Index: head/sys/kern/vfs_acl.c =================================================================== --- head/sys/kern/vfs_acl.c +++ head/sys/kern/vfs_acl.c @@ -67,12 +67,21 @@ MALLOC_DEFINE(M_ACL, "acl", "Access Control Lists"); + +static int kern___acl_aclcheck_path(struct thread *td, const char *path, + acl_type_t type, struct acl *aclp, int follow); +static int kern___acl_delete_path(struct thread *td, const char *path, + acl_type_t type, int follow); +static int kern___acl_get_path(struct thread *td, const char *path, + acl_type_t type, struct acl *aclp, int follow); +static int kern___acl_set_path(struct thread *td, const char *path, + acl_type_t type, const struct acl *aclp, int follow); static int vacl_set_acl(struct thread *td, struct vnode *vp, - acl_type_t type, struct acl *aclp); + acl_type_t type, const struct acl *aclp); static int vacl_get_acl(struct thread *td, struct vnode *vp, acl_type_t type, struct acl *aclp); static int vacl_aclcheck(struct thread *td, struct vnode *vp, - acl_type_t type, struct acl *aclp); + acl_type_t type, const struct acl *aclp); int acl_copy_oldacl_into_acl(const struct oldacl *source, struct acl *dest) @@ -130,7 +139,7 @@ * format. */ static int -acl_copyin(void *user_acl, struct acl *kernel_acl, acl_type_t type) +acl_copyin(const void *user_acl, struct acl *kernel_acl, acl_type_t type) { int error; struct oldacl old; @@ -154,7 +163,7 @@ } static int -acl_copyout(struct acl *kernel_acl, void *user_acl, acl_type_t type) +acl_copyout(const struct acl *kernel_acl, void *user_acl, acl_type_t type) { uint32_t am; int error; @@ -218,7 +227,7 @@ */ static int vacl_set_acl(struct thread *td, struct vnode *vp, acl_type_t type, - struct acl *aclp) + const struct acl *aclp) { struct acl *inkernelacl; struct mount *mp; @@ -319,7 +328,7 @@ */ static int vacl_aclcheck(struct thread *td, struct vnode *vp, acl_type_t type, - struct acl *aclp) + const struct acl *aclp) { struct acl *inkernelacl; int error; @@ -346,17 +355,9 @@ int sys___acl_get_file(struct thread *td, struct __acl_get_file_args *uap) { - struct nameidata nd; - int error; - NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, - td); - error = namei(&nd); - if (error == 0) { - error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp); - NDFREE(&nd, 0); - } - return (error); + return (kern___acl_get_path(td, uap->path, uap->type, uap->aclp, + FOLLOW)); } /* @@ -365,14 +366,22 @@ int sys___acl_get_link(struct thread *td, struct __acl_get_link_args *uap) { + + return(kern___acl_get_path(td, uap->path, uap->type, uap->aclp, + NOFOLLOW)); +} + +static int +kern___acl_get_path(struct thread *td, const char *path, acl_type_t type, + struct acl *aclp, int follow) +{ struct nameidata nd; int error; - NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, - td); + NDINIT(&nd, LOOKUP, follow | AUDITVNODE1, UIO_USERSPACE, path, td); error = namei(&nd); if (error == 0) { - error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp); + error = vacl_get_acl(td, nd.ni_vp, type, aclp); NDFREE(&nd, 0); } return (error); @@ -384,17 +393,9 @@ int sys___acl_set_file(struct thread *td, struct __acl_set_file_args *uap) { - struct nameidata nd; - int error; - NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, - td); - error = namei(&nd); - if (error == 0) { - error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp); - NDFREE(&nd, 0); - } - return (error); + return(kern___acl_set_path(td, uap->path, uap->type, uap->aclp, + FOLLOW)); } /* @@ -403,14 +404,22 @@ int sys___acl_set_link(struct thread *td, struct __acl_set_link_args *uap) { + + return(kern___acl_set_path(td, uap->path, uap->type, uap->aclp, + NOFOLLOW)); +} + +static int +kern___acl_set_path(struct thread *td, const char *path, + acl_type_t type, const struct acl *aclp, int follow) +{ struct nameidata nd; int error; - NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNODE1, UIO_USERSPACE, uap->path, - td); + NDINIT(&nd, LOOKUP, follow | AUDITVNODE1, UIO_USERSPACE, path, td); error = namei(&nd); if (error == 0) { - error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp); + error = vacl_set_acl(td, nd.ni_vp, type, aclp); NDFREE(&nd, 0); } return (error); @@ -462,16 +471,8 @@ int sys___acl_delete_file(struct thread *td, struct __acl_delete_file_args *uap) { - struct nameidata nd; - int error; - NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td); - error = namei(&nd); - if (error == 0) { - error = vacl_delete(td, nd.ni_vp, uap->type); - NDFREE(&nd, 0); - } - return (error); + return (kern___acl_delete_path(td, uap->path, uap->type, FOLLOW)); } /* @@ -480,13 +481,21 @@ int sys___acl_delete_link(struct thread *td, struct __acl_delete_link_args *uap) { + + return (kern___acl_delete_path(td, uap->path, uap->type, NOFOLLOW)); +} + +static int +kern___acl_delete_path(struct thread *td, const char *path, + acl_type_t type, int follow) +{ struct nameidata nd; int error; - NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td); + NDINIT(&nd, LOOKUP, follow, UIO_USERSPACE, path, td); error = namei(&nd); if (error == 0) { - error = vacl_delete(td, nd.ni_vp, uap->type); + error = vacl_delete(td, nd.ni_vp, type); NDFREE(&nd, 0); } return (error); @@ -518,16 +527,9 @@ int sys___acl_aclcheck_file(struct thread *td, struct __acl_aclcheck_file_args *uap) { - struct nameidata nd; - int error; - NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td); - error = namei(&nd); - if (error == 0) { - error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp); - NDFREE(&nd, 0); - } - return (error); + return (kern___acl_aclcheck_path(td, uap->path, uap->type, uap->aclp, + FOLLOW)); } /* @@ -536,13 +538,21 @@ int sys___acl_aclcheck_link(struct thread *td, struct __acl_aclcheck_link_args *uap) { + return (kern___acl_aclcheck_path(td, uap->path, uap->type, uap->aclp, + NOFOLLOW)); +} + +static int +kern___acl_aclcheck_path(struct thread *td, const char *path, acl_type_t type, + struct acl *aclp, int follow) +{ struct nameidata nd; int error; - NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td); + NDINIT(&nd, LOOKUP, follow, UIO_USERSPACE, path, td); error = namei(&nd); if (error == 0) { - error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp); + error = vacl_aclcheck(td, nd.ni_vp, type, aclp); NDFREE(&nd, 0); } return (error);