diff options
| author | Charley Wang <chwang@redhat.com> | 2009-10-06 10:26:36 -0400 |
|---|---|---|
| committer | Frank Ch. Eigler <fche@elastic.org> | 2009-10-06 10:26:36 -0400 |
| commit | 2155081e1d9888cf57334bc57abb3fff9b49d8e1 (patch) | |
| tree | fdc7a44fe9ecc630c9c1c938b777c1c461919f6e /runtime/staprun/staprun_funcs.c | |
| parent | e82cb6e94e5028637bdf0eedc0f6035139629a90 (diff) | |
| download | systemtap-steved-2155081e1d9888cf57334bc57abb3fff9b49d8e1.tar.gz systemtap-steved-2155081e1d9888cf57334bc57abb3fff9b49d8e1.tar.xz systemtap-steved-2155081e1d9888cf57334bc57abb3fff9b49d8e1.zip | |
PR10724: staprun: simplify permissions checking logic
Pending advice from Frank and Dave, changed check_permission to return void and
renamed it to assert_permission. assert_permission simply returns if
permissions are okay, and calls exit(-1) if there are any permissions errors.
Diffstat (limited to 'runtime/staprun/staprun_funcs.c')
| -rw-r--r-- | runtime/staprun/staprun_funcs.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c index 6ef96111..e4ccc8da 100644 --- a/runtime/staprun/staprun_funcs.c +++ b/runtime/staprun/staprun_funcs.c @@ -23,7 +23,7 @@ #include <assert.h> extern long init_module(void *, unsigned long, const char *); -static int check_permissions(const void *, off_t); +static void assert_permissions(const void *, off_t); /* Module errors get translated. */ const char *moderror(int err) @@ -112,10 +112,10 @@ int insert_module(const char *path, const char *special_options, char **options) return -1; } - /* Check whether this module can be loaded by the current user. */ - ret = check_permissions (file, sbuf.st_size); - if (ret != 1) - return -1; + /* Check whether this module can be loaded by the current user. + * check_permissions will exit(-1) if permissions are insufficient*/ + assert_permissions (file, sbuf.st_size); + STAP_PROBE1(staprun, insert__module, path); /* Actually insert the module */ @@ -448,7 +448,7 @@ check_groups (void) * * Returns: -1 on errors, 0 on failure, 1 on success. */ -int check_permissions( +void assert_permissions( const void *module_data __attribute__ ((unused)), off_t module_size __attribute__ ((unused)) ) { @@ -460,7 +460,7 @@ int check_permissions( if the module has been tampered with (altered). */ check_signature_rc = check_signature (module_data, module_size); if (check_signature_rc == MODULE_ALTERED) - return 0; + exit(-1); #endif /* If we're root, we can do anything. */ @@ -477,20 +477,20 @@ int check_permissions( err("WARNING: couldn't set staprun GID to '%s': %s", env_id, strerror(errno)); - return 1; + return; } /* Check permissions for group membership. */ check_groups_rc = check_groups (); if (check_groups_rc == 1) - return 1; + return; /* The user is an ordinary user. If the module has been signed with * an authorized certificate and private key, then we will load it for * anyone. */ #if HAVE_NSS if (check_signature_rc == MODULE_OK) - return 1; + return; assert (check_signature_rc == MODULE_UNTRUSTED || check_signature_rc == MODULE_CHECK_ERROR); #endif @@ -509,5 +509,5 @@ int check_permissions( #endif /* Combine the return codes. They are either 0 or -1. */ - return check_groups_rc | check_signature_rc; + exit(-1); } |