version 1.18.4.2, 2006/03/10 14:23:39 |
version 1.18.4.3, 2006/04/18 12:03:18 |
Line 495 tmpfs_alloc_file(struct vnode *dvp, stru |
|
Line 495 tmpfs_alloc_file(struct vnode *dvp, stru |
|
parent = NULL; |
parent = NULL; |
|
|
/* Allocate a node that represents the new file. */ |
/* Allocate a node that represents the new file. */ |
error = tmpfs_alloc_node(tmp, vap->va_type, cnp->cn_cred->cr_uid, |
error = tmpfs_alloc_node(tmp, vap->va_type, kauth_cred_geteuid(cnp->cn_cred), |
dnode->tn_gid, vap->va_mode, parent, target, vap->va_rdev, |
dnode->tn_gid, vap->va_mode, parent, target, vap->va_rdev, |
cnp->cn_lwp->l_proc, &node); |
cnp->cn_lwp->l_proc, &node); |
if (error != 0) |
if (error != 0) |
Line 970 tmpfs_chflags(struct vnode *vp, int flag |
|
Line 970 tmpfs_chflags(struct vnode *vp, int flag |
|
/* XXX: The following comes from UFS code, and can be found in |
/* XXX: The following comes from UFS code, and can be found in |
* several other file systems. Shouldn't this be centralized |
* several other file systems. Shouldn't this be centralized |
* somewhere? */ |
* somewhere? */ |
if (cred->cr_uid != node->tn_uid && |
if (kauth_cred_geteuid(cred) != node->tn_uid && |
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, |
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, |
&p->p_acflag))) |
&p->p_acflag))) |
return error; |
return error; |
if (cred->cr_uid == 0) { |
if (kauth_cred_geteuid(cred) == 0) { |
/* The super-user is only allowed to change flags if the file |
/* The super-user is only allowed to change flags if the file |
* wasn't protected before and the securelevel is zero. */ |
* wasn't protected before and the securelevel is zero. */ |
if ((node->tn_flags & (SF_IMMUTABLE | SF_APPEND)) && |
if ((node->tn_flags & (SF_IMMUTABLE | SF_APPEND)) && |
Line 1012 tmpfs_chflags(struct vnode *vp, int flag |
|
Line 1012 tmpfs_chflags(struct vnode *vp, int flag |
|
int |
int |
tmpfs_chmod(struct vnode *vp, mode_t mode, kauth_cred_t cred, struct proc *p) |
tmpfs_chmod(struct vnode *vp, mode_t mode, kauth_cred_t cred, struct proc *p) |
{ |
{ |
int error; |
int error, ismember = 0; |
struct tmpfs_node *node; |
struct tmpfs_node *node; |
|
|
KASSERT(VOP_ISLOCKED(vp)); |
KASSERT(VOP_ISLOCKED(vp)); |
Line 1030 tmpfs_chmod(struct vnode *vp, mode_t mod |
|
Line 1030 tmpfs_chmod(struct vnode *vp, mode_t mod |
|
/* XXX: The following comes from UFS code, and can be found in |
/* XXX: The following comes from UFS code, and can be found in |
* several other file systems. Shouldn't this be centralized |
* several other file systems. Shouldn't this be centralized |
* somewhere? */ |
* somewhere? */ |
if (cred->cr_uid != node->tn_uid && |
if (kauth_cred_geteuid(cred) != node->tn_uid && |
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, |
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, |
&p->p_acflag))) |
&p->p_acflag))) |
return error; |
return error; |
if (cred->cr_uid != 0) { |
if (kauth_cred_geteuid(cred) != 0) { |
if (vp->v_type != VDIR && (mode & S_ISTXT)) |
if (vp->v_type != VDIR && (mode & S_ISTXT)) |
return EFTYPE; |
return EFTYPE; |
|
|
if (!groupmember(node->tn_gid, cred) && (mode & S_ISGID)) |
if ((kauth_cred_ismember_gid(cred, node->tn_gid, |
|
&ismember) != 0 || !ismember) && (mode & S_ISGID)) |
return EPERM; |
return EPERM; |
} |
} |
|
|
|
|
tmpfs_chown(struct vnode *vp, uid_t uid, gid_t gid, kauth_cred_t cred, |
tmpfs_chown(struct vnode *vp, uid_t uid, gid_t gid, kauth_cred_t cred, |
struct proc *p) |
struct proc *p) |
{ |
{ |
int error; |
int error, ismember = 0; |
struct tmpfs_node *node; |
struct tmpfs_node *node; |
|
|
KASSERT(VOP_ISLOCKED(vp)); |
KASSERT(VOP_ISLOCKED(vp)); |
Line 1091 tmpfs_chown(struct vnode *vp, uid_t uid, |
|
Line 1092 tmpfs_chown(struct vnode *vp, uid_t uid, |
|
/* XXX: The following comes from UFS code, and can be found in |
/* XXX: The following comes from UFS code, and can be found in |
* several other file systems. Shouldn't this be centralized |
* several other file systems. Shouldn't this be centralized |
* somewhere? */ |
* somewhere? */ |
if ((cred->cr_uid != node->tn_uid || uid != node->tn_uid || |
if ((kauth_cred_geteuid(cred) != node->tn_uid || uid != node->tn_uid || |
(gid != node->tn_gid && !(cred->cr_gid == node->tn_gid || |
(gid != node->tn_gid && !(kauth_cred_getegid(cred) == node->tn_gid || |
groupmember(gid, cred)))) && |
(kauth_cred_ismember_gid(cred, gid, &ismember) == 0 && ismember)))) && |
((error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, |
((error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, |
&p->p_acflag)) != 0)) |
&p->p_acflag)) != 0)) |
return error; |
return error; |
Line 1195 tmpfs_chtimes(struct vnode *vp, struct t |
|
Line 1196 tmpfs_chtimes(struct vnode *vp, struct t |
|
/* XXX: The following comes from UFS code, and can be found in |
/* XXX: The following comes from UFS code, and can be found in |
* several other file systems. Shouldn't this be centralized |
* several other file systems. Shouldn't this be centralized |
* somewhere? */ |
* somewhere? */ |
if (cred->cr_uid != node->tn_uid && |
if (kauth_cred_geteuid(cred) != node->tn_uid && |
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, |
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, |
&l->l_proc->p_acflag)) && |
&l->l_proc->p_acflag)) && |
((vaflags & VA_UTIMES_NULL) == 0 || |
((vaflags & VA_UTIMES_NULL) == 0 || |