Second pass commit to introduce new ACL and Extended Attribute system

calls, vnops, vfsops, both in /kern, and to individual file systems that
require a vfsop_ array entry.

Reviewed by:	eivind

8 files changed, 350 insertions, 6 deletions

diff --git a/sys/sys/acl.h b/sys/sys/acl.h
new file mode 100644
index 0000000..3a13fab
--- /dev/null
+++ b/sys/sys/acl.h
@@ -0,0 +1,169 @@
+/*-
+ * Copyright (c) 1999 Robert N. M. Watson
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+/* 
+ * Userland/kernel interface for Access Control Lists
+ *
+ * This code from the FreeBSD POSIX.1e implementation.  Not all of the ACL
+ * code is committed yet; in order to use the library routines listed
+ * below, you'll need to download libposix1e_acl from the POSIX.1e
+ * implementation page, or possibly update to a more recent version of
+ * FreeBSD, as the code may have been committed.
+ *
+ * The POSIX.1e implementation page may be reached at:
+ *   http://www.watson.org/fbsd-hardening/posix1e/
+ *
+ * However, all syscalls will pass through to appropriate VFS vnops, so
+ * file systems implementing the vnops are accessible through the syscalls.
+ */
+
+#ifndef _SYS_ACL_H
+#define _SYS_ACL_H
+
+/*
+ * POSIX.1e ACL types
+ */
+
+#define MAX_ACL_ENTRIES 32    /* maximum entries in an ACL */
+#define _POSIX_ACL_PATH_MAX     MAX_ACL_ENTRIES
+
+typedef int	acl_type_t;
+typedef int	acl_tag_t;
+typedef mode_t	acl_perm_t;
+
+struct acl_entry {
+	acl_tag_t	ae_tag;
+	uid_t		ae_id;
+	acl_perm_t	ae_perm;
+};
+typedef struct acl_entry	*acl_entry_t;
+
+struct acl {
+	int			acl_cnt;
+	struct acl_entry	acl_entry[MAX_ACL_ENTRIES];
+};
+typedef struct acl	*acl_t;
+
+/*
+ * Possible valid values for a_type of acl_entry_t
+ */
+#define ACL_USER_OBJ	0x00000001
+#define ACL_USER	0x00000002
+#define ACL_GROUP_OBJ	0x00000004
+#define ACL_GROUP	0x00000008
+#define ACL_MASK	0x00000010
+#define ACL_OTHER	0x00000020
+#define ACL_OTHER_OBJ	ACL_OTHER
+#define ACL_AFS_ID	0x00000040
+
+#define ACL_TYPE_ACCESS		0x00000000
+#define ACL_TYPE_DEFAULT	0x00000001
+
+/*
+ * Possible flags in a_perm field
+ */
+#define ACL_PERM_EXEC		0x0001
+#define ACL_PERM_WRITE		0x0002
+#define ACL_PERM_READ		0x0004
+#define ACL_PERM_NONE		0x0000
+#define ACL_PERM_BITS		(ACL_PERM_EXEC | ACL_PERM_WRITE | ACL_PERM_READ)
+#define ACL_POSIX1E_BITS	(ACL_PERM_EXEC | ACL_PERM_WRITE | ACL_PERM_READ)
+
+#ifdef KERNEL
+/*
+ * Storage for ACLs and support structures
+ */
+#ifdef MALLOC_DECLARE
+MALLOC_DECLARE(M_ACL);
+#endif
+
+/*
+ * Dummy declarations so that we can expose acl_access all over the place
+ * without worrying about including ucred and friends.  vnode.h does the
+ * same thing.
+ */
+struct ucred;
+struct proc;
+
+/*
+ * POSIX.1e and generic kernel/vfs semantics functions--not currently in the
+ * base distribution, but will be soon.
+ */
+struct vattr;
+struct vop_getacl_args;
+struct vop_aclcheck_args;
+
+int	posix1e_acl_access(struct acl *a_acl, int a_mode, struct ucred *a_cred,
+			   struct proc *a_p);
+void	generic_attr_to_posix1e_acl(struct acl *a_acl, struct vattr *vattr);
+int	generic_vop_getacl(struct vop_getacl_args *ap);
+int	generic_vop_aclcheck(struct vop_aclcheck_args *ap);
+int	posix1e_vop_aclcheck(struct vop_aclcheck_args *ap);
+
+#else /* KERNEL */
+
+/*
+ * Syscall interface -- use the library calls instead as the syscalls
+ * have strict acl entry ordering requirements
+ */
+int	acl_syscall_get_file(char *path, acl_type_t type, struct acl *aclp);
+int	acl_syscall_set_file(char *path, acl_type_t type, struct acl *aclp);
+int	acl_syscall_get_fd(int filedes, acl_type_t type, struct acl *aclp);
+int	acl_syscall_set_fd(int filedes, acl_type_t type, struct acl *aclp);
+int	acl_syscall_delete_file(const char *path_p, acl_type_t type);
+int	acl_syscall_delete_fd(int filedes, acl_type_t type);
+int	acl_syscall_aclcheck_file(char *path, acl_type_t type,
+				  struct acl *aclp);
+int	acl_syscall_aclcheck_fd(int filedes, acl_type_t type,
+				struct acl *aclp);
+
+/*
+ * Supported POSIX.1e ACL manipulation and assignment/retrieval API
+ * These are currently provided by libposix1e_acl, which is not shipped
+ * with the base distribution, but will be soon.  Some of these are
+ * from POSIX.1e-extensions.
+ *
+ * Not all POSIX.1e ACL functions are listed here yet, but more will
+ * be soon.
+ */
+int	acl_calc_mask(acl_t *acl_p);
+int	acl_delete_def_file(const char *path_p);
+int	acl_delete_def_fd(int filedes);
+acl_t	acl_from_text(const char *buf_p);
+acl_t	acl_get_fd(int fd, acl_type_t type);
+acl_t	acl_get_file(const char *path_p, acl_type_t type);
+acl_t	acl_init(int count);
+int	acl_set_fd(int fd, acl_t acl, acl_type_t type);
+int	acl_set_file(const char *path_p, acl_type_t type, acl_t acl);
+char	*acl_to_text(acl_t acl, ssize_t *len_p);
+int	acl_valid(acl_t acl);
+int	acl_valid_file(const char *path_p, acl_type_t type, acl_t acl);
+int	acl_valid_fd(int fd, acl_type_t type, acl_t acl);
+int	acl_free(void *obj_p);
+
+#endif /* KERNEL */
+#endif /* _SYS_ACL_H */
diff --git a/sys/sys/extattr.h b/sys/sys/extattr.h
new file mode 100644
index 0000000..d81be11
--- /dev/null
+++ b/sys/sys/extattr.h
@@ -0,0 +1,57 @@
+/*-
+ * Copyright (c) 1999 Robert N. M. Watson
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+/*
+ * Userland/kernel interface for Extended File System Attributes
+ *
+ * This code from the FreeBSD POSIX.1e implementation.  While the syscalls
+ * are fully implemented, invoking the VFS vnops and VFS calls as necessary,
+ * no file systems shipped with this version of FreeBSD implement these
+ * calls.  Extensions to UFS/FFS to support extended attributes are
+ * available from the POSIX.1e implementation page, or possibly in a more
+ * recent version of FreeBSD.
+ *
+ * The POSIX.1e implementation page may be reached at:
+ *   http://www.watson.org/fbsd-hardening/posix1e/
+ */
+
+#ifndef _SYS_EXTATTR_H_
+#define _SYS_EXTATTR_H_
+
+#define EXTATTR_MAXNAMELEN	NAME_MAX
+
+#ifndef KERNEL
+
+int	extattrctl(char *path, int cmd, char *attrname, caddr_t arg);
+int	extattr_set_file(char *path, char *attrname, struct iovec *iovp,
+	u_int iovcnt);
+int	extattr_get_file(char *path, char *attrname, struct iovec *iovp,
+	u_int iovcnt);
+int	extattr_delete_file(char *path, char *attrname);
+
+#endif /* KERNEL */
+#endif /* _SYS_EXTATTR_H_ */
diff --git a/sys/sys/mount.h b/sys/sys/mount.h
index f0ad319..51743e9 100644
--- a/sys/sys/mount.h
+++ b/sys/sys/mount.h
@@ -331,6 +331,9 @@ struct vfsops {
 	int	(*vfs_vptofh)	__P((struct vnode *vp, struct fid *fhp));
 	int	(*vfs_init)	__P((struct vfsconf *));
 	int	(*vfs_uninit)	__P((struct vfsconf *));
+	int	(*vfs_extattrctl) __P((struct mount *mp, int cmd,
+					char *attrname, caddr_t arg,
+					struct proc *p));
 };
 
 #define VFS_MOUNT(MP, PATH, DATA, NDP, P) \
@@ -347,6 +350,8 @@ struct vfsops {
 #define	VFS_VPTOFH(VP, FIDP)	  (*(VP)->v_mount->mnt_op->vfs_vptofh)(VP, FIDP)
 #define VFS_CHECKEXP(MP, NAM, EXFLG, CRED) \
 	(*(MP)->mnt_op->vfs_checkexp)(MP, NAM, EXFLG, CRED)
+#define VFS_EXTATTRCTL(MP, C, N, A, P) \
+	(*(MP)->mnt_op->vfs_extattrctl)(MP, C, N, A, P)
 
 #include <sys/module.h>
 
@@ -439,6 +444,8 @@ int	vfs_stdcheckexp __P((struct mount *mp, struct sockaddr *nam,
 int	vfs_stdvptofh __P((struct vnode *vp, struct fid *fhp));
 int	vfs_stdinit __P((struct vfsconf *));
 int	vfs_stduninit __P((struct vfsconf *));
+int	vfs_stdextattrctl __P((struct mount *mp, int cmd, char *attrname,
+		caddr_t arg, struct proc *p));
 
 #else /* !KERNEL */
 
diff --git a/sys/sys/syscall-hide.h b/sys/sys/syscall-hide.h
index 1a8b3f6..5c563f4 100644
--- a/sys/sys/syscall-hide.h
+++ b/sys/sys/syscall-hide.h
@@ -3,7 +3,7 @@
  *
  * DO NOT EDIT-- this file is automatically generated.
  * $FreeBSD$
- * created from FreeBSD: src/sys/kern/syscalls.master,v 1.67 1999/11/17 21:32:33 brian Exp 
+ * created from FreeBSD: src/sys/kern/syscalls.master,v 1.68 1999/12/19 05:54:46 rwatson Exp 
  */
 
 HIDE_POSIX(fork)
@@ -262,3 +262,15 @@ HIDE_POSIX(sigsuspend)
 HIDE_POSIX(sigaction)
 HIDE_POSIX(sigpending)
 HIDE_BSD(sigreturn)
+HIDE_BSD(acl_syscall_get_file)
+HIDE_BSD(acl_syscall_set_file)
+HIDE_BSD(acl_syscall_get_fd)
+HIDE_BSD(acl_syscall_set_fd)
+HIDE_BSD(acl_syscall_delete_file)
+HIDE_BSD(acl_syscall_delete_fd)
+HIDE_BSD(acl_syscall_aclcheck_file)
+HIDE_BSD(acl_syscall_aclcheck_fd)
+HIDE_BSD(extattrctl)
+HIDE_BSD(extattr_set_file)
+HIDE_BSD(extattr_get_file)
+HIDE_BSD(extattr_delete_file)
diff --git a/sys/sys/syscall.h b/sys/sys/syscall.h
index 5452b90..d438e57 100644
--- a/sys/sys/syscall.h
+++ b/sys/sys/syscall.h
@@ -3,7 +3,7 @@
  *
  * DO NOT EDIT-- this file is automatically generated.
  * $FreeBSD$
- * created from FreeBSD: src/sys/kern/syscalls.master,v 1.67 1999/11/17 21:32:33 brian Exp 
+ * created from FreeBSD: src/sys/kern/syscalls.master,v 1.68 1999/12/19 05:54:46 rwatson Exp 
  */
 
 #define	SYS_syscall	0
@@ -267,4 +267,16 @@
 #define	SYS_sigaction	342
 #define	SYS_sigpending	343
 #define	SYS_sigreturn	344
-#define	SYS_MAXSYSCALL	347
+#define	SYS_acl_syscall_get_file	347
+#define	SYS_acl_syscall_set_file	348
+#define	SYS_acl_syscall_get_fd	349
+#define	SYS_acl_syscall_set_fd	350
+#define	SYS_acl_syscall_delete_file	351
+#define	SYS_acl_syscall_delete_fd	352
+#define	SYS_acl_syscall_aclcheck_file	353
+#define	SYS_acl_syscall_aclcheck_fd	354
+#define	SYS_extattrctl	355
+#define	SYS_extattr_set_file	356
+#define	SYS_extattr_get_file	357
+#define	SYS_extattr_delete_file	358
+#define	SYS_MAXSYSCALL	359
diff --git a/sys/sys/syscall.mk b/sys/sys/syscall.mk
index 2e0c760..08c9f4c 100644
--- a/sys/sys/syscall.mk
+++ b/sys/sys/syscall.mk
@@ -1,7 +1,7 @@
 # FreeBSD system call names.
 # DO NOT EDIT-- this file is automatically generated.
 # $FreeBSD$
-# created from FreeBSD: src/sys/kern/syscalls.master,v 1.67 1999/11/17 21:32:33 brian Exp 
+# created from FreeBSD: src/sys/kern/syscalls.master,v 1.68 1999/12/19 05:54:46 rwatson Exp 
 MIASM =  \
 	syscall.o \
 	exit.o \
@@ -217,4 +217,16 @@ MIASM =  \
 	sigsuspend.o \
 	sigaction.o \
 	sigpending.o \
-	sigreturn.o
+	sigreturn.o \
+	acl_syscall_get_file.o \
+	acl_syscall_set_file.o \
+	acl_syscall_get_fd.o \
+	acl_syscall_set_fd.o \
+	acl_syscall_delete_file.o \
+	acl_syscall_delete_fd.o \
+	acl_syscall_aclcheck_file.o \
+	acl_syscall_aclcheck_fd.o \
+	extattrctl.o \
+	extattr_set_file.o \
+	extattr_get_file.o \
+	extattr_delete_file.o
diff --git a/sys/sys/sysproto.h b/sys/sys/sysproto.h
index dba7ab0..0689a9a 100644
--- a/sys/sys/sysproto.h
+++ b/sys/sys/sysproto.h
@@ -3,7 +3,7 @@
  *
  * DO NOT EDIT-- this file is automatically generated.
  * $FreeBSD$
- * created from FreeBSD: src/sys/kern/syscalls.master,v 1.67 1999/11/17 21:32:33 brian Exp 
+ * created from FreeBSD: src/sys/kern/syscalls.master,v 1.68 1999/12/19 05:54:46 rwatson Exp 
  */
 
 #ifndef _SYS_SYSPROTO_H_
@@ -11,6 +11,8 @@
 
 #include <sys/signal.h>
 
+#include <sys/acl.h>
+
 struct proc;
 
 #define	PAD_(t)	(sizeof(register_t) <= sizeof(t) ? \
@@ -927,6 +929,66 @@ struct	sigpending_args {
 struct	sigreturn_args {
 	ucontext_t *	sigcntxp;	char sigcntxp_[PAD_(ucontext_t *)];
 };
+struct	acl_syscall_get_file_args {
+	char *	path;	char path_[PAD_(char *)];
+	acl_type_t	type;	char type_[PAD_(acl_type_t)];
+	struct acl *	aclp;	char aclp_[PAD_(struct acl *)];
+};
+struct	acl_syscall_set_file_args {
+	char *	path;	char path_[PAD_(char *)];
+	acl_type_t	type;	char type_[PAD_(acl_type_t)];
+	struct acl *	aclp;	char aclp_[PAD_(struct acl *)];
+};
+struct	acl_syscall_get_fd_args {
+	int	filedes;	char filedes_[PAD_(int)];
+	acl_type_t	type;	char type_[PAD_(acl_type_t)];
+	struct acl *	aclp;	char aclp_[PAD_(struct acl *)];
+};
+struct	acl_syscall_set_fd_args {
+	int	filedes;	char filedes_[PAD_(int)];
+	acl_type_t	type;	char type_[PAD_(acl_type_t)];
+	struct acl *	aclp;	char aclp_[PAD_(struct acl *)];
+};
+struct	acl_syscall_delete_file_args {
+	char *	path;	char path_[PAD_(char *)];
+	acl_type_t	type;	char type_[PAD_(acl_type_t)];
+};
+struct	acl_syscall_delete_fd_args {
+	int	filedes;	char filedes_[PAD_(int)];
+	acl_type_t	type;	char type_[PAD_(acl_type_t)];
+};
+struct	acl_syscall_aclcheck_file_args {
+	char *	path;	char path_[PAD_(char *)];
+	acl_type_t	type;	char type_[PAD_(acl_type_t)];
+	struct acl *	aclp;	char aclp_[PAD_(struct acl *)];
+};
+struct	acl_syscall_aclcheck_fd_args {
+	int	filedes;	char filedes_[PAD_(int)];
+	acl_type_t	type;	char type_[PAD_(acl_type_t)];
+	struct acl *	aclp;	char aclp_[PAD_(struct acl *)];
+};
+struct	extattrctl_args {
+	char *	path;	char path_[PAD_(char *)];
+	int	cmd;	char cmd_[PAD_(int)];
+	char *	attrname;	char attrname_[PAD_(char *)];
+	caddr_t	arg;	char arg_[PAD_(caddr_t)];
+};
+struct	extattr_set_file_args {
+	char *	path;	char path_[PAD_(char *)];
+	char *	attrname;	char attrname_[PAD_(char *)];
+	struct iovec *	iovp;	char iovp_[PAD_(struct iovec *)];
+	u_int	iovcnt;	char iovcnt_[PAD_(u_int)];
+};
+struct	extattr_get_file_args {
+	char *	path;	char path_[PAD_(char *)];
+	char *	attrname;	char attrname_[PAD_(char *)];
+	struct iovec *	iovp;	char iovp_[PAD_(struct iovec *)];
+	u_int	iovcnt;	char iovcnt_[PAD_(u_int)];
+};
+struct	extattr_delete_file_args {
+	char *	path;	char path_[PAD_(char *)];
+	char *	attrname;	char attrname_[PAD_(char *)];
+};
 int	nosys __P((struct proc *, struct nosys_args *));
 void	exit __P((struct proc *, struct rexit_args *)) __dead2;
 int	fork __P((struct proc *, struct fork_args *));
@@ -1140,6 +1202,18 @@ int	sigsuspend __P((struct proc *, struct sigsuspend_args *));
 int	sigaction __P((struct proc *, struct sigaction_args *));
 int	sigpending __P((struct proc *, struct sigpending_args *));
 int	sigreturn __P((struct proc *, struct sigreturn_args *));
+int	acl_syscall_get_file __P((struct proc *, struct acl_syscall_get_file_args *));
+int	acl_syscall_set_file __P((struct proc *, struct acl_syscall_set_file_args *));
+int	acl_syscall_get_fd __P((struct proc *, struct acl_syscall_get_fd_args *));
+int	acl_syscall_set_fd __P((struct proc *, struct acl_syscall_set_fd_args *));
+int	acl_syscall_delete_file __P((struct proc *, struct acl_syscall_delete_file_args *));
+int	acl_syscall_delete_fd __P((struct proc *, struct acl_syscall_delete_fd_args *));
+int	acl_syscall_aclcheck_file __P((struct proc *, struct acl_syscall_aclcheck_file_args *));
+int	acl_syscall_aclcheck_fd __P((struct proc *, struct acl_syscall_aclcheck_fd_args *));
+int	extattrctl __P((struct proc *, struct extattrctl_args *));
+int	extattr_set_file __P((struct proc *, struct extattr_set_file_args *));
+int	extattr_get_file __P((struct proc *, struct extattr_get_file_args *));
+int	extattr_delete_file __P((struct proc *, struct extattr_delete_file_args *));
 
 #ifdef COMPAT_43
 
diff --git a/sys/sys/vnode.h b/sys/sys/vnode.h
index 8046fb8..afb6bfc 100644
--- a/sys/sys/vnode.h
+++ b/sys/sys/vnode.h
@@ -40,6 +40,7 @@
 #include <sys/queue.h>
 #include <sys/select.h>
 #include <sys/uio.h>
+#include <sys/acl.h>
 
 #include <machine/lock.h>