static int
ufs_check_permitted(struct vnode *vp, struct inode *ip, mode_t mode,
kauth_cred_t cred)
{
return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(mode, vp->v_type,
ip->i_mode & ALLPERMS), vp, NULL, genfs_can_access(vp->v_type,
ip->i_mode & ALLPERMS, ip->i_uid, ip->i_gid, mode, cred));
}
static int
ext2fs_check_permitted(struct vnode *vp, struct inode *ip, mode_t mode,
kauth_cred_t cred)
{
return kauth_authorize_vnode(cred, kauth_access_action(mode, vp->v_type,
ip->i_e2fs_mode & ALLPERMS), vp, NULL, genfs_can_access(vp->v_type,
ip->i_e2fs_mode & ALLPERMS, ip->i_uid, ip->i_gid, mode, cred));
}
static int
adosfs_check_permitted(struct vnode *vp, struct anode *ap, mode_t mode,
kauth_cred_t cred)
{
mode_t file_mode = adunixprot(ap->adprot) & ap->amp->mask;
return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(mode,
vp->v_type, file_mode), vp, NULL, genfs_can_access(vp->v_type,
file_mode, ap->uid, ap->gid, mode, cred));
}
static int
sysvbfs_check_permitted(struct vnode *vp, struct sysvbfs_node *bnode,
mode_t mode, kauth_cred_t cred)
{
struct bfs_fileattr *attr = &bnode->inode->attr;
return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(mode,
vp->v_type, attr->mode), vp, NULL, genfs_can_access(vp->v_type,
attr->mode, attr->uid, attr->gid, mode, cred));
}
/*
* Check mode permission on inode pointer. Mode is READ, WRITE or EXEC.
* The mode is shifted to select the owner/group/other fields. The
* super user is granted all permissions.
*/
static int
filecore_check_permitted(struct vnode *vp, struct filecore_node *ip,
mode_t mode, kauth_cred_t cred)
{
struct filecore_mnt *fcmp = ip->i_mnt;
return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(mode,
vp->v_type, filecore_mode(ip)), vp, NULL,
genfs_can_access(vp->v_type, filecore_mode(ip), fcmp->fc_uid,
fcmp->fc_gid, mode, cred));
}
static int
v7fs_check_permitted(struct vnode *vp, struct v7fs_node *v7node,
mode_t mode, kauth_cred_t cred)
{
struct v7fs_inode *inode = &v7node->inode;
return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(mode,
vp->v_type, inode->mode), vp, NULL, genfs_can_access(vp->v_type,
inode->mode, inode->uid, inode->gid, mode, cred));
}
static int
ntfs_check_permitted(struct vnode *vp, struct ntnode *ip, mode_t mode,
kauth_cred_t cred)
{
mode_t file_mode;
file_mode = ip->i_mp->ntm_mode | (S_IXUSR|S_IXGRP|S_IXOTH);
return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(mode, vp->v_type,
file_mode), vp, NULL, genfs_can_access(vp->v_type, file_mode,
ip->i_mp->ntm_uid, ip->i_mp->ntm_gid, mode, cred));
}
static int
smbfs_check_permitted(struct vnode *vp, struct smbnode *np, mode_t mode,
kauth_cred_t cred)
{
struct smbmount *smp = VTOSMBFS(vp);
mode_t file_mode = (vp->v_type == VDIR) ? smp->sm_args.dir_mode :
smp->sm_args.file_mode;
return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(mode,
vp->v_type, file_mode), vp, NULL, genfs_can_access(vp->v_type,
file_mode, smp->sm_args.uid, smp->sm_args.gid, mode, cred));
}
/*
* implement access checking.
*
* actually, the check for super-user is slightly
* broken since it will allow read access to write-only
* objects. this doesn't cause any particular trouble
* but does mean that the i/o entry points need to check
* that the operation really does make sense.
*/
int
ptyfs_access(void *v)
{
struct vop_access_args /* {
struct vnode *a_vp;
int a_mode;
kauth_cred_t a_cred;
} */ *ap = v;
struct vattr va;
int error;
if ((error = VOP_GETATTR(ap->a_vp, &va, ap->a_cred)) != 0)
return error;
return kauth_authorize_vnode(ap->a_cred,
KAUTH_ACCESS_ACTION(ap->a_mode, ap->a_vp->v_type, va.va_mode),
ap->a_vp, NULL, genfs_can_access(va.va_type, va.va_mode, va.va_uid,
va.va_gid, ap->a_mode, ap->a_cred));
return error;
}
