Module Name: src
Committed By: cheusov
Date: Wed Jun 27 12:28:29 UTC 2012
Modified Files:
src/share/man/man9: kauth.9
src/sys/kern: kern_auth.c vfs_syscalls.c
src/sys/sys: kauth.h
Log Message:
Add new action KAUTH_CRED_CHROOT for kauth(9)'s credential scope.
Reviewed and approved by elad@.
To generate a diff of this commit:
cvs rdiff -u -r1.100 -r1.101 src/share/man/man9/kauth.9
cvs rdiff -u -r1.70 -r1.71 src/sys/kern/kern_auth.c
cvs rdiff -u -r1.456 -r1.457 src/sys/kern/vfs_syscalls.c
cvs rdiff -u -r1.69 -r1.70 src/sys/sys/kauth.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/man/man9/kauth.9
diff -u src/share/man/man9/kauth.9:1.100 src/share/man/man9/kauth.9:1.101
--- src/share/man/man9/kauth.9:1.100 Sat Mar 17 14:42:13 2012
+++ src/share/man/man9/kauth.9 Wed Jun 27 12:28:28 2012
@@ -1,4 +1,4 @@
-.\" $NetBSD: kauth.9,v 1.100 2012/03/17 14:42:13 njoly Exp $
+.\" $NetBSD: kauth.9,v 1.101 2012/06/27 12:28:28 cheusov Exp $
.\"
.\" Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org>
.\" All rights reserved.
@@ -1534,6 +1534,15 @@ and
are both
.Ft struct proc *
of the parent and child processes, respectively.
+.It Dv KAUTH_CRED_CHROOT
+The credentials in cred belong to a process whose root directory is
+changed through
+.Xr change_root 9
+.Pp
+.Ar Arg0
+is the new
+.Ft struct cwdinfo *
+of the process.
.It Dv KAUTH_CRED_FREE
The credentials in
.Ar cred
Index: src/sys/kern/kern_auth.c
diff -u src/sys/kern/kern_auth.c:1.70 src/sys/kern/kern_auth.c:1.71
--- src/sys/kern/kern_auth.c:1.70 Wed Jun 27 10:06:55 2012
+++ src/sys/kern/kern_auth.c Wed Jun 27 12:28:28 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_auth.c,v 1.70 2012/06/27 10:06:55 cheusov Exp $ */
+/* $NetBSD: kern_auth.c,v 1.71 2012/06/27 12:28:28 cheusov Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org>
@@ -28,7 +28,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.70 2012/06/27 10:06:55 cheusov Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.71 2012/06/27 12:28:28 cheusov Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -260,6 +260,12 @@ kauth_proc_fork(struct proc *parent, str
child);
}
+void
+kauth_proc_chroot(kauth_cred_t cred, struct cwdinfo *cwdi)
+{
+ kauth_cred_hook(cred, KAUTH_CRED_CHROOT, cwdi, NULL);
+}
+
uid_t
kauth_cred_getuid(kauth_cred_t cred)
{
Index: src/sys/kern/vfs_syscalls.c
diff -u src/sys/kern/vfs_syscalls.c:1.456 src/sys/kern/vfs_syscalls.c:1.457
--- src/sys/kern/vfs_syscalls.c:1.456 Tue May 8 08:44:49 2012
+++ src/sys/kern/vfs_syscalls.c Wed Jun 27 12:28:28 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_syscalls.c,v 1.456 2012/05/08 08:44:49 gson Exp $ */
+/* $NetBSD: vfs_syscalls.c,v 1.457 2012/06/27 12:28:28 cheusov Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -70,7 +70,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.456 2012/05/08 08:44:49 gson Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.457 2012/06/27 12:28:28 cheusov Exp $");
#ifdef _KERNEL_OPT
#include "opt_fileassoc.h"
@@ -1398,6 +1398,10 @@ sys_chroot(struct lwp *l, const struct s
void
change_root(struct cwdinfo *cwdi, struct vnode *vp, struct lwp *l)
{
+ struct proc *p = l->l_proc;
+ kauth_cred_t ncred;
+
+ ncred = kauth_cred_alloc();
rw_enter(&cwdi->cwdi_lock, RW_WRITER);
if (cwdi->cwdi_rdir != NULL)
@@ -1419,6 +1423,15 @@ change_root(struct cwdinfo *cwdi, struct
cwdi->cwdi_cdir = vp;
}
rw_exit(&cwdi->cwdi_lock);
+
+ /* Get a write lock on the process credential. */
+ proc_crmod_enter();
+
+ kauth_cred_clone(p->p_cred, ncred);
+ kauth_proc_chroot(ncred, p->p_cwdi);
+
+ /* Broadcast our credentials to the process and other LWPs. */
+ proc_crmod_leave(ncred, p->p_cred, true);
}
/*
Index: src/sys/sys/kauth.h
diff -u src/sys/sys/kauth.h:1.69 src/sys/sys/kauth.h:1.70
--- src/sys/sys/kauth.h:1.69 Tue Mar 13 18:41:02 2012
+++ src/sys/sys/kauth.h Wed Jun 27 12:28:28 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.69 2012/03/13 18:41:02 elad Exp $ */
+/* $NetBSD: kauth.h,v 1.70 2012/06/27 12:28:28 cheusov Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org>
@@ -44,6 +44,7 @@ struct ki_pcred;
struct proc;
struct tty;
struct vnode;
+struct cwdinfo;
enum vtype;
/* Types. */
@@ -331,7 +332,8 @@ enum {
KAUTH_CRED_INIT=1,
KAUTH_CRED_FORK,
KAUTH_CRED_COPY,
- KAUTH_CRED_FREE
+ KAUTH_CRED_FREE,
+ KAUTH_CRED_CHROOT
};
/*
@@ -487,4 +489,6 @@ kauth_action_t kauth_extattr_action(mode
kauth_cred_t kauth_cred_get(void);
void kauth_proc_fork(struct proc *, struct proc *);
+void kauth_proc_chroot(kauth_cred_t cred, struct cwdinfo *cwdi);
+
#endif /* !_SYS_KAUTH_H_ */
