From owner-p4-projects  Fri Oct 18 12:57:16 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 0C7E637B445; Fri, 18 Oct 2002 12:57:14 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5543D37B444
	for <perforce@freebsd.org>; Fri, 18 Oct 2002 12:57:13 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0C64043EB3
	for <perforce@freebsd.org>; Fri, 18 Oct 2002 12:57:13 -0700 (PDT)
	(envelope-from green@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id g9IJuwmV078469
	for <perforce@freebsd.org>; Fri, 18 Oct 2002 12:56:58 -0700 (PDT)
	(envelope-from green@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id g9IJuwrc078466
	for perforce@freebsd.org; Fri, 18 Oct 2002 12:56:58 -0700 (PDT)
Date: Fri, 18 Oct 2002 12:56:58 -0700 (PDT)
Message-Id: <200210181956.g9IJuwrc078466@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to green@freebsd.org using -f
From: Brian Feldman <green@FreeBSD.org>
Subject: PERFORCE change 19574 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://perforce.freebsd.org/chv.cgi?CH=19574

Change 19574 by green@green_laptop_2 on 2002/10/18 12:56:05

	Add the namei() flag NOMACCHECK to enable nfs to ignore the rest
	of the kernel's permission checking when operating on local
	files.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/vfs_lookup.c#24 edit
.. //depot/projects/trustedbsd/mac/sys/nfsserver/nfs_srvsubs.c#10 edit
.. //depot/projects/trustedbsd/mac/sys/sys/namei.h#6 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/vfs_lookup.c#24 (text+ko) ====

@@ -216,9 +216,12 @@
 			break;
 		}
 #ifdef MAC
-		error = mac_check_vnode_readlink(td->td_ucred, ndp->ni_vp);
-		if (error)
-			break;
+		if ((cnp->cn_flags & NOMACCHECK) == 0) {
+			error = mac_check_vnode_readlink(td->td_ucred,
+			    ndp->ni_vp);
+			if (error)
+				break;
+		}
 #endif
 		if (ndp->ni_pathlen > 1)
 			cp = uma_zalloc(namei_zone, M_WAITOK);
@@ -471,9 +474,11 @@
 	 */
 unionlookup:
 #ifdef MAC
-	error = mac_check_vnode_lookup(td->td_ucred, dp, cnp);
-	if (error)
-		goto bad;
+	if ((cnp->cn_flags & NOMACCHECK) == 0) {
+		error = mac_check_vnode_lookup(td->td_ucred, dp, cnp);
+		if (error)
+			goto bad;
+	}
 #endif
 	ndp->ni_dvp = dp;
 	ndp->ni_vp = NULL;

==== //depot/projects/trustedbsd/mac/sys/nfsserver/nfs_srvsubs.c#10 (text+ko) ====

@@ -604,6 +604,7 @@
 	struct componentname *cnp = &ndp->ni_cnd;
 
 	*retdirp = NULL;
+	cnp->cn_flags |= NOMACCHECK;
 	cnp->cn_pnbuf = uma_zalloc(namei_zone, M_WAITOK);
 
 	/*

==== //depot/projects/trustedbsd/mac/sys/sys/namei.h#6 (text+ko) ====

@@ -144,7 +144,8 @@
 #define	ISUNICODE	0x100000 /* current component name is unicode*/
 #define	PDIRUNLOCK	0x200000 /* filesystem lookup() unlocked parent dir */
 #define	NOCROSSMOUNT	0x400000 /* do not cross mount points */
-#define	PARAMASK	0x3ffe00 /* mask of parameter descriptors */
+#define	NOMACCHECK	0x800000 /* do not verify MAC permissions */
+#define	PARAMASK	0xfffe00 /* mask of parameter descriptors */
 
 /*
  * Initialization of an nameidata structure.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message