Remove unused argument to priv_check_cred.
Patch mostly generated with cocinnelle: @@ expression E1,E2; @@ - priv_check_cred(E1,E2,0) + priv_check_cred(E1,E2) Sponsored by: The FreeBSD Foundation
This commit is contained in:
Mateusz Guzik
parent
959530cc41
commit
cc426dd319
@ -41,35 +41,35 @@ int
|
|||||||
secpolicy_nfs(cred_t *cr)
|
secpolicy_nfs(cred_t *cr)
|
||||||
{
|
{
|
||||||
|
|
||||||
return (priv_check_cred(cr, PRIV_NFS_DAEMON, 0));
|
return (priv_check_cred(cr, PRIV_NFS_DAEMON));
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
secpolicy_zfs(cred_t *cr)
|
secpolicy_zfs(cred_t *cr)
|
||||||
{
|
{
|
||||||
|
|
||||||
return (priv_check_cred(cr, PRIV_VFS_MOUNT, 0));
|
return (priv_check_cred(cr, PRIV_VFS_MOUNT));
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
secpolicy_sys_config(cred_t *cr, int checkonly __unused)
|
secpolicy_sys_config(cred_t *cr, int checkonly __unused)
|
||||||
{
|
{
|
||||||
|
|
||||||
return (priv_check_cred(cr, PRIV_ZFS_POOL_CONFIG, 0));
|
return (priv_check_cred(cr, PRIV_ZFS_POOL_CONFIG));
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
secpolicy_zinject(cred_t *cr)
|
secpolicy_zinject(cred_t *cr)
|
||||||
{
|
{
|
||||||
|
|
||||||
return (priv_check_cred(cr, PRIV_ZFS_INJECT, 0));
|
return (priv_check_cred(cr, PRIV_ZFS_INJECT));
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
secpolicy_fs_unmount(cred_t *cr, struct mount *vfsp __unused)
|
secpolicy_fs_unmount(cred_t *cr, struct mount *vfsp __unused)
|
||||||
{
|
{
|
||||||
|
|
||||||
return (priv_check_cred(cr, PRIV_VFS_UNMOUNT, 0));
|
return (priv_check_cred(cr, PRIV_VFS_UNMOUNT));
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@ -97,7 +97,7 @@ secpolicy_basic_link(vnode_t *vp, cred_t *cr)
|
|||||||
return (0);
|
return (0);
|
||||||
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
|
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
|
||||||
return (0);
|
return (0);
|
||||||
return (priv_check_cred(cr, PRIV_VFS_LINK, 0));
|
return (priv_check_cred(cr, PRIV_VFS_LINK));
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@ -113,7 +113,7 @@ secpolicy_vnode_remove(vnode_t *vp, cred_t *cr)
|
|||||||
|
|
||||||
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
|
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
|
||||||
return (0);
|
return (0);
|
||||||
return (priv_check_cred(cr, PRIV_VFS_ADMIN, 0));
|
return (priv_check_cred(cr, PRIV_VFS_ADMIN));
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@ -123,18 +123,18 @@ secpolicy_vnode_access(cred_t *cr, vnode_t *vp, uid_t owner, accmode_t accmode)
|
|||||||
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
|
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
|
||||||
return (0);
|
return (0);
|
||||||
|
|
||||||
if ((accmode & VREAD) && priv_check_cred(cr, PRIV_VFS_READ, 0) != 0)
|
if ((accmode & VREAD) && priv_check_cred(cr, PRIV_VFS_READ) != 0)
|
||||||
return (EACCES);
|
return (EACCES);
|
||||||
if ((accmode & VWRITE) &&
|
if ((accmode & VWRITE) &&
|
||||||
priv_check_cred(cr, PRIV_VFS_WRITE, 0) != 0) {
|
priv_check_cred(cr, PRIV_VFS_WRITE) != 0) {
|
||||||
return (EACCES);
|
return (EACCES);
|
||||||
}
|
}
|
||||||
if (accmode & VEXEC) {
|
if (accmode & VEXEC) {
|
||||||
if (vp->v_type == VDIR) {
|
if (vp->v_type == VDIR) {
|
||||||
if (priv_check_cred(cr, PRIV_VFS_LOOKUP, 0) != 0)
|
if (priv_check_cred(cr, PRIV_VFS_LOOKUP) != 0)
|
||||||
return (EACCES);
|
return (EACCES);
|
||||||
} else {
|
} else {
|
||||||
if (priv_check_cred(cr, PRIV_VFS_EXEC, 0) != 0)
|
if (priv_check_cred(cr, PRIV_VFS_EXEC) != 0)
|
||||||
return (EACCES);
|
return (EACCES);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -192,7 +192,7 @@ secpolicy_vnode_any_access(cred_t *cr, vnode_t *vp, uid_t owner)
|
|||||||
continue;
|
continue;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (priv_check_cred(cr, priv, 0) == 0)
|
if (priv_check_cred(cr, priv) == 0)
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
return (EPERM);
|
return (EPERM);
|
||||||
@ -206,7 +206,7 @@ secpolicy_vnode_setdac(vnode_t *vp, cred_t *cr, uid_t owner)
|
|||||||
return (0);
|
return (0);
|
||||||
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
|
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
|
||||||
return (0);
|
return (0);
|
||||||
return (priv_check_cred(cr, PRIV_VFS_ADMIN, 0));
|
return (priv_check_cred(cr, PRIV_VFS_ADMIN));
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@ -256,7 +256,7 @@ secpolicy_vnode_setattr(cred_t *cr, vnode_t *vp, struct vattr *vap,
|
|||||||
((mask & AT_GID) && vap->va_gid != ovap->va_gid &&
|
((mask & AT_GID) && vap->va_gid != ovap->va_gid &&
|
||||||
!groupmember(vap->va_gid, cr))) {
|
!groupmember(vap->va_gid, cr))) {
|
||||||
if (secpolicy_fs_owner(vp->v_mount, cr) != 0) {
|
if (secpolicy_fs_owner(vp->v_mount, cr) != 0) {
|
||||||
error = priv_check_cred(cr, PRIV_VFS_CHOWN, 0);
|
error = priv_check_cred(cr, PRIV_VFS_CHOWN);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
@ -300,7 +300,7 @@ secpolicy_vnode_setids_setgids(vnode_t *vp, cred_t *cr, gid_t gid)
|
|||||||
return (0);
|
return (0);
|
||||||
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
|
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
|
||||||
return (0);
|
return (0);
|
||||||
return (priv_check_cred(cr, PRIV_VFS_SETGID, 0));
|
return (priv_check_cred(cr, PRIV_VFS_SETGID));
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@ -310,7 +310,7 @@ secpolicy_vnode_setid_retain(vnode_t *vp, cred_t *cr,
|
|||||||
|
|
||||||
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
|
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
|
||||||
return (0);
|
return (0);
|
||||||
return (priv_check_cred(cr, PRIV_VFS_RETAINSUGID, 0));
|
return (priv_check_cred(cr, PRIV_VFS_RETAINSUGID));
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
@ -321,7 +321,7 @@ secpolicy_setid_clear(struct vattr *vap, vnode_t *vp, cred_t *cr)
|
|||||||
return;
|
return;
|
||||||
|
|
||||||
if ((vap->va_mode & (S_ISUID | S_ISGID)) != 0) {
|
if ((vap->va_mode & (S_ISUID | S_ISGID)) != 0) {
|
||||||
if (priv_check_cred(cr, PRIV_VFS_RETAINSUGID, 0)) {
|
if (priv_check_cred(cr, PRIV_VFS_RETAINSUGID)) {
|
||||||
vap->va_mask |= AT_MODE;
|
vap->va_mask |= AT_MODE;
|
||||||
vap->va_mode &= ~(S_ISUID|S_ISGID);
|
vap->va_mode &= ~(S_ISUID|S_ISGID);
|
||||||
}
|
}
|
||||||
@ -343,7 +343,7 @@ secpolicy_setid_setsticky_clear(vnode_t *vp, struct vattr *vap,
|
|||||||
* is not a member of. Both of these are allowed in jail(8).
|
* is not a member of. Both of these are allowed in jail(8).
|
||||||
*/
|
*/
|
||||||
if (vp->v_type != VDIR && (vap->va_mode & S_ISTXT)) {
|
if (vp->v_type != VDIR && (vap->va_mode & S_ISTXT)) {
|
||||||
if (priv_check_cred(cr, PRIV_VFS_STICKYFILE, 0))
|
if (priv_check_cred(cr, PRIV_VFS_STICKYFILE))
|
||||||
return (EFTYPE);
|
return (EFTYPE);
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
@ -359,7 +359,7 @@ secpolicy_setid_setsticky_clear(vnode_t *vp, struct vattr *vap,
|
|||||||
* Deny setting setuid if we are not the file owner.
|
* Deny setting setuid if we are not the file owner.
|
||||||
*/
|
*/
|
||||||
if ((vap->va_mode & S_ISUID) && ovap->va_uid != cr->cr_uid) {
|
if ((vap->va_mode & S_ISUID) && ovap->va_uid != cr->cr_uid) {
|
||||||
error = priv_check_cred(cr, PRIV_VFS_ADMIN, 0);
|
error = priv_check_cred(cr, PRIV_VFS_ADMIN);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
@ -370,7 +370,7 @@ int
|
|||||||
secpolicy_fs_mount(cred_t *cr, vnode_t *mvp, struct mount *vfsp)
|
secpolicy_fs_mount(cred_t *cr, vnode_t *mvp, struct mount *vfsp)
|
||||||
{
|
{
|
||||||
|
|
||||||
return (priv_check_cred(cr, PRIV_VFS_MOUNT, 0));
|
return (priv_check_cred(cr, PRIV_VFS_MOUNT));
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@ -383,7 +383,7 @@ secpolicy_vnode_owner(vnode_t *vp, cred_t *cr, uid_t owner)
|
|||||||
return (0);
|
return (0);
|
||||||
|
|
||||||
/* XXX: vfs_suser()? */
|
/* XXX: vfs_suser()? */
|
||||||
return (priv_check_cred(cr, PRIV_VFS_MOUNT_OWNER, 0));
|
return (priv_check_cred(cr, PRIV_VFS_MOUNT_OWNER));
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@ -392,14 +392,14 @@ secpolicy_vnode_chown(vnode_t *vp, cred_t *cr, uid_t owner)
|
|||||||
|
|
||||||
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
|
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
|
||||||
return (0);
|
return (0);
|
||||||
return (priv_check_cred(cr, PRIV_VFS_CHOWN, 0));
|
return (priv_check_cred(cr, PRIV_VFS_CHOWN));
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
secpolicy_fs_mount_clearopts(cred_t *cr, struct mount *vfsp)
|
secpolicy_fs_mount_clearopts(cred_t *cr, struct mount *vfsp)
|
||||||
{
|
{
|
||||||
|
|
||||||
if (priv_check_cred(cr, PRIV_VFS_MOUNT_NONUSER, 0) != 0) {
|
if (priv_check_cred(cr, PRIV_VFS_MOUNT_NONUSER) != 0) {
|
||||||
MNT_ILOCK(vfsp);
|
MNT_ILOCK(vfsp);
|
||||||
vfsp->vfs_flag |= VFS_NOSETUID | MNT_USER;
|
vfsp->vfs_flag |= VFS_NOSETUID | MNT_USER;
|
||||||
vfs_clearmntopt(vfsp, MNTOPT_SETUID);
|
vfs_clearmntopt(vfsp, MNTOPT_SETUID);
|
||||||
@ -418,12 +418,12 @@ secpolicy_xvattr(vnode_t *vp, xvattr_t *xvap, uid_t owner, cred_t *cr,
|
|||||||
|
|
||||||
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
|
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
|
||||||
return (0);
|
return (0);
|
||||||
return (priv_check_cred(cr, PRIV_VFS_SYSFLAGS, 0));
|
return (priv_check_cred(cr, PRIV_VFS_SYSFLAGS));
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
secpolicy_smb(cred_t *cr)
|
secpolicy_smb(cred_t *cr)
|
||||||
{
|
{
|
||||||
|
|
||||||
return (priv_check_cred(cr, PRIV_NETSMB, 0));
|
return (priv_check_cred(cr, PRIV_NETSMB));
|
||||||
}
|
}
|
||||||
|
|||||||
@ -63,7 +63,7 @@ zone_dataset_attach(struct ucred *cred, const char *dataset, int jailid)
|
|||||||
struct prison *pr;
|
struct prison *pr;
|
||||||
int dofree, error;
|
int dofree, error;
|
||||||
|
|
||||||
if ((error = priv_check_cred(cred, PRIV_ZFS_JAIL, 0)) != 0)
|
if ((error = priv_check_cred(cred, PRIV_ZFS_JAIL)) != 0)
|
||||||
return (error);
|
return (error);
|
||||||
|
|
||||||
/* Allocate memory before we grab prison's mutex. */
|
/* Allocate memory before we grab prison's mutex. */
|
||||||
@ -115,7 +115,7 @@ zone_dataset_detach(struct ucred *cred, const char *dataset, int jailid)
|
|||||||
struct prison *pr;
|
struct prison *pr;
|
||||||
int error;
|
int error;
|
||||||
|
|
||||||
if ((error = priv_check_cred(cred, PRIV_ZFS_JAIL, 0)) != 0)
|
if ((error = priv_check_cred(cred, PRIV_ZFS_JAIL)) != 0)
|
||||||
return (error);
|
return (error);
|
||||||
|
|
||||||
sx_slock(&allprison_lock);
|
sx_slock(&allprison_lock);
|
||||||
|
|||||||
@ -5205,7 +5205,7 @@ zfs_freebsd_setattr(ap)
|
|||||||
* otherwise, they behave like unprivileged processes.
|
* otherwise, they behave like unprivileged processes.
|
||||||
*/
|
*/
|
||||||
if (secpolicy_fs_owner(vp->v_mount, cred) == 0 ||
|
if (secpolicy_fs_owner(vp->v_mount, cred) == 0 ||
|
||||||
priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0) == 0) {
|
priv_check_cred(cred, PRIV_VFS_SYSFLAGS) == 0) {
|
||||||
if (zflags &
|
if (zflags &
|
||||||
(ZFS_IMMUTABLE | ZFS_APPENDONLY | ZFS_NOUNLINK)) {
|
(ZFS_IMMUTABLE | ZFS_APPENDONLY | ZFS_NOUNLINK)) {
|
||||||
error = securelevel_gt(cred, 0);
|
error = securelevel_gt(cred, 0);
|
||||||
|
|||||||
@ -1336,7 +1336,7 @@ linux_setgroups(struct thread *td, struct linux_setgroups_args *args)
|
|||||||
* Keep cr_groups[0] unchanged to prevent that.
|
* Keep cr_groups[0] unchanged to prevent that.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0)) != 0) {
|
if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS)) != 0) {
|
||||||
PROC_UNLOCK(p);
|
PROC_UNLOCK(p);
|
||||||
crfree(newcred);
|
crfree(newcred);
|
||||||
goto out;
|
goto out;
|
||||||
|
|||||||
@ -192,7 +192,7 @@ linux_setgroups16(struct thread *td, struct linux_setgroups16_args *args)
|
|||||||
* Keep cr_groups[0] unchanged to prevent that.
|
* Keep cr_groups[0] unchanged to prevent that.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0)) != 0) {
|
if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS)) != 0) {
|
||||||
PROC_UNLOCK(p);
|
PROC_UNLOCK(p);
|
||||||
crfree(newcred);
|
crfree(newcred);
|
||||||
|
|
||||||
|
|||||||
@ -129,8 +129,7 @@ filemon_event_process_exec(void *arg __unused, struct proc *p,
|
|||||||
/* If the credentials changed then cease tracing. */
|
/* If the credentials changed then cease tracing. */
|
||||||
if (imgp->newcred != NULL &&
|
if (imgp->newcred != NULL &&
|
||||||
imgp->credential_setid &&
|
imgp->credential_setid &&
|
||||||
priv_check_cred(filemon->cred,
|
priv_check_cred(filemon->cred, PRIV_DEBUG_DIFFCRED) != 0) {
|
||||||
PRIV_DEBUG_DIFFCRED, 0) != 0) {
|
|
||||||
/*
|
/*
|
||||||
* It may have changed to NULL already, but
|
* It may have changed to NULL already, but
|
||||||
* will not be re-attached by anything else.
|
* will not be re-attached by anything else.
|
||||||
|
|||||||
@ -420,7 +420,7 @@ ext2_setattr(struct vop_setattr_args *ap)
|
|||||||
* Privileged non-jail processes may not modify system flags
|
* Privileged non-jail processes may not modify system flags
|
||||||
* if securelevel > 0 and any existing system flags are set.
|
* if securelevel > 0 and any existing system flags are set.
|
||||||
*/
|
*/
|
||||||
if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) {
|
if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) {
|
||||||
if (ip->i_flags & (SF_IMMUTABLE | SF_APPEND)) {
|
if (ip->i_flags & (SF_IMMUTABLE | SF_APPEND)) {
|
||||||
error = securelevel_gt(cred, 0);
|
error = securelevel_gt(cred, 0);
|
||||||
if (error)
|
if (error)
|
||||||
@ -531,12 +531,12 @@ ext2_chmod(struct vnode *vp, int mode, struct ucred *cred, struct thread *td)
|
|||||||
* process is not a member of.
|
* process is not a member of.
|
||||||
*/
|
*/
|
||||||
if (vp->v_type != VDIR && (mode & S_ISTXT)) {
|
if (vp->v_type != VDIR && (mode & S_ISTXT)) {
|
||||||
error = priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0);
|
error = priv_check_cred(cred, PRIV_VFS_STICKYFILE);
|
||||||
if (error)
|
if (error)
|
||||||
return (EFTYPE);
|
return (EFTYPE);
|
||||||
}
|
}
|
||||||
if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
|
if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
|
||||||
error = priv_check_cred(cred, PRIV_VFS_SETGID, 0);
|
error = priv_check_cred(cred, PRIV_VFS_SETGID);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
@ -576,7 +576,7 @@ ext2_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred,
|
|||||||
*/
|
*/
|
||||||
if (uid != ip->i_uid || (gid != ip->i_gid &&
|
if (uid != ip->i_uid || (gid != ip->i_gid &&
|
||||||
!groupmember(gid, cred))) {
|
!groupmember(gid, cred))) {
|
||||||
error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
|
error = priv_check_cred(cred, PRIV_VFS_CHOWN);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
@ -586,7 +586,7 @@ ext2_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred,
|
|||||||
ip->i_uid = uid;
|
ip->i_uid = uid;
|
||||||
ip->i_flag |= IN_CHANGE;
|
ip->i_flag |= IN_CHANGE;
|
||||||
if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
|
if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
|
||||||
if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0) != 0)
|
if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID) != 0)
|
||||||
ip->i_mode &= ~(ISUID | ISGID);
|
ip->i_mode &= ~(ISUID | ISGID);
|
||||||
}
|
}
|
||||||
return (0);
|
return (0);
|
||||||
@ -1983,7 +1983,7 @@ ext2_makeinode(int mode, struct vnode *dvp, struct vnode **vpp,
|
|||||||
tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
|
tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
|
||||||
ip->i_nlink = 1;
|
ip->i_nlink = 1;
|
||||||
if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred)) {
|
if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred)) {
|
||||||
if (priv_check_cred(cnp->cn_cred, PRIV_VFS_RETAINSUGID, 0))
|
if (priv_check_cred(cnp->cn_cred, PRIV_VFS_RETAINSUGID))
|
||||||
ip->i_mode &= ~ISGID;
|
ip->i_mode &= ~ISGID;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2311,7 +2311,7 @@ ext2_write(struct vop_write_args *ap)
|
|||||||
*/
|
*/
|
||||||
if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid &&
|
if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid &&
|
||||||
ap->a_cred) {
|
ap->a_cred) {
|
||||||
if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID, 0))
|
if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID))
|
||||||
ip->i_mode &= ~(ISUID | ISGID);
|
ip->i_mode &= ~(ISUID | ISGID);
|
||||||
}
|
}
|
||||||
if (error) {
|
if (error) {
|
||||||
|
|||||||
@ -171,7 +171,7 @@ fuse_internal_access(struct vnode *vp,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if ((mode & VADMIN) != 0) {
|
if ((mode & VADMIN) != 0) {
|
||||||
err = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
|
err = priv_check_cred(cred, PRIV_VFS_ADMIN);
|
||||||
if (err) {
|
if (err) {
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -242,7 +242,7 @@ fuse_vnop_access(struct vop_access_args *ap)
|
|||||||
}
|
}
|
||||||
if (!(data->dataflags & FSESS_INITED)) {
|
if (!(data->dataflags & FSESS_INITED)) {
|
||||||
if (vnode_isvroot(vp)) {
|
if (vnode_isvroot(vp)) {
|
||||||
if (priv_check_cred(cred, PRIV_VFS_ADMIN, 0) ||
|
if (priv_check_cred(cred, PRIV_VFS_ADMIN) ||
|
||||||
(fuse_match_cred(data->daemoncred, cred) == 0)) {
|
(fuse_match_cred(data->daemoncred, cred) == 0)) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -378,7 +378,7 @@ msdosfs_setattr(struct vop_setattr_args *ap)
|
|||||||
if (vp->v_mount->mnt_flag & MNT_RDONLY)
|
if (vp->v_mount->mnt_flag & MNT_RDONLY)
|
||||||
return (EROFS);
|
return (EROFS);
|
||||||
if (cred->cr_uid != pmp->pm_uid) {
|
if (cred->cr_uid != pmp->pm_uid) {
|
||||||
error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
|
error = priv_check_cred(cred, PRIV_VFS_ADMIN);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
@ -427,7 +427,7 @@ msdosfs_setattr(struct vop_setattr_args *ap)
|
|||||||
gid = pmp->pm_gid;
|
gid = pmp->pm_gid;
|
||||||
if (cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid ||
|
if (cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid ||
|
||||||
(gid != pmp->pm_gid && !groupmember(gid, cred))) {
|
(gid != pmp->pm_gid && !groupmember(gid, cred))) {
|
||||||
error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
|
error = priv_check_cred(cred, PRIV_VFS_CHOWN);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
@ -498,7 +498,7 @@ msdosfs_setattr(struct vop_setattr_args *ap)
|
|||||||
if (vp->v_mount->mnt_flag & MNT_RDONLY)
|
if (vp->v_mount->mnt_flag & MNT_RDONLY)
|
||||||
return (EROFS);
|
return (EROFS);
|
||||||
if (cred->cr_uid != pmp->pm_uid) {
|
if (cred->cr_uid != pmp->pm_uid) {
|
||||||
error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
|
error = priv_check_cred(cred, PRIV_VFS_ADMIN);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -721,11 +721,11 @@ nandfs_chmod(struct vnode *vp, int mode, struct ucred *cred, struct thread *td)
|
|||||||
* jail(8).
|
* jail(8).
|
||||||
*/
|
*/
|
||||||
if (vp->v_type != VDIR && (mode & S_ISTXT)) {
|
if (vp->v_type != VDIR && (mode & S_ISTXT)) {
|
||||||
if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0))
|
if (priv_check_cred(cred, PRIV_VFS_STICKYFILE))
|
||||||
return (EFTYPE);
|
return (EFTYPE);
|
||||||
}
|
}
|
||||||
if (!groupmember(inode->i_gid, cred) && (mode & ISGID)) {
|
if (!groupmember(inode->i_gid, cred) && (mode & ISGID)) {
|
||||||
error = priv_check_cred(cred, PRIV_VFS_SETGID, 0);
|
error = priv_check_cred(cred, PRIV_VFS_SETGID);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
@ -734,7 +734,7 @@ nandfs_chmod(struct vnode *vp, int mode, struct ucred *cred, struct thread *td)
|
|||||||
* Deny setting setuid if we are not the file owner.
|
* Deny setting setuid if we are not the file owner.
|
||||||
*/
|
*/
|
||||||
if ((mode & ISUID) && inode->i_uid != cred->cr_uid) {
|
if ((mode & ISUID) && inode->i_uid != cred->cr_uid) {
|
||||||
error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
|
error = priv_check_cred(cred, PRIV_VFS_ADMIN);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
@ -777,7 +777,7 @@ nandfs_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred,
|
|||||||
*/
|
*/
|
||||||
if (((uid != inode->i_uid && uid != cred->cr_uid) ||
|
if (((uid != inode->i_uid && uid != cred->cr_uid) ||
|
||||||
(gid != inode->i_gid && !groupmember(gid, cred))) &&
|
(gid != inode->i_gid && !groupmember(gid, cred))) &&
|
||||||
(error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0)))
|
(error = priv_check_cred(cred, PRIV_VFS_CHOWN)))
|
||||||
return (error);
|
return (error);
|
||||||
ogid = inode->i_gid;
|
ogid = inode->i_gid;
|
||||||
ouid = inode->i_uid;
|
ouid = inode->i_uid;
|
||||||
@ -788,7 +788,7 @@ nandfs_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred,
|
|||||||
node->nn_flags |= IN_CHANGE;
|
node->nn_flags |= IN_CHANGE;
|
||||||
if ((inode->i_mode & (ISUID | ISGID)) &&
|
if ((inode->i_mode & (ISUID | ISGID)) &&
|
||||||
(ouid != uid || ogid != gid)) {
|
(ouid != uid || ogid != gid)) {
|
||||||
if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0))
|
if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID))
|
||||||
inode->i_mode &= ~(ISUID | ISGID);
|
inode->i_mode &= ~(ISUID | ISGID);
|
||||||
}
|
}
|
||||||
DPRINTF(VNCALL, ("%s: vp %p, cred %p, td %p - ret OK\n", __func__, vp,
|
DPRINTF(VNCALL, ("%s: vp %p, cred %p, td %p - ret OK\n", __func__, vp,
|
||||||
@ -839,7 +839,7 @@ nandfs_setattr(struct vop_setattr_args *ap)
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
flags = inode->i_flags;
|
flags = inode->i_flags;
|
||||||
if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) {
|
if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) {
|
||||||
if (flags & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
|
if (flags & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
|
||||||
error = securelevel_gt(cred, 0);
|
error = securelevel_gt(cred, 0);
|
||||||
if (error)
|
if (error)
|
||||||
|
|||||||
@ -1869,7 +1869,7 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp,
|
|||||||
case NFSATTRBIT_QUOTAHARD:
|
case NFSATTRBIT_QUOTAHARD:
|
||||||
NFSM_DISSECT(tl, u_int32_t *, NFSX_HYPER);
|
NFSM_DISSECT(tl, u_int32_t *, NFSX_HYPER);
|
||||||
if (sbp != NULL) {
|
if (sbp != NULL) {
|
||||||
if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0))
|
if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA))
|
||||||
freenum = sbp->f_bfree;
|
freenum = sbp->f_bfree;
|
||||||
else
|
else
|
||||||
freenum = sbp->f_bavail;
|
freenum = sbp->f_bavail;
|
||||||
@ -1898,7 +1898,7 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp,
|
|||||||
case NFSATTRBIT_QUOTASOFT:
|
case NFSATTRBIT_QUOTASOFT:
|
||||||
NFSM_DISSECT(tl, u_int32_t *, NFSX_HYPER);
|
NFSM_DISSECT(tl, u_int32_t *, NFSX_HYPER);
|
||||||
if (sbp != NULL) {
|
if (sbp != NULL) {
|
||||||
if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0))
|
if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA))
|
||||||
freenum = sbp->f_bfree;
|
freenum = sbp->f_bfree;
|
||||||
else
|
else
|
||||||
freenum = sbp->f_bavail;
|
freenum = sbp->f_bavail;
|
||||||
@ -2756,7 +2756,7 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount *mp, vnode_t vp,
|
|||||||
free(cp, M_NFSSTRING);
|
free(cp, M_NFSSTRING);
|
||||||
break;
|
break;
|
||||||
case NFSATTRBIT_QUOTAHARD:
|
case NFSATTRBIT_QUOTAHARD:
|
||||||
if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0))
|
if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA))
|
||||||
freenum = fs->f_bfree;
|
freenum = fs->f_bfree;
|
||||||
else
|
else
|
||||||
freenum = fs->f_bavail;
|
freenum = fs->f_bavail;
|
||||||
@ -2780,7 +2780,7 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount *mp, vnode_t vp,
|
|||||||
retnum += NFSX_HYPER;
|
retnum += NFSX_HYPER;
|
||||||
break;
|
break;
|
||||||
case NFSATTRBIT_QUOTASOFT:
|
case NFSATTRBIT_QUOTASOFT:
|
||||||
if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0))
|
if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA))
|
||||||
freenum = fs->f_bfree;
|
freenum = fs->f_bfree;
|
||||||
else
|
else
|
||||||
freenum = fs->f_bavail;
|
freenum = fs->f_bavail;
|
||||||
@ -2832,7 +2832,7 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount *mp, vnode_t vp,
|
|||||||
break;
|
break;
|
||||||
case NFSATTRBIT_SPACEAVAIL:
|
case NFSATTRBIT_SPACEAVAIL:
|
||||||
NFSM_BUILD(tl, u_int32_t *, NFSX_HYPER);
|
NFSM_BUILD(tl, u_int32_t *, NFSX_HYPER);
|
||||||
if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0)) {
|
if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE)) {
|
||||||
if (pnfssf != NULL)
|
if (pnfssf != NULL)
|
||||||
uquad = (u_int64_t)pnfssf->f_bfree;
|
uquad = (u_int64_t)pnfssf->f_bfree;
|
||||||
else
|
else
|
||||||
|
|||||||
@ -996,8 +996,7 @@ nfsvno_createsub(struct nfsrv_descript *nd, struct nameidata *ndp,
|
|||||||
if (nvap->na_type == VCHR && rdev == 0xffffffff)
|
if (nvap->na_type == VCHR && rdev == 0xffffffff)
|
||||||
nvap->na_type = VFIFO;
|
nvap->na_type = VFIFO;
|
||||||
if (nvap->na_type != VFIFO &&
|
if (nvap->na_type != VFIFO &&
|
||||||
(error = priv_check_cred(nd->nd_cred,
|
(error = priv_check_cred(nd->nd_cred, PRIV_VFS_MKNOD_DEV))) {
|
||||||
PRIV_VFS_MKNOD_DEV, 0))) {
|
|
||||||
vrele(ndp->ni_startdir);
|
vrele(ndp->ni_startdir);
|
||||||
nfsvno_relpathbuf(ndp);
|
nfsvno_relpathbuf(ndp);
|
||||||
vput(ndp->ni_dvp);
|
vput(ndp->ni_dvp);
|
||||||
@ -1091,7 +1090,7 @@ nfsvno_mknod(struct nameidata *ndp, struct nfsvattr *nvap, struct ucred *cred,
|
|||||||
nfsvno_relpathbuf(ndp);
|
nfsvno_relpathbuf(ndp);
|
||||||
} else {
|
} else {
|
||||||
if (nvap->na_type != VFIFO &&
|
if (nvap->na_type != VFIFO &&
|
||||||
(error = priv_check_cred(cred, PRIV_VFS_MKNOD_DEV, 0))) {
|
(error = priv_check_cred(cred, PRIV_VFS_MKNOD_DEV))) {
|
||||||
vrele(ndp->ni_startdir);
|
vrele(ndp->ni_startdir);
|
||||||
nfsvno_relpathbuf(ndp);
|
nfsvno_relpathbuf(ndp);
|
||||||
vput(ndp->ni_dvp);
|
vput(ndp->ni_dvp);
|
||||||
|
|||||||
@ -1522,7 +1522,7 @@ tmpfs_chflags(struct vnode *vp, u_long flags, struct ucred *cred,
|
|||||||
* Unprivileged processes are not permitted to unset system
|
* Unprivileged processes are not permitted to unset system
|
||||||
* flags, or modify flags if any system flags are set.
|
* flags, or modify flags if any system flags are set.
|
||||||
*/
|
*/
|
||||||
if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) {
|
if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) {
|
||||||
if (node->tn_flags &
|
if (node->tn_flags &
|
||||||
(SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
|
(SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
|
||||||
error = securelevel_gt(cred, 0);
|
error = securelevel_gt(cred, 0);
|
||||||
@ -1579,11 +1579,11 @@ tmpfs_chmod(struct vnode *vp, mode_t mode, struct ucred *cred, struct thread *p)
|
|||||||
* process is not a member of.
|
* process is not a member of.
|
||||||
*/
|
*/
|
||||||
if (vp->v_type != VDIR && (mode & S_ISTXT)) {
|
if (vp->v_type != VDIR && (mode & S_ISTXT)) {
|
||||||
if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0))
|
if (priv_check_cred(cred, PRIV_VFS_STICKYFILE))
|
||||||
return (EFTYPE);
|
return (EFTYPE);
|
||||||
}
|
}
|
||||||
if (!groupmember(node->tn_gid, cred) && (mode & S_ISGID)) {
|
if (!groupmember(node->tn_gid, cred) && (mode & S_ISGID)) {
|
||||||
error = priv_check_cred(cred, PRIV_VFS_SETGID, 0);
|
error = priv_check_cred(cred, PRIV_VFS_SETGID);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
@ -1649,7 +1649,7 @@ tmpfs_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred,
|
|||||||
*/
|
*/
|
||||||
if ((uid != node->tn_uid ||
|
if ((uid != node->tn_uid ||
|
||||||
(gid != node->tn_gid && !groupmember(gid, cred))) &&
|
(gid != node->tn_gid && !groupmember(gid, cred))) &&
|
||||||
(error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0)))
|
(error = priv_check_cred(cred, PRIV_VFS_CHOWN)))
|
||||||
return (error);
|
return (error);
|
||||||
|
|
||||||
ogid = node->tn_gid;
|
ogid = node->tn_gid;
|
||||||
@ -1661,7 +1661,7 @@ tmpfs_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred,
|
|||||||
node->tn_status |= TMPFS_NODE_CHANGED;
|
node->tn_status |= TMPFS_NODE_CHANGED;
|
||||||
|
|
||||||
if ((node->tn_mode & (S_ISUID | S_ISGID)) && (ouid != uid || ogid != gid)) {
|
if ((node->tn_mode & (S_ISUID | S_ISGID)) && (ouid != uid || ogid != gid)) {
|
||||||
if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0))
|
if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID))
|
||||||
node->tn_mode &= ~(S_ISUID | S_ISGID);
|
node->tn_mode &= ~(S_ISUID | S_ISGID);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -523,7 +523,7 @@ tmpfs_write(struct vop_write_args *v)
|
|||||||
node->tn_status |= TMPFS_NODE_ACCESSED | TMPFS_NODE_MODIFIED |
|
node->tn_status |= TMPFS_NODE_ACCESSED | TMPFS_NODE_MODIFIED |
|
||||||
TMPFS_NODE_CHANGED;
|
TMPFS_NODE_CHANGED;
|
||||||
if (node->tn_mode & (S_ISUID | S_ISGID)) {
|
if (node->tn_mode & (S_ISUID | S_ISGID)) {
|
||||||
if (priv_check_cred(v->a_cred, PRIV_VFS_RETAINSUGID, 0))
|
if (priv_check_cred(v->a_cred, PRIV_VFS_RETAINSUGID))
|
||||||
node->tn_mode &= ~(S_ISUID | S_ISGID);
|
node->tn_mode &= ~(S_ISUID | S_ISGID);
|
||||||
}
|
}
|
||||||
if (error != 0)
|
if (error != 0)
|
||||||
|
|||||||
@ -786,7 +786,7 @@ interpret:
|
|||||||
|
|
||||||
#ifdef KTRACE
|
#ifdef KTRACE
|
||||||
if (p->p_tracecred != NULL &&
|
if (p->p_tracecred != NULL &&
|
||||||
priv_check_cred(p->p_tracecred, PRIV_DEBUG_DIFFCRED, 0))
|
priv_check_cred(p->p_tracecred, PRIV_DEBUG_DIFFCRED))
|
||||||
ktrprocexec(p, &tracecred, &tracevp);
|
ktrprocexec(p, &tracecred, &tracevp);
|
||||||
#endif
|
#endif
|
||||||
/*
|
/*
|
||||||
|
|||||||
@ -838,8 +838,7 @@ fork1(struct thread *td, struct fork_req *fr)
|
|||||||
* processes; don't let root exceed the limit.
|
* processes; don't let root exceed the limit.
|
||||||
*/
|
*/
|
||||||
nprocs_new = atomic_fetchadd_int(&nprocs, 1) + 1;
|
nprocs_new = atomic_fetchadd_int(&nprocs, 1) + 1;
|
||||||
if ((nprocs_new >= maxproc - 10 && priv_check_cred(td->td_ucred,
|
if ((nprocs_new >= maxproc - 10 && priv_check_cred(td->td_ucred, PRIV_MAXPROC) != 0) || nprocs_new >= maxproc) {
|
||||||
PRIV_MAXPROC, 0) != 0) || nprocs_new >= maxproc) {
|
|
||||||
error = EAGAIN;
|
error = EAGAIN;
|
||||||
sx_xlock(&allproc_lock);
|
sx_xlock(&allproc_lock);
|
||||||
if (ppsratecheck(&lastfail, &curfail, 1)) {
|
if (ppsratecheck(&lastfail, &curfail, 1)) {
|
||||||
@ -936,7 +935,7 @@ fork1(struct thread *td, struct fork_req *fr)
|
|||||||
*
|
*
|
||||||
* XXXRW: Can we avoid privilege here if it's not needed?
|
* XXXRW: Can we avoid privilege here if it's not needed?
|
||||||
*/
|
*/
|
||||||
error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT, 0);
|
error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT);
|
||||||
if (error == 0)
|
if (error == 0)
|
||||||
ok = chgproccnt(td->td_ucred->cr_ruidinfo, 1, 0);
|
ok = chgproccnt(td->td_ucred->cr_ruidinfo, 1, 0);
|
||||||
else {
|
else {
|
||||||
|
|||||||
@ -76,7 +76,7 @@ SDT_PROBE_DEFINE1(priv, kernel, priv_check, priv__err, "int");
|
|||||||
* only a few to grant it.
|
* only a few to grant it.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
priv_check_cred(struct ucred *cred, int priv, int flags)
|
priv_check_cred(struct ucred *cred, int priv)
|
||||||
{
|
{
|
||||||
int error;
|
int error;
|
||||||
|
|
||||||
@ -207,5 +207,5 @@ priv_check(struct thread *td, int priv)
|
|||||||
|
|
||||||
KASSERT(td == curthread, ("priv_check: td != curthread"));
|
KASSERT(td == curthread, ("priv_check: td != curthread"));
|
||||||
|
|
||||||
return (priv_check_cred(td->td_ucred, priv, 0));
|
return (priv_check_cred(td->td_ucred, priv));
|
||||||
}
|
}
|
||||||
|
|||||||
@ -518,7 +518,7 @@ sys_setuid(struct thread *td, struct setuid_args *uap)
|
|||||||
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
|
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
|
||||||
uid != oldcred->cr_uid && /* allow setuid(geteuid()) */
|
uid != oldcred->cr_uid && /* allow setuid(geteuid()) */
|
||||||
#endif
|
#endif
|
||||||
(error = priv_check_cred(oldcred, PRIV_CRED_SETUID, 0)) != 0)
|
(error = priv_check_cred(oldcred, PRIV_CRED_SETUID)) != 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
#ifdef _POSIX_SAVED_IDS
|
#ifdef _POSIX_SAVED_IDS
|
||||||
@ -531,7 +531,7 @@ sys_setuid(struct thread *td, struct setuid_args *uap)
|
|||||||
uid == oldcred->cr_uid ||
|
uid == oldcred->cr_uid ||
|
||||||
#endif
|
#endif
|
||||||
/* We are using privs. */
|
/* We are using privs. */
|
||||||
priv_check_cred(oldcred, PRIV_CRED_SETUID, 0) == 0)
|
priv_check_cred(oldcred, PRIV_CRED_SETUID) == 0)
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
@ -615,7 +615,7 @@ sys_seteuid(struct thread *td, struct seteuid_args *uap)
|
|||||||
|
|
||||||
if (euid != oldcred->cr_ruid && /* allow seteuid(getuid()) */
|
if (euid != oldcred->cr_ruid && /* allow seteuid(getuid()) */
|
||||||
euid != oldcred->cr_svuid && /* allow seteuid(saved uid) */
|
euid != oldcred->cr_svuid && /* allow seteuid(saved uid) */
|
||||||
(error = priv_check_cred(oldcred, PRIV_CRED_SETEUID, 0)) != 0)
|
(error = priv_check_cred(oldcred, PRIV_CRED_SETEUID)) != 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -682,7 +682,7 @@ sys_setgid(struct thread *td, struct setgid_args *uap)
|
|||||||
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
|
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
|
||||||
gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */
|
gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */
|
||||||
#endif
|
#endif
|
||||||
(error = priv_check_cred(oldcred, PRIV_CRED_SETGID, 0)) != 0)
|
(error = priv_check_cred(oldcred, PRIV_CRED_SETGID)) != 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
#ifdef _POSIX_SAVED_IDS
|
#ifdef _POSIX_SAVED_IDS
|
||||||
@ -695,7 +695,7 @@ sys_setgid(struct thread *td, struct setgid_args *uap)
|
|||||||
gid == oldcred->cr_groups[0] ||
|
gid == oldcred->cr_groups[0] ||
|
||||||
#endif
|
#endif
|
||||||
/* We are using privs. */
|
/* We are using privs. */
|
||||||
priv_check_cred(oldcred, PRIV_CRED_SETGID, 0) == 0)
|
priv_check_cred(oldcred, PRIV_CRED_SETGID) == 0)
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
@ -764,7 +764,7 @@ sys_setegid(struct thread *td, struct setegid_args *uap)
|
|||||||
|
|
||||||
if (egid != oldcred->cr_rgid && /* allow setegid(getgid()) */
|
if (egid != oldcred->cr_rgid && /* allow setegid(getgid()) */
|
||||||
egid != oldcred->cr_svgid && /* allow setegid(saved gid) */
|
egid != oldcred->cr_svgid && /* allow setegid(saved gid) */
|
||||||
(error = priv_check_cred(oldcred, PRIV_CRED_SETEGID, 0)) != 0)
|
(error = priv_check_cred(oldcred, PRIV_CRED_SETEGID)) != 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
if (oldcred->cr_groups[0] != egid) {
|
if (oldcred->cr_groups[0] != egid) {
|
||||||
@ -835,7 +835,7 @@ kern_setgroups(struct thread *td, u_int ngrp, gid_t *groups)
|
|||||||
goto fail;
|
goto fail;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0);
|
error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS);
|
||||||
if (error)
|
if (error)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
@ -898,7 +898,7 @@ sys_setreuid(struct thread *td, struct setreuid_args *uap)
|
|||||||
ruid != oldcred->cr_svuid) ||
|
ruid != oldcred->cr_svuid) ||
|
||||||
(euid != (uid_t)-1 && euid != oldcred->cr_uid &&
|
(euid != (uid_t)-1 && euid != oldcred->cr_uid &&
|
||||||
euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) &&
|
euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) &&
|
||||||
(error = priv_check_cred(oldcred, PRIV_CRED_SETREUID, 0)) != 0)
|
(error = priv_check_cred(oldcred, PRIV_CRED_SETREUID)) != 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
if (euid != (uid_t)-1 && oldcred->cr_uid != euid) {
|
if (euid != (uid_t)-1 && oldcred->cr_uid != euid) {
|
||||||
@ -970,7 +970,7 @@ sys_setregid(struct thread *td, struct setregid_args *uap)
|
|||||||
rgid != oldcred->cr_svgid) ||
|
rgid != oldcred->cr_svgid) ||
|
||||||
(egid != (gid_t)-1 && egid != oldcred->cr_groups[0] &&
|
(egid != (gid_t)-1 && egid != oldcred->cr_groups[0] &&
|
||||||
egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) &&
|
egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) &&
|
||||||
(error = priv_check_cred(oldcred, PRIV_CRED_SETREGID, 0)) != 0)
|
(error = priv_check_cred(oldcred, PRIV_CRED_SETREGID)) != 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) {
|
if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) {
|
||||||
@ -1045,7 +1045,7 @@ sys_setresuid(struct thread *td, struct setresuid_args *uap)
|
|||||||
(suid != (uid_t)-1 && suid != oldcred->cr_ruid &&
|
(suid != (uid_t)-1 && suid != oldcred->cr_ruid &&
|
||||||
suid != oldcred->cr_svuid &&
|
suid != oldcred->cr_svuid &&
|
||||||
suid != oldcred->cr_uid)) &&
|
suid != oldcred->cr_uid)) &&
|
||||||
(error = priv_check_cred(oldcred, PRIV_CRED_SETRESUID, 0)) != 0)
|
(error = priv_check_cred(oldcred, PRIV_CRED_SETRESUID)) != 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
if (euid != (uid_t)-1 && oldcred->cr_uid != euid) {
|
if (euid != (uid_t)-1 && oldcred->cr_uid != euid) {
|
||||||
@ -1129,7 +1129,7 @@ sys_setresgid(struct thread *td, struct setresgid_args *uap)
|
|||||||
(sgid != (gid_t)-1 && sgid != oldcred->cr_rgid &&
|
(sgid != (gid_t)-1 && sgid != oldcred->cr_rgid &&
|
||||||
sgid != oldcred->cr_svgid &&
|
sgid != oldcred->cr_svgid &&
|
||||||
sgid != oldcred->cr_groups[0])) &&
|
sgid != oldcred->cr_groups[0])) &&
|
||||||
(error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID, 0)) != 0)
|
(error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID)) != 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) {
|
if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) {
|
||||||
@ -1343,7 +1343,7 @@ cr_canseeotheruids(struct ucred *u1, struct ucred *u2)
|
|||||||
{
|
{
|
||||||
|
|
||||||
if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) {
|
if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) {
|
||||||
if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, 0) != 0)
|
if (priv_check_cred(u1, PRIV_SEEOTHERUIDS) != 0)
|
||||||
return (ESRCH);
|
return (ESRCH);
|
||||||
}
|
}
|
||||||
return (0);
|
return (0);
|
||||||
@ -1382,7 +1382,7 @@ cr_canseeothergids(struct ucred *u1, struct ucred *u2)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (!match) {
|
if (!match) {
|
||||||
if (priv_check_cred(u1, PRIV_SEEOTHERGIDS, 0) != 0)
|
if (priv_check_cred(u1, PRIV_SEEOTHERGIDS) != 0)
|
||||||
return (ESRCH);
|
return (ESRCH);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1530,7 +1530,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum)
|
|||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
/* Not permitted without privilege. */
|
/* Not permitted without privilege. */
|
||||||
error = priv_check_cred(cred, PRIV_SIGNAL_SUGID, 0);
|
error = priv_check_cred(cred, PRIV_SIGNAL_SUGID);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
@ -1544,7 +1544,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum)
|
|||||||
cred->cr_ruid != proc->p_ucred->cr_svuid &&
|
cred->cr_ruid != proc->p_ucred->cr_svuid &&
|
||||||
cred->cr_uid != proc->p_ucred->cr_ruid &&
|
cred->cr_uid != proc->p_ucred->cr_ruid &&
|
||||||
cred->cr_uid != proc->p_ucred->cr_svuid) {
|
cred->cr_uid != proc->p_ucred->cr_svuid) {
|
||||||
error = priv_check_cred(cred, PRIV_SIGNAL_DIFFCRED, 0);
|
error = priv_check_cred(cred, PRIV_SIGNAL_DIFFCRED);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -259,8 +259,7 @@ vaccess_acl_nfs4(enum vtype type, uid_t file_uid, gid_t file_gid,
|
|||||||
* No match. Try to use privileges, if there are any.
|
* No match. Try to use privileges, if there are any.
|
||||||
*/
|
*/
|
||||||
if (is_directory) {
|
if (is_directory) {
|
||||||
if ((accmode & VEXEC) && !priv_check_cred(cred,
|
if ((accmode & VEXEC) && !priv_check_cred(cred, PRIV_VFS_LOOKUP))
|
||||||
PRIV_VFS_LOOKUP, 0))
|
|
||||||
priv_granted |= VEXEC;
|
priv_granted |= VEXEC;
|
||||||
} else {
|
} else {
|
||||||
/*
|
/*
|
||||||
@ -270,23 +269,23 @@ vaccess_acl_nfs4(enum vtype type, uid_t file_uid, gid_t file_gid,
|
|||||||
*/
|
*/
|
||||||
if ((accmode & VEXEC) && (file_mode &
|
if ((accmode & VEXEC) && (file_mode &
|
||||||
(S_IXUSR | S_IXGRP | S_IXOTH)) != 0 &&
|
(S_IXUSR | S_IXGRP | S_IXOTH)) != 0 &&
|
||||||
!priv_check_cred(cred, PRIV_VFS_EXEC, 0))
|
!priv_check_cred(cred, PRIV_VFS_EXEC))
|
||||||
priv_granted |= VEXEC;
|
priv_granted |= VEXEC;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((accmode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ, 0))
|
if ((accmode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ))
|
||||||
priv_granted |= VREAD;
|
priv_granted |= VREAD;
|
||||||
|
|
||||||
if ((accmode & (VWRITE | VAPPEND | VDELETE_CHILD)) &&
|
if ((accmode & (VWRITE | VAPPEND | VDELETE_CHILD)) &&
|
||||||
!priv_check_cred(cred, PRIV_VFS_WRITE, 0))
|
!priv_check_cred(cred, PRIV_VFS_WRITE))
|
||||||
priv_granted |= (VWRITE | VAPPEND | VDELETE_CHILD);
|
priv_granted |= (VWRITE | VAPPEND | VDELETE_CHILD);
|
||||||
|
|
||||||
if ((accmode & VADMIN_PERMS) &&
|
if ((accmode & VADMIN_PERMS) &&
|
||||||
!priv_check_cred(cred, PRIV_VFS_ADMIN, 0))
|
!priv_check_cred(cred, PRIV_VFS_ADMIN))
|
||||||
priv_granted |= VADMIN_PERMS;
|
priv_granted |= VADMIN_PERMS;
|
||||||
|
|
||||||
if ((accmode & VSTAT_PERMS) &&
|
if ((accmode & VSTAT_PERMS) &&
|
||||||
!priv_check_cred(cred, PRIV_VFS_STAT, 0))
|
!priv_check_cred(cred, PRIV_VFS_STAT))
|
||||||
priv_granted |= VSTAT_PERMS;
|
priv_granted |= VSTAT_PERMS;
|
||||||
|
|
||||||
if ((accmode & priv_granted) == accmode) {
|
if ((accmode & priv_granted) == accmode) {
|
||||||
|
|||||||
@ -90,8 +90,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
|
|||||||
priv_granted = 0;
|
priv_granted = 0;
|
||||||
|
|
||||||
if (type == VDIR) {
|
if (type == VDIR) {
|
||||||
if ((accmode & VEXEC) && !priv_check_cred(cred,
|
if ((accmode & VEXEC) && !priv_check_cred(cred, PRIV_VFS_LOOKUP))
|
||||||
PRIV_VFS_LOOKUP, 0))
|
|
||||||
priv_granted |= VEXEC;
|
priv_granted |= VEXEC;
|
||||||
} else {
|
} else {
|
||||||
/*
|
/*
|
||||||
@ -101,18 +100,18 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid,
|
|||||||
*/
|
*/
|
||||||
if ((accmode & VEXEC) && (acl_posix1e_acl_to_mode(acl) &
|
if ((accmode & VEXEC) && (acl_posix1e_acl_to_mode(acl) &
|
||||||
(S_IXUSR | S_IXGRP | S_IXOTH)) != 0 &&
|
(S_IXUSR | S_IXGRP | S_IXOTH)) != 0 &&
|
||||||
!priv_check_cred(cred, PRIV_VFS_EXEC, 0))
|
!priv_check_cred(cred, PRIV_VFS_EXEC))
|
||||||
priv_granted |= VEXEC;
|
priv_granted |= VEXEC;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((accmode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ, 0))
|
if ((accmode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ))
|
||||||
priv_granted |= VREAD;
|
priv_granted |= VREAD;
|
||||||
|
|
||||||
if (((accmode & VWRITE) || (accmode & VAPPEND)) &&
|
if (((accmode & VWRITE) || (accmode & VAPPEND)) &&
|
||||||
!priv_check_cred(cred, PRIV_VFS_WRITE, 0))
|
!priv_check_cred(cred, PRIV_VFS_WRITE))
|
||||||
priv_granted |= (VWRITE | VAPPEND);
|
priv_granted |= (VWRITE | VAPPEND);
|
||||||
|
|
||||||
if ((accmode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN, 0))
|
if ((accmode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN))
|
||||||
priv_granted |= VADMIN;
|
priv_granted |= VADMIN;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|||||||
@ -1032,7 +1032,7 @@ int do_unlink(struct mqfs_node *pn, struct ucred *ucred)
|
|||||||
sx_assert(&pn->mn_info->mi_lock, SX_LOCKED);
|
sx_assert(&pn->mn_info->mi_lock, SX_LOCKED);
|
||||||
|
|
||||||
if (ucred->cr_uid != pn->mn_uid &&
|
if (ucred->cr_uid != pn->mn_uid &&
|
||||||
(error = priv_check_cred(ucred, PRIV_MQ_ADMIN, 0)) != 0)
|
(error = priv_check_cred(ucred, PRIV_MQ_ADMIN)) != 0)
|
||||||
error = EACCES;
|
error = EACCES;
|
||||||
else if (!pn->mn_deleted) {
|
else if (!pn->mn_deleted) {
|
||||||
parent = pn->mn_parent;
|
parent = pn->mn_parent;
|
||||||
@ -2581,7 +2581,7 @@ mqf_chown(struct file *fp, uid_t uid, gid_t gid, struct ucred *active_cred,
|
|||||||
gid = pn->mn_gid;
|
gid = pn->mn_gid;
|
||||||
if (((uid != pn->mn_uid && uid != active_cred->cr_uid) ||
|
if (((uid != pn->mn_uid && uid != active_cred->cr_uid) ||
|
||||||
(gid != pn->mn_gid && !groupmember(gid, active_cred))) &&
|
(gid != pn->mn_gid && !groupmember(gid, active_cred))) &&
|
||||||
(error = priv_check_cred(active_cred, PRIV_VFS_CHOWN, 0)))
|
(error = priv_check_cred(active_cred, PRIV_VFS_CHOWN)))
|
||||||
goto out;
|
goto out;
|
||||||
pn->mn_uid = uid;
|
pn->mn_uid = uid;
|
||||||
pn->mn_gid = gid;
|
pn->mn_gid = gid;
|
||||||
|
|||||||
@ -242,7 +242,7 @@ ksem_chown(struct file *fp, uid_t uid, gid_t gid, struct ucred *active_cred,
|
|||||||
gid = ks->ks_gid;
|
gid = ks->ks_gid;
|
||||||
if (((uid != ks->ks_uid && uid != active_cred->cr_uid) ||
|
if (((uid != ks->ks_uid && uid != active_cred->cr_uid) ||
|
||||||
(gid != ks->ks_gid && !groupmember(gid, active_cred))) &&
|
(gid != ks->ks_gid && !groupmember(gid, active_cred))) &&
|
||||||
(error = priv_check_cred(active_cred, PRIV_VFS_CHOWN, 0)))
|
(error = priv_check_cred(active_cred, PRIV_VFS_CHOWN)))
|
||||||
goto out;
|
goto out;
|
||||||
ks->ks_uid = uid;
|
ks->ks_uid = uid;
|
||||||
ks->ks_gid = gid;
|
ks->ks_gid = gid;
|
||||||
@ -364,7 +364,7 @@ ksem_access(struct ksem *ks, struct ucred *ucred)
|
|||||||
error = vaccess(VREG, ks->ks_mode, ks->ks_uid, ks->ks_gid,
|
error = vaccess(VREG, ks->ks_mode, ks->ks_uid, ks->ks_gid,
|
||||||
VREAD | VWRITE, ucred, NULL);
|
VREAD | VWRITE, ucred, NULL);
|
||||||
if (error)
|
if (error)
|
||||||
error = priv_check_cred(ucred, PRIV_SEM_WRITE, 0);
|
error = priv_check_cred(ucred, PRIV_SEM_WRITE);
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -968,7 +968,7 @@ shm_chown(struct file *fp, uid_t uid, gid_t gid, struct ucred *active_cred,
|
|||||||
gid = shmfd->shm_gid;
|
gid = shmfd->shm_gid;
|
||||||
if (((uid != shmfd->shm_uid && uid != active_cred->cr_uid) ||
|
if (((uid != shmfd->shm_uid && uid != active_cred->cr_uid) ||
|
||||||
(gid != shmfd->shm_gid && !groupmember(gid, active_cred))) &&
|
(gid != shmfd->shm_gid && !groupmember(gid, active_cred))) &&
|
||||||
(error = priv_check_cred(active_cred, PRIV_VFS_CHOWN, 0)))
|
(error = priv_check_cred(active_cred, PRIV_VFS_CHOWN)))
|
||||||
goto out;
|
goto out;
|
||||||
shmfd->shm_uid = uid;
|
shmfd->shm_uid = uid;
|
||||||
shmfd->shm_gid = gid;
|
shmfd->shm_gid = gid;
|
||||||
|
|||||||
@ -862,7 +862,7 @@ vfs_domount_first(
|
|||||||
*/
|
*/
|
||||||
error = VOP_GETATTR(vp, &va, td->td_ucred);
|
error = VOP_GETATTR(vp, &va, td->td_ucred);
|
||||||
if (error == 0 && va.va_uid != td->td_ucred->cr_uid)
|
if (error == 0 && va.va_uid != td->td_ucred->cr_uid)
|
||||||
error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN, 0);
|
error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN);
|
||||||
if (error == 0)
|
if (error == 0)
|
||||||
error = vinvalbuf(vp, V_SAVE, 0, 0);
|
error = vinvalbuf(vp, V_SAVE, 0, 0);
|
||||||
if (error == 0 && vp->v_type != VDIR)
|
if (error == 0 && vp->v_type != VDIR)
|
||||||
|
|||||||
@ -4469,7 +4469,7 @@ privcheck:
|
|||||||
* requests, instead of PRIV_VFS_EXEC.
|
* requests, instead of PRIV_VFS_EXEC.
|
||||||
*/
|
*/
|
||||||
if ((accmode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
|
if ((accmode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
|
||||||
!priv_check_cred(cred, PRIV_VFS_LOOKUP, 0))
|
!priv_check_cred(cred, PRIV_VFS_LOOKUP))
|
||||||
priv_granted |= VEXEC;
|
priv_granted |= VEXEC;
|
||||||
} else {
|
} else {
|
||||||
/*
|
/*
|
||||||
@ -4479,20 +4479,20 @@ privcheck:
|
|||||||
*/
|
*/
|
||||||
if ((accmode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
|
if ((accmode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
|
||||||
(file_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) != 0 &&
|
(file_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) != 0 &&
|
||||||
!priv_check_cred(cred, PRIV_VFS_EXEC, 0))
|
!priv_check_cred(cred, PRIV_VFS_EXEC))
|
||||||
priv_granted |= VEXEC;
|
priv_granted |= VEXEC;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((accmode & VREAD) && ((dac_granted & VREAD) == 0) &&
|
if ((accmode & VREAD) && ((dac_granted & VREAD) == 0) &&
|
||||||
!priv_check_cred(cred, PRIV_VFS_READ, 0))
|
!priv_check_cred(cred, PRIV_VFS_READ))
|
||||||
priv_granted |= VREAD;
|
priv_granted |= VREAD;
|
||||||
|
|
||||||
if ((accmode & VWRITE) && ((dac_granted & VWRITE) == 0) &&
|
if ((accmode & VWRITE) && ((dac_granted & VWRITE) == 0) &&
|
||||||
!priv_check_cred(cred, PRIV_VFS_WRITE, 0))
|
!priv_check_cred(cred, PRIV_VFS_WRITE))
|
||||||
priv_granted |= (VWRITE | VAPPEND);
|
priv_granted |= (VWRITE | VAPPEND);
|
||||||
|
|
||||||
if ((accmode & VADMIN) && ((dac_granted & VADMIN) == 0) &&
|
if ((accmode & VADMIN) && ((dac_granted & VADMIN) == 0) &&
|
||||||
!priv_check_cred(cred, PRIV_VFS_ADMIN, 0))
|
!priv_check_cred(cred, PRIV_VFS_ADMIN))
|
||||||
priv_granted |= VADMIN;
|
priv_granted |= VADMIN;
|
||||||
|
|
||||||
if ((accmode & (priv_granted | dac_granted)) == accmode) {
|
if ((accmode & (priv_granted | dac_granted)) == accmode) {
|
||||||
@ -4527,7 +4527,7 @@ extattr_check_cred(struct vnode *vp, int attrnamespace, struct ucred *cred,
|
|||||||
switch (attrnamespace) {
|
switch (attrnamespace) {
|
||||||
case EXTATTR_NAMESPACE_SYSTEM:
|
case EXTATTR_NAMESPACE_SYSTEM:
|
||||||
/* Potentially should be: return (EPERM); */
|
/* Potentially should be: return (EPERM); */
|
||||||
return (priv_check_cred(cred, PRIV_VFS_EXTATTR_SYSTEM, 0));
|
return (priv_check_cred(cred, PRIV_VFS_EXTATTR_SYSTEM));
|
||||||
case EXTATTR_NAMESPACE_USER:
|
case EXTATTR_NAMESPACE_USER:
|
||||||
return (VOP_ACCESS(vp, accmode, cred, td));
|
return (VOP_ACCESS(vp, accmode, cred, td));
|
||||||
default:
|
default:
|
||||||
|
|||||||
@ -1484,13 +1484,13 @@ can_hardlink(struct vnode *vp, struct ucred *cred)
|
|||||||
return (error);
|
return (error);
|
||||||
|
|
||||||
if (hardlink_check_uid && cred->cr_uid != va.va_uid) {
|
if (hardlink_check_uid && cred->cr_uid != va.va_uid) {
|
||||||
error = priv_check_cred(cred, PRIV_VFS_LINK, 0);
|
error = priv_check_cred(cred, PRIV_VFS_LINK);
|
||||||
if (error != 0)
|
if (error != 0)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (hardlink_check_gid && !groupmember(va.va_gid, cred)) {
|
if (hardlink_check_gid && !groupmember(va.va_gid, cred)) {
|
||||||
error = priv_check_cred(cred, PRIV_VFS_LINK, 0);
|
error = priv_check_cred(cred, PRIV_VFS_LINK);
|
||||||
if (error != 0)
|
if (error != 0)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -346,7 +346,7 @@ tapclone(void *arg, struct ucred *cred, char *name, int namelen, struct cdev **d
|
|||||||
return;
|
return;
|
||||||
|
|
||||||
if (!tapdclone ||
|
if (!tapdclone ||
|
||||||
(!tapuopen && priv_check_cred(cred, PRIV_NET_IFCREATE, 0) != 0))
|
(!tapuopen && priv_check_cred(cred, PRIV_NET_IFCREATE) != 0))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
unit = 0;
|
unit = 0;
|
||||||
|
|||||||
@ -204,7 +204,7 @@ tunclone(void *arg, struct ucred *cred, char *name, int namelen,
|
|||||||
* If tun cloning is enabled, only the superuser can create an
|
* If tun cloning is enabled, only the superuser can create an
|
||||||
* interface.
|
* interface.
|
||||||
*/
|
*/
|
||||||
if (!tundclone || priv_check_cred(cred, PRIV_NET_IFCREATE, 0) != 0)
|
if (!tundclone || priv_check_cred(cred, PRIV_NET_IFCREATE) != 0)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if (strcmp(name, tunname) == 0) {
|
if (strcmp(name, tunname) == 0) {
|
||||||
|
|||||||
@ -622,7 +622,7 @@ in_pcb_lport(struct inpcb *inp, struct in_addr *laddrp, u_short *lportp,
|
|||||||
last = V_ipport_hilastauto;
|
last = V_ipport_hilastauto;
|
||||||
lastport = &pcbinfo->ipi_lasthi;
|
lastport = &pcbinfo->ipi_lasthi;
|
||||||
} else if (inp->inp_flags & INP_LOWPORT) {
|
} else if (inp->inp_flags & INP_LOWPORT) {
|
||||||
error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0);
|
error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
first = V_ipport_lowfirstauto; /* 1023 */
|
first = V_ipport_lowfirstauto; /* 1023 */
|
||||||
@ -866,12 +866,10 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp,
|
|||||||
/* GROSS */
|
/* GROSS */
|
||||||
if (ntohs(lport) <= V_ipport_reservedhigh &&
|
if (ntohs(lport) <= V_ipport_reservedhigh &&
|
||||||
ntohs(lport) >= V_ipport_reservedlow &&
|
ntohs(lport) >= V_ipport_reservedlow &&
|
||||||
priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
|
priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT))
|
||||||
0))
|
|
||||||
return (EACCES);
|
return (EACCES);
|
||||||
if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) &&
|
if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) &&
|
||||||
priv_check_cred(inp->inp_cred,
|
priv_check_cred(inp->inp_cred, PRIV_NETINET_REUSEPORT) != 0) {
|
||||||
PRIV_NETINET_REUSEPORT, 0) != 0) {
|
|
||||||
t = in_pcblookup_local(pcbinfo, sin->sin_addr,
|
t = in_pcblookup_local(pcbinfo, sin->sin_addr,
|
||||||
lport, INPLOOKUP_WILDCARD, cred);
|
lport, INPLOOKUP_WILDCARD, cred);
|
||||||
/*
|
/*
|
||||||
|
|||||||
@ -212,12 +212,10 @@ in6_pcbbind(struct inpcb *inp, struct sockaddr *nam,
|
|||||||
/* GROSS */
|
/* GROSS */
|
||||||
if (ntohs(lport) <= V_ipport_reservedhigh &&
|
if (ntohs(lport) <= V_ipport_reservedhigh &&
|
||||||
ntohs(lport) >= V_ipport_reservedlow &&
|
ntohs(lport) >= V_ipport_reservedlow &&
|
||||||
priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
|
priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT))
|
||||||
0))
|
|
||||||
return (EACCES);
|
return (EACCES);
|
||||||
if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr) &&
|
if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr) &&
|
||||||
priv_check_cred(inp->inp_cred,
|
priv_check_cred(inp->inp_cred, PRIV_NETINET_REUSEPORT) != 0) {
|
||||||
PRIV_NETINET_REUSEPORT, 0) != 0) {
|
|
||||||
t = in6_pcblookup_local(pcbinfo,
|
t = in6_pcblookup_local(pcbinfo,
|
||||||
&sin6->sin6_addr, lport,
|
&sin6->sin6_addr, lport,
|
||||||
INPLOOKUP_WILDCARD, cred);
|
INPLOOKUP_WILDCARD, cred);
|
||||||
|
|||||||
@ -2781,8 +2781,7 @@ ip6_setpktopt(int optname, u_char *buf, int len, struct ip6_pktopts *opt,
|
|||||||
case IPV6_2292NEXTHOP:
|
case IPV6_2292NEXTHOP:
|
||||||
case IPV6_NEXTHOP:
|
case IPV6_NEXTHOP:
|
||||||
if (cred != NULL) {
|
if (cred != NULL) {
|
||||||
error = priv_check_cred(cred,
|
error = priv_check_cred(cred, PRIV_NETINET_SETHDROPTS);
|
||||||
PRIV_NETINET_SETHDROPTS, 0);
|
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
@ -2840,8 +2839,7 @@ ip6_setpktopt(int optname, u_char *buf, int len, struct ip6_pktopts *opt,
|
|||||||
* overhead.
|
* overhead.
|
||||||
*/
|
*/
|
||||||
if (cred != NULL) {
|
if (cred != NULL) {
|
||||||
error = priv_check_cred(cred,
|
error = priv_check_cred(cred, PRIV_NETINET_SETHDROPTS);
|
||||||
PRIV_NETINET_SETHDROPTS, 0);
|
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
@ -2877,8 +2875,7 @@ ip6_setpktopt(int optname, u_char *buf, int len, struct ip6_pktopts *opt,
|
|||||||
int destlen;
|
int destlen;
|
||||||
|
|
||||||
if (cred != NULL) { /* XXX: see the comment for IPV6_HOPOPTS */
|
if (cred != NULL) { /* XXX: see the comment for IPV6_HOPOPTS */
|
||||||
error = priv_check_cred(cred,
|
error = priv_check_cred(cred, PRIV_NETINET_SETHDROPTS);
|
||||||
PRIV_NETINET_SETHDROPTS, 0);
|
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -296,7 +296,7 @@ ipsec_set_pcbpolicy(struct inpcb *inp, struct ucred *cred,
|
|||||||
case IPSEC_POLICY_IPSEC:
|
case IPSEC_POLICY_IPSEC:
|
||||||
case IPSEC_POLICY_BYPASS:
|
case IPSEC_POLICY_BYPASS:
|
||||||
if (cred != NULL &&
|
if (cred != NULL &&
|
||||||
priv_check_cred(cred, PRIV_NETINET_IPSEC, 0) != 0)
|
priv_check_cred(cred, PRIV_NETINET_IPSEC) != 0)
|
||||||
return (EACCES);
|
return (EACCES);
|
||||||
/* Allocate new SP entry. */
|
/* Allocate new SP entry. */
|
||||||
newsp = key_msg2sp(xpl, len, &error);
|
newsp = key_msg2sp(xpl, len, &error);
|
||||||
|
|||||||
@ -64,7 +64,7 @@ void m_dumpm(struct mbuf *m);
|
|||||||
SIGISMEMBER(set, SIGHUP) || SIGISMEMBER(set, SIGKILL) || \
|
SIGISMEMBER(set, SIGHUP) || SIGISMEMBER(set, SIGKILL) || \
|
||||||
SIGISMEMBER(set, SIGQUIT))
|
SIGISMEMBER(set, SIGQUIT))
|
||||||
|
|
||||||
#define smb_suser(cred) priv_check_cred(cred, PRIV_NETSMB, 0)
|
#define smb_suser(cred) priv_check_cred(cred, PRIV_NETSMB)
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Compatibility wrappers for simple locks
|
* Compatibility wrappers for simple locks
|
||||||
|
|||||||
@ -628,7 +628,7 @@ sys_setauid(struct thread *td, struct setauid_args *uap)
|
|||||||
if (error)
|
if (error)
|
||||||
goto fail;
|
goto fail;
|
||||||
#endif
|
#endif
|
||||||
error = priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT, 0);
|
error = priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT);
|
||||||
if (error)
|
if (error)
|
||||||
goto fail;
|
goto fail;
|
||||||
newcred->cr_audit.ai_auid = id;
|
newcred->cr_audit.ai_auid = id;
|
||||||
@ -693,7 +693,7 @@ sys_setaudit(struct thread *td, struct setaudit_args *uap)
|
|||||||
if (error)
|
if (error)
|
||||||
goto fail;
|
goto fail;
|
||||||
#endif
|
#endif
|
||||||
error = priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT, 0);
|
error = priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT);
|
||||||
if (error)
|
if (error)
|
||||||
goto fail;
|
goto fail;
|
||||||
bzero(&newcred->cr_audit, sizeof(newcred->cr_audit));
|
bzero(&newcred->cr_audit, sizeof(newcred->cr_audit));
|
||||||
@ -756,7 +756,7 @@ sys_setaudit_addr(struct thread *td, struct setaudit_addr_args *uap)
|
|||||||
if (error)
|
if (error)
|
||||||
goto fail;
|
goto fail;
|
||||||
#endif
|
#endif
|
||||||
error = priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT, 0);
|
error = priv_check_cred(oldcred, PRIV_AUDIT_SETAUDIT);
|
||||||
if (error)
|
if (error)
|
||||||
goto fail;
|
goto fail;
|
||||||
newcred->cr_audit = aia;
|
newcred->cr_audit = aia;
|
||||||
|
|||||||
@ -477,7 +477,7 @@ mac_ifnet_ioctl_set(struct ucred *cred, struct ifreq *ifr, struct ifnet *ifp)
|
|||||||
* impose this check themselves if required by the policy
|
* impose this check themselves if required by the policy
|
||||||
* Eventually, this should go away.
|
* Eventually, this should go away.
|
||||||
*/
|
*/
|
||||||
error = priv_check_cred(cred, PRIV_NET_SETIFMAC, 0);
|
error = priv_check_cred(cred, PRIV_NET_SETIFMAC);
|
||||||
if (error) {
|
if (error) {
|
||||||
mac_ifnet_label_free(intlabel);
|
mac_ifnet_label_free(intlabel);
|
||||||
return (error);
|
return (error);
|
||||||
|
|||||||
@ -385,20 +385,19 @@ ugidfw_rulecheck(struct mac_bsdextended_rule *rule,
|
|||||||
priv_granted = 0;
|
priv_granted = 0;
|
||||||
mac_granted = rule->mbr_mode;
|
mac_granted = rule->mbr_mode;
|
||||||
if ((acc_mode & MBI_ADMIN) && (mac_granted & MBI_ADMIN) == 0 &&
|
if ((acc_mode & MBI_ADMIN) && (mac_granted & MBI_ADMIN) == 0 &&
|
||||||
priv_check_cred(cred, PRIV_VFS_ADMIN, 0) == 0)
|
priv_check_cred(cred, PRIV_VFS_ADMIN) == 0)
|
||||||
priv_granted |= MBI_ADMIN;
|
priv_granted |= MBI_ADMIN;
|
||||||
if ((acc_mode & MBI_EXEC) && (mac_granted & MBI_EXEC) == 0 &&
|
if ((acc_mode & MBI_EXEC) && (mac_granted & MBI_EXEC) == 0 &&
|
||||||
priv_check_cred(cred, (vap->va_type == VDIR) ? PRIV_VFS_LOOKUP :
|
priv_check_cred(cred, (vap->va_type == VDIR) ? PRIV_VFS_LOOKUP : PRIV_VFS_EXEC) == 0)
|
||||||
PRIV_VFS_EXEC, 0) == 0)
|
|
||||||
priv_granted |= MBI_EXEC;
|
priv_granted |= MBI_EXEC;
|
||||||
if ((acc_mode & MBI_READ) && (mac_granted & MBI_READ) == 0 &&
|
if ((acc_mode & MBI_READ) && (mac_granted & MBI_READ) == 0 &&
|
||||||
priv_check_cred(cred, PRIV_VFS_READ, 0) == 0)
|
priv_check_cred(cred, PRIV_VFS_READ) == 0)
|
||||||
priv_granted |= MBI_READ;
|
priv_granted |= MBI_READ;
|
||||||
if ((acc_mode & MBI_STAT) && (mac_granted & MBI_STAT) == 0 &&
|
if ((acc_mode & MBI_STAT) && (mac_granted & MBI_STAT) == 0 &&
|
||||||
priv_check_cred(cred, PRIV_VFS_STAT, 0) == 0)
|
priv_check_cred(cred, PRIV_VFS_STAT) == 0)
|
||||||
priv_granted |= MBI_STAT;
|
priv_granted |= MBI_STAT;
|
||||||
if ((acc_mode & MBI_WRITE) && (mac_granted & MBI_WRITE) == 0 &&
|
if ((acc_mode & MBI_WRITE) && (mac_granted & MBI_WRITE) == 0 &&
|
||||||
priv_check_cred(cred, PRIV_VFS_WRITE, 0) == 0)
|
priv_check_cred(cred, PRIV_VFS_WRITE) == 0)
|
||||||
priv_granted |= MBI_WRITE;
|
priv_granted |= MBI_WRITE;
|
||||||
/*
|
/*
|
||||||
* Is the access permitted?
|
* Is the access permitted?
|
||||||
|
|||||||
@ -1139,7 +1139,7 @@ lomac_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
|
|||||||
*
|
*
|
||||||
* XXXRW: This is also redundant to a higher layer check.
|
* XXXRW: This is also redundant to a higher layer check.
|
||||||
*/
|
*/
|
||||||
error = priv_check_cred(cred, PRIV_NET_SETIFMAC, 0);
|
error = priv_check_cred(cred, PRIV_NET_SETIFMAC);
|
||||||
if (error)
|
if (error)
|
||||||
return (EPERM);
|
return (EPERM);
|
||||||
|
|
||||||
|
|||||||
@ -128,7 +128,7 @@ partition_cred_check_relabel(struct ucred *cred, struct label *newlabel)
|
|||||||
* partition in the first place, but this didn't interact
|
* partition in the first place, but this didn't interact
|
||||||
* well with sendmail.
|
* well with sendmail.
|
||||||
*/
|
*/
|
||||||
error = priv_check_cred(cred, PRIV_MAC_PARTITION, 0);
|
error = priv_check_cred(cred, PRIV_MAC_PARTITION);
|
||||||
}
|
}
|
||||||
|
|
||||||
return (error);
|
return (error);
|
||||||
|
|||||||
@ -419,7 +419,7 @@ rules_check(struct ucred *cred, int family, int type, u_int16_t port)
|
|||||||
mtx_unlock(&rule_mtx);
|
mtx_unlock(&rule_mtx);
|
||||||
|
|
||||||
if (error != 0 && portacl_suser_exempt != 0)
|
if (error != 0 && portacl_suser_exempt != 0)
|
||||||
error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0);
|
error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT);
|
||||||
|
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -123,7 +123,7 @@ seeotheruids_check(struct ucred *cr1, struct ucred *cr2)
|
|||||||
return (0);
|
return (0);
|
||||||
|
|
||||||
if (suser_privileged) {
|
if (suser_privileged) {
|
||||||
if (priv_check_cred(cr1, PRIV_SEEOTHERUIDS, 0) == 0)
|
if (priv_check_cred(cr1, PRIV_SEEOTHERUIDS) == 0)
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -532,7 +532,7 @@
|
|||||||
struct thread;
|
struct thread;
|
||||||
struct ucred;
|
struct ucred;
|
||||||
int priv_check(struct thread *td, int priv);
|
int priv_check(struct thread *td, int priv);
|
||||||
int priv_check_cred(struct ucred *cred, int priv, int flags);
|
int priv_check_cred(struct ucred *cred, int priv);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif /* !_SYS_PRIV_H_ */
|
#endif /* !_SYS_PRIV_H_ */
|
||||||
|
|||||||
@ -189,7 +189,7 @@ retry:
|
|||||||
#endif
|
#endif
|
||||||
if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0)
|
if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0)
|
||||||
goto nospace;
|
goto nospace;
|
||||||
if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0) &&
|
if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE) &&
|
||||||
freespace(fs, fs->fs_minfree) - numfrags(fs, size) < 0)
|
freespace(fs, fs->fs_minfree) - numfrags(fs, size) < 0)
|
||||||
goto nospace;
|
goto nospace;
|
||||||
if (bpref >= fs->fs_size)
|
if (bpref >= fs->fs_size)
|
||||||
@ -284,7 +284,7 @@ ffs_realloccg(ip, lbprev, bprev, bpref, osize, nsize, flags, cred, bpp)
|
|||||||
#endif /* INVARIANTS */
|
#endif /* INVARIANTS */
|
||||||
reclaimed = 0;
|
reclaimed = 0;
|
||||||
retry:
|
retry:
|
||||||
if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0) &&
|
if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE) &&
|
||||||
freespace(fs, fs->fs_minfree) - numfrags(fs, nsize - osize) < 0) {
|
freespace(fs, fs->fs_minfree) - numfrags(fs, nsize - osize) < 0) {
|
||||||
goto nospace;
|
goto nospace;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -13390,7 +13390,7 @@ softdep_request_cleanup(fs, vp, cred, resource)
|
|||||||
} else if (resource == FLUSH_BLOCKS_WAIT) {
|
} else if (resource == FLUSH_BLOCKS_WAIT) {
|
||||||
needed = (vp->v_mount->mnt_writeopcount + 2) *
|
needed = (vp->v_mount->mnt_writeopcount + 2) *
|
||||||
fs->fs_contigsumsize;
|
fs->fs_contigsumsize;
|
||||||
if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0))
|
if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE))
|
||||||
needed += fragstoblks(fs,
|
needed += fragstoblks(fs,
|
||||||
roundup((fs->fs_dsize * fs->fs_minfree / 100) -
|
roundup((fs->fs_dsize * fs->fs_minfree / 100) -
|
||||||
fs->fs_cstotal.cs_nffree, fs->fs_frag));
|
fs->fs_cstotal.cs_nffree, fs->fs_frag));
|
||||||
|
|||||||
@ -857,7 +857,7 @@ ffs_write(ap)
|
|||||||
*/
|
*/
|
||||||
if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid &&
|
if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid &&
|
||||||
ap->a_cred) {
|
ap->a_cred) {
|
||||||
if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID, 0)) {
|
if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID)) {
|
||||||
ip->i_mode &= ~(ISUID | ISGID);
|
ip->i_mode &= ~(ISUID | ISGID);
|
||||||
DIP_SET(ip, i_mode, ip->i_mode);
|
DIP_SET(ip, i_mode, ip->i_mode);
|
||||||
}
|
}
|
||||||
@ -1099,7 +1099,7 @@ ffs_extwrite(struct vnode *vp, struct uio *uio, int ioflag, struct ucred *ucred)
|
|||||||
* tampering.
|
* tampering.
|
||||||
*/
|
*/
|
||||||
if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && ucred) {
|
if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && ucred) {
|
||||||
if (priv_check_cred(ucred, PRIV_VFS_RETAINSUGID, 0)) {
|
if (priv_check_cred(ucred, PRIV_VFS_RETAINSUGID)) {
|
||||||
ip->i_mode &= ~(ISUID | ISGID);
|
ip->i_mode &= ~(ISUID | ISGID);
|
||||||
dp->di_mode = ip->i_mode;
|
dp->di_mode = ip->i_mode;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -195,7 +195,7 @@ chkdq(struct inode *ip, ufs2_daddr_t change, struct ucred *cred, int flags)
|
|||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
if ((flags & FORCE) == 0 &&
|
if ((flags & FORCE) == 0 &&
|
||||||
priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0))
|
priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA))
|
||||||
do_check = 1;
|
do_check = 1;
|
||||||
else
|
else
|
||||||
do_check = 0;
|
do_check = 0;
|
||||||
@ -334,7 +334,7 @@ chkiq(struct inode *ip, int change, struct ucred *cred, int flags)
|
|||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
if ((flags & FORCE) == 0 &&
|
if ((flags & FORCE) == 0 &&
|
||||||
priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0))
|
priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA))
|
||||||
do_check = 1;
|
do_check = 1;
|
||||||
else
|
else
|
||||||
do_check = 0;
|
do_check = 0;
|
||||||
|
|||||||
@ -532,7 +532,7 @@ ufs_setattr(ap)
|
|||||||
* processes if the PR_ALLOW_CHFLAGS permission bit is set;
|
* processes if the PR_ALLOW_CHFLAGS permission bit is set;
|
||||||
* otherwise, they behave like unprivileged processes.
|
* otherwise, they behave like unprivileged processes.
|
||||||
*/
|
*/
|
||||||
if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) {
|
if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) {
|
||||||
if (ip->i_flags &
|
if (ip->i_flags &
|
||||||
(SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
|
(SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
|
||||||
error = securelevel_gt(cred, 0);
|
error = securelevel_gt(cred, 0);
|
||||||
@ -725,11 +725,11 @@ ufs_chmod(vp, mode, cred, td)
|
|||||||
* jail(8).
|
* jail(8).
|
||||||
*/
|
*/
|
||||||
if (vp->v_type != VDIR && (mode & S_ISTXT)) {
|
if (vp->v_type != VDIR && (mode & S_ISTXT)) {
|
||||||
if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0))
|
if (priv_check_cred(cred, PRIV_VFS_STICKYFILE))
|
||||||
return (EFTYPE);
|
return (EFTYPE);
|
||||||
}
|
}
|
||||||
if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
|
if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
|
||||||
error = priv_check_cred(cred, PRIV_VFS_SETGID, 0);
|
error = priv_check_cred(cred, PRIV_VFS_SETGID);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
@ -738,7 +738,7 @@ ufs_chmod(vp, mode, cred, td)
|
|||||||
* Deny setting setuid if we are not the file owner.
|
* Deny setting setuid if we are not the file owner.
|
||||||
*/
|
*/
|
||||||
if ((mode & ISUID) && ip->i_uid != cred->cr_uid) {
|
if ((mode & ISUID) && ip->i_uid != cred->cr_uid) {
|
||||||
error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
|
error = priv_check_cred(cred, PRIV_VFS_ADMIN);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
@ -795,7 +795,7 @@ ufs_chown(vp, uid, gid, cred, td)
|
|||||||
*/
|
*/
|
||||||
if (((uid != ip->i_uid && uid != cred->cr_uid) ||
|
if (((uid != ip->i_uid && uid != cred->cr_uid) ||
|
||||||
(gid != ip->i_gid && !groupmember(gid, cred))) &&
|
(gid != ip->i_gid && !groupmember(gid, cred))) &&
|
||||||
(error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0)))
|
(error = priv_check_cred(cred, PRIV_VFS_CHOWN)))
|
||||||
return (error);
|
return (error);
|
||||||
ogid = ip->i_gid;
|
ogid = ip->i_gid;
|
||||||
ouid = ip->i_uid;
|
ouid = ip->i_uid;
|
||||||
@ -867,7 +867,7 @@ good:
|
|||||||
#endif /* QUOTA */
|
#endif /* QUOTA */
|
||||||
ip->i_flag |= IN_CHANGE;
|
ip->i_flag |= IN_CHANGE;
|
||||||
if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
|
if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
|
||||||
if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0)) {
|
if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID)) {
|
||||||
ip->i_mode &= ~(ISUID | ISGID);
|
ip->i_mode &= ~(ISUID | ISGID);
|
||||||
DIP_SET(ip, i_mode, ip->i_mode);
|
DIP_SET(ip, i_mode, ip->i_mode);
|
||||||
}
|
}
|
||||||
@ -2637,7 +2637,7 @@ ufs_makeinode(mode, dvp, vpp, cnp, callfunc)
|
|||||||
if (DOINGSOFTDEP(tvp))
|
if (DOINGSOFTDEP(tvp))
|
||||||
softdep_setup_create(VTOI(dvp), ip);
|
softdep_setup_create(VTOI(dvp), ip);
|
||||||
if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
|
if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
|
||||||
priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID, 0)) {
|
priv_check_cred(cnp->cn_cred, PRIV_VFS_SETGID)) {
|
||||||
ip->i_mode &= ~ISGID;
|
ip->i_mode &= ~ISGID;
|
||||||
DIP_SET(ip, i_mode, ip->i_mode);
|
DIP_SET(ip, i_mode, ip->i_mode);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -979,7 +979,7 @@ kern_mlock(struct proc *proc, struct ucred *cred, uintptr_t addr0, size_t len)
|
|||||||
unsigned long nsize;
|
unsigned long nsize;
|
||||||
int error;
|
int error;
|
||||||
|
|
||||||
error = priv_check_cred(cred, PRIV_VM_MLOCK, 0);
|
error = priv_check_cred(cred, PRIV_VM_MLOCK);
|
||||||
if (error)
|
if (error)
|
||||||
return (error);
|
return (error);
|
||||||
addr = addr0;
|
addr = addr0;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user