xref: /dragonfly/sys/kern/vfs_helper.c (revision b71f52a9) 
1 /*
2  * (The copyright below applies to ufs_access())
3  *
4  * Copyright (c) 1982, 1986, 1989, 1993, 1995
5  *	The Regents of the University of California.  All rights reserved.
6  * (c) UNIX System Laboratories, Inc.
7  * All or some portions of this file are derived from material licensed
8  * to the University of California by American Telephone and Telegraph
9  * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10  * the permission of UNIX System Laboratories, Inc.
11  *
12  * Redistribution and use in source and binary forms, with or without
13  * modification, are permitted provided that the following conditions
14  * are met:
15  * 1. Redistributions of source code must retain the above copyright
16  *    notice, this list of conditions and the following disclaimer.
17  * 2. Redistributions in binary form must reproduce the above copyright
18  *    notice, this list of conditions and the following disclaimer in the
19  *    documentation and/or other materials provided with the distribution.
20  * 3. All advertising materials mentioning features or use of this software
21  *    must display the following acknowledgement:
22  *	This product includes software developed by the University of
23  *	California, Berkeley and its contributors.
24  * 4. Neither the name of the University nor the names of its contributors
25  *    may be used to endorse or promote products derived from this software
26  *    without specific prior written permission.
27  *
28  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
29  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
30  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
31  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
32  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
36  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
37  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38  * SUCH DAMAGE.
39  *
40  * @(#)ufs_vnops.c	8.27 (Berkeley) 5/27/95
41  * $DragonFly: src/sys/kern/vfs_helper.c,v 1.5 2008/05/25 18:34:46 dillon Exp $
42  */
43 
44 #include "opt_quota.h"
45 #include "opt_suiddir.h"
46 
47 #include <sys/param.h>
48 #include <sys/systm.h>
49 #include <sys/conf.h>
50 #include <sys/kernel.h>
51 #include <sys/fcntl.h>
52 #include <sys/stat.h>
53 #include <sys/mount.h>
54 #include <sys/unistd.h>
55 #include <sys/vnode.h>
56 #include <sys/file.h>		/* XXX */
57 #include <sys/proc.h>
58 #include <sys/priv.h>
59 #include <sys/jail.h>
60 
61 /*
62  * vop_helper_access()
63  *
64  *	Provide standard UNIX semanics for VOP_ACCESS, but without the quota
65  *	code.  This procedure was basically pulled out of UFS.
66  */
67 int
68 vop_helper_access(struct vop_access_args *ap, uid_t ino_uid, gid_t ino_gid,
69 		  mode_t ino_mode, u_int32_t ino_flags)
70 {
71 	struct vnode *vp = ap->a_vp;
72 	struct ucred *cred = ap->a_cred;
73 	mode_t mask, mode = ap->a_mode;
74 	gid_t *gp;
75 	int i;
76 #ifdef QUOTA
77 	/*int error;*/
78 #endif
79 
80 	/*
81 	 * Disallow write attempts on read-only filesystems;
82 	 * unless the file is a socket, fifo, or a block or
83 	 * character device resident on the filesystem.
84 	 */
85 	if (mode & VWRITE) {
86 		switch (vp->v_type) {
87 		case VDIR:
88 		case VLNK:
89 		case VREG:
90 		case VDATABASE:
91 			if (vp->v_mount->mnt_flag & MNT_RDONLY)
92 				return (EROFS);
93 #ifdef QUOTA
94 			/* check quota here XXX */
95 #endif
96 			break;
97 		default:
98 			break;
99 		}
100 	}
101 
102 	/* If immutable bit set, nobody gets to write it. */
103 	if ((mode & VWRITE) && (ino_flags & IMMUTABLE))
104 		return (EPERM);
105 
106 	/* Otherwise, user id 0 always gets access. */
107 	if (cred->cr_uid == 0)
108 		return (0);
109 
110 	mask = 0;
111 
112 	/* Otherwise, check the owner. */
113 	if (cred->cr_uid == ino_uid) {
114 		if (mode & VEXEC)
115 			mask |= S_IXUSR;
116 		if (mode & VREAD)
117 			mask |= S_IRUSR;
118 		if (mode & VWRITE)
119 			mask |= S_IWUSR;
120 		return ((ino_mode & mask) == mask ? 0 : EACCES);
121 	}
122 
123 	/* Otherwise, check the groups. */
124 	for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups; i++, gp++)
125 		if (ino_gid == *gp) {
126 			if (mode & VEXEC)
127 				mask |= S_IXGRP;
128 			if (mode & VREAD)
129 				mask |= S_IRGRP;
130 			if (mode & VWRITE)
131 				mask |= S_IWGRP;
132 			return ((ino_mode & mask) == mask ? 0 : EACCES);
133 		}
134 
135 	/* Otherwise, check everyone else. */
136 	if (mode & VEXEC)
137 		mask |= S_IXOTH;
138 	if (mode & VREAD)
139 		mask |= S_IROTH;
140 	if (mode & VWRITE)
141 		mask |= S_IWOTH;
142 	return ((ino_mode & mask) == mask ? 0 : EACCES);
143 }
144 
145 int
146 vop_helper_setattr_flags(u_int32_t *ino_flags, u_int32_t vaflags,
147 			 uid_t uid, struct ucred *cred)
148 {
149 	int error;
150 
151 	/*
152 	 * If uid doesn't match only a privileged user can change the flags
153 	 */
154 	if (cred->cr_uid != uid &&
155 	    (error = priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0))) {
156 		return(error);
157 	}
158 	if (cred->cr_uid == 0 &&
159 	    (!jailed(cred)|| jail_chflags_allowed)) {
160 		if ((*ino_flags & (SF_NOUNLINK|SF_IMMUTABLE|SF_APPEND)) &&
161 		    securelevel > 0)
162 			return (EPERM);
163 		*ino_flags = vaflags;
164 	} else {
165 		if (*ino_flags & (SF_NOUNLINK|SF_IMMUTABLE|SF_APPEND) ||
166 		    (vaflags & UF_SETTABLE) != vaflags)
167 			return (EPERM);
168 		*ino_flags &= SF_SETTABLE;
169 		*ino_flags |= vaflags & UF_SETTABLE;
170 	}
171 	return(0);
172 }
173 
174 /*
175  * This helper function may be used by VFSs to implement UNIX initial
176  * ownership semantics when creating new objects inside directories.
177  */
178 uid_t
179 vop_helper_create_uid(struct mount *mp, mode_t dmode, uid_t duid,
180 		      struct ucred *cred, mode_t *modep)
181 {
182 #ifdef SUIDDIR
183 	if ((mp->mnt_flag & MNT_SUIDDIR) && (dmode & S_ISUID) &&
184 	    duid != cred->cr_uid && duid) {
185 		*modep &= ~07111;
186 		return(duid);
187 	}
188 #endif
189 	return(cred->cr_uid);
190 }
191 
192 /*
193  * This helper may be used by VFSs to implement unix chmod semantics.
194  *
195  * XXX TEMPORARY chmod override for VCHR devices.  Allow the device to
196  *		 override the uid if the uid is not root.  This is used
197  *		 by pty's to set the owner for the related tty.
198  *
199  * XXX REMOVE THE OVERRIDE WHEN DEVFS IS MERGED.
200  */
201 int
202 vop_helper_chmod(struct vnode *vp, mode_t new_mode, struct ucred *cred,
203 		 uid_t cur_uid, gid_t cur_gid, mode_t *cur_modep)
204 {
205 	int error;
206 	cdev_t dev;
207 
208 	/*
209 	 * HACK to support openpty().  If called by root openpty() chown's
210 	 * the tty and we allow this.  If not called by root the kernel
211 	 * saves the uid in si_uid and if the tty is not owned by root we
212 	 * override it here.
213 	 *
214 	 * NOTE: The vnode might not be open so v_rdev might not be assigned.
215 	 */
216 	if (vp->v_type == VCHR && cur_uid == 0) {
217 		if ((dev = vp->v_rdev) == NULL)
218 			dev = get_dev(vp->v_umajor, vp->v_uminor);
219 		if (dev)
220 			cur_uid = dev->si_uid;
221 	}
222 
223 	if (cred->cr_uid != cur_uid) {
224 		error = priv_check_cred(cred, PRIV_VFS_CHMOD, 0);
225 		if (error)
226 			return (error);
227 	}
228 	if (cred->cr_uid) {
229 		if (vp->v_type != VDIR && (*cur_modep & S_ISTXT))
230 			return (EFTYPE);
231 		if (!groupmember(cur_gid, cred) && (*cur_modep & S_ISGID))
232 			return (EPERM);
233 	}
234 	*cur_modep &= ~ALLPERMS;
235 	*cur_modep |= new_mode & ALLPERMS;
236 	return(0);
237 }
238 
239 /*
240  * This helper may be used by VFSs to implement unix chown semantics.
241  */
242 int
243 vop_helper_chown(struct vnode *vp, uid_t new_uid, gid_t new_gid,
244 		 struct ucred *cred,
245 		 uid_t *cur_uidp, gid_t *cur_gidp, mode_t *cur_modep)
246 {
247 	gid_t ogid;
248 	uid_t ouid;
249 	int error;
250 
251 	if (new_uid == (uid_t)VNOVAL)
252 		new_uid = *cur_uidp;
253 	if (new_gid == (gid_t)VNOVAL)
254 		new_gid = *cur_gidp;
255 
256 	/*
257 	 * If we don't own the file, are trying to change the owner
258 	 * of the file, or are not a member of the target group,
259 	 * the caller must be privileged or the call fails.
260 	 */
261 	if ((cred->cr_uid != *cur_uidp || new_uid != *cur_uidp ||
262 	    (new_gid != *cur_gidp && !(cred->cr_gid == new_gid ||
263 	    groupmember(new_gid, cred)))) &&
264 	    (error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0))) {
265 		return (error);
266 	}
267 	ogid = *cur_gidp;
268 	ouid = *cur_uidp;
269 	/* XXX QUOTA CODE */
270 	*cur_uidp = new_uid;
271 	*cur_gidp = new_gid;
272 	/* XXX QUOTA CODE */
273 
274 	/*
275 	 * DragonFly clears both SUID and SGID if either the owner or
276 	 * group is changed and root isn't doing it.  If root is doing
277 	 * it we do not clear SUID/SGID.
278 	 */
279 	if (cred->cr_uid != 0 && (ouid != new_uid || ogid != new_gid))
280 		*cur_modep &= ~(S_ISUID | S_ISGID);
281 	return(0);
282 }
283 
284