Date: Mon, 11 Jan 2010 15:24:06 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 172965 for review Message-ID: <201001111524.o0BFO6OF078044@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/chv.cgi?CH=172965 Change 172965 by rwatson@rwatson_vimage_client on 2010/01/11 15:23:44 Make post fooat(2) capability support in vfs_syscalls.c compile when "options CAPABILITIES" is not present. Do a bit of style cleanup, and prefer NULL to 0 when talking about pointers. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/sys/kern/vfs_syscalls.c#24 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/vfs_syscalls.c#24 (text+ko) ==== @@ -159,23 +159,26 @@ return (0); } -/* +#ifdef CAPABILITIES +/*- * Get the "base" vnode defined by a user file descriptor. * - * Several *at() system calls are now supported in capability mode. This function - * finds out what their "*at base" vnode, which is needed by namei(), should be: + * Several *at() system calls are now supported in capability mode. This + * function finds out what their "*at base" vnode, which is needed by + * namei(), should be: * - * 1. In non-capability (and thus unconstrained) mode, *base = 0. - * 2. In capability mode, base is the vnode given by the fd parameter, subject to - * the condition that the supplied 'rights' parameter (OR'ed with CAP_LOOKUP - * and CAP_ATBASE) is satisfied. The vnode is returned with a shared lock. + * 1. In non-capability (and thus unconstrained) mode, *base = NULL. + * 2. In capability mode, base is the vnode given by the fd parameter, + * subject to the condition that the supplied 'rights' parameter (OR'ed + * with CAP_LOOKUP and CAP_ATBASE) is satisfied. The vnode is returned + * with a shared lock. */ int fgetbase(struct thread *td, int fd, cap_rights_t rights, struct vnode **base) { + if (!(td->td_ucred->cr_flags & CRED_FLAG_CAPMODE)) - *base = 0; - + *base = NULL; else { int error; @@ -188,10 +191,9 @@ return (error); } } - - return 0; + return (0); } - +#endif /* * Sync each mounted filesystem. @@ -1126,7 +1128,7 @@ struct proc *p = td->td_proc; struct filedesc *fdp = p->p_fd; struct file *fp; - struct vnode *vp, *base = 0; + struct vnode *vp, *base = NULL; struct vattr vat; struct mount *mp; int cmode; @@ -1152,9 +1154,9 @@ else flags = FFLAGS(flags); +#ifdef CAPABILITIES /* get capability info of base FD */ - if (fd >= 0) - { + if (fd >= 0) { struct file *f; const cap_rights_t LOOKUP_RIGHTS = CAP_LOOKUP | CAP_ATBASE; @@ -1169,35 +1171,32 @@ error = cap_fextract(f, LOOKUP_RIGHTS, &real_fp); /* hold the underlying file, not the capability */ - if (error == 0) fhold(real_fp); + if (error == 0) + fhold(real_fp); fdrop(f, td); f = real_fp; - } - else if (error == EINVAL) + } else if (error == EINVAL) /* not a capability; get the real file pointer */ error = fget(td, fd, LOOKUP_RIGHTS, &f); - - /* if in capability mode, get base vnode (for namei) */ if (!error && (td->td_ucred->cr_flags & CRED_FLAG_CAPMODE)) { base = f->f_vnode; vref(base); } - /* don't need to hold the base any more */ - if (f != NULL) fdrop(f, td); + if (f != NULL) + fdrop(f, td); if (error) { FILEDESC_SUNLOCK(fdp); return (error); - } - else + } else FILEDESC_SUNLOCK(fdp); } - +#endif /* * allocate the file descriptor, but only add it to the descriptor @@ -1241,7 +1240,10 @@ * Clean up the descriptor, but only if another thread hadn't * replaced or closed it. */ - if (base) vrele(base); +#ifdef CAPABILITIES + if (base) + vrele(base); +#endif fdclose(fdp, fp, indx, td); fdrop(fp, td); @@ -1301,26 +1303,35 @@ VFS_UNLOCK_GIANT(vfslocked); success: +#ifdef CAPABILITIES if (baserights != -1) { /* wrap the result in a capability */ struct file *cap; error = kern_capwrap(td, fp, baserights, &cap, &indx); - if (error) goto bad_unlocked; + if (error) + goto bad_unlocked; } +#endif /* * Release our private reference, leaving the one associated with * the descriptor table intact. */ - if (base) vrele(base); +#ifdef CAPABILITIES + if (base) + vrele(base); +#endif fdrop(fp, td); td->td_retval[0] = indx; return (0); bad: VFS_UNLOCK_GIANT(vfslocked); +#ifdef CAPABILITIES bad_unlocked: - if (base) vrele(base); + if (base) + vrele(base); +#endif fdclose(fdp, fp, indx, td); fdrop(fp, td); return (error); @@ -2253,7 +2264,7 @@ int flags, int mode) { struct ucred *cred, *tmpcred; - struct vnode *vp, *base = 0; + struct vnode *vp, *base = NULL; struct nameidata nd; int vfslocked; int error; @@ -2273,9 +2284,11 @@ cred = tmpcred = td->td_ucred; AUDIT_ARG_VALUE(mode); +#ifdef CAPABILITIES /* get *at base vnode for namei() */ if ((error = fgetbase(td, fd, CAP_FSTAT, &base))) return (error); +#endif NDINIT_ATBASE(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | MPSAFE | AUDITVNODE1, pathseg, path, fd, base, td); @@ -2293,7 +2306,10 @@ td->td_ucred = cred; crfree(tmpcred); } - if (base) vput(base); +#ifdef CAPABILITIES + if (base) + vput(base); +#endif return (error); } @@ -3042,17 +3058,22 @@ struct nameidata nd; int vfslocked; int follow; - struct vnode *base; + struct vnode *base = NULL; AUDIT_ARG_MODE(mode); follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW; +#ifdef CAPABILITIES if ((error = fgetbase(td, fd, CAP_FCHMOD, &base))) return (error); +#endif - NDINIT_ATBASE(&nd, LOOKUP, follow | MPSAFE | AUDITVNODE1, pathseg, path, - fd, base, td); + NDINIT_ATBASE(&nd, LOOKUP, follow | MPSAFE | AUDITVNODE1, pathseg, + path, fd, base, td); error = namei(&nd); - if (base) vput(base); +#ifdef CAPABILITIES + if (base) + vput(base); +#endif if (error) return (error);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001111524.o0BFO6OF078044>