Change the suser() API to take advantage of td_ucred as well as do a

general cleanup of the API. The entire API now consists of two functions similar to the pre-KSE API. The suser() function takes a thread pointer as its only argument. The td_ucred member of this thread must be valid so the only valid thread pointers are curthread and a few kernel threads such as thread0. The suser_cred() function takes a pointer to a struct ucred as its first argument and an integer flag as its second argument. The flag is currently only used for the PRISON_ROOT flag. Discussed on: smp@
author: jhb <jhb@FreeBSD.org> 2002-04-01 21:31:13 +0000
committer: jhb <jhb@FreeBSD.org> 2002-04-01 21:31:13 +0000
commit: dc2e474f79c1287592679cd5e0c4c2307feccd60 (patch)
tree: 79021f0d43a5858be317d5cd33eac8cd4962b336 /sys/netinet6
parent: 34c7d606c9818987384d404948ecdc98521462bd (diff)
download: FreeBSD-src-dc2e474f79c1287592679cd5e0c4c2307feccd60.zip
FreeBSD-src-dc2e474f79c1287592679cd5e0c4c2307feccd60.tar.gz
8 files changed, 16 insertions, 12 deletions
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index d376b58..f427c7c 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -376,7 +376,7 @@ in6_control(so, cmd, data, ifp, td)
 	int privileged;
 
 	privileged = 0;
-	if (td == NULL || !suser_td(td))
+	if (td == NULL || !suser(td))
 		privileged++;
 
 	switch (cmd) {
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c
index 093fe71..cca0c6f 100644
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@@ -183,7 +183,7 @@ in6_pcbbind(inp, nam, td)
 
 			/* GROSS */
 			if (ntohs(lport) < IPV6PORT_RESERVED && td &&
-			    suser_xxx(0, td->td_proc, PRISON_ROOT))
+			    suser_cred(td->td_ucred, PRISON_ROOT))
 				return(EACCES);
 			if (so->so_cred->cr_uid != 0 &&
 			    !IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) {
diff --git a/sys/netinet6/in6_src.c b/sys/netinet6/in6_src.c
index 16a78ad..3dd2212 100644
--- a/sys/netinet6/in6_src.c
+++ b/sys/netinet6/in6_src.c
@@ -349,7 +349,7 @@ in6_pcbsetport(laddr, inp, td)
 		last  = ipport_hilastauto;
 		lastport = &pcbinfo->lasthi;
 	} else if (inp->inp_flags & INP_LOWPORT) {
-		if (td && (error = suser_td(td)))
+		if (td && (error = suser(td)))
 			return error;
 		first = ipport_lowfirstauto;	/* 1023 */
 		last  = ipport_lowlastauto;	/* 600 */
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index f492fd0..d29bcae 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -1134,12 +1134,16 @@ ip6_savecontrol(in6p, mp, ip6, m)
 	struct ip6_hdr *ip6;
 	struct mbuf *m;
 {
-	struct proc *p = curproc;	/* XXX */
+#if __FreeBSD__ >= 5
+	struct thread *td = curthread;	/* XXX */
+#else
+	struct proc *td = curproc;	/* XXX */
+#endif
 	int privileged = 0;
 	int rthdr_exist = 0;
 
 
-	if (p && !suser(p))
+	if (td && !suser(td))
  		privileged++;
 
 #ifdef SO_TIMESTAMP
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
index e4d2c77..2d214eb 100644
--- a/sys/netinet6/ip6_output.c
+++ b/sys/netinet6/ip6_output.c
@@ -1283,7 +1283,7 @@ ip6_ctloutput(so, sopt)
 	}
 	error = optval = 0;
 
-	privileged = (td == 0 || suser_td(td)) ? 0 : 1;
+	privileged = (td == 0 || suser(td)) ? 0 : 1;
 
 	if (level == IPPROTO_IPV6) {
 		switch (op) {
@@ -1733,7 +1733,7 @@ ip6_pcbopts(pktopt, m, so, sopt)
 	}
 
 	/*  set options specified by user. */
-	if (td && !suser_td(td))
+	if (td && !suser(td))
 		priv = 1;
 	if ((error = ip6_setpktoptions(m, opt, priv, 1)) != 0) {
 		ip6_clearpktopts(opt, 1, -1); /* XXX: discard all options */
@@ -1989,7 +1989,7 @@ ip6_setmoptions(optname, im6op, m)
 			 * all multicast addresses. Only super user is allowed
 			 * to do this.
 			 */
-			if (suser_td(td))
+			if (suser(td))
 			{
 				error = EACCES;
 				break;
@@ -2096,7 +2096,7 @@ ip6_setmoptions(optname, im6op, m)
 		}
 		mreq = mtod(m, struct ipv6_mreq *);
 		if (IN6_IS_ADDR_UNSPECIFIED(&mreq->ipv6mr_multiaddr)) {
-			if (suser_td(td)) {
+			if (suser(td)) {
 				error = EACCES;
 				break;
 			}
diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c
index f16651b..ca09142 100644
--- a/sys/netinet6/raw_ip6.c
+++ b/sys/netinet6/raw_ip6.c
@@ -544,7 +544,7 @@ rip6_attach(struct socket *so, int proto, struct thread *td)
 	inp = sotoinpcb(so);
 	if (inp)
 		panic("rip6_attach");
-	if (td && (error = suser_td(td)) != 0)
+	if (td && (error = suser(td)) != 0)
 		return error;
 
 	error = soreserve(so, rip_sendspace, rip_recvspace);
diff --git a/sys/netinet6/udp6_output.c b/sys/netinet6/udp6_output.c
index d1d6a19..b085943 100644
--- a/sys/netinet6/udp6_output.c
+++ b/sys/netinet6/udp6_output.c
@@ -140,7 +140,7 @@ udp6_output(in6p, m, addr6, control, td)
 	struct sockaddr_in6 tmp;
 
 	priv = 0;
-	if (td && !suser_td(td))
+	if (td && !suser(td))
 		priv = 1;
 	if (control) {
 		if ((error = ip6_setpktoptions(control, &opt, priv, 0)) != 0)
diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c
index 2861f7f..f1bf3a9 100644
--- a/sys/netinet6/udp6_usrreq.c
+++ b/sys/netinet6/udp6_usrreq.c
@@ -466,7 +466,7 @@ udp6_getcred(SYSCTL_HANDLER_ARGS)
 	struct inpcb *inp;
 	int error, s;
 
-	error = suser(req->td->td_proc);
+	error = suser(req->td);
 	if (error)
 		return (error);
author	jhb <jhb@FreeBSD.org>	2002-04-01 21:31:13 +0000
committer	jhb <jhb@FreeBSD.org>	2002-04-01 21:31:13 +0000
commit	dc2e474f79c1287592679cd5e0c4c2307feccd60 (patch)
tree	79021f0d43a5858be317d5cd33eac8cd4962b336 /sys/netinet6
parent	34c7d606c9818987384d404948ecdc98521462bd (diff)
download	FreeBSD-src-dc2e474f79c1287592679cd5e0c4c2307feccd60.zip FreeBSD-src-dc2e474f79c1287592679cd5e0c4c2307feccd60.tar.gz