d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Introduce accmode_t. This is required for NFSv4 ACLs - it will be neccessary

Browse Source 
to add more V* constants, and the variables changed by this patch were often
being assigned to mode_t variables, which is 16 bit.

Approved by:	rwatson (mentor)
This commit is contained in:
Edward Tomasz Napierala 2008-10-28 13:44:11 +00:00
parent 9215889d21
commit 15bc6b2bd8
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=184413
55 changed files with 273 additions and 248 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
share/man/man9/VOP_ACCESS.9
View File

@ -39,16 +39,16 @@
.In sys/param.h
.In sys/vnode.h
.Ft int
.Fn VOP_ACCESS "struct vnode *vp" "int mode" "struct ucred *cred" "struct thread *td"
.Fn VOP_ACCESS "struct vnode *vp" "accmode_t accmode" "struct ucred *cred" "struct thread *td"
.Sh DESCRIPTION
This entry point checks the access permissions of the file against the
given credentials.
.Pp
Its arguments are:
.Bl -tag -width mode
.Bl -tag -width accmode
.It Fa vp
The vnode of the file to check.
.It Fa mode
.It Fa accmode
The type of access required.
.It Fa cred
The user credentials to check.
@ -57,8 +57,8 @@ The thread which is checking.
.El
.Pp
The
.Fa mode
is a mask which can contain
.Fa accmode
is a mask which can contain flags described in <sys/vnode.h>, e.g.
.Dv VREAD ,
.Dv VWRITE
or
@ -71,7 +71,7 @@ otherwise an appropriate error code is returned.
.Sh PSEUDOCODE
.Bd -literal
int
vop_access(struct vnode *vp, int mode, struct ucred *cred, struct thread *td)
vop_access(struct vnode *vp, accmode_t accmode, struct ucred *cred, struct thread *td)
{
int error;
@ -80,7 +80,7 @@ vop_access(struct vnode *vp, int mode, struct ucred *cred, struct thread *td)
* unless the file is a socket, fifo, or a block or
* character device resident on the filesystem.
*/
if (mode & VWRITE) {
if (accmode & VWRITE) {
switch (vp->v_type) {
case VDIR:
case VLNK:
@ -93,7 +93,7 @@ vop_access(struct vnode *vp, int mode, struct ucred *cred, struct thread *td)
}
/* If immutable bit set, nobody gets to write it. */
if ((mode & VWRITE) && vp has immutable bit set)
if ((accmode & VWRITE) && vp has immutable bit set)
return EPERM;
/* Otherwise, user id 0 always gets access. */
@ -104,11 +104,11 @@ vop_access(struct vnode *vp, int mode, struct ucred *cred, struct thread *td)
/* Otherwise, check the owner. */
if (cred->cr_uid == owner of vp) {
if (mode & VEXEC)
if (accmode & VEXEC)
mask |= S_IXUSR;
if (mode & VREAD)
if (accmode & VREAD)
mask |= S_IRUSR;
if (mode & VWRITE)
if (accmode & VWRITE)
mask |= S_IWUSR;
return (((mode of vp) & mask) == mask ? 0 : EACCES);
}
@ -116,21 +116,21 @@ vop_access(struct vnode *vp, int mode, struct ucred *cred, struct thread *td)
/* Otherwise, check the groups. */
for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups; i++, gp++)
if (group of vp == *gp) {
if (mode & VEXEC)
if (accmode & VEXEC)
mask |= S_IXGRP;
if (mode & VREAD)
if (accmode & VREAD)
mask |= S_IRGRP;
if (mode & VWRITE)
if (accmode & VWRITE)
mask |= S_IWGRP;
return (((mode of vp) & mask) == mask ? 0 : EACCES);
}
/* Otherwise, check everyone else. */
if (mode & VEXEC)
if (accmode & VEXEC)
mask |= S_IXOTH;
if (mode & VREAD)
if (accmode & VREAD)
mask |= S_IROTH;
if (mode & VWRITE)
if (accmode & VWRITE)
mask |= S_IWOTH;
return (((mode of vp) & mask) == mask ? 0 : EACCES);
}

4
share/man/man9/vaccess.9
View File

@ -40,7 +40,7 @@
.Fa "mode_t file_mode"
.Fa "uid_t file_uid"
.Fa "gid_t file_gid"
.Fa "mode_t acc_mode"
.Fa "accmode_t accmode"
.Fa "struct ucred *cred"
.Fa "int *privused"
.Fc
@ -59,7 +59,7 @@ owning UID
owning GID
.Fa file_gid ,
desired access mode
.Fa acc_mode ,
.Fa accmode ,
requesting credential
.Fa cred ,
and an optional call-by-reference

4
share/man/man9/vaccess_acl_posix1e.9
View File

@ -41,7 +41,7 @@
.Fa "uid_t file_uid"
.Fa "gid_t file_gid"
.Fa "struct acl *acl"
.Fa "mode_t acc_mode"
.Fa "accmode_t accmode"
.Fa "struct ucred *cred"
.Fa "int *privused"
.Fc
@ -59,7 +59,7 @@ owning GID
access ACL for the file
.Fa acl ,
desired access mode
.Fa acc_mode ,
.Fa accmode ,
requesting credential
.Fa cred ,
and an optional call-by-reference

8
sys/cddl/compat/opensolaris/kern/opensolaris_policy.c
View File

@ -91,17 +91,17 @@ secpolicy_vnode_remove(struct ucred *cred)
int
secpolicy_vnode_access(struct ucred *cred, struct vnode *vp, uint64_t owner,
int mode)
accmode_t accmode)
{
if ((mode & VREAD) && priv_check_cred(cred, PRIV_VFS_READ, 0) != 0) {
if ((accmode & VREAD) && priv_check_cred(cred, PRIV_VFS_READ, 0) != 0) {
return (EACCES);
}
if ((mode & VWRITE) &&
if ((accmode & VWRITE) &&
priv_check_cred(cred, PRIV_VFS_WRITE, 0) != 0) {
return (EACCES);
}
if (mode & VEXEC) {
if (accmode & VEXEC) {
if (vp->v_type == VDIR) {
if (priv_check_cred(cred, PRIV_VFS_LOOKUP, 0) != 0) {
return (EACCES);

2
sys/cddl/compat/opensolaris/sys/policy.h
View File

@ -46,7 +46,7 @@ int secpolicy_basic_link(struct ucred *cred);
int secpolicy_vnode_stky_modify(struct ucred *cred);
int secpolicy_vnode_remove(struct ucred *cred);
int secpolicy_vnode_access(struct ucred *cred, struct vnode *vp,
uint64_t owner, int mode);
uint64_t owner, accmode_t accmode);
int secpolicy_vnode_setdac(struct ucred *cred, uid_t owner);
int secpolicy_vnode_setattr(struct ucred *cred, struct vnode *vp,
struct vattr *vap, const struct vattr *ovap, int flags,

6
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c
View File

@ -237,14 +237,14 @@ static int
zfsctl_common_access(ap)
struct vop_access_args /* {
struct vnode *a_vp;
int a_mode;
accmode_t a_accmode;
struct ucred *a_cred;
struct thread *a_td;
} */ *ap;
{
int mode = ap->a_mode;
accmode_t accmode = ap->a_accmode;
if (mode & VWRITE)
if (accmode & VWRITE)
return (EACCES);
return (0);

4
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
View File

@ -3194,13 +3194,13 @@ static int
zfs_freebsd_access(ap)
struct vop_access_args /* {
struct vnode *a_vp;
int a_mode;
accmode_t a_accmode;
struct ucred *a_cred;
struct thread *a_td;
} */ *ap;
{
return (zfs_access(ap->a_vp, ap->a_mode, 0, ap->a_cred));
return (zfs_access(ap->a_vp, ap->a_accmode, 0, ap->a_cred));
}
static int

6
sys/compat/linux/linux_getcwd.c
View File

@ -307,7 +307,7 @@ linux_getcwd_common (lvp, rvp, bpp, bufp, limit, flags, td)
struct vnode *uvp = NULL;
char *bp = NULL;
int error;
int perms = VEXEC;
accmode_t accmode = VEXEC;
if (rvp == NULL) {
rvp = fdp->fd_rdir;
@ -352,10 +352,10 @@ linux_getcwd_common (lvp, rvp, bpp, bufp, limit, flags, td)
* whether or not caller cares.
*/
if (flags & GETCWD_CHECK_ACCESS) {
error = VOP_ACCESS(lvp, perms, td->td_ucred, td);
error = VOP_ACCESS(lvp, accmode, td->td_ucred, td);
if (error)
goto out;
perms = VEXEC|VREAD;
accmode = VEXEC|VREAD;
}
/*

6
sys/fs/cd9660/cd9660_vfsops.c
View File

@ -128,7 +128,7 @@ cd9660_mount(struct mount *mp, struct thread *td)
struct vnode *devvp;
char *fspec;
int error;
mode_t accessmode;
accmode_t accmode;
struct nameidata ndp;
struct iso_mnt *imp = 0;
@ -168,9 +168,9 @@ cd9660_mount(struct mount *mp, struct thread *td)
* Verify that user has necessary permissions on the device,
* or has superuser abilities
*/
accessmode = VREAD;
accmode = VREAD;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td);
error = VOP_ACCESS(devvp, accmode, td->td_ucred, td);
if (error)
error = priv_check(td, PRIV_VFS_MOUNT_PERM);
if (error) {

8
sys/fs/cd9660/cd9660_vnops.c
View File

@ -125,14 +125,14 @@ static int
cd9660_access(ap)
struct vop_access_args /* {
struct vnode *a_vp;
int a_mode;
accmode_t a_accmode;
struct ucred *a_cred;
struct thread *a_td;
} */ *ap;
{
struct vnode *vp = ap->a_vp;
struct iso_node *ip = VTOI(vp);
mode_t mode = ap->a_mode;
accmode_t accmode = ap->a_accmode;
if (vp->v_type == VCHR || vp->v_type == VBLK)
return (EOPNOTSUPP);
@ -142,7 +142,7 @@ cd9660_access(ap)
* fifo, or a block or character device resident on the
* filesystem.
*/
if (mode & VWRITE) {
if (accmode & VWRITE) {
switch (vp->v_type) {
case VDIR:
case VLNK:
@ -155,7 +155,7 @@ cd9660_access(ap)
}
return (vaccess(vp->v_type, ip->inode.iso_mode, ip->inode.iso_uid,
ip->inode.iso_gid, ap->a_mode, ap->a_cred, NULL));
ip->inode.iso_gid, ap->a_accmode, ap->a_cred, NULL));
}
static int

12
sys/fs/coda/coda_vnops.c
View File

@ -607,7 +607,7 @@ coda_access(struct vop_access_args *ap)
/* true args */
struct vnode *vp = ap->a_vp;
struct cnode *cp = VTOC(vp);
int mode = ap->a_mode;
accmode_t accmode = ap->a_accmode;
struct ucred *cred = ap->a_cred;
struct thread *td = ap->a_td;
/* locals */
@ -624,7 +624,7 @@ coda_access(struct vop_access_args *ap)
* Bogus hack - all will be marked as successes.
*/
MARK_INT_SAT(CODA_ACCESS_STATS);
return (((mode & VREAD) && !(mode & (VWRITE | VEXEC)))
return (((accmode & VREAD) && !(accmode & (VWRITE | VEXEC)))
? 0 : EACCES);
}
@ -636,11 +636,11 @@ coda_access(struct vop_access_args *ap)
*/
if (coda_access_cache && VALID_ACCCACHE(cp) &&
(cred->cr_uid == cp->c_cached_uid) &&
(mode & cp->c_cached_mode) == mode) {
(accmode & cp->c_cached_mode) == accmode) {
MARK_INT_SAT(CODA_ACCESS_STATS);
return (0);
}
error = venus_access(vtomi(vp), &cp->c_fid, mode, cred, td->td_proc);
error = venus_access(vtomi(vp), &cp->c_fid, accmode, cred, td->td_proc);
if (error == 0 && coda_access_cache) {
/*-
* When we have a new successful request, we consider three
@ -658,10 +658,10 @@ coda_access(struct vop_access_args *ap)
*/
cp->c_flags |= C_ACCCACHE;
if (cp->c_cached_uid != cred->cr_uid) {
cp->c_cached_mode = mode;
cp->c_cached_mode = accmode;
cp->c_cached_uid = cred->cr_uid;
} else
cp->c_cached_mode |= mode;
cp->c_cached_mode |= accmode;
}
return (error);
}

2
sys/fs/devfs/devfs_vnops.c
View File

@ -372,7 +372,7 @@ devfs_access(struct vop_access_args *ap)
de = de->de_dir;
error = vaccess(vp->v_type, de->de_mode, de->de_uid, de->de_gid,
ap->a_mode, ap->a_cred, NULL);
ap->a_accmode, ap->a_cred, NULL);
if (!error)
return (error);
if (error != EACCES)

8
sys/fs/hpfs/hpfs_vnops.c
View File

@ -683,14 +683,14 @@ int
hpfs_access(ap)
struct vop_access_args /* {
struct vnode *a_vp;
int a_mode;
accmode_t a_accmode;
struct ucred *a_cred;
struct thread *a_td;
} */ *ap;
{
struct vnode *vp = ap->a_vp;
struct hpfsnode *hp = VTOHP(vp);
mode_t mode = ap->a_mode;
accmode_t accmode = ap->a_accmode;
dprintf(("hpfs_access(0x%x):\n", hp->h_no));
@ -699,7 +699,7 @@ hpfs_access(ap)
* unless the file is a socket, fifo, or a block or
* character device resident on the filesystem.
*/
if (mode & VWRITE) {
if (accmode & VWRITE) {
switch ((int)vp->v_type) {
case VDIR:
case VLNK:
@ -711,7 +711,7 @@ hpfs_access(ap)
}
return (vaccess(vp->v_type, hp->h_mode, hp->h_uid, hp->h_gid,
ap->a_mode, ap->a_cred, NULL));
ap->a_accmode, ap->a_cred, NULL));
}
/*

8
sys/fs/msdosfs/msdosfs_vfsops.c
View File

@ -240,7 +240,7 @@ msdosfs_mount(struct mount *mp, struct thread *td)
struct msdosfsmount *pmp = NULL;
struct nameidata ndp;
int error, flags;
mode_t accessmode;
accmode_t accmode;
char *from;
if (vfs_filteropt(mp->mnt_optnew, msdosfs_opts))
@ -363,10 +363,10 @@ msdosfs_mount(struct mount *mp, struct thread *td)
* If mount by non-root, then verify that user has necessary
* permissions on the device.
*/
accessmode = VREAD;
accmode = VREAD;
if ((mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td);
accmode |= VWRITE;
error = VOP_ACCESS(devvp, accmode, td->td_ucred, td);
if (error)
error = priv_check(td, PRIV_VFS_MOUNT_PERM);
if (error) {

9
sys/fs/msdosfs/msdosfs_vnops.c
View File

@ -249,7 +249,7 @@ static int
msdosfs_access(ap)
struct vop_access_args /* {
struct vnode *a_vp;
int a_mode;
accmode_t a_accmode;
struct ucred *a_cred;
struct thread *a_td;
} */ *ap;
@ -257,7 +257,8 @@ msdosfs_access(ap)
struct vnode *vp = ap->a_vp;
struct denode *dep = VTODE(ap->a_vp);
struct msdosfsmount *pmp = dep->de_pmp;
mode_t file_mode, mode = ap->a_mode;
mode_t file_mode;
accmode_t accmode = ap->a_accmode;
file_mode = (S_IXUSR|S_IXGRP|S_IXOTH) | (S_IRUSR|S_IRGRP|S_IROTH) |
((dep->de_Attributes & ATTR_READONLY) ? 0 : (S_IWUSR|S_IWGRP|S_IWOTH));
@ -267,7 +268,7 @@ msdosfs_access(ap)
* Disallow writing to directories and regular files if the
* filesystem is read-only.
*/
if (mode & VWRITE) {
if (accmode & VWRITE) {
switch (vp->v_type) {
case VDIR:
case VREG:
@ -280,7 +281,7 @@ msdosfs_access(ap)
}
return (vaccess(vp->v_type, file_mode, pmp->pm_uid, pmp->pm_gid,
ap->a_mode, ap->a_cred, NULL));
ap->a_accmode, ap->a_cred, NULL));
}
static int

8
sys/fs/ntfs/ntfs_vnops.c
View File

@ -386,14 +386,14 @@ int
ntfs_access(ap)
struct vop_access_args /* {
struct vnode *a_vp;
int a_mode;
accmode_t a_accmode;
struct ucred *a_cred;
struct thread *a_td;
} */ *ap;
{
struct vnode *vp = ap->a_vp;
struct ntnode *ip = VTONT(vp);
mode_t mode = ap->a_mode;
accmode_t accmode = ap->a_accmode;
#ifdef QUOTA
int error;
#endif
@ -405,7 +405,7 @@ ntfs_access(ap)
* unless the file is a socket, fifo, or a block or
* character device resident on the filesystem.
*/
if (mode & VWRITE) {
if (accmode & VWRITE) {
switch ((int)vp->v_type) {
case VDIR:
case VLNK:
@ -421,7 +421,7 @@ ntfs_access(ap)
}
return (vaccess(vp->v_type, ip->i_mp->ntm_mode, ip->i_mp->ntm_uid,
ip->i_mp->ntm_gid, ap->a_mode, ap->a_cred, NULL));
ip->i_mp->ntm_gid, ap->a_accmode, ap->a_cred, NULL));
}
/*

4
sys/fs/nullfs/null_vnops.c
View File

@ -451,14 +451,14 @@ static int
null_access(struct vop_access_args *ap)
{
struct vnode *vp = ap->a_vp;
mode_t mode = ap->a_mode;
accmode_t accmode = ap->a_accmode;
/*
* Disallow write attempts on read-only layers;
* unless the file is a socket, fifo, or a block or
* character device resident on the filesystem.
*/
if (mode & VWRITE) {
if (accmode & VWRITE) {
switch (vp->v_type) {
case VDIR:
case VLNK:

6
sys/fs/nwfs/nwfs_vnops.c
View File

@ -121,7 +121,7 @@ static int
nwfs_access(ap)
struct vop_access_args /* {
struct vnode *a_vp;
int a_mode;
accmode_t a_accmode;
struct ucred *a_cred;
struct thread *td;
} */ *ap;
@ -131,7 +131,7 @@ nwfs_access(ap)
struct nwmount *nmp = VTONWFS(vp);
NCPVNDEBUG("\n");
if ((ap->a_mode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) {
if ((ap->a_accmode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) {
switch (vp->v_type) {
case VREG: case VDIR: case VLNK:
return (EROFS);
@ -142,7 +142,7 @@ nwfs_access(ap)
mpmode = vp->v_type == VREG ? nmp->m.file_mode :
nmp->m.dir_mode;
return (vaccess(vp->v_type, mpmode, nmp->m.uid,
nmp->m.gid, ap->a_mode, ap->a_cred, NULL));
nmp->m.gid, ap->a_accmode, ap->a_cred, NULL));
}
/*
* nwfs_open vnode op

2
sys/fs/pseudofs/pseudofs_vnops.c
View File

@ -132,7 +132,7 @@ pfs_access(struct vop_access_args *va)
if (error)
PFS_RETURN (error);
error = vaccess(vn->v_type, vattr.va_mode, vattr.va_uid,
vattr.va_gid, va->a_mode, va->a_cred, NULL);
vattr.va_gid, va->a_accmode, va->a_cred, NULL);
PFS_RETURN (error);
}

8
sys/fs/smbfs/smbfs_vnops.c
View File

@ -123,18 +123,18 @@ static int
smbfs_access(ap)
struct vop_access_args /* {
struct vnode *a_vp;
int a_mode;
accmode_t a_accmode;
struct ucred *a_cred;
struct thread *a_td;
} */ *ap;
{
struct vnode *vp = ap->a_vp;
mode_t mode = ap->a_mode;
accmode_t accmode = ap->a_accmode;
mode_t mpmode;
struct smbmount *smp = VTOSMBFS(vp);
SMBVDEBUG("\n");
if ((mode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) {
if ((accmode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) {
switch (vp->v_type) {
case VREG: case VDIR: case VLNK:
return EROFS;
@ -144,7 +144,7 @@ smbfs_access(ap)
}
mpmode = vp->v_type == VREG ? smp->sm_file_mode : smp->sm_dir_mode;
return (vaccess(vp->v_type, mpmode, smp->sm_uid,
smp->sm_gid, ap->a_mode, ap->a_cred, NULL));
smp->sm_gid, ap->a_accmode, ap->a_cred, NULL));
}
/* ARGSUSED */

8
sys/fs/tmpfs/tmpfs_vnops.c
View File

@ -282,7 +282,7 @@ int
tmpfs_access(struct vop_access_args *v)
{
struct vnode *vp = v->a_vp;
int mode = v->a_mode;
accmode_t accmode = v->a_accmode;
struct ucred *cred = v->a_cred;
int error;
@ -298,7 +298,7 @@ tmpfs_access(struct vop_access_args *v)
case VLNK:
/* FALLTHROUGH */
case VREG:
if (mode & VWRITE && vp->v_mount->mnt_flag & MNT_RDONLY) {
if (accmode & VWRITE && vp->v_mount->mnt_flag & MNT_RDONLY) {
error = EROFS;
goto out;
}
@ -318,13 +318,13 @@ tmpfs_access(struct vop_access_args *v)
goto out;
}
if (mode & VWRITE && node->tn_flags & IMMUTABLE) {
if (accmode & VWRITE && node->tn_flags & IMMUTABLE) {
error = EPERM;
goto out;
}
error = vaccess(vp->v_type, node->tn_mode, node->tn_uid,
node->tn_gid, mode, cred, NULL);
node->tn_gid, accmode, cred, NULL);
out:
MPASS(VOP_ISLOCKED(vp));

9
sys/fs/udf/udf_vnops.c
View File

@ -139,13 +139,14 @@ udf_access(struct vop_access_args *a)
{
struct vnode *vp;
struct udf_node *node;
mode_t a_mode, mode;
accmode_t accmode;
mode_t mode;
vp = a->a_vp;
node = VTON(vp);
a_mode = a->a_mode;
accmode = a->a_accmode;
if (a_mode & VWRITE) {
if (accmode & VWRITE) {
switch (vp->v_type) {
case VDIR:
case VLNK:
@ -160,7 +161,7 @@ udf_access(struct vop_access_args *a)
mode = udf_permtomode(node);
return (vaccess(vp->v_type, mode, node->fentry->uid, node->fentry->gid,
a_mode, a->a_cred, NULL));
accmode, a->a_cred, NULL));
}
static int

38
sys/fs/unionfs/union_vnops.c
View File

@ -583,7 +583,7 @@ unionfs_close(struct vop_close_args *ap)
* Check the access mode toward shadow file/dir.
*/
static int
unionfs_check_corrected_access(u_short mode,
unionfs_check_corrected_access(accmode_t accmode,
struct vattr *va,
struct ucred *cred)
{
@ -601,11 +601,11 @@ unionfs_check_corrected_access(u_short mode,
/* check owner */
if (cred->cr_uid == uid) {
if (mode & VEXEC)
if (accmode & VEXEC)
mask |= S_IXUSR;
if (mode & VREAD)
if (accmode & VREAD)
mask |= S_IRUSR;
if (mode & VWRITE)
if (accmode & VWRITE)
mask |= S_IWUSR;
return ((vmode & mask) == mask ? 0 : EACCES);
}
@ -615,22 +615,22 @@ unionfs_check_corrected_access(u_short mode,
gp = cred->cr_groups;
for (; count < cred->cr_ngroups; count++, gp++) {
if (gid == *gp) {
if (mode & VEXEC)
if (accmode & VEXEC)
mask |= S_IXGRP;
if (mode & VREAD)
if (accmode & VREAD)
mask |= S_IRGRP;
if (mode & VWRITE)
if (accmode & VWRITE)
mask |= S_IWGRP;
return ((vmode & mask) == mask ? 0 : EACCES);
}
}
/* check other */
if (mode & VEXEC)
if (accmode & VEXEC)
mask |= S_IXOTH;
if (mode & VREAD)
if (accmode & VREAD)
mask |= S_IROTH;
if (mode & VWRITE)
if (accmode & VWRITE)
mask |= S_IWOTH;
return ((vmode & mask) == mask ? 0 : EACCES);
@ -645,7 +645,7 @@ unionfs_access(struct vop_access_args *ap)
struct vnode *lvp;
struct thread *td;
struct vattr va;
int mode;
accmode_t accmode;
int error;
UNIONFS_INTERNAL_DEBUG("unionfs_access: enter\n");
@ -655,10 +655,10 @@ unionfs_access(struct vop_access_args *ap)
uvp = unp->un_uppervp;
lvp = unp->un_lowervp;
td = ap->a_td;
mode = ap->a_mode;
accmode = ap->a_accmode;
error = EACCES;
if ((mode & VWRITE) &&
if ((accmode & VWRITE) &&
(ap->a_vp->v_mount->mnt_flag & MNT_RDONLY)) {
switch (ap->a_vp->v_type) {
case VREG:
@ -671,7 +671,7 @@ unionfs_access(struct vop_access_args *ap)
}
if (uvp != NULLVP) {
error = VOP_ACCESS(uvp, mode, ap->a_cred, td);
error = VOP_ACCESS(uvp, accmode, ap->a_cred, td);
UNIONFS_INTERNAL_DEBUG("unionfs_access: leave (%d)\n", error);
@ -679,7 +679,7 @@ unionfs_access(struct vop_access_args *ap)
}
if (lvp != NULLVP) {
if (mode & VWRITE) {
if (accmode & VWRITE) {
if (ump->um_uppervp->v_mount->mnt_flag & MNT_RDONLY) {
switch (ap->a_vp->v_type) {
case VREG:
@ -698,15 +698,15 @@ unionfs_access(struct vop_access_args *ap)
return (error);
error = unionfs_check_corrected_access(
mode, &va, ap->a_cred);
accmode, &va, ap->a_cred);
if (error != 0)
return (error);
}
}
mode &= ~VWRITE;
mode |= VREAD; /* will copy to upper */
accmode &= ~VWRITE;
accmode |= VREAD; /* will copy to upper */
}
error = VOP_ACCESS(lvp, mode, ap->a_cred, td);
error = VOP_ACCESS(lvp, accmode, ap->a_cred, td);
}
UNIONFS_INTERNAL_DEBUG("unionfs_access: leave (%d)\n", error);

8
sys/gnu/fs/ext2fs/ext2_vfsops.c
View File

@ -137,7 +137,7 @@ ext2_mount(mp, td)
struct ext2_sb_info *fs;
char *path, *fspec;
int error, flags, len;
mode_t accessmode;
accmode_t accmode;
struct nameidata nd, *ndp = &nd;
opts = mp->mnt_optnew;
@ -265,10 +265,10 @@ ext2_mount(mp, td)
*
* XXXRW: VOP_ACCESS() enough?
*/
accessmode = VREAD;
accmode = VREAD;
if ((mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td);
accmode |= VWRITE;
error = VOP_ACCESS(devvp, accmode, td->td_ucred, td);
if (error)
error = priv_check(td, PRIV_VFS_MOUNT_PERM);
if (error) {

10
sys/gnu/fs/ext2fs/ext2_vnops.c
View File

@ -283,14 +283,14 @@ static int
ext2_access(ap)
struct vop_access_args /* {
struct vnode *a_vp;
int a_mode;
accmode_t a_accmode;
struct ucred *a_cred;
struct thread *a_td;
} */ *ap;
{
struct vnode *vp = ap->a_vp;
struct inode *ip = VTOI(vp);
mode_t mode = ap->a_mode;
accmode_t accmode = ap->a_accmode;
int error;
if (vp->v_type == VBLK || vp->v_type == VCHR)
@ -301,7 +301,7 @@ ext2_access(ap)
* unless the file is a socket, fifo, or a block or
* character device resident on the file system.
*/
if (mode & VWRITE) {
if (accmode & VWRITE) {
switch (vp->v_type) {
case VDIR:
case VLNK:
@ -315,11 +315,11 @@ ext2_access(ap)
}
/* If immutable bit set, nobody gets to write it. */
if ((mode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT)))
if ((accmode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT)))
return (EPERM);
error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid,
ap->a_mode, ap->a_cred, NULL);
ap->a_accmode, ap->a_cred, NULL);
return (error);
}

8
sys/gnu/fs/reiserfs/reiserfs_vfsops.c
View File

@ -74,7 +74,7 @@ reiserfs_mount(struct mount *mp, struct thread *td)
{
size_t size;
int error, len;
mode_t accessmode;
accmode_t accmode;
char *path, *fspec;
struct vnode *devvp;
struct vfsoptlist *opts;
@ -124,10 +124,10 @@ reiserfs_mount(struct mount *mp, struct thread *td)
/* If mount by non-root, then verify that user has necessary
* permissions on the device. */
accessmode = VREAD;
accmode = VREAD;
if ((mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td);
accmode |= VWRITE;
error = VOP_ACCESS(devvp, accmode, td->td_ucred, td);
if (error)
error = priv_check(td, PRIV_VFS_MOUNT_PERM);
if (error) {

8
sys/gnu/fs/reiserfs/reiserfs_vnops.c
View File

@ -57,14 +57,14 @@ reiserfs_access(struct vop_access_args *ap)
int error;
struct vnode *vp = ap->a_vp;
struct reiserfs_node *ip = VTOI(vp);
mode_t mode = ap->a_mode;
accmode_t accmode = ap->a_accmode;
/*
* Disallow write attempts on read-only file systems; unless the file
* is a socket, fifo, or a block or character device resident on the
* file system.
*/
if (mode & VWRITE) {
if (accmode & VWRITE) {
switch (vp->v_type) {
case VDIR:
case VLNK:
@ -81,13 +81,13 @@ reiserfs_access(struct vop_access_args *ap)
}
/* If immutable bit set, nobody gets to write it. */
if ((mode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) {
if ((accmode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) {
reiserfs_log(LOG_DEBUG, "no write access (immutable)\n");
return (EPERM);
}
error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid,
ap->a_mode, ap->a_cred, NULL);
ap->a_accmode, ap->a_cred, NULL);
return (error);
}

8
sys/gnu/fs/xfs/FreeBSD/xfs_super.c
View File

@ -133,7 +133,7 @@ xfs_blkdev_get(
struct vnode *devvp;
struct g_consumer *cp;
struct g_provider *pp;
mode_t accessmode;
accmode_t accmode;
td = curthread;
@ -151,10 +151,10 @@ xfs_blkdev_get(
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
ronly = ((XFS_MTOVFS(mp)->vfs_flag & VFS_RDONLY) != 0);
accessmode = VREAD;
accmode = VREAD;
if (!ronly)
accessmode |= VWRITE;
error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td);
accmode |= VWRITE;
error = VOP_ACCESS(devvp, accmode, td->td_ucred, td);
if (error)
error = priv_check(td, PRIV_VFS_MOUNT_PERM);
if (error) {

4
sys/gnu/fs/xfs/FreeBSD/xfs_vnops.c
View File

@ -180,14 +180,14 @@ static int
_xfs_access(
struct vop_access_args /* {
struct vnode *a_vp;
int a_mode;
accmode_t a_accmode;
struct ucred *a_cred;
struct thread *a_td;
} */ *ap)
{
int error;
XVOP_ACCESS(VPTOXFSVP(ap->a_vp), ap->a_mode, ap->a_cred, error);
XVOP_ACCESS(VPTOXFSVP(ap->a_vp), ap->a_accmode, ap->a_cred, error);
return (error);
}

8
sys/kern/subr_acl_posix1e.c
View File

@ -53,12 +53,12 @@ __FBSDID("$FreeBSD$");
*/
int
vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
struct acl *acl, mode_t acc_mode, struct ucred *cred, int *privused)
struct acl *acl, accmode_t acc_mode, struct ucred *cred, int *privused)
{
struct acl_entry *acl_other, *acl_mask;
mode_t dac_granted;
mode_t priv_granted;
mode_t acl_mask_granted;
accmode_t dac_granted;
accmode_t priv_granted;
accmode_t acl_mask_granted;
int group_matched, i;
/*

12
sys/kern/uipc_mqueue.c
View File

@ -1120,7 +1120,7 @@ mqfs_close(struct vop_close_args *ap)
struct vop_access_args {
struct vop_generic_args a_gen;
struct vnode *a_vp;
int a_mode;
accmode_t a_accmode;
struct ucred *a_cred;
struct thread *a_td;
};
@ -1140,7 +1140,7 @@ mqfs_access(struct vop_access_args *ap)
if (error)
return (error);
error = vaccess(vp->v_type, vattr.va_mode, vattr.va_uid,
vattr.va_gid, ap->a_mode, ap->a_cred, NULL);
vattr.va_gid, ap->a_accmode, ap->a_cred, NULL);
return (error);
}
@ -2003,14 +2003,14 @@ kmq_open(struct thread *td, struct kmq_open_args *uap)
if ((flags & (O_CREAT | O_EXCL)) == (O_CREAT | O_EXCL)) {
error = EEXIST;
} else {
int acc_mode = 0;
accmode_t accmode = 0;
if (flags & FREAD)
acc_mode |= VREAD;
accmode |= VREAD;
if (flags & FWRITE)
acc_mode |= VWRITE;
accmode |= VWRITE;
error = vaccess(VREG, pn->mn_mode, pn->mn_uid,
pn->mn_gid, acc_mode, td->td_ucred, NULL);
pn->mn_gid, accmode, td->td_ucred, NULL);
}
}

10
sys/kern/uipc_shm.c
View File

@ -367,15 +367,15 @@ shm_drop(struct shmfd *shmfd)
static int
shm_access(struct shmfd *shmfd, struct ucred *ucred, int flags)
{
int acc_mode;
accmode_t accmode;
acc_mode = 0;
accmode = 0;
if (flags & FREAD)
acc_mode |= VREAD;
accmode |= VREAD;
if (flags & FWRITE)
acc_mode |= VWRITE;
accmode |= VWRITE;
return (vaccess(VREG, shmfd->shm_mode, shmfd->shm_uid, shmfd->shm_gid,
acc_mode, ucred, NULL));
accmode, ucred, NULL));
}
/*

30
sys/kern/vfs_subr.c
View File

@ -3459,10 +3459,10 @@ vn_isdisk(struct vnode *vp, int *errp)
*/
int
vaccess(enum vtype type, mode_t file_mode, uid_t file_uid, gid_t file_gid,
mode_t acc_mode, struct ucred *cred, int *privused)
accmode_t accmode, struct ucred *cred, int *privused)
{
mode_t dac_granted;
mode_t priv_granted;
accmode_t dac_granted;
accmode_t priv_granted;
/*
* Look for a normal, non-privileged way to access the file/directory
@ -3484,7 +3484,7 @@ vaccess(enum vtype type, mode_t file_mode, uid_t file_uid, gid_t file_gid,
if (file_mode & S_IWUSR)
dac_granted |= (VWRITE | VAPPEND);
if ((acc_mode & dac_granted) == acc_mode)
if ((accmode & dac_granted) == accmode)
return (0);
goto privcheck;
@ -3499,7 +3499,7 @@ vaccess(enum vtype type, mode_t file_mode, uid_t file_uid, gid_t file_gid,
if (file_mode & S_IWGRP)
dac_granted |= (VWRITE | VAPPEND);
if ((acc_mode & dac_granted) == acc_mode)
if ((accmode & dac_granted) == accmode)
return (0);
goto privcheck;
@ -3512,7 +3512,7 @@ vaccess(enum vtype type, mode_t file_mode, uid_t file_uid, gid_t file_gid,
dac_granted |= VREAD;
if (file_mode & S_IWOTH)
dac_granted |= (VWRITE | VAPPEND);
if ((acc_mode & dac_granted) == acc_mode)
if ((accmode & dac_granted) == accmode)
return (0);
privcheck:
@ -3529,35 +3529,35 @@ vaccess(enum vtype type, mode_t file_mode, uid_t file_uid, gid_t file_gid,
* For directories, use PRIV_VFS_LOOKUP to satisfy VEXEC
* requests, instead of PRIV_VFS_EXEC.
*/
if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
if ((accmode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
!priv_check_cred(cred, PRIV_VFS_LOOKUP, 0))
priv_granted |= VEXEC;
} else {
if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
if ((accmode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
!priv_check_cred(cred, PRIV_VFS_EXEC, 0))
priv_granted |= VEXEC;
}
if ((acc_mode & VREAD) && ((dac_granted & VREAD) == 0) &&
if ((accmode & VREAD) && ((dac_granted & VREAD) == 0) &&
!priv_check_cred(cred, PRIV_VFS_READ, 0))
priv_granted |= VREAD;
if ((acc_mode & VWRITE) && ((dac_granted & VWRITE) == 0) &&
if ((accmode & VWRITE) && ((dac_granted & VWRITE) == 0) &&
!priv_check_cred(cred, PRIV_VFS_WRITE, 0))
priv_granted |= (VWRITE | VAPPEND);
if ((acc_mode & VADMIN) && ((dac_granted & VADMIN) == 0) &&
if ((accmode & VADMIN) && ((dac_granted & VADMIN) == 0) &&
!priv_check_cred(cred, PRIV_VFS_ADMIN, 0))
priv_granted |= VADMIN;
if ((acc_mode & (priv_granted | dac_granted)) == acc_mode) {
if ((accmode & (priv_granted | dac_granted)) == accmode) {
/* XXX audit: privilege used */
if (privused != NULL)
*privused = 1;
return (0);
}
return ((acc_mode & VADMIN) ? EPERM : EACCES);
return ((accmode & VADMIN) ? EPERM : EACCES);
}
/*
@ -3566,7 +3566,7 @@ vaccess(enum vtype type, mode_t file_mode, uid_t file_uid, gid_t file_gid,
*/
int
extattr_check_cred(struct vnode *vp, int attrnamespace, struct ucred *cred,
struct thread *td, int access)
struct thread *td, accmode_t accmode)
{
/*
@ -3584,7 +3584,7 @@ extattr_check_cred(struct vnode *vp, int attrnamespace, struct ucred *cred,
/* Potentially should be: return (EPERM); */
return (priv_check_cred(cred, PRIV_VFS_EXTATTR_SYSTEM, 0));
case EXTATTR_NAMESPACE_USER:
return (VOP_ACCESS(vp, access, cred, td));
return (VOP_ACCESS(vp, accmode, cred, td));
default:
return (EPERM);
}

34
sys/kern/vfs_syscalls.c
View File

@ -2032,25 +2032,26 @@ vn_access(vp, user_flags, cred, td)
struct ucred *cred;
struct thread *td;
{
int error, flags;
int error;
accmode_t accmode;
/* Flags == 0 means only check for existence. */
error = 0;
if (user_flags) {
flags = 0;
accmode = 0;
if (user_flags & R_OK)
flags |= VREAD;
accmode |= VREAD;
if (user_flags & W_OK)
flags |= VWRITE;
accmode |= VWRITE;
if (user_flags & X_OK)
flags |= VEXEC;
accmode |= VEXEC;
#ifdef MAC
error = mac_vnode_check_access(cred, vp, flags);
error = mac_vnode_check_access(cred, vp, accmode);
if (error)
return (error);
#endif
if ((flags & VWRITE) == 0 || (error = vn_writechk(vp)) == 0)
error = VOP_ACCESS(vp, flags, cred, td);
if ((accmode & VWRITE) == 0 || (error = vn_writechk(vp)) == 0)
error = VOP_ACCESS(vp, accmode, cred, td);
}
return (error);
}
@ -4349,7 +4350,8 @@ fhopen(td, uap)
struct flock lf;
struct file *fp;
register struct filedesc *fdp = p->p_fd;
int fmode, mode, error, type;
int fmode, error, type;
accmode_t accmode;
struct file *nfp;
int vfslocked;
int indx;
@ -4391,7 +4393,7 @@ fhopen(td, uap)
error = EOPNOTSUPP;
goto bad;
}
mode = 0;
accmode = 0;
if (fmode & (FWRITE | O_TRUNC)) {
if (vp->v_type == VDIR) {
error = EISDIR;
@ -4400,19 +4402,19 @@ fhopen(td, uap)
error = vn_writechk(vp);
if (error)
goto bad;
mode |= VWRITE;
accmode |= VWRITE;
}
if (fmode & FREAD)
mode |= VREAD;
accmode |= VREAD;
if (fmode & O_APPEND)
mode |= VAPPEND;
accmode |= VAPPEND;
#ifdef MAC
error = mac_vnode_check_open(td->td_ucred, vp, mode);
error = mac_vnode_check_open(td->td_ucred, vp, accmode);
if (error)
goto bad;
#endif
if (mode) {
error = VOP_ACCESS(vp, mode, td->td_ucred, td);
if (accmode) {
error = VOP_ACCESS(vp, accmode, td->td_ucred, td);
if (error)
goto bad;
}

21
sys/kern/vfs_vnops.c
View File

@ -115,7 +115,8 @@ vn_open_cred(ndp, flagp, cmode, cred, fp)
struct thread *td = ndp->ni_cnd.cn_thread;
struct vattr vat;
struct vattr *vap = &vat;
int mode, fmode, error;
int fmode, error;
accmode_t accmode;
int vfslocked, mpsafe;
mpsafe = ndp->ni_cnd.cn_flags & MPSAFE;
@ -202,33 +203,33 @@ vn_open_cred(ndp, flagp, cmode, cred, fp)
error = EOPNOTSUPP;
goto bad;
}
mode = 0;
accmode = 0;
if (fmode & (FWRITE | O_TRUNC)) {
if (vp->v_type == VDIR) {
error = EISDIR;
goto bad;
}
mode |= VWRITE;
accmode |= VWRITE;
}
if (fmode & FREAD)
mode |= VREAD;
accmode |= VREAD;
if (fmode & FEXEC)
mode |= VEXEC;
accmode |= VEXEC;
if (fmode & O_APPEND)
mode |= VAPPEND;
accmode |= VAPPEND;
#ifdef MAC
error = mac_vnode_check_open(cred, vp, mode);
error = mac_vnode_check_open(cred, vp, accmode);
if (error)
goto bad;
#endif
if ((fmode & O_CREAT) == 0) {
if (mode & VWRITE) {
if (accmode & VWRITE) {
error = vn_writechk(vp);
if (error)
goto bad;
}
if (mode) {
error = VOP_ACCESS(vp, mode, cred, td);
if (accmode) {
error = VOP_ACCESS(vp, accmode, cred, td);
if (error)
goto bad;
}

2
sys/kern/vnode_if.src
View File

@ -147,7 +147,7 @@ vop_close {
vop_access {
IN struct vnode *vp;
IN int mode;
IN accmode_t accmode;
IN struct ucred *cred;
IN struct thread *td;
};

22
sys/nfs4client/nfs4_vnops.c
View File

@ -301,7 +301,7 @@ nfs4_access(struct vop_access_args *ap)
* unless the file is a socket, fifo, or a block or character
* device resident on the filesystem.
*/
if ((ap->a_mode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) {
if ((ap->a_accmode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) {
switch (vp->v_type) {
case VREG:
case VDIR:
@ -321,20 +321,20 @@ nfs4_access(struct vop_access_args *ap)
*/
/* XXX Disable this for now; needs fixing of _access_otw() */
if (0 && v3) {
if (ap->a_mode & VREAD)
if (ap->a_accmode & VREAD)
mode = NFSV3ACCESS_READ;
else
mode = 0;
if (vp->v_type != VDIR) {
if (ap->a_mode & VWRITE)
if (ap->a_accmode & VWRITE)
mode |= (NFSV3ACCESS_MODIFY | NFSV3ACCESS_EXTEND);
if (ap->a_mode & VEXEC)
if (ap->a_accmode & VEXEC)
mode |= NFSV3ACCESS_EXECUTE;
} else {
if (ap->a_mode & VWRITE)
if (ap->a_accmode & VWRITE)
mode |= (NFSV3ACCESS_MODIFY | NFSV3ACCESS_EXTEND |
NFSV3ACCESS_DELETE);
if (ap->a_mode & VEXEC)
if (ap->a_accmode & VEXEC)
mode |= NFSV3ACCESS_LOOKUP;
}
/* XXX safety belt, only make blanket request if caching */
@ -370,16 +370,16 @@ nfs4_access(struct vop_access_args *ap)
}
/* XXX use generic access code here? */
mode = ap->a_mode & VREAD ? NFSV4ACCESS_READ : 0;
mode = ap->a_accmode & VREAD ? NFSV4ACCESS_READ : 0;
if (vp->v_type == VDIR) {
if (ap->a_mode & VWRITE)
if (ap->a_accmode & VWRITE)
mode |= NFSV4ACCESS_MODIFY | NFSV4ACCESS_EXTEND | NFSV4ACCESS_DELETE;
if (ap->a_mode & VEXEC)
if (ap->a_accmode & VEXEC)
mode |= NFSV4ACCESS_LOOKUP;
} else {
if (ap->a_mode & VWRITE)
if (ap->a_accmode & VWRITE)
mode |= NFSV4ACCESS_MODIFY | NFSV4ACCESS_EXTEND;
if (ap->a_mode & VEXEC)
if (ap->a_accmode & VEXEC)
mode |= NFSV4ACCESS_EXECUTE;
}

20
sys/nfsclient/nfs_vnops.c
View File

@ -318,7 +318,7 @@ nfs_access(struct vop_access_args *ap)
* unless the file is a socket, fifo, or a block or character
* device resident on the filesystem.
*/
if ((ap->a_mode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) {
if ((ap->a_accmode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) {
switch (vp->v_type) {
case VREG:
case VDIR:
@ -337,20 +337,20 @@ nfs_access(struct vop_access_args *ap)
* client uid-->server uid mapping that we do not know about.
*/
if (v3) {
if (ap->a_mode & VREAD)
if (ap->a_accmode & VREAD)
mode = NFSV3ACCESS_READ;
else
mode = 0;
if (vp->v_type != VDIR) {
if (ap->a_mode & VWRITE)
if (ap->a_accmode & VWRITE)
mode |= (NFSV3ACCESS_MODIFY | NFSV3ACCESS_EXTEND);
if (ap->a_mode & VEXEC)
if (ap->a_accmode & VEXEC)
mode |= NFSV3ACCESS_EXECUTE;
} else {
if (ap->a_mode & VWRITE)
if (ap->a_accmode & VWRITE)
mode |= (NFSV3ACCESS_MODIFY | NFSV3ACCESS_EXTEND |
NFSV3ACCESS_DELETE);
if (ap->a_mode & VEXEC)
if (ap->a_accmode & VEXEC)
mode |= NFSV3ACCESS_LOOKUP;
}
/* XXX safety belt, only make blanket request if caching */
@ -399,7 +399,7 @@ nfs_access(struct vop_access_args *ap)
* file size cached.
*/
mtx_lock(&np->n_mtx);
if (ap->a_cred->cr_uid == 0 && (ap->a_mode & VREAD)
if (ap->a_cred->cr_uid == 0 && (ap->a_accmode & VREAD)
&& VTONFS(vp)->n_size > 0) {
struct iovec aiov;
struct uio auio;
@ -3200,7 +3200,7 @@ nfsspec_access(struct vop_access_args *ap)
struct vattr *vap;
struct ucred *cred = ap->a_cred;
struct vnode *vp = ap->a_vp;
mode_t mode = ap->a_mode;
accmode_t accmode = ap->a_accmode;
struct vattr vattr;
int error;
@ -3209,7 +3209,7 @@ nfsspec_access(struct vop_access_args *ap)
* unless the file is a socket, fifo, or a block or character
* device resident on the filesystem.
*/
if ((mode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) {
if ((accmode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) {
switch (vp->v_type) {
case VREG:
case VDIR:
@ -3224,7 +3224,7 @@ nfsspec_access(struct vop_access_args *ap)
if (error)
goto out;
error = vaccess(vp->v_type, vap->va_mode, vap->va_uid, vap->va_gid,
mode, cred, NULL);
accmode, cred, NULL);
out:
return error;
}

11
sys/nfsserver/nfs_serv.c
View File

@ -138,7 +138,8 @@ struct nfsrvstats nfsrvstats;
SYSCTL_STRUCT(_vfs_nfsrv, NFS_NFSRVSTATS, nfsrvstats, CTLFLAG_RW,
&nfsrvstats, nfsrvstats, "S,nfsrvstats");
static int nfsrv_access(struct vnode *, int, struct ucred *, int, int);
static int nfsrv_access(struct vnode *, accmode_t, struct ucred *,
int, int);
static void nfsrvw_coalesce(struct nfsrv_descript *,
struct nfsrv_descript *);
@ -4234,8 +4235,8 @@ nfsrv_noop(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
* will return EPERM instead of EACCESS. EPERM is always an error.
*/
static int
nfsrv_access(struct vnode *vp, int flags, struct ucred *cred, int rdonly,
int override)
nfsrv_access(struct vnode *vp, accmode_t accmode, struct ucred *cred,
int rdonly, int override)
{
struct vattr vattr;
int error;
@ -4244,7 +4245,7 @@ nfsrv_access(struct vnode *vp, int flags, struct ucred *cred, int rdonly,
nfsdbprintf(("%s %d\n", __FILE__, __LINE__));
if (flags & VWRITE) {
if (accmode & VWRITE) {
/* Just vn_writechk() changed to check rdonly */
/*
* Disallow write attempts on read-only filesystems;
@ -4272,7 +4273,7 @@ nfsrv_access(struct vnode *vp, int flags, struct ucred *cred, int rdonly,
error = VOP_GETATTR(vp, &vattr, cred);
if (error)
return (error);
error = VOP_ACCESS(vp, flags, cred, curthread);
error = VOP_ACCESS(vp, accmode, cred, curthread);
/*
* Allow certain operations for the owner (reads and writes
* on files that are already open).

5
sys/security/mac/mac_framework.h
View File

@ -88,6 +88,7 @@ struct vnode;
struct vop_setlabel_args;
#include <sys/acl.h> /* XXX acl_type_t */
#include <sys/types.h> /* accmode_t */
/*
* Entry points to the TrustedBSD MAC Framework from the remainder of the
@ -365,7 +366,7 @@ void mac_thread_userret(struct thread *td);
int mac_vnode_associate_extattr(struct mount *mp, struct vnode *vp);
void mac_vnode_associate_singlelabel(struct mount *mp, struct vnode *vp);
int mac_vnode_check_access(struct ucred *cred, struct vnode *vp,
int acc_mode);
accmode_t accmode);
int mac_vnode_check_chdir(struct ucred *cred, struct vnode *dvp);
int mac_vnode_check_chroot(struct ucred *cred, struct vnode *dvp);
int mac_vnode_check_create(struct ucred *cred, struct vnode *dvp,
@ -391,7 +392,7 @@ int mac_vnode_check_mmap(struct ucred *cred, struct vnode *vp, int prot,
int mac_vnode_check_mprotect(struct ucred *cred, struct vnode *vp,
int prot);
int mac_vnode_check_open(struct ucred *cred, struct vnode *vp,
int acc_mode);
accmode_t accmode);
int mac_vnode_check_poll(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp);
int mac_vnode_check_read(struct ucred *active_cred,

7
sys/security/mac/mac_policy.h
View File

@ -61,6 +61,7 @@
* alphabetically.
*/
#include <sys/acl.h> /* XXX acl_type_t */
#include <sys/types.h> /* XXX accmode_t */
struct acl;
struct auditinfo;
@ -530,7 +531,8 @@ typedef void (*mpo_vnode_associate_singlelabel_t)(struct mount *mp,
struct label *mplabel, struct vnode *vp,
struct label *vplabel);
typedef int (*mpo_vnode_check_access_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel, int acc_mode);
struct vnode *vp, struct label *vplabel,
accmode_t accmode);
typedef int (*mpo_vnode_check_chdir_t)(struct ucred *cred,
struct vnode *dvp, struct label *dvplabel);
typedef int (*mpo_vnode_check_chroot_t)(struct ucred *cred,
@ -571,7 +573,8 @@ typedef void (*mpo_vnode_check_mmap_downgrade_t)(struct ucred *cred,
typedef int (*mpo_vnode_check_mprotect_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel, int prot);
typedef int (*mpo_vnode_check_open_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel, int acc_mode);
struct vnode *vp, struct label *vplabel,
accmode_t accmode);
typedef int (*mpo_vnode_check_poll_t)(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp,
struct label *vplabel);

8
sys/security/mac/mac_vfs.c
View File

@ -362,13 +362,13 @@ mac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
}
int
mac_vnode_check_access(struct ucred *cred, struct vnode *vp, int acc_mode)
mac_vnode_check_access(struct ucred *cred, struct vnode *vp, accmode_t accmode)
{
int error;
ASSERT_VOP_LOCKED(vp, "mac_vnode_check_access");
MAC_CHECK(vnode_check_access, cred, vp, vp->v_label, acc_mode);
MAC_CHECK(vnode_check_access, cred, vp, vp->v_label, accmode);
return (error);
}
@ -546,13 +546,13 @@ mac_vnode_check_mprotect(struct ucred *cred, struct vnode *vp, int prot)
}
int
mac_vnode_check_open(struct ucred *cred, struct vnode *vp, int acc_mode)
mac_vnode_check_open(struct ucred *cred, struct vnode *vp, accmode_t accmode)
{
int error;
ASSERT_VOP_LOCKED(vp, "mac_vnode_check_open");
MAC_CHECK(vnode_check_open, cred, vp, vp->v_label, acc_mode);
MAC_CHECK(vnode_check_open, cred, vp, vp->v_label, accmode);
return (error);
}

6
sys/security/mac_biba/mac_biba.c
View File

@ -2882,7 +2882,7 @@ biba_vnode_check_mmap(struct ucred *cred, struct vnode *vp,
static int
biba_vnode_check_open(struct ucred *cred, struct vnode *vp,
struct label *vplabel, int acc_mode)
struct label *vplabel, accmode_t accmode)
{
struct mac_biba *subj, *obj;
@ -2893,11 +2893,11 @@ biba_vnode_check_open(struct ucred *cred, struct vnode *vp,
obj = SLOT(vplabel);
/* XXX privilege override for admin? */
if (acc_mode & (VREAD | VEXEC | VSTAT)) {
if (accmode & (VREAD | VEXEC | VSTAT)) {
if (!biba_dominate_effective(obj, subj))
return (EACCES);
}
if (acc_mode & (VWRITE | VAPPEND | VADMIN)) {
if (accmode & (VWRITE | VAPPEND | VADMIN)) {
if (!biba_dominate_effective(subj, obj))
return (EACCES);
}

4
sys/security/mac_bsdextended/ugidfw_internal.h
View File

@ -52,7 +52,7 @@ int ugidfw_system_check_swapon(struct ucred *cred, struct vnode *vp,
* Vnode access control checks.
*/
int ugidfw_vnode_check_access(struct ucred *cred, struct vnode *vp,
struct label *vplabel, int acc_mode);
struct label *vplabel, accmode_t accmode);
int ugidfw_vnode_check_chdir(struct ucred *cred, struct vnode *dvp,
struct label *dvplabel);
int ugidfw_vnode_check_chroot(struct ucred *cred, struct vnode *dvp,
@ -81,7 +81,7 @@ int ugidfw_vnode_check_listextattr(struct ucred *cred, struct vnode *vp,
int ugidfw_vnode_check_lookup(struct ucred *cred, struct vnode *dvp,
struct label *dvplabel, struct componentname *cnp);
int ugidfw_vnode_check_open(struct ucred *cred, struct vnode *vp,
struct label *vplabel, int acc_mode);
struct label *vplabel, accmode_t accmode);
int ugidfw_vnode_check_readdir(struct ucred *cred, struct vnode *dvp,
struct label *dvplabel);
int ugidfw_vnode_check_readdlink(struct ucred *cred, struct vnode *vp,

16
sys/security/mac_bsdextended/ugidfw_vnode.c
View File

@ -62,10 +62,14 @@
int
ugidfw_vnode_check_access(struct ucred *cred, struct vnode *vp,
struct label *vplabel, int acc_mode)
struct label *vplabel, accmode_t accmode)
{
return (ugidfw_check_vp(cred, vp, acc_mode));
/*
* XXX: We pass accmode_t variable containing V* constants
* as an int containing MBI_* constants.
*/
return (ugidfw_check_vp(cred, vp, (int)accmode));
}
int
@ -168,10 +172,14 @@ ugidfw_vnode_check_lookup(struct ucred *cred, struct vnode *dvp,
int
ugidfw_vnode_check_open(struct ucred *cred, struct vnode *vp,
struct label *vplabel, int acc_mode)
struct label *vplabel, accmode_t accmode)
{
return (ugidfw_check_vp(cred, vp, acc_mode));
/*
* XXX: We pass accmode_t variable containing V* constants
* as an int containing MBI_* constants.
*/
return (ugidfw_check_vp(cred, vp, (int)accmode));
}
int

4
sys/security/mac_lomac/mac_lomac.c
View File

@ -2430,7 +2430,7 @@ lomac_vnode_check_mmap_downgrade(struct ucred *cred, struct vnode *vp,
static int
lomac_vnode_check_open(struct ucred *cred, struct vnode *vp,
struct label *vplabel, int acc_mode)
struct label *vplabel, accmode_t accmode)
{
struct mac_lomac *subj, *obj;
@ -2441,7 +2441,7 @@ lomac_vnode_check_open(struct ucred *cred, struct vnode *vp,
obj = SLOT(vplabel);
/* XXX privilege override for admin? */
if (acc_mode & (VWRITE | VAPPEND | VADMIN)) {
if (accmode & (VWRITE | VAPPEND | VADMIN)) {
if (!lomac_subject_dominate(subj, obj))
return (EACCES);
}

6
sys/security/mac_mls/mac_mls.c
View File

@ -2505,7 +2505,7 @@ mls_vnode_check_mmap(struct ucred *cred, struct vnode *vp,
static int
mls_vnode_check_open(struct ucred *cred, struct vnode *vp,
struct label *vplabel, int acc_mode)
struct label *vplabel, accmode_t accmode)
{
struct mac_mls *subj, *obj;
@ -2516,11 +2516,11 @@ mls_vnode_check_open(struct ucred *cred, struct vnode *vp,
obj = SLOT(vplabel);
/* XXX privilege override for admin? */
if (acc_mode & (VREAD | VEXEC | VSTAT)) {
if (accmode & (VREAD | VEXEC | VSTAT)) {
if (!mls_dominate_effective(subj, obj))
return (EACCES);
}
if (acc_mode & (VWRITE | VAPPEND | VADMIN)) {
if (accmode & (VWRITE | VAPPEND | VADMIN)) {
if (!mls_dominate_effective(obj, subj))
return (EACCES);
}

2
sys/security/mac_stub/mac_stub.c
View File

@ -1337,7 +1337,7 @@ stub_vnode_check_mprotect(struct ucred *cred, struct vnode *vp,
static int
stub_vnode_check_open(struct ucred *cred, struct vnode *vp,
struct label *vplabel, int acc_mode)
struct label *vplabel, accmode_t accmode)
{
return (0);

4
sys/security/mac_test/mac_test.c
View File

@ -2326,7 +2326,7 @@ test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
COUNTER_DECL(vnode_check_access);
static int
test_vnode_check_access(struct ucred *cred, struct vnode *vp,
struct label *vplabel, int acc_mode)
struct label *vplabel, accmode_t accmode)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
@ -2500,7 +2500,7 @@ test_vnode_check_mmap(struct ucred *cred, struct vnode *vp,
COUNTER_DECL(vnode_check_open);
static int
test_vnode_check_open(struct ucred *cred, struct vnode *vp,
struct label *vplabel, int acc_mode)
struct label *vplabel, accmode_t accmode)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);

1
sys/sys/_types.h
View File

@ -47,6 +47,7 @@ typedef __uint32_t __ino_t; /* inode number */
typedef long __key_t; /* IPC key (for Sys V IPC) */
typedef __int32_t __lwpid_t; /* Thread ID (a.k.a. LWP) */
typedef __uint16_t __mode_t; /* permissions */
typedef int __accmode_t; /* access permissions */
typedef int __nl_item;
typedef __uint16_t __nlink_t; /* link count */
typedef __int64_t __off_t; /* file offset */

3
sys/sys/extattr.h
View File

@ -58,13 +58,14 @@
EXTATTR_NAMESPACE_SYSTEM_STRING }
#ifdef _KERNEL
#include <sys/types.h>
#define EXTATTR_MAXNAMELEN NAME_MAX
struct thread;
struct ucred;
struct vnode;
int extattr_check_cred(struct vnode *vp, int attrnamespace,
struct ucred *cred, struct thread *td, int access);
struct ucred *cred, struct thread *td, accmode_t accmode);
#else
#include <sys/cdefs.h>

5
sys/sys/types.h
View File

@ -205,6 +205,11 @@ typedef __mode_t mode_t; /* permissions */
#define _MODE_T_DECLARED
#endif
#ifndef _ACCMODE_T_DECLARED
typedef __accmode_t accmode_t; /* access permissions */
#define _ACCMODE_T_DECLARED
#endif
#ifndef _NLINK_T_DECLARED
typedef __nlink_t nlink_t; /* link count */
#define _NLINK_T_DECLARED

6
sys/sys/vnode.h
View File

@ -309,7 +309,7 @@ struct vattr {
#define IO_SEQSHIFT 16 /* seq heuristic in upper 16 bits */
/*
* Modes. Some values same as Ixxx entries from inode.h for now.
* Flags for accmode_t.
*/
#define VEXEC 000100 /* execute/search permission */
#define VWRITE 000200 /* write permission */
@ -584,10 +584,10 @@ int vn_fullpath_global(struct thread *td, struct vnode *vn,
char **retbuf, char **freebuf);
int vn_commname(struct vnode *vn, char *buf, u_int buflen);
int vaccess(enum vtype type, mode_t file_mode, uid_t file_uid,
gid_t file_gid, mode_t acc_mode, struct ucred *cred,
gid_t file_gid, accmode_t accmode, struct ucred *cred,
int *privused);
int vaccess_acl_posix1e(enum vtype type, uid_t file_uid,
gid_t file_gid, struct acl *acl, mode_t acc_mode,
gid_t file_gid, struct acl *acl, accmode_t accmode,
struct ucred *cred, int *privused);
void vattr_null(struct vattr *vap);
int vcount(struct vnode *vp);

8
sys/ufs/ffs/ffs_vfsops.c
View File

@ -139,7 +139,7 @@ ffs_mount(struct mount *mp, struct thread *td)
struct fs *fs;
int error, flags;
u_int mntorflags, mntandnotflags;
mode_t accessmode;
accmode_t accmode;
struct nameidata ndp;
char *fspec;
@ -384,10 +384,10 @@ ffs_mount(struct mount *mp, struct thread *td)
* If mount by non-root, then verify that user has necessary
* permissions on the device.
*/
accessmode = VREAD;
accmode = VREAD;
if ((mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td);
accmode |= VWRITE;
error = VOP_ACCESS(devvp, accmode, td->td_ucred, td);
if (error)
error = priv_check(td, PRIV_VFS_MOUNT_PERM);
if (error) {

16
sys/ufs/ufs/ufs_vnops.c
View File

@ -301,14 +301,14 @@ static int
ufs_access(ap)
struct vop_access_args /* {
struct vnode *a_vp;
int a_mode;
accmode_t a_accmode;
struct ucred *a_cred;
struct thread *a_td;
} */ *ap;
{
struct vnode *vp = ap->a_vp;
struct inode *ip = VTOI(vp);
mode_t mode = ap->a_mode;
accmode_t accmode = ap->a_accmode;
int error;
#ifdef QUOTA
int relocked;
@ -322,7 +322,7 @@ ufs_access(ap)
* unless the file is a socket, fifo, or a block or
* character device resident on the filesystem.
*/
if (mode & VWRITE) {
if (accmode & VWRITE) {
switch (vp->v_type) {
case VDIR:
case VLNK:
@ -368,7 +368,7 @@ ufs_access(ap)
}
/* If immutable bit set, nobody gets to write it. */
if ((mode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT)))
if ((accmode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT)))
return (EPERM);
#ifdef UFS_ACL
@ -379,11 +379,11 @@ ufs_access(ap)
switch (error) {
case EOPNOTSUPP:
error = vaccess(vp->v_type, ip->i_mode, ip->i_uid,
ip->i_gid, ap->a_mode, ap->a_cred, NULL);
ip->i_gid, ap->a_accmode, ap->a_cred, NULL);
break;
case 0:
error = vaccess_acl_posix1e(vp->v_type, ip->i_uid,
ip->i_gid, acl, ap->a_mode, ap->a_cred, NULL);
ip->i_gid, acl, ap->a_accmode, ap->a_cred, NULL);
break;
default:
printf(
@ -395,13 +395,13 @@ ufs_access(ap)
* EPERM for safety.
*/
error = vaccess(vp->v_type, ip->i_mode, ip->i_uid,
ip->i_gid, ap->a_mode, ap->a_cred, NULL);
ip->i_gid, ap->a_accmode, ap->a_cred, NULL);
}
uma_zfree(acl_zone, acl);
} else
#endif /* !UFS_ACL */
error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid,
ap->a_mode, ap->a_cred, NULL);
ap->a_accmode, ap->a_cred, NULL);
return (error);
}