Date: Fri, 14 Mar 2003 12:28:09 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 26892 for review Message-ID: <200303142028.h2EKS975037827@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=26892 Change 26892 by rwatson@rwatson_paprika on 2003/03/14 12:27:36 First pass at restructuring handling of umask in the creation of new file system objects. In order to permit the file system to override the umask, as done on Solaris and Linux with default ACLs, composition of the requested mode and mask must be done at the file system level. Currently, it's done by the caller of the VOP; this set of changes adds cmask arguments to the vnode operations that involve creation: VOP_CREATE() VOP_MKNOD() VOP_MKDIR() VOP_SYMLINK() In addition, the the vn_open() and vn_open_cred() wrapper functions which may invoke VOP_CREATE(). All consumers of these interfaces have been updated to avoid local calculation of the resulting mode and instead to pass it in explicitly. Note all providers of these interfaces have been updated yet. Unionfs required special handling because it cached a creation mode for new files; it now also caches the creation mask. Semantics are intended to be identical in the before and after case, since I haven't yet made modifications to UFS to use the ACL_MASK entry instead of the umask in the event there is a default ACL with a mask. Note that in some cases, errors in current logic are highlighted, including inconsistent use of ALLPERMS vs ACCESSPERMS, situations where the mask should have been applied but wasn't, and situtions where the locking of the p_fd structure is inconsistent (sometimes we lock it, sometimes we don't). Affected files ... .. //depot/projects/trustedbsd/acl/sys/coda/coda_vnops.c#3 edit .. //depot/projects/trustedbsd/acl/sys/dev/ccd/ccd.c#4 edit .. //depot/projects/trustedbsd/acl/sys/dev/md/md.c#3 edit .. //depot/projects/trustedbsd/acl/sys/dev/raidframe/rf_freebsdkintf.c#3 edit .. //depot/projects/trustedbsd/acl/sys/fs/hpfs/hpfs_lookup.c#2 edit .. //depot/projects/trustedbsd/acl/sys/fs/hpfs/hpfs_subr.h#2 edit .. //depot/projects/trustedbsd/acl/sys/fs/hpfs/hpfs_vnops.c#4 edit .. //depot/projects/trustedbsd/acl/sys/fs/msdosfs/msdosfs_vnops.c#4 edit .. //depot/projects/trustedbsd/acl/sys/fs/nwfs/nwfs_vnops.c#3 edit .. //depot/projects/trustedbsd/acl/sys/fs/smbfs/smbfs_vnops.c#3 edit .. //depot/projects/trustedbsd/acl/sys/fs/unionfs/union.h#2 edit .. //depot/projects/trustedbsd/acl/sys/fs/unionfs/union_subr.c#3 edit .. //depot/projects/trustedbsd/acl/sys/fs/unionfs/union_vfsops.c#3 edit .. //depot/projects/trustedbsd/acl/sys/fs/unionfs/union_vnops.c#3 edit .. //depot/projects/trustedbsd/acl/sys/gnu/ext2fs/ext2_vnops.c#3 edit .. //depot/projects/trustedbsd/acl/sys/kern/kern_acct.c#3 edit .. //depot/projects/trustedbsd/acl/sys/kern/kern_alq.c#3 edit .. //depot/projects/trustedbsd/acl/sys/kern/kern_descrip.c#4 edit .. //depot/projects/trustedbsd/acl/sys/kern/kern_ktrace.c#3 edit .. //depot/projects/trustedbsd/acl/sys/kern/kern_linker.c#3 edit .. //depot/projects/trustedbsd/acl/sys/kern/kern_mac.c#3 edit .. //depot/projects/trustedbsd/acl/sys/kern/kern_sig.c#4 edit .. //depot/projects/trustedbsd/acl/sys/kern/link_elf.c#3 edit .. //depot/projects/trustedbsd/acl/sys/kern/tty_cons.c#3 edit .. //depot/projects/trustedbsd/acl/sys/kern/uipc_usrreq.c#4 edit .. //depot/projects/trustedbsd/acl/sys/kern/vfs_syscalls.c#3 edit .. //depot/projects/trustedbsd/acl/sys/kern/vfs_vnops.c#4 edit .. //depot/projects/trustedbsd/acl/sys/kern/vnode_if.src#4 edit .. //depot/projects/trustedbsd/acl/sys/nfsclient/nfs_lock.c#3 edit .. //depot/projects/trustedbsd/acl/sys/nfsclient/nfs_vnops.c#4 edit .. //depot/projects/trustedbsd/acl/sys/nfsserver/nfs_serv.c#4 edit .. //depot/projects/trustedbsd/acl/sys/security/mac_biba/mac_biba.c#3 edit .. //depot/projects/trustedbsd/acl/sys/security/mac_lomac/mac_lomac.c#3 edit .. //depot/projects/trustedbsd/acl/sys/security/mac_mls/mac_mls.c#3 edit .. //depot/projects/trustedbsd/acl/sys/security/mac_none/mac_none.c#2 edit .. //depot/projects/trustedbsd/acl/sys/security/mac_test/mac_test.c#2 edit .. //depot/projects/trustedbsd/acl/sys/sys/mac.h#3 edit .. //depot/projects/trustedbsd/acl/sys/sys/mac_policy.h#3 edit .. //depot/projects/trustedbsd/acl/sys/sys/vnode.h#5 edit .. //depot/projects/trustedbsd/acl/sys/ufs/ffs/ffs_snapshot.c#4 edit .. //depot/projects/trustedbsd/acl/sys/ufs/ufs/ufs_quota.c#3 edit Differences ... ==== //depot/projects/trustedbsd/acl/sys/coda/coda_vnops.c#3 (text+ko) ==== @@ -1132,6 +1132,7 @@ struct vnode *dvp = ap->a_dvp; struct cnode *dcp = VTOC(dvp); struct vattr *va = ap->a_vap; + int cmask = ap->a_cmask; int exclusive = 1; int mode = ap->a_vap->va_mode; struct vnode **vpp = ap->a_vpp; @@ -1151,6 +1152,8 @@ /* All creates are exclusive XXX */ /* I'm assuming the 'mode' argument is the file mode bits XXX */ + mode ~= cmask; + /* Check for create of control object. */ if (IS_CTL_NAME(dvp, nm, len)) { *vpp = (struct vnode *)0; ==== //depot/projects/trustedbsd/acl/sys/dev/ccd/ccd.c#4 (text+ko) ==== @@ -1208,7 +1208,7 @@ NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, path, td); flags = FREAD | FWRITE; - if ((error = vn_open(&nd, &flags, 0)) != 0) { + if ((error = vn_open(&nd, &flags, 0, 0)) != 0) { return (error); } vp = nd.ni_vp; ==== //depot/projects/trustedbsd/acl/sys/dev/md/md.c#3 (text+ko) ==== @@ -845,13 +845,13 @@ flags = FREAD|FWRITE; NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, mdio->md_file, td); - error = vn_open(&nd, &flags, 0); + error = vn_open(&nd, &flags, 0, 0); if (error) { if (error != EACCES && error != EPERM && error != EROFS) return (error); flags &= ~FWRITE; NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, mdio->md_file, td); - error = vn_open(&nd, &flags, 0); + error = vn_open(&nd, &flags, 0, 0); if (error) return (error); } ==== //depot/projects/trustedbsd/acl/sys/dev/raidframe/rf_freebsdkintf.c#3 (text+ko) ==== @@ -1737,7 +1737,7 @@ NDINIT(nd, LOOKUP, FOLLOW, UIO_SYSSPACE, path, curthread); flags = FREAD | FWRITE; - if ((error = vn_open(nd, &flags, 0)) != 0) { + if ((error = vn_open(nd, &flags, 0, 0)) != 0) { rf_printf(2, "RAIDframe: vn_open returned %d\n", error); goto end1; } ==== //depot/projects/trustedbsd/acl/sys/fs/hpfs/hpfs_lookup.c#2 (text+ko) ==== @@ -112,7 +112,8 @@ struct vnode * dvp, struct vnode ** vpp, struct componentname *cnp, - struct vattr *vap) + struct vattr *vap + int cmask) { #ifdef HPFS_DEBUG register struct hpfsnode *dhp = VTOHP(dvp); ==== //depot/projects/trustedbsd/acl/sys/fs/hpfs/hpfs_subr.h#2 (text+ko) ==== @@ -66,7 +66,7 @@ struct buf **, struct hpfsdirent **); int hpfs_makefnode (struct vnode *, struct vnode **, - struct componentname *, struct vattr *); + struct componentname *, struct vattr *, int); int hpfs_removefnode (struct vnode *, struct vnode *, struct componentname *); ==== //depot/projects/trustedbsd/acl/sys/fs/hpfs/hpfs_vnops.c#4 (text+ko) ==== @@ -1171,6 +1171,7 @@ struct vnode **a_vpp; struct componentname *a_cnp; struct vattr *a_vap; + int a_cmask; } */ *ap; { int error; @@ -1181,7 +1182,8 @@ if (!(ap->a_cnp->cn_flags & HASBUF)) panic ("hpfs_create: no name\n"); - error = hpfs_makefnode (ap->a_dvp, ap->a_vpp, ap->a_cnp, ap->a_vap); + error = hpfs_makefnode (ap->a_dvp, ap->a_vpp, ap->a_cnp, ap->a_vap, + cmask); return (error); } ==== //depot/projects/trustedbsd/acl/sys/fs/msdosfs/msdosfs_vnops.c#4 (text+ko) ==== @@ -133,6 +133,7 @@ struct vnode **a_vpp; struct componentname *a_cnp; struct vattr *a_vap; + int a_cmask; } */ *ap; { struct componentname *cnp = ap->a_cnp; @@ -140,6 +141,7 @@ struct denode *dep; struct denode *pdep = VTODE(ap->a_dvp); struct timespec ts; + u_short mode int error; #ifdef MSDOSFS_DEBUG @@ -172,7 +174,11 @@ if (error) goto bad; - ndirent.de_Attributes = (ap->a_vap->va_mode & VWRITE) ? + /* + * XXXACL: bogus comparison? Should be 0000200 (S_IWUSR). + */ + mode = ap->a_vap->va_mode &~ ap->a_cmask; + ndirent.de_Attributes = (mode & VWRITE) ? ATTR_ARCHIVE : ATTR_ARCHIVE | ATTR_READONLY; ndirent.de_LowerCase = 0; ndirent.de_StartCluster = 0; ==== //depot/projects/trustedbsd/acl/sys/fs/nwfs/nwfs_vnops.c#3 (text+ko) ==== @@ -414,6 +414,7 @@ struct vnode **a_vpp; struct componentname *a_cnp; struct vattr *a_vap; + int a_cmask; } */ *ap; { struct vnode *dvp = ap->a_dvp; ==== //depot/projects/trustedbsd/acl/sys/fs/smbfs/smbfs_vnops.c#3 (text+ko) ==== @@ -521,6 +521,7 @@ struct vnode **a_vpp; struct componentname *a_cnp; struct vattr *a_vap; + int a_cmask; } */ *ap; { struct vnode *dvp = ap->a_dvp; ==== //depot/projects/trustedbsd/acl/sys/fs/unionfs/union.h#2 (text+ko) ==== @@ -46,7 +46,8 @@ struct vnode *um_uppervp; /* UN_ULOCK holds locking state */ struct vnode *um_lowervp; /* Left unlocked */ struct ucred *um_cred; /* Credentials of user calling mount */ - int um_cmode; /* cmask from mount process */ + int um_cmode; /* cmode from mount process */ + int um_cmask; /* umask from mount process */ int um_op; /* Operation mode */ }; ==== //depot/projects/trustedbsd/acl/sys/fs/unionfs/union_subr.c#3 (text+ko) ==== @@ -959,7 +959,7 @@ /* VOP_LEASE: dvp is locked */ VOP_LEASE(dvp, td, cn.cn_cred, LEASE_WRITE); - error = VOP_MKDIR(dvp, vpp, &cn, &va); + error = VOP_MKDIR(dvp, vpp, &cn, &va, um->um_cmask); if (cn.cn_flags & HASBUF) { uma_zfree(namei_zone, cn.cn_pnbuf); cn.cn_flags &= ~HASBUF; @@ -1050,13 +1050,14 @@ struct vattr *vap = &vat; int fmode = FFLAGS(O_WRONLY|O_CREAT|O_TRUNC|O_EXCL); int error; - int cmode; + int cmode, cmask; struct componentname cn; *vpp = NULLVP; FILEDESC_LOCK(td->td_proc->p_fd); - cmode = UN_FILEMODE & ~td->td_proc->p_fd->fd_cmask; + cmask = td->td_proc->p_fd->fd_cmask; FILEDESC_UNLOCK(td->td_proc->p_fd); + cmode = UN_FILEMODE; /* * Build a new componentname structure (for the same @@ -1118,7 +1119,7 @@ vap->va_type = VREG; vap->va_mode = cmode; VOP_LEASE(un->un_dirvp, td, cred, LEASE_WRITE); - error = VOP_CREATE(un->un_dirvp, &vp, &cn, vap); + error = VOP_CREATE(un->un_dirvp, &vp, &cn, vap, cmask); if (cn.cn_flags & HASBUF) { uma_zfree(namei_zone, cn.cn_pnbuf); cn.cn_flags &= ~HASBUF; ==== //depot/projects/trustedbsd/acl/sys/fs/unionfs/union_vfsops.c#3 (text+ko) ==== @@ -246,8 +246,9 @@ um->um_cred = crhold(td->td_ucred); FILEDESC_LOCK(td->td_proc->p_fd); - um->um_cmode = UN_DIRMODE &~ td->td_proc->p_fd->fd_cmask; + um->um_cmask = td->td_proc->p_fd->fd_cmask; FILEDESC_UNLOCK(td->td_proc->p_fd); + um->um_cmode = UN_DIRMODE; /* * Depending on what you think the MNT_LOCAL flag might mean, ==== //depot/projects/trustedbsd/acl/sys/fs/unionfs/union_vnops.c#3 (text+ko) ==== @@ -631,6 +631,7 @@ struct vnode **a_vpp; struct componentname *a_cnp; struct vattr *a_vap; + int a_cmask; } */ *ap; { struct union_node *dun = VTOUNION(ap->a_dvp); @@ -643,7 +644,7 @@ struct vnode *vp; struct mount *mp; - error = VOP_CREATE(dvp, &vp, cnp, ap->a_vap); + error = VOP_CREATE(dvp, &vp, cnp, ap->a_vap, ap->a_cmask); if (error == 0) { mp = ap->a_dvp->v_mount; VOP_UNLOCK(vp, 0, td); @@ -699,7 +700,7 @@ int error = EROFS; if ((dvp = union_lock_upper(dun, cnp->cn_thread)) != NULL) { - error = VOP_MKNOD(dvp, ap->a_vpp, cnp, ap->a_vap); + error = VOP_MKNOD(dvp, ap->a_vpp, cnp, ap->a_vap, ap->a_cmask); union_unlock_upper(dvp, cnp->cn_thread); } return (error); @@ -1473,6 +1474,7 @@ struct vnode **a_vpp; struct componentname *a_cnp; struct vattr *a_vap; + int a_cmask; } */ *ap; { struct union_node *dun = VTOUNION(ap->a_dvp); @@ -1484,7 +1486,7 @@ if ((upperdvp = union_lock_upper(dun, td)) != NULLVP) { struct vnode *vp; - error = VOP_MKDIR(upperdvp, &vp, cnp, ap->a_vap); + error = VOP_MKDIR(upperdvp, &vp, cnp, ap->a_vap, ap->a_cmask); union_unlock_upper(upperdvp, td); if (error == 0) { @@ -1546,6 +1548,7 @@ struct componentname *a_cnp; struct vattr *a_vap; char *a_target; + int a_cmask; } */ *ap; { struct union_node *dun = VTOUNION(ap->a_dvp); @@ -1556,7 +1559,7 @@ if ((dvp = union_lock_upper(dun, td)) != NULLVP) { error = VOP_SYMLINK(dvp, ap->a_vpp, cnp, ap->a_vap, - ap->a_target); + ap->a_target, ap->a_cmask); union_unlock_upper(dvp, td); } return (error); ==== //depot/projects/trustedbsd/acl/sys/gnu/ext2fs/ext2_vnops.c#3 (text+ko) ==== @@ -280,13 +280,16 @@ struct vnode **a_vpp; struct componentname *a_cnp; struct vattr *a_vap; + int a_cmask; } */ *ap; { + u_short mode; int error; + mode = ap->a_vap->va_mode &~ ap->a_cmask; error = - ext2_makeinode(MAKEIMODE(ap->a_vap->va_type, ap->a_vap->va_mode), - ap->a_dvp, ap->a_vpp, ap->a_cnp); + ext2_makeinode(MAKEIMODE(ap->a_vap->va_type, mode), ap->a_dvp, + ap->a_vpp, ap->a_cnp); if (error) return (error); return (0); ==== //depot/projects/trustedbsd/acl/sys/kern/kern_acct.c#3 (text+ko) ==== @@ -142,7 +142,7 @@ if (uap->path != NULL) { NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td); flags = FWRITE | O_APPEND; - error = vn_open(&nd, &flags, 0); + error = vn_open(&nd, &flags, 0, 0); if (error) goto done2; NDFREE(&nd, NDF_ONLY_PNBUF); ==== //depot/projects/trustedbsd/acl/sys/kern/kern_alq.c#3 (text+ko) ==== @@ -334,7 +334,7 @@ struct ale *alp; struct alq *alq; char *bufp; - int flags; + int cmask, flags; int error; int i; @@ -344,7 +344,13 @@ NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, file, td); flags = FWRITE | O_NOFOLLOW | O_CREAT; - error = vn_open(&nd, &flags, 0); + /* + * XXXACL: creation mask here? + */ + FILEDESC_LOCK(td->td_proc->p_fd); + cmask = td->td_proc->p_fd->fd_cmask; + FILEDESC_UNLOCK(td->td_proc->p_fd); + error = vn_open(&nd, &flags, ACCESSPERMS, cmask); if (error) return (error); ==== //depot/projects/trustedbsd/acl/sys/kern/kern_descrip.c#4 (text+ko) ==== @@ -1588,7 +1588,7 @@ NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, "/dev/null", td); flags = FREAD | FWRITE; - error = vn_open(&nd, &flags, 0); + error = vn_open(&nd, &flags, 0, 0); if (error != 0) { FILEDESC_LOCK(fdp); fdp->fd_ofiles[fd] = NULL; ==== //depot/projects/trustedbsd/acl/sys/kern/kern_ktrace.c#3 (text+ko) ==== @@ -506,7 +506,7 @@ */ NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->fname, td); flags = FREAD | FWRITE | O_NOFOLLOW; - error = vn_open(&nd, &flags, 0); + error = vn_open(&nd, &flags, 0, 0); if (error) { td->td_inktrace = 0; return (error); ==== //depot/projects/trustedbsd/acl/sys/kern/kern_linker.c#3 (text+ko) ==== @@ -1391,7 +1391,7 @@ */ NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, result, td); flags = FREAD; - error = vn_open(&nd, &flags, 0); + error = vn_open(&nd, &flags, 0, 0); if (error == 0) { NDFREE(&nd, NDF_ONLY_PNBUF); type = nd.ni_vp->v_type; @@ -1439,7 +1439,7 @@ NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, pathbuf, td); flags = FREAD; - error = vn_open(&nd, &flags, 0); + error = vn_open(&nd, &flags, 0, 0); if (error) goto bad; NDFREE(&nd, NDF_ONLY_PNBUF); ==== //depot/projects/trustedbsd/acl/sys/kern/kern_mac.c#3 (text+ko) ==== @@ -1425,7 +1425,7 @@ int mac_check_vnode_create(struct ucred *cred, struct vnode *dvp, - struct componentname *cnp, struct vattr *vap) + struct componentname *cnp, struct vattr *vap, int cmask) { int error; @@ -1434,7 +1434,8 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_create, cred, dvp, &dvp->v_label, cnp, vap); + MAC_CHECK(check_vnode_create, cred, dvp, &dvp->v_label, cnp, vap, + cmask); return (error); } ==== //depot/projects/trustedbsd/acl/sys/kern/kern_sig.c#4 (text+ko) ==== @@ -2067,7 +2067,7 @@ struct flock lf; struct nameidata nd; struct vattr vattr; - int error, error1, flags; + int cmask, error, error1, flags; struct mount *mp; char *name; /* name of corefile */ off_t limit; @@ -2101,7 +2101,13 @@ return (EINVAL); NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, td); /* XXXKSE */ flags = O_CREAT | FWRITE | O_NOFOLLOW; - error = vn_open(&nd, &flags, S_IRUSR | S_IWUSR); + /* + * XXXACL: creation mask here? */ + */ + FILEDESC_LOCK(td->td_proc->p_fd); + cmask = td->td_proc->p_fd->fd_cmask; + FILEDESC_UNLOCK(td->td_proc->p_fd); + error = vn_open(&nd, &flags, S_IRUSR | S_IWUSR, cmask); free(name, M_TEMP); if (error) return (error); ==== //depot/projects/trustedbsd/acl/sys/kern/link_elf.c#3 (text+ko) ==== @@ -556,7 +556,7 @@ NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, filename, td); flags = FREAD; - error = vn_open(&nd, &flags, 0); + error = vn_open(&nd, &flags, 0, 0); if (error) return error; NDFREE(&nd, NDF_ONLY_PNBUF); ==== //depot/projects/trustedbsd/acl/sys/kern/tty_cons.c#3 (text+ko) ==== @@ -364,7 +364,10 @@ } snprintf(path, sizeof(path), "/dev/%s", cnd->cnd_name); NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, path, td); - error = vn_open(&nd, &openflag, 0); + /* + * XXXACL: Might O_CREAT get passed in here? + */ + error = vn_open(&nd, &openflag, 0, 0); if (error == 0) { NDFREE(&nd, NDF_ONLY_PNBUF); VOP_UNLOCK(nd.ni_vp, 0, td); ==== //depot/projects/trustedbsd/acl/sys/kern/uipc_usrreq.c#4 (text+ko) ==== @@ -599,7 +599,7 @@ struct vnode *vp; struct mount *mp; struct vattr vattr; - int error, namelen; + int cmask, error, namelen; struct nameidata nd; char *buf; @@ -641,16 +641,20 @@ } goto restart; } + FILEDESC_LOCK(td->td_proc->p_fd); + cmask = td->td_proc->p_fd->fd_cmask; + FILEDESC_UNLOCK(td->td_proc->p_fd); VATTR_NULL(&vattr); vattr.va_type = VSOCK; - vattr.va_mode = (ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask); + vattr.va_mode = ACCESSPERMS; #ifdef MAC error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, - &vattr); + &vattr, cmask); #endif if (error == 0) { VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); - error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); + error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, + cmask); } NDFREE(&nd, NDF_ONLY_PNBUF); vput(nd.ni_dvp); ==== //depot/projects/trustedbsd/acl/sys/kern/vfs_syscalls.c#3 (text+ko) ==== @@ -638,7 +638,7 @@ struct vnode *vp; struct vattr vat; struct mount *mp; - int cmode, oflags; + int cmask, cmode, oflags; struct file *nfp; int type, indx, error; struct flock lf; @@ -652,7 +652,11 @@ if (error) return (error); fp = nfp; - cmode = ((mode &~ fdp->fd_cmask) & ALLPERMS) &~ S_ISTXT; + /* + * XXXACL: fdp lock? + */ + cmode = (mode & ALLPERMS) &~ S_ISTXT; + cmask = fdp->fd_cmask; NDINIT(&nd, LOOKUP, FOLLOW, pathseg, path, td); td->td_dupfd = -indx - 1; /* XXX check for fdopen */ /* @@ -660,7 +664,7 @@ * the descriptor while we are blocked in vn_open() */ fhold(fp); - error = vn_open(&nd, &flags, cmode); + error = vn_open(&nd, &flags, cmode, cmask); if (error) { /* * release our own reference @@ -846,7 +850,7 @@ struct vnode *vp; struct mount *mp; struct vattr vattr; - int error; + int cmask, error; int whiteout = 0; struct nameidata nd; @@ -873,9 +877,9 @@ } else { VATTR_NULL(&vattr); FILEDESC_LOCK(td->td_proc->p_fd); - vattr.va_mode = (mode & ALLPERMS) & - ~td->td_proc->p_fd->fd_cmask; + cmask = td->td_proc->p_fd->fd_cmask; FILEDESC_UNLOCK(td->td_proc->p_fd); + vattr.va_mode = mode & ALLPERMS; vattr.va_rdev = dev; whiteout = 0; @@ -907,7 +911,7 @@ #ifdef MAC if (error == 0 && !whiteout) error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, - &nd.ni_cnd, &vattr); + &nd.ni_cnd, &vattr, cmask); #endif if (!error) { VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); @@ -915,7 +919,7 @@ error = VOP_WHITEOUT(nd.ni_dvp, &nd.ni_cnd, CREATE); else { error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, - &nd.ni_cnd, &vattr); + &nd.ni_cnd, &vattr, cmask); if (error == 0) vput(nd.ni_vp); } @@ -955,7 +959,7 @@ { struct mount *mp; struct vattr vattr; - int error; + int cmask, error; struct nameidata nd; restart: @@ -979,16 +983,17 @@ VATTR_NULL(&vattr); vattr.va_type = VFIFO; FILEDESC_LOCK(td->td_proc->p_fd); - vattr.va_mode = (mode & ALLPERMS) & ~td->td_proc->p_fd->fd_cmask; + cmask = td->td_proc->p_fd->fd_cmask; FILEDESC_UNLOCK(td->td_proc->p_fd); + vattr.va_mode = mode & ALLPERMS; #ifdef MAC error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, - &vattr); + &vattr, cmask); if (error) goto out; #endif VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); - error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); + error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, cmask); if (error == 0) vput(nd.ni_vp); #ifdef MAC @@ -1130,17 +1135,19 @@ } VATTR_NULL(&vattr); FILEDESC_LOCK(td->td_proc->p_fd); - vattr.va_mode = ACCESSPERMS &~ td->td_proc->p_fd->fd_cmask; + cmask = td->td_proc->p_fd->fd_cmask; FILEDESC_UNLOCK(td->td_proc->p_fd); + vattr.va_mode = ACCESSPERMS; #ifdef MAC vattr.va_type = VLNK; error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, - &vattr); + &vattr, cmask); if (error) goto out2; #endif VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); - error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, syspath); + error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, syspath, + cmask); if (error == 0) vput(nd.ni_vp); #ifdef MAC @@ -2890,7 +2897,7 @@ struct mount *mp; struct vnode *vp; struct vattr vattr; - int error; + int cmask, error; struct nameidata nd; restart: @@ -2924,16 +2931,17 @@ VATTR_NULL(&vattr); vattr.va_type = VDIR; FILEDESC_LOCK(td->td_proc->p_fd); - vattr.va_mode = (mode & ACCESSPERMS) &~ td->td_proc->p_fd->fd_cmask; + cmask = td->td_proc->p_fd->fd_cmask; FILEDESC_UNLOCK(td->td_proc->p_fd); + vattr.va_mode = mode & ACCESSPERMS; #ifdef MAC error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, - &vattr); + &vattr, cmask); if (error) goto out; #endif VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); - error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); + error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr, cmask); #ifdef MAC out: #endif ==== //depot/projects/trustedbsd/acl/sys/kern/vfs_vnops.c#4 (text+ko) ==== @@ -77,13 +77,13 @@ }; int -vn_open(ndp, flagp, cmode) +vn_open(ndp, flagp, cmode, cmask) register struct nameidata *ndp; - int *flagp, cmode; + int *flagp, cmode, cmask; { struct thread *td = ndp->ni_cnd.cn_thread; - return (vn_open_cred(ndp, flagp, cmode, td->td_ucred)); + return (vn_open_cred(ndp, flagp, cmode, cmask, td->td_ucred)); } /* @@ -94,9 +94,9 @@ * due to the NDINIT being done elsewhere. */ int -vn_open_cred(ndp, flagp, cmode, cred) +vn_open_cred(ndp, flagp, cmode, cmask, cred) register struct nameidata *ndp; - int *flagp, cmode; + int *flagp, cmode, cmask; struct ucred *cred; { struct vnode *vp; @@ -137,12 +137,12 @@ } #ifdef MAC error = mac_check_vnode_create(cred, ndp->ni_dvp, - &ndp->ni_cnd, vap); + &ndp->ni_cnd, vap, cmask); if (error == 0) { #endif VOP_LEASE(ndp->ni_dvp, td, cred, LEASE_WRITE); error = VOP_CREATE(ndp->ni_dvp, &ndp->ni_vp, - &ndp->ni_cnd, vap); + &ndp->ni_cnd, vap, cmask); #ifdef MAC } #endif ==== //depot/projects/trustedbsd/acl/sys/kern/vnode_if.src#4 (text+ko) ==== @@ -99,6 +99,7 @@ OUT struct vnode **vpp; IN struct componentname *cnp; IN struct vattr *vap; + IN int cmask; }; # @@ -119,6 +120,7 @@ OUT struct vnode **vpp; IN struct componentname *cnp; IN struct vattr *vap; + IN int cmask; }; # @@ -294,6 +296,7 @@ OUT struct vnode **vpp; IN struct componentname *cnp; IN struct vattr *vap; + IN int cmask; }; # @@ -316,6 +319,7 @@ IN struct componentname *cnp; IN struct vattr *vap; IN char *target; + IN int cmask; }; # ==== //depot/projects/trustedbsd/acl/sys/nfsclient/nfs_lock.c#3 (text+ko) ==== @@ -144,7 +144,7 @@ NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, _PATH_LCKFIFO, td); fmode = FFLAGS(O_WRONLY); - error = vn_open_cred(&nd, &fmode, 0, thread0.td_ucred); + error = vn_open_cred(&nd, &fmode, 0, 0, thread0.td_ucred); if (error != 0) { return (error == ENOENT ? EOPNOTSUPP : error); } ==== //depot/projects/trustedbsd/acl/sys/nfsclient/nfs_vnops.c#4 (text+ko) ==== @@ -1291,7 +1291,7 @@ struct nfsnode *np = NULL; struct vnode *newvp = NULL; caddr_t bpos, dpos; - int error = 0, wccflag = NFSV3_WCCRATTR, gotvp = 0, fmode = 0; + int error = 0, wccflag = NFSV3_WCCRATTR, gotvp = 0, fmode = 0, mode, svmode; struct mbuf *mreq, *mrep, *md, *mb; struct vattr vattr; int v3 = NFS_ISV3(dvp); @@ -1300,13 +1300,14 @@ * Oops, not for me.. */ if (vap->va_type == VSOCK) - return (nfs_mknodrpc(dvp, ap->a_vpp, cnp, vap)); + return (nfs_mknodrpc(dvp, ap->a_vpp, cnp, vap, ap->a_cmask)); if ((error = VOP_GETATTR(dvp, &vattr, cnp->cn_cred, cnp->cn_thread)) != 0) { return (error); } if (vap->va_vaflags & VA_EXCLUSIVE) fmode |= O_EXCL; + mode = ap->a_vap->va_mode &~ ap->a_cmask; again: nfsstats.rpccnt[NFSPROC_CREATE]++; mreq = nfsm_reqhead(dvp, NFSPROC_CREATE, NFSX_FH(v3) + 2 * NFSX_UNSIGNED + @@ -1329,11 +1330,18 @@ *tl = ++create_verf; } else { *tl = txdr_unsigned(NFSV3CREATE_UNCHECKED); + /* + * XXXACL: this uses vap->va_mode, not product + * of va_cmask and va_mode. + */ + svmode = vap->va_mode; + vap->va_mode = mode; nfsm_v3attrbuild(vap, FALSE); + vap->va_mode = svmode; } } else { sp = nfsm_build(struct nfsv2_sattr *, NFSX_V2SATTR); - sp->sa_mode = vtonfsv2_mode(vap->va_type, vap->va_mode); + sp->sa_mode = vtonfsv2_mode(vap->va_type, mode); sp->sa_uid = nfs_xdrneg1; sp->sa_gid = nfs_xdrneg1; sp->sa_size = 0; ==== //depot/projects/trustedbsd/acl/sys/nfsserver/nfs_serv.c#4 (text+ko) ==== @@ -1716,7 +1716,8 @@ if (vap->va_mode == (mode_t)VNOVAL) vap->va_mode = 0; if (vap->va_type == VREG || vap->va_type == VSOCK) { - error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap); + error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, + vap, 0); if (error) NDFREE(&nd, NDF_ONLY_PNBUF); else { @@ -1746,7 +1747,7 @@ goto ereply; } vap->va_rdev = rdev; - error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap); + error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap, 0); if (error) { NDFREE(&nd, NDF_ONLY_PNBUF); goto ereply; @@ -1943,13 +1944,13 @@ if (vtyp == VSOCK) { vrele(nd.ni_startdir); nd.ni_startdir = NULL; - error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap); + error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap, 0); if (error) NDFREE(&nd, NDF_ONLY_PNBUF); } else { if (vtyp != VFIFO && (error = suser_cred(cred, 0))) goto out; - error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap); + error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap, 0); if (error) { NDFREE(&nd, NDF_ONLY_PNBUF); goto out; @@ -2578,7 +2579,7 @@ */ if (vap->va_mode == (mode_t)VNOVAL) vap->va_mode = 0; - error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap, pathcp); + error = VOP_SYMLINK(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap, pathcp, 0); if (error) NDFREE(&nd, NDF_ONLY_PNBUF); else @@ -2763,7 +2764,7 @@ */ if (vap->va_mode == (mode_t)VNOVAL) vap->va_mode = 0; - error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap); + error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap, 0); NDFREE(&nd, NDF_ONLY_PNBUF); vpexcl = 1; ==== //depot/projects/trustedbsd/acl/sys/security/mac_biba/mac_biba.c#3 (text+ko) ==== @@ -2016,7 +2016,8 @@ static int mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct componentname *cnp, struct vattr *vap) + struct label *dlabel, struct componentname *cnp, struct vattr *vap, + int cmask) { struct mac_biba *subj, *obj; ==== //depot/projects/trustedbsd/acl/sys/security/mac_lomac/mac_lomac.c#3 (text+ko) ==== @@ -2091,7 +2091,8 @@ static int mac_lomac_check_vnode_create(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct componentname *cnp, struct vattr *vap) + struct label *dlabel, struct componentname *cnp, struct vattr *vap, + int cmask) { struct mac_lomac *subj, *obj; ==== //depot/projects/trustedbsd/acl/sys/security/mac_mls/mac_mls.c#3 (text+ko) ==== @@ -1798,7 +1798,8 @@ static int mac_mls_check_vnode_create(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct componentname *cnp, struct vattr *vap) + struct label *dlabel, struct componentname *cnp, struct vattr *vap, + int cmask) { struct mac_mls *subj, *obj; ==== //depot/projects/trustedbsd/acl/sys/security/mac_none/mac_none.c#2 (text+ko) ==== @@ -660,7 +660,8 @@ static int mac_none_check_vnode_create(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct componentname *cnp, struct vattr *vap) + struct label *dlabel, struct componentname *cnp, struct vattr *vap, + int cmask) { return (0); ==== //depot/projects/trustedbsd/acl/sys/security/mac_test/mac_test.c#2 (text+ko) ==== >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303142028.h2EKS975037827>