summaryrefslogtreecommitdiff
path: root/libtrivfs
diff options
context:
space:
mode:
Diffstat (limited to 'libtrivfs')
-rw-r--r--libtrivfs/io-reauthenticate.c3
-rw-r--r--libtrivfs/io-restrict-auth.c4
-rw-r--r--libtrivfs/open.c2
-rw-r--r--libtrivfs/priv.h9
-rw-r--r--libtrivfs/trivfs.h3
5 files changed, 14 insertions, 7 deletions
diff --git a/libtrivfs/io-reauthenticate.c b/libtrivfs/io-reauthenticate.c
index 35775e57..72684e35 100644
--- a/libtrivfs/io-reauthenticate.c
+++ b/libtrivfs/io-reauthenticate.c
@@ -59,8 +59,7 @@ trivfs_S_io_reauthenticate (struct trivfs_protid *cred,
return err;
mach_port_deallocate (mach_task_self (), newright);
- if (idvec_contains (newcred->user->uids, 0))
- newcred->isroot = 1;
+ newcred->isroot = _is_privileged (newcred->user->uids);
newcred->hook = cred->hook;
newcred->po = cred->po;
diff --git a/libtrivfs/io-restrict-auth.c b/libtrivfs/io-restrict-auth.c
index cb4224dc..6c807f17 100644
--- a/libtrivfs/io-restrict-auth.c
+++ b/libtrivfs/io-restrict-auth.c
@@ -109,11 +109,9 @@ trivfs_S_io_restrict_auth (struct trivfs_protid *cred,
return err;
}
- newcred->isroot = 0;
newcred->po = cred->po;
refcount_ref (&newcred->po->refcnt);
- if (cred->isroot && idvec_contains (user->uids, 0))
- newcred->isroot = 1;
+ newcred->isroot = cred->isroot && _is_privileged (user->uids);
newcred->user = user;
newcred->hook = cred->hook;
diff --git a/libtrivfs/open.c b/libtrivfs/open.c
index 97e70a16..35a9452c 100644
--- a/libtrivfs/open.c
+++ b/libtrivfs/open.c
@@ -56,7 +56,7 @@ trivfs_open (struct trivfs_control *cntl,
if (! err)
{
new->user = user;
- new->isroot = idvec_contains (user->uids, 0);
+ new->isroot = _is_privileged (user->uids);
new->po = po;
new->hook = 0;
diff --git a/libtrivfs/priv.h b/libtrivfs/priv.h
index d92fe336..4bdd4f77 100644
--- a/libtrivfs/priv.h
+++ b/libtrivfs/priv.h
@@ -21,6 +21,15 @@
#include <mach.h>
#include <hurd.h>
#include <hurd/ports.h>
+#include <idvec.h>
+#include <unistd.h>
#include "trivfs.h"
+/* Returns true if UIDS contains either 0 or our user id. */
+static inline int
+_is_privileged (struct idvec *uids)
+{
+ return idvec_contains (uids, 0) || idvec_contains (uids, getuid ());
+}
+
#endif
diff --git a/libtrivfs/trivfs.h b/libtrivfs/trivfs.h
index d81c4f93..49cc765f 100644
--- a/libtrivfs/trivfs.h
+++ b/libtrivfs/trivfs.h
@@ -30,7 +30,8 @@ struct trivfs_protid
{
struct port_info pi;
struct iouser *user;
- int isroot;
+ int isroot; /* Opened by a privileged user, either
+ root or our own user. */
/* REALNODE will be null if this protid wasn't fully created (currently
only in the case where trivfs_protid_create_hook returns an error). */
mach_port_t realnode; /* restricted permissions */