2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 1999-2001 Robert N. M. Watson
7 * This software was developed by Robert Watson for the TrustedBSD Project.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 #include <sys/cdefs.h>
32 __FBSDID("$FreeBSD$");
34 #include <sys/param.h>
35 #include <sys/systm.h>
36 #include <sys/capsicum.h>
38 #include <sys/mount.h>
39 #include <sys/mutex.h>
40 #include <sys/sysproto.h>
41 #include <sys/fcntl.h>
42 #include <sys/namei.h>
43 #include <sys/filedesc.h>
44 #include <sys/limits.h>
45 #include <sys/vnode.h>
47 #include <sys/extattr.h>
49 #include <security/audit/audit.h>
50 #include <security/mac/mac_framework.h>
52 static int user_extattr_set_path(struct thread *td, const char *path,
53 int attrnamespace, const char *attrname, void *data,
54 size_t nbytes, int follow);
55 static int user_extattr_get_path(struct thread *td, const char *path,
56 int attrnamespace, const char *attrname, void *data,
57 size_t nbytes, int follow);
58 static int user_extattr_delete_path(struct thread *td, const char *path,
59 int attrnamespace, const char *attrname, int follow);
60 static int user_extattr_list_path(struct thread *td, const char *path,
61 int attrnamespace, void *data, size_t nbytes, int follow);
64 * Syscall to push extended attribute configuration information into the VFS.
65 * Accepts a path, which it converts to a mountpoint, as well as a command
66 * (int cmd), and attribute name and misc data.
68 * Currently this is used only by UFS1 extended attributes.
70 #ifndef _SYS_SYSPROTO_H_
71 struct extattrctl_args {
80 sys_extattrctl(struct thread *td, struct extattrctl_args *uap)
82 struct vnode *filename_vp;
84 struct mount *mp, *mp_writable;
85 char attrname[EXTATTR_MAXNAMELEN + 1];
88 AUDIT_ARG_CMD(uap->cmd);
89 AUDIT_ARG_VALUE(uap->attrnamespace);
91 * uap->attrname is not always defined. We check again later when we
92 * invoke the VFS call so as to pass in NULL there if needed.
94 if (uap->attrname != NULL) {
95 error = copyinstr(uap->attrname, attrname, sizeof(attrname),
100 AUDIT_ARG_TEXT(attrname);
104 if (uap->filename != NULL) {
105 NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE2, UIO_USERSPACE,
110 filename_vp = nd.ni_vp;
114 /* uap->path is always defined. */
115 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNODE1, UIO_USERSPACE,
120 mp = nd.ni_vp->v_mount;
121 error = vfs_busy(mp, 0);
128 VOP_UNLOCK(nd.ni_vp);
129 error = vn_start_write(nd.ni_vp, &mp_writable, V_WAIT | V_PCATCH);
134 if (filename_vp != NULL) {
136 * uap->filename is not always defined. If it is,
137 * grab a vnode lock, which VFS_EXTATTRCTL() will
140 error = vn_lock(filename_vp, LK_EXCLUSIVE);
142 vn_finished_write(mp_writable);
147 error = VFS_EXTATTRCTL(mp, uap->cmd, filename_vp, uap->attrnamespace,
148 uap->attrname != NULL ? attrname : NULL);
150 vn_finished_write(mp_writable);
156 * VFS_EXTATTRCTL will have unlocked, but not de-ref'd, filename_vp,
157 * so vrele it if it is defined.
159 if (filename_vp != NULL)
165 * Set a named extended attribute on a file or directory
167 * Arguments: unlocked vnode "vp", attribute namespace "attrnamespace",
168 * kernelspace string pointer "attrname", userspace buffer
169 * pointer "data", buffer length "nbytes", thread "td".
170 * Returns: 0 on success, an error number otherwise
172 * References: vp must be a valid reference for the duration of the call
175 extattr_set_vp(struct vnode *vp, int attrnamespace, const char *attrname,
176 void *data, size_t nbytes, struct thread *td)
184 if (nbytes > IOSIZE_MAX)
187 error = vn_start_write(vp, &mp, V_WAIT | V_PCATCH);
190 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
192 aiov.iov_base = data;
193 aiov.iov_len = nbytes;
194 auio.uio_iov = &aiov;
197 auio.uio_resid = nbytes;
198 auio.uio_rw = UIO_WRITE;
199 auio.uio_segflg = UIO_USERSPACE;
204 error = mac_vnode_check_setextattr(td->td_ucred, vp, attrnamespace,
210 error = VOP_SETEXTATTR(vp, attrnamespace, attrname, &auio,
212 cnt -= auio.uio_resid;
213 td->td_retval[0] = cnt;
219 vn_finished_write(mp);
223 #ifndef _SYS_SYSPROTO_H_
224 struct extattr_set_fd_args {
227 const char *attrname;
233 sys_extattr_set_fd(struct thread *td, struct extattr_set_fd_args *uap)
235 char attrname[EXTATTR_MAXNAMELEN + 1];
238 error = copyinstr(uap->attrname, attrname, sizeof(attrname), NULL);
241 return (kern_extattr_set_fd(td, uap->fd, uap->attrnamespace,
242 attrname, uap->data, uap->nbytes));
246 kern_extattr_set_fd(struct thread *td, int fd, int attrnamespace,
247 const char *attrname, void *data, size_t nbytes)
254 AUDIT_ARG_VALUE(attrnamespace);
255 AUDIT_ARG_TEXT(attrname);
257 error = getvnode_path(td, fd,
258 cap_rights_init_one(&rights, CAP_EXTATTR_SET), &fp);
262 error = extattr_set_vp(fp->f_vnode, attrnamespace,
263 attrname, data, nbytes, td);
269 #ifndef _SYS_SYSPROTO_H_
270 struct extattr_set_file_args {
273 const char *attrname;
279 sys_extattr_set_file(struct thread *td, struct extattr_set_file_args *uap)
282 return (user_extattr_set_path(td, uap->path, uap->attrnamespace,
283 uap->attrname, uap->data, uap->nbytes, FOLLOW));
286 #ifndef _SYS_SYSPROTO_H_
287 struct extattr_set_link_args {
290 const char *attrname;
296 sys_extattr_set_link(struct thread *td, struct extattr_set_link_args *uap)
299 return (user_extattr_set_path(td, uap->path, uap->attrnamespace,
300 uap->attrname, uap->data, uap->nbytes, NOFOLLOW));
304 user_extattr_set_path(struct thread *td, const char *path, int attrnamespace,
305 const char *uattrname, void *data, size_t nbytes, int follow)
307 char attrname[EXTATTR_MAXNAMELEN + 1];
310 error = copyinstr(uattrname, attrname, sizeof(attrname), NULL);
313 return (kern_extattr_set_path(td, path, attrnamespace,
314 attrname, data, nbytes, follow, UIO_USERSPACE));
318 kern_extattr_set_path(struct thread *td, const char *path, int attrnamespace,
319 const char *attrname, void *data, size_t nbytes, int follow,
320 enum uio_seg pathseg)
325 AUDIT_ARG_VALUE(attrnamespace);
326 AUDIT_ARG_TEXT(attrname);
328 NDINIT(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path);
334 error = extattr_set_vp(nd.ni_vp, attrnamespace, attrname, data,
342 * Get a named extended attribute on a file or directory
344 * Arguments: unlocked vnode "vp", attribute namespace "attrnamespace",
345 * kernelspace string pointer "attrname", userspace buffer
346 * pointer "data", buffer length "nbytes", thread "td".
347 * Returns: 0 on success, an error number otherwise
349 * References: vp must be a valid reference for the duration of the call
352 extattr_get_vp(struct vnode *vp, int attrnamespace, const char *attrname,
353 void *data, size_t nbytes, struct thread *td)
355 struct uio auio, *auiop;
361 if (nbytes > IOSIZE_MAX)
364 vn_lock(vp, LK_SHARED | LK_RETRY);
367 * Slightly unusual semantics: if the user provides a NULL data
368 * pointer, they don't want to receive the data, just the maximum
375 aiov.iov_base = data;
376 aiov.iov_len = nbytes;
377 auio.uio_iov = &aiov;
380 auio.uio_resid = nbytes;
381 auio.uio_rw = UIO_READ;
382 auio.uio_segflg = UIO_USERSPACE;
390 error = mac_vnode_check_getextattr(td->td_ucred, vp, attrnamespace,
396 error = VOP_GETEXTATTR(vp, attrnamespace, attrname, auiop, sizep,
400 cnt -= auio.uio_resid;
401 td->td_retval[0] = cnt;
403 td->td_retval[0] = size;
411 #ifndef _SYS_SYSPROTO_H_
412 struct extattr_get_fd_args {
415 const char *attrname;
421 sys_extattr_get_fd(struct thread *td, struct extattr_get_fd_args *uap)
423 char attrname[EXTATTR_MAXNAMELEN + 1];
426 error = copyinstr(uap->attrname, attrname, sizeof(attrname), NULL);
429 return (kern_extattr_get_fd(td, uap->fd, uap->attrnamespace,
430 attrname, uap->data, uap->nbytes));
434 kern_extattr_get_fd(struct thread *td, int fd, int attrnamespace,
435 const char *attrname, void *data, size_t nbytes)
442 AUDIT_ARG_VALUE(attrnamespace);
443 AUDIT_ARG_TEXT(attrname);
445 error = getvnode_path(td, fd,
446 cap_rights_init_one(&rights, CAP_EXTATTR_GET), &fp);
450 error = extattr_get_vp(fp->f_vnode, attrnamespace,
451 attrname, data, nbytes, td);
457 #ifndef _SYS_SYSPROTO_H_
458 struct extattr_get_file_args {
461 const char *attrname;
467 sys_extattr_get_file(struct thread *td, struct extattr_get_file_args *uap)
469 return (user_extattr_get_path(td, uap->path, uap->attrnamespace,
470 uap->attrname, uap->data, uap->nbytes, FOLLOW));
473 #ifndef _SYS_SYSPROTO_H_
474 struct extattr_get_link_args {
477 const char *attrname;
483 sys_extattr_get_link(struct thread *td, struct extattr_get_link_args *uap)
485 return (user_extattr_get_path(td, uap->path, uap->attrnamespace,
486 uap->attrname, uap->data, uap->nbytes, NOFOLLOW));
490 user_extattr_get_path(struct thread *td, const char *path, int attrnamespace,
491 const char *uattrname, void *data, size_t nbytes, int follow)
493 char attrname[EXTATTR_MAXNAMELEN + 1];
496 error = copyinstr(uattrname, attrname, sizeof(attrname), NULL);
499 return (kern_extattr_get_path(td, path, attrnamespace,
500 attrname, data, nbytes, follow, UIO_USERSPACE));
504 kern_extattr_get_path(struct thread *td, const char *path, int attrnamespace,
505 const char *attrname, void *data, size_t nbytes, int follow,
506 enum uio_seg pathseg)
511 AUDIT_ARG_VALUE(attrnamespace);
512 AUDIT_ARG_TEXT(attrname);
514 NDINIT(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path);
520 error = extattr_get_vp(nd.ni_vp, attrnamespace, attrname, data,
528 * extattr_delete_vp(): Delete a named extended attribute on a file or
531 * Arguments: unlocked vnode "vp", attribute namespace "attrnamespace",
532 * kernelspace string pointer "attrname", proc "p"
533 * Returns: 0 on success, an error number otherwise
535 * References: vp must be a valid reference for the duration of the call
538 extattr_delete_vp(struct vnode *vp, int attrnamespace, const char *attrname,
544 error = vn_start_write(vp, &mp, V_WAIT | V_PCATCH);
547 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
550 error = mac_vnode_check_deleteextattr(td->td_ucred, vp, attrnamespace,
556 error = VOP_DELETEEXTATTR(vp, attrnamespace, attrname, td->td_ucred,
558 if (error == EOPNOTSUPP)
559 error = VOP_SETEXTATTR(vp, attrnamespace, attrname, NULL,
565 vn_finished_write(mp);
569 #ifndef _SYS_SYSPROTO_H_
570 struct extattr_delete_fd_args {
573 const char *attrname;
577 sys_extattr_delete_fd(struct thread *td, struct extattr_delete_fd_args *uap)
579 char attrname[EXTATTR_MAXNAMELEN + 1];
582 error = copyinstr(uap->attrname, attrname, sizeof(attrname), NULL);
585 return (kern_extattr_delete_fd(td, uap->fd, uap->attrnamespace,
590 kern_extattr_delete_fd(struct thread *td, int fd, int attrnamespace,
591 const char *attrname)
598 AUDIT_ARG_VALUE(attrnamespace);
599 AUDIT_ARG_TEXT(attrname);
601 error = getvnode_path(td, fd,
602 cap_rights_init_one(&rights, CAP_EXTATTR_DELETE), &fp);
606 error = extattr_delete_vp(fp->f_vnode, attrnamespace,
612 #ifndef _SYS_SYSPROTO_H_
613 struct extattr_delete_file_args {
616 const char *attrname;
620 sys_extattr_delete_file(struct thread *td, struct extattr_delete_file_args *uap)
623 return (user_extattr_delete_path(td, uap->path, uap->attrnamespace,
624 uap->attrname, FOLLOW));
627 #ifndef _SYS_SYSPROTO_H_
628 struct extattr_delete_link_args {
631 const char *attrname;
635 sys_extattr_delete_link(struct thread *td, struct extattr_delete_link_args *uap)
638 return (user_extattr_delete_path(td, uap->path, uap->attrnamespace,
639 uap->attrname, NOFOLLOW));
643 user_extattr_delete_path(struct thread *td, const char *path, int attrnamespace,
644 const char *uattrname, int follow)
646 char attrname[EXTATTR_MAXNAMELEN + 1];
649 error = copyinstr(uattrname, attrname, sizeof(attrname), NULL);
652 return (kern_extattr_delete_path(td, path, attrnamespace,
653 attrname, follow, UIO_USERSPACE));
657 kern_extattr_delete_path(struct thread *td, const char *path, int attrnamespace,
658 const char *attrname, int follow, enum uio_seg pathseg)
663 AUDIT_ARG_VALUE(attrnamespace);
664 AUDIT_ARG_TEXT(attrname);
666 NDINIT(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path);
672 error = extattr_delete_vp(nd.ni_vp, attrnamespace, attrname, td);
678 * Retrieve a list of extended attributes on a file or directory.
680 * Arguments: unlocked vnode "vp", attribute namespace 'attrnamespace",
681 * userspace buffer pointer "data", buffer length "nbytes",
683 * Returns: 0 on success, an error number otherwise
685 * References: vp must be a valid reference for the duration of the call
688 extattr_list_vp(struct vnode *vp, int attrnamespace, struct uio *auiop,
698 if (auiop->uio_resid > IOSIZE_MAX)
700 cnt = auiop->uio_resid;
704 vn_lock(vp, LK_SHARED | LK_RETRY);
707 error = mac_vnode_check_listextattr(td->td_ucred, vp, attrnamespace);
714 error = VOP_LISTEXTATTR(vp, attrnamespace, auiop, sizep,
719 cnt -= auiop->uio_resid;
720 td->td_retval[0] = cnt;
722 td->td_retval[0] = size;
726 #ifndef _SYS_SYSPROTO_H_
727 struct extattr_list_fd_args {
735 sys_extattr_list_fd(struct thread *td, struct extattr_list_fd_args *uap)
737 struct uio auio, *auiop;
740 if (uap->data != NULL) {
741 aiov.iov_base = uap->data;
742 aiov.iov_len = uap->nbytes;
743 auio.uio_iov = &aiov;
746 auio.uio_resid = uap->nbytes;
747 auio.uio_rw = UIO_READ;
748 auio.uio_segflg = UIO_USERSPACE;
754 return (kern_extattr_list_fd(td, uap->fd, uap->attrnamespace,
759 kern_extattr_list_fd(struct thread *td, int fd, int attrnamespace,
767 AUDIT_ARG_VALUE(attrnamespace);
768 error = getvnode_path(td, fd,
769 cap_rights_init_one(&rights, CAP_EXTATTR_LIST), &fp);
773 error = extattr_list_vp(fp->f_vnode, attrnamespace, auiop, td);
779 #ifndef _SYS_SYSPROTO_H_
780 struct extattr_list_file_args {
788 sys_extattr_list_file(struct thread *td, struct extattr_list_file_args *uap)
791 return (user_extattr_list_path(td, uap->path, uap->attrnamespace,
792 uap->data, uap->nbytes, FOLLOW));
795 #ifndef _SYS_SYSPROTO_H_
796 struct extattr_list_link_args {
804 sys_extattr_list_link(struct thread *td, struct extattr_list_link_args *uap)
807 return (user_extattr_list_path(td, uap->path, uap->attrnamespace,
808 uap->data, uap->nbytes, NOFOLLOW));
812 user_extattr_list_path(struct thread *td, const char *path, int attrnamespace,
813 void *data, size_t nbytes, int follow)
815 struct uio auio, *auiop;
819 aiov.iov_base = data;
820 aiov.iov_len = nbytes;
821 auio.uio_iov = &aiov;
824 auio.uio_resid = nbytes;
825 auio.uio_rw = UIO_READ;
826 auio.uio_segflg = UIO_USERSPACE;
832 return (kern_extattr_list_path(td, path, attrnamespace,
833 auiop, follow, UIO_USERSPACE));
837 kern_extattr_list_path(struct thread *td, const char *path, int attrnamespace,
838 struct uio *auiop, int follow, enum uio_seg pathseg)
843 AUDIT_ARG_VALUE(attrnamespace);
844 NDINIT(&nd, LOOKUP, follow | AUDITVNODE1, pathseg, path);
850 error = extattr_list_vp(nd.ni_vp, attrnamespace, auiop, td);