Attempt to rationalize NFS privileges:

- Replace PRIV_NFSD with PRIV_NFS_DAEMON, add PRIV_NFS_LOCKD. - Use PRIV_NFS_DAEMON in the NFS server. - In the NFS client, move the privilege check from nfslockdans(), which occurs every time a write is performed on /dev/nfslock, and instead do it in nfslock_open() just once. This allows us to avoid checking the saved uid for root, and just use the effective on open. Use PRIV_NFS_LOCKD.
svn path=/head/; revision=168931
2024-11-30 08:19:09 +00:00 · 2007-04-21 18:11:19 +00:00 · 2007-04-21 18:11:19 +00:00 · dc4725135d · 2020-12-20 02:59:44 +00:00
commit dc4725135d
parent 31b4f4a916
3 changed files with 12 additions and 13 deletions
--- a/sys/nfsclient/nfs_lock.c
+++ b/sys/nfsclient/nfs_lock.c
@ -43,6 +43,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/mbuf.h>
 #include <sys/mount.h>
 #include <sys/namei.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/resourcevar.h>
 #include <sys/socket.h>
@ -85,6 +86,10 @@ nfslock_open(struct cdev *dev, int oflags, int devtype, struct thread *td)
 {
 	int error;

+	error = priv_check(td, PRIV_NFS_LOCKD);
+	if (error)
+		return (error);
+
 	mtx_lock(&nfslock_mtx);
 	if (!nfslock_isopen) {
 		error = 0;
@ -339,17 +344,6 @@ static int
 nfslockdans(struct thread *td, struct lockd_ans *ansp)
 {
 	struct proc *targetp;
-	int error;
-
-	/* Let root, or someone who once was root (lockd generally
-	 * switches to the daemon uid once it is done setting up) make
-	 * this call.
-	 *
-	 * XXX This authorization check is probably not right.
-	 */
-	if ((error = suser(td)) != 0 &&
-	    td->td_ucred->cr_svuid != 0)
-		return (error);

 	/* the version should match, or we're out of sync */
 	if (ansp->la_vers != LOCKD_ANS_VERSION)
--- a/sys/nfsserver/nfs_syscalls.c
+++ b/sys/nfsserver/nfs_syscalls.c
@ -139,7 +139,7 @@ nfssvc(struct thread *td, struct nfssvc_args *uap)
 	if (error)
 		return (error);
 #endif
-	error = priv_check(td, PRIV_NFSD);
+	error = priv_check(td, PRIV_NFS_DAEMON);
 	if (error)
 		return (error);
 	NET_LOCK_GIANT();
--- a/sys/sys/priv.h
+++ b/sys/sys/priv.h
@ -72,7 +72,6 @@
 #define	PRIV_MAXPROC		4	/* Exceed system processes limit. */
 #define	PRIV_KTRACE		5	/* Set/clear KTRFAC_ROOT on ktrace. */
 #define	PRIV_SETDUMPER		6	/* Configure dump device. */
-#define	PRIV_NFSD		7	/* Can become NFS daemon. */
 #define	PRIV_REBOOT		8	/* Can reboot system. */
 #define	PRIV_SWAPON		9	/* Can swapon(). */
 #define	PRIV_SWAPOFF		10	/* Can swapoff(). */
@ -235,6 +234,12 @@
 #define	PRIV_ZFS_JAIL		282	/* Can attach/detach ZFS file systems
 					   to/from jails. */

+/*
+ * NFS-specific privileges.
+ */
+#define	PRIV_NFS_DAEMON		290	/* Can become the NFS daemon. */
+#define	PRIV_NFS_LOCKD		291	/* Can become NFS lock daemon. */
+
 /*
 * VFS privileges.
 */