Browse Source

Plan 9 from Bell Labs 2005-05-06

David du Colombier 19 years ago
parent
commit
6680cb1f3c
6 changed files with 265 additions and 195 deletions
  1. 4 3
      dist/replica/_plan9.db
  2. 4 4
      dist/replica/plan9.db
  3. 5 0
      dist/replica/plan9.log
  4. 99 105
      sys/man/4/exportfs
  5. 121 57
      sys/man/4/import
  6. 32 26
      sys/src/cmd/exportfs/exportfs.c

+ 4 - 3
dist/replica/_plan9.db

@@ -5495,13 +5495,13 @@ sys/man/4/cfs - 664 sys sys 1015024813 1758
 sys/man/4/consolefs - 664 sys sys 1069179473 3920
 sys/man/4/dossrv - 664 sys sys 1015024813 4176
 sys/man/4/execnet - 664 sys sys 1019866708 1069
-sys/man/4/exportfs - 664 sys sys 1105574692 4692
+sys/man/4/exportfs - 664 sys sys 1115314261 4653
 sys/man/4/ext2srv - 664 sys sys 1055692986 2409
 sys/man/4/factotum - 664 sys sys 1107836362 14708
 sys/man/4/fossil - 664 sys sys 1112368411 9546
 sys/man/4/fs - 664 sys sys 1019058716 3387
 sys/man/4/ftpfs - 664 sys sys 1112563349 4410
-sys/man/4/import - 664 sys sys 1034195346 2204
+sys/man/4/import - 664 sys sys 1115314601 3095
 sys/man/4/iostats - 664 sys sys 1105574383 1621
 sys/man/4/keyfs - 664 sys sys 1017251244 5003
 sys/man/4/kfs - 664 sys sys 1102088374 2164
@@ -7993,7 +7993,7 @@ sys/src/cmd/execnet/main.c - 664 sys sys 1019861330 657
 sys/src/cmd/execnet/mkfile - 664 sys sys 1032059543 208
 sys/src/cmd/execnet/note.c - 664 sys sys 1019855740 2315
 sys/src/cmd/exportfs - 20000000775 sys sys 988249971 0
-sys/src/cmd/exportfs/exportfs.c - 664 sys sys 1084471862 16296
+sys/src/cmd/exportfs/exportfs.c - 664 sys sys 1115314269 16357
 sys/src/cmd/exportfs/exportfs.h - 664 sys sys 1066823091 2800
 sys/src/cmd/exportfs/exportsrv.c - 664 sys sys 1081082332 11914
 sys/src/cmd/exportfs/mkfile - 664 sys sys 1066825703 194
@@ -12963,3 +12963,4 @@ usr/glenda/lib/profile - 664 glenda glenda 1105128663 890
 usr/glenda/readme.acme - 664 glenda glenda 1019860628 4753
 usr/glenda/readme.rio - 664 glenda glenda 1019860628 6370
 usr/glenda/tmp - 20000000775 glenda glenda 1018802620 0
+386/bin/exportfs - 775 sys sys 1115348876 161171

+ 4 - 4
dist/replica/plan9.db

@@ -219,7 +219,7 @@
 386/bin/ed - 775 sys sys 1104122006 93034
 386/bin/eqn - 775 sys sys 1087442511 242933
 386/bin/execnet - 775 sys sys 1108354551 171896
-386/bin/exportfs - 775 sys sys 1108354552 161148
+386/bin/exportfs - 775 sys sys 1115348876 161171
 386/bin/ext2srv - 775 sys sys 1108354552 173894
 386/bin/faces - 775 sys sys 1106799174 192579
 386/bin/factor - 775 sys sys 1104122008 61475
@@ -5495,13 +5495,13 @@ sys/man/4/cfs - 664 sys sys 1015024813 1758
 sys/man/4/consolefs - 664 sys sys 1069179473 3920
 sys/man/4/dossrv - 664 sys sys 1015024813 4176
 sys/man/4/execnet - 664 sys sys 1019866708 1069
-sys/man/4/exportfs - 664 sys sys 1105574692 4692
+sys/man/4/exportfs - 664 sys sys 1115314261 4653
 sys/man/4/ext2srv - 664 sys sys 1055692986 2409
 sys/man/4/factotum - 664 sys sys 1107836362 14708
 sys/man/4/fossil - 664 sys sys 1112368411 9546
 sys/man/4/fs - 664 sys sys 1019058716 3387
 sys/man/4/ftpfs - 664 sys sys 1112563349 4410
-sys/man/4/import - 664 sys sys 1034195346 2204
+sys/man/4/import - 664 sys sys 1115314601 3095
 sys/man/4/iostats - 664 sys sys 1105574383 1621
 sys/man/4/keyfs - 664 sys sys 1017251244 5003
 sys/man/4/kfs - 664 sys sys 1102088374 2164
@@ -7993,7 +7993,7 @@ sys/src/cmd/execnet/main.c - 664 sys sys 1019861330 657
 sys/src/cmd/execnet/mkfile - 664 sys sys 1032059543 208
 sys/src/cmd/execnet/note.c - 664 sys sys 1019855740 2315
 sys/src/cmd/exportfs - 20000000775 sys sys 988249971 0
-sys/src/cmd/exportfs/exportfs.c - 664 sys sys 1084471862 16296
+sys/src/cmd/exportfs/exportfs.c - 664 sys sys 1115314269 16357
 sys/src/cmd/exportfs/exportfs.h - 664 sys sys 1066823091 2800
 sys/src/cmd/exportfs/exportsrv.c - 664 sys sys 1081082332 11914
 sys/src/cmd/exportfs/mkfile - 664 sys sys 1066825703 194

+ 5 - 0
dist/replica/plan9.log

@@ -14874,3 +14874,8 @@
 1115177543 4 c 386/9pcdisk - 775 sys sys 1115176439 2040140
 1115177543 5 c 386/9pcf - 775 sys sys 1115176444 2382972
 1115177543 6 c 386/bin/auth/factotum - 775 sys sys 1115176426 312290
+1115314370 0 c sys/man/4/exportfs - 664 sys sys 1115314261 4653
+1115314370 1 c sys/man/4/import - 664 sys sys 1115314261 2978
+1115314370 2 c sys/src/cmd/exportfs/exportfs.c - 664 sys sys 1115314269 16357
+1115316171 0 c sys/man/4/import - 664 sys sys 1115314601 3095
+1115350383 0 c 386/bin/exportfs - 775 sys sys 1115348876 161171

+ 99 - 105
sys/man/4/exportfs

@@ -4,30 +4,7 @@ exportfs, srvfs \- network file server plumbing
 .SH SYNOPSIS
 .B exportfs
 [
-.B -adnsR
-] [
-.B -f
-.I dbgfile
-] [
-.B -m
-.I msize
-] [
-.B -r
-.I root
-] [
-.B -S
-.I service
-] [
-.B -A announce
-] [
-.B -e
-.I "'enc auth'"
-] [
-.B -N
-.I nsfile
-] [
-.B -P
-.I patternfile
+.I options
 ]
 .PP
 .B srvfs
@@ -71,68 +48,77 @@ creates a new name space for each connection, using
 .B /lib/namespace
 by default (see
 .IR namespace (6)).
-The
-.B -n
-option gives an alternative name space file.
-.PP
-The
-.B -R
-option makes the served name space read only.
-.PP
-The 
-.B -r
-option bypasses the initial protocol, instead immediately
-serving the name space rooted at 
-.IR root .
-The
-.B -s
-option is equivalent to
-.B -r 
-.BR / ,
-but predates
-.B -r
-and remains for compatibility.
-.PP
-The
-.B -S
-option also bypasses the initial protocol but
-serves the result of mounting
-.IR service .
-A separate mount is used for each
-.IR attach (5)
-message,
-to correctly handle servers in which each mount
-corresponds to a different client
-.IR e.g. , (
-.IR rio (4)).
-.PP
-The
-.B -m
-option sets the maximum message size that 
-exportfs should offer to send (see
-.IR version (5));
-this helps tunneled
-9P connections to avoid unnecessary fragmentation.
-.PP
-The
+The options are:
+.TP
+.PD
+.B -A \fIaddress
+Use the address
+.I address
+for
+.IR aan (8)
+connections.
+.TP
 .B -a
-option instructs
+Authenticate the user with the
+.I p9any
+protocol before running the regular
 .I exportfs
-to authenticate the user, usually because it is
-being invoked from a remote machine.
-.PP
-The
-.B -d
-option instructs
+session; used when 
 .I exportfs
-to log all 9P traffic to 
+is invoked to handle an incoming network connection.
+.TP
+.B -B \fIaddress
+Dial
+.IR address ,
+authenticate as a
+.I p9any
+client, and then
+serve that network connection.
+Requires setting the root of the name space with 
+.B -r
+or
+.BR -s .
+The remote system should run
+.B import
+.B -B
+to handle the call.
+See
+.IR import (4)
+for an example.
+.TP
+.B -d -f \fIdbgfile
+Log all 9P traffic to
 .I dbgfile
 (default
 .BR /tmp/exportdb ).
-.PP
-The
-.BI  -P patternfile
-option restricts the set of exported files.
+.TP
+.B -e '\fIenc auth\fL'
+Set the encryption and authentication algorithms to use for
+encrypting the wire traffic (see
+.IR ssl (3)).
+The defaults are
+.B rc4_256
+and
+.BR sha1 .
+.TP
+.B -m \fImsize
+Set the maximum message size that 
+.I exportfs
+should offer to send (see
+.IR version (5));
+this helps tunneled
+9P connections to avoid unnecessary fragmentation.
+.TP
+.B -N \fInsfile
+Serve the name space described by
+.IR nsfile .
+.TP
+.B -n
+Disallow mounts by user
+.BR none .
+.TP
+.B -P \fIpatternfile
+Restrict the set of exported files.
 .I Patternfile
 contains one regular expression per line,
 to be matched against path names
@@ -144,16 +130,31 @@ For a file to be exported, all lines with a prefix
 must match and all those with prefix
 .B -
 must not match.
-.PP
-The
-.B -e
-option specifies the encryption and authentication algorithms to use for
-encrypting the wire traffic.  The defaults are
-.B rc4_256
-and
-.BR sha1 .
-The full list of supported protocols in in
-.IR ssl (3).
+.TP
+.B -R
+Make the served name space read only.
+.TP
+.B -r \fIroot
+Bypass the initial protocol, serving the name space rooted at
+.IR root .
+.TP
+.B -S \fIservice
+bypass the initial protocol, serving the result of mounting
+.IR service .
+A separate mount is used for each
+.IR attach (5)
+message,
+to correctly handle servers in which each mount
+corresponds to a different client
+.IR e.g. , (
+.IR rio (4)).
+.TP
+.B -s
+equivalent to
+.B -r
+.BR / ;
+kept for compatibility.
+.PD
 .PP
 The
 .B cpu
@@ -165,6 +166,7 @@ command calls
 .I exportfs
 on a remote machine, permitting users to access arbitrary pieces of
 name space on other systems.
+.PP
 Because the kernel disallows reads and writes on mounted pipes
 (as might be found in
 .BR /srv ),
@@ -186,23 +188,15 @@ and posts it at
 which is created with mode
 .I perm
 (default 0600).
-By default, the name space is the directory tree rooted at 
+The name space is the directory tree rooted at 
 .IR path .
-If the
-.BR -d ,
-.BR -R ,
-or
-.B -P
-options are given,
-.I srvfs
-passes them to
-.IR exportprog .
-.PP
 The
-.B -A
-filter specifies an announce string when exportfs is used in combination
-with aan.  The announce string identifies the network and network 
-protocol to use for aan connections.
+.B -d ,
+.B -P ,
+and
+.B -R
+options, if present, are relayed to
+.IR exportprog .
 .SH EXAMPLES
 To export the archive of one user for one month, except for secrets,
 .IP

+ 121 - 57
sys/man/4/import

@@ -4,25 +4,26 @@ import \- import a name space from a remote system
 .SH SYNOPSIS
 .B import
 [
-.B -abcC
-] [
-.B "-E clear | ssl"
-.\" .B "| tls"	.\" Not yet implemented
-] [
-.B "-e 'enc auth'"
-] [
-.B -k
-.I keypattern
-] [
-.B -p
-] [
-.B "-s \f2srvname\fP
+.I options
 ]
 .I system
 .I file
 [
 .I mountpoint
-] 
+]
+.PP
+.B import
+.B -B
+[
+.I options
+]
+.I mountpoint
+[
+.I cmd
+[
+.I args ...
+]
+]
 .SH DESCRIPTION
 .I Import
 allows an arbitrary
@@ -49,60 +50,83 @@ uses the name of the remote
 .I file
 as the local mount point.
 .PP
-If
-.I file
-is a directory,
-.I import
-allows options exactly as in
+The options are:
+.TP
+.B -a -b -c -C
+Control the construction of union directories, as in
 .I mount
 and
-.IR bind (1)
-to control the construction of union directories.
-.PP
-The
-.B -E
-option causes
-.I import
-to push an authentication protocol on its network connection.
-Currently, the protocols supported are
+.IR bind (1).
+Only valid when 
+.I file
+is a directory.
+.TP
+.B -B
+Run in ``backwards'' mode, described below.
+.TP
+.B -E \fIenc
+Push an authentication protocol on its network connection.
+The supported protocols are
 .B clear
-(the default) which pushes no protocol,
+(the default, no protocol)
 and
 .BR ssl .
 There are plans to make
 .B tls
-available too.
-.PP
-The
-.B -e
-option specifies the encryption and authentication algorithms to use for
-encrypting the wire traffic.  The defaults are
+available.
+.TP
+.B -e '\fIenc auth\fR'
+Specify the encryption and authentication algorithms to use for
+encrypting the wire traffic
+(see
+.IR ssl (3)).
+The defaults are
 .B rc4_256
 and
 .BR sha1 .
-The full list of supported protocols in in
-.IR ssl (3).
-.PP
-The
+.TP
+.B -k \fIkeypattern
+Use
+.I keypattern
+to select a key to authenticate to the remote side
+(see
+.IR auth (2)).
+.TP
+.B -o -O
+These equivalent flags run
+.I import
+in a pre-9P2000 compatibility mode to import from ancient servers.
+.TP
 .B -p
-option pushes the
-.B aan
-filter onto the connection.  This filter will protect the connection from
-temporary network outages; see
-.IR aan (1).
+Push the
+.IR aan (8)
+filter onto the connection to protect against
+temporary network outages.
+.TP
+.B -s \fIname
+Post the connection's mountable file descriptor as
+.BI /srv/ name\fR.
+.PD
 .PP
-The
-.B -s
-option posts the connection's mountable file descriptor in
-.B /srv
-under the given name.
-.PP
-The
-.B -k
-option specifies a key pattern suffix to be used in the
-.B auth_proxy
-call that authenticates to the remote side.
-.SH EXAMPLE
+The 
+.B -B
+option runs
+.I import
+in ``backwards'' mode.
+In this mode,
+.I import
+runs a
+.I p9any
+authentication (as server) over its file descriptor 0
+(expected to be an incoming network connection from
+.B exportfs
+.BR -B ),
+mounts the connection onto
+.IR mntpt ,
+and optionally runs
+.I cmd
+.IR args .
+.SH EXAMPLES
 Assume a machine
 .B kremvax
 that has IP interfaces for the company intranet and the global
@@ -118,13 +142,53 @@ internet using:
 import -a kremvax /net.alt
 telnet /net.alt/tcp!ucbvax
 .EE
+.PP
+Suppose that the machine
+.B moscvax
+is has access to a private file server containing public web pages
+that need to be served by the less-trusted server
+.BR webvax .
+.B Webvax
+runs the following listener 
+(see
+.IR listen (8))
+on TCP port 999:
+.IP
+.EX
+#!/bin/rc
+import -B -s rowebfs /usr/web /bin/restarthttpd
+.EE
+.PP
+When
+.B moscvax
+boots, it runs
+.IP
+.EX
+exportfs -R -r /usr/web -B tcp!webvax!999
+.EE
+.PP
+to serve a read-only copy of
+.B /usr/web
+to
+.BR webvax .
+When
+.B webvax
+gets the call, 
+.B import
+mounts the served tree onto its own
+.B /usr/web
+and then runs
+.B /bin/restarthttpd
+to restart
+.IR httpd (8).
 .SH SOURCE
 .B /sys/src/cmd/import.c
 .SH SEE ALSO
 .IR bind (1),
 .IR aan (1),
-.IR exportfs (4),
 .IR ssl (3),
+.IR exportfs (4),
+.IR listen (8),
 .B cs
 in
 .IR ndb (8)

+ 32 - 26
sys/src/cmd/exportfs/exportfs.c

@@ -59,45 +59,33 @@ int	filter(int, char *);
 void
 usage(void)
 {
-	fprint(2, "usage:	%s [-ads] [-f dbgfile] [-m msize] [-r root] [-S srvfile] [-e 'crypt hash'] [-A announce-string]\n", argv0);
-	fprint(2, "	%s -B address\n", argv0);
+	fprint(2, "usage:	%s [-adnsR] [-f dbgfile] [-m msize] [-r root] [-S srvfile] [-e 'crypt hash'] [-A announce-string] [-B address]\n", argv0);
 	fatal("usage");
 }
 
 void
 main(int argc, char **argv)
 {
-	char buf[ERRMAX], ebuf[ERRMAX];
+	char buf[ERRMAX], ebuf[ERRMAX], *srvfdfile;
 	Fsrpc *r;
-	int n, fd;
-	char *dbfile, *srv, *file, *na, *nsfile, *keyspec;
+	int doauth, n, fd;
+	char *dbfile, *srv, *na, *nsfile, *keyspec;
 	AuthInfo *ai;
 	ulong initial;
 
 	dbfile = "/tmp/exportdb";
 	srv = nil;
 	srvfd = -1;
+	srvfdfile = nil;
 	na = nil;
 	nsfile = nil;
 	keyspec = "";
+	doauth = 0;
 
 	ai = nil;
 	ARGBEGIN{
 	case 'a':
-		/*
-		 * We use p9any so we don't have to visit this code again, with the
-		 * cost that this code is incompatible with the old world, which
-		 * requires p9sk2. (The two differ in who talks first, so compatibility
-		 * is awkward.)
-		 */
-		ai = auth_proxy(0, auth_getkey, "proto=p9any role=server %s", keyspec);
-		if(ai == nil)
-			fatal("auth_proxy: %r");
-		if(nonone && strcmp(ai->cuid, "none") == 0)
-			fatal("exportfs by none disallowed");
-		if(auth_chuid(ai, nsfile) < 0)
-			fatal("auth_chuid: %r");
-		putenv("service", "exportfs");
+		doauth = 1;
 		break;
 
 	case 'k':
@@ -105,19 +93,15 @@ main(int argc, char **argv)
 		break;
 
 	case 'e':
-		ealgs = ARGF();
-		if(ealgs == nil)
-			usage();
+		ealgs = EARGF(usage());
 		if(*ealgs == 0 || strcmp(ealgs, "clear") == 0)
 			ealgs = nil;
 		break;
 
 	case 'S':
-		if(srvfd != -1)
+		if(srvfdfile)
 			usage();
-		file = EARGF(usage());
-		if((srvfd = open(file, ORDWR)) < 0)
-			sysfatal("open '%s': %r", file);
+		srvfdfile = EARGF(usage());
 		break;
 
 	case 'd':
@@ -173,6 +157,28 @@ main(int argc, char **argv)
 	}ARGEND
 	USED(argc, argv);
 
+	if(doauth){
+		/*
+		 * We use p9any so we don't have to visit this code again, with the
+		 * cost that this code is incompatible with the old world, which
+		 * requires p9sk2. (The two differ in who talks first, so compatibility
+		 * is awkward.)
+		 */
+		ai = auth_proxy(0, auth_getkey, "proto=p9any role=server %s", keyspec);
+		if(ai == nil)
+			fatal("auth_proxy: %r");
+		if(nonone && strcmp(ai->cuid, "none") == 0)
+			fatal("exportfs by none disallowed");
+		if(auth_chuid(ai, nsfile) < 0)
+			fatal("auth_chuid: %r");
+		putenv("service", "exportfs");
+	}
+
+	if(srvfdfile){
+		if((srvfd = open(srvfdfile, ORDWR)) < 0)
+			sysfatal("open '%s': %r", srvfdfile);
+	}
+
 	if(na){
 		if(srv == nil)
 			sysfatal("-B requires -s");