PR 13128: Backward compatibility for stapusr and stapdev level modules.

If no privilege credentials are passed to the module, we can assume that
the module was loaded directly by a root level user (insmod) or by an
older version of staprun (less than 1.7). In the latter case, if the module
requires stapusr or stapdev credentials, we can assume that staprun did the
right thing and that the module is safe to run. Otherwise, the required
privilege level is unknown to the old staprun and we must abort.

diff --git a/translate.cxx b/translate.cxx
index b474f8712f2f3d2deb8df6a3219dfb5fff229388..a26d8994ca05217e0a1772baa8d07cb41a6b26a0 100644 (file)
--- a/translate.cxx
+++ b/translate.cxx
@@ -1566,22 +1566,31 @@ c_unparser::emit_module_init ()
 
   // Perform checking on the user's credentials vs those required to load/run this module.
   o->newline() << "if (_stp_privilege_credentials == 0) {";
-  o->newline(1) << "_stp_privilege_credentials = STP_PR_LOWEST;";
+  o->newline(1) << "if (STP_PRIVILEGE_CONTAINS(STP_PRIVILEGE, STP_PR_STAPDEV) ||";
+  o->newline() << "    STP_PRIVILEGE_CONTAINS(STP_PRIVILEGE, STP_PR_STAPUSR)) {";
+  o->newline(1) << "_stp_privilege_credentials = STP_PRIVILEGE;";
   o->newline() << "#ifdef DEBUG_PRIVILEGE";
-  o->newline() << "_dbug(\"User's privilege credentials default to %s\\n\",";
+  o->newline(1) << "_dbug(\"User's privilege credentials default to %s\\n\",";
   o->newline() << "      privilege_to_text(_stp_privilege_credentials));";
-  o->newline() << "#endif";
+  o->newline(-1) << "#endif";
   o->newline(-1) << "}";
-  o->newline() << "#ifdef DEBUG_PRIVILEGE";
-  o->newline() << "else";
+  o->newline() << "else {";
+  o->newline(1) << "_stp_error (\"Unable to verify that you have the required privilege credentials to run this module (%s required). You must use staprun version 1.7 or higher.\",";
+  o->newline() << "            privilege_to_text(STP_PRIVILEGE));";
+  o->newline() << "rc = -EINVAL;";
+  o->newline(-1) << "}";
+  o->newline(-1) << "}";
+  o->newline() << "else {";
+  o->newline(1) << "#ifdef DEBUG_PRIVILEGE";
   o->newline(1) << "_dbug(\"User's privilege credentials provided as %s\\n\",";
   o->newline() << "      privilege_to_text(_stp_privilege_credentials));";
   o->newline(-1) << "#endif";
   o->newline() << "if (! STP_PRIVILEGE_CONTAINS(_stp_privilege_credentials, STP_PRIVILEGE)) {";
-  o->newline(1) << "_stp_error (\"Your privilege credentials (%s) are unsufficient to run this module (%s required)\",";
+  o->newline(1) << "_stp_error (\"Your privilege credentials (%s) are unsufficient to run this module (%s required).\",";
   o->newline () << "            privilege_to_text(_stp_privilege_credentials), privilege_to_text(STP_PRIVILEGE));";
   o->newline() << "rc = -EINVAL;";
   o->newline(-1) << "}";
+  o->newline(-1) << "}";
 
   o->newline(-1) << "}";