Date: Sun, 9 Aug 2009 22:11:57 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 167145 for review Message-ID: <200908092211.n79MBvfh011372@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=167145 Change 167145 by rwatson@rwatson_freebsd_capabilities on 2009/08/09 22:11:44 Some fcntl's need to operate on capabilities, others on the underlying objects. Refine kern_fcntl() so that the following operations are on capabilities: F_DUPFD, F_DUP2FD, F_GETFD, F_SETFD The following operations require CAP_FCNTL and affect the underlying file descriptor: F_GETFL, F_SETFL, F_GETOWN, F_SETOWN The following operations require CAP_FLOCK and affect the underlying file descriptor: F_SETLK_REMOTE, F_SETLKW, F_SETLK, F_GETLK Affected files ... .. //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_descrip.c#28 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_descrip.c#28 (text+ko) ==== @@ -404,7 +404,7 @@ } static inline struct file * -fdtofp(int fd, cap_rights_t rights, struct filedesc *fdp) +fdtofp(int fd, struct filedesc *fdp) { struct file *fp; @@ -412,13 +412,23 @@ if ((unsigned)fd >= fdp->fd_nfiles || (fp = fdp->fd_ofiles[fd]) == NULL) return (NULL); + return (fp); +} + +static inline struct file * +fdtofp_cap(int fd, cap_rights_t rights, struct filedesc *fdp) +{ + struct file *fp; + FILEDESC_LOCK_ASSERT(fdp); + if ((unsigned)fd >= fdp->fd_nfiles || + (fp = fdp->fd_ofiles[fd]) == NULL) + return (NULL); #ifdef CAPABILITIES if (fp->f_type == DTYPE_CAPABILITY) - if(cap_fextract(fp, rights, &fp)) + if (cap_fextract(fp, rights, &fp)) return (NULL); #endif /* CAPABILITIES */ - return (fp); } @@ -453,7 +463,7 @@ case F_GETFD: FILEDESC_SLOCK(fdp); - if ((fp = fdtofp(fd, CAP_READ, fdp)) == NULL) { + if ((fp = fdtofp(fd, fdp)) == NULL) { FILEDESC_SUNLOCK(fdp); error = EBADF; break; @@ -465,7 +475,7 @@ case F_SETFD: FILEDESC_XLOCK(fdp); - if ((fp = fdtofp(fd, CAP_WRITE, fdp)) == NULL) { + if ((fp = fdtofp(fd, fdp)) == NULL) { FILEDESC_XUNLOCK(fdp); error = EBADF; break; @@ -478,7 +488,7 @@ case F_GETFL: FILEDESC_SLOCK(fdp); - if ((fp = fdtofp(fd, CAP_READ, fdp)) == NULL) { + if ((fp = fdtofp_cap(fd, CAP_FCNTL, fdp)) == NULL) { FILEDESC_SUNLOCK(fdp); error = EBADF; break; @@ -489,7 +499,7 @@ case F_SETFL: FILEDESC_SLOCK(fdp); - if ((fp = fdtofp(fd, CAP_FCHFLAGS, fdp)) == NULL) { + if ((fp = fdtofp_cap(fd, CAP_FCNTL, fdp)) == NULL) { FILEDESC_SUNLOCK(fdp); error = EBADF; break; @@ -521,7 +531,7 @@ case F_GETOWN: FILEDESC_SLOCK(fdp); - if ((fp = fdtofp(fd, CAP_READ, fdp)) == NULL) { + if ((fp = fdtofp_cap(fd, CAP_FCNTL, fdp)) == NULL) { FILEDESC_SUNLOCK(fdp); error = EBADF; break; @@ -536,7 +546,7 @@ case F_SETOWN: FILEDESC_SLOCK(fdp); - if ((fp = fdtofp(fd, CAP_FCHOWN, fdp)) == NULL) { + if ((fp = fdtofp_cap(fd, CAP_FCNTL, fdp)) == NULL) { FILEDESC_SUNLOCK(fdp); error = EBADF; break; @@ -562,7 +572,7 @@ case F_SETLK: do_setlk: FILEDESC_SLOCK(fdp); - if ((fp = fdtofp(fd, CAP_FLOCK, fdp)) == NULL) { + if ((fp = fdtofp_cap(fd, CAP_FLOCK, fdp)) == NULL) { FILEDESC_SUNLOCK(fdp); error = EBADF; break; @@ -657,7 +667,7 @@ case F_GETLK: FILEDESC_SLOCK(fdp); - if ((fp = fdtofp(fd, CAP_FLOCK, fdp)) == NULL) { + if ((fp = fdtofp_cap(fd, CAP_FLOCK, fdp)) == NULL) { FILEDESC_SUNLOCK(fdp); error = EBADF; break;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908092211.n79MBvfh011372>