From f04f6f4d823b7df2117da9737a3f12d080b54d74 Mon Sep 17 00:00:00 2001 From: John Hodge Date: Tue, 19 Jan 2010 17:30:11 +0800 Subject: [PATCH] Bugfixes and debug cleanup - Cleanup in threads.c - Fixed ACL/Permissions bugs in VFS - Also fixed instaces where tVFS_Node methods were called without NULL checking --- Kernel/Makefile.BuildNum | 2 +- Kernel/threads.c | 14 ++++++-------- Kernel/vfs/acls.c | 20 ++++++++++++++++---- Kernel/vfs/fs/devfs.c | 2 +- Kernel/vfs/fs/root.c | 18 ++++++++++++++---- Kernel/vfs/open.c | 17 ++++++++++++----- 6 files changed, 50 insertions(+), 23 deletions(-) diff --git a/Kernel/Makefile.BuildNum b/Kernel/Makefile.BuildNum index 52c5b788..911235d7 100644 --- a/Kernel/Makefile.BuildNum +++ b/Kernel/Makefile.BuildNum @@ -1 +1 @@ -BUILD_NUM = 1375 +BUILD_NUM = 1386 diff --git a/Kernel/threads.c b/Kernel/threads.c index 890f32d7..33417083 100644 --- a/Kernel/threads.c +++ b/Kernel/threads.c @@ -620,11 +620,13 @@ int Threads_GetTID() } tUID Threads_GetUID() { - tThread *t = Proc_GetCurThread(); - int ret = t->UID; - Log("Threads_GetUID: TID %i, return %i", t->TID, ret); - return ret; + return Proc_GetCurThread()->UID; +} +tGID Threads_GetGID() +{ + return Proc_GetCurThread()->GID; } + int Threads_SetUID(Uint *Errno, tUID ID) { tThread *t = Proc_GetCurThread(); @@ -637,10 +639,6 @@ int Threads_SetUID(Uint *Errno, tUID ID) return 0; } -tGID Threads_GetGID() -{ - return Proc_GetCurThread()->GID; -} int Threads_SetGID(Uint *Errno, tGID ID) { tThread *t = Proc_GetCurThread(); diff --git a/Kernel/vfs/acls.c b/Kernel/vfs/acls.c index ac3e8bac..4a65be69 100644 --- a/Kernel/vfs/acls.c +++ b/Kernel/vfs/acls.c @@ -26,34 +26,46 @@ int VFS_CheckACL(tVFS_Node *Node, Uint Permissions) if(uid == 0) return 1; // Root only file?, fast return - if( Node->NumACLs == 0 ) return 0; + if( Node->NumACLs == 0 ) { + Log("VFS_CheckACL - %p inaccesable, NumACLs = 0", Node); + return 0; + } // Check Deny Permissions for(i=0;iNumACLs;i++) { if(!Node->ACLs[i].Inv) continue; // Ignore ALLOWs - if(Node->ACLs[i].ID != -1) + if(Node->ACLs[i].ID != 0x7FFFFFFF) { if(!Node->ACLs[i].Group && Node->ACLs[i].ID != uid) continue; if(Node->ACLs[i].Group && Node->ACLs[i].ID != gid) continue; } - if(Node->ACLs[i].Perms & Permissions) return 0; + //Log("Deny %x", Node->ACLs[i].Perms); + + if(Node->ACLs[i].Perms & Permissions) { + Log("VFS_CheckACL - %p inaccesable, %x denied", + Node, Node->ACLs[i].Perms & Permissions); + return 0; + } } // Check for allow permissions for(i=0;iNumACLs;i++) { if(Node->ACLs[i].Inv) continue; // Ignore DENYs - if(Node->ACLs[i].ID != -1) + if(Node->ACLs[i].ID != 0x7FFFFFFF) { if(!Node->ACLs[i].Group && Node->ACLs[i].ID != uid) continue; if(Node->ACLs[i].Group && Node->ACLs[i].ID != gid) continue; } + //Log("Allow %x", Node->ACLs[i].Perms); + if((Node->ACLs[i].Perms & Permissions) == Permissions) return 1; } + Log("VFS_CheckACL - %p inaccesable, %x not allowed", Node, Permissions); return 0; } /** diff --git a/Kernel/vfs/fs/devfs.c b/Kernel/vfs/fs/devfs.c index 7781632c..d396a1f8 100644 --- a/Kernel/vfs/fs/devfs.c +++ b/Kernel/vfs/fs/devfs.c @@ -21,7 +21,7 @@ tVFS_Node gDevFS_RootNode = { .Size = 0, .Flags = VFS_FFLAG_DIRECTORY, .NumACLs = 1, - .ACLs = &gVFS_ACL_EveryoneRW, + .ACLs = &gVFS_ACL_EveryoneRX, .ReadDir = DevFS_ReadDir, .FindDir = DevFS_FindDir }; diff --git a/Kernel/vfs/fs/root.c b/Kernel/vfs/fs/root.c index 4772fa72..7eed1235 100644 --- a/Kernel/vfs/fs/root.c +++ b/Kernel/vfs/fs/root.c @@ -26,10 +26,15 @@ tVFS_Driver gRootFS_Info = { NULL }; tRamFS_File RootFS_Files[MAX_FILES]; -tVFS_ACL RootFS_ACLs[3] = { +tVFS_ACL RootFS_DirACLs[3] = { {{0,0}, {0,VFS_PERM_ALL}}, // Owner (Root) {{1,0}, {0,VFS_PERM_ALL}}, // Group (Root) - {{0,-1}, {0,VFS_PERM_ALL}} // World (Nobody) + {{0,-1}, {0,VFS_PERM_ALL^VFS_PERM_WRITE}} // World (Nobody) +}; +tVFS_ACL RootFS_FileACLs[3] = { + {{0,0}, {0,VFS_PERM_ALL^VFS_PERM_EXECUTE}}, // Owner (Root) + {{1,0}, {0,VFS_PERM_ALL^VFS_PERM_EXECUTE}}, // Group (Root) + {{0,-1}, {0,VFS_PERM_READ}} // World (Nobody) }; // === CODE === @@ -53,7 +58,7 @@ tVFS_Node *Root_InitDevice(char *Device, char **Options) = root->Node.MTime = root->Node.ATime = now(); root->Node.NumACLs = 3; - root->Node.ACLs = RootFS_ACLs; + root->Node.ACLs = RootFS_DirACLs; //root->Node.Close = Root_CloseFile; // Not Needed (It's a RAM Disk!) //root->Node.Relink = Root_RelinkRoot; // Not Needed (Why relink the root of the tree) @@ -97,15 +102,20 @@ int Root_MkNod(tVFS_Node *Node, char *Name, Uint Flags) child->Node.ImplPtr = child; child->Node.Flags = Flags; - child->Node.NumACLs = 0; + child->Node.NumACLs = 3; child->Node.Size = 0; if(Flags & VFS_FFLAG_DIRECTORY) { + child->Node.ACLs = RootFS_DirACLs; child->Node.ReadDir = Root_ReadDir; child->Node.FindDir = Root_FindDir; child->Node.MkNod = Root_MkNod; } else { + if(Flags & VFS_FFLAG_SYMLINK) + child->Node.ACLs = RootFS_DirACLs; + else + child->Node.ACLs = RootFS_FileACLs; child->Node.Read = Root_Read; child->Node.Write = Root_Write; } diff --git a/Kernel/vfs/open.c b/Kernel/vfs/open.c index 74427b56..ac47683f 100644 --- a/Kernel/vfs/open.c +++ b/Kernel/vfs/open.c @@ -269,7 +269,7 @@ tVFS_Node *VFS_ParsePath(char *Path, char **TruePath) // Check permissions on root of filesystem if( !VFS_CheckACL(curNode, VFS_PERM_EXECUTE) ) { - curNode->Close( curNode ); + if(curNode->Close) curNode->Close( curNode ); if(TruePath) { free(*TruePath); *TruePath = NULL; @@ -280,7 +280,8 @@ tVFS_Node *VFS_ParsePath(char *Path, char **TruePath) } // Check if the node has a FindDir method - if(!curNode->FindDir) { + if( !curNode->FindDir ) + { if(curNode->Close) curNode->Close(curNode); if(TruePath) { free(*TruePath); @@ -295,8 +296,7 @@ tVFS_Node *VFS_ParsePath(char *Path, char **TruePath) // Get Child Node tmpNode = curNode->FindDir(curNode, &Path[ofs]); LOG("tmpNode = %p", tmpNode); - if(curNode->Close) - curNode->Close(curNode); + if(curNode->Close) curNode->Close(curNode); curNode = tmpNode; // Error Check @@ -319,6 +319,13 @@ tVFS_Node *VFS_ParsePath(char *Path, char **TruePath) *TruePath = NULL; } tmp = malloc( curNode->Size + 1 ); + if(!curNode->Read) { + Warning("VFS_ParsePath - Read of node %p is NULL (%s)", + curNode, Path); + if(curNode->Close) curNode->Close(curNode); + LEAVE('n'); + return NULL; + } curNode->Read( curNode, 0, curNode->Size, tmp ); tmp[ curNode->Size ] = '\0'; @@ -471,7 +478,7 @@ int VFS_Open(char *Path, Uint Mode) // Permissions Check if( !VFS_CheckACL(node, i) ) { - node->Close( node ); + if(node->Close) node->Close( node ); Log("VFS_Open: Permissions Failed"); LEAVE('i', -1); return -1; -- 2.20.1