d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement new ACL system calls which do not follow symbolic links:

Browse Source 
__acl_get_link(), __acl_set_link(), acl_delete_link(), and
__acl_aclcheck_link(), with almost identical implementations to
the existing __acl_*_file() variants on these calls.  Update
copyright.

Obtained from:	TrustedBSD Project
This commit is contained in:
Robert Watson 2002-12-29 20:28:44 +00:00
parent 6f123c35a0
commit 3c67c23bcf
3 changed files with 267 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
sys/kern/kern_acl.c
View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 1999-2001 Robert N. M. Watson
* Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
* All rights reserved.
*
* This software was developed by Robert Watson for the TrustedBSD Project.
@ -699,6 +699,28 @@ __acl_get_file(struct thread *td, struct __acl_get_file_args *uap)
return (error);
}
/*
* Given a file path, get an ACL for it; don't follow links.
*
* MPSAFE
*/
int
__acl_get_link(struct thread *td, struct __acl_get_link_args *uap)
{
struct nameidata nd;
int error;
mtx_lock(&Giant);
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
error = namei(&nd);
if (error == 0) {
error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp);
NDFREE(&nd, 0);
}
mtx_unlock(&Giant);
return (error);
}
/*
* Given a file path, set an ACL for it
*
@ -721,6 +743,28 @@ __acl_set_file(struct thread *td, struct __acl_set_file_args *uap)
return (error);
}
/*
* Given a file path, set an ACL for it; don't follow links.
*
* MPSAFE
*/
int
__acl_set_link(struct thread *td, struct __acl_set_link_args *uap)
{
struct nameidata nd;
int error;
mtx_lock(&Giant);
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
error = namei(&nd);
if (error == 0) {
error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp);
NDFREE(&nd, 0);
}
mtx_unlock(&Giant);
return (error);
}
/*
* Given a file descriptor, get an ACL for it
*
@ -787,6 +831,28 @@ __acl_delete_file(struct thread *td, struct __acl_delete_file_args *uap)
return (error);
}
/*
* Given a file path, delete an ACL from it; don't follow links.
*
* MPSAFE
*/
int
__acl_delete_link(struct thread *td, struct __acl_delete_link_args *uap)
{
struct nameidata nd;
int error;
mtx_lock(&Giant);
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
error = namei(&nd);
if (error == 0) {
error = vacl_delete(td, nd.ni_vp, uap->type);
NDFREE(&nd, 0);
}
mtx_unlock(&Giant);
return (error);
}
/*
* Given a file path, delete an ACL from it.
*
@ -831,6 +897,28 @@ __acl_aclcheck_file(struct thread *td, struct __acl_aclcheck_file_args *uap)
return (error);
}
/*
* Given a file path, check an ACL for it; don't follow links.
*
* MPSAFE
*/
int
__acl_aclcheck_link(struct thread *td, struct __acl_aclcheck_link_args *uap)
{
struct nameidata nd;
int error;
mtx_lock(&Giant);
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
error = namei(&nd);
if (error == 0) {
error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp);
NDFREE(&nd, 0);
}
mtx_unlock(&Giant);
return (error);
}
/*
* Given a file descriptor, check an ACL for it
*

90
sys/kern/subr_acl_posix1e.c
View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 1999-2001 Robert N. M. Watson
* Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
* All rights reserved.
*
* This software was developed by Robert Watson for the TrustedBSD Project.
@ -699,6 +699,28 @@ __acl_get_file(struct thread *td, struct __acl_get_file_args *uap)
return (error);
}
/*
* Given a file path, get an ACL for it; don't follow links.
*
* MPSAFE
*/
int
__acl_get_link(struct thread *td, struct __acl_get_link_args *uap)
{
struct nameidata nd;
int error;
mtx_lock(&Giant);
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
error = namei(&nd);
if (error == 0) {
error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp);
NDFREE(&nd, 0);
}
mtx_unlock(&Giant);
return (error);
}
/*
* Given a file path, set an ACL for it
*
@ -721,6 +743,28 @@ __acl_set_file(struct thread *td, struct __acl_set_file_args *uap)
return (error);
}
/*
* Given a file path, set an ACL for it; don't follow links.
*
* MPSAFE
*/
int
__acl_set_link(struct thread *td, struct __acl_set_link_args *uap)
{
struct nameidata nd;
int error;
mtx_lock(&Giant);
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
error = namei(&nd);
if (error == 0) {
error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp);
NDFREE(&nd, 0);
}
mtx_unlock(&Giant);
return (error);
}
/*
* Given a file descriptor, get an ACL for it
*
@ -787,6 +831,28 @@ __acl_delete_file(struct thread *td, struct __acl_delete_file_args *uap)
return (error);
}
/*
* Given a file path, delete an ACL from it; don't follow links.
*
* MPSAFE
*/
int
__acl_delete_link(struct thread *td, struct __acl_delete_link_args *uap)
{
struct nameidata nd;
int error;
mtx_lock(&Giant);
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
error = namei(&nd);
if (error == 0) {
error = vacl_delete(td, nd.ni_vp, uap->type);
NDFREE(&nd, 0);
}
mtx_unlock(&Giant);
return (error);
}
/*
* Given a file path, delete an ACL from it.
*
@ -831,6 +897,28 @@ __acl_aclcheck_file(struct thread *td, struct __acl_aclcheck_file_args *uap)
return (error);
}
/*
* Given a file path, check an ACL for it; don't follow links.
*
* MPSAFE
*/
int
__acl_aclcheck_link(struct thread *td, struct __acl_aclcheck_link_args *uap)
{
struct nameidata nd;
int error;
mtx_lock(&Giant);
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
error = namei(&nd);
if (error == 0) {
error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp);
NDFREE(&nd, 0);
}
mtx_unlock(&Giant);
return (error);
}
/*
* Given a file descriptor, check an ACL for it
*

90
sys/kern/vfs_acl.c
View File

@ -1,5 +1,5 @@
/*-
* Copyright (c) 1999-2001 Robert N. M. Watson
* Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
* All rights reserved.
*
* This software was developed by Robert Watson for the TrustedBSD Project.
@ -699,6 +699,28 @@ __acl_get_file(struct thread *td, struct __acl_get_file_args *uap)
return (error);
}
/*
* Given a file path, get an ACL for it; don't follow links.
*
* MPSAFE
*/
int
__acl_get_link(struct thread *td, struct __acl_get_link_args *uap)
{
struct nameidata nd;
int error;
mtx_lock(&Giant);
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
error = namei(&nd);
if (error == 0) {
error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp);
NDFREE(&nd, 0);
}
mtx_unlock(&Giant);
return (error);
}
/*
* Given a file path, set an ACL for it
*
@ -721,6 +743,28 @@ __acl_set_file(struct thread *td, struct __acl_set_file_args *uap)
return (error);
}
/*
* Given a file path, set an ACL for it; don't follow links.
*
* MPSAFE
*/
int
__acl_set_link(struct thread *td, struct __acl_set_link_args *uap)
{
struct nameidata nd;
int error;
mtx_lock(&Giant);
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
error = namei(&nd);
if (error == 0) {
error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp);
NDFREE(&nd, 0);
}
mtx_unlock(&Giant);
return (error);
}
/*
* Given a file descriptor, get an ACL for it
*
@ -787,6 +831,28 @@ __acl_delete_file(struct thread *td, struct __acl_delete_file_args *uap)
return (error);
}
/*
* Given a file path, delete an ACL from it; don't follow links.
*
* MPSAFE
*/
int
__acl_delete_link(struct thread *td, struct __acl_delete_link_args *uap)
{
struct nameidata nd;
int error;
mtx_lock(&Giant);
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
error = namei(&nd);
if (error == 0) {
error = vacl_delete(td, nd.ni_vp, uap->type);
NDFREE(&nd, 0);
}
mtx_unlock(&Giant);
return (error);
}
/*
* Given a file path, delete an ACL from it.
*
@ -831,6 +897,28 @@ __acl_aclcheck_file(struct thread *td, struct __acl_aclcheck_file_args *uap)
return (error);
}
/*
* Given a file path, check an ACL for it; don't follow links.
*
* MPSAFE
*/
int
__acl_aclcheck_link(struct thread *td, struct __acl_aclcheck_link_args *uap)
{
struct nameidata nd;
int error;
mtx_lock(&Giant);
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td);
error = namei(&nd);
if (error == 0) {
error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp);
NDFREE(&nd, 0);
}
mtx_unlock(&Giant);
return (error);
}
/*
* Given a file descriptor, check an ACL for it
*