1/*- 2 * Copyright (c) 1999-2006 Robert N. M. Watson 3 * All rights reserved. 4 * 5 * This software was developed by Robert Watson for the TrustedBSD Project. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 19 unchanged lines hidden (view full) --- 28/* 29 * Developed by the TrustedBSD Project. 30 * 31 * ACL system calls and other functions common across different ACL types. 32 * Type-specific routines go into subr_acl_<type>.c. 33 */ 34 35#include <sys/cdefs.h> |
36__FBSDID("$FreeBSD: head/sys/kern/vfs_acl.c 241896 2012-10-22 17:50:54Z kib $"); |
37 38#include <sys/param.h> 39#include <sys/systm.h> 40#include <sys/sysproto.h> 41#include <sys/capability.h> 42#include <sys/fcntl.h> 43#include <sys/kernel.h> 44#include <sys/malloc.h> --- 277 unchanged lines hidden (view full) --- 322 323/* 324 * Given a file path, get an ACL for it 325 */ 326int 327sys___acl_get_file(struct thread *td, struct __acl_get_file_args *uap) 328{ 329 struct nameidata nd; |
330 int error; |
331 |
332 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td); |
333 error = namei(&nd); |
334 if (error == 0) { 335 error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp); 336 NDFREE(&nd, 0); 337 } |
338 return (error); 339} 340 341/* 342 * Given a file path, get an ACL for it; don't follow links. 343 */ 344int 345sys___acl_get_link(struct thread *td, struct __acl_get_link_args *uap) 346{ 347 struct nameidata nd; |
348 int error; |
349 |
350 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td); |
351 error = namei(&nd); |
352 if (error == 0) { 353 error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp); 354 NDFREE(&nd, 0); 355 } |
356 return (error); 357} 358 359/* 360 * Given a file path, set an ACL for it. 361 */ 362int 363sys___acl_set_file(struct thread *td, struct __acl_set_file_args *uap) 364{ 365 struct nameidata nd; |
366 int error; |
367 |
368 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td); |
369 error = namei(&nd); |
370 if (error == 0) { 371 error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp); 372 NDFREE(&nd, 0); 373 } |
374 return (error); 375} 376 377/* 378 * Given a file path, set an ACL for it; don't follow links. 379 */ 380int 381sys___acl_set_link(struct thread *td, struct __acl_set_link_args *uap) 382{ 383 struct nameidata nd; |
384 int error; |
385 |
386 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td); |
387 error = namei(&nd); |
388 if (error == 0) { 389 error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp); 390 NDFREE(&nd, 0); 391 } |
392 return (error); 393} 394 395/* 396 * Given a file descriptor, get an ACL for it. 397 */ 398int 399sys___acl_get_fd(struct thread *td, struct __acl_get_fd_args *uap) 400{ 401 struct file *fp; |
402 int error; |
403 404 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_GET, &fp); 405 if (error == 0) { |
406 error = vacl_get_acl(td, fp->f_vnode, uap->type, uap->aclp); 407 fdrop(fp, td); |
408 } 409 return (error); 410} 411 412/* 413 * Given a file descriptor, set an ACL for it. 414 */ 415int 416sys___acl_set_fd(struct thread *td, struct __acl_set_fd_args *uap) 417{ 418 struct file *fp; |
419 int error; |
420 421 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_SET, &fp); 422 if (error == 0) { |
423 error = vacl_set_acl(td, fp->f_vnode, uap->type, uap->aclp); 424 fdrop(fp, td); |
425 } 426 return (error); 427} 428 429/* 430 * Given a file path, delete an ACL from it. 431 */ 432int 433sys___acl_delete_file(struct thread *td, struct __acl_delete_file_args *uap) 434{ 435 struct nameidata nd; |
436 int error; |
437 |
438 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td); |
439 error = namei(&nd); |
440 if (error == 0) { 441 error = vacl_delete(td, nd.ni_vp, uap->type); 442 NDFREE(&nd, 0); 443 } |
444 return (error); 445} 446 447/* 448 * Given a file path, delete an ACL from it; don't follow links. 449 */ 450int 451sys___acl_delete_link(struct thread *td, struct __acl_delete_link_args *uap) 452{ 453 struct nameidata nd; |
454 int error; |
455 |
456 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td); |
457 error = namei(&nd); |
458 if (error == 0) { 459 error = vacl_delete(td, nd.ni_vp, uap->type); 460 NDFREE(&nd, 0); 461 } |
462 return (error); 463} 464 465/* 466 * Given a file path, delete an ACL from it. 467 */ 468int 469sys___acl_delete_fd(struct thread *td, struct __acl_delete_fd_args *uap) 470{ 471 struct file *fp; |
472 int error; |
473 474 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_DELETE, 475 &fp); 476 if (error == 0) { |
477 error = vacl_delete(td, fp->f_vnode, uap->type); 478 fdrop(fp, td); |
479 } 480 return (error); 481} 482 483/* 484 * Given a file path, check an ACL for it. 485 */ 486int 487sys___acl_aclcheck_file(struct thread *td, struct __acl_aclcheck_file_args *uap) 488{ 489 struct nameidata nd; |
490 int error; |
491 |
492 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td); |
493 error = namei(&nd); |
494 if (error == 0) { 495 error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp); 496 NDFREE(&nd, 0); 497 } |
498 return (error); 499} 500 501/* 502 * Given a file path, check an ACL for it; don't follow links. 503 */ 504int 505sys___acl_aclcheck_link(struct thread *td, struct __acl_aclcheck_link_args *uap) 506{ 507 struct nameidata nd; |
508 int error; |
509 |
510 NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td); |
511 error = namei(&nd); |
512 if (error == 0) { 513 error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp); 514 NDFREE(&nd, 0); 515 } |
516 return (error); 517} 518 519/* 520 * Given a file descriptor, check an ACL for it. 521 */ 522int 523sys___acl_aclcheck_fd(struct thread *td, struct __acl_aclcheck_fd_args *uap) 524{ 525 struct file *fp; |
526 int error; |
527 528 error = getvnode(td->td_proc->p_fd, uap->filedes, CAP_ACL_CHECK, 529 &fp); 530 if (error == 0) { |
531 error = vacl_aclcheck(td, fp->f_vnode, uap->type, uap->aclp); 532 fdrop(fp, td); |
533 } 534 return (error); 535} 536 537struct acl * 538acl_alloc(int flags) 539{ 540 struct acl *aclp; --- 13 unchanged lines hidden --- |