genfs_vnops.c revision 1.201
1 /* $NetBSD: genfs_vnops.c,v 1.201 2020/02/23 15:46:41 ad Exp $ */ 2 3 /*- 4 * Copyright (c) 2008 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /* 30 * Copyright (c) 1982, 1986, 1989, 1993 31 * The Regents of the University of California. All rights reserved. 32 * 33 * Redistribution and use in source and binary forms, with or without 34 * modification, are permitted provided that the following conditions 35 * are met: 36 * 1. Redistributions of source code must retain the above copyright 37 * notice, this list of conditions and the following disclaimer. 38 * 2. Redistributions in binary form must reproduce the above copyright 39 * notice, this list of conditions and the following disclaimer in the 40 * documentation and/or other materials provided with the distribution. 41 * 3. Neither the name of the University nor the names of its contributors 42 * may be used to endorse or promote products derived from this software 43 * without specific prior written permission. 44 * 45 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 48 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 55 * SUCH DAMAGE. 56 * 57 */ 58 59 #include <sys/cdefs.h> 60 __KERNEL_RCSID(0, "$NetBSD: genfs_vnops.c,v 1.201 2020/02/23 15:46:41 ad Exp $"); 61 62 #include <sys/param.h> 63 #include <sys/systm.h> 64 #include <sys/proc.h> 65 #include <sys/kernel.h> 66 #include <sys/mount.h> 67 #include <sys/fstrans.h> 68 #include <sys/namei.h> 69 #include <sys/vnode_impl.h> 70 #include <sys/fcntl.h> 71 #include <sys/kmem.h> 72 #include <sys/poll.h> 73 #include <sys/mman.h> 74 #include <sys/file.h> 75 #include <sys/kauth.h> 76 #include <sys/stat.h> 77 78 #include <miscfs/genfs/genfs.h> 79 #include <miscfs/genfs/genfs_node.h> 80 #include <miscfs/specfs/specdev.h> 81 82 #include <uvm/uvm.h> 83 #include <uvm/uvm_pager.h> 84 85 static void filt_genfsdetach(struct knote *); 86 static int filt_genfsread(struct knote *, long); 87 static int filt_genfsvnode(struct knote *, long); 88 89 int 90 genfs_poll(void *v) 91 { 92 struct vop_poll_args /* { 93 struct vnode *a_vp; 94 int a_events; 95 struct lwp *a_l; 96 } */ *ap = v; 97 98 return (ap->a_events & (POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM)); 99 } 100 101 int 102 genfs_seek(void *v) 103 { 104 struct vop_seek_args /* { 105 struct vnode *a_vp; 106 off_t a_oldoff; 107 off_t a_newoff; 108 kauth_cred_t cred; 109 } */ *ap = v; 110 111 if (ap->a_newoff < 0) 112 return (EINVAL); 113 114 return (0); 115 } 116 117 int 118 genfs_abortop(void *v) 119 { 120 struct vop_abortop_args /* { 121 struct vnode *a_dvp; 122 struct componentname *a_cnp; 123 } */ *ap = v; 124 125 (void)ap; 126 127 return (0); 128 } 129 130 int 131 genfs_fcntl(void *v) 132 { 133 struct vop_fcntl_args /* { 134 struct vnode *a_vp; 135 u_int a_command; 136 void *a_data; 137 int a_fflag; 138 kauth_cred_t a_cred; 139 struct lwp *a_l; 140 } */ *ap = v; 141 142 if (ap->a_command == F_SETFL) 143 return (0); 144 else 145 return (EOPNOTSUPP); 146 } 147 148 /*ARGSUSED*/ 149 int 150 genfs_badop(void *v) 151 { 152 153 panic("genfs: bad op"); 154 } 155 156 /*ARGSUSED*/ 157 int 158 genfs_nullop(void *v) 159 { 160 161 return (0); 162 } 163 164 /*ARGSUSED*/ 165 int 166 genfs_einval(void *v) 167 { 168 169 return (EINVAL); 170 } 171 172 /* 173 * Called when an fs doesn't support a particular vop. 174 * This takes care to vrele, vput, or vunlock passed in vnodes 175 * and calls VOP_ABORTOP for a componentname (in non-rename VOP). 176 */ 177 int 178 genfs_eopnotsupp(void *v) 179 { 180 struct vop_generic_args /* 181 struct vnodeop_desc *a_desc; 182 / * other random data follows, presumably * / 183 } */ *ap = v; 184 struct vnodeop_desc *desc = ap->a_desc; 185 struct vnode *vp, *vp_last = NULL; 186 int flags, i, j, offset_cnp, offset_vp; 187 188 KASSERT(desc->vdesc_offset != VOP_LOOKUP_DESCOFFSET); 189 KASSERT(desc->vdesc_offset != VOP_ABORTOP_DESCOFFSET); 190 191 /* 192 * Abort any componentname that lookup potentially left state in. 193 * 194 * As is logical, componentnames for VOP_RENAME are handled by 195 * the caller of VOP_RENAME. Yay, rename! 196 */ 197 if (desc->vdesc_offset != VOP_RENAME_DESCOFFSET && 198 (offset_vp = desc->vdesc_vp_offsets[0]) != VDESC_NO_OFFSET && 199 (offset_cnp = desc->vdesc_componentname_offset) != VDESC_NO_OFFSET){ 200 struct componentname *cnp; 201 struct vnode *dvp; 202 203 dvp = *VOPARG_OFFSETTO(struct vnode **, offset_vp, ap); 204 cnp = *VOPARG_OFFSETTO(struct componentname **, offset_cnp, ap); 205 206 VOP_ABORTOP(dvp, cnp); 207 } 208 209 flags = desc->vdesc_flags; 210 for (i = 0; i < VDESC_MAX_VPS; flags >>=1, i++) { 211 if ((offset_vp = desc->vdesc_vp_offsets[i]) == VDESC_NO_OFFSET) 212 break; /* stop at end of list */ 213 if ((j = flags & VDESC_VP0_WILLPUT)) { 214 vp = *VOPARG_OFFSETTO(struct vnode **, offset_vp, ap); 215 216 /* Skip if NULL */ 217 if (!vp) 218 continue; 219 220 switch (j) { 221 case VDESC_VP0_WILLPUT: 222 /* Check for dvp == vp cases */ 223 if (vp == vp_last) 224 vrele(vp); 225 else { 226 vput(vp); 227 vp_last = vp; 228 } 229 break; 230 case VDESC_VP0_WILLRELE: 231 vrele(vp); 232 break; 233 } 234 } 235 } 236 237 return (EOPNOTSUPP); 238 } 239 240 /*ARGSUSED*/ 241 int 242 genfs_ebadf(void *v) 243 { 244 245 return (EBADF); 246 } 247 248 /* ARGSUSED */ 249 int 250 genfs_enoioctl(void *v) 251 { 252 253 return (EPASSTHROUGH); 254 } 255 256 257 /* 258 * Eliminate all activity associated with the requested vnode 259 * and with all vnodes aliased to the requested vnode. 260 */ 261 int 262 genfs_revoke(void *v) 263 { 264 struct vop_revoke_args /* { 265 struct vnode *a_vp; 266 int a_flags; 267 } */ *ap = v; 268 269 #ifdef DIAGNOSTIC 270 if ((ap->a_flags & REVOKEALL) == 0) 271 panic("genfs_revoke: not revokeall"); 272 #endif 273 vrevoke(ap->a_vp); 274 return (0); 275 } 276 277 /* 278 * Lock the node (for deadfs). 279 */ 280 int 281 genfs_deadlock(void *v) 282 { 283 struct vop_lock_args /* { 284 struct vnode *a_vp; 285 int a_flags; 286 } */ *ap = v; 287 vnode_t *vp = ap->a_vp; 288 vnode_impl_t *vip = VNODE_TO_VIMPL(vp); 289 int flags = ap->a_flags; 290 krw_t op; 291 292 if (! ISSET(flags, LK_RETRY)) 293 return ENOENT; 294 295 if (ISSET(flags, LK_DOWNGRADE)) { 296 rw_downgrade(vip->vi_lock); 297 } else if (ISSET(flags, LK_UPGRADE)) { 298 if (!rw_tryupgrade(vip->vi_lock)) { 299 if (ISSET(flags, LK_NOWAIT)) 300 return EBUSY; 301 rw_exit(vip->vi_lock); 302 rw_enter(vip->vi_lock, RW_WRITER); 303 } 304 } else { 305 op = (ISSET(flags, LK_EXCLUSIVE) ? RW_WRITER : RW_READER); 306 if (ISSET(flags, LK_NOWAIT)) { 307 if (!rw_tryenter(vip->vi_lock, op)) 308 return EBUSY; 309 } else { 310 rw_enter(vip->vi_lock, op); 311 } 312 } 313 VSTATE_ASSERT_UNLOCKED(vp, VS_RECLAIMED); 314 return 0; 315 } 316 317 /* 318 * Unlock the node (for deadfs). 319 */ 320 int 321 genfs_deadunlock(void *v) 322 { 323 struct vop_unlock_args /* { 324 struct vnode *a_vp; 325 } */ *ap = v; 326 vnode_t *vp = ap->a_vp; 327 vnode_impl_t *vip = VNODE_TO_VIMPL(vp); 328 329 rw_exit(vip->vi_lock); 330 331 return 0; 332 } 333 334 /* 335 * Lock the node. 336 */ 337 int 338 genfs_lock(void *v) 339 { 340 struct vop_lock_args /* { 341 struct vnode *a_vp; 342 int a_flags; 343 } */ *ap = v; 344 vnode_t *vp = ap->a_vp; 345 vnode_impl_t *vip = VNODE_TO_VIMPL(vp); 346 int flags = ap->a_flags; 347 krw_t op; 348 349 if (ISSET(flags, LK_DOWNGRADE)) { 350 rw_downgrade(vip->vi_lock); 351 } else if (ISSET(flags, LK_UPGRADE)) { 352 if (!rw_tryupgrade(vip->vi_lock)) { 353 if (ISSET(flags, LK_NOWAIT)) 354 return EBUSY; 355 rw_exit(vip->vi_lock); 356 rw_enter(vip->vi_lock, RW_WRITER); 357 } 358 } else { 359 op = (ISSET(flags, LK_EXCLUSIVE) ? RW_WRITER : RW_READER); 360 if (ISSET(flags, LK_NOWAIT)) { 361 if (!rw_tryenter(vip->vi_lock, op)) 362 return EBUSY; 363 } else { 364 rw_enter(vip->vi_lock, op); 365 } 366 } 367 VSTATE_ASSERT_UNLOCKED(vp, VS_ACTIVE); 368 return 0; 369 } 370 371 /* 372 * Unlock the node. 373 */ 374 int 375 genfs_unlock(void *v) 376 { 377 struct vop_unlock_args /* { 378 struct vnode *a_vp; 379 } */ *ap = v; 380 vnode_t *vp = ap->a_vp; 381 vnode_impl_t *vip = VNODE_TO_VIMPL(vp); 382 383 rw_exit(vip->vi_lock); 384 385 return 0; 386 } 387 388 /* 389 * Return whether or not the node is locked. 390 */ 391 int 392 genfs_islocked(void *v) 393 { 394 struct vop_islocked_args /* { 395 struct vnode *a_vp; 396 } */ *ap = v; 397 vnode_t *vp = ap->a_vp; 398 vnode_impl_t *vip = VNODE_TO_VIMPL(vp); 399 400 if (rw_write_held(vip->vi_lock)) 401 return LK_EXCLUSIVE; 402 403 if (rw_read_held(vip->vi_lock)) 404 return LK_SHARED; 405 406 return 0; 407 } 408 409 /* 410 * Stubs to use when there is no locking to be done on the underlying object. 411 */ 412 int 413 genfs_nolock(void *v) 414 { 415 416 return (0); 417 } 418 419 int 420 genfs_nounlock(void *v) 421 { 422 423 return (0); 424 } 425 426 int 427 genfs_noislocked(void *v) 428 { 429 430 return (0); 431 } 432 433 int 434 genfs_mmap(void *v) 435 { 436 437 return (0); 438 } 439 440 /* 441 * VOP_PUTPAGES() for vnodes which never have pages. 442 */ 443 444 int 445 genfs_null_putpages(void *v) 446 { 447 struct vop_putpages_args /* { 448 struct vnode *a_vp; 449 voff_t a_offlo; 450 voff_t a_offhi; 451 int a_flags; 452 } */ *ap = v; 453 struct vnode *vp = ap->a_vp; 454 455 KASSERT(vp->v_uobj.uo_npages == 0); 456 rw_exit(vp->v_uobj.vmobjlock); 457 return (0); 458 } 459 460 void 461 genfs_node_init(struct vnode *vp, const struct genfs_ops *ops) 462 { 463 struct genfs_node *gp = VTOG(vp); 464 465 rw_init(&gp->g_glock); 466 gp->g_op = ops; 467 } 468 469 void 470 genfs_node_destroy(struct vnode *vp) 471 { 472 struct genfs_node *gp = VTOG(vp); 473 474 rw_destroy(&gp->g_glock); 475 } 476 477 void 478 genfs_size(struct vnode *vp, off_t size, off_t *eobp, int flags) 479 { 480 int bsize; 481 482 bsize = 1 << vp->v_mount->mnt_fs_bshift; 483 *eobp = (size + bsize - 1) & ~(bsize - 1); 484 } 485 486 static void 487 filt_genfsdetach(struct knote *kn) 488 { 489 struct vnode *vp = (struct vnode *)kn->kn_hook; 490 491 mutex_enter(vp->v_interlock); 492 SLIST_REMOVE(&vp->v_klist, kn, knote, kn_selnext); 493 mutex_exit(vp->v_interlock); 494 } 495 496 static int 497 filt_genfsread(struct knote *kn, long hint) 498 { 499 struct vnode *vp = (struct vnode *)kn->kn_hook; 500 int rv; 501 502 /* 503 * filesystem is gone, so set the EOF flag and schedule 504 * the knote for deletion. 505 */ 506 switch (hint) { 507 case NOTE_REVOKE: 508 KASSERT(mutex_owned(vp->v_interlock)); 509 kn->kn_flags |= (EV_EOF | EV_ONESHOT); 510 return (1); 511 case 0: 512 mutex_enter(vp->v_interlock); 513 kn->kn_data = vp->v_size - ((file_t *)kn->kn_obj)->f_offset; 514 rv = (kn->kn_data != 0); 515 mutex_exit(vp->v_interlock); 516 return rv; 517 default: 518 KASSERT(mutex_owned(vp->v_interlock)); 519 kn->kn_data = vp->v_size - ((file_t *)kn->kn_obj)->f_offset; 520 return (kn->kn_data != 0); 521 } 522 } 523 524 static int 525 filt_genfswrite(struct knote *kn, long hint) 526 { 527 struct vnode *vp = (struct vnode *)kn->kn_hook; 528 529 /* 530 * filesystem is gone, so set the EOF flag and schedule 531 * the knote for deletion. 532 */ 533 switch (hint) { 534 case NOTE_REVOKE: 535 KASSERT(mutex_owned(vp->v_interlock)); 536 kn->kn_flags |= (EV_EOF | EV_ONESHOT); 537 return (1); 538 case 0: 539 mutex_enter(vp->v_interlock); 540 kn->kn_data = 0; 541 mutex_exit(vp->v_interlock); 542 return 1; 543 default: 544 KASSERT(mutex_owned(vp->v_interlock)); 545 kn->kn_data = 0; 546 return 1; 547 } 548 } 549 550 static int 551 filt_genfsvnode(struct knote *kn, long hint) 552 { 553 struct vnode *vp = (struct vnode *)kn->kn_hook; 554 int fflags; 555 556 switch (hint) { 557 case NOTE_REVOKE: 558 KASSERT(mutex_owned(vp->v_interlock)); 559 kn->kn_flags |= EV_EOF; 560 if ((kn->kn_sfflags & hint) != 0) 561 kn->kn_fflags |= hint; 562 return (1); 563 case 0: 564 mutex_enter(vp->v_interlock); 565 fflags = kn->kn_fflags; 566 mutex_exit(vp->v_interlock); 567 break; 568 default: 569 KASSERT(mutex_owned(vp->v_interlock)); 570 if ((kn->kn_sfflags & hint) != 0) 571 kn->kn_fflags |= hint; 572 fflags = kn->kn_fflags; 573 break; 574 } 575 576 return (fflags != 0); 577 } 578 579 static const struct filterops genfsread_filtops = { 580 .f_isfd = 1, 581 .f_attach = NULL, 582 .f_detach = filt_genfsdetach, 583 .f_event = filt_genfsread, 584 }; 585 586 static const struct filterops genfswrite_filtops = { 587 .f_isfd = 1, 588 .f_attach = NULL, 589 .f_detach = filt_genfsdetach, 590 .f_event = filt_genfswrite, 591 }; 592 593 static const struct filterops genfsvnode_filtops = { 594 .f_isfd = 1, 595 .f_attach = NULL, 596 .f_detach = filt_genfsdetach, 597 .f_event = filt_genfsvnode, 598 }; 599 600 int 601 genfs_kqfilter(void *v) 602 { 603 struct vop_kqfilter_args /* { 604 struct vnode *a_vp; 605 struct knote *a_kn; 606 } */ *ap = v; 607 struct vnode *vp; 608 struct knote *kn; 609 610 vp = ap->a_vp; 611 kn = ap->a_kn; 612 switch (kn->kn_filter) { 613 case EVFILT_READ: 614 kn->kn_fop = &genfsread_filtops; 615 break; 616 case EVFILT_WRITE: 617 kn->kn_fop = &genfswrite_filtops; 618 break; 619 case EVFILT_VNODE: 620 kn->kn_fop = &genfsvnode_filtops; 621 break; 622 default: 623 return (EINVAL); 624 } 625 626 kn->kn_hook = vp; 627 628 mutex_enter(vp->v_interlock); 629 SLIST_INSERT_HEAD(&vp->v_klist, kn, kn_selnext); 630 mutex_exit(vp->v_interlock); 631 632 return (0); 633 } 634 635 void 636 genfs_node_wrlock(struct vnode *vp) 637 { 638 struct genfs_node *gp = VTOG(vp); 639 640 rw_enter(&gp->g_glock, RW_WRITER); 641 } 642 643 void 644 genfs_node_rdlock(struct vnode *vp) 645 { 646 struct genfs_node *gp = VTOG(vp); 647 648 rw_enter(&gp->g_glock, RW_READER); 649 } 650 651 int 652 genfs_node_rdtrylock(struct vnode *vp) 653 { 654 struct genfs_node *gp = VTOG(vp); 655 656 return rw_tryenter(&gp->g_glock, RW_READER); 657 } 658 659 void 660 genfs_node_unlock(struct vnode *vp) 661 { 662 struct genfs_node *gp = VTOG(vp); 663 664 rw_exit(&gp->g_glock); 665 } 666 667 int 668 genfs_node_wrlocked(struct vnode *vp) 669 { 670 struct genfs_node *gp = VTOG(vp); 671 672 return rw_write_held(&gp->g_glock); 673 } 674 675 /* 676 * Do the usual access checking. 677 * file_mode, uid and gid are from the vnode in question, 678 * while acc_mode and cred are from the VOP_ACCESS parameter list 679 */ 680 int 681 genfs_can_access(enum vtype type, mode_t file_mode, uid_t uid, gid_t gid, 682 mode_t acc_mode, kauth_cred_t cred) 683 { 684 mode_t mask; 685 int error, ismember; 686 687 mask = 0; 688 689 /* Otherwise, check the owner. */ 690 if (kauth_cred_geteuid(cred) == uid) { 691 if (acc_mode & VEXEC) 692 mask |= S_IXUSR; 693 if (acc_mode & VREAD) 694 mask |= S_IRUSR; 695 if (acc_mode & VWRITE) 696 mask |= S_IWUSR; 697 return ((file_mode & mask) == mask ? 0 : EACCES); 698 } 699 700 /* Otherwise, check the groups. */ 701 error = kauth_cred_ismember_gid(cred, gid, &ismember); 702 if (error) 703 return (error); 704 if (kauth_cred_getegid(cred) == gid || ismember) { 705 if (acc_mode & VEXEC) 706 mask |= S_IXGRP; 707 if (acc_mode & VREAD) 708 mask |= S_IRGRP; 709 if (acc_mode & VWRITE) 710 mask |= S_IWGRP; 711 return ((file_mode & mask) == mask ? 0 : EACCES); 712 } 713 714 /* Otherwise, check everyone else. */ 715 if (acc_mode & VEXEC) 716 mask |= S_IXOTH; 717 if (acc_mode & VREAD) 718 mask |= S_IROTH; 719 if (acc_mode & VWRITE) 720 mask |= S_IWOTH; 721 return ((file_mode & mask) == mask ? 0 : EACCES); 722 } 723 724 /* 725 * Common routine to check if chmod() is allowed. 726 * 727 * Policy: 728 * - You must own the file, and 729 * - You must not set the "sticky" bit (meaningless, see chmod(2)) 730 * - You must be a member of the group if you're trying to set the 731 * SGIDf bit 732 * 733 * cred - credentials of the invoker 734 * vp - vnode of the file-system object 735 * cur_uid, cur_gid - current uid/gid of the file-system object 736 * new_mode - new mode for the file-system object 737 * 738 * Returns 0 if the change is allowed, or an error value otherwise. 739 */ 740 int 741 genfs_can_chmod(enum vtype type, kauth_cred_t cred, uid_t cur_uid, 742 gid_t cur_gid, mode_t new_mode) 743 { 744 int error; 745 746 /* The user must own the file. */ 747 if (kauth_cred_geteuid(cred) != cur_uid) 748 return (EPERM); 749 750 /* 751 * Unprivileged users can't set the sticky bit on files. 752 */ 753 if ((type != VDIR) && (new_mode & S_ISTXT)) 754 return (EFTYPE); 755 756 /* 757 * If the invoker is trying to set the SGID bit on the file, 758 * check group membership. 759 */ 760 if (new_mode & S_ISGID) { 761 int ismember; 762 763 error = kauth_cred_ismember_gid(cred, cur_gid, 764 &ismember); 765 if (error || !ismember) 766 return (EPERM); 767 } 768 769 return (0); 770 } 771 772 /* 773 * Common routine to check if chown() is allowed. 774 * 775 * Policy: 776 * - You must own the file, and 777 * - You must not try to change ownership, and 778 * - You must be member of the new group 779 * 780 * cred - credentials of the invoker 781 * cur_uid, cur_gid - current uid/gid of the file-system object 782 * new_uid, new_gid - target uid/gid of the file-system object 783 * 784 * Returns 0 if the change is allowed, or an error value otherwise. 785 */ 786 int 787 genfs_can_chown(kauth_cred_t cred, uid_t cur_uid, 788 gid_t cur_gid, uid_t new_uid, gid_t new_gid) 789 { 790 int error, ismember; 791 792 /* 793 * You can only change ownership of a file if: 794 * You own the file and... 795 */ 796 if (kauth_cred_geteuid(cred) == cur_uid) { 797 /* 798 * You don't try to change ownership, and... 799 */ 800 if (new_uid != cur_uid) 801 return (EPERM); 802 803 /* 804 * You don't try to change group (no-op), or... 805 */ 806 if (new_gid == cur_gid) 807 return (0); 808 809 /* 810 * Your effective gid is the new gid, or... 811 */ 812 if (kauth_cred_getegid(cred) == new_gid) 813 return (0); 814 815 /* 816 * The new gid is one you're a member of. 817 */ 818 ismember = 0; 819 error = kauth_cred_ismember_gid(cred, new_gid, 820 &ismember); 821 if (!error && ismember) 822 return (0); 823 } 824 825 return (EPERM); 826 } 827 828 int 829 genfs_can_chtimes(vnode_t *vp, u_int vaflags, uid_t owner_uid, 830 kauth_cred_t cred) 831 { 832 int error; 833 834 /* Must be owner, or... */ 835 if (kauth_cred_geteuid(cred) == owner_uid) 836 return (0); 837 838 /* set the times to the current time, and... */ 839 if ((vaflags & VA_UTIMES_NULL) == 0) 840 return (EPERM); 841 842 /* have write access. */ 843 error = VOP_ACCESS(vp, VWRITE, cred); 844 if (error) 845 return (error); 846 847 return (0); 848 } 849 850 /* 851 * Common routine to check if chflags() is allowed. 852 * 853 * Policy: 854 * - You must own the file, and 855 * - You must not change system flags, and 856 * - You must not change flags on character/block devices. 857 * 858 * cred - credentials of the invoker 859 * owner_uid - uid of the file-system object 860 * changing_sysflags - true if the invoker wants to change system flags 861 */ 862 int 863 genfs_can_chflags(kauth_cred_t cred, enum vtype type, uid_t owner_uid, 864 bool changing_sysflags) 865 { 866 867 /* The user must own the file. */ 868 if (kauth_cred_geteuid(cred) != owner_uid) { 869 return EPERM; 870 } 871 872 if (changing_sysflags) { 873 return EPERM; 874 } 875 876 /* 877 * Unprivileged users cannot change the flags on devices, even if they 878 * own them. 879 */ 880 if (type == VCHR || type == VBLK) { 881 return EPERM; 882 } 883 884 return 0; 885 } 886 887 /* 888 * Common "sticky" policy. 889 * 890 * When a directory is "sticky" (as determined by the caller), this 891 * function may help implementing the following policy: 892 * - Renaming a file in it is only possible if the user owns the directory 893 * or the file being renamed. 894 * - Deleting a file from it is only possible if the user owns the 895 * directory or the file being deleted. 896 */ 897 int 898 genfs_can_sticky(kauth_cred_t cred, uid_t dir_uid, uid_t file_uid) 899 { 900 if (kauth_cred_geteuid(cred) != dir_uid && 901 kauth_cred_geteuid(cred) != file_uid) 902 return EPERM; 903 904 return 0; 905 } 906 907 int 908 genfs_can_extattr(kauth_cred_t cred, int access_mode, vnode_t *vp, 909 const char *attr) 910 { 911 /* We can't allow privileged namespaces. */ 912 if (strncasecmp(attr, "system", 6) == 0) 913 return EPERM; 914 915 return VOP_ACCESS(vp, access_mode, cred); 916 } 917
Indexes created Fri Sep 26 08:10:20 GMT 2025