From owner-p4-projects@FreeBSD.ORG Wed Oct 22 18:33:13 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id EB37F16A4C0; Wed, 22 Oct 2003 18:33:12 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA8D016A4B3 for ; Wed, 22 Oct 2003 18:33:12 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1AE9B43FBF for ; Wed, 22 Oct 2003 18:33:12 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id h9N1XBXJ046588 for ; Wed, 22 Oct 2003 18:33:11 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.9/8.12.9/Submit) id h9N1XBDA046585 for perforce@freebsd.org; Wed, 22 Oct 2003 18:33:11 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Wed, 22 Oct 2003 18:33:11 -0700 (PDT) Message-Id: <200310230133.h9N1XBDA046585@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Subject: PERFORCE change 40226 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Oct 2003 01:33:13 -0000 http://perforce.freebsd.org/chv.cgi?CH=40226 Change 40226 by rwatson@rwatson_paprika on 2003/10/22 18:32:46 Fix capability-related syntax, reformat to match original layout. Re-spell capability.h. This now builds. Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/gnu/ext2fs/ext2_vfsops.c#5 edit .. //depot/projects/trustedbsd/sebsd/sys/gnu/ext2fs/ext2_vnops.c#5 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/gnu/ext2fs/ext2_vfsops.c#5 (text+ko) ==== @@ -54,7 +54,7 @@ #include #include #include -#include +#include #include #include @@ -234,7 +234,7 @@ * If upgrade to read-write by non-root, then verify * that user has necessary permissions on the device. */ - if (cap_check(td, CAP_MKNOD)) { + if (cap_check(td, CAP_MKNOD) != 0) { vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); if ((error = VOP_ACCESS(devvp, VREAD | VWRITE, td->td_ucred, td)) != 0) { @@ -291,7 +291,7 @@ * If mount by non-root, then verify that user has necessary * permissions on the device. */ - if (cap_check(td, CAP_MKNOD)) { + if (cap_check(td, CAP_MKNOD) != 0) { accessmode = VREAD; if ((mp->mnt_flag & MNT_RDONLY) == 0) accessmode |= VWRITE; ==== //depot/projects/trustedbsd/sebsd/sys/gnu/ext2fs/ext2_vnops.c#5 (text+ko) ==== @@ -66,7 +66,7 @@ #include #include #include -#include +#include #include #include @@ -485,7 +485,8 @@ * Privileged non-jail processes may not modify system flags * if securelevel > 0 and any existing system flags are set. */ - if (!cap_check_cred(cred, NULL, CAP_SYS_SETFFLAG, PRISON_ROOT)) { + if (cap_check_cred(cred, NULL, CAP_SYS_SETFFLAG, PRISON_ROOT) + == 0) { if (ip->i_flags & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { error = securelevel_gt(cred, 0); @@ -599,15 +600,22 @@ */ if ((error = VOP_ACCESS(vp, VADMIN, cred, td))) return (error); - /* Privileged processes may set the sticky bit on non-directories */ - if (vp->v_type != VDIR && (mode & S_ISTXT) && cap_check_cred(cred, NULL, CAP_SYS_RAWIO, 0)) - return (EFTYPE); + /* + * Privileged processes may set the sticky bit on non-directories. + */ + if (vp->v_type != VDIR && (mode & S_ISTXT)) { + if (cap_check_cred(cred, NULL, CAP_SYS_RAWIO, 0) != 0) + return (EFTYPE); + } - /* CAP_FSETID is required to set suid or sgid on non-owned files */ - if (((!groupmember(ip->i_gid, cred) && (mode & ISGID)) || - ((mode & ISUID) && ip->i_uid != cred->cr_uid)) - && cap_check_cred (cred, NULL, CAP_FSETID, PRISON_ROOT)) - return (EPERM); + /* + * CAP_FSETID is required to set suid or sgid on non-owned files. + */ + if (((mode & ISGID) && !groupmember(ip->i_gid, cred)) || + ((mode & ISUID) && ip->i_uid != cred->cr_uid)) { + if (cap_check_cred (cred, NULL, CAP_FSETID, PRISON_ROOT) != 0) + return (EPERM); + } ip->i_mode &= ~ALLPERMS; ip->i_mode |= (mode & ALLPERMS); @@ -648,19 +656,25 @@ * have privilege. */ if ((uid != ip->i_uid || - (gid != ip->i_gid && !groupmember(gid, cred))) && - (error = cap_check_cred(cred, NULL, CAP_FOWNER, PRISON_ROOT))) - return (error); + (gid != ip->i_gid && !groupmember(gid, cred)))) { + error = cap_check_cred(cred, NULL, CAP_FOWNER, PRISON_ROOT); + if (error) + return (error); + } ogid = ip->i_gid; ouid = ip->i_uid; ip->i_gid = gid; ip->i_uid = uid; ip->i_flag |= IN_CHANGE; - /* Processes without CAP_FSETID clear suid and sgid when owner/groups change */ - if ((ouid != uid || ogid != gid) && (ip->i_mode & (ISUID | ISGID)) && - cap_check_cred (cred, NULL, CAP_FSETID, PRISON_ROOT)) - ip->i_mode &= ~(ISUID | ISGID); + /* + * Processes without CAP_FSETID clear suid and sgid when owner/groups + * change. + */ + if ((ouid != uid || ogid != gid) && (ip->i_mode & (ISUID | ISGID))) { + if (cap_check_cred (cred, NULL, CAP_FSETID, PRISON_ROOT) != 0) + ip->i_mode &= ~(ISUID | ISGID); + } return (0); } @@ -1832,9 +1846,11 @@ ip->i_mode = mode; tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ ip->i_nlink = 1; - if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && - cap_check_cred(cnp->cn_cred, NULL, CAP_FSETOD, PRISON_ROOT)) - ip->i_mode &= ~ISGID; + if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred)) { + if (cap_check_cred(cnp->cn_cred, NULL, CAP_FSETID, + PRISON_ROOT) != 0) + ip->i_mode &= ~ISGID; + } if (cnp->cn_flags & ISWHITEOUT) ip->i_flags |= UF_OPAQUE;