summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJustus Winter <justus@gnupg.org>2016-04-25 01:38:45 +0200
committerJustus Winter <justus@gnupg.org>2016-04-26 14:49:46 +0200
commit94ce9fa4c443ec9a0e6ecc92cb6b07534c321c75 (patch)
treec648e34b5b21eed772bb1d8920b30ac59f34d04b
parentd67a86c9690c2a9984ca6e9f3c376956495897f4 (diff)
libtrivfs: fix notion of privileged user
Set 'is_root' if the node has been opened by the root user (this was the old behavior) or if it has been opened by the user the translator is executing under. This fixes the irritating bug that an unprivileged user cannot control her own trivfs-based translators. It does not change how privileged trivfs translators work. * libtrivfs/io-reauthenticate.c (trivfs_S_io_reauthenticate): Use the new function to compute 'isroot'. * libtrivfs/io-restrict-auth.c (trivfs_S_io_restrict_auth): Likewise. * libtrivfs/open.c (trivfs_open): Likewise. * libtrivfs/priv.h (_is_privileged): New function. * libtrivfs/trivfs.h (struct peropen): Clarify what 'isroot' means.
-rw-r--r--libtrivfs/io-reauthenticate.c3
-rw-r--r--libtrivfs/io-restrict-auth.c4
-rw-r--r--libtrivfs/open.c2
-rw-r--r--libtrivfs/priv.h9
-rw-r--r--libtrivfs/trivfs.h3
5 files changed, 14 insertions, 7 deletions
diff --git a/libtrivfs/io-reauthenticate.c b/libtrivfs/io-reauthenticate.c
index 35775e57..72684e35 100644
--- a/libtrivfs/io-reauthenticate.c
+++ b/libtrivfs/io-reauthenticate.c
@@ -59,8 +59,7 @@ trivfs_S_io_reauthenticate (struct trivfs_protid *cred,
return err;
mach_port_deallocate (mach_task_self (), newright);
- if (idvec_contains (newcred->user->uids, 0))
- newcred->isroot = 1;
+ newcred->isroot = _is_privileged (newcred->user->uids);
newcred->hook = cred->hook;
newcred->po = cred->po;
diff --git a/libtrivfs/io-restrict-auth.c b/libtrivfs/io-restrict-auth.c
index cb4224dc..6c807f17 100644
--- a/libtrivfs/io-restrict-auth.c
+++ b/libtrivfs/io-restrict-auth.c
@@ -109,11 +109,9 @@ trivfs_S_io_restrict_auth (struct trivfs_protid *cred,
return err;
}
- newcred->isroot = 0;
newcred->po = cred->po;
refcount_ref (&newcred->po->refcnt);
- if (cred->isroot && idvec_contains (user->uids, 0))
- newcred->isroot = 1;
+ newcred->isroot = cred->isroot && _is_privileged (user->uids);
newcred->user = user;
newcred->hook = cred->hook;
diff --git a/libtrivfs/open.c b/libtrivfs/open.c
index 97e70a16..35a9452c 100644
--- a/libtrivfs/open.c
+++ b/libtrivfs/open.c
@@ -56,7 +56,7 @@ trivfs_open (struct trivfs_control *cntl,
if (! err)
{
new->user = user;
- new->isroot = idvec_contains (user->uids, 0);
+ new->isroot = _is_privileged (user->uids);
new->po = po;
new->hook = 0;
diff --git a/libtrivfs/priv.h b/libtrivfs/priv.h
index d92fe336..4bdd4f77 100644
--- a/libtrivfs/priv.h
+++ b/libtrivfs/priv.h
@@ -21,6 +21,15 @@
#include <mach.h>
#include <hurd.h>
#include <hurd/ports.h>
+#include <idvec.h>
+#include <unistd.h>
#include "trivfs.h"
+/* Returns true if UIDS contains either 0 or our user id. */
+static inline int
+_is_privileged (struct idvec *uids)
+{
+ return idvec_contains (uids, 0) || idvec_contains (uids, getuid ());
+}
+
#endif
diff --git a/libtrivfs/trivfs.h b/libtrivfs/trivfs.h
index d81c4f93..49cc765f 100644
--- a/libtrivfs/trivfs.h
+++ b/libtrivfs/trivfs.h
@@ -30,7 +30,8 @@ struct trivfs_protid
{
struct port_info pi;
struct iouser *user;
- int isroot;
+ int isroot; /* Opened by a privileged user, either
+ root or our own user. */
/* REALNODE will be null if this protid wasn't fully created (currently
only in the case where trivfs_protid_create_hook returns an error). */
mach_port_t realnode; /* restricted permissions */