Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys add a kauth vnode check for creating links
details: https://anonhg.NetBSD.org/src/rev/893f50eecb72
branches: trunk
changeset: 364478:893f50eecb72
user: christos <christos%NetBSD.org@localhost>
date: Sun Mar 27 16:24:57 2022 +0000
description:
add a kauth vnode check for creating links
diffstat:
sys/coda/coda_vnops.c | 8 ++++++--
sys/fs/tmpfs/tmpfs_vnops.c | 9 +++++++--
sys/fs/udf/udf_vnops.c | 19 +++++++++++--------
sys/fs/v7fs/v7fs_vnops.c | 16 +++++++++++-----
sys/nfs/nfs_vnops.c | 11 +++++++++--
sys/ufs/chfs/chfs_vnops.c | 18 +++++++++++-------
sys/ufs/ext2fs/ext2fs_vnops.c | 19 +++++++++++--------
sys/ufs/lfs/ulfs_vnops.c | 20 +++++++++++---------
sys/ufs/ufs/ufs_vnops.c | 27 ++++++++++++++++-----------
9 files changed, 93 insertions(+), 54 deletions(-)
diffs (truncated from 450 to 300 lines):
diff -r d8ff432c5ac9 -r 893f50eecb72 sys/coda/coda_vnops.c
--- a/sys/coda/coda_vnops.c Sun Mar 27 16:23:08 2022 +0000
+++ b/sys/coda/coda_vnops.c Sun Mar 27 16:24:57 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: coda_vnops.c,v 1.117 2021/12/05 08:10:39 msaitoh Exp $ */
+/* $NetBSD: coda_vnops.c,v 1.118 2022/03/27 16:24:58 christos Exp $ */
/*
*
@@ -46,7 +46,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: coda_vnops.c,v 1.117 2021/12/05 08:10:39 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: coda_vnops.c,v 1.118 2022/03/27 16:24:58 christos Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -1198,6 +1198,10 @@
error = EFAULT; /* XXX better value */
goto exit;
}
+ error = kauth_authorize_vnode(cnp->cn_cred, KAUTH_VNODE_ADD_LINK, vp,
+ dvp, 0);
+ if (error)
+ goto exit;
error = venus_link(vtomi(vp), &cp->c_fid, &dcp->c_fid, nm, len, cred, l);
VOP_UNLOCK(vp);
diff -r d8ff432c5ac9 -r 893f50eecb72 sys/fs/tmpfs/tmpfs_vnops.c
--- a/sys/fs/tmpfs/tmpfs_vnops.c Sun Mar 27 16:23:08 2022 +0000
+++ b/sys/fs/tmpfs/tmpfs_vnops.c Sun Mar 27 16:24:57 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: tmpfs_vnops.c,v 1.148 2021/10/20 03:08:17 thorpej Exp $ */
+/* $NetBSD: tmpfs_vnops.c,v 1.149 2022/03/27 16:24:57 christos Exp $ */
/*
* Copyright (c) 2005, 2006, 2007, 2020 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tmpfs_vnops.c,v 1.148 2021/10/20 03:08:17 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tmpfs_vnops.c,v 1.149 2022/03/27 16:24:57 christos Exp $");
#include <sys/param.h>
#include <sys/dirent.h>
@@ -801,6 +801,11 @@
goto out;
}
+ error = kauth_authorize_vnode(cnp->cn_cred, KAUTH_VNODE_ADD_LINK, vp,
+ dvp, 0);
+ if (error)
+ goto out;
+
/* Allocate a new directory entry to represent the inode. */
error = tmpfs_alloc_dirent(VFS_TO_TMPFS(vp->v_mount),
cnp->cn_nameptr, cnp->cn_namelen, &de);
diff -r d8ff432c5ac9 -r 893f50eecb72 sys/fs/udf/udf_vnops.c
--- a/sys/fs/udf/udf_vnops.c Sun Mar 27 16:23:08 2022 +0000
+++ b/sys/fs/udf/udf_vnops.c Sun Mar 27 16:24:57 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: udf_vnops.c,v 1.119 2022/02/16 22:00:56 andvar Exp $ */
+/* $NetBSD: udf_vnops.c,v 1.120 2022/03/27 16:24:58 christos Exp $ */
/*
* Copyright (c) 2006, 2008 Reinoud Zandijk
@@ -32,7 +32,7 @@
#include <sys/cdefs.h>
#ifndef lint
-__KERNEL_RCSID(0, "$NetBSD: udf_vnops.c,v 1.119 2022/02/16 22:00:56 andvar Exp $");
+__KERNEL_RCSID(0, "$NetBSD: udf_vnops.c,v 1.120 2022/03/27 16:24:58 christos Exp $");
#endif /* not lint */
@@ -1559,18 +1559,21 @@
udf_node = VTOI(vp);
error = VOP_GETATTR(vp, &vap, FSCRED);
- if (error) {
- VOP_UNLOCK(vp);
- return error;
- }
+ if (error)
+ goto out;
/* check link count overflow */
if (vap.va_nlink >= (1<<16)-1) { /* uint16_t */
- VOP_UNLOCK(vp);
- return EMLINK;
+ error = EMLINK;
+ goto out;
}
+ error = kauth_authorize_vnode(cnp->cn_cred, KAUTH_VNODE_ADD_LINK, vp,
+ dvp, 0);
+ if (error)
+ goto out;
error = udf_dir_attach(dir_node->ump, dir_node, udf_node, &vap, cnp);
+out:
if (error)
VOP_UNLOCK(vp);
return error;
diff -r d8ff432c5ac9 -r 893f50eecb72 sys/fs/v7fs/v7fs_vnops.c
--- a/sys/fs/v7fs/v7fs_vnops.c Sun Mar 27 16:23:08 2022 +0000
+++ b/sys/fs/v7fs/v7fs_vnops.c Sun Mar 27 16:24:57 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: v7fs_vnops.c,v 1.34 2022/02/11 10:55:15 hannken Exp $ */
+/* $NetBSD: v7fs_vnops.c,v 1.35 2022/03/27 16:24:58 christos Exp $ */
/*-
* Copyright (c) 2004, 2011 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: v7fs_vnops.c,v 1.34 2022/02/11 10:55:15 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: v7fs_vnops.c,v 1.35 2022/03/27 16:24:58 christos Exp $");
#if defined _KERNEL_OPT
#include "opt_v7fs.h"
#endif
@@ -745,21 +745,27 @@
struct v7fs_inode *p = &node->inode;
struct v7fs_self *fs = node->v7fsmount->core;
struct componentname *cnp = a->a_cnp;
- int error = 0;
+ int error, abrt = 1;
DPRINTF("%p\n", vp);
- /* Lock soruce file */
+ /* Lock source file */
if ((error = vn_lock(vp, LK_EXCLUSIVE))) {
DPRINTF("lock failed. %p\n", vp);
- VOP_ABORTOP(dvp, cnp);
goto unlock;
}
+ error = kauth_authorize_vnode(cnp->cn_cred, KAUTH_VNODE_ADD_LINK, vp,
+ dvp, 0);
+ if (error)
+ goto unlock;
+ abrt = 0;
error = v7fs_file_link(fs, parent, p, cnp->cn_nameptr, cnp->cn_namelen);
/* Sync dirent size change. */
uvm_vnp_setsize(dvp, v7fs_inode_filesize(&parent_node->inode));
VOP_UNLOCK(vp);
unlock:
+ if (abrt)
+ VOP_ABORTOP(dvp, cnp);
return error;
}
diff -r d8ff432c5ac9 -r 893f50eecb72 sys/nfs/nfs_vnops.c
--- a/sys/nfs/nfs_vnops.c Sun Mar 27 16:23:08 2022 +0000
+++ b/sys/nfs/nfs_vnops.c Sun Mar 27 16:24:57 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: nfs_vnops.c,v 1.321 2021/10/20 03:08:18 thorpej Exp $ */
+/* $NetBSD: nfs_vnops.c,v 1.322 2022/03/27 16:24:58 christos Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: nfs_vnops.c,v 1.321 2021/10/20 03:08:18 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nfs_vnops.c,v 1.322 2022/03/27 16:24:58 christos Exp $");
#ifdef _KERNEL_OPT
#include "opt_nfs.h"
@@ -2012,6 +2012,13 @@
return error;
}
+ error = kauth_authorize_vnode(cnp->cn_cred, KAUTH_VNODE_ADD_LINK, vp,
+ dvp, 0);
+ if (error) {
+ VOP_ABORTOP(dvp, cnp);
+ return error;
+ }
+
/*
* Push all writes to the server, so that the attribute cache
* doesn't get "out of sync" with the server.
diff -r d8ff432c5ac9 -r 893f50eecb72 sys/ufs/chfs/chfs_vnops.c
--- a/sys/ufs/chfs/chfs_vnops.c Sun Mar 27 16:23:08 2022 +0000
+++ b/sys/ufs/chfs/chfs_vnops.c Sun Mar 27 16:24:57 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: chfs_vnops.c,v 1.47 2021/12/07 21:37:37 andvar Exp $ */
+/* $NetBSD: chfs_vnops.c,v 1.48 2022/03/27 16:24:58 christos Exp $ */
/*-
* Copyright (c) 2010 Department of Software Engineering,
@@ -1081,32 +1081,36 @@
struct componentname *cnp = ((struct vop_link_v2_args *) v)->a_cnp;
struct chfs_inode *ip, *parent;
- int error = 0;
+ int error, abrt = 1;
if (vp->v_type == VDIR) {
- VOP_ABORTOP(dvp, cnp);
error = EISDIR;
goto out;
}
if (dvp->v_mount != vp->v_mount) {
- VOP_ABORTOP(dvp, cnp);
error = EXDEV;
goto out;
}
- if (dvp != vp && (error = vn_lock(vp, LK_EXCLUSIVE))) {
- VOP_ABORTOP(dvp, cnp);
+ if (dvp != vp && (error = vn_lock(vp, LK_EXCLUSIVE)))
goto out;
- }
+
+ error = kauth_authorize_vnode(cnp->cn_cred, KAUTH_VNODE_ADD_LINK, vp,
+ dvp, 0);
+ if (error)
+ goto out;
parent = VTOI(dvp);
ip = VTOI(vp);
+ abrt = 0;
error = chfs_do_link(ip,
parent, cnp->cn_nameptr, cnp->cn_namelen, ip->ch_type);
if (dvp != vp)
VOP_UNLOCK(vp);
out:
+ if (abrt)
+ VOP_ABORTOP(dvp, cnp);
return error;
}
diff -r d8ff432c5ac9 -r 893f50eecb72 sys/ufs/ext2fs/ext2fs_vnops.c
--- a/sys/ufs/ext2fs/ext2fs_vnops.c Sun Mar 27 16:23:08 2022 +0000
+++ b/sys/ufs/ext2fs/ext2fs_vnops.c Sun Mar 27 16:24:57 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ext2fs_vnops.c,v 1.136 2021/10/20 03:08:19 thorpej Exp $ */
+/* $NetBSD: ext2fs_vnops.c,v 1.137 2022/03/27 16:24:58 christos Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1993
@@ -65,7 +65,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.136 2021/10/20 03:08:19 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.137 2022/03/27 16:24:58 christos Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -580,7 +580,7 @@
struct vnode *vp = ap->a_vp;
struct componentname *cnp = ap->a_cnp;
struct inode *ip;
- int error;
+ int error, abrt = 1;
struct ufs_lookup_results *ulr;
KASSERT(dvp != vp);
@@ -592,23 +592,24 @@
UFS_CHECK_CRAPCOUNTER(VTOI(dvp));
error = vn_lock(vp, LK_EXCLUSIVE);
- if (error) {
- VOP_ABORTOP(dvp, cnp);
+ if (error)
goto out2;
- }
+ error = kauth_authorize_vnode(cnp->cn_cred, KAUTH_VNODE_ADD_LINK, vp,
+ dvp, 0);
+ if (error)
+ goto out1;
ip = VTOI(vp);
if ((nlink_t)ip->i_e2fs_nlink >= EXT2FS_LINK_MAX) {
- VOP_ABORTOP(dvp, cnp);
error = EMLINK;
goto out1;
}
if (ip->i_e2fs_flags & (EXT2_IMMUTABLE | EXT2_APPEND)) {
- VOP_ABORTOP(dvp, cnp);
error = EPERM;
goto out1;
}
ip->i_e2fs_nlink++;
ip->i_flag |= IN_CHANGE;
+ abrt = 0;
error = ext2fs_update(vp, NULL, NULL, UPDATE_WAIT);
if (!error)
error = ext2fs_direnter(ip, dvp, ulr, cnp);
@@ -619,6 +620,8 @@
out1:
VOP_UNLOCK(vp);
out2:
+ if (abrt)
Home |
Main Index |
Thread Index |
Old Index