diff options
author | Poul-Henning Kamp <phk@FreeBSD.org> | 2000-08-20 08:36:26 +0000 |
---|---|---|
committer | Poul-Henning Kamp <phk@FreeBSD.org> | 2000-08-20 08:36:26 +0000 |
commit | e39c53eda5e3e8f92d5357892ca760d1becbbc01 (patch) | |
tree | 5ada3f2e7b8e39391ffa62c2e389efa54be3678f /sys/kern/vfs_export.c | |
parent | a89321725818aa162b27016957422fc47a17e940 (diff) | |
download | src-e39c53eda5e3e8f92d5357892ca760d1becbbc01.tar.gz src-e39c53eda5e3e8f92d5357892ca760d1becbbc01.zip |
Centralize the canonical vop_access user/group/other check in vaccess().
Discussed with: bde
Notes
Notes:
svn path=/head/; revision=64865
Diffstat (limited to 'sys/kern/vfs_export.c')
-rw-r--r-- | sys/kern/vfs_export.c | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/sys/kern/vfs_export.c b/sys/kern/vfs_export.c index db16d9fe6080..d9c4260f4ae3 100644 --- a/sys/kern/vfs_export.c +++ b/sys/kern/vfs_export.c @@ -2984,3 +2984,57 @@ NDFREE(ndp, flags) ndp->ni_startdir = NULL; } } + +int +vaccess(type, file_mode, uid, gid, acc_mode, cred) + enum vtype type; + mode_t file_mode; + uid_t uid; + gid_t gid; + mode_t acc_mode; + struct ucred *cred; +{ + mode_t mask; + + /* + * At this point, uid == 0 can do anything. + * XXX: should use suser() ? */ + * XXX: Should only check root-ness after other checks fail. + */ + if (cred->cr_uid == 0) + return (0); + + mask = 0; + + /* Otherwise, check the owner. */ + if (cred->cr_uid == uid) { + if (acc_mode & VEXEC) + mask |= S_IXUSR; + if (acc_mode & VREAD) + mask |= S_IRUSR; + if (acc_mode & VWRITE) + mask |= S_IWUSR; + return ((file_mode & mask) == mask ? 0 : EACCES); + } + + /* Otherwise, check for all groups. */ + if (groupmember(gid, cred)) { + if (acc_mode & VEXEC) + mask |= S_IXGRP; + if (acc_mode & VREAD) + mask |= S_IRGRP; + if (acc_mode & VWRITE) + mask |= S_IWGRP; + return ((file_mode & mask) == mask ? 0 : EACCES); + } + + /* Otherwise, check everyone else. */ + if (acc_mode & VEXEC) + mask |= S_IXOTH; + if (acc_mode & VREAD) + mask |= S_IROTH; + if (acc_mode & VWRITE) + mask |= S_IWOTH; + return ((file_mode & mask) == mask ? 0 : EACCES); +} + |