Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/kern/kern_acl.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 1999, 2000 Robert N. M. Watson 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD: src/sys/kern/kern_acl.c,v 1.2.2.1 2000/07/28 18:48:16 rwatson Exp $ 27 * $DragonFly: src/sys/kern/kern_acl.c,v 1.17 2007/02/19 00:51:54 swildner Exp $ 28 */ 29 30 /* 31 * Generic routines to support file system ACLs, at a syntactic level 32 * Semantics are the responsibility of the underlying file system 33 */ 34 35 #include <sys/param.h> 36 #include <sys/systm.h> 37 #include <sys/sysproto.h> 38 #include <sys/kernel.h> 39 #include <sys/malloc.h> 40 #include <sys/vnode.h> 41 #include <sys/lock.h> 42 #include <sys/proc.h> 43 #include <sys/nlookup.h> 44 #include <sys/file.h> 45 #include <sys/sysent.h> 46 #include <sys/errno.h> 47 #include <sys/stat.h> 48 #include <sys/acl.h> 49 50 #include <sys/mplock2.h> 51 52 static int vacl_set_acl(struct vnode *vp, acl_type_t type, struct acl *aclp); 53 static int vacl_get_acl(struct vnode *vp, acl_type_t type, struct acl *aclp); 54 static int vacl_aclcheck(struct vnode *vp, acl_type_t type, struct acl *aclp); 55 56 /* 57 * These calls wrap the real vnode operations, and are called by the 58 * syscall code once the syscall has converted the path or file 59 * descriptor to a vnode (unlocked). The aclp pointer is assumed 60 * still to point to userland, so this should not be consumed within 61 * the kernel except by syscall code. Other code should directly 62 * invoke VOP_{SET,GET}ACL. 63 */ 64 65 /* 66 * Given a vnode, set its ACL. 67 */ 68 static int 69 vacl_set_acl(struct vnode *vp, acl_type_t type, struct acl *aclp) 70 { 71 struct thread *td = curthread; 72 struct acl inkernacl; 73 struct ucred *ucred; 74 int error; 75 76 error = copyin(aclp, &inkernacl, sizeof(struct acl)); 77 if (error) 78 return(error); 79 ucred = td->td_ucred; 80 81 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 82 error = VOP_SETACL(vp, type, &inkernacl, ucred); 83 vn_unlock(vp); 84 return(error); 85 } 86 87 /* 88 * Given a vnode, get its ACL. 89 */ 90 static int 91 vacl_get_acl(struct vnode *vp, acl_type_t type, struct acl *aclp) 92 { 93 struct thread *td = curthread; 94 struct acl inkernelacl; 95 struct ucred *ucred; 96 int error; 97 98 ucred = td->td_ucred; 99 error = VOP_GETACL(vp, type, &inkernelacl, ucred); 100 if (error == 0) 101 error = copyout(&inkernelacl, aclp, sizeof(struct acl)); 102 return (error); 103 } 104 105 /* 106 * Given a vnode, delete its ACL. 107 */ 108 static int 109 vacl_delete(struct vnode *vp, acl_type_t type) 110 { 111 struct thread *td = curthread; 112 struct ucred *ucred; 113 int error; 114 115 ucred = td->td_ucred; 116 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 117 error = VOP_SETACL(vp, ACL_TYPE_DEFAULT, 0, ucred); 118 vn_unlock(vp); 119 return (error); 120 } 121 122 /* 123 * Given a vnode, check whether an ACL is appropriate for it 124 */ 125 static int 126 vacl_aclcheck(struct vnode *vp, acl_type_t type, struct acl *aclp) 127 { 128 struct thread *td = curthread; 129 struct ucred *ucred; 130 struct acl inkernelacl; 131 int error; 132 133 ucred = td->td_ucred; 134 error = copyin(aclp, &inkernelacl, sizeof(struct acl)); 135 if (error) 136 return(error); 137 error = VOP_ACLCHECK(vp, type, &inkernelacl, ucred); 138 return (error); 139 } 140 141 /* 142 * syscalls -- convert the path/fd to a vnode, and call vacl_whatever. 143 * Don't need to lock, as the vacl_ code will get/release any locks 144 * required. 145 */ 146 147 /* 148 * Given a file path, get an ACL for it 149 */ 150 int 151 sys___acl_get_file(struct __acl_get_file_args *uap) 152 { 153 struct nlookupdata nd; 154 struct vnode *vp; 155 int error; 156 157 vp = NULL; 158 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW); 159 if (error == 0) 160 error = nlookup(&nd); 161 if (error == 0) 162 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp); 163 nlookup_done(&nd); 164 if (error == 0) { 165 error = vacl_get_acl(vp, uap->type, uap->aclp); 166 vrele(vp); 167 } 168 return (error); 169 } 170 171 /* 172 * Given a file path, set an ACL for it 173 */ 174 int 175 sys___acl_set_file(struct __acl_set_file_args *uap) 176 { 177 struct nlookupdata nd; 178 struct vnode *vp; 179 int error; 180 181 vp = NULL; 182 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW); 183 if (error == 0) 184 error = nlookup(&nd); 185 if (error == 0) 186 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp); 187 nlookup_done(&nd); 188 if (error == 0) { 189 error = vacl_set_acl(vp, uap->type, uap->aclp); 190 vrele(vp); 191 } 192 return (error); 193 } 194 195 /* 196 * Given a file descriptor, get an ACL for it 197 */ 198 int 199 sys___acl_get_fd(struct __acl_get_fd_args *uap) 200 { 201 struct thread *td = curthread; 202 struct file *fp; 203 int error; 204 205 KKASSERT(td->td_proc); 206 if ((error = holdvnode(td->td_proc->p_fd, uap->filedes, &fp)) != 0) 207 return(error); 208 error = vacl_get_acl((struct vnode *)fp->f_data, uap->type, uap->aclp); 209 fdrop(fp); 210 211 return (error); 212 } 213 214 /* 215 * Given a file descriptor, set an ACL for it 216 */ 217 int 218 sys___acl_set_fd(struct __acl_set_fd_args *uap) 219 { 220 struct thread *td = curthread; 221 struct file *fp; 222 int error; 223 224 KKASSERT(td->td_proc); 225 if ((error = holdvnode(td->td_proc->p_fd, uap->filedes, &fp)) != 0) 226 return(error); 227 error = vacl_set_acl((struct vnode *)fp->f_data, uap->type, uap->aclp); 228 fdrop(fp); 229 return (error); 230 } 231 232 /* 233 * Given a file path, delete an ACL from it. 234 */ 235 int 236 sys___acl_delete_file(struct __acl_delete_file_args *uap) 237 { 238 struct nlookupdata nd; 239 struct vnode *vp; 240 int error; 241 242 vp = NULL; 243 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW); 244 if (error == 0) 245 error = nlookup(&nd); 246 if (error == 0) 247 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp); 248 nlookup_done(&nd); 249 250 if (error == 0) { 251 error = vacl_delete(vp, uap->type); 252 vrele(vp); 253 } 254 return (error); 255 } 256 257 /* 258 * Given a file path, delete an ACL from it. 259 */ 260 int 261 sys___acl_delete_fd(struct __acl_delete_fd_args *uap) 262 { 263 struct thread *td = curthread; 264 struct file *fp; 265 int error; 266 267 KKASSERT(td->td_proc); 268 if ((error = holdvnode(td->td_proc->p_fd, uap->filedes, &fp)) != 0) 269 return(error); 270 error = vacl_delete((struct vnode *)fp->f_data, uap->type); 271 fdrop(fp); 272 return (error); 273 } 274 275 /* 276 * Given a file path, check an ACL for it 277 */ 278 int 279 sys___acl_aclcheck_file(struct __acl_aclcheck_file_args *uap) 280 { 281 struct nlookupdata nd; 282 struct vnode *vp; 283 int error; 284 285 vp = NULL; 286 error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW); 287 if (error == 0) 288 error = nlookup(&nd); 289 if (error == 0) 290 error = cache_vref(&nd.nl_nch, nd.nl_cred, &vp); 291 nlookup_done(&nd); 292 293 if (error == 0) { 294 error = vacl_aclcheck(vp, uap->type, uap->aclp); 295 vrele(vp); 296 } 297 return (error); 298 } 299 300 /* 301 * Given a file descriptor, check an ACL for it 302 */ 303 int 304 sys___acl_aclcheck_fd(struct __acl_aclcheck_fd_args *uap) 305 { 306 struct thread *td = curthread; 307 struct file *fp; 308 int error; 309 310 KKASSERT(td->td_proc); 311 if ((error = holdvnode(td->td_proc->p_fd, uap->filedes, &fp)) != 0) 312 return(error); 313 error = vacl_aclcheck((struct vnode *)fp->f_data, uap->type, uap->aclp); 314 fdrop(fp); 315 return (error); 316 } 317
Cache object: 4ea4ec9957db6ac2bb8cdec246d305de
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]