PERFORCE change 19574 for review

Brian Feldman green at freebsd.org
Fri Oct 18 19:56:58 GMT 2002 

http://perforce.freebsd.org/chv.cgi?CH=19574

Change 19574 by green at green_laptop_2 on 2002/10/18 12:56:05

	Add the namei() flag NOMACCHECK to enable nfs to ignore the rest
	of the kernel's permission checking when operating on local
	files.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/vfs_lookup.c#24 edit
.. //depot/projects/trustedbsd/mac/sys/nfsserver/nfs_srvsubs.c#10 edit
.. //depot/projects/trustedbsd/mac/sys/sys/namei.h#6 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/vfs_lookup.c#24 (text+ko) ====

@@ -216,9 +216,12 @@
 			break;
 		}
 #ifdef MAC
-		error = mac_check_vnode_readlink(td->td_ucred, ndp->ni_vp);
-		if (error)
-			break;
+		if ((cnp->cn_flags & NOMACCHECK) == 0) {
+			error = mac_check_vnode_readlink(td->td_ucred,
+			    ndp->ni_vp);
+			if (error)
+				break;
+		}
 #endif
 		if (ndp->ni_pathlen > 1)
 			cp = uma_zalloc(namei_zone, M_WAITOK);
@@ -471,9 +474,11 @@
 	 */
 unionlookup:
 #ifdef MAC
-	error = mac_check_vnode_lookup(td->td_ucred, dp, cnp);
-	if (error)
-		goto bad;
+	if ((cnp->cn_flags & NOMACCHECK) == 0) {
+		error = mac_check_vnode_lookup(td->td_ucred, dp, cnp);
+		if (error)
+			goto bad;
+	}
 #endif
 	ndp->ni_dvp = dp;
 	ndp->ni_vp = NULL;

==== //depot/projects/trustedbsd/mac/sys/nfsserver/nfs_srvsubs.c#10 (text+ko) ====

@@ -604,6 +604,7 @@
 	struct componentname *cnp = &ndp->ni_cnd;
 
 	*retdirp = NULL;
+	cnp->cn_flags |= NOMACCHECK;
 	cnp->cn_pnbuf = uma_zalloc(namei_zone, M_WAITOK);
 
 	/*

==== //depot/projects/trustedbsd/mac/sys/sys/namei.h#6 (text+ko) ====

@@ -144,7 +144,8 @@
 #define	ISUNICODE	0x100000 /* current component name is unicode*/
 #define	PDIRUNLOCK	0x200000 /* filesystem lookup() unlocked parent dir */
 #define	NOCROSSMOUNT	0x400000 /* do not cross mount points */
-#define	PARAMASK	0x3ffe00 /* mask of parameter descriptors */
+#define	NOMACCHECK	0x800000 /* do not verify MAC permissions */
+#define	PARAMASK	0xfffe00 /* mask of parameter descriptors */
 
 /*
  * Initialization of an nameidata structure.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list