if ((vp->v_mode & I_TYPE) != I_REGULAR)
r = ENOEXEC;
- else if ((r1 = forbidden(vp, X_BIT)) != OK)
+ else if ((r1 = forbidden(fp, vp, X_BIT)) != OK)
r = r1;
else
r = req_stat(vp->v_fs_e, vp->v_inode_nr, VFS_PROC_NR,
if (vp->v_fs_e != dirp->v_fs_e)
r = EXDEV;
else
- r = forbidden(dirp, W_BIT | X_BIT);
+ r = forbidden(fp, dirp, W_BIT | X_BIT);
if (r == OK)
r = req_link(vp->v_fs_e, dirp->v_inode_nr, fullpath,
}
/* The caller must have both search and execute permission */
- if ((r = forbidden(dirp, X_BIT | W_BIT)) != OK) {
+ if ((r = forbidden(fp, dirp, X_BIT | W_BIT)) != OK) {
unlock_vnode(dirp);
unlock_vmnt(vmp);
put_vnode(dirp);
if (old_dirp->v_fs_e != new_dirp->v_fs_e) r = EXDEV;
/* Parent dirs must be writable, searchable and on a writable device */
- if ((r1 = forbidden(old_dirp, W_BIT|X_BIT)) != OK ||
- (r1 = forbidden(new_dirp, W_BIT|X_BIT)) != OK) r = r1;
+ if ((r1 = forbidden(fp, old_dirp, W_BIT|X_BIT)) != OK ||
+ (r1 = forbidden(fp, new_dirp, W_BIT|X_BIT)) != OK) r = r1;
if (r == OK) {
tll_upgrade(&oldvmp->m_lock); /* Upgrade to exclusive access */
if ((vp = eat_path(&resolve, fp)) == NULL) return(err_code);
/* Ask FS to truncate the file */
- if ((r = forbidden(vp, W_BIT)) == OK)
+ if ((r = forbidden(fp, vp, W_BIT)) == OK)
r = truncate_vnode(vp, m_in.flength);
unlock_vnode(vp);
if ((vp = last_dir(&resolve, fp)) == NULL) return(err_code);
- if ((r = forbidden(vp, W_BIT|X_BIT)) == OK) {
+ if ((r = forbidden(fp, vp, W_BIT|X_BIT)) == OK) {
r = req_slink(vp->v_fs_e, vp->v_inode_nr, fullpath, who_e,
m_in.name1, m_in.name1_length - 1, fp->fp_effuid,
fp->fp_effgid);
/* Only do the normal open code if we didn't just create the file. */
if (exist) {
/* Check protections. */
- if ((r = forbidden(vp, bits)) == OK) {
+ if ((r = forbidden(fp, vp, bits)) == OK) {
/* Opening reg. files, directories, and special files differ */
switch (vp->v_mode & I_TYPE) {
case I_REGULAR:
/* Truncate regular file if O_TRUNC. */
if (oflags & O_TRUNC) {
- if ((r = forbidden(vp, W_BIT)) != OK)
+ if ((r = forbidden(fp, vp, W_BIT)) != OK)
break;
truncate_vnode(vp, 0);
}
lock_vnode(vp, VNODE_OPCL);
- if ((r = forbidden(dirp, W_BIT|X_BIT)) != OK ||
+ if ((r = forbidden(fp, dirp, W_BIT|X_BIT)) != OK ||
(r = req_create(dirp->v_fs_e, dirp->v_inode_nr,bits, fp->fp_effuid,
fp->fp_effgid, path, &res)) != OK ) {
/* Can't create inode either due to permissions or some other
/* Make sure that the object is a directory */
if ((vp->v_mode & I_TYPE) != I_DIRECTORY) {
r = ENOTDIR;
- } else if ((r = forbidden(vp, W_BIT|X_BIT)) == OK) {
+ } else if ((r = forbidden(fp, vp, W_BIT|X_BIT)) == OK) {
r = req_mknod(vp->v_fs_e, vp->v_inode_nr, fullpath, fp->fp_effuid,
fp->fp_effgid, bits, m_in.mk_z0);
}
/* Make sure that the object is a directory */
if ((vp->v_mode & I_TYPE) != I_DIRECTORY) {
r = ENOTDIR;
- } else if ((r = forbidden(vp, W_BIT|X_BIT)) == OK) {
+ } else if ((r = forbidden(fp, vp, W_BIT|X_BIT)) == OK) {
r = req_mkdir(vp->v_fs_e, vp->v_inode_nr, fullpath, fp->fp_effuid,
fp->fp_effgid, bits);
}
if ((vp = eat_path(&resolve, rfp)) == NULL) return(err_code);
/* check permissions */
- r = forbidden(vp, (R_BIT | W_BIT));
+ r = forbidden(rfp, vp, (R_BIT | W_BIT));
unlock_vnode(vp);
unlock_vmnt(vmp);
return(err_code);
if ((vp = eat_path(&resolve, fp)) == NULL) return(err_code);
- r = forbidden(vp, m_in.mode);
+ r = forbidden(fp, vp, m_in.mode);
unlock_vnode(vp);
unlock_vmnt(vmp);
/*===========================================================================*
* forbidden *
*===========================================================================*/
-PUBLIC int forbidden(struct vnode *vp, mode_t access_desired)
+PUBLIC int forbidden(struct fproc *rfp, struct vnode *vp, mode_t access_desired)
{
/* Given a pointer to an vnode, 'vp', and the access desired, determine
* if the access is allowed, and if not why not. The routine looks up the
/* Isolate the relevant rwx bits from the mode. */
bits = vp->v_mode;
- uid = (call_nr == ACCESS ? fp->fp_realuid : fp->fp_effuid);
- gid = (call_nr == ACCESS ? fp->fp_realgid : fp->fp_effgid);
+ uid = (call_nr == ACCESS ? rfp->fp_realuid : rfp->fp_effuid);
+ gid = (call_nr == ACCESS ? rfp->fp_realgid : rfp->fp_effgid);
if (uid == SU_UID) {
/* Grant read and write permission. Grant search permission for
_PROTOTYPE( int do_chmod, (void) );
_PROTOTYPE( int do_chown, (void) );
_PROTOTYPE( int do_umask, (void) );
-_PROTOTYPE( int forbidden, (struct vnode *vp, mode_t access_desired) );
+_PROTOTYPE( int forbidden, (struct fproc *rfp, struct vnode *vp,
+ mode_t access_desired) );
_PROTOTYPE( int read_only, (struct vnode *vp) );
/* read.c */
if ((vp->v_mode & I_TYPE) != I_DIRECTORY)
r = ENOTDIR;
else
- r = forbidden(vp, X_BIT); /* Check if dir is searchable*/
+ r = forbidden(fp, vp, X_BIT); /* Check if dir is searchable*/
if (r != OK) return(r);
/* Everything is OK. Make the change. */
/* Only the owner of a file or the super user can change its name. */
r = OK;
if (vp->v_uid != fp->fp_effuid && fp->fp_effuid != SU_UID) r = EPERM;
- if (m_in.utime_length == 0 && r != OK) r = forbidden(vp, W_BIT);
+ if (m_in.utime_length == 0 && r != OK) r = forbidden(fp, vp, W_BIT);
if (read_only(vp) != OK) r = EROFS; /* Not even su can touch if R/O */
if (r == OK) {
/* Issue request */