* [Qemu-devel] [PATCH 1/4] slirp: Enforce host-side user of smb share
2012-07-09 15:44 [Qemu-devel] [PATCH 0/4] [PULL] slirp: smb fixes and cmd: target for guestfwd Jan Kiszka
@ 2012-07-09 15:44 ` Jan Kiszka
2012-07-09 15:44 ` [Qemu-devel] [PATCH 2/4] slirp: add 'cmd:' target for guestfwd Jan Kiszka
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Jan Kiszka @ 2012-07-09 15:44 UTC (permalink / raw)
To: Anthony Liguori, qemu-devel
Windows 7 (and possibly other versions) cannot connect to the samba
share if the exported host directory is not world-readable. This can be
resolved by forcing the username used for access checks to the one
under which QEMU and smbd are running.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
net/slirp.c | 14 ++++++++++++--
1 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/net/slirp.c b/net/slirp.c
index 37b6ccf..a43b576 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -26,6 +26,7 @@
#include "config-host.h"
#ifndef _WIN32
+#include <pwd.h>
#include <sys/wait.h>
#endif
#include "net.h"
@@ -487,8 +488,15 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
static int instance;
char smb_conf[128];
char smb_cmdline[128];
+ struct passwd *passwd;
FILE *f;
+ passwd = getpwuid(geteuid());
+ if (!passwd) {
+ error_report("failed to retrieve user name");
+ return -1;
+ }
+
snprintf(s->smb_dir, sizeof(s->smb_dir), "/tmp/qemu-smb.%ld-%d",
(long)getpid(), instance++);
if (mkdir(s->smb_dir, 0700) < 0) {
@@ -517,14 +525,16 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
"[qemu]\n"
"path=%s\n"
"read only=no\n"
- "guest ok=yes\n",
+ "guest ok=yes\n"
+ "force user=%s\n",
s->smb_dir,
s->smb_dir,
s->smb_dir,
s->smb_dir,
s->smb_dir,
s->smb_dir,
- exported_dir
+ exported_dir,
+ passwd->pw_name
);
fclose(f);
--
1.7.3.4
^ permalink raw reply related [flat|nested] 6+ messages in thread* [Qemu-devel] [PATCH 2/4] slirp: add 'cmd:' target for guestfwd
2012-07-09 15:44 [Qemu-devel] [PATCH 0/4] [PULL] slirp: smb fixes and cmd: target for guestfwd Jan Kiszka
2012-07-09 15:44 ` [Qemu-devel] [PATCH 1/4] slirp: Enforce host-side user of smb share Jan Kiszka
@ 2012-07-09 15:44 ` Jan Kiszka
2012-07-09 15:44 ` [Qemu-devel] [PATCH 3/4] slirp: Ensure smbd and shared directory exist when enable smb Jan Kiszka
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Jan Kiszka @ 2012-07-09 15:44 UTC (permalink / raw)
To: Anthony Liguori, qemu-devel; +Cc: Alexander Graf
From: Alexander Graf <agraf@suse.de>
When using guestfwd=, Qemu only connects the virtual server's TCP port
to a single chardev. This is useless in most cases, as we usually want
to have more than a single connection from the guest to the outside world.
This patch adds a new cmd: target to guestfwd= that allows for execution
of a command on every TCP connection. This leverages the same code as
the -smb parameter, just that here the command is user defined.
Reported-by: Sascha Wilde <wilde@intevation.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
net/slirp.c | 44 +++++++++++++++++++++++++++-----------------
qemu-options.hx | 22 +++++++++++++++++++++-
2 files changed, 48 insertions(+), 18 deletions(-)
diff --git a/net/slirp.c b/net/slirp.c
index a43b576..180147e 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -626,25 +626,35 @@ static int slirp_guestfwd(SlirpState *s, const char *config_str,
fwd = g_malloc(sizeof(struct GuestFwd));
snprintf(buf, sizeof(buf), "guestfwd.tcp.%d", port);
- fwd->hd = qemu_chr_new(buf, p, NULL);
- if (!fwd->hd) {
- error_report("could not open guest forwarding device '%s'", buf);
- g_free(fwd);
- return -1;
- }
- if (slirp_add_exec(s->slirp, 3, fwd->hd, &server, port) < 0) {
- error_report("conflicting/invalid host:port in guest forwarding "
- "rule '%s'", config_str);
- g_free(fwd);
- return -1;
- }
- fwd->server = server;
- fwd->port = port;
- fwd->slirp = s->slirp;
+ if ((strlen(p) > 4) && !strncmp(p, "cmd:", 4)) {
+ if (slirp_add_exec(s->slirp, 0, &p[4], &server, port) < 0) {
+ error_report("conflicting/invalid host:port in guest forwarding "
+ "rule '%s'", config_str);
+ g_free(fwd);
+ return -1;
+ }
+ } else {
+ fwd->hd = qemu_chr_new(buf, p, NULL);
+ if (!fwd->hd) {
+ error_report("could not open guest forwarding device '%s'", buf);
+ g_free(fwd);
+ return -1;
+ }
+
+ if (slirp_add_exec(s->slirp, 3, fwd->hd, &server, port) < 0) {
+ error_report("conflicting/invalid host:port in guest forwarding "
+ "rule '%s'", config_str);
+ g_free(fwd);
+ return -1;
+ }
+ fwd->server = server;
+ fwd->port = port;
+ fwd->slirp = s->slirp;
- qemu_chr_add_handlers(fwd->hd, guestfwd_can_read, guestfwd_read,
- NULL, fwd);
+ qemu_chr_add_handlers(fwd->hd, guestfwd_can_read, guestfwd_read,
+ NULL, fwd);
+ }
return 0;
fail_syntax:
diff --git a/qemu-options.hx b/qemu-options.hx
index 8b66264..ecf7ca1 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -1421,8 +1421,28 @@ Then when you use on the host @code{telnet localhost 5555}, you
connect to the guest telnet server.
@item guestfwd=[tcp]:@var{server}:@var{port}-@var{dev}
+@item guestfwd=[tcp]:@var{server}:@var{port}-@var{cmd:command}
Forward guest TCP connections to the IP address @var{server} on port @var{port}
-to the character device @var{dev}. This option can be given multiple times.
+to the character device @var{dev} or to a program executed by @var{cmd:command}
+which gets spawned for each connection. This option can be given multiple times.
+
+You can either use a chardev directly and have that one used throughout Qemu's
+lifetime, like in the following example:
+
+@example
+# open 10.10.1.1:4321 on bootup, connect 10.0.2.100:1234 to it whenever
+# the guest accesses it
+qemu -net user,guestfwd=tcp:10.0.2.100:1234-tcp:10.10.1.1:4321 [...]
+@end example
+
+Or you can execute a command on every TCP connection established by the guest,
+so that Qemu behaves similar to an inetd process for that virtual server:
+
+@example
+# call "netcat 10.10.1.1 4321" on every TCP connection to 10.0.2.100:1234
+# and connect the TCP stream to its stdin/stdout
+qemu -net 'user,guestfwd=tcp:10.0.2.100:1234-cmd:netcat 10.10.1.1 4321'
+@end example
@end table
--
1.7.3.4
^ permalink raw reply related [flat|nested] 6+ messages in thread* [Qemu-devel] [PATCH 3/4] slirp: Ensure smbd and shared directory exist when enable smb
2012-07-09 15:44 [Qemu-devel] [PATCH 0/4] [PULL] slirp: smb fixes and cmd: target for guestfwd Jan Kiszka
2012-07-09 15:44 ` [Qemu-devel] [PATCH 1/4] slirp: Enforce host-side user of smb share Jan Kiszka
2012-07-09 15:44 ` [Qemu-devel] [PATCH 2/4] slirp: add 'cmd:' target for guestfwd Jan Kiszka
@ 2012-07-09 15:44 ` Jan Kiszka
2012-07-09 15:44 ` [Qemu-devel] [PATCH 4/4] slirp: Improve error reporting of inaccessible smb directories Jan Kiszka
2012-07-09 17:33 ` [Qemu-devel] [PATCH 0/4] [PULL] slirp: smb fixes and cmd: target for guestfwd Anthony Liguori
4 siblings, 0 replies; 6+ messages in thread
From: Jan Kiszka @ 2012-07-09 15:44 UTC (permalink / raw)
To: Anthony Liguori, qemu-devel; +Cc: Dunrong Huang
From: Dunrong Huang <riegamaths@gmail.com>
Users may pass the following parameters to qemu:
$ qemu-kvm -net nic -net user,smb= ...
$ qemu-kvm -net nic -net user,smb ...
$ qemu-kvm -net nic -net user,smb=bad_directory ...
In these cases, qemu started successfully while samba server
failed to start. Users will confuse since samba server
failed silently without any indication of what it did wrong.
To avoid it, we check whether the shared directory exist and
if users have permission to access this directory when QEMU's
"built-in" SMB server is enabled.
Signed-off-by: Dunrong Huang <riegamaths@gmail.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
net/slirp.c | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/net/slirp.c b/net/slirp.c
index 180147e..eb80889 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -497,6 +497,18 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
return -1;
}
+ if (access(CONFIG_SMBD_COMMAND, F_OK)) {
+ error_report("could not find '%s', please install it",
+ CONFIG_SMBD_COMMAND);
+ return -1;
+ }
+
+ if (access(exported_dir, R_OK | X_OK)) {
+ error_report("no such directory '%s', or you do not have permission "
+ "to access it, please check it", exported_dir);
+ return -1;
+ }
+
snprintf(s->smb_dir, sizeof(s->smb_dir), "/tmp/qemu-smb.%ld-%d",
(long)getpid(), instance++);
if (mkdir(s->smb_dir, 0700) < 0) {
--
1.7.3.4
^ permalink raw reply related [flat|nested] 6+ messages in thread* [Qemu-devel] [PATCH 4/4] slirp: Improve error reporting of inaccessible smb directories
2012-07-09 15:44 [Qemu-devel] [PATCH 0/4] [PULL] slirp: smb fixes and cmd: target for guestfwd Jan Kiszka
` (2 preceding siblings ...)
2012-07-09 15:44 ` [Qemu-devel] [PATCH 3/4] slirp: Ensure smbd and shared directory exist when enable smb Jan Kiszka
@ 2012-07-09 15:44 ` Jan Kiszka
2012-07-09 17:33 ` [Qemu-devel] [PATCH 0/4] [PULL] slirp: smb fixes and cmd: target for guestfwd Anthony Liguori
4 siblings, 0 replies; 6+ messages in thread
From: Jan Kiszka @ 2012-07-09 15:44 UTC (permalink / raw)
To: Anthony Liguori, qemu-devel
Instead of guessing, print the error code returned by access.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
net/slirp.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/slirp.c b/net/slirp.c
index eb80889..b82eab0 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -504,8 +504,8 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
}
if (access(exported_dir, R_OK | X_OK)) {
- error_report("no such directory '%s', or you do not have permission "
- "to access it, please check it", exported_dir);
+ error_report("error accessing shared directory '%s': %s",
+ exported_dir, strerror(errno));
return -1;
}
--
1.7.3.4
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [Qemu-devel] [PATCH 0/4] [PULL] slirp: smb fixes and cmd: target for guestfwd
2012-07-09 15:44 [Qemu-devel] [PATCH 0/4] [PULL] slirp: smb fixes and cmd: target for guestfwd Jan Kiszka
` (3 preceding siblings ...)
2012-07-09 15:44 ` [Qemu-devel] [PATCH 4/4] slirp: Improve error reporting of inaccessible smb directories Jan Kiszka
@ 2012-07-09 17:33 ` Anthony Liguori
4 siblings, 0 replies; 6+ messages in thread
From: Anthony Liguori @ 2012-07-09 17:33 UTC (permalink / raw)
To: Jan Kiszka; +Cc: qemu-devel, Dunrong Huang, Alexander Graf
On 07/09/2012 10:44 AM, Jan Kiszka wrote:
> The following changes since commit 84988cf910a6881f2180fdcec516b60f8f0dc8c4:
>
> bitops.h: Add functions to extract and deposit bitfields (2012-07-07 09:07:01 +0000)
>
> are available in the git repository at:
> git://git.kiszka.org/qemu.git queues/slirp
Pulled. Thanks.
Regards,
Anthony Liguori
>
> Alexander Graf (1):
> slirp: add 'cmd:' target for guestfwd
>
> Dunrong Huang (1):
> slirp: Ensure smbd and shared directory exist when enable smb
>
> Jan Kiszka (2):
> slirp: Enforce host-side user of smb share
> slirp: Improve error reporting of inaccessible smb directories
>
> net/slirp.c | 70 ++++++++++++++++++++++++++++++++++++++++---------------
> qemu-options.hx | 22 ++++++++++++++++-
> 2 files changed, 72 insertions(+), 20 deletions(-)
>
>
> CC: Alexander Graf<agraf@suse.de>
> CC: Dunrong Huang<riegamaths@gmail.com>
>
> Alexander Graf (1):
> slirp: add 'cmd:' target for guestfwd
>
> Dunrong Huang (1):
> slirp: Ensure smbd and shared directory exist when enable smb
>
> Jan Kiszka (2):
> slirp: Enforce host-side user of smb share
> slirp: Improve error reporting of inaccessible smb directories
>
> net/slirp.c | 70 ++++++++++++++++++++++++++++++++++++++++---------------
> qemu-options.hx | 22 ++++++++++++++++-
> 2 files changed, 72 insertions(+), 20 deletions(-)
>
^ permalink raw reply [flat|nested] 6+ messages in thread