2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 1999-2001 Robert N. M. Watson
7 * This software was developed by Robert Watson for the TrustedBSD Project.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 #include <sys/cdefs.h>
32 __FBSDID("$FreeBSD$");
34 #include <sys/param.h>
35 #include <sys/systm.h>
36 #include <sys/capsicum.h>
38 #include <sys/mount.h>
39 #include <sys/mutex.h>
40 #include <sys/sysproto.h>
41 #include <sys/fcntl.h>
42 #include <sys/namei.h>
43 #include <sys/filedesc.h>
44 #include <sys/limits.h>
45 #include <sys/vnode.h>
47 #include <sys/extattr.h>
49 #include <security/audit/audit.h>
50 #include <security/mac/mac_framework.h>
52 static int kern_extattr_set_path(struct thread *td, const char *path,
53 int attrnamespace, const char *attrname, void *data,
54 size_t nbytes, int follow);
55 static int kern_extattr_get_path(struct thread *td, const char *path,
56 int attrnamespace, const char *attrname, void *data,
57 size_t nbytes, int follow);
58 static int kern_extattr_delete_path(struct thread *td, const char *path,
59 int attrnamespace, const char *attrname, int follow);
60 static int kern_extattr_list_path(struct thread *td, const char *path,
61 int attrnamespace, void *data, size_t nbytes, int follow);
64 * Syscall to push extended attribute configuration information into the VFS.
65 * Accepts a path, which it converts to a mountpoint, as well as a command
66 * (int cmd), and attribute name and misc data.
68 * Currently this is used only by UFS1 extended attributes.
70 #ifndef _SYS_SYSPROTO_H_
71 struct extattrctl_args {
80 sys_extattrctl(struct thread *td, struct extattrctl_args *uap)
82 struct vnode *filename_vp;
84 struct mount *mp, *mp_writable;
85 char attrname[EXTATTR_MAXNAMELEN + 1];
88 AUDIT_ARG_CMD(uap->cmd);
89 AUDIT_ARG_VALUE(uap->attrnamespace);
91 * uap->attrname is not always defined. We check again later when we
92 * invoke the VFS call so as to pass in NULL there if needed.
94 if (uap->attrname != NULL) {
95 error = copyinstr(uap->attrname, attrname, sizeof(attrname),
100 AUDIT_ARG_TEXT(attrname);
104 if (uap->filename != NULL) {
105 NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE2,
106 UIO_USERSPACE, uap->filename, td);
110 filename_vp = nd.ni_vp;
111 NDFREE(&nd, NDF_NO_VP_RELE);
114 /* uap->path is always defined. */
115 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1,
116 UIO_USERSPACE, uap->path, td);
120 mp = nd.ni_vp->v_mount;
121 error = vfs_busy(mp, 0);
127 VOP_UNLOCK(nd.ni_vp);
128 error = vn_start_write(nd.ni_vp, &mp_writable, V_WAIT | PCATCH);
129 NDFREE(&nd, NDF_NO_VP_UNLOCK);
132 if (filename_vp != NULL) {
134 * uap->filename is not always defined. If it is,
135 * grab a vnode lock, which VFS_EXTATTRCTL() will
138 error = vn_lock(filename_vp, LK_EXCLUSIVE);
140 vn_finished_write(mp_writable);
145 error = VFS_EXTATTRCTL(mp, uap->cmd, filename_vp, uap->attrnamespace,
146 uap->attrname != NULL ? attrname : NULL);
148 vn_finished_write(mp_writable);
154 * VFS_EXTATTRCTL will have unlocked, but not de-ref'd, filename_vp,
155 * so vrele it if it is defined.
157 if (filename_vp != NULL)
163 * Set a named extended attribute on a file or directory
165 * Arguments: unlocked vnode "vp", attribute namespace "attrnamespace",
166 * kernelspace string pointer "attrname", userspace buffer
167 * pointer "data", buffer length "nbytes", thread "td".
168 * Returns: 0 on success, an error number otherwise
170 * References: vp must be a valid reference for the duration of the call
173 extattr_set_vp(struct vnode *vp, int attrnamespace, const char *attrname,
174 void *data, size_t nbytes, struct thread *td)
182 if (nbytes > IOSIZE_MAX)
185 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
188 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
190 aiov.iov_base = data;
191 aiov.iov_len = nbytes;
192 auio.uio_iov = &aiov;
195 auio.uio_resid = nbytes;
196 auio.uio_rw = UIO_WRITE;
197 auio.uio_segflg = UIO_USERSPACE;
202 error = mac_vnode_check_setextattr(td->td_ucred, vp, attrnamespace,
208 error = VOP_SETEXTATTR(vp, attrnamespace, attrname, &auio,
210 cnt -= auio.uio_resid;
211 td->td_retval[0] = cnt;
217 vn_finished_write(mp);
221 #ifndef _SYS_SYSPROTO_H_
222 struct extattr_set_fd_args {
225 const char *attrname;
231 sys_extattr_set_fd(struct thread *td, struct extattr_set_fd_args *uap)
234 char attrname[EXTATTR_MAXNAMELEN + 1];
238 AUDIT_ARG_FD(uap->fd);
239 AUDIT_ARG_VALUE(uap->attrnamespace);
240 error = copyinstr(uap->attrname, attrname, sizeof(attrname), NULL);
243 AUDIT_ARG_TEXT(attrname);
245 error = getvnode(td, uap->fd,
246 cap_rights_init_one(&rights, CAP_EXTATTR_SET), &fp);
250 error = extattr_set_vp(fp->f_vnode, uap->attrnamespace,
251 attrname, uap->data, uap->nbytes, td);
257 #ifndef _SYS_SYSPROTO_H_
258 struct extattr_set_file_args {
261 const char *attrname;
267 sys_extattr_set_file(struct thread *td, struct extattr_set_file_args *uap)
270 return (kern_extattr_set_path(td, uap->path, uap->attrnamespace,
271 uap->attrname, uap->data, uap->nbytes, FOLLOW));
274 #ifndef _SYS_SYSPROTO_H_
275 struct extattr_set_link_args {
278 const char *attrname;
284 sys_extattr_set_link(struct thread *td, struct extattr_set_link_args *uap)
287 return (kern_extattr_set_path(td, uap->path, uap->attrnamespace,
288 uap->attrname, uap->data, uap->nbytes, NOFOLLOW));
292 kern_extattr_set_path(struct thread *td, const char *path, int attrnamespace,
293 const char *uattrname, void *data, size_t nbytes, int follow)
296 char attrname[EXTATTR_MAXNAMELEN + 1];
299 AUDIT_ARG_VALUE(attrnamespace);
300 error = copyinstr(uattrname, attrname, sizeof(attrname), NULL);
303 AUDIT_ARG_TEXT(attrname);
305 NDINIT(&nd, LOOKUP, follow | AUDITVNODE1, UIO_USERSPACE, path, td);
309 NDFREE(&nd, NDF_ONLY_PNBUF);
311 error = extattr_set_vp(nd.ni_vp, attrnamespace, attrname, data,
319 * Get a named extended attribute on a file or directory
321 * Arguments: unlocked vnode "vp", attribute namespace "attrnamespace",
322 * kernelspace string pointer "attrname", userspace buffer
323 * pointer "data", buffer length "nbytes", thread "td".
324 * Returns: 0 on success, an error number otherwise
326 * References: vp must be a valid reference for the duration of the call
329 extattr_get_vp(struct vnode *vp, int attrnamespace, const char *attrname,
330 void *data, size_t nbytes, struct thread *td)
332 struct uio auio, *auiop;
338 if (nbytes > IOSIZE_MAX)
341 vn_lock(vp, LK_SHARED | LK_RETRY);
344 * Slightly unusual semantics: if the user provides a NULL data
345 * pointer, they don't want to receive the data, just the maximum
352 aiov.iov_base = data;
353 aiov.iov_len = nbytes;
354 auio.uio_iov = &aiov;
357 auio.uio_resid = nbytes;
358 auio.uio_rw = UIO_READ;
359 auio.uio_segflg = UIO_USERSPACE;
367 error = mac_vnode_check_getextattr(td->td_ucred, vp, attrnamespace,
373 error = VOP_GETEXTATTR(vp, attrnamespace, attrname, auiop, sizep,
377 cnt -= auio.uio_resid;
378 td->td_retval[0] = cnt;
380 td->td_retval[0] = size;
388 #ifndef _SYS_SYSPROTO_H_
389 struct extattr_get_fd_args {
392 const char *attrname;
398 sys_extattr_get_fd(struct thread *td, struct extattr_get_fd_args *uap)
401 char attrname[EXTATTR_MAXNAMELEN + 1];
405 AUDIT_ARG_FD(uap->fd);
406 AUDIT_ARG_VALUE(uap->attrnamespace);
407 error = copyinstr(uap->attrname, attrname, sizeof(attrname), NULL);
410 AUDIT_ARG_TEXT(attrname);
412 error = getvnode(td, uap->fd,
413 cap_rights_init_one(&rights, CAP_EXTATTR_GET), &fp);
417 error = extattr_get_vp(fp->f_vnode, uap->attrnamespace,
418 attrname, uap->data, uap->nbytes, td);
424 #ifndef _SYS_SYSPROTO_H_
425 struct extattr_get_file_args {
428 const char *attrname;
434 sys_extattr_get_file(struct thread *td, struct extattr_get_file_args *uap)
436 return (kern_extattr_get_path(td, uap->path, uap->attrnamespace,
437 uap->attrname, uap->data, uap->nbytes, FOLLOW));
440 #ifndef _SYS_SYSPROTO_H_
441 struct extattr_get_link_args {
444 const char *attrname;
450 sys_extattr_get_link(struct thread *td, struct extattr_get_link_args *uap)
452 return (kern_extattr_get_path(td, uap->path, uap->attrnamespace,
453 uap->attrname, uap->data, uap->nbytes, NOFOLLOW));
457 kern_extattr_get_path(struct thread *td, const char *path, int attrnamespace,
458 const char *uattrname, void *data, size_t nbytes, int follow)
461 char attrname[EXTATTR_MAXNAMELEN + 1];
464 AUDIT_ARG_VALUE(attrnamespace);
465 error = copyinstr(uattrname, attrname, sizeof(attrname), NULL);
468 AUDIT_ARG_TEXT(attrname);
470 NDINIT(&nd, LOOKUP, follow | AUDITVNODE1, UIO_USERSPACE, path, td);
474 NDFREE(&nd, NDF_ONLY_PNBUF);
476 error = extattr_get_vp(nd.ni_vp, attrnamespace, attrname, data,
484 * extattr_delete_vp(): Delete a named extended attribute on a file or
487 * Arguments: unlocked vnode "vp", attribute namespace "attrnamespace",
488 * kernelspace string pointer "attrname", proc "p"
489 * Returns: 0 on success, an error number otherwise
491 * References: vp must be a valid reference for the duration of the call
494 extattr_delete_vp(struct vnode *vp, int attrnamespace, const char *attrname,
500 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
503 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
506 error = mac_vnode_check_deleteextattr(td->td_ucred, vp, attrnamespace,
512 error = VOP_DELETEEXTATTR(vp, attrnamespace, attrname, td->td_ucred,
514 if (error == EOPNOTSUPP)
515 error = VOP_SETEXTATTR(vp, attrnamespace, attrname, NULL,
521 vn_finished_write(mp);
525 #ifndef _SYS_SYSPROTO_H_
526 struct extattr_delete_fd_args {
529 const char *attrname;
533 sys_extattr_delete_fd(struct thread *td, struct extattr_delete_fd_args *uap)
536 char attrname[EXTATTR_MAXNAMELEN + 1];
540 AUDIT_ARG_FD(uap->fd);
541 AUDIT_ARG_VALUE(uap->attrnamespace);
542 error = copyinstr(uap->attrname, attrname, sizeof(attrname), NULL);
545 AUDIT_ARG_TEXT(attrname);
547 error = getvnode(td, uap->fd,
548 cap_rights_init_one(&rights, CAP_EXTATTR_DELETE), &fp);
552 error = extattr_delete_vp(fp->f_vnode, uap->attrnamespace,
558 #ifndef _SYS_SYSPROTO_H_
559 struct extattr_delete_file_args {
562 const char *attrname;
566 sys_extattr_delete_file(struct thread *td, struct extattr_delete_file_args *uap)
569 return (kern_extattr_delete_path(td, uap->path, uap->attrnamespace,
570 uap->attrname, FOLLOW));
573 #ifndef _SYS_SYSPROTO_H_
574 struct extattr_delete_link_args {
577 const char *attrname;
581 sys_extattr_delete_link(struct thread *td, struct extattr_delete_link_args *uap)
584 return (kern_extattr_delete_path(td, uap->path, uap->attrnamespace,
585 uap->attrname, NOFOLLOW));
589 kern_extattr_delete_path(struct thread *td, const char *path, int attrnamespace,
590 const char *uattrname, int follow)
593 char attrname[EXTATTR_MAXNAMELEN + 1];
596 AUDIT_ARG_VALUE(attrnamespace);
597 error = copyinstr(uattrname, attrname, sizeof(attrname), NULL);
600 AUDIT_ARG_TEXT(attrname);
602 NDINIT(&nd, LOOKUP, follow | AUDITVNODE1, UIO_USERSPACE, path, td);
606 NDFREE(&nd, NDF_ONLY_PNBUF);
608 error = extattr_delete_vp(nd.ni_vp, attrnamespace, attrname, td);
614 * Retrieve a list of extended attributes on a file or directory.
616 * Arguments: unlocked vnode "vp", attribute namespace 'attrnamespace",
617 * userspace buffer pointer "data", buffer length "nbytes",
619 * Returns: 0 on success, an error number otherwise
621 * References: vp must be a valid reference for the duration of the call
624 extattr_list_vp(struct vnode *vp, int attrnamespace, void *data,
625 size_t nbytes, struct thread *td)
627 struct uio auio, *auiop;
633 if (nbytes > IOSIZE_MAX)
640 aiov.iov_base = data;
641 aiov.iov_len = nbytes;
642 auio.uio_iov = &aiov;
645 auio.uio_resid = nbytes;
646 auio.uio_rw = UIO_READ;
647 auio.uio_segflg = UIO_USERSPACE;
654 vn_lock(vp, LK_SHARED | LK_RETRY);
657 error = mac_vnode_check_listextattr(td->td_ucred, vp, attrnamespace);
664 error = VOP_LISTEXTATTR(vp, attrnamespace, auiop, sizep,
669 cnt -= auio.uio_resid;
670 td->td_retval[0] = cnt;
672 td->td_retval[0] = size;
676 #ifndef _SYS_SYSPROTO_H_
677 struct extattr_list_fd_args {
685 sys_extattr_list_fd(struct thread *td, struct extattr_list_fd_args *uap)
691 AUDIT_ARG_FD(uap->fd);
692 AUDIT_ARG_VALUE(uap->attrnamespace);
693 error = getvnode(td, uap->fd,
694 cap_rights_init_one(&rights, CAP_EXTATTR_LIST), &fp);
698 error = extattr_list_vp(fp->f_vnode, uap->attrnamespace, uap->data,
705 #ifndef _SYS_SYSPROTO_H_
706 struct extattr_list_file_args {
714 sys_extattr_list_file(struct thread *td, struct extattr_list_file_args *uap)
717 return (kern_extattr_list_path(td, uap->path, uap->attrnamespace,
718 uap->data, uap->nbytes, FOLLOW));
721 #ifndef _SYS_SYSPROTO_H_
722 struct extattr_list_link_args {
730 sys_extattr_list_link(struct thread *td, struct extattr_list_link_args *uap)
733 return (kern_extattr_list_path(td, uap->path, uap->attrnamespace,
734 uap->data, uap->nbytes, NOFOLLOW));
738 kern_extattr_list_path(struct thread *td, const char *path, int attrnamespace,
739 void *data, size_t nbytes, int follow)
744 AUDIT_ARG_VALUE(attrnamespace);
745 NDINIT(&nd, LOOKUP, follow | AUDITVNODE1, UIO_USERSPACE, path, td);
749 NDFREE(&nd, NDF_ONLY_PNBUF);
751 error = extattr_list_vp(nd.ni_vp, attrnamespace, data, nbytes, td);