2 * (The copyright below applies to ufs_access())
4 * Copyright (c) 1982, 1986, 1989, 1993, 1995
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. All advertising materials mentioning features or use of this software
21 * must display the following acknowledgement:
22 * This product includes software developed by the University of
23 * California, Berkeley and its contributors.
24 * 4. Neither the name of the University nor the names of its contributors
25 * may be used to endorse or promote products derived from this software
26 * without specific prior written permission.
28 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
31 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95
41 * $DragonFly: src/sys/kern/vfs_helper.c,v 1.5 2008/05/25 18:34:46 dillon Exp $
44 #include "opt_quota.h"
45 #include "opt_suiddir.h"
47 #include <sys/param.h>
48 #include <sys/systm.h>
50 #include <sys/kernel.h>
51 #include <sys/fcntl.h>
53 #include <sys/mount.h>
54 #include <sys/unistd.h>
55 #include <sys/vnode.h>
56 #include <sys/file.h> /* XXX */
64 * Provide standard UNIX semanics for VOP_ACCESS, but without the quota
65 * code. This procedure was basically pulled out of UFS.
68 vop_helper_access(struct vop_access_args *ap, uid_t ino_uid, gid_t ino_gid,
69 mode_t ino_mode, u_int32_t ino_flags)
71 struct vnode *vp = ap->a_vp;
72 struct ucred *cred = ap->a_cred;
73 mode_t mask, mode = ap->a_mode;
79 if (ap->a_flags & AT_EACCESS) {
80 proc_uid = cred->cr_uid;
81 proc_gid = cred->cr_gid;
83 proc_uid = cred->cr_ruid;
84 proc_gid = cred->cr_rgid;
88 * Disallow write attempts on read-only filesystems;
89 * unless the file is a socket, fifo, or a block or
90 * character device resident on the filesystem.
98 if (vp->v_mount->mnt_flag & MNT_RDONLY)
106 /* If immutable bit set, nobody gets to write it. */
107 if ((mode & VWRITE) && (ino_flags & IMMUTABLE))
110 /* Otherwise, user id 0 always gets access. */
116 /* Otherwise, check the owner. */
117 if (proc_uid == ino_uid) {
124 return ((ino_mode & mask) == mask ? 0 : EACCES);
128 * Otherwise, check the groups.
129 * We must special-case the primary group to, if needed, check against
130 * the real gid and not the effective one.
132 if (proc_gid == ino_gid) {
139 return ((ino_mode & mask) == mask ? 0 : EACCES);
141 for (i = 1, gp = &cred->cr_groups[1]; i < cred->cr_ngroups; i++, gp++)
142 if (ino_gid == *gp) {
149 return ((ino_mode & mask) == mask ? 0 : EACCES);
152 /* Otherwise, check everyone else. */
159 return ((ino_mode & mask) == mask ? 0 : EACCES);
163 vop_helper_setattr_flags(u_int32_t *ino_flags, u_int32_t vaflags,
164 uid_t uid, struct ucred *cred)
169 * If uid doesn't match only a privileged user can change the flags
171 if (cred->cr_uid != uid &&
172 (error = priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0))) {
175 if (cred->cr_uid == 0 &&
176 (!jailed(cred)|| jail_chflags_allowed)) {
177 if ((*ino_flags & (SF_NOUNLINK|SF_IMMUTABLE|SF_APPEND)) &&
180 *ino_flags = vaflags;
182 if (*ino_flags & (SF_NOUNLINK|SF_IMMUTABLE|SF_APPEND) ||
183 (vaflags & UF_SETTABLE) != vaflags)
185 *ino_flags &= SF_SETTABLE;
186 *ino_flags |= vaflags & UF_SETTABLE;
192 * This helper function may be used by VFSs to implement UNIX initial
193 * ownership semantics when creating new objects inside directories.
196 vop_helper_create_uid(struct mount *mp, mode_t dmode, uid_t duid,
197 struct ucred *cred, mode_t *modep)
200 if ((mp->mnt_flag & MNT_SUIDDIR) && (dmode & S_ISUID) &&
201 duid != cred->cr_uid && duid) {
206 return(cred->cr_uid);
210 * This helper may be used by VFSs to implement unix chmod semantics.
213 vop_helper_chmod(struct vnode *vp, mode_t new_mode, struct ucred *cred,
214 uid_t cur_uid, gid_t cur_gid, mode_t *cur_modep)
218 if (cred->cr_uid != cur_uid) {
219 error = priv_check_cred(cred, PRIV_VFS_CHMOD, 0);
224 if (vp->v_type != VDIR && (*cur_modep & S_ISTXT))
226 if (!groupmember(cur_gid, cred) && (*cur_modep & S_ISGID))
229 *cur_modep &= ~ALLPERMS;
230 *cur_modep |= new_mode & ALLPERMS;
235 * This helper may be used by VFSs to implement unix chown semantics.
238 vop_helper_chown(struct vnode *vp, uid_t new_uid, gid_t new_gid,
240 uid_t *cur_uidp, gid_t *cur_gidp, mode_t *cur_modep)
246 if (new_uid == (uid_t)VNOVAL)
248 if (new_gid == (gid_t)VNOVAL)
252 * If we don't own the file, are trying to change the owner
253 * of the file, or are not a member of the target group,
254 * the caller must be privileged or the call fails.
256 if ((cred->cr_uid != *cur_uidp || new_uid != *cur_uidp ||
257 (new_gid != *cur_gidp && !(cred->cr_gid == new_gid ||
258 groupmember(new_gid, cred)))) &&
259 (error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0))) {
270 * DragonFly clears both SUID and SGID if either the owner or
271 * group is changed and root isn't doing it. If root is doing
272 * it we do not clear SUID/SGID.
274 if (cred->cr_uid != 0 && (ouid != new_uid || ogid != new_gid))
275 *cur_modep &= ~(S_ISUID | S_ISGID);