2 * Copyright (c) 1999-2001 Robert N. M. Watson
5 * This software was developed by Robert Watson for the TrustedBSD Project.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/cdefs.h>
30 __FBSDID("$FreeBSD$");
32 #include <sys/param.h>
33 #include <sys/systm.h>
34 #include <sys/capability.h>
36 #include <sys/mount.h>
37 #include <sys/mutex.h>
38 #include <sys/sysproto.h>
39 #include <sys/fcntl.h>
40 #include <sys/namei.h>
41 #include <sys/filedesc.h>
42 #include <sys/limits.h>
43 #include <sys/vnode.h>
45 #include <sys/extattr.h>
47 #include <security/audit/audit.h>
48 #include <security/mac/mac_framework.h>
51 * Syscall to push extended attribute configuration information into the VFS.
52 * Accepts a path, which it converts to a mountpoint, as well as a command
53 * (int cmd), and attribute name and misc data.
55 * Currently this is used only by UFS1 extended attributes.
58 sys_extattrctl(td, uap)
60 struct extattrctl_args /* {
68 struct vnode *filename_vp;
70 struct mount *mp, *mp_writable;
71 char attrname[EXTATTR_MAXNAMELEN];
72 int vfslocked, fnvfslocked, error;
74 AUDIT_ARG_CMD(uap->cmd);
75 AUDIT_ARG_VALUE(uap->attrnamespace);
77 * uap->attrname is not always defined. We check again later when we
78 * invoke the VFS call so as to pass in NULL there if needed.
80 if (uap->attrname != NULL) {
81 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN,
86 AUDIT_ARG_TEXT(attrname);
88 vfslocked = fnvfslocked = 0;
91 if (uap->filename != NULL) {
92 NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE2,
93 UIO_USERSPACE, uap->filename, td);
97 fnvfslocked = NDHASGIANT(&nd);
98 filename_vp = nd.ni_vp;
99 NDFREE(&nd, NDF_NO_VP_RELE);
102 /* uap->path is always defined. */
103 NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | LOCKLEAF | AUDITVNODE1,
104 UIO_USERSPACE, uap->path, td);
108 vfslocked = NDHASGIANT(&nd);
109 mp = nd.ni_vp->v_mount;
110 error = vfs_busy(mp, 0);
116 VOP_UNLOCK(nd.ni_vp, 0);
117 error = vn_start_write(nd.ni_vp, &mp_writable, V_WAIT | PCATCH);
118 NDFREE(&nd, NDF_NO_VP_UNLOCK);
121 if (filename_vp != NULL) {
123 * uap->filename is not always defined. If it is,
124 * grab a vnode lock, which VFS_EXTATTRCTL() will
127 error = vn_lock(filename_vp, LK_EXCLUSIVE);
129 vn_finished_write(mp_writable);
134 error = VFS_EXTATTRCTL(mp, uap->cmd, filename_vp, uap->attrnamespace,
135 uap->attrname != NULL ? attrname : NULL);
137 vn_finished_write(mp_writable);
143 * VFS_EXTATTRCTL will have unlocked, but not de-ref'd, filename_vp,
144 * so vrele it if it is defined.
146 if (filename_vp != NULL)
148 VFS_UNLOCK_GIANT(fnvfslocked);
149 VFS_UNLOCK_GIANT(vfslocked);
154 * Set a named extended attribute on a file or directory
156 * Arguments: unlocked vnode "vp", attribute namespace "attrnamespace",
157 * kernelspace string pointer "attrname", userspace buffer
158 * pointer "data", buffer length "nbytes", thread "td".
159 * Returns: 0 on success, an error number otherwise
161 * References: vp must be a valid reference for the duration of the call
164 extattr_set_vp(struct vnode *vp, int attrnamespace, const char *attrname,
165 void *data, size_t nbytes, struct thread *td)
173 VFS_ASSERT_GIANT(vp->v_mount);
174 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
177 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
179 aiov.iov_base = data;
180 aiov.iov_len = nbytes;
181 auio.uio_iov = &aiov;
184 if (nbytes > INT_MAX) {
188 auio.uio_resid = nbytes;
189 auio.uio_rw = UIO_WRITE;
190 auio.uio_segflg = UIO_USERSPACE;
195 error = mac_vnode_check_setextattr(td->td_ucred, vp, attrnamespace,
201 error = VOP_SETEXTATTR(vp, attrnamespace, attrname, &auio,
203 cnt -= auio.uio_resid;
204 td->td_retval[0] = cnt;
208 vn_finished_write(mp);
213 sys_extattr_set_fd(td, uap)
215 struct extattr_set_fd_args /* {
218 const char *attrname;
224 char attrname[EXTATTR_MAXNAMELEN];
225 int vfslocked, error;
227 AUDIT_ARG_FD(uap->fd);
228 AUDIT_ARG_VALUE(uap->attrnamespace);
229 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
232 AUDIT_ARG_TEXT(attrname);
234 error = getvnode(td->td_proc->p_fd, uap->fd, CAP_EXTATTR_SET, &fp);
238 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
239 error = extattr_set_vp(fp->f_vnode, uap->attrnamespace,
240 attrname, uap->data, uap->nbytes, td);
242 VFS_UNLOCK_GIANT(vfslocked);
248 sys_extattr_set_file(td, uap)
250 struct extattr_set_file_args /* {
253 const char *attrname;
259 char attrname[EXTATTR_MAXNAMELEN];
260 int vfslocked, error;
262 AUDIT_ARG_VALUE(uap->attrnamespace);
263 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
266 AUDIT_ARG_TEXT(attrname);
268 NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
273 NDFREE(&nd, NDF_ONLY_PNBUF);
275 vfslocked = NDHASGIANT(&nd);
276 error = extattr_set_vp(nd.ni_vp, uap->attrnamespace, attrname,
277 uap->data, uap->nbytes, td);
280 VFS_UNLOCK_GIANT(vfslocked);
285 sys_extattr_set_link(td, uap)
287 struct extattr_set_link_args /* {
290 const char *attrname;
296 char attrname[EXTATTR_MAXNAMELEN];
297 int vfslocked, error;
299 AUDIT_ARG_VALUE(uap->attrnamespace);
300 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
303 AUDIT_ARG_TEXT(attrname);
305 NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
310 NDFREE(&nd, NDF_ONLY_PNBUF);
312 vfslocked = NDHASGIANT(&nd);
313 error = extattr_set_vp(nd.ni_vp, uap->attrnamespace, attrname,
314 uap->data, uap->nbytes, td);
317 VFS_UNLOCK_GIANT(vfslocked);
322 * Get a named extended attribute on a file or directory
324 * Arguments: unlocked vnode "vp", attribute namespace "attrnamespace",
325 * kernelspace string pointer "attrname", userspace buffer
326 * pointer "data", buffer length "nbytes", thread "td".
327 * Returns: 0 on success, an error number otherwise
329 * References: vp must be a valid reference for the duration of the call
332 extattr_get_vp(struct vnode *vp, int attrnamespace, const char *attrname,
333 void *data, size_t nbytes, struct thread *td)
335 struct uio auio, *auiop;
341 VFS_ASSERT_GIANT(vp->v_mount);
342 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
345 * Slightly unusual semantics: if the user provides a NULL data
346 * pointer, they don't want to receive the data, just the maximum
353 aiov.iov_base = data;
354 aiov.iov_len = nbytes;
355 auio.uio_iov = &aiov;
358 if (nbytes > INT_MAX) {
362 auio.uio_resid = nbytes;
363 auio.uio_rw = UIO_READ;
364 auio.uio_segflg = UIO_USERSPACE;
372 error = mac_vnode_check_getextattr(td->td_ucred, vp, attrnamespace,
378 error = VOP_GETEXTATTR(vp, attrnamespace, attrname, auiop, sizep,
382 cnt -= auio.uio_resid;
383 td->td_retval[0] = cnt;
385 td->td_retval[0] = size;
393 sys_extattr_get_fd(td, uap)
395 struct extattr_get_fd_args /* {
398 const char *attrname;
404 char attrname[EXTATTR_MAXNAMELEN];
405 int vfslocked, error;
407 AUDIT_ARG_FD(uap->fd);
408 AUDIT_ARG_VALUE(uap->attrnamespace);
409 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
412 AUDIT_ARG_TEXT(attrname);
414 error = getvnode(td->td_proc->p_fd, uap->fd, CAP_EXTATTR_GET, &fp);
418 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
419 error = extattr_get_vp(fp->f_vnode, uap->attrnamespace,
420 attrname, uap->data, uap->nbytes, td);
423 VFS_UNLOCK_GIANT(vfslocked);
428 sys_extattr_get_file(td, uap)
430 struct extattr_get_file_args /* {
433 const char *attrname;
439 char attrname[EXTATTR_MAXNAMELEN];
440 int vfslocked, error;
442 AUDIT_ARG_VALUE(uap->attrnamespace);
443 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
446 AUDIT_ARG_TEXT(attrname);
448 NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
453 NDFREE(&nd, NDF_ONLY_PNBUF);
455 vfslocked = NDHASGIANT(&nd);
456 error = extattr_get_vp(nd.ni_vp, uap->attrnamespace, attrname,
457 uap->data, uap->nbytes, td);
460 VFS_UNLOCK_GIANT(vfslocked);
465 sys_extattr_get_link(td, uap)
467 struct extattr_get_link_args /* {
470 const char *attrname;
476 char attrname[EXTATTR_MAXNAMELEN];
477 int vfslocked, error;
479 AUDIT_ARG_VALUE(uap->attrnamespace);
480 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
483 AUDIT_ARG_TEXT(attrname);
485 NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
490 NDFREE(&nd, NDF_ONLY_PNBUF);
492 vfslocked = NDHASGIANT(&nd);
493 error = extattr_get_vp(nd.ni_vp, uap->attrnamespace, attrname,
494 uap->data, uap->nbytes, td);
497 VFS_UNLOCK_GIANT(vfslocked);
502 * extattr_delete_vp(): Delete a named extended attribute on a file or
505 * Arguments: unlocked vnode "vp", attribute namespace "attrnamespace",
506 * kernelspace string pointer "attrname", proc "p"
507 * Returns: 0 on success, an error number otherwise
509 * References: vp must be a valid reference for the duration of the call
512 extattr_delete_vp(struct vnode *vp, int attrnamespace, const char *attrname,
518 VFS_ASSERT_GIANT(vp->v_mount);
519 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
522 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
525 error = mac_vnode_check_deleteextattr(td->td_ucred, vp, attrnamespace,
531 error = VOP_DELETEEXTATTR(vp, attrnamespace, attrname, td->td_ucred,
533 if (error == EOPNOTSUPP)
534 error = VOP_SETEXTATTR(vp, attrnamespace, attrname, NULL,
540 vn_finished_write(mp);
545 sys_extattr_delete_fd(td, uap)
547 struct extattr_delete_fd_args /* {
550 const char *attrname;
554 char attrname[EXTATTR_MAXNAMELEN];
555 int vfslocked, error;
557 AUDIT_ARG_FD(uap->fd);
558 AUDIT_ARG_VALUE(uap->attrnamespace);
559 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
562 AUDIT_ARG_TEXT(attrname);
564 error = getvnode(td->td_proc->p_fd, uap->fd, CAP_EXTATTR_DELETE,
569 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
570 error = extattr_delete_vp(fp->f_vnode, uap->attrnamespace,
573 VFS_UNLOCK_GIANT(vfslocked);
578 sys_extattr_delete_file(td, uap)
580 struct extattr_delete_file_args /* {
583 const char *attrname;
587 char attrname[EXTATTR_MAXNAMELEN];
588 int vfslocked, error;
590 AUDIT_ARG_VALUE(uap->attrnamespace);
591 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
594 AUDIT_ARG_TEXT(attrname);
596 NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
601 NDFREE(&nd, NDF_ONLY_PNBUF);
603 vfslocked = NDHASGIANT(&nd);
604 error = extattr_delete_vp(nd.ni_vp, uap->attrnamespace, attrname, td);
606 VFS_UNLOCK_GIANT(vfslocked);
611 sys_extattr_delete_link(td, uap)
613 struct extattr_delete_link_args /* {
616 const char *attrname;
620 char attrname[EXTATTR_MAXNAMELEN];
621 int vfslocked, error;
623 AUDIT_ARG_VALUE(uap->attrnamespace);
624 error = copyinstr(uap->attrname, attrname, EXTATTR_MAXNAMELEN, NULL);
627 AUDIT_ARG_TEXT(attrname);
629 NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
634 NDFREE(&nd, NDF_ONLY_PNBUF);
636 vfslocked = NDHASGIANT(&nd);
637 error = extattr_delete_vp(nd.ni_vp, uap->attrnamespace, attrname, td);
639 VFS_UNLOCK_GIANT(vfslocked);
644 * Retrieve a list of extended attributes on a file or directory.
646 * Arguments: unlocked vnode "vp", attribute namespace 'attrnamespace",
647 * userspace buffer pointer "data", buffer length "nbytes",
649 * Returns: 0 on success, an error number otherwise
651 * References: vp must be a valid reference for the duration of the call
654 extattr_list_vp(struct vnode *vp, int attrnamespace, void *data,
655 size_t nbytes, struct thread *td)
657 struct uio auio, *auiop;
663 VFS_ASSERT_GIANT(vp->v_mount);
664 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
670 aiov.iov_base = data;
671 aiov.iov_len = nbytes;
672 auio.uio_iov = &aiov;
675 if (nbytes > INT_MAX) {
679 auio.uio_resid = nbytes;
680 auio.uio_rw = UIO_READ;
681 auio.uio_segflg = UIO_USERSPACE;
689 error = mac_vnode_check_listextattr(td->td_ucred, vp, attrnamespace);
694 error = VOP_LISTEXTATTR(vp, attrnamespace, auiop, sizep,
698 cnt -= auio.uio_resid;
699 td->td_retval[0] = cnt;
701 td->td_retval[0] = size;
710 sys_extattr_list_fd(td, uap)
712 struct extattr_list_fd_args /* {
720 int vfslocked, error;
722 AUDIT_ARG_FD(uap->fd);
723 AUDIT_ARG_VALUE(uap->attrnamespace);
724 error = getvnode(td->td_proc->p_fd, uap->fd, CAP_EXTATTR_LIST, &fp);
728 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
729 error = extattr_list_vp(fp->f_vnode, uap->attrnamespace, uap->data,
733 VFS_UNLOCK_GIANT(vfslocked);
738 sys_extattr_list_file(td, uap)
740 struct extattr_list_file_args /* {
748 int vfslocked, error;
750 AUDIT_ARG_VALUE(uap->attrnamespace);
751 NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | AUDITVNODE1, UIO_USERSPACE,
756 NDFREE(&nd, NDF_ONLY_PNBUF);
758 vfslocked = NDHASGIANT(&nd);
759 error = extattr_list_vp(nd.ni_vp, uap->attrnamespace, uap->data,
763 VFS_UNLOCK_GIANT(vfslocked);
768 sys_extattr_list_link(td, uap)
770 struct extattr_list_link_args /* {
778 int vfslocked, error;
780 AUDIT_ARG_VALUE(uap->attrnamespace);
781 NDINIT(&nd, LOOKUP, MPSAFE | NOFOLLOW | AUDITVNODE1, UIO_USERSPACE,
786 NDFREE(&nd, NDF_ONLY_PNBUF);
788 vfslocked = NDHASGIANT(&nd);
789 error = extattr_list_vp(nd.ni_vp, uap->attrnamespace, uap->data,
793 VFS_UNLOCK_GIANT(vfslocked);