int /* ERRNO if error, 0 if successful. */ sam_access_ino( sam_node_t *ip, /* pointer to inode. */ int mode, /* mode of access to be verified */ boolean_t locked, /* is ip->inode_rwl held by caller? */ cred_t *credp) /* credentials pointer. */ { int shift = 0; ASSERT(!locked || RW_LOCK_HELD(&ip->inode_rwl)); /* * If requesting write access, and read only filesystem or WORM file * return error. */ if (mode & S_IWRITE) { if (ip->mp->mt.fi_mflag & MS_RDONLY) { return (EROFS); } if (ip->di.status.b.worm_rdonly && !S_ISDIR(ip->di.mode)) { return (EROFS); } } if (!locked) { RW_LOCK_OS(&ip->inode_rwl, RW_READER); } /* Use ACL, if present, to check access. */ if (ip->di.status.b.acl) { int error; error = sam_acl_access(ip, mode, credp); if (!locked) { RW_UNLOCK_OS(&ip->inode_rwl, RW_READER); } return (error); } if (!locked) { RW_UNLOCK_OS(&ip->inode_rwl, RW_READER); } if (crgetuid(credp) != ip->di.uid) { shift += 3; if (!groupmember((uid_t)ip->di.gid, credp)) { shift += 3; } } mode &= ~(ip->di.mode << shift); if (mode == 0) { return (0); } return (secpolicy_vnode_access(credp, SAM_ITOV(ip), ip->di.uid, mode)); }
/* * This function is used for secpolicy_setattr(). It must call an * access() like function while it is already holding the * dv_contents lock. We only care about this when dv_attr != NULL; * so the unlocked access call only concerns itself with that * particular branch of devfs_access(). */ static int devfs_unlocked_access(void *vdv, int mode, struct cred *cr) { struct dv_node *dv = vdv; int shift = 0; uid_t owner = dv->dv_attr->va_uid; /* Check access based on owner, group and public permissions. */ if (crgetuid(cr) != owner) { shift += 3; if (groupmember(dv->dv_attr->va_gid, cr) == 0) shift += 3; } /* compute missing mode bits */ mode &= ~(dv->dv_attr->va_mode << shift); if (mode == 0) return (0); return (secpolicy_vnode_access(cr, DVTOV(dv), owner, mode)); }
int tmp_taccess(void *vtp, int mode, struct cred *cred) { struct tmpnode *tp = vtp; int shift = 0; /* * Check access based on owner, group and * public permissions in tmpnode. */ if (crgetuid(cred) != tp->tn_uid) { shift += MODESHIFT; if (groupmember(tp->tn_gid, cred) == 0) shift += MODESHIFT; } /* compute missing mode bits */ mode &= ~(tp->tn_mode << shift); if (mode == 0) return (0); return (secpolicy_vnode_access(cred, TNTOV(tp), tp->tn_uid, mode)); }
/* * uid and gid in sffs determine owner and group for all files. */ static int sfnode_access(sfnode_t *node, mode_t mode, cred_t *cr) { sffs_data_t *sffs = node->sf_sffs; mode_t m; int shift = 0; int error; vnode_t *vp; ASSERT(MUTEX_HELD(&sffs_lock)); /* get the mode from the cache or provider */ if (sfnode_stat_cached(node)) error = 0; else error = sfnode_update_stat_cache(node); m = (error == 0) ? node->sf_stat.sf_mode : 0; /* * mask off the permissions based on uid/gid */ if (crgetuid(cr) != sffs->sf_uid) { shift += 3; if (groupmember(sffs->sf_gid, cr) == 0) shift += 3; } mode &= ~(m << shift); if (mode == 0) { error = 0; } else { vp = sfnode_get_vnode(node); error = secpolicy_vnode_access(cr, vp, sffs->sf_uid, mode); VN_RELE(vp); } return (error); }
/* * Mount a file descriptor onto the node in the file system. * Create a new vnode, update the attributes with info from the * file descriptor and the mount point. The mask, mode, uid, gid, * atime, mtime and ctime are taken from the mountpt. Link count is * set to one, the file system id is namedev and nodeid is unique * for each mounted object. Other attributes are taken from mount point. * Make sure user is owner (or root) with write permissions on mount point. * Hash the new vnode and return 0. * Upon entry to this routine, the file descriptor is in the * fd field of a struct namefd. Copy that structure from user * space and retrieve the file descriptor. */ static int nm_mount(vfs_t *vfsp, vnode_t *mvp, struct mounta *uap, cred_t *crp) { struct namefd namefdp; struct vnode *filevp; /* file descriptor vnode */ struct file *fp; struct vnode *newvp; /* vnode representing this mount */ struct vnode *rvp; /* realvp (if any) for the mountpt */ struct namenode *nodep; /* namenode for this mount */ struct vattr filevattr; /* attributes of file dec. */ struct vattr *vattrp; /* attributes of this mount */ char *resource_name; char *resource_nodetype; statvfs64_t *svfsp; int error = 0; /* * Get the file descriptor from user space. * Make sure the file descriptor is valid and has an * associated file pointer. * If so, extract the vnode from the file pointer. */ if (uap->datalen != sizeof (struct namefd)) return (EINVAL); if (copyin(uap->dataptr, &namefdp, uap->datalen)) return (EFAULT); if ((fp = getf(namefdp.fd)) == NULL) return (EBADF); /* * If the mount point already has something mounted * on it, disallow this mount. (This restriction may * be removed in a later release). * Or unmount has completed but the namefs ROOT vnode * count has not decremented to zero, disallow this mount. */ mutex_enter(&mvp->v_lock); if ((mvp->v_flag & VROOT) || vfs_matchops(mvp->v_vfsp, namefs_vfsops)) { mutex_exit(&mvp->v_lock); releasef(namefdp.fd); return (EBUSY); } mutex_exit(&mvp->v_lock); /* * Cannot allow users to fattach() in /dev/pts. * First, there is no need for doing so and secondly * we cannot allow arbitrary users to park on a node in * /dev/pts or /dev/vt. */ rvp = NULLVP; if (vn_matchops(mvp, spec_getvnodeops()) && VOP_REALVP(mvp, &rvp, NULL) == 0 && rvp && (vn_matchops(rvp, devpts_getvnodeops()) || vn_matchops(rvp, devvt_getvnodeops()))) { releasef(namefdp.fd); return (ENOTSUP); } filevp = fp->f_vnode; if (filevp->v_type == VDIR || filevp->v_type == VPORT) { releasef(namefdp.fd); return (EINVAL); } /* * If the fd being mounted refers to neither a door nor a stream, * make sure the caller is privileged. */ if (filevp->v_type != VDOOR && filevp->v_stream == NULL) { if (secpolicy_fs_mount(crp, filevp, vfsp) != 0) { /* fd is neither a stream nor a door */ releasef(namefdp.fd); return (EINVAL); } } /* * Make sure the file descriptor is not the root of some * file system. * If it's not, create a reference and allocate a namenode * to represent this mount request. */ if (filevp->v_flag & VROOT) { releasef(namefdp.fd); return (EBUSY); } nodep = kmem_zalloc(sizeof (struct namenode), KM_SLEEP); mutex_init(&nodep->nm_lock, NULL, MUTEX_DEFAULT, NULL); vattrp = &nodep->nm_vattr; vattrp->va_mask = AT_ALL; if (error = VOP_GETATTR(mvp, vattrp, 0, crp, NULL)) goto out; filevattr.va_mask = AT_ALL; if (error = VOP_GETATTR(filevp, &filevattr, 0, crp, NULL)) goto out; /* * Make sure the user is the owner of the mount point * or has sufficient privileges. */ if (error = secpolicy_vnode_owner(crp, vattrp->va_uid)) goto out; /* * Make sure the user has write permissions on the * mount point (or has sufficient privileges). */ if (!(vattrp->va_mode & VWRITE) && secpolicy_vnode_access(crp, mvp, vattrp->va_uid, VWRITE) != 0) { error = EACCES; goto out; } /* * If the file descriptor has file/record locking, don't * allow the mount to succeed. */ if (vn_has_flocks(filevp)) { error = EACCES; goto out; } /* * Initialize the namenode. */ if (filevp->v_stream) { struct stdata *stp = filevp->v_stream; mutex_enter(&stp->sd_lock); stp->sd_flag |= STRMOUNT; mutex_exit(&stp->sd_lock); } nodep->nm_filevp = filevp; mutex_enter(&fp->f_tlock); fp->f_count++; mutex_exit(&fp->f_tlock); releasef(namefdp.fd); nodep->nm_filep = fp; nodep->nm_mountpt = mvp; /* * The attributes for the mounted file descriptor were initialized * above by applying VOP_GETATTR to the mount point. Some of * the fields of the attributes structure will be overwritten * by the attributes from the file descriptor. */ vattrp->va_type = filevattr.va_type; vattrp->va_fsid = namedev; vattrp->va_nodeid = namenodeno_alloc(); vattrp->va_nlink = 1; vattrp->va_size = filevattr.va_size; vattrp->va_rdev = filevattr.va_rdev; vattrp->va_blksize = filevattr.va_blksize; vattrp->va_nblocks = filevattr.va_nblocks; vattrp->va_seq = 0; /* * Initialize new vnode structure for the mounted file descriptor. */ nodep->nm_vnode = vn_alloc(KM_SLEEP); newvp = NMTOV(nodep); newvp->v_flag = filevp->v_flag | VROOT | VNOMAP | VNOSWAP; vn_setops(newvp, nm_vnodeops); newvp->v_vfsp = vfsp; newvp->v_stream = filevp->v_stream; newvp->v_type = filevp->v_type; newvp->v_rdev = filevp->v_rdev; newvp->v_data = (caddr_t)nodep; VFS_HOLD(vfsp); vn_exists(newvp); /* * Initialize the vfs structure. */ vfsp->vfs_vnodecovered = NULL; vfsp->vfs_flag |= VFS_UNLINKABLE; vfsp->vfs_bsize = 1024; vfsp->vfs_fstype = namefstype; vfs_make_fsid(&vfsp->vfs_fsid, namedev, namefstype); vfsp->vfs_data = (caddr_t)nodep; vfsp->vfs_dev = namedev; vfsp->vfs_bcount = 0; /* * Set the name we mounted from. */ switch (filevp->v_type) { case VPROC: /* VOP_GETATTR() translates this to VREG */ case VREG: resource_nodetype = "file"; break; case VDIR: resource_nodetype = "directory"; break; case VBLK: resource_nodetype = "device"; break; case VCHR: resource_nodetype = "device"; break; case VLNK: resource_nodetype = "link"; break; case VFIFO: resource_nodetype = "fifo"; break; case VDOOR: resource_nodetype = "door"; break; case VSOCK: resource_nodetype = "socket"; break; default: resource_nodetype = "resource"; break; } #define RESOURCE_NAME_SZ 128 /* Maximum length of the resource name */ resource_name = kmem_alloc(RESOURCE_NAME_SZ, KM_SLEEP); svfsp = kmem_alloc(sizeof (statvfs64_t), KM_SLEEP); error = VFS_STATVFS(filevp->v_vfsp, svfsp); if (error == 0) { (void) snprintf(resource_name, RESOURCE_NAME_SZ, "unspecified_%s_%s", svfsp->f_basetype, resource_nodetype); } else { (void) snprintf(resource_name, RESOURCE_NAME_SZ, "unspecified_%s", resource_nodetype); } vfs_setresource(vfsp, resource_name); kmem_free(svfsp, sizeof (statvfs64_t)); kmem_free(resource_name, RESOURCE_NAME_SZ); #undef RESOURCE_NAME_SZ /* * Insert the namenode. */ mutex_enter(&ntable_lock); nameinsert(nodep); mutex_exit(&ntable_lock); return (0); out: releasef(namefdp.fd); kmem_free(nodep, sizeof (struct namenode)); return (error); }