d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MFC revision 1.99 nfs_srvsock.c

Browse Source 
MFC revision 1.111 mac_vfs.c
MFC revision 1.70 mac.h
MFC revision 1.71 mac_policy.h

MFC the mac_associate_nfsd_label entry point, only replace one of the
mac_policy_ops stub elements to ensure that we dont break compatability
with existing MAC modules.
This commit is contained in:
csjp 2006-09-02 23:58:21 +00:00
parent 457100b9c2
commit 3e4ddc2655
4 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/nfsserver/nfs_srvsock.c
View File

@ -39,10 +39,13 @@ __FBSDID("$FreeBSD$");
* Socket operations for use by nfs
*/
#include "opt_mac.h"
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/mac.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/mount.h>
@ -365,6 +368,9 @@ nfs_getreq(struct nfsrv_descript *nd, struct nfsd *nfsd, int has_header)
nd->nd_cr->cr_svuid = fxdr_unsigned(uid_t, *tl++);
nd->nd_cr->cr_groups[0] = nd->nd_cr->cr_rgid =
nd->nd_cr->cr_svgid = fxdr_unsigned(gid_t, *tl++);
#ifdef MAC
mac_associate_nfsd_label(nd->nd_cr);
#endif
len = fxdr_unsigned(int, *tl);
if (len < 0 || len > RPCAUTH_UNIXGIDS) {
m_freem(mrep);

7
sys/security/mac/mac_vfs.c
View File

@ -1028,3 +1028,10 @@ vn_setlabel(struct vnode *vp, struct label *intlabel, struct ucred *cred)
return (0);
}
void
mac_associate_nfsd_label(struct ucred *cred)
{
MAC_PERFORM(associate_nfsd_label, cred);
}

1
sys/sys/mac.h
View File

@ -463,6 +463,7 @@ int mac_setsockopt_label(struct ucred *cred, struct socket *so,
int mac_pipe_label_set(struct ucred *cred, struct pipepair *pp,
struct label *label);
void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred);
void mac_associate_nfsd_label(struct ucred *cred);
/*
* Calls to help various file systems implement labeling functionality

2
sys/sys/mac_policy.h
View File

@ -351,7 +351,7 @@ struct mac_policy_ops {
int (*mpo_check_cred_relabel)(struct ucred *cred,
struct label *newlabel);
int (*mpo_check_cred_visible)(struct ucred *u1, struct ucred *u2);
void (*_mpo_placeholder8)(void);
void (*mpo_associate_nfsd_label)(struct ucred *cred);
void (*_mpo_placeholder9)(void);
void (*_mpo_placeholder10)(void);
void (*_mpo_placeholder11)(void);