Date: Fri, 18 Oct 2002 12:56:58 -0700 (PDT) From: Brian Feldman <green@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 19574 for review Message-ID: <200210181956.g9IJuwrc078466@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=19574 Change 19574 by green@green_laptop_2 on 2002/10/18 12:56:05 Add the namei() flag NOMACCHECK to enable nfs to ignore the rest of the kernel's permission checking when operating on local files. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/vfs_lookup.c#24 edit .. //depot/projects/trustedbsd/mac/sys/nfsserver/nfs_srvsubs.c#10 edit .. //depot/projects/trustedbsd/mac/sys/sys/namei.h#6 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/vfs_lookup.c#24 (text+ko) ==== @@ -216,9 +216,12 @@ break; } #ifdef MAC - error = mac_check_vnode_readlink(td->td_ucred, ndp->ni_vp); - if (error) - break; + if ((cnp->cn_flags & NOMACCHECK) == 0) { + error = mac_check_vnode_readlink(td->td_ucred, + ndp->ni_vp); + if (error) + break; + } #endif if (ndp->ni_pathlen > 1) cp = uma_zalloc(namei_zone, M_WAITOK); @@ -471,9 +474,11 @@ */ unionlookup: #ifdef MAC - error = mac_check_vnode_lookup(td->td_ucred, dp, cnp); - if (error) - goto bad; + if ((cnp->cn_flags & NOMACCHECK) == 0) { + error = mac_check_vnode_lookup(td->td_ucred, dp, cnp); + if (error) + goto bad; + } #endif ndp->ni_dvp = dp; ndp->ni_vp = NULL; ==== //depot/projects/trustedbsd/mac/sys/nfsserver/nfs_srvsubs.c#10 (text+ko) ==== @@ -604,6 +604,7 @@ struct componentname *cnp = &ndp->ni_cnd; *retdirp = NULL; + cnp->cn_flags |= NOMACCHECK; cnp->cn_pnbuf = uma_zalloc(namei_zone, M_WAITOK); /* ==== //depot/projects/trustedbsd/mac/sys/sys/namei.h#6 (text+ko) ==== @@ -144,7 +144,8 @@ #define ISUNICODE 0x100000 /* current component name is unicode*/ #define PDIRUNLOCK 0x200000 /* filesystem lookup() unlocked parent dir */ #define NOCROSSMOUNT 0x400000 /* do not cross mount points */ -#define PARAMASK 0x3ffe00 /* mask of parameter descriptors */ +#define NOMACCHECK 0x800000 /* do not verify MAC permissions */ +#define PARAMASK 0xfffe00 /* mask of parameter descriptors */ /* * Initialization of an nameidata structure. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210181956.g9IJuwrc078466>