diff options
author | rwatson <rwatson@FreeBSD.org> | 2001-11-01 20:56:57 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2001-11-01 20:56:57 +0000 |
commit | c532c3bf88b0296935bf9293accb407de43e240c (patch) | |
tree | d29ed0901454dffcc55e4c0606aef0cd915d84eb /sys/kern | |
parent | 49a98043879675541ed4fda938748b3b157c8479 (diff) | |
download | FreeBSD-src-c532c3bf88b0296935bf9293accb407de43e240c.zip FreeBSD-src-c532c3bf88b0296935bf9293accb407de43e240c.tar.gz |
o Move suser() calls in kern/ to using suser_xxx() with an explicit
credential selection, rather than reference via a thread or process
pointer. This is part of a gradual migration to suser() accepting
a struct ucred instead of a struct proc, simplifying the reference
and locking semantics of suser().
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/kern_acct.c | 2 | ||||
-rw-r--r-- | sys/kern/kern_jail.c | 2 | ||||
-rw-r--r-- | sys/kern/kern_linker.c | 4 | ||||
-rw-r--r-- | sys/kern/kern_resource.c | 5 | ||||
-rw-r--r-- | sys/kern/sysv_ipc.c | 6 | ||||
-rw-r--r-- | sys/kern/tty.c | 8 | ||||
-rw-r--r-- | sys/kern/tty_pty.c | 2 |
7 files changed, 16 insertions, 13 deletions
diff --git a/sys/kern/kern_acct.c b/sys/kern/kern_acct.c index 8c319f7..cd191d5 100644 --- a/sys/kern/kern_acct.c +++ b/sys/kern/kern_acct.c @@ -123,7 +123,7 @@ acct(td, uap) if (td != curthread) panic("acct"); /* XXXKSE DIAGNOSTIC */ /* Make sure that the caller is root. */ - error = suser(td->td_proc); + error = suser_xxx(td->td_proc->p_ucred, NULL, 0); if (error) goto done2; diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 2dd432c..fc692c8 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -83,7 +83,7 @@ jail(td, uap) pr->pr_ip = j.ip_number; PROC_LOCK(p); /* Implicitly fail if already in jail. */ - error = suser(p); + error = suser_xxx(p->p_ucred, NULL, 0); if (error) goto badcred; oldcred = p->p_ucred; diff --git a/sys/kern/kern_linker.c b/sys/kern/kern_linker.c index 7c2b59d..fd12eaa 100644 --- a/sys/kern/kern_linker.c +++ b/sys/kern/kern_linker.c @@ -697,7 +697,7 @@ kldload(struct thread* td, struct kldload_args* uap) mtx_lock(&Giant); - if ((error = suser_td(td)) != 0) + if ((error = suser_xxx(td->td_proc->p_ucred, NULL, 0)) != 0) goto out; pathname = malloc(MAXPATHLEN, M_TEMP, M_WAITOK); @@ -743,7 +743,7 @@ kldunload(struct thread* td, struct kldunload_args* uap) mtx_lock(&Giant); - if ((error = suser_td(td)) != 0) + if ((error = suser_xxx(td->td_proc->p_ucred, NULL, 0)) != 0) goto out; lf = linker_find_file_by_id(SCARG(uap, fileid)); diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c index cf630ac..5de2325 100644 --- a/sys/kern/kern_resource.c +++ b/sys/kern/kern_resource.c @@ -235,7 +235,8 @@ donice(curp, chgp, n) n = PRIO_MAX; if (n < PRIO_MIN) n = PRIO_MIN; - if (n < chgp->p_ksegrp.kg_nice /* XXXKSE */ && suser(curp)) + if (n < chgp->p_ksegrp.kg_nice /* XXXKSE */ && + suser_xxx(curp->p_ucred, NULL, 0)) return (EACCES); chgp->p_ksegrp.kg_nice /* XXXKSE */ = n; (void)resetpriority(&chgp->p_ksegrp); /* XXXKSE */ @@ -297,7 +298,7 @@ rtprio(td, uap) (error = copyin(uap->rtp, &rtp, sizeof(struct rtprio)))) break; /* disallow setting rtprio in most cases if not superuser */ - if (suser(curp) != 0) { + if (suser_xxx(curp->p_ucred, NULL, 0) != 0) { /* can't set someone else's */ if (uap->pid) { error = EPERM; diff --git a/sys/kern/sysv_ipc.c b/sys/kern/sysv_ipc.c index 70e2f4b..89ab7d2 100644 --- a/sys/kern/sysv_ipc.c +++ b/sys/kern/sysv_ipc.c @@ -94,7 +94,8 @@ ipcperm(td, perm, mode) /* Check for user match. */ if (cred->cr_uid != perm->cuid && cred->cr_uid != perm->uid) { if (mode & IPC_M) - return (suser(p) == 0 ? 0 : EPERM); + return (suser_xxx(p->p_ucred, NULL, 0) == 0 ? 0 : + EPERM); /* Check for group match. */ mode >>= 3; if (!groupmember(perm->gid, cred) && @@ -105,5 +106,6 @@ ipcperm(td, perm, mode) if (mode & IPC_M) return (0); - return ((mode & perm->mode) == mode || suser(p) == 0 ? 0 : EACCES); + return ((mode & perm->mode) == mode || + suser_xxx(p->p_ucred, NULL, 0) == 0 ? 0 : EACCES); } diff --git a/sys/kern/tty.c b/sys/kern/tty.c index 13ab4f7..efc76b8 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -822,7 +822,7 @@ ttioctl(tp, cmd, data, flag) ISSET(constty->t_state, TS_CONNECTED)) return (EBUSY); #ifndef UCONSOLE - if ((error = suser(p)) != 0) + if ((error = suser_xxx(p->p_ucred, NULL, 0)) != 0) return (error); #endif constty = tp; @@ -994,9 +994,9 @@ ttioctl(tp, cmd, data, flag) splx(s); break; case TIOCSTI: /* simulate terminal input */ - if ((flag & FREAD) == 0 && suser(p)) + if ((flag & FREAD) == 0 && suser_xxx(p->p_ucred, NULL, 0)) return (EPERM); - if (!isctty(p, tp) && suser(p)) + if (!isctty(p, tp) && suser_xxx(p->p_ucred, NULL, 0)) return (EACCES); s = spltty(); (*linesw[tp->t_line].l_rint)(*(u_char *)data, tp); @@ -1044,7 +1044,7 @@ ttioctl(tp, cmd, data, flag) } break; case TIOCSDRAINWAIT: - error = suser(p); + error = suser_xxx(p->p_ucred, NULL, 0); if (error) return (error); tp->t_timeout = *(int *)data * hz; diff --git a/sys/kern/tty_pty.c b/sys/kern/tty_pty.c index a01d04e..7e00ec4 100644 --- a/sys/kern/tty_pty.c +++ b/sys/kern/tty_pty.c @@ -185,7 +185,7 @@ ptsopen(dev, flag, devtype, td) tp->t_lflag = TTYDEF_LFLAG; tp->t_cflag = TTYDEF_CFLAG; tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED; - } else if (tp->t_state & TS_XCLUDE && suser(p)) { + } else if (tp->t_state & TS_XCLUDE && suser_xxx(p->p_ucred, NULL, 0)) { return (EBUSY); } else if (pti->pt_prison != p->p_ucred->cr_prison) { return (EBUSY); |