diff options
author | Thomas Bushnell <thomas@gnu.org> | 1999-02-19 07:45:38 +0000 |
---|---|---|
committer | Thomas Bushnell <thomas@gnu.org> | 1999-02-19 07:45:38 +0000 |
commit | b4d4e7e9b8ca92adddbb2c19bb1c3d1beda23441 (patch) | |
tree | d32663d27d6836afbc5ca79fcc852f7cd778b748 | |
parent | b2a6f425757ea52463ec2353712cc79b3446f60c (diff) |
1999-02-06 Mark Kettenis <kettenis@gnu.org>
* trivfs.h (trivfs_check_access_hook): New variable.
* fsys-getroot.c (trivfs_S_fsys_getroot): Use
trivfs_check_acces_hook.
* dir-lookup.c (trivfs_S_dir_lookup): Likewise.
* file-access.c (trivfs_S_file_check_access): Likewise.
-rw-r--r-- | libtrivfs/ChangeLog | 8 | ||||
-rw-r--r-- | libtrivfs/dir-lookup.c | 6 | ||||
-rw-r--r-- | libtrivfs/file-access.c | 7 | ||||
-rw-r--r-- | libtrivfs/fsys-getroot.c | 18 | ||||
-rw-r--r-- | libtrivfs/trivfs.h | 9 |
5 files changed, 39 insertions, 9 deletions
diff --git a/libtrivfs/ChangeLog b/libtrivfs/ChangeLog index 179dd833..e2599b56 100644 --- a/libtrivfs/ChangeLog +++ b/libtrivfs/ChangeLog @@ -1,3 +1,11 @@ +1999-02-06 Mark Kettenis <kettenis@gnu.org> + + * trivfs.h (trivfs_check_access_hook): New variable. + * fsys-getroot.c (trivfs_S_fsys_getroot): Use + trivfs_check_acces_hook. + * dir-lookup.c (trivfs_S_dir_lookup): Likewise. + * file-access.c (trivfs_S_file_check_access): Likewise. + 1999-02-16 Roland McGrath <roland@baalperazim.frob.com> * io-revoke.c: Add reply, reply_type args. diff --git a/libtrivfs/dir-lookup.c b/libtrivfs/dir-lookup.c index 80677711..5a10bf22 100644 --- a/libtrivfs/dir-lookup.c +++ b/libtrivfs/dir-lookup.c @@ -49,7 +49,11 @@ trivfs_S_dir_lookup (struct trivfs_protid *cred, flags &= ~(O_CREAT|O_EXCL|O_NOLINK|O_NOTRANS); /* Validate permissions */ - file_check_access (cred->realnode, &perms); + if (! trivfs_check_access_hook) + file_check_access (cred->realnode, &perms); + else + (*trivfs_check_access_hook) (cred->po->cntl, cred->user, + cred->realnode, &perms); if ((flags & (O_READ|O_WRITE|O_EXEC) & perms) != (flags & (O_READ|O_WRITE|O_EXEC))) return EACCES; diff --git a/libtrivfs/file-access.c b/libtrivfs/file-access.c index 7b9deb80..91b5427a 100644 --- a/libtrivfs/file-access.c +++ b/libtrivfs/file-access.c @@ -25,7 +25,12 @@ trivfs_S_file_check_access (struct trivfs_protid *cred, { if (! cred) return EOPNOTSUPP; + + if (! trivfs_check_access_hook) + file_check_access (cred->realnode, allowed); else - return file_check_access (cred->realnode, allowed); + (*trivfs_check_access_hook) (cred->po->cntl, cred->user, + cred->realnode, allowed); + return 0; } diff --git a/libtrivfs/fsys-getroot.c b/libtrivfs/fsys-getroot.c index 4eadd344..9d173f9a 100644 --- a/libtrivfs/fsys-getroot.c +++ b/libtrivfs/fsys-getroot.c @@ -73,17 +73,21 @@ trivfs_S_fsys_getroot (struct trivfs_control *cntl, if (err) return err; - file_check_access (new_realnode, &perms); - if ((flags & (O_READ|O_WRITE|O_EXEC) & perms) - != (flags & (O_READ|O_WRITE|O_EXEC))) - err = EACCES; - uvec = make_idvec (); gvec = make_idvec (); idvec_set_ids (uvec, uids, nuids); idvec_set_ids (gvec, gids, ngids); - user = iohelp_create_iouser (uvec, gvec); - + user = iohelp_create_iouser (uvec, gvec); /* XXX check return value? */ + + /* Validate permissions. */ + if (! trivfs_check_access_hook) + file_check_access (new_realnode, &perms); + else + (*trivfs_check_access_hook) (cntl, user, new_realnode, &perms); + if ((flags & (O_READ|O_WRITE|O_EXEC) & perms) + != (flags & (O_READ|O_WRITE|O_EXEC))) + err = EACCES; + if (!err && trivfs_check_open_hook) err = (*trivfs_check_open_hook) (cntl, user, flags); if (!err) diff --git a/libtrivfs/trivfs.h b/libtrivfs/trivfs.h index 8e62db68..5f91cac3 100644 --- a/libtrivfs/trivfs.h +++ b/libtrivfs/trivfs.h @@ -100,6 +100,15 @@ extern int trivfs_cntl_nportclasses; nothing. */ void trivfs_modify_stat (struct trivfs_protid *cred, struct stat *); +/* If this variable is set, it is called to find out what access this + file permits to USER instead of checking the underlying node. + REALNODE is the underlying node, and CNTL is the trivfs control + object. The access permissions are returned in ALLOWED. */ +error_t (*trivfs_check_access_hook) (struct trivfs_control *cntl, + struct iouser *user, + mach_port_t realnode, + int *allowed); + /* If this variable is set, it is called every time an open happens. USER and FLAGS are from the open; CNTL identifies the node being opened. This call need not check permissions on the underlying |