From e97dac57ce18693e0b6360af3a9377b48ab13ad2 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Mon, 25 Apr 2016 01:38:45 +0200 Subject: [PATCH hurd 2/5] libtrivfs: fix notion of privileged user Set 'is_root' if the node has been opened by the root user (this was the old behavior) or if it has been opened by the user the translator is executing under. This fixes the irritating bug that an unprivileged user cannot control her own trivfs-based translators. It does not change how privileged trivfs translators work. * libtrivfs/io-reauthenticate.c (trivfs_S_io_reauthenticate): Use the new function to compute 'isroot'. * libtrivfs/io-restrict-auth.c (trivfs_S_io_restrict_auth): Likewise. * libtrivfs/open.c (trivfs_open): Likewise. * libtrivfs/priv.h (_is_privileged): New function. * libtrivfs/trivfs.h (struct peropen): Clarify what 'isroot' means. --- libtrivfs/io-reauthenticate.c | 3 +-- libtrivfs/io-restrict-auth.c | 4 +--- libtrivfs/open.c | 2 +- libtrivfs/priv.h | 9 +++++++++ libtrivfs/trivfs.h | 3 ++- 5 files changed, 14 insertions(+), 7 deletions(-) diff --git a/libtrivfs/io-reauthenticate.c b/libtrivfs/io-reauthenticate.c index 35775e5..72684e3 100644 --- a/libtrivfs/io-reauthenticate.c +++ b/libtrivfs/io-reauthenticate.c @@ -59,8 +59,7 @@ trivfs_S_io_reauthenticate (struct trivfs_protid *cred, return err; mach_port_deallocate (mach_task_self (), newright); - if (idvec_contains (newcred->user->uids, 0)) - newcred->isroot = 1; + newcred->isroot = _is_privileged (newcred->user->uids); newcred->hook = cred->hook; newcred->po = cred->po; diff --git a/libtrivfs/io-restrict-auth.c b/libtrivfs/io-restrict-auth.c index cb4224d..6c807f1 100644 --- a/libtrivfs/io-restrict-auth.c +++ b/libtrivfs/io-restrict-auth.c @@ -109,11 +109,9 @@ trivfs_S_io_restrict_auth (struct trivfs_protid *cred, return err; } - newcred->isroot = 0; newcred->po = cred->po; refcount_ref (&newcred->po->refcnt); - if (cred->isroot && idvec_contains (user->uids, 0)) - newcred->isroot = 1; + newcred->isroot = cred->isroot && _is_privileged (user->uids); newcred->user = user; newcred->hook = cred->hook; diff --git a/libtrivfs/open.c b/libtrivfs/open.c index 97e70a1..35a9452 100644 --- a/libtrivfs/open.c +++ b/libtrivfs/open.c @@ -56,7 +56,7 @@ trivfs_open (struct trivfs_control *cntl, if (! err) { new->user = user; - new->isroot = idvec_contains (user->uids, 0); + new->isroot = _is_privileged (user->uids); new->po = po; new->hook = 0; diff --git a/libtrivfs/priv.h b/libtrivfs/priv.h index d92fe33..4bdd4f7 100644 --- a/libtrivfs/priv.h +++ b/libtrivfs/priv.h @@ -21,6 +21,15 @@ #include #include #include +#include +#include #include "trivfs.h" +/* Returns true if UIDS contains either 0 or our user id. */ +static inline int +_is_privileged (struct idvec *uids) +{ + return idvec_contains (uids, 0) || idvec_contains (uids, getuid ()); +} + #endif diff --git a/libtrivfs/trivfs.h b/libtrivfs/trivfs.h index d81c4f9..49cc765 100644 --- a/libtrivfs/trivfs.h +++ b/libtrivfs/trivfs.h @@ -30,7 +30,8 @@ struct trivfs_protid { struct port_info pi; struct iouser *user; - int isroot; + int isroot; /* Opened by a privileged user, either + root or our own user. */ /* REALNODE will be null if this protid wasn't fully created (currently only in the case where trivfs_protid_create_hook returns an error). */ mach_port_t realnode; /* restricted permissions */ -- 2.1.4