JehanneOS/jehanne
JehanneOS
/
jehanne
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

libc: simplify access; libposix: let access lie 

There are a few issues with Plan 9's `access`:

- it has side effects: to test the actual access (that the file
  servers can allow or deny according to complex custom rules)
  it opens and then closes the file, allocating (and disposing) the fd
- it does not work on directories, since
  - they cannot be opened for writing, despite the fact that to
    create a file in a directory you must be granted write access on
    that directory
  - they cannot be opened for execution, despite the fact that to
    access a file in a directory you must be granted execution access
    on that directory

Despite the fact that `access` (even on UNIX) is a violation of the
"tell, don't ask" principle (the access could be forbidden just after
its successful return, making subsequent `open` fail anyway), this
fact smells of a little design error in the file interface.

So, right now we choose to let the libposix's `access` lie on directories:
it will always return 0 on AWRITE and AEXEC for them, accepting that
a successive create/mkdir may fail.

However, a cleaner file API and protocol should allow a simpler `access`
to be implemented for directories too.
This commit is contained in:
Giacomo Tesio 2017-08-29 00:17:51 +02:00
parent 1aaf8d3703
commit 713eb8843f
3 changed files with 43 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
qa/lib/c/access.c
View File

@ -26,10 +26,15 @@ main(void)
err = "/tmp does not exists"; err = "/tmp does not exists";
else if(access("/tmp", AREAD) != 0) else if(access("/tmp", AREAD) != 0)
err = "/tmp is not readable"; err = "/tmp is not readable";
/* NOTE:
* In Plan 9 access(AWRITE) and access(AEXEC) in directories
* fail despite the actual permission of the directory.
*
else if(access("/tmp", AWRITE) != 0) else if(access("/tmp", AWRITE) != 0)
err = "/tmp is not writeable"; err = "/tmp is not writeable";
else if(access("/tmp", AEXEC) != 0) else if(access("/tmp", AEXEC) != 0)
err = "/tmp is not traversable"; err = "/tmp is not traversable";
*/
if(err == nil){ if(err == nil){
print("PASS\n"); print("PASS\n");
exits("PASS"); exits("PASS");

50
sys/src/lib/c/9sys/access.c
View File

@ -22,9 +22,7 @@
int int
jehanne_access(const char *name, int mode) jehanne_access(const char *name, int mode)
{ {
int tmp, reqmode; int fd, reqmode;
Dir *db;
char *user;
static char omode[] = { static char omode[] = {
OSTAT, OSTAT,
@ -38,35 +36,25 @@ jehanne_access(const char *name, int mode)
}; };
reqmode = omode[mode&AMASK]; reqmode = omode[mode&AMASK];
tmp = open(name, reqmode); fd = open(name, reqmode);
if(tmp >= 0){ if(fd >= 0){
close(tmp); close(fd);
return 0; return 0;
} }
db = jehanne_dirstat(name);
if(db != nil){ /* WARNING:
if(db->mode & DMDIR){ *
/* check other first */ * In Plan 9 access(AWRITE) and access(AEXEC) in directories
tmp = db->mode & reqmode; * fail despite the actual permission of the directory.
if(tmp != reqmode){ *
/* TODO: make something better */ * This is well understood in Plan 9, but it's counter intuitive.
user = jehanne_getuser(); *
if(jehanne_strcmp(user, db->gid) == 0){ * In Plan 9, to create a file in a directory you need write
/* check group */ * permission in the directory. Still you don't need to (and you
tmp |= (db->mode & (reqmode << 3)) >> 3; * cannot) open the directory for writing before calling create.
if(tmp != reqmode && jehanne_strcmp(user, db->uid)== 0){ *
/* check user */ * To my eyes this is a UNIX inheritance that could be "fixed"
tmp |= (db->mode & (reqmode << 6)) >> 6; * but there are some trade off.
} */
} else if (jehanne_strcmp(user, db->uid)== 0){
/* check user */
tmp |= (db->mode & (reqmode << 6)) >> 6;
}
}
}
jehanne_free(db);
if(tmp == reqmode)
return 0;
}
return -1; return -1;
} }

27
sys/src/lib/posix/files.c
View File

@ -119,25 +119,36 @@ find_seek_type(int whence)
int int
POSIX_access(int *errnop, const char *path, int amode) POSIX_access(int *errnop, const char *path, int amode)
{ {
Dir *d;
PosixError e = 0; PosixError e = 0;
d = dirstat(path);
if(path == nil || path[0] == '\0'){ if(path == nil || path[0] == '\0'){
e = PosixENOENT; e = PosixENOENT;
} else if(amode == __libposix_F_OK){ } else if(d == nil){
if(access(path, AEXIST) == 0)
return 0;
e = PosixENOENT; e = PosixENOENT;
} else if(amode & ~(__libposix_R_OK|__libposix_W_OK|__libposix_X_OK)) } else if(amode == __libposix_F_OK){
goto AccessDone;
} else if(amode & ~(__libposix_R_OK|__libposix_W_OK|__libposix_X_OK)){
e = PosixEINVAL; e = PosixEINVAL;
else if((amode & __libposix_R_OK) && access(path, AREAD) != 0) } else if((amode & __libposix_R_OK) && access(path, AREAD) != 0){
e = PosixEACCES; e = PosixEACCES;
else if((amode & __libposix_W_OK) && access(path, AWRITE) != 0) } else if((d->mode & DMDIR) != 0){
/* we lie, but on Plan 9 access(AWRITE) and access(AEXEC)
* will always fail on directories.
*/
goto AccessDone;
} else if((amode & __libposix_W_OK) && access(path, AWRITE) != 0){
e = PosixEACCES; e = PosixEACCES;
else if((amode & __libposix_X_OK) && access(path, AEXEC) != 0) } else if((amode & __libposix_X_OK) && access(path, AEXEC) != 0){
e = PosixEACCES; e = PosixEACCES;
else }else{
AccessDone:
free(d);
return 0; return 0;
}
free(d);
*errnop = __libposix_get_errno(e); *errnop = __libposix_get_errno(e);
return -1; return -1;
} }