1/*-
2 * Copyright (c) 1999-2006 Robert N. M. Watson
3 * All rights reserved.
4 *
5 * This software was developed by Robert Watson for the TrustedBSD Project.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
--- 19 unchanged lines hidden (view full) ---
28/*
29 * Developed by the TrustedBSD Project.
30 *
31 * ACL system calls and other functions common across different ACL types.
32 * Type-specific routines go into subr_acl_<type>.c.
33 */
34
35#include <sys/cdefs.h>
36__FBSDID("$FreeBSD: head/sys/kern/vfs_acl.c 241896 2012-10-22 17:50:54Z kib $");
37
38#include <sys/param.h>
39#include <sys/systm.h>
40#include <sys/sysproto.h>
41#include <sys/capability.h>
42#include <sys/fcntl.h>
43#include <sys/kernel.h>
44#include <sys/malloc.h>
--- 277 unchanged lines hidden (view full) ---
322
323/*
324 * Given a file path, get an ACL for it
325 */
326int
327sys___acl_get_file(struct thread *td, struct __acl_get_file_args *uap)
328{
329 struct nameidata nd;
330 int error;
331
332 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td);
333 error = namei(&nd);
334 if (error == 0) {
335 error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp);
336 NDFREE(&nd, 0);
337 }
338 return (error);
339}
340
341/*
342 * Given a file path, get an ACL for it; don't follow links.
343 */
344int
345sys___acl_get_link(struct thread *td, struct __acl_get_link_args *uap)
346{
347 struct nameidata nd;
348 int error;
349
350 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
351 error = namei(&nd);
352 if (error == 0) {
353 error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp);
354 NDFREE(&nd, 0);
355 }
356 return (error);
357}
358
359/*
360 * Given a file path, set an ACL for it.
361 */
362int
363sys___acl_set_file(struct thread *td, struct __acl_set_file_args *uap)
364{
365 struct nameidata nd;
366 int error;
367
368 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td);
369 error = namei(&nd);
370 if (error == 0) {
371 error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp);
372 NDFREE(&nd, 0);
373 }
374 return (error);
375}
376
377/*
378 * Given a file path, set an ACL for it; don't follow links.
379 */
380int
381sys___acl_set_link(struct thread *td, struct __acl_set_link_args *uap)
382{
383 struct nameidata nd;
384 int error;
385
386 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
387 error = namei(&nd);
388 if (error == 0) {
389 error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp);
390 NDFREE(&nd, 0);
391 }
392 return (error);
393}
394
395/*
396 * Given a file descriptor, get an ACL for it.
397 */
398int
399sys___acl_get_fd(struct thread *td, struct __acl_get_fd_args *uap)
400{
401 struct file *fp;
402 int error;
403
404 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_GET, &fp);
405 if (error == 0) {
406 error = vacl_get_acl(td, fp->f_vnode, uap->type, uap->aclp);
407 fdrop(fp, td);
408 }
409 return (error);
410}
411
412/*
413 * Given a file descriptor, set an ACL for it.
414 */
415int
416sys___acl_set_fd(struct thread *td, struct __acl_set_fd_args *uap)
417{
418 struct file *fp;
419 int error;
420
421 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_SET, &fp);
422 if (error == 0) {
423 error = vacl_set_acl(td, fp->f_vnode, uap->type, uap->aclp);
424 fdrop(fp, td);
425 }
426 return (error);
427}
428
429/*
430 * Given a file path, delete an ACL from it.
431 */
432int
433sys___acl_delete_file(struct thread *td, struct __acl_delete_file_args *uap)
434{
435 struct nameidata nd;
436 int error;
437
438 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td);
439 error = namei(&nd);
440 if (error == 0) {
441 error = vacl_delete(td, nd.ni_vp, uap->type);
442 NDFREE(&nd, 0);
443 }
444 return (error);
445}
446
447/*
448 * Given a file path, delete an ACL from it; don't follow links.
449 */
450int
451sys___acl_delete_link(struct thread *td, struct __acl_delete_link_args *uap)
452{
453 struct nameidata nd;
454 int error;
455
456 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
457 error = namei(&nd);
458 if (error == 0) {
459 error = vacl_delete(td, nd.ni_vp, uap->type);
460 NDFREE(&nd, 0);
461 }
462 return (error);
463}
464
465/*
466 * Given a file path, delete an ACL from it.
467 */
468int
469sys___acl_delete_fd(struct thread *td, struct __acl_delete_fd_args *uap)
470{
471 struct file *fp;
472 int error;
473
474 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_DELETE,
475 &fp);
476 if (error == 0) {
477 error = vacl_delete(td, fp->f_vnode, uap->type);
478 fdrop(fp, td);
479 }
480 return (error);
481}
482
483/*
484 * Given a file path, check an ACL for it.
485 */
486int
487sys___acl_aclcheck_file(struct thread *td, struct __acl_aclcheck_file_args *uap)
488{
489 struct nameidata nd;
490 int error;
491
492 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td);
493 error = namei(&nd);
494 if (error == 0) {
495 error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp);
496 NDFREE(&nd, 0);
497 }
498 return (error);
499}
500
501/*
502 * Given a file path, check an ACL for it; don't follow links.
503 */
504int
505sys___acl_aclcheck_link(struct thread *td, struct __acl_aclcheck_link_args *uap)
506{
507 struct nameidata nd;
508 int error;
509
510 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
511 error = namei(&nd);
512 if (error == 0) {
513 error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp);
514 NDFREE(&nd, 0);
515 }
516 return (error);
517}
518
519/*
520 * Given a file descriptor, check an ACL for it.
521 */
522int
523sys___acl_aclcheck_fd(struct thread *td, struct __acl_aclcheck_fd_args *uap)
524{
525 struct file *fp;
526 int error;
527
528 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_CHECK,
529 &fp);
530 if (error == 0) {
531 error = vacl_aclcheck(td, fp->f_vnode, uap->type, uap->aclp);
532 fdrop(fp, td);
533 }
534 return (error);
535}
536
537struct acl *
538acl_alloc(int flags)
539{
540 struct acl *aclp;
--- 13 unchanged lines hidden ---
2 * Copyright (c) 1999-2006 Robert N. M. Watson
3 * All rights reserved.
4 *
5 * This software was developed by Robert Watson for the TrustedBSD Project.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
--- 19 unchanged lines hidden (view full) ---
28/*
29 * Developed by the TrustedBSD Project.
30 *
31 * ACL system calls and other functions common across different ACL types.
32 * Type-specific routines go into subr_acl_<type>.c.
33 */
34
35#include <sys/cdefs.h>
36__FBSDID("$FreeBSD: head/sys/kern/vfs_acl.c 241896 2012-10-22 17:50:54Z kib $");
37
38#include <sys/param.h>
39#include <sys/systm.h>
40#include <sys/sysproto.h>
41#include <sys/capability.h>
42#include <sys/fcntl.h>
43#include <sys/kernel.h>
44#include <sys/malloc.h>
--- 277 unchanged lines hidden (view full) ---
322
323/*
324 * Given a file path, get an ACL for it
325 */
326int
327sys___acl_get_file(struct thread *td, struct __acl_get_file_args *uap)
328{
329 struct nameidata nd;
330 int error;
331
332 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td);
333 error = namei(&nd);
334 if (error == 0) {
335 error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp);
336 NDFREE(&nd, 0);
337 }
338 return (error);
339}
340
341/*
342 * Given a file path, get an ACL for it; don't follow links.
343 */
344int
345sys___acl_get_link(struct thread *td, struct __acl_get_link_args *uap)
346{
347 struct nameidata nd;
348 int error;
349
350 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
351 error = namei(&nd);
352 if (error == 0) {
353 error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp);
354 NDFREE(&nd, 0);
355 }
356 return (error);
357}
358
359/*
360 * Given a file path, set an ACL for it.
361 */
362int
363sys___acl_set_file(struct thread *td, struct __acl_set_file_args *uap)
364{
365 struct nameidata nd;
366 int error;
367
368 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td);
369 error = namei(&nd);
370 if (error == 0) {
371 error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp);
372 NDFREE(&nd, 0);
373 }
374 return (error);
375}
376
377/*
378 * Given a file path, set an ACL for it; don't follow links.
379 */
380int
381sys___acl_set_link(struct thread *td, struct __acl_set_link_args *uap)
382{
383 struct nameidata nd;
384 int error;
385
386 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
387 error = namei(&nd);
388 if (error == 0) {
389 error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp);
390 NDFREE(&nd, 0);
391 }
392 return (error);
393}
394
395/*
396 * Given a file descriptor, get an ACL for it.
397 */
398int
399sys___acl_get_fd(struct thread *td, struct __acl_get_fd_args *uap)
400{
401 struct file *fp;
402 int error;
403
404 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_GET, &fp);
405 if (error == 0) {
406 error = vacl_get_acl(td, fp->f_vnode, uap->type, uap->aclp);
407 fdrop(fp, td);
408 }
409 return (error);
410}
411
412/*
413 * Given a file descriptor, set an ACL for it.
414 */
415int
416sys___acl_set_fd(struct thread *td, struct __acl_set_fd_args *uap)
417{
418 struct file *fp;
419 int error;
420
421 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_SET, &fp);
422 if (error == 0) {
423 error = vacl_set_acl(td, fp->f_vnode, uap->type, uap->aclp);
424 fdrop(fp, td);
425 }
426 return (error);
427}
428
429/*
430 * Given a file path, delete an ACL from it.
431 */
432int
433sys___acl_delete_file(struct thread *td, struct __acl_delete_file_args *uap)
434{
435 struct nameidata nd;
436 int error;
437
438 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td);
439 error = namei(&nd);
440 if (error == 0) {
441 error = vacl_delete(td, nd.ni_vp, uap->type);
442 NDFREE(&nd, 0);
443 }
444 return (error);
445}
446
447/*
448 * Given a file path, delete an ACL from it; don't follow links.
449 */
450int
451sys___acl_delete_link(struct thread *td, struct __acl_delete_link_args *uap)
452{
453 struct nameidata nd;
454 int error;
455
456 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
457 error = namei(&nd);
458 if (error == 0) {
459 error = vacl_delete(td, nd.ni_vp, uap->type);
460 NDFREE(&nd, 0);
461 }
462 return (error);
463}
464
465/*
466 * Given a file path, delete an ACL from it.
467 */
468int
469sys___acl_delete_fd(struct thread *td, struct __acl_delete_fd_args *uap)
470{
471 struct file *fp;
472 int error;
473
474 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_DELETE,
475 &fp);
476 if (error == 0) {
477 error = vacl_delete(td, fp->f_vnode, uap->type);
478 fdrop(fp, td);
479 }
480 return (error);
481}
482
483/*
484 * Given a file path, check an ACL for it.
485 */
486int
487sys___acl_aclcheck_file(struct thread *td, struct __acl_aclcheck_file_args *uap)
488{
489 struct nameidata nd;
490 int error;
491
492 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td);
493 error = namei(&nd);
494 if (error == 0) {
495 error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp);
496 NDFREE(&nd, 0);
497 }
498 return (error);
499}
500
501/*
502 * Given a file path, check an ACL for it; don't follow links.
503 */
504int
505sys___acl_aclcheck_link(struct thread *td, struct __acl_aclcheck_link_args *uap)
506{
507 struct nameidata nd;
508 int error;
509
510 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
511 error = namei(&nd);
512 if (error == 0) {
513 error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp);
514 NDFREE(&nd, 0);
515 }
516 return (error);
517}
518
519/*
520 * Given a file descriptor, check an ACL for it.
521 */
522int
523sys___acl_aclcheck_fd(struct thread *td, struct __acl_aclcheck_fd_args *uap)
524{
525 struct file *fp;
526 int error;
527
528 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_CHECK,
529 &fp);
530 if (error == 0) {
531 error = vacl_aclcheck(td, fp->f_vnode, uap->type, uap->aclp);
532 fdrop(fp, td);
533 }
534 return (error);
535}
536
537struct acl *
538acl_alloc(int flags)
539{
540 struct acl *aclp;
--- 13 unchanged lines hidden ---