Commit 48937024 authored by David Howells's avatar David Howells Committed by James Morris

CRED: Wrap task credential accesses in the NCPFS filesystem

Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.

Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().

Change some task->e?[ug]id to task_e?[ug]id().  In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Reviewed-by: default avatarJames Morris <jmorris@namei.org>
Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
Acked-by: default avatarPetr Vandrovec <vandrove@vc.cvut.cz>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 922c030f
...@@ -40,10 +40,10 @@ ncp_get_fs_info(struct ncp_server * server, struct file *file, ...@@ -40,10 +40,10 @@ ncp_get_fs_info(struct ncp_server * server, struct file *file,
struct inode *inode = file->f_path.dentry->d_inode; struct inode *inode = file->f_path.dentry->d_inode;
struct ncp_fs_info info; struct ncp_fs_info info;
if ((file_permission(file, MAY_WRITE) != 0) if (file_permission(file, MAY_WRITE) != 0
&& (current->uid != server->m.mounted_uid)) { && current_uid() != server->m.mounted_uid)
return -EACCES; return -EACCES;
}
if (copy_from_user(&info, arg, sizeof(info))) if (copy_from_user(&info, arg, sizeof(info)))
return -EFAULT; return -EFAULT;
...@@ -70,10 +70,10 @@ ncp_get_fs_info_v2(struct ncp_server * server, struct file *file, ...@@ -70,10 +70,10 @@ ncp_get_fs_info_v2(struct ncp_server * server, struct file *file,
struct inode *inode = file->f_path.dentry->d_inode; struct inode *inode = file->f_path.dentry->d_inode;
struct ncp_fs_info_v2 info2; struct ncp_fs_info_v2 info2;
if ((file_permission(file, MAY_WRITE) != 0) if (file_permission(file, MAY_WRITE) != 0
&& (current->uid != server->m.mounted_uid)) { && current_uid() != server->m.mounted_uid)
return -EACCES; return -EACCES;
}
if (copy_from_user(&info2, arg, sizeof(info2))) if (copy_from_user(&info2, arg, sizeof(info2)))
return -EFAULT; return -EFAULT;
...@@ -141,10 +141,10 @@ ncp_get_compat_fs_info_v2(struct ncp_server * server, struct file *file, ...@@ -141,10 +141,10 @@ ncp_get_compat_fs_info_v2(struct ncp_server * server, struct file *file,
struct inode *inode = file->f_path.dentry->d_inode; struct inode *inode = file->f_path.dentry->d_inode;
struct compat_ncp_fs_info_v2 info2; struct compat_ncp_fs_info_v2 info2;
if ((file_permission(file, MAY_WRITE) != 0) if (file_permission(file, MAY_WRITE) != 0
&& (current->uid != server->m.mounted_uid)) { && current_uid() != server->m.mounted_uid)
return -EACCES; return -EACCES;
}
if (copy_from_user(&info2, arg, sizeof(info2))) if (copy_from_user(&info2, arg, sizeof(info2)))
return -EFAULT; return -EFAULT;
...@@ -270,16 +270,17 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -270,16 +270,17 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp,
struct ncp_ioctl_request request; struct ncp_ioctl_request request;
char* bouncebuffer; char* bouncebuffer;
void __user *argp = (void __user *)arg; void __user *argp = (void __user *)arg;
uid_t uid = current_uid();
switch (cmd) { switch (cmd) {
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
case NCP_IOC_NCPREQUEST_32: case NCP_IOC_NCPREQUEST_32:
#endif #endif
case NCP_IOC_NCPREQUEST: case NCP_IOC_NCPREQUEST:
if ((file_permission(filp, MAY_WRITE) != 0) if (file_permission(filp, MAY_WRITE) != 0
&& (current->uid != server->m.mounted_uid)) { && uid != server->m.mounted_uid)
return -EACCES; return -EACCES;
}
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
if (cmd == NCP_IOC_NCPREQUEST_32) { if (cmd == NCP_IOC_NCPREQUEST_32) {
struct compat_ncp_ioctl_request request32; struct compat_ncp_ioctl_request request32;
...@@ -356,10 +357,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -356,10 +357,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp,
case NCP_IOC_GETMOUNTUID16: case NCP_IOC_GETMOUNTUID16:
case NCP_IOC_GETMOUNTUID32: case NCP_IOC_GETMOUNTUID32:
case NCP_IOC_GETMOUNTUID64: case NCP_IOC_GETMOUNTUID64:
if ((file_permission(filp, MAY_READ) != 0) if (file_permission(filp, MAY_READ) != 0
&& (current->uid != server->m.mounted_uid)) { && uid != server->m.mounted_uid)
return -EACCES; return -EACCES;
}
if (cmd == NCP_IOC_GETMOUNTUID16) { if (cmd == NCP_IOC_GETMOUNTUID16) {
u16 uid; u16 uid;
SET_UID(uid, server->m.mounted_uid); SET_UID(uid, server->m.mounted_uid);
...@@ -380,11 +381,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -380,11 +381,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp,
{ {
struct ncp_setroot_ioctl sr; struct ncp_setroot_ioctl sr;
if ((file_permission(filp, MAY_READ) != 0) if (file_permission(filp, MAY_READ) != 0
&& (current->uid != server->m.mounted_uid)) && uid != server->m.mounted_uid)
{
return -EACCES; return -EACCES;
}
if (server->m.mounted_vol[0]) { if (server->m.mounted_vol[0]) {
struct dentry* dentry = inode->i_sb->s_root; struct dentry* dentry = inode->i_sb->s_root;
...@@ -408,6 +408,7 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -408,6 +408,7 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp,
return -EFAULT; return -EFAULT;
return 0; return 0;
} }
case NCP_IOC_SETROOT: case NCP_IOC_SETROOT:
{ {
struct ncp_setroot_ioctl sr; struct ncp_setroot_ioctl sr;
...@@ -455,11 +456,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -455,11 +456,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp,
#ifdef CONFIG_NCPFS_PACKET_SIGNING #ifdef CONFIG_NCPFS_PACKET_SIGNING
case NCP_IOC_SIGN_INIT: case NCP_IOC_SIGN_INIT:
if ((file_permission(filp, MAY_WRITE) != 0) if (file_permission(filp, MAY_WRITE) != 0
&& (current->uid != server->m.mounted_uid)) && uid != server->m.mounted_uid)
{
return -EACCES; return -EACCES;
}
if (argp) { if (argp) {
if (server->sign_wanted) if (server->sign_wanted)
{ {
...@@ -478,24 +478,22 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -478,24 +478,22 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp,
return 0; return 0;
case NCP_IOC_SIGN_WANTED: case NCP_IOC_SIGN_WANTED:
if ((file_permission(filp, MAY_READ) != 0) if (file_permission(filp, MAY_READ) != 0
&& (current->uid != server->m.mounted_uid)) && uid != server->m.mounted_uid)
{
return -EACCES; return -EACCES;
}
if (put_user(server->sign_wanted, (int __user *)argp)) if (put_user(server->sign_wanted, (int __user *)argp))
return -EFAULT; return -EFAULT;
return 0; return 0;
case NCP_IOC_SET_SIGN_WANTED: case NCP_IOC_SET_SIGN_WANTED:
{ {
int newstate; int newstate;
if ((file_permission(filp, MAY_WRITE) != 0) if (file_permission(filp, MAY_WRITE) != 0
&& (current->uid != server->m.mounted_uid)) && uid != server->m.mounted_uid)
{
return -EACCES; return -EACCES;
}
/* get only low 8 bits... */ /* get only low 8 bits... */
if (get_user(newstate, (unsigned char __user *)argp)) if (get_user(newstate, (unsigned char __user *)argp))
return -EFAULT; return -EFAULT;
...@@ -512,11 +510,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, ...@@ -512,11 +510,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp,
#ifdef CONFIG_NCPFS_IOCTL_LOCKING #ifdef CONFIG_NCPFS_IOCTL_LOCKING
case NCP_IOC_LOCKUNLOCK: case NCP_IOC_LOCKUNLOCK:
if ((file_permission(filp, MAY_WRITE) != 0) if (file_permission(filp, MAY_WRITE) != 0
&& (current->uid != server->m.mounted_uid)) && uid != server->m.mounted_uid)
{
return -EACCES; return -EACCES;
}
{ {
struct ncp_lock_ioctl rqdata; struct ncp_lock_ioctl rqdata;
...@@ -585,9 +582,8 @@ outrel: ...@@ -585,9 +582,8 @@ outrel:
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
case NCP_IOC_GETOBJECTNAME_32: case NCP_IOC_GETOBJECTNAME_32:
if (current->uid != server->m.mounted_uid) { if (uid != server->m.mounted_uid)
return -EACCES; return -EACCES;
}
{ {
struct compat_ncp_objectname_ioctl user; struct compat_ncp_objectname_ioctl user;
size_t outl; size_t outl;
...@@ -609,10 +605,10 @@ outrel: ...@@ -609,10 +605,10 @@ outrel:
return 0; return 0;
} }
#endif #endif
case NCP_IOC_GETOBJECTNAME: case NCP_IOC_GETOBJECTNAME:
if (current->uid != server->m.mounted_uid) { if (uid != server->m.mounted_uid)
return -EACCES; return -EACCES;
}
{ {
struct ncp_objectname_ioctl user; struct ncp_objectname_ioctl user;
size_t outl; size_t outl;
...@@ -633,13 +629,13 @@ outrel: ...@@ -633,13 +629,13 @@ outrel:
return -EFAULT; return -EFAULT;
return 0; return 0;
} }
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
case NCP_IOC_SETOBJECTNAME_32: case NCP_IOC_SETOBJECTNAME_32:
#endif #endif
case NCP_IOC_SETOBJECTNAME: case NCP_IOC_SETOBJECTNAME:
if (current->uid != server->m.mounted_uid) { if (uid != server->m.mounted_uid)
return -EACCES; return -EACCES;
}
{ {
struct ncp_objectname_ioctl user; struct ncp_objectname_ioctl user;
void* newname; void* newname;
...@@ -691,13 +687,13 @@ outrel: ...@@ -691,13 +687,13 @@ outrel:
kfree(oldname); kfree(oldname);
return 0; return 0;
} }
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
case NCP_IOC_GETPRIVATEDATA_32: case NCP_IOC_GETPRIVATEDATA_32:
#endif #endif
case NCP_IOC_GETPRIVATEDATA: case NCP_IOC_GETPRIVATEDATA:
if (current->uid != server->m.mounted_uid) { if (uid != server->m.mounted_uid)
return -EACCES; return -EACCES;
}
{ {
struct ncp_privatedata_ioctl user; struct ncp_privatedata_ioctl user;
size_t outl; size_t outl;
...@@ -736,13 +732,13 @@ outrel: ...@@ -736,13 +732,13 @@ outrel:
return 0; return 0;
} }
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
case NCP_IOC_SETPRIVATEDATA_32: case NCP_IOC_SETPRIVATEDATA_32:
#endif #endif
case NCP_IOC_SETPRIVATEDATA: case NCP_IOC_SETPRIVATEDATA:
if (current->uid != server->m.mounted_uid) { if (uid != server->m.mounted_uid)
return -EACCES; return -EACCES;
}
{ {
struct ncp_privatedata_ioctl user; struct ncp_privatedata_ioctl user;
void* new; void* new;
...@@ -794,9 +790,10 @@ outrel: ...@@ -794,9 +790,10 @@ outrel:
#endif /* CONFIG_NCPFS_NLS */ #endif /* CONFIG_NCPFS_NLS */
case NCP_IOC_SETDENTRYTTL: case NCP_IOC_SETDENTRYTTL:
if ((file_permission(filp, MAY_WRITE) != 0) && if (file_permission(filp, MAY_WRITE) != 0 &&
(current->uid != server->m.mounted_uid)) uid != server->m.mounted_uid)
return -EACCES; return -EACCES;
{ {
u_int32_t user; u_int32_t user;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment