PERFORCE change 32256 for review

Peter Wemm peter at FreeBSD.org
Sat May 31 19:19:46 PDT 2003 

http://perforce.freebsd.org/chv.cgi?CH=32256

Change 32256 by peter at peter_hammer on 2003/05/31 19:19:01

	IFC @32254

Affected files ...

.. //depot/projects/hammer/etc/pam.d/README#2 integrate
.. //depot/projects/hammer/etc/rc.d/mountcritlocal#3 integrate
.. //depot/projects/hammer/lib/Makefile#16 integrate
.. //depot/projects/hammer/lib/libpam/libpam/Makefile#7 integrate
.. //depot/projects/hammer/sys/kern/sysv_ipc.c#3 integrate

Differences ...

==== //depot/projects/hammer/etc/pam.d/README#2 (text+ko) ====

@@ -30,12 +30,14 @@
    password:  update authentication tokens.
  
  control-flag: How libpam handles success or failure of the module.
-   required:   success is required, and on failure all remaining
-               modules are run.
+   required:   success is required; on failure all remaining
+               modules are run, but the request will be denied.
    requisite:  success is required, and on failure no remaining
                modules are run.
    sufficient: success is sufficient, and if no previous required
                module failed, no remaining modules are run.
+   binding:    success is sufficient; on failure all remaining
+               modules are run, but the request will be denied.
    optional:   ignored unless the other modules return PAM_IGNORE.
  
  arguments: Module-specific options, plus some generic ones:
@@ -57,4 +59,4 @@
 To get the intended semantics, add a "required" entry listing the
 pam_deny module at the end of the chain.
 
-$FreeBSD: src/etc/pam.d/README,v 1.3 2001/12/05 21:26:00 des Exp $
+$FreeBSD: src/etc/pam.d/README,v 1.4 2003/06/01 00:34:38 des Exp $

==== //depot/projects/hammer/etc/rc.d/mountcritlocal#3 (text+ko) ====

@@ -1,7 +1,7 @@
 #!/bin/sh
 #
 # $NetBSD: mountcritlocal,v 1.7 2002/04/29 12:29:53 lukem Exp $
-# $FreeBSD: src/etc/rc.d/mountcritlocal,v 1.3 2002/09/06 16:18:05 gordon Exp $
+# $FreeBSD: src/etc/rc.d/mountcritlocal,v 1.4 2003/06/01 00:32:03 gordon Exp $
 #
 
 # PROVIDE: mountcritlocal
@@ -20,7 +20,7 @@
 	FreeBSD)
 		# Set up the list of network filesystem types for which mounting
 		# should be delayed until after network initialization.
-		networkfs_types='nfs:NFS smbfs:SMB portalfs:PORTAL'
+		networkfs_types='nfs:NFS smbfs:SMB portalfs:PORTAL nwfs:NWFS'
 		case ${extra_netfs_types} in
 		[Nn][Oo])
 			;;

==== //depot/projects/hammer/lib/Makefile#16 (text+ko) ====

@@ -1,5 +1,5 @@
 #	@(#)Makefile	8.1 (Berkeley) 6/4/93
-# $FreeBSD: src/lib/Makefile,v 1.158 2003/05/31 18:43:17 mtm Exp $
+# $FreeBSD: src/lib/Makefile,v 1.159 2003/06/01 00:32:21 marcel Exp $
 
 # To satisfy shared library or ELF linkage when only the libraries being
 # built are visible:
@@ -70,6 +70,12 @@
 .endif
 .endif
 
+.if ${MACHINE_ARCH} == "ia64"
+.if !defined(NOLIBTHR)
+_libthr=	libthr
+.endif
+.endif
+
 .if ${MACHINE_ARCH} == "alpha"
 _libio=		libio
 _compat=	compat

==== //depot/projects/hammer/lib/libpam/libpam/Makefile#7 (text+ko) ====

@@ -33,7 +33,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $FreeBSD: src/lib/libpam/libpam/Makefile,v 1.44 2003/05/05 21:15:35 des Exp $
+# $FreeBSD: src/lib/libpam/libpam/Makefile,v 1.45 2003/05/31 23:38:16 des Exp $
 
 OPENPAM=	${.CURDIR}/../../../contrib/openpam
 .PATH: ${OPENPAM}/include ${OPENPAM}/lib ${OPENPAM}/doc/man
@@ -80,8 +80,7 @@
 	pam_vinfo.c \
 	pam_vprompt.c
 # Local additions
-SRCS+=	pam_debug_log.c \
-	pam_std_option.c
+SRCS+=	pam_debug_log.c
 
 MAN=	openpam.3 \
 	openpam_borrow_cred.3 \

==== //depot/projects/hammer/sys/kern/sysv_ipc.c#3 (text+ko) ====

@@ -1,4 +1,4 @@
-/* $FreeBSD: src/sys/kern/sysv_ipc.c,v 1.24 2003/01/13 23:04:31 dillon Exp $ */
+/* $FreeBSD: src/sys/kern/sysv_ipc.c,v 1.26 2003/05/31 23:31:51 rwatson Exp $ */
 /*	$NetBSD: sysv_ipc.c,v 1.7 1994/06/29 06:33:11 cgd Exp $	*/
 
 /*
@@ -76,21 +76,41 @@
 	int mode;
 {
 	struct ucred *cred = td->td_ucred;
+	int error;
 
-	/* Check for user match. */
 	if (cred->cr_uid != perm->cuid && cred->cr_uid != perm->uid) {
-		if (mode & IPC_M)
-			return (suser(td) == 0 ? 0 : EPERM);
-		/* Check for group match. */
+		/*
+		 * For a non-create/owner, we require privilege to
+		 * modify the object protections.  Note: some other
+		 * implementations permit IPC_M to be delegated to
+		 * unprivileged non-creator/owner uids/gids.
+		 */
+		if (mode & IPC_M) {
+			error = suser(td);
+			if (error)
+				return (error);
+		}
+		/*
+		 * Try to match against creator/owner group; if not, fall
+		 * back on other.
+		 */
 		mode >>= 3;
 		if (!groupmember(perm->gid, cred) &&
 		    !groupmember(perm->cgid, cred))
-			/* Check for `other' match. */
 			mode >>= 3;
+	} else {
+		/*
+		 * Always permit the creator/owner to update the object
+		 * protections regardless of whether the object mode
+		 * permits it.
+		 */
+		if (mode & IPC_M)
+			return (0);
 	}
 
-	if (mode & IPC_M)
-		return (0);
-	return ((mode & perm->mode) == mode ||
-	    suser(td) == 0 ? 0 : EACCES);
+	if ((mode & perm->mode) != mode) {
+		if (suser(td) != 0)
+			return (EACCES);
+	}
+	return (0);
 }

More information about the p4-projects mailing list