Change the suser() API to take advantage of td_ucred as well as do a

general cleanup of the API. The entire API now consists of two functions similar to the pre-KSE API. The suser() function takes a thread pointer as its only argument. The td_ucred member of this thread must be valid so the only valid thread pointers are curthread and a few kernel threads such as thread0. The suser_cred() function takes a pointer to a struct ucred as its first argument and an integer flag as its second argument. The flag is currently only used for the PRISON_ROOT flag. Discussed on: smp@
author: jhb <jhb@FreeBSD.org> 2002-04-01 21:31:13 +0000
committer: jhb <jhb@FreeBSD.org> 2002-04-01 21:31:13 +0000
commit: dc2e474f79c1287592679cd5e0c4c2307feccd60 (patch)
tree: 79021f0d43a5858be317d5cd33eac8cd4962b336 /sys/net
parent: 34c7d606c9818987384d404948ecdc98521462bd (diff)
download: FreeBSD-src-dc2e474f79c1287592679cd5e0c4c2307feccd60.zip
FreeBSD-src-dc2e474f79c1287592679cd5e0c4c2307feccd60.tar.gz
9 files changed, 30 insertions, 26 deletions
diff --git a/sys/net/if.c b/sys/net/if.c
index 5ec27bf..4b8573f 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -1230,7 +1230,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 		break;
 
 	case SIOCSIFFLAGS:
-		error = suser_td(td);
+		error = suser(td);
 		if (error)
 			return (error);
 		ifr->ifr_prevflags = ifp->if_flags;
@@ -1255,7 +1255,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 		break;
 
 	case SIOCSIFCAP:
-		error = suser_td(td);
+		error = suser(td);
 		if (error)
 			return (error);
 		if (ifr->ifr_reqcap & ~ifp->if_capabilities)
@@ -1264,7 +1264,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 		break;
 
 	case SIOCSIFMETRIC:
-		error = suser_td(td);
+		error = suser(td);
 		if (error)
 			return (error);
 		ifp->if_metric = ifr->ifr_metric;
@@ -1272,7 +1272,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 		break;
 
 	case SIOCSIFPHYS:
-		error = suser_td(td);
+		error = suser(td);
 		if (error)
 			return error;
 		if (!ifp->if_ioctl)
@@ -1286,7 +1286,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 	{
 		u_long oldmtu = ifp->if_mtu;
 
-		error = suser_td(td);
+		error = suser(td);
 		if (error)
 			return (error);
 		if (ifr->ifr_mtu < IF_MINMTU || ifr->ifr_mtu > IF_MAXMTU)
@@ -1311,7 +1311,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 
 	case SIOCADDMULTI:
 	case SIOCDELMULTI:
-		error = suser_td(td);
+		error = suser(td);
 		if (error)
 			return (error);
 
@@ -1341,7 +1341,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 	case SIOCSLIFPHYADDR:
         case SIOCSIFMEDIA:
 	case SIOCSIFGENERIC:
-		error = suser_td(td);
+		error = suser(td);
 		if (error)
 			return (error);
 		if (ifp->if_ioctl == NULL)
@@ -1366,7 +1366,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 		break;
 
 	case SIOCSIFLLADDR:
-		error = suser_td(td);
+		error = suser(td);
 		if (error)
 			return (error);
 		error = if_setlladdr(ifp,
@@ -1405,7 +1405,7 @@ ifioctl(so, cmd, data, td)
 	switch (cmd) {
 	case SIOCIFCREATE:
 	case SIOCIFDESTROY:
-		if ((error = suser_td(td)) != 0)
+		if ((error = suser(td)) != 0)
 			return (error);
 		return ((cmd == SIOCIFCREATE) ?
 			if_clone_create(ifr->ifr_name, sizeof(ifr->ifr_name)) :
diff --git a/sys/net/if_ppp.c b/sys/net/if_ppp.c
index 091b25e..e2c25eb 100644
--- a/sys/net/if_ppp.c
+++ b/sys/net/if_ppp.c
@@ -376,7 +376,7 @@ pppioctl(sc, cmd, data, flag, td)
 	break;
 
     case PPPIOCSFLAGS:
-	if ((error = suser(p)) != 0)
+	if ((error = suser(td)) != 0)
 	    break;
 	flags = *(int *)data & SC_MASK;
 	s = splsoftnet();
@@ -390,7 +390,7 @@ pppioctl(sc, cmd, data, flag, td)
 	break;
 
     case PPPIOCSMRU:
-	if ((error = suser(p)) != 0)
+	if ((error = suser(td)) != 0)
 	    return (error);
 	mru = *(int *)data;
 	if (mru >= PPP_MRU && mru <= PPP_MAXMRU)
@@ -403,7 +403,7 @@ pppioctl(sc, cmd, data, flag, td)
 
 #ifdef VJC
     case PPPIOCSMAXCID:
-	if ((error = suser(p)) != 0)
+	if ((error = suser(td)) != 0)
 	    break;
 	if (sc->sc_comp) {
 	    s = splsoftnet();
@@ -414,14 +414,14 @@ pppioctl(sc, cmd, data, flag, td)
 #endif
 
     case PPPIOCXFERUNIT:
-	if ((error = suser(p)) != 0)
+	if ((error = suser(td)) != 0)
 	    break;
 	sc->sc_xfer = p->p_pid;
 	break;
 
 #ifdef PPP_COMPRESS
     case PPPIOCSCOMPRESS:
-	if ((error = suser(p)) != 0)
+	if ((error = suser(td)) != 0)
 	    break;
 	odp = (struct ppp_option_data *) data;
 	nb = odp->length;
@@ -497,7 +497,7 @@ pppioctl(sc, cmd, data, flag, td)
 	if (cmd == PPPIOCGNPMODE) {
 	    npi->mode = sc->sc_npmode[npx];
 	} else {
-	    if ((error = suser(p)) != 0)
+	    if ((error = suser(td)) != 0)
 		break;
 	    if (npi->mode != sc->sc_npmode[npx]) {
 		s = splsoftnet();
@@ -573,7 +573,7 @@ pppsioctl(ifp, cmd, data)
     u_long cmd;
     caddr_t data;
 {
-    struct proc *p = curproc;	/* XXX */
+    struct thread *td = curthread;	/* XXX */
     register struct ppp_softc *sc = &ppp_softc[ifp->if_unit];
     register struct ifaddr *ifa = (struct ifaddr *)data;
     register struct ifreq *ifr = (struct ifreq *)data;
@@ -623,7 +623,7 @@ pppsioctl(ifp, cmd, data)
 	break;
 
     case SIOCSIFMTU:
-	if ((error = suser(p)) != 0)
+	if ((error = suser(td)) != 0)
 	    break;
 	if (ifr->ifr_mtu > PPP_MAXMTU)
 	    error = EINVAL;
diff --git a/sys/net/if_sl.c b/sys/net/if_sl.c
index 346252a..c8e284a 100644
--- a/sys/net/if_sl.c
+++ b/sys/net/if_sl.c
@@ -341,7 +341,7 @@ slopen(dev, tp)
 	register struct sl_softc *sc;
 	int s, error;
 
-	error = suser_td(curthread);
+	error = suser(curthread);
 	if (error)
 		return (error);
 
diff --git a/sys/net/if_tap.c b/sys/net/if_tap.c
index 605d287..253af5a 100644
--- a/sys/net/if_tap.c
+++ b/sys/net/if_tap.c
@@ -399,7 +399,7 @@ tapopen(dev, flag, mode, td)
 	int			 unit, error;
 	struct resource		*r = NULL;
 
-	if ((error = suser_td(td)) != 0)
+	if ((error = suser(td)) != 0)
 		return (error);
 
 	unit = dev2unit(dev) & TAPMAXUNIT;
diff --git a/sys/net/if_tun.c b/sys/net/if_tun.c
index 6082949..1061274 100644
--- a/sys/net/if_tun.c
+++ b/sys/net/if_tun.c
@@ -533,7 +533,7 @@ tunioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct thread *td)
 		if (tunp->mtu < IF_MINMTU)
 			return (EINVAL);
  		if (tp->tun_if.if_mtu != tunp->mtu
-		&& (error = suser_td(td)) != 0)
+		&& (error = suser(td)) != 0)
 			return (error);
  		tp->tun_if.if_mtu = tunp->mtu;
  		tp->tun_if.if_type = tunp->type;
diff --git a/sys/net/net_osdep.h b/sys/net/net_osdep.h
index 57a1fb5..a5ff633 100644
--- a/sys/net/net_osdep.h
+++ b/sys/net/net_osdep.h
@@ -79,6 +79,10 @@
  *		struct proc *p;
  *		if (p && !suser(p))
  *			privileged;
+ *	FreeBSD 5
+ *		struct thread *td;
+ *		if (suser(td))
+ *			privileged;
  *	OpenBSD, BSDI [34], FreeBSD 2
  *		struct socket *so;
  *		if (so->so_state & SS_PRIV)
diff --git a/sys/net/ppp_tty.c b/sys/net/ppp_tty.c
index e769b1b..2f65fdb 100644
--- a/sys/net/ppp_tty.c
+++ b/sys/net/ppp_tty.c
@@ -175,7 +175,7 @@ pppopen(dev, tp)
     register struct ppp_softc *sc;
     int error, s;
 
-    if ((error = suser_td(td)) != 0)
+    if ((error = suser(td)) != 0)
 	return (error);
 
     s = spltty();
@@ -444,7 +444,7 @@ ppptioctl(tp, cmd, data, flag, td)
     error = 0;
     switch (cmd) {
     case PPPIOCSASYNCMAP:
-	if ((error = suser_td(td)) != 0)
+	if ((error = suser(td)) != 0)
 	    break;
 	sc->sc_asyncmap[0] = *(u_int *)data;
 	break;
@@ -454,7 +454,7 @@ ppptioctl(tp, cmd, data, flag, td)
 	break;
 
     case PPPIOCSRASYNCMAP:
-	if ((error = suser_td(td)) != 0)
+	if ((error = suser(td)) != 0)
 	    break;
 	sc->sc_rasyncmap = *(u_int *)data;
 	break;
@@ -464,7 +464,7 @@ ppptioctl(tp, cmd, data, flag, td)
 	break;
 
     case PPPIOCSXASYNCMAP:
-	if ((error = suser_td(td)) != 0)
+	if ((error = suser(td)) != 0)
 	    break;
 	s = spltty();
 	bcopy(data, sc->sc_asyncmap, sizeof(sc->sc_asyncmap));
diff --git a/sys/net/raw_usrreq.c b/sys/net/raw_usrreq.c
index 3138b10..47df8d0 100644
--- a/sys/net/raw_usrreq.c
+++ b/sys/net/raw_usrreq.c
@@ -157,7 +157,7 @@ raw_uattach(struct socket *so, int proto, struct thread *td)
 
 	if (rp == 0)
 		return EINVAL;
-	if (td && (error = suser_td(td)) != 0)
+	if (td && (error = suser(td)) != 0)
 		return error;
 	return raw_attach(so, proto);
 }
diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c
index 5b87991..ea9f4d3 100644
--- a/sys/net/rtsock.c
+++ b/sys/net/rtsock.c
@@ -332,7 +332,7 @@ route_output(m, so)
 	 * Verify that the caller has the appropriate privilege; RTM_GET
 	 * is the only operation the non-superuser is allowed.
 	 */
-	if (rtm->rtm_type != RTM_GET && (error = suser(curproc)) != 0)
+	if (rtm->rtm_type != RTM_GET && (error = suser(curthread)) != 0)
 		senderr(error);
 
 	switch (rtm->rtm_type) {
author	jhb <jhb@FreeBSD.org>	2002-04-01 21:31:13 +0000
committer	jhb <jhb@FreeBSD.org>	2002-04-01 21:31:13 +0000
commit	dc2e474f79c1287592679cd5e0c4c2307feccd60 (patch)
tree	79021f0d43a5858be317d5cd33eac8cd4962b336 /sys/net
parent	34c7d606c9818987384d404948ecdc98521462bd (diff)
download	FreeBSD-src-dc2e474f79c1287592679cd5e0c4c2307feccd60.zip FreeBSD-src-dc2e474f79c1287592679cd5e0c4c2307feccd60.tar.gz