servers/mfs/protect.c

   1 #include "fs.h"
   2 #include "inode.h"
   3 #include "super.h"
   4 #include <minix/vfsif.h>
   5
   6 static int in_group(gid_t grp);
   7
   8
   9 /*===========================================================================*
  10  *                              fs_chmod                                     *
  11  *===========================================================================*/
  12 int fs_chmod()
  13 {
  14 /* Perform the chmod(name, mode) system call. */
  15
  16   register struct inode *rip;
  17   mode_t mode;
  18
  19   mode = (mode_t) fs_m_in.REQ_MODE;
  20
  21   /* Temporarily open the file. */
  22   if( (rip = get_inode(fs_dev, (ino_t) fs_m_in.REQ_INODE_NR)) == NULL)
  23           return(EINVAL);
  24
  25   if(rip->i_sp->s_rd_only) {
  26         put_inode(rip);
  27         return EROFS;
  28   }
  29
  30   /* Now make the change. Clear setgid bit if file is not in caller's grp */
  31   rip->i_mode = (rip->i_mode & ~ALL_MODES) | (mode & ALL_MODES);
  32   rip->i_update |= CTIME;
  33   IN_MARKDIRTY(rip);
  34
  35   /* Return full new mode to caller. */
  36   fs_m_out.RES_MODE = rip->i_mode;
  37
  38   put_inode(rip);
  39   return(OK);
  40 }
  41
  42
  43 /*===========================================================================*
  44  *                              fs_chown                                     *
  45  *===========================================================================*/
  46 int fs_chown()
  47 {
  48   register struct inode *rip;
  49   register int r;
  50
  51   /* Temporarily open the file. */
  52   if( (rip = get_inode(fs_dev, (ino_t) fs_m_in.REQ_INODE_NR)) == NULL)
  53           return(EINVAL);
  54
  55   /* Not permitted to change the owner of a file on a read-only file sys. */
  56   r = read_only(rip);
  57   if (r == OK) {
  58           rip->i_uid = (uid_t) fs_m_in.REQ_UID;
  59           rip->i_gid = (gid_t) fs_m_in.REQ_GID;
  60           rip->i_mode &= ~(I_SET_UID_BIT | I_SET_GID_BIT);
  61           rip->i_update |= CTIME;
  62           IN_MARKDIRTY(rip);
  63   }
  64
  65   /* Update caller on current mode, as it may have changed. */
  66   fs_m_out.RES_MODE = rip->i_mode;
  67   put_inode(rip);
  68
  69   return(r);
  70 }
  71
  72
  73 /*===========================================================================*
  74  *                              forbidden                                    *
  75  *===========================================================================*/
  76 int forbidden(register struct inode *rip, mode_t access_desired)
  77 {
  78 /* Given a pointer to an inode, 'rip', and the access desired, determine
  79  * if the access is allowed, and if not why not.  The routine looks up the
  80  * caller's uid in the 'fproc' table.  If access is allowed, OK is returned
  81  * if it is forbidden, EACCES is returned.
  82  */
  83
  84   register struct inode *old_rip = rip;
  85   register mode_t bits, perm_bits;
  86   int r, shift;
  87
  88   /* Isolate the relevant rwx bits from the mode. */
  89   bits = rip->i_mode;
  90   if (caller_uid == SU_UID) {
  91         /* Grant read and write permission.  Grant search permission for
  92          * directories.  Grant execute permission (for non-directories) if
  93          * and only if one of the 'X' bits is set.
  94          */
  95         if ( (bits & I_TYPE) == I_DIRECTORY ||
  96              bits & ((X_BIT << 6) | (X_BIT << 3) | X_BIT))
  97                 perm_bits = R_BIT | W_BIT | X_BIT;
  98         else
  99                 perm_bits = R_BIT | W_BIT;
 100   } else {
 101         if (caller_uid == rip->i_uid) shift = 6;        /* owner */
 102         else if (caller_gid == rip->i_gid) shift = 3;   /* group */
 103         else if (in_group(rip->i_gid) == OK) shift = 3; /* other groups */
 104         else shift = 0;                                 /* other */
 105         perm_bits = (bits >> shift) & (R_BIT | W_BIT | X_BIT);
 106   }
 107
 108   /* If access desired is not a subset of what is allowed, it is refused. */
 109   r = OK;
 110   if ((perm_bits | access_desired) != perm_bits) r = EACCES;
 111
 112   /* Check to see if someone is trying to write on a file system that is
 113    * mounted read-only.
 114    */
 115   if (r == OK)
 116         if (access_desired & W_BIT)
 117                 r = read_only(rip);
 118
 119   if (rip != old_rip) put_inode(rip);
 120
 121   return(r);
 122 }
 123
 124
 125 /*===========================================================================*
 126  *                              in_group                                     *
 127  *===========================================================================*/
 128 static int in_group(gid_t grp)
 129 {
 130   int i;
 131
 132   if (credentials.vu_ngroups > NGROUPS_MAX)
 133         return(EINVAL);
 134
 135   for (i = 0; i < credentials.vu_ngroups; i++)
 136         if (credentials.vu_sgroups[i] == grp)
 137                 return(OK);
 138
 139   return(EINVAL);
 140 }
 141
 142
 143 /*===========================================================================*
 144  *                              read_only                                    *
 145  *===========================================================================*/
 146 int read_only(ip)
 147 struct inode *ip;               /* ptr to inode whose file sys is to be cked */
 148 {
 149 /* Check to see if the file system on which the inode 'ip' resides is mounted
 150  * read only.  If so, return EROFS, else return OK.
 151  */
 152
 153   register struct super_block *sp;
 154
 155   sp = ip->i_sp;
 156   return(sp->s_rd_only ? EROFS : OK);
 157 }
 158