Date: Sat, 30 Jan 2010 19:23:56 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r203219 - in projects/capabilities8/sys: kern sys Message-ID: <201001301923.o0UJNub1084499@svn.freebsd.org>
index | next in thread | raw e-mail
Author: rwatson Date: Sat Jan 30 19:23:56 2010 New Revision: 203219 URL: http://svn.freebsd.org/changeset/base/203219 Log: Merge c171323 from the p4 TrustedBSD Capabilities branch to capabilities8: Refactored out fgetbase(), which will be used for other syscalls besides faccessat() Submitted by: Jonathan Anderson <jonathan.anderson at cl.cam.ac.uk> Modified: projects/capabilities8/sys/kern/vfs_syscalls.c projects/capabilities8/sys/sys/capability.h projects/capabilities8/sys/sys/filedesc.h Modified: projects/capabilities8/sys/kern/vfs_syscalls.c ============================================================================== --- projects/capabilities8/sys/kern/vfs_syscalls.c Sat Jan 30 19:20:36 2010 (r203218) +++ projects/capabilities8/sys/kern/vfs_syscalls.c Sat Jan 30 19:23:56 2010 (r203219) @@ -160,6 +160,40 @@ getvnode_cap(struct filedesc *fdp, int f } /* + * Get the "base" vnode defined by a user file descriptor. + * + * Several *at() system calls are now supported in capability mode. This function + * finds out what their "*at base" vnode, which is needed by namei(), should be: + * + * 1. In non-capability (and thus unconstrained) mode, base = 0. + * 2. In capability mode, base is the vnode given by the fd parameter, subject to + * the condition that the supplied 'rights' parameter (OR'ed with CAP_LOOKUP + * and CAP_ATBASE) is satisfied. The vnode is returned with a shared lock. + */ +int +fgetbase(struct thread *td, int fd, cap_rights_t rights, struct vnode **base) +{ + if (!(td->td_ucred->cr_flags & CRED_FLAG_CAPMODE)) + base = 0; + + else { + int error; + + error = fgetvp(td, fd, rights | CAP_LOOKUP | CAP_ATBASE, base); + if (error) + return (error); + + if ((error = vn_lock(*base, LK_SHARED))) { + vrele(*base); + return (error); + } + } + + return 0; +} + + +/* * Sync each mounted filesystem. */ #ifndef _SYS_SYSPROTO_H_ @@ -2239,21 +2273,9 @@ kern_accessat(struct thread *td, int fd, cred = tmpcred = td->td_ucred; AUDIT_ARG_VALUE(mode); - /* - * if a relative base was specified and we're in capability mode, find - * the vnode of the base so that namei() can restrict itself accordingly - */ - if ((cred->cr_flags & CRED_FLAG_CAPMODE) && (fd >= 0)) { - - if ((error = fgetvp(td, fd, CAP_LOOKUP | CAP_ATBASE, &base))) - /* XXX: more CAP_FOO? */ - return (error); - - if ((error = vn_lock(base, LK_SHARED))) { - vrele (base); - return (error); - } - } + /* get *at base vnode for namei() */ + if ((error = fgetbase(td, fd, CAP_FSTAT, &base))) + return (error); NDINIT_ATBASE(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | MPSAFE | AUDITVNODE1, pathseg, path, fd, base, td); Modified: projects/capabilities8/sys/sys/capability.h ============================================================================== --- projects/capabilities8/sys/sys/capability.h Sat Jan 30 19:20:36 2010 (r203218) +++ projects/capabilities8/sys/sys/capability.h Sat Jan 30 19:23:56 2010 (r203219) @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#26 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#27 $ */ /* @@ -52,7 +52,7 @@ #define CAP_GETSOCKNAME 0x0000000000000010ULL /* getsockname */ #define CAP_FCHFLAGS 0x0000000000000020ULL /* fchflags */ #define CAP_IOCTL 0x0000000000000040ULL /* ioctl */ -#define CAP_FSTAT 0x0000000000000080ULL /* fstat */ +#define CAP_FSTAT 0x0000000000000080ULL /* fstat, faccessat */ #define CAP_MMAP 0x0000000000000100ULL /* mmap */ #define CAP_FCNTL 0x0000000000000200ULL /* fcntl */ #define CAP_EVENT 0x0000000000000400ULL /* select/poll */ Modified: projects/capabilities8/sys/sys/filedesc.h ============================================================================== --- projects/capabilities8/sys/sys/filedesc.h Sat Jan 30 19:20:36 2010 (r203218) +++ projects/capabilities8/sys/sys/filedesc.h Sat Jan 30 19:23:56 2010 (r203219) @@ -130,6 +130,8 @@ struct filedesc_to_leader * int getvnode(struct filedesc *fdp, int fd, struct file **fpp); int getvnode_cap(struct filedesc *fdp, int fd, cap_rights_t rights, struct file **fpp); +int fgetbase(struct thread *td, int fd, cap_rights_t rights, + struct vnode **base); void mountcheckdirs(struct vnode *olddp, struct vnode *newdp); void setugidsafety(struct thread *td);help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001301923.o0UJNub1084499>