1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
From e97dac57ce18693e0b6360af3a9377b48ab13ad2 Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@gnupg.org>
Date: Mon, 25 Apr 2016 01:38:45 +0200
Subject: [PATCH hurd 2/5] libtrivfs: fix notion of privileged user
Set 'is_root' if the node has been opened by the root user (this was
the old behavior) or if it has been opened by the user the translator
is executing under.
This fixes the irritating bug that an unprivileged user cannot control
her own trivfs-based translators. It does not change how privileged
trivfs translators work.
* libtrivfs/io-reauthenticate.c (trivfs_S_io_reauthenticate): Use the
new function to compute 'isroot'.
* libtrivfs/io-restrict-auth.c (trivfs_S_io_restrict_auth): Likewise.
* libtrivfs/open.c (trivfs_open): Likewise.
* libtrivfs/priv.h (_is_privileged): New function.
* libtrivfs/trivfs.h (struct peropen): Clarify what 'isroot' means.
---
libtrivfs/io-reauthenticate.c | 3 +--
libtrivfs/io-restrict-auth.c | 4 +---
libtrivfs/open.c | 2 +-
libtrivfs/priv.h | 9 +++++++++
libtrivfs/trivfs.h | 3 ++-
5 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/libtrivfs/io-reauthenticate.c b/libtrivfs/io-reauthenticate.c
index 35775e5..72684e3 100644
--- a/libtrivfs/io-reauthenticate.c
+++ b/libtrivfs/io-reauthenticate.c
@@ -59,8 +59,7 @@ trivfs_S_io_reauthenticate (struct trivfs_protid *cred,
return err;
mach_port_deallocate (mach_task_self (), newright);
- if (idvec_contains (newcred->user->uids, 0))
- newcred->isroot = 1;
+ newcred->isroot = _is_privileged (newcred->user->uids);
newcred->hook = cred->hook;
newcred->po = cred->po;
diff --git a/libtrivfs/io-restrict-auth.c b/libtrivfs/io-restrict-auth.c
index cb4224d..6c807f1 100644
--- a/libtrivfs/io-restrict-auth.c
+++ b/libtrivfs/io-restrict-auth.c
@@ -109,11 +109,9 @@ trivfs_S_io_restrict_auth (struct trivfs_protid *cred,
return err;
}
- newcred->isroot = 0;
newcred->po = cred->po;
refcount_ref (&newcred->po->refcnt);
- if (cred->isroot && idvec_contains (user->uids, 0))
- newcred->isroot = 1;
+ newcred->isroot = cred->isroot && _is_privileged (user->uids);
newcred->user = user;
newcred->hook = cred->hook;
diff --git a/libtrivfs/open.c b/libtrivfs/open.c
index 97e70a1..35a9452 100644
--- a/libtrivfs/open.c
+++ b/libtrivfs/open.c
@@ -56,7 +56,7 @@ trivfs_open (struct trivfs_control *cntl,
if (! err)
{
new->user = user;
- new->isroot = idvec_contains (user->uids, 0);
+ new->isroot = _is_privileged (user->uids);
new->po = po;
new->hook = 0;
diff --git a/libtrivfs/priv.h b/libtrivfs/priv.h
index d92fe33..4bdd4f7 100644
--- a/libtrivfs/priv.h
+++ b/libtrivfs/priv.h
@@ -21,6 +21,15 @@
#include <mach.h>
#include <hurd.h>
#include <hurd/ports.h>
+#include <idvec.h>
+#include <unistd.h>
#include "trivfs.h"
+/* Returns true if UIDS contains either 0 or our user id. */
+static inline int
+_is_privileged (struct idvec *uids)
+{
+ return idvec_contains (uids, 0) || idvec_contains (uids, getuid ());
+}
+
#endif
diff --git a/libtrivfs/trivfs.h b/libtrivfs/trivfs.h
index d81c4f9..49cc765 100644
--- a/libtrivfs/trivfs.h
+++ b/libtrivfs/trivfs.h
@@ -30,7 +30,8 @@ struct trivfs_protid
{
struct port_info pi;
struct iouser *user;
- int isroot;
+ int isroot; /* Opened by a privileged user, either
+ root or our own user. */
/* REALNODE will be null if this protid wasn't fully created (currently
only in the case where trivfs_protid_create_hook returns an error). */
mach_port_t realnode; /* restricted permissions */
--
2.1.4
|
