2005-01-06 23:35:40 +00:00
|
|
|
/*-
|
1994-05-24 11:09:53 +01:00
|
|
|
* Copyright (c) 1989, 1993
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
* (c) UNIX System Laboratories, Inc.
|
|
|
|
* All or some portions of this file are derived from material licensed
|
|
|
|
* to the University of California by American Telephone and Telegraph
|
|
|
|
* Co. or Unix System Laboratories, Inc. and are reproduced herein with
|
|
|
|
* the permission of UNIX System Laboratories, Inc.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*
|
|
|
|
* @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
|
|
|
|
*/
|
|
|
|
|
2003-06-11 01:56:59 +01:00
|
|
|
#include <sys/cdefs.h>
|
|
|
|
__FBSDID("$FreeBSD$");
|
|
|
|
|
1997-12-16 17:40:42 +00:00
|
|
|
#include "opt_compat.h"
|
2002-07-31 02:27:33 +01:00
|
|
|
#include "opt_mac.h"
|
1997-12-16 17:40:42 +00:00
|
|
|
|
1994-05-24 11:09:53 +01:00
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/systm.h>
|
2000-05-05 10:59:14 +01:00
|
|
|
#include <sys/bio.h>
|
1999-02-25 15:54:06 +00:00
|
|
|
#include <sys/buf.h>
|
1997-02-10 02:22:35 +00:00
|
|
|
#include <sys/sysent.h>
|
2002-08-01 18:47:56 +01:00
|
|
|
#include <sys/malloc.h>
|
1999-09-11 01:46:08 +01:00
|
|
|
#include <sys/mount.h>
|
2000-10-20 08:58:15 +01:00
|
|
|
#include <sys/mutex.h>
|
1995-11-12 06:43:28 +00:00
|
|
|
#include <sys/sysproto.h>
|
1994-05-24 11:09:53 +01:00
|
|
|
#include <sys/namei.h>
|
|
|
|
#include <sys/filedesc.h>
|
|
|
|
#include <sys/kernel.h>
|
1997-03-23 03:37:54 +00:00
|
|
|
#include <sys/fcntl.h>
|
1994-05-24 11:09:53 +01:00
|
|
|
#include <sys/file.h>
|
2003-04-29 14:36:06 +01:00
|
|
|
#include <sys/limits.h>
|
1998-11-03 14:29:09 +00:00
|
|
|
#include <sys/linker.h>
|
1994-05-24 11:09:53 +01:00
|
|
|
#include <sys/stat.h>
|
2001-03-28 12:52:56 +01:00
|
|
|
#include <sys/sx.h>
|
1996-09-03 15:25:27 +01:00
|
|
|
#include <sys/unistd.h>
|
1994-05-24 11:09:53 +01:00
|
|
|
#include <sys/vnode.h>
|
|
|
|
#include <sys/proc.h>
|
|
|
|
#include <sys/dirent.h>
|
1999-12-19 06:08:07 +00:00
|
|
|
#include <sys/extattr.h>
|
2001-02-21 06:39:57 +00:00
|
|
|
#include <sys/jail.h>
|
2002-09-01 21:37:28 +01:00
|
|
|
#include <sys/syscallsubr.h>
|
2001-08-23 14:51:17 +01:00
|
|
|
#include <sys/sysctl.h>
|
1994-05-24 11:09:53 +01:00
|
|
|
|
2002-03-26 15:33:44 +00:00
|
|
|
#include <machine/stdarg.h>
|
2001-08-23 14:51:17 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
#include <security/audit/audit.h>
|
2006-10-22 12:52:19 +01:00
|
|
|
#include <security/mac/mac_framework.h>
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
|
1994-05-24 11:09:53 +01:00
|
|
|
#include <vm/vm.h>
|
1995-12-07 12:48:31 +00:00
|
|
|
#include <vm/vm_object.h>
|
2000-11-18 21:01:04 +00:00
|
|
|
#include <vm/vm_page.h>
|
2002-03-20 04:09:59 +00:00
|
|
|
#include <vm/uma.h>
|
1994-05-24 11:09:53 +01:00
|
|
|
|
2002-03-19 21:25:46 +00:00
|
|
|
static int chroot_refuse_vdir_fds(struct filedesc *fdp);
|
2002-09-01 21:37:28 +01:00
|
|
|
static int getutimes(const struct timeval *, enum uio_seg, struct timespec *);
|
2002-03-19 21:25:46 +00:00
|
|
|
static int setfown(struct thread *td, struct vnode *, uid_t, gid_t);
|
|
|
|
static int setfmode(struct thread *td, struct vnode *, int);
|
|
|
|
static int setfflags(struct thread *td, struct vnode *, int);
|
|
|
|
static int setutimes(struct thread *td, struct vnode *,
|
2002-07-17 03:03:19 +01:00
|
|
|
const struct timespec *, int, int);
|
2002-03-19 21:25:46 +00:00
|
|
|
static int vn_access(struct vnode *vp, int user_flags, struct ucred *cred,
|
|
|
|
struct thread *td);
|
1997-10-23 10:29:09 +01:00
|
|
|
|
2003-06-05 06:55:34 +01:00
|
|
|
static int extattr_list_vp(struct vnode *vp, int attrnamespace, void *data,
|
|
|
|
size_t nbytes, struct thread *td);
|
|
|
|
|
2002-03-19 21:25:46 +00:00
|
|
|
int (*union_dircheckp)(struct thread *td, struct vnode **, struct file *);
|
1998-11-03 08:01:48 +00:00
|
|
|
|
2002-10-27 18:07:41 +00:00
|
|
|
/*
|
|
|
|
* The module initialization routine for POSIX asynchronous I/O will
|
|
|
|
* set this to the version of AIO that it implements. (Zero means
|
|
|
|
* that it is not implemented.) This value is used here by pathconf()
|
|
|
|
* and in kern_descrip.c by fpathconf().
|
|
|
|
*/
|
|
|
|
int async_io_version;
|
|
|
|
|
1994-05-24 11:09:53 +01:00
|
|
|
/*
|
|
|
|
* Sync each mounted filesystem.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1995-10-08 01:06:22 +01:00
|
|
|
struct sync_args {
|
2004-01-11 19:52:10 +00:00
|
|
|
int dummy;
|
1995-10-08 01:06:22 +01:00
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1995-10-08 01:06:22 +01:00
|
|
|
|
1997-02-10 02:22:35 +00:00
|
|
|
#ifdef DEBUG
|
1997-11-22 06:41:21 +00:00
|
|
|
static int syncprt = 0;
|
|
|
|
SYSCTL_INT(_debug, OID_AUTO, syncprt, CTLFLAG_RW, &syncprt, 0, "");
|
1997-02-10 02:22:35 +00:00
|
|
|
#endif
|
|
|
|
|
1994-05-24 11:09:53 +01:00
|
|
|
/* ARGSUSED */
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
sync(td, uap)
|
|
|
|
struct thread *td;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct sync_args *uap;
|
|
|
|
{
|
2000-07-11 23:07:57 +01:00
|
|
|
struct mount *mp, *nmp;
|
2006-03-21 23:58:37 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
Change and clean the mutex lock interface.
mtx_enter(lock, type) becomes:
mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks)
mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized)
similarily, for releasing a lock, we now have:
mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN.
We change the caller interface for the two different types of locks
because the semantics are entirely different for each case, and this
makes it explicitly clear and, at the same time, it rids us of the
extra `type' argument.
The enter->lock and exit->unlock change has been made with the idea
that we're "locking data" and not "entering locked code" in mind.
Further, remove all additional "flags" previously passed to the
lock acquire/release routines with the exception of two:
MTX_QUIET and MTX_NOSWITCH
The functionality of these flags is preserved and they can be passed
to the lock/unlock routines by calling the corresponding wrappers:
mtx_{lock, unlock}_flags(lock, flag(s)) and
mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN
locks, respectively.
Re-inline some lock acq/rel code; in the sleep lock case, we only
inline the _obtain_lock()s in order to ensure that the inlined code
fits into a cache line. In the spin lock case, we inline recursion and
actually only perform a function call if we need to spin. This change
has been made with the idea that we generally tend to avoid spin locks
and that also the spin locks that we do have and are heavily used
(i.e. sched_lock) do recurse, and therefore in an effort to reduce
function call overhead for some architectures (such as alpha), we
inline recursion for this case.
Create a new malloc type for the witness code and retire from using
the M_DEV type. The new type is called M_WITNESS and is only declared
if WITNESS is enabled.
Begin cleaning up some machdep/mutex.h code - specifically updated the
"optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN
and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently
need those.
Finally, caught up to the interface changes in all sys code.
Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
|
|
|
mtx_lock(&mountlist_mtx);
|
1999-11-20 10:00:46 +00:00
|
|
|
for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
|
2001-09-12 09:38:13 +01:00
|
|
|
if (vfs_busy(mp, LK_NOWAIT, &mountlist_mtx, td)) {
|
1999-11-20 10:00:46 +00:00
|
|
|
nmp = TAILQ_NEXT(mp, mnt_list);
|
1997-02-10 02:22:35 +00:00
|
|
|
continue;
|
|
|
|
}
|
2006-03-21 23:58:37 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(mp);
|
2000-07-11 23:07:57 +01:00
|
|
|
if ((mp->mnt_flag & MNT_RDONLY) == 0 &&
|
|
|
|
vn_start_write(NULL, &mp, V_NOWAIT) == 0) {
|
2006-09-26 05:12:49 +01:00
|
|
|
MNT_ILOCK(mp);
|
2006-09-26 05:15:59 +01:00
|
|
|
mp->mnt_noasync++;
|
|
|
|
mp->mnt_kern_flag &= ~MNTK_ASYNC;
|
2006-09-26 05:12:49 +01:00
|
|
|
MNT_IUNLOCK(mp);
|
1995-05-21 22:39:31 +01:00
|
|
|
vfs_msync(mp, MNT_NOWAIT);
|
2005-01-11 07:36:22 +00:00
|
|
|
VFS_SYNC(mp, MNT_NOWAIT, td);
|
2006-09-26 05:12:49 +01:00
|
|
|
MNT_ILOCK(mp);
|
2006-09-26 05:15:59 +01:00
|
|
|
mp->mnt_noasync--;
|
|
|
|
if ((mp->mnt_flag & MNT_ASYNC) != 0 &&
|
|
|
|
mp->mnt_noasync == 0)
|
|
|
|
mp->mnt_kern_flag |= MNTK_ASYNC;
|
2006-09-26 05:12:49 +01:00
|
|
|
MNT_IUNLOCK(mp);
|
2000-07-11 23:07:57 +01:00
|
|
|
vn_finished_write(mp);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
2006-03-21 23:58:37 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
Change and clean the mutex lock interface.
mtx_enter(lock, type) becomes:
mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks)
mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized)
similarily, for releasing a lock, we now have:
mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN.
We change the caller interface for the two different types of locks
because the semantics are entirely different for each case, and this
makes it explicitly clear and, at the same time, it rids us of the
extra `type' argument.
The enter->lock and exit->unlock change has been made with the idea
that we're "locking data" and not "entering locked code" in mind.
Further, remove all additional "flags" previously passed to the
lock acquire/release routines with the exception of two:
MTX_QUIET and MTX_NOSWITCH
The functionality of these flags is preserved and they can be passed
to the lock/unlock routines by calling the corresponding wrappers:
mtx_{lock, unlock}_flags(lock, flag(s)) and
mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN
locks, respectively.
Re-inline some lock acq/rel code; in the sleep lock case, we only
inline the _obtain_lock()s in order to ensure that the inlined code
fits into a cache line. In the spin lock case, we inline recursion and
actually only perform a function call if we need to spin. This change
has been made with the idea that we generally tend to avoid spin locks
and that also the spin locks that we do have and are heavily used
(i.e. sched_lock) do recurse, and therefore in an effort to reduce
function call overhead for some architectures (such as alpha), we
inline recursion for this case.
Create a new malloc type for the witness code and retire from using
the M_DEV type. The new type is called M_WITNESS and is only declared
if WITNESS is enabled.
Begin cleaning up some machdep/mutex.h code - specifically updated the
"optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN
and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently
need those.
Finally, caught up to the interface changes in all sys code.
Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
|
|
|
mtx_lock(&mountlist_mtx);
|
1999-11-20 10:00:46 +00:00
|
|
|
nmp = TAILQ_NEXT(mp, mnt_list);
|
2001-09-12 09:38:13 +01:00
|
|
|
vfs_unbusy(mp, td);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
Change and clean the mutex lock interface.
mtx_enter(lock, type) becomes:
mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks)
mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized)
similarily, for releasing a lock, we now have:
mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN.
We change the caller interface for the two different types of locks
because the semantics are entirely different for each case, and this
makes it explicitly clear and, at the same time, it rids us of the
extra `type' argument.
The enter->lock and exit->unlock change has been made with the idea
that we're "locking data" and not "entering locked code" in mind.
Further, remove all additional "flags" previously passed to the
lock acquire/release routines with the exception of two:
MTX_QUIET and MTX_NOSWITCH
The functionality of these flags is preserved and they can be passed
to the lock/unlock routines by calling the corresponding wrappers:
mtx_{lock, unlock}_flags(lock, flag(s)) and
mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN
locks, respectively.
Re-inline some lock acq/rel code; in the sleep lock case, we only
inline the _obtain_lock()s in order to ensure that the inlined code
fits into a cache line. In the spin lock case, we inline recursion and
actually only perform a function call if we need to spin. This change
has been made with the idea that we generally tend to avoid spin locks
and that also the spin locks that we do have and are heavily used
(i.e. sched_lock) do recurse, and therefore in an effort to reduce
function call overhead for some architectures (such as alpha), we
inline recursion for this case.
Create a new malloc type for the witness code and retire from using
the M_DEV type. The new type is called M_WITNESS and is only declared
if WITNESS is enabled.
Begin cleaning up some machdep/mutex.h code - specifically updated the
"optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN
and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently
need those.
Finally, caught up to the interface changes in all sys code.
Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
|
|
|
mtx_unlock(&mountlist_mtx);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 12:38:52 +01:00
|
|
|
/* XXX PRISON: could be per prison flag */
|
|
|
|
static int prison_quotas;
|
|
|
|
#if 0
|
|
|
|
SYSCTL_INT(_kern_prison, OID_AUTO, quotas, CTLFLAG_RW, &prison_quotas, 0, "");
|
|
|
|
#endif
|
|
|
|
|
1994-05-24 11:09:53 +01:00
|
|
|
/*
|
|
|
|
* Change filesystem quotas.
|
2005-05-28 14:11:35 +01:00
|
|
|
*
|
|
|
|
* MP SAFE
|
1994-05-24 11:09:53 +01:00
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct quotactl_args {
|
|
|
|
char *path;
|
|
|
|
int cmd;
|
|
|
|
int uid;
|
|
|
|
caddr_t arg;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
quotactl(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct quotactl_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
int cmd;
|
|
|
|
int uid;
|
|
|
|
caddr_t arg;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2004-04-26 16:44:42 +01:00
|
|
|
struct mount *mp, *vmp;
|
2006-03-21 23:58:37 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
|
|
|
|
2006-06-05 14:34:23 +01:00
|
|
|
AUDIT_ARG(cmd, uap->cmd);
|
|
|
|
AUDIT_ARG(uid, uap->uid);
|
2002-02-27 18:32:23 +00:00
|
|
|
if (jailed(td->td_ucred) && !prison_quotas)
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 12:38:52 +01:00
|
|
|
return (EPERM);
|
2006-03-21 23:58:37 +00:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1,
|
|
|
|
UIO_USERSPACE, uap->path, td);
|
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2006-03-21 23:58:37 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2004-04-26 16:44:42 +01:00
|
|
|
error = vn_start_write(nd.ni_vp, &vmp, V_WAIT | PCATCH);
|
|
|
|
mp = nd.ni_vp->v_mount;
|
1994-05-24 11:09:53 +01:00
|
|
|
vrele(nd.ni_vp);
|
2006-03-21 23:58:37 +00:00
|
|
|
if (error)
|
|
|
|
goto out;
|
2002-12-14 08:18:06 +00:00
|
|
|
error = VFS_QUOTACTL(mp, uap->cmd, uap->uid, uap->arg, td);
|
2004-04-26 16:44:42 +01:00
|
|
|
vn_finished_write(vmp);
|
2006-03-21 23:58:37 +00:00
|
|
|
out:
|
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2000-07-11 23:07:57 +01:00
|
|
|
return (error);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get filesystem statistics.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct statfs_args {
|
|
|
|
char *path;
|
|
|
|
struct statfs *buf;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
statfs(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct statfs_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
struct statfs *buf;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
2005-02-07 18:44:55 +00:00
|
|
|
{
|
|
|
|
struct statfs sf;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = kern_statfs(td, uap->path, UIO_USERSPACE, &sf);
|
|
|
|
if (error == 0)
|
|
|
|
error = copyout(&sf, uap->buf, sizeof(sf));
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_statfs(struct thread *td, char *path, enum uio_seg pathseg,
|
|
|
|
struct statfs *buf)
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2003-11-12 08:01:40 +00:00
|
|
|
struct mount *mp;
|
|
|
|
struct statfs *sp, sb;
|
2006-03-21 23:58:37 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
|
|
|
|
2006-03-21 23:58:37 +00:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
|
|
|
|
pathseg, path, td);
|
2005-05-27 20:15:46 +01:00
|
|
|
error = namei(&nd);
|
2006-03-21 23:58:37 +00:00
|
|
|
if (error)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2006-03-21 23:58:37 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1994-05-24 11:09:53 +01:00
|
|
|
mp = nd.ni_vp->v_mount;
|
2006-02-23 05:18:07 +00:00
|
|
|
vfs_ref(mp);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2006-02-23 05:18:07 +00:00
|
|
|
vput(nd.ni_vp);
|
2002-07-31 02:27:33 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_mount_stat(td->td_ucred, mp);
|
2006-08-02 16:27:48 +01:00
|
|
|
if (error)
|
2006-03-21 23:58:37 +00:00
|
|
|
goto out;
|
2002-07-31 02:27:33 +01:00
|
|
|
#endif
|
2003-11-12 08:01:40 +00:00
|
|
|
/*
|
|
|
|
* Set these in case the underlying filesystem fails to do so.
|
|
|
|
*/
|
2006-02-23 05:18:07 +00:00
|
|
|
sp = &mp->mnt_stat;
|
2003-11-12 08:01:40 +00:00
|
|
|
sp->f_version = STATFS_VERSION;
|
|
|
|
sp->f_namemax = NAME_MAX;
|
|
|
|
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
|
2001-09-12 09:38:13 +01:00
|
|
|
error = VFS_STATFS(mp, sp, td);
|
2006-03-21 23:58:37 +00:00
|
|
|
if (error)
|
|
|
|
goto out;
|
2002-04-01 22:31:13 +01:00
|
|
|
if (suser(td)) {
|
2002-06-29 00:02:38 +01:00
|
|
|
bcopy(sp, &sb, sizeof(sb));
|
1997-03-23 20:08:22 +00:00
|
|
|
sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
|
2005-06-09 19:49:19 +01:00
|
|
|
prison_enforce_statfs(td->td_ucred, mp, &sb);
|
1997-03-23 20:08:22 +00:00
|
|
|
sp = &sb;
|
|
|
|
}
|
2005-02-07 18:44:55 +00:00
|
|
|
*buf = *sp;
|
2006-03-21 23:58:37 +00:00
|
|
|
out:
|
2006-07-27 21:00:27 +01:00
|
|
|
vfs_rel(mp);
|
2006-03-21 23:58:37 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2006-03-31 04:54:20 +01:00
|
|
|
if (mtx_owned(&Giant))
|
|
|
|
printf("statfs(%d): %s: %d\n", vfslocked, path, error);
|
2006-03-21 23:58:37 +00:00
|
|
|
return (error);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get filesystem statistics.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct fstatfs_args {
|
|
|
|
int fd;
|
|
|
|
struct statfs *buf;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
fstatfs(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct fstatfs_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
|
|
|
struct statfs *buf;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
2005-02-07 18:44:55 +00:00
|
|
|
{
|
|
|
|
struct statfs sf;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = kern_fstatfs(td, uap->fd, &sf);
|
|
|
|
if (error == 0)
|
|
|
|
error = copyout(&sf, uap->buf, sizeof(sf));
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_fstatfs(struct thread *td, int fd, struct statfs *buf)
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
|
|
|
struct file *fp;
|
|
|
|
struct mount *mp;
|
2003-11-12 08:01:40 +00:00
|
|
|
struct statfs *sp, sb;
|
2006-03-21 23:58:37 +00:00
|
|
|
int vfslocked;
|
2006-02-06 10:15:27 +00:00
|
|
|
struct vnode *vp;
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(fd, fd);
|
2005-05-27 20:15:46 +01:00
|
|
|
error = getvnode(td->td_proc->p_fd, fd, &fp);
|
|
|
|
if (error)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2006-02-06 10:15:27 +00:00
|
|
|
vp = fp->f_vnode;
|
2006-03-21 23:58:37 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
2006-02-23 05:18:07 +00:00
|
|
|
#ifdef AUDIT
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(vnode, vp, ARG_VNODE1);
|
|
|
|
#endif
|
2006-02-22 09:52:25 +00:00
|
|
|
mp = vp->v_mount;
|
2006-02-23 05:18:07 +00:00
|
|
|
if (mp)
|
|
|
|
vfs_ref(mp);
|
|
|
|
VOP_UNLOCK(vp, 0, td);
|
2002-01-13 11:58:06 +00:00
|
|
|
fdrop(fp, td);
|
2006-02-23 05:18:07 +00:00
|
|
|
if (vp->v_iflag & VI_DOOMED) {
|
2006-03-21 23:58:37 +00:00
|
|
|
error = EBADF;
|
|
|
|
goto out;
|
2006-02-23 05:18:07 +00:00
|
|
|
}
|
2002-07-31 02:27:33 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_mount_stat(td->td_ucred, mp);
|
2006-08-02 16:27:48 +01:00
|
|
|
if (error)
|
2006-03-21 23:58:37 +00:00
|
|
|
goto out;
|
2002-07-31 02:27:33 +01:00
|
|
|
#endif
|
2003-11-12 08:01:40 +00:00
|
|
|
/*
|
|
|
|
* Set these in case the underlying filesystem fails to do so.
|
|
|
|
*/
|
2006-02-23 05:18:07 +00:00
|
|
|
sp = &mp->mnt_stat;
|
2003-11-12 08:01:40 +00:00
|
|
|
sp->f_version = STATFS_VERSION;
|
|
|
|
sp->f_namemax = NAME_MAX;
|
|
|
|
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
|
2001-09-12 09:38:13 +01:00
|
|
|
error = VFS_STATFS(mp, sp, td);
|
2006-03-21 23:58:37 +00:00
|
|
|
if (error)
|
|
|
|
goto out;
|
2002-04-01 22:31:13 +01:00
|
|
|
if (suser(td)) {
|
2002-06-29 00:02:38 +01:00
|
|
|
bcopy(sp, &sb, sizeof(sb));
|
1997-03-23 20:08:22 +00:00
|
|
|
sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
|
2005-06-09 19:49:19 +01:00
|
|
|
prison_enforce_statfs(td->td_ucred, mp, &sb);
|
1997-03-23 20:08:22 +00:00
|
|
|
sp = &sb;
|
|
|
|
}
|
2005-02-07 18:44:55 +00:00
|
|
|
*buf = *sp;
|
2006-03-21 23:58:37 +00:00
|
|
|
out:
|
2006-08-02 16:27:48 +01:00
|
|
|
if (mp)
|
|
|
|
vfs_rel(mp);
|
2006-03-21 23:58:37 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
|
|
|
return (error);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get statistics on all filesystems.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct getfsstat_args {
|
|
|
|
struct statfs *buf;
|
|
|
|
long bufsize;
|
|
|
|
int flags;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
getfsstat(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct getfsstat_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
struct statfs *buf;
|
|
|
|
long bufsize;
|
|
|
|
int flags;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2005-06-09 18:44:46 +01:00
|
|
|
|
2005-06-11 15:58:20 +01:00
|
|
|
return (kern_getfsstat(td, &uap->buf, uap->bufsize, UIO_USERSPACE,
|
2005-06-09 18:44:46 +01:00
|
|
|
uap->flags));
|
|
|
|
}
|
|
|
|
|
2005-06-11 15:58:20 +01:00
|
|
|
/*
|
|
|
|
* If (bufsize > 0 && bufseg == UIO_SYSSPACE)
|
|
|
|
* The caller is responsible for freeing memory which will be allocated
|
|
|
|
* in '*buf'.
|
|
|
|
*/
|
2005-06-09 18:44:46 +01:00
|
|
|
int
|
2005-06-11 15:58:20 +01:00
|
|
|
kern_getfsstat(struct thread *td, struct statfs **buf, size_t bufsize,
|
2005-06-09 18:44:46 +01:00
|
|
|
enum uio_seg bufseg, int flags)
|
|
|
|
{
|
2003-11-12 08:01:40 +00:00
|
|
|
struct mount *mp, *nmp;
|
2005-06-09 18:44:46 +01:00
|
|
|
struct statfs *sfsp, *sp, sb;
|
|
|
|
size_t count, maxcount;
|
2006-03-21 23:58:37 +00:00
|
|
|
int vfslocked;
|
2005-06-09 18:44:46 +01:00
|
|
|
int error;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
2005-06-09 18:44:46 +01:00
|
|
|
maxcount = bufsize / sizeof(struct statfs);
|
2005-06-11 15:58:20 +01:00
|
|
|
if (bufsize == 0)
|
|
|
|
sfsp = NULL;
|
|
|
|
else if (bufseg == UIO_USERSPACE)
|
|
|
|
sfsp = *buf;
|
|
|
|
else /* if (bufseg == UIO_SYSSPACE) */ {
|
|
|
|
count = 0;
|
2005-06-12 08:03:23 +01:00
|
|
|
mtx_lock(&mountlist_mtx);
|
2005-06-11 15:58:20 +01:00
|
|
|
TAILQ_FOREACH(mp, &mountlist, mnt_list) {
|
|
|
|
count++;
|
|
|
|
}
|
2005-06-12 08:03:23 +01:00
|
|
|
mtx_unlock(&mountlist_mtx);
|
2005-06-11 15:58:20 +01:00
|
|
|
if (maxcount > count)
|
|
|
|
maxcount = count;
|
|
|
|
sfsp = *buf = malloc(maxcount * sizeof(struct statfs), M_TEMP,
|
|
|
|
M_WAITOK);
|
|
|
|
}
|
|
|
|
count = 0;
|
2005-06-12 08:03:23 +01:00
|
|
|
mtx_lock(&mountlist_mtx);
|
1999-11-20 10:00:46 +00:00
|
|
|
for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
|
2005-06-09 19:49:19 +01:00
|
|
|
if (prison_canseemount(td->td_ucred, mp) != 0) {
|
2004-02-14 18:31:11 +00:00
|
|
|
nmp = TAILQ_NEXT(mp, mnt_list);
|
|
|
|
continue;
|
|
|
|
}
|
2002-07-31 02:27:33 +01:00
|
|
|
#ifdef MAC
|
|
|
|
if (mac_check_mount_stat(td->td_ucred, mp) != 0) {
|
|
|
|
nmp = TAILQ_NEXT(mp, mnt_list);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
#endif
|
2001-09-12 09:38:13 +01:00
|
|
|
if (vfs_busy(mp, LK_NOWAIT, &mountlist_mtx, td)) {
|
1999-11-20 10:00:46 +00:00
|
|
|
nmp = TAILQ_NEXT(mp, mnt_list);
|
1996-01-16 13:07:14 +00:00
|
|
|
continue;
|
|
|
|
}
|
2006-03-21 23:58:37 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(mp);
|
1997-02-10 02:22:35 +00:00
|
|
|
if (sfsp && count < maxcount) {
|
1994-05-24 11:09:53 +01:00
|
|
|
sp = &mp->mnt_stat;
|
2003-11-12 08:01:40 +00:00
|
|
|
/*
|
|
|
|
* Set these in case the underlying filesystem
|
|
|
|
* fails to do so.
|
|
|
|
*/
|
|
|
|
sp->f_version = STATFS_VERSION;
|
|
|
|
sp->f_namemax = NAME_MAX;
|
|
|
|
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
|
1994-05-24 11:09:53 +01:00
|
|
|
/*
|
1998-03-08 09:59:44 +00:00
|
|
|
* If MNT_NOWAIT or MNT_LAZY is specified, do not
|
|
|
|
* refresh the fsstat cache. MNT_NOWAIT or MNT_LAZY
|
|
|
|
* overrides MNT_WAIT.
|
1994-05-24 11:09:53 +01:00
|
|
|
*/
|
2005-06-09 18:44:46 +01:00
|
|
|
if (((flags & (MNT_LAZY|MNT_NOWAIT)) == 0 ||
|
|
|
|
(flags & MNT_WAIT)) &&
|
2001-09-12 09:38:13 +01:00
|
|
|
(error = VFS_STATFS(mp, sp, td))) {
|
2006-03-21 23:58:37 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
Change and clean the mutex lock interface.
mtx_enter(lock, type) becomes:
mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks)
mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized)
similarily, for releasing a lock, we now have:
mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN.
We change the caller interface for the two different types of locks
because the semantics are entirely different for each case, and this
makes it explicitly clear and, at the same time, it rids us of the
extra `type' argument.
The enter->lock and exit->unlock change has been made with the idea
that we're "locking data" and not "entering locked code" in mind.
Further, remove all additional "flags" previously passed to the
lock acquire/release routines with the exception of two:
MTX_QUIET and MTX_NOSWITCH
The functionality of these flags is preserved and they can be passed
to the lock/unlock routines by calling the corresponding wrappers:
mtx_{lock, unlock}_flags(lock, flag(s)) and
mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN
locks, respectively.
Re-inline some lock acq/rel code; in the sleep lock case, we only
inline the _obtain_lock()s in order to ensure that the inlined code
fits into a cache line. In the spin lock case, we inline recursion and
actually only perform a function call if we need to spin. This change
has been made with the idea that we generally tend to avoid spin locks
and that also the spin locks that we do have and are heavily used
(i.e. sched_lock) do recurse, and therefore in an effort to reduce
function call overhead for some architectures (such as alpha), we
inline recursion for this case.
Create a new malloc type for the witness code and retire from using
the M_DEV type. The new type is called M_WITNESS and is only declared
if WITNESS is enabled.
Begin cleaning up some machdep/mutex.h code - specifically updated the
"optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN
and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently
need those.
Finally, caught up to the interface changes in all sys code.
Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
|
|
|
mtx_lock(&mountlist_mtx);
|
1999-11-20 10:00:46 +00:00
|
|
|
nmp = TAILQ_NEXT(mp, mnt_list);
|
2001-09-12 09:38:13 +01:00
|
|
|
vfs_unbusy(mp, td);
|
1994-05-24 11:09:53 +01:00
|
|
|
continue;
|
1996-01-16 13:07:14 +00:00
|
|
|
}
|
2003-11-12 08:01:40 +00:00
|
|
|
if (suser(td)) {
|
|
|
|
bcopy(sp, &sb, sizeof(sb));
|
|
|
|
sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
|
2005-06-09 19:49:19 +01:00
|
|
|
prison_enforce_statfs(td->td_ucred, mp, &sb);
|
2003-11-12 08:01:40 +00:00
|
|
|
sp = &sb;
|
|
|
|
}
|
2005-06-11 15:58:20 +01:00
|
|
|
if (bufseg == UIO_SYSSPACE)
|
|
|
|
bcopy(sp, sfsp, sizeof(*sp));
|
|
|
|
else /* if (bufseg == UIO_USERSPACE) */ {
|
2005-06-09 18:44:46 +01:00
|
|
|
error = copyout(sp, sfsp, sizeof(*sp));
|
|
|
|
if (error) {
|
|
|
|
vfs_unbusy(mp, td);
|
2006-03-21 23:58:37 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2005-06-09 18:44:46 +01:00
|
|
|
return (error);
|
|
|
|
}
|
2005-06-11 15:58:20 +01:00
|
|
|
}
|
2005-06-09 18:44:46 +01:00
|
|
|
sfsp++;
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
2006-03-21 23:58:37 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
count++;
|
Change and clean the mutex lock interface.
mtx_enter(lock, type) becomes:
mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks)
mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized)
similarily, for releasing a lock, we now have:
mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN.
We change the caller interface for the two different types of locks
because the semantics are entirely different for each case, and this
makes it explicitly clear and, at the same time, it rids us of the
extra `type' argument.
The enter->lock and exit->unlock change has been made with the idea
that we're "locking data" and not "entering locked code" in mind.
Further, remove all additional "flags" previously passed to the
lock acquire/release routines with the exception of two:
MTX_QUIET and MTX_NOSWITCH
The functionality of these flags is preserved and they can be passed
to the lock/unlock routines by calling the corresponding wrappers:
mtx_{lock, unlock}_flags(lock, flag(s)) and
mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN
locks, respectively.
Re-inline some lock acq/rel code; in the sleep lock case, we only
inline the _obtain_lock()s in order to ensure that the inlined code
fits into a cache line. In the spin lock case, we inline recursion and
actually only perform a function call if we need to spin. This change
has been made with the idea that we generally tend to avoid spin locks
and that also the spin locks that we do have and are heavily used
(i.e. sched_lock) do recurse, and therefore in an effort to reduce
function call overhead for some architectures (such as alpha), we
inline recursion for this case.
Create a new malloc type for the witness code and retire from using
the M_DEV type. The new type is called M_WITNESS and is only declared
if WITNESS is enabled.
Begin cleaning up some machdep/mutex.h code - specifically updated the
"optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN
and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently
need those.
Finally, caught up to the interface changes in all sys code.
Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
|
|
|
mtx_lock(&mountlist_mtx);
|
1999-11-20 10:00:46 +00:00
|
|
|
nmp = TAILQ_NEXT(mp, mnt_list);
|
2001-09-12 09:38:13 +01:00
|
|
|
vfs_unbusy(mp, td);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
Change and clean the mutex lock interface.
mtx_enter(lock, type) becomes:
mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks)
mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized)
similarily, for releasing a lock, we now have:
mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN.
We change the caller interface for the two different types of locks
because the semantics are entirely different for each case, and this
makes it explicitly clear and, at the same time, it rids us of the
extra `type' argument.
The enter->lock and exit->unlock change has been made with the idea
that we're "locking data" and not "entering locked code" in mind.
Further, remove all additional "flags" previously passed to the
lock acquire/release routines with the exception of two:
MTX_QUIET and MTX_NOSWITCH
The functionality of these flags is preserved and they can be passed
to the lock/unlock routines by calling the corresponding wrappers:
mtx_{lock, unlock}_flags(lock, flag(s)) and
mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN
locks, respectively.
Re-inline some lock acq/rel code; in the sleep lock case, we only
inline the _obtain_lock()s in order to ensure that the inlined code
fits into a cache line. In the spin lock case, we inline recursion and
actually only perform a function call if we need to spin. This change
has been made with the idea that we generally tend to avoid spin locks
and that also the spin locks that we do have and are heavily used
(i.e. sched_lock) do recurse, and therefore in an effort to reduce
function call overhead for some architectures (such as alpha), we
inline recursion for this case.
Create a new malloc type for the witness code and retire from using
the M_DEV type. The new type is called M_WITNESS and is only declared
if WITNESS is enabled.
Begin cleaning up some machdep/mutex.h code - specifically updated the
"optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN
and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently
need those.
Finally, caught up to the interface changes in all sys code.
Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
|
|
|
mtx_unlock(&mountlist_mtx);
|
1994-05-24 11:09:53 +01:00
|
|
|
if (sfsp && count > maxcount)
|
2001-09-12 09:38:13 +01:00
|
|
|
td->td_retval[0] = maxcount;
|
1994-05-24 11:09:53 +01:00
|
|
|
else
|
2001-09-12 09:38:13 +01:00
|
|
|
td->td_retval[0] = count;
|
1994-05-24 11:09:53 +01:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2003-11-12 08:01:40 +00:00
|
|
|
#ifdef COMPAT_FREEBSD4
|
|
|
|
/*
|
|
|
|
* Get old format filesystem statistics.
|
|
|
|
*/
|
2005-05-27 20:23:48 +01:00
|
|
|
static void cvtstatfs(struct statfs *, struct ostatfs *);
|
2003-11-12 08:01:40 +00:00
|
|
|
|
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
|
|
|
struct freebsd4_statfs_args {
|
|
|
|
char *path;
|
|
|
|
struct ostatfs *buf;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
int
|
|
|
|
freebsd4_statfs(td, uap)
|
|
|
|
struct thread *td;
|
|
|
|
struct freebsd4_statfs_args /* {
|
|
|
|
char *path;
|
|
|
|
struct ostatfs *buf;
|
|
|
|
} */ *uap;
|
|
|
|
{
|
|
|
|
struct ostatfs osb;
|
2005-02-07 18:44:55 +00:00
|
|
|
struct statfs sf;
|
2003-11-12 08:01:40 +00:00
|
|
|
int error;
|
|
|
|
|
2005-02-07 18:44:55 +00:00
|
|
|
error = kern_statfs(td, uap->path, UIO_USERSPACE, &sf);
|
2003-11-12 08:01:40 +00:00
|
|
|
if (error)
|
|
|
|
return (error);
|
2005-05-27 20:23:48 +01:00
|
|
|
cvtstatfs(&sf, &osb);
|
2003-11-12 08:01:40 +00:00
|
|
|
return (copyout(&osb, uap->buf, sizeof(osb)));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get filesystem statistics.
|
|
|
|
*/
|
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
|
|
|
struct freebsd4_fstatfs_args {
|
|
|
|
int fd;
|
|
|
|
struct ostatfs *buf;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
int
|
|
|
|
freebsd4_fstatfs(td, uap)
|
|
|
|
struct thread *td;
|
|
|
|
struct freebsd4_fstatfs_args /* {
|
|
|
|
int fd;
|
|
|
|
struct ostatfs *buf;
|
|
|
|
} */ *uap;
|
|
|
|
{
|
|
|
|
struct ostatfs osb;
|
2005-02-07 18:44:55 +00:00
|
|
|
struct statfs sf;
|
2003-11-12 08:01:40 +00:00
|
|
|
int error;
|
|
|
|
|
2005-02-07 18:44:55 +00:00
|
|
|
error = kern_fstatfs(td, uap->fd, &sf);
|
2003-11-12 08:01:40 +00:00
|
|
|
if (error)
|
|
|
|
return (error);
|
2005-05-27 20:23:48 +01:00
|
|
|
cvtstatfs(&sf, &osb);
|
2003-11-12 08:01:40 +00:00
|
|
|
return (copyout(&osb, uap->buf, sizeof(osb)));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get statistics on all filesystems.
|
|
|
|
*/
|
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
|
|
|
struct freebsd4_getfsstat_args {
|
|
|
|
struct ostatfs *buf;
|
|
|
|
long bufsize;
|
|
|
|
int flags;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
int
|
|
|
|
freebsd4_getfsstat(td, uap)
|
|
|
|
struct thread *td;
|
|
|
|
register struct freebsd4_getfsstat_args /* {
|
|
|
|
struct ostatfs *buf;
|
|
|
|
long bufsize;
|
|
|
|
int flags;
|
|
|
|
} */ *uap;
|
|
|
|
{
|
2005-06-09 18:44:46 +01:00
|
|
|
struct statfs *buf, *sp;
|
2003-11-12 08:01:40 +00:00
|
|
|
struct ostatfs osb;
|
2005-06-09 18:44:46 +01:00
|
|
|
size_t count, size;
|
|
|
|
int error;
|
2003-11-12 08:01:40 +00:00
|
|
|
|
2005-06-09 18:44:46 +01:00
|
|
|
count = uap->bufsize / sizeof(struct ostatfs);
|
|
|
|
size = count * sizeof(struct statfs);
|
2005-06-11 15:58:20 +01:00
|
|
|
error = kern_getfsstat(td, &buf, size, UIO_SYSSPACE, uap->flags);
|
|
|
|
if (size > 0) {
|
2005-06-09 18:44:46 +01:00
|
|
|
count = td->td_retval[0];
|
|
|
|
sp = buf;
|
|
|
|
while (count > 0 && error == 0) {
|
2005-05-27 20:23:48 +01:00
|
|
|
cvtstatfs(sp, &osb);
|
2005-06-09 18:44:46 +01:00
|
|
|
error = copyout(&osb, uap->buf, sizeof(osb));
|
|
|
|
sp++;
|
|
|
|
uap->buf++;
|
|
|
|
count--;
|
2003-11-12 08:01:40 +00:00
|
|
|
}
|
2005-06-09 18:44:46 +01:00
|
|
|
free(buf, M_TEMP);
|
2003-11-12 08:01:40 +00:00
|
|
|
}
|
2005-06-09 18:44:46 +01:00
|
|
|
return (error);
|
2003-11-12 08:01:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Implement fstatfs() for (NFS) file handles.
|
|
|
|
*/
|
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
|
|
|
struct freebsd4_fhstatfs_args {
|
|
|
|
struct fhandle *u_fhp;
|
|
|
|
struct ostatfs *buf;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
int
|
|
|
|
freebsd4_fhstatfs(td, uap)
|
|
|
|
struct thread *td;
|
|
|
|
struct freebsd4_fhstatfs_args /* {
|
|
|
|
struct fhandle *u_fhp;
|
|
|
|
struct ostatfs *buf;
|
|
|
|
} */ *uap;
|
|
|
|
{
|
|
|
|
struct ostatfs osb;
|
2005-02-07 18:44:55 +00:00
|
|
|
struct statfs sf;
|
2003-11-12 08:01:40 +00:00
|
|
|
fhandle_t fh;
|
|
|
|
int error;
|
|
|
|
|
2005-05-27 20:15:46 +01:00
|
|
|
error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
|
|
|
|
if (error)
|
2003-11-12 08:01:40 +00:00
|
|
|
return (error);
|
2005-02-07 18:44:55 +00:00
|
|
|
error = kern_fhstatfs(td, fh, &sf);
|
2003-11-12 08:01:40 +00:00
|
|
|
if (error)
|
|
|
|
return (error);
|
2005-05-27 20:23:48 +01:00
|
|
|
cvtstatfs(&sf, &osb);
|
2003-11-12 08:01:40 +00:00
|
|
|
return (copyout(&osb, uap->buf, sizeof(osb)));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Convert a new format statfs structure to an old format statfs structure.
|
|
|
|
*/
|
|
|
|
static void
|
2005-05-27 20:23:48 +01:00
|
|
|
cvtstatfs(nsp, osp)
|
2003-11-12 08:01:40 +00:00
|
|
|
struct statfs *nsp;
|
|
|
|
struct ostatfs *osp;
|
|
|
|
{
|
|
|
|
|
|
|
|
bzero(osp, sizeof(*osp));
|
|
|
|
osp->f_bsize = MIN(nsp->f_bsize, LONG_MAX);
|
|
|
|
osp->f_iosize = MIN(nsp->f_iosize, LONG_MAX);
|
|
|
|
osp->f_blocks = MIN(nsp->f_blocks, LONG_MAX);
|
|
|
|
osp->f_bfree = MIN(nsp->f_bfree, LONG_MAX);
|
|
|
|
osp->f_bavail = MIN(nsp->f_bavail, LONG_MAX);
|
|
|
|
osp->f_files = MIN(nsp->f_files, LONG_MAX);
|
|
|
|
osp->f_ffree = MIN(nsp->f_ffree, LONG_MAX);
|
|
|
|
osp->f_owner = nsp->f_owner;
|
|
|
|
osp->f_type = nsp->f_type;
|
|
|
|
osp->f_flags = nsp->f_flags;
|
|
|
|
osp->f_syncwrites = MIN(nsp->f_syncwrites, LONG_MAX);
|
|
|
|
osp->f_asyncwrites = MIN(nsp->f_asyncwrites, LONG_MAX);
|
|
|
|
osp->f_syncreads = MIN(nsp->f_syncreads, LONG_MAX);
|
|
|
|
osp->f_asyncreads = MIN(nsp->f_asyncreads, LONG_MAX);
|
2006-03-04 00:09:09 +00:00
|
|
|
strlcpy(osp->f_fstypename, nsp->f_fstypename,
|
|
|
|
MIN(MFSNAMELEN, OMFSNAMELEN));
|
|
|
|
strlcpy(osp->f_mntonname, nsp->f_mntonname,
|
2006-03-03 07:20:54 +00:00
|
|
|
MIN(MNAMELEN, OMNAMELEN));
|
2006-03-04 00:09:09 +00:00
|
|
|
strlcpy(osp->f_mntfromname, nsp->f_mntfromname,
|
2006-03-03 07:20:54 +00:00
|
|
|
MIN(MNAMELEN, OMNAMELEN));
|
2005-05-22 22:52:30 +01:00
|
|
|
osp->f_fsid = nsp->f_fsid;
|
2003-11-12 08:01:40 +00:00
|
|
|
}
|
|
|
|
#endif /* COMPAT_FREEBSD4 */
|
|
|
|
|
1994-05-24 11:09:53 +01:00
|
|
|
/*
|
|
|
|
* Change current working directory to a given file descriptor.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct fchdir_args {
|
|
|
|
int fd;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
fchdir(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
struct fchdir_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2001-09-12 09:38:13 +01:00
|
|
|
register struct filedesc *fdp = td->td_proc->p_fd;
|
2002-01-13 11:58:06 +00:00
|
|
|
struct vnode *vp, *tdp, *vpold;
|
1997-02-10 02:22:35 +00:00
|
|
|
struct mount *mp;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct file *fp;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(fd, uap->fd);
|
2002-12-14 01:56:26 +00:00
|
|
|
if ((error = getvnode(fdp, uap->fd, &fp)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2003-06-22 09:41:43 +01:00
|
|
|
vp = fp->f_vnode;
|
1997-02-10 02:22:35 +00:00
|
|
|
VREF(vp);
|
2002-01-13 11:58:06 +00:00
|
|
|
fdrop(fp, td);
|
2005-12-20 00:49:59 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
|
2001-09-12 09:38:13 +01:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(vnode, vp, ARG_VNODE1);
|
2006-07-19 19:30:33 +01:00
|
|
|
error = change_dir(vp, td);
|
1997-02-10 02:22:35 +00:00
|
|
|
while (!error && (mp = vp->v_mountedhere) != NULL) {
|
2005-01-24 10:25:44 +00:00
|
|
|
int tvfslocked;
|
2001-09-12 09:38:13 +01:00
|
|
|
if (vfs_busy(mp, 0, 0, td))
|
1997-02-10 02:22:35 +00:00
|
|
|
continue;
|
2005-01-24 10:25:44 +00:00
|
|
|
tvfslocked = VFS_LOCK_GIANT(mp);
|
2005-03-24 07:31:38 +00:00
|
|
|
error = VFS_ROOT(mp, LK_EXCLUSIVE, &tdp, td);
|
2001-09-12 09:38:13 +01:00
|
|
|
vfs_unbusy(mp, td);
|
2005-01-24 10:25:44 +00:00
|
|
|
if (error) {
|
|
|
|
VFS_UNLOCK_GIANT(tvfslocked);
|
1997-02-10 02:22:35 +00:00
|
|
|
break;
|
2005-01-24 10:25:44 +00:00
|
|
|
}
|
1997-02-10 02:22:35 +00:00
|
|
|
vput(vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1997-02-10 02:22:35 +00:00
|
|
|
vp = tdp;
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = tvfslocked;
|
1997-02-10 02:22:35 +00:00
|
|
|
}
|
|
|
|
if (error) {
|
|
|
|
vput(vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
1997-02-10 02:22:35 +00:00
|
|
|
}
|
2001-09-12 09:38:13 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
2006-02-03 15:42:16 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2004-11-13 11:53:02 +00:00
|
|
|
FILEDESC_LOCK_FAST(fdp);
|
2002-01-13 11:58:06 +00:00
|
|
|
vpold = fdp->fd_cdir;
|
1994-05-24 11:09:53 +01:00
|
|
|
fdp->fd_cdir = vp;
|
2004-11-13 11:53:02 +00:00
|
|
|
FILEDESC_UNLOCK_FAST(fdp);
|
2006-02-03 15:42:16 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(vpold->v_mount);
|
2002-01-13 11:58:06 +00:00
|
|
|
vrele(vpold);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Change current working directory (``.'').
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct chdir_args {
|
|
|
|
char *path;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
chdir(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
struct chdir_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
2002-09-01 21:37:28 +01:00
|
|
|
{
|
|
|
|
|
|
|
|
return (kern_chdir(td, uap->path, UIO_USERSPACE));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_chdir(struct thread *td, char *path, enum uio_seg pathseg)
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2001-09-12 09:38:13 +01:00
|
|
|
register struct filedesc *fdp = td->td_proc->p_fd;
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
2002-01-13 11:58:06 +00:00
|
|
|
struct vnode *vp;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1 | MPSAFE,
|
|
|
|
pathseg, path, td);
|
2003-04-09 03:55:18 +01:00
|
|
|
if ((error = namei(&nd)) != 0)
|
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
2003-04-09 03:55:18 +01:00
|
|
|
if ((error = change_dir(nd.ni_vp, td)) != 0) {
|
|
|
|
vput(nd.ni_vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2003-04-09 03:55:18 +01:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2003-04-09 03:55:18 +01:00
|
|
|
}
|
2003-01-31 21:13:25 +00:00
|
|
|
VOP_UNLOCK(nd.ni_vp, 0, td);
|
2006-02-01 09:30:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2004-11-13 11:53:02 +00:00
|
|
|
FILEDESC_LOCK_FAST(fdp);
|
2002-01-13 11:58:06 +00:00
|
|
|
vp = fdp->fd_cdir;
|
1994-05-24 11:09:53 +01:00
|
|
|
fdp->fd_cdir = nd.ni_vp;
|
2004-11-13 11:53:02 +00:00
|
|
|
FILEDESC_UNLOCK_FAST(fdp);
|
2006-02-01 09:30:44 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
|
2002-01-13 11:58:06 +00:00
|
|
|
vrele(vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
1999-03-23 14:26:40 +00:00
|
|
|
/*
|
|
|
|
* Helper function for raised chroot(2) security function: Refuse if
|
|
|
|
* any filedescriptors are open directories.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
chroot_refuse_vdir_fds(fdp)
|
|
|
|
struct filedesc *fdp;
|
|
|
|
{
|
|
|
|
struct vnode *vp;
|
|
|
|
struct file *fp;
|
|
|
|
int fd;
|
|
|
|
|
2002-07-13 05:07:12 +01:00
|
|
|
FILEDESC_LOCK_ASSERT(fdp, MA_OWNED);
|
1999-03-23 14:26:40 +00:00
|
|
|
for (fd = 0; fd < fdp->fd_nfiles ; fd++) {
|
2002-02-01 18:27:16 +00:00
|
|
|
fp = fget_locked(fdp, fd);
|
|
|
|
if (fp == NULL)
|
1999-03-23 14:26:40 +00:00
|
|
|
continue;
|
2002-02-01 18:27:16 +00:00
|
|
|
if (fp->f_type == DTYPE_VNODE) {
|
2003-06-22 09:41:43 +01:00
|
|
|
vp = fp->f_vnode;
|
2002-07-13 05:07:12 +01:00
|
|
|
if (vp->v_type == VDIR)
|
2002-02-01 18:27:16 +00:00
|
|
|
return (EPERM);
|
|
|
|
}
|
1999-03-23 14:26:40 +00:00
|
|
|
}
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This sysctl determines if we will allow a process to chroot(2) if it
|
|
|
|
* has a directory open:
|
|
|
|
* 0: disallowed for all processes.
|
|
|
|
* 1: allowed for processes that were not already chroot(2)'ed.
|
|
|
|
* 2: allowed for all processes.
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int chroot_allow_open_directories = 1;
|
|
|
|
|
|
|
|
SYSCTL_INT(_kern, OID_AUTO, chroot_allow_open_directories, CTLFLAG_RW,
|
|
|
|
&chroot_allow_open_directories, 0, "");
|
|
|
|
|
1994-05-24 11:09:53 +01:00
|
|
|
/*
|
|
|
|
* Change notion of root (``/'') directory.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct chroot_args {
|
|
|
|
char *path;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
chroot(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
struct chroot_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
2004-07-26 08:24:04 +01:00
|
|
|
error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
|
1994-10-02 18:35:40 +01:00
|
|
|
if (error)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
|
2005-01-24 10:25:44 +00:00
|
|
|
UIO_USERSPACE, uap->path, td);
|
2003-04-09 03:55:18 +01:00
|
|
|
error = namei(&nd);
|
|
|
|
if (error)
|
2002-07-13 05:07:12 +01:00
|
|
|
goto error;
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
2003-04-09 03:55:18 +01:00
|
|
|
if ((error = change_dir(nd.ni_vp, td)) != 0)
|
|
|
|
goto e_vunlock;
|
2002-08-01 04:50:08 +01:00
|
|
|
#ifdef MAC
|
2003-04-09 03:55:18 +01:00
|
|
|
if ((error = mac_check_vnode_chroot(td->td_ucred, nd.ni_vp)))
|
|
|
|
goto e_vunlock;
|
2002-08-01 04:50:08 +01:00
|
|
|
#endif
|
2003-01-31 21:13:25 +00:00
|
|
|
VOP_UNLOCK(nd.ni_vp, 0, td);
|
2003-04-09 03:55:18 +01:00
|
|
|
error = change_root(nd.ni_vp, td);
|
|
|
|
vrele(nd.ni_vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2002-07-13 05:07:12 +01:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2003-04-09 03:55:18 +01:00
|
|
|
return (error);
|
|
|
|
e_vunlock:
|
|
|
|
vput(nd.ni_vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2002-07-13 05:07:12 +01:00
|
|
|
error:
|
2003-01-31 18:57:04 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2002-07-13 05:07:12 +01:00
|
|
|
return (error);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2003-04-09 03:55:18 +01:00
|
|
|
* Common routine for chroot and chdir. Callers must provide a locked vnode
|
|
|
|
* instance.
|
1994-05-24 11:09:53 +01:00
|
|
|
*/
|
2003-04-09 03:55:18 +01:00
|
|
|
int
|
|
|
|
change_dir(vp, td)
|
|
|
|
struct vnode *vp;
|
2001-09-12 09:38:13 +01:00
|
|
|
struct thread *td;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
|
|
|
int error;
|
|
|
|
|
2003-04-09 03:55:18 +01:00
|
|
|
ASSERT_VOP_LOCKED(vp, "change_dir(): vp not locked");
|
1994-05-24 11:09:53 +01:00
|
|
|
if (vp->v_type != VDIR)
|
2003-04-09 03:55:18 +01:00
|
|
|
return (ENOTDIR);
|
2002-08-01 04:50:08 +01:00
|
|
|
#ifdef MAC
|
2003-04-09 03:55:18 +01:00
|
|
|
error = mac_check_vnode_chdir(td->td_ucred, vp);
|
1994-05-24 11:09:53 +01:00
|
|
|
if (error)
|
2003-04-09 03:55:18 +01:00
|
|
|
return (error);
|
|
|
|
#endif
|
|
|
|
error = VOP_ACCESS(vp, VEXEC, td->td_ucred, td);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2003-04-09 03:55:18 +01:00
|
|
|
/*
|
|
|
|
* Common routine for kern_chroot() and jail_attach(). The caller is
|
|
|
|
* responsible for invoking suser() and mac_check_chroot() to authorize this
|
|
|
|
* operation.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
change_root(vp, td)
|
|
|
|
struct vnode *vp;
|
|
|
|
struct thread *td;
|
|
|
|
{
|
|
|
|
struct filedesc *fdp;
|
|
|
|
struct vnode *oldvp;
|
2006-02-01 09:30:44 +00:00
|
|
|
int vfslocked;
|
2003-04-09 03:55:18 +01:00
|
|
|
int error;
|
|
|
|
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_ASSERT_GIANT(vp->v_mount);
|
2003-04-09 03:55:18 +01:00
|
|
|
fdp = td->td_proc->p_fd;
|
|
|
|
FILEDESC_LOCK(fdp);
|
|
|
|
if (chroot_allow_open_directories == 0 ||
|
|
|
|
(chroot_allow_open_directories == 1 && fdp->fd_rdir != rootvnode)) {
|
|
|
|
error = chroot_refuse_vdir_fds(fdp);
|
|
|
|
if (error) {
|
|
|
|
FILEDESC_UNLOCK(fdp);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
oldvp = fdp->fd_rdir;
|
|
|
|
fdp->fd_rdir = vp;
|
|
|
|
VREF(fdp->fd_rdir);
|
|
|
|
if (!fdp->fd_jdir) {
|
|
|
|
fdp->fd_jdir = vp;
|
|
|
|
VREF(fdp->fd_jdir);
|
|
|
|
}
|
|
|
|
FILEDESC_UNLOCK(fdp);
|
2006-02-01 09:30:44 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(oldvp->v_mount);
|
2003-04-09 03:55:18 +01:00
|
|
|
vrele(oldvp);
|
2006-02-01 09:30:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2003-04-09 03:55:18 +01:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
1994-05-24 11:09:53 +01:00
|
|
|
/*
|
|
|
|
* Check permissions, allocate an open file structure,
|
|
|
|
* and call the device open routine if any.
|
2004-03-16 10:46:42 +00:00
|
|
|
*
|
|
|
|
* MP SAFE
|
1994-05-24 11:09:53 +01:00
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct open_args {
|
|
|
|
char *path;
|
|
|
|
int flags;
|
|
|
|
int mode;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
open(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct open_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
int flags;
|
|
|
|
int mode;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2002-09-01 21:37:28 +01:00
|
|
|
|
2006-03-21 23:58:37 +00:00
|
|
|
return kern_open(td, uap->path, UIO_USERSPACE, uap->flags, uap->mode);
|
2002-09-01 21:37:28 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_open(struct thread *td, char *path, enum uio_seg pathseg, int flags,
|
|
|
|
int mode)
|
|
|
|
{
|
2001-09-12 09:38:13 +01:00
|
|
|
struct proc *p = td->td_proc;
|
2000-07-04 04:34:11 +01:00
|
|
|
struct filedesc *fdp = p->p_fd;
|
|
|
|
struct file *fp;
|
|
|
|
struct vnode *vp;
|
|
|
|
struct vattr vat;
|
2000-07-11 23:07:57 +01:00
|
|
|
struct mount *mp;
|
2003-05-31 21:29:34 +01:00
|
|
|
int cmode;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct file *nfp;
|
|
|
|
int type, indx, error;
|
|
|
|
struct flock lf;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(fflags, flags);
|
|
|
|
AUDIT_ARG(mode, mode);
|
2002-09-01 21:37:28 +01:00
|
|
|
if ((flags & O_ACCMODE) == O_ACCMODE)
|
1997-10-22 08:28:51 +01:00
|
|
|
return (EINVAL);
|
2002-09-01 21:37:28 +01:00
|
|
|
flags = FFLAGS(flags);
|
2001-09-12 09:38:13 +01:00
|
|
|
error = falloc(td, &nfp, &indx);
|
1994-10-02 18:35:40 +01:00
|
|
|
if (error)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2003-10-19 21:41:07 +01:00
|
|
|
/* An extra reference on `nfp' has been held for us by falloc(). */
|
1994-05-24 11:09:53 +01:00
|
|
|
fp = nfp;
|
2002-09-01 21:37:28 +01:00
|
|
|
cmode = ((mode &~ fdp->fd_cmask) & ALLPERMS) &~ S_ISTXT;
|
2006-03-28 22:22:08 +01:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1 | MPSAFE, pathseg, path, td);
|
2003-08-07 18:08:26 +01:00
|
|
|
td->td_dupfd = -1; /* XXX check for fdopen */
|
2003-07-27 21:09:13 +01:00
|
|
|
error = vn_open(&nd, &flags, cmode, indx);
|
1994-10-02 18:35:40 +01:00
|
|
|
if (error) {
|
2003-07-27 21:09:13 +01:00
|
|
|
/*
|
|
|
|
* If the vn_open replaced the method vector, something
|
|
|
|
* wonderous happened deep below and we just pass it up
|
|
|
|
* pretending we know what we do.
|
|
|
|
*/
|
|
|
|
if (error == ENXIO && fp->f_ops != &badfileops) {
|
|
|
|
fdrop(fp, td);
|
|
|
|
td->td_retval[0] = indx;
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2000-11-18 21:01:04 +00:00
|
|
|
/*
|
|
|
|
* release our own reference
|
|
|
|
*/
|
2001-09-12 09:38:13 +01:00
|
|
|
fdrop(fp, td);
|
2000-11-18 21:01:04 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* handle special fdopen() case. bleh. dupfdopen() is
|
|
|
|
* responsible for dropping the old contents of ofiles[indx]
|
|
|
|
* if it succeeds.
|
|
|
|
*/
|
1994-05-24 11:09:53 +01:00
|
|
|
if ((error == ENODEV || error == ENXIO) &&
|
2001-09-12 09:38:13 +01:00
|
|
|
td->td_dupfd >= 0 && /* XXX from fdopen */
|
1994-05-24 11:09:53 +01:00
|
|
|
(error =
|
2001-09-12 09:38:13 +01:00
|
|
|
dupfdopen(td, fdp, indx, td->td_dupfd, flags, error)) == 0) {
|
|
|
|
td->td_retval[0] = indx;
|
1994-05-24 11:09:53 +01:00
|
|
|
return (0);
|
|
|
|
}
|
2000-11-18 21:01:04 +00:00
|
|
|
/*
|
|
|
|
* Clean up the descriptor, but only if another thread hadn't
|
|
|
|
* replaced or closed it.
|
|
|
|
*/
|
2004-11-07 22:16:07 +00:00
|
|
|
fdclose(fdp, fp, indx, td);
|
2000-11-18 21:01:04 +00:00
|
|
|
|
1994-05-24 11:09:53 +01:00
|
|
|
if (error == ERESTART)
|
|
|
|
error = EINTR;
|
|
|
|
return (error);
|
|
|
|
}
|
2001-09-12 09:38:13 +01:00
|
|
|
td->td_dupfd = 0;
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
1994-05-24 11:09:53 +01:00
|
|
|
vp = nd.ni_vp;
|
1996-12-19 19:42:37 +00:00
|
|
|
|
2000-11-18 21:01:04 +00:00
|
|
|
/*
|
|
|
|
* There should be 2 references on the file, one from the descriptor
|
|
|
|
* table, and one for us.
|
|
|
|
*
|
|
|
|
* Handle the case where someone closed the file (via its file
|
|
|
|
* descriptor) while we were blocked. The end result should look
|
|
|
|
* like opening the file succeeded but it was immediately closed.
|
2003-12-24 17:13:01 +00:00
|
|
|
* We call vn_close() manually because we haven't yet hooked up
|
|
|
|
* the various 'struct file' fields.
|
2000-11-18 21:01:04 +00:00
|
|
|
*/
|
2002-01-13 11:58:06 +00:00
|
|
|
FILEDESC_LOCK(fdp);
|
|
|
|
FILE_LOCK(fp);
|
2000-11-18 21:01:04 +00:00
|
|
|
if (fp->f_count == 1) {
|
2005-01-24 10:25:44 +00:00
|
|
|
mp = vp->v_mount;
|
2000-11-18 21:01:04 +00:00
|
|
|
KASSERT(fdp->fd_ofiles[indx] != fp,
|
|
|
|
("Open file descriptor lost all refs"));
|
2002-01-13 11:58:06 +00:00
|
|
|
FILE_UNLOCK(fp);
|
2004-11-15 21:26:13 +00:00
|
|
|
FILEDESC_UNLOCK(fdp);
|
2001-09-12 09:38:13 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
|
|
|
vn_close(vp, flags & FMASK, fp->f_cred, td);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2001-09-12 09:38:13 +01:00
|
|
|
fdrop(fp, td);
|
|
|
|
td->td_retval[0] = indx;
|
2004-01-11 19:52:10 +00:00
|
|
|
return (0);
|
2000-11-18 21:01:04 +00:00
|
|
|
}
|
2003-06-22 09:41:43 +01:00
|
|
|
fp->f_vnode = vp;
|
2004-06-19 12:41:45 +01:00
|
|
|
if (fp->f_data == NULL)
|
|
|
|
fp->f_data = vp;
|
1994-05-24 11:09:53 +01:00
|
|
|
fp->f_flag = flags & FMASK;
|
2004-06-19 12:41:45 +01:00
|
|
|
if (fp->f_ops == &badfileops)
|
|
|
|
fp->f_ops = &vnops;
|
2003-06-20 09:02:30 +01:00
|
|
|
fp->f_seqcount = 1;
|
1999-08-04 19:53:50 +01:00
|
|
|
fp->f_type = (vp->v_type == VFIFO ? DTYPE_FIFO : DTYPE_VNODE);
|
2002-01-13 11:58:06 +00:00
|
|
|
FILE_UNLOCK(fp);
|
2004-11-15 21:26:13 +00:00
|
|
|
FILEDESC_UNLOCK(fdp);
|
2003-06-19 05:10:56 +01:00
|
|
|
|
2001-09-12 09:38:13 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
1994-05-24 11:09:53 +01:00
|
|
|
if (flags & (O_EXLOCK | O_SHLOCK)) {
|
|
|
|
lf.l_whence = SEEK_SET;
|
|
|
|
lf.l_start = 0;
|
|
|
|
lf.l_len = 0;
|
|
|
|
if (flags & O_EXLOCK)
|
|
|
|
lf.l_type = F_WRLCK;
|
|
|
|
else
|
|
|
|
lf.l_type = F_RDLCK;
|
|
|
|
type = F_FLOCK;
|
|
|
|
if ((flags & FNONBLOCK) == 0)
|
|
|
|
type |= F_WAIT;
|
2002-06-29 00:02:38 +01:00
|
|
|
if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf,
|
|
|
|
type)) != 0)
|
2000-07-04 04:34:11 +01:00
|
|
|
goto bad;
|
1994-05-24 11:09:53 +01:00
|
|
|
fp->f_flag |= FHASLOCK;
|
|
|
|
}
|
2000-07-04 04:34:11 +01:00
|
|
|
if (flags & O_TRUNC) {
|
2000-07-11 23:07:57 +01:00
|
|
|
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
|
|
|
|
goto bad;
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
|
2000-07-04 04:34:11 +01:00
|
|
|
VATTR_NULL(&vat);
|
|
|
|
vat.va_size = 0;
|
2001-09-12 09:38:13 +01:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#ifdef MAC
|
2002-08-19 20:04:53 +01:00
|
|
|
error = mac_check_vnode_write(td->td_ucred, fp->f_cred, vp);
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
if (error == 0)
|
|
|
|
#endif
|
|
|
|
error = VOP_SETATTR(vp, &vat, td->td_ucred, td);
|
2001-09-12 09:38:13 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
2000-07-11 23:07:57 +01:00
|
|
|
vn_finished_write(mp);
|
2000-07-04 04:34:11 +01:00
|
|
|
if (error)
|
|
|
|
goto bad;
|
|
|
|
}
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2000-11-18 21:01:04 +00:00
|
|
|
/*
|
|
|
|
* Release our private reference, leaving the one associated with
|
|
|
|
* the descriptor table intact.
|
|
|
|
*/
|
2001-09-12 09:38:13 +01:00
|
|
|
fdrop(fp, td);
|
|
|
|
td->td_retval[0] = indx;
|
1994-05-24 11:09:53 +01:00
|
|
|
return (0);
|
2000-07-04 04:34:11 +01:00
|
|
|
bad:
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2004-11-07 22:16:07 +00:00
|
|
|
fdclose(fdp, fp, indx, td);
|
2002-10-07 21:49:22 +01:00
|
|
|
fdrop(fp, td);
|
2000-07-04 04:34:11 +01:00
|
|
|
return (error);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef COMPAT_43
|
|
|
|
/*
|
|
|
|
* Create a file.
|
2004-03-16 10:46:42 +00:00
|
|
|
*
|
|
|
|
* MP SAFE
|
1994-05-24 11:09:53 +01:00
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct ocreat_args {
|
|
|
|
char *path;
|
|
|
|
int mode;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
ocreat(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct ocreat_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
int mode;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
1997-02-10 02:22:35 +00:00
|
|
|
|
2004-03-16 10:46:42 +00:00
|
|
|
return (kern_open(td, uap->path, UIO_USERSPACE,
|
|
|
|
O_WRONLY | O_CREAT | O_TRUNC, uap->mode));
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
#endif /* COMPAT_43 */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Create a special file.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct mknod_args {
|
|
|
|
char *path;
|
|
|
|
int mode;
|
|
|
|
int dev;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
mknod(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct mknod_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
int mode;
|
|
|
|
int dev;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2002-09-01 21:37:28 +01:00
|
|
|
|
|
|
|
return (kern_mknod(td, uap->path, UIO_USERSPACE, uap->mode, uap->dev));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_mknod(struct thread *td, char *path, enum uio_seg pathseg, int mode,
|
|
|
|
int dev)
|
|
|
|
{
|
2000-07-11 23:07:57 +01:00
|
|
|
struct vnode *vp;
|
|
|
|
struct mount *mp;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct vattr vattr;
|
|
|
|
int error;
|
1998-06-07 18:13:14 +01:00
|
|
|
int whiteout = 0;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(mode, mode);
|
|
|
|
AUDIT_ARG(dev, dev);
|
2002-09-01 21:37:28 +01:00
|
|
|
switch (mode & S_IFMT) {
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 12:38:52 +01:00
|
|
|
case S_IFCHR:
|
|
|
|
case S_IFBLK:
|
2002-04-01 22:31:13 +01:00
|
|
|
error = suser(td);
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 12:38:52 +01:00
|
|
|
break;
|
|
|
|
default:
|
2004-07-26 08:24:04 +01:00
|
|
|
error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 12:38:52 +01:00
|
|
|
break;
|
|
|
|
}
|
1994-10-02 18:35:40 +01:00
|
|
|
if (error)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2000-07-11 23:07:57 +01:00
|
|
|
restart:
|
2000-01-10 00:08:53 +00:00
|
|
|
bwillwrite();
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
|
|
|
|
pathseg, path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1994-05-24 11:09:53 +01:00
|
|
|
vp = nd.ni_vp;
|
2000-07-11 23:07:57 +01:00
|
|
|
if (vp != NULL) {
|
2003-08-05 01:26:51 +01:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
|
|
|
if (vp == nd.ni_dvp)
|
|
|
|
vrele(nd.ni_dvp);
|
|
|
|
else
|
|
|
|
vput(nd.ni_dvp);
|
2006-02-01 00:25:26 +00:00
|
|
|
vrele(vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2003-08-05 01:26:51 +01:00
|
|
|
return (EEXIST);
|
2000-07-11 23:07:57 +01:00
|
|
|
} else {
|
1994-05-24 11:09:53 +01:00
|
|
|
VATTR_NULL(&vattr);
|
2004-11-13 11:53:02 +00:00
|
|
|
FILEDESC_LOCK_FAST(td->td_proc->p_fd);
|
2002-09-01 21:37:28 +01:00
|
|
|
vattr.va_mode = (mode & ALLPERMS) &
|
|
|
|
~td->td_proc->p_fd->fd_cmask;
|
2004-11-13 11:53:02 +00:00
|
|
|
FILEDESC_UNLOCK_FAST(td->td_proc->p_fd);
|
2002-09-01 21:37:28 +01:00
|
|
|
vattr.va_rdev = dev;
|
1997-02-10 02:22:35 +00:00
|
|
|
whiteout = 0;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
2002-09-01 21:37:28 +01:00
|
|
|
switch (mode & S_IFMT) {
|
1994-05-24 11:09:53 +01:00
|
|
|
case S_IFMT: /* used by badsect to flag bad sectors */
|
|
|
|
vattr.va_type = VBAD;
|
|
|
|
break;
|
|
|
|
case S_IFCHR:
|
|
|
|
vattr.va_type = VCHR;
|
|
|
|
break;
|
|
|
|
case S_IFBLK:
|
|
|
|
vattr.va_type = VBLK;
|
|
|
|
break;
|
1997-02-10 02:22:35 +00:00
|
|
|
case S_IFWHT:
|
|
|
|
whiteout = 1;
|
|
|
|
break;
|
1994-05-24 11:09:53 +01:00
|
|
|
default:
|
|
|
|
error = EINVAL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2000-07-11 23:07:57 +01:00
|
|
|
if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
|
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
|
|
|
vput(nd.ni_dvp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2000-07-11 23:07:57 +01:00
|
|
|
if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
|
|
|
|
return (error);
|
|
|
|
goto restart;
|
|
|
|
}
|
2002-10-19 21:25:57 +01:00
|
|
|
#ifdef MAC
|
|
|
|
if (error == 0 && !whiteout)
|
|
|
|
error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp,
|
|
|
|
&nd.ni_cnd, &vattr);
|
|
|
|
#endif
|
1994-05-24 11:09:53 +01:00
|
|
|
if (!error) {
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE);
|
1999-12-15 23:02:35 +00:00
|
|
|
if (whiteout)
|
1997-02-10 02:22:35 +00:00
|
|
|
error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, CREATE);
|
1999-12-15 23:02:35 +00:00
|
|
|
else {
|
1997-02-10 02:22:35 +00:00
|
|
|
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp,
|
|
|
|
&nd.ni_cnd, &vattr);
|
1999-11-13 14:35:50 +00:00
|
|
|
if (error == 0)
|
|
|
|
vput(nd.ni_vp);
|
1997-02-10 02:22:35 +00:00
|
|
|
}
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
2000-07-11 23:07:57 +01:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
|
|
|
vput(nd.ni_dvp);
|
|
|
|
vn_finished_write(mp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
1997-02-10 02:22:35 +00:00
|
|
|
* Create a named pipe.
|
1994-05-24 11:09:53 +01:00
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct mkfifo_args {
|
|
|
|
char *path;
|
|
|
|
int mode;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
mkfifo(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct mkfifo_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
int mode;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
2002-09-01 21:37:28 +01:00
|
|
|
{
|
|
|
|
|
|
|
|
return (kern_mkfifo(td, uap->path, UIO_USERSPACE, uap->mode));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_mkfifo(struct thread *td, char *path, enum uio_seg pathseg, int mode)
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2000-07-11 23:07:57 +01:00
|
|
|
struct mount *mp;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct vattr vattr;
|
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
2006-06-05 14:34:23 +01:00
|
|
|
AUDIT_ARG(mode, mode);
|
2000-07-11 23:07:57 +01:00
|
|
|
restart:
|
2000-01-10 00:08:53 +00:00
|
|
|
bwillwrite();
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
|
|
|
|
pathseg, path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1994-05-24 11:09:53 +01:00
|
|
|
if (nd.ni_vp != NULL) {
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2003-08-05 01:26:51 +01:00
|
|
|
if (nd.ni_vp == nd.ni_dvp)
|
|
|
|
vrele(nd.ni_dvp);
|
|
|
|
else
|
|
|
|
vput(nd.ni_dvp);
|
2006-02-01 00:25:26 +00:00
|
|
|
vrele(nd.ni_vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (EEXIST);
|
|
|
|
}
|
2000-07-11 23:07:57 +01:00
|
|
|
if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
|
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
|
|
|
vput(nd.ni_dvp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2000-07-11 23:07:57 +01:00
|
|
|
if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
|
|
|
|
return (error);
|
|
|
|
goto restart;
|
|
|
|
}
|
1994-05-24 11:09:53 +01:00
|
|
|
VATTR_NULL(&vattr);
|
|
|
|
vattr.va_type = VFIFO;
|
2004-11-13 11:53:02 +00:00
|
|
|
FILEDESC_LOCK_FAST(td->td_proc->p_fd);
|
2002-09-01 21:37:28 +01:00
|
|
|
vattr.va_mode = (mode & ALLPERMS) & ~td->td_proc->p_fd->fd_cmask;
|
2004-11-13 11:53:02 +00:00
|
|
|
FILEDESC_UNLOCK_FAST(td->td_proc->p_fd);
|
2002-10-19 21:25:57 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
|
|
|
|
&vattr);
|
|
|
|
if (error)
|
|
|
|
goto out;
|
|
|
|
#endif
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE);
|
1998-05-07 05:58:58 +01:00
|
|
|
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
|
1999-11-13 14:35:50 +00:00
|
|
|
if (error == 0)
|
|
|
|
vput(nd.ni_vp);
|
2002-10-19 21:25:57 +01:00
|
|
|
#ifdef MAC
|
|
|
|
out:
|
|
|
|
#endif
|
1998-05-07 05:58:58 +01:00
|
|
|
vput(nd.ni_dvp);
|
2000-07-11 23:07:57 +01:00
|
|
|
vn_finished_write(mp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
1998-05-07 05:58:58 +01:00
|
|
|
return (error);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Make a hard file link.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct link_args {
|
|
|
|
char *path;
|
|
|
|
char *link;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
link(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct link_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
char *link;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
2002-09-01 21:37:28 +01:00
|
|
|
{
|
2004-06-22 05:29:07 +01:00
|
|
|
int error;
|
2002-09-01 21:37:28 +01:00
|
|
|
|
2004-06-22 05:29:07 +01:00
|
|
|
error = kern_link(td, uap->path, uap->link, UIO_USERSPACE);
|
|
|
|
return (error);
|
2002-09-01 21:37:28 +01:00
|
|
|
}
|
|
|
|
|
2004-03-08 20:37:25 +00:00
|
|
|
static int hardlink_check_uid = 0;
|
|
|
|
SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
|
|
|
|
&hardlink_check_uid, 0,
|
|
|
|
"Unprivileged processes cannot create hard links to files owned by other "
|
|
|
|
"users");
|
|
|
|
static int hardlink_check_gid = 0;
|
|
|
|
SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
|
|
|
|
&hardlink_check_gid, 0,
|
|
|
|
"Unprivileged processes cannot create hard links to files owned by other "
|
|
|
|
"groups");
|
|
|
|
|
|
|
|
static int
|
|
|
|
can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred)
|
|
|
|
{
|
|
|
|
struct vattr va;
|
|
|
|
int error;
|
|
|
|
|
2004-07-26 08:24:04 +01:00
|
|
|
if (suser_cred(cred, SUSER_ALLOWJAIL) == 0)
|
2004-03-08 20:37:25 +00:00
|
|
|
return (0);
|
|
|
|
|
|
|
|
if (!hardlink_check_uid && !hardlink_check_gid)
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
error = VOP_GETATTR(vp, &va, cred, td);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
if (hardlink_check_uid) {
|
|
|
|
if (cred->cr_uid != va.va_uid)
|
|
|
|
return (EPERM);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (hardlink_check_gid) {
|
|
|
|
if (!groupmember(va.va_gid, cred))
|
|
|
|
return (EPERM);
|
|
|
|
}
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2002-09-01 21:37:28 +01:00
|
|
|
int
|
|
|
|
kern_link(struct thread *td, char *path, char *link, enum uio_seg segflg)
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2000-07-11 23:07:57 +01:00
|
|
|
struct vnode *vp;
|
|
|
|
struct mount *mp;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
|
|
|
int lvfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
|
|
|
|
2000-01-10 00:08:53 +00:00
|
|
|
bwillwrite();
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, segflg, path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
1994-05-24 11:09:53 +01:00
|
|
|
vp = nd.ni_vp;
|
2000-07-11 23:07:57 +01:00
|
|
|
if (vp->v_type == VDIR) {
|
|
|
|
vrele(vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2000-07-11 23:07:57 +01:00
|
|
|
return (EPERM); /* POSIX */
|
|
|
|
}
|
|
|
|
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) {
|
|
|
|
vrele(vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2000-07-11 23:07:57 +01:00
|
|
|
return (error);
|
|
|
|
}
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE2,
|
|
|
|
segflg, link, td);
|
2000-07-11 23:07:57 +01:00
|
|
|
if ((error = namei(&nd)) == 0) {
|
2005-01-24 10:25:44 +00:00
|
|
|
lvfslocked = NDHASGIANT(&nd);
|
2000-07-11 23:07:57 +01:00
|
|
|
if (nd.ni_vp != NULL) {
|
2003-08-05 01:26:51 +01:00
|
|
|
if (nd.ni_dvp == nd.ni_vp)
|
|
|
|
vrele(nd.ni_dvp);
|
|
|
|
else
|
|
|
|
vput(nd.ni_dvp);
|
2006-02-01 00:25:26 +00:00
|
|
|
vrele(nd.ni_vp);
|
2000-07-11 23:07:57 +01:00
|
|
|
error = EEXIST;
|
2002-09-19 14:32:45 +01:00
|
|
|
} else if ((error = vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td))
|
|
|
|
== 0) {
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE);
|
|
|
|
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
|
2004-03-08 20:37:25 +00:00
|
|
|
error = can_hardlink(vp, td, td->td_ucred);
|
|
|
|
if (error == 0)
|
2002-10-05 19:11:36 +01:00
|
|
|
#ifdef MAC
|
2004-03-08 20:37:25 +00:00
|
|
|
error = mac_check_vnode_link(td->td_ucred,
|
|
|
|
nd.ni_dvp, vp, &nd.ni_cnd);
|
2002-10-05 19:11:36 +01:00
|
|
|
if (error == 0)
|
|
|
|
#endif
|
|
|
|
error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd);
|
2002-09-19 14:32:45 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
2003-08-05 01:26:51 +01:00
|
|
|
vput(nd.ni_dvp);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
2000-07-11 23:07:57 +01:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(lvfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
vrele(vp);
|
2000-07-11 23:07:57 +01:00
|
|
|
vn_finished_write(mp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Make a symbolic link.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct symlink_args {
|
|
|
|
char *path;
|
|
|
|
char *link;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
symlink(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct symlink_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
char *link;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
2002-09-01 21:37:28 +01:00
|
|
|
{
|
|
|
|
|
|
|
|
return (kern_symlink(td, uap->path, uap->link, UIO_USERSPACE));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_symlink(struct thread *td, char *path, char *link, enum uio_seg segflg)
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2000-07-11 23:07:57 +01:00
|
|
|
struct mount *mp;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct vattr vattr;
|
2002-09-01 21:37:28 +01:00
|
|
|
char *syspath;
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
2002-09-01 21:37:28 +01:00
|
|
|
if (segflg == UIO_SYSSPACE) {
|
|
|
|
syspath = path;
|
|
|
|
} else {
|
2003-02-19 05:47:46 +00:00
|
|
|
syspath = uma_zalloc(namei_zone, M_WAITOK);
|
2002-09-01 21:37:28 +01:00
|
|
|
if ((error = copyinstr(path, syspath, MAXPATHLEN, NULL)) != 0)
|
|
|
|
goto out;
|
|
|
|
}
|
2006-06-05 14:34:23 +01:00
|
|
|
AUDIT_ARG(text, syspath);
|
2000-07-11 23:07:57 +01:00
|
|
|
restart:
|
2000-01-10 00:08:53 +00:00
|
|
|
bwillwrite();
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
|
2005-01-24 10:25:44 +00:00
|
|
|
segflg, link, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
goto out;
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1994-05-24 11:09:53 +01:00
|
|
|
if (nd.ni_vp) {
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2003-08-05 01:26:51 +01:00
|
|
|
if (nd.ni_vp == nd.ni_dvp)
|
|
|
|
vrele(nd.ni_dvp);
|
|
|
|
else
|
|
|
|
vput(nd.ni_dvp);
|
2006-02-01 00:25:26 +00:00
|
|
|
vrele(nd.ni_vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
error = EEXIST;
|
|
|
|
goto out;
|
|
|
|
}
|
2000-07-11 23:07:57 +01:00
|
|
|
if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
|
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
|
|
|
vput(nd.ni_dvp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2000-07-11 23:07:57 +01:00
|
|
|
if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
|
2004-05-11 11:42:02 +01:00
|
|
|
goto out;
|
2000-07-11 23:07:57 +01:00
|
|
|
goto restart;
|
|
|
|
}
|
1994-05-24 11:09:53 +01:00
|
|
|
VATTR_NULL(&vattr);
|
2004-11-13 11:53:02 +00:00
|
|
|
FILEDESC_LOCK_FAST(td->td_proc->p_fd);
|
2001-09-12 09:38:13 +01:00
|
|
|
vattr.va_mode = ACCESSPERMS &~ td->td_proc->p_fd->fd_cmask;
|
2004-11-13 11:53:02 +00:00
|
|
|
FILEDESC_UNLOCK_FAST(td->td_proc->p_fd);
|
2002-10-19 21:25:57 +01:00
|
|
|
#ifdef MAC
|
|
|
|
vattr.va_type = VLNK;
|
|
|
|
error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
|
|
|
|
&vattr);
|
|
|
|
if (error)
|
|
|
|
goto out2;
|
|
|
|
#endif
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE);
|
2002-09-01 21:37:28 +01:00
|
|
|
error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, syspath);
|
1999-11-13 20:58:17 +00:00
|
|
|
if (error == 0)
|
|
|
|
vput(nd.ni_vp);
|
2002-10-19 21:25:57 +01:00
|
|
|
#ifdef MAC
|
|
|
|
out2:
|
|
|
|
#endif
|
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
1998-05-07 05:58:58 +01:00
|
|
|
vput(nd.ni_dvp);
|
2000-07-11 23:07:57 +01:00
|
|
|
vn_finished_write(mp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
out:
|
2002-09-01 21:37:28 +01:00
|
|
|
if (segflg != UIO_SYSSPACE)
|
|
|
|
uma_zfree(namei_zone, syspath);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
1997-02-10 02:22:35 +00:00
|
|
|
/*
|
|
|
|
* Delete a whiteout from the filesystem.
|
|
|
|
*/
|
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
undelete(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct undelete_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
|
|
|
{
|
|
|
|
int error;
|
2000-07-11 23:07:57 +01:00
|
|
|
struct mount *mp;
|
1997-02-10 02:22:35 +00:00
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1997-02-10 02:22:35 +00:00
|
|
|
|
2000-07-11 23:07:57 +01:00
|
|
|
restart:
|
2000-01-10 00:08:53 +00:00
|
|
|
bwillwrite();
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, DELETE, LOCKPARENT | DOWHITEOUT | MPSAFE | AUDITVNODE1,
|
|
|
|
UIO_USERSPACE, uap->path, td);
|
1997-02-10 02:22:35 +00:00
|
|
|
error = namei(&nd);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1997-02-10 02:22:35 +00:00
|
|
|
|
|
|
|
if (nd.ni_vp != NULLVP || !(nd.ni_cnd.cn_flags & ISWHITEOUT)) {
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2003-08-05 01:26:51 +01:00
|
|
|
if (nd.ni_vp == nd.ni_dvp)
|
|
|
|
vrele(nd.ni_dvp);
|
|
|
|
else
|
|
|
|
vput(nd.ni_dvp);
|
2006-02-01 00:25:26 +00:00
|
|
|
if (nd.ni_vp)
|
|
|
|
vrele(nd.ni_vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1997-02-10 02:22:35 +00:00
|
|
|
return (EEXIST);
|
|
|
|
}
|
2000-07-11 23:07:57 +01:00
|
|
|
if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
|
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
|
|
|
vput(nd.ni_dvp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2000-07-11 23:07:57 +01:00
|
|
|
if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
|
|
|
|
return (error);
|
|
|
|
goto restart;
|
|
|
|
}
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE);
|
1999-12-15 23:02:35 +00:00
|
|
|
error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, DELETE);
|
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
1997-02-10 02:22:35 +00:00
|
|
|
vput(nd.ni_dvp);
|
2000-07-11 23:07:57 +01:00
|
|
|
vn_finished_write(mp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1997-02-10 02:22:35 +00:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
1994-05-24 11:09:53 +01:00
|
|
|
/*
|
|
|
|
* Delete a name from the filesystem.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct unlink_args {
|
|
|
|
char *path;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
unlink(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
struct unlink_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
2002-09-01 21:37:28 +01:00
|
|
|
{
|
2004-06-22 05:34:05 +01:00
|
|
|
int error;
|
2002-09-01 21:37:28 +01:00
|
|
|
|
2004-06-22 05:34:05 +01:00
|
|
|
error = kern_unlink(td, uap->path, UIO_USERSPACE);
|
|
|
|
return (error);
|
2002-09-01 21:37:28 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_unlink(struct thread *td, char *path, enum uio_seg pathseg)
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2000-07-11 23:07:57 +01:00
|
|
|
struct mount *mp;
|
|
|
|
struct vnode *vp;
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
2000-07-11 23:07:57 +01:00
|
|
|
restart:
|
2000-01-10 00:08:53 +00:00
|
|
|
bwillwrite();
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, DELETE, LOCKPARENT | LOCKLEAF | MPSAFE | AUDITVNODE1,
|
|
|
|
pathseg, path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
2006-01-22 19:37:02 +00:00
|
|
|
return (error == EINVAL ? EPERM : error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1994-05-24 11:09:53 +01:00
|
|
|
vp = nd.ni_vp;
|
1996-05-24 17:19:23 +01:00
|
|
|
if (vp->v_type == VDIR)
|
|
|
|
error = EPERM; /* POSIX */
|
|
|
|
else {
|
1994-05-24 11:09:53 +01:00
|
|
|
/*
|
|
|
|
* The root of a mounted filesystem cannot be deleted.
|
1996-05-24 17:19:23 +01:00
|
|
|
*
|
|
|
|
* XXX: can this only be a VDIR case?
|
1994-05-24 11:09:53 +01:00
|
|
|
*/
|
2002-08-04 11:29:36 +01:00
|
|
|
if (vp->v_vflag & VV_ROOT)
|
1994-05-24 11:09:53 +01:00
|
|
|
error = EBUSY;
|
|
|
|
}
|
2002-08-21 04:55:35 +01:00
|
|
|
if (error == 0) {
|
|
|
|
if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
|
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2006-02-01 00:25:26 +00:00
|
|
|
vput(nd.ni_dvp);
|
2002-08-21 04:55:35 +01:00
|
|
|
if (vp == nd.ni_dvp)
|
|
|
|
vrele(vp);
|
|
|
|
else
|
|
|
|
vput(vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2002-08-21 04:55:35 +01:00
|
|
|
if ((error = vn_start_write(NULL, &mp,
|
|
|
|
V_XSLEEP | PCATCH)) != 0)
|
|
|
|
return (error);
|
|
|
|
goto restart;
|
|
|
|
}
|
2002-10-19 21:25:57 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_vnode_delete(td->td_ucred, nd.ni_dvp, vp,
|
|
|
|
&nd.ni_cnd);
|
|
|
|
if (error)
|
|
|
|
goto out;
|
|
|
|
#endif
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE);
|
Make our v_usecount vnode reference count work identically to the
original BSD code. The association between the vnode and the vm_object
no longer includes reference counts. The major difference is that
vm_object's are no longer freed gratuitiously from the vnode, and so
once an object is created for the vnode, it will last as long as the
vnode does.
When a vnode object reference count is incremented, then the underlying
vnode reference count is incremented also. The two "objects" are now
more intimately related, and so the interactions are now much less
complex.
When vnodes are now normally placed onto the free queue with an object still
attached. The rundown of the object happens at vnode rundown time, and
happens with exactly the same filesystem semantics of the original VFS
code. There is absolutely no need for vnode_pager_uncache and other
travesties like that anymore.
A side-effect of these changes is that SMP locking should be much simpler,
the I/O copyin/copyout optimizations work, NFS should be more ponderable,
and further work on layered filesystems should be less frustrating, because
of the totally coherent management of the vnode objects and vnodes.
Please be careful with your system while running this code, but I would
greatly appreciate feedback as soon a reasonably possible.
1998-01-06 05:26:17 +00:00
|
|
|
error = VOP_REMOVE(nd.ni_dvp, vp, &nd.ni_cnd);
|
2002-10-19 21:25:57 +01:00
|
|
|
#ifdef MAC
|
|
|
|
out:
|
|
|
|
#endif
|
2002-08-21 04:55:35 +01:00
|
|
|
vn_finished_write(mp);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2006-02-01 00:25:26 +00:00
|
|
|
vput(nd.ni_dvp);
|
2002-08-21 04:55:35 +01:00
|
|
|
if (vp == nd.ni_dvp)
|
|
|
|
vrele(vp);
|
|
|
|
else
|
|
|
|
vput(vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Reposition read/write file offset.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct lseek_args {
|
|
|
|
int fd;
|
|
|
|
int pad;
|
|
|
|
off_t offset;
|
|
|
|
int whence;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
lseek(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct lseek_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
|
|
|
int pad;
|
|
|
|
off_t offset;
|
|
|
|
int whence;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2002-02-27 18:32:23 +00:00
|
|
|
struct ucred *cred = td->td_ucred;
|
2002-01-14 00:13:45 +00:00
|
|
|
struct file *fp;
|
2001-08-21 22:20:42 +01:00
|
|
|
struct vnode *vp;
|
2002-01-13 11:58:06 +00:00
|
|
|
struct vattr vattr;
|
2001-08-21 22:20:42 +01:00
|
|
|
off_t offset;
|
|
|
|
int error, noneg;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
2002-01-14 00:13:45 +00:00
|
|
|
if ((error = fget(td, uap->fd, &fp)) != 0)
|
|
|
|
return (error);
|
2003-06-18 20:53:59 +01:00
|
|
|
if (!(fp->f_ops->fo_flags & DFLAG_SEEKABLE)) {
|
2002-01-13 11:58:06 +00:00
|
|
|
fdrop(fp, td);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (ESPIPE);
|
2002-01-13 11:58:06 +00:00
|
|
|
}
|
2003-06-22 09:41:43 +01:00
|
|
|
vp = fp->f_vnode;
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
|
2001-08-21 22:20:42 +01:00
|
|
|
noneg = (vp->v_type != VCHR);
|
2002-12-14 01:56:26 +00:00
|
|
|
offset = uap->offset;
|
|
|
|
switch (uap->whence) {
|
1994-05-24 11:09:53 +01:00
|
|
|
case L_INCR:
|
2001-08-21 22:20:42 +01:00
|
|
|
if (noneg &&
|
2001-08-29 19:35:53 +01:00
|
|
|
(fp->f_offset < 0 ||
|
2003-01-06 13:19:05 +00:00
|
|
|
(offset > 0 && fp->f_offset > OFF_MAX - offset))) {
|
|
|
|
error = EOVERFLOW;
|
|
|
|
break;
|
|
|
|
}
|
2001-08-21 22:20:42 +01:00
|
|
|
offset += fp->f_offset;
|
1994-05-24 11:09:53 +01:00
|
|
|
break;
|
|
|
|
case L_XTND:
|
2002-02-10 21:44:30 +00:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
2001-09-12 09:38:13 +01:00
|
|
|
error = VOP_GETATTR(vp, &vattr, cred, td);
|
2002-02-10 21:44:30 +00:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
1994-10-02 18:35:40 +01:00
|
|
|
if (error)
|
2003-01-06 13:19:05 +00:00
|
|
|
break;
|
2001-08-21 22:20:42 +01:00
|
|
|
if (noneg &&
|
2001-08-29 19:35:53 +01:00
|
|
|
(vattr.va_size > OFF_MAX ||
|
2003-01-06 13:19:05 +00:00
|
|
|
(offset > 0 && vattr.va_size > OFF_MAX - offset))) {
|
|
|
|
error = EOVERFLOW;
|
|
|
|
break;
|
|
|
|
}
|
2001-08-21 22:20:42 +01:00
|
|
|
offset += vattr.va_size;
|
1994-05-24 11:09:53 +01:00
|
|
|
break;
|
|
|
|
case L_SET:
|
|
|
|
break;
|
|
|
|
default:
|
2003-01-06 13:19:05 +00:00
|
|
|
error = EINVAL;
|
|
|
|
}
|
|
|
|
if (error == 0 && noneg && offset < 0)
|
|
|
|
error = EINVAL;
|
2005-01-24 10:25:44 +00:00
|
|
|
if (error != 0)
|
|
|
|
goto drop;
|
2001-08-21 22:20:42 +01:00
|
|
|
fp->f_offset = offset;
|
2001-09-12 09:38:13 +01:00
|
|
|
*(off_t *)(td->td_retval) = fp->f_offset;
|
2005-01-24 10:25:44 +00:00
|
|
|
drop:
|
2002-01-13 11:58:06 +00:00
|
|
|
fdrop(fp, td);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
|
|
|
return (error);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
|
2004-06-11 12:16:26 +01:00
|
|
|
#if defined(COMPAT_43)
|
1994-05-24 11:09:53 +01:00
|
|
|
/*
|
|
|
|
* Reposition read/write file offset.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct olseek_args {
|
|
|
|
int fd;
|
|
|
|
long offset;
|
|
|
|
int whence;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
olseek(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct olseek_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
|
|
|
long offset;
|
|
|
|
int whence;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
1997-02-10 02:22:35 +00:00
|
|
|
struct lseek_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
|
|
|
int pad;
|
|
|
|
off_t offset;
|
|
|
|
int whence;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ nuap;
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
|
|
|
|
2002-12-14 01:56:26 +00:00
|
|
|
nuap.fd = uap->fd;
|
|
|
|
nuap.offset = uap->offset;
|
|
|
|
nuap.whence = uap->whence;
|
2001-09-12 09:38:13 +01:00
|
|
|
error = lseek(td, &nuap);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
#endif /* COMPAT_43 */
|
|
|
|
|
|
|
|
/*
|
2001-09-21 22:33:22 +01:00
|
|
|
* Check access permissions using passed credentials.
|
|
|
|
*/
|
|
|
|
static int
|
2001-09-22 04:07:41 +01:00
|
|
|
vn_access(vp, user_flags, cred, td)
|
2001-09-21 22:33:22 +01:00
|
|
|
struct vnode *vp;
|
|
|
|
int user_flags;
|
|
|
|
struct ucred *cred;
|
|
|
|
struct thread *td;
|
|
|
|
{
|
|
|
|
int error, flags;
|
|
|
|
|
|
|
|
/* Flags == 0 means only check for existence. */
|
|
|
|
error = 0;
|
|
|
|
if (user_flags) {
|
|
|
|
flags = 0;
|
|
|
|
if (user_flags & R_OK)
|
|
|
|
flags |= VREAD;
|
|
|
|
if (user_flags & W_OK)
|
|
|
|
flags |= VWRITE;
|
|
|
|
if (user_flags & X_OK)
|
|
|
|
flags |= VEXEC;
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_vnode_access(cred, vp, flags);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
#endif
|
2001-09-21 22:33:22 +01:00
|
|
|
if ((flags & VWRITE) == 0 || (error = vn_writechk(vp)) == 0)
|
|
|
|
error = VOP_ACCESS(vp, flags, cred, td);
|
|
|
|
}
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check access permissions using "real" credentials.
|
1994-05-24 11:09:53 +01:00
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct access_args {
|
|
|
|
char *path;
|
|
|
|
int flags;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
access(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct access_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
int flags;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
2002-09-01 21:37:28 +01:00
|
|
|
{
|
|
|
|
|
|
|
|
return (kern_access(td, uap->path, UIO_USERSPACE, uap->flags));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_access(struct thread *td, char *path, enum uio_seg pathseg, int flags)
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2000-09-02 13:31:55 +01:00
|
|
|
struct ucred *cred, *tmpcred;
|
1994-05-24 11:09:53 +01:00
|
|
|
register struct vnode *vp;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
|
|
|
int error;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
2000-09-02 13:31:55 +01:00
|
|
|
/*
|
|
|
|
* Create and modify a temporary credential instead of one that
|
|
|
|
* is potentially shared. This could also mess up socket
|
|
|
|
* buffer accounting which can run in an interrupt context.
|
|
|
|
*/
|
2002-02-27 19:15:29 +00:00
|
|
|
cred = td->td_ucred;
|
2000-09-02 13:31:55 +01:00
|
|
|
tmpcred = crdup(cred);
|
o Merge contents of struct pcred into struct ucred. Specifically, add the
real uid, saved uid, real gid, and saved gid to ucred, as well as the
pcred->pc_uidinfo, which was associated with the real uid, only rename
it to cr_ruidinfo so as not to conflict with cr_uidinfo, which
corresponds to the effective uid.
o Remove p_cred from struct proc; add p_ucred to struct proc, replacing
original macro that pointed.
p->p_ucred to p->p_cred->pc_ucred.
o Universally update code so that it makes use of ucred instead of pcred,
p->p_ucred instead of p->p_pcred, cr_ruidinfo instead of p_uidinfo,
cr_{r,sv}{u,g}id instead of p_*, etc.
o Remove pcred0 and its initialization from init_main.c; initialize
cr_ruidinfo there.
o Restruction many credential modification chunks to always crdup while
we figure out locking and optimizations; generally speaking, this
means moving to a structure like this:
newcred = crdup(oldcred);
...
p->p_ucred = newcred;
crfree(oldcred);
It's not race-free, but better than nothing. There are also races
in sys_process.c, all inter-process authorization, fork, exec, and
exit.
o Remove sigio->sio_ruid since sigio->sio_ucred now contains the ruid;
remove comments indicating that the old arrangement was a problem.
o Restructure exec1() a little to use newcred/oldcred arrangement, and
use improved uid management primitives.
o Clean up exit1() so as to do less work in credential cleanup due to
pcred removal.
o Clean up fork1() so as to do less work in credential cleanup and
allocation.
o Clean up ktrcanset() to take into account changes, and move to using
suser_xxx() instead of performing a direct uid==0 comparision.
o Improve commenting in various kern_prot.c credential modification
calls to better document current behavior. In a couple of places,
current behavior is a little questionable and we need to check
POSIX.1 to make sure it's "right". More commenting work still
remains to be done.
o Update credential management calls, such as crfree(), to take into
account new ruidinfo reference.
o Modify or add the following uid and gid helper routines:
change_euid()
change_egid()
change_ruid()
change_rgid()
change_svuid()
change_svgid()
In each case, the call now acts on a credential not a process, and as
such no longer requires more complicated process locking/etc. They
now assume the caller will do any necessary allocation of an
exclusive credential reference. Each is commented to document its
reference requirements.
o CANSIGIO() is simplified to require only credentials, not processes
and pcreds.
o Remove lots of (p_pcred==NULL) checks.
o Add an XXX to authorization code in nfs_lock.c, since it's
questionable, and needs to be considered carefully.
o Simplify posix4 authorization code to require only credentials, not
processes and pcreds. Note that this authorization, as well as
CANSIGIO(), needs to be updated to use the p_cansignal() and
p_cansched() centralized authorization routines, as they currently
do not take into account some desirable restrictions that are handled
by the centralized routines, as well as being inconsistent with other
similar authorization instances.
o Update libkvm to take these changes into account.
Obtained from: TrustedBSD Project
Reviewed by: green, bde, jhb, freebsd-arch, freebsd-audit
2001-05-25 17:59:11 +01:00
|
|
|
tmpcred->cr_uid = cred->cr_ruid;
|
|
|
|
tmpcred->cr_groups[0] = cred->cr_rgid;
|
2002-02-27 19:15:29 +00:00
|
|
|
td->td_ucred = tmpcred;
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
|
|
|
|
pathseg, path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
goto out1;
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1994-05-24 11:09:53 +01:00
|
|
|
vp = nd.ni_vp;
|
|
|
|
|
2002-09-01 21:37:28 +01:00
|
|
|
error = vn_access(vp, flags, tmpcred, td);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
1994-05-24 11:09:53 +01:00
|
|
|
vput(vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
out1:
|
2002-02-27 19:15:29 +00:00
|
|
|
td->td_ucred = cred;
|
2000-09-02 13:31:55 +01:00
|
|
|
crfree(tmpcred);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2001-09-21 22:33:22 +01:00
|
|
|
/*
|
|
|
|
* Check access permissions using "effective" credentials.
|
|
|
|
*/
|
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
|
|
|
struct eaccess_args {
|
|
|
|
char *path;
|
|
|
|
int flags;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
int
|
|
|
|
eaccess(td, uap)
|
|
|
|
struct thread *td;
|
|
|
|
register struct eaccess_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
int flags;
|
2001-09-21 22:33:22 +01:00
|
|
|
} */ *uap;
|
2006-02-06 22:00:53 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
return (kern_eaccess(td, uap->path, UIO_USERSPACE, uap->flags));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_eaccess(struct thread *td, char *path, enum uio_seg pathseg, int flags)
|
2001-09-21 22:33:22 +01:00
|
|
|
{
|
|
|
|
struct nameidata nd;
|
|
|
|
struct vnode *vp;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
2001-09-21 22:33:22 +01:00
|
|
|
int error;
|
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
|
|
|
|
pathseg, path, td);
|
2001-09-21 22:33:22 +01:00
|
|
|
if ((error = namei(&nd)) != 0)
|
|
|
|
return (error);
|
|
|
|
vp = nd.ni_vp;
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
2006-02-06 22:00:53 +00:00
|
|
|
error = vn_access(vp, flags, td->td_ucred, td);
|
2001-09-21 22:33:22 +01:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
|
|
|
vput(vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2001-09-21 22:33:22 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2004-06-11 12:16:26 +01:00
|
|
|
#if defined(COMPAT_43)
|
1994-05-24 11:09:53 +01:00
|
|
|
/*
|
|
|
|
* Get file status; this version follows links.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct ostat_args {
|
|
|
|
char *path;
|
|
|
|
struct ostat *ub;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
ostat(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct ostat_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
struct ostat *ub;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
|
|
|
struct stat sb;
|
|
|
|
struct ostat osb;
|
|
|
|
int error;
|
|
|
|
|
2005-02-07 18:44:55 +00:00
|
|
|
error = kern_stat(td, uap->path, UIO_USERSPACE, &sb);
|
1994-05-24 11:09:53 +01:00
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
cvtstat(&sb, &osb);
|
2002-12-14 01:56:26 +00:00
|
|
|
error = copyout(&osb, uap->ub, sizeof (osb));
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get file status; this version does not follow links.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct olstat_args {
|
|
|
|
char *path;
|
|
|
|
struct ostat *ub;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
olstat(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct olstat_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
struct ostat *ub;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
1997-03-31 13:02:53 +01:00
|
|
|
struct stat sb;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct ostat osb;
|
|
|
|
int error;
|
|
|
|
|
2005-02-07 18:44:55 +00:00
|
|
|
error = kern_lstat(td, uap->path, UIO_USERSPACE, &sb);
|
1997-03-31 13:02:53 +01:00
|
|
|
if (error)
|
|
|
|
return (error);
|
1994-05-24 11:09:53 +01:00
|
|
|
cvtstat(&sb, &osb);
|
2002-12-14 01:56:26 +00:00
|
|
|
error = copyout(&osb, uap->ub, sizeof (osb));
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Convert from an old to a new stat structure.
|
|
|
|
*/
|
1994-05-25 10:21:21 +01:00
|
|
|
void
|
1994-05-24 11:09:53 +01:00
|
|
|
cvtstat(st, ost)
|
|
|
|
struct stat *st;
|
|
|
|
struct ostat *ost;
|
|
|
|
{
|
|
|
|
|
|
|
|
ost->st_dev = st->st_dev;
|
|
|
|
ost->st_ino = st->st_ino;
|
|
|
|
ost->st_mode = st->st_mode;
|
|
|
|
ost->st_nlink = st->st_nlink;
|
|
|
|
ost->st_uid = st->st_uid;
|
|
|
|
ost->st_gid = st->st_gid;
|
|
|
|
ost->st_rdev = st->st_rdev;
|
|
|
|
if (st->st_size < (quad_t)1 << 32)
|
|
|
|
ost->st_size = st->st_size;
|
|
|
|
else
|
|
|
|
ost->st_size = -2;
|
|
|
|
ost->st_atime = st->st_atime;
|
|
|
|
ost->st_mtime = st->st_mtime;
|
|
|
|
ost->st_ctime = st->st_ctime;
|
|
|
|
ost->st_blksize = st->st_blksize;
|
|
|
|
ost->st_blocks = st->st_blocks;
|
|
|
|
ost->st_flags = st->st_flags;
|
|
|
|
ost->st_gen = st->st_gen;
|
|
|
|
}
|
2004-06-11 12:16:26 +01:00
|
|
|
#endif /* COMPAT_43 */
|
1994-05-24 11:09:53 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Get file status; this version follows links.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct stat_args {
|
|
|
|
char *path;
|
|
|
|
struct stat *ub;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
stat(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct stat_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
struct stat *ub;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
|
|
|
struct stat sb;
|
|
|
|
int error;
|
2005-02-07 18:44:55 +00:00
|
|
|
|
|
|
|
error = kern_stat(td, uap->path, UIO_USERSPACE, &sb);
|
|
|
|
if (error == 0)
|
|
|
|
error = copyout(&sb, uap->ub, sizeof (sb));
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_stat(struct thread *td, char *path, enum uio_seg pathseg, struct stat *sbp)
|
|
|
|
{
|
1994-05-24 11:09:53 +01:00
|
|
|
struct nameidata nd;
|
2005-02-07 18:44:55 +00:00
|
|
|
struct stat sb;
|
|
|
|
int error, vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP,
|
|
|
|
FOLLOW | LOCKSHARED | LOCKLEAF | MPSAFE | AUDITVNODE1,
|
2005-02-07 18:44:55 +00:00
|
|
|
pathseg, path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
Make similar changes to fo_stat() and fo_poll() as made earlier to
fo_read() and fo_write(): explicitly use the cred argument to fo_poll()
as "active_cred" using the passed file descriptor's f_cred reference
to provide access to the file credential. Add an active_cred
argument to fo_stat() so that implementers have access to the active
credential as well as the file credential. Generally modify callers
of fo_stat() to pass in td->td_ucred rather than fp->f_cred, which
was redundantly provided via the fp argument. This set of modifications
also permits threads to perform these operations on behalf of another
thread without modifying their credential.
Trickle this change down into fo_stat/poll() implementations:
- badfo_poll(), badfo_stat(): modify/add arguments.
- kqueue_poll(), kqueue_stat(): modify arguments.
- pipe_poll(), pipe_stat(): modify/add arguments, pass active_cred to
MAC checks rather than td->td_ucred.
- soo_poll(), soo_stat(): modify/add arguments, pass fp->f_cred rather
than cred to pru_sopoll() to maintain current semantics.
- sopoll(): moidfy arguments.
- vn_poll(), vn_statfile(): modify/add arguments, pass new arguments
to vn_stat(). Pass active_cred to MAC and fp->f_cred to VOP_POLL()
to maintian current semantics.
- vn_close(): rename cred to file_cred to reflect reality while I'm here.
- vn_stat(): Add active_cred and file_cred arguments to vn_stat()
and consumers so that this distinction is maintained at the VFS
as well as 'struct file' layer. Pass active_cred instead of
td->td_ucred to MAC and to VOP_GETATTR() to maintain current semantics.
- fifofs: modify the creation of a "filetemp" so that the file
credential is properly initialized and can be used in the socket
code if desired. Pass ap->a_td->td_ucred as the active
credential to soo_poll(). If we teach the vnop interface about
the distinction between file and active credentials, we would use
the active credential here.
Note that current inconsistent passing of active_cred vs. file_cred to
VOP's is maintained. It's not clear why GETATTR would be authorized
using active_cred while POLL would be authorized using file_cred at
the file system level.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-16 13:52:03 +01:00
|
|
|
error = vn_stat(nd.ni_vp, &sb, td->td_ucred, NOCRED, td);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
1994-05-24 11:09:53 +01:00
|
|
|
vput(nd.ni_vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2006-03-31 04:54:20 +01:00
|
|
|
if (mtx_owned(&Giant))
|
|
|
|
printf("stat(%d): %s\n", vfslocked, path);
|
1994-05-24 11:09:53 +01:00
|
|
|
if (error)
|
|
|
|
return (error);
|
2005-02-07 18:44:55 +00:00
|
|
|
*sbp = sb;
|
|
|
|
return (0);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get file status; this version does not follow links.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct lstat_args {
|
|
|
|
char *path;
|
|
|
|
struct stat *ub;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
lstat(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct lstat_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
struct stat *ub;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2005-02-07 18:44:55 +00:00
|
|
|
struct stat sb;
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
2005-02-07 18:44:55 +00:00
|
|
|
|
|
|
|
error = kern_lstat(td, uap->path, UIO_USERSPACE, &sb);
|
|
|
|
if (error == 0)
|
|
|
|
error = copyout(&sb, uap->ub, sizeof (sb));
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_lstat(struct thread *td, char *path, enum uio_seg pathseg, struct stat *sbp)
|
|
|
|
{
|
1997-03-31 13:02:53 +01:00
|
|
|
struct vnode *vp;
|
|
|
|
struct stat sb;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct nameidata nd;
|
2005-02-07 18:44:55 +00:00
|
|
|
int error, vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP,
|
|
|
|
NOFOLLOW | LOCKLEAF | LOCKSHARED | MPSAFE | AUDITVNODE1,
|
2005-02-07 18:44:55 +00:00
|
|
|
pathseg, path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1994-05-24 11:09:53 +01:00
|
|
|
vp = nd.ni_vp;
|
Make similar changes to fo_stat() and fo_poll() as made earlier to
fo_read() and fo_write(): explicitly use the cred argument to fo_poll()
as "active_cred" using the passed file descriptor's f_cred reference
to provide access to the file credential. Add an active_cred
argument to fo_stat() so that implementers have access to the active
credential as well as the file credential. Generally modify callers
of fo_stat() to pass in td->td_ucred rather than fp->f_cred, which
was redundantly provided via the fp argument. This set of modifications
also permits threads to perform these operations on behalf of another
thread without modifying their credential.
Trickle this change down into fo_stat/poll() implementations:
- badfo_poll(), badfo_stat(): modify/add arguments.
- kqueue_poll(), kqueue_stat(): modify arguments.
- pipe_poll(), pipe_stat(): modify/add arguments, pass active_cred to
MAC checks rather than td->td_ucred.
- soo_poll(), soo_stat(): modify/add arguments, pass fp->f_cred rather
than cred to pru_sopoll() to maintain current semantics.
- sopoll(): moidfy arguments.
- vn_poll(), vn_statfile(): modify/add arguments, pass new arguments
to vn_stat(). Pass active_cred to MAC and fp->f_cred to VOP_POLL()
to maintian current semantics.
- vn_close(): rename cred to file_cred to reflect reality while I'm here.
- vn_stat(): Add active_cred and file_cred arguments to vn_stat()
and consumers so that this distinction is maintained at the VFS
as well as 'struct file' layer. Pass active_cred instead of
td->td_ucred to MAC and to VOP_GETATTR() to maintain current semantics.
- fifofs: modify the creation of a "filetemp" so that the file
credential is properly initialized and can be used in the socket
code if desired. Pass ap->a_td->td_ucred as the active
credential to soo_poll(). If we teach the vnop interface about
the distinction between file and active credentials, we would use
the active credential here.
Note that current inconsistent passing of active_cred vs. file_cred to
VOP's is maintained. It's not clear why GETATTR would be authorized
using active_cred while POLL would be authorized using file_cred at
the file system level.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-16 13:52:03 +01:00
|
|
|
error = vn_stat(vp, &sb, td->td_ucred, NOCRED, td);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
1997-03-31 13:02:53 +01:00
|
|
|
vput(vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1997-03-31 13:02:53 +01:00
|
|
|
if (error)
|
|
|
|
return (error);
|
2005-02-07 18:44:55 +00:00
|
|
|
*sbp = sb;
|
|
|
|
return (0);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
|
2000-09-14 20:13:59 +01:00
|
|
|
/*
|
2005-02-07 18:44:55 +00:00
|
|
|
* Implementation of the NetBSD [l]stat() functions.
|
2000-09-14 20:13:59 +01:00
|
|
|
*/
|
1998-05-11 04:55:28 +01:00
|
|
|
void
|
|
|
|
cvtnstat(sb, nsb)
|
|
|
|
struct stat *sb;
|
|
|
|
struct nstat *nsb;
|
|
|
|
{
|
2002-06-24 08:14:44 +01:00
|
|
|
bzero(nsb, sizeof *nsb);
|
1998-05-11 04:55:28 +01:00
|
|
|
nsb->st_dev = sb->st_dev;
|
|
|
|
nsb->st_ino = sb->st_ino;
|
|
|
|
nsb->st_mode = sb->st_mode;
|
|
|
|
nsb->st_nlink = sb->st_nlink;
|
|
|
|
nsb->st_uid = sb->st_uid;
|
|
|
|
nsb->st_gid = sb->st_gid;
|
|
|
|
nsb->st_rdev = sb->st_rdev;
|
|
|
|
nsb->st_atimespec = sb->st_atimespec;
|
|
|
|
nsb->st_mtimespec = sb->st_mtimespec;
|
|
|
|
nsb->st_ctimespec = sb->st_ctimespec;
|
|
|
|
nsb->st_size = sb->st_size;
|
|
|
|
nsb->st_blocks = sb->st_blocks;
|
|
|
|
nsb->st_blksize = sb->st_blksize;
|
|
|
|
nsb->st_flags = sb->st_flags;
|
|
|
|
nsb->st_gen = sb->st_gen;
|
2002-07-16 23:36:00 +01:00
|
|
|
nsb->st_birthtimespec = sb->st_birthtimespec;
|
1998-05-11 04:55:28 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
|
|
|
struct nstat_args {
|
|
|
|
char *path;
|
|
|
|
struct nstat *ub;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
nstat(td, uap)
|
|
|
|
struct thread *td;
|
1998-05-11 04:55:28 +01:00
|
|
|
register struct nstat_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
struct nstat *ub;
|
1998-05-11 04:55:28 +01:00
|
|
|
} */ *uap;
|
|
|
|
{
|
|
|
|
struct stat sb;
|
|
|
|
struct nstat nsb;
|
|
|
|
int error;
|
|
|
|
|
2005-02-07 18:44:55 +00:00
|
|
|
error = kern_stat(td, uap->path, UIO_USERSPACE, &sb);
|
1998-05-11 04:55:28 +01:00
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
cvtnstat(&sb, &nsb);
|
2002-12-14 01:56:26 +00:00
|
|
|
error = copyout(&nsb, uap->ub, sizeof (nsb));
|
1998-05-11 04:55:28 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2000-09-14 20:13:59 +01:00
|
|
|
* NetBSD lstat. Get file status; this version does not follow links.
|
1998-05-11 04:55:28 +01:00
|
|
|
*/
|
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
|
|
|
struct lstat_args {
|
|
|
|
char *path;
|
|
|
|
struct stat *ub;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
nlstat(td, uap)
|
|
|
|
struct thread *td;
|
1998-05-11 04:55:28 +01:00
|
|
|
register struct nlstat_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
struct nstat *ub;
|
1998-05-11 04:55:28 +01:00
|
|
|
} */ *uap;
|
|
|
|
{
|
|
|
|
struct stat sb;
|
|
|
|
struct nstat nsb;
|
2005-02-07 18:44:55 +00:00
|
|
|
int error;
|
1998-05-11 04:55:28 +01:00
|
|
|
|
2005-02-07 18:44:55 +00:00
|
|
|
error = kern_lstat(td, uap->path, UIO_USERSPACE, &sb);
|
1998-05-11 04:55:28 +01:00
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
cvtnstat(&sb, &nsb);
|
2002-12-14 01:56:26 +00:00
|
|
|
error = copyout(&nsb, uap->ub, sizeof (nsb));
|
1998-05-11 04:55:28 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
1994-05-24 11:09:53 +01:00
|
|
|
/*
|
|
|
|
* Get configurable pathname variables.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct pathconf_args {
|
|
|
|
char *path;
|
|
|
|
int name;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
pathconf(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct pathconf_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
int name;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2005-02-07 21:46:43 +00:00
|
|
|
|
|
|
|
return (kern_pathconf(td, uap->path, UIO_USERSPACE, uap->name));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_pathconf(struct thread *td, char *path, enum uio_seg pathseg, int name)
|
|
|
|
{
|
1994-05-24 11:09:53 +01:00
|
|
|
struct nameidata nd;
|
2005-02-07 21:46:43 +00:00
|
|
|
int error, vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
|
|
|
|
pathseg, path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2002-10-27 18:07:41 +00:00
|
|
|
|
|
|
|
/* If asynchronous I/O is available, it works for all files. */
|
2005-02-07 21:46:43 +00:00
|
|
|
if (name == _PC_ASYNC_IO)
|
2002-10-27 18:07:41 +00:00
|
|
|
td->td_retval[0] = async_io_version;
|
|
|
|
else
|
2005-02-07 21:46:43 +00:00
|
|
|
error = VOP_PATHCONF(nd.ni_vp, name, td->td_retval);
|
1994-05-24 11:09:53 +01:00
|
|
|
vput(nd.ni_vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Return target name of a symbolic link.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct readlink_args {
|
|
|
|
char *path;
|
|
|
|
char *buf;
|
|
|
|
int count;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
readlink(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct readlink_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
char *buf;
|
|
|
|
int count;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2002-09-01 21:37:28 +01:00
|
|
|
|
|
|
|
return (kern_readlink(td, uap->path, UIO_USERSPACE, uap->buf,
|
|
|
|
UIO_USERSPACE, uap->count));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_readlink(struct thread *td, char *path, enum uio_seg pathseg, char *buf,
|
|
|
|
enum uio_seg bufseg, int count)
|
|
|
|
{
|
1994-05-24 11:09:53 +01:00
|
|
|
register struct vnode *vp;
|
|
|
|
struct iovec aiov;
|
|
|
|
struct uio auio;
|
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
|
|
|
|
pathseg, path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1994-05-24 11:09:53 +01:00
|
|
|
vp = nd.ni_vp;
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_vnode_readlink(td->td_ucred, vp);
|
|
|
|
if (error) {
|
|
|
|
vput(vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
#endif
|
1994-05-24 11:09:53 +01:00
|
|
|
if (vp->v_type != VLNK)
|
|
|
|
error = EINVAL;
|
|
|
|
else {
|
2002-09-01 21:37:28 +01:00
|
|
|
aiov.iov_base = buf;
|
|
|
|
aiov.iov_len = count;
|
1994-05-24 11:09:53 +01:00
|
|
|
auio.uio_iov = &aiov;
|
|
|
|
auio.uio_iovcnt = 1;
|
|
|
|
auio.uio_offset = 0;
|
|
|
|
auio.uio_rw = UIO_READ;
|
2002-09-01 21:37:28 +01:00
|
|
|
auio.uio_segflg = bufseg;
|
2001-09-12 09:38:13 +01:00
|
|
|
auio.uio_td = td;
|
2002-09-01 21:37:28 +01:00
|
|
|
auio.uio_resid = count;
|
2002-02-27 18:32:23 +00:00
|
|
|
error = VOP_READLINK(vp, &auio, td->td_ucred);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
vput(vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2002-09-01 21:37:28 +01:00
|
|
|
td->td_retval[0] = count - auio.uio_resid;
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2000-09-14 20:13:59 +01:00
|
|
|
/*
|
|
|
|
* Common implementation code for chflags() and fchflags().
|
|
|
|
*/
|
1998-05-11 04:55:28 +01:00
|
|
|
static int
|
2001-09-12 09:38:13 +01:00
|
|
|
setfflags(td, vp, flags)
|
|
|
|
struct thread *td;
|
1998-05-11 04:55:28 +01:00
|
|
|
struct vnode *vp;
|
|
|
|
int flags;
|
|
|
|
{
|
|
|
|
int error;
|
2000-07-11 23:07:57 +01:00
|
|
|
struct mount *mp;
|
1998-05-11 04:55:28 +01:00
|
|
|
struct vattr vattr;
|
|
|
|
|
1999-08-02 22:34:46 +01:00
|
|
|
/*
|
1999-08-04 05:52:18 +01:00
|
|
|
* Prevent non-root users from setting flags on devices. When
|
|
|
|
* a device is reused, users can retain ownership of the device
|
|
|
|
* if they are allowed to set flags and programs assume that
|
|
|
|
* chown can't fail when done as root.
|
1999-08-02 22:34:46 +01:00
|
|
|
*/
|
2001-10-01 21:01:07 +01:00
|
|
|
if (vp->v_type == VCHR || vp->v_type == VBLK) {
|
2004-07-26 08:24:04 +01:00
|
|
|
error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
|
2001-10-01 21:01:07 +01:00
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
}
|
1999-08-03 18:07:04 +01:00
|
|
|
|
2000-07-11 23:07:57 +01:00
|
|
|
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
|
|
|
|
return (error);
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
|
2001-09-12 09:38:13 +01:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
2003-03-05 23:15:23 +00:00
|
|
|
VATTR_NULL(&vattr);
|
|
|
|
vattr.va_flags = flags;
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_vnode_setflags(td->td_ucred, vp, vattr.va_flags);
|
2003-03-05 23:15:23 +00:00
|
|
|
if (error == 0)
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#endif
|
|
|
|
error = VOP_SETATTR(vp, &vattr, td->td_ucred, td);
|
2001-09-12 09:38:13 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
2000-07-11 23:07:57 +01:00
|
|
|
vn_finished_write(mp);
|
1999-08-04 05:52:18 +01:00
|
|
|
return (error);
|
1998-05-11 04:55:28 +01:00
|
|
|
}
|
|
|
|
|
1994-05-24 11:09:53 +01:00
|
|
|
/*
|
|
|
|
* Change flags of a file given a path name.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct chflags_args {
|
|
|
|
char *path;
|
|
|
|
int flags;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
chflags(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct chflags_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
int flags;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(fflags, uap->flags);
|
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, UIO_USERSPACE,
|
|
|
|
uap->path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
2002-12-14 01:56:26 +00:00
|
|
|
error = setfflags(td, nd.ni_vp, uap->flags);
|
1998-05-11 04:55:28 +01:00
|
|
|
vrele(nd.ni_vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2004-01-11 19:52:10 +00:00
|
|
|
return (error);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
|
2002-05-06 00:47:41 +01:00
|
|
|
/*
|
|
|
|
* Same as chflags() but doesn't follow symlinks.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
lchflags(td, uap)
|
|
|
|
struct thread *td;
|
|
|
|
register struct lchflags_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
int flags;
|
2002-05-06 00:47:41 +01:00
|
|
|
} */ *uap;
|
|
|
|
{
|
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
2002-05-06 00:47:41 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(fflags, uap->flags);
|
|
|
|
NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNODE1, UIO_USERSPACE,
|
|
|
|
uap->path, td);
|
2002-05-06 00:47:41 +01:00
|
|
|
if ((error = namei(&nd)) != 0)
|
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
2002-05-06 00:47:41 +01:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2002-12-14 01:56:26 +00:00
|
|
|
error = setfflags(td, nd.ni_vp, uap->flags);
|
2002-05-06 00:47:41 +01:00
|
|
|
vrele(nd.ni_vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2004-01-11 19:52:10 +00:00
|
|
|
return (error);
|
2002-05-06 00:47:41 +01:00
|
|
|
}
|
|
|
|
|
1994-05-24 11:09:53 +01:00
|
|
|
/*
|
|
|
|
* Change flags of a file given a file descriptor.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct fchflags_args {
|
|
|
|
int fd;
|
|
|
|
int flags;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
fchflags(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct fchflags_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
|
|
|
int flags;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
|
|
|
struct file *fp;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(fd, uap->fd);
|
|
|
|
AUDIT_ARG(fflags, uap->flags);
|
2002-12-14 01:56:26 +00:00
|
|
|
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
#ifdef AUDIT
|
|
|
|
vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td);
|
|
|
|
AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
|
|
|
|
VOP_UNLOCK(fp->f_vnode, 0, td);
|
|
|
|
#endif
|
2003-06-22 09:41:43 +01:00
|
|
|
error = setfflags(td, fp->f_vnode, uap->flags);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2005-12-20 00:49:59 +00:00
|
|
|
fdrop(fp, td);
|
2002-01-13 11:58:06 +00:00
|
|
|
return (error);
|
1998-05-11 04:55:28 +01:00
|
|
|
}
|
|
|
|
|
2000-09-14 20:13:59 +01:00
|
|
|
/*
|
|
|
|
* Common implementation code for chmod(), lchmod() and fchmod().
|
|
|
|
*/
|
1998-05-11 04:55:28 +01:00
|
|
|
static int
|
2001-09-12 09:38:13 +01:00
|
|
|
setfmode(td, vp, mode)
|
|
|
|
struct thread *td;
|
1998-05-11 04:55:28 +01:00
|
|
|
struct vnode *vp;
|
|
|
|
int mode;
|
|
|
|
{
|
|
|
|
int error;
|
2000-07-11 23:07:57 +01:00
|
|
|
struct mount *mp;
|
1998-05-11 04:55:28 +01:00
|
|
|
struct vattr vattr;
|
|
|
|
|
2000-07-11 23:07:57 +01:00
|
|
|
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
|
|
|
|
return (error);
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
|
2001-09-12 09:38:13 +01:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
1995-10-22 09:32:48 +00:00
|
|
|
VATTR_NULL(&vattr);
|
1998-05-11 04:55:28 +01:00
|
|
|
vattr.va_mode = mode & ALLPERMS;
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_vnode_setmode(td->td_ucred, vp, vattr.va_mode);
|
|
|
|
if (error == 0)
|
|
|
|
#endif
|
|
|
|
error = VOP_SETATTR(vp, &vattr, td->td_ucred, td);
|
2001-09-12 09:38:13 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
2000-07-11 23:07:57 +01:00
|
|
|
vn_finished_write(mp);
|
2004-01-11 19:52:10 +00:00
|
|
|
return (error);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Change mode of a file given path name.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct chmod_args {
|
|
|
|
char *path;
|
|
|
|
int mode;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
chmod(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct chmod_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
int mode;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
2002-09-01 21:37:28 +01:00
|
|
|
{
|
|
|
|
|
|
|
|
return (kern_chmod(td, uap->path, UIO_USERSPACE, uap->mode));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_chmod(struct thread *td, char *path, enum uio_seg pathseg, int mode)
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(mode, mode);
|
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2002-09-01 21:37:28 +01:00
|
|
|
error = setfmode(td, nd.ni_vp, mode);
|
1998-05-11 04:55:28 +01:00
|
|
|
vrele(nd.ni_vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2004-01-11 19:52:10 +00:00
|
|
|
return (error);
|
1998-05-11 04:55:28 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Change mode of a file given path name (don't follow links.)
|
|
|
|
*/
|
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
|
|
|
struct lchmod_args {
|
|
|
|
char *path;
|
|
|
|
int mode;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
lchmod(td, uap)
|
|
|
|
struct thread *td;
|
1998-05-11 04:55:28 +01:00
|
|
|
register struct lchmod_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
int mode;
|
1998-05-11 04:55:28 +01:00
|
|
|
} */ *uap;
|
|
|
|
{
|
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1998-05-11 04:55:28 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(mode, (mode_t)uap->mode);
|
|
|
|
NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNODE1, UIO_USERSPACE,
|
|
|
|
uap->path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1998-05-11 04:55:28 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2002-12-14 01:56:26 +00:00
|
|
|
error = setfmode(td, nd.ni_vp, uap->mode);
|
1998-05-11 04:55:28 +01:00
|
|
|
vrele(nd.ni_vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2004-01-11 19:52:10 +00:00
|
|
|
return (error);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Change mode of a file given a file descriptor.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct fchmod_args {
|
|
|
|
int fd;
|
|
|
|
int mode;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
fchmod(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct fchmod_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
|
|
|
int mode;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
|
|
|
struct file *fp;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(fd, uap->fd);
|
|
|
|
AUDIT_ARG(mode, uap->mode);
|
2002-12-14 01:56:26 +00:00
|
|
|
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
#ifdef AUDIT
|
|
|
|
vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td);
|
|
|
|
AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
|
|
|
|
VOP_UNLOCK(fp->f_vnode, 0, td);
|
|
|
|
#endif
|
2003-06-22 09:41:43 +01:00
|
|
|
error = setfmode(td, fp->f_vnode, uap->mode);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2005-12-20 00:49:59 +00:00
|
|
|
fdrop(fp, td);
|
2002-01-13 11:58:06 +00:00
|
|
|
return (error);
|
1998-05-11 04:55:28 +01:00
|
|
|
}
|
|
|
|
|
2000-09-14 20:13:59 +01:00
|
|
|
/*
|
|
|
|
* Common implementation for chown(), lchown(), and fchown()
|
|
|
|
*/
|
1998-05-11 04:55:28 +01:00
|
|
|
static int
|
2001-09-12 09:38:13 +01:00
|
|
|
setfown(td, vp, uid, gid)
|
|
|
|
struct thread *td;
|
1998-05-11 04:55:28 +01:00
|
|
|
struct vnode *vp;
|
|
|
|
uid_t uid;
|
|
|
|
gid_t gid;
|
|
|
|
{
|
|
|
|
int error;
|
2000-07-11 23:07:57 +01:00
|
|
|
struct mount *mp;
|
1998-05-11 04:55:28 +01:00
|
|
|
struct vattr vattr;
|
|
|
|
|
2000-07-11 23:07:57 +01:00
|
|
|
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
|
|
|
|
return (error);
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
|
2001-09-12 09:38:13 +01:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
1995-10-22 09:32:48 +00:00
|
|
|
VATTR_NULL(&vattr);
|
1998-05-11 04:55:28 +01:00
|
|
|
vattr.va_uid = uid;
|
|
|
|
vattr.va_gid = gid;
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_vnode_setowner(td->td_ucred, vp, vattr.va_uid,
|
|
|
|
vattr.va_gid);
|
|
|
|
if (error == 0)
|
|
|
|
#endif
|
|
|
|
error = VOP_SETATTR(vp, &vattr, td->td_ucred, td);
|
2001-09-12 09:38:13 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
2000-07-11 23:07:57 +01:00
|
|
|
vn_finished_write(mp);
|
2004-01-11 19:52:10 +00:00
|
|
|
return (error);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set ownership given a path name.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct chown_args {
|
|
|
|
char *path;
|
|
|
|
int uid;
|
|
|
|
int gid;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
chown(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct chown_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
int uid;
|
|
|
|
int gid;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2002-09-01 21:37:28 +01:00
|
|
|
|
|
|
|
return (kern_chown(td, uap->path, UIO_USERSPACE, uap->uid, uap->gid));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_chown(struct thread *td, char *path, enum uio_seg pathseg, int uid,
|
|
|
|
int gid)
|
|
|
|
{
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(owner, uid, gid);
|
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2002-09-01 21:37:28 +01:00
|
|
|
error = setfown(td, nd.ni_vp, uid, gid);
|
1998-05-11 04:55:28 +01:00
|
|
|
vrele(nd.ni_vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
1997-03-31 13:21:37 +01:00
|
|
|
/*
|
|
|
|
* Set ownership given a path name, do not cross symlinks.
|
|
|
|
*/
|
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
|
|
|
struct lchown_args {
|
|
|
|
char *path;
|
|
|
|
int uid;
|
|
|
|
int gid;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
lchown(td, uap)
|
|
|
|
struct thread *td;
|
1997-03-31 13:21:37 +01:00
|
|
|
register struct lchown_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
int uid;
|
|
|
|
int gid;
|
1997-03-31 13:21:37 +01:00
|
|
|
} */ *uap;
|
|
|
|
{
|
2002-09-01 21:37:28 +01:00
|
|
|
|
|
|
|
return (kern_lchown(td, uap->path, UIO_USERSPACE, uap->uid, uap->gid));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_lchown(struct thread *td, char *path, enum uio_seg pathseg, int uid,
|
|
|
|
int gid)
|
|
|
|
{
|
1997-03-31 13:21:37 +01:00
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1997-03-31 13:21:37 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(owner, uid, gid);
|
|
|
|
NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1997-03-31 13:21:37 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2002-09-01 21:37:28 +01:00
|
|
|
error = setfown(td, nd.ni_vp, uid, gid);
|
1998-05-11 04:55:28 +01:00
|
|
|
vrele(nd.ni_vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1997-03-31 13:21:37 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
1994-05-24 11:09:53 +01:00
|
|
|
/*
|
|
|
|
* Set ownership given a file descriptor.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct fchown_args {
|
|
|
|
int fd;
|
|
|
|
int uid;
|
|
|
|
int gid;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
fchown(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct fchown_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
|
|
|
int uid;
|
|
|
|
int gid;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
|
|
|
struct file *fp;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(fd, uap->fd);
|
|
|
|
AUDIT_ARG(owner, uap->uid, uap->gid);
|
2002-12-14 01:56:26 +00:00
|
|
|
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
#ifdef AUDIT
|
|
|
|
vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td);
|
|
|
|
AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
|
|
|
|
VOP_UNLOCK(fp->f_vnode, 0, td);
|
|
|
|
#endif
|
2003-06-22 09:41:43 +01:00
|
|
|
error = setfown(td, fp->f_vnode, uap->uid, uap->gid);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2005-12-20 00:49:59 +00:00
|
|
|
fdrop(fp, td);
|
2002-01-13 11:58:06 +00:00
|
|
|
return (error);
|
1998-05-11 04:55:28 +01:00
|
|
|
}
|
|
|
|
|
2000-09-14 20:13:59 +01:00
|
|
|
/*
|
|
|
|
* Common implementation code for utimes(), lutimes(), and futimes().
|
|
|
|
*/
|
1998-05-11 04:55:28 +01:00
|
|
|
static int
|
2002-09-01 21:37:28 +01:00
|
|
|
getutimes(usrtvp, tvpseg, tsp)
|
1999-08-22 02:46:57 +01:00
|
|
|
const struct timeval *usrtvp;
|
2002-09-01 21:37:28 +01:00
|
|
|
enum uio_seg tvpseg;
|
1999-08-22 02:46:57 +01:00
|
|
|
struct timespec *tsp;
|
|
|
|
{
|
2006-01-04 00:47:13 +00:00
|
|
|
struct timeval tv[2];
|
2002-09-01 21:37:28 +01:00
|
|
|
const struct timeval *tvp;
|
1999-08-22 02:46:57 +01:00
|
|
|
int error;
|
|
|
|
|
|
|
|
if (usrtvp == NULL) {
|
1999-08-22 17:50:30 +01:00
|
|
|
microtime(&tv[0]);
|
|
|
|
TIMEVAL_TO_TIMESPEC(&tv[0], &tsp[0]);
|
1999-08-22 02:46:57 +01:00
|
|
|
tsp[1] = tsp[0];
|
|
|
|
} else {
|
2002-09-01 21:37:28 +01:00
|
|
|
if (tvpseg == UIO_SYSSPACE) {
|
|
|
|
tvp = usrtvp;
|
|
|
|
} else {
|
|
|
|
if ((error = copyin(usrtvp, tv, sizeof(tv))) != 0)
|
|
|
|
return (error);
|
|
|
|
tvp = tv;
|
|
|
|
}
|
|
|
|
|
2006-01-04 07:50:54 +00:00
|
|
|
if (tvp[0].tv_usec < 0 || tvp[0].tv_usec >= 1000000 ||
|
|
|
|
tvp[1].tv_usec < 0 || tvp[1].tv_usec >= 1000000)
|
2006-01-04 00:47:13 +00:00
|
|
|
return (EINVAL);
|
|
|
|
TIMEVAL_TO_TIMESPEC(&tvp[0], &tsp[0]);
|
|
|
|
TIMEVAL_TO_TIMESPEC(&tvp[1], &tsp[1]);
|
1999-08-22 02:46:57 +01:00
|
|
|
}
|
2004-01-11 19:52:10 +00:00
|
|
|
return (0);
|
1999-08-22 02:46:57 +01:00
|
|
|
}
|
|
|
|
|
2000-09-14 20:13:59 +01:00
|
|
|
/*
|
|
|
|
* Common implementation code for utimes(), lutimes(), and futimes().
|
|
|
|
*/
|
1999-08-22 02:46:57 +01:00
|
|
|
static int
|
2002-07-17 03:03:19 +01:00
|
|
|
setutimes(td, vp, ts, numtimes, nullflag)
|
2001-09-12 09:38:13 +01:00
|
|
|
struct thread *td;
|
1998-05-11 04:55:28 +01:00
|
|
|
struct vnode *vp;
|
1999-08-22 02:46:57 +01:00
|
|
|
const struct timespec *ts;
|
2002-07-17 03:03:19 +01:00
|
|
|
int numtimes;
|
1998-05-11 04:55:28 +01:00
|
|
|
int nullflag;
|
|
|
|
{
|
2002-07-17 03:03:19 +01:00
|
|
|
int error, setbirthtime;
|
2000-07-11 23:07:57 +01:00
|
|
|
struct mount *mp;
|
1998-05-11 04:55:28 +01:00
|
|
|
struct vattr vattr;
|
|
|
|
|
2000-07-11 23:07:57 +01:00
|
|
|
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
|
|
|
|
return (error);
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
|
2001-09-12 09:38:13 +01:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
2002-07-17 03:03:19 +01:00
|
|
|
setbirthtime = 0;
|
|
|
|
if (numtimes < 3 && VOP_GETATTR(vp, &vattr, td->td_ucred, td) == 0 &&
|
|
|
|
timespeccmp(&ts[1], &vattr.va_birthtime, < ))
|
|
|
|
setbirthtime = 1;
|
1995-10-22 09:32:48 +00:00
|
|
|
VATTR_NULL(&vattr);
|
1999-08-22 02:46:57 +01:00
|
|
|
vattr.va_atime = ts[0];
|
|
|
|
vattr.va_mtime = ts[1];
|
2002-07-17 03:03:19 +01:00
|
|
|
if (setbirthtime)
|
|
|
|
vattr.va_birthtime = ts[1];
|
|
|
|
if (numtimes > 2)
|
|
|
|
vattr.va_birthtime = ts[2];
|
1998-05-11 04:55:28 +01:00
|
|
|
if (nullflag)
|
|
|
|
vattr.va_vaflags |= VA_UTIMES_NULL;
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_vnode_setutimes(td->td_ucred, vp, vattr.va_atime,
|
|
|
|
vattr.va_mtime);
|
|
|
|
#endif
|
2002-10-02 10:09:25 +01:00
|
|
|
if (error == 0)
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
error = VOP_SETATTR(vp, &vattr, td->td_ucred, td);
|
2001-09-12 09:38:13 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
2000-07-11 23:07:57 +01:00
|
|
|
vn_finished_write(mp);
|
2004-01-11 19:52:10 +00:00
|
|
|
return (error);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set the access and modification times of a file.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct utimes_args {
|
|
|
|
char *path;
|
|
|
|
struct timeval *tptr;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
utimes(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct utimes_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
struct timeval *tptr;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2002-09-01 21:37:28 +01:00
|
|
|
|
|
|
|
return (kern_utimes(td, uap->path, UIO_USERSPACE, uap->tptr,
|
|
|
|
UIO_USERSPACE));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_utimes(struct thread *td, char *path, enum uio_seg pathseg,
|
|
|
|
struct timeval *tptr, enum uio_seg tptrseg)
|
|
|
|
{
|
1999-08-22 02:46:57 +01:00
|
|
|
struct timespec ts[2];
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
2002-09-01 21:37:28 +01:00
|
|
|
if ((error = getutimes(tptr, tptrseg, ts)) != 0)
|
1999-08-22 02:46:57 +01:00
|
|
|
return (error);
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2002-09-01 21:37:28 +01:00
|
|
|
error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL);
|
1998-05-11 04:55:28 +01:00
|
|
|
vrele(nd.ni_vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
1998-05-11 04:55:28 +01:00
|
|
|
/*
|
|
|
|
* Set the access and modification times of a file.
|
|
|
|
*/
|
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
|
|
|
struct lutimes_args {
|
|
|
|
char *path;
|
|
|
|
struct timeval *tptr;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
lutimes(td, uap)
|
|
|
|
struct thread *td;
|
1998-05-11 04:55:28 +01:00
|
|
|
register struct lutimes_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
struct timeval *tptr;
|
1998-05-11 04:55:28 +01:00
|
|
|
} */ *uap;
|
|
|
|
{
|
2002-09-01 21:37:28 +01:00
|
|
|
|
|
|
|
return (kern_lutimes(td, uap->path, UIO_USERSPACE, uap->tptr,
|
|
|
|
UIO_USERSPACE));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_lutimes(struct thread *td, char *path, enum uio_seg pathseg,
|
|
|
|
struct timeval *tptr, enum uio_seg tptrseg)
|
|
|
|
{
|
1999-08-22 02:46:57 +01:00
|
|
|
struct timespec ts[2];
|
1998-05-11 04:55:28 +01:00
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1998-05-11 04:55:28 +01:00
|
|
|
|
2002-09-01 21:37:28 +01:00
|
|
|
if ((error = getutimes(tptr, tptrseg, ts)) != 0)
|
1999-08-22 02:46:57 +01:00
|
|
|
return (error);
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, NOFOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1998-05-11 04:55:28 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2002-09-01 21:37:28 +01:00
|
|
|
error = setutimes(td, nd.ni_vp, ts, 2, tptr == NULL);
|
1998-05-11 04:55:28 +01:00
|
|
|
vrele(nd.ni_vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1998-05-11 04:55:28 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set the access and modification times of a file.
|
|
|
|
*/
|
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
|
|
|
struct futimes_args {
|
|
|
|
int fd;
|
|
|
|
struct timeval *tptr;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
futimes(td, uap)
|
|
|
|
struct thread *td;
|
1998-05-11 04:55:28 +01:00
|
|
|
register struct futimes_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
|
|
|
struct timeval *tptr;
|
1998-05-11 04:55:28 +01:00
|
|
|
} */ *uap;
|
|
|
|
{
|
2002-09-01 21:37:28 +01:00
|
|
|
|
|
|
|
return (kern_futimes(td, uap->fd, uap->tptr, UIO_USERSPACE));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_futimes(struct thread *td, int fd, struct timeval *tptr,
|
|
|
|
enum uio_seg tptrseg)
|
|
|
|
{
|
1999-08-22 02:46:57 +01:00
|
|
|
struct timespec ts[2];
|
1998-05-11 04:55:28 +01:00
|
|
|
struct file *fp;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1998-05-11 04:55:28 +01:00
|
|
|
int error;
|
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(fd, fd);
|
2002-09-01 21:37:28 +01:00
|
|
|
if ((error = getutimes(tptr, tptrseg, ts)) != 0)
|
1999-08-22 02:46:57 +01:00
|
|
|
return (error);
|
2002-09-01 21:37:28 +01:00
|
|
|
if ((error = getvnode(td->td_proc->p_fd, fd, &fp)) != 0)
|
1998-05-11 04:55:28 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
#ifdef AUDIT
|
|
|
|
vn_lock(fp->f_vnode, LK_EXCLUSIVE | LK_RETRY, td);
|
|
|
|
AUDIT_ARG(vnode, fp->f_vnode, ARG_VNODE1);
|
|
|
|
VOP_UNLOCK(fp->f_vnode, 0, td);
|
|
|
|
#endif
|
2003-06-22 09:41:43 +01:00
|
|
|
error = setutimes(td, fp->f_vnode, ts, 2, tptr == NULL);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2005-12-20 00:49:59 +00:00
|
|
|
fdrop(fp, td);
|
2002-01-13 11:58:06 +00:00
|
|
|
return (error);
|
1998-05-11 04:55:28 +01:00
|
|
|
}
|
|
|
|
|
1994-05-24 11:09:53 +01:00
|
|
|
/*
|
|
|
|
* Truncate a file given its path name.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct truncate_args {
|
|
|
|
char *path;
|
|
|
|
int pad;
|
|
|
|
off_t length;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
truncate(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct truncate_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
int pad;
|
|
|
|
off_t length;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
2002-09-01 21:37:28 +01:00
|
|
|
{
|
|
|
|
|
|
|
|
return (kern_truncate(td, uap->path, UIO_USERSPACE, uap->length));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_truncate(struct thread *td, char *path, enum uio_seg pathseg, off_t length)
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2000-07-11 23:07:57 +01:00
|
|
|
struct mount *mp;
|
|
|
|
struct vnode *vp;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct vattr vattr;
|
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
2002-09-01 21:37:28 +01:00
|
|
|
if (length < 0)
|
1994-09-02 11:23:43 +01:00
|
|
|
return(EINVAL);
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1994-05-24 11:09:53 +01:00
|
|
|
vp = nd.ni_vp;
|
2000-07-11 23:07:57 +01:00
|
|
|
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) {
|
|
|
|
vrele(vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2000-07-11 23:07:57 +01:00
|
|
|
return (error);
|
|
|
|
}
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
|
2001-09-12 09:38:13 +01:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
1994-05-24 11:09:53 +01:00
|
|
|
if (vp->v_type == VDIR)
|
|
|
|
error = EISDIR;
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#ifdef MAC
|
2002-08-19 20:04:53 +01:00
|
|
|
else if ((error = mac_check_vnode_write(td->td_ucred, NOCRED, vp))) {
|
|
|
|
}
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#endif
|
1994-05-24 11:09:53 +01:00
|
|
|
else if ((error = vn_writechk(vp)) == 0 &&
|
2002-02-27 18:32:23 +00:00
|
|
|
(error = VOP_ACCESS(vp, VWRITE, td->td_ucred, td)) == 0) {
|
1994-05-24 11:09:53 +01:00
|
|
|
VATTR_NULL(&vattr);
|
2002-09-01 21:37:28 +01:00
|
|
|
vattr.va_size = length;
|
2002-02-27 18:32:23 +00:00
|
|
|
error = VOP_SETATTR(vp, &vattr, td->td_ucred, td);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
vput(vp);
|
2000-07-11 23:07:57 +01:00
|
|
|
vn_finished_write(mp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Truncate a file given a file descriptor.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct ftruncate_args {
|
|
|
|
int fd;
|
|
|
|
int pad;
|
|
|
|
off_t length;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
ftruncate(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct ftruncate_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
|
|
|
int pad;
|
|
|
|
off_t length;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2000-07-11 23:07:57 +01:00
|
|
|
struct mount *mp;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct vattr vattr;
|
|
|
|
struct vnode *vp;
|
|
|
|
struct file *fp;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(fd, uap->fd);
|
1994-09-02 11:23:43 +01:00
|
|
|
if (uap->length < 0)
|
|
|
|
return(EINVAL);
|
2002-12-14 01:56:26 +00:00
|
|
|
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2002-01-13 11:58:06 +00:00
|
|
|
if ((fp->f_flag & FWRITE) == 0) {
|
|
|
|
fdrop(fp, td);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (EINVAL);
|
2002-01-13 11:58:06 +00:00
|
|
|
}
|
2003-06-22 09:41:43 +01:00
|
|
|
vp = fp->f_vnode;
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
|
|
|
|
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
|
|
|
|
goto drop;
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
|
2001-09-12 09:38:13 +01:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(vnode, vp, ARG_VNODE1);
|
1994-05-24 11:09:53 +01:00
|
|
|
if (vp->v_type == VDIR)
|
|
|
|
error = EISDIR;
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#ifdef MAC
|
2002-08-19 20:04:53 +01:00
|
|
|
else if ((error = mac_check_vnode_write(td->td_ucred, fp->f_cred,
|
|
|
|
vp))) {
|
|
|
|
}
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#endif
|
1994-05-24 11:09:53 +01:00
|
|
|
else if ((error = vn_writechk(vp)) == 0) {
|
|
|
|
VATTR_NULL(&vattr);
|
2002-12-14 01:56:26 +00:00
|
|
|
vattr.va_size = uap->length;
|
2001-09-12 09:38:13 +01:00
|
|
|
error = VOP_SETATTR(vp, &vattr, fp->f_cred, td);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
2001-09-12 09:38:13 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
2000-07-11 23:07:57 +01:00
|
|
|
vn_finished_write(mp);
|
2005-01-24 10:25:44 +00:00
|
|
|
drop:
|
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2002-01-13 11:58:06 +00:00
|
|
|
fdrop(fp, td);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2004-06-11 12:16:26 +01:00
|
|
|
#if defined(COMPAT_43)
|
1994-05-24 11:09:53 +01:00
|
|
|
/*
|
|
|
|
* Truncate a file given its path name.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct otruncate_args {
|
|
|
|
char *path;
|
|
|
|
long length;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
otruncate(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct otruncate_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
long length;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
1997-02-10 02:22:35 +00:00
|
|
|
struct truncate_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
int pad;
|
|
|
|
off_t length;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ nuap;
|
|
|
|
|
2002-12-14 01:56:26 +00:00
|
|
|
nuap.path = uap->path;
|
|
|
|
nuap.length = uap->length;
|
2001-09-12 09:38:13 +01:00
|
|
|
return (truncate(td, &nuap));
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Truncate a file given a file descriptor.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct oftruncate_args {
|
|
|
|
int fd;
|
|
|
|
long length;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
oftruncate(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct oftruncate_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
|
|
|
long length;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
1997-02-10 02:22:35 +00:00
|
|
|
struct ftruncate_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
|
|
|
int pad;
|
|
|
|
off_t length;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ nuap;
|
|
|
|
|
2002-12-14 01:56:26 +00:00
|
|
|
nuap.fd = uap->fd;
|
|
|
|
nuap.length = uap->length;
|
2001-09-12 09:38:13 +01:00
|
|
|
return (ftruncate(td, &nuap));
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
2004-06-11 12:16:26 +01:00
|
|
|
#endif /* COMPAT_43 */
|
1994-05-24 11:09:53 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Sync an open file.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct fsync_args {
|
|
|
|
int fd;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
fsync(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
struct fsync_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2000-07-11 23:07:57 +01:00
|
|
|
struct vnode *vp;
|
|
|
|
struct mount *mp;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct file *fp;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(fd, uap->fd);
|
2002-12-14 01:56:26 +00:00
|
|
|
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2003-06-22 09:41:43 +01:00
|
|
|
vp = fp->f_vnode;
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
|
|
|
|
if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0)
|
|
|
|
goto drop;
|
2001-09-12 09:38:13 +01:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(vnode, vp, ARG_VNODE1);
|
2005-01-25 00:40:01 +00:00
|
|
|
if (vp->v_object != NULL) {
|
|
|
|
VM_OBJECT_LOCK(vp->v_object);
|
|
|
|
vm_object_page_clean(vp->v_object, 0, 0, 0);
|
|
|
|
VM_OBJECT_UNLOCK(vp->v_object);
|
2001-05-19 02:28:09 +01:00
|
|
|
}
|
2005-01-11 07:36:22 +00:00
|
|
|
error = VOP_FSYNC(vp, MNT_WAIT, td);
|
2000-06-16 15:32:13 +01:00
|
|
|
|
2001-09-12 09:38:13 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
2000-07-11 23:07:57 +01:00
|
|
|
vn_finished_write(mp);
|
2005-01-24 10:25:44 +00:00
|
|
|
drop:
|
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2002-01-13 11:58:06 +00:00
|
|
|
fdrop(fp, td);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Rename files. Source and destination must either both be directories,
|
|
|
|
* or both not be directories. If target is a directory, it must be empty.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct rename_args {
|
|
|
|
char *from;
|
|
|
|
char *to;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
rename(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct rename_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *from;
|
|
|
|
char *to;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
2002-09-01 21:37:28 +01:00
|
|
|
{
|
|
|
|
|
|
|
|
return (kern_rename(td, uap->from, uap->to, UIO_USERSPACE));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_rename(struct thread *td, char *from, char *to, enum uio_seg pathseg)
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2002-10-27 23:23:51 +00:00
|
|
|
struct mount *mp = NULL;
|
2000-07-11 23:07:57 +01:00
|
|
|
struct vnode *tvp, *fvp, *tdvp;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct nameidata fromnd, tond;
|
2005-01-24 10:25:44 +00:00
|
|
|
int tvfslocked;
|
|
|
|
int fvfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
|
|
|
|
2000-01-10 00:08:53 +00:00
|
|
|
bwillwrite();
|
2002-10-19 21:25:57 +01:00
|
|
|
#ifdef MAC
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART | MPSAFE |
|
|
|
|
AUDITVNODE1, pathseg, from, td);
|
2002-10-19 21:25:57 +01:00
|
|
|
#else
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&fromnd, DELETE, WANTPARENT | SAVESTART | MPSAFE |
|
|
|
|
AUDITVNODE1, pathseg, from, td);
|
2002-10-19 21:25:57 +01:00
|
|
|
#endif
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&fromnd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
fvfslocked = NDHASGIANT(&fromnd);
|
|
|
|
tvfslocked = 0;
|
2002-10-19 21:25:57 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_vnode_rename_from(td->td_ucred, fromnd.ni_dvp,
|
|
|
|
fromnd.ni_vp, &fromnd.ni_cnd);
|
|
|
|
VOP_UNLOCK(fromnd.ni_dvp, 0, td);
|
2006-10-26 14:20:28 +01:00
|
|
|
if (fromnd.ni_dvp != fromnd.ni_vp)
|
|
|
|
VOP_UNLOCK(fromnd.ni_vp, 0, td);
|
2002-10-19 21:25:57 +01:00
|
|
|
#endif
|
1994-05-24 11:09:53 +01:00
|
|
|
fvp = fromnd.ni_vp;
|
2002-10-19 21:25:57 +01:00
|
|
|
if (error == 0)
|
|
|
|
error = vn_start_write(fvp, &mp, V_WAIT | PCATCH);
|
|
|
|
if (error != 0) {
|
2000-07-11 23:07:57 +01:00
|
|
|
NDFREE(&fromnd, NDF_ONLY_PNBUF);
|
|
|
|
vrele(fromnd.ni_dvp);
|
|
|
|
vrele(fvp);
|
|
|
|
goto out1;
|
|
|
|
}
|
2002-09-01 21:37:28 +01:00
|
|
|
NDINIT(&tond, RENAME, LOCKPARENT | LOCKLEAF | NOCACHE | SAVESTART |
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
MPSAFE | AUDITVNODE2, pathseg, to, td);
|
1995-07-31 01:35:58 +01:00
|
|
|
if (fromnd.ni_vp->v_type == VDIR)
|
|
|
|
tond.ni_cnd.cn_flags |= WILLBEDIR;
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&tond)) != 0) {
|
1995-11-18 11:35:05 +00:00
|
|
|
/* Translate error code for rename("dir1", "dir2/."). */
|
|
|
|
if (error == EISDIR && fvp->v_type == VDIR)
|
|
|
|
error = EINVAL;
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&fromnd, NDF_ONLY_PNBUF);
|
1994-05-24 11:09:53 +01:00
|
|
|
vrele(fromnd.ni_dvp);
|
|
|
|
vrele(fvp);
|
2005-09-01 22:46:33 +01:00
|
|
|
vn_finished_write(mp);
|
1994-05-24 11:09:53 +01:00
|
|
|
goto out1;
|
|
|
|
}
|
2005-02-02 17:17:15 +00:00
|
|
|
tvfslocked = NDHASGIANT(&tond);
|
1994-05-24 11:09:53 +01:00
|
|
|
tdvp = tond.ni_dvp;
|
|
|
|
tvp = tond.ni_vp;
|
|
|
|
if (tvp != NULL) {
|
|
|
|
if (fvp->v_type == VDIR && tvp->v_type != VDIR) {
|
|
|
|
error = ENOTDIR;
|
|
|
|
goto out;
|
|
|
|
} else if (fvp->v_type != VDIR && tvp->v_type == VDIR) {
|
|
|
|
error = EISDIR;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (fvp == tdvp)
|
|
|
|
error = EINVAL;
|
|
|
|
/*
|
2002-09-10 12:09:13 +01:00
|
|
|
* If the source is the same as the destination (that is, if they
|
|
|
|
* are links to the same vnode), then there is nothing to do.
|
1994-05-24 11:09:53 +01:00
|
|
|
*/
|
2002-09-10 12:09:13 +01:00
|
|
|
if (fvp == tvp)
|
1994-05-24 11:09:53 +01:00
|
|
|
error = -1;
|
2002-10-19 21:25:57 +01:00
|
|
|
#ifdef MAC
|
|
|
|
else
|
|
|
|
error = mac_check_vnode_rename_to(td->td_ucred, tdvp,
|
|
|
|
tond.ni_vp, fromnd.ni_dvp == tdvp, &tond.ni_cnd);
|
|
|
|
#endif
|
1994-05-24 11:09:53 +01:00
|
|
|
out:
|
|
|
|
if (!error) {
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(tdvp, td, td->td_ucred, LEASE_WRITE);
|
Make our v_usecount vnode reference count work identically to the
original BSD code. The association between the vnode and the vm_object
no longer includes reference counts. The major difference is that
vm_object's are no longer freed gratuitiously from the vnode, and so
once an object is created for the vnode, it will last as long as the
vnode does.
When a vnode object reference count is incremented, then the underlying
vnode reference count is incremented also. The two "objects" are now
more intimately related, and so the interactions are now much less
complex.
When vnodes are now normally placed onto the free queue with an object still
attached. The rundown of the object happens at vnode rundown time, and
happens with exactly the same filesystem semantics of the original VFS
code. There is absolutely no need for vnode_pager_uncache and other
travesties like that anymore.
A side-effect of these changes is that SMP locking should be much simpler,
the I/O copyin/copyout optimizations work, NFS should be more ponderable,
and further work on layered filesystems should be less frustrating, because
of the totally coherent management of the vnode objects and vnodes.
Please be careful with your system while running this code, but I would
greatly appreciate feedback as soon a reasonably possible.
1998-01-06 05:26:17 +00:00
|
|
|
if (fromnd.ni_dvp != tdvp) {
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(fromnd.ni_dvp, td, td->td_ucred, LEASE_WRITE);
|
Make our v_usecount vnode reference count work identically to the
original BSD code. The association between the vnode and the vm_object
no longer includes reference counts. The major difference is that
vm_object's are no longer freed gratuitiously from the vnode, and so
once an object is created for the vnode, it will last as long as the
vnode does.
When a vnode object reference count is incremented, then the underlying
vnode reference count is incremented also. The two "objects" are now
more intimately related, and so the interactions are now much less
complex.
When vnodes are now normally placed onto the free queue with an object still
attached. The rundown of the object happens at vnode rundown time, and
happens with exactly the same filesystem semantics of the original VFS
code. There is absolutely no need for vnode_pager_uncache and other
travesties like that anymore.
A side-effect of these changes is that SMP locking should be much simpler,
the I/O copyin/copyout optimizations work, NFS should be more ponderable,
and further work on layered filesystems should be less frustrating, because
of the totally coherent management of the vnode objects and vnodes.
Please be careful with your system while running this code, but I would
greatly appreciate feedback as soon a reasonably possible.
1998-01-06 05:26:17 +00:00
|
|
|
}
|
1995-03-19 11:16:58 +00:00
|
|
|
if (tvp) {
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(tvp, td, td->td_ucred, LEASE_WRITE);
|
1995-03-19 11:16:58 +00:00
|
|
|
}
|
1994-05-24 11:09:53 +01:00
|
|
|
error = VOP_RENAME(fromnd.ni_dvp, fromnd.ni_vp, &fromnd.ni_cnd,
|
|
|
|
tond.ni_dvp, tond.ni_vp, &tond.ni_cnd);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&fromnd, NDF_ONLY_PNBUF);
|
|
|
|
NDFREE(&tond, NDF_ONLY_PNBUF);
|
1994-05-24 11:09:53 +01:00
|
|
|
} else {
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&fromnd, NDF_ONLY_PNBUF);
|
|
|
|
NDFREE(&tond, NDF_ONLY_PNBUF);
|
2005-04-11 10:19:08 +01:00
|
|
|
if (tvp)
|
|
|
|
vput(tvp);
|
1994-05-24 11:09:53 +01:00
|
|
|
if (tdvp == tvp)
|
|
|
|
vrele(tdvp);
|
|
|
|
else
|
|
|
|
vput(tdvp);
|
|
|
|
vrele(fromnd.ni_dvp);
|
|
|
|
vrele(fvp);
|
|
|
|
}
|
|
|
|
vrele(tond.ni_startdir);
|
2002-10-27 23:23:51 +00:00
|
|
|
vn_finished_write(mp);
|
2005-09-01 22:46:33 +01:00
|
|
|
out1:
|
1994-05-24 11:09:53 +01:00
|
|
|
if (fromnd.ni_startdir)
|
|
|
|
vrele(fromnd.ni_startdir);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(fvfslocked);
|
|
|
|
VFS_UNLOCK_GIANT(tvfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
if (error == -1)
|
|
|
|
return (0);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Make a directory file.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct mkdir_args {
|
|
|
|
char *path;
|
|
|
|
int mode;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
mkdir(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct mkdir_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
|
|
|
int mode;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2001-09-12 09:38:13 +01:00
|
|
|
|
2002-09-01 21:37:28 +01:00
|
|
|
return (kern_mkdir(td, uap->path, UIO_USERSPACE, uap->mode));
|
2001-09-12 09:38:13 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2002-09-01 21:37:28 +01:00
|
|
|
kern_mkdir(struct thread *td, char *path, enum uio_seg segflg, int mode)
|
2001-09-12 09:38:13 +01:00
|
|
|
{
|
2000-07-11 23:07:57 +01:00
|
|
|
struct mount *mp;
|
|
|
|
struct vnode *vp;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct vattr vattr;
|
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(mode, mode);
|
2000-07-11 23:07:57 +01:00
|
|
|
restart:
|
2000-01-10 00:08:53 +00:00
|
|
|
bwillwrite();
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
|
|
|
|
segflg, path, td);
|
1995-07-31 01:35:58 +01:00
|
|
|
nd.ni_cnd.cn_flags |= WILLBEDIR;
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1994-05-24 11:09:53 +01:00
|
|
|
vp = nd.ni_vp;
|
|
|
|
if (vp != NULL) {
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2002-06-28 21:06:47 +01:00
|
|
|
/*
|
|
|
|
* XXX namei called with LOCKPARENT but not LOCKLEAF has
|
|
|
|
* the strange behaviour of leaving the vnode unlocked
|
|
|
|
* if the target is the same vnode as the parent.
|
|
|
|
*/
|
|
|
|
if (vp == nd.ni_dvp)
|
|
|
|
vrele(nd.ni_dvp);
|
|
|
|
else
|
|
|
|
vput(nd.ni_dvp);
|
2006-02-01 00:25:26 +00:00
|
|
|
vrele(vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (EEXIST);
|
|
|
|
}
|
2000-07-11 23:07:57 +01:00
|
|
|
if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
|
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
|
|
|
vput(nd.ni_dvp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2000-07-11 23:07:57 +01:00
|
|
|
if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
|
|
|
|
return (error);
|
|
|
|
goto restart;
|
|
|
|
}
|
1994-05-24 11:09:53 +01:00
|
|
|
VATTR_NULL(&vattr);
|
|
|
|
vattr.va_type = VDIR;
|
2004-11-13 11:53:02 +00:00
|
|
|
FILEDESC_LOCK_FAST(td->td_proc->p_fd);
|
2001-09-12 09:38:13 +01:00
|
|
|
vattr.va_mode = (mode & ACCESSPERMS) &~ td->td_proc->p_fd->fd_cmask;
|
2004-11-13 11:53:02 +00:00
|
|
|
FILEDESC_UNLOCK_FAST(td->td_proc->p_fd);
|
2002-10-19 21:25:57 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
|
|
|
|
&vattr);
|
|
|
|
if (error)
|
|
|
|
goto out;
|
|
|
|
#endif
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE);
|
1994-05-24 11:09:53 +01:00
|
|
|
error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
|
2002-10-19 21:25:57 +01:00
|
|
|
#ifdef MAC
|
|
|
|
out:
|
|
|
|
#endif
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
1998-05-07 05:58:58 +01:00
|
|
|
vput(nd.ni_dvp);
|
1994-05-24 11:09:53 +01:00
|
|
|
if (!error)
|
|
|
|
vput(nd.ni_vp);
|
2000-07-11 23:07:57 +01:00
|
|
|
vn_finished_write(mp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Remove a directory file.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct rmdir_args {
|
|
|
|
char *path;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
rmdir(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
struct rmdir_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
2002-09-01 21:37:28 +01:00
|
|
|
{
|
|
|
|
|
|
|
|
return (kern_rmdir(td, uap->path, UIO_USERSPACE));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_rmdir(struct thread *td, char *path, enum uio_seg pathseg)
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2000-07-11 23:07:57 +01:00
|
|
|
struct mount *mp;
|
|
|
|
struct vnode *vp;
|
1994-05-24 11:09:53 +01:00
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
2000-07-11 23:07:57 +01:00
|
|
|
restart:
|
2000-01-10 00:08:53 +00:00
|
|
|
bwillwrite();
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, DELETE, LOCKPARENT | LOCKLEAF | MPSAFE | AUDITVNODE1,
|
|
|
|
pathseg, path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1994-05-24 11:09:53 +01:00
|
|
|
vp = nd.ni_vp;
|
|
|
|
if (vp->v_type != VDIR) {
|
|
|
|
error = ENOTDIR;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* No rmdir "." please.
|
|
|
|
*/
|
|
|
|
if (nd.ni_dvp == vp) {
|
|
|
|
error = EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* The root of a mounted filesystem cannot be deleted.
|
|
|
|
*/
|
2002-08-04 11:29:36 +01:00
|
|
|
if (vp->v_vflag & VV_ROOT) {
|
1994-05-24 11:09:53 +01:00
|
|
|
error = EBUSY;
|
2000-07-11 23:07:57 +01:00
|
|
|
goto out;
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
2002-10-19 21:25:57 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_vnode_delete(td->td_ucred, nd.ni_dvp, vp,
|
|
|
|
&nd.ni_cnd);
|
|
|
|
if (error)
|
|
|
|
goto out;
|
|
|
|
#endif
|
2000-07-11 23:07:57 +01:00
|
|
|
if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
|
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2006-02-01 00:25:26 +00:00
|
|
|
vput(vp);
|
2000-07-11 23:07:57 +01:00
|
|
|
if (nd.ni_dvp == vp)
|
|
|
|
vrele(nd.ni_dvp);
|
|
|
|
else
|
|
|
|
vput(nd.ni_dvp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2000-07-11 23:07:57 +01:00
|
|
|
if ((error = vn_start_write(NULL, &mp, V_XSLEEP | PCATCH)) != 0)
|
|
|
|
return (error);
|
|
|
|
goto restart;
|
|
|
|
}
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE);
|
|
|
|
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
|
2000-07-11 23:07:57 +01:00
|
|
|
error = VOP_RMDIR(nd.ni_dvp, nd.ni_vp, &nd.ni_cnd);
|
|
|
|
vn_finished_write(mp);
|
1999-12-15 23:02:35 +00:00
|
|
|
out:
|
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2006-02-01 00:25:26 +00:00
|
|
|
vput(vp);
|
1998-05-07 05:58:58 +01:00
|
|
|
if (nd.ni_dvp == vp)
|
|
|
|
vrele(nd.ni_dvp);
|
|
|
|
else
|
|
|
|
vput(nd.ni_dvp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef COMPAT_43
|
|
|
|
/*
|
2002-05-16 22:28:32 +01:00
|
|
|
* Read a block of directory entries in a filesystem independent format.
|
1994-05-24 11:09:53 +01:00
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct ogetdirentries_args {
|
|
|
|
int fd;
|
|
|
|
char *buf;
|
|
|
|
u_int count;
|
|
|
|
long *basep;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
ogetdirentries(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct ogetdirentries_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
|
|
|
char *buf;
|
|
|
|
u_int count;
|
|
|
|
long *basep;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
1998-11-03 08:01:48 +00:00
|
|
|
struct vnode *vp;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct file *fp;
|
|
|
|
struct uio auio, kuio;
|
|
|
|
struct iovec aiov, kiov;
|
|
|
|
struct dirent *dp, *edp;
|
|
|
|
caddr_t dirbuf;
|
- Add conditional VFS Giant locking to getdents_common() (linux ABIs),
ibcs2_getdents(), ibcs2_read(), ogetdirentries(), svr4_sys_getdents(),
and svr4_sys_getdents64() similar to that in getdirentries().
- Mark ibcs2_getdents(), ibcs2_read(), linux_getdents(), linux_getdents64(),
linux_readdir(), ogetdirentries(), svr4_sys_getdents(), and
svr4_sys_getdents64() MPSAFE.
2006-07-11 21:52:08 +01:00
|
|
|
int error, eofflag, readcnt, vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
long loff;
|
|
|
|
|
2001-08-10 23:14:18 +01:00
|
|
|
/* XXX arbitrary sanity limit on `count'. */
|
2002-12-14 01:56:26 +00:00
|
|
|
if (uap->count > 64 * 1024)
|
2001-08-10 23:14:18 +01:00
|
|
|
return (EINVAL);
|
2002-12-14 01:56:26 +00:00
|
|
|
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2002-01-13 11:58:06 +00:00
|
|
|
if ((fp->f_flag & FREAD) == 0) {
|
|
|
|
fdrop(fp, td);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (EBADF);
|
2002-01-13 11:58:06 +00:00
|
|
|
}
|
2003-06-22 09:41:43 +01:00
|
|
|
vp = fp->f_vnode;
|
1997-02-10 02:22:35 +00:00
|
|
|
unionread:
|
- Add conditional VFS Giant locking to getdents_common() (linux ABIs),
ibcs2_getdents(), ibcs2_read(), ogetdirentries(), svr4_sys_getdents(),
and svr4_sys_getdents64() similar to that in getdirentries().
- Mark ibcs2_getdents(), ibcs2_read(), linux_getdents(), linux_getdents64(),
linux_readdir(), ogetdirentries(), svr4_sys_getdents(), and
svr4_sys_getdents64() MPSAFE.
2006-07-11 21:52:08 +01:00
|
|
|
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
|
2002-01-13 11:58:06 +00:00
|
|
|
if (vp->v_type != VDIR) {
|
- Add conditional VFS Giant locking to getdents_common() (linux ABIs),
ibcs2_getdents(), ibcs2_read(), ogetdirentries(), svr4_sys_getdents(),
and svr4_sys_getdents64() similar to that in getdirentries().
- Mark ibcs2_getdents(), ibcs2_read(), linux_getdents(), linux_getdents64(),
linux_readdir(), ogetdirentries(), svr4_sys_getdents(), and
svr4_sys_getdents64() MPSAFE.
2006-07-11 21:52:08 +01:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2002-01-13 11:58:06 +00:00
|
|
|
fdrop(fp, td);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (EINVAL);
|
2002-01-13 11:58:06 +00:00
|
|
|
}
|
2002-12-14 01:56:26 +00:00
|
|
|
aiov.iov_base = uap->buf;
|
|
|
|
aiov.iov_len = uap->count;
|
1994-05-24 11:09:53 +01:00
|
|
|
auio.uio_iov = &aiov;
|
|
|
|
auio.uio_iovcnt = 1;
|
|
|
|
auio.uio_rw = UIO_READ;
|
|
|
|
auio.uio_segflg = UIO_USERSPACE;
|
2001-09-12 09:38:13 +01:00
|
|
|
auio.uio_td = td;
|
2002-12-14 01:56:26 +00:00
|
|
|
auio.uio_resid = uap->count;
|
2001-09-12 09:38:13 +01:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
1994-05-24 11:09:53 +01:00
|
|
|
loff = auio.uio_offset = fp->f_offset;
|
2002-08-01 21:44:52 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_vnode_readdir(td->td_ucred, vp);
|
|
|
|
if (error) {
|
|
|
|
VOP_UNLOCK(vp, 0, td);
|
- Add conditional VFS Giant locking to getdents_common() (linux ABIs),
ibcs2_getdents(), ibcs2_read(), ogetdirentries(), svr4_sys_getdents(),
and svr4_sys_getdents64() similar to that in getdirentries().
- Mark ibcs2_getdents(), ibcs2_read(), linux_getdents(), linux_getdents64(),
linux_readdir(), ogetdirentries(), svr4_sys_getdents(), and
svr4_sys_getdents64() MPSAFE.
2006-07-11 21:52:08 +01:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2002-08-01 21:44:52 +01:00
|
|
|
fdrop(fp, td);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
#endif
|
1994-05-24 11:09:53 +01:00
|
|
|
# if (BYTE_ORDER != LITTLE_ENDIAN)
|
|
|
|
if (vp->v_mount->mnt_maxsymlinklen <= 0) {
|
1997-02-10 02:22:35 +00:00
|
|
|
error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag,
|
|
|
|
NULL, NULL);
|
1994-05-24 11:09:53 +01:00
|
|
|
fp->f_offset = auio.uio_offset;
|
|
|
|
} else
|
|
|
|
# endif
|
|
|
|
{
|
|
|
|
kuio = auio;
|
|
|
|
kuio.uio_iov = &kiov;
|
|
|
|
kuio.uio_segflg = UIO_SYSSPACE;
|
2002-12-14 01:56:26 +00:00
|
|
|
kiov.iov_len = uap->count;
|
2003-02-19 05:47:46 +00:00
|
|
|
MALLOC(dirbuf, caddr_t, uap->count, M_TEMP, M_WAITOK);
|
1994-05-24 11:09:53 +01:00
|
|
|
kiov.iov_base = dirbuf;
|
1997-02-10 02:22:35 +00:00
|
|
|
error = VOP_READDIR(vp, &kuio, fp->f_cred, &eofflag,
|
|
|
|
NULL, NULL);
|
1994-05-24 11:09:53 +01:00
|
|
|
fp->f_offset = kuio.uio_offset;
|
|
|
|
if (error == 0) {
|
2002-12-14 01:56:26 +00:00
|
|
|
readcnt = uap->count - kuio.uio_resid;
|
1994-05-24 11:09:53 +01:00
|
|
|
edp = (struct dirent *)&dirbuf[readcnt];
|
|
|
|
for (dp = (struct dirent *)dirbuf; dp < edp; ) {
|
|
|
|
# if (BYTE_ORDER == LITTLE_ENDIAN)
|
|
|
|
/*
|
|
|
|
* The expected low byte of
|
|
|
|
* dp->d_namlen is our dp->d_type.
|
|
|
|
* The high MBZ byte of dp->d_namlen
|
|
|
|
* is our dp->d_namlen.
|
|
|
|
*/
|
|
|
|
dp->d_type = dp->d_namlen;
|
|
|
|
dp->d_namlen = 0;
|
|
|
|
# else
|
|
|
|
/*
|
|
|
|
* The dp->d_type is the high byte
|
|
|
|
* of the expected dp->d_namlen,
|
|
|
|
* so must be zero'ed.
|
|
|
|
*/
|
|
|
|
dp->d_type = 0;
|
|
|
|
# endif
|
|
|
|
if (dp->d_reclen > 0) {
|
|
|
|
dp = (struct dirent *)
|
|
|
|
((char *)dp + dp->d_reclen);
|
|
|
|
} else {
|
|
|
|
error = EIO;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (dp >= edp)
|
|
|
|
error = uiomove(dirbuf, readcnt, &auio);
|
|
|
|
}
|
|
|
|
FREE(dirbuf, M_TEMP);
|
|
|
|
}
|
2001-09-12 09:38:13 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
2002-01-13 11:58:06 +00:00
|
|
|
if (error) {
|
- Add conditional VFS Giant locking to getdents_common() (linux ABIs),
ibcs2_getdents(), ibcs2_read(), ogetdirentries(), svr4_sys_getdents(),
and svr4_sys_getdents64() similar to that in getdirentries().
- Mark ibcs2_getdents(), ibcs2_read(), linux_getdents(), linux_getdents64(),
linux_readdir(), ogetdirentries(), svr4_sys_getdents(), and
svr4_sys_getdents64() MPSAFE.
2006-07-11 21:52:08 +01:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2002-01-13 11:58:06 +00:00
|
|
|
fdrop(fp, td);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2002-01-13 11:58:06 +00:00
|
|
|
}
|
2002-12-14 01:56:26 +00:00
|
|
|
if (uap->count == auio.uio_resid) {
|
1999-03-03 02:35:51 +00:00
|
|
|
if (union_dircheckp) {
|
2001-09-12 09:38:13 +01:00
|
|
|
error = union_dircheckp(td, &vp, fp);
|
- Add conditional VFS Giant locking to getdents_common() (linux ABIs),
ibcs2_getdents(), ibcs2_read(), ogetdirentries(), svr4_sys_getdents(),
and svr4_sys_getdents64() similar to that in getdirentries().
- Mark ibcs2_getdents(), ibcs2_read(), linux_getdents(), linux_getdents64(),
linux_readdir(), ogetdirentries(), svr4_sys_getdents(), and
svr4_sys_getdents64() MPSAFE.
2006-07-11 21:52:08 +01:00
|
|
|
if (error == -1) {
|
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1999-03-03 02:35:51 +00:00
|
|
|
goto unionread;
|
- Add conditional VFS Giant locking to getdents_common() (linux ABIs),
ibcs2_getdents(), ibcs2_read(), ogetdirentries(), svr4_sys_getdents(),
and svr4_sys_getdents64() similar to that in getdirentries().
- Mark ibcs2_getdents(), ibcs2_read(), linux_getdents(), linux_getdents64(),
linux_readdir(), ogetdirentries(), svr4_sys_getdents(), and
svr4_sys_getdents64() MPSAFE.
2006-07-11 21:52:08 +01:00
|
|
|
}
|
2002-01-13 11:58:06 +00:00
|
|
|
if (error) {
|
- Add conditional VFS Giant locking to getdents_common() (linux ABIs),
ibcs2_getdents(), ibcs2_read(), ogetdirentries(), svr4_sys_getdents(),
and svr4_sys_getdents64() similar to that in getdirentries().
- Mark ibcs2_getdents(), ibcs2_read(), linux_getdents(), linux_getdents64(),
linux_readdir(), ogetdirentries(), svr4_sys_getdents(), and
svr4_sys_getdents64() MPSAFE.
2006-07-11 21:52:08 +01:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2002-01-13 11:58:06 +00:00
|
|
|
fdrop(fp, td);
|
1999-03-03 02:35:51 +00:00
|
|
|
return (error);
|
2002-01-13 11:58:06 +00:00
|
|
|
}
|
1999-03-03 02:35:51 +00:00
|
|
|
}
|
2002-09-25 03:13:38 +01:00
|
|
|
/*
|
|
|
|
* XXX We could delay dropping the lock above but
|
|
|
|
* union_dircheckp complicates things.
|
|
|
|
*/
|
|
|
|
vn_lock(vp, LK_EXCLUSIVE|LK_RETRY, td);
|
2002-08-04 11:29:36 +01:00
|
|
|
if ((vp->v_vflag & VV_ROOT) &&
|
1999-03-03 02:35:51 +00:00
|
|
|
(vp->v_mount->mnt_flag & MNT_UNION)) {
|
|
|
|
struct vnode *tvp = vp;
|
|
|
|
vp = vp->v_mount->mnt_vnodecovered;
|
|
|
|
VREF(vp);
|
2003-06-22 09:41:43 +01:00
|
|
|
fp->f_vnode = vp;
|
2003-01-13 00:33:17 +00:00
|
|
|
fp->f_data = vp;
|
1999-03-03 02:35:51 +00:00
|
|
|
fp->f_offset = 0;
|
2002-09-25 03:13:38 +01:00
|
|
|
vput(tvp);
|
- Add conditional VFS Giant locking to getdents_common() (linux ABIs),
ibcs2_getdents(), ibcs2_read(), ogetdirentries(), svr4_sys_getdents(),
and svr4_sys_getdents64() similar to that in getdirentries().
- Mark ibcs2_getdents(), ibcs2_read(), linux_getdents(), linux_getdents64(),
linux_readdir(), ogetdirentries(), svr4_sys_getdents(), and
svr4_sys_getdents64() MPSAFE.
2006-07-11 21:52:08 +01:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1997-02-10 02:22:35 +00:00
|
|
|
goto unionread;
|
1999-03-03 02:35:51 +00:00
|
|
|
}
|
2002-09-25 03:13:38 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
1999-02-27 07:06:05 +00:00
|
|
|
}
|
- Add conditional VFS Giant locking to getdents_common() (linux ABIs),
ibcs2_getdents(), ibcs2_read(), ogetdirentries(), svr4_sys_getdents(),
and svr4_sys_getdents64() similar to that in getdirentries().
- Mark ibcs2_getdents(), ibcs2_read(), linux_getdents(), linux_getdents64(),
linux_readdir(), ogetdirentries(), svr4_sys_getdents(), and
svr4_sys_getdents64() MPSAFE.
2006-07-11 21:52:08 +01:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2002-12-14 01:56:26 +00:00
|
|
|
error = copyout(&loff, uap->basep, sizeof(long));
|
2002-01-13 11:58:06 +00:00
|
|
|
fdrop(fp, td);
|
2002-12-14 01:56:26 +00:00
|
|
|
td->td_retval[0] = uap->count - auio.uio_resid;
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
1997-02-10 02:22:35 +00:00
|
|
|
#endif /* COMPAT_43 */
|
1994-05-24 11:09:53 +01:00
|
|
|
|
|
|
|
/*
|
2002-05-16 22:28:32 +01:00
|
|
|
* Read a block of directory entries in a filesystem independent format.
|
1994-05-24 11:09:53 +01:00
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct getdirentries_args {
|
|
|
|
int fd;
|
|
|
|
char *buf;
|
|
|
|
u_int count;
|
|
|
|
long *basep;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
getdirentries(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct getdirentries_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
|
|
|
char *buf;
|
|
|
|
u_int count;
|
|
|
|
long *basep;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
1998-11-03 08:01:48 +00:00
|
|
|
struct vnode *vp;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct file *fp;
|
|
|
|
struct uio auio;
|
|
|
|
struct iovec aiov;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
long loff;
|
1997-02-10 02:22:35 +00:00
|
|
|
int error, eofflag;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(fd, uap->fd);
|
2002-12-14 01:56:26 +00:00
|
|
|
if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2002-01-13 11:58:06 +00:00
|
|
|
if ((fp->f_flag & FREAD) == 0) {
|
|
|
|
fdrop(fp, td);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (EBADF);
|
2002-01-13 11:58:06 +00:00
|
|
|
}
|
2003-06-22 09:41:43 +01:00
|
|
|
vp = fp->f_vnode;
|
1994-05-24 11:09:53 +01:00
|
|
|
unionread:
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
|
2002-01-13 11:58:06 +00:00
|
|
|
if (vp->v_type != VDIR) {
|
2005-01-24 10:25:44 +00:00
|
|
|
error = EINVAL;
|
|
|
|
goto fail;
|
2002-01-13 11:58:06 +00:00
|
|
|
}
|
2002-12-14 01:56:26 +00:00
|
|
|
aiov.iov_base = uap->buf;
|
|
|
|
aiov.iov_len = uap->count;
|
1994-05-24 11:09:53 +01:00
|
|
|
auio.uio_iov = &aiov;
|
|
|
|
auio.uio_iovcnt = 1;
|
|
|
|
auio.uio_rw = UIO_READ;
|
|
|
|
auio.uio_segflg = UIO_USERSPACE;
|
2001-09-12 09:38:13 +01:00
|
|
|
auio.uio_td = td;
|
2002-12-14 01:56:26 +00:00
|
|
|
auio.uio_resid = uap->count;
|
2001-09-12 09:38:13 +01:00
|
|
|
/* vn_lock(vp, LK_SHARED | LK_RETRY, td); */
|
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
AUDIT_ARG(vnode, vp, ARG_VNODE1);
|
1994-05-24 11:09:53 +01:00
|
|
|
loff = auio.uio_offset = fp->f_offset;
|
2002-08-01 21:44:52 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_vnode_readdir(td->td_ucred, vp);
|
|
|
|
if (error == 0)
|
|
|
|
#endif
|
|
|
|
error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL,
|
|
|
|
NULL);
|
1994-05-24 11:09:53 +01:00
|
|
|
fp->f_offset = auio.uio_offset;
|
2001-09-12 09:38:13 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
2005-01-24 10:25:44 +00:00
|
|
|
if (error)
|
|
|
|
goto fail;
|
2002-12-14 01:56:26 +00:00
|
|
|
if (uap->count == auio.uio_resid) {
|
1999-03-03 02:35:51 +00:00
|
|
|
if (union_dircheckp) {
|
2001-09-12 09:38:13 +01:00
|
|
|
error = union_dircheckp(td, &vp, fp);
|
2005-01-24 10:25:44 +00:00
|
|
|
if (error == -1) {
|
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1999-03-03 02:35:51 +00:00
|
|
|
goto unionread;
|
2002-01-13 11:58:06 +00:00
|
|
|
}
|
2005-01-24 10:25:44 +00:00
|
|
|
if (error)
|
|
|
|
goto fail;
|
1999-03-03 02:35:51 +00:00
|
|
|
}
|
2002-09-25 03:13:38 +01:00
|
|
|
/*
|
|
|
|
* XXX We could delay dropping the lock above but
|
|
|
|
* union_dircheckp complicates things.
|
|
|
|
*/
|
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
2002-08-04 11:29:36 +01:00
|
|
|
if ((vp->v_vflag & VV_ROOT) &&
|
1999-03-03 02:35:51 +00:00
|
|
|
(vp->v_mount->mnt_flag & MNT_UNION)) {
|
|
|
|
struct vnode *tvp = vp;
|
|
|
|
vp = vp->v_mount->mnt_vnodecovered;
|
|
|
|
VREF(vp);
|
2003-06-22 09:41:43 +01:00
|
|
|
fp->f_vnode = vp;
|
2003-01-13 00:33:17 +00:00
|
|
|
fp->f_data = vp;
|
1999-03-03 02:35:51 +00:00
|
|
|
fp->f_offset = 0;
|
2002-09-25 03:13:38 +01:00
|
|
|
vput(tvp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
goto unionread;
|
1999-03-03 02:35:51 +00:00
|
|
|
}
|
2002-09-25 03:13:38 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
1999-02-27 07:06:05 +00:00
|
|
|
}
|
2002-12-14 01:56:26 +00:00
|
|
|
if (uap->basep != NULL) {
|
|
|
|
error = copyout(&loff, uap->basep, sizeof(long));
|
1998-05-11 04:55:28 +01:00
|
|
|
}
|
2002-12-14 01:56:26 +00:00
|
|
|
td->td_retval[0] = uap->count - auio.uio_resid;
|
2005-01-24 10:25:44 +00:00
|
|
|
fail:
|
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2002-01-13 11:58:06 +00:00
|
|
|
fdrop(fp, td);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
1998-05-11 04:55:28 +01:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
|
|
|
struct getdents_args {
|
|
|
|
int fd;
|
|
|
|
char *buf;
|
|
|
|
size_t count;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
getdents(td, uap)
|
|
|
|
struct thread *td;
|
1998-05-11 04:55:28 +01:00
|
|
|
register struct getdents_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
|
|
|
char *buf;
|
|
|
|
u_int count;
|
1998-05-11 04:55:28 +01:00
|
|
|
} */ *uap;
|
|
|
|
{
|
|
|
|
struct getdirentries_args ap;
|
|
|
|
ap.fd = uap->fd;
|
|
|
|
ap.buf = uap->buf;
|
|
|
|
ap.count = uap->count;
|
|
|
|
ap.basep = NULL;
|
2004-01-11 19:52:10 +00:00
|
|
|
return (getdirentries(td, &ap));
|
1998-05-11 04:55:28 +01:00
|
|
|
}
|
1994-05-24 11:09:53 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Set the mode mask for creation of filesystem nodes.
|
2000-03-28 08:16:37 +01:00
|
|
|
*
|
|
|
|
* MP SAFE
|
1994-05-24 11:09:53 +01:00
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct umask_args {
|
|
|
|
int newmask;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1997-02-10 02:22:35 +00:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
umask(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
struct umask_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int newmask;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
|
|
|
register struct filedesc *fdp;
|
|
|
|
|
2004-11-13 11:53:02 +00:00
|
|
|
FILEDESC_LOCK_FAST(td->td_proc->p_fd);
|
2001-09-12 09:38:13 +01:00
|
|
|
fdp = td->td_proc->p_fd;
|
|
|
|
td->td_retval[0] = fdp->fd_cmask;
|
2002-12-14 01:56:26 +00:00
|
|
|
fdp->fd_cmask = uap->newmask & ALLPERMS;
|
2004-11-13 11:53:02 +00:00
|
|
|
FILEDESC_UNLOCK_FAST(td->td_proc->p_fd);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Void all references to file by ripping underlying filesystem
|
|
|
|
* away from vnode.
|
|
|
|
*/
|
1995-11-12 06:43:28 +00:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
1994-05-24 11:09:53 +01:00
|
|
|
struct revoke_args {
|
|
|
|
char *path;
|
|
|
|
};
|
1995-11-12 06:43:28 +00:00
|
|
|
#endif
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
revoke(td, uap)
|
|
|
|
struct thread *td;
|
1997-02-10 02:22:35 +00:00
|
|
|
register struct revoke_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
char *path;
|
1997-02-10 02:22:35 +00:00
|
|
|
} */ *uap;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2000-07-11 23:07:57 +01:00
|
|
|
struct vnode *vp;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct vattr vattr;
|
|
|
|
int error;
|
|
|
|
struct nameidata nd;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1994-05-24 11:09:53 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
|
|
|
|
UIO_USERSPACE, uap->path, td);
|
1999-01-27 21:50:00 +00:00
|
|
|
if ((error = namei(&nd)) != 0)
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1994-05-24 11:09:53 +01:00
|
|
|
vp = nd.ni_vp;
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2000-11-02 21:14:13 +00:00
|
|
|
if (vp->v_type != VCHR) {
|
2005-01-24 10:25:44 +00:00
|
|
|
error = EINVAL;
|
2005-03-13 11:45:51 +00:00
|
|
|
goto out;
|
1999-01-24 06:28:37 +00:00
|
|
|
}
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_vnode_revoke(td->td_ucred, vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
if (error)
|
2005-03-13 11:45:51 +00:00
|
|
|
goto out;
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#endif
|
2002-02-27 18:32:23 +00:00
|
|
|
error = VOP_GETATTR(vp, &vattr, td->td_ucred, td);
|
2005-01-24 10:25:44 +00:00
|
|
|
if (error)
|
2005-03-13 11:45:51 +00:00
|
|
|
goto out;
|
2002-02-27 18:32:23 +00:00
|
|
|
if (td->td_ucred->cr_uid != vattr.va_uid) {
|
2004-07-26 08:24:04 +01:00
|
|
|
error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL);
|
2005-01-24 10:25:44 +00:00
|
|
|
if (error)
|
2005-03-13 11:45:51 +00:00
|
|
|
goto out;
|
2001-10-01 21:01:07 +01:00
|
|
|
}
|
1999-08-26 15:53:31 +01:00
|
|
|
if (vcount(vp) > 1)
|
1997-02-10 02:22:35 +00:00
|
|
|
VOP_REVOKE(vp, REVOKEALL);
|
2005-03-13 11:45:51 +00:00
|
|
|
out:
|
2005-01-24 10:25:44 +00:00
|
|
|
vput(vp);
|
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1994-05-24 11:09:53 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Convert a user file descriptor to a kernel file entry.
|
2004-02-17 12:30:32 +00:00
|
|
|
* A reference on the file entry is held upon returning.
|
1994-05-24 11:09:53 +01:00
|
|
|
*/
|
1994-05-25 10:21:21 +01:00
|
|
|
int
|
1994-05-24 11:09:53 +01:00
|
|
|
getvnode(fdp, fd, fpp)
|
|
|
|
struct filedesc *fdp;
|
|
|
|
int fd;
|
1995-11-13 08:22:21 +00:00
|
|
|
struct file **fpp;
|
1994-05-24 11:09:53 +01:00
|
|
|
{
|
2002-01-13 11:58:06 +00:00
|
|
|
int error;
|
1994-05-24 11:09:53 +01:00
|
|
|
struct file *fp;
|
|
|
|
|
2002-01-13 11:58:06 +00:00
|
|
|
fp = NULL;
|
|
|
|
if (fdp == NULL)
|
|
|
|
error = EBADF;
|
|
|
|
else {
|
|
|
|
FILEDESC_LOCK(fdp);
|
|
|
|
if ((u_int)fd >= fdp->fd_nfiles ||
|
|
|
|
(fp = fdp->fd_ofiles[fd]) == NULL)
|
|
|
|
error = EBADF;
|
2003-07-04 13:20:27 +01:00
|
|
|
else if (fp->f_vnode == NULL) {
|
2002-01-13 11:58:06 +00:00
|
|
|
fp = NULL;
|
|
|
|
error = EINVAL;
|
|
|
|
} else {
|
|
|
|
fhold(fp);
|
|
|
|
error = 0;
|
|
|
|
}
|
|
|
|
FILEDESC_UNLOCK(fdp);
|
|
|
|
}
|
1994-05-24 11:09:53 +01:00
|
|
|
*fpp = fp;
|
2002-01-13 11:58:06 +00:00
|
|
|
return (error);
|
1994-05-24 11:09:53 +01:00
|
|
|
}
|
2003-07-04 13:20:27 +01:00
|
|
|
|
1999-09-11 01:46:08 +01:00
|
|
|
/*
|
|
|
|
* Get (NFS) file handle
|
|
|
|
*/
|
2004-04-05 11:15:53 +01:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
|
|
|
struct lgetfh_args {
|
|
|
|
char *fname;
|
|
|
|
fhandle_t *fhp;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
int
|
|
|
|
lgetfh(td, uap)
|
|
|
|
struct thread *td;
|
|
|
|
register struct lgetfh_args *uap;
|
|
|
|
{
|
|
|
|
struct nameidata nd;
|
|
|
|
fhandle_t fh;
|
|
|
|
register struct vnode *vp;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
2004-04-05 11:15:53 +01:00
|
|
|
int error;
|
|
|
|
|
|
|
|
error = suser(td);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
|
2005-01-24 10:25:44 +00:00
|
|
|
UIO_USERSPACE, uap->fname, td);
|
2004-04-05 11:15:53 +01:00
|
|
|
error = namei(&nd);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
2004-04-05 11:15:53 +01:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
|
|
|
vp = nd.ni_vp;
|
|
|
|
bzero(&fh, sizeof(fh));
|
|
|
|
fh.fh_fsid = vp->v_mount->mnt_stat.f_fsid;
|
|
|
|
error = VFS_VPTOFH(vp, &fh.fh_fid);
|
|
|
|
vput(vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2004-04-05 11:15:53 +01:00
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
error = copyout(&fh, uap->fhp, sizeof (fh));
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
1999-09-11 01:46:08 +01:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
|
|
|
struct getfh_args {
|
|
|
|
char *fname;
|
|
|
|
fhandle_t *fhp;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
getfh(td, uap)
|
|
|
|
struct thread *td;
|
1999-09-11 01:46:08 +01:00
|
|
|
register struct getfh_args *uap;
|
|
|
|
{
|
|
|
|
struct nameidata nd;
|
|
|
|
fhandle_t fh;
|
|
|
|
register struct vnode *vp;
|
2005-01-24 10:25:44 +00:00
|
|
|
int vfslocked;
|
1999-09-11 01:46:08 +01:00
|
|
|
int error;
|
|
|
|
|
2002-04-01 22:31:13 +01:00
|
|
|
error = suser(td);
|
1999-09-11 01:46:08 +01:00
|
|
|
if (error)
|
|
|
|
return (error);
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE | AUDITVNODE1,
|
2005-01-24 10:25:44 +00:00
|
|
|
UIO_USERSPACE, uap->fname, td);
|
1999-09-11 01:46:08 +01:00
|
|
|
error = namei(&nd);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
2005-01-24 10:25:44 +00:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
1999-12-15 23:02:35 +00:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
1999-09-11 01:46:08 +01:00
|
|
|
vp = nd.ni_vp;
|
|
|
|
bzero(&fh, sizeof(fh));
|
|
|
|
fh.fh_fsid = vp->v_mount->mnt_stat.f_fsid;
|
|
|
|
error = VFS_VPTOFH(vp, &fh.fh_fid);
|
|
|
|
vput(vp);
|
2005-01-24 10:25:44 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1999-09-11 01:46:08 +01:00
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
error = copyout(&fh, uap->fhp, sizeof (fh));
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* syscall for the rpc.lockd to use to translate a NFS file handle into
|
|
|
|
* an open descriptor.
|
|
|
|
*
|
|
|
|
* warning: do not remove the suser() call or this becomes one giant
|
|
|
|
* security hole.
|
2005-05-28 13:58:54 +01:00
|
|
|
*
|
|
|
|
* MP SAFE
|
1999-09-11 01:46:08 +01:00
|
|
|
*/
|
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
|
|
|
struct fhopen_args {
|
|
|
|
const struct fhandle *u_fhp;
|
|
|
|
int flags;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
fhopen(td, uap)
|
|
|
|
struct thread *td;
|
1999-09-11 01:46:08 +01:00
|
|
|
struct fhopen_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
const struct fhandle *u_fhp;
|
|
|
|
int flags;
|
1999-09-11 01:46:08 +01:00
|
|
|
} */ *uap;
|
|
|
|
{
|
2001-09-12 09:38:13 +01:00
|
|
|
struct proc *p = td->td_proc;
|
1999-09-11 01:46:08 +01:00
|
|
|
struct mount *mp;
|
|
|
|
struct vnode *vp;
|
|
|
|
struct fhandle fhp;
|
|
|
|
struct vattr vat;
|
|
|
|
struct vattr *vap = &vat;
|
|
|
|
struct flock lf;
|
|
|
|
struct file *fp;
|
|
|
|
register struct filedesc *fdp = p->p_fd;
|
|
|
|
int fmode, mode, error, type;
|
2004-01-11 19:52:10 +00:00
|
|
|
struct file *nfp;
|
2006-03-21 23:58:37 +00:00
|
|
|
int vfslocked;
|
1999-09-11 01:46:08 +01:00
|
|
|
int indx;
|
|
|
|
|
2002-04-01 22:31:13 +01:00
|
|
|
error = suser(td);
|
1999-09-11 01:46:08 +01:00
|
|
|
if (error)
|
|
|
|
return (error);
|
2002-12-14 01:56:26 +00:00
|
|
|
fmode = FFLAGS(uap->flags);
|
1999-09-11 01:46:08 +01:00
|
|
|
/* why not allow a non-read/write open for our lockd? */
|
|
|
|
if (((fmode & (FREAD | FWRITE)) == 0) || (fmode & O_CREAT))
|
|
|
|
return (EINVAL);
|
2002-12-14 01:56:26 +00:00
|
|
|
error = copyin(uap->u_fhp, &fhp, sizeof(fhp));
|
1999-09-11 01:46:08 +01:00
|
|
|
if (error)
|
|
|
|
return(error);
|
|
|
|
/* find the mount point */
|
|
|
|
mp = vfs_getvfs(&fhp.fh_fsid);
|
2006-03-31 04:54:20 +01:00
|
|
|
if (mp == NULL)
|
|
|
|
return (ESTALE);
|
2006-03-21 23:58:37 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(mp);
|
1999-09-11 01:46:08 +01:00
|
|
|
/* now give me my vnode, it gets returned to me locked */
|
|
|
|
error = VFS_FHTOVP(mp, &fhp.fh_fid, &vp);
|
|
|
|
if (error)
|
2005-05-28 13:58:54 +01:00
|
|
|
goto out;
|
2004-01-11 19:52:10 +00:00
|
|
|
/*
|
1999-09-11 01:46:08 +01:00
|
|
|
* from now on we have to make sure not
|
|
|
|
* to forget about the vnode
|
2004-01-11 19:52:10 +00:00
|
|
|
* any error that causes an abort must vput(vp)
|
1999-09-11 01:46:08 +01:00
|
|
|
* just set error = err and 'goto bad;'.
|
|
|
|
*/
|
|
|
|
|
2004-01-11 19:52:10 +00:00
|
|
|
/*
|
|
|
|
* from vn_open
|
1999-09-11 01:46:08 +01:00
|
|
|
*/
|
|
|
|
if (vp->v_type == VLNK) {
|
|
|
|
error = EMLINK;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
if (vp->v_type == VSOCK) {
|
|
|
|
error = EOPNOTSUPP;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
mode = 0;
|
|
|
|
if (fmode & (FWRITE | O_TRUNC)) {
|
|
|
|
if (vp->v_type == VDIR) {
|
|
|
|
error = EISDIR;
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
error = vn_writechk(vp);
|
|
|
|
if (error)
|
|
|
|
goto bad;
|
|
|
|
mode |= VWRITE;
|
|
|
|
}
|
|
|
|
if (fmode & FREAD)
|
|
|
|
mode |= VREAD;
|
2002-07-22 13:51:06 +01:00
|
|
|
if (fmode & O_APPEND)
|
|
|
|
mode |= VAPPEND;
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_vnode_open(td->td_ucred, vp, mode);
|
|
|
|
if (error)
|
|
|
|
goto bad;
|
|
|
|
#endif
|
1999-09-11 01:46:08 +01:00
|
|
|
if (mode) {
|
2002-02-27 18:32:23 +00:00
|
|
|
error = VOP_ACCESS(vp, mode, td->td_ucred, td);
|
1999-09-11 01:46:08 +01:00
|
|
|
if (error)
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
if (fmode & O_TRUNC) {
|
2001-09-12 09:38:13 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td); /* XXX */
|
2000-07-11 23:07:57 +01:00
|
|
|
if ((error = vn_start_write(NULL, &mp, V_WAIT | PCATCH)) != 0) {
|
|
|
|
vrele(vp);
|
2005-05-28 13:58:54 +01:00
|
|
|
goto out;
|
2000-07-11 23:07:57 +01:00
|
|
|
}
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
|
2001-09-12 09:38:13 +01:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); /* XXX */
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#ifdef MAC
|
2002-08-19 20:04:53 +01:00
|
|
|
/*
|
|
|
|
* We don't yet have fp->f_cred, so use td->td_ucred, which
|
|
|
|
* should be right.
|
|
|
|
*/
|
|
|
|
error = mac_check_vnode_write(td->td_ucred, td->td_ucred, vp);
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
if (error == 0) {
|
|
|
|
#endif
|
|
|
|
VATTR_NULL(vap);
|
|
|
|
vap->va_size = 0;
|
|
|
|
error = VOP_SETATTR(vp, vap, td->td_ucred, td);
|
|
|
|
#ifdef MAC
|
|
|
|
}
|
|
|
|
#endif
|
2000-07-11 23:07:57 +01:00
|
|
|
vn_finished_write(mp);
|
1999-09-11 01:46:08 +01:00
|
|
|
if (error)
|
|
|
|
goto bad;
|
|
|
|
}
|
2003-07-26 08:32:23 +01:00
|
|
|
error = VOP_OPEN(vp, fmode, td->td_ucred, td, -1);
|
1999-09-11 01:46:08 +01:00
|
|
|
if (error)
|
|
|
|
goto bad;
|
2005-01-24 23:53:54 +00:00
|
|
|
|
1999-09-11 01:46:08 +01:00
|
|
|
if (fmode & FWRITE)
|
|
|
|
vp->v_writecount++;
|
|
|
|
|
|
|
|
/*
|
2004-01-11 19:52:10 +00:00
|
|
|
* end of vn_open code
|
1999-09-11 01:46:08 +01:00
|
|
|
*/
|
|
|
|
|
2001-10-24 19:32:17 +01:00
|
|
|
if ((error = falloc(td, &nfp, &indx)) != 0) {
|
|
|
|
if (fmode & FWRITE)
|
|
|
|
vp->v_writecount--;
|
1999-09-11 01:46:08 +01:00
|
|
|
goto bad;
|
2001-10-24 19:32:17 +01:00
|
|
|
}
|
2003-10-19 21:41:07 +01:00
|
|
|
/* An extra reference on `nfp' has been held for us by falloc(). */
|
2004-01-11 19:52:10 +00:00
|
|
|
fp = nfp;
|
2000-11-18 21:01:04 +00:00
|
|
|
|
2003-06-22 09:41:43 +01:00
|
|
|
nfp->f_vnode = vp;
|
2003-01-13 00:33:17 +00:00
|
|
|
nfp->f_data = vp;
|
1999-09-11 01:46:08 +01:00
|
|
|
nfp->f_flag = fmode & FMASK;
|
|
|
|
nfp->f_ops = &vnops;
|
|
|
|
nfp->f_type = DTYPE_VNODE;
|
|
|
|
if (fmode & (O_EXLOCK | O_SHLOCK)) {
|
|
|
|
lf.l_whence = SEEK_SET;
|
|
|
|
lf.l_start = 0;
|
|
|
|
lf.l_len = 0;
|
|
|
|
if (fmode & O_EXLOCK)
|
|
|
|
lf.l_type = F_WRLCK;
|
|
|
|
else
|
|
|
|
lf.l_type = F_RDLCK;
|
|
|
|
type = F_FLOCK;
|
|
|
|
if ((fmode & FNONBLOCK) == 0)
|
|
|
|
type |= F_WAIT;
|
2001-09-12 09:38:13 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
2002-06-29 00:02:38 +01:00
|
|
|
if ((error = VOP_ADVLOCK(vp, (caddr_t)fp, F_SETLK, &lf,
|
|
|
|
type)) != 0) {
|
2000-11-18 21:01:04 +00:00
|
|
|
/*
|
|
|
|
* The lock request failed. Normally close the
|
|
|
|
* descriptor but handle the case where someone might
|
|
|
|
* have dup()d or close()d it when we weren't looking.
|
|
|
|
*/
|
2004-11-07 22:16:07 +00:00
|
|
|
fdclose(fdp, fp, indx, td);
|
|
|
|
|
2000-11-18 21:01:04 +00:00
|
|
|
/*
|
|
|
|
* release our private reference
|
|
|
|
*/
|
2001-09-12 09:38:13 +01:00
|
|
|
fdrop(fp, td);
|
2005-05-28 13:58:54 +01:00
|
|
|
goto out;
|
1999-09-11 01:46:08 +01:00
|
|
|
}
|
2001-09-12 09:38:13 +01:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
1999-09-11 01:46:08 +01:00
|
|
|
fp->f_flag |= FHASLOCK;
|
|
|
|
}
|
|
|
|
|
2001-09-12 09:38:13 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
|
|
|
fdrop(fp, td);
|
2006-03-31 04:54:20 +01:00
|
|
|
vfs_rel(mp);
|
2006-03-21 23:58:37 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2001-09-12 09:38:13 +01:00
|
|
|
td->td_retval[0] = indx;
|
1999-09-11 01:46:08 +01:00
|
|
|
return (0);
|
|
|
|
|
|
|
|
bad:
|
|
|
|
vput(vp);
|
2005-05-28 13:58:54 +01:00
|
|
|
out:
|
2006-03-31 04:54:20 +01:00
|
|
|
vfs_rel(mp);
|
2006-03-21 23:58:37 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1999-09-11 01:46:08 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2000-09-14 20:13:59 +01:00
|
|
|
/*
|
|
|
|
* Stat an (NFS) file handle.
|
2005-05-28 13:58:54 +01:00
|
|
|
*
|
|
|
|
* MP SAFE
|
2000-09-14 20:13:59 +01:00
|
|
|
*/
|
1999-09-11 01:46:08 +01:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
|
|
|
struct fhstat_args {
|
|
|
|
struct fhandle *u_fhp;
|
|
|
|
struct stat *sb;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
fhstat(td, uap)
|
|
|
|
struct thread *td;
|
1999-09-11 01:46:08 +01:00
|
|
|
register struct fhstat_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
struct fhandle *u_fhp;
|
|
|
|
struct stat *sb;
|
1999-09-11 01:46:08 +01:00
|
|
|
} */ *uap;
|
|
|
|
{
|
|
|
|
struct stat sb;
|
|
|
|
fhandle_t fh;
|
|
|
|
struct mount *mp;
|
|
|
|
struct vnode *vp;
|
2006-03-21 23:58:37 +00:00
|
|
|
int vfslocked;
|
1999-09-11 01:46:08 +01:00
|
|
|
int error;
|
|
|
|
|
2002-04-01 22:31:13 +01:00
|
|
|
error = suser(td);
|
1999-09-11 01:46:08 +01:00
|
|
|
if (error)
|
|
|
|
return (error);
|
2002-12-14 01:56:26 +00:00
|
|
|
error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
|
1999-09-11 01:46:08 +01:00
|
|
|
if (error)
|
|
|
|
return (error);
|
2006-03-21 23:58:37 +00:00
|
|
|
if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL)
|
1999-09-11 01:46:08 +01:00
|
|
|
return (ESTALE);
|
2006-03-21 23:58:37 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(mp);
|
2005-05-28 13:58:54 +01:00
|
|
|
if ((error = VFS_FHTOVP(mp, &fh.fh_fid, &vp))) {
|
2006-03-31 04:54:20 +01:00
|
|
|
vfs_rel(mp);
|
2006-03-21 23:58:37 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1999-09-11 01:46:08 +01:00
|
|
|
return (error);
|
2005-05-28 13:58:54 +01:00
|
|
|
}
|
Make similar changes to fo_stat() and fo_poll() as made earlier to
fo_read() and fo_write(): explicitly use the cred argument to fo_poll()
as "active_cred" using the passed file descriptor's f_cred reference
to provide access to the file credential. Add an active_cred
argument to fo_stat() so that implementers have access to the active
credential as well as the file credential. Generally modify callers
of fo_stat() to pass in td->td_ucred rather than fp->f_cred, which
was redundantly provided via the fp argument. This set of modifications
also permits threads to perform these operations on behalf of another
thread without modifying their credential.
Trickle this change down into fo_stat/poll() implementations:
- badfo_poll(), badfo_stat(): modify/add arguments.
- kqueue_poll(), kqueue_stat(): modify arguments.
- pipe_poll(), pipe_stat(): modify/add arguments, pass active_cred to
MAC checks rather than td->td_ucred.
- soo_poll(), soo_stat(): modify/add arguments, pass fp->f_cred rather
than cred to pru_sopoll() to maintain current semantics.
- sopoll(): moidfy arguments.
- vn_poll(), vn_statfile(): modify/add arguments, pass new arguments
to vn_stat(). Pass active_cred to MAC and fp->f_cred to VOP_POLL()
to maintian current semantics.
- vn_close(): rename cred to file_cred to reflect reality while I'm here.
- vn_stat(): Add active_cred and file_cred arguments to vn_stat()
and consumers so that this distinction is maintained at the VFS
as well as 'struct file' layer. Pass active_cred instead of
td->td_ucred to MAC and to VOP_GETATTR() to maintain current semantics.
- fifofs: modify the creation of a "filetemp" so that the file
credential is properly initialized and can be used in the socket
code if desired. Pass ap->a_td->td_ucred as the active
credential to soo_poll(). If we teach the vnop interface about
the distinction between file and active credentials, we would use
the active credential here.
Note that current inconsistent passing of active_cred vs. file_cred to
VOP's is maintained. It's not clear why GETATTR would be authorized
using active_cred while POLL would be authorized using file_cred at
the file system level.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-16 13:52:03 +01:00
|
|
|
error = vn_stat(vp, &sb, td->td_ucred, NOCRED, td);
|
1999-09-11 01:46:08 +01:00
|
|
|
vput(vp);
|
2006-03-31 04:54:20 +01:00
|
|
|
vfs_rel(mp);
|
2006-03-21 23:58:37 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
1999-09-11 01:46:08 +01:00
|
|
|
if (error)
|
|
|
|
return (error);
|
2002-12-14 01:56:26 +00:00
|
|
|
error = copyout(&sb, uap->sb, sizeof(sb));
|
1999-09-11 01:46:08 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2000-09-14 20:13:59 +01:00
|
|
|
/*
|
|
|
|
* Implement fstatfs() for (NFS) file handles.
|
2005-05-28 13:58:54 +01:00
|
|
|
*
|
|
|
|
* MP SAFE
|
2000-09-14 20:13:59 +01:00
|
|
|
*/
|
1999-09-11 01:46:08 +01:00
|
|
|
#ifndef _SYS_SYSPROTO_H_
|
|
|
|
struct fhstatfs_args {
|
|
|
|
struct fhandle *u_fhp;
|
|
|
|
struct statfs *buf;
|
|
|
|
};
|
|
|
|
#endif
|
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
fhstatfs(td, uap)
|
|
|
|
struct thread *td;
|
1999-09-11 01:46:08 +01:00
|
|
|
struct fhstatfs_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
struct fhandle *u_fhp;
|
|
|
|
struct statfs *buf;
|
1999-09-11 01:46:08 +01:00
|
|
|
} */ *uap;
|
2005-02-07 18:44:55 +00:00
|
|
|
{
|
|
|
|
struct statfs sf;
|
|
|
|
fhandle_t fh;
|
|
|
|
int error;
|
|
|
|
|
2005-05-27 20:15:46 +01:00
|
|
|
error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t));
|
|
|
|
if (error)
|
2005-02-07 18:44:55 +00:00
|
|
|
return (error);
|
|
|
|
error = kern_fhstatfs(td, fh, &sf);
|
2005-05-27 20:15:46 +01:00
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
return (copyout(&sf, uap->buf, sizeof(sf)));
|
2005-02-07 18:44:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_fhstatfs(struct thread *td, fhandle_t fh, struct statfs *buf)
|
1999-09-11 01:46:08 +01:00
|
|
|
{
|
2004-06-07 13:19:55 +01:00
|
|
|
struct statfs *sp;
|
1999-09-11 01:46:08 +01:00
|
|
|
struct mount *mp;
|
|
|
|
struct vnode *vp;
|
2006-03-21 23:58:37 +00:00
|
|
|
int vfslocked;
|
1999-09-11 01:46:08 +01:00
|
|
|
int error;
|
|
|
|
|
2002-04-01 22:31:13 +01:00
|
|
|
error = suser(td);
|
2001-10-01 21:01:07 +01:00
|
|
|
if (error)
|
1999-09-11 01:46:08 +01:00
|
|
|
return (error);
|
2006-03-21 23:58:37 +00:00
|
|
|
if ((mp = vfs_getvfs(&fh.fh_fsid)) == NULL)
|
1999-09-11 01:46:08 +01:00
|
|
|
return (ESTALE);
|
2006-03-21 23:58:37 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(mp);
|
2005-05-27 20:15:46 +01:00
|
|
|
error = VFS_FHTOVP(mp, &fh.fh_fid, &vp);
|
2005-05-28 13:58:54 +01:00
|
|
|
if (error) {
|
2006-03-21 23:58:37 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2006-03-31 04:54:20 +01:00
|
|
|
vfs_rel(mp);
|
1999-09-11 01:46:08 +01:00
|
|
|
return (error);
|
2005-05-28 13:58:54 +01:00
|
|
|
}
|
2006-02-22 09:52:25 +00:00
|
|
|
vput(vp);
|
2006-03-21 23:58:37 +00:00
|
|
|
error = prison_canseemount(td->td_ucred, mp);
|
|
|
|
if (error)
|
|
|
|
goto out;
|
2002-07-31 02:27:33 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_mount_stat(td->td_ucred, mp);
|
2006-03-21 23:58:37 +00:00
|
|
|
if (error)
|
|
|
|
goto out;
|
2002-07-31 02:27:33 +01:00
|
|
|
#endif
|
2003-11-12 08:01:40 +00:00
|
|
|
/*
|
|
|
|
* Set these in case the underlying filesystem fails to do so.
|
|
|
|
*/
|
2006-02-23 05:18:07 +00:00
|
|
|
sp = &mp->mnt_stat;
|
2003-11-12 08:01:40 +00:00
|
|
|
sp->f_version = STATFS_VERSION;
|
|
|
|
sp->f_namemax = NAME_MAX;
|
|
|
|
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
|
2005-05-27 20:15:46 +01:00
|
|
|
error = VFS_STATFS(mp, sp, td);
|
2006-09-20 01:32:07 +01:00
|
|
|
if (error == 0)
|
|
|
|
*buf = *sp;
|
2006-03-21 23:58:37 +00:00
|
|
|
out:
|
2006-02-23 05:18:07 +00:00
|
|
|
vfs_rel(mp);
|
2006-03-21 23:58:37 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
|
|
|
return (error);
|
1999-09-11 01:46:08 +01:00
|
|
|
}
|
1999-12-19 06:08:07 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Syscall to push extended attribute configuration information into the
|
|
|
|
* VFS. Accepts a path, which it converts to a mountpoint, as well as
|
|
|
|
* a command (int cmd), and attribute name and misc data. For now, the
|
|
|
|
* attribute name is left in userspace for consumption by the VFS_op.
|
|
|
|
* It will probably be changed to be copied into sysspace by the
|
|
|
|
* syscall in the future, once issues with various consumers of the
|
|
|
|
* attribute code have raised their hands.
|
|
|
|
*
|
|
|
|
* Currently this is used only by UFS Extended Attributes.
|
|
|
|
*/
|
|
|
|
int
|
2001-09-12 09:38:13 +01:00
|
|
|
extattrctl(td, uap)
|
|
|
|
struct thread *td;
|
2002-04-20 02:37:08 +01:00
|
|
|
struct extattrctl_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
const char *path;
|
|
|
|
int cmd;
|
|
|
|
const char *filename;
|
|
|
|
int attrnamespace;
|
|
|
|
const char *attrname;
|
2002-04-20 02:37:08 +01:00
|
|
|
} */ *uap;
|
1999-12-19 06:08:07 +00:00
|
|
|
{
|
o Change the API and ABI of the Extended Attribute kernel interfaces to
introduce a new argument, "namespace", rather than relying on a first-
character namespace indicator. This is in line with more recent
thinking on EA interfaces on various mailing lists, including the
posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces
are defined by default, EXTATTR_NAMESPACE_SYSTEM and
EXTATTR_NAMESPACE_USER, where the primary distinction lies in the
access control model: user EAs are accessible based on the normal
MAC and DAC file/directory protections, and system attributes are
limited to kernel-originated or appropriately privileged userland
requests.
o These API changes occur at several levels: the namespace argument is
introduced in the extattr_{get,set}_file() system call interfaces,
at the vnode operation level in the vop_{get,set}extattr() interfaces,
and in the UFS extended attribute implementation. Changes are also
introduced in the VFS extattrctl() interface (system call, VFS,
and UFS implementation), where the arguments are modified to include
a namespace field, as well as modified to advoid direct access to
userspace variables from below the VFS layer (in the style of recent
changes to mount by adrian@FreeBSD.org). This required some cleanup
and bug fixing regarding VFS locks and the VFS interface, as a vnode
pointer may now be optionally submitted to the VFS_EXTATTRCTL()
call. Updated documentation for the VFS interface will be committed
shortly.
o In the near future, the auto-starting feature will be updated to
search two sub-directories to the ".attribute" directory in appropriate
file systems: "user" and "system" to locate attributes intended for
those namespaces, as the single filename is no longer sufficient
to indicate what namespace the attribute is intended for. Until this
is committed, all attributes auto-started by UFS will be placed in
the EXTATTR_NAMESPACE_SYSTEM namespace.
o The default POSIX.1e attribute names for ACLs and Capabilities have
been updated to no longer include the '$' in their filename. As such,
if you're using these features, you'll need to rename the attribute
backing files to the same names without '$' symbols in front.
o Note that these changes will require changes in userland, which will
be committed shortly. These include modifications to the extended
attribute utilities, as well as to libutil for new namespace
string conversion routines. Once the matching userland changes are
committed, a buildworld is recommended to update all the necessary
include files and verify that the kernel and userland environments
are in sync. Note: If you do not use extended attributes (most people
won't), upgrading is not imperative although since the system call
API has changed, the new userland extended attribute code will no longer
compile with old include files.
o Couple of minor cleanups while I'm there: make more code compilation
conditional on FFS_EXTATTR, which should recover a bit of space on
kernels running without EA's, as well as update copyright dates.
Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
|
|
|
struct vnode *filename_vp;
|
1999-12-19 06:08:07 +00:00
|
|
|
struct nameidata nd;
|
2002-02-08 05:58:41 +00:00
|
|
|
struct mount *mp, *mp_writable;
|
o Change the API and ABI of the Extended Attribute kernel interfaces to
introduce a new argument, "namespace", rather than relying on a first-
character namespace indicator. This is in line with more recent
thinking on EA interfaces on various mailing lists, including the
posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces
are defined by default, EXTATTR_NAMESPACE_SYSTEM and
EXTATTR_NAMESPACE_USER, where the primary distinction lies in the
access control model: user EAs are accessible based on the normal
MAC and DAC file/directory protections, and system attributes are
limited to kernel-originated or appropriately privileged userland
requests.
o These API changes occur at several levels: the namespace argument is
introduced in the extattr_{get,set}_file() system call interfaces,
at the vnode operation level in the vop_{get,set}extattr() interfaces,
and in the UFS extended attribute implementation. Changes are also
introduced in the VFS extattrctl() interface (system call, VFS,
and UFS implementation), where the arguments are modified to include
a namespace field, as well as modified to advoid direct access to
userspace variables from below the VFS layer (in the style of recent
changes to mount by adrian@FreeBSD.org). This required some cleanup
and bug fixing regarding VFS locks and the VFS interface, as a vnode
pointer may now be optionally submitted to the VFS_EXTATTRCTL()
call. Updated documentation for the VFS interface will be committed
shortly.
o In the near future, the auto-starting feature will be updated to
search two sub-directories to the ".attribute" directory in appropriate
file systems: "user" and "system" to locate attributes intended for
those namespaces, as the single filename is no longer sufficient
to indicate what namespace the attribute is intended for. Until this
is committed, all attributes auto-started by UFS will be placed in
the EXTATTR_NAMESPACE_SYSTEM namespace.
o The default POSIX.1e attribute names for ACLs and Capabilities have
been updated to no longer include the '$' in their filename. As such,
if you're using these features, you'll need to rename the attribute
backing files to the same names without '$' symbols in front.
o Note that these changes will require changes in userland, which will
be committed shortly. These include modifications to the extended
attribute utilities, as well as to libutil for new namespace
string conversion routines. Once the matching userland changes are
committed, a buildworld is recommended to update all the necessary
include files and verify that the kernel and userland environments
are in sync. Note: If you do not use extended attributes (most people
won't), upgrading is not imperative although since the system call
API has changed, the new userland extended attribute code will no longer
compile with old include files.
o Couple of minor cleanups while I'm there: make more code compilation
conditional on FFS_EXTATTR, which should recover a bit of space on
kernels running without EA's, as well as update copyright dates.
Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
|
|
|
char attrname[EXTATTR_MAXNAMELEN];
|
2005-09-25 00:47:04 +01:00
|
|
|
int vfslocked, fnvfslocked, error;
|
1999-12-19 06:08:07 +00:00
|
|
|
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(cmd, uap->cmd);
|
|
|
|
AUDIT_ARG(value, uap->attrnamespace);
|
o Change the API and ABI of the Extended Attribute kernel interfaces to
introduce a new argument, "namespace", rather than relying on a first-
character namespace indicator. This is in line with more recent
thinking on EA interfaces on various mailing lists, including the
posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces
are defined by default, EXTATTR_NAMESPACE_SYSTEM and
EXTATTR_NAMESPACE_USER, where the primary distinction lies in the
access control model: user EAs are accessible based on the normal
MAC and DAC file/directory protections, and system attributes are
limited to kernel-originated or appropriately privileged userland
requests.
o These API changes occur at several levels: the namespace argument is
introduced in the extattr_{get,set}_file() system call interfaces,
at the vnode operation level in the vop_{get,set}extattr() interfaces,
and in the UFS extended attribute implementation. Changes are also
introduced in the VFS extattrctl() interface (system call, VFS,
and UFS implementation), where the arguments are modified to include
a namespace field, as well as modified to advoid direct access to
userspace variables from below the VFS layer (in the style of recent
changes to mount by adrian@FreeBSD.org). This required some cleanup
and bug fixing regarding VFS locks and the VFS interface, as a vnode
pointer may now be optionally submitted to the VFS_EXTATTRCTL()
call. Updated documentation for the VFS interface will be committed
shortly.
o In the near future, the auto-starting feature will be updated to
search two sub-directories to the ".attribute" directory in appropriate
file systems: "user" and "system" to locate attributes intended for
those namespaces, as the single filename is no longer sufficient
to indicate what namespace the attribute is intended for. Until this
is committed, all attributes auto-started by UFS will be placed in
the EXTATTR_NAMESPACE_SYSTEM namespace.
o The default POSIX.1e attribute names for ACLs and Capabilities have
been updated to no longer include the '$' in their filename. As such,
if you're using these features, you'll need to rename the attribute
backing files to the same names without '$' symbols in front.
o Note that these changes will require changes in userland, which will
be committed shortly. These include modifications to the extended
attribute utilities, as well as to libutil for new namespace
string conversion routines. Once the matching userland changes are
committed, a buildworld is recommended to update all the necessary
include files and verify that the kernel and userland environments
are in sync. Note: If you do not use extended attributes (most people
won't), upgrading is not imperative although since the system call
API has changed, the new userland extended attribute code will no longer
compile with old include files.
o Couple of minor cleanups while I'm there: make more code compilation
conditional on FFS_EXTATTR, which should recover a bit of space on
kernels running without EA's, as well as update copyright dates.
Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
|
|
|
/*
|
2002-04-20 02:37:08 +01:00
|
|
|
* uap->attrname is not always defined. We check again later when we
|
|
|
|
* invoke the VFS call so as to pass in NULL there if needed.
|
o Change the API and ABI of the Extended Attribute kernel interfaces to
introduce a new argument, "namespace", rather than relying on a first-
character namespace indicator. This is in line with more recent
thinking on EA interfaces on various mailing lists, including the
posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces
are defined by default, EXTATTR_NAMESPACE_SYSTEM and
EXTATTR_NAMESPACE_USER, where the primary distinction lies in the
access control model: user EAs are accessible based on the normal
MAC and DAC file/directory protections, and system attributes are
limited to kernel-originated or appropriately privileged userland
requests.
o These API changes occur at several levels: the namespace argument is
introduced in the extattr_{get,set}_file() system call interfaces,
at the vnode operation level in the vop_{get,set}extattr() interfaces,
and in the UFS extended attribute implementation. Changes are also
introduced in the VFS extattrctl() interface (system call, VFS,
and UFS implementation), where the arguments are modified to include
a namespace field, as well as modified to advoid direct access to
userspace variables from below the VFS layer (in the style of recent
changes to mount by adrian@FreeBSD.org). This required some cleanup
and bug fixing regarding VFS locks and the VFS interface, as a vnode
pointer may now be optionally submitted to the VFS_EXTATTRCTL()
call. Updated documentation for the VFS interface will be committed
shortly.
o In the near future, the auto-starting feature will be updated to
search two sub-directories to the ".attribute" directory in appropriate
file systems: "user" and "system" to locate attributes intended for
those namespaces, as the single filename is no longer sufficient
to indicate what namespace the attribute is intended for. Until this
is committed, all attributes auto-started by UFS will be placed in
the EXTATTR_NAMESPACE_SYSTEM namespace.
o The default POSIX.1e attribute names for ACLs and Capabilities have
been updated to no longer include the '$' in their filename. As such,
if you're using these features, you'll need to rename the attribute
backing files to the same names without '$' symbols in front.
o Note that these changes will require changes in userland, which will
be committed shortly. These include modifications to the extended
attribute utilities, as well as to libutil for new namespace
string conversion routines. Once the matching userland changes are
committed, a buildworld is recommended to update all the necessary
include files and verify that the kernel and userland environments
are in sync. Note: If you do not use extended attributes (most people
won't), upgrading is not imperative although since the system call
API has changed, the new userland extended attribute code will no longer
compile with old include files.
o Couple of minor cleanups while I'm there: make more code compilation
conditional on FFS_EXTATTR, which should recover a bit of space on
kernels running without EA's, as well as update copyright dates.
Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
|
|
|
*/
|
2002-04-20 02:37:08 +01:00
|
|
|
if (uap->attrname != NULL) {
|
|
|
|
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN,
|
|
|
|
NULL);
|
o Change the API and ABI of the Extended Attribute kernel interfaces to
introduce a new argument, "namespace", rather than relying on a first-
character namespace indicator. This is in line with more recent
thinking on EA interfaces on various mailing lists, including the
posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces
are defined by default, EXTATTR_NAMESPACE_SYSTEM and
EXTATTR_NAMESPACE_USER, where the primary distinction lies in the
access control model: user EAs are accessible based on the normal
MAC and DAC file/directory protections, and system attributes are
limited to kernel-originated or appropriately privileged userland
requests.
o These API changes occur at several levels: the namespace argument is
introduced in the extattr_{get,set}_file() system call interfaces,
at the vnode operation level in the vop_{get,set}extattr() interfaces,
and in the UFS extended attribute implementation. Changes are also
introduced in the VFS extattrctl() interface (system call, VFS,
and UFS implementation), where the arguments are modified to include
a namespace field, as well as modified to advoid direct access to
userspace variables from below the VFS layer (in the style of recent
changes to mount by adrian@FreeBSD.org). This required some cleanup
and bug fixing regarding VFS locks and the VFS interface, as a vnode
pointer may now be optionally submitted to the VFS_EXTATTRCTL()
call. Updated documentation for the VFS interface will be committed
shortly.
o In the near future, the auto-starting feature will be updated to
search two sub-directories to the ".attribute" directory in appropriate
file systems: "user" and "system" to locate attributes intended for
those namespaces, as the single filename is no longer sufficient
to indicate what namespace the attribute is intended for. Until this
is committed, all attributes auto-started by UFS will be placed in
the EXTATTR_NAMESPACE_SYSTEM namespace.
o The default POSIX.1e attribute names for ACLs and Capabilities have
been updated to no longer include the '$' in their filename. As such,
if you're using these features, you'll need to rename the attribute
backing files to the same names without '$' symbols in front.
o Note that these changes will require changes in userland, which will
be committed shortly. These include modifications to the extended
attribute utilities, as well as to libutil for new namespace
string conversion routines. Once the matching userland changes are
committed, a buildworld is recommended to update all the necessary
include files and verify that the kernel and userland environments
are in sync. Note: If you do not use extended attributes (most people
won't), upgrading is not imperative although since the system call
API has changed, the new userland extended attribute code will no longer
compile with old include files.
o Couple of minor cleanups while I'm there: make more code compilation
conditional on FFS_EXTATTR, which should recover a bit of space on
kernels running without EA's, as well as update copyright dates.
Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
}
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(text, attrname);
|
o Change the API and ABI of the Extended Attribute kernel interfaces to
introduce a new argument, "namespace", rather than relying on a first-
character namespace indicator. This is in line with more recent
thinking on EA interfaces on various mailing lists, including the
posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces
are defined by default, EXTATTR_NAMESPACE_SYSTEM and
EXTATTR_NAMESPACE_USER, where the primary distinction lies in the
access control model: user EAs are accessible based on the normal
MAC and DAC file/directory protections, and system attributes are
limited to kernel-originated or appropriately privileged userland
requests.
o These API changes occur at several levels: the namespace argument is
introduced in the extattr_{get,set}_file() system call interfaces,
at the vnode operation level in the vop_{get,set}extattr() interfaces,
and in the UFS extended attribute implementation. Changes are also
introduced in the VFS extattrctl() interface (system call, VFS,
and UFS implementation), where the arguments are modified to include
a namespace field, as well as modified to advoid direct access to
userspace variables from below the VFS layer (in the style of recent
changes to mount by adrian@FreeBSD.org). This required some cleanup
and bug fixing regarding VFS locks and the VFS interface, as a vnode
pointer may now be optionally submitted to the VFS_EXTATTRCTL()
call. Updated documentation for the VFS interface will be committed
shortly.
o In the near future, the auto-starting feature will be updated to
search two sub-directories to the ".attribute" directory in appropriate
file systems: "user" and "system" to locate attributes intended for
those namespaces, as the single filename is no longer sufficient
to indicate what namespace the attribute is intended for. Until this
is committed, all attributes auto-started by UFS will be placed in
the EXTATTR_NAMESPACE_SYSTEM namespace.
o The default POSIX.1e attribute names for ACLs and Capabilities have
been updated to no longer include the '$' in their filename. As such,
if you're using these features, you'll need to rename the attribute
backing files to the same names without '$' symbols in front.
o Note that these changes will require changes in userland, which will
be committed shortly. These include modifications to the extended
attribute utilities, as well as to libutil for new namespace
string conversion routines. Once the matching userland changes are
committed, a buildworld is recommended to update all the necessary
include files and verify that the kernel and userland environments
are in sync. Note: If you do not use extended attributes (most people
won't), upgrading is not imperative although since the system call
API has changed, the new userland extended attribute code will no longer
compile with old include files.
o Couple of minor cleanups while I'm there: make more code compilation
conditional on FFS_EXTATTR, which should recover a bit of space on
kernels running without EA's, as well as update copyright dates.
Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
|
|
|
|
2005-09-25 00:47:04 +01:00
|
|
|
vfslocked = fnvfslocked = 0;
|
o Change the API and ABI of the Extended Attribute kernel interfaces to
introduce a new argument, "namespace", rather than relying on a first-
character namespace indicator. This is in line with more recent
thinking on EA interfaces on various mailing lists, including the
posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces
are defined by default, EXTATTR_NAMESPACE_SYSTEM and
EXTATTR_NAMESPACE_USER, where the primary distinction lies in the
access control model: user EAs are accessible based on the normal
MAC and DAC file/directory protections, and system attributes are
limited to kernel-originated or appropriately privileged userland
requests.
o These API changes occur at several levels: the namespace argument is
introduced in the extattr_{get,set}_file() system call interfaces,
at the vnode operation level in the vop_{get,set}extattr() interfaces,
and in the UFS extended attribute implementation. Changes are also
introduced in the VFS extattrctl() interface (system call, VFS,
and UFS implementation), where the arguments are modified to include
a namespace field, as well as modified to advoid direct access to
userspace variables from below the VFS layer (in the style of recent
changes to mount by adrian@FreeBSD.org). This required some cleanup
and bug fixing regarding VFS locks and the VFS interface, as a vnode
pointer may now be optionally submitted to the VFS_EXTATTRCTL()
call. Updated documentation for the VFS interface will be committed
shortly.
o In the near future, the auto-starting feature will be updated to
search two sub-directories to the ".attribute" directory in appropriate
file systems: "user" and "system" to locate attributes intended for
those namespaces, as the single filename is no longer sufficient
to indicate what namespace the attribute is intended for. Until this
is committed, all attributes auto-started by UFS will be placed in
the EXTATTR_NAMESPACE_SYSTEM namespace.
o The default POSIX.1e attribute names for ACLs and Capabilities have
been updated to no longer include the '$' in their filename. As such,
if you're using these features, you'll need to rename the attribute
backing files to the same names without '$' symbols in front.
o Note that these changes will require changes in userland, which will
be committed shortly. These include modifications to the extended
attribute utilities, as well as to libutil for new namespace
string conversion routines. Once the matching userland changes are
committed, a buildworld is recommended to update all the necessary
include files and verify that the kernel and userland environments
are in sync. Note: If you do not use extended attributes (most people
won't), upgrading is not imperative although since the system call
API has changed, the new userland extended attribute code will no longer
compile with old include files.
o Couple of minor cleanups while I'm there: make more code compilation
conditional on FFS_EXTATTR, which should recover a bit of space on
kernels running without EA's, as well as update copyright dates.
Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
|
|
|
/*
|
2002-04-20 02:37:08 +01:00
|
|
|
* uap->filename is not always defined. If it is, grab a vnode lock,
|
|
|
|
* which VFS_EXTATTRCTL() will later release.
|
o Change the API and ABI of the Extended Attribute kernel interfaces to
introduce a new argument, "namespace", rather than relying on a first-
character namespace indicator. This is in line with more recent
thinking on EA interfaces on various mailing lists, including the
posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces
are defined by default, EXTATTR_NAMESPACE_SYSTEM and
EXTATTR_NAMESPACE_USER, where the primary distinction lies in the
access control model: user EAs are accessible based on the normal
MAC and DAC file/directory protections, and system attributes are
limited to kernel-originated or appropriately privileged userland
requests.
o These API changes occur at several levels: the namespace argument is
introduced in the extattr_{get,set}_file() system call interfaces,
at the vnode operation level in the vop_{get,set}extattr() interfaces,
and in the UFS extended attribute implementation. Changes are also
introduced in the VFS extattrctl() interface (system call, VFS,
and UFS implementation), where the arguments are modified to include
a namespace field, as well as modified to advoid direct access to
userspace variables from below the VFS layer (in the style of recent
changes to mount by adrian@FreeBSD.org). This required some cleanup
and bug fixing regarding VFS locks and the VFS interface, as a vnode
pointer may now be optionally submitted to the VFS_EXTATTRCTL()
call. Updated documentation for the VFS interface will be committed
shortly.
o In the near future, the auto-starting feature will be updated to
search two sub-directories to the ".attribute" directory in appropriate
file systems: "user" and "system" to locate attributes intended for
those namespaces, as the single filename is no longer sufficient
to indicate what namespace the attribute is intended for. Until this
is committed, all attributes auto-started by UFS will be placed in
the EXTATTR_NAMESPACE_SYSTEM namespace.
o The default POSIX.1e attribute names for ACLs and Capabilities have
been updated to no longer include the '$' in their filename. As such,
if you're using these features, you'll need to rename the attribute
backing files to the same names without '$' symbols in front.
o Note that these changes will require changes in userland, which will
be committed shortly. These include modifications to the extended
attribute utilities, as well as to libutil for new namespace
string conversion routines. Once the matching userland changes are
committed, a buildworld is recommended to update all the necessary
include files and verify that the kernel and userland environments
are in sync. Note: If you do not use extended attributes (most people
won't), upgrading is not imperative although since the system call
API has changed, the new userland extended attribute code will no longer
compile with old include files.
o Couple of minor cleanups while I'm there: make more code compilation
conditional on FFS_EXTATTR, which should recover a bit of space on
kernels running without EA's, as well as update copyright dates.
Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
|
|
|
*/
|
|
|
|
filename_vp = NULL;
|
2002-04-20 02:37:08 +01:00
|
|
|
if (uap->filename != NULL) {
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | LOCKLEAF |
|
|
|
|
AUDITVNODE2, UIO_USERSPACE, uap->filename, td);
|
2002-10-10 14:59:58 +01:00
|
|
|
error = namei(&nd);
|
|
|
|
if (error)
|
o Change the API and ABI of the Extended Attribute kernel interfaces to
introduce a new argument, "namespace", rather than relying on a first-
character namespace indicator. This is in line with more recent
thinking on EA interfaces on various mailing lists, including the
posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces
are defined by default, EXTATTR_NAMESPACE_SYSTEM and
EXTATTR_NAMESPACE_USER, where the primary distinction lies in the
access control model: user EAs are accessible based on the normal
MAC and DAC file/directory protections, and system attributes are
limited to kernel-originated or appropriately privileged userland
requests.
o These API changes occur at several levels: the namespace argument is
introduced in the extattr_{get,set}_file() system call interfaces,
at the vnode operation level in the vop_{get,set}extattr() interfaces,
and in the UFS extended attribute implementation. Changes are also
introduced in the VFS extattrctl() interface (system call, VFS,
and UFS implementation), where the arguments are modified to include
a namespace field, as well as modified to advoid direct access to
userspace variables from below the VFS layer (in the style of recent
changes to mount by adrian@FreeBSD.org). This required some cleanup
and bug fixing regarding VFS locks and the VFS interface, as a vnode
pointer may now be optionally submitted to the VFS_EXTATTRCTL()
call. Updated documentation for the VFS interface will be committed
shortly.
o In the near future, the auto-starting feature will be updated to
search two sub-directories to the ".attribute" directory in appropriate
file systems: "user" and "system" to locate attributes intended for
those namespaces, as the single filename is no longer sufficient
to indicate what namespace the attribute is intended for. Until this
is committed, all attributes auto-started by UFS will be placed in
the EXTATTR_NAMESPACE_SYSTEM namespace.
o The default POSIX.1e attribute names for ACLs and Capabilities have
been updated to no longer include the '$' in their filename. As such,
if you're using these features, you'll need to rename the attribute
backing files to the same names without '$' symbols in front.
o Note that these changes will require changes in userland, which will
be committed shortly. These include modifications to the extended
attribute utilities, as well as to libutil for new namespace
string conversion routines. Once the matching userland changes are
committed, a buildworld is recommended to update all the necessary
include files and verify that the kernel and userland environments
are in sync. Note: If you do not use extended attributes (most people
won't), upgrading is not imperative although since the system call
API has changed, the new userland extended attribute code will no longer
compile with old include files.
o Couple of minor cleanups while I'm there: make more code compilation
conditional on FFS_EXTATTR, which should recover a bit of space on
kernels running without EA's, as well as update copyright dates.
Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
|
|
|
return (error);
|
2005-09-25 00:47:04 +01:00
|
|
|
fnvfslocked = NDHASGIANT(&nd);
|
o Change the API and ABI of the Extended Attribute kernel interfaces to
introduce a new argument, "namespace", rather than relying on a first-
character namespace indicator. This is in line with more recent
thinking on EA interfaces on various mailing lists, including the
posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces
are defined by default, EXTATTR_NAMESPACE_SYSTEM and
EXTATTR_NAMESPACE_USER, where the primary distinction lies in the
access control model: user EAs are accessible based on the normal
MAC and DAC file/directory protections, and system attributes are
limited to kernel-originated or appropriately privileged userland
requests.
o These API changes occur at several levels: the namespace argument is
introduced in the extattr_{get,set}_file() system call interfaces,
at the vnode operation level in the vop_{get,set}extattr() interfaces,
and in the UFS extended attribute implementation. Changes are also
introduced in the VFS extattrctl() interface (system call, VFS,
and UFS implementation), where the arguments are modified to include
a namespace field, as well as modified to advoid direct access to
userspace variables from below the VFS layer (in the style of recent
changes to mount by adrian@FreeBSD.org). This required some cleanup
and bug fixing regarding VFS locks and the VFS interface, as a vnode
pointer may now be optionally submitted to the VFS_EXTATTRCTL()
call. Updated documentation for the VFS interface will be committed
shortly.
o In the near future, the auto-starting feature will be updated to
search two sub-directories to the ".attribute" directory in appropriate
file systems: "user" and "system" to locate attributes intended for
those namespaces, as the single filename is no longer sufficient
to indicate what namespace the attribute is intended for. Until this
is committed, all attributes auto-started by UFS will be placed in
the EXTATTR_NAMESPACE_SYSTEM namespace.
o The default POSIX.1e attribute names for ACLs and Capabilities have
been updated to no longer include the '$' in their filename. As such,
if you're using these features, you'll need to rename the attribute
backing files to the same names without '$' symbols in front.
o Note that these changes will require changes in userland, which will
be committed shortly. These include modifications to the extended
attribute utilities, as well as to libutil for new namespace
string conversion routines. Once the matching userland changes are
committed, a buildworld is recommended to update all the necessary
include files and verify that the kernel and userland environments
are in sync. Note: If you do not use extended attributes (most people
won't), upgrading is not imperative although since the system call
API has changed, the new userland extended attribute code will no longer
compile with old include files.
o Couple of minor cleanups while I'm there: make more code compilation
conditional on FFS_EXTATTR, which should recover a bit of space on
kernels running without EA's, as well as update copyright dates.
Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
|
|
|
filename_vp = nd.ni_vp;
|
|
|
|
NDFREE(&nd, NDF_NO_VP_RELE | NDF_NO_VP_UNLOCK);
|
|
|
|
}
|
|
|
|
|
2002-04-20 02:37:08 +01:00
|
|
|
/* uap->path is always defined. */
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
|
|
|
uap->path, td);
|
2002-10-10 14:59:58 +01:00
|
|
|
error = namei(&nd);
|
|
|
|
if (error) {
|
2002-02-08 05:58:41 +00:00
|
|
|
if (filename_vp != NULL)
|
|
|
|
vput(filename_vp);
|
2005-09-25 00:47:04 +01:00
|
|
|
goto out;
|
2002-02-08 05:58:41 +00:00
|
|
|
}
|
2005-09-25 00:47:04 +01:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
2002-02-08 05:58:41 +00:00
|
|
|
mp = nd.ni_vp->v_mount;
|
|
|
|
error = vn_start_write(nd.ni_vp, &mp_writable, V_WAIT | PCATCH);
|
1999-12-19 06:08:07 +00:00
|
|
|
NDFREE(&nd, 0);
|
o Change the API and ABI of the Extended Attribute kernel interfaces to
introduce a new argument, "namespace", rather than relying on a first-
character namespace indicator. This is in line with more recent
thinking on EA interfaces on various mailing lists, including the
posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces
are defined by default, EXTATTR_NAMESPACE_SYSTEM and
EXTATTR_NAMESPACE_USER, where the primary distinction lies in the
access control model: user EAs are accessible based on the normal
MAC and DAC file/directory protections, and system attributes are
limited to kernel-originated or appropriately privileged userland
requests.
o These API changes occur at several levels: the namespace argument is
introduced in the extattr_{get,set}_file() system call interfaces,
at the vnode operation level in the vop_{get,set}extattr() interfaces,
and in the UFS extended attribute implementation. Changes are also
introduced in the VFS extattrctl() interface (system call, VFS,
and UFS implementation), where the arguments are modified to include
a namespace field, as well as modified to advoid direct access to
userspace variables from below the VFS layer (in the style of recent
changes to mount by adrian@FreeBSD.org). This required some cleanup
and bug fixing regarding VFS locks and the VFS interface, as a vnode
pointer may now be optionally submitted to the VFS_EXTATTRCTL()
call. Updated documentation for the VFS interface will be committed
shortly.
o In the near future, the auto-starting feature will be updated to
search two sub-directories to the ".attribute" directory in appropriate
file systems: "user" and "system" to locate attributes intended for
those namespaces, as the single filename is no longer sufficient
to indicate what namespace the attribute is intended for. Until this
is committed, all attributes auto-started by UFS will be placed in
the EXTATTR_NAMESPACE_SYSTEM namespace.
o The default POSIX.1e attribute names for ACLs and Capabilities have
been updated to no longer include the '$' in their filename. As such,
if you're using these features, you'll need to rename the attribute
backing files to the same names without '$' symbols in front.
o Note that these changes will require changes in userland, which will
be committed shortly. These include modifications to the extended
attribute utilities, as well as to libutil for new namespace
string conversion routines. Once the matching userland changes are
committed, a buildworld is recommended to update all the necessary
include files and verify that the kernel and userland environments
are in sync. Note: If you do not use extended attributes (most people
won't), upgrading is not imperative although since the system call
API has changed, the new userland extended attribute code will no longer
compile with old include files.
o Couple of minor cleanups while I'm there: make more code compilation
conditional on FFS_EXTATTR, which should recover a bit of space on
kernels running without EA's, as well as update copyright dates.
Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
|
|
|
if (error) {
|
2002-02-08 05:58:41 +00:00
|
|
|
if (filename_vp != NULL)
|
|
|
|
vput(filename_vp);
|
2005-09-25 00:47:04 +01:00
|
|
|
goto out;
|
o Change the API and ABI of the Extended Attribute kernel interfaces to
introduce a new argument, "namespace", rather than relying on a first-
character namespace indicator. This is in line with more recent
thinking on EA interfaces on various mailing lists, including the
posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces
are defined by default, EXTATTR_NAMESPACE_SYSTEM and
EXTATTR_NAMESPACE_USER, where the primary distinction lies in the
access control model: user EAs are accessible based on the normal
MAC and DAC file/directory protections, and system attributes are
limited to kernel-originated or appropriately privileged userland
requests.
o These API changes occur at several levels: the namespace argument is
introduced in the extattr_{get,set}_file() system call interfaces,
at the vnode operation level in the vop_{get,set}extattr() interfaces,
and in the UFS extended attribute implementation. Changes are also
introduced in the VFS extattrctl() interface (system call, VFS,
and UFS implementation), where the arguments are modified to include
a namespace field, as well as modified to advoid direct access to
userspace variables from below the VFS layer (in the style of recent
changes to mount by adrian@FreeBSD.org). This required some cleanup
and bug fixing regarding VFS locks and the VFS interface, as a vnode
pointer may now be optionally submitted to the VFS_EXTATTRCTL()
call. Updated documentation for the VFS interface will be committed
shortly.
o In the near future, the auto-starting feature will be updated to
search two sub-directories to the ".attribute" directory in appropriate
file systems: "user" and "system" to locate attributes intended for
those namespaces, as the single filename is no longer sufficient
to indicate what namespace the attribute is intended for. Until this
is committed, all attributes auto-started by UFS will be placed in
the EXTATTR_NAMESPACE_SYSTEM namespace.
o The default POSIX.1e attribute names for ACLs and Capabilities have
been updated to no longer include the '$' in their filename. As such,
if you're using these features, you'll need to rename the attribute
backing files to the same names without '$' symbols in front.
o Note that these changes will require changes in userland, which will
be committed shortly. These include modifications to the extended
attribute utilities, as well as to libutil for new namespace
string conversion routines. Once the matching userland changes are
committed, a buildworld is recommended to update all the necessary
include files and verify that the kernel and userland environments
are in sync. Note: If you do not use extended attributes (most people
won't), upgrading is not imperative although since the system call
API has changed, the new userland extended attribute code will no longer
compile with old include files.
o Couple of minor cleanups while I'm there: make more code compilation
conditional on FFS_EXTATTR, which should recover a bit of space on
kernels running without EA's, as well as update copyright dates.
Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
|
|
|
}
|
|
|
|
|
2002-08-01 02:26:07 +01:00
|
|
|
error = VFS_EXTATTRCTL(mp, uap->cmd, filename_vp, uap->attrnamespace,
|
|
|
|
uap->attrname != NULL ? attrname : NULL, td);
|
o Change the API and ABI of the Extended Attribute kernel interfaces to
introduce a new argument, "namespace", rather than relying on a first-
character namespace indicator. This is in line with more recent
thinking on EA interfaces on various mailing lists, including the
posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces
are defined by default, EXTATTR_NAMESPACE_SYSTEM and
EXTATTR_NAMESPACE_USER, where the primary distinction lies in the
access control model: user EAs are accessible based on the normal
MAC and DAC file/directory protections, and system attributes are
limited to kernel-originated or appropriately privileged userland
requests.
o These API changes occur at several levels: the namespace argument is
introduced in the extattr_{get,set}_file() system call interfaces,
at the vnode operation level in the vop_{get,set}extattr() interfaces,
and in the UFS extended attribute implementation. Changes are also
introduced in the VFS extattrctl() interface (system call, VFS,
and UFS implementation), where the arguments are modified to include
a namespace field, as well as modified to advoid direct access to
userspace variables from below the VFS layer (in the style of recent
changes to mount by adrian@FreeBSD.org). This required some cleanup
and bug fixing regarding VFS locks and the VFS interface, as a vnode
pointer may now be optionally submitted to the VFS_EXTATTRCTL()
call. Updated documentation for the VFS interface will be committed
shortly.
o In the near future, the auto-starting feature will be updated to
search two sub-directories to the ".attribute" directory in appropriate
file systems: "user" and "system" to locate attributes intended for
those namespaces, as the single filename is no longer sufficient
to indicate what namespace the attribute is intended for. Until this
is committed, all attributes auto-started by UFS will be placed in
the EXTATTR_NAMESPACE_SYSTEM namespace.
o The default POSIX.1e attribute names for ACLs and Capabilities have
been updated to no longer include the '$' in their filename. As such,
if you're using these features, you'll need to rename the attribute
backing files to the same names without '$' symbols in front.
o Note that these changes will require changes in userland, which will
be committed shortly. These include modifications to the extended
attribute utilities, as well as to libutil for new namespace
string conversion routines. Once the matching userland changes are
committed, a buildworld is recommended to update all the necessary
include files and verify that the kernel and userland environments
are in sync. Note: If you do not use extended attributes (most people
won't), upgrading is not imperative although since the system call
API has changed, the new userland extended attribute code will no longer
compile with old include files.
o Couple of minor cleanups while I'm there: make more code compilation
conditional on FFS_EXTATTR, which should recover a bit of space on
kernels running without EA's, as well as update copyright dates.
Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
|
|
|
|
2002-02-08 05:58:41 +00:00
|
|
|
vn_finished_write(mp_writable);
|
o Change the API and ABI of the Extended Attribute kernel interfaces to
introduce a new argument, "namespace", rather than relying on a first-
character namespace indicator. This is in line with more recent
thinking on EA interfaces on various mailing lists, including the
posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces
are defined by default, EXTATTR_NAMESPACE_SYSTEM and
EXTATTR_NAMESPACE_USER, where the primary distinction lies in the
access control model: user EAs are accessible based on the normal
MAC and DAC file/directory protections, and system attributes are
limited to kernel-originated or appropriately privileged userland
requests.
o These API changes occur at several levels: the namespace argument is
introduced in the extattr_{get,set}_file() system call interfaces,
at the vnode operation level in the vop_{get,set}extattr() interfaces,
and in the UFS extended attribute implementation. Changes are also
introduced in the VFS extattrctl() interface (system call, VFS,
and UFS implementation), where the arguments are modified to include
a namespace field, as well as modified to advoid direct access to
userspace variables from below the VFS layer (in the style of recent
changes to mount by adrian@FreeBSD.org). This required some cleanup
and bug fixing regarding VFS locks and the VFS interface, as a vnode
pointer may now be optionally submitted to the VFS_EXTATTRCTL()
call. Updated documentation for the VFS interface will be committed
shortly.
o In the near future, the auto-starting feature will be updated to
search two sub-directories to the ".attribute" directory in appropriate
file systems: "user" and "system" to locate attributes intended for
those namespaces, as the single filename is no longer sufficient
to indicate what namespace the attribute is intended for. Until this
is committed, all attributes auto-started by UFS will be placed in
the EXTATTR_NAMESPACE_SYSTEM namespace.
o The default POSIX.1e attribute names for ACLs and Capabilities have
been updated to no longer include the '$' in their filename. As such,
if you're using these features, you'll need to rename the attribute
backing files to the same names without '$' symbols in front.
o Note that these changes will require changes in userland, which will
be committed shortly. These include modifications to the extended
attribute utilities, as well as to libutil for new namespace
string conversion routines. Once the matching userland changes are
committed, a buildworld is recommended to update all the necessary
include files and verify that the kernel and userland environments
are in sync. Note: If you do not use extended attributes (most people
won't), upgrading is not imperative although since the system call
API has changed, the new userland extended attribute code will no longer
compile with old include files.
o Couple of minor cleanups while I'm there: make more code compilation
conditional on FFS_EXTATTR, which should recover a bit of space on
kernels running without EA's, as well as update copyright dates.
Obtained from: TrustedBSD Project
2001-03-15 02:54:29 +00:00
|
|
|
/*
|
|
|
|
* VFS_EXTATTRCTL will have unlocked, but not de-ref'd,
|
|
|
|
* filename_vp, so vrele it if it is defined.
|
|
|
|
*/
|
|
|
|
if (filename_vp != NULL)
|
|
|
|
vrele(filename_vp);
|
2005-09-25 00:47:04 +01:00
|
|
|
out:
|
|
|
|
VFS_UNLOCK_GIANT(fnvfslocked);
|
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2000-07-11 23:07:57 +01:00
|
|
|
return (error);
|
1999-12-19 06:08:07 +00:00
|
|
|
}
|
|
|
|
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
/*-
|
|
|
|
* Set a named extended attribute on a file or directory
|
2004-01-11 19:52:10 +00:00
|
|
|
*
|
2001-03-31 17:20:05 +01:00
|
|
|
* Arguments: unlocked vnode "vp", attribute namespace "attrnamespace",
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
* kernelspace string pointer "attrname", userspace buffer
|
|
|
|
* pointer "data", buffer length "nbytes", thread "td".
|
2001-03-31 17:20:05 +01:00
|
|
|
* Returns: 0 on success, an error number otherwise
|
|
|
|
* Locks: none
|
|
|
|
* References: vp must be a valid reference for the duration of the call
|
1999-12-19 06:08:07 +00:00
|
|
|
*/
|
2001-03-31 17:20:05 +01:00
|
|
|
static int
|
|
|
|
extattr_set_vp(struct vnode *vp, int attrnamespace, const char *attrname,
|
2002-02-10 05:31:55 +00:00
|
|
|
void *data, size_t nbytes, struct thread *td)
|
1999-12-19 06:08:07 +00:00
|
|
|
{
|
2000-07-11 23:07:57 +01:00
|
|
|
struct mount *mp;
|
1999-12-19 06:08:07 +00:00
|
|
|
struct uio auio;
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
struct iovec aiov;
|
|
|
|
ssize_t cnt;
|
|
|
|
int error;
|
1999-12-19 06:08:07 +00:00
|
|
|
|
2005-09-25 00:47:04 +01:00
|
|
|
VFS_ASSERT_GIANT(vp->v_mount);
|
2002-10-10 14:59:58 +01:00
|
|
|
error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
|
|
|
|
if (error)
|
2000-07-26 21:29:20 +01:00
|
|
|
return (error);
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
|
2001-09-12 09:38:13 +01:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
2001-03-31 17:20:05 +01:00
|
|
|
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
aiov.iov_base = data;
|
|
|
|
aiov.iov_len = nbytes;
|
|
|
|
auio.uio_iov = &aiov;
|
|
|
|
auio.uio_iovcnt = 1;
|
1999-12-19 06:08:07 +00:00
|
|
|
auio.uio_offset = 0;
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
if (nbytes > INT_MAX) {
|
|
|
|
error = EINVAL;
|
1999-12-19 06:08:07 +00:00
|
|
|
goto done;
|
|
|
|
}
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
auio.uio_resid = nbytes;
|
|
|
|
auio.uio_rw = UIO_WRITE;
|
|
|
|
auio.uio_segflg = UIO_USERSPACE;
|
|
|
|
auio.uio_td = td;
|
|
|
|
cnt = nbytes;
|
|
|
|
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_vnode_setextattr(td->td_ucred, vp, attrnamespace,
|
|
|
|
attrname, &auio);
|
|
|
|
if (error)
|
|
|
|
goto done;
|
|
|
|
#endif
|
|
|
|
|
2001-03-31 17:20:05 +01:00
|
|
|
error = VOP_SETEXTATTR(vp, attrnamespace, attrname, &auio,
|
2002-02-27 18:32:23 +00:00
|
|
|
td->td_ucred, td);
|
1999-12-19 06:08:07 +00:00
|
|
|
cnt -= auio.uio_resid;
|
2001-09-12 09:38:13 +01:00
|
|
|
td->td_retval[0] = cnt;
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
|
1999-12-19 06:08:07 +00:00
|
|
|
done:
|
2001-09-12 09:38:13 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
2000-07-11 23:07:57 +01:00
|
|
|
vn_finished_write(mp);
|
1999-12-19 06:08:07 +00:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2002-10-10 01:32:08 +01:00
|
|
|
extattr_set_fd(td, uap)
|
2001-09-12 09:38:13 +01:00
|
|
|
struct thread *td;
|
2002-10-10 01:32:08 +01:00
|
|
|
struct extattr_set_fd_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
|
|
|
int attrnamespace;
|
|
|
|
const char *attrname;
|
|
|
|
void *data;
|
|
|
|
size_t nbytes;
|
2002-04-20 02:37:08 +01:00
|
|
|
} */ *uap;
|
1999-12-19 06:08:07 +00:00
|
|
|
{
|
2002-10-10 01:32:08 +01:00
|
|
|
struct file *fp;
|
1999-12-19 06:08:07 +00:00
|
|
|
char attrname[EXTATTR_MAXNAMELEN];
|
2005-09-25 00:47:04 +01:00
|
|
|
int vfslocked, error;
|
1999-12-19 06:08:07 +00:00
|
|
|
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(fd, uap->fd);
|
|
|
|
AUDIT_ARG(value, uap->attrnamespace);
|
2002-04-20 02:37:08 +01:00
|
|
|
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
1999-12-19 06:08:07 +00:00
|
|
|
if (error)
|
|
|
|
return (error);
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(text, attrname);
|
2001-03-31 17:20:05 +01:00
|
|
|
|
2002-10-10 14:59:58 +01:00
|
|
|
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
|
|
|
|
if (error)
|
1999-12-19 06:08:07 +00:00
|
|
|
return (error);
|
2001-03-31 17:20:05 +01:00
|
|
|
|
2005-09-25 00:47:04 +01:00
|
|
|
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
|
2003-06-22 09:41:43 +01:00
|
|
|
error = extattr_set_vp(fp->f_vnode, uap->attrnamespace,
|
2002-10-10 01:32:08 +01:00
|
|
|
attrname, uap->data, uap->nbytes, td);
|
|
|
|
fdrop(fp, td);
|
2005-09-25 00:47:04 +01:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2001-03-31 17:20:05 +01:00
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2002-10-10 01:32:08 +01:00
|
|
|
extattr_set_file(td, uap)
|
2001-09-12 09:38:13 +01:00
|
|
|
struct thread *td;
|
2002-10-10 01:32:08 +01:00
|
|
|
struct extattr_set_file_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
const char *path;
|
|
|
|
int attrnamespace;
|
|
|
|
const char *attrname;
|
|
|
|
void *data;
|
|
|
|
size_t nbytes;
|
2002-04-20 02:37:08 +01:00
|
|
|
} */ *uap;
|
2001-03-31 17:20:05 +01:00
|
|
|
{
|
2002-10-10 01:32:08 +01:00
|
|
|
struct nameidata nd;
|
2001-03-31 17:20:05 +01:00
|
|
|
char attrname[EXTATTR_MAXNAMELEN];
|
2005-09-25 00:47:04 +01:00
|
|
|
int vfslocked, error;
|
2001-03-31 17:20:05 +01:00
|
|
|
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(value, uap->attrnamespace);
|
2002-04-20 02:37:08 +01:00
|
|
|
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
2001-03-31 17:20:05 +01:00
|
|
|
if (error)
|
|
|
|
return (error);
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(text, attrname);
|
2001-03-31 17:20:05 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
|
|
|
uap->path, td);
|
2002-10-10 14:59:58 +01:00
|
|
|
error = namei(&nd);
|
|
|
|
if (error)
|
2001-03-31 17:20:05 +01:00
|
|
|
return (error);
|
2002-10-10 01:32:08 +01:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2001-03-31 17:20:05 +01:00
|
|
|
|
2005-09-25 00:47:04 +01:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
2002-10-10 01:32:08 +01:00
|
|
|
error = extattr_set_vp(nd.ni_vp, uap->attrnamespace, attrname,
|
|
|
|
uap->data, uap->nbytes, td);
|
2001-03-31 17:20:05 +01:00
|
|
|
|
2002-10-10 01:32:08 +01:00
|
|
|
vrele(nd.ni_vp);
|
2005-09-25 00:47:04 +01:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2001-03-31 17:20:05 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2002-10-09 22:48:22 +01:00
|
|
|
int
|
|
|
|
extattr_set_link(td, uap)
|
|
|
|
struct thread *td;
|
|
|
|
struct extattr_set_link_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
const char *path;
|
|
|
|
int attrnamespace;
|
|
|
|
const char *attrname;
|
|
|
|
void *data;
|
|
|
|
size_t nbytes;
|
2002-10-09 22:48:22 +01:00
|
|
|
} */ *uap;
|
|
|
|
{
|
|
|
|
struct nameidata nd;
|
|
|
|
char attrname[EXTATTR_MAXNAMELEN];
|
2005-09-25 00:47:04 +01:00
|
|
|
int vfslocked, error;
|
2002-10-09 22:48:22 +01:00
|
|
|
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(value, uap->attrnamespace);
|
2002-10-09 22:48:22 +01:00
|
|
|
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(text, attrname);
|
2002-10-09 22:48:22 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
|
|
|
uap->path, td);
|
2002-10-10 14:59:58 +01:00
|
|
|
error = namei(&nd);
|
|
|
|
if (error)
|
2002-10-09 22:48:22 +01:00
|
|
|
return (error);
|
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
|
|
|
|
2005-09-25 00:47:04 +01:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
2002-10-09 22:48:22 +01:00
|
|
|
error = extattr_set_vp(nd.ni_vp, uap->attrnamespace, attrname,
|
|
|
|
uap->data, uap->nbytes, td);
|
|
|
|
|
|
|
|
vrele(nd.ni_vp);
|
2005-09-25 00:47:04 +01:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2002-10-09 22:48:22 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
/*-
|
|
|
|
* Get a named extended attribute on a file or directory
|
2004-01-11 19:52:10 +00:00
|
|
|
*
|
2001-03-31 17:20:05 +01:00
|
|
|
* Arguments: unlocked vnode "vp", attribute namespace "attrnamespace",
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
* kernelspace string pointer "attrname", userspace buffer
|
|
|
|
* pointer "data", buffer length "nbytes", thread "td".
|
2001-03-31 17:20:05 +01:00
|
|
|
* Returns: 0 on success, an error number otherwise
|
|
|
|
* Locks: none
|
|
|
|
* References: vp must be a valid reference for the duration of the call
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
extattr_get_vp(struct vnode *vp, int attrnamespace, const char *attrname,
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
void *data, size_t nbytes, struct thread *td)
|
2001-03-31 17:20:05 +01:00
|
|
|
{
|
2002-04-23 02:27:38 +01:00
|
|
|
struct uio auio, *auiop;
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
struct iovec aiov;
|
|
|
|
ssize_t cnt;
|
2002-04-23 02:27:38 +01:00
|
|
|
size_t size, *sizep;
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
int error;
|
2001-03-31 17:20:05 +01:00
|
|
|
|
2005-09-25 00:47:04 +01:00
|
|
|
VFS_ASSERT_GIANT(vp->v_mount);
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(vp, td, td->td_ucred, LEASE_READ);
|
2001-09-12 09:38:13 +01:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
2001-03-31 17:20:05 +01:00
|
|
|
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
/*
|
|
|
|
* Slightly unusual semantics: if the user provides a NULL data
|
|
|
|
* pointer, they don't want to receive the data, just the
|
|
|
|
* maximum read length.
|
|
|
|
*/
|
2002-04-23 02:27:38 +01:00
|
|
|
auiop = NULL;
|
|
|
|
sizep = NULL;
|
|
|
|
cnt = 0;
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
if (data != NULL) {
|
|
|
|
aiov.iov_base = data;
|
|
|
|
aiov.iov_len = nbytes;
|
|
|
|
auio.uio_iov = &aiov;
|
2005-06-08 14:22:10 +01:00
|
|
|
auio.uio_iovcnt = 1;
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
auio.uio_offset = 0;
|
|
|
|
if (nbytes > INT_MAX) {
|
1999-12-19 06:08:07 +00:00
|
|
|
error = EINVAL;
|
|
|
|
goto done;
|
|
|
|
}
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
auio.uio_resid = nbytes;
|
|
|
|
auio.uio_rw = UIO_READ;
|
|
|
|
auio.uio_segflg = UIO_USERSPACE;
|
|
|
|
auio.uio_td = td;
|
2002-04-23 02:27:38 +01:00
|
|
|
auiop = &auio;
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
cnt = nbytes;
|
2004-06-24 18:22:29 +01:00
|
|
|
} else
|
2002-04-23 02:27:38 +01:00
|
|
|
sizep = &size;
|
|
|
|
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#ifdef MAC
|
|
|
|
error = mac_check_vnode_getextattr(td->td_ucred, vp, attrnamespace,
|
|
|
|
attrname, &auio);
|
|
|
|
if (error)
|
|
|
|
goto done;
|
|
|
|
#endif
|
|
|
|
|
2002-04-23 02:27:38 +01:00
|
|
|
error = VOP_GETEXTATTR(vp, attrnamespace, attrname, auiop, sizep,
|
|
|
|
td->td_ucred, td);
|
|
|
|
|
|
|
|
if (auiop != NULL) {
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
cnt -= auio.uio_resid;
|
|
|
|
td->td_retval[0] = cnt;
|
2004-06-24 18:22:29 +01:00
|
|
|
} else
|
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
as not to use the scatter gather API (which appeared not to be used
by any consumers, and be less portable), rather, accepts 'data'
and 'nbytes' in the style of other simple read/write interfaces.
This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return
a size_t. When performing a read, the number of bytes read will
be returned, unless the data pointer is NULL, in which case the
number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
argument so as to return the size, if desirable. If set to NULL,
the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more
portable. More commits to rebuild the system call files, as well
as update userland utilities to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
|
|
|
td->td_retval[0] = size;
|
2002-04-23 02:27:38 +01:00
|
|
|
|
1999-12-19 06:08:07 +00:00
|
|
|
done:
|
2001-09-12 09:38:13 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
2001-03-31 17:20:05 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2002-10-10 01:32:08 +01:00
|
|
|
extattr_get_fd(td, uap)
|
2001-09-12 09:38:13 +01:00
|
|
|
struct thread *td;
|
2002-10-10 01:32:08 +01:00
|
|
|
struct extattr_get_fd_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
|
|
|
int attrnamespace;
|
|
|
|
const char *attrname;
|
|
|
|
void *data;
|
|
|
|
size_t nbytes;
|
2002-04-20 02:37:08 +01:00
|
|
|
} */ *uap;
|
2001-03-31 17:20:05 +01:00
|
|
|
{
|
2002-10-10 01:32:08 +01:00
|
|
|
struct file *fp;
|
2001-03-31 17:20:05 +01:00
|
|
|
char attrname[EXTATTR_MAXNAMELEN];
|
2005-09-25 00:47:04 +01:00
|
|
|
int vfslocked, error;
|
2001-03-31 17:20:05 +01:00
|
|
|
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(fd, uap->fd);
|
|
|
|
AUDIT_ARG(value, uap->attrnamespace);
|
2002-04-20 02:37:08 +01:00
|
|
|
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
2001-03-31 17:20:05 +01:00
|
|
|
if (error)
|
|
|
|
return (error);
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(text, attrname);
|
2001-03-31 17:20:05 +01:00
|
|
|
|
2002-10-10 14:59:58 +01:00
|
|
|
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
|
|
|
|
if (error)
|
2001-03-31 17:20:05 +01:00
|
|
|
return (error);
|
|
|
|
|
2005-09-25 00:47:04 +01:00
|
|
|
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
|
2003-06-22 09:41:43 +01:00
|
|
|
error = extattr_get_vp(fp->f_vnode, uap->attrnamespace,
|
2002-10-10 01:32:08 +01:00
|
|
|
attrname, uap->data, uap->nbytes, td);
|
2001-03-31 17:20:05 +01:00
|
|
|
|
2002-10-10 01:32:08 +01:00
|
|
|
fdrop(fp, td);
|
2005-09-25 00:47:04 +01:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2001-03-31 17:20:05 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2002-10-10 01:32:08 +01:00
|
|
|
extattr_get_file(td, uap)
|
2001-09-12 09:38:13 +01:00
|
|
|
struct thread *td;
|
2002-10-10 01:32:08 +01:00
|
|
|
struct extattr_get_file_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
const char *path;
|
|
|
|
int attrnamespace;
|
|
|
|
const char *attrname;
|
|
|
|
void *data;
|
|
|
|
size_t nbytes;
|
2002-04-20 02:37:08 +01:00
|
|
|
} */ *uap;
|
2001-03-31 17:20:05 +01:00
|
|
|
{
|
2002-10-10 01:32:08 +01:00
|
|
|
struct nameidata nd;
|
2001-03-31 17:20:05 +01:00
|
|
|
char attrname[EXTATTR_MAXNAMELEN];
|
2005-09-25 00:47:04 +01:00
|
|
|
int vfslocked, error;
|
2001-03-31 17:20:05 +01:00
|
|
|
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(value, uap->attrnamespace);
|
2002-04-20 02:37:08 +01:00
|
|
|
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
2001-03-31 17:20:05 +01:00
|
|
|
if (error)
|
|
|
|
return (error);
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(text, attrname);
|
2001-03-31 17:20:05 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
|
|
|
uap->path, td);
|
2002-10-10 14:59:58 +01:00
|
|
|
error = namei(&nd);
|
|
|
|
if (error)
|
2001-03-31 17:20:05 +01:00
|
|
|
return (error);
|
2002-10-10 01:32:08 +01:00
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2001-03-31 17:20:05 +01:00
|
|
|
|
2005-09-25 00:47:04 +01:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
2002-10-10 01:32:08 +01:00
|
|
|
error = extattr_get_vp(nd.ni_vp, uap->attrnamespace, attrname,
|
|
|
|
uap->data, uap->nbytes, td);
|
2001-03-31 17:20:05 +01:00
|
|
|
|
2002-10-10 01:32:08 +01:00
|
|
|
vrele(nd.ni_vp);
|
2005-09-25 00:47:04 +01:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2001-03-31 17:20:05 +01:00
|
|
|
return (error);
|
1999-12-19 06:08:07 +00:00
|
|
|
}
|
|
|
|
|
2002-10-09 22:48:22 +01:00
|
|
|
int
|
|
|
|
extattr_get_link(td, uap)
|
|
|
|
struct thread *td;
|
|
|
|
struct extattr_get_link_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
const char *path;
|
|
|
|
int attrnamespace;
|
|
|
|
const char *attrname;
|
|
|
|
void *data;
|
|
|
|
size_t nbytes;
|
2002-10-09 22:48:22 +01:00
|
|
|
} */ *uap;
|
|
|
|
{
|
|
|
|
struct nameidata nd;
|
|
|
|
char attrname[EXTATTR_MAXNAMELEN];
|
2005-09-25 00:47:04 +01:00
|
|
|
int vfslocked, error;
|
2002-10-09 22:48:22 +01:00
|
|
|
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(value, uap->attrnamespace);
|
2002-10-09 22:48:22 +01:00
|
|
|
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(text, attrname);
|
2002-10-09 22:48:22 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
|
|
|
uap->path, td);
|
2002-10-10 14:59:58 +01:00
|
|
|
error = namei(&nd);
|
|
|
|
if (error)
|
2002-10-09 22:48:22 +01:00
|
|
|
return (error);
|
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
|
|
|
|
2005-09-25 00:47:04 +01:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
2002-10-09 22:48:22 +01:00
|
|
|
error = extattr_get_vp(nd.ni_vp, uap->attrnamespace, attrname,
|
|
|
|
uap->data, uap->nbytes, td);
|
|
|
|
|
|
|
|
vrele(nd.ni_vp);
|
2005-09-25 00:47:04 +01:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2002-10-09 22:48:22 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
1999-12-19 06:08:07 +00:00
|
|
|
/*
|
2001-03-31 17:20:05 +01:00
|
|
|
* extattr_delete_vp(): Delete a named extended attribute on a file or
|
|
|
|
* directory
|
2004-01-11 19:52:10 +00:00
|
|
|
*
|
2001-03-31 17:20:05 +01:00
|
|
|
* Arguments: unlocked vnode "vp", attribute namespace "attrnamespace",
|
|
|
|
* kernelspace string pointer "attrname", proc "p"
|
|
|
|
* Returns: 0 on success, an error number otherwise
|
|
|
|
* Locks: none
|
|
|
|
* References: vp must be a valid reference for the duration of the call
|
1999-12-19 06:08:07 +00:00
|
|
|
*/
|
2001-03-31 17:20:05 +01:00
|
|
|
static int
|
|
|
|
extattr_delete_vp(struct vnode *vp, int attrnamespace, const char *attrname,
|
2001-09-12 09:38:13 +01:00
|
|
|
struct thread *td)
|
2001-03-31 17:20:05 +01:00
|
|
|
{
|
|
|
|
struct mount *mp;
|
|
|
|
int error;
|
|
|
|
|
2005-09-25 00:47:04 +01:00
|
|
|
VFS_ASSERT_GIANT(vp->v_mount);
|
2002-10-10 14:59:58 +01:00
|
|
|
error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
|
|
|
|
if (error)
|
2001-03-31 17:20:05 +01:00
|
|
|
return (error);
|
2002-02-27 18:32:23 +00:00
|
|
|
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
|
2001-09-12 09:38:13 +01:00
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
2001-03-31 17:20:05 +01:00
|
|
|
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#ifdef MAC
|
2003-08-21 14:53:01 +01:00
|
|
|
error = mac_check_vnode_deleteextattr(td->td_ucred, vp, attrnamespace,
|
|
|
|
attrname);
|
2002-10-10 14:59:58 +01:00
|
|
|
if (error)
|
|
|
|
goto done;
|
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke appropriate MAC entry points to authorize the following
operations:
truncate on open() (write)
access() (access)
readlink() (readlink)
chflags(), lchflags(), fchflags() (setflag)
chmod(), fchmod(), lchmod() (setmode)
chown(), fchown(), lchown() (setowner)
utimes(), lutimes(), futimes() (setutimes)
truncate(), ftrunfcate() (write)
revoke() (revoke)
fhopen() (open)
truncate on fhopen() (write)
extattr_set_fd, extattr_set_file() (setextattr)
extattr_get_fd, extattr_get_file() (getextattr)
extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of
protections on vnodes. More vnode checks to come, especially in
non-native ABIs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
2002-08-01 16:37:12 +01:00
|
|
|
#endif
|
|
|
|
|
2003-07-28 19:53:29 +01:00
|
|
|
error = VOP_DELETEEXTATTR(vp, attrnamespace, attrname, td->td_ucred,
|
|
|
|
td);
|
2003-06-23 00:03:07 +01:00
|
|
|
if (error == EOPNOTSUPP)
|
|
|
|
error = VOP_SETEXTATTR(vp, attrnamespace, attrname, NULL,
|
|
|
|
td->td_ucred, td);
|
2002-10-10 14:59:58 +01:00
|
|
|
#ifdef MAC
|
|
|
|
done:
|
|
|
|
#endif
|
2001-09-12 09:38:13 +01:00
|
|
|
VOP_UNLOCK(vp, 0, td);
|
2001-03-31 17:20:05 +01:00
|
|
|
vn_finished_write(mp);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
1999-12-19 06:08:07 +00:00
|
|
|
int
|
2002-10-10 01:32:08 +01:00
|
|
|
extattr_delete_fd(td, uap)
|
2001-09-12 09:38:13 +01:00
|
|
|
struct thread *td;
|
2002-10-10 01:32:08 +01:00
|
|
|
struct extattr_delete_fd_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
int fd;
|
|
|
|
int attrnamespace;
|
|
|
|
const char *attrname;
|
2002-04-20 02:37:08 +01:00
|
|
|
} */ *uap;
|
1999-12-19 06:08:07 +00:00
|
|
|
{
|
2002-10-10 01:32:08 +01:00
|
|
|
struct file *fp;
|
1999-12-19 06:08:07 +00:00
|
|
|
char attrname[EXTATTR_MAXNAMELEN];
|
2005-09-25 00:47:04 +01:00
|
|
|
int vfslocked, error;
|
1999-12-19 06:08:07 +00:00
|
|
|
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(fd, uap->fd);
|
|
|
|
AUDIT_ARG(value, uap->attrnamespace);
|
2002-04-20 02:37:08 +01:00
|
|
|
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
1999-12-19 06:08:07 +00:00
|
|
|
if (error)
|
2002-10-10 01:32:08 +01:00
|
|
|
return (error);
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(text, attrname);
|
2001-03-31 17:20:05 +01:00
|
|
|
|
2002-10-10 14:59:58 +01:00
|
|
|
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
|
|
|
|
if (error)
|
2002-10-10 01:32:08 +01:00
|
|
|
return (error);
|
2001-03-31 17:20:05 +01:00
|
|
|
|
2005-09-25 00:47:04 +01:00
|
|
|
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
|
|
|
|
error = extattr_delete_vp(fp->f_vnode, uap->attrnamespace,
|
|
|
|
attrname, td);
|
2002-10-10 01:32:08 +01:00
|
|
|
fdrop(fp, td);
|
2005-09-25 00:47:04 +01:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2002-10-10 01:32:08 +01:00
|
|
|
return (error);
|
1999-12-19 06:08:07 +00:00
|
|
|
}
|
2001-03-31 17:20:05 +01:00
|
|
|
|
|
|
|
int
|
2002-10-10 01:32:08 +01:00
|
|
|
extattr_delete_file(td, uap)
|
2001-09-12 09:38:13 +01:00
|
|
|
struct thread *td;
|
2002-10-10 01:32:08 +01:00
|
|
|
struct extattr_delete_file_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
const char *path;
|
|
|
|
int attrnamespace;
|
|
|
|
const char *attrname;
|
2002-04-20 02:37:08 +01:00
|
|
|
} */ *uap;
|
2001-03-31 17:20:05 +01:00
|
|
|
{
|
2002-10-10 01:32:08 +01:00
|
|
|
struct nameidata nd;
|
2001-03-31 17:20:05 +01:00
|
|
|
char attrname[EXTATTR_MAXNAMELEN];
|
2005-09-25 00:47:04 +01:00
|
|
|
int vfslocked, error;
|
2001-03-31 17:20:05 +01:00
|
|
|
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(value, uap->attrnamespace);
|
2002-04-20 02:37:08 +01:00
|
|
|
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
2001-03-31 17:20:05 +01:00
|
|
|
if (error)
|
2002-10-10 01:32:08 +01:00
|
|
|
return(error);
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(text, attrname);
|
2001-03-31 17:20:05 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
|
|
|
uap->path, td);
|
2002-10-10 14:59:58 +01:00
|
|
|
error = namei(&nd);
|
|
|
|
if (error)
|
2002-10-10 01:32:08 +01:00
|
|
|
return(error);
|
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
2001-03-31 17:20:05 +01:00
|
|
|
|
2005-09-25 00:47:04 +01:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
2002-10-10 01:32:08 +01:00
|
|
|
error = extattr_delete_vp(nd.ni_vp, uap->attrnamespace, attrname, td);
|
|
|
|
vrele(nd.ni_vp);
|
2005-09-25 00:47:04 +01:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2002-10-10 01:32:08 +01:00
|
|
|
return(error);
|
2001-03-31 17:20:05 +01:00
|
|
|
}
|
2002-10-09 22:48:22 +01:00
|
|
|
|
|
|
|
int
|
|
|
|
extattr_delete_link(td, uap)
|
|
|
|
struct thread *td;
|
|
|
|
struct extattr_delete_link_args /* {
|
2002-12-14 02:07:32 +00:00
|
|
|
const char *path;
|
|
|
|
int attrnamespace;
|
|
|
|
const char *attrname;
|
2002-10-09 22:48:22 +01:00
|
|
|
} */ *uap;
|
|
|
|
{
|
|
|
|
struct nameidata nd;
|
|
|
|
char attrname[EXTATTR_MAXNAMELEN];
|
2005-09-25 00:47:04 +01:00
|
|
|
int vfslocked, error;
|
2002-10-09 22:48:22 +01:00
|
|
|
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(value, uap->attrnamespace);
|
2002-10-09 22:48:22 +01:00
|
|
|
error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
|
|
|
|
if (error)
|
|
|
|
return(error);
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(text, attrname);
|
2002-10-09 22:48:22 +01:00
|
|
|
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
|
|
|
uap->path, td);
|
2002-10-10 14:59:58 +01:00
|
|
|
error = namei(&nd);
|
|
|
|
if (error)
|
2002-10-09 22:48:22 +01:00
|
|
|
return(error);
|
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
|
|
|
|
2005-09-25 00:47:04 +01:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
2002-10-09 22:48:22 +01:00
|
|
|
error = extattr_delete_vp(nd.ni_vp, uap->attrnamespace, attrname, td);
|
|
|
|
vrele(nd.ni_vp);
|
2005-09-25 00:47:04 +01:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2002-10-09 22:48:22 +01:00
|
|
|
return(error);
|
|
|
|
}
|
2003-06-04 04:57:28 +01:00
|
|
|
|
|
|
|
/*-
|
|
|
|
* Retrieve a list of extended attributes on a file or directory.
|
|
|
|
*
|
|
|
|
* Arguments: unlocked vnode "vp", attribute namespace 'attrnamespace",
|
|
|
|
* userspace buffer pointer "data", buffer length "nbytes",
|
|
|
|
* thread "td".
|
|
|
|
* Returns: 0 on success, an error number otherwise
|
|
|
|
* Locks: none
|
|
|
|
* References: vp must be a valid reference for the duration of the call
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
extattr_list_vp(struct vnode *vp, int attrnamespace, void *data,
|
|
|
|
size_t nbytes, struct thread *td)
|
|
|
|
{
|
|
|
|
struct uio auio, *auiop;
|
|
|
|
size_t size, *sizep;
|
|
|
|
struct iovec aiov;
|
|
|
|
ssize_t cnt;
|
|
|
|
int error;
|
|
|
|
|
2005-09-25 00:47:04 +01:00
|
|
|
VFS_ASSERT_GIANT(vp->v_mount);
|
2003-06-04 04:57:28 +01:00
|
|
|
VOP_LEASE(vp, td, td->td_ucred, LEASE_READ);
|
|
|
|
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
|
|
|
|
|
|
|
|
auiop = NULL;
|
|
|
|
sizep = NULL;
|
|
|
|
cnt = 0;
|
|
|
|
if (data != NULL) {
|
|
|
|
aiov.iov_base = data;
|
|
|
|
aiov.iov_len = nbytes;
|
|
|
|
auio.uio_iov = &aiov;
|
2005-06-08 14:22:10 +01:00
|
|
|
auio.uio_iovcnt = 1;
|
2003-06-04 04:57:28 +01:00
|
|
|
auio.uio_offset = 0;
|
|
|
|
if (nbytes > INT_MAX) {
|
|
|
|
error = EINVAL;
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
auio.uio_resid = nbytes;
|
|
|
|
auio.uio_rw = UIO_READ;
|
|
|
|
auio.uio_segflg = UIO_USERSPACE;
|
|
|
|
auio.uio_td = td;
|
|
|
|
auiop = &auio;
|
|
|
|
cnt = nbytes;
|
2004-06-24 18:22:29 +01:00
|
|
|
} else
|
2003-06-04 04:57:28 +01:00
|
|
|
sizep = &size;
|
|
|
|
|
|
|
|
#ifdef MAC
|
2003-08-21 14:53:01 +01:00
|
|
|
error = mac_check_vnode_listextattr(td->td_ucred, vp, attrnamespace);
|
2003-06-04 04:57:28 +01:00
|
|
|
if (error)
|
|
|
|
goto done;
|
|
|
|
#endif
|
|
|
|
|
2003-06-05 06:55:34 +01:00
|
|
|
error = VOP_LISTEXTATTR(vp, attrnamespace, auiop, sizep,
|
2003-06-04 04:57:28 +01:00
|
|
|
td->td_ucred, td);
|
|
|
|
|
|
|
|
if (auiop != NULL) {
|
|
|
|
cnt -= auio.uio_resid;
|
|
|
|
td->td_retval[0] = cnt;
|
2004-06-24 18:22:29 +01:00
|
|
|
} else
|
2003-06-04 04:57:28 +01:00
|
|
|
td->td_retval[0] = size;
|
|
|
|
|
|
|
|
done:
|
|
|
|
VOP_UNLOCK(vp, 0, td);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
extattr_list_fd(td, uap)
|
|
|
|
struct thread *td;
|
|
|
|
struct extattr_list_fd_args /* {
|
|
|
|
int fd;
|
|
|
|
int attrnamespace;
|
|
|
|
void *data;
|
|
|
|
size_t nbytes;
|
|
|
|
} */ *uap;
|
|
|
|
{
|
|
|
|
struct file *fp;
|
2005-09-25 00:47:04 +01:00
|
|
|
int vfslocked, error;
|
2003-06-04 04:57:28 +01:00
|
|
|
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(fd, uap->fd);
|
|
|
|
AUDIT_ARG(value, uap->attrnamespace);
|
2003-06-04 04:57:28 +01:00
|
|
|
error = getvnode(td->td_proc->p_fd, uap->fd, &fp);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
|
2005-09-25 00:47:04 +01:00
|
|
|
vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
|
2003-06-22 09:41:43 +01:00
|
|
|
error = extattr_list_vp(fp->f_vnode, uap->attrnamespace, uap->data,
|
2003-06-04 04:57:28 +01:00
|
|
|
uap->nbytes, td);
|
|
|
|
|
|
|
|
fdrop(fp, td);
|
2005-09-25 00:47:04 +01:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2003-06-04 04:57:28 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
extattr_list_file(td, uap)
|
|
|
|
struct thread*td;
|
|
|
|
struct extattr_list_file_args /* {
|
|
|
|
const char *path;
|
|
|
|
int attrnamespace;
|
|
|
|
void *data;
|
|
|
|
size_t nbytes;
|
|
|
|
} */ *uap;
|
|
|
|
{
|
|
|
|
struct nameidata nd;
|
2005-09-25 00:47:04 +01:00
|
|
|
int vfslocked, error;
|
2003-06-04 04:57:28 +01:00
|
|
|
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(value, uap->attrnamespace);
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
|
|
|
uap->path, td);
|
2003-06-04 04:57:28 +01:00
|
|
|
error = namei(&nd);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
|
|
|
|
2005-09-25 00:47:04 +01:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
2003-06-04 04:57:28 +01:00
|
|
|
error = extattr_list_vp(nd.ni_vp, uap->attrnamespace, uap->data,
|
|
|
|
uap->nbytes, td);
|
|
|
|
|
|
|
|
vrele(nd.ni_vp);
|
2005-09-25 00:47:04 +01:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2003-06-04 04:57:28 +01:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
extattr_list_link(td, uap)
|
|
|
|
struct thread*td;
|
|
|
|
struct extattr_list_link_args /* {
|
|
|
|
const char *path;
|
|
|
|
int attrnamespace;
|
|
|
|
void *data;
|
|
|
|
size_t nbytes;
|
|
|
|
} */ *uap;
|
|
|
|
{
|
|
|
|
struct nameidata nd;
|
2005-09-25 00:47:04 +01:00
|
|
|
int vfslocked, error;
|
2003-06-04 04:57:28 +01:00
|
|
|
|
2006-07-06 20:33:38 +01:00
|
|
|
AUDIT_ARG(value, uap->attrnamespace);
|
Add pathname and/or vnode argument auditing for the following system calls:
quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup
instead of directly in the system call.
Audit the remaining arguments to these system calls:
fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
getdirentries.
2006-02-22 16:04:20 +00:00
|
|
|
NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
|
|
|
|
uap->path, td);
|
2003-06-04 04:57:28 +01:00
|
|
|
error = namei(&nd);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
|
|
|
|
2005-09-25 00:47:04 +01:00
|
|
|
vfslocked = NDHASGIANT(&nd);
|
2003-06-04 04:57:28 +01:00
|
|
|
error = extattr_list_vp(nd.ni_vp, uap->attrnamespace, uap->data,
|
|
|
|
uap->nbytes, td);
|
|
|
|
|
|
|
|
vrele(nd.ni_vp);
|
2005-09-25 00:47:04 +01:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2003-06-04 04:57:28 +01:00
|
|
|
return (error);
|
|
|
|
}
|