mirror of
https://github.com/opnsense/src.git
synced 2026-05-28 04:12:45 -04:00
Pass IO_NOMACCHECK to vn_rdwr() in the following checks to prevent
enforcement of MAC policy on the read or write operations: - In ext2fs, don't enforce MAC on loop-back reads and writes supporting directory read operations in lookup(), directory modifications in rename(), directory write operations in mkdir(), symlink write operations in symlink(). - In the NFS client locking code, perform vn_rdwr() on the NFS locking socket without enforcing MAC, since the write is done on behalf of the kernel NFS implementation rather than the user process. - In UFS, don't enforce MAC on loop-back reads and writes supporting directory read operations in lookup(), and symlink write operations in symlink(). Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
This commit is contained in:
Robert Watson
parent
6ea9977209
commit
c08b677fb5
7 changed files with 34 additions and 26 deletions
|
|
@ -1009,8 +1009,9 @@ ext2_dirempty(ip, parentino, cred)
|
|||
#define MINDIRSIZ (sizeof (struct dirtemplate) / 2)
|
||||
|
||||
for (off = 0; off < ip->i_size; off += dp->rec_len) {
|
||||
error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ, off,
|
||||
UIO_SYSSPACE, IO_NODELOCKED, cred, &count, (struct thread *)0);
|
||||
error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ,
|
||||
off, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, cred,
|
||||
&count, (struct thread *)0);
|
||||
/*
|
||||
* Since we read MINDIRSIZ, residual must
|
||||
* be 0 unless we're at end of file.
|
||||
|
|
@ -1074,7 +1075,8 @@ ext2_checkpath(source, target, cred)
|
|||
}
|
||||
error = vn_rdwr(UIO_READ, vp, (caddr_t)&dirbuf,
|
||||
sizeof (struct dirtemplate), (off_t)0, UIO_SYSSPACE,
|
||||
IO_NODELOCKED, cred, (int *)0, (struct thread *)0);
|
||||
IO_NODELOCKED | IO_NOMACCHECK, cred, (int *)0,
|
||||
(struct thread *)0);
|
||||
if (error != 0)
|
||||
break;
|
||||
namlen = dirbuf.dotdot_type; /* like ufs little-endian */
|
||||
|
|
|
|||
|
|
@ -1223,7 +1223,7 @@ abortit:
|
|||
dp->i_flag |= IN_CHANGE;
|
||||
error = vn_rdwr(UIO_READ, fvp, (caddr_t)&dirbuf,
|
||||
sizeof (struct dirtemplate), (off_t)0,
|
||||
UIO_SYSSPACE, IO_NODELOCKED,
|
||||
UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
|
||||
tcnp->cn_cred, (int *)0, (struct thread *)0);
|
||||
if (error == 0) {
|
||||
/* Like ufs little-endian: */
|
||||
|
|
@ -1239,9 +1239,9 @@ abortit:
|
|||
(caddr_t)&dirbuf,
|
||||
sizeof (struct dirtemplate),
|
||||
(off_t)0, UIO_SYSSPACE,
|
||||
IO_NODELOCKED|IO_SYNC,
|
||||
tcnp->cn_cred, (int *)0,
|
||||
(struct thread *)0);
|
||||
IO_NODELOCKED | IO_SYNC |
|
||||
IO_NOMACCHECK, tcnp->cn_cred,
|
||||
(int *)0, (struct thread *)0);
|
||||
cache_purge(fdvp);
|
||||
}
|
||||
}
|
||||
|
|
@ -1376,7 +1376,8 @@ ext2_mkdir(ap)
|
|||
dirtemplate.dotdot_reclen = DIRBLKSIZ - 12;
|
||||
error = vn_rdwr(UIO_WRITE, tvp, (caddr_t)&dirtemplate,
|
||||
sizeof (dirtemplate), (off_t)0, UIO_SYSSPACE,
|
||||
IO_NODELOCKED|IO_SYNC, cnp->cn_cred, (int *)0, (struct thread *)0);
|
||||
IO_NODELOCKED | IO_SYNC | IO_NOMACCHECK, cnp->cn_cred, (int *)0,
|
||||
(struct thread *)0);
|
||||
if (error) {
|
||||
dp->i_nlink--;
|
||||
dp->i_flag |= IN_CHANGE;
|
||||
|
|
@ -1512,8 +1513,8 @@ ext2_symlink(ap)
|
|||
ip->i_flag |= IN_CHANGE | IN_UPDATE;
|
||||
} else
|
||||
error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0,
|
||||
UIO_SYSSPACE, IO_NODELOCKED, ap->a_cnp->cn_cred, (int *)0,
|
||||
(struct thread *)0);
|
||||
UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
|
||||
ap->a_cnp->cn_cred, (int *)0, (struct thread *)0);
|
||||
if (error)
|
||||
vput(vp);
|
||||
return (error);
|
||||
|
|
|
|||
|
|
@ -1009,8 +1009,9 @@ ext2_dirempty(ip, parentino, cred)
|
|||
#define MINDIRSIZ (sizeof (struct dirtemplate) / 2)
|
||||
|
||||
for (off = 0; off < ip->i_size; off += dp->rec_len) {
|
||||
error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ, off,
|
||||
UIO_SYSSPACE, IO_NODELOCKED, cred, &count, (struct thread *)0);
|
||||
error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ,
|
||||
off, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, cred,
|
||||
&count, (struct thread *)0);
|
||||
/*
|
||||
* Since we read MINDIRSIZ, residual must
|
||||
* be 0 unless we're at end of file.
|
||||
|
|
@ -1074,7 +1075,8 @@ ext2_checkpath(source, target, cred)
|
|||
}
|
||||
error = vn_rdwr(UIO_READ, vp, (caddr_t)&dirbuf,
|
||||
sizeof (struct dirtemplate), (off_t)0, UIO_SYSSPACE,
|
||||
IO_NODELOCKED, cred, (int *)0, (struct thread *)0);
|
||||
IO_NODELOCKED | IO_NOMACCHECK, cred, (int *)0,
|
||||
(struct thread *)0);
|
||||
if (error != 0)
|
||||
break;
|
||||
namlen = dirbuf.dotdot_type; /* like ufs little-endian */
|
||||
|
|
|
|||
|
|
@ -1223,7 +1223,7 @@ abortit:
|
|||
dp->i_flag |= IN_CHANGE;
|
||||
error = vn_rdwr(UIO_READ, fvp, (caddr_t)&dirbuf,
|
||||
sizeof (struct dirtemplate), (off_t)0,
|
||||
UIO_SYSSPACE, IO_NODELOCKED,
|
||||
UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
|
||||
tcnp->cn_cred, (int *)0, (struct thread *)0);
|
||||
if (error == 0) {
|
||||
/* Like ufs little-endian: */
|
||||
|
|
@ -1239,9 +1239,9 @@ abortit:
|
|||
(caddr_t)&dirbuf,
|
||||
sizeof (struct dirtemplate),
|
||||
(off_t)0, UIO_SYSSPACE,
|
||||
IO_NODELOCKED|IO_SYNC,
|
||||
tcnp->cn_cred, (int *)0,
|
||||
(struct thread *)0);
|
||||
IO_NODELOCKED | IO_SYNC |
|
||||
IO_NOMACCHECK, tcnp->cn_cred,
|
||||
(int *)0, (struct thread *)0);
|
||||
cache_purge(fdvp);
|
||||
}
|
||||
}
|
||||
|
|
@ -1376,7 +1376,8 @@ ext2_mkdir(ap)
|
|||
dirtemplate.dotdot_reclen = DIRBLKSIZ - 12;
|
||||
error = vn_rdwr(UIO_WRITE, tvp, (caddr_t)&dirtemplate,
|
||||
sizeof (dirtemplate), (off_t)0, UIO_SYSSPACE,
|
||||
IO_NODELOCKED|IO_SYNC, cnp->cn_cred, (int *)0, (struct thread *)0);
|
||||
IO_NODELOCKED | IO_SYNC | IO_NOMACCHECK, cnp->cn_cred, (int *)0,
|
||||
(struct thread *)0);
|
||||
if (error) {
|
||||
dp->i_nlink--;
|
||||
dp->i_flag |= IN_CHANGE;
|
||||
|
|
@ -1512,8 +1513,8 @@ ext2_symlink(ap)
|
|||
ip->i_flag |= IN_CHANGE | IN_UPDATE;
|
||||
} else
|
||||
error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0,
|
||||
UIO_SYSSPACE, IO_NODELOCKED, ap->a_cnp->cn_cred, (int *)0,
|
||||
(struct thread *)0);
|
||||
UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
|
||||
ap->a_cnp->cn_cred, (int *)0, (struct thread *)0);
|
||||
if (error)
|
||||
vput(vp);
|
||||
return (error);
|
||||
|
|
|
|||
|
|
@ -163,7 +163,7 @@ nfs_dolock(struct vop_advlock_args *ap)
|
|||
VOP_UNLOCK(wvp, 0, td); /* vn_open leaves it locked */
|
||||
|
||||
|
||||
ioflg = IO_UNIT;
|
||||
ioflg = IO_UNIT | IO_NOMACCHECK;
|
||||
for (;;) {
|
||||
VOP_LEASE(wvp, td, thread0.td_ucred, LEASE_WRITE);
|
||||
|
||||
|
|
|
|||
|
|
@ -1151,8 +1151,9 @@ ufs_dirempty(ip, parentino, cred)
|
|||
#define MINDIRSIZ (sizeof (struct dirtemplate) / 2)
|
||||
|
||||
for (off = 0; off < ip->i_size; off += dp->d_reclen) {
|
||||
error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ, off,
|
||||
UIO_SYSSPACE, IO_NODELOCKED, cred, &count, (struct thread *)0);
|
||||
error = vn_rdwr(UIO_READ, ITOV(ip), (caddr_t)dp, MINDIRSIZ,
|
||||
off, UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK, cred,
|
||||
&count, (struct thread *)0);
|
||||
/*
|
||||
* Since we read MINDIRSIZ, residual must
|
||||
* be 0 unless we're at end of file.
|
||||
|
|
@ -1224,7 +1225,8 @@ ufs_checkpath(source, target, cred)
|
|||
}
|
||||
error = vn_rdwr(UIO_READ, vp, (caddr_t)&dirbuf,
|
||||
sizeof (struct dirtemplate), (off_t)0, UIO_SYSSPACE,
|
||||
IO_NODELOCKED, cred, (int *)0, (struct thread *)0);
|
||||
IO_NODELOCKED | IO_NOMACCHECK, cred, (int *)0,
|
||||
(struct thread *)0);
|
||||
if (error != 0)
|
||||
break;
|
||||
# if (BYTE_ORDER == LITTLE_ENDIAN)
|
||||
|
|
|
|||
|
|
@ -1821,8 +1821,8 @@ ufs_symlink(ap)
|
|||
ip->i_flag |= IN_CHANGE | IN_UPDATE;
|
||||
} else
|
||||
error = vn_rdwr(UIO_WRITE, vp, ap->a_target, len, (off_t)0,
|
||||
UIO_SYSSPACE, IO_NODELOCKED, ap->a_cnp->cn_cred, (int *)0,
|
||||
(struct thread *)0);
|
||||
UIO_SYSSPACE, IO_NODELOCKED | IO_NOMACCHECK,
|
||||
ap->a_cnp->cn_cred, (int *)0, (struct thread *)0);
|
||||
if (error)
|
||||
vput(vp);
|
||||
return (error);
|
||||
|
|
|
|||
Loading…
Reference in a new issue