Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 48937024 authored by David Howells's avatar David Howells Committed by James Morris
Browse files

CRED: Wrap task credential accesses in the NCPFS filesystem 



Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.

Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().

Change some task->e?[ug]id to task_e?[ug]id().  In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.

Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Reviewed-by: default avatarJames Morris <jmorris@namei.org>
Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
Acked-by: default avatarPetr Vandrovec <vandrove@vc.cvut.cz>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 922c030f

fs/ncpfs/ioctl.c

+44 −47
Original line number Original line Diff line number Diff line
@@ -40,10 +40,10 @@ ncp_get_fs_info(struct ncp_server * server, struct file *file, 
	struct inode *inode = file->f_path.dentry->d_inode;

	struct inode *inode = file->f_path.dentry->d_inode;

	struct ncp_fs_info info;

	struct ncp_fs_info info;





	if ((file_permission(file, MAY_WRITE) != 0)

	if (file_permission(file, MAY_WRITE) != 0

	    && (current->uid != server->m.mounted_uid)) {

	    && current_uid() != server->m.mounted_uid)

		return -EACCES;

		return -EACCES;

	}



	if (copy_from_user(&info, arg, sizeof(info)))

	if (copy_from_user(&info, arg, sizeof(info)))

		return -EFAULT;

		return -EFAULT;
@@ -70,10 +70,10 @@ ncp_get_fs_info_v2(struct ncp_server * server, struct file *file, 
	struct inode *inode = file->f_path.dentry->d_inode;

	struct inode *inode = file->f_path.dentry->d_inode;

	struct ncp_fs_info_v2 info2;

	struct ncp_fs_info_v2 info2;





	if ((file_permission(file, MAY_WRITE) != 0)

	if (file_permission(file, MAY_WRITE) != 0

	    && (current->uid != server->m.mounted_uid)) {

	    && current_uid() != server->m.mounted_uid)

		return -EACCES;

		return -EACCES;

	}



	if (copy_from_user(&info2, arg, sizeof(info2)))

	if (copy_from_user(&info2, arg, sizeof(info2)))

		return -EFAULT;

		return -EFAULT;
@@ -141,10 +141,10 @@ ncp_get_compat_fs_info_v2(struct ncp_server * server, struct file *file, 
	struct inode *inode = file->f_path.dentry->d_inode;

	struct inode *inode = file->f_path.dentry->d_inode;

	struct compat_ncp_fs_info_v2 info2;

	struct compat_ncp_fs_info_v2 info2;





	if ((file_permission(file, MAY_WRITE) != 0)

	if (file_permission(file, MAY_WRITE) != 0

	    && (current->uid != server->m.mounted_uid)) {

	    && current_uid() != server->m.mounted_uid)

		return -EACCES;

		return -EACCES;

	}



	if (copy_from_user(&info2, arg, sizeof(info2)))

	if (copy_from_user(&info2, arg, sizeof(info2)))

		return -EFAULT;

		return -EFAULT;
@@ -270,16 +270,17 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, 
	struct ncp_ioctl_request request;

	struct ncp_ioctl_request request;

	char* bouncebuffer;

	char* bouncebuffer;

	void __user *argp = (void __user *)arg;

	void __user *argp = (void __user *)arg;

	uid_t uid = current_uid();





	switch (cmd) {

	switch (cmd) {

#ifdef CONFIG_COMPAT

#ifdef CONFIG_COMPAT

	case NCP_IOC_NCPREQUEST_32:

	case NCP_IOC_NCPREQUEST_32:

#endif

#endif

	case NCP_IOC_NCPREQUEST:

	case NCP_IOC_NCPREQUEST:

		if ((file_permission(filp, MAY_WRITE) != 0)

		if (file_permission(filp, MAY_WRITE) != 0

		    && (current->uid != server->m.mounted_uid)) {

		    && uid != server->m.mounted_uid)

			return -EACCES;

			return -EACCES;

		}



#ifdef CONFIG_COMPAT

#ifdef CONFIG_COMPAT

		if (cmd == NCP_IOC_NCPREQUEST_32) {

		if (cmd == NCP_IOC_NCPREQUEST_32) {

			struct compat_ncp_ioctl_request request32;

			struct compat_ncp_ioctl_request request32;
@@ -356,10 +357,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, 
	case NCP_IOC_GETMOUNTUID16:

	case NCP_IOC_GETMOUNTUID16:

	case NCP_IOC_GETMOUNTUID32:

	case NCP_IOC_GETMOUNTUID32:

	case NCP_IOC_GETMOUNTUID64:

	case NCP_IOC_GETMOUNTUID64:

		if ((file_permission(filp, MAY_READ) != 0)

		if (file_permission(filp, MAY_READ) != 0

			&& (current->uid != server->m.mounted_uid)) {

			&& uid != server->m.mounted_uid)

			return -EACCES;

			return -EACCES;

		}



		if (cmd == NCP_IOC_GETMOUNTUID16) {

		if (cmd == NCP_IOC_GETMOUNTUID16) {

			u16 uid;

			u16 uid;

			SET_UID(uid, server->m.mounted_uid);

			SET_UID(uid, server->m.mounted_uid);
@@ -380,11 +381,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, 
		{

		{

			struct ncp_setroot_ioctl sr;

			struct ncp_setroot_ioctl sr;





			if ((file_permission(filp, MAY_READ) != 0)

			if (file_permission(filp, MAY_READ) != 0

			    && (current->uid != server->m.mounted_uid))

			    && uid != server->m.mounted_uid)

			{

				return -EACCES;

				return -EACCES;

			}



			if (server->m.mounted_vol[0]) {

			if (server->m.mounted_vol[0]) {

				struct dentry* dentry = inode->i_sb->s_root;

				struct dentry* dentry = inode->i_sb->s_root;
@@ -408,6 +408,7 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, 
				return -EFAULT;

				return -EFAULT;

			return 0;

			return 0;

		}

		}



	case NCP_IOC_SETROOT:

	case NCP_IOC_SETROOT:

		{

		{

			struct ncp_setroot_ioctl sr;

			struct ncp_setroot_ioctl sr;
@@ -455,11 +456,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, 




#ifdef CONFIG_NCPFS_PACKET_SIGNING	

#ifdef CONFIG_NCPFS_PACKET_SIGNING	

	case NCP_IOC_SIGN_INIT:

	case NCP_IOC_SIGN_INIT:

		if ((file_permission(filp, MAY_WRITE) != 0)

		if (file_permission(filp, MAY_WRITE) != 0

		    && (current->uid != server->m.mounted_uid))

		    && uid != server->m.mounted_uid)

		{

			return -EACCES;

			return -EACCES;

		}



		if (argp) {

		if (argp) {

			if (server->sign_wanted)

			if (server->sign_wanted)

			{

			{
@@ -478,24 +478,22 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, 
		return 0;		

		return 0;		

		

		

        case NCP_IOC_SIGN_WANTED:

        case NCP_IOC_SIGN_WANTED:

		if ((file_permission(filp, MAY_READ) != 0)

		if (file_permission(filp, MAY_READ) != 0

		    && (current->uid != server->m.mounted_uid))

		    && uid != server->m.mounted_uid)

		{

			return -EACCES;

			return -EACCES;

		}

		

		

                if (put_user(server->sign_wanted, (int __user *)argp))

                if (put_user(server->sign_wanted, (int __user *)argp))

			return -EFAULT;

			return -EFAULT;

                return 0;

                return 0;



	case NCP_IOC_SET_SIGN_WANTED:

	case NCP_IOC_SET_SIGN_WANTED:

		{

		{

			int newstate;

			int newstate;





			if ((file_permission(filp, MAY_WRITE) != 0)

			if (file_permission(filp, MAY_WRITE) != 0

			    && (current->uid != server->m.mounted_uid))

			    && uid != server->m.mounted_uid)

			{

				return -EACCES;

				return -EACCES;

			}



			/* get only low 8 bits... */

			/* get only low 8 bits... */

			if (get_user(newstate, (unsigned char __user *)argp))

			if (get_user(newstate, (unsigned char __user *)argp))

				return -EFAULT;

				return -EFAULT;
@@ -512,11 +510,10 @@ static int __ncp_ioctl(struct inode *inode, struct file *filp, 




#ifdef CONFIG_NCPFS_IOCTL_LOCKING

#ifdef CONFIG_NCPFS_IOCTL_LOCKING

	case NCP_IOC_LOCKUNLOCK:

	case NCP_IOC_LOCKUNLOCK:

		if ((file_permission(filp, MAY_WRITE) != 0)

		if (file_permission(filp, MAY_WRITE) != 0

		    && (current->uid != server->m.mounted_uid))

		    && uid != server->m.mounted_uid)

		{

			return -EACCES;

			return -EACCES;

		}



		{

		{

			struct ncp_lock_ioctl	 rqdata;

			struct ncp_lock_ioctl	 rqdata;
@@ -585,9 +582,8 @@ outrel: 




#ifdef CONFIG_COMPAT

#ifdef CONFIG_COMPAT

	case NCP_IOC_GETOBJECTNAME_32:

	case NCP_IOC_GETOBJECTNAME_32:

		if (current->uid != server->m.mounted_uid) {

		if (uid != server->m.mounted_uid)

			return -EACCES;

			return -EACCES;

		}

		{

		{

			struct compat_ncp_objectname_ioctl user;

			struct compat_ncp_objectname_ioctl user;

			size_t outl;

			size_t outl;
@@ -609,10 +605,10 @@ outrel: 
			return 0;

			return 0;

		}

		}

#endif

#endif



	case NCP_IOC_GETOBJECTNAME:

	case NCP_IOC_GETOBJECTNAME:

		if (current->uid != server->m.mounted_uid) {

		if (uid != server->m.mounted_uid)

			return -EACCES;

			return -EACCES;

		}

		{

		{

			struct ncp_objectname_ioctl user;

			struct ncp_objectname_ioctl user;

			size_t outl;

			size_t outl;
@@ -633,13 +629,13 @@ outrel: 
				return -EFAULT;

				return -EFAULT;

			return 0;

			return 0;

		}

		}



#ifdef CONFIG_COMPAT

#ifdef CONFIG_COMPAT

	case NCP_IOC_SETOBJECTNAME_32:

	case NCP_IOC_SETOBJECTNAME_32:

#endif

#endif

	case NCP_IOC_SETOBJECTNAME:

	case NCP_IOC_SETOBJECTNAME:

		if (current->uid != server->m.mounted_uid) {

		if (uid != server->m.mounted_uid)

			return -EACCES;

			return -EACCES;

		}

		{

		{

			struct ncp_objectname_ioctl user;

			struct ncp_objectname_ioctl user;

			void* newname;

			void* newname;
@@ -691,13 +687,13 @@ outrel: 
			kfree(oldname);

			kfree(oldname);

			return 0;

			return 0;

		}

		}



#ifdef CONFIG_COMPAT

#ifdef CONFIG_COMPAT

	case NCP_IOC_GETPRIVATEDATA_32:

	case NCP_IOC_GETPRIVATEDATA_32:

#endif

#endif

	case NCP_IOC_GETPRIVATEDATA:

	case NCP_IOC_GETPRIVATEDATA:

		if (current->uid != server->m.mounted_uid) {

		if (uid != server->m.mounted_uid)

			return -EACCES;

			return -EACCES;

		}

		{

		{

			struct ncp_privatedata_ioctl user;

			struct ncp_privatedata_ioctl user;

			size_t outl;

			size_t outl;
@@ -736,13 +732,13 @@ outrel: 




			return 0;

			return 0;

		}

		}



#ifdef CONFIG_COMPAT

#ifdef CONFIG_COMPAT

	case NCP_IOC_SETPRIVATEDATA_32:

	case NCP_IOC_SETPRIVATEDATA_32:

#endif

#endif

	case NCP_IOC_SETPRIVATEDATA:

	case NCP_IOC_SETPRIVATEDATA:

		if (current->uid != server->m.mounted_uid) {

		if (uid != server->m.mounted_uid)

			return -EACCES;

			return -EACCES;

		}

		{

		{

			struct ncp_privatedata_ioctl user;

			struct ncp_privatedata_ioctl user;

			void* new;

			void* new;
@@ -794,9 +790,10 @@ outrel: 
#endif /* CONFIG_NCPFS_NLS */

#endif /* CONFIG_NCPFS_NLS */





	case NCP_IOC_SETDENTRYTTL:

	case NCP_IOC_SETDENTRYTTL:

		if ((file_permission(filp, MAY_WRITE) != 0) &&

		if (file_permission(filp, MAY_WRITE) != 0 &&

				 (current->uid != server->m.mounted_uid))

		    uid != server->m.mounted_uid)

			return -EACCES;

			return -EACCES;



		{

		{

			u_int32_t user;

			u_int32_t user;