2008-04-24 19:35:27 +04:00
|
|
|
/* $NetBSD: vfs_syscalls.c,v 1.349 2008/04/24 15:35:30 ad Exp $ */
|
2008-01-30 14:46:59 +03:00
|
|
|
|
|
|
|
|
/*-
|
|
|
|
|
* Copyright (c) 2008 The NetBSD Foundation, Inc.
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
|
|
|
* must display the following acknowledgement:
|
|
|
|
|
* This product includes software developed by the NetBSD
|
|
|
|
|
* Foundation, Inc. and its contributors.
|
|
|
|
|
* 4. Neither the name of The NetBSD Foundation nor the names of its
|
|
|
|
|
* contributors may be used to endorse or promote products derived
|
|
|
|
|
* from this software without specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
|
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
|
|
|
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
|
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
|
|
|
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
*/
|
1994-06-29 10:29:24 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Copyright (c) 1989, 1993
|
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
|
* (c) UNIX System Laboratories, Inc.
|
|
|
|
|
* All or some portions of this file are derived from material licensed
|
|
|
|
|
* to the University of California by American Telephone and Telegraph
|
|
|
|
|
* Co. or Unix System Laboratories, Inc. and are reproduced herein with
|
|
|
|
|
* the permission of UNIX System Laboratories, Inc.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2003-08-07 20:26:28 +04:00
|
|
|
* 3. Neither the name of the University nor the names of its contributors
|
1994-06-29 10:29:24 +04:00
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
|
* without specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
|
*
|
1998-03-01 05:20:01 +03:00
|
|
|
* @(#)vfs_syscalls.c 8.42 (Berkeley) 7/31/95
|
1994-06-29 10:29:24 +04:00
|
|
|
*/
|
|
|
|
|
|
2001-11-12 18:25:01 +03:00
|
|
|
#include <sys/cdefs.h>
|
2008-04-24 19:35:27 +04:00
|
|
|
__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.349 2008/04/24 15:35:30 ad Exp $");
|
2001-11-12 18:25:01 +03:00
|
|
|
|
1998-07-05 12:49:30 +04:00
|
|
|
#include "opt_compat_netbsd.h"
|
1998-12-10 18:07:01 +03:00
|
|
|
#include "opt_compat_43.h"
|
2006-07-24 20:37:28 +04:00
|
|
|
#include "opt_fileassoc.h"
|
2003-12-10 14:40:11 +03:00
|
|
|
#include "fss.h"
|
2006-07-26 13:33:57 +04:00
|
|
|
#include "veriexec.h"
|
1998-02-10 17:08:44 +03:00
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
#include <sys/param.h>
|
|
|
|
|
#include <sys/systm.h>
|
|
|
|
|
#include <sys/namei.h>
|
|
|
|
|
#include <sys/filedesc.h>
|
|
|
|
|
#include <sys/kernel.h>
|
|
|
|
|
#include <sys/file.h>
|
|
|
|
|
#include <sys/stat.h>
|
|
|
|
|
#include <sys/vnode.h>
|
|
|
|
|
#include <sys/mount.h>
|
|
|
|
|
#include <sys/proc.h>
|
|
|
|
|
#include <sys/uio.h>
|
|
|
|
|
#include <sys/malloc.h>
|
2006-07-14 19:59:29 +04:00
|
|
|
#include <sys/kmem.h>
|
1994-06-29 10:29:24 +04:00
|
|
|
#include <sys/dirent.h>
|
2001-10-29 10:02:30 +03:00
|
|
|
#include <sys/sysctl.h>
|
1994-10-20 07:22:35 +03:00
|
|
|
#include <sys/syscallargs.h>
|
2007-03-10 19:50:01 +03:00
|
|
|
#include <sys/vfs_syscalls.h>
|
2003-09-02 16:31:35 +04:00
|
|
|
#include <sys/ktrace.h>
|
okay, since there was no way to divide this to two commits, here it goes..
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.
this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.
as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.
also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.
tons of input from yamt@, wrstuden@, martin@, and christos@.
2006-07-14 22:41:40 +04:00
|
|
|
#ifdef FILEASSOC
|
|
|
|
|
#include <sys/fileassoc.h>
|
|
|
|
|
#endif /* FILEASSOC */
|
2005-04-20 17:44:45 +04:00
|
|
|
#include <sys/verified_exec.h>
|
2006-05-15 01:15:11 +04:00
|
|
|
#include <sys/kauth.h>
|
2008-03-22 00:54:58 +03:00
|
|
|
#include <sys/atomic.h>
|
1994-10-20 07:22:35 +03:00
|
|
|
|
1999-11-15 21:49:07 +03:00
|
|
|
#include <miscfs/genfs/genfs.h>
|
|
|
|
|
#include <miscfs/syncfs/syncfs.h>
|
2008-01-24 20:32:52 +03:00
|
|
|
#include <miscfs/specfs/specdev.h>
|
1999-11-15 21:49:07 +03:00
|
|
|
|
2005-09-26 01:57:40 +04:00
|
|
|
#ifdef COMPAT_30
|
|
|
|
|
#include "opt_nfsserver.h"
|
|
|
|
|
#include <nfs/rpcv2.h>
|
2006-08-08 17:08:08 +04:00
|
|
|
#endif
|
2005-09-26 01:57:40 +04:00
|
|
|
#include <nfs/nfsproto.h>
|
2006-08-08 17:08:08 +04:00
|
|
|
#ifdef COMPAT_30
|
2005-09-26 01:57:40 +04:00
|
|
|
#include <nfs/nfs.h>
|
|
|
|
|
#include <nfs/nfs_var.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2003-12-10 14:40:11 +03:00
|
|
|
#if NFSS > 0
|
|
|
|
|
#include <dev/fssvar.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2003-02-01 09:23:35 +03:00
|
|
|
MALLOC_DEFINE(M_MOUNT, "mount", "vfs mount struct");
|
|
|
|
|
|
2005-12-11 15:16:03 +03:00
|
|
|
static int change_dir(struct nameidata *, struct lwp *);
|
|
|
|
|
static int change_flags(struct vnode *, u_long, struct lwp *);
|
|
|
|
|
static int change_mode(struct vnode *, int, struct lwp *l);
|
|
|
|
|
static int change_owner(struct vnode *, uid_t, gid_t, struct lwp *, int);
|
1996-02-04 05:17:43 +03:00
|
|
|
|
2004-03-23 16:22:32 +03:00
|
|
|
void checkdirs(struct vnode *);
|
1994-06-29 10:29:24 +04:00
|
|
|
|
2000-02-16 14:57:45 +03:00
|
|
|
int dovfsusermount = 0;
|
|
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/*
|
|
|
|
|
* Virtual File System System Calls
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Mount a file system.
|
|
|
|
|
*/
|
1997-10-06 13:19:11 +04:00
|
|
|
|
2001-06-28 12:04:18 +04:00
|
|
|
#if defined(COMPAT_09) || defined(COMPAT_43)
|
1997-10-06 13:19:11 +04:00
|
|
|
/*
|
|
|
|
|
* This table is used to maintain compatibility with 4.3BSD
|
|
|
|
|
* and NetBSD 0.9 mount syscalls. Note, the order is important!
|
1998-11-13 07:12:35 +03:00
|
|
|
*
|
2001-06-28 12:04:18 +04:00
|
|
|
* Do not modify this table. It should only contain filesystems
|
|
|
|
|
* supported by NetBSD 0.9 and 4.3BSD.
|
1997-10-06 13:19:11 +04:00
|
|
|
*/
|
2001-06-28 12:04:18 +04:00
|
|
|
const char * const mountcompatnames[] = {
|
1997-10-06 13:19:11 +04:00
|
|
|
NULL, /* 0 = MOUNT_NONE */
|
2001-06-28 12:04:18 +04:00
|
|
|
MOUNT_FFS, /* 1 = MOUNT_UFS */
|
1997-10-06 13:19:11 +04:00
|
|
|
MOUNT_NFS, /* 2 */
|
|
|
|
|
MOUNT_MFS, /* 3 */
|
|
|
|
|
MOUNT_MSDOS, /* 4 */
|
2001-06-28 12:04:18 +04:00
|
|
|
MOUNT_CD9660, /* 5 = MOUNT_ISOFS */
|
|
|
|
|
MOUNT_FDESC, /* 6 */
|
|
|
|
|
MOUNT_KERNFS, /* 7 */
|
|
|
|
|
NULL, /* 8 = MOUNT_DEVFS */
|
|
|
|
|
MOUNT_AFS, /* 9 */
|
1997-10-06 13:19:11 +04:00
|
|
|
};
|
1998-03-01 05:20:01 +03:00
|
|
|
const int nmountcompatnames = sizeof(mountcompatnames) /
|
1997-10-06 13:19:11 +04:00
|
|
|
sizeof(mountcompatnames[0]);
|
2001-06-28 12:04:18 +04:00
|
|
|
#endif /* COMPAT_09 || COMPAT_43 */
|
1997-10-06 13:19:11 +04:00
|
|
|
|
2006-12-26 01:03:42 +03:00
|
|
|
static int
|
2006-12-24 15:43:17 +03:00
|
|
|
mount_update(struct lwp *l, struct vnode *vp, const char *path, int flags,
|
2007-08-01 01:14:15 +04:00
|
|
|
void *data, size_t *data_len)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
1998-03-01 05:20:01 +03:00
|
|
|
struct mount *mp;
|
2006-12-24 15:43:17 +03:00
|
|
|
int error = 0, saved_flags;
|
1994-06-29 10:29:24 +04:00
|
|
|
|
2006-12-24 15:43:17 +03:00
|
|
|
mp = vp->v_mount;
|
|
|
|
|
saved_flags = mp->mnt_flag;
|
2005-04-06 17:49:31 +04:00
|
|
|
|
2007-10-11 00:42:20 +04:00
|
|
|
/* We can operate only on VV_ROOT nodes. */
|
|
|
|
|
if ((vp->v_vflag & VV_ROOT) == 0) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2005-04-06 17:49:31 +04:00
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/*
|
2006-12-24 15:43:17 +03:00
|
|
|
* We only allow the filesystem to be reloaded if it
|
|
|
|
|
* is currently mounted read-only.
|
1994-06-29 10:29:24 +04:00
|
|
|
*/
|
2007-10-11 00:42:20 +04:00
|
|
|
if (flags & MNT_RELOAD && !(mp->mnt_flag & MNT_RDONLY)) {
|
|
|
|
|
error = EOPNOTSUPP; /* Needs translation */
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2007-01-02 13:47:28 +03:00
|
|
|
|
|
|
|
|
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
|
|
|
|
|
KAUTH_REQ_SYSTEM_MOUNT_UPDATE, mp, KAUTH_ARG(flags), data);
|
|
|
|
|
if (error)
|
2007-10-11 00:42:20 +04:00
|
|
|
goto out;
|
2007-01-02 13:47:28 +03:00
|
|
|
|
2008-01-30 14:46:59 +03:00
|
|
|
if (vfs_trybusy(mp, RW_WRITER, 0)) {
|
2007-10-11 00:42:20 +04:00
|
|
|
error = EPERM;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2006-12-24 15:43:17 +03:00
|
|
|
|
2006-12-26 15:39:01 +03:00
|
|
|
mp->mnt_flag &= ~MNT_OP_FLAGS;
|
|
|
|
|
mp->mnt_flag |= flags & (MNT_RELOAD | MNT_FORCE | MNT_UPDATE);
|
|
|
|
|
|
2006-12-24 15:43:17 +03:00
|
|
|
/*
|
|
|
|
|
* Set the mount level flags.
|
|
|
|
|
*/
|
|
|
|
|
if (flags & MNT_RDONLY)
|
|
|
|
|
mp->mnt_flag |= MNT_RDONLY;
|
|
|
|
|
else if (mp->mnt_flag & MNT_RDONLY)
|
|
|
|
|
mp->mnt_iflag |= IMNT_WANTRDWR;
|
|
|
|
|
mp->mnt_flag &=
|
|
|
|
|
~(MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
|
|
|
|
|
MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_NOCOREDUMP |
|
|
|
|
|
MNT_NOATIME | MNT_NODEVMTIME | MNT_SYMPERM | MNT_SOFTDEP);
|
|
|
|
|
mp->mnt_flag |= flags &
|
|
|
|
|
(MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
|
|
|
|
|
MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_NOCOREDUMP |
|
|
|
|
|
MNT_NOATIME | MNT_NODEVMTIME | MNT_SYMPERM | MNT_SOFTDEP |
|
|
|
|
|
MNT_IGNORE);
|
|
|
|
|
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VFS_MOUNT(mp, path, data, data_len);
|
2006-12-24 15:43:17 +03:00
|
|
|
|
|
|
|
|
#if defined(COMPAT_30) && defined(NFSSERVER)
|
2007-07-12 23:35:32 +04:00
|
|
|
if (error && data != NULL) {
|
2006-12-24 15:43:17 +03:00
|
|
|
int error2;
|
|
|
|
|
|
|
|
|
|
/* Update failed; let's try and see if it was an
|
|
|
|
|
* export request. */
|
|
|
|
|
error2 = nfs_update_exports_30(mp, path, data, l);
|
|
|
|
|
|
|
|
|
|
/* Only update error code if the export request was
|
|
|
|
|
* understood but some problem occurred while
|
|
|
|
|
* processing it. */
|
|
|
|
|
if (error2 != EJUSTRETURN)
|
|
|
|
|
error = error2;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
if (mp->mnt_iflag & IMNT_WANTRDWR)
|
|
|
|
|
mp->mnt_flag &= ~MNT_RDONLY;
|
|
|
|
|
if (error)
|
|
|
|
|
mp->mnt_flag = saved_flags;
|
2006-12-26 15:39:01 +03:00
|
|
|
mp->mnt_flag &= ~MNT_OP_FLAGS;
|
|
|
|
|
mp->mnt_iflag &= ~IMNT_WANTRDWR;
|
2006-12-24 15:43:17 +03:00
|
|
|
if ((mp->mnt_flag & (MNT_RDONLY | MNT_ASYNC)) == 0) {
|
|
|
|
|
if (mp->mnt_syncer == NULL)
|
|
|
|
|
error = vfs_allocate_syncvnode(mp);
|
1998-11-14 09:38:54 +03:00
|
|
|
} else {
|
2006-12-24 15:43:17 +03:00
|
|
|
if (mp->mnt_syncer != NULL)
|
|
|
|
|
vfs_deallocate_syncvnode(mp);
|
|
|
|
|
}
|
2008-01-30 14:46:59 +03:00
|
|
|
vfs_unbusy(mp, false);
|
2006-12-24 15:43:17 +03:00
|
|
|
|
2007-10-11 00:42:20 +04:00
|
|
|
out:
|
2006-12-24 15:43:17 +03:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
2006-12-26 01:03:42 +03:00
|
|
|
static int
|
2007-07-12 23:35:32 +04:00
|
|
|
mount_get_vfsops(const char *fstype, struct vfsops **vfsops)
|
2006-12-24 15:43:17 +03:00
|
|
|
{
|
2007-07-18 01:15:41 +04:00
|
|
|
char fstypename[sizeof(((struct statvfs *)NULL)->f_fstypename)];
|
2006-12-24 15:43:17 +03:00
|
|
|
int error;
|
|
|
|
|
|
2007-07-12 23:35:32 +04:00
|
|
|
/* Copy file-system type from userspace. */
|
2007-07-18 01:15:41 +04:00
|
|
|
error = copyinstr(fstype, fstypename, sizeof(fstypename), NULL);
|
1996-02-04 05:17:43 +03:00
|
|
|
if (error) {
|
1995-06-18 18:45:14 +04:00
|
|
|
#if defined(COMPAT_09) || defined(COMPAT_43)
|
|
|
|
|
/*
|
2005-08-05 17:22:23 +04:00
|
|
|
* Historically, filesystem types were identified by numbers.
|
1995-06-18 18:45:14 +04:00
|
|
|
* If we get an integer for the filesystem type instead of a
|
|
|
|
|
* string, we check to see if it matches one of the historic
|
|
|
|
|
* filesystem types.
|
2004-03-23 16:22:32 +03:00
|
|
|
*/
|
2006-12-24 15:43:17 +03:00
|
|
|
u_long fsindex = (u_long)fstype;
|
1997-10-06 13:19:11 +04:00
|
|
|
if (fsindex >= nmountcompatnames ||
|
2007-07-12 23:35:32 +04:00
|
|
|
mountcompatnames[fsindex] == NULL)
|
|
|
|
|
return ENODEV;
|
2007-10-24 19:28:55 +04:00
|
|
|
strlcpy(fstypename, mountcompatnames[fsindex],
|
|
|
|
|
sizeof(fstypename));
|
1994-06-29 10:29:24 +04:00
|
|
|
#else
|
2007-07-12 23:35:32 +04:00
|
|
|
return error;
|
1994-06-29 10:29:24 +04:00
|
|
|
#endif
|
|
|
|
|
}
|
2006-12-24 15:43:17 +03:00
|
|
|
|
2006-12-26 01:03:42 +03:00
|
|
|
#ifdef COMPAT_10
|
|
|
|
|
/* Accept `ufs' as an alias for `ffs'. */
|
2007-07-12 23:35:32 +04:00
|
|
|
if (strcmp(fstypename, "ufs") == 0)
|
|
|
|
|
fstypename[0] = 'f';
|
2006-12-26 01:03:42 +03:00
|
|
|
#endif
|
|
|
|
|
|
2007-07-12 23:35:32 +04:00
|
|
|
if ((*vfsops = vfs_getopsbyname(fstypename)) == NULL)
|
|
|
|
|
return ENODEV;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
mount_domount(struct lwp *l, struct vnode **vpp, struct vfsops *vfsops,
|
2007-12-26 19:01:34 +03:00
|
|
|
const char *path, int flags, void *data, size_t *data_len, u_int recurse)
|
2007-07-12 23:35:32 +04:00
|
|
|
{
|
|
|
|
|
struct mount *mp = NULL;
|
|
|
|
|
struct vnode *vp = *vpp;
|
|
|
|
|
struct vattr va;
|
|
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
|
|
|
|
|
KAUTH_REQ_SYSTEM_MOUNT_NEW, vp, KAUTH_ARG(flags), data);
|
|
|
|
|
if (error)
|
|
|
|
|
return error;
|
|
|
|
|
|
|
|
|
|
/* Can't make a non-dir a mount-point (from here anyway). */
|
|
|
|
|
if (vp->v_type != VDIR)
|
|
|
|
|
return ENOTDIR;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If the user is not root, ensure that they own the directory
|
|
|
|
|
* onto which we are attempting to mount.
|
|
|
|
|
*/
|
2007-11-26 22:01:26 +03:00
|
|
|
if ((error = VOP_GETATTR(vp, &va, l->l_cred)) != 0 ||
|
2007-07-12 23:35:32 +04:00
|
|
|
(va.va_uid != kauth_cred_geteuid(l->l_cred) &&
|
|
|
|
|
(error = kauth_authorize_generic(l->l_cred,
|
|
|
|
|
KAUTH_GENERIC_ISSUSER, NULL)) != 0)) {
|
|
|
|
|
return error;
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
2006-12-24 15:43:17 +03:00
|
|
|
|
2007-07-12 23:35:32 +04:00
|
|
|
if (flags & MNT_EXPORTED)
|
|
|
|
|
return EINVAL;
|
|
|
|
|
|
|
|
|
|
if ((error = vinvalbuf(vp, V_SAVE, l->l_cred, l, 0, 0)) != 0)
|
|
|
|
|
return error;
|
|
|
|
|
|
2006-12-24 15:43:17 +03:00
|
|
|
/*
|
|
|
|
|
* Check if a file-system is not already mounted on this vnode.
|
|
|
|
|
*/
|
2007-07-12 23:35:32 +04:00
|
|
|
if (vp->v_mountedhere != NULL)
|
|
|
|
|
return EBUSY;
|
2006-12-24 15:43:17 +03:00
|
|
|
|
2008-01-30 14:46:59 +03:00
|
|
|
mp = kmem_zalloc(sizeof(*mp), KM_SLEEP);
|
|
|
|
|
if (mp == NULL)
|
|
|
|
|
return ENOMEM;
|
2006-12-24 15:43:17 +03:00
|
|
|
|
2007-07-12 23:35:32 +04:00
|
|
|
mp->mnt_op = vfsops;
|
2008-01-30 14:46:59 +03:00
|
|
|
mp->mnt_refcnt = 1;
|
1994-06-29 10:29:24 +04:00
|
|
|
|
2007-01-15 22:13:30 +03:00
|
|
|
TAILQ_INIT(&mp->mnt_vnodelist);
|
2008-01-30 14:46:59 +03:00
|
|
|
rw_init(&mp->mnt_lock);
|
2008-01-28 17:31:15 +03:00
|
|
|
mutex_init(&mp->mnt_renamelock, MUTEX_DEFAULT, IPL_NONE);
|
2008-01-30 14:46:59 +03:00
|
|
|
(void)vfs_busy(mp, RW_WRITER, 0);
|
2006-12-24 15:43:17 +03:00
|
|
|
|
1999-03-02 10:47:49 +03:00
|
|
|
mp->mnt_vnodecovered = vp;
|
2006-07-24 02:06:03 +04:00
|
|
|
mp->mnt_stat.f_owner = kauth_cred_geteuid(l->l_cred);
|
2006-11-17 20:05:18 +03:00
|
|
|
mount_initspecific(mp);
|
2003-10-13 22:02:20 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The underlying file system may refuse the mount for
|
2003-10-15 21:26:38 +04:00
|
|
|
* various reasons. Allow the user to force it to happen.
|
2006-12-26 15:39:01 +03:00
|
|
|
*
|
2006-12-25 11:11:52 +03:00
|
|
|
* Set the mount level flags.
|
|
|
|
|
*/
|
2006-12-26 15:39:01 +03:00
|
|
|
mp->mnt_flag = flags &
|
|
|
|
|
(MNT_FORCE | MNT_NOSUID | MNT_NOEXEC | MNT_NODEV |
|
2006-12-25 11:11:52 +03:00
|
|
|
MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_NOCOREDUMP |
|
|
|
|
|
MNT_NOATIME | MNT_NODEVMTIME | MNT_SYMPERM | MNT_SOFTDEP |
|
2006-12-27 11:55:35 +03:00
|
|
|
MNT_IGNORE | MNT_RDONLY);
|
2006-12-25 11:11:52 +03:00
|
|
|
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VFS_MOUNT(mp, path, data, data_len);
|
2006-12-26 15:39:01 +03:00
|
|
|
mp->mnt_flag &= ~MNT_OP_FLAGS;
|
2006-12-24 15:43:17 +03:00
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/*
|
|
|
|
|
* Put the new filesystem on the mount list after root.
|
|
|
|
|
*/
|
|
|
|
|
cache_purge(vp);
|
2007-07-12 23:35:32 +04:00
|
|
|
if (error != 0) {
|
2006-12-24 15:43:17 +03:00
|
|
|
vp->v_mountedhere = NULL;
|
|
|
|
|
mp->mnt_op->vfs_refcount--;
|
2008-01-30 14:46:59 +03:00
|
|
|
vfs_unbusy(mp, false);
|
2007-10-11 00:42:20 +04:00
|
|
|
vfs_destroy(mp);
|
2007-07-12 23:35:32 +04:00
|
|
|
return error;
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
2006-12-24 15:43:17 +03:00
|
|
|
|
2007-07-12 23:35:32 +04:00
|
|
|
mp->mnt_iflag &= ~IMNT_WANTRDWR;
|
2007-10-11 00:42:20 +04:00
|
|
|
mutex_enter(&mountlist_lock);
|
2008-01-30 14:46:59 +03:00
|
|
|
vp->v_mountedhere = mp;
|
2007-07-12 23:35:32 +04:00
|
|
|
CIRCLEQ_INSERT_TAIL(&mountlist, mp, mnt_list);
|
2007-10-11 00:42:20 +04:00
|
|
|
mutex_exit(&mountlist_lock);
|
2007-12-26 19:01:34 +03:00
|
|
|
vn_restorerecurse(vp, recurse);
|
2007-07-12 23:35:32 +04:00
|
|
|
VOP_UNLOCK(vp, 0);
|
|
|
|
|
checkdirs(vp);
|
|
|
|
|
if ((mp->mnt_flag & (MNT_RDONLY | MNT_ASYNC)) == 0)
|
|
|
|
|
error = vfs_allocate_syncvnode(mp);
|
2008-03-26 01:13:32 +03:00
|
|
|
/* Hold an additional reference to the mount across VFS_START(). */
|
|
|
|
|
vfs_unbusy(mp, true);
|
2007-11-26 22:01:26 +03:00
|
|
|
(void) VFS_STATVFS(mp, &mp->mnt_stat);
|
|
|
|
|
error = VFS_START(mp, 0);
|
2008-01-30 14:46:59 +03:00
|
|
|
if (error) {
|
2007-07-12 23:35:32 +04:00
|
|
|
vrele(vp);
|
2008-01-30 14:46:59 +03:00
|
|
|
vfs_destroy(mp);
|
|
|
|
|
}
|
2008-03-26 01:13:32 +03:00
|
|
|
/* Drop reference held for VFS_START(). */
|
|
|
|
|
vfs_destroy(mp);
|
2007-07-12 23:35:32 +04:00
|
|
|
*vpp = NULL;
|
|
|
|
|
return error;
|
2006-12-24 15:43:17 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
mount_getargs(struct lwp *l, struct vnode *vp, const char *path, int flags,
|
2007-08-01 01:14:15 +04:00
|
|
|
void *data, size_t *data_len)
|
2006-12-24 15:43:17 +03:00
|
|
|
{
|
|
|
|
|
struct mount *mp;
|
|
|
|
|
int error;
|
|
|
|
|
|
2006-12-31 13:05:52 +03:00
|
|
|
/* If MNT_GETARGS is specified, it should be the only flag. */
|
2007-07-12 23:35:32 +04:00
|
|
|
if (flags & ~MNT_GETARGS)
|
|
|
|
|
return EINVAL;
|
2006-12-31 13:05:52 +03:00
|
|
|
|
2006-12-24 15:43:17 +03:00
|
|
|
mp = vp->v_mount;
|
|
|
|
|
|
2007-01-02 13:47:28 +03:00
|
|
|
/* XXX: probably some notion of "can see" here if we want isolation. */
|
|
|
|
|
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
|
|
|
|
|
KAUTH_REQ_SYSTEM_MOUNT_GET, mp, data, NULL);
|
|
|
|
|
if (error)
|
2007-07-12 23:35:32 +04:00
|
|
|
return error;
|
2007-01-02 13:47:28 +03:00
|
|
|
|
2007-10-11 00:42:20 +04:00
|
|
|
if ((vp->v_vflag & VV_ROOT) == 0)
|
2007-07-12 23:35:32 +04:00
|
|
|
return EINVAL;
|
2006-12-24 15:43:17 +03:00
|
|
|
|
2008-01-30 14:46:59 +03:00
|
|
|
if (vfs_trybusy(mp, RW_WRITER, NULL))
|
2007-07-12 23:35:32 +04:00
|
|
|
return EPERM;
|
2006-12-24 15:43:17 +03:00
|
|
|
|
2006-12-26 15:39:01 +03:00
|
|
|
mp->mnt_flag &= ~MNT_OP_FLAGS;
|
|
|
|
|
mp->mnt_flag |= MNT_GETARGS;
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VFS_MOUNT(mp, path, data, data_len);
|
2006-12-26 15:39:01 +03:00
|
|
|
mp->mnt_flag &= ~MNT_OP_FLAGS;
|
2006-12-24 15:43:17 +03:00
|
|
|
|
2008-01-30 14:46:59 +03:00
|
|
|
vfs_unbusy(mp, false);
|
2006-12-24 15:43:17 +03:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
2007-07-14 19:41:30 +04:00
|
|
|
#ifdef COMPAT_40
|
2006-12-24 15:43:17 +03:00
|
|
|
/* ARGSUSED */
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
compat_40_sys_mount(struct lwp *l, const struct compat_40_sys_mount_args *uap, register_t *retval)
|
2006-12-24 15:43:17 +03:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
2006-12-24 15:43:17 +03:00
|
|
|
syscallarg(const char *) type;
|
|
|
|
|
syscallarg(const char *) path;
|
|
|
|
|
syscallarg(int) flags;
|
|
|
|
|
syscallarg(void *) data;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2007-07-12 23:35:32 +04:00
|
|
|
register_t dummy;
|
|
|
|
|
|
|
|
|
|
return do_sys_mount(l, NULL, SCARG(uap, type), SCARG(uap, path),
|
|
|
|
|
SCARG(uap, flags), SCARG(uap, data), UIO_USERSPACE, 0, &dummy);
|
|
|
|
|
}
|
2007-07-14 19:41:30 +04:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys___mount50(struct lwp *l, const struct sys___mount50_args *uap, register_t *retval)
|
2007-07-14 19:41:30 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
2007-07-14 19:41:30 +04:00
|
|
|
syscallarg(const char *) type;
|
|
|
|
|
syscallarg(const char *) path;
|
|
|
|
|
syscallarg(int) flags;
|
|
|
|
|
syscallarg(void *) data;
|
|
|
|
|
syscallarg(size_t) data_len;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2007-07-14 19:41:30 +04:00
|
|
|
|
|
|
|
|
return do_sys_mount(l, NULL, SCARG(uap, type), SCARG(uap, path),
|
|
|
|
|
SCARG(uap, flags), SCARG(uap, data), UIO_USERSPACE,
|
|
|
|
|
SCARG(uap, data_len), retval);
|
|
|
|
|
}
|
2007-07-12 23:35:32 +04:00
|
|
|
|
|
|
|
|
int
|
|
|
|
|
do_sys_mount(struct lwp *l, struct vfsops *vfsops, const char *type,
|
|
|
|
|
const char *path, int flags, void *data, enum uio_seg data_seg,
|
|
|
|
|
size_t data_len, register_t *retval)
|
|
|
|
|
{
|
2006-12-24 15:43:17 +03:00
|
|
|
struct vnode *vp;
|
|
|
|
|
struct nameidata nd;
|
2007-07-12 23:35:32 +04:00
|
|
|
void *data_buf = data;
|
2007-12-26 19:01:34 +03:00
|
|
|
u_int recurse;
|
2006-12-24 15:43:17 +03:00
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get vnode to be covered
|
|
|
|
|
*/
|
2007-12-08 22:29:36 +03:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | TRYEMULROOT, UIO_USERSPACE, path);
|
2006-12-24 15:43:17 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
|
|
|
|
return (error);
|
|
|
|
|
vp = nd.ni_vp;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* A lookup in VFS_MOUNT might result in an attempt to
|
|
|
|
|
* lock this vnode again, so make the lock recursive.
|
|
|
|
|
*/
|
2007-12-26 19:01:34 +03:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
|
|
|
|
|
recurse = vn_setrecurse(vp);
|
2007-07-12 23:35:32 +04:00
|
|
|
|
|
|
|
|
if (vfsops == NULL) {
|
|
|
|
|
if (flags & (MNT_GETARGS | MNT_UPDATE))
|
|
|
|
|
vfsops = vp->v_mount->mnt_op;
|
|
|
|
|
else {
|
|
|
|
|
/* 'type' is userspace */
|
|
|
|
|
error = mount_get_vfsops(type, &vfsops);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
}
|
2006-12-24 15:43:17 +03:00
|
|
|
|
2007-07-12 23:35:32 +04:00
|
|
|
if (data != NULL && data_seg == UIO_USERSPACE) {
|
|
|
|
|
if (data_len == 0) {
|
|
|
|
|
/* No length supplied, use default for filesystem */
|
|
|
|
|
data_len = vfsops->vfs_min_mount_data;
|
|
|
|
|
if (data_len > VFS_MAX_MOUNT_DATA) {
|
|
|
|
|
/* maybe a force loaded old LKM */
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
#ifdef COMPAT_30
|
|
|
|
|
/* Hopefully a longer buffer won't make copyin() fail */
|
|
|
|
|
if (flags & MNT_UPDATE
|
|
|
|
|
&& data_len < sizeof (struct mnt_export_args30))
|
|
|
|
|
data_len = sizeof (struct mnt_export_args30);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
data_buf = malloc(data_len, M_TEMP, M_WAITOK);
|
|
|
|
|
|
|
|
|
|
/* NFS needs the buffer even for mnt_getargs .... */
|
|
|
|
|
error = copyin(data, data_buf, data_len);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (flags & MNT_GETARGS) {
|
|
|
|
|
if (data_len == 0) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
2007-08-01 01:14:15 +04:00
|
|
|
error = mount_getargs(l, vp, path, flags, data_buf, &data_len);
|
2007-07-12 23:35:32 +04:00
|
|
|
if (error != 0)
|
|
|
|
|
goto done;
|
|
|
|
|
if (data_seg == UIO_USERSPACE)
|
|
|
|
|
error = copyout(data_buf, data, data_len);
|
|
|
|
|
*retval = data_len;
|
|
|
|
|
} else if (flags & MNT_UPDATE) {
|
2007-08-01 01:14:15 +04:00
|
|
|
error = mount_update(l, vp, path, flags, data_buf, &data_len);
|
2006-12-24 15:43:17 +03:00
|
|
|
} else {
|
|
|
|
|
/* Locking is handled internally in mount_domount(). */
|
2007-07-12 23:35:32 +04:00
|
|
|
error = mount_domount(l, &vp, vfsops, path, flags, data_buf,
|
2007-12-26 19:01:34 +03:00
|
|
|
&data_len, recurse);
|
2006-12-24 15:43:17 +03:00
|
|
|
}
|
|
|
|
|
|
2007-07-12 23:35:32 +04:00
|
|
|
done:
|
2007-12-26 19:01:34 +03:00
|
|
|
if (vp != NULL) {
|
|
|
|
|
vn_restorerecurse(vp, recurse);
|
|
|
|
|
vput(vp);
|
|
|
|
|
}
|
2007-07-12 23:35:32 +04:00
|
|
|
if (data_buf != data)
|
|
|
|
|
free(data_buf, M_TEMP);
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
1994-12-14 19:30:40 +03:00
|
|
|
/*
|
|
|
|
|
* Scan all active processes to see if any of them have a current
|
|
|
|
|
* or root directory onto which the new filesystem has just been
|
|
|
|
|
* mounted. If so, replace them with the new mount point.
|
|
|
|
|
*/
|
1996-02-04 05:17:43 +03:00
|
|
|
void
|
2005-06-06 03:47:48 +04:00
|
|
|
checkdirs(struct vnode *olddp)
|
1994-12-14 19:30:40 +03:00
|
|
|
{
|
1999-04-30 22:42:58 +04:00
|
|
|
struct cwdinfo *cwdi;
|
1994-12-14 19:30:40 +03:00
|
|
|
struct vnode *newdp;
|
|
|
|
|
struct proc *p;
|
|
|
|
|
|
|
|
|
|
if (olddp->v_usecount == 1)
|
|
|
|
|
return;
|
2003-06-29 22:43:21 +04:00
|
|
|
if (VFS_ROOT(olddp->v_mountedhere, &newdp))
|
1994-12-14 19:30:40 +03:00
|
|
|
panic("mount: lost mount");
|
2008-04-24 19:35:27 +04:00
|
|
|
mutex_enter(proc_lock);
|
|
|
|
|
/* XXXAD Should not be acquiring these locks with proc_lock held!! */
|
2004-10-01 20:30:52 +04:00
|
|
|
PROCLIST_FOREACH(p, &allproc) {
|
1999-04-30 22:42:58 +04:00
|
|
|
cwdi = p->p_cwdi;
|
2005-01-25 00:27:02 +03:00
|
|
|
if (!cwdi)
|
|
|
|
|
continue;
|
2007-10-08 19:12:05 +04:00
|
|
|
rw_enter(&cwdi->cwdi_lock, RW_WRITER);
|
1999-04-30 22:42:58 +04:00
|
|
|
if (cwdi->cwdi_cdir == olddp) {
|
|
|
|
|
vrele(cwdi->cwdi_cdir);
|
1994-12-14 19:30:40 +03:00
|
|
|
VREF(newdp);
|
1999-04-30 22:42:58 +04:00
|
|
|
cwdi->cwdi_cdir = newdp;
|
1994-12-14 19:30:40 +03:00
|
|
|
}
|
1999-04-30 22:42:58 +04:00
|
|
|
if (cwdi->cwdi_rdir == olddp) {
|
|
|
|
|
vrele(cwdi->cwdi_rdir);
|
1994-12-14 19:30:40 +03:00
|
|
|
VREF(newdp);
|
1999-04-30 22:42:58 +04:00
|
|
|
cwdi->cwdi_rdir = newdp;
|
1994-12-14 19:30:40 +03:00
|
|
|
}
|
2007-10-08 19:12:05 +04:00
|
|
|
rw_exit(&cwdi->cwdi_lock);
|
1994-12-14 19:30:40 +03:00
|
|
|
}
|
2008-04-24 19:35:27 +04:00
|
|
|
mutex_exit(proc_lock);
|
1994-12-14 19:30:40 +03:00
|
|
|
if (rootvnode == olddp) {
|
|
|
|
|
vrele(rootvnode);
|
|
|
|
|
VREF(newdp);
|
|
|
|
|
rootvnode = newdp;
|
|
|
|
|
}
|
|
|
|
|
vput(newdp);
|
|
|
|
|
}
|
|
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/*
|
|
|
|
|
* Unmount a file system.
|
|
|
|
|
*
|
|
|
|
|
* Note: unmount takes a path to the vnode mounted on as argument,
|
|
|
|
|
* not special file (as before).
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_unmount(struct lwp *l, const struct sys_unmount_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(int) flags;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2000-03-30 13:27:11 +04:00
|
|
|
struct vnode *vp;
|
1994-06-29 10:29:24 +04:00
|
|
|
struct mount *mp;
|
|
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-04-22 12:29:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
vp = nd.ni_vp;
|
1994-12-14 19:30:40 +03:00
|
|
|
mp = vp->v_mount;
|
2008-01-30 14:46:59 +03:00
|
|
|
VOP_UNLOCK(vp, 0);
|
1994-06-29 10:29:24 +04:00
|
|
|
|
2007-01-05 16:34:17 +03:00
|
|
|
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
|
|
|
|
|
KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT, mp, NULL, NULL);
|
|
|
|
|
if (error) {
|
2008-01-30 14:46:59 +03:00
|
|
|
vrele(vp);
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
1995-01-18 09:14:43 +03:00
|
|
|
/*
|
|
|
|
|
* Don't allow unmounting the root file system.
|
|
|
|
|
*/
|
|
|
|
|
if (mp->mnt_flag & MNT_ROOTFS) {
|
2008-01-30 14:46:59 +03:00
|
|
|
vrele(vp);
|
1995-01-18 09:14:43 +03:00
|
|
|
return (EINVAL);
|
|
|
|
|
}
|
|
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/*
|
|
|
|
|
* Must be the root of the filesystem
|
|
|
|
|
*/
|
2007-10-11 00:42:20 +04:00
|
|
|
if ((vp->v_vflag & VV_ROOT) == 0) {
|
2008-01-30 14:46:59 +03:00
|
|
|
vrele(vp);
|
1994-06-29 10:29:24 +04:00
|
|
|
return (EINVAL);
|
|
|
|
|
}
|
1997-02-22 06:22:32 +03:00
|
|
|
|
2001-04-17 02:41:09 +04:00
|
|
|
/*
|
|
|
|
|
* XXX Freeze syncer. Must do this before locking the
|
|
|
|
|
* mount point. See dounmount() for details.
|
|
|
|
|
*/
|
2007-02-10 00:55:00 +03:00
|
|
|
mutex_enter(&syncer_mutex);
|
2008-01-30 14:46:59 +03:00
|
|
|
error = vfs_busy(mp, RW_WRITER, NULL);
|
|
|
|
|
vrele(vp);
|
|
|
|
|
if (error != 0) {
|
2007-02-10 00:55:00 +03:00
|
|
|
mutex_exit(&syncer_mutex);
|
2008-01-30 14:46:59 +03:00
|
|
|
return (error);
|
2001-04-17 02:41:09 +04:00
|
|
|
}
|
1997-02-22 06:22:32 +03:00
|
|
|
|
2005-12-11 15:16:03 +03:00
|
|
|
return (dounmount(mp, SCARG(uap, flags), l));
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
1997-02-22 06:22:32 +03:00
|
|
|
* Do the actual file system unmount. File system is assumed to have been
|
|
|
|
|
* marked busy by the caller.
|
1994-06-29 10:29:24 +04:00
|
|
|
*/
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2005-12-11 15:16:03 +03:00
|
|
|
dounmount(struct mount *mp, int flags, struct lwp *l)
|
1994-06-29 10:29:24 +04:00
|
|
|
{
|
|
|
|
|
struct vnode *coveredvp;
|
|
|
|
|
int error;
|
1999-07-04 10:16:29 +04:00
|
|
|
int async;
|
2000-09-20 02:01:41 +04:00
|
|
|
int used_syncer;
|
1994-06-29 10:29:24 +04:00
|
|
|
|
2008-01-30 14:46:59 +03:00
|
|
|
KASSERT(rw_write_held(&mp->mnt_lock));
|
|
|
|
|
|
2006-07-22 14:34:26 +04:00
|
|
|
#if NVERIEXEC > 0
|
Massive restructuring and cleanup of Veriexec, mainly in preparation
for work on some future functionality.
- Veriexec data-structures are no longer exposed.
- Thanks to using proplib for data passing now, the interface
changes further to accomodate that.
Introduce four new functions. First, veriexec_file_add(), to add
a new file to be monitored by Veriexec, to replace both
veriexec_load() and veriexec_hashadd(). veriexec_table_add(), to
replace veriexec_newtable(), will be used to optimize hash table
size (during preload), and finally, veriexec_convert(), to convert
an internal entry to one userland can read.
- Introduce veriexec_unmountchk(), to enforce Veriexec unmount
policy. This cleans up a bit of code in kern/vfs_syscalls.c.
- Rename veriexec_tblfind() with veriexec_table_lookup(), and make
it static. More functions that became static: veriexec_fp_cmp(),
veriexec_fp_calc().
- veriexec_verify() no longer returns the entry as well, but just
sets a boolean indicating whether an entry was found or not.
- veriexec_purge() now takes a struct vnode *.
- veriexec_add_fp_name() was merged into veriexec_add_fp_ops(), that
changed its name to veriexec_fpops_add(). veriexec_find_ops() was
also renamed to veriexec_fpops_lookup().
Also on the fp-ops front, the three function types used to initialize,
update, and finalize a hash context were renamed to
veriexec_fpop_init_t, veriexec_fpop_update_t, and veriexec_fpop_final_t
respectively.
- Introduce a new malloc(9) type, M_VERIEXEC, and use it instead of
M_TEMP, so we can tell exactly how much memory is used by Veriexec.
- And, most importantly, whitespace and indentation nits.
Built successfuly for amd64, i386, sparc, and sparc64. Tested on amd64.
2006-11-30 04:09:47 +03:00
|
|
|
error = veriexec_unmountchk(mp);
|
|
|
|
|
if (error)
|
|
|
|
|
return (error);
|
2006-07-22 14:34:26 +04:00
|
|
|
#endif /* NVERIEXEC > 0 */
|
okay, since there was no way to divide this to two commits, here it goes..
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.
this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.
as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.
also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.
tons of input from yamt@, wrstuden@, martin@, and christos@.
2006-07-14 22:41:40 +04:00
|
|
|
|
2000-09-20 02:01:41 +04:00
|
|
|
used_syncer = (mp->mnt_syncer != NULL);
|
|
|
|
|
|
1999-11-15 21:49:07 +03:00
|
|
|
/*
|
2001-04-17 02:41:09 +04:00
|
|
|
* XXX Syncer must be frozen when we get here. This should really
|
|
|
|
|
* be done on a per-mountpoint basis, but especially the softdep
|
2005-08-05 17:22:23 +04:00
|
|
|
* code possibly called from the syncer doesn't exactly work on a
|
2001-04-17 02:41:09 +04:00
|
|
|
* per-mountpoint basis, so the softdep code would become a maze
|
|
|
|
|
* of vfs_busy() calls.
|
|
|
|
|
*
|
2007-02-10 00:55:00 +03:00
|
|
|
* The caller of dounmount() must acquire syncer_mutex because
|
|
|
|
|
* the syncer itself acquires locks in syncer_mutex -> vfs_busy
|
2001-04-17 02:41:09 +04:00
|
|
|
* order, and we must preserve that order to avoid deadlock.
|
|
|
|
|
*
|
|
|
|
|
* So, if the file system did not use the syncer, now is
|
2007-02-10 00:55:00 +03:00
|
|
|
* the time to release the syncer_mutex.
|
1999-11-15 21:49:07 +03:00
|
|
|
*/
|
2001-04-17 02:41:09 +04:00
|
|
|
if (used_syncer == 0)
|
2007-02-10 00:55:00 +03:00
|
|
|
mutex_exit(&syncer_mutex);
|
1999-11-15 21:49:07 +03:00
|
|
|
|
2003-10-14 18:02:56 +04:00
|
|
|
mp->mnt_iflag |= IMNT_UNMOUNT;
|
1999-07-04 10:17:52 +04:00
|
|
|
async = mp->mnt_flag & MNT_ASYNC;
|
2000-03-03 08:21:03 +03:00
|
|
|
mp->mnt_flag &= ~MNT_ASYNC;
|
1994-06-29 10:29:24 +04:00
|
|
|
cache_purgevfs(mp); /* remove cache entries for this file sys */
|
2000-07-09 04:59:03 +04:00
|
|
|
if (mp->mnt_syncer != NULL)
|
|
|
|
|
vfs_deallocate_syncvnode(mp);
|
2004-05-25 18:54:55 +04:00
|
|
|
error = 0;
|
|
|
|
|
if ((mp->mnt_flag & MNT_RDONLY) == 0) {
|
2003-12-10 14:40:11 +03:00
|
|
|
#if NFSS > 0
|
2004-05-25 18:54:55 +04:00
|
|
|
error = fss_umount_hook(mp, (flags & MNT_FORCE));
|
2003-12-10 14:40:11 +03:00
|
|
|
#endif
|
2004-05-25 18:54:55 +04:00
|
|
|
if (error == 0)
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VFS_SYNC(mp, MNT_WAIT, l->l_cred);
|
2004-05-25 18:54:55 +04:00
|
|
|
}
|
2008-01-24 20:32:52 +03:00
|
|
|
vfs_scrubvnlist(mp);
|
2004-05-25 18:54:55 +04:00
|
|
|
if (error == 0 || (flags & MNT_FORCE))
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VFS_UNMOUNT(mp, flags);
|
1994-06-29 10:29:24 +04:00
|
|
|
if (error) {
|
2000-03-03 08:21:03 +03:00
|
|
|
if ((mp->mnt_flag & (MNT_RDONLY | MNT_ASYNC)) == 0)
|
1999-11-15 21:49:07 +03:00
|
|
|
(void) vfs_allocate_syncvnode(mp);
|
2003-10-14 18:02:56 +04:00
|
|
|
mp->mnt_iflag &= ~IMNT_UNMOUNT;
|
1999-07-04 10:16:29 +04:00
|
|
|
mp->mnt_flag |= async;
|
2000-09-20 02:01:41 +04:00
|
|
|
if (used_syncer)
|
2007-02-10 00:55:00 +03:00
|
|
|
mutex_exit(&syncer_mutex);
|
2008-01-30 14:46:59 +03:00
|
|
|
vfs_unbusy(mp, false);
|
1999-07-04 20:20:12 +04:00
|
|
|
return (error);
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
2008-01-02 14:48:20 +03:00
|
|
|
vfs_scrubvnlist(mp);
|
2007-10-11 00:42:20 +04:00
|
|
|
mutex_enter(&mountlist_lock);
|
1998-03-01 05:20:01 +03:00
|
|
|
CIRCLEQ_REMOVE(&mountlist, mp, mnt_list);
|
2007-01-19 17:49:08 +03:00
|
|
|
if ((coveredvp = mp->mnt_vnodecovered) != NULLVP)
|
1998-03-01 05:20:01 +03:00
|
|
|
coveredvp->v_mountedhere = NULL;
|
2008-01-30 14:46:59 +03:00
|
|
|
mutex_exit(&mountlist_lock);
|
2006-10-20 22:58:12 +04:00
|
|
|
if (TAILQ_FIRST(&mp->mnt_vnodelist) != NULL)
|
1998-03-01 05:20:01 +03:00
|
|
|
panic("unmount: dangling vnode");
|
2003-10-14 18:02:56 +04:00
|
|
|
mp->mnt_iflag |= IMNT_GONE;
|
2000-09-20 02:01:41 +04:00
|
|
|
if (used_syncer)
|
2007-02-10 00:55:00 +03:00
|
|
|
mutex_exit(&syncer_mutex);
|
Apply the NFS exports list rototill patch:
- Remove all NFS related stuff from file system specific code.
- Drop the vfs_checkexp hook and generalize it in the new nfs_check_export
function, thus removing redundancy from all file systems.
- Move all NFS export-related stuff from kern/vfs_subr.c to the new
file sys/nfs/nfs_export.c. The former was becoming large and its code
is always compiled, regardless of the build options. Using the latter,
the code is only compiled in when NFSSERVER is enabled. While doing this,
also make some functions in nfs_subs.c conditional to NFSSERVER.
- Add a new command in nfssvc(2), called NFSSVC_SETEXPORTSLIST, that takes a
path and a set of export entries. At the moment it can only clear the
exports list or append entries, one by one, but it is done in a way that
allows setting the whole set of entries atomically in the future (see the
comment in mountd_set_exports_list or in doc/TODO).
- Change mountd(8) to use the nfssvc(2) system call instead of mount(2) so
that it becomes file system agnostic. In fact, all this whole thing was
done to remove a 'XXX' block from this utility!
- Change the mount*, newfs and fsck* userland utilities to not deal with NFS
exports initialization; done internally by the kernel when initializing
the NFS support for each file system.
- Implement an interface for VFS (called VFS hooks) so that several kernel
subsystems can run arbitrary code upon receipt of specific VFS events.
At the moment, this only provides support for unmount and is used to
destroy NFS exports lists from the file systems being unmounted, though it
has room for extension.
Thanks go to yamt@, chs@, thorpej@, wrstuden@ and others for their comments
and advice in the development of this patch.
2005-09-23 16:10:31 +04:00
|
|
|
vfs_hooks_unmount(mp);
|
2008-01-30 14:46:59 +03:00
|
|
|
vfs_unbusy(mp, false);
|
2007-10-11 00:42:20 +04:00
|
|
|
vfs_destroy(mp);
|
2008-01-30 14:46:59 +03:00
|
|
|
if (coveredvp != NULLVP)
|
|
|
|
|
vrele(coveredvp);
|
1998-03-01 05:20:01 +03:00
|
|
|
return (0);
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Sync each mounted filesystem.
|
|
|
|
|
*/
|
|
|
|
|
#ifdef DEBUG
|
|
|
|
|
int syncprt = 0;
|
|
|
|
|
struct ctldebug debug0 = { "syncprt", &syncprt };
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_sync(struct lwp *l, const void *v, register_t *retval)
|
1994-06-29 10:29:24 +04:00
|
|
|
{
|
2000-03-30 13:27:11 +04:00
|
|
|
struct mount *mp, *nmp;
|
1994-06-29 10:29:24 +04:00
|
|
|
int asyncflag;
|
2006-07-24 02:06:03 +04:00
|
|
|
|
|
|
|
|
if (l == NULL)
|
|
|
|
|
l = &lwp0;
|
1994-06-29 10:29:24 +04:00
|
|
|
|
2007-10-11 00:42:20 +04:00
|
|
|
mutex_enter(&mountlist_lock);
|
1997-02-20 07:52:44 +03:00
|
|
|
for (mp = mountlist.cqh_last; mp != (void *)&mountlist; mp = nmp) {
|
2008-01-30 14:46:59 +03:00
|
|
|
if (vfs_trybusy(mp, RW_READER, &mountlist_lock)) {
|
1998-03-01 05:20:01 +03:00
|
|
|
nmp = mp->mnt_list.cqe_prev;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2007-04-01 14:15:01 +04:00
|
|
|
if ((mp->mnt_flag & MNT_RDONLY) == 0) {
|
1994-06-29 10:29:24 +04:00
|
|
|
asyncflag = mp->mnt_flag & MNT_ASYNC;
|
|
|
|
|
mp->mnt_flag &= ~MNT_ASYNC;
|
2007-11-26 22:01:26 +03:00
|
|
|
VFS_SYNC(mp, MNT_NOWAIT, l->l_cred);
|
1994-06-29 10:29:24 +04:00
|
|
|
if (asyncflag)
|
1998-03-01 05:20:01 +03:00
|
|
|
mp->mnt_flag |= MNT_ASYNC;
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
2007-10-11 00:42:20 +04:00
|
|
|
mutex_enter(&mountlist_lock);
|
1998-03-01 05:20:01 +03:00
|
|
|
nmp = mp->mnt_list.cqe_prev;
|
2008-01-30 14:46:59 +03:00
|
|
|
vfs_unbusy(mp, false);
|
2004-03-23 16:22:32 +03:00
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
2007-10-11 00:42:20 +04:00
|
|
|
mutex_exit(&mountlist_lock);
|
1994-06-29 10:29:24 +04:00
|
|
|
#ifdef DEBUG
|
|
|
|
|
if (syncprt)
|
|
|
|
|
vfs_bufstats();
|
|
|
|
|
#endif /* DEBUG */
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Change filesystem quotas.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_quotactl(struct lwp *l, const struct sys_quotactl_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(int) cmd;
|
|
|
|
|
syscallarg(int) uid;
|
2006-10-17 19:06:18 +04:00
|
|
|
syscallarg(void *) arg;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2000-03-30 13:27:11 +04:00
|
|
|
struct mount *mp;
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-08-28 13:28:10 +04:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
2007-04-01 14:15:01 +04:00
|
|
|
mp = nd.ni_vp->v_mount;
|
2003-10-15 15:28:59 +04:00
|
|
|
error = VFS_QUOTACTL(mp, SCARG(uap, cmd), SCARG(uap, uid),
|
2007-11-26 22:01:26 +03:00
|
|
|
SCARG(uap, arg));
|
2007-08-28 13:28:10 +04:00
|
|
|
vrele(nd.ni_vp);
|
2003-10-15 15:28:59 +04:00
|
|
|
return (error);
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
|
|
|
|
|
2004-04-21 05:05:31 +04:00
|
|
|
int
|
2005-12-11 15:16:03 +03:00
|
|
|
dostatvfs(struct mount *mp, struct statvfs *sp, struct lwp *l, int flags,
|
2003-04-17 01:44:18 +04:00
|
|
|
int root)
|
|
|
|
|
{
|
2005-12-11 15:16:03 +03:00
|
|
|
struct cwdinfo *cwdi = l->l_proc->p_cwdi;
|
2003-04-17 01:44:18 +04:00
|
|
|
int error = 0;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If MNT_NOWAIT or MNT_LAZY is specified, do not
|
2004-02-25 07:10:28 +03:00
|
|
|
* refresh the fsstat cache. MNT_WAIT or MNT_LAZY
|
2003-04-17 01:44:18 +04:00
|
|
|
* overrides MNT_NOWAIT.
|
|
|
|
|
*/
|
|
|
|
|
if (flags == MNT_NOWAIT || flags == MNT_LAZY ||
|
|
|
|
|
(flags != MNT_WAIT && flags != 0)) {
|
|
|
|
|
memcpy(sp, &mp->mnt_stat, sizeof(*sp));
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
2004-03-23 16:22:32 +03:00
|
|
|
|
2004-09-14 00:02:20 +04:00
|
|
|
/* Get the filesystem stats now */
|
|
|
|
|
memset(sp, 0, sizeof(*sp));
|
2007-11-26 22:01:26 +03:00
|
|
|
if ((error = VFS_STATVFS(mp, sp)) != 0) {
|
2003-04-17 01:44:18 +04:00
|
|
|
return error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (cwdi->cwdi_rdir == NULL)
|
|
|
|
|
(void)memcpy(&mp->mnt_stat, sp, sizeof(mp->mnt_stat));
|
|
|
|
|
done:
|
|
|
|
|
if (cwdi->cwdi_rdir != NULL) {
|
|
|
|
|
size_t len;
|
|
|
|
|
char *bp;
|
2006-02-04 15:09:50 +03:00
|
|
|
char *path = PNBUF_GET();
|
2003-04-17 01:44:18 +04:00
|
|
|
|
|
|
|
|
bp = path + MAXPATHLEN;
|
|
|
|
|
*--bp = '\0';
|
2007-10-08 19:12:05 +04:00
|
|
|
rw_enter(&cwdi->cwdi_lock, RW_READER);
|
2003-04-17 01:44:18 +04:00
|
|
|
error = getcwd_common(cwdi->cwdi_rdir, rootvnode, &bp, path,
|
2005-12-11 15:16:03 +03:00
|
|
|
MAXPATHLEN / 2, 0, l);
|
2007-10-08 19:12:05 +04:00
|
|
|
rw_exit(&cwdi->cwdi_lock);
|
2003-04-17 01:44:18 +04:00
|
|
|
if (error) {
|
2006-02-04 15:09:50 +03:00
|
|
|
PNBUF_PUT(path);
|
2003-04-17 01:44:18 +04:00
|
|
|
return error;
|
|
|
|
|
}
|
|
|
|
|
len = strlen(bp);
|
|
|
|
|
/*
|
|
|
|
|
* for mount points that are below our root, we can see
|
|
|
|
|
* them, so we fix up the pathname and return them. The
|
|
|
|
|
* rest we cannot see, so we don't allow viewing the
|
|
|
|
|
* data.
|
|
|
|
|
*/
|
|
|
|
|
if (strncmp(bp, sp->f_mntonname, len) == 0) {
|
2003-05-16 18:25:02 +04:00
|
|
|
strlcpy(sp->f_mntonname, &sp->f_mntonname[len],
|
|
|
|
|
sizeof(sp->f_mntonname));
|
2003-04-17 01:44:18 +04:00
|
|
|
if (sp->f_mntonname[0] == '\0')
|
2003-05-16 18:25:02 +04:00
|
|
|
(void)strlcpy(sp->f_mntonname, "/",
|
|
|
|
|
sizeof(sp->f_mntonname));
|
2003-04-17 01:44:18 +04:00
|
|
|
} else {
|
|
|
|
|
if (root)
|
2003-05-16 18:25:02 +04:00
|
|
|
(void)strlcpy(sp->f_mntonname, "/",
|
|
|
|
|
sizeof(sp->f_mntonname));
|
2003-04-17 01:44:18 +04:00
|
|
|
else
|
|
|
|
|
error = EPERM;
|
|
|
|
|
}
|
2006-02-04 15:09:50 +03:00
|
|
|
PNBUF_PUT(path);
|
2003-04-17 01:44:18 +04:00
|
|
|
}
|
2004-04-21 05:05:31 +04:00
|
|
|
sp->f_flag = mp->mnt_flag & MNT_VISFLAGMASK;
|
2003-04-17 01:44:18 +04:00
|
|
|
return error;
|
|
|
|
|
}
|
|
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/*
|
2007-04-30 12:32:14 +04:00
|
|
|
* Get filesystem statistics by path.
|
1994-06-29 10:29:24 +04:00
|
|
|
*/
|
2007-04-30 12:32:14 +04:00
|
|
|
int
|
|
|
|
|
do_sys_pstatvfs(struct lwp *l, const char *path, int flags, struct statvfs *sb)
|
|
|
|
|
{
|
|
|
|
|
struct mount *mp;
|
|
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-12-08 22:29:36 +03:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | TRYEMULROOT, UIO_USERSPACE, path);
|
2007-04-30 12:32:14 +04:00
|
|
|
if ((error = namei(&nd)) != 0)
|
|
|
|
|
return error;
|
|
|
|
|
mp = nd.ni_vp->v_mount;
|
|
|
|
|
error = dostatvfs(mp, sb, l, flags, 1);
|
|
|
|
|
vrele(nd.ni_vp);
|
|
|
|
|
return error;
|
|
|
|
|
}
|
|
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_statvfs1(struct lwp *l, const struct sys_statvfs1_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
2004-04-21 05:05:31 +04:00
|
|
|
syscallarg(struct statvfs *) buf;
|
|
|
|
|
syscallarg(int) flags;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2006-05-10 15:02:29 +04:00
|
|
|
struct statvfs *sb;
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
|
|
|
|
|
2006-05-10 15:02:29 +04:00
|
|
|
sb = STATVFSBUF_GET();
|
2007-04-30 12:32:14 +04:00
|
|
|
error = do_sys_pstatvfs(l, SCARG(uap, path), SCARG(uap, flags), sb);
|
|
|
|
|
if (error == 0)
|
2006-05-10 15:02:29 +04:00
|
|
|
error = copyout(sb, SCARG(uap, buf), sizeof(*sb));
|
|
|
|
|
STATVFSBUF_PUT(sb);
|
|
|
|
|
return error;
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2007-04-30 12:32:14 +04:00
|
|
|
* Get filesystem statistics by fd.
|
1994-06-29 10:29:24 +04:00
|
|
|
*/
|
2007-04-30 12:32:14 +04:00
|
|
|
int
|
|
|
|
|
do_sys_fstatvfs(struct lwp *l, int fd, int flags, struct statvfs *sb)
|
|
|
|
|
{
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
2007-04-30 12:32:14 +04:00
|
|
|
struct mount *mp;
|
|
|
|
|
int error;
|
|
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
/* fd_getvnode() will use the descriptor for us */
|
|
|
|
|
if ((error = fd_getvnode(fd, &fp)) != 0)
|
2007-04-30 12:32:14 +04:00
|
|
|
return (error);
|
|
|
|
|
mp = ((struct vnode *)fp->f_data)->v_mount;
|
2008-03-22 00:54:58 +03:00
|
|
|
error = dostatvfs(mp, sb, curlwp, flags, 1);
|
|
|
|
|
fd_putfile(fd);
|
2007-04-30 12:32:14 +04:00
|
|
|
return error;
|
|
|
|
|
}
|
|
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_fstatvfs1(struct lwp *l, const struct sys_fstatvfs1_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(int) fd;
|
2004-04-21 05:05:31 +04:00
|
|
|
syscallarg(struct statvfs *) buf;
|
|
|
|
|
syscallarg(int) flags;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2006-05-10 15:02:29 +04:00
|
|
|
struct statvfs *sb;
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
|
|
|
|
|
2006-05-10 15:02:29 +04:00
|
|
|
sb = STATVFSBUF_GET();
|
2007-04-30 12:32:14 +04:00
|
|
|
error = do_sys_fstatvfs(l, SCARG(uap, fd), SCARG(uap, flags), sb);
|
2007-05-21 22:30:35 +04:00
|
|
|
if (error == 0)
|
2007-04-30 12:32:14 +04:00
|
|
|
error = copyout(sb, SCARG(uap, buf), sizeof(*sb));
|
2006-05-10 15:02:29 +04:00
|
|
|
STATVFSBUF_PUT(sb);
|
2003-04-17 01:44:18 +04:00
|
|
|
return error;
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
|
|
|
|
|
2003-04-17 01:44:18 +04:00
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/*
|
|
|
|
|
* Get statistics on all filesystems.
|
|
|
|
|
*/
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-04-30 12:32:14 +04:00
|
|
|
do_sys_getvfsstat(struct lwp *l, void *sfsp, size_t bufsize, int flags,
|
|
|
|
|
int (*copyfn)(const void *, void *, size_t), size_t entry_sz,
|
|
|
|
|
register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2003-04-17 01:44:18 +04:00
|
|
|
int root = 0;
|
2003-01-18 13:06:22 +03:00
|
|
|
struct proc *p = l->l_proc;
|
2000-03-30 13:27:11 +04:00
|
|
|
struct mount *mp, *nmp;
|
2006-05-10 15:02:29 +04:00
|
|
|
struct statvfs *sb;
|
2004-04-21 05:05:31 +04:00
|
|
|
size_t count, maxcount;
|
|
|
|
|
int error = 0;
|
1994-06-29 10:29:24 +04:00
|
|
|
|
2006-05-10 15:02:29 +04:00
|
|
|
sb = STATVFSBUF_GET();
|
2007-04-30 12:32:14 +04:00
|
|
|
maxcount = bufsize / entry_sz;
|
2007-10-11 00:42:20 +04:00
|
|
|
mutex_enter(&mountlist_lock);
|
1998-03-01 05:20:01 +03:00
|
|
|
count = 0;
|
2002-09-04 05:32:31 +04:00
|
|
|
for (mp = CIRCLEQ_FIRST(&mountlist); mp != (void *)&mountlist;
|
|
|
|
|
mp = nmp) {
|
2008-01-30 14:46:59 +03:00
|
|
|
if (vfs_trybusy(mp, RW_READER, &mountlist_lock)) {
|
2002-09-04 05:32:31 +04:00
|
|
|
nmp = CIRCLEQ_NEXT(mp, mnt_list);
|
1998-03-01 05:20:01 +03:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
if (sfsp && count < maxcount) {
|
2007-04-30 12:32:14 +04:00
|
|
|
error = dostatvfs(mp, sb, l, flags, 0);
|
2003-04-17 01:44:18 +04:00
|
|
|
if (error) {
|
2007-10-11 00:42:20 +04:00
|
|
|
mutex_enter(&mountlist_lock);
|
2002-09-04 05:32:31 +04:00
|
|
|
nmp = CIRCLEQ_NEXT(mp, mnt_list);
|
2008-01-30 14:46:59 +03:00
|
|
|
vfs_unbusy(mp, false);
|
1994-06-29 10:29:24 +04:00
|
|
|
continue;
|
1998-03-01 05:20:01 +03:00
|
|
|
}
|
2007-04-30 12:32:14 +04:00
|
|
|
error = copyfn(sb, sfsp, entry_sz);
|
1999-03-31 23:18:45 +04:00
|
|
|
if (error) {
|
2008-01-30 14:46:59 +03:00
|
|
|
vfs_unbusy(mp, false);
|
2006-05-10 15:02:29 +04:00
|
|
|
goto out;
|
1999-03-31 23:18:45 +04:00
|
|
|
}
|
2007-04-30 12:32:14 +04:00
|
|
|
sfsp = (char *)sfsp + entry_sz;
|
2006-05-10 15:02:29 +04:00
|
|
|
root |= strcmp(sb->f_mntonname, "/") == 0;
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
|
|
|
|
count++;
|
2007-10-11 00:42:20 +04:00
|
|
|
mutex_enter(&mountlist_lock);
|
2002-09-04 05:32:31 +04:00
|
|
|
nmp = CIRCLEQ_NEXT(mp, mnt_list);
|
2008-01-30 14:46:59 +03:00
|
|
|
vfs_unbusy(mp, false);
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
2007-10-24 19:28:55 +04:00
|
|
|
|
2007-10-11 00:42:20 +04:00
|
|
|
mutex_exit(&mountlist_lock);
|
2003-04-17 01:44:18 +04:00
|
|
|
if (root == 0 && p->p_cwdi->cwdi_rdir) {
|
|
|
|
|
/*
|
|
|
|
|
* fake a root entry
|
|
|
|
|
*/
|
2007-10-24 19:28:55 +04:00
|
|
|
error = dostatvfs(p->p_cwdi->cwdi_rdir->v_mount,
|
|
|
|
|
sb, l, flags, 1);
|
2007-04-30 12:32:14 +04:00
|
|
|
if (error != 0)
|
2006-05-10 15:02:29 +04:00
|
|
|
goto out;
|
2003-04-17 01:44:18 +04:00
|
|
|
if (sfsp)
|
2007-04-30 12:32:14 +04:00
|
|
|
error = copyfn(sb, sfsp, entry_sz);
|
2003-04-17 01:44:18 +04:00
|
|
|
count++;
|
|
|
|
|
}
|
1994-06-29 10:29:24 +04:00
|
|
|
if (sfsp && count > maxcount)
|
|
|
|
|
*retval = maxcount;
|
|
|
|
|
else
|
|
|
|
|
*retval = count;
|
2006-05-10 15:02:29 +04:00
|
|
|
out:
|
|
|
|
|
STATVFSBUF_PUT(sb);
|
2003-04-17 01:44:18 +04:00
|
|
|
return error;
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
|
|
|
|
|
2007-04-30 12:32:14 +04:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_getvfsstat(struct lwp *l, const struct sys_getvfsstat_args *uap, register_t *retval)
|
2007-04-30 12:32:14 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
2007-04-30 12:32:14 +04:00
|
|
|
syscallarg(struct statvfs *) buf;
|
|
|
|
|
syscallarg(size_t) bufsize;
|
|
|
|
|
syscallarg(int) flags;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2007-04-30 12:32:14 +04:00
|
|
|
|
|
|
|
|
return do_sys_getvfsstat(l, SCARG(uap, buf), SCARG(uap, bufsize),
|
|
|
|
|
SCARG(uap, flags), copyout, sizeof (struct statvfs), retval);
|
|
|
|
|
}
|
|
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/*
|
|
|
|
|
* Change current working directory to a given file descriptor.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_fchdir(struct lwp *l, const struct sys_fchdir_args *uap, register_t *retval)
|
1994-06-29 10:29:24 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1995-09-20 01:40:36 +04:00
|
|
|
syscallarg(int) fd;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2003-01-18 13:06:22 +03:00
|
|
|
struct proc *p = l->l_proc;
|
2007-10-08 19:12:05 +04:00
|
|
|
struct cwdinfo *cwdi;
|
1994-12-14 19:30:40 +03:00
|
|
|
struct vnode *vp, *tdp;
|
|
|
|
|
struct mount *mp;
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
|
|
|
|
int error, fd;
|
1994-06-29 10:29:24 +04:00
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
/* fd_getvnode() will use the descriptor for us */
|
|
|
|
|
fd = SCARG(uap, fd);
|
|
|
|
|
if ((error = fd_getvnode(fd, &fp)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
2008-03-22 00:54:58 +03:00
|
|
|
vp = fp->f_data;
|
1999-03-22 20:13:34 +03:00
|
|
|
|
1994-12-14 19:30:40 +03:00
|
|
|
VREF(vp);
|
1998-03-01 05:20:01 +03:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
|
1994-06-29 10:29:24 +04:00
|
|
|
if (vp->v_type != VDIR)
|
|
|
|
|
error = ENOTDIR;
|
|
|
|
|
else
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VOP_ACCESS(vp, VEXEC, l->l_cred);
|
2007-02-28 23:39:06 +03:00
|
|
|
if (error) {
|
|
|
|
|
vput(vp);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2007-03-01 13:02:31 +03:00
|
|
|
while ((mp = vp->v_mountedhere) != NULL) {
|
2008-01-30 14:46:59 +03:00
|
|
|
if (vfs_busy(mp, RW_READER, NULL))
|
1994-12-14 19:30:40 +03:00
|
|
|
continue;
|
2007-02-04 18:03:20 +03:00
|
|
|
vput(vp);
|
2003-06-29 22:43:21 +04:00
|
|
|
error = VFS_ROOT(mp, &tdp);
|
2008-01-30 14:46:59 +03:00
|
|
|
vfs_unbusy(mp, false);
|
1998-03-01 05:20:01 +03:00
|
|
|
if (error)
|
2007-02-28 23:39:06 +03:00
|
|
|
goto out;
|
1994-12-14 19:30:40 +03:00
|
|
|
vp = tdp;
|
|
|
|
|
}
|
1998-03-01 05:20:01 +03:00
|
|
|
VOP_UNLOCK(vp, 0);
|
1999-03-22 20:13:34 +03:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Disallow changing to a directory not under the process's
|
|
|
|
|
* current root directory (if there is one).
|
|
|
|
|
*/
|
2007-10-08 19:12:05 +04:00
|
|
|
cwdi = p->p_cwdi;
|
|
|
|
|
rw_enter(&cwdi->cwdi_lock, RW_WRITER);
|
2005-12-11 15:16:03 +03:00
|
|
|
if (cwdi->cwdi_rdir && !vn_isunder(vp, NULL, l)) {
|
1999-03-22 20:13:34 +03:00
|
|
|
vrele(vp);
|
1999-05-06 00:01:01 +04:00
|
|
|
error = EPERM; /* operation not permitted */
|
2007-10-08 19:12:05 +04:00
|
|
|
} else {
|
|
|
|
|
vrele(cwdi->cwdi_cdir);
|
|
|
|
|
cwdi->cwdi_cdir = vp;
|
1999-03-22 20:13:34 +03:00
|
|
|
}
|
2007-10-08 19:12:05 +04:00
|
|
|
rw_exit(&cwdi->cwdi_lock);
|
2004-03-23 16:22:32 +03:00
|
|
|
|
1999-05-06 00:01:01 +04:00
|
|
|
out:
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_putfile(fd);
|
1999-05-06 00:01:01 +04:00
|
|
|
return (error);
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
|
|
|
|
|
1999-03-22 20:13:34 +03:00
|
|
|
/*
|
2005-06-06 03:47:48 +04:00
|
|
|
* Change this process's notion of the root directory to a given file
|
|
|
|
|
* descriptor.
|
1999-03-22 20:13:34 +03:00
|
|
|
*/
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_fchroot(struct lwp *l, const struct sys_fchroot_args *uap, register_t *retval)
|
1999-03-22 20:13:34 +03:00
|
|
|
{
|
2003-01-18 13:06:22 +03:00
|
|
|
struct proc *p = l->l_proc;
|
2007-10-08 19:12:05 +04:00
|
|
|
struct cwdinfo *cwdi;
|
1999-03-22 20:13:34 +03:00
|
|
|
struct vnode *vp;
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
|
|
|
|
int error, fd = SCARG(uap, fd);
|
1999-03-22 20:13:34 +03:00
|
|
|
|
First take at security model abstraction.
- Add a few scopes to the kernel: system, network, and machdep.
- Add a few more actions/sub-actions (requests), and start using them as
opposed to the KAUTH_GENERIC_ISSUSER place-holders.
- Introduce a basic set of listeners that implement our "traditional"
security model, called "bsd44". This is the default (and only) model we
have at the moment.
- Update all relevant documentation.
- Add some code and docs to help folks who want to actually use this stuff:
* There's a sample overlay model, sitting on-top of "bsd44", for
fast experimenting with tweaking just a subset of an existing model.
This is pretty cool because it's *really* straightforward to do stuff
you had to use ugly hacks for until now...
* And of course, documentation describing how to do the above for quick
reference, including code samples.
All of these changes were tested for regressions using a Python-based
testsuite that will be (I hope) available soon via pkgsrc. Information
about the tests, and how to write new ones, can be found on:
http://kauth.linbsd.org/kauthwiki
NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the
following:
- Uses a KAUTH_GENERIC_ISSUSER kauth(9) request,
- Checks 'securelevel' directly,
- Checks a uid/gid directly.
(or if you feel you have to, contact me first)
This is still work in progress; It's far from being done, but now it'll
be a lot easier.
Relevant mailing list threads:
http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html
http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html
http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html
http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html
Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help
stablizing kauth(9).
Full credit for the regression tests, making sure these changes didn't break
anything, goes to Matt Fleming and Jaime Fournier.
Happy birthday Randi! :)
2006-09-09 00:58:56 +04:00
|
|
|
if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_CHROOT,
|
|
|
|
|
KAUTH_REQ_SYSTEM_CHROOT_FCHROOT, NULL, NULL, NULL)) != 0)
|
1999-03-22 20:13:34 +03:00
|
|
|
return error;
|
2008-03-22 00:54:58 +03:00
|
|
|
/* fd_getvnode() will use the descriptor for us */
|
|
|
|
|
if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
|
1999-03-22 20:13:34 +03:00
|
|
|
return error;
|
2008-03-22 00:54:58 +03:00
|
|
|
vp = fp->f_data;
|
1999-03-22 20:13:34 +03:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
|
|
|
|
|
if (vp->v_type != VDIR)
|
|
|
|
|
error = ENOTDIR;
|
|
|
|
|
else
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VOP_ACCESS(vp, VEXEC, l->l_cred);
|
1999-03-22 20:13:34 +03:00
|
|
|
VOP_UNLOCK(vp, 0);
|
|
|
|
|
if (error)
|
1999-05-06 00:01:01 +04:00
|
|
|
goto out;
|
1999-03-22 20:13:34 +03:00
|
|
|
VREF(vp);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Prevent escaping from chroot by putting the root under
|
|
|
|
|
* the working directory. Silently chdir to / if we aren't
|
|
|
|
|
* already there.
|
|
|
|
|
*/
|
2007-10-08 19:12:05 +04:00
|
|
|
cwdi = p->p_cwdi;
|
|
|
|
|
rw_enter(&cwdi->cwdi_lock, RW_WRITER);
|
2005-12-11 15:16:03 +03:00
|
|
|
if (!vn_isunder(cwdi->cwdi_cdir, vp, l)) {
|
1999-03-22 20:13:34 +03:00
|
|
|
/*
|
|
|
|
|
* XXX would be more failsafe to change directory to a
|
|
|
|
|
* deadfs node here instead
|
|
|
|
|
*/
|
1999-04-30 22:42:58 +04:00
|
|
|
vrele(cwdi->cwdi_cdir);
|
1999-03-22 20:13:34 +03:00
|
|
|
VREF(vp);
|
1999-04-30 22:42:58 +04:00
|
|
|
cwdi->cwdi_cdir = vp;
|
1999-03-22 20:13:34 +03:00
|
|
|
}
|
2004-03-23 16:22:32 +03:00
|
|
|
|
1999-04-30 22:42:58 +04:00
|
|
|
if (cwdi->cwdi_rdir != NULL)
|
|
|
|
|
vrele(cwdi->cwdi_rdir);
|
|
|
|
|
cwdi->cwdi_rdir = vp;
|
2007-10-08 19:12:05 +04:00
|
|
|
rw_exit(&cwdi->cwdi_lock);
|
|
|
|
|
|
1999-05-06 00:01:01 +04:00
|
|
|
out:
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_putfile(fd);
|
1999-05-06 00:01:01 +04:00
|
|
|
return (error);
|
1999-03-22 20:13:34 +03:00
|
|
|
}
|
|
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/*
|
|
|
|
|
* Change current working directory (``.'').
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_chdir(struct lwp *l, const struct sys_chdir_args *uap, register_t *retval)
|
1994-06-29 10:29:24 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2003-01-18 13:06:22 +03:00
|
|
|
struct proc *p = l->l_proc;
|
2007-10-08 19:12:05 +04:00
|
|
|
struct cwdinfo *cwdi;
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-04-22 12:29:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
2005-12-11 15:16:03 +03:00
|
|
|
if ((error = change_dir(&nd, l)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
2007-10-08 19:12:05 +04:00
|
|
|
cwdi = p->p_cwdi;
|
|
|
|
|
rw_enter(&cwdi->cwdi_lock, RW_WRITER);
|
1999-04-30 22:42:58 +04:00
|
|
|
vrele(cwdi->cwdi_cdir);
|
|
|
|
|
cwdi->cwdi_cdir = nd.ni_vp;
|
2007-10-08 19:12:05 +04:00
|
|
|
rw_exit(&cwdi->cwdi_lock);
|
1994-06-29 10:29:24 +04:00
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Change notion of root (``/'') directory.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_chroot(struct lwp *l, const struct sys_chroot_args *uap, register_t *retval)
|
1994-06-29 10:29:24 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2003-01-18 13:06:22 +03:00
|
|
|
struct proc *p = l->l_proc;
|
2007-10-08 19:12:05 +04:00
|
|
|
struct cwdinfo *cwdi;
|
1999-03-22 20:13:34 +03:00
|
|
|
struct vnode *vp;
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
First take at security model abstraction.
- Add a few scopes to the kernel: system, network, and machdep.
- Add a few more actions/sub-actions (requests), and start using them as
opposed to the KAUTH_GENERIC_ISSUSER place-holders.
- Introduce a basic set of listeners that implement our "traditional"
security model, called "bsd44". This is the default (and only) model we
have at the moment.
- Update all relevant documentation.
- Add some code and docs to help folks who want to actually use this stuff:
* There's a sample overlay model, sitting on-top of "bsd44", for
fast experimenting with tweaking just a subset of an existing model.
This is pretty cool because it's *really* straightforward to do stuff
you had to use ugly hacks for until now...
* And of course, documentation describing how to do the above for quick
reference, including code samples.
All of these changes were tested for regressions using a Python-based
testsuite that will be (I hope) available soon via pkgsrc. Information
about the tests, and how to write new ones, can be found on:
http://kauth.linbsd.org/kauthwiki
NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the
following:
- Uses a KAUTH_GENERIC_ISSUSER kauth(9) request,
- Checks 'securelevel' directly,
- Checks a uid/gid directly.
(or if you feel you have to, contact me first)
This is still work in progress; It's far from being done, but now it'll
be a lot easier.
Relevant mailing list threads:
http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html
http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html
http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html
http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html
Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help
stablizing kauth(9).
Full credit for the regression tests, making sure these changes didn't break
anything, goes to Matt Fleming and Jaime Fournier.
Happy birthday Randi! :)
2006-09-09 00:58:56 +04:00
|
|
|
if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_CHROOT,
|
|
|
|
|
KAUTH_REQ_SYSTEM_CHROOT_CHROOT, NULL, NULL, NULL)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
2007-04-22 12:29:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
2005-12-11 15:16:03 +03:00
|
|
|
if ((error = change_dir(&nd, l)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
2007-10-08 19:12:05 +04:00
|
|
|
|
|
|
|
|
cwdi = p->p_cwdi;
|
|
|
|
|
rw_enter(&cwdi->cwdi_lock, RW_WRITER);
|
1999-04-30 22:42:58 +04:00
|
|
|
if (cwdi->cwdi_rdir != NULL)
|
|
|
|
|
vrele(cwdi->cwdi_rdir);
|
1999-03-22 20:13:34 +03:00
|
|
|
vp = nd.ni_vp;
|
1999-04-30 22:42:58 +04:00
|
|
|
cwdi->cwdi_rdir = vp;
|
1999-03-22 20:13:34 +03:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Prevent escaping from chroot by putting the root under
|
|
|
|
|
* the working directory. Silently chdir to / if we aren't
|
|
|
|
|
* already there.
|
|
|
|
|
*/
|
2005-12-11 15:16:03 +03:00
|
|
|
if (!vn_isunder(cwdi->cwdi_cdir, vp, l)) {
|
1999-03-22 20:13:34 +03:00
|
|
|
/*
|
|
|
|
|
* XXX would be more failsafe to change directory to a
|
|
|
|
|
* deadfs node here instead
|
|
|
|
|
*/
|
1999-04-30 22:42:58 +04:00
|
|
|
vrele(cwdi->cwdi_cdir);
|
1999-03-22 20:13:34 +03:00
|
|
|
VREF(vp);
|
1999-04-30 22:42:58 +04:00
|
|
|
cwdi->cwdi_cdir = vp;
|
1999-03-22 20:13:34 +03:00
|
|
|
}
|
2007-10-08 19:12:05 +04:00
|
|
|
rw_exit(&cwdi->cwdi_lock);
|
2004-03-23 16:22:32 +03:00
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Common routine for chroot and chdir.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2005-12-11 15:16:03 +03:00
|
|
|
change_dir(struct nameidata *ndp, struct lwp *l)
|
1994-06-29 10:29:24 +04:00
|
|
|
{
|
|
|
|
|
struct vnode *vp;
|
|
|
|
|
int error;
|
|
|
|
|
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(ndp)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
vp = ndp->ni_vp;
|
|
|
|
|
if (vp->v_type != VDIR)
|
|
|
|
|
error = ENOTDIR;
|
|
|
|
|
else
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VOP_ACCESS(vp, VEXEC, l->l_cred);
|
2004-03-23 16:22:32 +03:00
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
if (error)
|
1998-03-01 05:20:01 +03:00
|
|
|
vput(vp);
|
|
|
|
|
else
|
|
|
|
|
VOP_UNLOCK(vp, 0);
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check permissions, allocate an open file structure,
|
|
|
|
|
* and call the device open routine if any.
|
|
|
|
|
*/
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_open(struct lwp *l, const struct sys_open_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(int) flags;
|
|
|
|
|
syscallarg(int) mode;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2003-01-18 13:06:22 +03:00
|
|
|
struct proc *p = l->l_proc;
|
1999-04-30 22:42:58 +04:00
|
|
|
struct cwdinfo *cwdi = p->p_cwdi;
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
1999-05-06 00:01:01 +04:00
|
|
|
struct vnode *vp;
|
1994-06-29 10:29:24 +04:00
|
|
|
int flags, cmode;
|
|
|
|
|
int type, indx, error;
|
|
|
|
|
struct flock lf;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
1997-10-19 21:18:10 +04:00
|
|
|
flags = FFLAGS(SCARG(uap, flags));
|
|
|
|
|
if ((flags & (FREAD | FWRITE)) == 0)
|
|
|
|
|
return (EINVAL);
|
2008-03-22 00:54:58 +03:00
|
|
|
if ((error = fd_allocfile(&fp, &indx)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
2007-10-08 19:12:05 +04:00
|
|
|
/* We're going to read cwdi->cwdi_cmask unlocked here. */
|
1999-04-30 22:42:58 +04:00
|
|
|
cmode = ((SCARG(uap, mode) &~ cwdi->cwdi_cmask) & ALLPERMS) &~ S_ISTXT;
|
2007-10-24 19:28:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
2003-09-13 12:32:10 +04:00
|
|
|
l->l_dupfd = -indx - 1; /* XXX check for fdopen */
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = vn_open(&nd, flags, cmode)) != 0) {
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_abort(p, fp, indx);
|
2004-11-30 07:25:43 +03:00
|
|
|
if ((error == EDUPFD || error == EMOVEFD) &&
|
2003-09-13 12:32:10 +04:00
|
|
|
l->l_dupfd >= 0 && /* XXX from fdopen */
|
1994-12-14 22:36:15 +03:00
|
|
|
(error =
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_dupopen(l->l_dupfd, &indx, flags, error)) == 0) {
|
1994-12-14 22:36:15 +03:00
|
|
|
*retval = indx;
|
|
|
|
|
return (0);
|
1994-12-14 22:08:07 +03:00
|
|
|
}
|
1994-12-14 22:36:15 +03:00
|
|
|
if (error == ERESTART)
|
|
|
|
|
error = EINTR;
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
2007-10-24 19:28:55 +04:00
|
|
|
|
2003-09-13 12:32:10 +04:00
|
|
|
l->l_dupfd = 0;
|
1994-06-29 10:29:24 +04:00
|
|
|
vp = nd.ni_vp;
|
|
|
|
|
fp->f_flag = flags & FMASK;
|
|
|
|
|
fp->f_type = DTYPE_VNODE;
|
|
|
|
|
fp->f_ops = &vnops;
|
2003-03-22 02:11:19 +03:00
|
|
|
fp->f_data = vp;
|
1994-06-29 10:29:24 +04:00
|
|
|
if (flags & (O_EXLOCK | O_SHLOCK)) {
|
|
|
|
|
lf.l_whence = SEEK_SET;
|
|
|
|
|
lf.l_start = 0;
|
|
|
|
|
lf.l_len = 0;
|
|
|
|
|
if (flags & O_EXLOCK)
|
|
|
|
|
lf.l_type = F_WRLCK;
|
|
|
|
|
else
|
|
|
|
|
lf.l_type = F_RDLCK;
|
|
|
|
|
type = F_FLOCK;
|
|
|
|
|
if ((flags & FNONBLOCK) == 0)
|
|
|
|
|
type |= F_WAIT;
|
1998-03-01 05:20:01 +03:00
|
|
|
VOP_UNLOCK(vp, 0);
|
2003-03-22 02:11:19 +03:00
|
|
|
error = VOP_ADVLOCK(vp, fp, F_SETLK, &lf, type);
|
1996-02-04 05:17:43 +03:00
|
|
|
if (error) {
|
2008-03-22 00:54:58 +03:00
|
|
|
(void) vn_close(vp, fp->f_flag, fp->f_cred);
|
|
|
|
|
fd_abort(p, fp, indx);
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
1998-03-01 05:20:01 +03:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
|
2008-03-22 00:54:58 +03:00
|
|
|
atomic_or_uint(&fp->f_flag, FHASLOCK);
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
1998-03-01 05:20:01 +03:00
|
|
|
VOP_UNLOCK(vp, 0);
|
1994-06-29 10:29:24 +04:00
|
|
|
*retval = indx;
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_affix(p, fp, indx);
|
1994-06-29 10:29:24 +04:00
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
2006-07-14 22:29:40 +04:00
|
|
|
static void
|
|
|
|
|
vfs__fhfree(fhandle_t *fhp)
|
|
|
|
|
{
|
|
|
|
|
size_t fhsize;
|
|
|
|
|
|
|
|
|
|
if (fhp == NULL) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
fhsize = FHANDLE_SIZE(fhp);
|
|
|
|
|
kmem_free(fhp, fhsize);
|
|
|
|
|
}
|
|
|
|
|
|
2006-06-17 11:06:50 +04:00
|
|
|
/*
|
|
|
|
|
* vfs_composefh: compose a filehandle.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
int
|
2006-07-13 16:00:24 +04:00
|
|
|
vfs_composefh(struct vnode *vp, fhandle_t *fhp, size_t *fh_size)
|
2006-06-17 11:06:50 +04:00
|
|
|
{
|
|
|
|
|
struct mount *mp;
|
2006-07-14 22:30:35 +04:00
|
|
|
struct fid *fidp;
|
2006-06-17 11:06:50 +04:00
|
|
|
int error;
|
2006-07-14 22:30:35 +04:00
|
|
|
size_t needfhsize;
|
|
|
|
|
size_t fidsize;
|
2006-06-17 11:06:50 +04:00
|
|
|
|
|
|
|
|
mp = vp->v_mount;
|
2006-07-14 22:30:35 +04:00
|
|
|
fidp = NULL;
|
2006-07-15 20:32:29 +04:00
|
|
|
if (*fh_size < FHANDLE_SIZE_MIN) {
|
2006-07-14 22:30:35 +04:00
|
|
|
fidsize = 0;
|
2006-07-13 16:00:24 +04:00
|
|
|
} else {
|
2006-07-14 22:30:35 +04:00
|
|
|
fidsize = *fh_size - offsetof(fhandle_t, fh_fid);
|
|
|
|
|
if (fhp != NULL) {
|
|
|
|
|
memset(fhp, 0, *fh_size);
|
|
|
|
|
fhp->fh_fsid = mp->mnt_stat.f_fsidx;
|
|
|
|
|
fidp = &fhp->fh_fid;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
error = VFS_VPTOFH(vp, fidp, &fidsize);
|
|
|
|
|
needfhsize = FHANDLE_SIZE_FROM_FILEID_SIZE(fidsize);
|
|
|
|
|
if (error == 0 && *fh_size < needfhsize) {
|
|
|
|
|
error = E2BIG;
|
2006-07-13 16:00:24 +04:00
|
|
|
}
|
2006-07-14 22:30:35 +04:00
|
|
|
*fh_size = needfhsize;
|
2006-06-17 11:06:50 +04:00
|
|
|
return error;
|
|
|
|
|
}
|
|
|
|
|
|
2006-07-14 22:29:40 +04:00
|
|
|
int
|
|
|
|
|
vfs_composefh_alloc(struct vnode *vp, fhandle_t **fhpp)
|
|
|
|
|
{
|
|
|
|
|
struct mount *mp;
|
|
|
|
|
fhandle_t *fhp;
|
|
|
|
|
size_t fhsize;
|
|
|
|
|
size_t fidsize;
|
|
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
*fhpp = NULL;
|
|
|
|
|
mp = vp->v_mount;
|
2006-07-20 20:18:14 +04:00
|
|
|
fidsize = 0;
|
2006-07-14 22:29:40 +04:00
|
|
|
error = VFS_VPTOFH(vp, NULL, &fidsize);
|
|
|
|
|
KASSERT(error != 0);
|
|
|
|
|
if (error != E2BIG) {
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2006-07-14 22:30:35 +04:00
|
|
|
fhsize = FHANDLE_SIZE_FROM_FILEID_SIZE(fidsize);
|
2006-07-14 22:29:40 +04:00
|
|
|
fhp = kmem_zalloc(fhsize, KM_SLEEP);
|
|
|
|
|
if (fhp == NULL) {
|
|
|
|
|
error = ENOMEM;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
fhp->fh_fsid = mp->mnt_stat.f_fsidx;
|
|
|
|
|
error = VFS_VPTOFH(vp, &fhp->fh_fid, &fidsize);
|
|
|
|
|
if (error == 0) {
|
|
|
|
|
KASSERT((FHANDLE_SIZE(fhp) == fhsize &&
|
|
|
|
|
FHANDLE_FILEID(fhp)->fid_len == fidsize));
|
|
|
|
|
*fhpp = fhp;
|
|
|
|
|
} else {
|
|
|
|
|
kmem_free(fhp, fhsize);
|
|
|
|
|
}
|
|
|
|
|
out:
|
|
|
|
|
return error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
vfs_composefh_free(fhandle_t *fhp)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
vfs__fhfree(fhp);
|
|
|
|
|
}
|
|
|
|
|
|
2006-07-14 19:59:29 +04:00
|
|
|
/*
|
|
|
|
|
* vfs_fhtovp: lookup a vnode by a filehandle.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
vfs_fhtovp(fhandle_t *fhp, struct vnode **vpp)
|
|
|
|
|
{
|
|
|
|
|
struct mount *mp;
|
|
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
*vpp = NULL;
|
|
|
|
|
mp = vfs_getvfs(FHANDLE_FSID(fhp));
|
|
|
|
|
if (mp == NULL) {
|
|
|
|
|
error = ESTALE;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if (mp->mnt_op->vfs_fhtovp == NULL) {
|
|
|
|
|
error = EOPNOTSUPP;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
error = VFS_FHTOVP(mp, FHANDLE_FILEID(fhp), vpp);
|
|
|
|
|
out:
|
|
|
|
|
return error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2006-08-04 20:29:51 +04:00
|
|
|
* vfs_copyinfh_alloc: allocate and copyin a filehandle, given
|
2006-07-31 20:34:42 +04:00
|
|
|
* the needed size.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
int
|
2006-08-04 20:29:51 +04:00
|
|
|
vfs_copyinfh_alloc(const void *ufhp, size_t fhsize, fhandle_t **fhpp)
|
2006-07-31 20:34:42 +04:00
|
|
|
{
|
|
|
|
|
fhandle_t *fhp;
|
|
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
*fhpp = NULL;
|
2006-07-14 22:30:35 +04:00
|
|
|
if (fhsize > FHANDLE_SIZE_MAX) {
|
|
|
|
|
return EINVAL;
|
|
|
|
|
}
|
2006-08-04 20:29:51 +04:00
|
|
|
if (fhsize < FHANDLE_SIZE_MIN) {
|
|
|
|
|
return EINVAL;
|
|
|
|
|
}
|
2006-08-08 17:08:08 +04:00
|
|
|
again:
|
2006-07-14 19:59:29 +04:00
|
|
|
fhp = kmem_alloc(fhsize, KM_SLEEP);
|
|
|
|
|
if (fhp == NULL) {
|
|
|
|
|
return ENOMEM;
|
|
|
|
|
}
|
|
|
|
|
error = copyin(ufhp, fhp, fhsize);
|
|
|
|
|
if (error == 0) {
|
2006-08-04 20:29:51 +04:00
|
|
|
/* XXX this check shouldn't be here */
|
|
|
|
|
if (FHANDLE_SIZE(fhp) == fhsize) {
|
2006-07-31 20:34:42 +04:00
|
|
|
*fhpp = fhp;
|
|
|
|
|
return 0;
|
2006-08-08 17:08:08 +04:00
|
|
|
} else if (fhsize == NFSX_V2FH && FHANDLE_SIZE(fhp) < fhsize) {
|
|
|
|
|
/*
|
|
|
|
|
* a kludge for nfsv2 padded handles.
|
|
|
|
|
*/
|
|
|
|
|
size_t sz;
|
|
|
|
|
|
|
|
|
|
sz = FHANDLE_SIZE(fhp);
|
|
|
|
|
kmem_free(fhp, fhsize);
|
|
|
|
|
fhsize = sz;
|
|
|
|
|
goto again;
|
2006-08-04 17:31:51 +04:00
|
|
|
} else {
|
2006-08-04 20:29:51 +04:00
|
|
|
/*
|
|
|
|
|
* userland told us wrong size.
|
|
|
|
|
*/
|
2006-07-31 20:34:42 +04:00
|
|
|
error = EINVAL;
|
2006-08-04 17:31:51 +04:00
|
|
|
}
|
2006-07-14 19:59:29 +04:00
|
|
|
}
|
2006-07-31 20:34:42 +04:00
|
|
|
kmem_free(fhp, fhsize);
|
2006-07-14 19:59:29 +04:00
|
|
|
return error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
vfs_copyinfh_free(fhandle_t *fhp)
|
|
|
|
|
{
|
|
|
|
|
|
2006-07-14 22:29:40 +04:00
|
|
|
vfs__fhfree(fhp);
|
2006-07-14 19:59:29 +04:00
|
|
|
}
|
|
|
|
|
|
1999-06-30 02:18:47 +04:00
|
|
|
/*
|
|
|
|
|
* Get file handle system call
|
|
|
|
|
*/
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys___getfh30(struct lwp *l, const struct sys___getfh30_args *uap, register_t *retval)
|
1999-06-30 02:18:47 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1999-06-30 02:18:47 +04:00
|
|
|
syscallarg(char *) fname;
|
|
|
|
|
syscallarg(fhandle_t *) fhp;
|
2006-07-13 16:00:24 +04:00
|
|
|
syscallarg(size_t *) fh_size;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2000-03-30 13:27:11 +04:00
|
|
|
struct vnode *vp;
|
2006-07-13 16:00:24 +04:00
|
|
|
fhandle_t *fh;
|
1999-06-30 02:18:47 +04:00
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
2006-07-13 16:00:24 +04:00
|
|
|
size_t sz;
|
2006-07-14 22:29:40 +04:00
|
|
|
size_t usz;
|
1999-06-30 02:18:47 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Must be super user
|
|
|
|
|
*/
|
First take at security model abstraction.
- Add a few scopes to the kernel: system, network, and machdep.
- Add a few more actions/sub-actions (requests), and start using them as
opposed to the KAUTH_GENERIC_ISSUSER place-holders.
- Introduce a basic set of listeners that implement our "traditional"
security model, called "bsd44". This is the default (and only) model we
have at the moment.
- Update all relevant documentation.
- Add some code and docs to help folks who want to actually use this stuff:
* There's a sample overlay model, sitting on-top of "bsd44", for
fast experimenting with tweaking just a subset of an existing model.
This is pretty cool because it's *really* straightforward to do stuff
you had to use ugly hacks for until now...
* And of course, documentation describing how to do the above for quick
reference, including code samples.
All of these changes were tested for regressions using a Python-based
testsuite that will be (I hope) available soon via pkgsrc. Information
about the tests, and how to write new ones, can be found on:
http://kauth.linbsd.org/kauthwiki
NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the
following:
- Uses a KAUTH_GENERIC_ISSUSER kauth(9) request,
- Checks 'securelevel' directly,
- Checks a uid/gid directly.
(or if you feel you have to, contact me first)
This is still work in progress; It's far from being done, but now it'll
be a lot easier.
Relevant mailing list threads:
http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html
http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html
http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html
http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html
Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help
stablizing kauth(9).
Full credit for the regression tests, making sure these changes didn't break
anything, goes to Matt Fleming and Jaime Fournier.
Happy birthday Randi! :)
2006-09-09 00:58:56 +04:00
|
|
|
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FILEHANDLE,
|
|
|
|
|
0, NULL, NULL, NULL);
|
1999-06-30 02:18:47 +04:00
|
|
|
if (error)
|
|
|
|
|
return (error);
|
2007-04-22 12:29:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, fname));
|
1999-06-30 02:18:47 +04:00
|
|
|
error = namei(&nd);
|
|
|
|
|
if (error)
|
|
|
|
|
return (error);
|
|
|
|
|
vp = nd.ni_vp;
|
2006-07-14 22:29:40 +04:00
|
|
|
error = vfs_composefh_alloc(vp, &fh);
|
2006-07-14 18:28:58 +04:00
|
|
|
vput(vp);
|
2006-07-14 22:29:40 +04:00
|
|
|
if (error != 0) {
|
|
|
|
|
goto out;
|
2006-07-13 16:00:24 +04:00
|
|
|
}
|
2006-07-14 22:29:40 +04:00
|
|
|
error = copyin(SCARG(uap, fh_size), &usz, sizeof(size_t));
|
|
|
|
|
if (error != 0) {
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
sz = FHANDLE_SIZE(fh);
|
|
|
|
|
error = copyout(&sz, SCARG(uap, fh_size), sizeof(size_t));
|
|
|
|
|
if (error != 0) {
|
|
|
|
|
goto out;
|
2006-07-13 16:00:24 +04:00
|
|
|
}
|
2006-07-14 22:29:40 +04:00
|
|
|
if (usz >= sz) {
|
|
|
|
|
error = copyout(fh, SCARG(uap, fhp), sz);
|
|
|
|
|
} else {
|
|
|
|
|
error = E2BIG;
|
|
|
|
|
}
|
|
|
|
|
out:
|
|
|
|
|
vfs_composefh_free(fh);
|
1999-06-30 02:18:47 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Open a file given a file handle.
|
|
|
|
|
*
|
|
|
|
|
* Check permissions, allocate an open file structure,
|
|
|
|
|
* and call the device open routine if any.
|
|
|
|
|
*/
|
2006-08-04 20:29:51 +04:00
|
|
|
|
1999-06-30 02:18:47 +04:00
|
|
|
int
|
2006-08-04 20:29:51 +04:00
|
|
|
dofhopen(struct lwp *l, const void *ufhp, size_t fhsize, int oflags,
|
|
|
|
|
register_t *retval)
|
1999-06-30 02:18:47 +04:00
|
|
|
{
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
1999-07-01 22:58:16 +04:00
|
|
|
struct vnode *vp = NULL;
|
2006-07-24 02:06:03 +04:00
|
|
|
kauth_cred_t cred = l->l_cred;
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *nfp;
|
1999-06-30 02:18:47 +04:00
|
|
|
int type, indx, error=0;
|
|
|
|
|
struct flock lf;
|
|
|
|
|
struct vattr va;
|
2006-07-14 19:59:29 +04:00
|
|
|
fhandle_t *fh;
|
2006-08-04 20:29:51 +04:00
|
|
|
int flags;
|
2008-03-22 00:54:58 +03:00
|
|
|
proc_t *p;
|
|
|
|
|
|
|
|
|
|
p = curproc;
|
1999-06-30 02:18:47 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Must be super user
|
|
|
|
|
*/
|
2006-09-12 11:51:29 +04:00
|
|
|
if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FILEHANDLE,
|
2006-09-13 14:07:42 +04:00
|
|
|
0, NULL, NULL, NULL)))
|
1999-06-30 02:18:47 +04:00
|
|
|
return (error);
|
|
|
|
|
|
2006-08-04 20:29:51 +04:00
|
|
|
flags = FFLAGS(oflags);
|
1999-06-30 02:18:47 +04:00
|
|
|
if ((flags & (FREAD | FWRITE)) == 0)
|
|
|
|
|
return (EINVAL);
|
|
|
|
|
if ((flags & O_CREAT))
|
|
|
|
|
return (EINVAL);
|
2008-03-22 00:54:58 +03:00
|
|
|
if ((error = fd_allocfile(&nfp, &indx)) != 0)
|
1999-06-30 02:18:47 +04:00
|
|
|
return (error);
|
|
|
|
|
fp = nfp;
|
2006-08-04 20:29:51 +04:00
|
|
|
error = vfs_copyinfh_alloc(ufhp, fhsize, &fh);
|
2006-07-14 19:59:29 +04:00
|
|
|
if (error != 0) {
|
Apply the NFS exports list rototill patch:
- Remove all NFS related stuff from file system specific code.
- Drop the vfs_checkexp hook and generalize it in the new nfs_check_export
function, thus removing redundancy from all file systems.
- Move all NFS export-related stuff from kern/vfs_subr.c to the new
file sys/nfs/nfs_export.c. The former was becoming large and its code
is always compiled, regardless of the build options. Using the latter,
the code is only compiled in when NFSSERVER is enabled. While doing this,
also make some functions in nfs_subs.c conditional to NFSSERVER.
- Add a new command in nfssvc(2), called NFSSVC_SETEXPORTSLIST, that takes a
path and a set of export entries. At the moment it can only clear the
exports list or append entries, one by one, but it is done in a way that
allows setting the whole set of entries atomically in the future (see the
comment in mountd_set_exports_list or in doc/TODO).
- Change mountd(8) to use the nfssvc(2) system call instead of mount(2) so
that it becomes file system agnostic. In fact, all this whole thing was
done to remove a 'XXX' block from this utility!
- Change the mount*, newfs and fsck* userland utilities to not deal with NFS
exports initialization; done internally by the kernel when initializing
the NFS support for each file system.
- Implement an interface for VFS (called VFS hooks) so that several kernel
subsystems can run arbitrary code upon receipt of specific VFS events.
At the moment, this only provides support for unmount and is used to
destroy NFS exports lists from the file systems being unmounted, though it
has room for extension.
Thanks go to yamt@, chs@, thorpej@, wrstuden@ and others for their comments
and advice in the development of this patch.
2005-09-23 16:10:31 +04:00
|
|
|
goto bad;
|
|
|
|
|
}
|
2006-07-14 19:59:29 +04:00
|
|
|
error = vfs_fhtovp(fh, &vp);
|
|
|
|
|
if (error != 0) {
|
1999-07-01 22:58:16 +04:00
|
|
|
goto bad;
|
|
|
|
|
}
|
1999-06-30 02:18:47 +04:00
|
|
|
|
|
|
|
|
/* Now do an effective vn_open */
|
|
|
|
|
|
|
|
|
|
if (vp->v_type == VSOCK) {
|
|
|
|
|
error = EOPNOTSUPP;
|
|
|
|
|
goto bad;
|
|
|
|
|
}
|
2007-11-30 19:52:19 +03:00
|
|
|
error = vn_openchk(vp, cred, flags);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto bad;
|
1999-06-30 02:18:47 +04:00
|
|
|
if (flags & O_TRUNC) {
|
|
|
|
|
VOP_UNLOCK(vp, 0); /* XXX */
|
|
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); /* XXX */
|
|
|
|
|
VATTR_NULL(&va);
|
|
|
|
|
va.va_size = 0;
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VOP_SETATTR(vp, &va, cred);
|
2003-10-15 15:28:59 +04:00
|
|
|
if (error)
|
1999-06-30 02:18:47 +04:00
|
|
|
goto bad;
|
|
|
|
|
}
|
2007-11-26 22:01:26 +03:00
|
|
|
if ((error = VOP_OPEN(vp, flags, cred)) != 0)
|
1999-06-30 02:18:47 +04:00
|
|
|
goto bad;
|
2008-03-22 00:54:58 +03:00
|
|
|
if (flags & FWRITE) {
|
|
|
|
|
mutex_enter(&vp->v_interlock);
|
1999-06-30 02:18:47 +04:00
|
|
|
vp->v_writecount++;
|
2008-03-22 00:54:58 +03:00
|
|
|
mutex_exit(&vp->v_interlock);
|
|
|
|
|
}
|
1999-06-30 02:18:47 +04:00
|
|
|
|
|
|
|
|
/* done with modified vn_open, now finish what sys_open does. */
|
|
|
|
|
|
|
|
|
|
fp->f_flag = flags & FMASK;
|
|
|
|
|
fp->f_type = DTYPE_VNODE;
|
|
|
|
|
fp->f_ops = &vnops;
|
2003-03-22 02:11:19 +03:00
|
|
|
fp->f_data = vp;
|
1999-06-30 02:18:47 +04:00
|
|
|
if (flags & (O_EXLOCK | O_SHLOCK)) {
|
|
|
|
|
lf.l_whence = SEEK_SET;
|
|
|
|
|
lf.l_start = 0;
|
|
|
|
|
lf.l_len = 0;
|
|
|
|
|
if (flags & O_EXLOCK)
|
|
|
|
|
lf.l_type = F_WRLCK;
|
|
|
|
|
else
|
|
|
|
|
lf.l_type = F_RDLCK;
|
|
|
|
|
type = F_FLOCK;
|
|
|
|
|
if ((flags & FNONBLOCK) == 0)
|
|
|
|
|
type |= F_WAIT;
|
|
|
|
|
VOP_UNLOCK(vp, 0);
|
2003-03-22 02:11:19 +03:00
|
|
|
error = VOP_ADVLOCK(vp, fp, F_SETLK, &lf, type);
|
1999-06-30 02:18:47 +04:00
|
|
|
if (error) {
|
2008-03-22 00:54:58 +03:00
|
|
|
(void) vn_close(vp, fp->f_flag, fp->f_cred);
|
|
|
|
|
fd_abort(p, fp, indx);
|
1999-06-30 02:18:47 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
|
2008-03-22 00:54:58 +03:00
|
|
|
atomic_or_uint(&fp->f_flag, FHASLOCK);
|
1999-06-30 02:18:47 +04:00
|
|
|
}
|
|
|
|
|
VOP_UNLOCK(vp, 0);
|
|
|
|
|
*retval = indx;
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_affix(p, fp, indx);
|
2006-07-14 19:59:29 +04:00
|
|
|
vfs_copyinfh_free(fh);
|
1999-06-30 02:18:47 +04:00
|
|
|
return (0);
|
1999-07-01 22:58:16 +04:00
|
|
|
|
1999-06-30 02:18:47 +04:00
|
|
|
bad:
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_abort(p, fp, indx);
|
1999-07-01 22:58:16 +04:00
|
|
|
if (vp != NULL)
|
|
|
|
|
vput(vp);
|
2006-07-14 19:59:29 +04:00
|
|
|
vfs_copyinfh_free(fh);
|
1999-06-30 02:18:47 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys___fhopen40(struct lwp *l, const struct sys___fhopen40_args *uap, register_t *retval)
|
1999-06-30 02:18:47 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
2006-07-31 20:34:42 +04:00
|
|
|
syscallarg(const void *) fhp;
|
|
|
|
|
syscallarg(size_t) fh_size;
|
2006-08-04 20:29:51 +04:00
|
|
|
syscallarg(int) flags;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2006-08-04 20:29:51 +04:00
|
|
|
|
|
|
|
|
return dofhopen(l, SCARG(uap, fhp), SCARG(uap, fh_size),
|
|
|
|
|
SCARG(uap, flags), retval);
|
|
|
|
|
}
|
|
|
|
|
|
2007-03-10 19:50:01 +03:00
|
|
|
int
|
|
|
|
|
do_fhstat(struct lwp *l, const void *ufhp, size_t fhsize, struct stat *sb)
|
|
|
|
|
{
|
1999-06-30 02:18:47 +04:00
|
|
|
int error;
|
2006-07-14 19:59:29 +04:00
|
|
|
fhandle_t *fh;
|
1999-06-30 02:18:47 +04:00
|
|
|
struct vnode *vp;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Must be super user
|
|
|
|
|
*/
|
First take at security model abstraction.
- Add a few scopes to the kernel: system, network, and machdep.
- Add a few more actions/sub-actions (requests), and start using them as
opposed to the KAUTH_GENERIC_ISSUSER place-holders.
- Introduce a basic set of listeners that implement our "traditional"
security model, called "bsd44". This is the default (and only) model we
have at the moment.
- Update all relevant documentation.
- Add some code and docs to help folks who want to actually use this stuff:
* There's a sample overlay model, sitting on-top of "bsd44", for
fast experimenting with tweaking just a subset of an existing model.
This is pretty cool because it's *really* straightforward to do stuff
you had to use ugly hacks for until now...
* And of course, documentation describing how to do the above for quick
reference, including code samples.
All of these changes were tested for regressions using a Python-based
testsuite that will be (I hope) available soon via pkgsrc. Information
about the tests, and how to write new ones, can be found on:
http://kauth.linbsd.org/kauthwiki
NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the
following:
- Uses a KAUTH_GENERIC_ISSUSER kauth(9) request,
- Checks 'securelevel' directly,
- Checks a uid/gid directly.
(or if you feel you have to, contact me first)
This is still work in progress; It's far from being done, but now it'll
be a lot easier.
Relevant mailing list threads:
http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html
http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html
http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html
http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html
Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help
stablizing kauth(9).
Full credit for the regression tests, making sure these changes didn't break
anything, goes to Matt Fleming and Jaime Fournier.
Happy birthday Randi! :)
2006-09-09 00:58:56 +04:00
|
|
|
if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FILEHANDLE,
|
2006-09-13 14:07:42 +04:00
|
|
|
0, NULL, NULL, NULL)))
|
1999-06-30 02:18:47 +04:00
|
|
|
return (error);
|
|
|
|
|
|
2006-08-04 20:29:51 +04:00
|
|
|
error = vfs_copyinfh_alloc(ufhp, fhsize, &fh);
|
2007-03-10 19:50:01 +03:00
|
|
|
if (error != 0)
|
|
|
|
|
return error;
|
|
|
|
|
|
2006-07-14 19:59:29 +04:00
|
|
|
error = vfs_fhtovp(fh, &vp);
|
|
|
|
|
vfs_copyinfh_free(fh);
|
2007-03-10 19:50:01 +03:00
|
|
|
if (error != 0)
|
|
|
|
|
return error;
|
|
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
error = vn_stat(vp, sb);
|
2007-03-10 19:50:01 +03:00
|
|
|
vput(vp);
|
2006-07-14 19:59:29 +04:00
|
|
|
return error;
|
1999-06-30 02:18:47 +04:00
|
|
|
}
|
|
|
|
|
|
2006-08-04 20:29:51 +04:00
|
|
|
|
1999-06-30 02:18:47 +04:00
|
|
|
/* ARGSUSED */
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys___fhstat40(struct lwp *l, const struct sys___fhstat40_args *uap, register_t *retval)
|
1999-06-30 02:18:47 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
2006-08-04 20:29:51 +04:00
|
|
|
syscallarg(const void *) fhp;
|
2006-07-31 20:34:42 +04:00
|
|
|
syscallarg(size_t) fh_size;
|
2006-08-04 20:29:51 +04:00
|
|
|
syscallarg(struct stat *) sb;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2007-03-10 19:50:01 +03:00
|
|
|
struct stat sb;
|
|
|
|
|
int error;
|
2006-08-04 20:29:51 +04:00
|
|
|
|
2007-03-10 19:50:01 +03:00
|
|
|
error = do_fhstat(l, SCARG(uap, fhp), SCARG(uap, fh_size), &sb);
|
|
|
|
|
if (error)
|
|
|
|
|
return error;
|
|
|
|
|
return copyout(&sb, SCARG(uap, sb), sizeof(sb));
|
2006-08-04 20:29:51 +04:00
|
|
|
}
|
|
|
|
|
|
2007-03-10 19:50:01 +03:00
|
|
|
int
|
|
|
|
|
do_fhstatvfs(struct lwp *l, const void *ufhp, size_t fhsize, struct statvfs *sb,
|
|
|
|
|
int flags)
|
|
|
|
|
{
|
2006-07-14 19:59:29 +04:00
|
|
|
fhandle_t *fh;
|
1999-06-30 02:18:47 +04:00
|
|
|
struct mount *mp;
|
|
|
|
|
struct vnode *vp;
|
|
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Must be super user
|
|
|
|
|
*/
|
First take at security model abstraction.
- Add a few scopes to the kernel: system, network, and machdep.
- Add a few more actions/sub-actions (requests), and start using them as
opposed to the KAUTH_GENERIC_ISSUSER place-holders.
- Introduce a basic set of listeners that implement our "traditional"
security model, called "bsd44". This is the default (and only) model we
have at the moment.
- Update all relevant documentation.
- Add some code and docs to help folks who want to actually use this stuff:
* There's a sample overlay model, sitting on-top of "bsd44", for
fast experimenting with tweaking just a subset of an existing model.
This is pretty cool because it's *really* straightforward to do stuff
you had to use ugly hacks for until now...
* And of course, documentation describing how to do the above for quick
reference, including code samples.
All of these changes were tested for regressions using a Python-based
testsuite that will be (I hope) available soon via pkgsrc. Information
about the tests, and how to write new ones, can be found on:
http://kauth.linbsd.org/kauthwiki
NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the
following:
- Uses a KAUTH_GENERIC_ISSUSER kauth(9) request,
- Checks 'securelevel' directly,
- Checks a uid/gid directly.
(or if you feel you have to, contact me first)
This is still work in progress; It's far from being done, but now it'll
be a lot easier.
Relevant mailing list threads:
http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html
http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html
http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html
http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html
Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help
stablizing kauth(9).
Full credit for the regression tests, making sure these changes didn't break
anything, goes to Matt Fleming and Jaime Fournier.
Happy birthday Randi! :)
2006-09-09 00:58:56 +04:00
|
|
|
if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FILEHANDLE,
|
2006-09-13 14:07:42 +04:00
|
|
|
0, NULL, NULL, NULL)))
|
2004-04-21 05:05:31 +04:00
|
|
|
return error;
|
1999-06-30 02:18:47 +04:00
|
|
|
|
2006-08-04 20:29:51 +04:00
|
|
|
error = vfs_copyinfh_alloc(ufhp, fhsize, &fh);
|
2007-03-10 19:50:01 +03:00
|
|
|
if (error != 0)
|
|
|
|
|
return error;
|
|
|
|
|
|
2006-07-14 19:59:29 +04:00
|
|
|
error = vfs_fhtovp(fh, &vp);
|
2007-03-10 19:50:01 +03:00
|
|
|
vfs_copyinfh_free(fh);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
return error;
|
|
|
|
|
|
1999-06-30 02:18:47 +04:00
|
|
|
mp = vp->v_mount;
|
2007-03-10 19:50:01 +03:00
|
|
|
error = dostatvfs(mp, sb, l, flags, 1);
|
1999-06-30 02:18:47 +04:00
|
|
|
vput(vp);
|
2006-05-10 15:02:29 +04:00
|
|
|
return error;
|
1999-06-30 02:18:47 +04:00
|
|
|
}
|
|
|
|
|
|
2006-08-04 20:29:51 +04:00
|
|
|
/* ARGSUSED */
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys___fhstatvfs140(struct lwp *l, const struct sys___fhstatvfs140_args *uap, register_t *retval)
|
2006-08-04 20:29:51 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
2006-08-04 21:07:32 +04:00
|
|
|
syscallarg(const void *) fhp;
|
2006-08-04 20:29:51 +04:00
|
|
|
syscallarg(size_t) fh_size;
|
|
|
|
|
syscallarg(struct statvfs *) buf;
|
|
|
|
|
syscallarg(int) flags;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2007-03-10 19:50:01 +03:00
|
|
|
struct statvfs *sb = STATVFSBUF_GET();
|
|
|
|
|
int error;
|
2006-08-04 20:29:51 +04:00
|
|
|
|
2007-03-10 19:50:01 +03:00
|
|
|
error = do_fhstatvfs(l, SCARG(uap, fhp), SCARG(uap, fh_size), sb,
|
|
|
|
|
SCARG(uap, flags));
|
|
|
|
|
if (error == 0)
|
|
|
|
|
error = copyout(sb, SCARG(uap, buf), sizeof(*sb));
|
|
|
|
|
STATVFSBUF_PUT(sb);
|
|
|
|
|
return error;
|
2006-08-04 20:29:51 +04:00
|
|
|
}
|
|
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/*
|
|
|
|
|
* Create a special file.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_mknod(struct lwp *l, const struct sys_mknod_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(int) mode;
|
|
|
|
|
syscallarg(int) dev;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2003-01-18 13:06:22 +03:00
|
|
|
struct proc *p = l->l_proc;
|
2000-03-30 13:27:11 +04:00
|
|
|
struct vnode *vp;
|
1994-06-29 10:29:24 +04:00
|
|
|
struct vattr vattr;
|
2007-02-18 22:57:29 +03:00
|
|
|
int error, optype;
|
1994-06-29 10:29:24 +04:00
|
|
|
struct nameidata nd;
|
2007-05-20 02:11:22 +04:00
|
|
|
char *path;
|
|
|
|
|
const char *cpath;
|
|
|
|
|
enum uio_seg seg = UIO_USERSPACE;
|
1994-06-29 10:29:24 +04:00
|
|
|
|
First take at security model abstraction.
- Add a few scopes to the kernel: system, network, and machdep.
- Add a few more actions/sub-actions (requests), and start using them as
opposed to the KAUTH_GENERIC_ISSUSER place-holders.
- Introduce a basic set of listeners that implement our "traditional"
security model, called "bsd44". This is the default (and only) model we
have at the moment.
- Update all relevant documentation.
- Add some code and docs to help folks who want to actually use this stuff:
* There's a sample overlay model, sitting on-top of "bsd44", for
fast experimenting with tweaking just a subset of an existing model.
This is pretty cool because it's *really* straightforward to do stuff
you had to use ugly hacks for until now...
* And of course, documentation describing how to do the above for quick
reference, including code samples.
All of these changes were tested for regressions using a Python-based
testsuite that will be (I hope) available soon via pkgsrc. Information
about the tests, and how to write new ones, can be found on:
http://kauth.linbsd.org/kauthwiki
NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the
following:
- Uses a KAUTH_GENERIC_ISSUSER kauth(9) request,
- Checks 'securelevel' directly,
- Checks a uid/gid directly.
(or if you feel you have to, contact me first)
This is still work in progress; It's far from being done, but now it'll
be a lot easier.
Relevant mailing list threads:
http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html
http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html
http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html
http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html
Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help
stablizing kauth(9).
Full credit for the regression tests, making sure these changes didn't break
anything, goes to Matt Fleming and Jaime Fournier.
Happy birthday Randi! :)
2006-09-09 00:58:56 +04:00
|
|
|
if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MKNOD,
|
|
|
|
|
0, NULL, NULL, NULL)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
2007-02-18 22:57:29 +03:00
|
|
|
|
|
|
|
|
optype = VOP_MKNOD_DESCOFFSET;
|
2007-05-20 02:11:22 +04:00
|
|
|
|
|
|
|
|
VERIEXEC_PATH_GET(SCARG(uap, path), seg, cpath, path);
|
2007-12-08 22:29:36 +03:00
|
|
|
NDINIT(&nd, CREATE, LOCKPARENT | TRYEMULROOT, seg, cpath);
|
2007-05-20 02:11:22 +04:00
|
|
|
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
2007-05-17 04:46:30 +04:00
|
|
|
goto out;
|
1994-06-29 10:29:24 +04:00
|
|
|
vp = nd.ni_vp;
|
1994-12-14 19:30:40 +03:00
|
|
|
if (vp != NULL)
|
1994-06-29 10:29:24 +04:00
|
|
|
error = EEXIST;
|
1994-12-14 19:30:40 +03:00
|
|
|
else {
|
|
|
|
|
VATTR_NULL(&vattr);
|
2007-10-08 19:12:05 +04:00
|
|
|
/* We will read cwdi->cwdi_cmask unlocked. */
|
1997-10-03 17:32:06 +04:00
|
|
|
vattr.va_mode =
|
1999-04-30 22:42:58 +04:00
|
|
|
(SCARG(uap, mode) & ALLPERMS) &~ p->p_cwdi->cwdi_cmask;
|
1994-12-14 19:30:40 +03:00
|
|
|
vattr.va_rdev = SCARG(uap, dev);
|
1994-06-29 10:29:24 +04:00
|
|
|
|
1994-12-14 19:30:40 +03:00
|
|
|
switch (SCARG(uap, mode) & S_IFMT) {
|
|
|
|
|
case S_IFMT: /* used by badsect to flag bad sectors */
|
|
|
|
|
vattr.va_type = VBAD;
|
|
|
|
|
break;
|
|
|
|
|
case S_IFCHR:
|
|
|
|
|
vattr.va_type = VCHR;
|
|
|
|
|
break;
|
|
|
|
|
case S_IFBLK:
|
|
|
|
|
vattr.va_type = VBLK;
|
|
|
|
|
break;
|
|
|
|
|
case S_IFWHT:
|
2007-02-18 22:57:29 +03:00
|
|
|
optype = VOP_WHITEOUT_DESCOFFSET;
|
|
|
|
|
break;
|
|
|
|
|
case S_IFREG:
|
2007-05-17 04:46:30 +04:00
|
|
|
#if NVERIEXEC > 0
|
|
|
|
|
error = veriexec_openchk(l, nd.ni_vp, nd.ni_dirp,
|
|
|
|
|
O_CREAT);
|
|
|
|
|
#endif /* NVERIEXEC > 0 */
|
2007-02-18 22:57:29 +03:00
|
|
|
vattr.va_type = VREG;
|
2007-02-18 23:36:36 +03:00
|
|
|
vattr.va_rdev = VNOVAL;
|
2007-02-18 22:57:29 +03:00
|
|
|
optype = VOP_CREATE_DESCOFFSET;
|
1994-12-14 19:30:40 +03:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!error) {
|
2007-02-18 22:57:29 +03:00
|
|
|
switch (optype) {
|
|
|
|
|
case VOP_WHITEOUT_DESCOFFSET:
|
1994-12-14 19:30:40 +03:00
|
|
|
error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, CREATE);
|
|
|
|
|
if (error)
|
|
|
|
|
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
|
|
|
|
|
vput(nd.ni_dvp);
|
2007-02-18 22:57:29 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case VOP_MKNOD_DESCOFFSET:
|
1994-12-14 19:30:40 +03:00
|
|
|
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp,
|
|
|
|
|
&nd.ni_cnd, &vattr);
|
2001-07-24 19:39:30 +04:00
|
|
|
if (error == 0)
|
|
|
|
|
vput(nd.ni_vp);
|
2007-02-18 22:57:29 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case VOP_CREATE_DESCOFFSET:
|
|
|
|
|
error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp,
|
|
|
|
|
&nd.ni_cnd, &vattr);
|
|
|
|
|
if (error == 0)
|
|
|
|
|
vput(nd.ni_vp);
|
|
|
|
|
break;
|
1994-12-14 19:30:40 +03:00
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
|
|
|
|
|
if (nd.ni_dvp == vp)
|
|
|
|
|
vrele(nd.ni_dvp);
|
|
|
|
|
else
|
|
|
|
|
vput(nd.ni_dvp);
|
|
|
|
|
if (vp)
|
|
|
|
|
vrele(vp);
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
2007-05-17 04:46:30 +04:00
|
|
|
out:
|
2007-05-20 02:11:22 +04:00
|
|
|
VERIEXEC_PATH_PUT(path);
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Create a named pipe.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_mkfifo(struct lwp *l, const struct sys_mkfifo_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(int) mode;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2003-01-18 13:06:22 +03:00
|
|
|
struct proc *p = l->l_proc;
|
1994-06-29 10:29:24 +04:00
|
|
|
struct vattr vattr;
|
|
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-12-08 22:29:36 +03:00
|
|
|
NDINIT(&nd, CREATE, LOCKPARENT | TRYEMULROOT, UIO_USERSPACE,
|
|
|
|
|
SCARG(uap, path));
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
if (nd.ni_vp != NULL) {
|
|
|
|
|
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
|
|
|
|
|
if (nd.ni_dvp == nd.ni_vp)
|
|
|
|
|
vrele(nd.ni_dvp);
|
|
|
|
|
else
|
|
|
|
|
vput(nd.ni_dvp);
|
|
|
|
|
vrele(nd.ni_vp);
|
|
|
|
|
return (EEXIST);
|
|
|
|
|
}
|
|
|
|
|
VATTR_NULL(&vattr);
|
|
|
|
|
vattr.va_type = VFIFO;
|
2007-10-08 19:12:05 +04:00
|
|
|
/* We will read cwdi->cwdi_cmask unlocked. */
|
1999-04-30 22:42:58 +04:00
|
|
|
vattr.va_mode = (SCARG(uap, mode) & ALLPERMS) &~ p->p_cwdi->cwdi_cmask;
|
2001-07-24 19:39:30 +04:00
|
|
|
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
|
|
|
|
|
if (error == 0)
|
|
|
|
|
vput(nd.ni_vp);
|
|
|
|
|
return (error);
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Make a hard file link.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_link(struct lwp *l, const struct sys_link_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
|
|
|
|
syscallarg(const char *) link;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2000-03-30 13:27:11 +04:00
|
|
|
struct vnode *vp;
|
1994-06-29 10:29:24 +04:00
|
|
|
struct nameidata nd;
|
|
|
|
|
int error;
|
|
|
|
|
|
2007-10-24 19:28:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
vp = nd.ni_vp;
|
2007-10-24 19:28:55 +04:00
|
|
|
NDINIT(&nd, CREATE, LOCKPARENT | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, link));
|
1996-02-09 17:45:36 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
|
|
|
|
goto out;
|
|
|
|
|
if (nd.ni_vp) {
|
|
|
|
|
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
|
|
|
|
|
if (nd.ni_dvp == nd.ni_vp)
|
|
|
|
|
vrele(nd.ni_dvp);
|
|
|
|
|
else
|
|
|
|
|
vput(nd.ni_dvp);
|
|
|
|
|
vrele(nd.ni_vp);
|
|
|
|
|
error = EEXIST;
|
|
|
|
|
goto out;
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
1996-02-09 17:45:36 +03:00
|
|
|
error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd);
|
|
|
|
|
out:
|
1994-06-29 10:29:24 +04:00
|
|
|
vrele(vp);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Make a symbolic link.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_symlink(struct lwp *l, const struct sys_symlink_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
|
|
|
|
syscallarg(const char *) link;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2003-01-18 13:06:22 +03:00
|
|
|
struct proc *p = l->l_proc;
|
1994-06-29 10:29:24 +04:00
|
|
|
struct vattr vattr;
|
|
|
|
|
char *path;
|
|
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2000-08-04 00:41:05 +04:00
|
|
|
path = PNBUF_GET();
|
1996-02-04 05:17:43 +03:00
|
|
|
error = copyinstr(SCARG(uap, path), path, MAXPATHLEN, NULL);
|
|
|
|
|
if (error)
|
1994-12-14 19:30:40 +03:00
|
|
|
goto out;
|
2007-10-24 19:28:55 +04:00
|
|
|
NDINIT(&nd, CREATE, LOCKPARENT | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, link));
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-12-14 19:30:40 +03:00
|
|
|
goto out;
|
1994-06-29 10:29:24 +04:00
|
|
|
if (nd.ni_vp) {
|
|
|
|
|
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
|
|
|
|
|
if (nd.ni_dvp == nd.ni_vp)
|
|
|
|
|
vrele(nd.ni_dvp);
|
|
|
|
|
else
|
|
|
|
|
vput(nd.ni_dvp);
|
|
|
|
|
vrele(nd.ni_vp);
|
|
|
|
|
error = EEXIST;
|
1994-12-14 19:30:40 +03:00
|
|
|
goto out;
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
|
|
|
|
VATTR_NULL(&vattr);
|
2005-08-30 13:37:41 +04:00
|
|
|
vattr.va_type = VLNK;
|
2007-10-08 19:12:05 +04:00
|
|
|
/* We will read cwdi->cwdi_cmask unlocked. */
|
1999-04-30 22:42:58 +04:00
|
|
|
vattr.va_mode = ACCESSPERMS &~ p->p_cwdi->cwdi_cmask;
|
1994-06-29 10:29:24 +04:00
|
|
|
error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, path);
|
2001-07-24 19:39:30 +04:00
|
|
|
if (error == 0)
|
|
|
|
|
vput(nd.ni_vp);
|
1994-12-14 19:30:40 +03:00
|
|
|
out:
|
2000-08-04 00:41:05 +04:00
|
|
|
PNBUF_PUT(path);
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
1994-12-14 19:30:40 +03:00
|
|
|
/*
|
|
|
|
|
* Delete a whiteout from the filesystem.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_undelete(struct lwp *l, const struct sys_undelete_args *uap, register_t *retval)
|
1994-12-14 19:30:40 +03:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1994-12-14 19:30:40 +03:00
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-10-24 19:28:55 +04:00
|
|
|
NDINIT(&nd, DELETE, LOCKPARENT | DOWHITEOUT | TRYEMULROOT,
|
2007-12-08 22:29:36 +03:00
|
|
|
UIO_USERSPACE, SCARG(uap, path));
|
1994-12-14 19:30:40 +03:00
|
|
|
error = namei(&nd);
|
|
|
|
|
if (error)
|
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
|
|
if (nd.ni_vp != NULLVP || !(nd.ni_cnd.cn_flags & ISWHITEOUT)) {
|
|
|
|
|
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
|
|
|
|
|
if (nd.ni_dvp == nd.ni_vp)
|
|
|
|
|
vrele(nd.ni_dvp);
|
|
|
|
|
else
|
|
|
|
|
vput(nd.ni_dvp);
|
|
|
|
|
if (nd.ni_vp)
|
|
|
|
|
vrele(nd.ni_vp);
|
|
|
|
|
return (EEXIST);
|
|
|
|
|
}
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, DELETE)) != 0)
|
1994-12-14 19:30:40 +03:00
|
|
|
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
|
|
|
|
|
vput(nd.ni_dvp);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/*
|
|
|
|
|
* Delete a name from the filesystem.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_unlink(struct lwp *l, const struct sys_unlink_args *uap, register_t *retval)
|
1994-06-29 10:29:24 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2007-12-24 18:04:19 +03:00
|
|
|
|
|
|
|
|
return do_sys_unlink(SCARG(uap, path), UIO_USERSPACE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
do_sys_unlink(const char *arg, enum uio_seg seg)
|
|
|
|
|
{
|
2000-03-30 13:27:11 +04:00
|
|
|
struct vnode *vp;
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
2007-12-24 18:04:19 +03:00
|
|
|
kauth_cred_t cred;
|
2007-05-20 02:11:22 +04:00
|
|
|
char *path;
|
|
|
|
|
const char *cpath;
|
Some Veriexec stuff that's been rotting in my tree for months.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 23:47:43 +04:00
|
|
|
|
2007-12-24 18:04:19 +03:00
|
|
|
VERIEXEC_PATH_GET(arg, seg, cpath, path);
|
2007-12-08 22:29:36 +03:00
|
|
|
NDINIT(&nd, DELETE, LOCKPARENT | LOCKLEAF | TRYEMULROOT, seg, cpath);
|
Some Veriexec stuff that's been rotting in my tree for months.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 23:47:43 +04:00
|
|
|
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
Some Veriexec stuff that's been rotting in my tree for months.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 23:47:43 +04:00
|
|
|
goto out;
|
1994-06-29 10:29:24 +04:00
|
|
|
vp = nd.ni_vp;
|
|
|
|
|
|
1996-02-09 17:45:36 +03:00
|
|
|
/*
|
|
|
|
|
* The root of a mounted filesystem cannot be deleted.
|
|
|
|
|
*/
|
2007-10-11 00:42:20 +04:00
|
|
|
if (vp->v_vflag & VV_ROOT) {
|
1994-12-14 19:30:40 +03:00
|
|
|
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
|
|
|
|
|
if (nd.ni_dvp == vp)
|
|
|
|
|
vrele(nd.ni_dvp);
|
|
|
|
|
else
|
|
|
|
|
vput(nd.ni_dvp);
|
1996-02-09 17:45:36 +03:00
|
|
|
vput(vp);
|
|
|
|
|
error = EBUSY;
|
|
|
|
|
goto out;
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
2005-04-20 17:44:45 +04:00
|
|
|
|
2006-07-22 14:34:26 +04:00
|
|
|
#if NVERIEXEC > 0
|
2005-06-17 21:46:18 +04:00
|
|
|
/* Handle remove requests for veriexec entries. */
|
2007-12-24 18:04:19 +03:00
|
|
|
if ((error = veriexec_removechk(curlwp, nd.ni_vp, nd.ni_dirp)) != 0) {
|
2005-04-20 17:44:45 +04:00
|
|
|
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
|
|
|
|
|
if (nd.ni_dvp == vp)
|
|
|
|
|
vrele(nd.ni_dvp);
|
|
|
|
|
else
|
|
|
|
|
vput(nd.ni_dvp);
|
|
|
|
|
vput(vp);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2006-07-22 14:34:26 +04:00
|
|
|
#endif /* NVERIEXEC > 0 */
|
|
|
|
|
|
2007-12-24 18:04:19 +03:00
|
|
|
cred = kauth_cred_get();
|
okay, since there was no way to divide this to two commits, here it goes..
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.
this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.
as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.
also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.
tons of input from yamt@, wrstuden@, martin@, and christos@.
2006-07-14 22:41:40 +04:00
|
|
|
#ifdef FILEASSOC
|
2006-11-22 02:52:41 +03:00
|
|
|
(void)fileassoc_file_delete(vp);
|
okay, since there was no way to divide this to two commits, here it goes..
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.
this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.
as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.
also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.
tons of input from yamt@, wrstuden@, martin@, and christos@.
2006-07-14 22:41:40 +04:00
|
|
|
#endif /* FILEASSOC */
|
2006-07-17 23:05:36 +04:00
|
|
|
error = VOP_REMOVE(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
|
1996-02-09 17:45:36 +03:00
|
|
|
out:
|
2007-05-20 02:11:22 +04:00
|
|
|
VERIEXEC_PATH_PUT(path);
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Reposition read/write file offset.
|
|
|
|
|
*/
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_lseek(struct lwp *l, const struct sys_lseek_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(int) fd;
|
|
|
|
|
syscallarg(int) pad;
|
|
|
|
|
syscallarg(off_t) offset;
|
|
|
|
|
syscallarg(int) whence;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2006-07-24 02:06:03 +04:00
|
|
|
kauth_cred_t cred = l->l_cred;
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
1997-04-12 02:03:58 +04:00
|
|
|
struct vnode *vp;
|
1994-06-29 10:29:24 +04:00
|
|
|
struct vattr vattr;
|
2000-03-30 13:27:11 +04:00
|
|
|
off_t newoff;
|
2008-03-22 00:54:58 +03:00
|
|
|
int error, fd;
|
1994-06-29 10:29:24 +04:00
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
fd = SCARG(uap, fd);
|
|
|
|
|
|
|
|
|
|
if ((fp = fd_getfile(fd)) == NULL)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (EBADF);
|
1997-04-12 02:03:58 +04:00
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
vp = fp->f_data;
|
1999-05-06 00:01:01 +04:00
|
|
|
if (fp->f_type != DTYPE_VNODE || vp->v_type == VFIFO) {
|
|
|
|
|
error = ESPIPE;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
1997-04-12 02:03:58 +04:00
|
|
|
|
1994-10-20 07:22:35 +03:00
|
|
|
switch (SCARG(uap, whence)) {
|
1997-08-25 23:31:43 +04:00
|
|
|
case SEEK_CUR:
|
1997-04-12 02:03:58 +04:00
|
|
|
newoff = fp->f_offset + SCARG(uap, offset);
|
1994-06-29 10:29:24 +04:00
|
|
|
break;
|
1997-08-25 23:31:43 +04:00
|
|
|
case SEEK_END:
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VOP_GETATTR(vp, &vattr, cred);
|
2007-10-08 19:12:05 +04:00
|
|
|
if (error) {
|
1999-05-06 00:01:01 +04:00
|
|
|
goto out;
|
2007-10-08 19:12:05 +04:00
|
|
|
}
|
1997-04-12 02:03:58 +04:00
|
|
|
newoff = SCARG(uap, offset) + vattr.va_size;
|
1994-06-29 10:29:24 +04:00
|
|
|
break;
|
1997-08-25 23:31:43 +04:00
|
|
|
case SEEK_SET:
|
1997-04-12 02:03:58 +04:00
|
|
|
newoff = SCARG(uap, offset);
|
1994-06-29 10:29:24 +04:00
|
|
|
break;
|
|
|
|
|
default:
|
1999-05-06 00:01:01 +04:00
|
|
|
error = EINVAL;
|
|
|
|
|
goto out;
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
2007-10-08 19:12:05 +04:00
|
|
|
if ((error = VOP_SEEK(vp, fp->f_offset, newoff, cred)) == 0) {
|
|
|
|
|
*(off_t *)retval = fp->f_offset = newoff;
|
|
|
|
|
}
|
|
|
|
|
out:
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_putfile(fd);
|
1999-05-06 00:01:01 +04:00
|
|
|
return (error);
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
|
|
|
|
|
1998-06-30 23:36:24 +04:00
|
|
|
/*
|
|
|
|
|
* Positional read system call.
|
|
|
|
|
*/
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_pread(struct lwp *l, const struct sys_pread_args *uap, register_t *retval)
|
1998-06-30 23:36:24 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1998-06-30 23:36:24 +04:00
|
|
|
syscallarg(int) fd;
|
|
|
|
|
syscallarg(void *) buf;
|
|
|
|
|
syscallarg(size_t) nbyte;
|
|
|
|
|
syscallarg(off_t) offset;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
1998-06-30 23:36:24 +04:00
|
|
|
struct vnode *vp;
|
|
|
|
|
off_t offset;
|
|
|
|
|
int error, fd = SCARG(uap, fd);
|
|
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
if ((fp = fd_getfile(fd)) == NULL)
|
2001-06-15 00:32:41 +04:00
|
|
|
return (EBADF);
|
|
|
|
|
|
2003-02-23 17:37:32 +03:00
|
|
|
if ((fp->f_flag & FREAD) == 0) {
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_putfile(fd);
|
1998-06-30 23:36:24 +04:00
|
|
|
return (EBADF);
|
2003-02-23 17:37:32 +03:00
|
|
|
}
|
1998-06-30 23:36:24 +04:00
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
vp = fp->f_data;
|
1999-05-06 00:01:01 +04:00
|
|
|
if (fp->f_type != DTYPE_VNODE || vp->v_type == VFIFO) {
|
|
|
|
|
error = ESPIPE;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
1998-06-30 23:36:24 +04:00
|
|
|
|
|
|
|
|
offset = SCARG(uap, offset);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* XXX This works because no file systems actually
|
|
|
|
|
* XXX take any action on the seek operation.
|
|
|
|
|
*/
|
|
|
|
|
if ((error = VOP_SEEK(vp, fp->f_offset, offset, fp->f_cred)) != 0)
|
1999-05-06 00:01:01 +04:00
|
|
|
goto out;
|
1998-06-30 23:36:24 +04:00
|
|
|
|
1999-05-06 00:01:01 +04:00
|
|
|
/* dofileread() will unuse the descriptor for us */
|
2007-10-08 19:12:05 +04:00
|
|
|
return (dofileread(fd, fp, SCARG(uap, buf), SCARG(uap, nbyte),
|
1998-06-30 23:36:24 +04:00
|
|
|
&offset, 0, retval));
|
1999-05-06 00:01:01 +04:00
|
|
|
|
|
|
|
|
out:
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_putfile(fd);
|
1999-05-06 00:01:01 +04:00
|
|
|
return (error);
|
1998-06-30 23:36:24 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Positional scatter read system call.
|
|
|
|
|
*/
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_preadv(struct lwp *l, const struct sys_preadv_args *uap, register_t *retval)
|
1998-06-30 23:36:24 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1998-06-30 23:36:24 +04:00
|
|
|
syscallarg(int) fd;
|
|
|
|
|
syscallarg(const struct iovec *) iovp;
|
|
|
|
|
syscallarg(int) iovcnt;
|
|
|
|
|
syscallarg(off_t) offset;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
|
|
|
|
off_t offset = SCARG(uap, offset);
|
1998-06-30 23:36:24 +04:00
|
|
|
|
2007-10-08 19:12:05 +04:00
|
|
|
return do_filereadv(SCARG(uap, fd), SCARG(uap, iovp),
|
2007-12-21 02:02:38 +03:00
|
|
|
SCARG(uap, iovcnt), &offset, 0, retval);
|
1998-06-30 23:36:24 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Positional write system call.
|
|
|
|
|
*/
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_pwrite(struct lwp *l, const struct sys_pwrite_args *uap, register_t *retval)
|
1998-06-30 23:36:24 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1998-06-30 23:36:24 +04:00
|
|
|
syscallarg(int) fd;
|
|
|
|
|
syscallarg(const void *) buf;
|
|
|
|
|
syscallarg(size_t) nbyte;
|
|
|
|
|
syscallarg(off_t) offset;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
1998-06-30 23:36:24 +04:00
|
|
|
struct vnode *vp;
|
|
|
|
|
off_t offset;
|
|
|
|
|
int error, fd = SCARG(uap, fd);
|
|
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
if ((fp = fd_getfile(fd)) == NULL)
|
2001-06-15 00:32:41 +04:00
|
|
|
return (EBADF);
|
|
|
|
|
|
2003-02-23 17:37:32 +03:00
|
|
|
if ((fp->f_flag & FWRITE) == 0) {
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_putfile(fd);
|
1998-06-30 23:36:24 +04:00
|
|
|
return (EBADF);
|
2003-02-23 17:37:32 +03:00
|
|
|
}
|
1998-06-30 23:36:24 +04:00
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
vp = fp->f_data;
|
1999-05-06 00:01:01 +04:00
|
|
|
if (fp->f_type != DTYPE_VNODE || vp->v_type == VFIFO) {
|
|
|
|
|
error = ESPIPE;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
1998-06-30 23:36:24 +04:00
|
|
|
|
|
|
|
|
offset = SCARG(uap, offset);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* XXX This works because no file systems actually
|
|
|
|
|
* XXX take any action on the seek operation.
|
|
|
|
|
*/
|
|
|
|
|
if ((error = VOP_SEEK(vp, fp->f_offset, offset, fp->f_cred)) != 0)
|
1999-05-06 00:01:01 +04:00
|
|
|
goto out;
|
1998-06-30 23:36:24 +04:00
|
|
|
|
1999-05-06 00:01:01 +04:00
|
|
|
/* dofilewrite() will unuse the descriptor for us */
|
2007-10-08 19:12:05 +04:00
|
|
|
return (dofilewrite(fd, fp, SCARG(uap, buf), SCARG(uap, nbyte),
|
1998-06-30 23:36:24 +04:00
|
|
|
&offset, 0, retval));
|
1999-05-06 00:01:01 +04:00
|
|
|
|
|
|
|
|
out:
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_putfile(fd);
|
1999-05-06 00:01:01 +04:00
|
|
|
return (error);
|
1998-06-30 23:36:24 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Positional gather write system call.
|
|
|
|
|
*/
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_pwritev(struct lwp *l, const struct sys_pwritev_args *uap, register_t *retval)
|
1998-06-30 23:36:24 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1998-06-30 23:36:24 +04:00
|
|
|
syscallarg(int) fd;
|
|
|
|
|
syscallarg(const struct iovec *) iovp;
|
|
|
|
|
syscallarg(int) iovcnt;
|
|
|
|
|
syscallarg(off_t) offset;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
|
|
|
|
off_t offset = SCARG(uap, offset);
|
1998-06-30 23:36:24 +04:00
|
|
|
|
2007-10-08 19:12:05 +04:00
|
|
|
return do_filewritev(SCARG(uap, fd), SCARG(uap, iovp),
|
2007-12-21 02:02:38 +03:00
|
|
|
SCARG(uap, iovcnt), &offset, 0, retval);
|
1998-06-30 23:36:24 +04:00
|
|
|
}
|
|
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/*
|
|
|
|
|
* Check access permissions.
|
|
|
|
|
*/
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_access(struct lwp *l, const struct sys_access_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(int) flags;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2006-05-15 01:15:11 +04:00
|
|
|
kauth_cred_t cred;
|
2000-03-30 13:27:11 +04:00
|
|
|
struct vnode *vp;
|
2001-09-08 06:05:39 +04:00
|
|
|
int error, flags;
|
1994-06-29 10:29:24 +04:00
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2006-07-24 02:06:03 +04:00
|
|
|
cred = kauth_cred_dup(l->l_cred);
|
|
|
|
|
kauth_cred_seteuid(cred, kauth_cred_getuid(l->l_cred));
|
|
|
|
|
kauth_cred_setegid(cred, kauth_cred_getgid(l->l_cred));
|
2007-04-22 12:29:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
2001-09-08 06:05:39 +04:00
|
|
|
/* Override default credentials */
|
|
|
|
|
nd.ni_cnd.cn_cred = cred;
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
2001-09-08 06:05:39 +04:00
|
|
|
goto out;
|
1994-06-29 10:29:24 +04:00
|
|
|
vp = nd.ni_vp;
|
|
|
|
|
|
|
|
|
|
/* Flags == 0 means only check for existence. */
|
1994-10-20 07:22:35 +03:00
|
|
|
if (SCARG(uap, flags)) {
|
1994-06-29 10:29:24 +04:00
|
|
|
flags = 0;
|
1994-10-20 07:22:35 +03:00
|
|
|
if (SCARG(uap, flags) & R_OK)
|
1994-06-29 10:29:24 +04:00
|
|
|
flags |= VREAD;
|
1994-10-20 07:22:35 +03:00
|
|
|
if (SCARG(uap, flags) & W_OK)
|
1994-06-29 10:29:24 +04:00
|
|
|
flags |= VWRITE;
|
1997-05-08 20:19:43 +04:00
|
|
|
if (SCARG(uap, flags) & X_OK)
|
|
|
|
|
flags |= VEXEC;
|
1999-06-30 14:00:06 +04:00
|
|
|
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VOP_ACCESS(vp, flags, cred);
|
1999-06-30 14:00:06 +04:00
|
|
|
if (!error && (flags & VWRITE))
|
|
|
|
|
error = vn_writechk(vp);
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
|
|
|
|
vput(vp);
|
2001-09-08 06:05:39 +04:00
|
|
|
out:
|
2006-05-15 01:15:11 +04:00
|
|
|
kauth_cred_free(cred);
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
2007-03-10 19:50:01 +03:00
|
|
|
/*
|
|
|
|
|
* Common code for all sys_stat functions, including compat versions.
|
|
|
|
|
*/
|
|
|
|
|
int
|
2008-03-22 00:54:58 +03:00
|
|
|
do_sys_stat(const char *path, unsigned int nd_flags, struct stat *sb)
|
2007-03-10 19:50:01 +03:00
|
|
|
{
|
|
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-10-24 19:28:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, nd_flags | LOCKLEAF | TRYEMULROOT,
|
2007-12-08 22:29:36 +03:00
|
|
|
UIO_USERSPACE, path);
|
2007-03-10 19:50:01 +03:00
|
|
|
error = namei(&nd);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
return error;
|
2008-03-22 00:54:58 +03:00
|
|
|
error = vn_stat(nd.ni_vp, sb);
|
2007-03-10 19:50:01 +03:00
|
|
|
vput(nd.ni_vp);
|
|
|
|
|
return error;
|
|
|
|
|
}
|
|
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/*
|
|
|
|
|
* Get file status; this version follows links.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys___stat30(struct lwp *l, const struct sys___stat30_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(struct stat *) ub;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1994-06-29 10:29:24 +04:00
|
|
|
struct stat sb;
|
|
|
|
|
int error;
|
|
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
error = do_sys_stat(SCARG(uap, path), FOLLOW, &sb);
|
1994-06-29 10:29:24 +04:00
|
|
|
if (error)
|
2007-03-10 19:50:01 +03:00
|
|
|
return error;
|
|
|
|
|
return copyout(&sb, SCARG(uap, ub), sizeof(sb));
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get file status; this version does not follow links.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys___lstat30(struct lwp *l, const struct sys___lstat30_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(struct stat *) ub;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1996-02-08 05:54:20 +03:00
|
|
|
struct stat sb;
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
|
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
error = do_sys_stat(SCARG(uap, path), NOFOLLOW, &sb);
|
1996-02-07 19:55:56 +03:00
|
|
|
if (error)
|
2007-03-10 19:50:01 +03:00
|
|
|
return error;
|
|
|
|
|
return copyout(&sb, SCARG(uap, ub), sizeof(sb));
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get configurable pathname variables.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_pathconf(struct lwp *l, const struct sys_pathconf_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(int) name;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-04-22 12:29:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
1994-10-20 07:22:35 +03:00
|
|
|
error = VOP_PATHCONF(nd.ni_vp, SCARG(uap, name), retval);
|
1994-06-29 10:29:24 +04:00
|
|
|
vput(nd.ni_vp);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Return target name of a symbolic link.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_readlink(struct lwp *l, const struct sys_readlink_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(char *) buf;
|
1998-03-27 16:02:20 +03:00
|
|
|
syscallarg(size_t) count;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2000-03-30 13:27:11 +04:00
|
|
|
struct vnode *vp;
|
1994-06-29 10:29:24 +04:00
|
|
|
struct iovec aiov;
|
|
|
|
|
struct uio auio;
|
|
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-04-22 12:29:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
vp = nd.ni_vp;
|
|
|
|
|
if (vp->v_type != VLNK)
|
|
|
|
|
error = EINVAL;
|
1997-10-31 01:47:06 +03:00
|
|
|
else if (!(vp->v_mount->mnt_flag & MNT_SYMPERM) ||
|
2007-11-26 22:01:26 +03:00
|
|
|
(error = VOP_ACCESS(vp, VREAD, l->l_cred)) == 0) {
|
1994-10-20 07:22:35 +03:00
|
|
|
aiov.iov_base = SCARG(uap, buf);
|
|
|
|
|
aiov.iov_len = SCARG(uap, count);
|
1994-06-29 10:29:24 +04:00
|
|
|
auio.uio_iov = &aiov;
|
|
|
|
|
auio.uio_iovcnt = 1;
|
|
|
|
|
auio.uio_offset = 0;
|
|
|
|
|
auio.uio_rw = UIO_READ;
|
2006-03-01 15:38:10 +03:00
|
|
|
KASSERT(l == curlwp);
|
|
|
|
|
auio.uio_vmspace = l->l_proc->p_vmspace;
|
1994-10-20 07:22:35 +03:00
|
|
|
auio.uio_resid = SCARG(uap, count);
|
2006-07-24 02:06:03 +04:00
|
|
|
error = VOP_READLINK(vp, &auio, l->l_cred);
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
|
|
|
|
vput(vp);
|
1994-10-20 07:22:35 +03:00
|
|
|
*retval = SCARG(uap, count) - auio.uio_resid;
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Change flags of a file given a path name.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_chflags(struct lwp *l, const struct sys_chflags_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
|
|
|
|
syscallarg(u_long) flags;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2000-03-30 13:27:11 +04:00
|
|
|
struct vnode *vp;
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-10-24 19:28:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
vp = nd.ni_vp;
|
2005-12-11 15:16:03 +03:00
|
|
|
error = change_flags(vp, SCARG(uap, flags), l);
|
1994-06-29 10:29:24 +04:00
|
|
|
vput(vp);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Change flags of a file given a file descriptor.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_fchflags(struct lwp *l, const struct sys_fchflags_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(int) fd;
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(u_long) flags;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1994-06-29 10:29:24 +04:00
|
|
|
struct vnode *vp;
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
|
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
/* fd_getvnode() will use the descriptor for us */
|
|
|
|
|
if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
2008-03-22 00:54:58 +03:00
|
|
|
vp = fp->f_data;
|
2005-12-11 15:16:03 +03:00
|
|
|
error = change_flags(vp, SCARG(uap, flags), l);
|
1998-03-01 05:20:01 +03:00
|
|
|
VOP_UNLOCK(vp, 0);
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_putfile(SCARG(uap, fd));
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
2000-04-17 18:31:21 +04:00
|
|
|
/*
|
2000-09-28 10:43:20 +04:00
|
|
|
* Change flags of a file given a path name; this version does
|
2000-04-17 18:31:21 +04:00
|
|
|
* not follow links.
|
|
|
|
|
*/
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_lchflags(struct lwp *l, const struct sys_lchflags_args *uap, register_t *retval)
|
2000-04-17 18:31:21 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
2000-04-17 18:31:21 +04:00
|
|
|
syscallarg(const char *) path;
|
|
|
|
|
syscallarg(u_long) flags;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2000-09-28 10:43:20 +04:00
|
|
|
struct vnode *vp;
|
2000-04-17 18:31:21 +04:00
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-10-24 19:28:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, NOFOLLOW | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
2000-04-17 18:31:21 +04:00
|
|
|
if ((error = namei(&nd)) != 0)
|
|
|
|
|
return (error);
|
|
|
|
|
vp = nd.ni_vp;
|
2005-12-11 15:16:03 +03:00
|
|
|
error = change_flags(vp, SCARG(uap, flags), l);
|
2000-09-28 10:43:20 +04:00
|
|
|
vput(vp);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Common routine to change flags of a file.
|
|
|
|
|
*/
|
|
|
|
|
int
|
2005-12-11 15:16:03 +03:00
|
|
|
change_flags(struct vnode *vp, u_long flags, struct lwp *l)
|
2000-09-28 10:43:20 +04:00
|
|
|
{
|
|
|
|
|
struct vattr vattr;
|
|
|
|
|
int error;
|
|
|
|
|
|
2000-04-17 18:31:21 +04:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
|
2000-09-28 10:43:20 +04:00
|
|
|
/*
|
|
|
|
|
* Non-superusers cannot change the flags on devices, even if they
|
|
|
|
|
* own them.
|
|
|
|
|
*/
|
2007-01-04 19:55:29 +03:00
|
|
|
if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, NULL)) {
|
2007-11-26 22:01:26 +03:00
|
|
|
if ((error = VOP_GETATTR(vp, &vattr, l->l_cred)) != 0)
|
2000-04-17 18:31:21 +04:00
|
|
|
goto out;
|
|
|
|
|
if (vattr.va_type == VCHR || vattr.va_type == VBLK) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
VATTR_NULL(&vattr);
|
2000-09-28 10:43:20 +04:00
|
|
|
vattr.va_flags = flags;
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VOP_SETATTR(vp, &vattr, l->l_cred);
|
2000-04-17 18:31:21 +04:00
|
|
|
out:
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/*
|
1997-10-03 18:44:26 +04:00
|
|
|
* Change mode of a file given path name; this version follows links.
|
1994-06-29 10:29:24 +04:00
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_chmod(struct lwp *l, const struct sys_chmod_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(int) mode;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-10-24 19:28:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
1997-10-03 18:14:36 +04:00
|
|
|
|
2005-12-11 15:16:03 +03:00
|
|
|
error = change_mode(nd.ni_vp, SCARG(uap, mode), l);
|
1997-10-03 18:14:36 +04:00
|
|
|
|
|
|
|
|
vrele(nd.ni_vp);
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Change mode of a file given a file descriptor.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_fchmod(struct lwp *l, const struct sys_fchmod_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(int) fd;
|
|
|
|
|
syscallarg(int) mode;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
|
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
/* fd_getvnode() will use the descriptor for us */
|
|
|
|
|
if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
2008-03-22 00:54:58 +03:00
|
|
|
error = change_mode(fp->f_data, SCARG(uap, mode), l);
|
|
|
|
|
fd_putfile(SCARG(uap, fd));
|
1999-05-06 00:01:01 +04:00
|
|
|
return (error);
|
1997-10-03 18:14:36 +04:00
|
|
|
}
|
|
|
|
|
|
1997-10-03 18:44:26 +04:00
|
|
|
/*
|
|
|
|
|
* Change mode of a file given path name; this version does not follow links.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_lchmod(struct lwp *l, const struct sys_lchmod_args *uap, register_t *retval)
|
1997-10-03 18:44:26 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1997-10-03 18:44:26 +04:00
|
|
|
syscallarg(const char *) path;
|
|
|
|
|
syscallarg(int) mode;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1997-10-03 18:44:26 +04:00
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-10-24 19:28:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, NOFOLLOW | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
1997-10-03 18:44:26 +04:00
|
|
|
if ((error = namei(&nd)) != 0)
|
|
|
|
|
return (error);
|
|
|
|
|
|
2005-12-11 15:16:03 +03:00
|
|
|
error = change_mode(nd.ni_vp, SCARG(uap, mode), l);
|
1997-10-03 18:44:26 +04:00
|
|
|
|
|
|
|
|
vrele(nd.ni_vp);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
1997-10-03 18:14:36 +04:00
|
|
|
/*
|
|
|
|
|
* Common routine to set mode given a vnode.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2005-12-11 15:16:03 +03:00
|
|
|
change_mode(struct vnode *vp, int mode, struct lwp *l)
|
1997-10-03 18:14:36 +04:00
|
|
|
{
|
|
|
|
|
struct vattr vattr;
|
|
|
|
|
int error;
|
|
|
|
|
|
1998-03-01 05:20:01 +03:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
|
|
|
|
|
VATTR_NULL(&vattr);
|
|
|
|
|
vattr.va_mode = mode & ALLPERMS;
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VOP_SETATTR(vp, &vattr, l->l_cred);
|
1998-03-01 05:20:01 +03:00
|
|
|
VOP_UNLOCK(vp, 0);
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
1997-10-03 18:44:26 +04:00
|
|
|
* Set ownership given a path name; this version follows links.
|
1994-06-29 10:29:24 +04:00
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_chown(struct lwp *l, const struct sys_chown_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
|
|
|
|
syscallarg(uid_t) uid;
|
|
|
|
|
syscallarg(gid_t) gid;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-10-24 19:28:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
1997-04-30 23:29:43 +04:00
|
|
|
|
2005-12-11 15:16:03 +03:00
|
|
|
error = change_owner(nd.ni_vp, SCARG(uap, uid), SCARG(uap, gid), l, 0);
|
1998-02-14 22:49:43 +03:00
|
|
|
|
|
|
|
|
vrele(nd.ni_vp);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Set ownership given a path name; this version follows links.
|
|
|
|
|
* Provides POSIX semantics.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys___posix_chown(struct lwp *l, const struct sys___posix_chown_args *uap, register_t *retval)
|
1998-02-14 22:49:43 +03:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1998-02-14 22:49:43 +03:00
|
|
|
syscallarg(const char *) path;
|
|
|
|
|
syscallarg(uid_t) uid;
|
|
|
|
|
syscallarg(gid_t) gid;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1998-02-14 22:49:43 +03:00
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-10-24 19:28:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
1998-02-14 22:49:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
|
|
|
|
return (error);
|
|
|
|
|
|
2005-12-11 15:16:03 +03:00
|
|
|
error = change_owner(nd.ni_vp, SCARG(uap, uid), SCARG(uap, gid), l, 1);
|
1997-04-30 23:29:43 +04:00
|
|
|
|
|
|
|
|
vrele(nd.ni_vp);
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Set ownership given a file descriptor.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_fchown(struct lwp *l, const struct sys_fchown_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(int) fd;
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(uid_t) uid;
|
|
|
|
|
syscallarg(gid_t) gid;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
1994-06-29 10:29:24 +04:00
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
/* fd_getvnode() will use the descriptor for us */
|
|
|
|
|
if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
2008-03-22 00:54:58 +03:00
|
|
|
error = change_owner(fp->f_data, SCARG(uap, uid), SCARG(uap, gid),
|
|
|
|
|
l, 0);
|
|
|
|
|
fd_putfile(SCARG(uap, fd));
|
1999-05-06 00:01:01 +04:00
|
|
|
return (error);
|
1998-02-14 22:49:43 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Set ownership given a file descriptor, providing POSIX/XPG semantics.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys___posix_fchown(struct lwp *l, const struct sys___posix_fchown_args *uap, register_t *retval)
|
1998-02-14 22:49:43 +03:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1998-02-14 22:49:43 +03:00
|
|
|
syscallarg(int) fd;
|
|
|
|
|
syscallarg(uid_t) uid;
|
|
|
|
|
syscallarg(gid_t) gid;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1998-02-14 22:49:43 +03:00
|
|
|
int error;
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
1998-02-14 22:49:43 +03:00
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
/* fd_getvnode() will use the descriptor for us */
|
|
|
|
|
if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
|
1998-02-14 22:49:43 +03:00
|
|
|
return (error);
|
2008-03-22 00:54:58 +03:00
|
|
|
error = change_owner(fp->f_data, SCARG(uap, uid), SCARG(uap, gid),
|
|
|
|
|
l, 1);
|
|
|
|
|
fd_putfile(SCARG(uap, fd));
|
1999-05-06 00:01:01 +04:00
|
|
|
return (error);
|
1997-04-30 23:29:43 +04:00
|
|
|
}
|
|
|
|
|
|
1997-10-03 18:44:26 +04:00
|
|
|
/*
|
|
|
|
|
* Set ownership given a path name; this version does not follow links.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_lchown(struct lwp *l, const struct sys_lchown_args *uap, register_t *retval)
|
1997-10-03 18:44:26 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1997-10-03 18:44:26 +04:00
|
|
|
syscallarg(const char *) path;
|
|
|
|
|
syscallarg(uid_t) uid;
|
|
|
|
|
syscallarg(gid_t) gid;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1997-10-03 18:44:26 +04:00
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-10-24 19:28:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, NOFOLLOW | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
1997-10-03 18:44:26 +04:00
|
|
|
if ((error = namei(&nd)) != 0)
|
|
|
|
|
return (error);
|
|
|
|
|
|
2005-12-11 15:16:03 +03:00
|
|
|
error = change_owner(nd.ni_vp, SCARG(uap, uid), SCARG(uap, gid), l, 0);
|
1997-10-03 18:44:26 +04:00
|
|
|
|
|
|
|
|
vrele(nd.ni_vp);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
1997-04-30 23:29:43 +04:00
|
|
|
/*
|
1998-02-14 22:49:43 +03:00
|
|
|
* Set ownership given a path name; this version does not follow links.
|
|
|
|
|
* Provides POSIX/XPG semantics.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys___posix_lchown(struct lwp *l, const struct sys___posix_lchown_args *uap, register_t *retval)
|
1998-02-14 22:49:43 +03:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1998-02-14 22:49:43 +03:00
|
|
|
syscallarg(const char *) path;
|
|
|
|
|
syscallarg(uid_t) uid;
|
|
|
|
|
syscallarg(gid_t) gid;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1998-02-14 22:49:43 +03:00
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-10-24 19:28:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, NOFOLLOW | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
1998-02-14 22:49:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
|
|
|
|
return (error);
|
|
|
|
|
|
2005-12-11 15:16:03 +03:00
|
|
|
error = change_owner(nd.ni_vp, SCARG(uap, uid), SCARG(uap, gid), l, 1);
|
1998-02-14 22:49:43 +03:00
|
|
|
|
|
|
|
|
vrele(nd.ni_vp);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2004-03-23 16:22:32 +03:00
|
|
|
* Common routine to set ownership given a vnode.
|
1997-04-30 23:29:43 +04:00
|
|
|
*/
|
|
|
|
|
static int
|
2005-12-11 15:16:03 +03:00
|
|
|
change_owner(struct vnode *vp, uid_t uid, gid_t gid, struct lwp *l,
|
2005-06-06 03:47:48 +04:00
|
|
|
int posix_semantics)
|
1997-04-30 23:29:43 +04:00
|
|
|
{
|
|
|
|
|
struct vattr vattr;
|
1998-02-14 22:49:43 +03:00
|
|
|
mode_t newmode;
|
1997-04-30 23:29:43 +04:00
|
|
|
int error;
|
|
|
|
|
|
1998-03-01 05:20:01 +03:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
|
2007-11-26 22:01:26 +03:00
|
|
|
if ((error = VOP_GETATTR(vp, &vattr, l->l_cred)) != 0)
|
1997-04-30 23:29:43 +04:00
|
|
|
goto out;
|
|
|
|
|
|
2002-08-26 05:26:29 +04:00
|
|
|
#define CHANGED(x) ((int)(x) != -1)
|
1998-02-14 22:49:43 +03:00
|
|
|
newmode = vattr.va_mode;
|
|
|
|
|
if (posix_semantics) {
|
|
|
|
|
/*
|
1998-03-10 14:49:33 +03:00
|
|
|
* POSIX/XPG semantics: if the caller is not the super-user,
|
|
|
|
|
* clear set-user-id and set-group-id bits. Both POSIX and
|
|
|
|
|
* the XPG consider the behaviour for calls by the super-user
|
|
|
|
|
* implementation-defined; we leave the set-user-id and set-
|
|
|
|
|
* group-id settings intact in that case.
|
1998-02-14 22:49:43 +03:00
|
|
|
*/
|
2006-07-24 02:06:03 +04:00
|
|
|
if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
|
2006-05-15 01:15:11 +04:00
|
|
|
NULL) != 0)
|
1998-02-14 22:49:43 +03:00
|
|
|
newmode &= ~(S_ISUID | S_ISGID);
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* NetBSD semantics: when changing owner and/or group,
|
|
|
|
|
* clear the respective bit(s).
|
|
|
|
|
*/
|
|
|
|
|
if (CHANGED(uid))
|
|
|
|
|
newmode &= ~S_ISUID;
|
|
|
|
|
if (CHANGED(gid))
|
|
|
|
|
newmode &= ~S_ISGID;
|
|
|
|
|
}
|
|
|
|
|
/* Update va_mode iff altered. */
|
|
|
|
|
if (vattr.va_mode == newmode)
|
|
|
|
|
newmode = VNOVAL;
|
2004-03-23 16:22:32 +03:00
|
|
|
|
1997-04-30 23:29:43 +04:00
|
|
|
VATTR_NULL(&vattr);
|
2002-08-26 05:26:29 +04:00
|
|
|
vattr.va_uid = CHANGED(uid) ? uid : (uid_t)VNOVAL;
|
|
|
|
|
vattr.va_gid = CHANGED(gid) ? gid : (gid_t)VNOVAL;
|
1997-04-30 23:29:43 +04:00
|
|
|
vattr.va_mode = newmode;
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VOP_SETATTR(vp, &vattr, l->l_cred);
|
1998-02-14 22:49:43 +03:00
|
|
|
#undef CHANGED
|
2004-03-23 16:22:32 +03:00
|
|
|
|
1997-04-30 23:29:43 +04:00
|
|
|
out:
|
1998-03-01 05:20:01 +03:00
|
|
|
VOP_UNLOCK(vp, 0);
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
1997-10-03 18:44:26 +04:00
|
|
|
* Set the access and modification times given a path name; this
|
|
|
|
|
* version follows links.
|
1994-06-29 10:29:24 +04:00
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_utimes(struct lwp *l, const struct sys_utimes_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
|
|
|
|
syscallarg(const struct timeval *) tptr;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1994-06-29 10:29:24 +04:00
|
|
|
|
2007-05-12 21:28:19 +04:00
|
|
|
return do_sys_utimes(l, NULL, SCARG(uap, path), FOLLOW,
|
2008-03-22 00:54:58 +03:00
|
|
|
SCARG(uap, tptr), UIO_USERSPACE);
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
|
|
|
|
|
1996-04-23 14:29:02 +04:00
|
|
|
/*
|
|
|
|
|
* Set the access and modification times given a file descriptor.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_futimes(struct lwp *l, const struct sys_futimes_args *uap, register_t *retval)
|
1996-04-23 14:29:02 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-04-23 14:29:02 +04:00
|
|
|
syscallarg(int) fd;
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const struct timeval *) tptr;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1996-04-23 14:29:02 +04:00
|
|
|
int error;
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
1996-04-23 14:29:02 +04:00
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
/* fd_getvnode() will use the descriptor for us */
|
|
|
|
|
if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
|
1997-10-03 17:46:02 +04:00
|
|
|
return (error);
|
2008-03-22 00:54:58 +03:00
|
|
|
error = do_sys_utimes(l, fp->f_data, NULL, 0, SCARG(uap, tptr),
|
|
|
|
|
UIO_USERSPACE);
|
|
|
|
|
fd_putfile(SCARG(uap, fd));
|
1999-05-06 00:01:01 +04:00
|
|
|
return (error);
|
1997-10-03 18:14:36 +04:00
|
|
|
}
|
|
|
|
|
|
1997-10-03 18:44:26 +04:00
|
|
|
/*
|
|
|
|
|
* Set the access and modification times given a path name; this
|
|
|
|
|
* version does not follow links.
|
|
|
|
|
*/
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_lutimes(struct lwp *l, const struct sys_lutimes_args *uap, register_t *retval)
|
1997-10-03 18:44:26 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1997-10-03 18:44:26 +04:00
|
|
|
syscallarg(const char *) path;
|
|
|
|
|
syscallarg(const struct timeval *) tptr;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1997-10-03 18:44:26 +04:00
|
|
|
|
2007-05-12 21:28:19 +04:00
|
|
|
return do_sys_utimes(l, NULL, SCARG(uap, path), NOFOLLOW,
|
2008-03-22 00:54:58 +03:00
|
|
|
SCARG(uap, tptr), UIO_USERSPACE);
|
1997-10-03 18:44:26 +04:00
|
|
|
}
|
|
|
|
|
|
1997-10-03 18:14:36 +04:00
|
|
|
/*
|
|
|
|
|
* Common routine to set access and modification times given a vnode.
|
|
|
|
|
*/
|
2007-05-12 21:28:19 +04:00
|
|
|
int
|
|
|
|
|
do_sys_utimes(struct lwp *l, struct vnode *vp, const char *path, int flag,
|
|
|
|
|
const struct timeval *tptr, enum uio_seg seg)
|
1997-10-03 18:14:36 +04:00
|
|
|
{
|
|
|
|
|
struct vattr vattr;
|
2007-05-12 21:28:19 +04:00
|
|
|
struct nameidata nd;
|
1997-10-03 18:14:36 +04:00
|
|
|
int error;
|
|
|
|
|
|
1996-04-23 14:29:02 +04:00
|
|
|
VATTR_NULL(&vattr);
|
1997-10-03 18:14:36 +04:00
|
|
|
if (tptr == NULL) {
|
2005-10-01 10:13:42 +04:00
|
|
|
nanotime(&vattr.va_atime);
|
|
|
|
|
vattr.va_mtime = vattr.va_atime;
|
1996-04-23 14:29:02 +04:00
|
|
|
vattr.va_vaflags |= VA_UTIMES_NULL;
|
|
|
|
|
} else {
|
2005-10-01 10:13:42 +04:00
|
|
|
struct timeval tv[2];
|
|
|
|
|
|
2007-05-12 21:28:19 +04:00
|
|
|
if (seg != UIO_SYSSPACE) {
|
|
|
|
|
error = copyin(tptr, &tv, sizeof (tv));
|
|
|
|
|
if (error != 0)
|
|
|
|
|
return error;
|
|
|
|
|
tptr = tv;
|
|
|
|
|
}
|
|
|
|
|
TIMEVAL_TO_TIMESPEC(tptr, &vattr.va_atime);
|
|
|
|
|
TIMEVAL_TO_TIMESPEC(tptr + 1, &vattr.va_mtime);
|
1996-04-23 14:29:02 +04:00
|
|
|
}
|
2007-05-12 21:28:19 +04:00
|
|
|
|
|
|
|
|
if (vp == NULL) {
|
2007-12-08 22:29:36 +03:00
|
|
|
NDINIT(&nd, LOOKUP, flag | TRYEMULROOT, UIO_USERSPACE, path);
|
2007-05-12 21:28:19 +04:00
|
|
|
if ((error = namei(&nd)) != 0)
|
|
|
|
|
return (error);
|
|
|
|
|
vp = nd.ni_vp;
|
|
|
|
|
} else
|
|
|
|
|
nd.ni_vp = NULL;
|
|
|
|
|
|
1998-03-01 05:20:01 +03:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VOP_SETATTR(vp, &vattr, l->l_cred);
|
1998-03-01 05:20:01 +03:00
|
|
|
VOP_UNLOCK(vp, 0);
|
2007-05-12 21:28:19 +04:00
|
|
|
|
|
|
|
|
if (nd.ni_vp != NULL)
|
|
|
|
|
vrele(nd.ni_vp);
|
|
|
|
|
|
1996-04-23 14:29:02 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/*
|
|
|
|
|
* Truncate a file given its path name.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_truncate(struct lwp *l, const struct sys_truncate_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(int) pad;
|
|
|
|
|
syscallarg(off_t) length;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2000-03-30 13:27:11 +04:00
|
|
|
struct vnode *vp;
|
1994-06-29 10:29:24 +04:00
|
|
|
struct vattr vattr;
|
|
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-10-24 19:28:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
vp = nd.ni_vp;
|
1998-03-01 05:20:01 +03:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
|
1994-06-29 10:29:24 +04:00
|
|
|
if (vp->v_type == VDIR)
|
|
|
|
|
error = EISDIR;
|
|
|
|
|
else if ((error = vn_writechk(vp)) == 0 &&
|
2007-11-26 22:01:26 +03:00
|
|
|
(error = VOP_ACCESS(vp, VWRITE, l->l_cred)) == 0) {
|
1994-06-29 10:29:24 +04:00
|
|
|
VATTR_NULL(&vattr);
|
1994-10-20 07:22:35 +03:00
|
|
|
vattr.va_size = SCARG(uap, length);
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VOP_SETATTR(vp, &vattr, l->l_cred);
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
|
|
|
|
vput(vp);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Truncate a file given a file descriptor.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_ftruncate(struct lwp *l, const struct sys_ftruncate_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(int) fd;
|
|
|
|
|
syscallarg(int) pad;
|
|
|
|
|
syscallarg(off_t) length;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1994-06-29 10:29:24 +04:00
|
|
|
struct vattr vattr;
|
|
|
|
|
struct vnode *vp;
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
|
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
/* fd_getvnode() will use the descriptor for us */
|
|
|
|
|
if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
1999-05-06 00:01:01 +04:00
|
|
|
if ((fp->f_flag & FWRITE) == 0) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2008-03-22 00:54:58 +03:00
|
|
|
vp = fp->f_data;
|
1998-03-01 05:20:01 +03:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
|
1994-06-29 10:29:24 +04:00
|
|
|
if (vp->v_type == VDIR)
|
|
|
|
|
error = EISDIR;
|
|
|
|
|
else if ((error = vn_writechk(vp)) == 0) {
|
|
|
|
|
VATTR_NULL(&vattr);
|
1994-10-20 07:22:35 +03:00
|
|
|
vattr.va_size = SCARG(uap, length);
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VOP_SETATTR(vp, &vattr, fp->f_cred);
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
1998-03-01 05:20:01 +03:00
|
|
|
VOP_UNLOCK(vp, 0);
|
1999-05-06 00:01:01 +04:00
|
|
|
out:
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_putfile(SCARG(uap, fd));
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Sync an open file.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_fsync(struct lwp *l, const struct sys_fsync_args *uap, register_t *retval)
|
1994-06-29 10:29:24 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1995-09-20 01:40:36 +04:00
|
|
|
syscallarg(int) fd;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2000-03-30 13:27:11 +04:00
|
|
|
struct vnode *vp;
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
|
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
/* fd_getvnode() will use the descriptor for us */
|
|
|
|
|
if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
2008-03-22 00:54:58 +03:00
|
|
|
vp = fp->f_data;
|
1998-03-01 05:20:01 +03:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VOP_FSYNC(vp, fp->f_cred, FSYNC_WAIT, 0, 0);
|
2007-09-02 03:40:21 +04:00
|
|
|
if (error == 0 && bioopsp != NULL &&
|
1999-11-15 21:49:07 +03:00
|
|
|
vp->v_mount && (vp->v_mount->mnt_flag & MNT_SOFTDEP))
|
2007-10-11 00:42:20 +04:00
|
|
|
(*bioopsp->io_fsync)(vp, 0);
|
1998-03-01 05:20:01 +03:00
|
|
|
VOP_UNLOCK(vp, 0);
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_putfile(SCARG(uap, fd));
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
2003-11-15 04:19:38 +03:00
|
|
|
/*
|
|
|
|
|
* Sync a range of file data. API modeled after that found in AIX.
|
|
|
|
|
*
|
|
|
|
|
* FDATASYNC indicates that we need only save enough metadata to be able
|
|
|
|
|
* to re-read the written data. Note we duplicate AIX's requirement that
|
|
|
|
|
* the file be open for writing.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_fsync_range(struct lwp *l, const struct sys_fsync_range_args *uap, register_t *retval)
|
2003-11-15 04:19:38 +03:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
2003-11-15 04:19:38 +03:00
|
|
|
syscallarg(int) fd;
|
|
|
|
|
syscallarg(int) flags;
|
|
|
|
|
syscallarg(off_t) start;
|
2005-07-10 18:26:02 +04:00
|
|
|
syscallarg(off_t) length;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2003-11-15 04:19:38 +03:00
|
|
|
struct vnode *vp;
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
2003-11-15 04:19:38 +03:00
|
|
|
int flags, nflags;
|
|
|
|
|
off_t s, e, len;
|
|
|
|
|
int error;
|
|
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
/* fd_getvnode() will use the descriptor for us */
|
|
|
|
|
if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
|
2003-11-15 04:19:38 +03:00
|
|
|
return (error);
|
|
|
|
|
|
|
|
|
|
if ((fp->f_flag & FWRITE) == 0) {
|
2007-01-04 02:20:58 +03:00
|
|
|
error = EBADF;
|
|
|
|
|
goto out;
|
2003-11-15 04:19:38 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
flags = SCARG(uap, flags);
|
|
|
|
|
if (((flags & (FDATASYNC | FFILESYNC)) == 0) ||
|
|
|
|
|
((~flags & (FDATASYNC | FFILESYNC)) == 0)) {
|
2007-01-04 02:20:58 +03:00
|
|
|
error = EINVAL;
|
|
|
|
|
goto out;
|
2003-11-15 04:19:38 +03:00
|
|
|
}
|
|
|
|
|
/* Now set up the flags for value(s) to pass to VOP_FSYNC() */
|
|
|
|
|
if (flags & FDATASYNC)
|
|
|
|
|
nflags = FSYNC_DATAONLY | FSYNC_WAIT;
|
|
|
|
|
else
|
|
|
|
|
nflags = FSYNC_WAIT;
|
2005-01-26 02:55:20 +03:00
|
|
|
if (flags & FDISKSYNC)
|
|
|
|
|
nflags |= FSYNC_CACHE;
|
2003-11-15 04:19:38 +03:00
|
|
|
|
|
|
|
|
len = SCARG(uap, length);
|
|
|
|
|
/* If length == 0, we do the whole file, and s = l = 0 will do that */
|
|
|
|
|
if (len) {
|
|
|
|
|
s = SCARG(uap, start);
|
|
|
|
|
e = s + len;
|
|
|
|
|
if (e < s) {
|
2007-01-04 02:20:58 +03:00
|
|
|
error = EINVAL;
|
|
|
|
|
goto out;
|
2003-11-15 04:19:38 +03:00
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
e = 0;
|
|
|
|
|
s = 0;
|
|
|
|
|
}
|
|
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
vp = fp->f_data;
|
2003-11-15 04:19:38 +03:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VOP_FSYNC(vp, fp->f_cred, nflags, s, e);
|
2003-11-15 04:19:38 +03:00
|
|
|
|
2007-09-02 03:40:21 +04:00
|
|
|
if (error == 0 && bioopsp != NULL &&
|
2003-11-15 04:19:38 +03:00
|
|
|
vp->v_mount && (vp->v_mount->mnt_flag & MNT_SOFTDEP))
|
2007-10-11 00:42:20 +04:00
|
|
|
(*bioopsp->io_fsync)(vp, nflags);
|
2003-11-15 04:19:38 +03:00
|
|
|
|
|
|
|
|
VOP_UNLOCK(vp, 0);
|
2007-01-04 02:20:58 +03:00
|
|
|
out:
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_putfile(SCARG(uap, fd));
|
2003-11-15 04:19:38 +03:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
1998-06-06 00:31:36 +04:00
|
|
|
/*
|
|
|
|
|
* Sync the data of an open file.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_fdatasync(struct lwp *l, const struct sys_fdatasync_args *uap, register_t *retval)
|
1998-06-06 00:31:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1998-06-06 00:31:36 +04:00
|
|
|
syscallarg(int) fd;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1998-06-06 00:31:36 +04:00
|
|
|
struct vnode *vp;
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
1998-06-06 00:31:36 +04:00
|
|
|
int error;
|
|
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
/* fd_getvnode() will use the descriptor for us */
|
|
|
|
|
if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
|
1998-06-06 00:31:36 +04:00
|
|
|
return (error);
|
2003-10-25 05:18:01 +04:00
|
|
|
if ((fp->f_flag & FWRITE) == 0) {
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_putfile(SCARG(uap, fd));
|
2003-10-25 05:18:01 +04:00
|
|
|
return (EBADF);
|
|
|
|
|
}
|
2008-03-22 00:54:58 +03:00
|
|
|
vp = fp->f_data;
|
1998-06-06 00:31:36 +04:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
|
2007-11-26 22:01:26 +03:00
|
|
|
error = VOP_FSYNC(vp, fp->f_cred, FSYNC_WAIT|FSYNC_DATAONLY, 0, 0);
|
1998-06-06 00:31:36 +04:00
|
|
|
VOP_UNLOCK(vp, 0);
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_putfile(SCARG(uap, fd));
|
1998-06-06 00:31:36 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/*
|
1997-05-18 23:56:48 +04:00
|
|
|
* Rename files, (standard) BSD semantics frontend.
|
1994-06-29 10:29:24 +04:00
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_rename(struct lwp *l, const struct sys_rename_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) from;
|
|
|
|
|
syscallarg(const char *) to;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1997-05-18 23:56:48 +04:00
|
|
|
|
2007-12-24 18:04:19 +03:00
|
|
|
return (do_sys_rename(SCARG(uap, from), SCARG(uap, to), UIO_USERSPACE, 0));
|
1997-05-18 23:56:48 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Rename files, POSIX semantics frontend.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
|
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys___posix_rename(struct lwp *l, const struct sys___posix_rename_args *uap, register_t *retval)
|
1997-05-18 23:56:48 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1997-05-18 23:56:48 +04:00
|
|
|
syscallarg(const char *) from;
|
|
|
|
|
syscallarg(const char *) to;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
1997-05-18 23:56:48 +04:00
|
|
|
|
2007-12-24 18:04:19 +03:00
|
|
|
return (do_sys_rename(SCARG(uap, from), SCARG(uap, to), UIO_USERSPACE, 1));
|
1997-05-18 23:56:48 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Rename files. Source and destination must either both be directories,
|
|
|
|
|
* or both not be directories. If target is a directory, it must be empty.
|
|
|
|
|
* If `from' and `to' refer to the same object, the value of the `retain'
|
|
|
|
|
* argument is used to determine whether `from' will be
|
|
|
|
|
*
|
|
|
|
|
* (retain == 0) deleted unless `from' and `to' refer to the same
|
|
|
|
|
* object in the file system's name space (BSD).
|
|
|
|
|
* (retain == 1) always retained (POSIX).
|
|
|
|
|
*/
|
2007-12-24 18:04:19 +03:00
|
|
|
int
|
|
|
|
|
do_sys_rename(const char *from, const char *to, enum uio_seg seg, int retain)
|
1997-05-18 23:56:48 +04:00
|
|
|
{
|
2000-03-30 13:27:11 +04:00
|
|
|
struct vnode *tvp, *fvp, *tdvp;
|
1994-06-29 10:29:24 +04:00
|
|
|
struct nameidata fromnd, tond;
|
2008-01-28 17:31:15 +03:00
|
|
|
struct mount *fs;
|
2007-12-24 18:04:19 +03:00
|
|
|
struct lwp *l = curlwp;
|
2005-12-11 15:16:03 +03:00
|
|
|
struct proc *p;
|
2008-01-28 17:31:15 +03:00
|
|
|
uint32_t saveflag;
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
|
|
|
|
|
2007-10-24 19:28:55 +04:00
|
|
|
NDINIT(&fromnd, DELETE, LOCKPARENT | SAVESTART | TRYEMULROOT,
|
2007-12-24 18:04:19 +03:00
|
|
|
seg, from);
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&fromnd)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
2007-01-02 01:00:16 +03:00
|
|
|
if (fromnd.ni_dvp != fromnd.ni_vp)
|
|
|
|
|
VOP_UNLOCK(fromnd.ni_dvp, 0);
|
1994-06-29 10:29:24 +04:00
|
|
|
fvp = fromnd.ni_vp;
|
2008-01-28 17:31:15 +03:00
|
|
|
|
|
|
|
|
fs = fvp->v_mount;
|
|
|
|
|
error = VFS_RENAMELOCK_ENTER(fs);
|
|
|
|
|
if (error) {
|
|
|
|
|
VOP_ABORTOP(fromnd.ni_dvp, &fromnd.ni_cnd);
|
|
|
|
|
vrele(fromnd.ni_dvp);
|
|
|
|
|
vrele(fvp);
|
|
|
|
|
goto out1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* close, partially, yet another race - ideally we should only
|
|
|
|
|
* go as far as getting fromnd.ni_dvp before getting the per-fs
|
|
|
|
|
* lock, and then continue to get fromnd.ni_vp, but we can't do
|
|
|
|
|
* that with namei as it stands.
|
|
|
|
|
*
|
|
|
|
|
* This still won't prevent rmdir from nuking fromnd.ni_vp
|
|
|
|
|
* under us. The real fix is to get the locks in the right
|
|
|
|
|
* order and do the lookups in the right places, but that's a
|
|
|
|
|
* major rototill.
|
|
|
|
|
*
|
|
|
|
|
* Preserve the SAVESTART in cn_flags, because who knows what
|
|
|
|
|
* might happen if we don't.
|
|
|
|
|
*
|
|
|
|
|
* Note: this logic (as well as this whole function) is cloned
|
|
|
|
|
* in nfs_serv.c. Proceed accordingly.
|
|
|
|
|
*/
|
|
|
|
|
vrele(fvp);
|
2008-03-28 08:02:08 +03:00
|
|
|
if ((fromnd.ni_cnd.cn_namelen == 1 &&
|
|
|
|
|
fromnd.ni_cnd.cn_nameptr[0] == '.') ||
|
|
|
|
|
(fromnd.ni_cnd.cn_namelen == 2 &&
|
|
|
|
|
fromnd.ni_cnd.cn_nameptr[0] == '.' &&
|
|
|
|
|
fromnd.ni_cnd.cn_nameptr[1] == '.')) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
VFS_RENAMELOCK_EXIT(fs);
|
|
|
|
|
VOP_ABORTOP(fromnd.ni_dvp, &fromnd.ni_cnd);
|
|
|
|
|
vrele(fromnd.ni_dvp);
|
|
|
|
|
goto out1;
|
|
|
|
|
}
|
2008-01-28 17:31:15 +03:00
|
|
|
saveflag = fromnd.ni_cnd.cn_flags & SAVESTART;
|
|
|
|
|
fromnd.ni_cnd.cn_flags &= ~SAVESTART;
|
|
|
|
|
vn_lock(fromnd.ni_dvp, LK_EXCLUSIVE | LK_RETRY);
|
|
|
|
|
error = relookup(fromnd.ni_dvp, &fromnd.ni_vp, &fromnd.ni_cnd);
|
|
|
|
|
fromnd.ni_cnd.cn_flags |= saveflag;
|
|
|
|
|
if (error) {
|
|
|
|
|
VOP_UNLOCK(fromnd.ni_dvp, 0);
|
|
|
|
|
VFS_RENAMELOCK_EXIT(fs);
|
|
|
|
|
VOP_ABORTOP(fromnd.ni_dvp, &fromnd.ni_cnd);
|
|
|
|
|
vrele(fromnd.ni_dvp);
|
|
|
|
|
goto out1;
|
|
|
|
|
}
|
|
|
|
|
VOP_UNLOCK(fromnd.ni_vp, 0);
|
|
|
|
|
if (fromnd.ni_dvp != fromnd.ni_vp)
|
|
|
|
|
VOP_UNLOCK(fromnd.ni_dvp, 0);
|
|
|
|
|
fvp = fromnd.ni_vp;
|
|
|
|
|
|
2007-10-24 19:28:55 +04:00
|
|
|
NDINIT(&tond, RENAME,
|
|
|
|
|
LOCKPARENT | LOCKLEAF | NOCACHE | SAVESTART | TRYEMULROOT
|
|
|
|
|
| (fvp->v_type == VDIR ? CREATEDIR : 0),
|
2007-12-24 18:04:19 +03:00
|
|
|
seg, to);
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&tond)) != 0) {
|
2008-01-28 17:31:15 +03:00
|
|
|
VFS_RENAMELOCK_EXIT(fs);
|
1994-06-29 10:29:24 +04:00
|
|
|
VOP_ABORTOP(fromnd.ni_dvp, &fromnd.ni_cnd);
|
|
|
|
|
vrele(fromnd.ni_dvp);
|
|
|
|
|
vrele(fvp);
|
|
|
|
|
goto out1;
|
|
|
|
|
}
|
|
|
|
|
tdvp = tond.ni_dvp;
|
|
|
|
|
tvp = tond.ni_vp;
|
1997-05-18 23:56:48 +04:00
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
if (tvp != NULL) {
|
|
|
|
|
if (fvp->v_type == VDIR && tvp->v_type != VDIR) {
|
|
|
|
|
error = ENOTDIR;
|
|
|
|
|
goto out;
|
|
|
|
|
} else if (fvp->v_type != VDIR && tvp->v_type == VDIR) {
|
|
|
|
|
error = EISDIR;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
}
|
1997-05-18 23:56:48 +04:00
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
if (fvp == tdvp)
|
|
|
|
|
error = EINVAL;
|
1997-05-18 23:56:48 +04:00
|
|
|
|
1997-04-07 04:04:16 +04:00
|
|
|
/*
|
1997-05-18 23:56:48 +04:00
|
|
|
* Source and destination refer to the same object.
|
1997-04-07 04:04:16 +04:00
|
|
|
*/
|
1997-05-18 23:56:48 +04:00
|
|
|
if (fvp == tvp) {
|
|
|
|
|
if (retain)
|
|
|
|
|
error = -1;
|
|
|
|
|
else if (fromnd.ni_dvp == tdvp &&
|
|
|
|
|
fromnd.ni_cnd.cn_namelen == tond.ni_cnd.cn_namelen &&
|
Abolition of bcopy, ovbcopy, bcmp, and bzero, phase one.
bcopy(x, y, z) -> memcpy(y, x, z)
ovbcopy(x, y, z) -> memmove(y, x, z)
bcmp(x, y, z) -> memcmp(x, y, z)
bzero(x, y) -> memset(x, 0, y)
1998-08-04 08:03:10 +04:00
|
|
|
!memcmp(fromnd.ni_cnd.cn_nameptr,
|
1997-05-18 23:56:48 +04:00
|
|
|
tond.ni_cnd.cn_nameptr,
|
|
|
|
|
fromnd.ni_cnd.cn_namelen))
|
1997-04-07 04:04:16 +04:00
|
|
|
error = -1;
|
1997-05-18 23:56:48 +04:00
|
|
|
}
|
|
|
|
|
|
2006-07-22 14:34:26 +04:00
|
|
|
#if NVERIEXEC > 0
|
2006-12-24 11:54:55 +03:00
|
|
|
if (!error) {
|
Some Veriexec stuff that's been rotting in my tree for months.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 23:47:43 +04:00
|
|
|
char *f1, *f2;
|
|
|
|
|
|
|
|
|
|
f1 = malloc(fromnd.ni_cnd.cn_namelen + 1, M_TEMP, M_WAITOK);
|
|
|
|
|
strlcpy(f1, fromnd.ni_cnd.cn_nameptr, fromnd.ni_cnd.cn_namelen);
|
|
|
|
|
|
|
|
|
|
f2 = malloc(tond.ni_cnd.cn_namelen + 1, M_TEMP, M_WAITOK);
|
2007-05-22 14:39:10 +04:00
|
|
|
strlcpy(f2, tond.ni_cnd.cn_nameptr, tond.ni_cnd.cn_namelen);
|
Some Veriexec stuff that's been rotting in my tree for months.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 23:47:43 +04:00
|
|
|
|
2007-05-20 02:11:22 +04:00
|
|
|
error = veriexec_renamechk(l, fvp, f1, tvp, f2);
|
Some Veriexec stuff that's been rotting in my tree for months.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
2007-05-15 23:47:43 +04:00
|
|
|
|
|
|
|
|
free(f1, M_TEMP);
|
|
|
|
|
free(f2, M_TEMP);
|
2006-12-24 11:54:55 +03:00
|
|
|
}
|
2006-07-22 14:34:26 +04:00
|
|
|
#endif /* NVERIEXEC > 0 */
|
2005-08-19 16:30:02 +04:00
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
out:
|
2005-12-11 15:16:03 +03:00
|
|
|
p = l->l_proc;
|
1994-06-29 10:29:24 +04:00
|
|
|
if (!error) {
|
|
|
|
|
error = VOP_RENAME(fromnd.ni_dvp, fromnd.ni_vp, &fromnd.ni_cnd,
|
|
|
|
|
tond.ni_dvp, tond.ni_vp, &tond.ni_cnd);
|
2008-01-28 17:31:15 +03:00
|
|
|
VFS_RENAMELOCK_EXIT(fs);
|
1994-06-29 10:29:24 +04:00
|
|
|
} else {
|
|
|
|
|
VOP_ABORTOP(tond.ni_dvp, &tond.ni_cnd);
|
|
|
|
|
if (tdvp == tvp)
|
|
|
|
|
vrele(tdvp);
|
|
|
|
|
else
|
|
|
|
|
vput(tdvp);
|
|
|
|
|
if (tvp)
|
|
|
|
|
vput(tvp);
|
2008-01-28 17:31:15 +03:00
|
|
|
VFS_RENAMELOCK_EXIT(fs);
|
1994-06-29 10:29:24 +04:00
|
|
|
VOP_ABORTOP(fromnd.ni_dvp, &fromnd.ni_cnd);
|
|
|
|
|
vrele(fromnd.ni_dvp);
|
|
|
|
|
vrele(fvp);
|
|
|
|
|
}
|
|
|
|
|
vrele(tond.ni_startdir);
|
2000-08-04 00:41:05 +04:00
|
|
|
PNBUF_PUT(tond.ni_cnd.cn_pnbuf);
|
1994-06-29 10:29:24 +04:00
|
|
|
out1:
|
|
|
|
|
if (fromnd.ni_startdir)
|
|
|
|
|
vrele(fromnd.ni_startdir);
|
2000-08-04 00:41:05 +04:00
|
|
|
PNBUF_PUT(fromnd.ni_cnd.cn_pnbuf);
|
1997-04-04 17:32:48 +04:00
|
|
|
return (error == -1 ? 0 : error);
|
1994-06-29 10:29:24 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Make a directory file.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_mkdir(struct lwp *l, const struct sys_mkdir_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(int) mode;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2003-01-18 13:06:22 +03:00
|
|
|
struct proc *p = l->l_proc;
|
2000-03-30 13:27:11 +04:00
|
|
|
struct vnode *vp;
|
1994-06-29 10:29:24 +04:00
|
|
|
struct vattr vattr;
|
|
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-04-22 12:29:55 +04:00
|
|
|
NDINIT(&nd, CREATE, LOCKPARENT | CREATEDIR | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
vp = nd.ni_vp;
|
|
|
|
|
if (vp != NULL) {
|
|
|
|
|
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
|
|
|
|
|
if (nd.ni_dvp == vp)
|
|
|
|
|
vrele(nd.ni_dvp);
|
|
|
|
|
else
|
|
|
|
|
vput(nd.ni_dvp);
|
|
|
|
|
vrele(vp);
|
|
|
|
|
return (EEXIST);
|
|
|
|
|
}
|
|
|
|
|
VATTR_NULL(&vattr);
|
|
|
|
|
vattr.va_type = VDIR;
|
2007-10-08 19:12:05 +04:00
|
|
|
/* We will read cwdi->cwdi_cmask unlocked. */
|
1999-04-30 22:42:58 +04:00
|
|
|
vattr.va_mode =
|
|
|
|
|
(SCARG(uap, mode) & ACCESSPERMS) &~ p->p_cwdi->cwdi_cmask;
|
1994-06-29 10:29:24 +04:00
|
|
|
error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
|
|
|
|
|
if (!error)
|
|
|
|
|
vput(nd.ni_vp);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Remove a directory file.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_rmdir(struct lwp *l, const struct sys_rmdir_args *uap, register_t *retval)
|
1994-06-29 10:29:24 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2000-03-30 13:27:11 +04:00
|
|
|
struct vnode *vp;
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-04-22 12:29:55 +04:00
|
|
|
NDINIT(&nd, DELETE, LOCKPARENT | LOCKLEAF | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
vp = nd.ni_vp;
|
|
|
|
|
if (vp->v_type != VDIR) {
|
|
|
|
|
error = ENOTDIR;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
/*
|
|
|
|
|
* No rmdir "." please.
|
|
|
|
|
*/
|
|
|
|
|
if (nd.ni_dvp == vp) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
/*
|
|
|
|
|
* The root of a mounted filesystem cannot be deleted.
|
|
|
|
|
*/
|
2007-10-11 00:42:20 +04:00
|
|
|
if (vp->v_vflag & VV_ROOT) {
|
1994-06-29 10:29:24 +04:00
|
|
|
error = EBUSY;
|
2003-10-15 15:28:59 +04:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
error = VOP_RMDIR(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
|
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
|
|
|
|
|
if (nd.ni_dvp == vp)
|
|
|
|
|
vrele(nd.ni_dvp);
|
|
|
|
|
else
|
|
|
|
|
vput(nd.ni_dvp);
|
|
|
|
|
vput(vp);
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Read a block of directory entries in a file system independent format.
|
|
|
|
|
*/
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys___getdents30(struct lwp *l, const struct sys___getdents30_args *uap, register_t *retval)
|
1995-09-20 01:40:36 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1994-10-20 07:22:35 +03:00
|
|
|
syscallarg(int) fd;
|
|
|
|
|
syscallarg(char *) buf;
|
1997-10-10 06:09:30 +04:00
|
|
|
syscallarg(size_t) count;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
1997-10-10 06:09:30 +04:00
|
|
|
int error, done;
|
1994-06-29 10:29:24 +04:00
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
/* fd_getvnode() will use the descriptor for us */
|
|
|
|
|
if ((error = fd_getvnode(SCARG(uap, fd), &fp)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
1999-05-06 00:01:01 +04:00
|
|
|
if ((fp->f_flag & FREAD) == 0) {
|
|
|
|
|
error = EBADF;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
1997-10-10 06:09:30 +04:00
|
|
|
error = vn_readdir(fp, SCARG(uap, buf), UIO_USERSPACE,
|
2005-12-11 15:16:03 +03:00
|
|
|
SCARG(uap, count), &done, l, 0, 0);
|
2007-08-15 16:07:23 +04:00
|
|
|
ktrgenio(SCARG(uap, fd), UIO_READ, SCARG(uap, buf), done, error);
|
1997-10-10 06:09:30 +04:00
|
|
|
*retval = done;
|
1999-05-06 00:01:01 +04:00
|
|
|
out:
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_putfile(SCARG(uap, fd));
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Set the mode mask for creation of filesystem nodes.
|
|
|
|
|
*/
|
1995-09-20 01:40:36 +04:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_umask(struct lwp *l, const struct sys_umask_args *uap, register_t *retval)
|
1994-06-29 10:29:24 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1997-10-19 07:29:20 +04:00
|
|
|
syscallarg(mode_t) newmask;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2003-01-18 13:06:22 +03:00
|
|
|
struct proc *p = l->l_proc;
|
1999-04-30 22:42:58 +04:00
|
|
|
struct cwdinfo *cwdi;
|
1994-06-29 10:29:24 +04:00
|
|
|
|
2007-10-08 19:12:05 +04:00
|
|
|
/*
|
|
|
|
|
* cwdi->cwdi_cmask will be read unlocked elsewhere. What's
|
|
|
|
|
* important is that we serialize changes to the mask. The
|
|
|
|
|
* rw_exit() will issue a write memory barrier on our behalf,
|
|
|
|
|
* and force the changes out to other CPUs (as it must use an
|
|
|
|
|
* atomic operation, draining the local CPU's store buffers).
|
|
|
|
|
*/
|
1999-04-30 22:42:58 +04:00
|
|
|
cwdi = p->p_cwdi;
|
2007-10-08 19:12:05 +04:00
|
|
|
rw_enter(&cwdi->cwdi_lock, RW_WRITER);
|
1999-04-30 22:42:58 +04:00
|
|
|
*retval = cwdi->cwdi_cmask;
|
|
|
|
|
cwdi->cwdi_cmask = SCARG(uap, newmask) & ALLPERMS;
|
2007-10-08 19:12:05 +04:00
|
|
|
rw_exit(&cwdi->cwdi_lock);
|
|
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
2008-01-09 11:18:12 +03:00
|
|
|
int
|
|
|
|
|
dorevoke(struct vnode *vp, kauth_cred_t cred)
|
|
|
|
|
{
|
|
|
|
|
struct vattr vattr;
|
|
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
if ((error = VOP_GETATTR(vp, &vattr, cred)) != 0)
|
2008-01-24 20:32:52 +03:00
|
|
|
return error;
|
2008-01-09 11:18:12 +03:00
|
|
|
if (kauth_cred_geteuid(cred) != vattr.va_uid &&
|
|
|
|
|
(error = kauth_authorize_generic(cred,
|
2008-01-24 20:32:52 +03:00
|
|
|
KAUTH_GENERIC_ISSUSER, NULL)) == 0)
|
2008-01-09 11:18:12 +03:00
|
|
|
VOP_REVOKE(vp, REVOKEALL);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
/*
|
|
|
|
|
* Void all references to file by ripping underlying filesystem
|
|
|
|
|
* away from vnode.
|
|
|
|
|
*/
|
|
|
|
|
/* ARGSUSED */
|
1996-02-04 05:17:43 +03:00
|
|
|
int
|
2007-12-21 02:02:38 +03:00
|
|
|
sys_revoke(struct lwp *l, const struct sys_revoke_args *uap, register_t *retval)
|
1994-06-29 10:29:24 +04:00
|
|
|
{
|
2007-12-21 02:02:38 +03:00
|
|
|
/* {
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(const char *) path;
|
2007-12-21 02:02:38 +03:00
|
|
|
} */
|
2000-03-30 13:27:11 +04:00
|
|
|
struct vnode *vp;
|
1994-06-29 10:29:24 +04:00
|
|
|
int error;
|
|
|
|
|
struct nameidata nd;
|
|
|
|
|
|
2007-10-24 19:28:55 +04:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | TRYEMULROOT, UIO_USERSPACE,
|
2007-12-08 22:29:36 +03:00
|
|
|
SCARG(uap, path));
|
1996-02-04 05:17:43 +03:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (error);
|
|
|
|
|
vp = nd.ni_vp;
|
2008-01-09 11:18:12 +03:00
|
|
|
error = dorevoke(vp, l->l_cred);
|
1994-06-29 10:29:24 +04:00
|
|
|
vrele(vp);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Convert a user file descriptor to a kernel file entry.
|
|
|
|
|
*/
|
1996-01-30 23:05:33 +03:00
|
|
|
int
|
2008-03-22 00:54:58 +03:00
|
|
|
getvnode(int fd, file_t **fpp)
|
1994-06-29 10:29:24 +04:00
|
|
|
{
|
1996-01-30 23:05:33 +03:00
|
|
|
struct vnode *vp;
|
2008-03-22 00:54:58 +03:00
|
|
|
file_t *fp;
|
1994-06-29 10:29:24 +04:00
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
if ((fp = fd_getfile(fd)) == NULL)
|
1994-06-29 10:29:24 +04:00
|
|
|
return (EBADF);
|
1999-05-06 00:01:01 +04:00
|
|
|
|
|
|
|
|
if (fp->f_type != DTYPE_VNODE) {
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_putfile(fd);
|
1994-06-29 10:29:24 +04:00
|
|
|
return (EINVAL);
|
1999-05-06 00:01:01 +04:00
|
|
|
}
|
|
|
|
|
|
2008-03-22 00:54:58 +03:00
|
|
|
vp = fp->f_data;
|
1999-05-06 00:01:01 +04:00
|
|
|
if (vp->v_type == VBAD) {
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_putfile(fd);
|
1996-01-30 23:05:33 +03:00
|
|
|
return (EBADF);
|
1999-05-06 00:01:01 +04:00
|
|
|
}
|
|
|
|
|
|
1994-06-29 10:29:24 +04:00
|
|
|
*fpp = fp;
|
|
|
|
|
return (0);
|
|
|
|
|
}
|