[dragonfly.git] / sys / kern / vfs_helper.c

/*
 * (The copyright below applies to ufs_access())
 *
 * Copyright (c) 1982, 1986, 1989, 1993, 1995
 *	The Regents of the University of California.  All rights reserved.
 * (c) UNIX System Laboratories, Inc.
 * All or some portions of this file are derived from material licensed
 * to the University of California by American Telephone and Telegraph
 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
 * the permission of UNIX System Laboratories, Inc.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *	This product includes software developed by the University of
 *	California, Berkeley and its contributors.
 * 4. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * @(#)ufs_vnops.c	8.27 (Berkeley) 5/27/95
 * $DragonFly: src/sys/kern/vfs_helper.c,v 1.5 2008/05/25 18:34:46 dillon Exp $
 */

#include "opt_quota.h"
#include "opt_suiddir.h"

#include <sys/param.h>
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/fcntl.h>
#include <sys/stat.h>
#include <sys/mount.h>
#include <sys/unistd.h>
#include <sys/vnode.h>
#include <sys/file.h>		/* XXX */
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/jail.h>

/*
 * vop_helper_access()
 *
 *	Provide standard UNIX semanics for VOP_ACCESS, but without the quota
 *	code.  This procedure was basically pulled out of UFS.
 */
int
vop_helper_access(struct vop_access_args *ap, uid_t ino_uid, gid_t ino_gid,
		  mode_t ino_mode, u_int32_t ino_flags)
{
	struct vnode *vp = ap->a_vp;
	struct ucred *cred = ap->a_cred;
	mode_t mask, mode = ap->a_mode;
	gid_t *gp;
	int i;
#ifdef QUOTA
	/*int error;*/
#endif

	/*
	 * Disallow write attempts on read-only filesystems;
	 * unless the file is a socket, fifo, or a block or
	 * character device resident on the filesystem.
	 */
	if (mode & VWRITE) {
		switch (vp->v_type) {
		case VDIR:
		case VLNK:
		case VREG:
		case VDATABASE:
			if (vp->v_mount->mnt_flag & MNT_RDONLY)
				return (EROFS);
#ifdef QUOTA
			/* check quota here XXX */
#endif
			break;
		default:
			break;
		}
	}

	/* If immutable bit set, nobody gets to write it. */
	if ((mode & VWRITE) && (ino_flags & IMMUTABLE))
		return (EPERM);

	/* Otherwise, user id 0 always gets access. */
	if (cred->cr_uid == 0)
		return (0);

	mask = 0;

	/* Otherwise, check the owner. */
	if (cred->cr_uid == ino_uid) {
		if (mode & VEXEC)
			mask |= S_IXUSR;
		if (mode & VREAD)
			mask |= S_IRUSR;
		if (mode & VWRITE)
			mask |= S_IWUSR;
		return ((ino_mode & mask) == mask ? 0 : EACCES);
	}

	/* Otherwise, check the groups. */
	for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups; i++, gp++)
		if (ino_gid == *gp) {
			if (mode & VEXEC)
				mask |= S_IXGRP;
			if (mode & VREAD)
				mask |= S_IRGRP;
			if (mode & VWRITE)
				mask |= S_IWGRP;
			return ((ino_mode & mask) == mask ? 0 : EACCES);
		}

	/* Otherwise, check everyone else. */
	if (mode & VEXEC)
		mask |= S_IXOTH;
	if (mode & VREAD)
		mask |= S_IROTH;
	if (mode & VWRITE)
		mask |= S_IWOTH;
	return ((ino_mode & mask) == mask ? 0 : EACCES);
}

int
vop_helper_setattr_flags(u_int32_t *ino_flags, u_int32_t vaflags,
			 uid_t uid, struct ucred *cred)
{
	int error;

	/*
	 * If uid doesn't match only the super-user can change the flags
	 */
	if (cred->cr_uid != uid &&
	    (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT))) {
		return(error);
	}
	if (cred->cr_uid == 0 &&
	    (!jailed(cred)|| jail_chflags_allowed)) {
		if ((*ino_flags & (SF_NOUNLINK|SF_IMMUTABLE|SF_APPEND)) &&
		    securelevel > 0)
			return (EPERM);
		*ino_flags = vaflags;
	} else {
		if (*ino_flags & (SF_NOUNLINK|SF_IMMUTABLE|SF_APPEND) ||
		    (vaflags & UF_SETTABLE) != vaflags)
			return (EPERM);
		*ino_flags &= SF_SETTABLE;
		*ino_flags |= vaflags & UF_SETTABLE;
	}
	return(0);
}

/*
 * This helper function may be used by VFSs to implement UNIX initial
 * ownership semantics when creating new objects inside directories.
 */
uid_t
vop_helper_create_uid(struct mount *mp, mode_t dmode, uid_t duid,
		      struct ucred *cred, mode_t *modep)
{
#ifdef SUIDDIR
	if ((mp->mnt_flag & MNT_SUIDDIR) && (dmode & S_ISUID) &&
	    duid != cred->cr_uid && duid) {
		*modep &= ~07111;
		return(duid);
	}
#endif
	return(cred->cr_uid);
}

/*
 * This helper may be used by VFSs to implement unix chmod semantics.
 */
int
vop_helper_chmod(struct vnode *vp, mode_t new_mode, struct ucred *cred,
		 uid_t cur_uid, gid_t cur_gid, mode_t *cur_modep)
{
	int error;

	if (cred->cr_uid != cur_uid) {
		error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT);
		if (error)
			return (error);
	}
	if (cred->cr_uid) {
		if (vp->v_type != VDIR && (*cur_modep & S_ISTXT))
			return (EFTYPE);
		if (!groupmember(cur_gid, cred) && (*cur_modep & S_ISGID))
			return (EPERM);
	}
	*cur_modep &= ~ALLPERMS;
	*cur_modep |= new_mode & ALLPERMS;
	return(0);
}

/*
 * This helper may be used by VFSs to implement unix chown semantics.
 */
int
vop_helper_chown(struct vnode *vp, uid_t new_uid, gid_t new_gid,
		 struct ucred *cred,
		 uid_t *cur_uidp, gid_t *cur_gidp, mode_t *cur_modep)
{
	gid_t ogid;
	uid_t ouid;
	int error;

	if (new_uid == (uid_t)VNOVAL)
		new_uid = *cur_uidp;
	if (new_gid == (gid_t)VNOVAL)
		new_gid = *cur_gidp;

	/*
	 * If we don't own the file, are trying to change the owner
	 * of the file, or are not a member of the target group,
	 * the caller must be superuser or the call fails.
	 */
	if ((cred->cr_uid != *cur_uidp || new_uid != *cur_uidp ||
	    (new_gid != *cur_gidp && !(cred->cr_gid == new_gid ||
	    groupmember(new_gid, cred)))) &&
	    (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT))) {
		return (error);
	}
	ogid = *cur_gidp;
	ouid = *cur_uidp;
	/* XXX QUOTA CODE */
	*cur_uidp = new_uid;
	*cur_gidp = new_gid;
	/* XXX QUOTA CODE */
	if (cred->cr_uid != 0 && (ouid != new_uid || ogid != new_gid))
		*cur_modep &= ~(S_ISUID | S_ISGID);
	return(0);
}
Commit	Line	Data
9340415c MD	1	/*
	2	* (The copyright below applies to ufs_access())
	3	*
	4	* Copyright (c) 1982, 1986, 1989, 1993, 1995
	5	* The Regents of the University of California. All rights reserved.
	6	* (c) UNIX System Laboratories, Inc.
	7	* All or some portions of this file are derived from material licensed
	8	* to the University of California by American Telephone and Telegraph
	9	* Co. or Unix System Laboratories, Inc. and are reproduced herein with
	10	* the permission of UNIX System Laboratories, Inc.
	11	*
	12	* Redistribution and use in source and binary forms, with or without
	13	* modification, are permitted provided that the following conditions
	14	* are met:
	15	* 1. Redistributions of source code must retain the above copyright
	16	* notice, this list of conditions and the following disclaimer.
	17	* 2. Redistributions in binary form must reproduce the above copyright
	18	* notice, this list of conditions and the following disclaimer in the
	19	* documentation and/or other materials provided with the distribution.
	20	* 3. All advertising materials mentioning features or use of this software
	21	* must display the following acknowledgement:
	22	* This product includes software developed by the University of
	23	* California, Berkeley and its contributors.
	24	* 4. Neither the name of the University nor the names of its contributors
	25	* may be used to endorse or promote products derived from this software
	26	* without specific prior written permission.
	27	*
	28	* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
	29	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	30	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	31	* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
	32	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	33	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	34	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	35	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	36	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	37	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	38	* SUCH DAMAGE.
	39	*
	40	* @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95
f7179e23	41	* $DragonFly: src/sys/kern/vfs_helper.c,v 1.5 2008/05/25 18:34:46 dillon Exp $
9340415c MD	42	*/
	43
	44	#include "opt_quota.h"
	45	#include "opt_suiddir.h"
	46
	47	#include <sys/param.h>
	48	#include <sys/systm.h>
	49	#include <sys/kernel.h>
	50	#include <sys/fcntl.h>
	51	#include <sys/stat.h>
	52	#include <sys/mount.h>
	53	#include <sys/unistd.h>
	54	#include <sys/vnode.h>
	55	#include <sys/file.h> /* XXX */
486028c8	56	#include <sys/proc.h>
895c1f85	57	#include <sys/priv.h>
1399fa3b	58	#include <sys/jail.h>
9340415c MD	59
	60	/*
	61	* vop_helper_access()
	62	*
	63	* Provide standard UNIX semanics for VOP_ACCESS, but without the quota
	64	* code. This procedure was basically pulled out of UFS.
	65	*/
	66	int
	67	vop_helper_access(struct vop_access_args *ap, uid_t ino_uid, gid_t ino_gid,
	68	mode_t ino_mode, u_int32_t ino_flags)
	69	{
	70	struct vnode *vp = ap->a_vp;
	71	struct ucred *cred = ap->a_cred;
	72	mode_t mask, mode = ap->a_mode;
	73	gid_t *gp;
	74	int i;
	75	#ifdef QUOTA
	76	/int error;/
	77	#endif
	78
	79	/*
	80	* Disallow write attempts on read-only filesystems;
	81	* unless the file is a socket, fifo, or a block or
	82	* character device resident on the filesystem.
	83	*/
	84	if (mode & VWRITE) {
	85	switch (vp->v_type) {
	86	case VDIR:
	87	case VLNK:
	88	case VREG:
	89	case VDATABASE:
	90	if (vp->v_mount->mnt_flag & MNT_RDONLY)
	91	return (EROFS);
	92	#ifdef QUOTA
	93	/* check quota here XXX */
	94	#endif
	95	break;
	96	default:
	97	break;
	98	}
	99	}
	100
	101	/* If immutable bit set, nobody gets to write it. */
	102	if ((mode & VWRITE) && (ino_flags & IMMUTABLE))
	103	return (EPERM);
	104
	105	/* Otherwise, user id 0 always gets access. */
	106	if (cred->cr_uid == 0)
	107	return (0);
	108
	109	mask = 0;
	110
	111	/* Otherwise, check the owner. */
	112	if (cred->cr_uid == ino_uid) {
	113	if (mode & VEXEC)
	114	mask \|= S_IXUSR;
	115	if (mode & VREAD)
	116	mask \|= S_IRUSR;
	117	if (mode & VWRITE)
	118	mask \|= S_IWUSR;
	119	return ((ino_mode & mask) == mask ? 0 : EACCES);
	120	}
	121
	122	/* Otherwise, check the groups. */
123	for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups; i++, gp++)
124	if (ino_gid == *gp) {
125	if (mode & VEXEC)
126	mask \|= S_IXGRP;
127	if (mode & VREAD)
128	mask \|= S_IRGRP;
129	if (mode & VWRITE)
130	mask \|= S_IWGRP;
131	return ((ino_mode & mask) == mask ? 0 : EACCES);
132	}
133
134	/* Otherwise, check everyone else. */
135	if (mode & VEXEC)
136	mask \|= S_IXOTH;
137	if (mode & VREAD)
138	mask \|= S_IROTH;
139	if (mode & VWRITE)
140	mask \|= S_IWOTH;
141	return ((ino_mode & mask) == mask ? 0 : EACCES);
142	}
143
1399fa3b MD	144	int
	145	vop_helper_setattr_flags(u_int32_t *ino_flags, u_int32_t vaflags,
	146	uid_t uid, struct ucred *cred)
	147	{
	148	int error;
	149
	150	/*
	151	* If uid doesn't match only the super-user can change the flags
	152	*/
	153	if (cred->cr_uid != uid &&
895c1f85	154	(error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT))) {
1399fa3b MD	155	return(error);
	156	}
	157	if (cred->cr_uid == 0 &&
	158	(!jailed(cred)\|\| jail_chflags_allowed)) {
	159	if ((*ino_flags & (SF_NOUNLINK\|SF_IMMUTABLE\|SF_APPEND)) &&
	160	securelevel > 0)
	161	return (EPERM);
	162	*ino_flags = vaflags;
	163	} else {
	164	if (*ino_flags & (SF_NOUNLINK\|SF_IMMUTABLE\|SF_APPEND) \|\|
	165	(vaflags & UF_SETTABLE) != vaflags)
	166	return (EPERM);
	167	*ino_flags &= SF_SETTABLE;
	168	*ino_flags \|= vaflags & UF_SETTABLE;
	169	}
	170	return(0);
	171	}
	172
f7179e23 MD	173	/*
	174	* This helper function may be used by VFSs to implement UNIX initial
	175	* ownership semantics when creating new objects inside directories.
	176	*/
fb356552 MD	177	uid_t
	178	vop_helper_create_uid(struct mount *mp, mode_t dmode, uid_t duid,
	179	struct ucred cred, mode_t modep)
	180	{
	181	#ifdef SUIDDIR
f7179e23	182	if ((mp->mnt_flag & MNT_SUIDDIR) && (dmode & S_ISUID) &&
fb356552 MD	183	duid != cred->cr_uid && duid) {
	184	*modep &= ~07111;
	185	return(duid);
	186	}
	187	#endif
	188	return(cred->cr_uid);
	189	}
1399fa3b	190
f7179e23 MD	191	/*
	192	* This helper may be used by VFSs to implement unix chmod semantics.
	193	*/
	194	int
	195	vop_helper_chmod(struct vnode vp, mode_t new_mode, struct ucred cred,
	196	uid_t cur_uid, gid_t cur_gid, mode_t *cur_modep)
	197	{
	198	int error;
	199
	200	if (cred->cr_uid != cur_uid) {
895c1f85	201	error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT);
f7179e23 MD	202	if (error)
	203	return (error);
	204	}
	205	if (cred->cr_uid) {
	206	if (vp->v_type != VDIR && (*cur_modep & S_ISTXT))
	207	return (EFTYPE);
	208	if (!groupmember(cur_gid, cred) && (*cur_modep & S_ISGID))
	209	return (EPERM);
	210	}
	211	*cur_modep &= ~ALLPERMS;
	212	*cur_modep \|= new_mode & ALLPERMS;
	213	return(0);
	214	}
	215
	216	/*
	217	* This helper may be used by VFSs to implement unix chown semantics.
	218	*/
	219	int
	220	vop_helper_chown(struct vnode *vp, uid_t new_uid, gid_t new_gid,
	221	struct ucred *cred,
	222	uid_t cur_uidp, gid_t cur_gidp, mode_t *cur_modep)
	223	{
	224	gid_t ogid;
	225	uid_t ouid;
	226	int error;
	227
	228	if (new_uid == (uid_t)VNOVAL)
	229	new_uid = *cur_uidp;
	230	if (new_gid == (gid_t)VNOVAL)
	231	new_gid = *cur_gidp;
	232
	233	/*
	234	* If we don't own the file, are trying to change the owner
	235	* of the file, or are not a member of the target group,
	236	* the caller must be superuser or the call fails.
	237	*/
	238	if ((cred->cr_uid != cur_uidp \|\| new_uid != cur_uidp \|\|
	239	(new_gid != *cur_gidp && !(cred->cr_gid == new_gid \|\|
	240	groupmember(new_gid, cred)))) &&
895c1f85	241	(error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT))) {
f7179e23 MD	242	return (error);
	243	}
	244	ogid = *cur_gidp;
	245	ouid = *cur_uidp;
	246	/* XXX QUOTA CODE */
	247	*cur_uidp = new_uid;
	248	*cur_gidp = new_gid;
	249	/* XXX QUOTA CODE */
	250	if (cred->cr_uid != 0 && (ouid != new_uid \|\| ogid != new_gid))
	251	*cur_modep &= ~(S_ISUID \| S_ISGID);
	252	return(0);
	253	}
	254