RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 12:38:12 +00:00
Code Issues Activity Actions

Kernel: Make File::{chown,chmod} take credentials as input

Browse source 
...instead of getting them from Process::current(). :^)
This commit is contained in:
Andreas Kling 2022-08-21 16:15:29 +02:00
parent c3351d4b9f
commit 006f753647
10 changed files with 26 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Kernel/Coredump.cpp
View file

@ -346,7 +346,7 @@ ErrorOr<void> Coredump::write()
TRY(write_regions()); TRY(write_regions());
TRY(write_notes_segment(builder.bytes())); TRY(write_notes_segment(builder.bytes()));
return m_description->chmod(0600); // Make coredump file read/writable return m_description->chmod(Process::current().credentials(), 0600); // Make coredump file read/writable
} }
} }

4
Kernel/FileSystem/File.h
View file

@ -98,8 +98,8 @@ public:
virtual ErrorOr<void> truncate(u64) { return EINVAL; } virtual ErrorOr<void> truncate(u64) { return EINVAL; }
virtual ErrorOr<void> sync() { return EINVAL; } virtual ErrorOr<void> sync() { return EINVAL; }
virtual ErrorOr<void> chown(OpenFileDescription&, UserID, GroupID) { return EBADF; } virtual ErrorOr<void> chown(Credentials const&, OpenFileDescription&, UserID, GroupID) { return EBADF; }
virtual ErrorOr<void> chmod(OpenFileDescription&, mode_t) { return EBADF; } virtual ErrorOr<void> chmod(Credentials const&, OpenFileDescription&, mode_t) { return EBADF; }
virtual StringView class_name() const = 0; virtual StringView class_name() const = 0;

8
Kernel/FileSystem/InodeFile.cpp
View file

@ -115,18 +115,18 @@ ErrorOr<void> InodeFile::sync()
return {}; return {};
} }
ErrorOr<void> InodeFile::chown(OpenFileDescription& description, UserID uid, GroupID gid) ErrorOr<void> InodeFile::chown(Credentials const& credentials, OpenFileDescription& description, UserID uid, GroupID gid)
{ {
VERIFY(description.inode() == m_inode); VERIFY(description.inode() == m_inode);
VERIFY(description.custody()); VERIFY(description.custody());
return VirtualFileSystem::the().chown(Process::current().credentials(), *description.custody(), uid, gid); return VirtualFileSystem::the().chown(credentials, *description.custody(), uid, gid);
} }
ErrorOr<void> InodeFile::chmod(OpenFileDescription& description, mode_t mode) ErrorOr<void> InodeFile::chmod(Credentials const& credentials, OpenFileDescription& description, mode_t mode)
{ {
VERIFY(description.inode() == m_inode); VERIFY(description.inode() == m_inode);
VERIFY(description.custody()); VERIFY(description.custody());
return VirtualFileSystem::the().chmod(Process::current().credentials(), *description.custody(), mode); return VirtualFileSystem::the().chmod(credentials, *description.custody(), mode);
} }
} }

4
Kernel/FileSystem/InodeFile.h
View file

@ -40,8 +40,8 @@ public:
virtual ErrorOr<void> truncate(u64) override; virtual ErrorOr<void> truncate(u64) override;
virtual ErrorOr<void> sync() override; virtual ErrorOr<void> sync() override;
virtual ErrorOr<void> chown(OpenFileDescription&, UserID, GroupID) override; virtual ErrorOr<void> chown(Credentials const&, OpenFileDescription&, UserID, GroupID) override;
virtual ErrorOr<void> chmod(OpenFileDescription&, mode_t) override; virtual ErrorOr<void> chmod(Credentials const&, OpenFileDescription&, mode_t) override;
virtual StringView class_name() const override { return "InodeFile"sv; } virtual StringView class_name() const override { return "InodeFile"sv; }

8
Kernel/FileSystem/OpenFileDescription.cpp
View file

@ -430,14 +430,14 @@ void OpenFileDescription::set_file_flags(u32 flags)
}); });
} }
ErrorOr<void> OpenFileDescription::chmod(mode_t mode) ErrorOr<void> OpenFileDescription::chmod(Credentials const& credentials, mode_t mode)
{ {
return m_file->chmod(*this, mode); return m_file->chmod(credentials, *this, mode);
} }
ErrorOr<void> OpenFileDescription::chown(UserID uid, GroupID gid) ErrorOr<void> OpenFileDescription::chown(Credentials const& credentials, UserID uid, GroupID gid)
{ {
return m_file->chown(*this, uid, gid); return m_file->chown(credentials, *this, uid, gid);
} }
FileBlockerSet& OpenFileDescription::blocker_set() FileBlockerSet& OpenFileDescription::blocker_set()

4
Kernel/FileSystem/OpenFileDescription.h
View file

@ -50,7 +50,7 @@ public:
ErrorOr<size_t> read(UserOrKernelBuffer&, u64 offset, size_t); ErrorOr<size_t> read(UserOrKernelBuffer&, u64 offset, size_t);
ErrorOr<size_t> write(u64 offset, UserOrKernelBuffer const&, size_t); ErrorOr<size_t> write(u64 offset, UserOrKernelBuffer const&, size_t);
ErrorOr<void> chmod(mode_t); ErrorOr<void> chmod(Credentials const& credentials, mode_t);
bool can_read() const; bool can_read() const;
bool can_write() const; bool can_write() const;
@ -121,7 +121,7 @@ public:
off_t offset() const; off_t offset() const;
ErrorOr<void> chown(UserID, GroupID); ErrorOr<void> chown(Credentials const& credentials, UserID, GroupID);
FileBlockerSet& blocker_set(); FileBlockerSet& blocker_set();

11
Kernel/Net/LocalSocket.cpp
View file

@ -445,8 +445,10 @@ ErrorOr<void> LocalSocket::ioctl(OpenFileDescription& description, unsigned requ
return EINVAL; return EINVAL;
} }
ErrorOr<void> LocalSocket::chmod(OpenFileDescription&, mode_t mode) ErrorOr<void> LocalSocket::chmod(Credentials const&, OpenFileDescription&, mode_t mode)
{ {
// FIXME: Use the credentials.
auto inode = m_inode.strong_ref(); auto inode = m_inode.strong_ref();
if (inode) if (inode)
return inode->chmod(mode); return inode->chmod(mode);
@ -455,14 +457,15 @@ ErrorOr<void> LocalSocket::chmod(OpenFileDescription&, mode_t mode)
return {}; return {};
} }
ErrorOr<void> LocalSocket::chown(OpenFileDescription&, UserID uid, GroupID gid) ErrorOr<void> LocalSocket::chown(Credentials const& credentials, OpenFileDescription&, UserID uid, GroupID gid)
{ {
// FIXME: Use the credentials.
auto inode = m_inode.strong_ref(); auto inode = m_inode.strong_ref();
if (inode) if (inode)
return inode->chown(uid, gid); return inode->chown(uid, gid);
auto& current_process = Process::current(); if (!credentials.is_superuser() && (credentials.euid() != uid || !credentials.in_group(gid)))
if (!current_process.is_superuser() && (current_process.euid() != uid || !current_process.in_group(gid)))
return set_so_error(EPERM); return set_so_error(EPERM);
m_prebind_uid = uid; m_prebind_uid = uid;

4
Kernel/Net/LocalSocket.h
View file

@ -49,8 +49,8 @@ public:
virtual ErrorOr<size_t> recvfrom(OpenFileDescription&, UserOrKernelBuffer&, size_t, int flags, Userspace<sockaddr*>, Userspace<socklen_t*>, Time&) override; virtual ErrorOr<size_t> recvfrom(OpenFileDescription&, UserOrKernelBuffer&, size_t, int flags, Userspace<sockaddr*>, Userspace<socklen_t*>, Time&) override;
virtual ErrorOr<void> getsockopt(OpenFileDescription&, int level, int option, Userspace<void*>, Userspace<socklen_t*>) override; virtual ErrorOr<void> getsockopt(OpenFileDescription&, int level, int option, Userspace<void*>, Userspace<socklen_t*>) override;
virtual ErrorOr<void> ioctl(OpenFileDescription&, unsigned request, Userspace<void*> arg) override; virtual ErrorOr<void> ioctl(OpenFileDescription&, unsigned request, Userspace<void*> arg) override;
virtual ErrorOr<void> chown(OpenFileDescription&, UserID, GroupID) override; virtual ErrorOr<void> chown(Credentials const&, OpenFileDescription&, UserID, GroupID) override;
virtual ErrorOr<void> chmod(OpenFileDescription&, mode_t) override; virtual ErrorOr<void> chmod(Credentials const&, OpenFileDescription&, mode_t) override;
private: private:
explicit LocalSocket(int type, NonnullOwnPtr<DoubleBuffer> client_buffer, NonnullOwnPtr<DoubleBuffer> server_buffer); explicit LocalSocket(int type, NonnullOwnPtr<DoubleBuffer> client_buffer, NonnullOwnPtr<DoubleBuffer> server_buffer);

2
Kernel/Syscalls/chmod.cpp
View file

@ -37,7 +37,7 @@ ErrorOr<FlatPtr> Process::sys$fchmod(int fd, mode_t mode)
VERIFY_NO_PROCESS_BIG_LOCK(this); VERIFY_NO_PROCESS_BIG_LOCK(this);
TRY(require_promise(Pledge::fattr)); TRY(require_promise(Pledge::fattr));
auto description = TRY(open_file_description(fd)); auto description = TRY(open_file_description(fd));
TRY(description->chmod(mode)); TRY(description->chmod(credentials(), mode));
return 0; return 0;
} }

2
Kernel/Syscalls/chown.cpp
View file

@ -17,7 +17,7 @@ ErrorOr<FlatPtr> Process::sys$fchown(int fd, UserID uid, GroupID gid)
VERIFY_NO_PROCESS_BIG_LOCK(this); VERIFY_NO_PROCESS_BIG_LOCK(this);
TRY(require_promise(Pledge::chown)); TRY(require_promise(Pledge::chown));
auto description = TRY(open_file_description(fd)); auto description = TRY(open_file_description(fd));
TRY(description->chown(uid, gid)); TRY(description->chown(credentials(), uid, gid));
return 0; return 0;
} }