FreeBSD/Linux Kernel Cross Reference
sys/kern/kern_acl.c
1 /*-
2 * Copyright (c) 1999, 2000 Robert N. M. Watson
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * $FreeBSD$
27 */
28
29 /*
30 * Generic routines to support file system ACLs, at a syntactic level
31 * Semantics are the responsibility of the underlying file system
32 */
33
34 #include <sys/param.h>
35 #include <sys/systm.h>
36 #include <sys/sysproto.h>
37 #include <sys/kernel.h>
38 #include <sys/malloc.h>
39 #include <sys/vnode.h>
40 #include <sys/lock.h>
41 #include <sys/namei.h>
42 #include <sys/file.h>
43 #include <sys/proc.h>
44 #include <sys/sysent.h>
45 #include <sys/errno.h>
46 #include <sys/stat.h>
47 #include <sys/acl.h>
48
49 static MALLOC_DEFINE(M_ACL, "acl", "access control list");
50
51 static int vacl_set_acl(struct proc *p, struct vnode *vp, acl_type_t type,
52 struct acl *aclp);
53 static int vacl_get_acl(struct proc *p, struct vnode *vp, acl_type_t type,
54 struct acl *aclp);
55 static int vacl_aclcheck(struct proc *p, struct vnode *vp, acl_type_t type,
56 struct acl *aclp);
57
58 /*
59 * These calls wrap the real vnode operations, and are called by the
60 * syscall code once the syscall has converted the path or file
61 * descriptor to a vnode (unlocked). The aclp pointer is assumed
62 * still to point to userland, so this should not be consumed within
63 * the kernel except by syscall code. Other code should directly
64 * invoke VOP_{SET,GET}ACL.
65 */
66
67 /*
68 * Given a vnode, set its ACL.
69 */
70 static int
71 vacl_set_acl(struct proc *p, struct vnode *vp, acl_type_t type,
72 struct acl *aclp)
73 {
74 struct acl inkernacl;
75 int error;
76
77 error = copyin(aclp, &inkernacl, sizeof(struct acl));
78 if (error)
79 return(error);
80 VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
81 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
82 error = VOP_SETACL(vp, type, &inkernacl, p->p_ucred, p);
83 VOP_UNLOCK(vp, 0, p);
84 return(error);
85 }
86
87 /*
88 * Given a vnode, get its ACL.
89 */
90 static int
91 vacl_get_acl(struct proc *p, struct vnode *vp, acl_type_t type,
92 struct acl *aclp)
93 {
94 struct acl inkernelacl;
95 int error;
96
97 error = VOP_GETACL(vp, type, &inkernelacl, p->p_ucred, p);
98 if (error == 0)
99 error = copyout(&inkernelacl, aclp, sizeof(struct acl));
100 return (error);
101 }
102
103 /*
104 * Given a vnode, delete its ACL.
105 */
106 static int
107 vacl_delete(struct proc *p, struct vnode *vp, acl_type_t type)
108 {
109 int error;
110
111 VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
112 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
113 error = VOP_SETACL(vp, ACL_TYPE_DEFAULT, 0, p->p_ucred, p);
114 VOP_UNLOCK(vp, 0, p);
115 return (error);
116 }
117
118 /*
119 * Given a vnode, check whether an ACL is appropriate for it
120 */
121 static int
122 vacl_aclcheck(struct proc *p, struct vnode *vp, acl_type_t type,
123 struct acl *aclp)
124 {
125 struct acl inkernelacl;
126 int error;
127
128 error = copyin(aclp, &inkernelacl, sizeof(struct acl));
129 if (error)
130 return(error);
131 error = VOP_ACLCHECK(vp, type, &inkernelacl, p->p_ucred, p);
132 return (error);
133 }
134
135 /*
136 * syscalls -- convert the path/fd to a vnode, and call vacl_whatever.
137 * Don't need to lock, as the vacl_ code will get/release any locks
138 * required.
139 */
140
141 /*
142 * Given a file path, get an ACL for it
143 */
144 int
145 __acl_get_file(struct proc *p, struct __acl_get_file_args *uap)
146 {
147 struct nameidata nd;
148 int error;
149
150 /* what flags are required here -- possible not LOCKLEAF? */
151 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
152 error = namei(&nd);
153 if (error)
154 return(error);
155 error = vacl_get_acl(p, nd.ni_vp, SCARG(uap, type), SCARG(uap, aclp));
156 NDFREE(&nd, 0);
157 return (error);
158 }
159
160 /*
161 * Given a file path, set an ACL for it
162 */
163 int
164 __acl_set_file(struct proc *p, struct __acl_set_file_args *uap)
165 {
166 struct nameidata nd;
167 int error;
168
169 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
170 error = namei(&nd);
171 if (error)
172 return(error);
173 error = vacl_set_acl(p, nd.ni_vp, SCARG(uap, type), SCARG(uap, aclp));
174 NDFREE(&nd, 0);
175 return (error);
176 }
177
178 /*
179 * Given a file descriptor, get an ACL for it
180 */
181 int
182 __acl_get_fd(struct proc *p, struct __acl_get_fd_args *uap)
183 {
184 struct file *fp;
185 int error;
186
187 error = getvnode(p->p_fd, SCARG(uap, filedes), &fp);
188 if (error)
189 return(error);
190 return vacl_get_acl(p, (struct vnode *)fp->f_data, SCARG(uap, type),
191 SCARG(uap, aclp));
192 }
193
194 /*
195 * Given a file descriptor, set an ACL for it
196 */
197 int
198 __acl_set_fd(struct proc *p, struct __acl_set_fd_args *uap)
199 {
200 struct file *fp;
201 int error;
202
203 error = getvnode(p->p_fd, SCARG(uap, filedes), &fp);
204 if (error)
205 return(error);
206 return vacl_set_acl(p, (struct vnode *)fp->f_data, SCARG(uap, type),
207 SCARG(uap, aclp));
208 }
209
210 /*
211 * Given a file path, delete an ACL from it.
212 */
213 int
214 __acl_delete_file(struct proc *p, struct __acl_delete_file_args *uap)
215 {
216 struct nameidata nd;
217 int error;
218
219 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
220 error = namei(&nd);
221 if (error)
222 return(error);
223 error = vacl_delete(p, nd.ni_vp, SCARG(uap, type));
224 NDFREE(&nd, 0);
225 return (error);
226 }
227
228 /*
229 * Given a file path, delete an ACL from it.
230 */
231 int
232 __acl_delete_fd(struct proc *p, struct __acl_delete_fd_args *uap)
233 {
234 struct file *fp;
235 int error;
236
237 error = getvnode(p->p_fd, SCARG(uap, filedes), &fp);
238 if (error)
239 return(error);
240 error = vacl_delete(p, (struct vnode *)fp->f_data, SCARG(uap, type));
241 return (error);
242 }
243
244 /*
245 * Given a file path, check an ACL for it
246 */
247 int
248 __acl_aclcheck_file(struct proc *p, struct __acl_aclcheck_file_args *uap)
249 {
250 struct nameidata nd;
251 int error;
252
253 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
254 error = namei(&nd);
255 if (error)
256 return(error);
257 error = vacl_aclcheck(p, nd.ni_vp, SCARG(uap, type), SCARG(uap, aclp));
258 NDFREE(&nd, 0);
259 return (error);
260 }
261
262 /*
263 * Given a file descriptor, check an ACL for it
264 */
265 int
266 __acl_aclcheck_fd(struct proc *p, struct __acl_aclcheck_fd_args *uap)
267 {
268 struct file *fp;
269 int error;
270
271 error = getvnode(p->p_fd, SCARG(uap, filedes), &fp);
272 if (error)
273 return(error);
274 return vacl_aclcheck(p, (struct vnode *)fp->f_data, SCARG(uap, type),
275 SCARG(uap, aclp));
276 }
Cache object: 7dcc6bc6bdffdfe03e1646003322e693
|