quotactl permissions

[Emmanuel Dreyfus <manu%netbsd.org@localhost>]

Hi

I discovered that quotactl will return EPERM when reasing quota for 
a given uid, while process real UID is root, which is a bit surprising.

Attached is a test case. The problem happens on 6.0_RC1. Can we call
it a bug?

The code that handle authorization is here:
sys/ufs/ufs/ufs_vfsops.c:quota_get_auth()

/* XXX shouldn't all this be in kauth ? */
static int
quota_get_auth(struct mount *mp, struct lwp *l, uid_t id) {
        /* The user can always query about his own quota. */
        if (id == kauth_cred_getuid(l->l_cred))
                return 0;
        return kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
            KAUTH_REQ_SYSTEM_FS_QUOTA_GET, mp, KAUTH_ARG(id), NULL);
}

I am far from being a kauth expert, therefore I have trouble to
parse the above kauth_authorize_system() call. I understand it should
authorized root and it does not. Any hint on how to fix it?



-- 
Emmanuel Dreyfus
manu%netbsd.org@localhost

#include <stdio.h>
#include <err.h>
#include <sysexits.h>
#include <sys/types.h>
#include <ufs/ufs/quota.h>

int
main(void) 
{
        struct dqblk quota;
        int type = USRQUOTA;
        uid_t uid = 8511;
        
        setuid(0);
        seteuid(uid);

        if (quotactl("/mail", QCMD(Q_GETQUOTA, type), uid, &quota) != 0)
                err(EX_OSERR, "quotactl failed");
        
        return EX_OK;
}