ref: 54ec7aed6217f31e8d4f64678ff2260bd1dfaad2
parent: 04171d24777d5a108df6e90e10fa7c8d0a841479
author: aiju <devnull@localhost>
date: Thu Feb 23 18:22:49 EST 2017
auth/keyfs: support -r flag to mount read-only
--- a/sys/man/4/keyfs
+++ b/sys/man/4/keyfs
@@ -14,6 +14,9 @@
.BI -m mntpt
]
[
+.B -r
+]
+[
.I keyfile
]
.PP
@@ -83,6 +86,10 @@
If any changes are made to the database that affect the information stored in
.IR keyfile ,
a new version of the file is written.
+.PP
+If the
+.B -r
+option is given, the database is mounted `read-only' and no changes are permitted.
.PP
There are two authentication databases,
one for Plan 9 user information,
--- a/sys/src/cmd/auth/keyfs.c
+++ b/sys/src/cmd/auth/keyfs.c
@@ -92,6 +92,7 @@
ulong uniq = 1;
Fcall rhdr, thdr;
int usepass;
+int readonly;
char *warnarg;
uchar mdata[8192 + IOHDRSZ];
int messagesize = sizeof mdata;
@@ -137,7 +138,7 @@
static void
usage(void)
{- fprint(2, "usage: %s [-p] [-m mtpt] [-w warn] [keyfile]\n", argv0);
+ fprint(2, "usage: %s [-p] [-r] [-m mtpt] [-w warn] [keyfile]\n", argv0);
exits("usage");}
@@ -165,6 +166,9 @@
case 'w':
warnarg = EARGF(usage());
break;
+ case 'r':
+ readonly = 1;
+ break;
default:
usage();
break;
@@ -390,6 +394,8 @@
if(!f->busy)
return "create of unused fid";
+ if(readonly)
+ return "mounted read-only";
name = rhdr.name;
if(f->user != nil){return "permission denied";
@@ -531,6 +537,8 @@
if(!f->busy)
return "permission denied";
+ if(readonly)
+ return "mounted read-only";
n = rhdr.count;
data = rhdr.data;
switch(f->qtype){@@ -613,6 +621,10 @@
{if(!f->busy)
return "permission denied";
+ if(readonly){+ Clunk(f);
+ return "mounted read-only";
+ }
if(f->qtype == Qwarnings)
f->user->warnings = 0;
else if(f->qtype == Quser)
@@ -649,6 +661,8 @@
if(!f->busy || f->qtype != Quser)
return "permission denied";
+ if(readonly)
+ return "mounted read-only";
if(rhdr.nstat > sizeof buf)
return "wstat buffer too big";
if(convM2D(rhdr.stat, rhdr.nstat, &d, buf) == 0)
@@ -711,6 +725,11 @@
User *u;
uchar *p, *buf;
ulong expire;
+
+ if(readonly){+ fprint(2, "writeusers called while read-only; shouldn't happen\n");
+ return;
+ }
/* what format to use */
keydblen = KEYDBLEN;