diff options
Diffstat (limited to 'libtrivfs')
-rw-r--r-- | libtrivfs/io-reauthenticate.c | 3 | ||||
-rw-r--r-- | libtrivfs/io-restrict-auth.c | 4 | ||||
-rw-r--r-- | libtrivfs/open.c | 2 | ||||
-rw-r--r-- | libtrivfs/priv.h | 9 | ||||
-rw-r--r-- | libtrivfs/trivfs.h | 3 |
5 files changed, 14 insertions, 7 deletions
diff --git a/libtrivfs/io-reauthenticate.c b/libtrivfs/io-reauthenticate.c index 35775e57..72684e35 100644 --- a/libtrivfs/io-reauthenticate.c +++ b/libtrivfs/io-reauthenticate.c @@ -59,8 +59,7 @@ trivfs_S_io_reauthenticate (struct trivfs_protid *cred, return err; mach_port_deallocate (mach_task_self (), newright); - if (idvec_contains (newcred->user->uids, 0)) - newcred->isroot = 1; + newcred->isroot = _is_privileged (newcred->user->uids); newcred->hook = cred->hook; newcred->po = cred->po; diff --git a/libtrivfs/io-restrict-auth.c b/libtrivfs/io-restrict-auth.c index cb4224dc..6c807f17 100644 --- a/libtrivfs/io-restrict-auth.c +++ b/libtrivfs/io-restrict-auth.c @@ -109,11 +109,9 @@ trivfs_S_io_restrict_auth (struct trivfs_protid *cred, return err; } - newcred->isroot = 0; newcred->po = cred->po; refcount_ref (&newcred->po->refcnt); - if (cred->isroot && idvec_contains (user->uids, 0)) - newcred->isroot = 1; + newcred->isroot = cred->isroot && _is_privileged (user->uids); newcred->user = user; newcred->hook = cred->hook; diff --git a/libtrivfs/open.c b/libtrivfs/open.c index 97e70a16..35a9452c 100644 --- a/libtrivfs/open.c +++ b/libtrivfs/open.c @@ -56,7 +56,7 @@ trivfs_open (struct trivfs_control *cntl, if (! err) { new->user = user; - new->isroot = idvec_contains (user->uids, 0); + new->isroot = _is_privileged (user->uids); new->po = po; new->hook = 0; diff --git a/libtrivfs/priv.h b/libtrivfs/priv.h index d92fe336..4bdd4f77 100644 --- a/libtrivfs/priv.h +++ b/libtrivfs/priv.h @@ -21,6 +21,15 @@ #include <mach.h> #include <hurd.h> #include <hurd/ports.h> +#include <idvec.h> +#include <unistd.h> #include "trivfs.h" +/* Returns true if UIDS contains either 0 or our user id. */ +static inline int +_is_privileged (struct idvec *uids) +{ + return idvec_contains (uids, 0) || idvec_contains (uids, getuid ()); +} + #endif diff --git a/libtrivfs/trivfs.h b/libtrivfs/trivfs.h index d81c4f93..49cc765f 100644 --- a/libtrivfs/trivfs.h +++ b/libtrivfs/trivfs.h @@ -30,7 +30,8 @@ struct trivfs_protid { struct port_info pi; struct iouser *user; - int isroot; + int isroot; /* Opened by a privileged user, either + root or our own user. */ /* REALNODE will be null if this protid wasn't fully created (currently only in the case where trivfs_protid_create_hook returns an error). */ mach_port_t realnode; /* restricted permissions */ |