int
sys_cap_ioctls_get(struct thread *td, struct cap_ioctls_get_args *uap)
{
struct filedesc *fdp;
struct filedescent *fdep;
u_long *cmdsp, *dstcmds;
size_t maxcmds, ncmds;
int16_t count;
int error, fd;
fd = uap->fd;
dstcmds = uap->cmds;
maxcmds = uap->maxcmds;
AUDIT_ARG_FD(fd);
fdp = td->td_proc->p_fd;
cmdsp = NULL;
if (dstcmds != NULL) {
cmdsp = malloc(sizeof(cmdsp[0]) * IOCTLS_MAX_COUNT, M_FILECAPS,
M_WAITOK | M_ZERO);
}
FILEDESC_SLOCK(fdp);
fdep = fdeget_locked(fdp, fd);
if (fdep == NULL) {
error = EBADF;
FILEDESC_SUNLOCK(fdp);
goto out;
}
count = fdep->fde_nioctls;
if (count != -1 && cmdsp != NULL) {
ncmds = MIN(count, maxcmds);
memcpy(cmdsp, fdep->fde_ioctls, sizeof(cmdsp[0]) * ncmds);
}
FILEDESC_SUNLOCK(fdp);
/*
* If all ioctls are allowed (fde_nioctls == -1 && fde_ioctls == NULL)
* the only sane thing we can do is to not populate the given array and
* return CAP_IOCTLS_ALL.
*/
if (count != -1) {
if (cmdsp != NULL) {
error = copyout(cmdsp, dstcmds,
sizeof(cmdsp[0]) * ncmds);
if (error != 0)
goto out;
}
td->td_retval[0] = count;
} else {
td->td_retval[0] = CAP_IOCTLS_ALL;
}
error = 0;
out:
free(cmdsp, M_FILECAPS);
return (error);
}
/*
* For backward compatibility.
*/
int
sys_cap_new(struct thread *td, struct cap_new_args *uap)
{
struct filedesc *fdp;
cap_rights_t rights;
register_t newfd;
int error, fd;
fd = uap->fd;
rights = uap->rights;
AUDIT_ARG_FD(fd);
AUDIT_ARG_RIGHTS(rights);
if ((rights & ~CAP_ALL) != 0)
return (EINVAL);
fdp = td->td_proc->p_fd;
FILEDESC_SLOCK(fdp);
if (fget_locked(fdp, fd) == NULL) {
FILEDESC_SUNLOCK(fdp);
return (EBADF);
}
error = _cap_check(cap_rights(fdp, fd), rights, CAPFAIL_INCREASE);
FILEDESC_SUNLOCK(fdp);
if (error != 0)
return (error);
error = do_dup(td, 0, fd, 0, &newfd);
if (error != 0)
return (error);
FILEDESC_XLOCK(fdp);
/*
* We don't really care about the race between checking capability
* rights for the source descriptor and now. If capability rights
* were ok at that earlier point, the process had this descriptor
* with those rights, so we don't increase them in security sense,
* the process might have done the cap_new(2) a bit earlier to get
* the same effect.
*/
fdp->fd_ofiles[newfd].fde_rights = rights;
if ((rights & CAP_IOCTL) == 0) {
free(fdp->fd_ofiles[newfd].fde_ioctls, M_TEMP);
fdp->fd_ofiles[newfd].fde_ioctls = NULL;
fdp->fd_ofiles[newfd].fde_nioctls = 0;
}
if ((rights & CAP_FCNTL) == 0)
fdp->fd_ofiles[newfd].fde_fcntls = 0;
FILEDESC_XUNLOCK(fdp);
td->td_retval[0] = newfd;
return (0);
}
/*
* Convert a file descriptor to appropriate smb_share pointer
*/
static struct file*
nsmb_getfp(struct filedesc* fdp, int fd, int flag)
{
struct file* fp;
FILEDESC_SLOCK(fdp);
if ((fp = fget_locked(fdp, fd)) == NULL || (fp->f_flag & flag) == 0) {
FILEDESC_SUNLOCK(fdp);
return (NULL);
}
fhold(fp);
FILEDESC_SUNLOCK(fdp);
return (fp);
}
/*
* Convert a file descriptor to appropriate smb_share pointer
*/
static struct file*
nsmb_getfp(struct filedesc* fdp, int fd, int flag)
{
struct file* fp;
FILEDESC_SLOCK(fdp);
if (fd < 0 || fd >= fdp->fd_nfiles ||
(fp = fdp->fd_ofiles[fd]) == NULL ||
(fp->f_flag & flag) == 0) {
FILEDESC_SUNLOCK(fdp);
return (NULL);
}
fhold(fp);
FILEDESC_SUNLOCK(fdp);
return (fp);
}
/*
* System call to query the rights mask associated with a capability.
*/
int
sys___cap_rights_get(struct thread *td, struct __cap_rights_get_args *uap)
{
struct filedesc *fdp;
cap_rights_t rights;
int error, fd, i, n;
if (uap->version != CAP_RIGHTS_VERSION_00)
return (EINVAL);
fd = uap->fd;
AUDIT_ARG_FD(fd);
fdp = td->td_proc->p_fd;
FILEDESC_SLOCK(fdp);
if (fget_locked(fdp, fd) == NULL) {
FILEDESC_SUNLOCK(fdp);
return (EBADF);
}
rights = *cap_rights(fdp, fd);
FILEDESC_SUNLOCK(fdp);
n = uap->version + 2;
if (uap->version != CAPVER(&rights)) {
/*
* For older versions we need to check if the descriptor
* doesn't contain rights not understood by the caller.
* If it does, we have to return an error.
*/
for (i = n; i < CAPARSIZE(&rights); i++) {
if ((rights.cr_rights[i] & ~(0x7FULL << 57)) != 0)
return (EINVAL);
}
}
error = copyout(&rights, uap->rightsp, sizeof(rights.cr_rights[0]) * n);
#ifdef KTRACE
if (error == 0 && KTRPOINT(td, KTR_STRUCT))
ktrcaprights(&rights);
#endif
return (error);
}
/*
* System call to query the rights mask associated with a capability.
*/
int
sys_cap_rights_get(struct thread *td, struct cap_rights_get_args *uap)
{
struct filedesc *fdp;
cap_rights_t rights;
int fd;
fd = uap->fd;
AUDIT_ARG_FD(fd);
fdp = td->td_proc->p_fd;
FILEDESC_SLOCK(fdp);
if (fget_locked(fdp, fd) == NULL) {
FILEDESC_SUNLOCK(fdp);
return (EBADF);
}
rights = cap_rights(fdp, fd);
FILEDESC_SUNLOCK(fdp);
return (copyout(&rights, uap->rightsp, sizeof(*uap->rightsp)));
}
int
sys_cap_fcntls_get(struct thread *td, struct cap_fcntls_get_args *uap)
{
struct filedesc *fdp;
uint32_t rights;
int fd;
fd = uap->fd;
AUDIT_ARG_FD(fd);
fdp = td->td_proc->p_fd;
FILEDESC_SLOCK(fdp);
if (fget_locked(fdp, fd) == NULL) {
FILEDESC_SUNLOCK(fdp);
return (EBADF);
}
rights = fdp->fd_ofiles[fd].fde_fcntls;
FILEDESC_SUNLOCK(fdp);
return (copyout(&rights, uap->fcntlrightsp, sizeof(rights)));
}
int
freebsd32_cap_ioctls_get(struct thread *td,
struct freebsd32_cap_ioctls_get_args *uap)
{
struct filedesc *fdp;
struct filedescent *fdep;
uint32_t *cmds32;
u_long *cmds;
size_t maxcmds;
int error, fd;
u_int i;
fd = uap->fd;
cmds32 = uap->cmds;
maxcmds = uap->maxcmds;
AUDIT_ARG_FD(fd);
fdp = td->td_proc->p_fd;
FILEDESC_SLOCK(fdp);
if (fget_locked(fdp, fd) == NULL) {
error = EBADF;
goto out;
}
/*
* If all ioctls are allowed (fde_nioctls == -1 && fde_ioctls == NULL)
* the only sane thing we can do is to not populate the given array and
* return CAP_IOCTLS_ALL (actually, INT_MAX).
*/
fdep = &fdp->fd_ofiles[fd];
cmds = fdep->fde_ioctls;
if (cmds32 != NULL && cmds != NULL) {
for (i = 0; i < MIN(fdep->fde_nioctls, maxcmds); i++) {
error = suword32(&cmds32[i], cmds[i]);
if (error != 0)
goto out;
}
}
if (fdep->fde_nioctls == -1)
td->td_retval[0] = INT_MAX;
else
td->td_retval[0] = fdep->fde_nioctls;
error = 0;
out:
FILEDESC_SUNLOCK(fdp);
return (error);
}
int
sys_cap_ioctls_get(struct thread *td, struct cap_ioctls_get_args *uap)
{
struct filedesc *fdp;
struct filedescent *fdep;
u_long *cmds;
size_t maxcmds;
int error, fd;
fd = uap->fd;
cmds = uap->cmds;
maxcmds = uap->maxcmds;
AUDIT_ARG_FD(fd);
fdp = td->td_proc->p_fd;
FILEDESC_SLOCK(fdp);
if (fget_locked(fdp, fd) == NULL) {
error = EBADF;
goto out;
}
/*
* If all ioctls are allowed (fde_nioctls == -1 && fde_ioctls == NULL)
* the only sane thing we can do is to not populate the given array and
* return CAP_IOCTLS_ALL.
*/
fdep = &fdp->fd_ofiles[fd];
if (cmds != NULL && fdep->fde_ioctls != NULL) {
error = copyout(fdep->fde_ioctls, cmds,
sizeof(cmds[0]) * MIN(fdep->fde_nioctls, maxcmds));
if (error != 0)
goto out;
}
if (fdep->fde_nioctls == -1)
td->td_retval[0] = CAP_IOCTLS_ALL;
else
td->td_retval[0] = fdep->fde_nioctls;
error = 0;
out:
FILEDESC_SUNLOCK(fdp);
return (error);
}
static int
fdesc_readdir(struct vop_readdir_args *ap)
{
struct uio *uio = ap->a_uio;
struct filedesc *fdp;
struct dirent d;
struct dirent *dp = &d;
int error, i, off, fcnt;
if (VTOFDESC(ap->a_vp)->fd_type != Froot)
panic("fdesc_readdir: not dir");
if (ap->a_ncookies != NULL)
*ap->a_ncookies = 0;
off = (int)uio->uio_offset;
if (off != uio->uio_offset || off < 0 || (u_int)off % UIO_MX != 0 ||
uio->uio_resid < UIO_MX)
return (EINVAL);
i = (u_int)off / UIO_MX;
fdp = uio->uio_td->td_proc->p_fd;
error = 0;
fcnt = i - 2; /* The first two nodes are `.' and `..' */
FILEDESC_SLOCK(fdp);
while (i < fdp->fd_nfiles + 2 && uio->uio_resid >= UIO_MX) {
bzero((caddr_t)dp, UIO_MX);
switch (i) {
case 0: /* `.' */
case 1: /* `..' */
dp->d_fileno = i + FD_ROOT;
dp->d_namlen = i + 1;
dp->d_reclen = UIO_MX;
bcopy("..", dp->d_name, dp->d_namlen);
dp->d_name[i + 1] = '\0';
dp->d_type = DT_DIR;
break;
default:
if (fdp->fd_ofiles[fcnt].fde_file == NULL)
break;
dp->d_namlen = sprintf(dp->d_name, "%d", fcnt);
dp->d_reclen = UIO_MX;
dp->d_type = DT_CHR;
dp->d_fileno = i + FD_DESC;
break;
}
if (dp->d_namlen != 0) {
/*
* And ship to userland
*/
FILEDESC_SUNLOCK(fdp);
error = uiomove(dp, UIO_MX, uio);
if (error)
goto done;
FILEDESC_SLOCK(fdp);
}
i++;
fcnt++;
}
FILEDESC_SUNLOCK(fdp);
done:
uio->uio_offset = i * UIO_MX;
return (error);
}
