summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Bushnell <thomas@gnu.org>1999-02-19 07:45:38 +0000
committerThomas Bushnell <thomas@gnu.org>1999-02-19 07:45:38 +0000
commitb4d4e7e9b8ca92adddbb2c19bb1c3d1beda23441 (patch)
treed32663d27d6836afbc5ca79fcc852f7cd778b748
parentb2a6f425757ea52463ec2353712cc79b3446f60c (diff)
1999-02-06 Mark Kettenis <kettenis@gnu.org>
* trivfs.h (trivfs_check_access_hook): New variable. * fsys-getroot.c (trivfs_S_fsys_getroot): Use trivfs_check_acces_hook. * dir-lookup.c (trivfs_S_dir_lookup): Likewise. * file-access.c (trivfs_S_file_check_access): Likewise.
-rw-r--r--libtrivfs/ChangeLog8
-rw-r--r--libtrivfs/dir-lookup.c6
-rw-r--r--libtrivfs/file-access.c7
-rw-r--r--libtrivfs/fsys-getroot.c18
-rw-r--r--libtrivfs/trivfs.h9
5 files changed, 39 insertions, 9 deletions
diff --git a/libtrivfs/ChangeLog b/libtrivfs/ChangeLog
index 179dd833..e2599b56 100644
--- a/libtrivfs/ChangeLog
+++ b/libtrivfs/ChangeLog
@@ -1,3 +1,11 @@
+1999-02-06 Mark Kettenis <kettenis@gnu.org>
+
+ * trivfs.h (trivfs_check_access_hook): New variable.
+ * fsys-getroot.c (trivfs_S_fsys_getroot): Use
+ trivfs_check_acces_hook.
+ * dir-lookup.c (trivfs_S_dir_lookup): Likewise.
+ * file-access.c (trivfs_S_file_check_access): Likewise.
+
1999-02-16 Roland McGrath <roland@baalperazim.frob.com>
* io-revoke.c: Add reply, reply_type args.
diff --git a/libtrivfs/dir-lookup.c b/libtrivfs/dir-lookup.c
index 80677711..5a10bf22 100644
--- a/libtrivfs/dir-lookup.c
+++ b/libtrivfs/dir-lookup.c
@@ -49,7 +49,11 @@ trivfs_S_dir_lookup (struct trivfs_protid *cred,
flags &= ~(O_CREAT|O_EXCL|O_NOLINK|O_NOTRANS);
/* Validate permissions */
- file_check_access (cred->realnode, &perms);
+ if (! trivfs_check_access_hook)
+ file_check_access (cred->realnode, &perms);
+ else
+ (*trivfs_check_access_hook) (cred->po->cntl, cred->user,
+ cred->realnode, &perms);
if ((flags & (O_READ|O_WRITE|O_EXEC) & perms)
!= (flags & (O_READ|O_WRITE|O_EXEC)))
return EACCES;
diff --git a/libtrivfs/file-access.c b/libtrivfs/file-access.c
index 7b9deb80..91b5427a 100644
--- a/libtrivfs/file-access.c
+++ b/libtrivfs/file-access.c
@@ -25,7 +25,12 @@ trivfs_S_file_check_access (struct trivfs_protid *cred,
{
if (! cred)
return EOPNOTSUPP;
+
+ if (! trivfs_check_access_hook)
+ file_check_access (cred->realnode, allowed);
else
- return file_check_access (cred->realnode, allowed);
+ (*trivfs_check_access_hook) (cred->po->cntl, cred->user,
+ cred->realnode, allowed);
+
return 0;
}
diff --git a/libtrivfs/fsys-getroot.c b/libtrivfs/fsys-getroot.c
index 4eadd344..9d173f9a 100644
--- a/libtrivfs/fsys-getroot.c
+++ b/libtrivfs/fsys-getroot.c
@@ -73,17 +73,21 @@ trivfs_S_fsys_getroot (struct trivfs_control *cntl,
if (err)
return err;
- file_check_access (new_realnode, &perms);
- if ((flags & (O_READ|O_WRITE|O_EXEC) & perms)
- != (flags & (O_READ|O_WRITE|O_EXEC)))
- err = EACCES;
-
uvec = make_idvec ();
gvec = make_idvec ();
idvec_set_ids (uvec, uids, nuids);
idvec_set_ids (gvec, gids, ngids);
- user = iohelp_create_iouser (uvec, gvec);
-
+ user = iohelp_create_iouser (uvec, gvec); /* XXX check return value? */
+
+ /* Validate permissions. */
+ if (! trivfs_check_access_hook)
+ file_check_access (new_realnode, &perms);
+ else
+ (*trivfs_check_access_hook) (cntl, user, new_realnode, &perms);
+ if ((flags & (O_READ|O_WRITE|O_EXEC) & perms)
+ != (flags & (O_READ|O_WRITE|O_EXEC)))
+ err = EACCES;
+
if (!err && trivfs_check_open_hook)
err = (*trivfs_check_open_hook) (cntl, user, flags);
if (!err)
diff --git a/libtrivfs/trivfs.h b/libtrivfs/trivfs.h
index 8e62db68..5f91cac3 100644
--- a/libtrivfs/trivfs.h
+++ b/libtrivfs/trivfs.h
@@ -100,6 +100,15 @@ extern int trivfs_cntl_nportclasses;
nothing. */
void trivfs_modify_stat (struct trivfs_protid *cred, struct stat *);
+/* If this variable is set, it is called to find out what access this
+ file permits to USER instead of checking the underlying node.
+ REALNODE is the underlying node, and CNTL is the trivfs control
+ object. The access permissions are returned in ALLOWED. */
+error_t (*trivfs_check_access_hook) (struct trivfs_control *cntl,
+ struct iouser *user,
+ mach_port_t realnode,
+ int *allowed);
+
/* If this variable is set, it is called every time an open happens.
USER and FLAGS are from the open; CNTL identifies the
node being opened. This call need not check permissions on the underlying