diff options
author | attilio <attilio@FreeBSD.org> | 2008-09-17 15:49:44 +0000 |
---|---|---|
committer | attilio <attilio@FreeBSD.org> | 2008-09-17 15:49:44 +0000 |
commit | 23ff3dbeb88f559906401e0fc17cf66554a620ab (patch) | |
tree | cf10ffc60d6ce4ed9af75e25eb64a81244564299 /sys/security | |
parent | 30605e1eb117a4e8f8f43b22d297ee4594992fde (diff) | |
download | FreeBSD-src-23ff3dbeb88f559906401e0fc17cf66554a620ab.zip FreeBSD-src-23ff3dbeb88f559906401e0fc17cf66554a620ab.tar.gz |
Remove the suser(9) interface from the kernel. It has been replaced from
years by the priv_check(9) interface and just very few places are left.
Note that compatibility stub with older FreeBSD version
(all above the 8 limit though) are left in order to reduce diffs against
old versions. It is responsibility of the maintainers for any module, if
they think it is the case, to axe out such cases.
This patch breaks KPI so __FreeBSD_version will be bumped into a later
commit.
This patch needs to be credited 50-50 with rwatson@ as he found time to
explain me how the priv_check() works in detail and to review patches.
Tested by: Giovanni Trematerra <giovanni dot trematerra at gmail dot com>
Reviewed by: rwatson
Diffstat (limited to 'sys/security')
-rw-r--r-- | sys/security/mac_bsdextended/mac_bsdextended.c | 32 |
1 files changed, 24 insertions, 8 deletions
diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c index cb993db..93befae 100644 --- a/sys/security/mac_bsdextended/mac_bsdextended.c +++ b/sys/security/mac_bsdextended/mac_bsdextended.c @@ -221,7 +221,7 @@ static int ugidfw_rulecheck(struct mac_bsdextended_rule *rule, struct ucred *cred, struct vnode *vp, struct vattr *vap, int acc_mode) { - int match; + int mac_granted, match, priv_granted; int i; /* @@ -372,9 +372,31 @@ ugidfw_rulecheck(struct mac_bsdextended_rule *rule, } /* + * MBI_APPEND should not be here as it should get converted to + * MBI_WRITE. + */ + priv_granted = 0; + mac_granted = rule->mbr_mode; + if ((acc_mode & MBI_ADMIN) && (mac_granted & MBI_ADMIN) == 0 && + priv_check_cred(cred, PRIV_VFS_ADMIN, 0) == 0) + priv_granted |= MBI_ADMIN; + if ((acc_mode & MBI_EXEC) && (mac_granted & MBI_EXEC) == 0 && + priv_check_cred(cred, (vap->va_type == VDIR) ? PRIV_VFS_LOOKUP : + PRIV_VFS_EXEC, 0) == 0) + priv_granted |= MBI_EXEC; + if ((acc_mode & MBI_READ) && (mac_granted & MBI_READ) == 0 && + priv_check_cred(cred, PRIV_VFS_READ, 0) == 0) + priv_granted |= MBI_READ; + if ((acc_mode & MBI_STAT) && (mac_granted & MBI_STAT) == 0 && + priv_check_cred(cred, PRIV_VFS_STAT, 0) == 0) + priv_granted |= MBI_STAT; + if ((acc_mode & MBI_WRITE) && (mac_granted & MBI_WRITE) == 0 && + priv_check_cred(cred, PRIV_VFS_WRITE, 0) == 0) + priv_granted |= MBI_WRITE; + /* * Is the access permitted? */ - if ((rule->mbr_mode & acc_mode) != acc_mode) { + if (((mac_granted | priv_granted) & acc_mode) != acc_mode) { if (ugidfw_logging) log(LOG_AUTHPRIV, "mac_bsdextended: %d:%d request %d" " on %d:%d failed. \n", cred->cr_ruid, @@ -400,12 +422,6 @@ ugidfw_check(struct ucred *cred, struct vnode *vp, struct vattr *vap, int error, i; /* - * XXXRW: More specific privilege selection needed. - */ - if (suser_cred(cred, 0) == 0) - return (0); - - /* * Since we do not separately handle append, map append to write. */ if (acc_mode & MBI_APPEND) { |