diff options
| author |   natano <natano@openbsd.org> | 2016-09-07 17:30:12 +0000 |
|---|---|---|
| committer | natano <natano@openbsd.org> | 2016-09-07 17:30:12 +0000 |
| commit | 685efd6e237bac10bf050abeb268b8aa2ef9897f (patch) | |
| tree | 14b5adf8088adb6e24321f8578a720ecb0e4a61f | |
| parent | Trivial cleanup: Pass pointers of the correct types to the private (diff) | |
| download | wireguard-openbsd-685efd6e237bac10bf050abeb268b8aa2ef9897f.tar.xz wireguard-openbsd-685efd6e237bac10bf050abeb268b8aa2ef9897f.zip | |
Remove usermount remnants. ok tedu
| -rw-r--r-- | lib/libc/gen/sysctl.3 | 7 | ||||
| -rw-r--r-- | sbin/sysctl/sysctl.8 | 5 | ||||
| -rw-r--r-- | sys/isofs/cd9660/cd9660_vfsops.c | 15 | ||||
| -rw-r--r-- | sys/isofs/udf/udf_vfsops.c | 13 | ||||
| -rw-r--r-- | sys/kern/kern_sysctl.c | 6 | ||||
| -rw-r--r-- | sys/kern/vfs_syscalls.c | 63 | ||||
| -rw-r--r-- | sys/msdosfs/msdosfs_vfsops.c | 35 | ||||
| -rw-r--r-- | sys/ntfs/ntfs_vfsops.c | 14 | ||||
| -rw-r--r-- | sys/sys/sysctl.h | 6 | ||||
| -rw-r--r-- | sys/ufs/ext2fs/ext2fs_vfsops.c | 30 | ||||
| -rw-r--r-- | sys/ufs/ffs/ffs_vfsops.c | 31 |
11 files changed, 20 insertions, 205 deletions
diff --git a/lib/libc/gen/sysctl.3 b/lib/libc/gen/sysctl.3 index 0c6312c52dc..2d2c4ae4e00 100644 --- a/lib/libc/gen/sysctl.3 +++ b/lib/libc/gen/sysctl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.3,v 1.267 2016/07/20 09:15:28 bluhm Exp $ +.\" $OpenBSD: sysctl.3,v 1.268 2016/09/07 17:30:12 natano Exp $ .\" .\" Copyright (c) 1993 .\" The Regents of the University of California. All rights reserved. @@ -27,7 +27,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: July 20 2016 $ +.Dd $Mdocdate: September 7 2016 $ .Dt SYSCTL 3 .Os .Sh NAME @@ -474,7 +474,6 @@ information. .It Dv KERN_TIMECOUNTER Ta "node" Ta "not applicable" .It Dv KERN_TTY Ta "node" Ta "not applicable" .It Dv KERN_TTYCOUNT Ta "integer" Ta "no" -.It Dv KERN_USERMOUNT Ta "integer" Ta "yes" .It Dv KERN_VERSION Ta "string" Ta "no" .It Dv KERN_WATCHDOG Ta "node" Ta "not applicable" .It Dv KERN_WXABORT Ta "integer" Ta "yes" @@ -1016,8 +1015,6 @@ Returns the number of input characters in raw mode. Number of available .Xr tty 4 devices. -.It Dv KERN_USERMOUNT -Currently a no-op. .It Dv KERN_VERSION The system version string. .It Dv KERN_WATCHDOG diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8 index ac5917e7379..e62a4111cc7 100644 --- a/sbin/sysctl/sysctl.8 +++ b/sbin/sysctl/sysctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.8,v 1.204 2016/07/27 20:51:46 tedu Exp $ +.\" $OpenBSD: sysctl.8,v 1.205 2016/09/07 17:30:12 natano Exp $ .\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ .\" .\" Copyright (c) 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)sysctl.8 8.2 (Berkeley) 5/9/95 .\" -.Dd $Mdocdate: July 27 2016 $ +.Dd $Mdocdate: September 7 2016 $ .Dt SYSCTL 8 .Os .Sh NAME @@ -139,7 +139,6 @@ and a few require a kernel compiled with non-standard .It kern.osversion Ta string Ta no .It kern.somaxconn Ta integer Ta yes .It kern.sominconn Ta integer Ta yes -.It kern.usermount Ta integer Ta yes .It kern.nosuidcoredump Ta integer Ta yes .It kern.fsync Ta integer Ta no .It kern.sysvmsg Ta integer Ta no diff --git a/sys/isofs/cd9660/cd9660_vfsops.c b/sys/isofs/cd9660/cd9660_vfsops.c index 791d822d3b6..131a88a46be 100644 --- a/sys/isofs/cd9660/cd9660_vfsops.c +++ b/sys/isofs/cd9660/cd9660_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cd9660_vfsops.c,v 1.82 2016/09/02 10:16:03 tom Exp $ */ +/* $OpenBSD: cd9660_vfsops.c,v 1.83 2016/09/07 17:30:12 natano Exp $ */ /* $NetBSD: cd9660_vfsops.c,v 1.26 1997/06/13 15:38:58 pk Exp $ */ /*- @@ -179,19 +179,6 @@ cd9660_mount(mp, path, data, ndp, p) return (ENXIO); } - /* - * If mount by non-root, then verify that user has necessary - * permissions on the device. - */ - if (suser(p, 0) != 0) { - vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); - error = VOP_ACCESS(devvp, VREAD, p->p_ucred, p); - if (error) { - vput(devvp); - return (error); - } - VOP_UNLOCK(devvp, p); - } if ((mp->mnt_flag & MNT_UPDATE) == 0) error = iso_mountfs(devvp, mp, p, &args); else { diff --git a/sys/isofs/udf/udf_vfsops.c b/sys/isofs/udf/udf_vfsops.c index cfb98a3df1d..45df2b77535 100644 --- a/sys/isofs/udf/udf_vfsops.c +++ b/sys/isofs/udf/udf_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udf_vfsops.c,v 1.54 2016/08/25 00:06:44 dlg Exp $ */ +/* $OpenBSD: udf_vfsops.c,v 1.55 2016/09/07 17:30:12 natano Exp $ */ /* * Copyright (c) 2001, 2002 Scott Long <scottl@freebsd.org> @@ -170,17 +170,6 @@ udf_mount(struct mount *mp, const char *path, void *data, return (ENXIO); } - /* Check the access rights on the mount device */ - if (p->p_ucred->cr_uid) { - vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); - error = VOP_ACCESS(devvp, VREAD, p->p_ucred, p); - VOP_UNLOCK(devvp, p); - if (error) { - vrele(devvp); - return (error); - } - } - if ((error = udf_mountfs(devvp, mp, args.lastblock, p))) { vrele(devvp); return (error); diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index f82c286f652..6767229283d 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sysctl.c,v 1.308 2016/09/04 09:22:29 mpi Exp $ */ +/* $OpenBSD: kern_sysctl.c,v 1.309 2016/09/07 17:30:12 natano Exp $ */ /* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */ /*- @@ -414,10 +414,6 @@ kern_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, return (sysctl_int(oldp, oldlenp, newp, newlen, &somaxconn)); case KERN_SOMINCONN: return (sysctl_int(oldp, oldlenp, newp, newlen, &sominconn)); - case KERN_USERMOUNT: { - int usermount = 0; - return (sysctl_rdint(oldp, oldlenp, newp, usermount)); - } case KERN_ARND: { char buf[512]; diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 14d22ad9395..7dff979111e 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.263 2016/07/14 15:39:40 deraadt Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.264 2016/09/07 17:30:12 natano Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -110,7 +110,6 @@ sys_mount(struct proc *p, void *v, register_t *retval) int error, mntflag = 0; char fstypename[MFSNAMELEN]; char fspath[MNAMELEN]; - struct vattr va; struct nameidata nd; struct vfsconf *vfsp; int flags = SCARG(uap, flags); @@ -150,29 +149,6 @@ sys_mount(struct proc *p, void *v, register_t *retval) return (EOPNOTSUPP); /* Needs translation */ } - /* - * Only root, or the user that did the original mount is - * permitted to update it. - */ - if (mp->mnt_stat.f_owner != p->p_ucred->cr_uid && - (error = suser(p, 0))) { - vput(vp); - return (error); - } - /* - * Do not allow NFS export by non-root users. Silently - * enforce MNT_NOSUID and MNT_NODEV for non-root users, and - * inherit MNT_NOEXEC from the mount point. - */ - if (suser(p, 0) != 0) { - if (flags & MNT_EXPORTED) { - vput(vp); - return (EPERM); - } - flags |= MNT_NOSUID | MNT_NODEV; - if (mntflag & MNT_NOEXEC) - flags |= MNT_NOEXEC; - } if ((error = vfs_busy(mp, VB_READ|VB_NOWAIT)) != 0) { vput(vp); return (error); @@ -180,30 +156,6 @@ sys_mount(struct proc *p, void *v, register_t *retval) mp->mnt_flag |= flags & (MNT_RELOAD | MNT_UPDATE); goto update; } - /* - * If the user is not root, ensure that they own the directory - * onto which we are attempting to mount. - */ - if ((error = VOP_GETATTR(vp, &va, p->p_ucred, p)) || - (va.va_uid != p->p_ucred->cr_uid && - (error = suser(p, 0)))) { - vput(vp); - return (error); - } - /* - * Do not allow NFS export by non-root users. Silently - * enforce MNT_NOSUID and MNT_NODEV for non-root users, and inherit - * MNT_NOEXEC from the mount point. - */ - if (suser(p, 0) != 0) { - if (flags & MNT_EXPORTED) { - vput(vp); - return (EPERM); - } - flags |= MNT_NOSUID | MNT_NODEV; - if (vp->v_mount->mnt_flag & MNT_NOEXEC) - flags |= MNT_NOEXEC; - } if ((error = vinvalbuf(vp, V_SAVE, p->p_ucred, p, 0, 0)) != 0) { vput(vp); return (error); @@ -374,6 +326,9 @@ sys_unmount(struct proc *p, void *v, register_t *retval) int error; struct nameidata nd; + if ((error = suser(p, 0)) != 0) + return (error); + NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, SCARG(uap, path), p); if ((error = namei(&nd)) != 0) @@ -382,16 +337,6 @@ sys_unmount(struct proc *p, void *v, register_t *retval) mp = vp->v_mount; /* - * Only root, or the user that did the original mount is - * permitted to unmount this filesystem. - */ - if ((mp->mnt_stat.f_owner != p->p_ucred->cr_uid) && - (error = suser(p, 0))) { - vput(vp); - return (error); - } - - /* * Don't allow unmounting the root file system. */ if (mp->mnt_flag & MNT_ROOTFS) { diff --git a/sys/msdosfs/msdosfs_vfsops.c b/sys/msdosfs/msdosfs_vfsops.c index 94724f51159..417640da1db 100644 --- a/sys/msdosfs/msdosfs_vfsops.c +++ b/sys/msdosfs/msdosfs_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: msdosfs_vfsops.c,v 1.79 2016/08/13 20:53:17 guenther Exp $ */ +/* $OpenBSD: msdosfs_vfsops.c,v 1.80 2016/09/07 17:30:12 natano Exp $ */ /* $NetBSD: msdosfs_vfsops.c,v 1.48 1997/10/18 02:54:57 briggs Exp $ */ /*- @@ -106,7 +106,6 @@ msdosfs_mount(struct mount *mp, const char *path, void *data, char fname[MNAMELEN]; char fspec[MNAMELEN]; int error, flags; - mode_t accessmode; error = copyin(data, &args, sizeof(struct msdosfs_args)); if (error) @@ -138,22 +137,9 @@ msdosfs_mount(struct mount *mp, const char *path, void *data, if (error) return (error); if ((pmp->pm_flags & MSDOSFSMNT_RONLY) && - (mp->mnt_flag & MNT_WANTRDWR)) { - /* - * If upgrade to read-write by non-root, then verify - * that user has necessary permissions on the device. - */ - if (suser(p, 0) != 0) { - devvp = pmp->pm_devvp; - vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); - error = VOP_ACCESS(devvp, VREAD | VWRITE, - p->p_ucred, p); - VOP_UNLOCK(devvp, p); - if (error) - return (error); - } + (mp->mnt_flag & MNT_WANTRDWR)) pmp->pm_flags &= ~MSDOSFSMNT_RONLY; - } + if (args.fspec == NULL) { #ifdef __notyet__ /* doesn't work correctly with current mountd XXX */ if (args.flags & MSDOSFSMNT_MNTOPT) { @@ -197,21 +183,6 @@ msdosfs_mount(struct mount *mp, const char *path, void *data, goto error_devvp; } - /* - * If mount by non-root, then verify that user has necessary - * permissions on the device. - */ - if (suser(p, 0) != 0) { - accessmode = VREAD; - if ((mp->mnt_flag & MNT_RDONLY) == 0) - accessmode |= VWRITE; - vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); - error = VOP_ACCESS(devvp, accessmode, p->p_ucred, p); - VOP_UNLOCK(devvp, p); - if (error) - goto error_devvp; - } - if ((mp->mnt_flag & MNT_UPDATE) == 0) error = msdosfs_mountfs(devvp, mp, p, &args); else { diff --git a/sys/ntfs/ntfs_vfsops.c b/sys/ntfs/ntfs_vfsops.c index 5c56fbb94cb..8949522f0a2 100644 --- a/sys/ntfs/ntfs_vfsops.c +++ b/sys/ntfs/ntfs_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntfs_vfsops.c,v 1.54 2016/09/01 08:40:39 natano Exp $ */ +/* $OpenBSD: ntfs_vfsops.c,v 1.55 2016/09/07 17:30:12 natano Exp $ */ /* $NetBSD: ntfs_vfsops.c,v 1.7 2003/04/24 07:50:19 christos Exp $ */ /*- @@ -187,18 +187,6 @@ ntfs_mount(struct mount *mp, const char *path, void *data, goto error_2; } - /* - * If we are not root, make sure we have permission to access the - * requested device. - */ - if (p->p_ucred->cr_uid) { - vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); - err = VOP_ACCESS(devvp, VREAD, p->p_ucred, p); - VOP_UNLOCK(devvp, p); - if (err) - goto error_2; - } - if (mp->mnt_flag & MNT_UPDATE) { #if 0 /* diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h index d66d7d5aa26..5ed11410e38 100644 --- a/sys/sys/sysctl.h +++ b/sys/sys/sysctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sysctl.h,v 1.164 2016/09/04 09:22:29 mpi Exp $ */ +/* $OpenBSD: sysctl.h,v 1.165 2016/09/07 17:30:12 natano Exp $ */ /* $NetBSD: sysctl.h,v 1.16 1996/04/09 20:55:36 cgd Exp $ */ /* @@ -130,7 +130,7 @@ struct ctlname { #define KERN_OSVERSION 27 /* string: kernel build version */ #define KERN_SOMAXCONN 28 /* int: listen queue maximum */ #define KERN_SOMINCONN 29 /* int: half-open controllable param */ -#define KERN_USERMOUNT 30 /* int: users may mount filesystems */ +/* was KERN_USERMOUNT 30 */ /* was KERN_RND 31 */ #define KERN_NOSUIDCOREDUMP 32 /* int: no setuid coredumps ever */ #define KERN_FSYNC 33 /* int: file synchronization support */ @@ -217,7 +217,7 @@ struct ctlname { { "osversion", CTLTYPE_STRING }, \ { "somaxconn", CTLTYPE_INT }, \ { "sominconn", CTLTYPE_INT }, \ - { "usermount", CTLTYPE_INT }, \ + { "gap", 0 }, \ { "random", CTLTYPE_STRUCT }, \ { "nosuidcoredump", CTLTYPE_INT }, \ { "fsync", CTLTYPE_INT }, \ diff --git a/sys/ufs/ext2fs/ext2fs_vfsops.c b/sys/ufs/ext2fs/ext2fs_vfsops.c index 3defd085d0e..67a77037fa7 100644 --- a/sys/ufs/ext2fs/ext2fs_vfsops.c +++ b/sys/ufs/ext2fs/ext2fs_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ext2fs_vfsops.c,v 1.95 2016/08/13 21:28:09 guenther Exp $ */ +/* $OpenBSD: ext2fs_vfsops.c,v 1.96 2016/09/07 17:30:12 natano Exp $ */ /* $NetBSD: ext2fs_vfsops.c,v 1.1 1997/06/11 09:34:07 bouyer Exp $ */ /* @@ -170,7 +170,6 @@ ext2fs_mount(struct mount *mp, const char *path, void *data, char fname[MNAMELEN]; char fspec[MNAMELEN]; int error, flags; - mode_t accessmode; error = copyin(data, &args, sizeof(struct ufs_args)); if (error) @@ -204,19 +203,6 @@ ext2fs_mount(struct mount *mp, const char *path, void *data, return (error); } if (fs->e2fs_ronly && (mp->mnt_flag & MNT_WANTRDWR)) { - /* - * If upgrade to read-write by non-root, then verify - * that user has necessary permissions on the device. - */ - if (suser(p, 0) != 0) { - devvp = ump->um_devvp; - vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); - error = VOP_ACCESS(devvp, VREAD | VWRITE, - p->p_ucred, p); - VOP_UNLOCK(devvp, p); - if (error) - return (error); - } fs->e2fs_ronly = 0; if (fs->e2fs.e2fs_state == E2FS_ISCLEAN) fs->e2fs.e2fs_state = 0; @@ -256,20 +242,6 @@ ext2fs_mount(struct mount *mp, const char *path, void *data, error = ENXIO; goto error_devvp; } - /* - * If mount by non-root, then verify that user has necessary - * permissions on the device. - */ - if (suser(p, 0) != 0) { - accessmode = VREAD; - if ((mp->mnt_flag & MNT_RDONLY) == 0) - accessmode |= VWRITE; - vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); - error = VOP_ACCESS(devvp, accessmode, p->p_ucred, p); - VOP_UNLOCK(devvp, p); - if (error) - goto error_devvp; - } if ((mp->mnt_flag & MNT_UPDATE) == 0) error = ext2fs_mountfs(devvp, mp, p); else { diff --git a/sys/ufs/ffs/ffs_vfsops.c b/sys/ufs/ffs/ffs_vfsops.c index 7fb60f34bb7..79f9803cd52 100644 --- a/sys/ufs/ffs/ffs_vfsops.c +++ b/sys/ufs/ffs/ffs_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ffs_vfsops.c,v 1.162 2016/08/13 21:28:09 guenther Exp $ */ +/* $OpenBSD: ffs_vfsops.c,v 1.163 2016/09/07 17:30:13 natano Exp $ */ /* $NetBSD: ffs_vfsops.c,v 1.19 1996/02/09 22:22:26 christos Exp $ */ /* @@ -213,7 +213,6 @@ ffs_mount(struct mount *mp, const char *path, void *data, char fspec[MNAMELEN]; int error = 0, flags; int ronly; - mode_t accessmode; error = copyin(data, &args, sizeof(struct ufs_args)); if (error) @@ -305,19 +304,6 @@ ffs_mount(struct mount *mp, const char *path, void *data, goto error_1; if (ronly && (mp->mnt_flag & MNT_WANTRDWR)) { - /* - * If upgrade to read-write by non-root, then verify - * that user has necessary permissions on the device. - */ - if (suser(p, 0)) { - vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); - error = VOP_ACCESS(devvp, VREAD | VWRITE, - p->p_ucred, p); - VOP_UNLOCK(devvp, p); - if (error) - goto error_1; - } - if (fs->fs_clean == 0) { #if 0 /* @@ -396,21 +382,6 @@ ffs_mount(struct mount *mp, const char *path, void *data, goto error_2; } - /* - * If mount by non-root, then verify that user has necessary - * permissions on the device. - */ - if (suser(p, 0)) { - accessmode = VREAD; - if ((mp->mnt_flag & MNT_RDONLY) == 0) - accessmode |= VWRITE; - vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); - error = VOP_ACCESS(devvp, accessmode, p->p_ucred, p); - VOP_UNLOCK(devvp, p); - if (error) - goto error_2; - } - if (mp->mnt_flag & MNT_UPDATE) { /* * UPDATE |