diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-06-12 00:12:01 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-06-12 00:12:01 +0000 |
commit | 00b02345d424dac8a490ff28ff75fd9386196583 (patch) | |
tree | c439df85bebf079d07319c231d64ac481577b036 /sys/fs | |
parent | e93b04c2868ee901613297bfbd90ff9990d8300e (diff) | |
download | FreeBSD-src-00b02345d424dac8a490ff28ff75fd9386196583.zip FreeBSD-src-00b02345d424dac8a490ff28ff75fd9386196583.tar.gz |
Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in
some cases, move to priv_check() if it was an operation on a thread and
no other flags were present.
Eliminate caller-side jail exception checking (also now-unused); jail
privilege exception code now goes solely in kern_jail.c.
We can't yet eliminate suser() due to some cases in the KAME code where
a privilege check is performed and then used in many different deferred
paths. Do, however, move those prototypes to priv.h.
Reviewed by: csjp
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/fs')
-rw-r--r-- | sys/fs/devfs/devfs_vnops.c | 6 | ||||
-rw-r--r-- | sys/fs/msdosfs/msdosfs_vnops.c | 12 | ||||
-rw-r--r-- | sys/fs/procfs/procfs_ioctl.c | 3 |
3 files changed, 7 insertions, 14 deletions
diff --git a/sys/fs/devfs/devfs_vnops.c b/sys/fs/devfs/devfs_vnops.c index d6c3232..0acf99b 100644 --- a/sys/fs/devfs/devfs_vnops.c +++ b/sys/fs/devfs/devfs_vnops.c @@ -1160,8 +1160,7 @@ devfs_setattr(struct vop_setattr_args *ap) if (uid != de->de_uid || gid != de->de_gid) { if ((ap->a_cred->cr_uid != de->de_uid) || uid != de->de_uid || (gid != de->de_gid && !groupmember(gid, ap->a_cred))) { - error = priv_check_cred(ap->a_td->td_ucred, - PRIV_VFS_CHOWN, SUSER_ALLOWJAIL); + error = priv_check(ap->a_td, PRIV_VFS_CHOWN); if (error) return (error); } @@ -1172,8 +1171,7 @@ devfs_setattr(struct vop_setattr_args *ap) if (vap->va_mode != (mode_t)VNOVAL) { if (ap->a_cred->cr_uid != de->de_uid) { - error = priv_check_cred(ap->a_td->td_ucred, - PRIV_VFS_ADMIN, SUSER_ALLOWJAIL); + error = priv_check(ap->a_td, PRIV_VFS_ADMIN); if (error) return (error); } diff --git a/sys/fs/msdosfs/msdosfs_vnops.c b/sys/fs/msdosfs/msdosfs_vnops.c index 33e5292..3231267 100644 --- a/sys/fs/msdosfs/msdosfs_vnops.c +++ b/sys/fs/msdosfs/msdosfs_vnops.c @@ -408,8 +408,7 @@ msdosfs_setattr(ap) if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid) { - error = priv_check_cred(cred, PRIV_VFS_ADMIN, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0); if (error) return (error); } @@ -426,8 +425,7 @@ msdosfs_setattr(ap) * sensible filesystem attempts it a lot. */ if (vap->va_flags & SF_SETTABLE) { - error = priv_check_cred(cred, PRIV_VFS_SYSFLAGS, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0); if (error) return (error); } @@ -454,8 +452,7 @@ msdosfs_setattr(ap) gid = pmp->pm_gid; if (cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid || (gid != pmp->pm_gid && !groupmember(gid, cred))) { - error = priv_check_cred(cred, PRIV_VFS_CHOWN, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0); if (error) return (error); } @@ -520,8 +517,7 @@ msdosfs_setattr(ap) if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid) { - error = priv_check_cred(cred, PRIV_VFS_ADMIN, - SUSER_ALLOWJAIL); + error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0); if (error) return (error); } diff --git a/sys/fs/procfs/procfs_ioctl.c b/sys/fs/procfs/procfs_ioctl.c index bd003e0..ccff555 100644 --- a/sys/fs/procfs/procfs_ioctl.c +++ b/sys/fs/procfs/procfs_ioctl.c @@ -114,8 +114,7 @@ procfs_ioctl(PFS_IOCTL_ARGS) * p_candebug() should implement it, or other checks * are missing. */ - error = priv_check_cred(td->td_ucred, - PRIV_DEBUG_SUGID, SUSER_ALLOWJAIL); + error = priv_check(td, PRIV_DEBUG_SUGID); if (error) break; } |