VFS_DIR dir, VFS_ENTRY *entry) {
+int sys_vfs_mkdir(VFSContext *ctx, char *path) {
-return dir->io->readdir(dir, entry, 0);
+return sys_path_op(ctx, path, sys_mkdir);
 }
-int vfs_readdir_stat(VFS_DIR dir, VFS_ENTRY *entry) {
+int sys_vfs_unlink(VFSContext *ctx, char *path) {
-return dir->io->readdir(dir, entry, 1);
+return sys_path_op(ctx, path, sys_unlink);
 }
-void vfs_closedir(VFS_DIR dir) {
-dir->io->close(dir);
+int sys_path_op(VFSContext *ctx, char *path, sys_op_f op) {
-if(dir->ctx) {
-pool_free(dir->ctx->pool, dir);
-} else {
-free(dir);
-}
-}
-int vfs_mkdir(VFSContext *ctx, char *path) {
-if(ctx && ctx->vfs) {
-return vfs_path_op(ctx, path, ctx->vfs->mkdir, ACL_ADD_FILE);
-} else {
-return sys_path_op(ctx, path, sys_mkdir, ACL_ADD_FILE);
-}
-}
-int vfs_unlink(VFSContext *ctx, char *path) {
-if(ctx && ctx->vfs) {
-return vfs_path_op(ctx, path, ctx->vfs->unlink, ACL_DELETE);
-} else {
-return sys_path_op(ctx, path, sys_unlink, ACL_DELETE);
-}
-}
-// private
-int vfs_path_op(VFSContext *ctx, char *path, vfs_op_f op, uint32_t access) {
-Session *sn;
-Request *rq;
 uint32_t access_mask = ctx->aclreqaccess;
-access_mask |= access;
-if(!ctx->pool) {
-// TODO: log warning
-// broken VFSContext
-return -1;
-}
-// ctx->aclreqaccess should be the complete access mask
-uint32_t m = ctx->aclreqaccess; // save original access mask
-ctx->aclreqaccess = access_mask; // set mask for vfs function call
-int ret = op(ctx, path);
-ctx->aclreqaccess = m; // restore original access mask
-return ret;
-}
-int sys_path_op(VFSContext *ctx, char *path, sys_op_f op, uint32_t access) {
-if(ctx) {
-access |= ctx->aclreqaccess;
-}
 // check ACLs
 SysACL sysacl;
-if(sys_acl_check(ctx, access, &sysacl)) {
+if(sys_acl_check(ctx, access_mask, &sysacl)) {
 return -1;
 }
 if(sysacl.acl) {
-if(!fs_acl_check(&sysacl, ctx->user, path, access)) {
+if(!fs_acl_check(&sysacl, ctx->user, path, access_mask)) {
 acl_set_error_status(ctx->sn, ctx->rq, sysacl.acl, ctx->user);
 return -1;
 }
 }
 // do path operation
 if(op(ctx, path, &sysacl)) {
 // error
-if(ctx) {
+ctx->vfs_errno = errno;
-ctx->vfs_errno = errno;
+sys_set_error_status(ctx);
-sys_set_error_status(ctx);
-}
 return -1;
 }
 return 0;
 }

Mercurial > hg > webserver / file comparison

comparison: src/server/daemon/vfs.c

src/server/daemon/vfs.c