diff options
| author | rwatson <rwatson@FreeBSD.org> | 2007-06-12 00:12:01 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2007-06-12 00:12:01 +0000 |
| commit | 00b02345d424dac8a490ff28ff75fd9386196583 (patch) | |
| tree | c439df85bebf079d07319c231d64ac481577b036 /sys/ufs | |
| parent | e93b04c2868ee901613297bfbd90ff9990d8300e (diff) | |
| download | FreeBSD-src-00b02345d424dac8a490ff28ff75fd9386196583.zip FreeBSD-src-00b02345d424dac8a490ff28ff75fd9386196583.tar.gz | |
Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in
some cases, move to priv_check() if it was an operation on a thread and
no other flags were present.
Eliminate caller-side jail exception checking (also now-unused); jail
privilege exception code now goes solely in kern_jail.c.
We can't yet eliminate suser() due to some cases in the KAME code where
a privilege check is performed and then used in many different deferred
paths. Do, however, move those prototypes to priv.h.
Reviewed by: csjp
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/ufs')
| -rw-r--r-- | sys/ufs/ffs/ffs_alloc.c | 4 | ||||
| -rw-r--r-- | sys/ufs/ffs/ffs_vnops.c | 6 | ||||
| -rw-r--r-- | sys/ufs/ufs/ufs_quota.c | 18 | ||||
| -rw-r--r-- | sys/ufs/ufs/ufs_vnops.c | 20 |
4 files changed, 16 insertions, 32 deletions
diff --git a/sys/ufs/ffs/ffs_alloc.c b/sys/ufs/ffs/ffs_alloc.c index 67c8fc3..00e0fbd 100644 --- a/sys/ufs/ffs/ffs_alloc.c +++ b/sys/ufs/ffs/ffs_alloc.c @@ -173,7 +173,7 @@ retry: #endif if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0) goto nospace; - if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, SUSER_ALLOWJAIL) && + if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0) && freespace(fs, fs->fs_minfree) - numfrags(fs, size) < 0) goto nospace; if (bpref >= fs->fs_size) @@ -268,7 +268,7 @@ ffs_realloccg(ip, lbprev, bprev, bpref, osize, nsize, cred, bpp) #endif /* DIAGNOSTIC */ reclaimed = 0; retry: - if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, SUSER_ALLOWJAIL) && + if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0) && freespace(fs, fs->fs_minfree) - numfrags(fs, nsize - osize) < 0) { goto nospace; } diff --git a/sys/ufs/ffs/ffs_vnops.c b/sys/ufs/ffs/ffs_vnops.c index 80892f3..b187ad7 100644 --- a/sys/ufs/ffs/ffs_vnops.c +++ b/sys/ufs/ffs/ffs_vnops.c @@ -790,8 +790,7 @@ ffs_write(ap) */ if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && ap->a_cred) { - if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID, - SUSER_ALLOWJAIL)) { + if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID, 0)) { ip->i_mode &= ~(ISUID | ISGID); DIP_SET(ip, i_mode, ip->i_mode); } @@ -1121,8 +1120,7 @@ ffs_extwrite(struct vnode *vp, struct uio *uio, int ioflag, struct ucred *ucred) * tampering. */ if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && ucred) { - if (priv_check_cred(ucred, PRIV_VFS_RETAINSUGID, - SUSER_ALLOWJAIL)) { + if (priv_check_cred(ucred, PRIV_VFS_RETAINSUGID, 0)) { ip->i_mode &= ~(ISUID | ISGID); dp->di_mode = ip->i_mode; } diff --git a/sys/ufs/ufs/ufs_quota.c b/sys/ufs/ufs/ufs_quota.c index c6d8795..49ee1c8 100644 --- a/sys/ufs/ufs/ufs_quota.c +++ b/sys/ufs/ufs/ufs_quota.c @@ -515,7 +515,7 @@ quotaon(td, mp, type, fname) int error, flags, vfslocked; struct nameidata nd; - error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAON, 0); + error = priv_check(td, PRIV_UFS_QUOTAON); if (error) return (error); @@ -747,10 +747,7 @@ quotaoff(td, mp, type) struct ufsmount *ump; int error; - /* - * XXXRW: This also seems wrong to allow in a jail? - */ - error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAOFF, 0); + error = priv_check(td, PRIV_UFS_QUOTAOFF); if (error) return (error); @@ -783,8 +780,7 @@ getquota(td, mp, id, type, addr) switch (type) { case USRQUOTA: if ((td->td_ucred->cr_uid != id) && !unprivileged_get_quota) { - error = priv_check_cred(td->td_ucred, - PRIV_VFS_GETQUOTA, SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_VFS_GETQUOTA); if (error) return (error); } @@ -793,8 +789,7 @@ getquota(td, mp, id, type, addr) case GRPQUOTA: if (!groupmember(id, td->td_ucred) && !unprivileged_get_quota) { - error = priv_check_cred(td->td_ucred, - PRIV_VFS_GETQUOTA, SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_VFS_GETQUOTA); if (error) return (error); } @@ -830,8 +825,7 @@ setquota(td, mp, id, type, addr) struct dqblk newlim; int error; - error = priv_check_cred(td->td_ucred, PRIV_VFS_SETQUOTA, - SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_VFS_SETQUOTA); if (error) return (error); @@ -901,7 +895,7 @@ setuse(td, mp, id, type, addr) struct dqblk usage; int error; - error = priv_check_cred(td->td_ucred, PRIV_UFS_SETUSE, 0); + error = priv_check(td, PRIV_UFS_SETUSE); if (error) return (error); diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c index 45d2d04..ec28c2d 100644 --- a/sys/ufs/ufs/ufs_vnops.c +++ b/sys/ufs/ufs/ufs_vnops.c @@ -490,12 +490,8 @@ ufs_setattr(ap) * processes if the security.jail.chflags_allowed sysctl is * is non-zero; otherwise, they behave like unprivileged * processes. - * - * XXXRW: Move implementation of jail_chflags_allowed to - * kern_jail.c. */ - if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, - jail_chflags_allowed ? SUSER_ALLOWJAIL : 0)) { + if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) { if (ip->i_flags & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { error = securelevel_gt(cred, 0); @@ -663,13 +659,11 @@ ufs_chmod(vp, mode, cred, td) * jail(8). */ if (vp->v_type != VDIR && (mode & S_ISTXT)) { - if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, - SUSER_ALLOWJAIL)) + if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0)) return (EFTYPE); } if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { - error = priv_check_cred(cred, PRIV_VFS_SETGID, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_VFS_SETGID, 0); if (error) return (error); } @@ -718,7 +712,7 @@ ufs_chown(vp, uid, gid, cred, td) */ if ((uid != ip->i_uid || (gid != ip->i_gid && !groupmember(gid, cred))) && - (error = priv_check_cred(cred, PRIV_VFS_CHOWN, SUSER_ALLOWJAIL))) + (error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0))) return (error); ogid = ip->i_gid; ouid = ip->i_uid; @@ -790,8 +784,7 @@ good: #endif /* QUOTA */ ip->i_flag |= IN_CHANGE; if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { - if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, - SUSER_ALLOWJAIL)) { + if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0)) { ip->i_mode &= ~(ISUID | ISGID); DIP_SET(ip, i_mode, ip->i_mode); } @@ -2371,8 +2364,7 @@ ufs_makeinode(mode, dvp, vpp, cnp) if (DOINGSOFTDEP(tvp)) softdep_change_linkcnt(ip); if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && - priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID, - SUSER_ALLOWJAIL)) { + priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID, 0)) { ip->i_mode &= ~ISGID; DIP_SET(ip, i_mode, ip->i_mode); } |
