Adapt zfs_netbsd_access() to ACL support. As ZFS itself only
handles VREAD, VWRITE, VEXEC and VAPPEND we use kauth_authorize_vnode() to handle VADMIN. From FreeBSD.
This commit is contained in:
parent
188cf0e1a1
commit
7c7014518c
|
@ -5169,33 +5169,47 @@ zfs_netbsd_access(void *v)
|
||||||
accmode_t a_accmode;
|
accmode_t a_accmode;
|
||||||
kauth_cred_t a_cred;
|
kauth_cred_t a_cred;
|
||||||
} */ *ap = v;
|
} */ *ap = v;
|
||||||
struct vnode *vp = ap->a_vp;
|
vnode_t *vp = ap->a_vp;
|
||||||
accmode_t accmode = ap->a_accmode;
|
znode_t *zp = VTOZ(vp);
|
||||||
mode_t zfs_mode = 0;
|
accmode_t accmode;
|
||||||
kauth_cred_t cred = ap->a_cred;
|
kauth_cred_t cred = ap->a_cred;
|
||||||
int error;
|
int error = 0;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* XXX This is really random, especially the left shift by six,
|
* ZFS itself only knowns about VREAD, VWRITE, VEXEC and VAPPEND,
|
||||||
* and it exists only because of randomness in zfs_unix_to_v4
|
|
||||||
* and zfs_zaccess_rwx in zfs_acl.c.
|
|
||||||
*/
|
*/
|
||||||
if (accmode & VREAD)
|
accmode = ap->a_accmode & (VREAD|VWRITE|VEXEC|VAPPEND);
|
||||||
zfs_mode |= S_IROTH;
|
if (accmode != 0)
|
||||||
if (accmode & VWRITE)
|
error = zfs_access(vp, accmode, 0, cred, NULL);
|
||||||
zfs_mode |= S_IWOTH;
|
|
||||||
if (accmode & VEXEC)
|
|
||||||
zfs_mode |= S_IXOTH;
|
|
||||||
zfs_mode <<= 6;
|
|
||||||
|
|
||||||
KASSERT(VOP_ISLOCKED(vp));
|
/*
|
||||||
error = zfs_access(vp, zfs_mode, 0, cred, NULL);
|
* VADMIN has to be handled by kauth_authorize_vnode().
|
||||||
|
*/
|
||||||
|
if (error == 0) {
|
||||||
|
accmode = ap->a_accmode & ~(VREAD|VWRITE|VEXEC|VAPPEND);
|
||||||
|
if (accmode != 0) {
|
||||||
|
error = kauth_authorize_vnode(cred,
|
||||||
|
KAUTH_ACCESS_ACTION(accmode, vp->v_type,
|
||||||
|
zp->z_mode & ALLPERMS), vp, NULL,
|
||||||
|
genfs_can_access(vp, cred, zp->z_uid,
|
||||||
|
zp->z_gid, zp->z_mode & ALLPERMS, NULL, accmode));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* For VEXEC, ensure that at least one execute bit is set for
|
||||||
|
* non-directories.
|
||||||
|
*/
|
||||||
|
if (error == 0 && (ap->a_accmode & VEXEC) != 0 && vp->v_type != VDIR &&
|
||||||
|
(zp->z_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0) {
|
||||||
|
error = EACCES;
|
||||||
|
}
|
||||||
|
|
||||||
/* We expect EACCES as common error. */
|
/* We expect EACCES as common error. */
|
||||||
if (error == EPERM)
|
if (error == EPERM)
|
||||||
error = EACCES;
|
error = EACCES;
|
||||||
|
|
||||||
return (error);
|
return error;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
|
Loading…
Reference in New Issue