2 * (The copyright below applies to ufs_access())
4 * Copyright (c) 1982, 1986, 1989, 1993, 1995
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. All advertising materials mentioning features or use of this software
21 * must display the following acknowledgement:
22 * This product includes software developed by the University of
23 * California, Berkeley and its contributors.
24 * 4. Neither the name of the University nor the names of its contributors
25 * may be used to endorse or promote products derived from this software
26 * without specific prior written permission.
28 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
31 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95
41 * $DragonFly: src/sys/kern/vfs_helper.c,v 1.5 2008/05/25 18:34:46 dillon Exp $
44 #include "opt_quota.h"
45 #include "opt_suiddir.h"
47 #include <sys/param.h>
48 #include <sys/systm.h>
49 #include <sys/kernel.h>
50 #include <sys/fcntl.h>
52 #include <sys/mount.h>
53 #include <sys/unistd.h>
54 #include <sys/vnode.h>
55 #include <sys/file.h> /* XXX */
63 * Provide standard UNIX semanics for VOP_ACCESS, but without the quota
64 * code. This procedure was basically pulled out of UFS.
67 vop_helper_access(struct vop_access_args
*ap
, uid_t ino_uid
, gid_t ino_gid
,
68 mode_t ino_mode
, u_int32_t ino_flags
)
70 struct vnode
*vp
= ap
->a_vp
;
71 struct ucred
*cred
= ap
->a_cred
;
72 mode_t mask
, mode
= ap
->a_mode
;
80 * Disallow write attempts on read-only filesystems;
81 * unless the file is a socket, fifo, or a block or
82 * character device resident on the filesystem.
90 if (vp
->v_mount
->mnt_flag
& MNT_RDONLY
)
93 /* check quota here XXX */
101 /* If immutable bit set, nobody gets to write it. */
102 if ((mode
& VWRITE
) && (ino_flags
& IMMUTABLE
))
105 /* Otherwise, user id 0 always gets access. */
106 if (cred
->cr_uid
== 0)
111 /* Otherwise, check the owner. */
112 if (cred
->cr_uid
== ino_uid
) {
119 return ((ino_mode
& mask
) == mask
? 0 : EACCES
);
122 /* Otherwise, check the groups. */
123 for (i
= 0, gp
= cred
->cr_groups
; i
< cred
->cr_ngroups
; i
++, gp
++)
124 if (ino_gid
== *gp
) {
131 return ((ino_mode
& mask
) == mask
? 0 : EACCES
);
134 /* Otherwise, check everyone else. */
141 return ((ino_mode
& mask
) == mask
? 0 : EACCES
);
145 vop_helper_setattr_flags(u_int32_t
*ino_flags
, u_int32_t vaflags
,
146 uid_t uid
, struct ucred
*cred
)
151 * If uid doesn't match only the super-user can change the flags
153 if (cred
->cr_uid
!= uid
&&
154 (error
= priv_check_cred(cred
, PRIV_ROOT
, PRISON_ROOT
))) {
157 if (cred
->cr_uid
== 0 &&
158 (!jailed(cred
)|| jail_chflags_allowed
)) {
159 if ((*ino_flags
& (SF_NOUNLINK
|SF_IMMUTABLE
|SF_APPEND
)) &&
162 *ino_flags
= vaflags
;
164 if (*ino_flags
& (SF_NOUNLINK
|SF_IMMUTABLE
|SF_APPEND
) ||
165 (vaflags
& UF_SETTABLE
) != vaflags
)
167 *ino_flags
&= SF_SETTABLE
;
168 *ino_flags
|= vaflags
& UF_SETTABLE
;
174 * This helper function may be used by VFSs to implement UNIX initial
175 * ownership semantics when creating new objects inside directories.
178 vop_helper_create_uid(struct mount
*mp
, mode_t dmode
, uid_t duid
,
179 struct ucred
*cred
, mode_t
*modep
)
182 if ((mp
->mnt_flag
& MNT_SUIDDIR
) && (dmode
& S_ISUID
) &&
183 duid
!= cred
->cr_uid
&& duid
) {
188 return(cred
->cr_uid
);
192 * This helper may be used by VFSs to implement unix chmod semantics.
195 vop_helper_chmod(struct vnode
*vp
, mode_t new_mode
, struct ucred
*cred
,
196 uid_t cur_uid
, gid_t cur_gid
, mode_t
*cur_modep
)
200 if (cred
->cr_uid
!= cur_uid
) {
201 error
= priv_check_cred(cred
, PRIV_ROOT
, PRISON_ROOT
);
206 if (vp
->v_type
!= VDIR
&& (*cur_modep
& S_ISTXT
))
208 if (!groupmember(cur_gid
, cred
) && (*cur_modep
& S_ISGID
))
211 *cur_modep
&= ~ALLPERMS
;
212 *cur_modep
|= new_mode
& ALLPERMS
;
217 * This helper may be used by VFSs to implement unix chown semantics.
220 vop_helper_chown(struct vnode
*vp
, uid_t new_uid
, gid_t new_gid
,
222 uid_t
*cur_uidp
, gid_t
*cur_gidp
, mode_t
*cur_modep
)
228 if (new_uid
== (uid_t
)VNOVAL
)
230 if (new_gid
== (gid_t
)VNOVAL
)
234 * If we don't own the file, are trying to change the owner
235 * of the file, or are not a member of the target group,
236 * the caller must be superuser or the call fails.
238 if ((cred
->cr_uid
!= *cur_uidp
|| new_uid
!= *cur_uidp
||
239 (new_gid
!= *cur_gidp
&& !(cred
->cr_gid
== new_gid
||
240 groupmember(new_gid
, cred
)))) &&
241 (error
= priv_check_cred(cred
, PRIV_ROOT
, PRISON_ROOT
))) {
250 if (cred
->cr_uid
!= 0 && (ouid
!= new_uid
|| ogid
!= new_gid
))
251 *cur_modep
&= ~(S_ISUID
| S_ISGID
);