1/*-
2 * Copyright (c) 1999-2006 Robert N. M. Watson
3 * All rights reserved.
4 *
5 * This software was developed by Robert Watson for the TrustedBSD Project.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
--- 19 unchanged lines hidden (view full) ---
28/*
29 * Developed by the TrustedBSD Project.
30 *
31 * ACL system calls and other functions common across different ACL types.
32 * Type-specific routines go into subr_acl_<type>.c.
33 */
34
35#include <sys/cdefs.h>
36__FBSDID("$FreeBSD: head/sys/kern/vfs_acl.c 225617 2011-09-16 13:58:51Z kmacy $");
37
38#include <sys/param.h>
39#include <sys/systm.h>
40#include <sys/sysproto.h>
41#include <sys/capability.h>
42#include <sys/fcntl.h>
43#include <sys/kernel.h>
44#include <sys/malloc.h>
--- 277 unchanged lines hidden (view full) ---
322
323/*
324 * Given a file path, get an ACL for it
325 */
326int
327sys___acl_get_file(struct thread *td, struct __acl_get_file_args *uap)
328{
329 struct nameidata nd;
330 int vfslocked, error;
331
332 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td);
333 error = namei(&nd);
334 vfslocked = NDHASGIANT(&nd);
335 if (error == 0) {
336 error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp);
337 NDFREE(&nd, 0);
338 }
339 VFS_UNLOCK_GIANT(vfslocked);
340 return (error);
341}
342
343/*
344 * Given a file path, get an ACL for it; don't follow links.
345 */
346int
347sys___acl_get_link(struct thread *td, struct __acl_get_link_args *uap)
348{
349 struct nameidata nd;
350 int vfslocked, error;
351
352 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td);
353 error = namei(&nd);
354 vfslocked = NDHASGIANT(&nd);
355 if (error == 0) {
356 error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp);
357 NDFREE(&nd, 0);
358 }
359 VFS_UNLOCK_GIANT(vfslocked);
360 return (error);
361}
362
363/*
364 * Given a file path, set an ACL for it.
365 */
366int
367sys___acl_set_file(struct thread *td, struct __acl_set_file_args *uap)
368{
369 struct nameidata nd;
370 int vfslocked, error;
371
372 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td);
373 error = namei(&nd);
374 vfslocked = NDHASGIANT(&nd);
375 if (error == 0) {
376 error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp);
377 NDFREE(&nd, 0);
378 }
379 VFS_UNLOCK_GIANT(vfslocked);
380 return (error);
381}
382
383/*
384 * Given a file path, set an ACL for it; don't follow links.
385 */
386int
387sys___acl_set_link(struct thread *td, struct __acl_set_link_args *uap)
388{
389 struct nameidata nd;
390 int vfslocked, error;
391
392 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td);
393 error = namei(&nd);
394 vfslocked = NDHASGIANT(&nd);
395 if (error == 0) {
396 error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp);
397 NDFREE(&nd, 0);
398 }
399 VFS_UNLOCK_GIANT(vfslocked);
400 return (error);
401}
402
403/*
404 * Given a file descriptor, get an ACL for it.
405 */
406int
407sys___acl_get_fd(struct thread *td, struct __acl_get_fd_args *uap)
408{
409 struct file *fp;
410 int vfslocked, error;
411
412 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_GET, &fp);
413 if (error == 0) {
414 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
415 error = vacl_get_acl(td, fp->f_vnode, uap->type, uap->aclp);
416 fdrop(fp, td);
417 VFS_UNLOCK_GIANT(vfslocked);
418 }
419 return (error);
420}
421
422/*
423 * Given a file descriptor, set an ACL for it.
424 */
425int
426sys___acl_set_fd(struct thread *td, struct __acl_set_fd_args *uap)
427{
428 struct file *fp;
429 int vfslocked, error;
430
431 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_SET, &fp);
432 if (error == 0) {
433 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
434 error = vacl_set_acl(td, fp->f_vnode, uap->type, uap->aclp);
435 fdrop(fp, td);
436 VFS_UNLOCK_GIANT(vfslocked);
437 }
438 return (error);
439}
440
441/*
442 * Given a file path, delete an ACL from it.
443 */
444int
445sys___acl_delete_file(struct thread *td, struct __acl_delete_file_args *uap)
446{
447 struct nameidata nd;
448 int vfslocked, error;
449
450 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td);
451 error = namei(&nd);
452 vfslocked = NDHASGIANT(&nd);
453 if (error == 0) {
454 error = vacl_delete(td, nd.ni_vp, uap->type);
455 NDFREE(&nd, 0);
456 }
457 VFS_UNLOCK_GIANT(vfslocked);
458 return (error);
459}
460
461/*
462 * Given a file path, delete an ACL from it; don't follow links.
463 */
464int
465sys___acl_delete_link(struct thread *td, struct __acl_delete_link_args *uap)
466{
467 struct nameidata nd;
468 int vfslocked, error;
469
470 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td);
471 error = namei(&nd);
472 vfslocked = NDHASGIANT(&nd);
473 if (error == 0) {
474 error = vacl_delete(td, nd.ni_vp, uap->type);
475 NDFREE(&nd, 0);
476 }
477 VFS_UNLOCK_GIANT(vfslocked);
478 return (error);
479}
480
481/*
482 * Given a file path, delete an ACL from it.
483 */
484int
485sys___acl_delete_fd(struct thread *td, struct __acl_delete_fd_args *uap)
486{
487 struct file *fp;
488 int vfslocked, error;
489
490 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_DELETE,
491 &fp);
492 if (error == 0) {
493 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
494 error = vacl_delete(td, fp->f_vnode, uap->type);
495 fdrop(fp, td);
496 VFS_UNLOCK_GIANT(vfslocked);
497 }
498 return (error);
499}
500
501/*
502 * Given a file path, check an ACL for it.
503 */
504int
505sys___acl_aclcheck_file(struct thread *td, struct __acl_aclcheck_file_args *uap)
506{
507 struct nameidata nd;
508 int vfslocked, error;
509
510 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td);
511 error = namei(&nd);
512 vfslocked = NDHASGIANT(&nd);
513 if (error == 0) {
514 error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp);
515 NDFREE(&nd, 0);
516 }
517 VFS_UNLOCK_GIANT(vfslocked);
518 return (error);
519}
520
521/*
522 * Given a file path, check an ACL for it; don't follow links.
523 */
524int
525sys___acl_aclcheck_link(struct thread *td, struct __acl_aclcheck_link_args *uap)
526{
527 struct nameidata nd;
528 int vfslocked, error;
529
530 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td);
531 error = namei(&nd);
532 vfslocked = NDHASGIANT(&nd);
533 if (error == 0) {
534 error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp);
535 NDFREE(&nd, 0);
536 }
537 VFS_UNLOCK_GIANT(vfslocked);
538 return (error);
539}
540
541/*
542 * Given a file descriptor, check an ACL for it.
543 */
544int
545sys___acl_aclcheck_fd(struct thread *td, struct __acl_aclcheck_fd_args *uap)
546{
547 struct file *fp;
548 int vfslocked, error;
549
550 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_CHECK,
551 &fp);
552 if (error == 0) {
553 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
554 error = vacl_aclcheck(td, fp->f_vnode, uap->type, uap->aclp);
555 fdrop(fp, td);
556 VFS_UNLOCK_GIANT(vfslocked);
557 }
558 return (error);
559}
560
561struct acl *
562acl_alloc(int flags)
563{
564 struct acl *aclp;
--- 13 unchanged lines hidden ---
2 * Copyright (c) 1999-2006 Robert N. M. Watson
3 * All rights reserved.
4 *
5 * This software was developed by Robert Watson for the TrustedBSD Project.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
--- 19 unchanged lines hidden (view full) ---
28/*
29 * Developed by the TrustedBSD Project.
30 *
31 * ACL system calls and other functions common across different ACL types.
32 * Type-specific routines go into subr_acl_<type>.c.
33 */
34
35#include <sys/cdefs.h>
36__FBSDID("$FreeBSD: head/sys/kern/vfs_acl.c 225617 2011-09-16 13:58:51Z kmacy $");
37
38#include <sys/param.h>
39#include <sys/systm.h>
40#include <sys/sysproto.h>
41#include <sys/capability.h>
42#include <sys/fcntl.h>
43#include <sys/kernel.h>
44#include <sys/malloc.h>
--- 277 unchanged lines hidden (view full) ---
322
323/*
324 * Given a file path, get an ACL for it
325 */
326int
327sys___acl_get_file(struct thread *td, struct __acl_get_file_args *uap)
328{
329 struct nameidata nd;
330 int vfslocked, error;
331
332 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td);
333 error = namei(&nd);
334 vfslocked = NDHASGIANT(&nd);
335 if (error == 0) {
336 error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp);
337 NDFREE(&nd, 0);
338 }
339 VFS_UNLOCK_GIANT(vfslocked);
340 return (error);
341}
342
343/*
344 * Given a file path, get an ACL for it; don't follow links.
345 */
346int
347sys___acl_get_link(struct thread *td, struct __acl_get_link_args *uap)
348{
349 struct nameidata nd;
350 int vfslocked, error;
351
352 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td);
353 error = namei(&nd);
354 vfslocked = NDHASGIANT(&nd);
355 if (error == 0) {
356 error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp);
357 NDFREE(&nd, 0);
358 }
359 VFS_UNLOCK_GIANT(vfslocked);
360 return (error);
361}
362
363/*
364 * Given a file path, set an ACL for it.
365 */
366int
367sys___acl_set_file(struct thread *td, struct __acl_set_file_args *uap)
368{
369 struct nameidata nd;
370 int vfslocked, error;
371
372 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td);
373 error = namei(&nd);
374 vfslocked = NDHASGIANT(&nd);
375 if (error == 0) {
376 error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp);
377 NDFREE(&nd, 0);
378 }
379 VFS_UNLOCK_GIANT(vfslocked);
380 return (error);
381}
382
383/*
384 * Given a file path, set an ACL for it; don't follow links.
385 */
386int
387sys___acl_set_link(struct thread *td, struct __acl_set_link_args *uap)
388{
389 struct nameidata nd;
390 int vfslocked, error;
391
392 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td);
393 error = namei(&nd);
394 vfslocked = NDHASGIANT(&nd);
395 if (error == 0) {
396 error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp);
397 NDFREE(&nd, 0);
398 }
399 VFS_UNLOCK_GIANT(vfslocked);
400 return (error);
401}
402
403/*
404 * Given a file descriptor, get an ACL for it.
405 */
406int
407sys___acl_get_fd(struct thread *td, struct __acl_get_fd_args *uap)
408{
409 struct file *fp;
410 int vfslocked, error;
411
412 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_GET, &fp);
413 if (error == 0) {
414 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
415 error = vacl_get_acl(td, fp->f_vnode, uap->type, uap->aclp);
416 fdrop(fp, td);
417 VFS_UNLOCK_GIANT(vfslocked);
418 }
419 return (error);
420}
421
422/*
423 * Given a file descriptor, set an ACL for it.
424 */
425int
426sys___acl_set_fd(struct thread *td, struct __acl_set_fd_args *uap)
427{
428 struct file *fp;
429 int vfslocked, error;
430
431 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_SET, &fp);
432 if (error == 0) {
433 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
434 error = vacl_set_acl(td, fp->f_vnode, uap->type, uap->aclp);
435 fdrop(fp, td);
436 VFS_UNLOCK_GIANT(vfslocked);
437 }
438 return (error);
439}
440
441/*
442 * Given a file path, delete an ACL from it.
443 */
444int
445sys___acl_delete_file(struct thread *td, struct __acl_delete_file_args *uap)
446{
447 struct nameidata nd;
448 int vfslocked, error;
449
450 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td);
451 error = namei(&nd);
452 vfslocked = NDHASGIANT(&nd);
453 if (error == 0) {
454 error = vacl_delete(td, nd.ni_vp, uap->type);
455 NDFREE(&nd, 0);
456 }
457 VFS_UNLOCK_GIANT(vfslocked);
458 return (error);
459}
460
461/*
462 * Given a file path, delete an ACL from it; don't follow links.
463 */
464int
465sys___acl_delete_link(struct thread *td, struct __acl_delete_link_args *uap)
466{
467 struct nameidata nd;
468 int vfslocked, error;
469
470 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td);
471 error = namei(&nd);
472 vfslocked = NDHASGIANT(&nd);
473 if (error == 0) {
474 error = vacl_delete(td, nd.ni_vp, uap->type);
475 NDFREE(&nd, 0);
476 }
477 VFS_UNLOCK_GIANT(vfslocked);
478 return (error);
479}
480
481/*
482 * Given a file path, delete an ACL from it.
483 */
484int
485sys___acl_delete_fd(struct thread *td, struct __acl_delete_fd_args *uap)
486{
487 struct file *fp;
488 int vfslocked, error;
489
490 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_DELETE,
491 &fp);
492 if (error == 0) {
493 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
494 error = vacl_delete(td, fp->f_vnode, uap->type);
495 fdrop(fp, td);
496 VFS_UNLOCK_GIANT(vfslocked);
497 }
498 return (error);
499}
500
501/*
502 * Given a file path, check an ACL for it.
503 */
504int
505sys___acl_aclcheck_file(struct thread *td, struct __acl_aclcheck_file_args *uap)
506{
507 struct nameidata nd;
508 int vfslocked, error;
509
510 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td);
511 error = namei(&nd);
512 vfslocked = NDHASGIANT(&nd);
513 if (error == 0) {
514 error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp);
515 NDFREE(&nd, 0);
516 }
517 VFS_UNLOCK_GIANT(vfslocked);
518 return (error);
519}
520
521/*
522 * Given a file path, check an ACL for it; don't follow links.
523 */
524int
525sys___acl_aclcheck_link(struct thread *td, struct __acl_aclcheck_link_args *uap)
526{
527 struct nameidata nd;
528 int vfslocked, error;
529
530 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td);
531 error = namei(&nd);
532 vfslocked = NDHASGIANT(&nd);
533 if (error == 0) {
534 error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp);
535 NDFREE(&nd, 0);
536 }
537 VFS_UNLOCK_GIANT(vfslocked);
538 return (error);
539}
540
541/*
542 * Given a file descriptor, check an ACL for it.
543 */
544int
545sys___acl_aclcheck_fd(struct thread *td, struct __acl_aclcheck_fd_args *uap)
546{
547 struct file *fp;
548 int vfslocked, error;
549
550 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_CHECK,
551 &fp);
552 if (error == 0) {
553 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
554 error = vacl_aclcheck(td, fp->f_vnode, uap->type, uap->aclp);
555 fdrop(fp, td);
556 VFS_UNLOCK_GIANT(vfslocked);
557 }
558 return (error);
559}
560
561struct acl *
562acl_alloc(int flags)
563{
564 struct acl *aclp;
--- 13 unchanged lines hidden ---