At the moment, libdiskfs, libnetfs and libtrivfs will only give the
control port to root (Cf. lib{disk,net,triv}fs/file-getcontrol.c).
This is inherently wrong: a user should be able to get the control
port to a file system if they can send a signal to the process, etc.
Thus, this patch introduces a new funtion, fshelp_cancontrol, into
libfshelp which each of the aforementioned libraries calls.
What does this gain? After a user starts a translator, they can
use fsysopts, etc.
diff -urN hurd-20010307-snapshot/libfshelp/ChangeLog hurd-20010313/libfshelp/ChangeLog
--- hurd-20010307-snapshot/libfshelp/ChangeLog Wed Jan 31 00:45:32 2001
+++ hurd-20010313/libfshelp/ChangeLog Fri Mar 30 15:50:52 2001
@@ -1,3 +1,10 @@
+2001-03-29 Neal H Walfield <[EMAIL PROTECTED]>
+
+ * fshelp.h: Add function declaration for fshelp_cancontrol.
+ * perms-cancontrol.c: New file; implementation of
+ fshelp_cancontrol.
+ * Makefile (SRCS): Added perms-cancontrol.c.
+
2001-01-17 Neal H Walfield <[EMAIL PROTECTED]>
* fshelp.h: Add two new parameters to fshelp_open_fn_t:
diff -urN hurd-20010307-snapshot/libfshelp/Makefile hurd-20010313/libfshelp/Makefile
--- hurd-20010307-snapshot/libfshelp/Makefile Thu Jul 1 23:04:24 1999
+++ hurd-20010313/libfshelp/Makefile Fri Mar 30 15:46:50 2001
@@ -1,5 +1,5 @@
#
-# Copyright (C) 1994, 95, 96, 98, 1999 Free Software Foundation, Inc.
+# Copyright (C) 1994,95,96,98,99,2001 Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
@@ -27,7 +27,7 @@
exec-reauth.c \
set-options.c \
get-identity.c \
- perms-isowner.c perms-access.c perms-checkdirmod.c \
+ perms-isowner.c perms-access.c perms-checkdirmod.c perms-cancontrol.c \
touch.c
LCLHDRS = fshelp.h locks.h trans.h
installhdrs = fshelp.h
diff -urN hurd-20010307-snapshot/libfshelp/fetch-root.c
hurd-20010313/libfshelp/fetch-root.c
diff -urN hurd-20010307-snapshot/libfshelp/fshelp.h hurd-20010313/libfshelp/fshelp.h
--- hurd-20010307-snapshot/libfshelp/fshelp.h Wed Jan 31 00:45:32 2001
+++ hurd-20010313/libfshelp/fshelp.h Fri Mar 30 15:47:02 2001
@@ -1,5 +1,5 @@
/* FS helper library definitions
- Copyright (C) 1994,95,96,97,98,99,2000 Free Software Foundation, Inc.
+ Copyright (C) 1994,95,96,97,98,99,2000,01 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
@@ -232,6 +232,10 @@
�
/* Standardized filesystem permission checking */
+
+/* Check to see whether USER can control the file system, i.e. get
+ a control port. */
+error_t fshelp_cancontrol (struct iouser *user);
/* Check to see whether USER should be considered the owner of the
file identified by ST. If so, return zero; otherwise return an
diff -urN hurd-20010307-snapshot/libfshelp/perms-cancontrol.c
hurd-20010313/libfshelp/perms-cancontrol.c
--- hurd-20010307-snapshot/libfshelp/perms-cancontrol.c Thu Jan 1 01:00:00 1970
+++ hurd-20010313/libfshelp/perms-cancontrol.c Fri Mar 30 15:54:12 2001
@@ -0,0 +1,69 @@
+/* Copyright (C) 2001 Free Software Foundation
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 2, or (at
+ your option) any later version.
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
+
+#include "fshelp.h"
+#include <errno.h>
+#include <hurd.h>
+#include <hurd/auth.h>
+
+/* Determine if user USER can get our control port. */
+/* In the Hurd, the a user has authority over another user if at least
+ one the following conditions are met:
+
+ * The client is root
+ * At least one of the client's uids match one of the server's uids
+ */
+error_t fshelp_cancontrol (struct iouser *user)
+{
+ error_t err;
+ struct idvec *uids;
+ auth_t auth;
+ int i, j;
+
+ if (idvec_contains (user->uids, 0))
+ return 0;
+
+ uids = make_idvec ();
+ if (! uids)
+ return ENOMEM;
+
+ auth = getauth ();
+ if (auth == MACH_PORT_NULL)
+ {
+ idvec_free (uids);
+ return errno;
+ }
+
+ err = idvec_merge_auth (uids, NULL, NULL, NULL, auth);
+ mach_port_deallocate (mach_task_self (), auth);
+ if (err)
+ {
+ idvec_free (uids);
+ return err;
+ }
+
+ for (i = 0; i < user->uids->num; i ++)
+ for (j = 0; j < uids->num; j ++)
+ if (user->uids->ids[i] == uids->ids[j])
+ {
+ idvec_free (uids);
+ return 0;
+ }
+
+ idvec_free (uids);
+ return EPERM;
+}
+
--- hurd-20010329-snapshot/libdiskfs/file-getcontrol.c Wed Nov 13 01:18:37 1996
+++ hurd-20010329/libdiskfs/file-getcontrol.c Fri Mar 30 17:29:13 2001
@@ -1,5 +1,5 @@
/* libdiskfs implementation of fs.defs:file_getcontrol.c
- Copyright (C) 1992, 1993, 1994, 1995, 1996 Free Software Foundation
+ Copyright (C) 1992,93,94,95,96,2001 Free Software Foundation
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
@@ -17,6 +17,7 @@
#include "priv.h"
#include "fs_S.h"
+#include <hurd/fshelp.h>
/* Implement file_getcontrol as described in <hurd/fs.defs>. */
kern_return_t
@@ -24,28 +25,27 @@
mach_port_t *control,
mach_msg_type_name_t *controltype)
{
- int error = 0;
+ int err;
struct port_info *newpi;
if (!cred)
return EOPNOTSUPP;
- if (!idvec_contains (cred->user->uids, 0))
- error = EPERM;
- else
- {
- error = ports_create_port (diskfs_control_class, diskfs_port_bucket,
- sizeof (struct port_info), &newpi);
- if (! error)
- {
- spin_lock (&_diskfs_control_lock);
- _diskfs_ncontrol_ports++;
- spin_unlock (&_diskfs_control_lock);
- *control = ports_get_right (newpi);
- *controltype = MACH_MSG_TYPE_MAKE_SEND;
- ports_port_deref (newpi);
- }
- }
+ err = fshelp_cancontrol (cred->user);
+ if (err)
+ return err;
+
+ err = ports_create_port (diskfs_control_class, diskfs_port_bucket,
+ sizeof (struct port_info), &newpi);
+ if (err)
+ return err;
+
+ spin_lock (&_diskfs_control_lock);
+ _diskfs_ncontrol_ports++;
+ spin_unlock (&_diskfs_control_lock);
+ *control = ports_get_right (newpi);
+ *controltype = MACH_MSG_TYPE_MAKE_SEND;
+ ports_port_deref (newpi);
- return error;
+ return 0;
}
--- hurd-20010329-snapshot/libnetfs/file-getcontrol.c Tue Nov 19 00:50:14 1996
+++ hurd-20010329/libnetfs/file-getcontrol.c Fri Mar 30 17:29:03 2001
@@ -1,6 +1,6 @@
/* Return the filesystem corresponding to a file
- Copyright (C) 1995, 1996 Free Software Foundation, Inc.
+ Copyright (C) 1995, 1996, 2001 Free Software Foundation, Inc.
Written by Michael I. Bushnell, p/BSG.
This file is part of the GNU Hurd.
@@ -21,6 +21,7 @@
#include "netfs.h"
#include "fsys_S.h"
+#include <hurd/fshelp.h>
error_t
netfs_S_file_getcontrol (struct protid *user,
@@ -33,10 +34,10 @@
if (!user)
return EOPNOTSUPP;
- if (!idvec_contains (user->user->uids, 0))
- return EPERM;
+ err = fshelp_cancontrol (user->user);
+ if (err)
+ return err;
- /* They've got root; give it to them. */
err = ports_create_port (netfs_control_class, netfs_port_bucket,
sizeof (struct port_info), &pi);
if (err)
--- hurd-20010329-snapshot/libtrivfs/file-getcontrol.c Mon Nov 13 19:55:02 1995
+++ hurd-20010329/libtrivfs/file-getcontrol.c Fri Mar 30 17:28:41 2001
@@ -1,5 +1,5 @@
/*
- Copyright (C) 1994 Free Software Foundation
+ Copyright (C) 1994, 2001 Free Software Foundation
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
@@ -17,17 +17,21 @@
#include "priv.h"
#include "fs_S.h"
+#include <hurd/fshelp.h>
kern_return_t
trivfs_S_file_getcontrol (struct trivfs_protid *cred,
mach_port_t reply, mach_msg_type_name_t reply_type,
mach_port_t *cntl, mach_msg_type_name_t *cntltype)
{
+ error_t err;
if (!cred)
return EOPNOTSUPP;
- if (!cred->isroot)
- return EPERM;
+ err = fshelp_cancontrol (cred->user);
+ if (err)
+ return err;
+
*cntl = ports_get_right (cred->po->cntl);
*cntltype = MACH_MSG_TYPE_MAKE_SEND;
return 0;
PGP signature
