tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Splitting <fs>_access to two internal routines
- Subject: Re: Splitting <fs>_access to two internal routines
- From: Elad Efrat <elad%NetBSD.org@localhost>
- Date: Sun, 28 Jun 2009 22:24:16 +0300
Hi again,
Taking comments into consideration, attached is a diff implementing the
access split for some of our file-systems. Please note that NFS is not
yet included -- but I'd still like to move forward with what we can
change.
I believe this change is the last refactoring needed before being able
to introduce a preliminary "vnode" scope implementation.
Please review. :)
Thanks,
-e.
Index: sys/fs/adosfs/advnops.c
===================================================================
RCS file: /usr/cvs/src/sys/fs/adosfs/advnops.c,v
retrieving revision 1.34
diff -u -p -r1.34 advnops.c
--- sys/fs/adosfs/advnops.c 23 Jun 2009 19:36:38 -0000 1.34
+++ sys/fs/adosfs/advnops.c 23 Jun 2009 06:12:40 -0000
@@ -747,6 +747,38 @@ reterr:
return(error);
}
+static int
+adosfs_check_possible(struct vnode *vp, struct anode *ap, mode_t mode)
+{
+
+ /*
+ * Disallow write attempts unless the file is a socket,
+ * fifo, or a block or character device resident on the
+ * file system.
+ */
+ if (mode & VWRITE) {
+ switch (vp->v_type) {
+ case VDIR:
+ case VLNK:
+ case VREG:
+ return (EROFS);
+ default:
+ break;
+ }
+ }
+
+ return 0;
+}
+
+static int
+adosfs_check_permitted(struct vnode *vp, struct anode *ap, mode_t mode,
+ kauth_cred_t cred)
+{
+
+ return genfs_can_access(vp->v_type,
+ adunixprot(ap->adprot) & ap->amp->mask, ap->uid, ap->gid, mode,
+ cred);
+}
int
adosfs_access(void *v)
@@ -771,24 +803,13 @@ adosfs_access(void *v)
panic("adosfs_access: not locked");
}
#endif
- /*
- * Disallow write attempts unless the file is a socket,
- * fifo, or a block or character device resident on the
- * file system.
- */
- if (sp->a_mode & VWRITE) {
- switch (vp->v_type) {
- case VDIR:
- case VLNK:
- case VREG:
- return (EROFS);
- default:
- break;
- }
- }
- error = genfs_can_access(sp->a_vp->v_type,
- adunixprot(ap->adprot) & ap->amp->mask, ap->uid, ap->gid,
- sp->a_mode, sp->a_cred);
+
+ error = adosfs_check_possible(vp, ap, sp->a_mode);
+ if (error)
+ return error;
+
+ error = adosfs_check_permitted(vp, ap, sp->a_mode, sp->a_cred);
+
#ifdef ADOSFS_DIAGNOSTIC
printf(" %d)", error);
#endif
Index: sys/fs/cd9660/cd9660_vnops.c
===================================================================
RCS file: /usr/cvs/src/sys/fs/cd9660/cd9660_vnops.c,v
retrieving revision 1.37
diff -u -p -r1.37 cd9660_vnops.c
--- sys/fs/cd9660/cd9660_vnops.c 23 Jun 2009 19:36:39 -0000 1.37
+++ sys/fs/cd9660/cd9660_vnops.c 23 Jun 2009 06:17:39 -0000
@@ -84,28 +84,16 @@ struct isoreaddir {
int iso_uiodir(struct isoreaddir *, struct dirent *, off_t);
int iso_shipdir(struct isoreaddir *);
-/*
- * Check mode permission on inode pointer. Mode is READ, WRITE or EXEC.
- * The mode is shifted to select the owner/group/other fields. The
- * super user is granted all permissions.
- */
-int
-cd9660_access(void *v)
+static int
+cd9660_check_possible(struct vnode *vp, struct iso_node *ip, mode_t mode)
{
- struct vop_access_args /* {
- struct vnode *a_vp;
- int a_mode;
- kauth_cred_t a_cred;
- } */ *ap = v;
- struct vnode *vp = ap->a_vp;
- struct iso_node *ip = VTOI(vp);
/*
* Disallow write attempts unless the file is a socket,
* fifo, or a block or character device resident on the
* file system.
*/
- if (ap->a_mode & VWRITE) {
+ if (mode & VWRITE) {
switch (vp->v_type) {
case VDIR:
case VLNK:
@@ -116,8 +104,42 @@ cd9660_access(void *v)
}
}
- return (genfs_can_access(vp->v_type, ip->inode.iso_mode & ALLPERMS,
- ip->inode.iso_uid, ip->inode.iso_gid, ap->a_mode, ap->a_cred));
+ return 0;
+}
+
+/*
+ * Check mode permission on inode pointer. Mode is READ, WRITE or EXEC.
+ * The mode is shifted to select the owner/group/other fields. The
+ * super user is granted all permissions.
+ */
+static int
+cd9660_check_permitted(struct vnode *vp, struct iso_node *ip, mode_t mode,
+ kauth_cred_t cred)
+{
+
+ return genfs_can_access(vp->v_type, ip->inode.iso_mode & ALLPERMS,
+ ip->inode.iso_uid, ip->inode.iso_gid, mode, cred);
+}
+
+int
+cd9660_access(void *v)
+{
+ struct vop_access_args /* {
+ struct vnode *a_vp;
+ int a_mode;
+ kauth_cred_t a_cred;
+ } */ *ap = v;
+ struct vnode *vp = ap->a_vp;
+ struct iso_node *ip = VTOI(vp);
+ int error;
+
+ error = cd9660_check_possible(vp, ip, ap->a_mode);
+ if (error)
+ return error;
+
+ error = cd9660_check_permitted(vp, ip, ap->a_mode, ap->a_cred);
+
+ return error;
}
int
Index: sys/fs/filecorefs/filecore_vnops.c
===================================================================
RCS file: /usr/cvs/src/sys/fs/filecorefs/filecore_vnops.c,v
retrieving revision 1.31
diff -u -p -r1.31 filecore_vnops.c
--- sys/fs/filecorefs/filecore_vnops.c 23 Jun 2009 19:36:39 -0000 1.31
+++ sys/fs/filecorefs/filecore_vnops.c 23 Jun 2009 06:17:22 -0000
@@ -91,29 +91,17 @@ __KERNEL_RCSID(0, "$NetBSD: filecore_vno
#include <fs/filecorefs/filecore_extern.h>
#include <fs/filecorefs/filecore_node.h>
-/*
- * Check mode permission on inode pointer. Mode is READ, WRITE or EXEC.
- * The mode is shifted to select the owner/group/other fields. The
- * super user is granted all permissions.
- */
-int
-filecore_access(void *v)
+static int
+filecore_check_possible(struct vnode *vp, struct filecore_node *ip,
+ mode_t mode)
{
- struct vop_access_args /* {
- struct vnode *a_vp;
- int a_mode;
- kauth_cred_t a_cred;
- } */ *ap = v;
- struct vnode *vp = ap->a_vp;
- struct filecore_node *ip = VTOI(vp);
- struct filecore_mnt *fcmp = ip->i_mnt;
/*
* Disallow write attempts unless the file is a socket,
* fifo, or a block or character device resident on the
* file system.
*/
- if (ap->a_mode & VWRITE) {
+ if (mode & VWRITE) {
switch (vp->v_type) {
case VDIR:
case VLNK:
@@ -124,8 +112,43 @@ filecore_access(void *v)
}
}
- return (genfs_can_access(vp->v_type, filecore_mode(ip),
- fcmp->fc_uid, fcmp->fc_gid, ap->a_mode, ap->a_cred));
+ return 0;
+}
+
+/*
+ * Check mode permission on inode pointer. Mode is READ, WRITE or EXEC.
+ * The mode is shifted to select the owner/group/other fields. The
+ * super user is granted all permissions.
+ */
+static int
+filecore_check_permitted(struct vnode *vp, struct filecore_node *ip,
+ mode_t mode, kauth_cred_t cred)
+{
+ struct filecore_mnt *fcmp = ip->i_mnt;
+
+ return genfs_can_access(vp->v_type, filecore_mode(ip),
+ fcmp->fc_uid, fcmp->fc_gid, mode, cred);
+}
+
+int
+filecore_access(void *v)
+{
+ struct vop_access_args /* {
+ struct vnode *a_vp;
+ int a_mode;
+ kauth_cred_t a_cred;
+ } */ *ap = v;
+ struct vnode *vp = ap->a_vp;
+ struct filecore_node *ip = VTOI(vp);
+ int error;
+
+ error = filecore_check_possible(vp, ip, ap->a_mode);
+ if (error)
+ return error;
+
+ error = filecore_check_permitted(vp, ip, ap->a_mode, ap->a_cred);
+
+ return error;
}
int
Index: sys/fs/msdosfs/msdosfs_vnops.c
===================================================================
RCS file: /usr/cvs/src/sys/fs/msdosfs/msdosfs_vnops.c,v
retrieving revision 1.60
diff -u -p -r1.60 msdosfs_vnops.c
--- sys/fs/msdosfs/msdosfs_vnops.c 23 Jun 2009 19:36:39 -0000 1.60
+++ sys/fs/msdosfs/msdosfs_vnops.c 23 Jun 2009 06:15:43 -0000
@@ -217,18 +217,9 @@ msdosfs_close(void *v)
return (0);
}
-int
-msdosfs_access(void *v)
+static int
+msdosfs_check_possible(struct vnode *vp, struct denode *dep, mode_t mode)
{
- struct vop_access_args /* {
- struct vnode *a_vp;
- int a_mode;
- kauth_cred_t a_cred;
- } */ *ap = v;
- struct vnode *vp = ap->a_vp;
- struct denode *dep = VTODE(vp);
- struct msdosfsmount *pmp = dep->de_pmp;
- mode_t mode = ap->a_mode;
/*
* Disallow write attempts on read-only file systems;
@@ -247,13 +238,45 @@ msdosfs_access(void *v)
}
}
+ return 0;
+}
+
+static int
+msdosfs_check_permitted(struct vnode *vp, struct denode *dep, mode_t mode,
+ kauth_cred_t cred)
+{
+ struct msdosfsmount *pmp = dep->de_pmp;
+ mode_t file_mode;
+
if ((dep->de_Attributes & ATTR_READONLY) == 0)
- mode = S_IRWXU|S_IRWXG|S_IRWXO;
+ file_mode = S_IRWXU|S_IRWXG|S_IRWXO;
else
- mode = S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH;
- return (genfs_can_access(ap->a_vp->v_type,
- mode & (vp->v_type == VDIR ? pmp->pm_dirmask : pmp->pm_mask),
- pmp->pm_uid, pmp->pm_gid, ap->a_mode, ap->a_cred));
+ file_mode = S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH;
+
+ return genfs_can_access(vp->v_type,
+ file_mode & (vp->v_type == VDIR ? pmp->pm_dirmask : pmp->pm_mask),
+ pmp->pm_uid, pmp->pm_gid, mode, cred);
+}
+
+int
+msdosfs_access(void *v)
+{
+ struct vop_access_args /* {
+ struct vnode *a_vp;
+ int a_mode;
+ kauth_cred_t a_cred;
+ } */ *ap = v;
+ struct vnode *vp = ap->a_vp;
+ struct denode *dep = VTODE(vp);
+ int error;
+
+ error = msdosfs_check_possible(vp, dep, ap->a_mode);
+ if (error)
+ return error;
+
+ error = msdosfs_check_permitted(vp, dep, ap->a_mode, ap->a_cred);
+
+ return error;
}
int
Index: sys/fs/ptyfs/ptyfs_vnops.c
===================================================================
RCS file: /usr/cvs/src/sys/fs/ptyfs/ptyfs_vnops.c,v
retrieving revision 1.31
diff -u -p -r1.31 ptyfs_vnops.c
--- sys/fs/ptyfs/ptyfs_vnops.c 23 Jun 2009 19:36:39 -0000 1.31
+++ sys/fs/ptyfs/ptyfs_vnops.c 23 Jun 2009 06:19:08 -0000
@@ -498,6 +498,21 @@ ptyfs_chown(struct vnode *vp, uid_t uid,
return 0;
}
+static int
+ptyfs_check_possible(struct vnode *vp, mode_t mode)
+{
+
+ return 0;
+}
+
+static int
+ptyfs_check_permitted(struct vattr *va, mode_t mode, kauth_cred_t cred)
+{
+
+ return genfs_can_access(va->va_type, va->va_mode,
+ va->va_uid, va->va_gid, mode, cred);
+}
+
/*
* implement access checking.
*
@@ -521,8 +536,13 @@ ptyfs_access(void *v)
if ((error = VOP_GETATTR(ap->a_vp, &va, ap->a_cred)) != 0)
return error;
- return genfs_can_access(va.va_type, va.va_mode,
- va.va_uid, va.va_gid, ap->a_mode, ap->a_cred);
+ error = ptyfs_check_possible(ap->a_vp, ap->a_mode);
+ if (error)
+ return error;
+
+ error = ptyfs_check_permitted(&va, ap->a_mode, ap->a_cred);
+
+ return error;
}
/*
Index: sys/fs/smbfs/smbfs_vnops.c
===================================================================
RCS file: /usr/cvs/src/sys/fs/smbfs/smbfs_vnops.c,v
retrieving revision 1.69
diff -u -p -r1.69 smbfs_vnops.c
--- sys/fs/smbfs/smbfs_vnops.c 23 Jun 2009 19:36:39 -0000 1.69
+++ sys/fs/smbfs/smbfs_vnops.c 23 Jun 2009 06:17:10 -0000
@@ -160,32 +160,16 @@ static struct vnodeopv_entry_desc smbfs_
const struct vnodeopv_desc smbfs_vnodeop_opv_desc =
{ &smbfs_vnodeop_p, smbfs_vnodeop_entries };
-int
-smbfs_access(void *v)
+static int
+smbfs_check_possible(struct vnode *vp, struct smbnode *np, mode_t mode)
{
- struct vop_access_args /* {
- struct vnode *a_vp;
- int a_mode;
- kauth_cred_t a_cred;
- } */ *ap = v;
- struct vnode *vp = ap->a_vp;
-#ifdef SMB_VNODE_DEBUG
- struct smbnode *np = VTOSMB(vp);
-#endif
- u_int acc_mode = ap->a_mode;
- struct smbmount *smp = VTOSMBFS(vp);
-
- SMBVDEBUG("file '%.*s', node mode=%o, acc mode=%x\n",
- (int) np->n_nmlen, np->n_name,
- (vp->v_type == VDIR) ? smp->sm_args.dir_mode :
smp->sm_args.file_mode,
- acc_mode);
/*
* Disallow write attempts on read-only file systems;
* unless the file is a socket, fifo, or a block or
* character device resident on the file system.
*/
- if (acc_mode & VWRITE) {
+ if (mode & VWRITE) {
switch (vp->v_type) {
case VREG:
case VDIR:
@@ -197,10 +181,45 @@ smbfs_access(void *v)
}
}
- return (genfs_can_access(vp->v_type,
+ return 0;
+}
+
+static int
+smbfs_check_permitted(struct vnode *vp, struct smbnode *np, mode_t mode,
+ kauth_cred_t cred)
+{
+ struct smbmount *smp = VTOSMBFS(vp);
+
+ return genfs_can_access(vp->v_type,
(vp->v_type == VDIR) ? smp->sm_args.dir_mode :
smp->sm_args.file_mode,
- smp->sm_args.uid, smp->sm_args.gid,
- acc_mode, ap->a_cred));
+ smp->sm_args.uid, smp->sm_args.gid, mode, cred);
+}
+
+int
+smbfs_access(void *v)
+{
+ struct vop_access_args /* {
+ struct vnode *a_vp;
+ int a_mode;
+ kauth_cred_t a_cred;
+ } */ *ap = v;
+ struct vnode *vp = ap->a_vp;
+ struct smbnode *np = VTOSMB(vp);
+ u_int acc_mode = ap->a_mode;
+ int error;
+
+ SMBVDEBUG("file '%.*s', node mode=%o, acc mode=%x\n",
+ (int) np->n_nmlen, np->n_name,
+ (vp->v_type == VDIR) ? smp->sm_args.dir_mode :
smp->sm_args.file_mode,
+ acc_mode);
+
+ error = smbfs_check_possible(vp, np, acc_mode);
+ if (error)
+ return error;
+
+ error = smbfs_check_permitted(vp, np, acc_mode, ap->a_cred);
+
+ return error;
}
/* ARGSUSED */
Index: sys/fs/sysvbfs/sysvbfs_vnops.c
===================================================================
RCS file: /usr/cvs/src/sys/fs/sysvbfs/sysvbfs_vnops.c,v
retrieving revision 1.22
diff -u -p -r1.22 sysvbfs_vnops.c
--- sys/fs/sysvbfs/sysvbfs_vnops.c 23 Jun 2009 19:36:39 -0000 1.22
+++ sys/fs/sysvbfs/sysvbfs_vnops.c 23 Jun 2009 06:16:55 -0000
@@ -230,6 +230,27 @@ sysvbfs_close(void *arg)
return 0;
}
+static int
+sysvbfs_check_possible(struct vnode *vp, struct sysvbfs_node *bnode,
+ mode_t mode)
+{
+
+ if ((mode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY))
+ return EROFS;
+
+ return 0;
+}
+
+static int
+sysvbfs_check_permitted(struct vnode *vp, struct sysvbfs_node *bnode,
+ mode_t mode, kauth_cred_t cred)
+{
+ struct bfs_fileattr *attr = &bnode->inode->attr;
+
+ return genfs_can_access(vp->v_type, attr->mode, attr->uid, attr->gid,
+ mode, cred);
+}
+
int
sysvbfs_access(void *arg)
{
@@ -240,14 +261,16 @@ sysvbfs_access(void *arg)
} */ *ap = arg;
struct vnode *vp = ap->a_vp;
struct sysvbfs_node *bnode = vp->v_data;
- struct bfs_fileattr *attr = &bnode->inode->attr;
DPRINTF("%s:\n", __func__);
- if ((ap->a_mode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY))
- return EROFS;
- return genfs_can_access(vp->v_type, attr->mode, attr->uid, attr->gid,
- ap->a_mode, ap->a_cred);
+ error = sysvbfs_check_possible(vp, bnode, ap->a_mode);
+ if (error)
+ return error;
+
+ error = sysvbfs_check_permitted(vp, bnode, ap->a_mode, ap->a_cred);
+
+ return error;
}
int
Index: sys/fs/tmpfs/tmpfs_vnops.c
===================================================================
RCS file: /usr/cvs/src/sys/fs/tmpfs/tmpfs_vnops.c,v
retrieving revision 1.60
diff -u -p -r1.60 tmpfs_vnops.c
--- sys/fs/tmpfs/tmpfs_vnops.c 23 Jun 2009 19:36:39 -0000 1.60
+++ sys/fs/tmpfs/tmpfs_vnops.c 28 Jun 2009 01:33:04 -0000
@@ -337,19 +337,10 @@ tmpfs_close(void *v)
/* --------------------------------------------------------------------- */
-int
-tmpfs_access(void *v)
+static int
+tmpfs_check_possible(struct vnode *vp, struct tmpfs_node *node, mode_t mode)
{
- struct vnode *vp = ((struct vop_access_args *)v)->a_vp;
- int mode = ((struct vop_access_args *)v)->a_mode;
- kauth_cred_t cred = ((struct vop_access_args *)v)->a_cred;
-
- int error;
- struct tmpfs_node *node;
-
- KASSERT(VOP_ISLOCKED(vp));
-
- node = VP_TO_TMPFS_NODE(vp);
+ int error = 0;
switch (vp->v_type) {
case VDIR:
@@ -382,8 +373,38 @@ tmpfs_access(void *v)
goto out;
}
- error = genfs_can_access(vp->v_type, node->tn_mode, node->tn_uid,
+ out:
+ return error;
+}
+
+static int
+tmpfs_check_permitted(struct vnode *vp, struct tmpfs_node *node, mode_t mode,
+ kauth_cred_t cred)
+{
+
+ return genfs_can_access(vp->v_type, node->tn_mode, node->tn_uid,
node->tn_gid, mode, cred);
+}
+
+int
+tmpfs_access(void *v)
+{
+ struct vnode *vp = ((struct vop_access_args *)v)->a_vp;
+ int mode = ((struct vop_access_args *)v)->a_mode;
+ kauth_cred_t cred = ((struct vop_access_args *)v)->a_cred;
+
+ int error;
+ struct tmpfs_node *node;
+
+ KASSERT(VOP_ISLOCKED(vp));
+
+ node = VP_TO_TMPFS_NODE(vp);
+
+ error = tmpfs_check_possible(vp, node, mode);
+ if (error)
+ goto out;
+
+ error = tmpfs_check_permitted(vp, node, mode, cred);
out:
KASSERT(VOP_ISLOCKED(vp));
Index: sys/fs/udf/udf_vnops.c
===================================================================
RCS file: /usr/cvs/src/sys/fs/udf/udf_vnops.c,v
retrieving revision 1.44
diff -u -p -r1.44 udf_vnops.c
--- sys/fs/udf/udf_vnops.c 23 Jun 2009 19:36:39 -0000 1.44
+++ sys/fs/udf/udf_vnops.c 23 Jun 2009 06:16:34 -0000
@@ -1303,31 +1303,13 @@ udf_close(void *v)
/* --------------------------------------------------------------------- */
-int
-udf_access(void *v)
+static int
+udf_check_possible(struct vattr *vap, mode_t mode)
{
- struct vop_access_args /* {
- struct vnode *a_vp;
- int a_mode;
- kauth_cred_t a_cred;
- struct proc *a_p;
- } */ *ap = v;
- struct vnode *vp = ap->a_vp;
- mode_t mode = ap->a_mode;
- kauth_cred_t cred = ap->a_cred;
- /* struct udf_node *udf_node = VTOI(vp); */
- struct vattr vap;
int flags;
- int error;
-
- DPRINTF(CALL, ("udf_access called\n"));
-
- error = VOP_GETATTR(vp, &vap, NULL);
- if (error)
- return error;
/* check if we are allowed to write */
- switch (vap.va_type) {
+ switch (vap->va_type) {
case VDIR:
case VLNK:
case VREG:
@@ -1358,12 +1340,51 @@ udf_access(void *v)
if ((mode & VWRITE) && (flags & IMMUTABLE))
return EPERM;
+ return 0;
+}
+
+static int
+udf_check_permitted(struct vnode *vp, struct vattr *vap, mode_t mode,
+ kauth_cred_t cred)
+{
+
/* ask the generic genfs_can_access to advice on security */
return genfs_can_access(vp->v_type,
- vap.va_mode, vap.va_uid, vap.va_gid,
+ vap->va_mode, vap->va_uid, vap->va_gid,
mode, cred);
}
+int
+udf_access(void *v)
+{
+ struct vop_access_args /* {
+ struct vnode *a_vp;
+ int a_mode;
+ kauth_cred_t a_cred;
+ struct proc *a_p;
+ } */ *ap = v;
+ struct vnode *vp = ap->a_vp;
+ mode_t mode = ap->a_mode;
+ kauth_cred_t cred = ap->a_cred;
+ /* struct udf_node *udf_node = VTOI(vp); */
+ struct vattr vap;
+ int error;
+
+ DPRINTF(CALL, ("udf_access called\n"));
+
+ error = VOP_GETATTR(vp, &vap, NULL);
+ if (error)
+ return error;
+
+ error = udf_check_possible(&vap, mode);
+ if (error)
+ return error;
+
+ error = udf_check_permitted(vp, &vap, mode, cred);
+
+ return error;
+}
+
/* --------------------------------------------------------------------- */
int
Index: sys/fs/hfs/hfs_vnops.c
===================================================================
RCS file: /usr/cvs/src/sys/fs/hfs/hfs_vnops.c,v
retrieving revision 1.14
diff -u -p -r1.14 hfs_vnops.c
--- sys/fs/hfs/hfs_vnops.c 23 Jun 2009 19:36:39 -0000 1.14
+++ sys/fs/hfs/hfs_vnops.c 23 Jun 2009 06:16:08 -0000
@@ -517,28 +517,17 @@ hfs_vop_close(void *v)
return 0;
}
-int
-hfs_vop_access(void *v)
+static int
+hfs_check_possible(struct vnode *vp, mode_t mode)
{
- struct vop_access_args /* {
- struct vnode *a_vp;
- int a_mode;
- kauth_cred_t a_cred;
- } */ *ap = v;
- struct vattr va;
- int error;
-
-#ifdef HFS_DEBUG
- printf("VOP = hfs_vop_access()\n");
-#endif /* HFS_DEBUG */
/*
* Disallow writes on files, directories, and symlinks
* since we have no write support yet.
*/
- if (ap->a_mode & VWRITE) {
- switch (ap->a_vp->v_type) {
+ if (mode & VWRITE) {
+ switch (vp->v_type) {
case VDIR:
case VLNK:
case VREG:
@@ -548,11 +537,42 @@ hfs_vop_access(void *v)
}
}
+ return 0;
+}
+
+static int
+hfs_check_permitted(struct vattr *va, mode_t mode, kauth_cred_t cred)
+{
+
+ return genfs_can_access(va->va_type, va->va_mode, va->va_uid,
+ va->va_gid, mode, cred);
+}
+
+int
+hfs_vop_access(void *v)
+{
+ struct vop_access_args /* {
+ struct vnode *a_vp;
+ int a_mode;
+ kauth_cred_t a_cred;
+ } */ *ap = v;
+ struct vattr va;
+ int error;
+
+#ifdef HFS_DEBUG
+ printf("VOP = hfs_vop_access()\n");
+#endif /* HFS_DEBUG */
+
+ error = hfs_check_possible(ap->a_vp, ap->a_mode);
+ if (error)
+ return error;
+
if ((error = VOP_GETATTR(ap->a_vp, &va, ap->a_cred)) != 0)
return error;
- return genfs_can_access(va.va_type, va.va_mode, va.va_uid, va.va_gid,
- ap->a_mode, ap->a_cred);
+ error = hfs_check_permitted(&va, ap->a_mode, ap->a_cred);
+
+ return error;
}
int
Index: sys/fs/efs/efs_vnops.c
===================================================================
RCS file: /usr/cvs/src/sys/fs/efs/efs_vnops.c,v
retrieving revision 1.18
diff -u -p -r1.18 efs_vnops.c
--- sys/fs/efs/efs_vnops.c 23 Jun 2009 19:36:40 -0000 1.18
+++ sys/fs/efs/efs_vnops.c 23 Jun 2009 06:16:19 -0000
@@ -128,6 +128,16 @@ efs_lookup(void *v)
return (0);
}
+static int
+efs_check_possible(struct vnode *vp, struct efs_inode *eip, mode_t mode)
+{
+
+ if ((ap->a_mode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY))
+ return (EROFS);
+
+ return 0;
+}
+
/*
* Determine the accessiblity of a file based on the permissions allowed by the
* specified credentials.
@@ -135,6 +145,15 @@ efs_lookup(void *v)
* Returns 0 on success.
*/
static int
+efs_check_possible(struct vnode *vp, struct efs_inode *eip, mode_t mode,
+ kauth_cred_t cred)
+{
+
+ return genfs_can_access(vp->v_type, eip->ei_mode, eip->ei_uid,
+ eip->ei_gid, mode, cred);
+}
+
+static int
efs_access(void *v)
{
struct vop_access_args /* {
@@ -145,12 +164,15 @@ efs_access(void *v)
} */ *ap = v;
struct vnode *vp = ap->a_vp;
struct efs_inode *eip = EFS_VTOI(vp);
+ int error;
- if ((ap->a_mode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY))
- return (EROFS);
+ error = efs_check_possible(vp, eip, ap->a_mode);
+ if (error)
+ return error;
+
+ error = efs_check_permitted(vp, eip, ap->a_mode, ap->a_cred);
- return (genfs_can_access(vp->v_type, eip->ei_mode, eip->ei_uid,
- eip->ei_gid, ap->a_mode, ap->a_cred));
+ return error;
}
/*
Index: sys/fs/ntfs/ntfs_vnops.c
===================================================================
RCS file: /usr/cvs/src/sys/fs/ntfs/ntfs_vnops.c,v
retrieving revision 1.44
diff -u -p -r1.44 ntfs_vnops.c
--- sys/fs/ntfs/ntfs_vnops.c 23 Jun 2009 19:36:40 -0000 1.44
+++ sys/fs/ntfs/ntfs_vnops.c 23 Jun 2009 06:15:54 -0000
@@ -395,19 +395,9 @@ ntfs_write(void *v)
return (error);
}
-int
-ntfs_access(void *v)
+static int
+ntfs_check_possible(struct vnode *vp, struct ntnode *ip, mode_t mode)
{
- struct vop_access_args /* {
- struct vnode *a_vp;
- int a_mode;
- kauth_cred_t a_cred;
- } */ *ap = v;
- struct vnode *vp = ap->a_vp;
- struct ntnode *ip = VTONT(vp);
- mode_t file_mode, mode = ap->a_mode;
-
- dprintf(("ntfs_access: %llu\n", (unsigned long long)ip->i_number));
/*
* Disallow write attempts on read-only file systems;
@@ -425,10 +415,42 @@ ntfs_access(void *v)
}
}
+ return 0;
+}
+
+static int
+ntfs_check_permitted(struct vnode *vp, struct ntnode *ip, mode_t mode,
+ kauth_cred_t cred)
+{
+ mode_t file_mode;
+
file_mode = ip->i_mp->ntm_mode | (S_IXUSR|S_IXGRP|S_IXOTH);
- return (genfs_can_access(vp->v_type, file_mode, ip->i_mp->ntm_uid,
- ip->i_mp->ntm_gid, mode, ap->a_cred));
+ return genfs_can_access(vp->v_type, file_mode, ip->i_mp->ntm_uid,
+ ip->i_mp->ntm_gid, mode, cred);
+}
+
+int
+ntfs_access(void *v)
+{
+ struct vop_access_args /* {
+ struct vnode *a_vp;
+ int a_mode;
+ kauth_cred_t a_cred;
+ } */ *ap = v;
+ struct vnode *vp = ap->a_vp;
+ struct ntnode *ip = VTONT(vp);
+ int error;
+
+ dprintf(("ntfs_access: %llu\n", (unsigned long long)ip->i_number));
+
+ error = ntfs_check_possible(vp, ip, ap->a_mode);
+ if (error)
+ return error;
+
+ error = ntfs_check_permitted(vp, ip, ap->a_mode, ap->a_cred);
+
+ return error;
}
/*
Index: sys/miscfs/kernfs/kernfs_vnops.c
===================================================================
RCS file: /usr/cvs/src/sys/miscfs/kernfs/kernfs_vnops.c,v
retrieving revision 1.137
diff -u -p -r1.137 kernfs_vnops.c
--- sys/miscfs/kernfs/kernfs_vnops.c 23 Jun 2009 19:36:40 -0000 1.137
+++ sys/miscfs/kernfs/kernfs_vnops.c 23 Jun 2009 06:19:31 -0000
@@ -763,6 +763,21 @@ kernfs_close(void *v)
return (0);
}
+static int
+kernfs_check_possible(struct vnode *vp, mode_t mode)
+{
+
+ return 0;
+}
+
+static int
+kernfs_check_permitted(struct vattr *va, mode_t mode, kauth_cred_t cred)
+{
+
+ return genfs_can_access(va->va_type, va->va_mode, va->va_uid,
va->va_gid,
+ mode, cred);
+}
+
int
kernfs_access(void *v)
{
@@ -777,8 +792,13 @@ kernfs_access(void *v)
if ((error = VOP_GETATTR(ap->a_vp, &va, ap->a_cred)) != 0)
return (error);
- return (genfs_can_access(va.va_type, va.va_mode, va.va_uid, va.va_gid,
- ap->a_mode, ap->a_cred));
+ error = kernfs_check_possible(ap->a_vp, ap->a_mode);
+ if (error)
+ return error;
+
+ error = kernfs_check_permitted(&va, ap->a_mode, ap->a_cred);
+
+ return error;
}
static int
Index: sys/miscfs/procfs/procfs_vnops.c
===================================================================
RCS file: /usr/cvs/src/sys/miscfs/procfs/procfs_vnops.c,v
retrieving revision 1.175
diff -u -p -r1.175 procfs_vnops.c
--- sys/miscfs/procfs/procfs_vnops.c 23 Jun 2009 19:36:40 -0000 1.175
+++ sys/miscfs/procfs/procfs_vnops.c 23 Jun 2009 06:19:55 -0000
@@ -909,6 +909,21 @@ procfs_setattr(void *v)
return (0);
}
+static int
+procfs_check_possible(struct vnode *vp, mode_t mode)
+{
+
+ return 0;
+}
+
+static int
+procfs_check_permitted(struct vattr *va, mode_t mode, kauth_cred_t cred)
+{
+
+ return genfs_can_access(va->va_type, va->va_mode,
+ va->va_uid, va->va_gid, mode, cred);
+}
+
/*
* implement access checking.
*
@@ -932,8 +947,13 @@ procfs_access(void *v)
if ((error = VOP_GETATTR(ap->a_vp, &va, ap->a_cred)) != 0)
return (error);
- return (genfs_can_access(va.va_type, va.va_mode,
- va.va_uid, va.va_gid, ap->a_mode, ap->a_cred));
+ error = procfs_check_possible(ap->a_vp, ap->a_mode);
+ if (error)
+ return error;
+
+ error = procfs_check_permitted(&va, ap->a_mode, ap->a_cred);
+
+ return error;
}
/*
Index: sys/ufs/ext2fs/ext2fs_vnops.c
===================================================================
RCS file: /usr/cvs/src/sys/ufs/ext2fs/ext2fs_vnops.c,v
retrieving revision 1.87
diff -u -p -r1.87 ext2fs_vnops.c
--- sys/ufs/ext2fs/ext2fs_vnops.c 23 Jun 2009 19:36:40 -0000 1.87
+++ sys/ufs/ext2fs/ext2fs_vnops.c 23 Jun 2009 06:18:43 -0000
@@ -224,17 +224,9 @@ ext2fs_open(void *v)
return (0);
}
-int
-ext2fs_access(void *v)
+static int
+ext2fs_check_possible(struct vnode *vp, struct inode *ip, mode_t mode)
{
- struct vop_access_args /* {
- struct vnode *a_vp;
- int a_mode;
- kauth_cred_t a_cred;
- } */ *ap = v;
- struct vnode *vp = ap->a_vp;
- struct inode *ip = VTOI(vp);
- mode_t mode = ap->a_mode;
/*
* Disallow write attempts on read-only file systems;
@@ -258,8 +250,38 @@ ext2fs_access(void *v)
if ((mode & VWRITE) && (ip->i_e2fs_flags & EXT2_IMMUTABLE))
return (EPERM);
- return (genfs_can_access(vp->v_type, ip->i_e2fs_mode & ALLPERMS,
- ip->i_uid, ip->i_gid, mode, ap->a_cred));
+ return 0;
+}
+
+static int
+ext2fs_check_permitted(struct vnode *vp, struct inode *ip, mode_t mode,
+ kauth_cred_t cred)
+{
+
+ return genfs_can_access(vp->v_type, ip->i_e2fs_mode & ALLPERMS,
+ ip->i_uid, ip->i_gid, mode, cred);
+}
+
+int
+ext2fs_access(void *v)
+{
+ struct vop_access_args /* {
+ struct vnode *a_vp;
+ int a_mode;
+ kauth_cred_t a_cred;
+ } */ *ap = v;
+ struct vnode *vp = ap->a_vp;
+ struct inode *ip = VTOI(vp);
+ mode_t mode = ap->a_mode;
+ int error;
+
+ error = ext2fs_check_possible(vp, ip, mode);
+ if (error)
+ return error;
+
+ error = ext2fs_check_permitted(vp, ip, mode, ap->a_cred);
+
+ return error;
}
/* ARGSUSED */
Index: sys/ufs/ufs/ufs_vnops.c
===================================================================
RCS file: /usr/cvs/src/sys/ufs/ufs/ufs_vnops.c,v
retrieving revision 1.178
diff -u -p -r1.178 ufs_vnops.c
--- sys/ufs/ufs/ufs_vnops.c 23 Jun 2009 19:36:40 -0000 1.178
+++ sys/ufs/ufs/ufs_vnops.c 23 Jun 2009 06:18:29 -0000
@@ -272,24 +272,13 @@ ufs_close(void *v)
return (0);
}
-int
-ufs_access(void *v)
+static int
+ufs_check_possible(struct vnode *vp, struct inode *ip, mode_t mode)
{
- struct vop_access_args /* {
- struct vnode *a_vp;
- int a_mode;
- kauth_cred_t a_cred;
- } */ *ap = v;
- struct vnode *vp;
- struct inode *ip;
- mode_t mode;
#ifdef QUOTA
- int error;
-#endif
+ int error;
+#endif /* QUOTA */
- vp = ap->a_vp;
- ip = VTOI(vp);
- mode = ap->a_mode;
/*
* Disallow write attempts on read-only file systems;
* unless the file is a socket, fifo, or a block or
@@ -328,8 +317,42 @@ ufs_access(void *v)
if ((mode & VWRITE) && (ip->i_flags & IMMUTABLE))
return (EPERM);
- return (genfs_can_access(vp->v_type, ip->i_mode & ALLPERMS,
- ip->i_uid, ip->i_gid, mode, ap->a_cred));
+ return 0;
+}
+
+static int
+ufs_check_permitted(struct vnode *vp, struct inode *ip, mode_t mode,
+ kauth_cred_t cred)
+{
+
+ return genfs_can_access(vp->v_type, ip->i_mode & ALLPERMS, ip->i_uid,
+ ip->i_gid, mode, cred);
+}
+
+int
+ufs_access(void *v)
+{
+ struct vop_access_args /* {
+ struct vnode *a_vp;
+ int a_mode;
+ kauth_cred_t a_cred;
+ } */ *ap = v;
+ struct vnode *vp;
+ struct inode *ip;
+ mode_t mode;
+ int error;
+
+ vp = ap->a_vp;
+ ip = VTOI(vp);
+ mode = ap->a_mode;
+
+ error = ufs_check_possible(vp, ip, mode);
+ if (error)
+ return error;
+
+ error = ufs_check_permitted(vp, ip, mode, ap->a_cred);
+
+ return error;
}
/* ARGSUSED */
Home |
Main Index |
Thread Index |
Old Index