aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-11-13 18:39:10 -0500
committerJames Morris <jmorris@namei.org>2008-11-13 18:39:10 -0500
commit8192b0c482d7078fcdcb4854341b977426f6f09b (patch)
tree6ab545ac9adff7fdc994c7b120b1c9d0915dd62e
parent19d65624d38d6296dddf725d1b03baa8a491a553 (diff)
CRED: Wrap task credential accesses in the networking subsystem
Wrap access to task credentials so that they can be separated more easily from the task_struct during the introduction of COW creds. Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id(). Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more sense to use RCU directly rather than a convenient wrapper; these will be addressed by later patches. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Cc: netdev@vger.kernel.org Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--include/net/scm.h4
-rw-r--r--net/core/dev.c8
-rw-r--r--net/core/scm.c8
-rw-r--r--net/socket.c4
4 files changed, 14 insertions, 10 deletions
diff --git a/include/net/scm.h b/include/net/scm.h
index 06df126103ca..f160116db54a 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -54,8 +54,8 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
54 struct scm_cookie *scm) 54 struct scm_cookie *scm)
55{ 55{
56 struct task_struct *p = current; 56 struct task_struct *p = current;
57 scm->creds.uid = p->uid; 57 scm->creds.uid = current_uid();
58 scm->creds.gid = p->gid; 58 scm->creds.gid = current_gid();
59 scm->creds.pid = task_tgid_vnr(p); 59 scm->creds.pid = task_tgid_vnr(p);
60 scm->fp = NULL; 60 scm->fp = NULL;
61 scm->seq = 0; 61 scm->seq = 0;
diff --git a/net/core/dev.c b/net/core/dev.c
index d9038e328cc1..262df226b3c9 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2958,6 +2958,8 @@ static void dev_change_rx_flags(struct net_device *dev, int flags)
2958static int __dev_set_promiscuity(struct net_device *dev, int inc) 2958static int __dev_set_promiscuity(struct net_device *dev, int inc)
2959{ 2959{
2960 unsigned short old_flags = dev->flags; 2960 unsigned short old_flags = dev->flags;
2961 uid_t uid;
2962 gid_t gid;
2961 2963
2962 ASSERT_RTNL(); 2964 ASSERT_RTNL();
2963 2965
@@ -2982,15 +2984,17 @@ static int __dev_set_promiscuity(struct net_device *dev, int inc)
2982 printk(KERN_INFO "device %s %s promiscuous mode\n", 2984 printk(KERN_INFO "device %s %s promiscuous mode\n",
2983 dev->name, (dev->flags & IFF_PROMISC) ? "entered" : 2985 dev->name, (dev->flags & IFF_PROMISC) ? "entered" :
2984 "left"); 2986 "left");
2985 if (audit_enabled) 2987 if (audit_enabled) {
2988 current_uid_gid(&uid, &gid);
2986 audit_log(current->audit_context, GFP_ATOMIC, 2989 audit_log(current->audit_context, GFP_ATOMIC,
2987 AUDIT_ANOM_PROMISCUOUS, 2990 AUDIT_ANOM_PROMISCUOUS,
2988 "dev=%s prom=%d old_prom=%d auid=%u uid=%u gid=%u ses=%u", 2991 "dev=%s prom=%d old_prom=%d auid=%u uid=%u gid=%u ses=%u",
2989 dev->name, (dev->flags & IFF_PROMISC), 2992 dev->name, (dev->flags & IFF_PROMISC),
2990 (old_flags & IFF_PROMISC), 2993 (old_flags & IFF_PROMISC),
2991 audit_get_loginuid(current), 2994 audit_get_loginuid(current),
2992 current->uid, current->gid, 2995 uid, gid,
2993 audit_get_sessionid(current)); 2996 audit_get_sessionid(current));
2997 }
2994 2998
2995 dev_change_rx_flags(dev, IFF_PROMISC); 2999 dev_change_rx_flags(dev, IFF_PROMISC);
2996 } 3000 }
diff --git a/net/core/scm.c b/net/core/scm.c
index 10f5c65f6a47..4681d8f9b45b 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -45,10 +45,10 @@
45static __inline__ int scm_check_creds(struct ucred *creds) 45static __inline__ int scm_check_creds(struct ucred *creds)
46{ 46{
47 if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) && 47 if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) &&
48 ((creds->uid == current->uid || creds->uid == current->euid || 48 ((creds->uid == current_uid() || creds->uid == current_euid() ||
49 creds->uid == current->suid) || capable(CAP_SETUID)) && 49 creds->uid == current_suid()) || capable(CAP_SETUID)) &&
50 ((creds->gid == current->gid || creds->gid == current->egid || 50 ((creds->gid == current_gid() || creds->gid == current_egid() ||
51 creds->gid == current->sgid) || capable(CAP_SETGID))) { 51 creds->gid == current_sgid()) || capable(CAP_SETGID))) {
52 return 0; 52 return 0;
53 } 53 }
54 return -EPERM; 54 return -EPERM;
diff --git a/net/socket.c b/net/socket.c
index 57550c3bcabe..62c7729527ff 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -491,8 +491,8 @@ static struct socket *sock_alloc(void)
491 sock = SOCKET_I(inode); 491 sock = SOCKET_I(inode);
492 492
493 inode->i_mode = S_IFSOCK | S_IRWXUGO; 493 inode->i_mode = S_IFSOCK | S_IRWXUGO;
494 inode->i_uid = current->fsuid; 494 inode->i_uid = current_fsuid();
495 inode->i_gid = current->fsgid; 495 inode->i_gid = current_fsgid();
496 496
497 get_cpu_var(sockets_in_use)++; 497 get_cpu_var(sockets_in_use)++;
498 put_cpu_var(sockets_in_use); 498 put_cpu_var(sockets_in_use);