PERFORCE change 172965 for review
Robert Watson
rwatson at FreeBSD.org
Mon Jan 11 15:24:07 UTC 2010
http://p4web.freebsd.org/chv.cgi?CH=172965
Change 172965 by rwatson at rwatson_vimage_client on 2010/01/11 15:23:44
Make post fooat(2) capability support in vfs_syscalls.c compile
when "options CAPABILITIES" is not present. Do a bit of style
cleanup, and prefer NULL to 0 when talking about pointers.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/vfs_syscalls.c#24 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/vfs_syscalls.c#24 (text+ko) ====
@@ -159,23 +159,26 @@
return (0);
}
-/*
+#ifdef CAPABILITIES
+/*-
* Get the "base" vnode defined by a user file descriptor.
*
- * Several *at() system calls are now supported in capability mode. This function
- * finds out what their "*at base" vnode, which is needed by namei(), should be:
+ * Several *at() system calls are now supported in capability mode. This
+ * function finds out what their "*at base" vnode, which is needed by
+ * namei(), should be:
*
- * 1. In non-capability (and thus unconstrained) mode, *base = 0.
- * 2. In capability mode, base is the vnode given by the fd parameter, subject to
- * the condition that the supplied 'rights' parameter (OR'ed with CAP_LOOKUP
- * and CAP_ATBASE) is satisfied. The vnode is returned with a shared lock.
+ * 1. In non-capability (and thus unconstrained) mode, *base = NULL.
+ * 2. In capability mode, base is the vnode given by the fd parameter,
+ * subject to the condition that the supplied 'rights' parameter (OR'ed
+ * with CAP_LOOKUP and CAP_ATBASE) is satisfied. The vnode is returned
+ * with a shared lock.
*/
int
fgetbase(struct thread *td, int fd, cap_rights_t rights, struct vnode **base)
{
+
if (!(td->td_ucred->cr_flags & CRED_FLAG_CAPMODE))
- *base = 0;
-
+ *base = NULL;
else {
int error;
@@ -188,10 +191,9 @@
return (error);
}
}
-
- return 0;
+ return (0);
}
-
+#endif
/*
* Sync each mounted filesystem.
@@ -1126,7 +1128,7 @@
struct proc *p = td->td_proc;
struct filedesc *fdp = p->p_fd;
struct file *fp;
- struct vnode *vp, *base = 0;
+ struct vnode *vp, *base = NULL;
struct vattr vat;
struct mount *mp;
int cmode;
@@ -1152,9 +1154,9 @@
else
flags = FFLAGS(flags);
+#ifdef CAPABILITIES
/* get capability info of base FD */
- if (fd >= 0)
- {
+ if (fd >= 0) {
struct file *f;
const cap_rights_t LOOKUP_RIGHTS = CAP_LOOKUP | CAP_ATBASE;
@@ -1169,35 +1171,32 @@
error = cap_fextract(f, LOOKUP_RIGHTS, &real_fp);
/* hold the underlying file, not the capability */
- if (error == 0) fhold(real_fp);
+ if (error == 0)
+ fhold(real_fp);
fdrop(f, td);
f = real_fp;
- }
- else if (error == EINVAL)
+ } else if (error == EINVAL)
/* not a capability; get the real file pointer */
error = fget(td, fd, LOOKUP_RIGHTS, &f);
-
-
/* if in capability mode, get base vnode (for namei) */
if (!error && (td->td_ucred->cr_flags & CRED_FLAG_CAPMODE)) {
base = f->f_vnode;
vref(base);
}
-
/* don't need to hold the base any more */
- if (f != NULL) fdrop(f, td);
+ if (f != NULL)
+ fdrop(f, td);
if (error) {
FILEDESC_SUNLOCK(fdp);
return (error);
- }
- else
+ } else
FILEDESC_SUNLOCK(fdp);
}
-
+#endif
/*
* allocate the file descriptor, but only add it to the descriptor
@@ -1241,7 +1240,10 @@
* Clean up the descriptor, but only if another thread hadn't
* replaced or closed it.
*/
- if (base) vrele(base);
+#ifdef CAPABILITIES
+ if (base)
+ vrele(base);
+#endif
fdclose(fdp, fp, indx, td);
fdrop(fp, td);
@@ -1301,26 +1303,35 @@
VFS_UNLOCK_GIANT(vfslocked);
success:
+#ifdef CAPABILITIES
if (baserights != -1) {
/* wrap the result in a capability */
struct file *cap;
error = kern_capwrap(td, fp, baserights, &cap, &indx);
- if (error) goto bad_unlocked;
+ if (error)
+ goto bad_unlocked;
}
+#endif
/*
* Release our private reference, leaving the one associated with
* the descriptor table intact.
*/
- if (base) vrele(base);
+#ifdef CAPABILITIES
+ if (base)
+ vrele(base);
+#endif
fdrop(fp, td);
td->td_retval[0] = indx;
return (0);
bad:
VFS_UNLOCK_GIANT(vfslocked);
+#ifdef CAPABILITIES
bad_unlocked:
- if (base) vrele(base);
+ if (base)
+ vrele(base);
+#endif
fdclose(fdp, fp, indx, td);
fdrop(fp, td);
return (error);
@@ -2253,7 +2264,7 @@
int flags, int mode)
{
struct ucred *cred, *tmpcred;
- struct vnode *vp, *base = 0;
+ struct vnode *vp, *base = NULL;
struct nameidata nd;
int vfslocked;
int error;
@@ -2273,9 +2284,11 @@
cred = tmpcred = td->td_ucred;
AUDIT_ARG_VALUE(mode);
+#ifdef CAPABILITIES
/* get *at base vnode for namei() */
if ((error = fgetbase(td, fd, CAP_FSTAT, &base)))
return (error);
+#endif
NDINIT_ATBASE(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | MPSAFE |
AUDITVNODE1, pathseg, path, fd, base, td);
@@ -2293,7 +2306,10 @@
td->td_ucred = cred;
crfree(tmpcred);
}
- if (base) vput(base);
+#ifdef CAPABILITIES
+ if (base)
+ vput(base);
+#endif
return (error);
}
@@ -3042,17 +3058,22 @@
struct nameidata nd;
int vfslocked;
int follow;
- struct vnode *base;
+ struct vnode *base = NULL;
AUDIT_ARG_MODE(mode);
follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
+#ifdef CAPABILITIES
if ((error = fgetbase(td, fd, CAP_FCHMOD, &base)))
return (error);
+#endif
- NDINIT_ATBASE(&nd, LOOKUP, follow | MPSAFE | AUDITVNODE1, pathseg, path,
- fd, base, td);
+ NDINIT_ATBASE(&nd, LOOKUP, follow | MPSAFE | AUDITVNODE1, pathseg,
+ path, fd, base, td);
error = namei(&nd);
- if (base) vput(base);
+#ifdef CAPABILITIES
+ if (base)
+ vput(base);
+#endif
if (error)
return (error);
More information about the p4-projects
mailing list