| vfs_acl.c (225617) | vfs_acl.c (241896) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2006 Robert N. M. Watson 3 * All rights reserved. 4 * 5 * This software was developed by Robert Watson for the TrustedBSD Project. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 19 unchanged lines hidden (view full) --- 28/* 29 * Developed by the TrustedBSD Project. 30 * 31 * ACL system calls and other functions common across different ACL types. 32 * Type-specific routines go into subr_acl_<type>.c. 33 */ 34 35#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1999-2006 Robert N. M. Watson 3 * All rights reserved. 4 * 5 * This software was developed by Robert Watson for the TrustedBSD Project. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 19 unchanged lines hidden (view full) --- 28/* 29 * Developed by the TrustedBSD Project. 30 * 31 * ACL system calls and other functions common across different ACL types. 32 * Type-specific routines go into subr_acl_<type>.c. 33 */ 34 35#include <sys/cdefs.h> |
| 36__FBSDID("$FreeBSD: head/sys/kern/vfs_acl.c 225617 2011-09-16 13:58:51Z kmacy $"); | 36__FBSDID("$FreeBSD: head/sys/kern/vfs_acl.c 241896 2012-10-22 17:50:54Z kib $"); |
| 37 38#include <sys/param.h> 39#include <sys/systm.h> 40#include <sys/sysproto.h> 41#include <sys/capability.h> 42#include <sys/fcntl.h> 43#include <sys/kernel.h> 44#include <sys/malloc.h> --- 277 unchanged lines hidden (view full) --- 322 323/* 324 * Given a file path, get an ACL for it 325 */ 326int 327sys___acl_get_file(struct thread *td, struct __acl_get_file_args *uap) 328{ 329 struct nameidata nd; | 37 38#include <sys/param.h> 39#include <sys/systm.h> 40#include <sys/sysproto.h> 41#include <sys/capability.h> 42#include <sys/fcntl.h> 43#include <sys/kernel.h> 44#include <sys/malloc.h> --- 277 unchanged lines hidden (view full) --- 322 323/* 324 * Given a file path, get an ACL for it 325 */ 326int 327sys___acl_get_file(struct thread *td, struct __acl_get_file_args *uap) 328{ 329 struct nameidata nd; |
| 330 int vfslocked, error; | 330 int error; |
| 331 | 331 |
| 332 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td); | 332 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td); |
| 333 error = namei(&nd); | 333 error = namei(&nd); |
| 334 vfslocked = NDHASGIANT(&nd); | |
| 335 if (error == 0) { 336 error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp); 337 NDFREE(&nd, 0); 338 } | 334 if (error == 0) { 335 error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp); 336 NDFREE(&nd, 0); 337 } |
| 339 VFS_UNLOCK_GIANT(vfslocked); | |
| 340 return (error); 341} 342 343/* 344 * Given a file path, get an ACL for it; don't follow links. 345 */ 346int 347sys___acl_get_link(struct thread *td, struct __acl_get_link_args *uap) 348{ 349 struct nameidata nd; | 338 return (error); 339} 340 341/* 342 * Given a file path, get an ACL for it; don't follow links. 343 */ 344int 345sys___acl_get_link(struct thread *td, struct __acl_get_link_args *uap) 346{ 347 struct nameidata nd; |
| 350 int vfslocked, error; | 348 int error; |
| 351 | 349 |
| 352 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td); | 350 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td); |
| 353 error = namei(&nd); | 351 error = namei(&nd); |
| 354 vfslocked = NDHASGIANT(&nd); | |
| 355 if (error == 0) { 356 error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp); 357 NDFREE(&nd, 0); 358 } | 352 if (error == 0) { 353 error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp); 354 NDFREE(&nd, 0); 355 } |
| 359 VFS_UNLOCK_GIANT(vfslocked); | |
| 360 return (error); 361} 362 363/* 364 * Given a file path, set an ACL for it. 365 */ 366int 367sys___acl_set_file(struct thread *td, struct __acl_set_file_args *uap) 368{ 369 struct nameidata nd; | 356 return (error); 357} 358 359/* 360 * Given a file path, set an ACL for it. 361 */ 362int 363sys___acl_set_file(struct thread *td, struct __acl_set_file_args *uap) 364{ 365 struct nameidata nd; |
| 370 int vfslocked, error; | 366 int error; |
| 371 | 367 |
| 372 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td); | 368 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td); |
| 373 error = namei(&nd); | 369 error = namei(&nd); |
| 374 vfslocked = NDHASGIANT(&nd); | |
| 375 if (error == 0) { 376 error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp); 377 NDFREE(&nd, 0); 378 } | 370 if (error == 0) { 371 error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp); 372 NDFREE(&nd, 0); 373 } |
| 379 VFS_UNLOCK_GIANT(vfslocked); | |
| 380 return (error); 381} 382 383/* 384 * Given a file path, set an ACL for it; don't follow links. 385 */ 386int 387sys___acl_set_link(struct thread *td, struct __acl_set_link_args *uap) 388{ 389 struct nameidata nd; | 374 return (error); 375} 376 377/* 378 * Given a file path, set an ACL for it; don't follow links. 379 */ 380int 381sys___acl_set_link(struct thread *td, struct __acl_set_link_args *uap) 382{ 383 struct nameidata nd; |
| 390 int vfslocked, error; | 384 int error; |
| 391 | 385 |
| 392 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td); | 386 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td); |
| 393 error = namei(&nd); | 387 error = namei(&nd); |
| 394 vfslocked = NDHASGIANT(&nd); | |
| 395 if (error == 0) { 396 error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp); 397 NDFREE(&nd, 0); 398 } | 388 if (error == 0) { 389 error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp); 390 NDFREE(&nd, 0); 391 } |
| 399 VFS_UNLOCK_GIANT(vfslocked); | |
| 400 return (error); 401} 402 403/* 404 * Given a file descriptor, get an ACL for it. 405 */ 406int 407sys___acl_get_fd(struct thread *td, struct __acl_get_fd_args *uap) 408{ 409 struct file *fp; | 392 return (error); 393} 394 395/* 396 * Given a file descriptor, get an ACL for it. 397 */ 398int 399sys___acl_get_fd(struct thread *td, struct __acl_get_fd_args *uap) 400{ 401 struct file *fp; |
| 410 int vfslocked, error; | 402 int error; |
| 411 412 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_GET, &fp); 413 if (error == 0) { | 403 404 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_GET, &fp); 405 if (error == 0) { |
| 414 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount); | |
| 415 error = vacl_get_acl(td, fp->f_vnode, uap->type, uap->aclp); 416 fdrop(fp, td); | 406 error = vacl_get_acl(td, fp->f_vnode, uap->type, uap->aclp); 407 fdrop(fp, td); |
| 417 VFS_UNLOCK_GIANT(vfslocked); | |
| 418 } 419 return (error); 420} 421 422/* 423 * Given a file descriptor, set an ACL for it. 424 */ 425int 426sys___acl_set_fd(struct thread *td, struct __acl_set_fd_args *uap) 427{ 428 struct file *fp; | 408 } 409 return (error); 410} 411 412/* 413 * Given a file descriptor, set an ACL for it. 414 */ 415int 416sys___acl_set_fd(struct thread *td, struct __acl_set_fd_args *uap) 417{ 418 struct file *fp; |
| 429 int vfslocked, error; | 419 int error; |
| 430 431 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_SET, &fp); 432 if (error == 0) { | 420 421 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_SET, &fp); 422 if (error == 0) { |
| 433 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount); | |
| 434 error = vacl_set_acl(td, fp->f_vnode, uap->type, uap->aclp); 435 fdrop(fp, td); | 423 error = vacl_set_acl(td, fp->f_vnode, uap->type, uap->aclp); 424 fdrop(fp, td); |
| 436 VFS_UNLOCK_GIANT(vfslocked); | |
| 437 } 438 return (error); 439} 440 441/* 442 * Given a file path, delete an ACL from it. 443 */ 444int 445sys___acl_delete_file(struct thread *td, struct __acl_delete_file_args *uap) 446{ 447 struct nameidata nd; | 425 } 426 return (error); 427} 428 429/* 430 * Given a file path, delete an ACL from it. 431 */ 432int 433sys___acl_delete_file(struct thread *td, struct __acl_delete_file_args *uap) 434{ 435 struct nameidata nd; |
| 448 int vfslocked, error; | 436 int error; |
| 449 | 437 |
| 450 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td); | 438 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td); |
| 451 error = namei(&nd); | 439 error = namei(&nd); |
| 452 vfslocked = NDHASGIANT(&nd); | |
| 453 if (error == 0) { 454 error = vacl_delete(td, nd.ni_vp, uap->type); 455 NDFREE(&nd, 0); 456 } | 440 if (error == 0) { 441 error = vacl_delete(td, nd.ni_vp, uap->type); 442 NDFREE(&nd, 0); 443 } |
| 457 VFS_UNLOCK_GIANT(vfslocked); | |
| 458 return (error); 459} 460 461/* 462 * Given a file path, delete an ACL from it; don't follow links. 463 */ 464int 465sys___acl_delete_link(struct thread *td, struct __acl_delete_link_args *uap) 466{ 467 struct nameidata nd; | 444 return (error); 445} 446 447/* 448 * Given a file path, delete an ACL from it; don't follow links. 449 */ 450int 451sys___acl_delete_link(struct thread *td, struct __acl_delete_link_args *uap) 452{ 453 struct nameidata nd; |
| 468 int vfslocked, error; | 454 int error; |
| 469 | 455 |
| 470 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td); | 456 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td); |
| 471 error = namei(&nd); | 457 error = namei(&nd); |
| 472 vfslocked = NDHASGIANT(&nd); | |
| 473 if (error == 0) { 474 error = vacl_delete(td, nd.ni_vp, uap->type); 475 NDFREE(&nd, 0); 476 } | 458 if (error == 0) { 459 error = vacl_delete(td, nd.ni_vp, uap->type); 460 NDFREE(&nd, 0); 461 } |
| 477 VFS_UNLOCK_GIANT(vfslocked); | |
| 478 return (error); 479} 480 481/* 482 * Given a file path, delete an ACL from it. 483 */ 484int 485sys___acl_delete_fd(struct thread *td, struct __acl_delete_fd_args *uap) 486{ 487 struct file *fp; | 462 return (error); 463} 464 465/* 466 * Given a file path, delete an ACL from it. 467 */ 468int 469sys___acl_delete_fd(struct thread *td, struct __acl_delete_fd_args *uap) 470{ 471 struct file *fp; |
| 488 int vfslocked, error; | 472 int error; |
| 489 490 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_DELETE, 491 &fp); 492 if (error == 0) { | 473 474 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_DELETE, 475 &fp); 476 if (error == 0) { |
| 493 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount); | |
| 494 error = vacl_delete(td, fp->f_vnode, uap->type); 495 fdrop(fp, td); | 477 error = vacl_delete(td, fp->f_vnode, uap->type); 478 fdrop(fp, td); |
| 496 VFS_UNLOCK_GIANT(vfslocked); | |
| 497 } 498 return (error); 499} 500 501/* 502 * Given a file path, check an ACL for it. 503 */ 504int 505sys___acl_aclcheck_file(struct thread *td, struct __acl_aclcheck_file_args *uap) 506{ 507 struct nameidata nd; | 479 } 480 return (error); 481} 482 483/* 484 * Given a file path, check an ACL for it. 485 */ 486int 487sys___acl_aclcheck_file(struct thread *td, struct __acl_aclcheck_file_args *uap) 488{ 489 struct nameidata nd; |
| 508 int vfslocked, error; | 490 int error; |
| 509 | 491 |
| 510 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td); | 492 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td); |
| 511 error = namei(&nd); | 493 error = namei(&nd); |
| 512 vfslocked = NDHASGIANT(&nd); | |
| 513 if (error == 0) { 514 error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp); 515 NDFREE(&nd, 0); 516 } | 494 if (error == 0) { 495 error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp); 496 NDFREE(&nd, 0); 497 } |
| 517 VFS_UNLOCK_GIANT(vfslocked); | |
| 518 return (error); 519} 520 521/* 522 * Given a file path, check an ACL for it; don't follow links. 523 */ 524int 525sys___acl_aclcheck_link(struct thread *td, struct __acl_aclcheck_link_args *uap) 526{ 527 struct nameidata nd; | 498 return (error); 499} 500 501/* 502 * Given a file path, check an ACL for it; don't follow links. 503 */ 504int 505sys___acl_aclcheck_link(struct thread *td, struct __acl_aclcheck_link_args *uap) 506{ 507 struct nameidata nd; |
| 528 int vfslocked, error; | 508 int error; |
| 529 | 509 |
| 530 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td); | 510 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td); |
| 531 error = namei(&nd); | 511 error = namei(&nd); |
| 532 vfslocked = NDHASGIANT(&nd); | |
| 533 if (error == 0) { 534 error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp); 535 NDFREE(&nd, 0); 536 } | 512 if (error == 0) { 513 error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp); 514 NDFREE(&nd, 0); 515 } |
| 537 VFS_UNLOCK_GIANT(vfslocked); | |
| 538 return (error); 539} 540 541/* 542 * Given a file descriptor, check an ACL for it. 543 */ 544int 545sys___acl_aclcheck_fd(struct thread *td, struct __acl_aclcheck_fd_args *uap) 546{ 547 struct file *fp; | 516 return (error); 517} 518 519/* 520 * Given a file descriptor, check an ACL for it. 521 */ 522int 523sys___acl_aclcheck_fd(struct thread *td, struct __acl_aclcheck_fd_args *uap) 524{ 525 struct file *fp; |
| 548 int vfslocked, error; | 526 int error; |
| 549 550 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_CHECK, 551 &fp); 552 if (error == 0) { | 527 528 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_CHECK, 529 &fp); 530 if (error == 0) { |
| 553 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount); | |
| 554 error = vacl_aclcheck(td, fp->f_vnode, uap->type, uap->aclp); 555 fdrop(fp, td); | 531 error = vacl_aclcheck(td, fp->f_vnode, uap->type, uap->aclp); 532 fdrop(fp, td); |
| 556 VFS_UNLOCK_GIANT(vfslocked); | |
| 557 } 558 return (error); 559} 560 561struct acl * 562acl_alloc(int flags) 563{ 564 struct acl *aclp; --- 13 unchanged lines hidden --- | 533 } 534 return (error); 535} 536 537struct acl * 538acl_alloc(int flags) 539{ 540 struct acl *aclp; --- 13 unchanged lines hidden --- |