Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/kern/kern_acl.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 1999, 2000 Robert N. M. Watson 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD$ 27 */ 28 29 /* 30 * Generic routines to support file system ACLs, at a syntactic level 31 * Semantics are the responsibility of the underlying file system 32 */ 33 34 #include <sys/param.h> 35 #include <sys/systm.h> 36 #include <sys/sysproto.h> 37 #include <sys/kernel.h> 38 #include <sys/malloc.h> 39 #include <sys/vnode.h> 40 #include <sys/lock.h> 41 #include <sys/namei.h> 42 #include <sys/file.h> 43 #include <sys/proc.h> 44 #include <sys/sysent.h> 45 #include <sys/errno.h> 46 #include <sys/stat.h> 47 #include <sys/acl.h> 48 49 static MALLOC_DEFINE(M_ACL, "acl", "access control list"); 50 51 static int vacl_set_acl(struct proc *p, struct vnode *vp, acl_type_t type, 52 struct acl *aclp); 53 static int vacl_get_acl(struct proc *p, struct vnode *vp, acl_type_t type, 54 struct acl *aclp); 55 static int vacl_aclcheck(struct proc *p, struct vnode *vp, acl_type_t type, 56 struct acl *aclp); 57 58 /* 59 * These calls wrap the real vnode operations, and are called by the 60 * syscall code once the syscall has converted the path or file 61 * descriptor to a vnode (unlocked). The aclp pointer is assumed 62 * still to point to userland, so this should not be consumed within 63 * the kernel except by syscall code. Other code should directly 64 * invoke VOP_{SET,GET}ACL. 65 */ 66 67 /* 68 * Given a vnode, set its ACL. 69 */ 70 static int 71 vacl_set_acl(struct proc *p, struct vnode *vp, acl_type_t type, 72 struct acl *aclp) 73 { 74 struct acl inkernacl; 75 int error; 76 77 error = copyin(aclp, &inkernacl, sizeof(struct acl)); 78 if (error) 79 return(error); 80 VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE); 81 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p); 82 error = VOP_SETACL(vp, type, &inkernacl, p->p_ucred, p); 83 VOP_UNLOCK(vp, 0, p); 84 return(error); 85 } 86 87 /* 88 * Given a vnode, get its ACL. 89 */ 90 static int 91 vacl_get_acl(struct proc *p, struct vnode *vp, acl_type_t type, 92 struct acl *aclp) 93 { 94 struct acl inkernelacl; 95 int error; 96 97 error = VOP_GETACL(vp, type, &inkernelacl, p->p_ucred, p); 98 if (error == 0) 99 error = copyout(&inkernelacl, aclp, sizeof(struct acl)); 100 return (error); 101 } 102 103 /* 104 * Given a vnode, delete its ACL. 105 */ 106 static int 107 vacl_delete(struct proc *p, struct vnode *vp, acl_type_t type) 108 { 109 int error; 110 111 VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE); 112 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p); 113 error = VOP_SETACL(vp, ACL_TYPE_DEFAULT, 0, p->p_ucred, p); 114 VOP_UNLOCK(vp, 0, p); 115 return (error); 116 } 117 118 /* 119 * Given a vnode, check whether an ACL is appropriate for it 120 */ 121 static int 122 vacl_aclcheck(struct proc *p, struct vnode *vp, acl_type_t type, 123 struct acl *aclp) 124 { 125 struct acl inkernelacl; 126 int error; 127 128 error = copyin(aclp, &inkernelacl, sizeof(struct acl)); 129 if (error) 130 return(error); 131 error = VOP_ACLCHECK(vp, type, &inkernelacl, p->p_ucred, p); 132 return (error); 133 } 134 135 /* 136 * syscalls -- convert the path/fd to a vnode, and call vacl_whatever. 137 * Don't need to lock, as the vacl_ code will get/release any locks 138 * required. 139 */ 140 141 /* 142 * Given a file path, get an ACL for it 143 */ 144 int 145 __acl_get_file(struct proc *p, struct __acl_get_file_args *uap) 146 { 147 struct nameidata nd; 148 int error; 149 150 /* what flags are required here -- possible not LOCKLEAF? */ 151 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); 152 error = namei(&nd); 153 if (error) 154 return(error); 155 error = vacl_get_acl(p, nd.ni_vp, SCARG(uap, type), SCARG(uap, aclp)); 156 NDFREE(&nd, 0); 157 return (error); 158 } 159 160 /* 161 * Given a file path, set an ACL for it 162 */ 163 int 164 __acl_set_file(struct proc *p, struct __acl_set_file_args *uap) 165 { 166 struct nameidata nd; 167 int error; 168 169 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); 170 error = namei(&nd); 171 if (error) 172 return(error); 173 error = vacl_set_acl(p, nd.ni_vp, SCARG(uap, type), SCARG(uap, aclp)); 174 NDFREE(&nd, 0); 175 return (error); 176 } 177 178 /* 179 * Given a file descriptor, get an ACL for it 180 */ 181 int 182 __acl_get_fd(struct proc *p, struct __acl_get_fd_args *uap) 183 { 184 struct file *fp; 185 int error; 186 187 error = getvnode(p->p_fd, SCARG(uap, filedes), &fp); 188 if (error) 189 return(error); 190 return vacl_get_acl(p, (struct vnode *)fp->f_data, SCARG(uap, type), 191 SCARG(uap, aclp)); 192 } 193 194 /* 195 * Given a file descriptor, set an ACL for it 196 */ 197 int 198 __acl_set_fd(struct proc *p, struct __acl_set_fd_args *uap) 199 { 200 struct file *fp; 201 int error; 202 203 error = getvnode(p->p_fd, SCARG(uap, filedes), &fp); 204 if (error) 205 return(error); 206 return vacl_set_acl(p, (struct vnode *)fp->f_data, SCARG(uap, type), 207 SCARG(uap, aclp)); 208 } 209 210 /* 211 * Given a file path, delete an ACL from it. 212 */ 213 int 214 __acl_delete_file(struct proc *p, struct __acl_delete_file_args *uap) 215 { 216 struct nameidata nd; 217 int error; 218 219 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); 220 error = namei(&nd); 221 if (error) 222 return(error); 223 error = vacl_delete(p, nd.ni_vp, SCARG(uap, type)); 224 NDFREE(&nd, 0); 225 return (error); 226 } 227 228 /* 229 * Given a file path, delete an ACL from it. 230 */ 231 int 232 __acl_delete_fd(struct proc *p, struct __acl_delete_fd_args *uap) 233 { 234 struct file *fp; 235 int error; 236 237 error = getvnode(p->p_fd, SCARG(uap, filedes), &fp); 238 if (error) 239 return(error); 240 error = vacl_delete(p, (struct vnode *)fp->f_data, SCARG(uap, type)); 241 return (error); 242 } 243 244 /* 245 * Given a file path, check an ACL for it 246 */ 247 int 248 __acl_aclcheck_file(struct proc *p, struct __acl_aclcheck_file_args *uap) 249 { 250 struct nameidata nd; 251 int error; 252 253 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); 254 error = namei(&nd); 255 if (error) 256 return(error); 257 error = vacl_aclcheck(p, nd.ni_vp, SCARG(uap, type), SCARG(uap, aclp)); 258 NDFREE(&nd, 0); 259 return (error); 260 } 261 262 /* 263 * Given a file descriptor, check an ACL for it 264 */ 265 int 266 __acl_aclcheck_fd(struct proc *p, struct __acl_aclcheck_fd_args *uap) 267 { 268 struct file *fp; 269 int error; 270 271 error = getvnode(p->p_fd, SCARG(uap, filedes), &fp); 272 if (error) 273 return(error); 274 return vacl_aclcheck(p, (struct vnode *)fp->f_data, SCARG(uap, type), 275 SCARG(uap, aclp)); 276 }
Cache object: 7dcc6bc6bdffdfe03e1646003322e693
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]