Differential D24777 Diff 72133 head/sys/fs/fuse/fuse_vnops.c

Changeset View

Standalone View

head/sys/fs/fuse/fuse_vnops.c

Show First 20 Lines • Show All 229 Lines • ▼ Show 20 Lines

/* Check permission for extattr operations, much like extattr_check_cred */		/* Check permission for extattr operations, much like extattr_check_cred */
static int		static int
fuse_extattr_check_cred(struct vnode vp, int ns, struct ucred cred,		fuse_extattr_check_cred(struct vnode vp, int ns, struct ucred cred,
struct thread *td, accmode_t accmode)		struct thread *td, accmode_t accmode)
{		{
struct mount *mp = vnode_mount(vp);		struct mount *mp = vnode_mount(vp);
struct fuse_data *data = fuse_get_mpdata(mp);		struct fuse_data *data = fuse_get_mpdata(mp);
		int default_permissions = data->dataflags & FSESS_DEFAULT_PERMISSIONS;

/*		/*
* Kernel-invoked always succeeds.		* Kernel-invoked always succeeds.
*/		*/
if (cred == NOCRED)		if (cred == NOCRED)
return (0);		return (0);

/*		/*
* Do not allow privileged processes in jail to directly manipulate		* Do not allow privileged processes in jail to directly manipulate
* system attributes.		* system attributes.
*/		*/
switch (ns) {		switch (ns) {
case EXTATTR_NAMESPACE_SYSTEM:		case EXTATTR_NAMESPACE_SYSTEM:
if (data->dataflags & FSESS_DEFAULT_PERMISSIONS) {		if (default_permissions) {
return (priv_check_cred(cred, PRIV_VFS_EXTATTR_SYSTEM));		return (priv_check_cred(cred, PRIV_VFS_EXTATTR_SYSTEM));
}		}
/* FALLTHROUGH */		return (0);
case EXTATTR_NAMESPACE_USER:		case EXTATTR_NAMESPACE_USER:
		if (default_permissions) {
return (fuse_internal_access(vp, accmode, td, cred));		return (fuse_internal_access(vp, accmode, td, cred));
		}
		return (0);
default:		default:
return (EPERM);		return (EPERM);
}		}
}		}

/* Get a filehandle for a directory */		/* Get a filehandle for a directory */
static int		static int
fuse_filehandle_get_dir(struct vnode vp, struct fuse_filehandle *fufhp,		fuse_filehandle_get_dir(struct vnode vp, struct fuse_filehandle *fufhp,
▲ Show 20 Lines • Show All 715 Lines • ▼ Show 20 Lines	fuse_vnop_lookup(struct vop_lookup_args *ap)
struct thread *td = cnp->cn_thread;		struct thread *td = cnp->cn_thread;
struct ucred *cred = cnp->cn_cred;		struct ucred *cred = cnp->cn_cred;

int nameiop = cnp->cn_nameiop;		int nameiop = cnp->cn_nameiop;
int flags = cnp->cn_flags;		int flags = cnp->cn_flags;
int wantparent = flags & (LOCKPARENT \| WANTPARENT);		int wantparent = flags & (LOCKPARENT \| WANTPARENT);
int islastcn = flags & ISLASTCN;		int islastcn = flags & ISLASTCN;
struct mount *mp = vnode_mount(dvp);		struct mount *mp = vnode_mount(dvp);
		struct fuse_data *data = fuse_get_mpdata(mp);
		int default_permissions = data->dataflags & FSESS_DEFAULT_PERMISSIONS;

int err = 0;		int err = 0;
int lookup_err = 0;		int lookup_err = 0;
struct vnode *vp = NULL;		struct vnode *vp = NULL;

struct fuse_dispatcher fdi;		struct fuse_dispatcher fdi;
bool did_lookup = false;		bool did_lookup = false;
struct fuse_entry_out *feo = NULL;		struct fuse_entry_out *feo = NULL;
▲ Show 20 Lines • Show All 107 Lines • ▼ Show 20 Lines	if (lookup_err && (!fdi.answ_stat \|\| lookup_err != ENOENT)) {
return lookup_err;		return lookup_err;
}		}
}		}
/* lookup_err, if non-zero, must be ENOENT at this point */		/* lookup_err, if non-zero, must be ENOENT at this point */

if (lookup_err) {		if (lookup_err) {
/* Entry not found */		/* Entry not found */
if ((nameiop == CREATE \|\| nameiop == RENAME) && islastcn) {		if ((nameiop == CREATE \|\| nameiop == RENAME) && islastcn) {
err = fuse_internal_access(dvp, VWRITE, td, cred);		if (default_permissions)
		err = fuse_internal_access(dvp, VWRITE, td,
		cred);
		else
		err = 0;
if (!err) {		if (!err) {
/*		/*
* Set the SAVENAME flag to hold onto the		* Set the SAVENAME flag to hold onto the
* pathname for use later in VOP_CREATE or		* pathname for use later in VOP_CREATE or
* VOP_RENAME.		* VOP_RENAME.
*/		*/
cnp->cn_flags \|= SAVENAME;		cnp->cn_flags \|= SAVENAME;

▲ Show 20 Lines • Show All 66 Lines • ▼ Show 20 Lines	if (flags & ISDOTDOT) {
MPASS(feo != NULL);		MPASS(feo != NULL);
fuse_internal_cache_attrs(*vpp, &feo->attr,		fuse_internal_cache_attrs(*vpp, &feo->attr,
feo->attr_valid, feo->attr_valid_nsec, NULL);		feo->attr_valid, feo->attr_valid_nsec, NULL);
fuse_validity_2_bintime(feo->entry_valid,		fuse_validity_2_bintime(feo->entry_valid,
feo->entry_valid_nsec,		feo->entry_valid_nsec,
&fvdat->entry_cache_timeout);		&fvdat->entry_cache_timeout);

if ((nameiop == DELETE \|\| nameiop == RENAME) &&		if ((nameiop == DELETE \|\| nameiop == RENAME) &&
islastcn)		islastcn && default_permissions)
{		{
struct vattr dvattr;		struct vattr dvattr;

err = fuse_internal_access(dvp, VWRITE, td,		err = fuse_internal_access(dvp, VWRITE, td,
cred);		cred);
if (err != 0)		if (err != 0)
goto out;		goto out;
/*		/*
▲ Show 20 Lines • Show All 620 Lines • ▼ Show 20 Lines	if (checkperm && (vap->va_mode & S_ISGID)) {
}		}
}		}
accmode \|= VADMIN;		accmode \|= VADMIN;
}		}

if (vfs_isrdonly(mp))		if (vfs_isrdonly(mp))
return EROFS;		return EROFS;

		if (checkperm) {
err = fuse_internal_access(vp, accmode, td, cred);		err = fuse_internal_access(vp, accmode, td, cred);
		} else {
		err = 0;
		}
if (err)		if (err)
return err;		return err;
else		else
return fuse_internal_setattr(vp, vap, td, cred);		return fuse_internal_setattr(vp, vap, td, cred);
}		}

/*		/*
struct vnop_strategy_args {		struct vnop_strategy_args {
▲ Show 20 Lines • Show All 660 Lines • Show Last 20 Lines