priv: Introduce and use PRIV_VFS_SETATTR in xxx_setattr()
authorMichael Neumann <mneumann@ntecs.de>
Sun, 12 Jul 2009 17:20:09 +0000 (19:20 +0200)
committerMichael Neumann <mneumann@ntecs.de>
Sun, 12 Jul 2009 17:20:09 +0000 (19:20 +0200)
Replace PRIV_ROOT, PRISON_ROOT combination in xxx_setattr() function
(e.g. ext2fs_setattr()) of several filesystems with PRIV_VFS_SETATTR.

sys/kern/kern_jail.c
sys/sys/priv.h
sys/vfs/gnu/ext2fs/ext2_vnops.c
sys/vfs/hpfs/hpfs_vnops.c
sys/vfs/msdosfs/msdosfs_vnops.c
sys/vfs/smbfs/smbfs_vnops.c
sys/vfs/ufs/ufs_vnops.c

index 203a430..c3a921c 100644 (file)
@@ -690,6 +690,7 @@ prison_priv_check(struct ucred *cred, int priv)
        case PRIV_VFS_MKNOD_BAD:
        case PRIV_VFS_MKNOD_WHT:
        case PRIV_VFS_MKNOD_DIR:
+       case PRIV_VFS_SETATTR:
 
        case PRIV_PROC_SETRLIMIT:
        case PRIV_PROC_SETLOGIN:
index 6241ac4..382c730 100644 (file)
                                        /* directories for HAMMER. */
 #define        PRIV_VFS_CHMOD          346     /* Can chmod() if not owner */
 #define        PRIV_VFS_REVOKE         347     /* Can revoke() if not owner */
+#define        PRIV_VFS_SETATTR        348     /* Can xxx_setattr() if not owner */
 
 /*
  * Virtual memory privileges.
index 5198a72..a11f8f6 100644 (file)
@@ -1480,7 +1480,7 @@ ext2_setattr(struct vop_setattr_args *ap)
                if (vp->v_mount->mnt_flag & MNT_RDONLY)
                        return (EROFS);
                if (cred->cr_uid != ip->i_uid &&
-                   (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
+                   (error = priv_check_cred(cred, PRIV_VFS_SETATTR, 0)))
                        return (error);
                /*
                 * Note that a root chflags becomes a user chflags when
@@ -1542,7 +1542,7 @@ ext2_setattr(struct vop_setattr_args *ap)
                if (vp->v_mount->mnt_flag & MNT_RDONLY)
                        return (EROFS);
                if (cred->cr_uid != ip->i_uid &&
-                   (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) &&
+                   (error = priv_check_cred(cred, PRIV_VFS_SETATTR, 0)) &&
                    ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
                    (error = VOP_ACCESS(vp, VWRITE, cred))))
                        return (error);
index 08469b6..3c60bd8 100644 (file)
@@ -525,7 +525,7 @@ hpfs_setattr(struct vop_setattr_args *ap)
                if (vp->v_mount->mnt_flag & MNT_RDONLY)
                        return (EROFS);
                if (cred->cr_uid != hp->h_uid &&
-                   (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) &&
+                   (error = priv_check_cred(cred, PRIV_VFS_SETATTR, 0)) &&
                    ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
                    (error = VOP_ACCESS(vp, VWRITE, cred))))
                        return (error);
index 0a2052b..131b2b2 100644 (file)
@@ -416,7 +416,7 @@ msdosfs_setattr(struct vop_setattr_args *ap)
                if (vp->v_mount->mnt_flag & MNT_RDONLY)
                        return (EROFS);
                if (cred->cr_uid != pmp->pm_uid &&
-                   (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
+                   (error = priv_check_cred(cred, PRIV_VFS_SETATTR, 0)))
                        return (error);
                /*
                 * We are very inconsistent about handling unsupported
@@ -457,7 +457,7 @@ msdosfs_setattr(struct vop_setattr_args *ap)
                        gid = pmp->pm_gid;
                if ((cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid ||
                    (gid != pmp->pm_gid && !groupmember(gid, cred))) &&
-                   (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
+                   (error = priv_check_cred(cred, PRIV_VFS_SETATTR, 0)))
                        return error;
                if (uid != pmp->pm_uid || gid != pmp->pm_gid)
                        return EINVAL;
@@ -489,7 +489,7 @@ msdosfs_setattr(struct vop_setattr_args *ap)
                if (vp->v_mount->mnt_flag & MNT_RDONLY)
                        return (EROFS);
                if (cred->cr_uid != pmp->pm_uid &&
-                   (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) &&
+                   (error = priv_check_cred(cred, PRIV_VFS_SETATTR, 0)) &&
                    ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
                    (error = VOP_ACCESS(ap->a_vp, VWRITE, cred))))
                        return (error);
@@ -518,7 +518,7 @@ msdosfs_setattr(struct vop_setattr_args *ap)
                if (vp->v_mount->mnt_flag & MNT_RDONLY)
                        return (EROFS);
                if (cred->cr_uid != pmp->pm_uid &&
-                   (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
+                   (error = priv_check_cred(cred, PRIV_VFS_SETATTR, 0)))
                        return (error);
                if (vp->v_type != VDIR) {
                        /* We ignore the read and execute bits. */
index e3a5068..df54519 100644 (file)
@@ -366,7 +366,7 @@ smbfs_setattr(struct vop_setattr_args *ap)
                atime = &vap->va_atime;
        if (mtime != atime) {
                if (ap->a_cred->cr_uid != VTOSMBFS(vp)->sm_args.uid &&
-                   (error = priv_check_cred(ap->a_cred, PRIV_ROOT, PRISON_ROOT)) &&
+                   (error = priv_check_cred(ap->a_cred, PRIV_VFS_SETATTR, 0)) &&
                    ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
                    (error = VOP_ACCESS(vp, VWRITE, ap->a_cred))))
                        return (error);
index 09423fd..6f67abd 100644 (file)
@@ -466,7 +466,7 @@ ufs_setattr(struct vop_setattr_args *ap)
                if (vp->v_mount->mnt_flag & MNT_RDONLY)
                        return (EROFS);
                if (cred->cr_uid != ip->i_uid &&
-                   (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
+                   (error = priv_check_cred(cred, PRIV_VFS_SETATTR, 0)))
                        return (error);
                /*
                 * Note that a root chflags becomes a user chflags when
@@ -528,7 +528,7 @@ ufs_setattr(struct vop_setattr_args *ap)
                if (vp->v_mount->mnt_flag & MNT_RDONLY)
                        return (EROFS);
                if (cred->cr_uid != ip->i_uid &&
-                   (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) &&
+                   (error = priv_check_cred(cred, PRIV_VFS_SETATTR, 0)) &&
                    ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
                    (error = VOP_ACCESS(vp, VWRITE, cred))))
                        return (error);