Date: Mon, 10 Jun 2002 18:14:21 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 12677 for review Message-ID: <200206110114.g5B1ELB77145@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=12677 Change 12677 by rwatson@rwatson_paprika on 2002/06/10 18:14:21 When VAPPEND was introduced, the ACL evaluation code wasn't updated to map ACL_WRITE into VAPPEND rights. Fix that. Submitted in large part by: ilmar Affected files ... ... //depot/projects/trustedbsd/mac/sys/kern/kern_acl.c#7 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_acl.c#7 (text+ko) ==== @@ -90,7 +90,7 @@ */ #ifndef CAPABILITIES if (suser_cred(cred, PRISON_ROOT) == 0) - cap_granted = (VEXEC | VREAD | VWRITE | VADMIN); + cap_granted = (VEXEC | VREAD | VWRITE | VADMIN | VAPPEND); else cap_granted = 0; #else @@ -110,9 +110,9 @@ PRISON_ROOT)) cap_granted |= VREAD; - if ((acc_mode & VWRITE) && !cap_check(cred, NULL, CAP_DAC_WRITE, - PRISON_ROOT)) - cap_granted |= VWRITE; + if (((acc_mode & VWRITE) || (acc_mode & VAPPEND)) && + !cap_check(cred, NULL, CAP_DAC_WRITE, PRISON_ROOT)) + cap_granted |= (VWRITE | VAPPEND); if ((acc_mode & VADMIN) && !cap_check(cred, NULL, CAP_FOWNER, PRISON_ROOT)) @@ -138,7 +138,7 @@ if (acl->acl_entry[i].ae_perm & ACL_READ) dac_granted |= VREAD; if (acl->acl_entry[i].ae_perm & ACL_WRITE) - dac_granted |= VWRITE; + dac_granted |= (VWRITE | VAPPEND); if ((acc_mode & dac_granted) == acc_mode) return (0); if ((acc_mode & (dac_granted | cap_granted)) == @@ -190,9 +190,9 @@ if (acl_mask->ae_perm & ACL_READ) acl_mask_granted |= VREAD; if (acl_mask->ae_perm & ACL_WRITE) - acl_mask_granted |= VWRITE; + acl_mask_granted |= (VWRITE | VAPPEND); } else - acl_mask_granted = VEXEC | VREAD | VWRITE; + acl_mask_granted = VEXEC | VREAD | VWRITE | VAPPEND; /* * Iterate through user ACL entries. Do checks twice, first @@ -214,7 +214,7 @@ if (acl->acl_entry[i].ae_perm & ACL_READ) dac_granted |= VREAD; if (acl->acl_entry[i].ae_perm & ACL_WRITE) - dac_granted |= VWRITE; + dac_granted |= (VWRITE | VAPPEND); dac_granted &= acl_mask_granted; if ((acc_mode & dac_granted) == acc_mode) return (0); @@ -247,7 +247,7 @@ if (acl->acl_entry[i].ae_perm & ACL_READ) dac_granted |= VREAD; if (acl->acl_entry[i].ae_perm & ACL_WRITE) - dac_granted |= VWRITE; + dac_granted |= (VWRITE | VAPPEND); dac_granted &= acl_mask_granted; if ((acc_mode & dac_granted) == acc_mode) @@ -265,7 +265,7 @@ if (acl->acl_entry[i].ae_perm & ACL_READ) dac_granted |= VREAD; if (acl->acl_entry[i].ae_perm & ACL_WRITE) - dac_granted |= VWRITE; + dac_granted |= (VWRITE | VAPPEND); dac_granted &= acl_mask_granted; if ((acc_mode & dac_granted) == acc_mode) @@ -295,7 +295,7 @@ if (acl->acl_entry[i].ae_perm & ACL_READ) dac_granted |= VREAD; if (acl->acl_entry[i].ae_perm & ACL_WRITE) - dac_granted |= VWRITE; + dac_granted |= (VWRITE | VAPPEND); dac_granted &= acl_mask_granted; if ((acc_mode & (dac_granted | cap_granted)) != @@ -316,7 +316,7 @@ if (acl->acl_entry[i].ae_perm & ACL_READ) dac_granted |= VREAD; if (acl->acl_entry[i].ae_perm & ACL_WRITE) - dac_granted |= VWRITE; + dac_granted |= (VWRITE | VAPPEND); dac_granted &= acl_mask_granted; if ((acc_mode & (dac_granted | cap_granted)) != @@ -347,7 +347,7 @@ if (acl_other->ae_perm & ACL_READ) dac_granted |= VREAD; if (acl_other->ae_perm & ACL_WRITE) - dac_granted |= VWRITE; + dac_granted |= (VWRITE | VAPPEND); if ((acc_mode & dac_granted) == acc_mode) return (0); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206110114.g5B1ELB77145>