Change the suser() API to take advantage of td_ucred as well as do a

general cleanup of the API.  The entire API now consists of two functions
similar to the pre-KSE API.  The suser() function takes a thread pointer
as its only argument.  The td_ucred member of this thread must be valid
so the only valid thread pointers are curthread and a few kernel threads
such as thread0.  The suser_cred() function takes a pointer to a struct
ucred as its first argument and an integer flag as its second argument.
The flag is currently only used for the PRISON_ROOT flag.

Discussed on:	smp@

16 files changed, 25 insertions, 26 deletions

diff --git a/sys/i386/i386/machdep.c b/sys/i386/i386/machdep.c
index 6617f17..485a69e 100644
--- a/sys/i386/i386/machdep.c
+++ b/sys/i386/i386/machdep.c
@@ -2140,7 +2140,7 @@ set_dbregs(struct thread *td, struct dbreg *dbregs)
 		 * from within kernel mode?
 		 */
 
-		if (suser_td(td) != 0) {
+		if (suser(td) != 0) {
 			if (dbregs->dr7 & 0x3) {
 				/* dr0 is enabled */
 				if (dbregs->dr0 >= VM_MAXUSER_ADDRESS)
diff --git a/sys/i386/i386/mem.c b/sys/i386/i386/mem.c
index 94851fd..220bad3 100644
--- a/sys/i386/i386/mem.c
+++ b/sys/i386/i386/mem.c
@@ -122,7 +122,7 @@ mmopen(dev_t dev, int flags, int fmt, struct thread *td)
 		}
 		break;
 	case 14:
-		error = suser_td(td);
+		error = suser(td);
 		if (error != 0)
 			return (error);
 		error = securelevel_gt(td->td_ucred, 0);
diff --git a/sys/i386/i386/sys_machdep.c b/sys/i386/i386/sys_machdep.c
index b039b51..c756be7 100644
--- a/sys/i386/i386/sys_machdep.c
+++ b/sys/i386/i386/sys_machdep.c
@@ -183,7 +183,7 @@ i386_set_ioperm(td, args)
 	if ((error = copyin(args, &ua, sizeof(struct i386_ioperm_args))) != 0)
 		return (error);
 
-	if ((error = suser_td(td)) != 0)
+	if ((error = suser(td)) != 0)
 		return (error);
 	if ((error = securelevel_gt(td->td_ucred, 0)) != 0)
 		return (error);
diff --git a/sys/i386/i386/vm86.c b/sys/i386/i386/vm86.c
index 6a85718..fef6a00 100644
--- a/sys/i386/i386/vm86.c
+++ b/sys/i386/i386/vm86.c
@@ -659,7 +659,6 @@ vm86_sysarch(td, args)
 	struct thread *td;
 	char *args;
 {
-	struct proc *p = td->td_proc;
 	int error = 0;
 	struct i386_vm86_args ua;
 	struct vm86_kernel *vm86;
@@ -716,7 +715,7 @@ vm86_sysarch(td, args)
 	case VM86_INTCALL: {
 		struct vm86_intcall_args sa;
 
-		if ((error = suser(p)))
+		if ((error = suser(td)))
 			return (error);
 		if ((error = copyin(ua.sub_args, &sa, sizeof(sa))))
 			return (error);
diff --git a/sys/i386/ibcs2/ibcs2_misc.c b/sys/i386/ibcs2/ibcs2_misc.c
index 3be77c8..7274ea7 100644
--- a/sys/i386/ibcs2/ibcs2_misc.c
+++ b/sys/i386/ibcs2/ibcs2_misc.c
@@ -1013,7 +1013,7 @@ ibcs2_plock(td, uap)
 #define IBCS2_DATALOCK	4
 
 	
-        if ((error = suser_td(td)) != 0)
+        if ((error = suser(td)) != 0)
                 return EPERM;
 	switch(SCARG(uap, cmd)) {
 	case IBCS2_UNLOCK:
@@ -1048,7 +1048,7 @@ ibcs2_uadmin(td, uap)
 #define SCO_AD_GETBMAJ      0
 #define SCO_AD_GETCMAJ      1
 
-        if (suser_td(td))
+        if (suser(td))
                 return EPERM;
 
 	switch(SCARG(uap, cmd)) {
diff --git a/sys/i386/ibcs2/ibcs2_socksys.c b/sys/i386/ibcs2/ibcs2_socksys.c
index 0bd14d6..4c0774e 100644
--- a/sys/i386/ibcs2/ibcs2_socksys.c
+++ b/sys/i386/ibcs2/ibcs2_socksys.c
@@ -173,7 +173,7 @@ ibcs2_setipdomainname(td, uap)
 	char hname[MAXHOSTNAMELEN], *ptr;
 	int error, sctl[2], hlen;
 
-	if ((error = suser_td(td)))
+	if ((error = suser(td)))
 		return (error);
 
 	/* W/out a hostname a domain-name is nonsense */
diff --git a/sys/i386/ibcs2/ibcs2_sysi86.c b/sys/i386/ibcs2/ibcs2_sysi86.c
index ae5215f..19a7917 100644
--- a/sys/i386/ibcs2/ibcs2_sysi86.c
+++ b/sys/i386/ibcs2/ibcs2_sysi86.c
@@ -73,7 +73,7 @@ ibcs2_sysi86(struct thread *td, struct ibcs2_sysi86_args *args)
 	        int name[2];
 	        int error;
 
-		if ((error = suser_td(td)))
+		if ((error = suser(td)))
 		  return (error);
 		name[0] = CTL_KERN;
 		name[1] = KERN_HOSTNAME;
diff --git a/sys/i386/isa/cx.c b/sys/i386/isa/cx.c
index e9817d0..7809476 100644
--- a/sys/i386/isa/cx.c
+++ b/sys/i386/isa/cx.c
@@ -162,7 +162,7 @@ int cxopen (dev_t dev, int flag, int mode, struct thread *td)
 	tp = c->ttyp;
 	tp->t_dev = dev;
 	if ((tp->t_state & TS_ISOPEN) && (tp->t_state & TS_XCLUDE) &&
-	    suser_td(td))
+	    suser(td))
 		return (EBUSY);
 	if (! (tp->t_state & TS_ISOPEN)) {
 		ttychars (tp);
diff --git a/sys/i386/isa/cy.c b/sys/i386/isa/cy.c
index dc523c2..f42bdb3 100644
--- a/sys/i386/isa/cy.c
+++ b/sys/i386/isa/cy.c
@@ -718,7 +718,7 @@ open_top:
 			}
 		}
 		if (tp->t_state & TS_XCLUDE &&
-		    suser_td(td)) {
+		    suser(td)) {
 			error = EBUSY;
 			goto out;
 		}
@@ -1637,7 +1637,7 @@ sioioctl(dev, cmd, data, flag, td)
 		}
 		switch (cmd) {
 		case TIOCSETA:
-			error = suser_td(td);
+			error = suser(td);
 			if (error != 0)
 				return (error);
 			*ct = *(struct termios *)data;
@@ -1736,7 +1736,7 @@ sioioctl(dev, cmd, data, flag, td)
 		break;
 	case TIOCMSDTRWAIT:
 		/* must be root since the wait applies to following logins */
-		error = suser_td(td);
+		error = suser(td);
 		if (error != 0) {
 			splx(s);
 			return (error);
diff --git a/sys/i386/isa/istallion.c b/sys/i386/isa/istallion.c
index 0b95211..d56a294 100644
--- a/sys/i386/isa/istallion.c
+++ b/sys/i386/isa/istallion.c
@@ -1010,7 +1010,7 @@ stliopen_restart:
 			}
 		}
 		if ((tp->t_state & TS_XCLUDE) &&
-		    suser_td(td)) {
+		    suser(td)) {
 			error = EBUSY;
 			goto stliopen_end;
 		}
@@ -1182,7 +1182,7 @@ STATIC int stliioctl(dev_t dev, unsigned long cmd, caddr_t data, int flag,
 
 		switch (cmd) {
 		case TIOCSETA:
-			if ((error = suser_td(td)) == 0)
+			if ((error = suser(td)) == 0)
 				*localtios = *((struct termios *) data);
 			break;
 		case TIOCGETA:
@@ -1318,7 +1318,7 @@ STATIC int stliioctl(dev_t dev, unsigned long cmd, caddr_t data, int flag,
 		*((int *) data) = (portp->sigs | TIOCM_LE);
 		break;
 	case TIOCMSDTRWAIT:
-		if ((error = suser_td(td)) == 0)
+		if ((error = suser(td)) == 0)
 			portp->dtrwait = *((int *) data) * hz / 100;
 		break;
 	case TIOCMGDTRWAIT:
diff --git a/sys/i386/isa/pcvt/pcvt_drv.c b/sys/i386/isa/pcvt/pcvt_drv.c
index 3b0a64f..ffbba2c 100644
--- a/sys/i386/isa/pcvt/pcvt_drv.c
+++ b/sys/i386/isa/pcvt/pcvt_drv.c
@@ -316,7 +316,7 @@ pcvt_open(dev_t dev, int flag, int mode, struct thread *td)
 		(*linesw[tp->t_line].l_modem)(tp, 1);	/* fake connection */
 		winsz = 1;			/* set winsize later */
 	}
-	else if (tp->t_state & TS_XCLUDE && suser_td(td))
+	else if (tp->t_state & TS_XCLUDE && suser(td))
 	{
 		return (EBUSY);
 	}
diff --git a/sys/i386/isa/pcvt/pcvt_ext.c b/sys/i386/isa/pcvt/pcvt_ext.c
index afa1380..ad0ea38 100644
--- a/sys/i386/isa/pcvt/pcvt_ext.c
+++ b/sys/i386/isa/pcvt/pcvt_ext.c
@@ -2619,7 +2619,7 @@ usl_vt_ioctl(dev_t dev, int cmd, caddr_t data, int flag, struct thread *td)
 	{
 		struct trapframe *fp = td->td_frame;
 
-		error = suser_td(td);
+		error = suser(td);
 		if (error != 0)
 			return (error);
 		error = securelevel_gt(td->td_ucred, 0);
diff --git a/sys/i386/isa/rc.c b/sys/i386/isa/rc.c
index 43f77f9..291c0e2 100644
--- a/sys/i386/isa/rc.c
+++ b/sys/i386/isa/rc.c
@@ -764,7 +764,7 @@ again:
 			}
 		}
 		if (tp->t_state & TS_XCLUDE &&
-		    suser_td(td)) {
+		    suser(td)) {
 			error = EBUSY;
 			goto out;
 		}
@@ -1118,7 +1118,7 @@ struct thread  *td;
 		break;
 
 	    case TIOCMSDTRWAIT:
-		error = suser_td(td);
+		error = suser(td);
 		if (error != 0) {
 			splx(s);
 			return (error);
diff --git a/sys/i386/isa/spigot.c b/sys/i386/isa/spigot.c
index cc51b18..bc6df62 100644
--- a/sys/i386/isa/spigot.c
+++ b/sys/i386/isa/spigot.c
@@ -175,7 +175,7 @@ struct	spigot_softc	*ss = (struct spigot_softc *)&spigot_softc[UNIT(dev)];
 	 * require sufficient privilege soon and nothing much can be done
 	 * without them.
 	 */
-	error = suser_td(td);
+	error = suser(td);
 	if (error != 0)
 		return error;
 	error = securelevel_gt(td->td_ucred, 0);
@@ -232,7 +232,7 @@ struct	spigot_info	*info;
 		break;
 	case	SPIGOT_IOPL_ON:	/* allow access to the IO PAGE */
 #if !defined(SPIGOT_UNSECURE)
-		error = suser_td(td);
+		error = suser(td);
 		if (error != 0)
 			return error;
 		error = securelevel_gt(td->td_ucred, 0);
diff --git a/sys/i386/isa/stallion.c b/sys/i386/isa/stallion.c
index c9c0df5..5706ea2 100644
--- a/sys/i386/isa/stallion.c
+++ b/sys/i386/isa/stallion.c
@@ -832,7 +832,7 @@ stlopen_restart:
 			}
 		}
 		if ((tp->t_state & TS_XCLUDE) &&
-		    suser_td(td)) {
+		    suser(td)) {
 			error = EBUSY;
 			goto stlopen_end;
 		}
@@ -970,7 +970,7 @@ STATIC int stlioctl(dev_t dev, unsigned long cmd, caddr_t data, int flag,
 
 		switch (cmd) {
 		case TIOCSETA:
-			if ((error = suser_td(td)) == 0)
+			if ((error = suser(td)) == 0)
 				*localtios = *((struct termios *) data);
 			break;
 		case TIOCGETA:
@@ -1088,7 +1088,7 @@ STATIC int stlioctl(dev_t dev, unsigned long cmd, caddr_t data, int flag,
 		*((int *) data) = (stl_getsignals(portp) | TIOCM_LE);
 		break;
 	case TIOCMSDTRWAIT:
-		if ((error = suser_td(td)) == 0)
+		if ((error = suser(td)) == 0)
 			portp->dtrwait = *((int *) data) * hz / 100;
 		break;
 	case TIOCMGDTRWAIT:
diff --git a/sys/i386/linux/linux_machdep.c b/sys/i386/linux/linux_machdep.c
index 59325c4..245c96a 100644
--- a/sys/i386/linux/linux_machdep.c
+++ b/sys/i386/linux/linux_machdep.c
@@ -559,7 +559,7 @@ linux_iopl(struct thread *td, struct linux_iopl_args *args)
 
 	if (args->level < 0 || args->level > 3)
 		return (EINVAL);
-	if ((error = suser_td(td)) != 0)
+	if ((error = suser(td)) != 0)
 		return (error);
 	if ((error = securelevel_gt(td->td_ucred, 0)) != 0)
 		return (error);