CRED: Wrap task credential accesses in the networking subsystem
David Howells [Thu, 13 Nov 2008 23:39:10 +0000 (10:39 +1100)]
Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.

Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().

Change some task->e?[ug]id to task_e?[ug]id().  In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: netdev@vger.kernel.org
Signed-off-by: James Morris <jmorris@namei.org>

include/net/scm.h
net/core/dev.c
net/core/scm.c
net/socket.c

index 06df126..f160116 100644 (file)
@@ -54,8 +54,8 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
                               struct scm_cookie *scm)
 {
        struct task_struct *p = current;
-       scm->creds.uid = p->uid;
-       scm->creds.gid = p->gid;
+       scm->creds.uid = current_uid();
+       scm->creds.gid = current_gid();
        scm->creds.pid = task_tgid_vnr(p);
        scm->fp = NULL;
        scm->seq = 0;
index d9038e3..262df22 100644 (file)
@@ -2958,6 +2958,8 @@ static void dev_change_rx_flags(struct net_device *dev, int flags)
 static int __dev_set_promiscuity(struct net_device *dev, int inc)
 {
        unsigned short old_flags = dev->flags;
+       uid_t uid;
+       gid_t gid;
 
        ASSERT_RTNL();
 
@@ -2982,15 +2984,17 @@ static int __dev_set_promiscuity(struct net_device *dev, int inc)
                printk(KERN_INFO "device %s %s promiscuous mode\n",
                       dev->name, (dev->flags & IFF_PROMISC) ? "entered" :
                                                               "left");
-               if (audit_enabled)
+               if (audit_enabled) {
+                       current_uid_gid(&uid, &gid);
                        audit_log(current->audit_context, GFP_ATOMIC,
                                AUDIT_ANOM_PROMISCUOUS,
                                "dev=%s prom=%d old_prom=%d auid=%u uid=%u gid=%u ses=%u",
                                dev->name, (dev->flags & IFF_PROMISC),
                                (old_flags & IFF_PROMISC),
                                audit_get_loginuid(current),
-                               current->uid, current->gid,
+                               uid, gid,
                                audit_get_sessionid(current));
+               }
 
                dev_change_rx_flags(dev, IFF_PROMISC);
        }
index 10f5c65..4681d8f 100644 (file)
 static __inline__ int scm_check_creds(struct ucred *creds)
 {
        if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) &&
-           ((creds->uid == current->uid || creds->uid == current->euid ||
-             creds->uid == current->suid) || capable(CAP_SETUID)) &&
-           ((creds->gid == current->gid || creds->gid == current->egid ||
-             creds->gid == current->sgid) || capable(CAP_SETGID))) {
+           ((creds->uid == current_uid()   || creds->uid == current_euid() ||
+             creds->uid == current_suid()) || capable(CAP_SETUID)) &&
+           ((creds->gid == current_gid()   || creds->gid == current_egid() ||
+             creds->gid == current_sgid()) || capable(CAP_SETGID))) {
               return 0;
        }
        return -EPERM;
index 57550c3..62c7729 100644 (file)
@@ -491,8 +491,8 @@ static struct socket *sock_alloc(void)
        sock = SOCKET_I(inode);
 
        inode->i_mode = S_IFSOCK | S_IRWXUGO;
-       inode->i_uid = current->fsuid;
-       inode->i_gid = current->fsgid;
+       inode->i_uid = current_fsuid();
+       inode->i_gid = current_fsgid();
 
        get_cpu_var(sockets_in_use)++;
        put_cpu_var(sockets_in_use);