2 * Copyright (c) 1999-2006 Robert N. M. Watson
5 * This software was developed by Robert Watson for the TrustedBSD Project.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * Developed by the TrustedBSD Project.
31 * ACL system calls and other functions common across different ACL types.
32 * Type-specific routines go into subr_acl_<type>.c.
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/sysproto.h>
43 #include <sys/fcntl.h>
44 #include <sys/kernel.h>
45 #include <sys/malloc.h>
46 #include <sys/mount.h>
47 #include <sys/vnode.h>
49 #include <sys/mutex.h>
50 #include <sys/namei.h>
52 #include <sys/filedesc.h>
54 #include <sys/sysent.h>
57 #include <security/mac/mac_framework.h>
59 CTASSERT(ACL_MAX_ENTRIES >= OLDACL_MAX_ENTRIES);
61 MALLOC_DEFINE(M_ACL, "acl", "Access Control Lists");
63 static int vacl_set_acl(struct thread *td, struct vnode *vp,
64 acl_type_t type, struct acl *aclp);
65 static int vacl_get_acl(struct thread *td, struct vnode *vp,
66 acl_type_t type, struct acl *aclp);
67 static int vacl_aclcheck(struct thread *td, struct vnode *vp,
68 acl_type_t type, struct acl *aclp);
71 acl_copy_oldacl_into_acl(const struct oldacl *source, struct acl *dest)
75 if (source->acl_cnt < 0 || source->acl_cnt > OLDACL_MAX_ENTRIES)
78 bzero(dest, sizeof(*dest));
80 dest->acl_cnt = source->acl_cnt;
81 dest->acl_maxcnt = ACL_MAX_ENTRIES;
83 for (i = 0; i < dest->acl_cnt; i++) {
84 dest->acl_entry[i].ae_tag = source->acl_entry[i].ae_tag;
85 dest->acl_entry[i].ae_id = source->acl_entry[i].ae_id;
86 dest->acl_entry[i].ae_perm = source->acl_entry[i].ae_perm;
93 acl_copy_acl_into_oldacl(const struct acl *source, struct oldacl *dest)
97 if (source->acl_cnt < 0 || source->acl_cnt > OLDACL_MAX_ENTRIES)
100 bzero(dest, sizeof(*dest));
102 dest->acl_cnt = source->acl_cnt;
104 for (i = 0; i < dest->acl_cnt; i++) {
105 dest->acl_entry[i].ae_tag = source->acl_entry[i].ae_tag;
106 dest->acl_entry[i].ae_id = source->acl_entry[i].ae_id;
107 dest->acl_entry[i].ae_perm = source->acl_entry[i].ae_perm;
114 * At one time, "struct ACL" was extended in order to add support for NFSv4
115 * ACLs. Instead of creating compatibility versions of all the ACL-related
116 * syscalls, they were left intact. It's possible to find out what the code
117 * calling these syscalls (libc) expects basing on "type" argument - if it's
118 * either ACL_TYPE_ACCESS_OLD or ACL_TYPE_DEFAULT_OLD (which previously were
119 * known as ACL_TYPE_ACCESS and ACL_TYPE_DEFAULT), then it's the "struct
120 * oldacl". If it's something else, then it's the new "struct acl". In the
121 * latter case, the routines below just copyin/copyout the contents. In the
122 * former case, they copyin the "struct oldacl" and convert it to the new
126 acl_copyin(void *user_acl, struct acl *kernel_acl, acl_type_t type)
132 case ACL_TYPE_ACCESS_OLD:
133 case ACL_TYPE_DEFAULT_OLD:
134 error = copyin(user_acl, &old, sizeof(old));
137 acl_copy_oldacl_into_acl(&old, kernel_acl);
141 error = copyin(user_acl, kernel_acl, sizeof(*kernel_acl));
142 if (kernel_acl->acl_maxcnt != ACL_MAX_ENTRIES)
150 acl_copyout(struct acl *kernel_acl, void *user_acl, acl_type_t type)
156 case ACL_TYPE_ACCESS_OLD:
157 case ACL_TYPE_DEFAULT_OLD:
158 error = acl_copy_acl_into_oldacl(kernel_acl, &old);
162 error = copyout(&old, user_acl, sizeof(old));
166 if (fuword((char *)user_acl +
167 offsetof(struct acl, acl_maxcnt)) != ACL_MAX_ENTRIES)
170 error = copyout(kernel_acl, user_acl, sizeof(*kernel_acl));
177 * Convert "old" type - ACL_TYPE_{ACCESS,DEFAULT}_OLD - into its "new"
178 * counterpart. It's required for old (pre-NFS4 ACLs) libc to work
179 * with new kernel. Fixing 'type' for old binaries with new libc
180 * is being done in lib/libc/posix1e/acl_support.c:_acl_type_unold().
183 acl_type_unold(int type)
186 case ACL_TYPE_ACCESS_OLD:
187 return (ACL_TYPE_ACCESS);
189 case ACL_TYPE_DEFAULT_OLD:
190 return (ACL_TYPE_DEFAULT);
198 * These calls wrap the real vnode operations, and are called by the syscall
199 * code once the syscall has converted the path or file descriptor to a vnode
200 * (unlocked). The aclp pointer is assumed still to point to userland, so
201 * this should not be consumed within the kernel except by syscall code.
202 * Other code should directly invoke VOP_{SET,GET}ACL.
206 * Given a vnode, set its ACL.
209 vacl_set_acl(struct thread *td, struct vnode *vp, acl_type_t type,
212 struct acl *inkernelacl;
216 inkernelacl = acl_alloc(M_WAITOK);
217 error = acl_copyin(aclp, inkernelacl, type);
220 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
223 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
225 error = mac_vnode_check_setacl(td->td_ucred, vp, type, inkernelacl);
229 error = VOP_SETACL(vp, acl_type_unold(type), inkernelacl,
235 vn_finished_write(mp);
237 acl_free(inkernelacl);
242 * Given a vnode, get its ACL.
245 vacl_get_acl(struct thread *td, struct vnode *vp, acl_type_t type,
248 struct acl *inkernelacl;
251 inkernelacl = acl_alloc(M_WAITOK);
252 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
254 error = mac_vnode_check_getacl(td->td_ucred, vp, type);
258 error = VOP_GETACL(vp, acl_type_unold(type), inkernelacl,
266 error = acl_copyout(inkernelacl, aclp, type);
267 acl_free(inkernelacl);
272 * Given a vnode, delete its ACL.
275 vacl_delete(struct thread *td, struct vnode *vp, acl_type_t type)
280 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
283 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
285 error = mac_vnode_check_deleteacl(td->td_ucred, vp, type);
289 error = VOP_SETACL(vp, acl_type_unold(type), 0, td->td_ucred, td);
294 vn_finished_write(mp);
299 * Given a vnode, check whether an ACL is appropriate for it
302 vacl_aclcheck(struct thread *td, struct vnode *vp, acl_type_t type,
305 struct acl *inkernelacl;
308 inkernelacl = acl_alloc(M_WAITOK);
309 error = acl_copyin(aclp, inkernelacl, type);
312 error = VOP_ACLCHECK(vp, type, inkernelacl, td->td_ucred, td);
314 acl_free(inkernelacl);
319 * syscalls -- convert the path/fd to a vnode, and call vacl_whatever. Don't
320 * need to lock, as the vacl_ code will get/release any locks required.
324 * Given a file path, get an ACL for it
327 __acl_get_file(struct thread *td, struct __acl_get_file_args *uap)
330 int vfslocked, error;
332 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td);
334 vfslocked = NDHASGIANT(&nd);
336 error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp);
339 VFS_UNLOCK_GIANT(vfslocked);
344 * Given a file path, get an ACL for it; don't follow links.
347 __acl_get_link(struct thread *td, struct __acl_get_link_args *uap)
350 int vfslocked, error;
352 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td);
354 vfslocked = NDHASGIANT(&nd);
356 error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp);
359 VFS_UNLOCK_GIANT(vfslocked);
364 * Given a file path, set an ACL for it.
367 __acl_set_file(struct thread *td, struct __acl_set_file_args *uap)
370 int vfslocked, error;
372 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td);
374 vfslocked = NDHASGIANT(&nd);
376 error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp);
379 VFS_UNLOCK_GIANT(vfslocked);
384 * Given a file path, set an ACL for it; don't follow links.
387 __acl_set_link(struct thread *td, struct __acl_set_link_args *uap)
390 int vfslocked, error;
392 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td);
394 vfslocked = NDHASGIANT(&nd);
396 error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp);
399 VFS_UNLOCK_GIANT(vfslocked);
404 * Given a file descriptor, get an ACL for it.
407 __acl_get_fd(struct thread *td, struct __acl_get_fd_args *uap)
410 int vfslocked, error;
412 error = getvnode(td->td_proc->p_fd, uap->filedes, &fp);
414 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
415 error = vacl_get_acl(td, fp->f_vnode, uap->type, uap->aclp);
417 VFS_UNLOCK_GIANT(vfslocked);
423 * Given a file descriptor, set an ACL for it.
426 __acl_set_fd(struct thread *td, struct __acl_set_fd_args *uap)
429 int vfslocked, error;
431 error = getvnode(td->td_proc->p_fd, uap->filedes, &fp);
433 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
434 error = vacl_set_acl(td, fp->f_vnode, uap->type, uap->aclp);
436 VFS_UNLOCK_GIANT(vfslocked);
442 * Given a file path, delete an ACL from it.
445 __acl_delete_file(struct thread *td, struct __acl_delete_file_args *uap)
448 int vfslocked, error;
450 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td);
452 vfslocked = NDHASGIANT(&nd);
454 error = vacl_delete(td, nd.ni_vp, uap->type);
457 VFS_UNLOCK_GIANT(vfslocked);
462 * Given a file path, delete an ACL from it; don't follow links.
465 __acl_delete_link(struct thread *td, struct __acl_delete_link_args *uap)
468 int vfslocked, error;
470 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td);
472 vfslocked = NDHASGIANT(&nd);
474 error = vacl_delete(td, nd.ni_vp, uap->type);
477 VFS_UNLOCK_GIANT(vfslocked);
482 * Given a file path, delete an ACL from it.
485 __acl_delete_fd(struct thread *td, struct __acl_delete_fd_args *uap)
488 int vfslocked, error;
490 error = getvnode(td->td_proc->p_fd, uap->filedes, &fp);
492 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
493 error = vacl_delete(td, fp->f_vnode, uap->type);
495 VFS_UNLOCK_GIANT(vfslocked);
501 * Given a file path, check an ACL for it.
504 __acl_aclcheck_file(struct thread *td, struct __acl_aclcheck_file_args *uap)
507 int vfslocked, error;
509 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td);
511 vfslocked = NDHASGIANT(&nd);
513 error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp);
516 VFS_UNLOCK_GIANT(vfslocked);
521 * Given a file path, check an ACL for it; don't follow links.
524 __acl_aclcheck_link(struct thread *td, struct __acl_aclcheck_link_args *uap)
527 int vfslocked, error;
529 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td);
531 vfslocked = NDHASGIANT(&nd);
533 error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp);
536 VFS_UNLOCK_GIANT(vfslocked);
541 * Given a file descriptor, check an ACL for it.
544 __acl_aclcheck_fd(struct thread *td, struct __acl_aclcheck_fd_args *uap)
547 int vfslocked, error;
549 error = getvnode(td->td_proc->p_fd, uap->filedes, &fp);
551 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
552 error = vacl_aclcheck(td, fp->f_vnode, uap->type, uap->aclp);
554 VFS_UNLOCK_GIANT(vfslocked);
564 aclp = malloc(sizeof(*aclp), M_ACL, flags);
565 aclp->acl_maxcnt = ACL_MAX_ENTRIES;
571 acl_free(struct acl *aclp)
projects / FreeBSD / FreeBSD.git / blob