In order to better support flexible and extensible access control,

make a series of modifications to the credential arguments relating to file read and write operations to cliarfy which credential is used for what: - Change fo_read() and fo_write() to accept "active_cred" instead of "cred", and change the semantics of consumers of fo_read() and fo_write() to pass the active credential of the thread requesting an operation rather than the cached file cred. The cached file cred is still available in fo_read() and fo_write() consumers via fp->f_cred. These changes largely in sys_generic.c. For each implementation of fo_read() and fo_write(), update cred usage to reflect this change and maintain current semantics: - badfo_readwrite() unchanged - kqueue_read/write() unchanged pipe_read/write() now authorize MAC using active_cred rather than td->td_ucred - soo_read/write() unchanged - vn_read/write() now authorize MAC using active_cred but VOP_READ/WRITE() with fp->f_cred Modify vn_rdwr() to accept two credential arguments instead of a single credential: active_cred and file_cred. Use active_cred for MAC authorization, and select a credential for use in VOP_READ/WRITE() based on whether file_cred is NULL or not. If file_cred is provided, authorize the VOP using that cred, otherwise the active credential, matching current semantics. Modify current vn_rdwr() consumers to pass a file_cred if used in the context of a struct file, and to always pass active_cred. When vn_rdwr() is used without a file_cred, pass NOCRED. These changes should maintain current semantics for read/write, but avoid a redundant passing of fp->f_cred, as well as making it more clear what the origin of each credential is in file descriptor read/write operations. Follow-up commits will make similar changes to other file descriptor operations, and modify the MAC framework to pass both credentials to MAC policy modules so they can implement either semantic for revocation. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
author: rwatson <rwatson@FreeBSD.org> 2002-08-15 20:55:08 +0000
committer: rwatson <rwatson@FreeBSD.org> 2002-08-15 20:55:08 +0000
commit: 44404e4547aee87b255582d4e6395551869e29b1 (patch)
tree: 09f20587d6bc57d661c96f87771a6081e65d834f /sys/kern
parent: 54a3d67ad2855b152e05f56266188e6214dbcfa1 (diff)
download: FreeBSD-src-44404e4547aee87b255582d4e6395551869e29b1.zip
FreeBSD-src-44404e4547aee87b255582d4e6395551869e29b1.tar.gz
14 files changed, 91 insertions, 62 deletions
diff --git a/sys/kern/imgact_aout.c b/sys/kern/imgact_aout.c
index 48eed90..9573928 100644
--- a/sys/kern/imgact_aout.c
+++ b/sys/kern/imgact_aout.c
@@ -268,14 +268,14 @@ aout_coredump(td, vp, limit)
 		error = vn_rdwr(UIO_WRITE, vp, vm->vm_daddr,
 		    (int)ctob(vm->vm_dsize),
 		    (off_t)ctob(UAREA_PAGES + KSTACK_PAGES), UIO_USERSPACE,
-		    IO_UNIT | IO_DIRECT, cred, (int *) NULL, td);
+		    IO_UNIT | IO_DIRECT, cred, NOCRED, (int *) NULL, td);
 	if (error == 0)
 		error = vn_rdwr_inchunks(UIO_WRITE, vp,
 		    (caddr_t) trunc_page(USRSTACK - ctob(vm->vm_ssize)),
 		    round_page(ctob(vm->vm_ssize)),
 		    (off_t)ctob(UAREA_PAGES + KSTACK_PAGES) +
 		        ctob(vm->vm_dsize), UIO_USERSPACE,
-		    IO_UNIT | IO_DIRECT, cred, (int *) NULL, td);
+		    IO_UNIT | IO_DIRECT, cred, NOCRED, (int *) NULL, td);
 	return (error);
 }
 
diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c
index 7d79c1d..2fd0d7f 100644
--- a/sys/kern/imgact_elf.c
+++ b/sys/kern/imgact_elf.c
@@ -967,7 +967,8 @@ __elfN(coredump)(td, vp, limit)
 			error = vn_rdwr_inchunks(UIO_WRITE, vp,
 			    (caddr_t)(uintptr_t)php->p_vaddr,
 			    php->p_filesz, offset, UIO_USERSPACE,
-			    IO_UNIT | IO_DIRECT, cred, (int *)NULL, curthread); /* XXXKSE */
+			    IO_UNIT | IO_DIRECT, cred, NOCRED, (int *)NULL,
+			    curthread); /* XXXKSE */
 			if (error != 0)
 				break;
 			offset += php->p_filesz;
@@ -1131,7 +1132,8 @@ __elfN(corehdr)(td, vp, cred, numsegs, hdr, hdrsize)
 
 	/* Write it to the core file. */
 	return vn_rdwr_inchunks(UIO_WRITE, vp, hdr, hdrsize, (off_t)0,
-	    UIO_SYSSPACE, IO_UNIT | IO_DIRECT, cred, NULL, td); /* XXXKSE */
+	    UIO_SYSSPACE, IO_UNIT | IO_DIRECT, cred, NOCRED, NULL,
+	    td); /* XXXKSE */
 }
 
 static void
diff --git a/sys/kern/kern_acct.c b/sys/kern/kern_acct.c
index 071fc10..6bbf368 100644
--- a/sys/kern/kern_acct.c
+++ b/sys/kern/kern_acct.c
@@ -267,7 +267,7 @@ acct_process(td)
 	 */
 	VOP_LEASE(vp, td, acctcred, LEASE_WRITE);
 	return (vn_rdwr(UIO_WRITE, vp, (caddr_t)&acct, sizeof (acct),
-	    (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, acctcred,
+	    (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, acctcred, NOCRED,
 	    (int *)0, td));
 }
 
diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c
index 30df164..f291424 100644
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@@ -96,9 +96,10 @@ static struct cdevsw fildesc_cdevsw = {
 	/* flags */	0,
 };
 
-static int do_dup(struct filedesc *fdp, int old, int new, register_t *retval, struct thread *td);
+static int do_dup(struct filedesc *fdp, int old, int new, register_t *retval,
+    struct thread *td);
 static int badfo_readwrite(struct file *fp, struct uio *uio,
-    struct ucred *cred, int flags, struct thread *td);
+    struct ucred *active_cred, int flags, struct thread *td);
 static int badfo_ioctl(struct file *fp, u_long com, void *data,
     struct thread *td);
 static int badfo_poll(struct file *fp, int events,
@@ -2145,10 +2146,10 @@ struct fileops badfileops = {
 };
 
 static int
-badfo_readwrite(fp, uio, cred, flags, td)
+badfo_readwrite(fp, uio, active_cred, flags, td)
 	struct file *fp;
 	struct uio *uio;
-	struct ucred *cred;
+	struct ucred *active_cred;
 	struct thread *td;
 	int flags;
 {
diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c
index 4c85a2d1..723565c 100644
--- a/sys/kern/kern_event.c
+++ b/sys/kern/kern_event.c
@@ -57,9 +57,9 @@ static int	kqueue_scan(struct file *fp, int maxevents,
 		    struct kevent *ulistp, const struct timespec *timeout,
 		    struct thread *td);
 static int 	kqueue_read(struct file *fp, struct uio *uio,
-		    struct ucred *cred, int flags, struct thread *td);
+		    struct ucred *active_cred, int flags, struct thread *td);
 static int	kqueue_write(struct file *fp, struct uio *uio,
-		    struct ucred *cred, int flags, struct thread *td);
+		    struct ucred *active_cred, int flags, struct thread *td);
 static int	kqueue_ioctl(struct file *fp, u_long com, void *data,
 		    struct thread *td);
 static int 	kqueue_poll(struct file *fp, int events, struct ucred *cred,
@@ -777,7 +777,7 @@ done:
  */
 /*ARGSUSED*/
 static int
-kqueue_read(struct file *fp, struct uio *uio, struct ucred *cred,
+kqueue_read(struct file *fp, struct uio *uio, struct ucred *active_cred,
 	int flags, struct thread *td)
 {
 	return (ENXIO);
@@ -785,7 +785,7 @@ kqueue_read(struct file *fp, struct uio *uio, struct ucred *cred,
 
 /*ARGSUSED*/
 static int
-kqueue_write(struct file *fp, struct uio *uio, struct ucred *cred,
+kqueue_write(struct file *fp, struct uio *uio, struct ucred *active_cred,
 	 int flags, struct thread *td)
 {
 	return (ENXIO);
diff --git a/sys/kern/kern_linker.c b/sys/kern/kern_linker.c
index e30e52c..2952be0 100644
--- a/sys/kern/kern_linker.c
+++ b/sys/kern/kern_linker.c
@@ -1464,7 +1464,7 @@ linker_hints_lookup(const char *path, int pathlen, const char *modname,
 	if (hints == NULL)
 		goto bad;
 	error = vn_rdwr(UIO_READ, nd.ni_vp, (caddr_t)hints, vattr.va_size, 0,
-	    UIO_SYSSPACE, IO_NODELOCKED, cred, &reclen, td);
+	    UIO_SYSSPACE, IO_NODELOCKED, cred, NOCRED, &reclen, td);
 	if (error)
 		goto bad;
 	VOP_UNLOCK(nd.ni_vp, 0, td);
diff --git a/sys/kern/link_aout.c b/sys/kern/link_aout.c
index 5a863bd..7a06080 100644
--- a/sys/kern/link_aout.c
+++ b/sys/kern/link_aout.c
@@ -211,7 +211,8 @@ link_aout_load_file(linker_class_t lc, const char* filename, linker_file_t* resu
      * Read the a.out header from the file.
      */
     error = vn_rdwr(UIO_READ, nd.ni_vp, (void*) &header, sizeof header, 0,
-		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td);
+		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED,
+		    &resid, td);
     if (error)
 	goto out;
 
@@ -236,7 +237,8 @@ link_aout_load_file(linker_class_t lc, const char* filename, linker_file_t* resu
      */
     error = vn_rdwr(UIO_READ, nd.ni_vp, (void*) af->address,
 		    header.a_text + header.a_data, 0,
-		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td);
+		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED,
+		    &resid, td);
     if (error)
 	goto out;
     bzero(af->address + header.a_text + header.a_data, header.a_bss);
diff --git a/sys/kern/link_elf.c b/sys/kern/link_elf.c
index dd59405..e9c1516 100644
--- a/sys/kern/link_elf.c
+++ b/sys/kern/link_elf.c
@@ -570,7 +570,8 @@ link_elf_load_file(linker_class_t cls, const char* filename, linker_file_t* resu
     }
     hdr = (Elf_Ehdr *)firstpage;
     error = vn_rdwr(UIO_READ, nd.ni_vp, firstpage, PAGE_SIZE, 0,
-		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td);
+		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED,
+		    &resid, td);
     nbytes = PAGE_SIZE - resid;
     if (error)
 	goto out;
@@ -709,7 +710,8 @@ link_elf_load_file(linker_class_t cls, const char* filename, linker_file_t* resu
 	caddr_t segbase = mapbase + segs[i]->p_vaddr - base_vaddr;
 	error = vn_rdwr(UIO_READ, nd.ni_vp,
 			segbase, segs[i]->p_filesz, segs[i]->p_offset,
-			UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td);
+			UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED,
+			&resid, td);
 	if (error) {
 	    goto out;
 	}
@@ -769,7 +771,8 @@ link_elf_load_file(linker_class_t cls, const char* filename, linker_file_t* resu
     }
     error = vn_rdwr(UIO_READ, nd.ni_vp,
 		    (caddr_t)shdr, nbytes, hdr->e_shoff,
-		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td);
+		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED,
+		    &resid, td);
     if (error)
 	goto out;
     symtabindex = -1;
@@ -794,12 +797,14 @@ link_elf_load_file(linker_class_t cls, const char* filename, linker_file_t* resu
     }
     error = vn_rdwr(UIO_READ, nd.ni_vp,
 		    ef->symbase, symcnt, shdr[symtabindex].sh_offset,
-		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td);
+		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED,
+		    &resid, td);
     if (error)
 	goto out;
     error = vn_rdwr(UIO_READ, nd.ni_vp,
 		    ef->strbase, strcnt, shdr[symstrindex].sh_offset,
-		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td);
+		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED,
+		    &resid, td);
     if (error)
 	goto out;
 
diff --git a/sys/kern/link_elf_obj.c b/sys/kern/link_elf_obj.c
index dd59405..e9c1516 100644
--- a/sys/kern/link_elf_obj.c
+++ b/sys/kern/link_elf_obj.c
@@ -570,7 +570,8 @@ link_elf_load_file(linker_class_t cls, const char* filename, linker_file_t* resu
     }
     hdr = (Elf_Ehdr *)firstpage;
     error = vn_rdwr(UIO_READ, nd.ni_vp, firstpage, PAGE_SIZE, 0,
-		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td);
+		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED,
+		    &resid, td);
     nbytes = PAGE_SIZE - resid;
     if (error)
 	goto out;
@@ -709,7 +710,8 @@ link_elf_load_file(linker_class_t cls, const char* filename, linker_file_t* resu
 	caddr_t segbase = mapbase + segs[i]->p_vaddr - base_vaddr;
 	error = vn_rdwr(UIO_READ, nd.ni_vp,
 			segbase, segs[i]->p_filesz, segs[i]->p_offset,
-			UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td);
+			UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED,
+			&resid, td);
 	if (error) {
 	    goto out;
 	}
@@ -769,7 +771,8 @@ link_elf_load_file(linker_class_t cls, const char* filename, linker_file_t* resu
     }
     error = vn_rdwr(UIO_READ, nd.ni_vp,
 		    (caddr_t)shdr, nbytes, hdr->e_shoff,
-		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td);
+		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED,
+		    &resid, td);
     if (error)
 	goto out;
     symtabindex = -1;
@@ -794,12 +797,14 @@ link_elf_load_file(linker_class_t cls, const char* filename, linker_file_t* resu
     }
     error = vn_rdwr(UIO_READ, nd.ni_vp,
 		    ef->symbase, symcnt, shdr[symtabindex].sh_offset,
-		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td);
+		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED,
+		    &resid, td);
     if (error)
 	goto out;
     error = vn_rdwr(UIO_READ, nd.ni_vp,
 		    ef->strbase, strcnt, shdr[symstrindex].sh_offset,
-		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, &resid, td);
+		    UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred, NOCRED,
+		    &resid, td);
     if (error)
 	goto out;
 
diff --git a/sys/kern/sys_generic.c b/sys/kern/sys_generic.c
index 165284c..ebe61b3 100644
--- a/sys/kern/sys_generic.c
+++ b/sys/kern/sys_generic.c
@@ -192,7 +192,7 @@ dofileread(td, fp, fd, buf, nbyte, offset, flags)
 #endif
 	cnt = nbyte;
 
-	if ((error = fo_read(fp, &auio, fp->f_cred, flags, td))) {
+	if ((error = fo_read(fp, &auio, td->td_ucred, flags, td))) {
 		if (auio.uio_resid != cnt && (error == ERESTART ||
 		    error == EINTR || error == EWOULDBLOCK))
 			error = 0;
@@ -282,7 +282,7 @@ readv(td, uap)
 	}
 #endif
 	cnt = auio.uio_resid;
-	if ((error = fo_read(fp, &auio, fp->f_cred, 0, td))) {
+	if ((error = fo_read(fp, &auio, td->td_ucred, 0, td))) {
 		if (auio.uio_resid != cnt && (error == ERESTART ||
 		    error == EINTR || error == EWOULDBLOCK))
 			error = 0;
@@ -416,7 +416,7 @@ dofilewrite(td, fp, fd, buf, nbyte, offset, flags)
 	cnt = nbyte;
 	if (fp->f_type == DTYPE_VNODE)
 		bwillwrite();
-	if ((error = fo_write(fp, &auio, fp->f_cred, flags, td))) {
+	if ((error = fo_write(fp, &auio, td->td_ucred, flags, td))) {
 		if (auio.uio_resid != cnt && (error == ERESTART ||
 		    error == EINTR || error == EWOULDBLOCK))
 			error = 0;
@@ -518,7 +518,7 @@ writev(td, uap)
 	cnt = auio.uio_resid;
 	if (fp->f_type == DTYPE_VNODE)
 		bwillwrite();
-	if ((error = fo_write(fp, &auio, fp->f_cred, 0, td))) {
+	if ((error = fo_write(fp, &auio, td->td_ucred, 0, td))) {
 		if (auio.uio_resid != cnt && (error == ERESTART ||
 		    error == EINTR || error == EWOULDBLOCK))
 			error = 0;
diff --git a/sys/kern/sys_pipe.c b/sys/kern/sys_pipe.c
index 861a8b6..cfba2de 100644
--- a/sys/kern/sys_pipe.c
+++ b/sys/kern/sys_pipe.c
@@ -95,9 +95,9 @@
  * interfaces to the outside world
  */
 static int pipe_read(struct file *fp, struct uio *uio, 
-		struct ucred *cred, int flags, struct thread *td);
+		struct ucred *active_cred, int flags, struct thread *td);
 static int pipe_write(struct file *fp, struct uio *uio, 
-		struct ucred *cred, int flags, struct thread *td);
+		struct ucred *active_cred, int flags, struct thread *td);
 static int pipe_close(struct file *fp, struct thread *td);
 static int pipe_poll(struct file *fp, int events, struct ucred *cred,
 		struct thread *td);
@@ -449,10 +449,10 @@ pipeselwakeup(cpipe)
 
 /* ARGSUSED */
 static int
-pipe_read(fp, uio, cred, flags, td)
+pipe_read(fp, uio, active_cred, flags, td)
 	struct file *fp;
 	struct uio *uio;
-	struct ucred *cred;
+	struct ucred *active_cred;
 	struct thread *td;
 	int flags;
 {
@@ -468,7 +468,7 @@ pipe_read(fp, uio, cred, flags, td)
 		goto unlocked_error;
 
 #ifdef MAC
-	error = mac_check_pipe_op(td->td_ucred, rpipe, MAC_OP_PIPE_READ);
+	error = mac_check_pipe_op(active_cred, rpipe, MAC_OP_PIPE_READ);
 	if (error)
 		goto locked_error;
 #endif
@@ -861,10 +861,10 @@ error1:
 #endif
 	
 static int
-pipe_write(fp, uio, cred, flags, td)
+pipe_write(fp, uio, active_cred, flags, td)
 	struct file *fp;
 	struct uio *uio;
-	struct ucred *cred;
+	struct ucred *active_cred;
 	struct thread *td;
 	int flags;
 {
@@ -884,7 +884,7 @@ pipe_write(fp, uio, cred, flags, td)
 		return (EPIPE);
 	}
 #ifdef MAC
-	error = mac_check_pipe_op(td->td_ucred, wpipe, MAC_OP_PIPE_WRITE);
+	error = mac_check_pipe_op(active_cred, wpipe, MAC_OP_PIPE_WRITE);
 	if (error) {
 		PIPE_UNLOCK(rpipe);
 		return (error);
diff --git a/sys/kern/sys_socket.c b/sys/kern/sys_socket.c
index 6202d8f..19f4d9b 100644
--- a/sys/kern/sys_socket.c
+++ b/sys/kern/sys_socket.c
@@ -57,10 +57,10 @@ struct	fileops socketops = {
 
 /* ARGSUSED */
 int
-soo_read(fp, uio, cred, flags, td)
+soo_read(fp, uio, active_cred, flags, td)
 	struct file *fp;
 	struct uio *uio;
-	struct ucred *cred;
+	struct ucred *active_cred;
 	struct thread *td;
 	int flags;
 {
@@ -75,10 +75,10 @@ soo_read(fp, uio, cred, flags, td)
 
 /* ARGSUSED */
 int
-soo_write(fp, uio, cred, flags, td)
+soo_write(fp, uio, active_cred, flags, td)
 	struct file *fp;
 	struct uio *uio;
-	struct ucred *cred;
+	struct ucred *active_cred;
 	struct thread *td;
 	int flags;
 {
diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index 2191574..4d8d174 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -1849,10 +1849,15 @@ retry_lookup:
 			 */
 			bsize = vp->v_mount->mnt_stat.f_iosize;
 			vn_lock(vp, LK_SHARED | LK_NOPAUSE | LK_RETRY, td);
+			/*
+			 * XXXMAC: Because we don't have fp->f_cred here,
+			 * we pass in NOCRED.  This is probably wrong, but
+			 * is consistent with our original implementation.
+			 */
 			error = vn_rdwr(UIO_READ, vp, NULL, MAXBSIZE,
 			    trunc_page(off), UIO_NOCOPY, IO_NODELOCKED |
 			    IO_VMIO | ((MAXBSIZE / bsize) << 16),
-			    td->td_ucred, &resid, td);
+			    td->td_ucred, NOCRED, &resid, td);
 			VOP_UNLOCK(vp, 0, td);
 			vm_page_lock_queues();
 			vm_page_flag_clear(pg, PG_ZERO);
diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index 2f65b45..fdde26d 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -67,13 +67,13 @@ static int vn_closefile(struct file *fp, struct thread *td);
 static int vn_ioctl(struct file *fp, u_long com, void *data, 
 		struct thread *td);
 static int vn_read(struct file *fp, struct uio *uio, 
-		struct ucred *cred, int flags, struct thread *td);
+		struct ucred *active_cred, int flags, struct thread *td);
 static int vn_poll(struct file *fp, int events, struct ucred *cred,
 		struct thread *td);
 static int vn_kqfilter(struct file *fp, struct knote *kn);
 static int vn_statfile(struct file *fp, struct stat *sb, struct thread *td);
 static int vn_write(struct file *fp, struct uio *uio, 
-		struct ucred *cred, int flags, struct thread *td);
+		struct ucred *active_cred, int flags, struct thread *td);
 
 struct 	fileops vnops = {
 	vn_read, vn_write, vn_ioctl, vn_poll, vn_kqfilter,
@@ -355,7 +355,8 @@ sequential_heuristic(struct uio *uio, struct file *fp)
  * Package up an I/O request on a vnode into a uio and do it.
  */
 int
-vn_rdwr(rw, vp, base, len, offset, segflg, ioflg, cred, aresid, td)
+vn_rdwr(rw, vp, base, len, offset, segflg, ioflg, active_cred, file_cred,
+    aresid, td)
 	enum uio_rw rw;
 	struct vnode *vp;
 	caddr_t base;
@@ -363,13 +364,15 @@ vn_rdwr(rw, vp, base, len, offset, segflg, ioflg, cred, aresid, td)
 	off_t offset;
 	enum uio_seg segflg;
 	int ioflg;
-	struct ucred *cred;
+	struct ucred *active_cred;
+	struct ucred *file_cred;
 	int *aresid;
 	struct thread *td;
 {
 	struct uio auio;
 	struct iovec aiov;
 	struct mount *mp;
+	struct ucred *cred;
 	int error;
 
 	if ((ioflg & IO_NODELOCKED) == 0) {
@@ -398,14 +401,18 @@ vn_rdwr(rw, vp, base, len, offset, segflg, ioflg, cred, aresid, td)
 #ifdef MAC
 	if ((ioflg & IO_NOMACCHECK) == 0) {
 		if (rw == UIO_READ)
-			error = mac_check_vnode_op(cred, vp,
+			error = mac_check_vnode_op(active_cred, vp,
 			    MAC_OP_VNODE_READ);
 		else
-			error = mac_check_vnode_op(cred, vp,
+			error = mac_check_vnode_op(active_cred, vp,
 			    MAC_OP_VNODE_WRITE);
 	}
 #endif
 	if (error == 0) {
+		if (file_cred)
+			cred = file_cred;
+		else
+			cred = active_cred;
 		if (rw == UIO_READ)
 			error = VOP_READ(vp, &auio, ioflg, cred);
 		else
@@ -433,7 +440,8 @@ vn_rdwr(rw, vp, base, len, offset, segflg, ioflg, cred, aresid, td)
  * core'ing the same binary, or unrelated processes scanning the directory).
  */
 int
-vn_rdwr_inchunks(rw, vp, base, len, offset, segflg, ioflg, cred, aresid, td)
+vn_rdwr_inchunks(rw, vp, base, len, offset, segflg, ioflg, active_cred,
+    file_cred, aresid, td)
 	enum uio_rw rw;
 	struct vnode *vp;
 	caddr_t base;
@@ -441,7 +449,8 @@ vn_rdwr_inchunks(rw, vp, base, len, offset, segflg, ioflg, cred, aresid, td)
 	off_t offset;
 	enum uio_seg segflg;
 	int ioflg;
-	struct ucred *cred;
+	struct ucred *active_cred;
+	struct ucred *file_cred;
 	int *aresid;
 	struct thread *td;
 {
@@ -453,7 +462,7 @@ vn_rdwr_inchunks(rw, vp, base, len, offset, segflg, ioflg, cred, aresid, td)
 		if (rw != UIO_READ && vp->v_type == VREG)
 			bwillwrite();
 		error = vn_rdwr(rw, vp, base, chunk, offset, segflg,
-		    ioflg, cred, aresid, td);
+		    ioflg, active_cred, file_cred, aresid, td);
 		len -= chunk;	/* aresid calc already includes length */
 		if (error)
 			break;
@@ -470,10 +479,10 @@ vn_rdwr_inchunks(rw, vp, base, len, offset, segflg, ioflg, cred, aresid, td)
  * File table vnode read routine.
  */
 static int
-vn_read(fp, uio, cred, flags, td)
+vn_read(fp, uio, active_cred, flags, td)
 	struct file *fp;
 	struct uio *uio;
-	struct ucred *cred;
+	struct ucred *active_cred;
 	struct thread *td;
 	int flags;
 {
@@ -489,7 +498,7 @@ vn_read(fp, uio, cred, flags, td)
 		ioflag |= IO_NDELAY;
 	if (fp->f_flag & O_DIRECT)
 		ioflag |= IO_DIRECT;
-	VOP_LEASE(vp, td, cred, LEASE_READ);
+	VOP_LEASE(vp, td, fp->f_cred, LEASE_READ);
 	vn_lock(vp, LK_SHARED | LK_NOPAUSE | LK_RETRY, td);
 	if ((flags & FOF_OFFSET) == 0)
 		uio->uio_offset = fp->f_offset;
@@ -497,10 +506,10 @@ vn_read(fp, uio, cred, flags, td)
 	ioflag |= sequential_heuristic(uio, fp);
 
 #ifdef MAC
-	error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_READ);
+	error = mac_check_vnode_op(active_cred, vp, MAC_OP_VNODE_READ);
 	if (error == 0)
 #endif
-		error = VOP_READ(vp, uio, ioflag, cred);
+		error = VOP_READ(vp, uio, ioflag, fp->f_cred);
 	if ((flags & FOF_OFFSET) == 0)
 		fp->f_offset = uio->uio_offset;
 	fp->f_nextoff = uio->uio_offset;
@@ -513,10 +522,10 @@ vn_read(fp, uio, cred, flags, td)
  * File table vnode write routine.
  */
 static int
-vn_write(fp, uio, cred, flags, td)
+vn_write(fp, uio, active_cred, flags, td)
 	struct file *fp;
 	struct uio *uio;
-	struct ucred *cred;
+	struct ucred *active_cred;
 	struct thread *td;
 	int flags;
 {
@@ -546,16 +555,16 @@ vn_write(fp, uio, cred, flags, td)
 		mtx_unlock(&Giant);
 		return (error);
 	}
-	VOP_LEASE(vp, td, cred, LEASE_WRITE);
+	VOP_LEASE(vp, td, fp->f_cred, LEASE_WRITE);
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
 	if ((flags & FOF_OFFSET) == 0)
 		uio->uio_offset = fp->f_offset;
 	ioflag |= sequential_heuristic(uio, fp);
 #ifdef MAC
-	error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE);
+	error = mac_check_vnode_op(active_cred, vp, MAC_OP_VNODE_WRITE);
 	if (error == 0)
 #endif
-		error = VOP_WRITE(vp, uio, ioflag, cred);
+		error = VOP_WRITE(vp, uio, ioflag, fp->f_cred);
 	if ((flags & FOF_OFFSET) == 0)
 		fp->f_offset = uio->uio_offset;
 	fp->f_nextoff = uio->uio_offset;
author	rwatson <rwatson@FreeBSD.org>	2002-08-15 20:55:08 +0000
committer	rwatson <rwatson@FreeBSD.org>	2002-08-15 20:55:08 +0000
commit	44404e4547aee87b255582d4e6395551869e29b1 (patch)
tree	09f20587d6bc57d661c96f87771a6081e65d834f /sys/kern
parent	54a3d67ad2855b152e05f56266188e6214dbcfa1 (diff)
download	FreeBSD-src-44404e4547aee87b255582d4e6395551869e29b1.zip FreeBSD-src-44404e4547aee87b255582d4e6395551869e29b1.tar.gz