Module Name: src Committed By: elad Date: Thu May 7 19:30:31 UTC 2009
Modified Files: src/sys/fs/msdosfs: msdosfs_vnops.c src/sys/fs/ptyfs: ptyfs_vnops.c src/sys/fs/smbfs: smbfs_vnops.c src/sys/fs/tmpfs: tmpfs_subr.c src/sys/fs/udf: udf_vnops.c src/sys/miscfs/genfs: genfs.h genfs_vnops.c src/sys/ufs/ext2fs: ext2fs_vnops.c src/sys/ufs/ufs: ufs_vnops.c Log Message: Extract the open-coded authorization logic for chtimes() from various file-systems and put it in a single function, genfs_can_chtimes(). This also makes UDF follow the same policy as all other file-systems. Mailing list reference: http://mail-index.netbsd.org/tech-kern/2009/04/27/msg004951.html To generate a diff of this commit: cvs rdiff -u -r1.58 -r1.59 src/sys/fs/msdosfs/msdosfs_vnops.c cvs rdiff -u -r1.29 -r1.30 src/sys/fs/ptyfs/ptyfs_vnops.c cvs rdiff -u -r1.66 -r1.67 src/sys/fs/smbfs/smbfs_vnops.c cvs rdiff -u -r1.52 -r1.53 src/sys/fs/tmpfs/tmpfs_subr.c cvs rdiff -u -r1.40 -r1.41 src/sys/fs/udf/udf_vnops.c cvs rdiff -u -r1.25 -r1.26 src/sys/miscfs/genfs/genfs.h cvs rdiff -u -r1.170 -r1.171 src/sys/miscfs/genfs/genfs_vnops.c cvs rdiff -u -r1.85 -r1.86 src/sys/ufs/ext2fs/ext2fs_vnops.c cvs rdiff -u -r1.175 -r1.176 src/sys/ufs/ufs/ufs_vnops.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/fs/msdosfs/msdosfs_vnops.c diff -u src/sys/fs/msdosfs/msdosfs_vnops.c:1.58 src/sys/fs/msdosfs/msdosfs_vnops.c:1.59 --- src/sys/fs/msdosfs/msdosfs_vnops.c:1.58 Sat Mar 14 21:04:23 2009 +++ src/sys/fs/msdosfs/msdosfs_vnops.c Thu May 7 19:30:31 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: msdosfs_vnops.c,v 1.58 2009/03/14 21:04:23 dsl Exp $ */ +/* $NetBSD: msdosfs_vnops.c,v 1.59 2009/05/07 19:30:31 elad Exp $ */ /*- * Copyright (C) 1994, 1995, 1997 Wolfgang Solfrank. @@ -48,7 +48,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: msdosfs_vnops.c,v 1.58 2009/03/14 21:04:23 dsl Exp $"); +__KERNEL_RCSID(0, "$NetBSD: msdosfs_vnops.c,v 1.59 2009/05/07 19:30:31 elad Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -377,11 +377,9 @@ if (vap->va_atime.tv_sec != VNOVAL || vap->va_mtime.tv_sec != VNOVAL) { if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); - if (kauth_cred_geteuid(cred) != pmp->pm_uid && - (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, - NULL)) && - ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || - (error = VOP_ACCESS(ap->a_vp, VWRITE, cred)))) + error = genfs_can_chtimes(ap->a_vp, vap->va_vaflags, + pmp->pm_uid, cred); + if (error) return (error); if ((pmp->pm_flags & MSDOSFSMNT_NOWIN95) == 0 && vap->va_atime.tv_sec != VNOVAL) Index: src/sys/fs/ptyfs/ptyfs_vnops.c diff -u src/sys/fs/ptyfs/ptyfs_vnops.c:1.29 src/sys/fs/ptyfs/ptyfs_vnops.c:1.30 --- src/sys/fs/ptyfs/ptyfs_vnops.c:1.29 Wed Apr 22 22:57:09 2009 +++ src/sys/fs/ptyfs/ptyfs_vnops.c Thu May 7 19:30:29 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: ptyfs_vnops.c,v 1.29 2009/04/22 22:57:09 elad Exp $ */ +/* $NetBSD: ptyfs_vnops.c,v 1.30 2009/05/07 19:30:29 elad Exp $ */ /* * Copyright (c) 1993, 1995 @@ -76,7 +76,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ptyfs_vnops.c,v 1.29 2009/04/22 22:57:09 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ptyfs_vnops.c,v 1.30 2009/05/07 19:30:29 elad Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -419,11 +419,9 @@ return EROFS; if ((ptyfs->ptyfs_flags & SF_SNAPSHOT) != 0) return EPERM; - if (kauth_cred_geteuid(cred) != ptyfs->ptyfs_uid && - (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, - NULL)) && - ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || - (error = VOP_ACCESS(vp, VWRITE, cred)) != 0)) + error = genfs_can_chtimes(vp, vap->va_vaflags, ptyfs->ptyfs_uid, + cred); + if (error) return (error); if (vap->va_atime.tv_sec != VNOVAL) if (!(vp->v_mount->mnt_flag & MNT_NOATIME)) Index: src/sys/fs/smbfs/smbfs_vnops.c diff -u src/sys/fs/smbfs/smbfs_vnops.c:1.66 src/sys/fs/smbfs/smbfs_vnops.c:1.67 --- src/sys/fs/smbfs/smbfs_vnops.c:1.66 Sat Mar 14 21:04:24 2009 +++ src/sys/fs/smbfs/smbfs_vnops.c Thu May 7 19:30:30 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: smbfs_vnops.c,v 1.66 2009/03/14 21:04:24 dsl Exp $ */ +/* $NetBSD: smbfs_vnops.c,v 1.67 2009/05/07 19:30:30 elad Exp $ */ /*- * Copyright (c) 2003 The NetBSD Foundation, Inc. @@ -64,7 +64,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: smbfs_vnops.c,v 1.66 2009/03/14 21:04:24 dsl Exp $"); +__KERNEL_RCSID(0, "$NetBSD: smbfs_vnops.c,v 1.67 2009/05/07 19:30:30 elad Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -436,13 +436,10 @@ if (vap->va_atime.tv_sec != VNOVAL) atime = &vap->va_atime; if (mtime != atime) { - if (kauth_cred_geteuid(ap->a_cred) != - VTOSMBFS(vp)->sm_args.uid && - (error = kauth_authorize_generic(ap->a_cred, - KAUTH_GENERIC_ISSUSER, NULL)) && - ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || - (error = VOP_ACCESS(ap->a_vp, VWRITE, ap->a_cred)))) - return (error); + error = genfs_can_chtimes(ap->a_vp, vap->va_vaflags, + VTOSMBFS(vp)->sm_args.uid, ap->a_cred); + if (error) + return (error); #if 0 if (mtime == NULL) Index: src/sys/fs/tmpfs/tmpfs_subr.c diff -u src/sys/fs/tmpfs/tmpfs_subr.c:1.52 src/sys/fs/tmpfs/tmpfs_subr.c:1.53 --- src/sys/fs/tmpfs/tmpfs_subr.c:1.52 Wed Apr 22 22:57:09 2009 +++ src/sys/fs/tmpfs/tmpfs_subr.c Thu May 7 19:30:30 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: tmpfs_subr.c,v 1.52 2009/04/22 22:57:09 elad Exp $ */ +/* $NetBSD: tmpfs_subr.c,v 1.53 2009/05/07 19:30:30 elad Exp $ */ /* * Copyright (c) 2005, 2006, 2007 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.52 2009/04/22 22:57:09 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.53 2009/05/07 19:30:30 elad Exp $"); #include <sys/param.h> #include <sys/dirent.h> @@ -55,6 +55,7 @@ #include <uvm/uvm.h> #include <miscfs/specfs/specdev.h> +#include <miscfs/genfs/genfs.h> #include <fs/tmpfs/tmpfs.h> #include <fs/tmpfs/tmpfs_fifoops.h> #include <fs/tmpfs/tmpfs_specops.h> @@ -1184,14 +1185,9 @@ if (node->tn_flags & (IMMUTABLE | APPEND)) return EPERM; - /* XXX: The following comes from UFS code, and can be found in - * several other file systems. Shouldn't this be centralized - * somewhere? */ - if (kauth_cred_geteuid(cred) != node->tn_uid && - (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, - NULL)) && ((vaflags & VA_UTIMES_NULL) == 0 || - (error = VOP_ACCESS(vp, VWRITE, cred)))) - return error; + error = genfs_can_chtimes(vp, vaflags, node->tn_uid, cred); + if (error) + return (error); if (atime->tv_sec != VNOVAL && atime->tv_nsec != VNOVAL) node->tn_status |= TMPFS_NODE_ACCESSED; Index: src/sys/fs/udf/udf_vnops.c diff -u src/sys/fs/udf/udf_vnops.c:1.40 src/sys/fs/udf/udf_vnops.c:1.41 --- src/sys/fs/udf/udf_vnops.c:1.40 Wed Apr 22 22:57:09 2009 +++ src/sys/fs/udf/udf_vnops.c Thu May 7 19:30:30 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: udf_vnops.c,v 1.40 2009/04/22 22:57:09 elad Exp $ */ +/* $NetBSD: udf_vnops.c,v 1.41 2009/05/07 19:30:30 elad Exp $ */ /* * Copyright (c) 2006, 2008 Reinoud Zandijk @@ -32,7 +32,7 @@ #include <sys/cdefs.h> #ifndef lint -__KERNEL_RCSID(0, "$NetBSD: udf_vnops.c,v 1.40 2009/04/22 22:57:09 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: udf_vnops.c,v 1.41 2009/05/07 19:30:30 elad Exp $"); #endif /* not lint */ @@ -1087,9 +1087,8 @@ kauth_cred_t cred) { struct udf_node *udf_node = VTOI(vp); - uid_t euid, uid; + uid_t uid; gid_t gid; - int issuperuser; int error; #ifdef notyet @@ -1106,19 +1105,9 @@ udf_getownership(udf_node, &uid, &gid); /* check permissions */ - euid = kauth_cred_geteuid(cred); - error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL); - issuperuser = (error == 0); - - if (!issuperuser) { - if (euid != uid) - return EPERM; - if ((setattrflags & VA_UTIMES_NULL) == 0) { - error = VOP_ACCESS(vp, VWRITE, cred); - if (error) - return error; - } - } + error = genfs_can_chtimes(vp, setattrflags, uid, cred); + if (error) + return (error); /* update node flags depending on what times are passed */ if (atime->tv_sec != VNOVAL) Index: src/sys/miscfs/genfs/genfs.h diff -u src/sys/miscfs/genfs/genfs.h:1.25 src/sys/miscfs/genfs/genfs.h:1.26 --- src/sys/miscfs/genfs/genfs.h:1.25 Sat Apr 25 18:53:44 2009 +++ src/sys/miscfs/genfs/genfs.h Thu May 7 19:30:29 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: genfs.h,v 1.25 2009/04/25 18:53:44 elad Exp $ */ +/* $NetBSD: genfs.h,v 1.26 2009/05/07 19:30:29 elad Exp $ */ #ifndef _MISCFS_GENFS_GENFS_H_ #define _MISCFS_GENFS_GENFS_H_ @@ -39,5 +39,6 @@ int genfs_can_chmod(vnode_t *, kauth_cred_t, uid_t, gid_t, mode_t); int genfs_can_chown(vnode_t *, kauth_cred_t, uid_t, gid_t, uid_t, gid_t); int genfs_can_mount(vnode_t *, mode_t, kauth_cred_t); +int genfs_can_chtimes(vnode_t *, u_int, uid_t, kauth_cred_t); #endif /* !_MISCFS_GENFS_GENFS_H_ */ Index: src/sys/miscfs/genfs/genfs_vnops.c diff -u src/sys/miscfs/genfs/genfs_vnops.c:1.170 src/sys/miscfs/genfs/genfs_vnops.c:1.171 --- src/sys/miscfs/genfs/genfs_vnops.c:1.170 Sat Apr 25 18:53:44 2009 +++ src/sys/miscfs/genfs/genfs_vnops.c Thu May 7 19:30:29 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: genfs_vnops.c,v 1.170 2009/04/25 18:53:44 elad Exp $ */ +/* $NetBSD: genfs_vnops.c,v 1.171 2009/05/07 19:30:29 elad Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -57,7 +57,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: genfs_vnops.c,v 1.170 2009/04/25 18:53:44 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: genfs_vnops.c,v 1.171 2009/05/07 19:30:29 elad Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -665,3 +665,31 @@ return (error); } + +int +genfs_can_chtimes(vnode_t *vp, u_int vaflags, uid_t owner_uid, + kauth_cred_t cred) +{ + int error; + + /* Must be root, or... */ + error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL); + if (!error) + return (0); + + /* must be owner, or... */ + if (kauth_cred_geteuid(cred) == owner_uid) + return (0); + + /* set the times to the current time, and... */ + if ((vaflags & VA_UTIMES_NULL) == 0) + return (EPERM); + + /* have write access. */ + error = VOP_ACCESS(vp, VWRITE, cred); + if (error) + return (error); + + return (0); +} + Index: src/sys/ufs/ext2fs/ext2fs_vnops.c diff -u src/sys/ufs/ext2fs/ext2fs_vnops.c:1.85 src/sys/ufs/ext2fs/ext2fs_vnops.c:1.86 --- src/sys/ufs/ext2fs/ext2fs_vnops.c:1.85 Wed Apr 22 22:57:09 2009 +++ src/sys/ufs/ext2fs/ext2fs_vnops.c Thu May 7 19:30:30 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: ext2fs_vnops.c,v 1.85 2009/04/22 22:57:09 elad Exp $ */ +/* $NetBSD: ext2fs_vnops.c,v 1.86 2009/05/07 19:30:30 elad Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1993 @@ -70,7 +70,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.85 2009/04/22 22:57:09 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.86 2009/05/07 19:30:30 elad Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -408,11 +408,8 @@ if (vap->va_atime.tv_sec != VNOVAL || vap->va_mtime.tv_sec != VNOVAL) { if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); - if (kauth_cred_geteuid(cred) != ip->i_uid && - (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, - NULL)) && - ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || - (error = VOP_ACCESS(vp, VWRITE, cred)))) + error = genfs_can_chtimes(vp, vap->va_vaflags, ip->i_uid, cred); + if (error) return (error); if (vap->va_atime.tv_sec != VNOVAL) if (!(vp->v_mount->mnt_flag & MNT_NOATIME)) Index: src/sys/ufs/ufs/ufs_vnops.c diff -u src/sys/ufs/ufs/ufs_vnops.c:1.175 src/sys/ufs/ufs/ufs_vnops.c:1.176 --- src/sys/ufs/ufs/ufs_vnops.c:1.175 Wed Apr 22 22:57:09 2009 +++ src/sys/ufs/ufs/ufs_vnops.c Thu May 7 19:30:30 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: ufs_vnops.c,v 1.175 2009/04/22 22:57:09 elad Exp $ */ +/* $NetBSD: ufs_vnops.c,v 1.176 2009/05/07 19:30:30 elad Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. @@ -66,7 +66,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ufs_vnops.c,v 1.175 2009/04/22 22:57:09 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ufs_vnops.c,v 1.176 2009/05/07 19:30:30 elad Exp $"); #if defined(_KERNEL_OPT) #include "opt_ffs.h" @@ -585,12 +585,9 @@ error = EPERM; goto out; } - if (kauth_cred_geteuid(cred) != ip->i_uid && - (error = kauth_authorize_generic(cred, - KAUTH_GENERIC_ISSUSER, NULL)) && - ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || - (error = VOP_ACCESS(vp, VWRITE, cred)))) - goto out; + error = genfs_can_chtimes(vp, vap->va_vaflags, ip->i_uid, cred); + if (error) + return (error); error = UFS_WAPBL_BEGIN(vp->v_mount); if (error) goto out;