Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/miscfs/genfs Fix EPERM vs EACCES return.
details: https://anonhg.NetBSD.org/src/rev/a34c6c78e3ed
branches: trunk
changeset: 933023:a34c6c78e3ed
user: christos <christos%NetBSD.org@localhost>
date: Mon May 18 19:42:16 2020 +0000
description:
Fix EPERM vs EACCES return.
diffstat:
sys/miscfs/genfs/genfs_vnops.c | 38 ++++++++++++++++++++++++++++++--------
1 files changed, 30 insertions(+), 8 deletions(-)
diffs (87 lines):
diff -r 68be0e55fe5e -r a34c6c78e3ed sys/miscfs/genfs/genfs_vnops.c
--- a/sys/miscfs/genfs/genfs_vnops.c Mon May 18 16:42:05 2020 +0000
+++ b/sys/miscfs/genfs/genfs_vnops.c Mon May 18 19:42:16 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: genfs_vnops.c,v 1.204 2020/05/16 18:31:51 christos Exp $ */
+/* $NetBSD: genfs_vnops.c,v 1.205 2020/05/18 19:42:16 christos Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: genfs_vnops.c,v 1.204 2020/05/16 18:31:51 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: genfs_vnops.c,v 1.205 2020/05/18 19:42:16 christos Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -695,7 +695,13 @@
KASSERT((accmode & ~(VEXEC | VWRITE | VREAD | VADMIN | VAPPEND)) == 0);
KASSERT((accmode & VAPPEND) == 0 || (accmode & VWRITE));
-
+#ifdef ACL_DEBUG
+ char buf[128];
+ snprintb(buf, sizeof(buf), __VNODE_PERM_BITS, accmode);
+ printf("%s: %s cred_uid=%d cred_gid=%d file_uid=%d file_gid=%d\n",
+ __func__, buf, kauth_cred_geteuid(cred), kauth_cred_getegid(cred),
+ file_uid, file_gid);
+#endif
/*
* Look for a normal, non-privileged way to access the file/directory
* as requested. If it exists, go with that.
@@ -713,7 +719,11 @@
if (file_mode & S_IWUSR)
dac_granted |= (VWRITE | VAPPEND);
- return (accmode & dac_granted) == accmode ? 0 : EPERM;
+#ifdef ACL_DEBUG
+ printf("%s: owner %o %o\n", __func__,
+ accmode & dac_granted, accmode);
+#endif
+ goto privchk;
}
/* Otherwise, check the groups (first match) */
@@ -729,7 +739,11 @@
if (file_mode & S_IWGRP)
dac_granted |= (VWRITE | VAPPEND);
- return (accmode & dac_granted) == accmode ? 0 : EACCES;
+#ifdef ACL_DEBUG
+ printf("%s: group %o %o\n", __func__,
+ accmode & dac_granted, accmode);
+#endif
+ goto privchk;
}
/* Otherwise, check everyone else. */
@@ -739,8 +753,16 @@
dac_granted |= VREAD;
if (file_mode & S_IWOTH)
dac_granted |= (VWRITE | VAPPEND);
- return (accmode & dac_granted) == accmode ? 0 : EACCES;
- return (0);
+
+#ifdef ACL_DEBUG
+ printf("%s: others %o %o\n", __func__,
+ accmode & dac_granted, accmode);
+#endif
+privchk:
+ if ((accmode & dac_granted) == accmode)
+ return 0;
+
+ return (accmode & VADMIN) ? EPERM : EACCES;
}
/*
@@ -1108,7 +1130,7 @@
#ifdef ACL_DEBUG
char buf[128];
snprintb(buf, sizeof(buf), __VNODE_PERM_BITS, accmode);
- printf("%s: %s uid=%d gid=%d\n", __func__, buf, file_uid, file_gid);
+ printf("%s: %s file_uid=%d file_gid=%d\n", __func__, buf, file_uid, file_gid);
#endif
if (accmode & VADMIN)
Home |
Main Index |
Thread Index |
Old Index