diff options
author | rwatson <rwatson@FreeBSD.org> | 2001-10-01 20:01:07 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2001-10-01 20:01:07 +0000 |
commit | 75a3f18a2aa8e4952706d43f5b27b23f98702c54 (patch) | |
tree | 1015a25935e3288ec4d286426f9a4ab80c4688ac /sys/kern/vfs_extattr.c | |
parent | aaf9fd46b108ad3b7018487c3810c62630918e44 (diff) | |
download | FreeBSD-src-75a3f18a2aa8e4952706d43f5b27b23f98702c54.zip FreeBSD-src-75a3f18a2aa8e4952706d43f5b27b23f98702c54.tar.gz |
o Complete the migration from suser error checking in the following form
in vfs_syscalls.c:
if (mp->mnt_stat.f_owner != p->p_ucred->cr_uid &&
(error = suser_td(td)) != 0) {
unwrap_lots_of_stuff();
return (error);
}
to:
if (mp->mnt_stat.f_owner != p->p_ucred->cr_uid) {
error = suser_td(td);
if (error) {
unwrap_lots_of_stuff();
return (error);
}
}
This makes the code more readable when complex clauses are in use,
and minimizes conflicts for large outstanding patchsets modifying the
kernel authorization code (of which I have several), especially where
existing authorization and context code are combined in the same if()
conditional.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/kern/vfs_extattr.c')
-rw-r--r-- | sys/kern/vfs_extattr.c | 65 |
1 files changed, 43 insertions, 22 deletions
diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c index 38d7a41..949f5da 100644 --- a/sys/kern/vfs_extattr.c +++ b/sys/kern/vfs_extattr.c @@ -177,8 +177,11 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata) (strlen(fspath) >= MNAMELEN - 1)) return (ENAMETOOLONG); - if (usermount == 0 && (error = suser_td(td))) - return (error); + if (usermount == 0) { + error = suser_td(td); + if (error) + return (error); + } /* * Do not allow NFS export by non-root users. */ @@ -221,10 +224,12 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata) * Only root, or the user that did the original mount is * permitted to update it. */ - if (mp->mnt_stat.f_owner != p->p_ucred->cr_uid && - (error = suser_td(td))) { - vput(vp); - return (error); + if (mp->mnt_stat.f_owner != p->p_ucred->cr_uid) { + error = suser_td(td); + if (error) { + vput(vp); + return (error); + } } if (vfs_busy(mp, LK_NOWAIT, 0, td)) { vput(vp); @@ -249,12 +254,18 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata) * If the user is not root, ensure that they own the directory * onto which we are attempting to mount. */ - if ((error = VOP_GETATTR(vp, &va, p->p_ucred, td)) || - (va.va_uid != p->p_ucred->cr_uid && - (error = suser_td(td)))) { + error = VOP_GETATTR(vp, &va, p->p_ucred, td); + if (error) { vput(vp); return (error); } + if (va.va_uid != p->p_ucred->cr_uid) { + error = suser_td(td); + if (error) { + vput(vp); + return (error); + } + } if ((error = vinvalbuf(vp, V_SAVE, p->p_ucred, td, 0, 0)) != 0) { vput(vp); return (error); @@ -270,7 +281,8 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata) linker_file_t lf; /* Only load modules for root (very important!) */ - if ((error = suser_td(td)) != 0) { + error = suser_td(td); + if (error) { vput(vp); return error; } @@ -482,10 +494,12 @@ unmount(td, uap) * Only root, or the user that did the original mount is * permitted to unmount this filesystem. */ - if ((mp->mnt_stat.f_owner != td->td_proc->p_ucred->cr_uid) && - (error = suser_td(td))) { - vput(vp); - return (error); + if (mp->mnt_stat.f_owner != td->td_proc->p_ucred->cr_uid) { + error = suser_td(td); + if (error) { + vput(vp); + return (error); + } } /* @@ -2195,9 +2209,12 @@ setfflags(td, vp, flags) * if they are allowed to set flags and programs assume that * chown can't fail when done as root. */ - if ((vp->v_type == VCHR || vp->v_type == VBLK) && - ((error = suser_xxx(td->td_proc->p_ucred, td->td_proc, PRISON_ROOT)) != 0)) - return (error); + if (vp->v_type == VCHR || vp->v_type == VBLK) { + error = suser_xxx(td->td_proc->p_ucred, td->td_proc, + PRISON_ROOT); + if (error) + return (error); + } if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) return (error); @@ -3402,11 +3419,14 @@ revoke(td, uap) error = EINVAL; goto out; } - if ((error = VOP_GETATTR(vp, &vattr, td->td_proc->p_ucred, td)) != 0) - goto out; - if (td->td_proc->p_ucred->cr_uid != vattr.va_uid && - (error = suser_xxx(0, td->td_proc, PRISON_ROOT))) + error = VOP_GETATTR(vp, &vattr, td->td_proc->p_ucred, td); + if (error) goto out; + if (td->td_proc->p_ucred->cr_uid != vattr.va_uid) { + error = suser_xxx(0, td->td_proc, PRISON_ROOT); + if (error) + goto out; + } if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) goto out; if (vcount(vp) > 1) @@ -3731,7 +3751,8 @@ fhstatfs(td, uap) /* * Must be super user */ - if ((error = suser_td(td))) + error = suser_td(td); + if (error) return (error); if ((error = copyin(SCARG(uap, u_fhp), &fh, sizeof(fhandle_t))) != 0) |