2 * Copyright (c) 2021, 2022 Omar Polo <op@omarpolo.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 #include <sys/types.h>
46 * Max message size aviable via a single imsg.
48 #define IMSG_MAXSIZE (MAX_IMSGSIZE - IMSG_HEADER_SIZE)
51 * The minimum value allowed for the msize.
55 #define DEBUG_PACKETS 0
57 /* straight outta /src/usr.bin/ssh/scp.c */
58 #define TYPE_OVERFLOW(type, val) \
59 ((sizeof(type) == 4 && (val) > INT32_MAX) || \
60 (sizeof(type) == 8 && (val) > INT64_MAX) || \
61 (sizeof(type) != 4 && sizeof(type) != 8))
63 STAILQ_HEAD(dirhead, dir) dirs;
67 STAILQ_ENTRY(dir) entries;
70 STAILQ_HEAD(fidhead, fid) fids;
77 * the flags passed to open(2). O_CLOEXEC means ORCLOSE, that
78 * is to unlink the file upon Tclunk.
83 * if fd is not -1 this fid was opened, fd represents its
84 * file descriptor and iomode the flags passed to open(2).
91 * expected offset for Tread against a directory.
97 STAILQ_ENTRY(fid) entries;
100 static struct imsgev *iev_listener;
101 static struct evbuffer *evb;
102 static uint32_t peerid;
104 static int handshaked;
107 static __dead void client_shutdown(void);
108 static void client_sig_handler(int, short, void *);
109 static void client_dispatch_listener(int, short, void *);
110 static void client_privdrop(const char *, const char *);
112 static int client_send_listenerp(int, uint32_t, const void *, uint16_t);
113 static int client_send_listener(int, const void *, uint16_t);
115 static void qid_update_from_sb(struct qid *, struct stat *);
117 static struct dir *new_dir(int);
118 static struct dir *dir_incref(struct dir *);
119 static void dir_decref(struct dir *);
121 static struct fid *new_fid(struct dir *, uint32_t, const char *, struct qid *);
122 static struct fid *fid_by_id(uint32_t);
123 static void free_fid(struct fid *);
125 static void parse_message(const uint8_t *, size_t,
126 struct np_msg_header *, uint8_t **);
128 static void np_write16(struct evbuffer *, uint16_t);
129 static void np_write32(struct evbuffer *, uint32_t);
130 static void np_write64(struct evbuffer *, uint64_t);
131 static void np_header(uint32_t, uint8_t, uint16_t);
132 static void np_string(struct evbuffer *, uint16_t, const char *);
133 static void np_qid(struct evbuffer *, struct qid *);
134 static void do_send(void);
136 static void np_version(uint16_t, uint32_t, const char *);
137 static void np_attach(uint16_t, struct qid *);
138 static void np_clunk(uint16_t);
139 static void np_flush(uint16_t);
140 static void np_walk(uint16_t, int, struct qid *);
141 static void np_open(uint16_t, struct qid *, uint32_t);
142 static void np_create(uint16_t, struct qid *, uint32_t);
143 static void np_read(uint16_t, uint32_t, void *);
144 static void np_write(uint16_t, uint32_t);
145 static void np_stat(uint16_t, uint16_t, void *);
146 static void np_wstat(uint16_t);
147 static void np_remove(uint16_t);
148 static void np_error(uint16_t, const char *);
149 static void np_errno(uint16_t);
151 static int np_read8(const char *, const char *, uint8_t *,
152 const uint8_t **, size_t *);
153 static int np_read16(const char *, const char *, uint16_t *,
154 const uint8_t **, size_t *);
155 static int np_read32(const char *, const char *, uint32_t *,
156 const uint8_t **, size_t *);
157 static int np_read64(const char *, const char *, uint64_t *,
158 const uint8_t **, size_t *);
160 #define READSTRERR -1
161 #define READSTRTRUNC -2
162 static int np_readstr(const char *, const char *, char *, size_t,
163 const uint8_t **, size_t *);
165 static int np_readst(const char *, const char *, struct np_stat *,
166 char *, size_t, const uint8_t **, size_t *);
168 #define NPREAD8(f, dst, src, len) np_read8(__func__, f, dst, src, len)
169 #define NPREAD16(f, dst, src, len) np_read16(__func__, f, dst, src, len)
170 #define NPREAD32(f, dst, src, len) np_read32(__func__, f, dst, src, len)
171 #define NPREAD64(f, dst, src, len) np_read64(__func__, f, dst, src, len)
173 #define NPREADSTR(f, b, bl, src, len) np_readstr(__func__, f, b, bl, src, len)
175 #define NPREADST(f, dst, n, nl, src, len) np_readst(__func__, f, dst, n, nl, src, len)
177 static void tversion(struct np_msg_header *, const uint8_t *, size_t);
178 static void tattach(struct np_msg_header *, const uint8_t *, size_t);
179 static void tclunk(struct np_msg_header *, const uint8_t *, size_t);
180 static void tflush(struct np_msg_header *, const uint8_t *, size_t);
181 static void twalk(struct np_msg_header *, const uint8_t *, size_t);
182 static void topen(struct np_msg_header *, const uint8_t *, size_t);
183 static void tcreate(struct np_msg_header *, const uint8_t *, size_t);
184 static void tread(struct np_msg_header *, const uint8_t *, size_t);
185 static void twrite(struct np_msg_header *, const uint8_t *, size_t, struct fid **, off_t *, size_t *, size_t *, int *);
186 static void twrite_cont(struct fid *, off_t *, size_t *, size_t *, int *, uint16_t, const uint8_t *, size_t);
187 static void tstat(struct np_msg_header *, const uint8_t *, size_t);
188 static void twstat(struct np_msg_header *, const uint8_t *, size_t);
189 static void tremove(struct np_msg_header *, const uint8_t *, size_t);
190 static void handle_message(struct imsg *, size_t, int);
193 client(int debug, int verbose)
195 struct event ev_sigint, ev_sigterm;
197 log_init(debug, LOG_DAEMON);
198 log_setverbose(verbose);
200 setproctitle("client");
201 log_procinit("client");
203 log_debug("warming up");
207 /* Setup signal handlers */
208 signal_set(&ev_sigint, SIGINT, client_sig_handler, NULL);
209 signal_set(&ev_sigterm, SIGTERM, client_sig_handler, NULL);
211 signal_add(&ev_sigint, NULL);
212 signal_add(&ev_sigterm, NULL);
214 signal(SIGPIPE, SIG_IGN);
215 signal(SIGHUP, SIG_IGN);
217 /* Setup pipe and event handler to the listener process */
218 if ((iev_listener = malloc(sizeof(*iev_listener))) == NULL)
221 imsg_init(&iev_listener->ibuf, 3);
222 iev_listener->handler = client_dispatch_listener;
224 /* Setup event handlers. */
225 iev_listener->events = EV_READ;
226 event_set(&iev_listener->ev, iev_listener->ibuf.fd,
227 iev_listener->events, iev_listener->handler, iev_listener);
228 event_add(&iev_listener->ev, NULL);
235 client_shutdown(void)
240 msgbuf_clear(&iev_listener->ibuf.w);
241 close(iev_listener->ibuf.fd);
245 log_debug("client exiting");
250 client_sig_handler(int sig, short event, void *d)
253 * Normal signal handler rules don't apply because libevent
262 fatalx("unexpected signal %d", sig);
267 client_dispatch_listener(int fd, short event, void *d)
270 struct kd_auth_proc rauth;
271 struct kd_debug_info debug;
274 struct imsgev *iev = d;
275 struct imsgbuf *ibuf;
281 if (event & EV_READ) {
282 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
283 fatal("imsg_read error");
284 if (n == 0) /* Connection closed */
287 if (event & EV_WRITE) {
288 if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN)
289 fatal("msgbuf_write");
290 if (n == 0) /* Connection closed */
295 if ((n = imsg_get(ibuf, &imsg)) == -1)
296 fatal("%s: imsg_get error", __func__);
297 if (n == 0) /* No more messages. */
300 switch (imsg.hdr.type) {
301 case IMSG_CTL_LOG_VERBOSE:
302 if (IMSG_DATA_SIZE(imsg) != sizeof(verbose))
303 fatalx("%s: IMSG_CTL_LOG_VERBOSE wrong size",
305 memcpy(&verbose, imsg.data, sizeof(verbose));
306 log_setverbose(verbose);
309 STAILQ_FOREACH(f, &fids, entries) {
310 memset(&debug, 0, sizeof(debug));
312 strlcpy(debug.path, f->fname,
314 client_send_listenerp(IMSG_CTL_DEBUG_BACK,
315 imsg.hdr.peerid, &debug, sizeof(debug));
317 client_send_listenerp(IMSG_CTL_DEBUG_END,
318 imsg.hdr.peerid, NULL, 0);
321 peerid = imsg.hdr.peerid;
323 fatalx("%s: IMSG_AUTH already done", __func__);
326 if (IMSG_DATA_SIZE(imsg) != sizeof(rauth))
327 fatalx("mismatching size for IMSG_AUTH");
328 memcpy(&rauth, imsg.data, sizeof(rauth));
329 if (rauth.uname[sizeof(rauth.uname)-1] != '\0' ||
330 rauth.dir[sizeof(rauth.dir)-1] != '\0')
331 fatalx("IMSG_AUTH strings not NUL-terminated");
333 client_privdrop(rauth.uname, rauth.dir);
334 explicit_bzero(&rauth, sizeof(rauth));
339 fatalx("%s: can't handle messages before"
340 " doing the auth", __func__);
341 handle_message(&imsg, IMSG_DATA_SIZE(imsg),
342 imsg.hdr.type == IMSG_BUF_CONT);
345 log_debug("closing");
349 log_debug("%s: unexpected imsg %d",
350 __func__, imsg.hdr.type);
359 /* This pipe is dead. Remove its event handler. */
361 log_debug("pipe closed, shutting down...");
362 event_loopexit(NULL);
367 client_privdrop(const char *username, const char *dir)
371 setproctitle("client %s", username);
373 if ((pw = getpwnam(username)) == NULL)
374 fatalx("getpwnam(%s) failed", username);
376 if (chroot(dir) == -1)
378 if (chdir("/") == -1)
379 fatal("chdir(\"/\")");
381 if (setgroups(1, &pw->pw_gid) ||
382 setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
383 setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
384 fatal("can't drop privileges");
387 log_debug("client ready; user=%s dir=%s", username, dir);
389 if ((evb = evbuffer_new()) == NULL)
390 fatal("evbuffer_new");
394 client_send_listenerp(int type, uint32_t peerid, const void *data, uint16_t len)
398 if ((ret = imsg_compose(&iev_listener->ibuf, type, peerid, 0, -1,
400 imsg_event_add(iev_listener);
406 client_send_listener(int type, const void *data, uint16_t len)
408 return client_send_listenerp(type, peerid, data, len);
411 /* set qid fields from sb */
413 qid_update_from_sb(struct qid *qid, struct stat *sb)
415 qid->path = sb->st_ino;
418 * Theoretically (and hopefully!) this should be a 64 bit
419 * number. Unfortunately, 9P uses 32 bit timestamps.
421 qid->vers = sb->st_mtim.tv_sec;
423 if (S_ISREG(sb->st_mode))
425 else if (S_ISDIR(sb->st_mode))
427 else if (S_ISLNK(sb->st_mode))
428 qid->type = QTSYMLINK;
431 /* creates a qid given a fd */
437 if ((dir = calloc(1, sizeof(*dir))) == NULL)
441 STAILQ_INSERT_HEAD(&dirs, dir, entries);
446 dir_incref(struct dir *dir)
453 dir_decref(struct dir *dir)
455 if (--dir->refcount > 0)
458 STAILQ_REMOVE(&dirs, dir, dir, entries);
465 new_fid(struct dir *dir, uint32_t fid, const char *path, struct qid *qid)
472 if (fstatat(dir->fd, path, &sb, 0)) {
473 log_warn("fstatat(%s)", path);
476 qid_update_from_sb(&q, &sb);
480 if ((f = calloc(1, sizeof(*f))) == NULL)
483 f->dir = dir_incref(dir);
487 strlcpy(f->fname, path, sizeof(f->fname));
489 memcpy(&f->qid, qid, sizeof(f->qid));
491 STAILQ_INSERT_HEAD(&fids, f, entries);
497 fid_by_id(uint32_t fid)
501 STAILQ_FOREACH(f, &fids, entries) {
510 free_fid(struct fid *f)
521 fatal("can't close fid %d", f->fid);
524 evbuffer_free(f->evb);
526 /* try to honour ORCLOSE if requested */
527 if (f->iomode & O_CLOEXEC)
528 unlinkat(f->dir->fd, f->fname, 0);
533 STAILQ_REMOVE(&fids, f, fid, entries);
538 parse_message(const uint8_t *data, size_t len, struct np_msg_header *hdr,
543 if (!NPREAD32("len", &hdr->len, &data, &len) ||
544 !NPREAD8("type", &hdr->type, &data, &len) ||
545 !NPREAD16("tag", &hdr->tag, &data, &len))
549 * Allow only "jumbo" Twrites.
551 if (hdr->type != Twrite && olen != hdr->len)
554 if (hdr->type < Tversion ||
556 hdr->type == Terror ||
557 (hdr->type & 0x1) != 0) /* cannot recv a R* */
560 hdr->tag = le32toh(hdr->tag);
562 *cnt = (uint8_t *)data;
566 log_warnx("got invalid message: (%d, %d, %d)",
567 hdr->len, hdr->type, hdr->tag);
568 client_send_listener(IMSG_CLOSE, NULL, 0);
573 np_write16(struct evbuffer *e, uint16_t x)
576 evbuffer_add(e, &x, sizeof(x));
580 np_write32(struct evbuffer *e, uint32_t x)
583 evbuffer_add(e, &x, sizeof(x));
587 np_write64(struct evbuffer *e, uint64_t x)
590 evbuffer_add(e, &x, sizeof(x));
594 np_writebuf(struct evbuffer *e, size_t len, void *data)
596 evbuffer_add(e, data, len);
600 np_header(uint32_t len, uint8_t type, uint16_t tag)
607 evbuffer_add(evb, &len, sizeof(len));
608 evbuffer_add(evb, &type, sizeof(type));
609 evbuffer_add(evb, &tag, sizeof(tag));
613 np_string(struct evbuffer *e, uint16_t len, const char *str)
618 evbuffer_add(e, &len, sizeof(len));
619 evbuffer_add(e, str, l);
623 np_qid(struct evbuffer *e, struct qid *qid)
628 path = htole64(qid->path);
629 vers = htole32(qid->vers);
631 evbuffer_add(e, &qid->type, sizeof(qid->type));
632 evbuffer_add(e, &vers, sizeof(vers));
633 evbuffer_add(e, &path, sizeof(path));
642 len = EVBUFFER_LENGTH(evb);
643 data = EVBUFFER_DATA(evb);
646 hexdump("outgoing packet", data, len);
649 while (len > IMSG_MAXSIZE) {
650 client_send_listener(IMSG_BUF, data, IMSG_MAXSIZE);
651 evbuffer_drain(evb, IMSG_MAXSIZE);
653 data += IMSG_MAXSIZE;
657 client_send_listener(IMSG_BUF, data, len);
658 evbuffer_drain(evb, len);
663 np_version(uint16_t tag, uint32_t msize, const char *version)
669 msize = htole32(msize);
671 np_header(sizeof(msize) + sizeof(l) + l, Rversion, tag);
672 evbuffer_add(evb, &msize, sizeof(msize));
673 np_string(evb, l, version);
678 np_attach(uint16_t tag, struct qid *qid)
680 np_header(QIDSIZE, Rattach, tag);
686 np_clunk(uint16_t tag)
688 np_header(0, Rclunk, tag);
693 np_flush(uint16_t tag)
695 np_header(0, Rflush, tag);
700 np_walk(uint16_t tag, int nwqid, struct qid *wqid)
704 /* two bytes for the counter */
705 np_header(2 + QIDSIZE * nwqid, Rwalk, tag);
706 np_write16(evb, nwqid);
707 for (i = 0; i < nwqid; ++i)
708 np_qid(evb, wqid + i);
714 np_open(uint16_t tag, struct qid *qid, uint32_t iounit)
716 np_header(QIDSIZE + sizeof(iounit), Ropen, tag);
718 np_write32(evb, iounit);
723 np_create(uint16_t tag, struct qid *qid, uint32_t iounit)
725 np_header(QIDSIZE + sizeof(iounit), Rcreate, tag);
727 np_write32(evb, iounit);
732 np_read(uint16_t tag, uint32_t count, void *data)
734 if (sizeof(count) + count + HEADERSIZE > msize) {
735 np_error(tag, "Rread would overflow");
739 np_header(sizeof(count) + count, Rread, tag);
740 np_write32(evb, count);
741 np_writebuf(evb, count, data);
746 np_write(uint16_t tag, uint32_t count)
748 np_header(sizeof(count), Rwrite, tag);
749 np_write32(evb, count);
754 np_stat(uint16_t tag, uint16_t count, void *data)
756 if (sizeof(count) + count + HEADERSIZE >= msize) {
757 np_error(tag, "Rstat would overflow");
761 np_header(sizeof(count) + count, Rstat, tag);
762 np_write16(evb, count);
763 np_writebuf(evb, count, data);
768 np_wstat(uint16_t tag)
770 np_header(0, Rwstat, tag);
775 np_remove(uint16_t tag)
777 np_header(0, Rremove, tag);
782 np_error(uint16_t tag, const char *errstr)
788 np_header(sizeof(l) + l, Rerror, tag);
789 np_string(evb, l, errstr);
794 np_errno(uint16_t tag)
797 char buf[NL_TEXTMAX] = {0};
801 strerror_r(errno, buf, sizeof(buf));
808 np_read8(const char *t, const char *f, uint8_t *dst, const uint8_t **src,
811 if (*len < sizeof(*dst)) {
812 log_warnx("%s: wanted %zu bytes for the %s field but only "
813 "%zu are available.", t, sizeof(*dst), f, *len);
817 memcpy(dst, *src, sizeof(*dst));
818 *src += sizeof(*dst);
819 *len -= sizeof(*dst);
825 np_read16(const char *t, const char *f, uint16_t *dst, const uint8_t **src,
828 if (*len < sizeof(*dst)) {
829 log_warnx("%s: wanted %zu bytes for the %s field but only "
830 "%zu are available.", t, sizeof(*dst), f, *len);
834 memcpy(dst, *src, sizeof(*dst));
835 *src += sizeof(*dst);
836 *len -= sizeof(*dst);
837 *dst = le16toh(*dst);
843 np_read32(const char *t, const char *f, uint32_t *dst, const uint8_t **src,
846 if (*len < sizeof(*dst)) {
847 log_warnx("%s: wanted %zu bytes for the %s field but only "
848 "%zu are available.", t, sizeof(*dst), f, *len);
852 memcpy(dst, *src, sizeof(*dst));
853 *src += sizeof(*dst);
854 *len -= sizeof(*dst);
855 *dst = le32toh(*dst);
861 np_read64(const char *t, const char *f, uint64_t *dst, const uint8_t **src,
864 if (*len < sizeof(*dst)) {
865 log_warnx("%s: wanted %zu bytes for the %s field but only "
866 "%zu are available.", t, sizeof(*dst), f, *len);
870 memcpy(dst, *src, sizeof(*dst));
871 *src += sizeof(*dst);
872 *len -= sizeof(*dst);
873 *dst = le64toh(*dst);
879 np_readstr(const char *t, const char *f, char *res, size_t reslen,
880 const uint8_t **src, size_t *len)
885 strlcpy(buf, f, sizeof(buf));
886 strlcat(buf, "-len", sizeof(buf));
888 if (!np_read16(t, buf, &sl, src, len))
892 log_warnx("%s: wanted %d bytes for the %s field but only "
893 "%zu are available.", t, sl, f, *len);
900 memcpy(res, *src, sl);
909 np_readst(const char *t, const char *f, struct np_stat *st,
910 char *name, size_t namelen, const uint8_t **src, size_t *len)
912 memset(st, 0, sizeof(*st));
914 /* len is sent twice! */
915 if (!np_read16(t, "stat len", &st->size, src, len) ||
916 !np_read16(t, "stat.size", &st->size, src, len) ||
917 !np_read16(t, "stat.type", &st->type, src, len) ||
918 !np_read32(t, "stat.dev", &st->dev, src, len) ||
919 !np_read64(t, "stat.qid.path", &st->qid.path, src, len) ||
920 !np_read32(t, "stat.qid.vers", &st->qid.vers, src, len) ||
921 !np_read8(t, "stat.qid.type", &st->qid.type, src, len) ||
922 !np_read32(t, "stat.mode", &st->mode, src, len) ||
923 !np_read32(t, "stat.atime", &st->atime, src, len) ||
924 !np_read32(t, "stat.mtime", &st->mtime, src, len) ||
925 !np_read64(t, "stat.length", &st->length, src, len))
929 * ignore everything but the name, we don't support
930 * changing those fields anyway
933 return np_readstr(t, "stat.name", name, namelen, src, len);
937 tversion(struct np_msg_header *hdr, const uint8_t *data, size_t len)
939 char *dot, version[32];
944 /* msize[4] version[s] */
945 if (!NPREAD32("msize", &msize, &data, &len))
948 switch (NPREADSTR("version", version, sizeof(version), &data, &len)) {
952 log_warnx("9P version string too long, truncated");
953 np_version(hdr->tag, MSIZE9P, "unknown");
960 if ((dot = strchr(version, '.')) != NULL)
963 if (strcmp(version, VERSION9P) != 0) {
964 log_warnx("unknown 9P version \"%s\"; want "VERSION9P,
966 np_version(hdr->tag, MSIZE9P, "unknown");
970 if (msize < MIN_MSIZE) {
971 log_warnx("msize too small: %"PRIu32"; want %d at least",
973 np_version(hdr->tag, MSIZE9P, "unknown");
977 /* version matched */
979 msize = MIN(msize, MSIZE9P);
980 client_send_listener(IMSG_MSIZE, &msize, sizeof(msize));
981 np_version(hdr->tag, msize, VERSION9P);
985 client_send_listener(IMSG_CLOSE, NULL, 0);
990 tattach(struct np_msg_header *hdr, const uint8_t *data, size_t len)
996 char aname[PATH_MAX];
998 /* fid[4] afid[4] uname[s] aname[s] */
1000 if (!NPREAD32("fid", &fid, &data, &len) ||
1001 !NPREAD32("afid", &afid, &data, &len))
1004 /* read the uname but don't actually use it */
1005 switch (NPREADSTR("uname", aname, sizeof(aname), &data, &len)) {
1009 np_error(hdr->tag, "name too long");
1013 switch (NPREADSTR("aname", aname, sizeof(aname), &data, &len)) {
1017 np_error(hdr->tag, "name too long");
1022 strlcpy(aname, "/", sizeof(aname));
1027 if (fid_by_id(fid) != NULL || afid != NOFID) {
1028 np_error(hdr->tag, "invalid fid or afid");
1032 if ((fd = open(aname, O_RDONLY|O_DIRECTORY)) == -1)
1035 if ((dir = new_dir(fd)) == NULL)
1038 log_debug("attached %s to %d", aname, fid);
1040 if ((f = new_fid(dir, fid, aname, NULL)) == NULL) {
1045 np_attach(hdr->tag, &f->qid);
1050 log_warn("failed to attach %s", aname);
1054 client_send_listener(IMSG_CLOSE, NULL, 0);
1059 tclunk(struct np_msg_header *hdr, const uint8_t *data, size_t len)
1065 if (!NPREAD32("fid", &fid, &data, &len) ||
1067 client_send_listener(IMSG_CLOSE, NULL, 0);
1072 if ((f = fid_by_id(fid)) == NULL) {
1073 np_error(hdr->tag, "invalid fid");
1082 tflush(struct np_msg_header *hdr, const uint8_t *data, size_t len)
1087 * We're doing only synchronous I/O. Tflush is implemented
1088 * only because it's illegal to reply with a Rerror.
1092 if (len != sizeof(oldtag)) {
1093 log_warnx("Tflush with the wrong size: got %zu want %zu",
1094 len, sizeof(oldtag));
1095 client_send_listener(IMSG_CLOSE, NULL, 0);
1104 twalk(struct np_msg_header *hdr, const uint8_t *data, size_t len)
1108 struct qid wqid[MAXWELEM] = {0};
1110 uint32_t fid, newfid;
1112 int fd, oldfd, no, nwqid = 0;
1113 char wnam[PATH_MAX];
1115 if (!NPREAD32("fid", &fid, &data, &len) ||
1116 !NPREAD32("newfid", &newfid, &data, &len) ||
1117 !NPREAD16("nwname", &nwname, &data, &len))
1120 if (nwname > MAXWELEM) {
1121 log_warnx("Twalk: more than %d path elements: %d",
1126 if ((f = fid_by_id(fid)) == NULL) {
1127 np_error(hdr->tag, "invalid fid");
1132 np_error(hdr->tag, "fid already opened for I/O");
1138 else if ((nf = fid_by_id(newfid)) != NULL) {
1139 np_error(hdr->tag, "newfid already in use");
1144 /* special case: fid duplication */
1147 * TODO: should we forbid fids duplication when fid ==
1151 (nf = new_fid(f->dir, newfid, f->fname, &f->qid)) == NULL)
1152 fatal("new_fid duplication");
1154 np_walk(hdr->tag, 0, NULL);
1158 if (!(f->qid.type & QTDIR)) {
1159 np_error(hdr->tag, "fid doesn't represent a directory");
1165 for (nwqid = 0; nwqid < nwname; nwqid++) {
1166 switch (NPREADSTR("wname", wnam, sizeof(wnam), &data, &len)) {
1170 np_error(hdr->tag, "wname too long");
1174 if (*wnam == '\0' ||
1175 strchr(wnam, '/') != NULL ||
1176 !strcmp(wnam, ".")) {
1181 if ((fd = openat(oldfd, wnam, O_RDONLY|O_DIRECTORY)) == -1 &&
1185 if ((fd == -1 && fstatat(oldfd, wnam, &sb, 0) == -1) ||
1186 (fd != -1 && fstat(fd, &sb) == -1))
1189 qid_update_from_sb(&wqid[nwqid], &sb);
1191 /* reached a file but we still have other components */
1192 if (fd == -1 && nwqid+1 < nwname)
1195 /* reached the end and found a file */
1196 if (fd == -1 && nwqid+1 == nwname)
1199 if (oldfd != f->dir->fd)
1208 * If fd is -1 we've reached a file, otherwise we've just
1209 * reached another directory. We must pay attention to what
1210 * file descriptor we use to create the dir, because if we've
1211 * reached a file and oldfd is f->dir->fd then we *must* share
1212 * the same dir (it was a walk of one path from a directory to a
1213 * file, otherwise fun is bound to happen as soon as the client
1214 * closes the fid for the directory but keeps the one for the
1217 if (fd == -1 && oldfd == f->dir->fd)
1220 dir = new_dir(oldfd);
1228 if ((nf = new_fid(dir, newfid, wnam, &wqid[nwqid-1])) == NULL)
1231 /* update the dir */
1232 dir_decref(nf->dir);
1233 nf->dir = dir_incref(dir);
1236 np_walk(hdr->tag, nwqid, wqid);
1240 if (oldfd != f->dir->fd)
1244 np_error(hdr->tag, strerror(no));
1246 np_walk(hdr->tag, nwqid, wqid);
1250 client_send_listener(IMSG_CLOSE, NULL, 0);
1255 npmode_to_unix(uint8_t mode, int *flags)
1257 switch (mode & 0x0F) {
1268 log_warnx("tried to open something with KOEXEC");
1276 if (mode & KORCLOSE)
1277 *flags |= O_CLOEXEC;
1283 topen(struct np_msg_header *hdr, const uint8_t *data, size_t len)
1292 /* fid[4] mode[1] */
1293 if (!NPREAD32("fid", &fid, &data, &len) ||
1294 !NPREAD8("mode", &mode, &data, &len) ||
1296 client_send_listener(IMSG_CLOSE, NULL, 0);
1301 if ((f = fid_by_id(fid)) == NULL || f->fd != -1) {
1302 np_error(hdr->tag, "invalid fid");
1306 if (npmode_to_unix(mode, &f->iomode) == -1) {
1307 np_error(hdr->tag, "invalid mode");
1312 if (f->qid.type & QTDIR)
1315 if ((f->fd = openat(f->dir->fd, path, f->iomode)) == -1) {
1316 np_error(hdr->tag, strerror(errno));
1320 if (fstat(f->fd, &sb) == -1)
1323 if (S_ISDIR(sb.st_mode)) {
1324 if ((f->d = fdopendir(f->fd)) == NULL) {
1331 if ((f->evb = evbuffer_new()) == NULL) {
1341 qid_update_from_sb(&qid, &sb);
1342 np_open(hdr->tag, &qid, sb.st_blksize);
1346 tcreate(struct np_msg_header *hdr, const uint8_t *data, size_t len)
1353 char name[PATH_MAX];
1355 /* fid[4] name[s] perm[4] mode[1] */
1356 if (!NPREAD32("fid", &fid, &data, &len))
1358 switch (NPREADSTR("name", name, sizeof(name), &data, &len)) {
1362 np_error(hdr->tag, "name too long");
1365 if (!NPREAD32("perm", &perm, &data, &len) ||
1366 !NPREAD8("mode", &mode, &data, &len) ||
1370 if (!strcmp(name, ".") || !strcmp(name, "..") ||
1371 strchr(name, '/') != NULL) {
1372 np_error(hdr->tag, "invalid name");
1376 if ((f = fid_by_id(fid)) == NULL || f->fd != -1) {
1377 np_error(hdr->tag, "invalid fid");
1381 if (!(f->qid.type & QTDIR)) {
1382 np_error(hdr->tag, "fid doesn't identify a directory");
1386 if (npmode_to_unix(mode, &f->iomode) == -1) {
1387 np_error(hdr->tag, "invalid mode");
1391 if (f->iomode & O_RDONLY) {
1392 np_error(hdr->tag, "can't create a read-only file");
1396 /* TODO: parse the mode */
1398 if (perm & 0x80000000) {
1399 /* create a directory */
1400 f->fd = mkdirat(f->dir->fd, name, 0755);
1403 f->fd = openat(f->dir->fd, name, f->iomode | O_CREAT | O_TRUNC,
1412 if (fstat(f->fd, &sb) == -1)
1415 if (S_ISDIR(sb.st_mode)) {
1416 if ((f->d = fdopendir(f->fd)) == NULL) {
1423 if ((f->evb = evbuffer_new()) == NULL) {
1433 qid_update_from_sb(&qid, &sb);
1434 np_create(hdr->tag, &qid, sb.st_blksize);
1439 client_send_listener(IMSG_CLOSE, NULL, 0);
1444 serialize_stat(const char *fname, struct stat *sb, struct evbuffer *evb)
1447 const char *uid, *gid, *muid;
1450 uint16_t namlen, uidlen, gidlen, ulen;
1452 qid_update_from_sb(&qid, sb);
1454 /* TODO: fill these fields */
1459 namlen = strlen(fname);
1460 uidlen = strlen(uid);
1461 gidlen = strlen(gid);
1462 ulen = strlen(muid);
1464 tot = NPSTATSIZ(namlen, uidlen, gidlen, ulen);
1465 if (tot > UINT16_MAX) {
1466 log_warnx("stat info for dir entry %s would overflow",
1471 mode = sb->st_mode & 0xFFFF;
1472 if (qid.type & QTDIR)
1475 np_write16(evb, tot); /* size[2] */
1476 np_write16(evb, sb->st_rdev); /* type[2] */
1477 np_write32(evb, sb->st_dev); /* dev[4] */
1478 np_qid(evb, &qid); /* qid[13] */
1479 np_write32(evb, mode); /* mode[4] */
1480 np_write32(evb, sb->st_atim.tv_sec); /* atime[4] */
1481 np_write32(evb, sb->st_mtim.tv_sec); /* mtime[4] */
1483 /* special case: directories have size 0 */
1484 if (qid.type & QTDIR)
1487 np_write64(evb, sb->st_size); /* length[8] */
1489 np_string(evb, namlen, fname); /* name[s] */
1490 np_string(evb, uidlen, uid); /* uid[s] */
1491 np_string(evb, gidlen, gid); /* gid[s] */
1492 np_string(evb, ulen, muid); /* muid[s] */
1498 tread(struct np_msg_header *hdr, const uint8_t *data, size_t len)
1500 static char buf[MSIZE9P - HEADERSIZE - 4];
1505 uint32_t fid, count;
1507 /* fid[4] offset[8] count[4] */
1508 if (!NPREAD32("fid", &fid, &data, &len) ||
1509 !NPREAD64("offset", &off, &data, &len) ||
1510 !NPREAD32("count", &count, &data, &len) ||
1512 client_send_listener(IMSG_CLOSE, NULL, 0);
1517 if ((f = fid_by_id(fid)) == NULL || f->fd == -1) {
1518 np_error(hdr->tag, "invalid fid");
1522 if (TYPE_OVERFLOW(off_t, off)) {
1523 log_warnx("unexpected off_t size");
1524 np_error(hdr->tag, "invalid offset");
1530 howmuch = MIN(sizeof(buf), count);
1531 r = pread(f->fd, buf, howmuch, (off_t)off);
1535 np_read(hdr->tag, r, buf);
1537 if (off == 0 && f->offset != 0) {
1540 evbuffer_drain(f->evb, EVBUFFER_LENGTH(f->evb));
1543 if (off != f->offset) {
1544 np_error(hdr->tag, "can't seek in directories");
1548 while (EVBUFFER_LENGTH(f->evb) < count) {
1552 if ((d = readdir(f->d)) == NULL)
1554 if (!strcmp(d->d_name, ".") || !strcmp(d->d_name, ".."))
1556 if (fstatat(f->fd, d->d_name, &sb, 0) == -1) {
1560 serialize_stat(d->d_name, &sb, f->evb);
1563 count = MIN(count, EVBUFFER_LENGTH(f->evb));
1564 np_read(hdr->tag, count, EVBUFFER_DATA(f->evb));
1565 evbuffer_drain(f->evb, count);
1572 twrite(struct np_msg_header *hdr, const uint8_t *data, size_t len,
1573 struct fid **writefid, off_t *writepos, size_t *writetot,
1574 size_t *writeleft, int *writeskip)
1579 uint32_t fid, count;
1581 /* fid[4] offset[8] count[4] data[count] */
1582 if (!NPREAD32("fid", &fid, &data, &len) ||
1583 !NPREAD64("off", &off, &data, &len) ||
1584 !NPREAD32("count", &count, &data, &len) ||
1586 client_send_listener(IMSG_CLOSE, NULL, 0);
1591 if ((f = fid_by_id(fid)) == NULL || f->fd == -1) {
1593 np_error(hdr->tag, "invalid fid");
1597 if (!(f->iomode & O_WRONLY) &&
1598 !(f->iomode & O_RDWR)) {
1600 np_error(hdr->tag, "fid not opened for writing");
1604 if (TYPE_OVERFLOW(off_t, off)) {
1606 log_warnx("unexpected off_t size");
1607 np_error(hdr->tag, "invalid offset");
1611 if ((r = pwrite(f->fd, data, len, off)) == -1) {
1614 } else if (count == len)
1615 np_write(hdr->tag, r);
1617 /* account for a continuated write */
1620 *writepos = off + len;
1622 *writeleft = count - len;
1628 twrite_cont(struct fid *f, off_t *writepos, size_t *writetot,
1629 size_t *writeleft, int *writeskip, uint16_t tag, const uint8_t *data,
1634 if (len > *writeleft) {
1635 client_send_listener(IMSG_CLOSE, NULL, 0);
1640 if ((r = pwrite(f->fd, data, len, *writepos)) == -1) {
1650 if (*writeleft == 0)
1651 np_write(tag, *writetot);
1655 tstat(struct np_msg_header *hdr, const uint8_t *data, size_t len)
1657 struct evbuffer *evb;
1664 if (!NPREAD32("fid", &fid, &data, &len) ||
1666 client_send_listener(IMSG_CLOSE, NULL, 0);
1672 * plan9' stat(9P) is not clear on whether the stat is allowed
1673 * on opened fids or not. We're allowing stat regardless of the
1674 * status of the fid.
1677 if ((f = fid_by_id(fid)) == NULL) {
1678 np_error(hdr->tag, "invalid fid");
1682 if ((evb = evbuffer_new()) == NULL)
1683 fatal("evbuffer_new");
1686 r = fstat(f->fd, &sb);
1687 else if (f->qid.type & QTDIR)
1688 r = fstat(f->dir->fd, &sb);
1690 r = fstatat(f->dir->fd, f->fname, &sb, 0);
1698 if (serialize_stat(f->fname, &sb, evb) == -1)
1699 np_error(hdr->tag, "stat would overflow");
1701 np_stat(hdr->tag, EVBUFFER_LENGTH(evb), EVBUFFER_DATA(evb));
1706 twstat(struct np_msg_header *hdr, const uint8_t *data, size_t len)
1708 struct timespec times[2];
1713 char name[PATH_MAX];
1715 /* fid[4] stat[n] */
1716 if (!NPREAD32("fid", &fid, &data, &len))
1719 switch (NPREADST("stat", &st, name, sizeof(name), &data, &len)) {
1723 log_warnx("wstat new name would overflow");
1724 np_error(hdr->tag, "new name too long");
1729 * We skip the reading of some fields voluntarily because we
1730 * don't support chown, so len will always be > 0!
1737 if ((f = fid_by_id(fid)) == NULL) {
1738 np_error(hdr->tag, "invalid fid");
1743 * 9P wants these edits to be done in an atomic fashion,
1744 * something that I don't think it's possible on UNIX without
1745 * some special kernel help. Changing atime or mtime,
1746 * permissions, or rename the file are different syscalls.
1748 * Also, silently ignore stuff we can't/don't want to modify.
1751 /* change the permissions */
1752 if (st.mode != (uint32_t)-1) {
1753 mode_t m = st.mode & 0x7FF; /* silently truncate higer bits */
1755 r = fchmod(f->fd, m);
1757 r = fchmodat(f->dir->fd, f->fname, m, 0);
1765 /* change the atime/mtime of the fid, opened or not */
1766 if (st.atime != (uint32_t)-1 || st.mtime != (uint32_t)-1) {
1767 times[0].tv_nsec = UTIME_OMIT;
1768 times[1].tv_nsec = UTIME_OMIT;
1770 if (st.atime != (uint32_t)-1) {
1771 times[0].tv_sec = st.atime;
1772 times[0].tv_nsec = 0;
1774 if (st.mtime != (uint32_t)-1) {
1775 times[1].tv_sec = st.mtime;
1776 times[1].tv_nsec = 0;
1780 r = futimens(f->fd, times);
1782 r = utimensat(f->dir->fd, f->fname, times, 0);
1791 if (st.length != (uint64_t)-1) {
1793 np_error(hdr->tag, "can't truncate a non-opened fid");
1797 if (f->qid.type & QTDIR && st.length != 0) {
1798 np_error(hdr->tag, "can't truncate directories");
1802 if (TYPE_OVERFLOW(off_t, st.length)) {
1803 log_warnx("truncate request overflows off_t: %"PRIu64,
1805 np_error(hdr->tag, "length overflows");
1809 if (f->qid.type == 0 &&
1810 ftruncate(f->fd, st.length) == -1) {
1816 /* rename (change the name entry) */
1817 if (*st.name != '\0') {
1819 const char *newname;
1822 * XXX: 9P requires that we disallow changing the name
1823 * to that of an existing file. We can't do that
1824 * atomically (rename is happy about stealing names)
1825 * so this is just a best effort.
1827 if (fstatat(f->dir->fd, st.name, &sb, 0) == -1 &&
1829 np_error(hdr->tag, "target file exists");
1833 r = renameat(f->dir->fd, f->fname, f->dir->fd, st.name);
1839 /* fix the fid so it points to the new file */
1841 if ((newname = strchr(st.name, '/')) != NULL)
1842 newname++; /* skip / */
1845 strlcpy(f->fname, newname, sizeof(f->fname));
1847 if (strchr(st.name, '/') != NULL) {
1852 dname = dirname(st.name);
1853 fd = openat(f->dir->fd, dname, O_RDONLY|O_DIRECTORY);
1860 if ((dir = new_dir(fd)) == NULL) {
1867 f->dir = dir_incref(dir);
1875 client_send_listener(IMSG_CLOSE, NULL, 0);
1880 tremove(struct np_msg_header *hdr, const uint8_t *data, size_t len)
1885 char dirpath[PATH_MAX + 3];
1888 if (!NPREAD32("fid", &fid, &data, &len) ||
1890 client_send_listener(IMSG_CLOSE, NULL, 0);
1895 if ((f = fid_by_id(fid)) == NULL) {
1896 np_error(hdr->tag, "invalid fid");
1900 if (f->qid.type & QTDIR) { /* directory */
1901 strlcpy(dirpath, "../", sizeof(dirpath));
1902 strlcat(dirpath, f->fname, sizeof(dirpath));
1903 r = unlinkat(f->dir->fd, dirpath, AT_REMOVEDIR);
1905 r = unlinkat(f->dir->fd, f->fname, 0);
1910 np_remove(hdr->tag);
1916 handle_message(struct imsg *imsg, size_t len, int cont)
1918 static struct fid *writefid;
1919 static off_t writepos;
1920 static size_t writetot;
1921 static size_t writeleft;
1922 static int writeskip;
1923 static uint16_t writetag;
1926 void (*fn)(struct np_msg_header *, const uint8_t *, size_t);
1928 {Tversion, tversion},
1936 /* {Twrite, twrite}, */
1941 struct np_msg_header hdr;
1946 hexdump("incoming packet", imsg->data, len);
1950 * Twrite is special and can be "continued" to allow writing
1951 * more than what the imsg framework would allow us to.
1957 if (writefid == NULL) {
1958 log_warnx("received a continuation message without "
1960 client_send_listener(IMSG_CLOSE, NULL, 0);
1965 twrite_cont(writefid, &writepos, &writetot, &writeleft,
1966 &writeskip, writetag, imsg->data, len);
1970 if (writeleft > 0) {
1971 log_warnx("received a non continuation message when still "
1972 "missed %zu bytes to write", writeleft);
1973 client_send_listener(IMSG_CLOSE, NULL, 0);
1984 parse_message(imsg->data, len, &hdr, &data);
1987 log_debug("got request: len=%d type=%d[%s] tag=%d",
1988 hdr.len, hdr.type, pp_msg_type(hdr.type), hdr.tag);
1990 if (!handshaked && hdr.type != Tversion) {
1991 client_send_listener(IMSG_CLOSE, NULL, 0);
1996 if (hdr.type == Twrite) {
1998 twrite(&hdr, data, len, &writefid, &writepos, &writetot,
1999 &writeleft, &writeskip);
2003 if (len > IMSG_MAXSIZE) {
2004 log_warnx("can't handle message: too long for its type");
2005 client_send_listener(IMSG_CLOSE, NULL, 0);
2010 for (i = 0; i < sizeof(msgs)/sizeof(msgs[0]); ++i) {
2011 if (msgs[i].type != hdr.type)
2014 msgs[i].fn(&hdr, data, len);
2018 np_error(hdr.tag, "Not supported.");
