Module Name: src
Committed By: elad
Date: Thu May 7 19:30:31 UTC 2009
Modified Files:
src/sys/fs/msdosfs: msdosfs_vnops.c
src/sys/fs/ptyfs: ptyfs_vnops.c
src/sys/fs/smbfs: smbfs_vnops.c
src/sys/fs/tmpfs: tmpfs_subr.c
src/sys/fs/udf: udf_vnops.c
src/sys/miscfs/genfs: genfs.h genfs_vnops.c
src/sys/ufs/ext2fs: ext2fs_vnops.c
src/sys/ufs/ufs: ufs_vnops.c
Log Message:
Extract the open-coded authorization logic for chtimes() from various
file-systems and put it in a single function, genfs_can_chtimes().
This also makes UDF follow the same policy as all other file-systems.
Mailing list reference:
http://mail-index.netbsd.org/tech-kern/2009/04/27/msg004951.html
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 src/sys/fs/msdosfs/msdosfs_vnops.c
cvs rdiff -u -r1.29 -r1.30 src/sys/fs/ptyfs/ptyfs_vnops.c
cvs rdiff -u -r1.66 -r1.67 src/sys/fs/smbfs/smbfs_vnops.c
cvs rdiff -u -r1.52 -r1.53 src/sys/fs/tmpfs/tmpfs_subr.c
cvs rdiff -u -r1.40 -r1.41 src/sys/fs/udf/udf_vnops.c
cvs rdiff -u -r1.25 -r1.26 src/sys/miscfs/genfs/genfs.h
cvs rdiff -u -r1.170 -r1.171 src/sys/miscfs/genfs/genfs_vnops.c
cvs rdiff -u -r1.85 -r1.86 src/sys/ufs/ext2fs/ext2fs_vnops.c
cvs rdiff -u -r1.175 -r1.176 src/sys/ufs/ufs/ufs_vnops.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/fs/msdosfs/msdosfs_vnops.c
diff -u src/sys/fs/msdosfs/msdosfs_vnops.c:1.58 src/sys/fs/msdosfs/msdosfs_vnops.c:1.59
--- src/sys/fs/msdosfs/msdosfs_vnops.c:1.58 Sat Mar 14 21:04:23 2009
+++ src/sys/fs/msdosfs/msdosfs_vnops.c Thu May 7 19:30:31 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: msdosfs_vnops.c,v 1.58 2009/03/14 21:04:23 dsl Exp $ */
+/* $NetBSD: msdosfs_vnops.c,v 1.59 2009/05/07 19:30:31 elad Exp $ */
/*-
* Copyright (C) 1994, 1995, 1997 Wolfgang Solfrank.
@@ -48,7 +48,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: msdosfs_vnops.c,v 1.58 2009/03/14 21:04:23 dsl Exp $");
+__KERNEL_RCSID(0, "$NetBSD: msdosfs_vnops.c,v 1.59 2009/05/07 19:30:31 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -377,11 +377,9 @@
if (vap->va_atime.tv_sec != VNOVAL || vap->va_mtime.tv_sec != VNOVAL) {
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
- if (kauth_cred_geteuid(cred) != pmp->pm_uid &&
- (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
- NULL)) &&
- ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
- (error = VOP_ACCESS(ap->a_vp, VWRITE, cred))))
+ error = genfs_can_chtimes(ap->a_vp, vap->va_vaflags,
+ pmp->pm_uid, cred);
+ if (error)
return (error);
if ((pmp->pm_flags & MSDOSFSMNT_NOWIN95) == 0 &&
vap->va_atime.tv_sec != VNOVAL)
Index: src/sys/fs/ptyfs/ptyfs_vnops.c
diff -u src/sys/fs/ptyfs/ptyfs_vnops.c:1.29 src/sys/fs/ptyfs/ptyfs_vnops.c:1.30
--- src/sys/fs/ptyfs/ptyfs_vnops.c:1.29 Wed Apr 22 22:57:09 2009
+++ src/sys/fs/ptyfs/ptyfs_vnops.c Thu May 7 19:30:29 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ptyfs_vnops.c,v 1.29 2009/04/22 22:57:09 elad Exp $ */
+/* $NetBSD: ptyfs_vnops.c,v 1.30 2009/05/07 19:30:29 elad Exp $ */
/*
* Copyright (c) 1993, 1995
@@ -76,7 +76,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ptyfs_vnops.c,v 1.29 2009/04/22 22:57:09 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ptyfs_vnops.c,v 1.30 2009/05/07 19:30:29 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -419,11 +419,9 @@
return EROFS;
if ((ptyfs->ptyfs_flags & SF_SNAPSHOT) != 0)
return EPERM;
- if (kauth_cred_geteuid(cred) != ptyfs->ptyfs_uid &&
- (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
- NULL)) &&
- ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
- (error = VOP_ACCESS(vp, VWRITE, cred)) != 0))
+ error = genfs_can_chtimes(vp, vap->va_vaflags, ptyfs->ptyfs_uid,
+ cred);
+ if (error)
return (error);
if (vap->va_atime.tv_sec != VNOVAL)
if (!(vp->v_mount->mnt_flag & MNT_NOATIME))
Index: src/sys/fs/smbfs/smbfs_vnops.c
diff -u src/sys/fs/smbfs/smbfs_vnops.c:1.66 src/sys/fs/smbfs/smbfs_vnops.c:1.67
--- src/sys/fs/smbfs/smbfs_vnops.c:1.66 Sat Mar 14 21:04:24 2009
+++ src/sys/fs/smbfs/smbfs_vnops.c Thu May 7 19:30:30 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: smbfs_vnops.c,v 1.66 2009/03/14 21:04:24 dsl Exp $ */
+/* $NetBSD: smbfs_vnops.c,v 1.67 2009/05/07 19:30:30 elad Exp $ */
/*-
* Copyright (c) 2003 The NetBSD Foundation, Inc.
@@ -64,7 +64,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: smbfs_vnops.c,v 1.66 2009/03/14 21:04:24 dsl Exp $");
+__KERNEL_RCSID(0, "$NetBSD: smbfs_vnops.c,v 1.67 2009/05/07 19:30:30 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -436,13 +436,10 @@
if (vap->va_atime.tv_sec != VNOVAL)
atime = &vap->va_atime;
if (mtime != atime) {
- if (kauth_cred_geteuid(ap->a_cred) !=
- VTOSMBFS(vp)->sm_args.uid &&
- (error = kauth_authorize_generic(ap->a_cred,
- KAUTH_GENERIC_ISSUSER, NULL)) &&
- ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
- (error = VOP_ACCESS(ap->a_vp, VWRITE, ap->a_cred))))
- return (error);
+ error = genfs_can_chtimes(ap->a_vp, vap->va_vaflags,
+ VTOSMBFS(vp)->sm_args.uid, ap->a_cred);
+ if (error)
+ return (error);
#if 0
if (mtime == NULL)
Index: src/sys/fs/tmpfs/tmpfs_subr.c
diff -u src/sys/fs/tmpfs/tmpfs_subr.c:1.52 src/sys/fs/tmpfs/tmpfs_subr.c:1.53
--- src/sys/fs/tmpfs/tmpfs_subr.c:1.52 Wed Apr 22 22:57:09 2009
+++ src/sys/fs/tmpfs/tmpfs_subr.c Thu May 7 19:30:30 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: tmpfs_subr.c,v 1.52 2009/04/22 22:57:09 elad Exp $ */
+/* $NetBSD: tmpfs_subr.c,v 1.53 2009/05/07 19:30:30 elad Exp $ */
/*
* Copyright (c) 2005, 2006, 2007 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.52 2009/04/22 22:57:09 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.53 2009/05/07 19:30:30 elad Exp $");
#include <sys/param.h>
#include <sys/dirent.h>
@@ -55,6 +55,7 @@
#include <uvm/uvm.h>
#include <miscfs/specfs/specdev.h>
+#include <miscfs/genfs/genfs.h>
#include <fs/tmpfs/tmpfs.h>
#include <fs/tmpfs/tmpfs_fifoops.h>
#include <fs/tmpfs/tmpfs_specops.h>
@@ -1184,14 +1185,9 @@
if (node->tn_flags & (IMMUTABLE | APPEND))
return EPERM;
- /* XXX: The following comes from UFS code, and can be found in
- * several other file systems. Shouldn't this be centralized
- * somewhere? */
- if (kauth_cred_geteuid(cred) != node->tn_uid &&
- (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
- NULL)) && ((vaflags & VA_UTIMES_NULL) == 0 ||
- (error = VOP_ACCESS(vp, VWRITE, cred))))
- return error;
+ error = genfs_can_chtimes(vp, vaflags, node->tn_uid, cred);
+ if (error)
+ return (error);
if (atime->tv_sec != VNOVAL && atime->tv_nsec != VNOVAL)
node->tn_status |= TMPFS_NODE_ACCESSED;
Index: src/sys/fs/udf/udf_vnops.c
diff -u src/sys/fs/udf/udf_vnops.c:1.40 src/sys/fs/udf/udf_vnops.c:1.41
--- src/sys/fs/udf/udf_vnops.c:1.40 Wed Apr 22 22:57:09 2009
+++ src/sys/fs/udf/udf_vnops.c Thu May 7 19:30:30 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: udf_vnops.c,v 1.40 2009/04/22 22:57:09 elad Exp $ */
+/* $NetBSD: udf_vnops.c,v 1.41 2009/05/07 19:30:30 elad Exp $ */
/*
* Copyright (c) 2006, 2008 Reinoud Zandijk
@@ -32,7 +32,7 @@
#include <sys/cdefs.h>
#ifndef lint
-__KERNEL_RCSID(0, "$NetBSD: udf_vnops.c,v 1.40 2009/04/22 22:57:09 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: udf_vnops.c,v 1.41 2009/05/07 19:30:30 elad Exp $");
#endif /* not lint */
@@ -1087,9 +1087,8 @@
kauth_cred_t cred)
{
struct udf_node *udf_node = VTOI(vp);
- uid_t euid, uid;
+ uid_t uid;
gid_t gid;
- int issuperuser;
int error;
#ifdef notyet
@@ -1106,19 +1105,9 @@
udf_getownership(udf_node, &uid, &gid);
/* check permissions */
- euid = kauth_cred_geteuid(cred);
- error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL);
- issuperuser = (error == 0);
-
- if (!issuperuser) {
- if (euid != uid)
- return EPERM;
- if ((setattrflags & VA_UTIMES_NULL) == 0) {
- error = VOP_ACCESS(vp, VWRITE, cred);
- if (error)
- return error;
- }
- }
+ error = genfs_can_chtimes(vp, setattrflags, uid, cred);
+ if (error)
+ return (error);
/* update node flags depending on what times are passed */
if (atime->tv_sec != VNOVAL)
Index: src/sys/miscfs/genfs/genfs.h
diff -u src/sys/miscfs/genfs/genfs.h:1.25 src/sys/miscfs/genfs/genfs.h:1.26
--- src/sys/miscfs/genfs/genfs.h:1.25 Sat Apr 25 18:53:44 2009
+++ src/sys/miscfs/genfs/genfs.h Thu May 7 19:30:29 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: genfs.h,v 1.25 2009/04/25 18:53:44 elad Exp $ */
+/* $NetBSD: genfs.h,v 1.26 2009/05/07 19:30:29 elad Exp $ */
#ifndef _MISCFS_GENFS_GENFS_H_
#define _MISCFS_GENFS_GENFS_H_
@@ -39,5 +39,6 @@
int genfs_can_chmod(vnode_t *, kauth_cred_t, uid_t, gid_t, mode_t);
int genfs_can_chown(vnode_t *, kauth_cred_t, uid_t, gid_t, uid_t, gid_t);
int genfs_can_mount(vnode_t *, mode_t, kauth_cred_t);
+int genfs_can_chtimes(vnode_t *, u_int, uid_t, kauth_cred_t);
#endif /* !_MISCFS_GENFS_GENFS_H_ */
Index: src/sys/miscfs/genfs/genfs_vnops.c
diff -u src/sys/miscfs/genfs/genfs_vnops.c:1.170 src/sys/miscfs/genfs/genfs_vnops.c:1.171
--- src/sys/miscfs/genfs/genfs_vnops.c:1.170 Sat Apr 25 18:53:44 2009
+++ src/sys/miscfs/genfs/genfs_vnops.c Thu May 7 19:30:29 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: genfs_vnops.c,v 1.170 2009/04/25 18:53:44 elad Exp $ */
+/* $NetBSD: genfs_vnops.c,v 1.171 2009/05/07 19:30:29 elad Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: genfs_vnops.c,v 1.170 2009/04/25 18:53:44 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: genfs_vnops.c,v 1.171 2009/05/07 19:30:29 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -665,3 +665,31 @@
return (error);
}
+
+int
+genfs_can_chtimes(vnode_t *vp, u_int vaflags, uid_t owner_uid,
+ kauth_cred_t cred)
+{
+ int error;
+
+ /* Must be root, or... */
+ error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL);
+ if (!error)
+ return (0);
+
+ /* must be owner, or... */
+ if (kauth_cred_geteuid(cred) == owner_uid)
+ return (0);
+
+ /* set the times to the current time, and... */
+ if ((vaflags & VA_UTIMES_NULL) == 0)
+ return (EPERM);
+
+ /* have write access. */
+ error = VOP_ACCESS(vp, VWRITE, cred);
+ if (error)
+ return (error);
+
+ return (0);
+}
+
Index: src/sys/ufs/ext2fs/ext2fs_vnops.c
diff -u src/sys/ufs/ext2fs/ext2fs_vnops.c:1.85 src/sys/ufs/ext2fs/ext2fs_vnops.c:1.86
--- src/sys/ufs/ext2fs/ext2fs_vnops.c:1.85 Wed Apr 22 22:57:09 2009
+++ src/sys/ufs/ext2fs/ext2fs_vnops.c Thu May 7 19:30:30 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ext2fs_vnops.c,v 1.85 2009/04/22 22:57:09 elad Exp $ */
+/* $NetBSD: ext2fs_vnops.c,v 1.86 2009/05/07 19:30:30 elad Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1993
@@ -70,7 +70,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.85 2009/04/22 22:57:09 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.86 2009/05/07 19:30:30 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -408,11 +408,8 @@
if (vap->va_atime.tv_sec != VNOVAL || vap->va_mtime.tv_sec != VNOVAL) {
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
- if (kauth_cred_geteuid(cred) != ip->i_uid &&
- (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
- NULL)) &&
- ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
- (error = VOP_ACCESS(vp, VWRITE, cred))))
+ error = genfs_can_chtimes(vp, vap->va_vaflags, ip->i_uid, cred);
+ if (error)
return (error);
if (vap->va_atime.tv_sec != VNOVAL)
if (!(vp->v_mount->mnt_flag & MNT_NOATIME))
Index: src/sys/ufs/ufs/ufs_vnops.c
diff -u src/sys/ufs/ufs/ufs_vnops.c:1.175 src/sys/ufs/ufs/ufs_vnops.c:1.176
--- src/sys/ufs/ufs/ufs_vnops.c:1.175 Wed Apr 22 22:57:09 2009
+++ src/sys/ufs/ufs/ufs_vnops.c Thu May 7 19:30:30 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ufs_vnops.c,v 1.175 2009/04/22 22:57:09 elad Exp $ */
+/* $NetBSD: ufs_vnops.c,v 1.176 2009/05/07 19:30:30 elad Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -66,7 +66,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ufs_vnops.c,v 1.175 2009/04/22 22:57:09 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ufs_vnops.c,v 1.176 2009/05/07 19:30:30 elad Exp $");
#if defined(_KERNEL_OPT)
#include "opt_ffs.h"
@@ -585,12 +585,9 @@
error = EPERM;
goto out;
}
- if (kauth_cred_geteuid(cred) != ip->i_uid &&
- (error = kauth_authorize_generic(cred,
- KAUTH_GENERIC_ISSUSER, NULL)) &&
- ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
- (error = VOP_ACCESS(vp, VWRITE, cred))))
- goto out;
+ error = genfs_can_chtimes(vp, vap->va_vaflags, ip->i_uid, cred);
+ if (error)
+ return (error);
error = UFS_WAPBL_BEGIN(vp->v_mount);
if (error)
goto out;
