diff options
author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:10 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:10 -0500 |
commit | 8192b0c482d7078fcdcb4854341b977426f6f09b (patch) | |
tree | 6ab545ac9adff7fdc994c7b120b1c9d0915dd62e | |
parent | 19d65624d38d6296dddf725d1b03baa8a491a553 (diff) |
CRED: Wrap task credential accesses in the networking subsystem
Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.
Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().
Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: netdev@vger.kernel.org
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | include/net/scm.h | 4 | ||||
-rw-r--r-- | net/core/dev.c | 8 | ||||
-rw-r--r-- | net/core/scm.c | 8 | ||||
-rw-r--r-- | net/socket.c | 4 |
4 files changed, 14 insertions, 10 deletions
diff --git a/include/net/scm.h b/include/net/scm.h index 06df126103ca..f160116db54a 100644 --- a/include/net/scm.h +++ b/include/net/scm.h | |||
@@ -54,8 +54,8 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, | |||
54 | struct scm_cookie *scm) | 54 | struct scm_cookie *scm) |
55 | { | 55 | { |
56 | struct task_struct *p = current; | 56 | struct task_struct *p = current; |
57 | scm->creds.uid = p->uid; | 57 | scm->creds.uid = current_uid(); |
58 | scm->creds.gid = p->gid; | 58 | scm->creds.gid = current_gid(); |
59 | scm->creds.pid = task_tgid_vnr(p); | 59 | scm->creds.pid = task_tgid_vnr(p); |
60 | scm->fp = NULL; | 60 | scm->fp = NULL; |
61 | scm->seq = 0; | 61 | scm->seq = 0; |
diff --git a/net/core/dev.c b/net/core/dev.c index d9038e328cc1..262df226b3c9 100644 --- a/net/core/dev.c +++ b/net/core/dev.c | |||
@@ -2958,6 +2958,8 @@ static void dev_change_rx_flags(struct net_device *dev, int flags) | |||
2958 | static int __dev_set_promiscuity(struct net_device *dev, int inc) | 2958 | static int __dev_set_promiscuity(struct net_device *dev, int inc) |
2959 | { | 2959 | { |
2960 | unsigned short old_flags = dev->flags; | 2960 | unsigned short old_flags = dev->flags; |
2961 | uid_t uid; | ||
2962 | gid_t gid; | ||
2961 | 2963 | ||
2962 | ASSERT_RTNL(); | 2964 | ASSERT_RTNL(); |
2963 | 2965 | ||
@@ -2982,15 +2984,17 @@ static int __dev_set_promiscuity(struct net_device *dev, int inc) | |||
2982 | printk(KERN_INFO "device %s %s promiscuous mode\n", | 2984 | printk(KERN_INFO "device %s %s promiscuous mode\n", |
2983 | dev->name, (dev->flags & IFF_PROMISC) ? "entered" : | 2985 | dev->name, (dev->flags & IFF_PROMISC) ? "entered" : |
2984 | "left"); | 2986 | "left"); |
2985 | if (audit_enabled) | 2987 | if (audit_enabled) { |
2988 | current_uid_gid(&uid, &gid); | ||
2986 | audit_log(current->audit_context, GFP_ATOMIC, | 2989 | audit_log(current->audit_context, GFP_ATOMIC, |
2987 | AUDIT_ANOM_PROMISCUOUS, | 2990 | AUDIT_ANOM_PROMISCUOUS, |
2988 | "dev=%s prom=%d old_prom=%d auid=%u uid=%u gid=%u ses=%u", | 2991 | "dev=%s prom=%d old_prom=%d auid=%u uid=%u gid=%u ses=%u", |
2989 | dev->name, (dev->flags & IFF_PROMISC), | 2992 | dev->name, (dev->flags & IFF_PROMISC), |
2990 | (old_flags & IFF_PROMISC), | 2993 | (old_flags & IFF_PROMISC), |
2991 | audit_get_loginuid(current), | 2994 | audit_get_loginuid(current), |
2992 | current->uid, current->gid, | 2995 | uid, gid, |
2993 | audit_get_sessionid(current)); | 2996 | audit_get_sessionid(current)); |
2997 | } | ||
2994 | 2998 | ||
2995 | dev_change_rx_flags(dev, IFF_PROMISC); | 2999 | dev_change_rx_flags(dev, IFF_PROMISC); |
2996 | } | 3000 | } |
diff --git a/net/core/scm.c b/net/core/scm.c index 10f5c65f6a47..4681d8f9b45b 100644 --- a/net/core/scm.c +++ b/net/core/scm.c | |||
@@ -45,10 +45,10 @@ | |||
45 | static __inline__ int scm_check_creds(struct ucred *creds) | 45 | static __inline__ int scm_check_creds(struct ucred *creds) |
46 | { | 46 | { |
47 | if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) && | 47 | if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) && |
48 | ((creds->uid == current->uid || creds->uid == current->euid || | 48 | ((creds->uid == current_uid() || creds->uid == current_euid() || |
49 | creds->uid == current->suid) || capable(CAP_SETUID)) && | 49 | creds->uid == current_suid()) || capable(CAP_SETUID)) && |
50 | ((creds->gid == current->gid || creds->gid == current->egid || | 50 | ((creds->gid == current_gid() || creds->gid == current_egid() || |
51 | creds->gid == current->sgid) || capable(CAP_SETGID))) { | 51 | creds->gid == current_sgid()) || capable(CAP_SETGID))) { |
52 | return 0; | 52 | return 0; |
53 | } | 53 | } |
54 | return -EPERM; | 54 | return -EPERM; |
diff --git a/net/socket.c b/net/socket.c index 57550c3bcabe..62c7729527ff 100644 --- a/net/socket.c +++ b/net/socket.c | |||
@@ -491,8 +491,8 @@ static struct socket *sock_alloc(void) | |||
491 | sock = SOCKET_I(inode); | 491 | sock = SOCKET_I(inode); |
492 | 492 | ||
493 | inode->i_mode = S_IFSOCK | S_IRWXUGO; | 493 | inode->i_mode = S_IFSOCK | S_IRWXUGO; |
494 | inode->i_uid = current->fsuid; | 494 | inode->i_uid = current_fsuid(); |
495 | inode->i_gid = current->fsgid; | 495 | inode->i_gid = current_fsgid(); |
496 | 496 | ||
497 | get_cpu_var(sockets_in_use)++; | 497 | get_cpu_var(sockets_in_use)++; |
498 | put_cpu_var(sockets_in_use); | 498 | put_cpu_var(sockets_in_use); |