Attempt to rationalize NFS privileges:

- Replace PRIV_NFSD with PRIV_NFS_DAEMON, add PRIV_NFS_LOCKD.

- Use PRIV_NFS_DAEMON in the NFS server.

- In the NFS client, move the privilege check from nfslockdans(), which
  occurs every time a write is performed on /dev/nfslock, and instead do it
  in nfslock_open() just once.  This allows us to avoid checking the saved
  uid for root, and just use the effective on open.  Use PRIV_NFS_LOCKD.

1 files changed, 5 insertions, 11 deletions

diff --git a/sys/nfsclient/nfs_lock.c b/sys/nfsclient/nfs_lock.c
index 18bf1b2..be334c7 100644
--- a/sys/nfsclient/nfs_lock.c
+++ b/sys/nfsclient/nfs_lock.c
@@ -43,6 +43,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/mbuf.h>
 #include <sys/mount.h>
 #include <sys/namei.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/resourcevar.h>
 #include <sys/socket.h>
@@ -85,6 +86,10 @@ nfslock_open(struct cdev *dev, int oflags, int devtype, struct thread *td)
 {
 	int error;
 
+	error = priv_check(td, PRIV_NFS_LOCKD);
+	if (error)
+		return (error);
+
 	mtx_lock(&nfslock_mtx);
 	if (!nfslock_isopen) {
 		error = 0;
@@ -339,17 +344,6 @@ static int
 nfslockdans(struct thread *td, struct lockd_ans *ansp)
 {
 	struct proc *targetp;
-	int error;
-
-	/* Let root, or someone who once was root (lockd generally
-	 * switches to the daemon uid once it is done setting up) make
-	 * this call.
-	 *
-	 * XXX This authorization check is probably not right.
-	 */
-	if ((error = suser(td)) != 0 &&
-	    td->td_ucred->cr_svuid != 0)
-		return (error);
 
 	/* the version should match, or we're out of sync */
 	if (ansp->la_vers != LOCKD_ANS_VERSION)