[hurd] 16/31: libtrivfs: fix notion of privileged user

[Samuel Thibault]

This is an automated email from the git hooks/post-receive script.

sthibault pushed a commit to branch upstream
in repository hurd.

commit 94ce9fa4c443ec9a0e6ecc92cb6b07534c321c75
Author: Justus Winter <address@hidden>
Date:   Mon Apr 25 01:38:45 2016 +0200

    libtrivfs: fix notion of privileged user
    
    Set 'is_root' if the node has been opened by the root user (this was
    the old behavior) or if it has been opened by the user the translator
    is executing under.
    
    This fixes the irritating bug that an unprivileged user cannot control
    her own trivfs-based translators.  It does not change how privileged
    trivfs translators work.
    
    * libtrivfs/io-reauthenticate.c (trivfs_S_io_reauthenticate): Use the
    new function to compute 'isroot'.
    * libtrivfs/io-restrict-auth.c (trivfs_S_io_restrict_auth): Likewise.
    * libtrivfs/open.c (trivfs_open): Likewise.
    * libtrivfs/priv.h (_is_privileged): New function.
    * libtrivfs/trivfs.h (struct peropen): Clarify what 'isroot' means.
---
 libtrivfs/io-reauthenticate.c | 3 +--
 libtrivfs/io-restrict-auth.c  | 4 +---
 libtrivfs/open.c              | 2 +-
 libtrivfs/priv.h              | 9 +++++++++
 libtrivfs/trivfs.h            | 3 ++-
 5 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/libtrivfs/io-reauthenticate.c b/libtrivfs/io-reauthenticate.c
index 35775e5..72684e3 100644
--- a/libtrivfs/io-reauthenticate.c
+++ b/libtrivfs/io-reauthenticate.c
@@ -59,8 +59,7 @@ trivfs_S_io_reauthenticate (struct trivfs_protid *cred,
     return err;
 
   mach_port_deallocate (mach_task_self (), newright);
-  if (idvec_contains (newcred->user->uids, 0))
-    newcred->isroot = 1;
+  newcred->isroot = _is_privileged (newcred->user->uids);
 
   newcred->hook = cred->hook;
   newcred->po = cred->po;
diff --git a/libtrivfs/io-restrict-auth.c b/libtrivfs/io-restrict-auth.c
index cb4224d..6c807f1 100644
--- a/libtrivfs/io-restrict-auth.c
+++ b/libtrivfs/io-restrict-auth.c
@@ -109,11 +109,9 @@ trivfs_S_io_restrict_auth (struct trivfs_protid *cred,
       return err;
     }
 
-  newcred->isroot = 0;
   newcred->po = cred->po;
   refcount_ref (&newcred->po->refcnt);
-  if (cred->isroot && idvec_contains (user->uids, 0))
-    newcred->isroot = 1;
+  newcred->isroot = cred->isroot && _is_privileged (user->uids);
   newcred->user = user;
   newcred->hook = cred->hook;
 
diff --git a/libtrivfs/open.c b/libtrivfs/open.c
index 97e70a1..35a9452 100644
--- a/libtrivfs/open.c
+++ b/libtrivfs/open.c
@@ -56,7 +56,7 @@ trivfs_open (struct trivfs_control *cntl,
       if (! err)
        {
          new->user = user;
-         new->isroot = idvec_contains (user->uids, 0);
+         new->isroot = _is_privileged (user->uids);
 
          new->po = po;
          new->hook = 0;
diff --git a/libtrivfs/priv.h b/libtrivfs/priv.h
index d92fe33..4bdd4f7 100644
--- a/libtrivfs/priv.h
+++ b/libtrivfs/priv.h
@@ -21,6 +21,15 @@
 #include <mach.h>
 #include <hurd.h>
 #include <hurd/ports.h>
+#include <idvec.h>
+#include <unistd.h>
 #include "trivfs.h"
 
+/* Returns true if UIDS contains either 0 or our user id.  */
+static inline int
+_is_privileged (struct idvec *uids)
+{
+  return idvec_contains (uids, 0) || idvec_contains (uids, getuid ());
+}
+
 #endif
diff --git a/libtrivfs/trivfs.h b/libtrivfs/trivfs.h
index d81c4f9..49cc765 100644
--- a/libtrivfs/trivfs.h
+++ b/libtrivfs/trivfs.h
@@ -30,7 +30,8 @@ struct trivfs_protid
 {
   struct port_info pi;
   struct iouser *user;
-  int isroot;
+  int isroot;                  /* Opened by a privileged user, either
+                                  root or our own user.  */
   /* REALNODE will be null if this protid wasn't fully created (currently
      only in the case where trivfs_protid_create_hook returns an error).  */
   mach_port_t realnode;                /* restricted permissions */

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-hurd/hurd.git