Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys add a kauth vnode check for creating links



details:   https://anonhg.NetBSD.org/src/rev/893f50eecb72
branches:  trunk
changeset: 364478:893f50eecb72
user:      christos <christos%NetBSD.org@localhost>
date:      Sun Mar 27 16:24:57 2022 +0000

description:
add a kauth vnode check for creating links

diffstat:

 sys/coda/coda_vnops.c         |   8 ++++++--
 sys/fs/tmpfs/tmpfs_vnops.c    |   9 +++++++--
 sys/fs/udf/udf_vnops.c        |  19 +++++++++++--------
 sys/fs/v7fs/v7fs_vnops.c      |  16 +++++++++++-----
 sys/nfs/nfs_vnops.c           |  11 +++++++++--
 sys/ufs/chfs/chfs_vnops.c     |  18 +++++++++++-------
 sys/ufs/ext2fs/ext2fs_vnops.c |  19 +++++++++++--------
 sys/ufs/lfs/ulfs_vnops.c      |  20 +++++++++++---------
 sys/ufs/ufs/ufs_vnops.c       |  27 ++++++++++++++++-----------
 9 files changed, 93 insertions(+), 54 deletions(-)

diffs (truncated from 450 to 300 lines):

diff -r d8ff432c5ac9 -r 893f50eecb72 sys/coda/coda_vnops.c
--- a/sys/coda/coda_vnops.c     Sun Mar 27 16:23:08 2022 +0000
+++ b/sys/coda/coda_vnops.c     Sun Mar 27 16:24:57 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: coda_vnops.c,v 1.117 2021/12/05 08:10:39 msaitoh Exp $ */
+/*     $NetBSD: coda_vnops.c,v 1.118 2022/03/27 16:24:58 christos Exp $        */
 
 /*
  *
@@ -46,7 +46,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: coda_vnops.c,v 1.117 2021/12/05 08:10:39 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: coda_vnops.c,v 1.118 2022/03/27 16:24:58 christos Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -1198,6 +1198,10 @@
        error = EFAULT;         /* XXX better value */
        goto exit;
     }
+    error = kauth_authorize_vnode(cnp->cn_cred, KAUTH_VNODE_ADD_LINK, vp,
+       dvp, 0);
+    if (error)
+           goto exit;
     error = venus_link(vtomi(vp), &cp->c_fid, &dcp->c_fid, nm, len, cred, l);
     VOP_UNLOCK(vp);
 
diff -r d8ff432c5ac9 -r 893f50eecb72 sys/fs/tmpfs/tmpfs_vnops.c
--- a/sys/fs/tmpfs/tmpfs_vnops.c        Sun Mar 27 16:23:08 2022 +0000
+++ b/sys/fs/tmpfs/tmpfs_vnops.c        Sun Mar 27 16:24:57 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: tmpfs_vnops.c,v 1.148 2021/10/20 03:08:17 thorpej Exp $        */
+/*     $NetBSD: tmpfs_vnops.c,v 1.149 2022/03/27 16:24:57 christos Exp $       */
 
 /*
  * Copyright (c) 2005, 2006, 2007, 2020 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tmpfs_vnops.c,v 1.148 2021/10/20 03:08:17 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tmpfs_vnops.c,v 1.149 2022/03/27 16:24:57 christos Exp $");
 
 #include <sys/param.h>
 #include <sys/dirent.h>
@@ -801,6 +801,11 @@
                goto out;
        }
 
+       error = kauth_authorize_vnode(cnp->cn_cred, KAUTH_VNODE_ADD_LINK, vp,
+           dvp, 0);
+       if (error)
+               goto out;
+
        /* Allocate a new directory entry to represent the inode. */
        error = tmpfs_alloc_dirent(VFS_TO_TMPFS(vp->v_mount),
            cnp->cn_nameptr, cnp->cn_namelen, &de);
diff -r d8ff432c5ac9 -r 893f50eecb72 sys/fs/udf/udf_vnops.c
--- a/sys/fs/udf/udf_vnops.c    Sun Mar 27 16:23:08 2022 +0000
+++ b/sys/fs/udf/udf_vnops.c    Sun Mar 27 16:24:57 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: udf_vnops.c,v 1.119 2022/02/16 22:00:56 andvar Exp $ */
+/* $NetBSD: udf_vnops.c,v 1.120 2022/03/27 16:24:58 christos Exp $ */
 
 /*
  * Copyright (c) 2006, 2008 Reinoud Zandijk
@@ -32,7 +32,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__KERNEL_RCSID(0, "$NetBSD: udf_vnops.c,v 1.119 2022/02/16 22:00:56 andvar Exp $");
+__KERNEL_RCSID(0, "$NetBSD: udf_vnops.c,v 1.120 2022/03/27 16:24:58 christos Exp $");
 #endif /* not lint */
 
 
@@ -1559,18 +1559,21 @@
        udf_node = VTOI(vp);
 
        error = VOP_GETATTR(vp, &vap, FSCRED);
-       if (error) {
-               VOP_UNLOCK(vp);
-               return error;
-       }
+       if (error)
+               goto out;
 
        /* check link count overflow */
        if (vap.va_nlink >= (1<<16)-1) {        /* uint16_t */
-               VOP_UNLOCK(vp);
-               return EMLINK;
+               error = EMLINK;
+               goto out;
        }
+       error = kauth_authorize_vnode(cnp->cn_cred, KAUTH_VNODE_ADD_LINK, vp,
+           dvp, 0);
+       if (error)
+               goto out;
 
        error = udf_dir_attach(dir_node->ump, dir_node, udf_node, &vap, cnp);
+out:
        if (error)
                VOP_UNLOCK(vp);
        return error;
diff -r d8ff432c5ac9 -r 893f50eecb72 sys/fs/v7fs/v7fs_vnops.c
--- a/sys/fs/v7fs/v7fs_vnops.c  Sun Mar 27 16:23:08 2022 +0000
+++ b/sys/fs/v7fs/v7fs_vnops.c  Sun Mar 27 16:24:57 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: v7fs_vnops.c,v 1.34 2022/02/11 10:55:15 hannken Exp $  */
+/*     $NetBSD: v7fs_vnops.c,v 1.35 2022/03/27 16:24:58 christos Exp $ */
 
 /*-
  * Copyright (c) 2004, 2011 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: v7fs_vnops.c,v 1.34 2022/02/11 10:55:15 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: v7fs_vnops.c,v 1.35 2022/03/27 16:24:58 christos Exp $");
 #if defined _KERNEL_OPT
 #include "opt_v7fs.h"
 #endif
@@ -745,21 +745,27 @@
        struct v7fs_inode *p = &node->inode;
        struct v7fs_self *fs = node->v7fsmount->core;
        struct componentname *cnp = a->a_cnp;
-       int error = 0;
+       int error, abrt = 1;
 
        DPRINTF("%p\n", vp);
-       /* Lock soruce file */
+       /* Lock source file */
        if ((error = vn_lock(vp, LK_EXCLUSIVE))) {
                DPRINTF("lock failed. %p\n", vp);
-               VOP_ABORTOP(dvp, cnp);
                goto unlock;
        }
+       error = kauth_authorize_vnode(cnp->cn_cred, KAUTH_VNODE_ADD_LINK, vp,
+           dvp, 0);
+       if (error)
+               goto unlock;
+       abrt = 0;
        error = v7fs_file_link(fs, parent, p, cnp->cn_nameptr, cnp->cn_namelen);
        /* Sync dirent size change. */
        uvm_vnp_setsize(dvp, v7fs_inode_filesize(&parent_node->inode));
 
        VOP_UNLOCK(vp);
 unlock:
+       if (abrt)
+               VOP_ABORTOP(dvp, cnp);
        return error;
 }
 
diff -r d8ff432c5ac9 -r 893f50eecb72 sys/nfs/nfs_vnops.c
--- a/sys/nfs/nfs_vnops.c       Sun Mar 27 16:23:08 2022 +0000
+++ b/sys/nfs/nfs_vnops.c       Sun Mar 27 16:24:57 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: nfs_vnops.c,v 1.321 2021/10/20 03:08:18 thorpej Exp $  */
+/*     $NetBSD: nfs_vnops.c,v 1.322 2022/03/27 16:24:58 christos Exp $ */
 
 /*
  * Copyright (c) 1989, 1993
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: nfs_vnops.c,v 1.321 2021/10/20 03:08:18 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nfs_vnops.c,v 1.322 2022/03/27 16:24:58 christos Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_nfs.h"
@@ -2012,6 +2012,13 @@
                return error;
        }
 
+       error = kauth_authorize_vnode(cnp->cn_cred, KAUTH_VNODE_ADD_LINK, vp,
+           dvp, 0);
+       if (error) {
+               VOP_ABORTOP(dvp, cnp);
+               return error;
+       }
+
        /*
         * Push all writes to the server, so that the attribute cache
         * doesn't get "out of sync" with the server.
diff -r d8ff432c5ac9 -r 893f50eecb72 sys/ufs/chfs/chfs_vnops.c
--- a/sys/ufs/chfs/chfs_vnops.c Sun Mar 27 16:23:08 2022 +0000
+++ b/sys/ufs/chfs/chfs_vnops.c Sun Mar 27 16:24:57 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: chfs_vnops.c,v 1.47 2021/12/07 21:37:37 andvar Exp $   */
+/*     $NetBSD: chfs_vnops.c,v 1.48 2022/03/27 16:24:58 christos Exp $ */
 
 /*-
  * Copyright (c) 2010 Department of Software Engineering,
@@ -1081,32 +1081,36 @@
        struct componentname *cnp = ((struct vop_link_v2_args *) v)->a_cnp;
 
        struct chfs_inode *ip, *parent;
-       int error = 0;
+       int error, abrt = 1;
 
        if (vp->v_type == VDIR) {
-               VOP_ABORTOP(dvp, cnp);
                error = EISDIR;
                goto out;
        }
        if (dvp->v_mount != vp->v_mount) {
-               VOP_ABORTOP(dvp, cnp);
                error = EXDEV;
                goto out;
        }
-       if (dvp != vp && (error = vn_lock(vp, LK_EXCLUSIVE))) {
-               VOP_ABORTOP(dvp, cnp);
+       if (dvp != vp && (error = vn_lock(vp, LK_EXCLUSIVE)))
                goto out;
-       }
+
+       error = kauth_authorize_vnode(cnp->cn_cred, KAUTH_VNODE_ADD_LINK, vp,
+           dvp, 0);
+       if (error)
+               goto out;
 
        parent = VTOI(dvp);
        ip = VTOI(vp);
 
+       abrt = 0;
        error = chfs_do_link(ip,
            parent, cnp->cn_nameptr, cnp->cn_namelen, ip->ch_type);
 
        if (dvp != vp)
                VOP_UNLOCK(vp);
 out:
+       if (abrt)
+               VOP_ABORTOP(dvp, cnp);
        return error;
 }
 
diff -r d8ff432c5ac9 -r 893f50eecb72 sys/ufs/ext2fs/ext2fs_vnops.c
--- a/sys/ufs/ext2fs/ext2fs_vnops.c     Sun Mar 27 16:23:08 2022 +0000
+++ b/sys/ufs/ext2fs/ext2fs_vnops.c     Sun Mar 27 16:24:57 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ext2fs_vnops.c,v 1.136 2021/10/20 03:08:19 thorpej Exp $       */
+/*     $NetBSD: ext2fs_vnops.c,v 1.137 2022/03/27 16:24:58 christos Exp $      */
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1993
@@ -65,7 +65,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.136 2021/10/20 03:08:19 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.137 2022/03/27 16:24:58 christos Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -580,7 +580,7 @@
        struct vnode *vp = ap->a_vp;
        struct componentname *cnp = ap->a_cnp;
        struct inode *ip;
-       int error;
+       int error, abrt = 1;
        struct ufs_lookup_results *ulr;
 
        KASSERT(dvp != vp);
@@ -592,23 +592,24 @@
        UFS_CHECK_CRAPCOUNTER(VTOI(dvp));
 
        error = vn_lock(vp, LK_EXCLUSIVE);
-       if (error) {
-               VOP_ABORTOP(dvp, cnp);
+       if (error)
                goto out2;
-       }
+       error = kauth_authorize_vnode(cnp->cn_cred, KAUTH_VNODE_ADD_LINK, vp,
+           dvp, 0);
+       if (error)
+               goto out1;
        ip = VTOI(vp);
        if ((nlink_t)ip->i_e2fs_nlink >= EXT2FS_LINK_MAX) {
-               VOP_ABORTOP(dvp, cnp);
                error = EMLINK;
                goto out1;
        }
        if (ip->i_e2fs_flags & (EXT2_IMMUTABLE | EXT2_APPEND)) {
-               VOP_ABORTOP(dvp, cnp);
                error = EPERM;
                goto out1;
        }
        ip->i_e2fs_nlink++;
        ip->i_flag |= IN_CHANGE;
+       abrt = 0;
        error = ext2fs_update(vp, NULL, NULL, UPDATE_WAIT);
        if (!error)
                error = ext2fs_direnter(ip, dvp, ulr, cnp);
@@ -619,6 +620,8 @@
 out1:
        VOP_UNLOCK(vp);
 out2:
+       if (abrt)



Home | Main Index | Thread Index | Old Index