MFC: fstest regression fixes - POSIX error codes.
[dragonfly.git] / sys / kern / vfs_helper.c
CommitLineData
9340415c
MD
1/*
2 * (The copyright below applies to ufs_access())
3 *
4 * Copyright (c) 1982, 1986, 1989, 1993, 1995
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. All advertising materials mentioning features or use of this software
21 * must display the following acknowledgement:
22 * This product includes software developed by the University of
23 * California, Berkeley and its contributors.
24 * 4. Neither the name of the University nor the names of its contributors
25 * may be used to endorse or promote products derived from this software
26 * without specific prior written permission.
27 *
28 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
31 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * SUCH DAMAGE.
39 *
40 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95
f7179e23 41 * $DragonFly: src/sys/kern/vfs_helper.c,v 1.5 2008/05/25 18:34:46 dillon Exp $
9340415c
MD
42 */
43
44#include "opt_quota.h"
45#include "opt_suiddir.h"
46
47#include <sys/param.h>
48#include <sys/systm.h>
49#include <sys/kernel.h>
50#include <sys/fcntl.h>
51#include <sys/stat.h>
52#include <sys/mount.h>
53#include <sys/unistd.h>
54#include <sys/vnode.h>
55#include <sys/file.h> /* XXX */
486028c8 56#include <sys/proc.h>
895c1f85 57#include <sys/priv.h>
1399fa3b 58#include <sys/jail.h>
9340415c
MD
59
60/*
61 * vop_helper_access()
62 *
63 * Provide standard UNIX semanics for VOP_ACCESS, but without the quota
64 * code. This procedure was basically pulled out of UFS.
65 */
66int
67vop_helper_access(struct vop_access_args *ap, uid_t ino_uid, gid_t ino_gid,
68 mode_t ino_mode, u_int32_t ino_flags)
69{
70 struct vnode *vp = ap->a_vp;
71 struct ucred *cred = ap->a_cred;
72 mode_t mask, mode = ap->a_mode;
73 gid_t *gp;
74 int i;
75#ifdef QUOTA
76 /*int error;*/
77#endif
78
79 /*
80 * Disallow write attempts on read-only filesystems;
81 * unless the file is a socket, fifo, or a block or
82 * character device resident on the filesystem.
83 */
84 if (mode & VWRITE) {
85 switch (vp->v_type) {
86 case VDIR:
87 case VLNK:
88 case VREG:
89 case VDATABASE:
90 if (vp->v_mount->mnt_flag & MNT_RDONLY)
91 return (EROFS);
92#ifdef QUOTA
93 /* check quota here XXX */
94#endif
95 break;
96 default:
97 break;
98 }
99 }
100
101 /* If immutable bit set, nobody gets to write it. */
102 if ((mode & VWRITE) && (ino_flags & IMMUTABLE))
103 return (EPERM);
104
105 /* Otherwise, user id 0 always gets access. */
106 if (cred->cr_uid == 0)
107 return (0);
108
109 mask = 0;
110
111 /* Otherwise, check the owner. */
112 if (cred->cr_uid == ino_uid) {
e1b4bb12
MD
113 if (mode & VOWN)
114 return (0);
9340415c
MD
115 if (mode & VEXEC)
116 mask |= S_IXUSR;
117 if (mode & VREAD)
118 mask |= S_IRUSR;
119 if (mode & VWRITE)
120 mask |= S_IWUSR;
121 return ((ino_mode & mask) == mask ? 0 : EACCES);
122 }
123
124 /* Otherwise, check the groups. */
125 for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups; i++, gp++)
126 if (ino_gid == *gp) {
127 if (mode & VEXEC)
128 mask |= S_IXGRP;
129 if (mode & VREAD)
130 mask |= S_IRGRP;
131 if (mode & VWRITE)
132 mask |= S_IWGRP;
133 return ((ino_mode & mask) == mask ? 0 : EACCES);
134 }
135
136 /* Otherwise, check everyone else. */
137 if (mode & VEXEC)
138 mask |= S_IXOTH;
139 if (mode & VREAD)
140 mask |= S_IROTH;
141 if (mode & VWRITE)
142 mask |= S_IWOTH;
143 return ((ino_mode & mask) == mask ? 0 : EACCES);
144}
145
1399fa3b
MD
146int
147vop_helper_setattr_flags(u_int32_t *ino_flags, u_int32_t vaflags,
148 uid_t uid, struct ucred *cred)
149{
150 int error;
151
152 /*
153 * If uid doesn't match only the super-user can change the flags
154 */
155 if (cred->cr_uid != uid &&
895c1f85 156 (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT))) {
1399fa3b
MD
157 return(error);
158 }
159 if (cred->cr_uid == 0 &&
160 (!jailed(cred)|| jail_chflags_allowed)) {
161 if ((*ino_flags & (SF_NOUNLINK|SF_IMMUTABLE|SF_APPEND)) &&
162 securelevel > 0)
163 return (EPERM);
164 *ino_flags = vaflags;
165 } else {
166 if (*ino_flags & (SF_NOUNLINK|SF_IMMUTABLE|SF_APPEND) ||
167 (vaflags & UF_SETTABLE) != vaflags)
168 return (EPERM);
169 *ino_flags &= SF_SETTABLE;
170 *ino_flags |= vaflags & UF_SETTABLE;
171 }
172 return(0);
173}
174
f7179e23
MD
175/*
176 * This helper function may be used by VFSs to implement UNIX initial
177 * ownership semantics when creating new objects inside directories.
178 */
fb356552
MD
179uid_t
180vop_helper_create_uid(struct mount *mp, mode_t dmode, uid_t duid,
181 struct ucred *cred, mode_t *modep)
182{
183#ifdef SUIDDIR
f7179e23 184 if ((mp->mnt_flag & MNT_SUIDDIR) && (dmode & S_ISUID) &&
fb356552
MD
185 duid != cred->cr_uid && duid) {
186 *modep &= ~07111;
187 return(duid);
188 }
189#endif
190 return(cred->cr_uid);
191}
1399fa3b 192
f7179e23
MD
193/*
194 * This helper may be used by VFSs to implement unix chmod semantics.
195 */
196int
197vop_helper_chmod(struct vnode *vp, mode_t new_mode, struct ucred *cred,
198 uid_t cur_uid, gid_t cur_gid, mode_t *cur_modep)
199{
200 int error;
201
202 if (cred->cr_uid != cur_uid) {
895c1f85 203 error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT);
f7179e23
MD
204 if (error)
205 return (error);
206 }
207 if (cred->cr_uid) {
208 if (vp->v_type != VDIR && (*cur_modep & S_ISTXT))
209 return (EFTYPE);
210 if (!groupmember(cur_gid, cred) && (*cur_modep & S_ISGID))
211 return (EPERM);
212 }
213 *cur_modep &= ~ALLPERMS;
214 *cur_modep |= new_mode & ALLPERMS;
215 return(0);
216}
217
218/*
219 * This helper may be used by VFSs to implement unix chown semantics.
220 */
221int
222vop_helper_chown(struct vnode *vp, uid_t new_uid, gid_t new_gid,
223 struct ucred *cred,
224 uid_t *cur_uidp, gid_t *cur_gidp, mode_t *cur_modep)
225{
226 gid_t ogid;
227 uid_t ouid;
228 int error;
229
230 if (new_uid == (uid_t)VNOVAL)
231 new_uid = *cur_uidp;
232 if (new_gid == (gid_t)VNOVAL)
233 new_gid = *cur_gidp;
234
235 /*
236 * If we don't own the file, are trying to change the owner
237 * of the file, or are not a member of the target group,
238 * the caller must be superuser or the call fails.
239 */
240 if ((cred->cr_uid != *cur_uidp || new_uid != *cur_uidp ||
241 (new_gid != *cur_gidp && !(cred->cr_gid == new_gid ||
242 groupmember(new_gid, cred)))) &&
895c1f85 243 (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT))) {
f7179e23
MD
244 return (error);
245 }
246 ogid = *cur_gidp;
247 ouid = *cur_uidp;
248 /* XXX QUOTA CODE */
249 *cur_uidp = new_uid;
250 *cur_gidp = new_gid;
251 /* XXX QUOTA CODE */
fa8302b1
SS
252
253 /*
254 * DragonFly clears both SUID and SGID if either the owner or
255 * group is changed and root isn't doing it. If root is doing
256 * it we do not clear SUID/SGID.
257 */
f7179e23
MD
258 if (cred->cr_uid != 0 && (ouid != new_uid || ogid != new_gid))
259 *cur_modep &= ~(S_ISUID | S_ISGID);
260 return(0);
261}
262