libtrivfs: fix notion of privileged user

Set 'is_root' if the node has been opened by the root user (this was the old behavior) or if it has been opened by the user the translator is executing under. This fixes the irritating bug that an unprivileged user cannot control her own trivfs-based translators. It does not change how privileged trivfs translators work. * libtrivfs/io-reauthenticate.c (trivfs_S_io_reauthenticate): Use the new function to compute 'isroot'. * libtrivfs/io-restrict-auth.c (trivfs_S_io_restrict_auth): Likewise. * libtrivfs/open.c (trivfs_open): Likewise. * libtrivfs/priv.h (_is_privileged): New function. * libtrivfs/trivfs.h (struct peropen): Clarify what 'isroot' means.
author: Justus Winter <justus@gnupg.org> 2016-04-25 01:38:45 +0200
committer: Justus Winter <justus@gnupg.org> 2016-04-26 14:49:46 +0200
commit: 94ce9fa4c443ec9a0e6ecc92cb6b07534c321c75 (patch)
tree: c648e34b5b21eed772bb1d8920b30ac59f34d04b /libtrivfs/io-reauthenticate.c
parent: d67a86c9690c2a9984ca6e9f3c376956495897f4 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/libtrivfs/io-reauthenticate.c b/libtrivfs/io-reauthenticate.c
index 35775e57..72684e35 100644
--- a/libtrivfs/io-reauthenticate.c
+++ b/libtrivfs/io-reauthenticate.c
@@ -59,8 +59,7 @@ trivfs_S_io_reauthenticate (struct trivfs_protid *cred,
     return err;
 
   mach_port_deallocate (mach_task_self (), newright);
-  if (idvec_contains (newcred->user->uids, 0))
-    newcred->isroot = 1;
+  newcred->isroot = _is_privileged (newcred->user->uids);
 
   newcred->hook = cred->hook;
   newcred->po = cred->po;
author	Justus Winter <justus@gnupg.org>	2016-04-25 01:38:45 +0200
committer	Justus Winter <justus@gnupg.org>	2016-04-26 14:49:46 +0200
commit	94ce9fa4c443ec9a0e6ecc92cb6b07534c321c75 (patch)
tree	c648e34b5b21eed772bb1d8920b30ac59f34d04b /libtrivfs/io-reauthenticate.c
parent	d67a86c9690c2a9984ca6e9f3c376956495897f4 (diff)