From 47460a23a071ad057084bacadf7e2da5f7089a4c Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Thu, 19 Oct 2000 07:53:59 +0000 Subject: o Introduce new VOP_ACCESS() flag VADMIN, allowing file systems to perform "administrative" authorization checks. In most cases, the VADMIN test checks to make sure the credential effective uid is the same as the file owner. o Modify vaccess() to set VADMIN as an available right if the uid is appropriate. o Modify references to uid-based access control operations such that they now always invoke VOP_ACCESS() instead of using hard-coded policy checks. o This allows alternative UFS policies to be implemented by replacing only ufs_access() (such as mandatory system policies). o VOP_ACCESS() requires the caller to hold an exclusive vnode lock on the vnode: I believe that new invocations of VOP_ACCESS() are always called with the lock held. o Some direct checks of the uid remain, largely associated with the QUOTA and SUIDDIR code. Reviewed by: eivind Obtained from: TrustedBSD Project --- sys/kern/vfs_subr.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'sys/kern/vfs_subr.c') diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index eb5f5cf39b83..27dcfd3f5728 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -3050,6 +3050,7 @@ vaccess(type, file_mode, file_uid, file_gid, acc_mode, cred, privused) /* Check the owner. */ if (cred->cr_uid == file_uid) { + dac_granted |= VADMIN; if (file_mode & S_IXUSR) dac_granted |= VEXEC; if (file_mode & S_IRUSR) @@ -3117,6 +3118,10 @@ privcheck: !cap_check_xxx(cred, NULL, CAP_DAC_WRITE, PRISON_ROOT)) cap_granted |= VWRITE; + if ((acc_mode & VADMIN) && ((dac_granted & VADMIN) == 0) && + !cap_check_xxx(cred, NULL, CAP_FOWNER, PRISON_ROOT)) + cap_granted |= VADMIN; + if ((acc_mode & (cap_granted | dac_granted)) == acc_mode) { /* XXX audit: privilege used */ if (privused != NULL) -- cgit v1.2.3