Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/ufs/ext2fs/ext2fs_vnops.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/ufs/ext2fs/ext2fs_vnops.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.64 retrieving revision 1.64.4.1 diff -u -p -r1.64 -r1.64.4.1 --- src/sys/ufs/ext2fs/ext2fs_vnops.c 2005/12/11 12:25:25 1.64 +++ src/sys/ufs/ext2fs/ext2fs_vnops.c 2006/09/09 03:00:00 1.64.4.1 @@ -1,4 +1,4 @@ -/* $NetBSD: ext2fs_vnops.c,v 1.64 2005/12/11 12:25:25 christos Exp $ */ +/* $NetBSD: ext2fs_vnops.c,v 1.64.4.1 2006/09/09 03:00:00 rpaulo Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1993 @@ -70,7 +70,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.64 2005/12/11 12:25:25 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.64.4.1 2006/09/09 03:00:00 rpaulo Exp $"); #include #include @@ -87,6 +87,7 @@ __KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops #include #include #include +#include #include #include @@ -102,9 +103,9 @@ __KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops extern int prtactive; -static int ext2fs_chmod(struct vnode *, int, struct ucred *, struct proc *); -static int ext2fs_chown(struct vnode *, uid_t, gid_t, struct ucred *, - struct proc *); +static int ext2fs_chmod(struct vnode *, int, kauth_cred_t, struct lwp *); +static int ext2fs_chown(struct vnode *, uid_t, gid_t, kauth_cred_t, + struct lwp *); union _qcvt { int64_t qcvt; @@ -211,7 +212,7 @@ ext2fs_open(void *v) struct vop_open_args /* { struct vnode *a_vp; int a_mode; - struct ucred *a_cred; + kauth_cred_t a_cred; struct lwp *a_l; } */ *ap = v; @@ -230,7 +231,7 @@ ext2fs_access(void *v) struct vop_access_args /* { struct vnode *a_vp; int a_mode; - struct ucred *a_cred; + kauth_cred_t a_cred; struct lwp *a_l; } */ *ap = v; struct vnode *vp = ap->a_vp; @@ -270,7 +271,7 @@ ext2fs_getattr(void *v) struct vop_getattr_args /* { struct vnode *a_vp; struct vattr *a_vap; - struct ucred *a_cred; + kauth_cred_t a_cred; struct lwp *a_l; } */ *ap = v; struct vnode *vp = ap->a_vp; @@ -325,13 +326,13 @@ ext2fs_setattr(void *v) struct vop_setattr_args /* { struct vnode *a_vp; struct vattr *a_vap; - struct ucred *a_cred; + kauth_cred_t a_cred; struct lwp *a_l; } */ *ap = v; struct vattr *vap = ap->a_vap; struct vnode *vp = ap->a_vp; struct inode *ip = VTOI(vp); - struct ucred *cred = ap->a_cred; + kauth_cred_t cred = ap->a_cred; struct lwp *l = ap->a_l; int error; @@ -347,11 +348,12 @@ ext2fs_setattr(void *v) if (vap->va_flags != VNOVAL) { if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); - if (cred->cr_uid != ip->i_e2fs_uid && - (error = suser(cred, &l->l_proc->p_acflag))) + if (kauth_cred_geteuid(cred) != ip->i_e2fs_uid && + (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, + &l->l_acflag))) return (error); #ifdef EXT2FS_SYSTEM_FLAGS - if (cred->cr_uid == 0) { + if (kauth_cred_geteuid(cred) == 0) { if ((ip->i_e2fs_flags & (EXT2_APPEND | EXT2_IMMUTABLE)) && securelevel > 0) return (EPERM); @@ -379,7 +381,7 @@ ext2fs_setattr(void *v) if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (gid_t)VNOVAL) { if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); - error = ext2fs_chown(vp, vap->va_uid, vap->va_gid, cred, l->l_proc); + error = ext2fs_chown(vp, vap->va_uid, vap->va_gid, cred, l); if (error) return (error); } @@ -407,8 +409,9 @@ ext2fs_setattr(void *v) if (vap->va_atime.tv_sec != VNOVAL || vap->va_mtime.tv_sec != VNOVAL) { if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); - if (cred->cr_uid != ip->i_e2fs_uid && - (error = suser(cred, &l->l_proc->p_acflag)) && + if (kauth_cred_geteuid(cred) != ip->i_e2fs_uid && + (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, + &l->l_acflag)) && ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || (error = VOP_ACCESS(vp, VWRITE, cred, l)))) return (error); @@ -426,7 +429,7 @@ ext2fs_setattr(void *v) if (vap->va_mode != (mode_t)VNOVAL) { if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); - error = ext2fs_chmod(vp, (int)vap->va_mode, cred, l->l_proc); + error = ext2fs_chmod(vp, (int)vap->va_mode, cred, l); } VN_KNOTE(vp, NOTE_ATTRIB); return (error); @@ -437,18 +440,20 @@ ext2fs_setattr(void *v) * Inode must be locked before calling. */ static int -ext2fs_chmod(struct vnode *vp, int mode, struct ucred *cred, struct proc *p) +ext2fs_chmod(struct vnode *vp, int mode, kauth_cred_t cred, struct lwp *l) { struct inode *ip = VTOI(vp); - int error; + int error, ismember = 0; - if (cred->cr_uid != ip->i_e2fs_uid && - (error = suser(cred, &p->p_acflag))) + if (kauth_cred_geteuid(cred) != ip->i_e2fs_uid && + (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, + &l->l_acflag))) return (error); - if (cred->cr_uid) { + if (kauth_cred_geteuid(cred)) { if (vp->v_type != VDIR && (mode & S_ISTXT)) return (EFTYPE); - if (!groupmember(ip->i_e2fs_gid, cred) && (mode & ISGID)) + if ((kauth_cred_ismember_gid(cred, ip->i_e2fs_gid, &ismember) != 0 || + !ismember) && (mode & ISGID)) return (EPERM); } ip->i_e2fs_mode &= ~ALLPERMS; @@ -462,13 +467,13 @@ ext2fs_chmod(struct vnode *vp, int mode, * inode must be locked prior to call. */ static int -ext2fs_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred, - struct proc *p) +ext2fs_chown(struct vnode *vp, uid_t uid, gid_t gid, kauth_cred_t cred, + struct lwp *l) { struct inode *ip = VTOI(vp); uid_t ouid; gid_t ogid; - int error = 0; + int error = 0, ismember = 0; if (uid == (uid_t)VNOVAL) uid = ip->i_e2fs_uid; @@ -479,10 +484,12 @@ ext2fs_chown(struct vnode *vp, uid_t uid * of the file, or are not a member of the target group, * the caller must be superuser or the call fails. */ - if ((cred->cr_uid != ip->i_e2fs_uid || uid != ip->i_e2fs_uid || - (gid != ip->i_e2fs_gid && - !(cred->cr_gid == gid || groupmember((gid_t)gid, cred)))) && - (error = suser(cred, &p->p_acflag))) + if ((kauth_cred_geteuid(cred) != ip->i_e2fs_uid || uid != ip->i_e2fs_uid || + (gid != ip->i_e2fs_gid && + !(kauth_cred_getegid(cred) == gid || + (kauth_cred_ismember_gid(cred, gid, &ismember) == 0 && ismember)))) && + (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, + &l->l_acflag))) return (error); ogid = ip->i_e2fs_gid; ouid = ip->i_e2fs_uid; @@ -491,9 +498,9 @@ ext2fs_chown(struct vnode *vp, uid_t uid ip->i_e2fs_uid = uid; if (ouid != uid || ogid != gid) ip->i_flag |= IN_CHANGE; - if (ouid != uid && cred->cr_uid != 0) + if (ouid != uid && kauth_cred_geteuid(cred) != 0) ip->i_e2fs_mode &= ~ISUID; - if (ogid != gid && cred->cr_uid != 0) + if (ogid != gid && kauth_cred_geteuid(cred) != 0) ip->i_e2fs_mode &= ~ISGID; return (0); } @@ -851,9 +858,9 @@ abortit: * otherwise the destination may not be changed (except by * root). This implements append-only directories. */ - if ((dp->i_e2fs_mode & S_ISTXT) && tcnp->cn_cred->cr_uid != 0 && - tcnp->cn_cred->cr_uid != dp->i_e2fs_uid && - xp->i_e2fs_uid != tcnp->cn_cred->cr_uid) { + if ((dp->i_e2fs_mode & S_ISTXT) && kauth_cred_geteuid(tcnp->cn_cred) != 0 && + kauth_cred_geteuid(tcnp->cn_cred) != dp->i_e2fs_uid && + xp->i_e2fs_uid != kauth_cred_geteuid(tcnp->cn_cred)) { error = EPERM; goto bad; } @@ -1051,7 +1058,7 @@ ext2fs_mkdir(void *v) if ((error = ext2fs_valloc(dvp, dmode, cnp->cn_cred, &tvp)) != 0) goto out; ip = VTOI(tvp); - ip->i_e2fs_uid = cnp->cn_cred->cr_uid; + ip->i_e2fs_uid = kauth_cred_geteuid(cnp->cn_cred); ip->i_e2fs_gid = dp->i_e2fs_gid; ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; ip->i_e2fs_mode = dmode; @@ -1267,7 +1274,7 @@ ext2fs_readlink(void *v) struct vop_readlink_args /* { struct vnode *a_vp; struct uio *a_uio; - struct ucred *a_cred; + kauth_cred_t a_cred; } */ *ap = v; struct vnode *vp = ap->a_vp; struct inode *ip = VTOI(vp); @@ -1306,7 +1313,7 @@ ext2fs_fsync(void *v) { struct vop_fsync_args /* { struct vnode *a_vp; - struct ucred *a_cred; + kauth_cred_t a_cred; int a_flags; off_t offlo; off_t offhi; @@ -1326,7 +1333,7 @@ ext2fs_fsync(void *v) if (error == 0 && ap->a_flags & FSYNC_CACHE) { int l = 0; error = VOP_IOCTL(VTOI(vp)->i_devvp, DIOCCACHESYNC, &l, FWRITE, - ap->a_l->l_proc->p_ucred, ap->a_l); + ap->a_l->l_cred, ap->a_l); } return error; @@ -1340,6 +1347,7 @@ int ext2fs_vinit(struct mount *mntp, int (**specops)(void *), int (**fifoops)(void *), struct vnode **vpp) { + struct timeval tv; struct inode *ip; struct vnode *vp, *nvp; @@ -1385,8 +1393,9 @@ ext2fs_vinit(struct mount *mntp, int (** /* * Initialize modrev times */ - SETHIGH(ip->i_modrev, mono_time.tv_sec); - SETLOW(ip->i_modrev, mono_time.tv_usec * 4294); + getmicrouptime(&tv); + SETHIGH(ip->i_modrev, tv.tv_sec); + SETLOW(ip->i_modrev, tv.tv_usec * 4294); *vpp = vp; return (0); } @@ -1400,7 +1409,7 @@ ext2fs_makeinode(int mode, struct vnode { struct inode *ip, *pdir; struct vnode *tvp; - int error; + int error, ismember = 0; pdir = VTOI(dvp); #ifdef DIAGNOSTIC @@ -1418,14 +1427,14 @@ ext2fs_makeinode(int mode, struct vnode } ip = VTOI(tvp); ip->i_e2fs_gid = pdir->i_e2fs_gid; - ip->i_e2fs_uid = cnp->cn_cred->cr_uid; + ip->i_e2fs_uid = kauth_cred_geteuid(cnp->cn_cred); ip->i_flag |= IN_ACCESS | IN_CHANGE | IN_UPDATE; ip->i_e2fs_mode = mode; tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ ip->i_e2fs_nlink = 1; - if ((ip->i_e2fs_mode & ISGID) && - !groupmember(ip->i_e2fs_gid, cnp->cn_cred) && - suser(cnp->cn_cred, NULL)) + if ((ip->i_e2fs_mode & ISGID) && (kauth_cred_ismember_gid(cnp->cn_cred, + ip->i_e2fs_gid, &ismember) != 0 || !ismember) && + kauth_authorize_generic(cnp->cn_cred, KAUTH_GENERIC_ISSUSER, NULL)) ip->i_e2fs_mode &= ~ISGID; /*