diff options
55 files changed, 273 insertions, 248 deletions
diff --git a/share/man/man9/VOP_ACCESS.9 b/share/man/man9/VOP_ACCESS.9 index 55a9302d5fea..73eb2b5a06e6 100644 --- a/share/man/man9/VOP_ACCESS.9 +++ b/share/man/man9/VOP_ACCESS.9 @@ -39,16 +39,16 @@ .In sys/param.h .In sys/vnode.h .Ft int -.Fn VOP_ACCESS "struct vnode *vp" "int mode" "struct ucred *cred" "struct thread *td" +.Fn VOP_ACCESS "struct vnode *vp" "accmode_t accmode" "struct ucred *cred" "struct thread *td" .Sh DESCRIPTION This entry point checks the access permissions of the file against the given credentials. .Pp Its arguments are: -.Bl -tag -width mode +.Bl -tag -width accmode .It Fa vp The vnode of the file to check. -.It Fa mode +.It Fa accmode The type of access required. .It Fa cred The user credentials to check. @@ -57,8 +57,8 @@ The thread which is checking. .El .Pp The -.Fa mode -is a mask which can contain +.Fa accmode +is a mask which can contain flags described in <sys/vnode.h>, e.g. .Dv VREAD , .Dv VWRITE or @@ -71,7 +71,7 @@ otherwise an appropriate error code is returned. .Sh PSEUDOCODE .Bd -literal int -vop_access(struct vnode *vp, int mode, struct ucred *cred, struct thread *td) +vop_access(struct vnode *vp, accmode_t accmode, struct ucred *cred, struct thread *td) { int error; @@ -80,7 +80,7 @@ vop_access(struct vnode *vp, int mode, struct ucred *cred, struct thread *td) * unless the file is a socket, fifo, or a block or * character device resident on the filesystem. */ - if (mode & VWRITE) { + if (accmode & VWRITE) { switch (vp->v_type) { case VDIR: case VLNK: @@ -93,7 +93,7 @@ vop_access(struct vnode *vp, int mode, struct ucred *cred, struct thread *td) } /* If immutable bit set, nobody gets to write it. */ - if ((mode & VWRITE) && vp has immutable bit set) + if ((accmode & VWRITE) && vp has immutable bit set) return EPERM; /* Otherwise, user id 0 always gets access. */ @@ -104,11 +104,11 @@ vop_access(struct vnode *vp, int mode, struct ucred *cred, struct thread *td) /* Otherwise, check the owner. */ if (cred->cr_uid == owner of vp) { - if (mode & VEXEC) + if (accmode & VEXEC) mask |= S_IXUSR; - if (mode & VREAD) + if (accmode & VREAD) mask |= S_IRUSR; - if (mode & VWRITE) + if (accmode & VWRITE) mask |= S_IWUSR; return (((mode of vp) & mask) == mask ? 0 : EACCES); } @@ -116,21 +116,21 @@ vop_access(struct vnode *vp, int mode, struct ucred *cred, struct thread *td) /* Otherwise, check the groups. */ for (i = 0, gp = cred->cr_groups; i < cred->cr_ngroups; i++, gp++) if (group of vp == *gp) { - if (mode & VEXEC) + if (accmode & VEXEC) mask |= S_IXGRP; - if (mode & VREAD) + if (accmode & VREAD) mask |= S_IRGRP; - if (mode & VWRITE) + if (accmode & VWRITE) mask |= S_IWGRP; return (((mode of vp) & mask) == mask ? 0 : EACCES); } /* Otherwise, check everyone else. */ - if (mode & VEXEC) + if (accmode & VEXEC) mask |= S_IXOTH; - if (mode & VREAD) + if (accmode & VREAD) mask |= S_IROTH; - if (mode & VWRITE) + if (accmode & VWRITE) mask |= S_IWOTH; return (((mode of vp) & mask) == mask ? 0 : EACCES); } diff --git a/share/man/man9/vaccess.9 b/share/man/man9/vaccess.9 index f5d6664c643a..5315d982f6ea 100644 --- a/share/man/man9/vaccess.9 +++ b/share/man/man9/vaccess.9 @@ -40,7 +40,7 @@ .Fa "mode_t file_mode" .Fa "uid_t file_uid" .Fa "gid_t file_gid" -.Fa "mode_t acc_mode" +.Fa "accmode_t accmode" .Fa "struct ucred *cred" .Fa "int *privused" .Fc @@ -59,7 +59,7 @@ owning UID owning GID .Fa file_gid , desired access mode -.Fa acc_mode , +.Fa accmode , requesting credential .Fa cred , and an optional call-by-reference diff --git a/share/man/man9/vaccess_acl_posix1e.9 b/share/man/man9/vaccess_acl_posix1e.9 index 24193d4c8fab..06105113260f 100644 --- a/share/man/man9/vaccess_acl_posix1e.9 +++ b/share/man/man9/vaccess_acl_posix1e.9 @@ -41,7 +41,7 @@ .Fa "uid_t file_uid" .Fa "gid_t file_gid" .Fa "struct acl *acl" -.Fa "mode_t acc_mode" +.Fa "accmode_t accmode" .Fa "struct ucred *cred" .Fa "int *privused" .Fc @@ -59,7 +59,7 @@ owning GID access ACL for the file .Fa acl , desired access mode -.Fa acc_mode , +.Fa accmode , requesting credential .Fa cred , and an optional call-by-reference diff --git a/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c b/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c index a09c9ec1130a..272fe59e21a7 100644 --- a/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c +++ b/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c @@ -91,17 +91,17 @@ secpolicy_vnode_remove(struct ucred *cred) int secpolicy_vnode_access(struct ucred *cred, struct vnode *vp, uint64_t owner, - int mode) + accmode_t accmode) { - if ((mode & VREAD) && priv_check_cred(cred, PRIV_VFS_READ, 0) != 0) { + if ((accmode & VREAD) && priv_check_cred(cred, PRIV_VFS_READ, 0) != 0) { return (EACCES); } - if ((mode & VWRITE) && + if ((accmode & VWRITE) && priv_check_cred(cred, PRIV_VFS_WRITE, 0) != 0) { return (EACCES); } - if (mode & VEXEC) { + if (accmode & VEXEC) { if (vp->v_type == VDIR) { if (priv_check_cred(cred, PRIV_VFS_LOOKUP, 0) != 0) { return (EACCES); diff --git a/sys/cddl/compat/opensolaris/sys/policy.h b/sys/cddl/compat/opensolaris/sys/policy.h index 50d3fd89d501..2c764ef29c10 100644 --- a/sys/cddl/compat/opensolaris/sys/policy.h +++ b/sys/cddl/compat/opensolaris/sys/policy.h @@ -46,7 +46,7 @@ int secpolicy_basic_link(struct ucred *cred); int secpolicy_vnode_stky_modify(struct ucred *cred); int secpolicy_vnode_remove(struct ucred *cred); int secpolicy_vnode_access(struct ucred *cred, struct vnode *vp, - uint64_t owner, int mode); + uint64_t owner, accmode_t accmode); int secpolicy_vnode_setdac(struct ucred *cred, uid_t owner); int secpolicy_vnode_setattr(struct ucred *cred, struct vnode *vp, struct vattr *vap, const struct vattr *ovap, int flags, diff --git a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c index dccdd70fd50c..286fe97e1142 100644 --- a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c +++ b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c @@ -237,14 +237,14 @@ static int zfsctl_common_access(ap) struct vop_access_args /* { struct vnode *a_vp; - int a_mode; + accmode_t a_accmode; struct ucred *a_cred; struct thread *a_td; } */ *ap; { - int mode = ap->a_mode; + accmode_t accmode = ap->a_accmode; - if (mode & VWRITE) + if (accmode & VWRITE) return (EACCES); return (0); diff --git a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c index 7fd9a817f5eb..49ea690a977a 100644 --- a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c +++ b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c @@ -3194,13 +3194,13 @@ static int zfs_freebsd_access(ap) struct vop_access_args /* { struct vnode *a_vp; - int a_mode; + accmode_t a_accmode; struct ucred *a_cred; struct thread *a_td; } */ *ap; { - return (zfs_access(ap->a_vp, ap->a_mode, 0, ap->a_cred)); + return (zfs_access(ap->a_vp, ap->a_accmode, 0, ap->a_cred)); } static int diff --git a/sys/compat/linux/linux_getcwd.c b/sys/compat/linux/linux_getcwd.c index 23e373726c68..2ab69c58629d 100644 --- a/sys/compat/linux/linux_getcwd.c +++ b/sys/compat/linux/linux_getcwd.c @@ -307,7 +307,7 @@ linux_getcwd_common (lvp, rvp, bpp, bufp, limit, flags, td) struct vnode *uvp = NULL; char *bp = NULL; int error; - int perms = VEXEC; + accmode_t accmode = VEXEC; if (rvp == NULL) { rvp = fdp->fd_rdir; @@ -352,10 +352,10 @@ linux_getcwd_common (lvp, rvp, bpp, bufp, limit, flags, td) * whether or not caller cares. */ if (flags & GETCWD_CHECK_ACCESS) { - error = VOP_ACCESS(lvp, perms, td->td_ucred, td); + error = VOP_ACCESS(lvp, accmode, td->td_ucred, td); if (error) goto out; - perms = VEXEC|VREAD; + accmode = VEXEC|VREAD; } /* diff --git a/sys/fs/cd9660/cd9660_vfsops.c b/sys/fs/cd9660/cd9660_vfsops.c index 7a8953d93701..919ecf721a8a 100644 --- a/sys/fs/cd9660/cd9660_vfsops.c +++ b/sys/fs/cd9660/cd9660_vfsops.c @@ -128,7 +128,7 @@ cd9660_mount(struct mount *mp, struct thread *td) struct vnode *devvp; char *fspec; int error; - mode_t accessmode; + accmode_t accmode; struct nameidata ndp; struct iso_mnt *imp = 0; @@ -168,9 +168,9 @@ cd9660_mount(struct mount *mp, struct thread *td) * Verify that user has necessary permissions on the device, * or has superuser abilities */ - accessmode = VREAD; + accmode = VREAD; vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY); - error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td); + error = VOP_ACCESS(devvp, accmode, td->td_ucred, td); if (error) error = priv_check(td, PRIV_VFS_MOUNT_PERM); if (error) { diff --git a/sys/fs/cd9660/cd9660_vnops.c b/sys/fs/cd9660/cd9660_vnops.c index 76fb233cf917..9e99a5be6c99 100644 --- a/sys/fs/cd9660/cd9660_vnops.c +++ b/sys/fs/cd9660/cd9660_vnops.c @@ -125,14 +125,14 @@ static int cd9660_access(ap) struct vop_access_args /* { struct vnode *a_vp; - int a_mode; + accmode_t a_accmode; struct ucred *a_cred; struct thread *a_td; } */ *ap; { struct vnode *vp = ap->a_vp; struct iso_node *ip = VTOI(vp); - mode_t mode = ap->a_mode; + accmode_t accmode = ap->a_accmode; if (vp->v_type == VCHR || vp->v_type == VBLK) return (EOPNOTSUPP); @@ -142,7 +142,7 @@ cd9660_access(ap) * fifo, or a block or character device resident on the * filesystem. */ - if (mode & VWRITE) { + if (accmode & VWRITE) { switch (vp->v_type) { case VDIR: case VLNK: @@ -155,7 +155,7 @@ cd9660_access(ap) } return (vaccess(vp->v_type, ip->inode.iso_mode, ip->inode.iso_uid, - ip->inode.iso_gid, ap->a_mode, ap->a_cred, NULL)); + ip->inode.iso_gid, ap->a_accmode, ap->a_cred, NULL)); } static int diff --git a/sys/fs/coda/coda_vnops.c b/sys/fs/coda/coda_vnops.c index f6165a9b0863..a913bd649530 100644 --- a/sys/fs/coda/coda_vnops.c +++ b/sys/fs/coda/coda_vnops.c @@ -607,7 +607,7 @@ coda_access(struct vop_access_args *ap) /* true args */ struct vnode *vp = ap->a_vp; struct cnode *cp = VTOC(vp); - int mode = ap->a_mode; + accmode_t accmode = ap->a_accmode; struct ucred *cred = ap->a_cred; struct thread *td = ap->a_td; /* locals */ @@ -624,7 +624,7 @@ coda_access(struct vop_access_args *ap) * Bogus hack - all will be marked as successes. */ MARK_INT_SAT(CODA_ACCESS_STATS); - return (((mode & VREAD) && !(mode & (VWRITE | VEXEC))) + return (((accmode & VREAD) && !(accmode & (VWRITE | VEXEC))) ? 0 : EACCES); } @@ -636,11 +636,11 @@ coda_access(struct vop_access_args *ap) */ if (coda_access_cache && VALID_ACCCACHE(cp) && (cred->cr_uid == cp->c_cached_uid) && - (mode & cp->c_cached_mode) == mode) { + (accmode & cp->c_cached_mode) == accmode) { MARK_INT_SAT(CODA_ACCESS_STATS); return (0); } - error = venus_access(vtomi(vp), &cp->c_fid, mode, cred, td->td_proc); + error = venus_access(vtomi(vp), &cp->c_fid, accmode, cred, td->td_proc); if (error == 0 && coda_access_cache) { /*- * When we have a new successful request, we consider three @@ -658,10 +658,10 @@ coda_access(struct vop_access_args *ap) */ cp->c_flags |= C_ACCCACHE; if (cp->c_cached_uid != cred->cr_uid) { - cp->c_cached_mode = mode; + cp->c_cached_mode = accmode; cp->c_cached_uid = cred->cr_uid; } else - cp->c_cached_mode |= mode; + cp->c_cached_mode |= accmode; } return (error); } diff --git a/sys/fs/devfs/devfs_vnops.c b/sys/fs/devfs/devfs_vnops.c index 54afebe91ee1..ad27a05631a5 100644 --- a/sys/fs/devfs/devfs_vnops.c +++ b/sys/fs/devfs/devfs_vnops.c @@ -372,7 +372,7 @@ devfs_access(struct vop_access_args *ap) de = de->de_dir; error = vaccess(vp->v_type, de->de_mode, de->de_uid, de->de_gid, - ap->a_mode, ap->a_cred, NULL); + ap->a_accmode, ap->a_cred, NULL); if (!error) return (error); if (error != EACCES) diff --git a/sys/fs/hpfs/hpfs_vnops.c b/sys/fs/hpfs/hpfs_vnops.c index af7cd52c4d77..c5a2a06cf3e4 100644 --- a/sys/fs/hpfs/hpfs_vnops.c +++ b/sys/fs/hpfs/hpfs_vnops.c @@ -683,14 +683,14 @@ int hpfs_access(ap) struct vop_access_args /* { struct vnode *a_vp; - int a_mode; + accmode_t a_accmode; struct ucred *a_cred; struct thread *a_td; } */ *ap; { struct vnode *vp = ap->a_vp; struct hpfsnode *hp = VTOHP(vp); - mode_t mode = ap->a_mode; + accmode_t accmode = ap->a_accmode; dprintf(("hpfs_access(0x%x):\n", hp->h_no)); @@ -699,7 +699,7 @@ hpfs_access(ap) * unless the file is a socket, fifo, or a block or * character device resident on the filesystem. */ - if (mode & VWRITE) { + if (accmode & VWRITE) { switch ((int)vp->v_type) { case VDIR: case VLNK: @@ -711,7 +711,7 @@ hpfs_access(ap) } return (vaccess(vp->v_type, hp->h_mode, hp->h_uid, hp->h_gid, - ap->a_mode, ap->a_cred, NULL)); + ap->a_accmode, ap->a_cred, NULL)); } /* diff --git a/sys/fs/msdosfs/msdosfs_vfsops.c b/sys/fs/msdosfs/msdosfs_vfsops.c index 8991e188c021..c6b5fb551cae 100644 --- a/sys/fs/msdosfs/msdosfs_vfsops.c +++ b/sys/fs/msdosfs/msdosfs_vfsops.c @@ -240,7 +240,7 @@ msdosfs_mount(struct mount *mp, struct thread *td) struct msdosfsmount *pmp = NULL; struct nameidata ndp; int error, flags; - mode_t accessmode; + accmode_t accmode; char *from; if (vfs_filteropt(mp->mnt_optnew, msdosfs_opts)) @@ -363,10 +363,10 @@ msdosfs_mount(struct mount *mp, struct thread *td) * If mount by non-root, then verify that user has necessary * permissions on the device. */ - accessmode = VREAD; + accmode = VREAD; if ((mp->mnt_flag & MNT_RDONLY) == 0) - accessmode |= VWRITE; - error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td); + accmode |= VWRITE; + error = VOP_ACCESS(devvp, accmode, td->td_ucred, td); if (error) error = priv_check(td, PRIV_VFS_MOUNT_PERM); if (error) { diff --git a/sys/fs/msdosfs/msdosfs_vnops.c b/sys/fs/msdosfs/msdosfs_vnops.c index 877e4920905f..ccbd0b12b6ac 100644 --- a/sys/fs/msdosfs/msdosfs_vnops.c +++ b/sys/fs/msdosfs/msdosfs_vnops.c @@ -249,7 +249,7 @@ static int msdosfs_access(ap) struct vop_access_args /* { struct vnode *a_vp; - int a_mode; + accmode_t a_accmode; struct ucred *a_cred; struct thread *a_td; } */ *ap; @@ -257,7 +257,8 @@ msdosfs_access(ap) struct vnode *vp = ap->a_vp; struct denode *dep = VTODE(ap->a_vp); struct msdosfsmount *pmp = dep->de_pmp; - mode_t file_mode, mode = ap->a_mode; + mode_t file_mode; + accmode_t accmode = ap->a_accmode; file_mode = (S_IXUSR|S_IXGRP|S_IXOTH) | (S_IRUSR|S_IRGRP|S_IROTH) | ((dep->de_Attributes & ATTR_READONLY) ? 0 : (S_IWUSR|S_IWGRP|S_IWOTH)); @@ -267,7 +268,7 @@ msdosfs_access(ap) * Disallow writing to directories and regular files if the * filesystem is read-only. */ - if (mode & VWRITE) { + if (accmode & VWRITE) { switch (vp->v_type) { case VDIR: case VREG: @@ -280,7 +281,7 @@ msdosfs_access(ap) } return (vaccess(vp->v_type, file_mode, pmp->pm_uid, pmp->pm_gid, - ap->a_mode, ap->a_cred, NULL)); + ap->a_accmode, ap->a_cred, NULL)); } static int diff --git a/sys/fs/ntfs/ntfs_vnops.c b/sys/fs/ntfs/ntfs_vnops.c index 991504ccb9d7..799c96a7f039 100644 --- a/sys/fs/ntfs/ntfs_vnops.c +++ b/sys/fs/ntfs/ntfs_vnops.c @@ -386,14 +386,14 @@ int ntfs_access(ap) struct vop_access_args /* { struct vnode *a_vp; - int a_mode; + accmode_t a_accmode; struct ucred *a_cred; struct thread *a_td; } */ *ap; { struct vnode *vp = ap->a_vp; struct ntnode *ip = VTONT(vp); - mode_t mode = ap->a_mode; + accmode_t accmode = ap->a_accmode; #ifdef QUOTA int error; #endif @@ -405,7 +405,7 @@ ntfs_access(ap) * unless the file is a socket, fifo, or a block or * character device resident on the filesystem. */ - if (mode & VWRITE) { + if (accmode & VWRITE) { switch ((int)vp->v_type) { case VDIR: case VLNK: @@ -421,7 +421,7 @@ ntfs_access(ap) } return (vaccess(vp->v_type, ip->i_mp->ntm_mode, ip->i_mp->ntm_uid, - ip->i_mp->ntm_gid, ap->a_mode, ap->a_cred, NULL)); + ip->i_mp->ntm_gid, ap->a_accmode, ap->a_cred, NULL)); } /* diff --git a/sys/fs/nullfs/null_vnops.c b/sys/fs/nullfs/null_vnops.c index 9b1edd953aee..483c702d558e 100644 --- a/sys/fs/nullfs/null_vnops.c +++ b/sys/fs/nullfs/null_vnops.c @@ -451,14 +451,14 @@ static int null_access(struct vop_access_args *ap) { struct vnode *vp = ap->a_vp; - mode_t mode = ap->a_mode; + accmode_t accmode = ap->a_accmode; /* * Disallow write attempts on read-only layers; * unless the file is a socket, fifo, or a block or * character device resident on the filesystem. */ - if (mode & VWRITE) { + if (accmode & VWRITE) { switch (vp->v_type) { case VDIR: case VLNK: diff --git a/sys/fs/nwfs/nwfs_vnops.c b/sys/fs/nwfs/nwfs_vnops.c index a4ac8713bc55..9dcd9aa1e042 100644 --- a/sys/fs/nwfs/nwfs_vnops.c +++ b/sys/fs/nwfs/nwfs_vnops.c @@ -121,7 +121,7 @@ static int nwfs_access(ap) struct vop_access_args /* { struct vnode *a_vp; - int a_mode; + accmode_t a_accmode; struct ucred *a_cred; struct thread *td; } */ *ap; @@ -131,7 +131,7 @@ nwfs_access(ap) struct nwmount *nmp = VTONWFS(vp); NCPVNDEBUG("\n"); - if ((ap->a_mode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) { + if ((ap->a_accmode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) { switch (vp->v_type) { case VREG: case VDIR: case VLNK: return (EROFS); @@ -142,7 +142,7 @@ nwfs_access(ap) mpmode = vp->v_type == VREG ? nmp->m.file_mode : nmp->m.dir_mode; return (vaccess(vp->v_type, mpmode, nmp->m.uid, - nmp->m.gid, ap->a_mode, ap->a_cred, NULL)); + nmp->m.gid, ap->a_accmode, ap->a_cred, NULL)); } /* * nwfs_open vnode op diff --git a/sys/fs/pseudofs/pseudofs_vnops.c b/sys/fs/pseudofs/pseudofs_vnops.c index 4cbbc225d609..ef91bfd83713 100644 --- a/sys/fs/pseudofs/pseudofs_vnops.c +++ b/sys/fs/pseudofs/pseudofs_vnops.c @@ -132,7 +132,7 @@ pfs_access(struct vop_access_args *va) if (error) PFS_RETURN (error); error = vaccess(vn->v_type, vattr.va_mode, vattr.va_uid, - vattr.va_gid, va->a_mode, va->a_cred, NULL); + vattr.va_gid, va->a_accmode, va->a_cred, NULL); PFS_RETURN (error); } diff --git a/sys/fs/smbfs/smbfs_vnops.c b/sys/fs/smbfs/smbfs_vnops.c index 4504eb7951a1..e34ebe2dbffa 100644 --- a/sys/fs/smbfs/smbfs_vnops.c +++ b/sys/fs/smbfs/smbfs_vnops.c @@ -123,18 +123,18 @@ static int smbfs_access(ap) struct vop_access_args /* { struct vnode *a_vp; - int a_mode; + accmode_t a_accmode; struct ucred *a_cred; struct thread *a_td; } */ *ap; { struct vnode *vp = ap->a_vp; - mode_t mode = ap->a_mode; + accmode_t accmode = ap->a_accmode; mode_t mpmode; struct smbmount *smp = VTOSMBFS(vp); SMBVDEBUG("\n"); - if ((mode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) { + if ((accmode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) { switch (vp->v_type) { case VREG: case VDIR: case VLNK: return EROFS; @@ -144,7 +144,7 @@ smbfs_access(ap) } mpmode = vp->v_type == VREG ? smp->sm_file_mode : smp->sm_dir_mode; return (vaccess(vp->v_type, mpmode, smp->sm_uid, - smp->sm_gid, ap->a_mode, ap->a_cred, NULL)); + smp->sm_gid, ap->a_accmode, ap->a_cred, NULL)); } /* ARGSUSED */ diff --git a/sys/fs/tmpfs/tmpfs_vnops.c b/sys/fs/tmpfs/tmpfs_vnops.c index 54795c1b033b..8f76bdf3c5cb 100644 --- a/sys/fs/tmpfs/tmpfs_vnops.c +++ b/sys/fs/tmpfs/tmpfs_vnops.c @@ -282,7 +282,7 @@ int tmpfs_access(struct vop_access_args *v) { struct vnode *vp = v->a_vp; - int mode = v->a_mode; + accmode_t accmode = v->a_accmode; struct ucred *cred = v->a_cred; int error; @@ -298,7 +298,7 @@ tmpfs_access(struct vop_access_args *v) case VLNK: /* FALLTHROUGH */ case VREG: - if (mode & VWRITE && vp->v_mount->mnt_flag & MNT_RDONLY) { + if (accmode & VWRITE && vp->v_mount->mnt_flag & MNT_RDONLY) { error = EROFS; goto out; } @@ -318,13 +318,13 @@ tmpfs_access(struct vop_access_args *v) goto out; } - if (mode & VWRITE && node->tn_flags & IMMUTABLE) { + if (accmode & VWRITE && node->tn_flags & IMMUTABLE) { error = EPERM; goto out; } error = vaccess(vp->v_type, node->tn_mode, node->tn_uid, - node->tn_gid, mode, cred, NULL); + node->tn_gid, accmode, cred, NULL); out: MPASS(VOP_ISLOCKED(vp)); diff --git a/sys/fs/udf/udf_vnops.c b/sys/fs/udf/udf_vnops.c index d468890e7a11..77b11fec9197 100644 --- a/sys/fs/udf/udf_vnops.c +++ b/sys/fs/udf/udf_vnops.c @@ -139,13 +139,14 @@ udf_access(struct vop_access_args *a) { struct vnode *vp; struct udf_node *node; - mode_t a_mode, mode; + accmode_t accmode; + mode_t mode; vp = a->a_vp; node = VTON(vp); - a_mode = a->a_mode; + accmode = a->a_accmode; - if (a_mode & VWRITE) { + if (accmode & VWRITE) { switch (vp->v_type) { case VDIR: case VLNK: @@ -160,7 +161,7 @@ udf_access(struct vop_access_args *a) mode = udf_permtomode(node); return (vaccess(vp->v_type, mode, node->fentry->uid, node->fentry->gid, - a_mode, a->a_cred, NULL)); + accmode, a->a_cred, NULL)); } static int diff --git a/sys/fs/unionfs/union_vnops.c b/sys/fs/unionfs/union_vnops.c index e06735faced3..e900e7bf8b96 100644 --- a/sys/fs/unionfs/union_vnops.c +++ b/sys/fs/unionfs/union_vnops.c @@ -583,7 +583,7 @@ unionfs_close_abort: * Check the access mode toward shadow file/dir. */ static int -unionfs_check_corrected_access(u_short mode, +unionfs_check_corrected_access(accmode_t accmode, struct vattr *va, struct ucred *cred) { @@ -601,11 +601,11 @@ unionfs_check_corrected_access(u_short mode, /* check owner */ if (cred->cr_uid == uid) { - if (mode & VEXEC) + if (accmode & VEXEC) mask |= S_IXUSR; - if (mode & VREAD) + if (accmode & VREAD) mask |= S_IRUSR; - if (mode & VWRITE) + if (accmode & VWRITE) mask |= S_IWUSR; return ((vmode & mask) == mask ? 0 : EACCES); } @@ -615,22 +615,22 @@ unionfs_check_corrected_access(u_short mode, gp = cred->cr_groups; for (; count < cred->cr_ngroups; count++, gp++) { if (gid == *gp) { - if (mode & VEXEC) + if (accmode & VEXEC) mask |= S_IXGRP; - if (mode & VREAD) + if (accmode & VREAD) mask |= S_IRGRP; - if (mode & VWRITE) + if (accmode & VWRITE) mask |= S_IWGRP; return ((vmode & mask) == mask ? 0 : EACCES); } } /* check other */ - if (mode & VEXEC) + if (accmode & VEXEC) mask |= S_IXOTH; - if (mode & VREAD) + if (accmode & VREAD) mask |= S_IROTH; - if (mode & VWRITE) + if (accmode & VWRITE) mask |= S_IWOTH; return ((vmode & mask) == mask ? 0 : EACCES); @@ -645,7 +645,7 @@ unionfs_access(struct vop_access_args *ap) struct vnode *lvp; struct thread *td; struct vattr va; - int mode; + accmode_t accmode; int error; UNIONFS_INTERNAL_DEBUG("unionfs_access: enter\n"); @@ -655,10 +655,10 @@ unionfs_access(struct vop_access_args *ap) uvp = unp->un_uppervp; lvp = unp->un_lowervp; td = ap->a_td; - mode = ap->a_mode; + accmode = ap->a_accmode; error = EACCES; - if ((mode & VWRITE) && + if ((accmode & VWRITE) && (ap->a_vp->v_mount->mnt_flag & MNT_RDONLY)) { switch (ap->a_vp->v_type) { case VREG: @@ -671,7 +671,7 @@ unionfs_access(struct vop_access_args *ap) } if (uvp != NULLVP) { - error = VOP_ACCESS(uvp, mode, ap->a_cred, td); + error = VOP_ACCESS(uvp, accmode, ap->a_cred, td); UNIONFS_INTERNAL_DEBUG("unionfs_access: leave (%d)\n", error); @@ -679,7 +679,7 @@ unionfs_access(struct vop_access_args *ap) } if (lvp != NULLVP) { - if (mode & VWRITE) { + if (accmode & VWRITE) { if (ump->um_uppervp->v_mount->mnt_flag & MNT_RDONLY) { switch (ap->a_vp->v_type) { case VREG: @@ -698,15 +698,15 @@ unionfs_access(struct vop_access_args *ap) return (error); error = unionfs_check_corrected_access( - mode, &va, ap->a_cred); + accmode, &va, ap->a_cred); if (error != 0) return (error); } } - mode &= ~VWRITE; - mode |= VREAD; /* will copy to upper */ + accmode &= ~VWRITE; + accmode |= VREAD; /* will copy to upper */ } - error = VOP_ACCESS(lvp, mode, ap->a_cred, td); + error = VOP_ACCESS(lvp, accmode, ap->a_cred, td); } UNIONFS_INTERNAL_DEBUG("unionfs_access: leave (%d)\n", error); diff --git a/sys/gnu/fs/ext2fs/ext2_vfsops.c b/sys/gnu/fs/ext2fs/ext2_vfsops.c index 5e3c56c84cc7..0968e48bf3c0 100644 --- a/sys/gnu/fs/ext2fs/ext2_vfsops.c +++ b/sys/gnu/fs/ext2fs/ext2_vfsops.c @@ -137,7 +137,7 @@ ext2_mount(mp, td) struct ext2_sb_info *fs; char *path, *fspec; int error, flags, len; - mode_t accessmode; + accmode_t accmode; struct nameidata nd, *ndp = &nd; opts = mp->mnt_optnew; @@ -265,10 +265,10 @@ ext2_mount(mp, td) * * XXXRW: VOP_ACCESS() enough? */ - accessmode = VREAD; + accmode = VREAD; if ((mp->mnt_flag & MNT_RDONLY) == 0) - accessmode |= VWRITE; - error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td); + accmode |= VWRITE; + error = VOP_ACCESS(devvp, accmode, td->td_ucred, td); if (error) error = priv_check(td, PRIV_VFS_MOUNT_PERM); if (error) { diff --git a/sys/gnu/fs/ext2fs/ext2_vnops.c b/sys/gnu/fs/ext2fs/ext2_vnops.c index 6296c0e15781..f81d5097df1f 100644 --- a/sys/gnu/fs/ext2fs/ext2_vnops.c +++ b/sys/gnu/fs/ext2fs/ext2_vnops.c @@ -283,14 +283,14 @@ static int ext2_access(ap) struct vop_access_args /* { struct vnode *a_vp; - int a_mode; + accmode_t a_accmode; struct ucred *a_cred; struct thread *a_td; } */ *ap; { struct vnode *vp = ap->a_vp; struct inode *ip = VTOI(vp); - mode_t mode = ap->a_mode; + accmode_t accmode = ap->a_accmode; int error; if (vp->v_type == VBLK || vp->v_type == VCHR) @@ -301,7 +301,7 @@ ext2_access(ap) * unless the file is a socket, fifo, or a block or * character device resident on the file system. */ - if (mode & VWRITE) { + if (accmode & VWRITE) { switch (vp->v_type) { case VDIR: case VLNK: @@ -315,11 +315,11 @@ ext2_access(ap) } /* If immutable bit set, nobody gets to write it. */ - if ((mode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) + if ((accmode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) return (EPERM); error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, - ap->a_mode, ap->a_cred, NULL); + ap->a_accmode, ap->a_cred, NULL); return (error); } diff --git a/sys/gnu/fs/reiserfs/reiserfs_vfsops.c b/sys/gnu/fs/reiserfs/reiserfs_vfsops.c index 7ffac9632b46..6704b07b1b4f 100644 --- a/sys/gnu/fs/reiserfs/reiserfs_vfsops.c +++ b/sys/gnu/fs/reiserfs/reiserfs_vfsops.c @@ -74,7 +74,7 @@ reiserfs_mount(struct mount *mp, struct thread *td) { size_t size; int error, len; - mode_t accessmode; + accmode_t accmode; char *path, *fspec; struct vnode *devvp; struct vfsoptlist *opts; @@ -124,10 +124,10 @@ reiserfs_mount(struct mount *mp, struct thread *td) /* If mount by non-root, then verify that user has necessary * permissions on the device. */ - accessmode = VREAD; + accmode = VREAD; if ((mp->mnt_flag & MNT_RDONLY) == 0) - accessmode |= VWRITE; - error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td); + accmode |= VWRITE; + error = VOP_ACCESS(devvp, accmode, td->td_ucred, td); if (error) error = priv_check(td, PRIV_VFS_MOUNT_PERM); if (error) { diff --git a/sys/gnu/fs/reiserfs/reiserfs_vnops.c b/sys/gnu/fs/reiserfs/reiserfs_vnops.c index 14242464df9e..e6323ead671e 100644 --- a/sys/gnu/fs/reiserfs/reiserfs_vnops.c +++ b/sys/gnu/fs/reiserfs/reiserfs_vnops.c @@ -57,14 +57,14 @@ reiserfs_access(struct vop_access_args *ap) int error; struct vnode *vp = ap->a_vp; struct reiserfs_node *ip = VTOI(vp); - mode_t mode = ap->a_mode; + accmode_t accmode = ap->a_accmode; /* * Disallow write attempts on read-only file systems; unless the file * is a socket, fifo, or a block or character device resident on the * file system. */ - if (mode & VWRITE) { + if (accmode & VWRITE) { switch (vp->v_type) { case VDIR: case VLNK: @@ -81,13 +81,13 @@ reiserfs_access(struct vop_access_args *ap) } /* If immutable bit set, nobody gets to write it. */ - if ((mode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) { + if ((accmode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) { reiserfs_log(LOG_DEBUG, "no write access (immutable)\n"); return (EPERM); } error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, - ap->a_mode, ap->a_cred, NULL); + ap->a_accmode, ap->a_cred, NULL); return (error); } diff --git a/sys/gnu/fs/xfs/FreeBSD/xfs_super.c b/sys/gnu/fs/xfs/FreeBSD/xfs_super.c index 2d92d003badb..899a41c0c6f1 100644 --- a/sys/gnu/fs/xfs/FreeBSD/xfs_super.c +++ b/sys/gnu/fs/xfs/FreeBSD/xfs_super.c @@ -133,7 +133,7 @@ xfs_blkdev_get( struct vnode *devvp; struct g_consumer *cp; struct g_provider *pp; - mode_t accessmode; + accmode_t accmode; td = curthread; @@ -151,10 +151,10 @@ xfs_blkdev_get( vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY); ronly = ((XFS_MTOVFS(mp)->vfs_flag & VFS_RDONLY) != 0); - accessmode = VREAD; + accmode = VREAD; if (!ronly) - accessmode |= VWRITE; - error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td); + accmode |= VWRITE; + error = VOP_ACCESS(devvp, accmode, td->td_ucred, td); if (error) error = priv_check(td, PRIV_VFS_MOUNT_PERM); if (error) { diff --git a/sys/gnu/fs/xfs/FreeBSD/xfs_vnops.c b/sys/gnu/fs/xfs/FreeBSD/xfs_vnops.c index 8296552f3e85..d0efcf29995b 100644 --- a/sys/gnu/fs/xfs/FreeBSD/xfs_vnops.c +++ b/sys/gnu/fs/xfs/FreeBSD/xfs_vnops.c @@ -180,14 +180,14 @@ static int _xfs_access( struct vop_access_args /* { struct vnode *a_vp; - int a_mode; + accmode_t a_accmode; struct ucred *a_cred; struct thread *a_td; } */ *ap) { int error; - XVOP_ACCESS(VPTOXFSVP(ap->a_vp), ap->a_mode, ap->a_cred, error); + XVOP_ACCESS(VPTOXFSVP(ap->a_vp), ap->a_accmode, ap->a_cred, error); return (error); } diff --git a/sys/kern/subr_acl_posix1e.c b/sys/kern/subr_acl_posix1e.c index d3f944d3afe1..6396c0825385 100644 --- a/sys/kern/subr_acl_posix1e.c +++ b/sys/kern/subr_acl_posix1e.c @@ -53,12 +53,12 @@ __FBSDID("$FreeBSD$"); */ int vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, - struct acl *acl, mode_t acc_mode, struct ucred *cred, int *privused) + struct acl *acl, accmode_t acc_mode, struct ucred *cred, int *privused) { struct acl_entry *acl_other, *acl_mask; - mode_t dac_granted; - mode_t priv_granted; - mode_t acl_mask_granted; + accmode_t dac_granted; + accmode_t priv_granted; + accmode_t acl_mask_granted; int group_matched, i; /* diff --git a/sys/kern/uipc_mqueue.c b/sys/kern/uipc_mqueue.c index 123f6529b6f2..0ac60d08511f 100644 --- a/sys/kern/uipc_mqueue.c +++ b/sys/kern/uipc_mqueue.c @@ -1120,7 +1120,7 @@ mqfs_close(struct vop_close_args *ap) struct vop_access_args { struct vop_generic_args a_gen; struct vnode *a_vp; - int a_mode; + accmode_t a_accmode; struct ucred *a_cred; struct thread *a_td; }; @@ -1140,7 +1140,7 @@ mqfs_access(struct vop_access_args *ap) if (error) return (error); error = vaccess(vp->v_type, vattr.va_mode, vattr.va_uid, - vattr.va_gid, ap->a_mode, ap->a_cred, NULL); + vattr.va_gid, ap->a_accmode, ap->a_cred, NULL); return (error); } @@ -2003,14 +2003,14 @@ kmq_open(struct thread *td, struct kmq_open_args *uap) if ((flags & (O_CREAT | O_EXCL)) == (O_CREAT | O_EXCL)) { error = EEXIST; } else { - int acc_mode = 0; + accmode_t accmode = 0; if (flags & FREAD) - acc_mode |= VREAD; + accmode |= VREAD; if (flags & FWRITE) - acc_mode |= VWRITE; + accmode |= VWRITE; error = vaccess(VREG, pn->mn_mode, pn->mn_uid, - pn->mn_gid, acc_mode, td->td_ucred, NULL); + pn->mn_gid, accmode, td->td_ucred, NULL); } } diff --git a/sys/kern/uipc_shm.c b/sys/kern/uipc_shm.c index 577a8fec8afd..f2dec1971cd0 100644 --- a/sys/kern/uipc_shm.c +++ b/sys/kern/uipc_shm.c @@ -367,15 +367,15 @@ shm_drop(struct shmfd *shmfd) static int shm_access(struct shmfd *shmfd, struct ucred *ucred, int flags) { - int acc_mode; + accmode_t accmode; - acc_mode = 0; + accmode = 0; if (flags & FREAD) - acc_mode |= VREAD; + accmode |= VREAD; if (flags & FWRITE) - acc_mode |= VWRITE; + accmode |= VWRITE; return (vaccess(VREG, shmfd->shm_mode, shmfd->shm_uid, shmfd->shm_gid, - acc_mode, ucred, NULL)); + accmode, ucred, NULL)); } /* diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index ec270e7b5308..56985322c8ab 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -3459,10 +3459,10 @@ vn_isdisk(struct vnode *vp, int *errp) */ int vaccess(enum vtype type, mode_t file_mode, uid_t file_uid, gid_t file_gid, - mode_t acc_mode, struct ucred *cred, int *privused) + accmode_t accmode, struct ucred *cred, int *privused) { - mode_t dac_granted; - mode_t priv_granted; + accmode_t dac_granted; + accmode_t priv_granted; /* * Look for a normal, non-privileged way to access the file/directory @@ -3484,7 +3484,7 @@ vaccess(enum vtype type, mode_t file_mode, uid_t file_uid, gid_t file_gid, if (file_mode & S_IWUSR) dac_granted |= (VWRITE | VAPPEND); - if ((acc_mode & dac_granted) == acc_mode) + if ((accmode & dac_granted) == accmode) return (0); goto privcheck; @@ -3499,7 +3499,7 @@ vaccess(enum vtype type, mode_t file_mode, uid_t file_uid, gid_t file_gid, if (file_mode & S_IWGRP) dac_granted |= (VWRITE | VAPPEND); - if ((acc_mode & dac_granted) == acc_mode) + if ((accmode & dac_granted) == accmode) return (0); goto privcheck; @@ -3512,7 +3512,7 @@ vaccess(enum vtype type, mode_t file_mode, uid_t file_uid, gid_t file_gid, dac_granted |= VREAD; if (file_mode & S_IWOTH) dac_granted |= (VWRITE | VAPPEND); - if ((acc_mode & dac_granted) == acc_mode) + if ((accmode & dac_granted) == accmode) return (0); privcheck: @@ -3529,35 +3529,35 @@ privcheck: * For directories, use PRIV_VFS_LOOKUP to satisfy VEXEC * requests, instead of PRIV_VFS_EXEC. */ - if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) && + if ((accmode & VEXEC) && ((dac_granted & VEXEC) == 0) && !priv_check_cred(cred, PRIV_VFS_LOOKUP, 0)) priv_granted |= VEXEC; } else { - if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) && + if ((accmode & VEXEC) && ((dac_granted & VEXEC) == 0) && !priv_check_cred(cred, PRIV_VFS_EXEC, 0)) priv_granted |= VEXEC; } - if ((acc_mode & VREAD) && ((dac_granted & VREAD) == 0) && + if ((accmode & VREAD) && ((dac_granted & VREAD) == 0) && !priv_check_cred(cred, PRIV_VFS_READ, 0)) priv_granted |= VREAD; - if ((acc_mode & VWRITE) && ((dac_granted & VWRITE) == 0) && + if ((accmode & VWRITE) && ((dac_granted & VWRITE) == 0) && !priv_check_cred(cred, PRIV_VFS_WRITE, 0)) priv_granted |= (VWRITE | VAPPEND); - if ((acc_mode & VADMIN) && ((dac_granted & VADMIN) == 0) && + if ((accmode & VADMIN) && ((dac_granted & VADMIN) == 0) && !priv_check_cred(cred, PRIV_VFS_ADMIN, 0)) priv_granted |= VADMIN; - if ((acc_mode & (priv_granted | dac_granted)) == acc_mode) { + if ((accmode & (priv_granted | dac_granted)) == accmode) { /* XXX audit: privilege used */ if (privused != NULL) *privused = 1; return (0); } - return ((acc_mode & VADMIN) ? EPERM : EACCES); + return ((accmode & VADMIN) ? EPERM : EACCES); } /* @@ -3566,7 +3566,7 @@ privcheck: */ int extattr_check_cred(struct vnode *vp, int attrnamespace, struct ucred *cred, - struct thread *td, int access) + struct thread *td, accmode_t accmode) { /* @@ -3584,7 +3584,7 @@ extattr_check_cred(struct vnode *vp, int attrnamespace, struct ucred *cred, /* Potentially should be: return (EPERM); */ return (priv_check_cred(cred, PRIV_VFS_EXTATTR_SYSTEM, 0)); case EXTATTR_NAMESPACE_USER: - return (VOP_ACCESS(vp, access, cred, td)); + return (VOP_ACCESS(vp, accmode, cred, td)); default: return (EPERM); } diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index a3ef36f43978..4d40f3509930 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -2032,25 +2032,26 @@ vn_access(vp, user_flags, cred, td) struct ucred *cred; struct thread *td; { - int error, flags; + int error; + accmode_t accmode; /* Flags == 0 means only check for existence. */ error = 0; if (user_flags) { - flags = 0; + accmode = 0; if (user_flags & R_OK) - flags |= VREAD; + accmode |= VREAD; if (user_flags & W_OK) - flags |= VWRITE; + accmode |= VWRITE; if (user_flags & X_OK) - flags |= VEXEC; + accmode |= VEXEC; #ifdef MAC - error = mac_vnode_check_access(cred, vp, flags); + error = mac_vnode_check_access(cred, vp, accmode); if (error) return (error); #endif - if ((flags & VWRITE) == 0 || (error = vn_writechk(vp)) == 0) - error = VOP_ACCESS(vp, flags, cred, td); + if ((accmode & VWRITE) == 0 || (error = vn_writechk(vp)) == 0) + error = VOP_ACCESS(vp, accmode, cred, td); } return (error); } @@ -4349,7 +4350,8 @@ fhopen(td, uap) struct flock lf; struct file *fp; register struct filedesc *fdp = p->p_fd; - int fmode, mode, error, type; + int fmode, error, type; + accmode_t accmode; struct file *nfp; int vfslocked; int indx; @@ -4391,7 +4393,7 @@ fhopen(td, uap) error = EOPNOTSUPP; goto bad; } - mode = 0; + accmode = 0; if (fmode & (FWRITE | O_TRUNC)) { if (vp->v_type == VDIR) { error = EISDIR; @@ -4400,19 +4402,19 @@ fhopen(td, uap) error = vn_writechk(vp); if (error) goto bad; - mode |= VWRITE; + accmode |= VWRITE; } if (fmode & FREAD) - mode |= VREAD; + accmode |= VREAD; if (fmode & O_APPEND) - mode |= VAPPEND; + accmode |= VAPPEND; #ifdef MAC - error = mac_vnode_check_open(td->td_ucred, vp, mode); + error = mac_vnode_check_open(td->td_ucred, vp, accmode); if (error) goto bad; #endif - if (mode) { - error = VOP_ACCESS(vp, mode, td->td_ucred, td); + if (accmode) { + error = VOP_ACCESS(vp, accmode, td->td_ucred, td); if (error) goto bad; } diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c index 5eac78585e5f..ef2241356dec 100644 --- a/sys/kern/vfs_vnops.c +++ b/sys/kern/vfs_vnops.c @@ -115,7 +115,8 @@ vn_open_cred(ndp, flagp, cmode, cred, fp) struct thread *td = ndp->ni_cnd.cn_thread; struct vattr vat; struct vattr *vap = &vat; - int mode, fmode, error; + int fmode, error; + accmode_t accmode; int vfslocked, mpsafe; mpsafe = ndp->ni_cnd.cn_flags & MPSAFE; @@ -202,33 +203,33 @@ restart: error = EOPNOTSUPP; goto bad; } - mode = 0; + accmode = 0; if (fmode & (FWRITE | O_TRUNC)) { if (vp->v_type == VDIR) { error = EISDIR; goto bad; } - mode |= VWRITE; + accmode |= VWRITE; } if (fmode & FREAD) - mode |= VREAD; + accmode |= VREAD; if (fmode & FEXEC) - mode |= VEXEC; + accmode |= VEXEC; if (fmode & O_APPEND) - mode |= VAPPEND; + accmode |= VAPPEND; #ifdef MAC - error = mac_vnode_check_open(cred, vp, mode); + error = mac_vnode_check_open(cred, vp, accmode); if (error) goto bad; #endif if ((fmode & O_CREAT) == 0) { - if (mode & VWRITE) { + if (accmode & VWRITE) { error = vn_writechk(vp); if (error) goto bad; } - if (mode) { - error = VOP_ACCESS(vp, mode, cred, td); + if (accmode) { + error = VOP_ACCESS(vp, accmode, cred, td); if (error) goto bad; } diff --git a/sys/kern/vnode_if.src b/sys/kern/vnode_if.src index 92edd7ac23ae..373315612677 100644 --- a/sys/kern/vnode_if.src +++ b/sys/kern/vnode_if.src @@ -147,7 +147,7 @@ vop_close { vop_access { IN struct vnode *vp; - IN int mode; + IN accmode_t accmode; IN struct ucred *cred; IN struct thread *td; }; diff --git a/sys/nfs4client/nfs4_vnops.c b/sys/nfs4client/nfs4_vnops.c index 9a28da332909..4dd731610f6a 100644 --- a/sys/nfs4client/nfs4_vnops.c +++ b/sys/nfs4client/nfs4_vnops.c @@ -301,7 +301,7 @@ nfs4_access(struct vop_access_args *ap) * unless the file is a socket, fifo, or a block or character * device resident on the filesystem. */ - if ((ap->a_mode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) { + if ((ap->a_accmode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) { switch (vp->v_type) { case VREG: case VDIR: @@ -321,20 +321,20 @@ nfs4_access(struct vop_access_args *ap) */ /* XXX Disable this for now; needs fixing of _access_otw() */ if (0 && v3) { - if (ap->a_mode & VREAD) + if (ap->a_accmode & VREAD) mode = NFSV3ACCESS_READ; else mode = 0; if (vp->v_type != VDIR) { - if (ap->a_mode & VWRITE) + if (ap->a_accmode & VWRITE) mode |= (NFSV3ACCESS_MODIFY | NFSV3ACCESS_EXTEND); - if (ap->a_mode & VEXEC) + if (ap->a_accmode & VEXEC) mode |= NFSV3ACCESS_EXECUTE; } else { - if (ap->a_mode & VWRITE) + if (ap->a_accmode & VWRITE) mode |= (NFSV3ACCESS_MODIFY | NFSV3ACCESS_EXTEND | NFSV3ACCESS_DELETE); - if (ap->a_mode & VEXEC) + if (ap->a_accmode & VEXEC) mode |= NFSV3ACCESS_LOOKUP; } /* XXX safety belt, only make blanket request if caching */ @@ -370,16 +370,16 @@ nfs4_access(struct vop_access_args *ap) } /* XXX use generic access code here? */ - mode = ap->a_mode & VREAD ? NFSV4ACCESS_READ : 0; + mode = ap->a_accmode & VREAD ? NFSV4ACCESS_READ : 0; if (vp->v_type == VDIR) { - if (ap->a_mode & VWRITE) + if (ap->a_accmode & VWRITE) mode |= NFSV4ACCESS_MODIFY | NFSV4ACCESS_EXTEND | NFSV4ACCESS_DELETE; - if (ap->a_mode & VEXEC) + if (ap->a_accmode & VEXEC) mode |= NFSV4ACCESS_LOOKUP; } else { - if (ap->a_mode & VWRITE) + if (ap->a_accmode & VWRITE) mode |= NFSV4ACCESS_MODIFY | NFSV4ACCESS_EXTEND; - if (ap->a_mode & VEXEC) + if (ap->a_accmode & VEXEC) mode |= NFSV4ACCESS_EXECUTE; } diff --git a/sys/nfsclient/nfs_vnops.c b/sys/nfsclient/nfs_vnops.c index a9f9c3fc8df3..b019af0a655b 100644 --- a/sys/nfsclient/nfs_vnops.c +++ b/sys/nfsclient/nfs_vnops.c @@ -318,7 +318,7 @@ nfs_access(struct vop_access_args *ap) * unless the file is a socket, fifo, or a block or character * device resident on the filesystem. */ - if ((ap->a_mode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) { + if ((ap->a_accmode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) { switch (vp->v_type) { case VREG: case VDIR: @@ -337,20 +337,20 @@ nfs_access(struct vop_access_args *ap) * client uid-->server uid mapping that we do not know about. */ if (v3) { - if (ap->a_mode & VREAD) + if (ap->a_accmode & VREAD) mode = NFSV3ACCESS_READ; else mode = 0; if (vp->v_type != VDIR) { - if (ap->a_mode & VWRITE) + if (ap->a_accmode & VWRITE) mode |= (NFSV3ACCESS_MODIFY | NFSV3ACCESS_EXTEND); - if (ap->a_mode & VEXEC) + if (ap->a_accmode & VEXEC) mode |= NFSV3ACCESS_EXECUTE; } else { - if (ap->a_mode & VWRITE) + if (ap->a_accmode & VWRITE) mode |= (NFSV3ACCESS_MODIFY | NFSV3ACCESS_EXTEND | NFSV3ACCESS_DELETE); - if (ap->a_mode & VEXEC) + if (ap->a_accmode & VEXEC) mode |= NFSV3ACCESS_LOOKUP; } /* XXX safety belt, only make blanket request if caching */ @@ -399,7 +399,7 @@ nfs_access(struct vop_access_args *ap) * file size cached. */ mtx_lock(&np->n_mtx); - if (ap->a_cred->cr_uid == 0 && (ap->a_mode & VREAD) + if (ap->a_cred->cr_uid == 0 && (ap->a_accmode & VREAD) && VTONFS(vp)->n_size > 0) { struct iovec aiov; struct uio auio; @@ -3200,7 +3200,7 @@ nfsspec_access(struct vop_access_args *ap) struct vattr *vap; struct ucred *cred = ap->a_cred; struct vnode *vp = ap->a_vp; - mode_t mode = ap->a_mode; + accmode_t accmode = ap->a_accmode; struct vattr vattr; int error; @@ -3209,7 +3209,7 @@ nfsspec_access(struct vop_access_args *ap) * unless the file is a socket, fifo, or a block or character * device resident on the filesystem. */ - if ((mode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) { + if ((accmode & VWRITE) && (vp->v_mount->mnt_flag & MNT_RDONLY)) { switch (vp->v_type) { case VREG: case VDIR: @@ -3224,7 +3224,7 @@ nfsspec_access(struct vop_access_args *ap) if (error) goto out; error = vaccess(vp->v_type, vap->va_mode, vap->va_uid, vap->va_gid, - mode, cred, NULL); + accmode, cred, NULL); out: return error; } diff --git a/sys/nfsserver/nfs_serv.c b/sys/nfsserver/nfs_serv.c index a339e5587b7f..9eb8695c963b 100644 --- a/sys/nfsserver/nfs_serv.c +++ b/sys/nfsserver/nfs_serv.c @@ -138,7 +138,8 @@ struct nfsrvstats nfsrvstats; SYSCTL_STRUCT(_vfs_nfsrv, NFS_NFSRVSTATS, nfsrvstats, CTLFLAG_RW, &nfsrvstats, nfsrvstats, "S,nfsrvstats"); -static int nfsrv_access(struct vnode *, int, struct ucred *, int, int); +static int nfsrv_access(struct vnode *, accmode_t, struct ucred *, + int, int); static void nfsrvw_coalesce(struct nfsrv_descript *, struct nfsrv_descript *); @@ -4234,8 +4235,8 @@ nfsmout: * will return EPERM instead of EACCESS. EPERM is always an error. */ static int -nfsrv_access(struct vnode *vp, int flags, struct ucred *cred, int rdonly, - int override) +nfsrv_access(struct vnode *vp, accmode_t accmode, struct ucred *cred, + int rdonly, int override) { struct vattr vattr; int error; @@ -4244,7 +4245,7 @@ nfsrv_access(struct vnode *vp, int flags, struct ucred *cred, int rdonly, nfsdbprintf(("%s %d\n", __FILE__, __LINE__)); - if (flags & VWRITE) { + if (accmode & VWRITE) { /* Just vn_writechk() changed to check rdonly */ /* * Disallow write attempts on read-only filesystems; @@ -4272,7 +4273,7 @@ nfsrv_access(struct vnode *vp, int flags, struct ucred *cred, int rdonly, error = VOP_GETATTR(vp, &vattr, cred); if (error) return (error); - error = VOP_ACCESS(vp, flags, cred, curthread); + error = VOP_ACCESS(vp, accmode, cred, curthread); /* * Allow certain operations for the owner (reads and writes * on files that are already open). diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index 4cb5262a6082..4da4af92afac 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -88,6 +88,7 @@ struct vnode; struct vop_setlabel_args; #include <sys/acl.h> /* XXX acl_type_t */ +#include <sys/types.h> /* accmode_t */ /* * Entry points to the TrustedBSD MAC Framework from the remainder of the @@ -365,7 +366,7 @@ void mac_thread_userret(struct thread *td); int mac_vnode_associate_extattr(struct mount *mp, struct vnode *vp); void mac_vnode_associate_singlelabel(struct mount *mp, struct vnode *vp); int mac_vnode_check_access(struct ucred *cred, struct vnode *vp, - int acc_mode); + accmode_t accmode); int mac_vnode_check_chdir(struct ucred *cred, struct vnode *dvp); int mac_vnode_check_chroot(struct ucred *cred, struct vnode *dvp); int mac_vnode_check_create(struct ucred *cred, struct vnode *dvp, @@ -391,7 +392,7 @@ int mac_vnode_check_mmap(struct ucred *cred, struct vnode *vp, int prot, int mac_vnode_check_mprotect(struct ucred *cred, struct vnode *vp, int prot); int mac_vnode_check_open(struct ucred *cred, struct vnode *vp, - int acc_mode); + accmode_t accmode); int mac_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp); int mac_vnode_check_read(struct ucred *active_cred, diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 0188a3868830..ecf68a6fea48 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -61,6 +61,7 @@ * alphabetically. */ #include <sys/acl.h> /* XXX acl_type_t */ +#include <sys/types.h> /* XXX accmode_t */ struct acl; struct auditinfo; @@ -530,7 +531,8 @@ typedef void (*mpo_vnode_associate_singlelabel_t)(struct mount *mp, struct label *mplabel, struct vnode *vp, struct label *vplabel); typedef int (*mpo_vnode_check_access_t)(struct ucred *cred, - struct vnode *vp, struct label *vplabel, int acc_mode); + struct vnode *vp, struct label *vplabel, + accmode_t accmode); typedef int (*mpo_vnode_check_chdir_t)(struct ucred *cred, struct vnode *dvp, struct label *dvplabel); typedef int (*mpo_vnode_check_chroot_t)(struct ucred *cred, @@ -571,7 +573,8 @@ typedef void (*mpo_vnode_check_mmap_downgrade_t)(struct ucred *cred, typedef int (*mpo_vnode_check_mprotect_t)(struct ucred *cred, struct vnode *vp, struct label *vplabel, int prot); typedef int (*mpo_vnode_check_open_t)(struct ucred *cred, - struct vnode *vp, struct label *vplabel, int acc_mode); + struct vnode *vp, struct label *vplabel, + accmode_t accmode); typedef int (*mpo_vnode_check_poll_t)(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *vplabel); diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c index 8a31f95ca8fd..42da76c9aa9f 100644 --- a/sys/security/mac/mac_vfs.c +++ b/sys/security/mac/mac_vfs.c @@ -362,13 +362,13 @@ mac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, } int -mac_vnode_check_access(struct ucred *cred, struct vnode *vp, int acc_mode) +mac_vnode_check_access(struct ucred *cred, struct vnode *vp, accmode_t accmode) { int error; ASSERT_VOP_LOCKED(vp, "mac_vnode_check_access"); - MAC_CHECK(vnode_check_access, cred, vp, vp->v_label, acc_mode); + MAC_CHECK(vnode_check_access, cred, vp, vp->v_label, accmode); return (error); } @@ -546,13 +546,13 @@ mac_vnode_check_mprotect(struct ucred *cred, struct vnode *vp, int prot) } int -mac_vnode_check_open(struct ucred *cred, struct vnode *vp, int acc_mode) +mac_vnode_check_open(struct ucred *cred, struct vnode *vp, accmode_t accmode) { int error; ASSERT_VOP_LOCKED(vp, "mac_vnode_check_open"); - MAC_CHECK(vnode_check_open, cred, vp, vp->v_label, acc_mode); + MAC_CHECK(vnode_check_open, cred, vp, vp->v_label, accmode); return (error); } diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index c8085c1e1ca4..4e10f27f0cb6 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -2882,7 +2882,7 @@ biba_vnode_check_mmap(struct ucred *cred, struct vnode *vp, static int biba_vnode_check_open(struct ucred *cred, struct vnode *vp, - struct label *vplabel, int acc_mode) + struct label *vplabel, accmode_t accmode) { struct mac_biba *subj, *obj; @@ -2893,11 +2893,11 @@ biba_vnode_check_open(struct ucred *cred, struct vnode *vp, obj = SLOT(vplabel); /* XXX privilege override for admin? */ - if (acc_mode & (VREAD | VEXEC | VSTAT)) { + if (accmode & (VREAD | VEXEC | VSTAT)) { if (!biba_dominate_effective(obj, subj)) return (EACCES); } - if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { + if (accmode & (VWRITE | VAPPEND | VADMIN)) { if (!biba_dominate_effective(subj, obj)) return (EACCES); } diff --git a/sys/security/mac_bsdextended/ugidfw_internal.h b/sys/security/mac_bsdextended/ugidfw_internal.h index e85f303df61c..6e979cf67dde 100644 --- a/sys/security/mac_bsdextended/ugidfw_internal.h +++ b/sys/security/mac_bsdextended/ugidfw_internal.h @@ -52,7 +52,7 @@ int ugidfw_system_check_swapon(struct ucred *cred, struct vnode *vp, * Vnode access control checks. */ int ugidfw_vnode_check_access(struct ucred *cred, struct vnode *vp, - struct label *vplabel, int acc_mode); + struct label *vplabel, accmode_t accmode); int ugidfw_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, struct label *dvplabel); int ugidfw_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, @@ -81,7 +81,7 @@ int ugidfw_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, int ugidfw_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, struct label *dvplabel, struct componentname *cnp); int ugidfw_vnode_check_open(struct ucred *cred, struct vnode *vp, - struct label *vplabel, int acc_mode); + struct label *vplabel, accmode_t accmode); int ugidfw_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, struct label *dvplabel); int ugidfw_vnode_check_readdlink(struct ucred *cred, struct vnode *vp, diff --git a/sys/security/mac_bsdextended/ugidfw_vnode.c b/sys/security/mac_bsdextended/ugidfw_vnode.c index 59530780ec58..3d760bcdf4d2 100644 --- a/sys/security/mac_bsdextended/ugidfw_vnode.c +++ b/sys/security/mac_bsdextended/ugidfw_vnode.c @@ -62,10 +62,14 @@ int ugidfw_vnode_check_access(struct ucred *cred, struct vnode *vp, - struct label *vplabel, int acc_mode) + struct label *vplabel, accmode_t accmode) { - return (ugidfw_check_vp(cred, vp, acc_mode)); + /* + * XXX: We pass accmode_t variable containing V* constants + * as an int containing MBI_* constants. + */ + return (ugidfw_check_vp(cred, vp, (int)accmode)); } int @@ -168,10 +172,14 @@ ugidfw_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, int ugidfw_vnode_check_open(struct ucred *cred, struct vnode *vp, - struct label *vplabel, int acc_mode) + struct label *vplabel, accmode_t accmode) { - return (ugidfw_check_vp(cred, vp, acc_mode)); + /* + * XXX: We pass accmode_t variable containing V* constants + * as an int containing MBI_* constants. + */ + return (ugidfw_check_vp(cred, vp, (int)accmode)); } int diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index 304a7127c06a..9eb27019b3b2 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -2430,7 +2430,7 @@ lomac_vnode_check_mmap_downgrade(struct ucred *cred, struct vnode *vp, static int lomac_vnode_check_open(struct ucred *cred, struct vnode *vp, - struct label *vplabel, int acc_mode) + struct label *vplabel, accmode_t accmode) { struct mac_lomac *subj, *obj; @@ -2441,7 +2441,7 @@ lomac_vnode_check_open(struct ucred *cred, struct vnode *vp, obj = SLOT(vplabel); /* XXX privilege override for admin? */ - if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { + if (accmode & (VWRITE | VAPPEND | VADMIN)) { if (!lomac_subject_dominate(subj, obj)) return (EACCES); } diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 84b8c9949b13..217fa5f44e4b 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -2505,7 +2505,7 @@ mls_vnode_check_mmap(struct ucred *cred, struct vnode *vp, static int mls_vnode_check_open(struct ucred *cred, struct vnode *vp, - struct label *vplabel, int acc_mode) + struct label *vplabel, accmode_t accmode) { struct mac_mls *subj, *obj; @@ -2516,11 +2516,11 @@ mls_vnode_check_open(struct ucred *cred, struct vnode *vp, obj = SLOT(vplabel); /* XXX privilege override for admin? */ - if (acc_mode & (VREAD | VEXEC | VSTAT)) { + if (accmode & (VREAD | VEXEC | VSTAT)) { if (!mls_dominate_effective(subj, obj)) return (EACCES); } - if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { + if (accmode & (VWRITE | VAPPEND | VADMIN)) { if (!mls_dominate_effective(obj, subj)) return (EACCES); } diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index e1e2269bb893..e8e2422b623b 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -1337,7 +1337,7 @@ stub_vnode_check_mprotect(struct ucred *cred, struct vnode *vp, static int stub_vnode_check_open(struct ucred *cred, struct vnode *vp, - struct label *vplabel, int acc_mode) + struct label *vplabel, accmode_t accmode) { return (0); diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index d727e1aa38c6..08f8dd814282 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -2326,7 +2326,7 @@ test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, COUNTER_DECL(vnode_check_access); static int test_vnode_check_access(struct ucred *cred, struct vnode *vp, - struct label *vplabel, int acc_mode) + struct label *vplabel, accmode_t accmode) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); @@ -2500,7 +2500,7 @@ test_vnode_check_mmap(struct ucred *cred, struct vnode *vp, COUNTER_DECL(vnode_check_open); static int test_vnode_check_open(struct ucred *cred, struct vnode *vp, - struct label *vplabel, int acc_mode) + struct label *vplabel, accmode_t accmode) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); diff --git a/sys/sys/_types.h b/sys/sys/_types.h index bee2ccad0896..d71cdb094e1a 100644 --- a/sys/sys/_types.h +++ b/sys/sys/_types.h @@ -47,6 +47,7 @@ typedef __uint32_t __ino_t; /* inode number */ typedef long __key_t; /* IPC key (for Sys V IPC) */ typedef __int32_t __lwpid_t; /* Thread ID (a.k.a. LWP) */ typedef __uint16_t __mode_t; /* permissions */ +typedef int __accmode_t; /* access permissions */ typedef int __nl_item; typedef __uint16_t __nlink_t; /* link count */ typedef __int64_t __off_t; /* file offset */ diff --git a/sys/sys/extattr.h b/sys/sys/extattr.h index 4b8ed8254051..6e8b73541a6a 100644 --- a/sys/sys/extattr.h +++ b/sys/sys/extattr.h @@ -58,13 +58,14 @@ EXTATTR_NAMESPACE_SYSTEM_STRING } #ifdef _KERNEL +#include <sys/types.h> #define EXTATTR_MAXNAMELEN NAME_MAX struct thread; struct ucred; struct vnode; int extattr_check_cred(struct vnode *vp, int attrnamespace, - struct ucred *cred, struct thread *td, int access); + struct ucred *cred, struct thread *td, accmode_t accmode); #else #include <sys/cdefs.h> diff --git a/sys/sys/types.h b/sys/sys/types.h index 0cd7891f7136..cf9264a599b7 100644 --- a/sys/sys/types.h +++ b/sys/sys/types.h @@ -205,6 +205,11 @@ typedef __mode_t mode_t; /* permissions */ #define _MODE_T_DECLARED #endif +#ifndef _ACCMODE_T_DECLARED +typedef __accmode_t accmode_t; /* access permissions */ +#define _ACCMODE_T_DECLARED +#endif + #ifndef _NLINK_T_DECLARED typedef __nlink_t nlink_t; /* link count */ #define _NLINK_T_DECLARED diff --git a/sys/sys/vnode.h b/sys/sys/vnode.h index 37248b2c3362..31b005d46a37 100644 --- a/sys/sys/vnode.h +++ b/sys/sys/vnode.h @@ -309,7 +309,7 @@ struct vattr { #define IO_SEQSHIFT 16 /* seq heuristic in upper 16 bits */ /* - * Modes. Some values same as Ixxx entries from inode.h for now. + * Flags for accmode_t. */ #define VEXEC 000100 /* execute/search permission */ #define VWRITE 000200 /* write permission */ @@ -584,10 +584,10 @@ int vn_fullpath_global(struct thread *td, struct vnode *vn, char **retbuf, char **freebuf); int vn_commname(struct vnode *vn, char *buf, u_int buflen); int vaccess(enum vtype type, mode_t file_mode, uid_t file_uid, - gid_t file_gid, mode_t acc_mode, struct ucred *cred, + gid_t file_gid, accmode_t accmode, struct ucred *cred, int *privused); int vaccess_acl_posix1e(enum vtype type, uid_t file_uid, - gid_t file_gid, struct acl *acl, mode_t acc_mode, + gid_t file_gid, struct acl *acl, accmode_t accmode, struct ucred *cred, int *privused); void vattr_null(struct vattr *vap); int vcount(struct vnode *vp); diff --git a/sys/ufs/ffs/ffs_vfsops.c b/sys/ufs/ffs/ffs_vfsops.c index 6e66c883d2c8..563473c14938 100644 --- a/sys/ufs/ffs/ffs_vfsops.c +++ b/sys/ufs/ffs/ffs_vfsops.c @@ -139,7 +139,7 @@ ffs_mount(struct mount *mp, struct thread *td) struct fs *fs; int error, flags; u_int mntorflags, mntandnotflags; - mode_t accessmode; + accmode_t accmode; struct nameidata ndp; char *fspec; @@ -384,10 +384,10 @@ ffs_mount(struct mount *mp, struct thread *td) * If mount by non-root, then verify that user has necessary * permissions on the device. */ - accessmode = VREAD; + accmode = VREAD; if ((mp->mnt_flag & MNT_RDONLY) == 0) - accessmode |= VWRITE; - error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td); + accmode |= VWRITE; + error = VOP_ACCESS(devvp, accmode, td->td_ucred, td); if (error) error = priv_check(td, PRIV_VFS_MOUNT_PERM); if (error) { diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c index eb851cffb30a..e5047e9addbc 100644 --- a/sys/ufs/ufs/ufs_vnops.c +++ b/sys/ufs/ufs/ufs_vnops.c @@ -301,14 +301,14 @@ static int ufs_access(ap) struct vop_access_args /* { struct vnode *a_vp; - int a_mode; + accmode_t a_accmode; struct ucred *a_cred; struct thread *a_td; } */ *ap; { struct vnode *vp = ap->a_vp; struct inode *ip = VTOI(vp); - mode_t mode = ap->a_mode; + accmode_t accmode = ap->a_accmode; int error; #ifdef QUOTA int relocked; @@ -322,7 +322,7 @@ ufs_access(ap) * unless the file is a socket, fifo, or a block or * character device resident on the filesystem. */ - if (mode & VWRITE) { + if (accmode & VWRITE) { switch (vp->v_type) { case VDIR: case VLNK: @@ -368,7 +368,7 @@ relock: } /* If immutable bit set, nobody gets to write it. */ - if ((mode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) + if ((accmode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) return (EPERM); #ifdef UFS_ACL @@ -379,11 +379,11 @@ relock: switch (error) { case EOPNOTSUPP: error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, - ip->i_gid, ap->a_mode, ap->a_cred, NULL); + ip->i_gid, ap->a_accmode, ap->a_cred, NULL); break; case 0: error = vaccess_acl_posix1e(vp->v_type, ip->i_uid, - ip->i_gid, acl, ap->a_mode, ap->a_cred, NULL); + ip->i_gid, acl, ap->a_accmode, ap->a_cred, NULL); break; default: printf( @@ -395,13 +395,13 @@ relock: * EPERM for safety. */ error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, - ip->i_gid, ap->a_mode, ap->a_cred, NULL); + ip->i_gid, ap->a_accmode, ap->a_cred, NULL); } uma_zfree(acl_zone, acl); } else #endif /* !UFS_ACL */ error = vaccess(vp->v_type, ip->i_mode, ip->i_uid, ip->i_gid, - ap->a_mode, ap->a_cred, NULL); + ap->a_accmode, ap->a_cred, NULL); return (error); } |