CVS commit: src

Aleksey Cheusov Wed, 27 Jun 2012 05:28:35 -0700

Module Name:    src
Committed By:   cheusov
Date:           Wed Jun 27 12:28:29 UTC 2012


Modified Files:
        src/share/man/man9: kauth.9
        src/sys/kern: kern_auth.c vfs_syscalls.c
        src/sys/sys: kauth.h

Log Message:
Add new action KAUTH_CRED_CHROOT for kauth(9)'s credential scope.
Reviewed and approved by elad@.


To generate a diff of this commit:
cvs rdiff -u -r1.100 -r1.101 src/share/man/man9/kauth.9
cvs rdiff -u -r1.70 -r1.71 src/sys/kern/kern_auth.c
cvs rdiff -u -r1.456 -r1.457 src/sys/kern/vfs_syscalls.c
cvs rdiff -u -r1.69 -r1.70 src/sys/sys/kauth.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/share/man/man9/kauth.9
diff -u src/share/man/man9/kauth.9:1.100 src/share/man/man9/kauth.9:1.101
--- src/share/man/man9/kauth.9:1.100	Sat Mar 17 14:42:13 2012
+++ src/share/man/man9/kauth.9	Wed Jun 27 12:28:28 2012
@@ -1,4 +1,4 @@
-.\" $NetBSD: kauth.9,v 1.100 2012/03/17 14:42:13 njoly Exp $
+.\" $NetBSD: kauth.9,v 1.101 2012/06/27 12:28:28 cheusov Exp $
 .\"
 .\" Copyright (c) 2005, 2006 Elad Efrat <[email protected]>
 .\" All rights reserved.
@@ -1534,6 +1534,15 @@ and
 are both
 .Ft struct proc *
 of the parent and child processes, respectively.
+.It Dv KAUTH_CRED_CHROOT
+The credentials in cred belong to a process whose root directory is
+changed through
+.Xr change_root 9
+.Pp
+.Ar Arg0
+is the new
+.Ft struct cwdinfo *
+of the process.
 .It Dv KAUTH_CRED_FREE
 The credentials in
 .Ar cred

Index: src/sys/kern/kern_auth.c
diff -u src/sys/kern/kern_auth.c:1.70 src/sys/kern/kern_auth.c:1.71
--- src/sys/kern/kern_auth.c:1.70	Wed Jun 27 10:06:55 2012
+++ src/sys/kern/kern_auth.c	Wed Jun 27 12:28:28 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_auth.c,v 1.70 2012/06/27 10:06:55 cheusov Exp $ */
+/* $NetBSD: kern_auth.c,v 1.71 2012/06/27 12:28:28 cheusov Exp $ */
 
 /*-
  * Copyright (c) 2005, 2006 Elad Efrat <[email protected]>
@@ -28,7 +28,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.70 2012/06/27 10:06:55 cheusov Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.71 2012/06/27 12:28:28 cheusov Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -260,6 +260,12 @@ kauth_proc_fork(struct proc *parent, str
 	    child);
 }
 
+void
+kauth_proc_chroot(kauth_cred_t cred, struct cwdinfo *cwdi)
+{
+	kauth_cred_hook(cred, KAUTH_CRED_CHROOT, cwdi, NULL);
+}
+
 uid_t
 kauth_cred_getuid(kauth_cred_t cred)
 {

Index: src/sys/kern/vfs_syscalls.c
diff -u src/sys/kern/vfs_syscalls.c:1.456 src/sys/kern/vfs_syscalls.c:1.457
--- src/sys/kern/vfs_syscalls.c:1.456	Tue May  8 08:44:49 2012
+++ src/sys/kern/vfs_syscalls.c	Wed Jun 27 12:28:28 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: vfs_syscalls.c,v 1.456 2012/05/08 08:44:49 gson Exp $	*/
+/*	$NetBSD: vfs_syscalls.c,v 1.457 2012/06/27 12:28:28 cheusov Exp $	*/
 
 /*-
  * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -70,7 +70,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.456 2012/05/08 08:44:49 gson Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.457 2012/06/27 12:28:28 cheusov Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_fileassoc.h"
@@ -1398,6 +1398,10 @@ sys_chroot(struct lwp *l, const struct s
 void
 change_root(struct cwdinfo *cwdi, struct vnode *vp, struct lwp *l)
 {
+	struct proc *p = l->l_proc;
+	kauth_cred_t ncred;
+
+	ncred = kauth_cred_alloc();
 
 	rw_enter(&cwdi->cwdi_lock, RW_WRITER);
 	if (cwdi->cwdi_rdir != NULL)
@@ -1419,6 +1423,15 @@ change_root(struct cwdinfo *cwdi, struct
 		cwdi->cwdi_cdir = vp;
 	}
 	rw_exit(&cwdi->cwdi_lock);
+
+	/* Get a write lock on the process credential. */
+	proc_crmod_enter();
+
+	kauth_cred_clone(p->p_cred, ncred);
+	kauth_proc_chroot(ncred, p->p_cwdi);
+
+	/* Broadcast our credentials to the process and other LWPs. */
+ 	proc_crmod_leave(ncred, p->p_cred, true);
 }
 
 /*

Index: src/sys/sys/kauth.h
diff -u src/sys/sys/kauth.h:1.69 src/sys/sys/kauth.h:1.70
--- src/sys/sys/kauth.h:1.69	Tue Mar 13 18:41:02 2012
+++ src/sys/sys/kauth.h	Wed Jun 27 12:28:28 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.69 2012/03/13 18:41:02 elad Exp $ */
+/* $NetBSD: kauth.h,v 1.70 2012/06/27 12:28:28 cheusov Exp $ */
 
 /*-
  * Copyright (c) 2005, 2006 Elad Efrat <[email protected]>  
@@ -44,6 +44,7 @@ struct ki_pcred;
 struct proc;
 struct tty;
 struct vnode;
+struct cwdinfo;
 enum vtype;
 
 /* Types. */
@@ -331,7 +332,8 @@ enum {
 	KAUTH_CRED_INIT=1,
 	KAUTH_CRED_FORK,
 	KAUTH_CRED_COPY,
-	KAUTH_CRED_FREE
+	KAUTH_CRED_FREE,
+	KAUTH_CRED_CHROOT
 };
 
 /*
@@ -487,4 +489,6 @@ kauth_action_t kauth_extattr_action(mode
 kauth_cred_t kauth_cred_get(void);
 
 void kauth_proc_fork(struct proc *, struct proc *);
+void kauth_proc_chroot(kauth_cred_t cred, struct cwdinfo *cwdi);
+
 #endif	/* !_SYS_KAUTH_H_ */

CVS commit: src

Reply via email to