version 1.61, 2009/07/03 21:17:41 |
version 1.62, 2009/09/03 04:45:28 |
Line 209 tmpfs_lookup(void *v) |
|
Line 209 tmpfs_lookup(void *v) |
|
if ((cnp->cn_flags & ISLASTCN) && |
if ((cnp->cn_flags & ISLASTCN) && |
(cnp->cn_nameiop == DELETE || |
(cnp->cn_nameiop == DELETE || |
cnp->cn_nameiop == RENAME)) { |
cnp->cn_nameiop == RENAME)) { |
|
kauth_action_t action = 0; |
|
|
|
/* This is the file-system's decision. */ |
if ((dnode->tn_mode & S_ISTXT) != 0 && |
if ((dnode->tn_mode & S_ISTXT) != 0 && |
kauth_authorize_generic(cnp->cn_cred, |
|
KAUTH_GENERIC_ISSUSER, NULL) != 0 && |
|
kauth_cred_geteuid(cnp->cn_cred) != dnode->tn_uid && |
kauth_cred_geteuid(cnp->cn_cred) != dnode->tn_uid && |
kauth_cred_geteuid(cnp->cn_cred) != tnode->tn_uid) |
kauth_cred_geteuid(cnp->cn_cred) != tnode->tn_uid) |
return EPERM; |
error = EPERM; |
error = VOP_ACCESS(dvp, VWRITE, cnp->cn_cred); |
else |
|
error = 0; |
|
|
|
/* Only bother if we're not already failing it. */ |
|
if (!error) { |
|
error = VOP_ACCESS(dvp, VWRITE, cnp->cn_cred); |
|
} |
|
|
|
if (cnp->cn_nameiop == DELETE) |
|
action |= KAUTH_VNODE_DELETE; |
|
else /* if (cnp->cn_nameiop == RENAME) */ |
|
action |= KAUTH_VNODE_RENAME; |
|
|
|
error = kauth_authorize_vnode(cnp->cn_cred, |
|
action, *vpp, dvp, error); |
if (error != 0) |
if (error != 0) |
goto out; |
goto out; |
|
|
cnp->cn_flags |= SAVENAME; |
cnp->cn_flags |= SAVENAME; |
} else |
} else |
de = NULL; |
de = NULL; |
Line 406 tmpfs_access(void *v) |
|
Line 422 tmpfs_access(void *v) |
|
|
|
error = tmpfs_check_permitted(vp, node, mode, cred); |
error = tmpfs_check_permitted(vp, node, mode, cred); |
|
|
|
error = kauth_authorize_vnode(cred, kauth_mode_to_action(mode), vp, |
|
NULL, error); |
|
|
out: |
out: |
KASSERT(VOP_ISLOCKED(vp)); |
KASSERT(VOP_ISLOCKED(vp)); |
|
|