diff options
author | jhb <jhb@FreeBSD.org> | 2002-04-01 21:31:13 +0000 |
---|---|---|
committer | jhb <jhb@FreeBSD.org> | 2002-04-01 21:31:13 +0000 |
commit | dc2e474f79c1287592679cd5e0c4c2307feccd60 (patch) | |
tree | 79021f0d43a5858be317d5cd33eac8cd4962b336 /sys | |
parent | 34c7d606c9818987384d404948ecdc98521462bd (diff) | |
download | FreeBSD-src-dc2e474f79c1287592679cd5e0c4c2307feccd60.zip FreeBSD-src-dc2e474f79c1287592679cd5e0c4c2307feccd60.tar.gz |
Change the suser() API to take advantage of td_ucred as well as do a
general cleanup of the API. The entire API now consists of two functions
similar to the pre-KSE API. The suser() function takes a thread pointer
as its only argument. The td_ucred member of this thread must be valid
so the only valid thread pointers are curthread and a few kernel threads
such as thread0. The suser_cred() function takes a pointer to a struct
ucred as its first argument and an integer flag as its second argument.
The flag is currently only used for the PRISON_ROOT flag.
Discussed on: smp@
Diffstat (limited to 'sys')
158 files changed, 418 insertions, 404 deletions
diff --git a/sys/alpha/alpha/promcons.c b/sys/alpha/alpha/promcons.c index 29a0919..276de20 100644 --- a/sys/alpha/alpha/promcons.c +++ b/sys/alpha/alpha/promcons.c @@ -123,7 +123,7 @@ promopen(dev, flag, mode, td) ttsetwater(tp); setuptimeout = 1; - } else if ((tp->t_state & TS_XCLUDE) && suser(td->td_proc)) { + } else if ((tp->t_state & TS_XCLUDE) && suser(td)) { splx(s); return EBUSY; } diff --git a/sys/alpha/alpha/sys_machdep.c b/sys/alpha/alpha/sys_machdep.c index bc7bc02..8bf26ca 100644 --- a/sys/alpha/alpha/sys_machdep.c +++ b/sys/alpha/alpha/sys_machdep.c @@ -118,7 +118,7 @@ alpha_sethae(struct thread *td, char *args) if (error) return (error); - error = suser(td->td_proc); + error = suser(td); if (error) return (error); diff --git a/sys/alpha/osf1/osf1_misc.c b/sys/alpha/osf1/osf1_misc.c index 7c82947..cac8ad8 100644 --- a/sys/alpha/osf1/osf1_misc.c +++ b/sys/alpha/osf1/osf1_misc.c @@ -1062,7 +1062,7 @@ osf1_setuid(td, uap) uid = SCARG(uap, uid); oldcred = p->p_ucred; - if ((error = suser_xxx(p->p_ucred, NULL, PRISON_ROOT)) != 0 && + if ((error = suser_cred(p->p_ucred, PRISON_ROOT)) != 0 && uid != oldcred->cr_ruid && uid != oldcred->cr_svuid) return (error); @@ -1108,7 +1108,7 @@ osf1_setgid(td, uap) gid = SCARG(uap, gid); oldcred = p->p_ucred; - if (((error = suser_xxx(p->p_ucred, NULL, PRISON_ROOT)) != 0 ) && + if (((error = suser_cred(p->p_ucred, PRISON_ROOT)) != 0 ) && gid != oldcred->cr_rgid && gid != oldcred->cr_svgid) return (error); diff --git a/sys/alpha/tlsb/zs_tlsb.c b/sys/alpha/tlsb/zs_tlsb.c index 452df04..5a72a74 100644 --- a/sys/alpha/tlsb/zs_tlsb.c +++ b/sys/alpha/tlsb/zs_tlsb.c @@ -290,7 +290,7 @@ zsopen(dev_t dev, int flag, int mode, struct thread *td) tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED; ttsetwater(tp); setuptimeout = 1; - } else if ((tp->t_state & TS_XCLUDE) && suser(td->td_proc)) { + } else if ((tp->t_state & TS_XCLUDE) && suser(td)) { splx(s); return EBUSY; } diff --git a/sys/amd64/amd64/machdep.c b/sys/amd64/amd64/machdep.c index 6617f17..485a69e 100644 --- a/sys/amd64/amd64/machdep.c +++ b/sys/amd64/amd64/machdep.c @@ -2140,7 +2140,7 @@ set_dbregs(struct thread *td, struct dbreg *dbregs) * from within kernel mode? */ - if (suser_td(td) != 0) { + if (suser(td) != 0) { if (dbregs->dr7 & 0x3) { /* dr0 is enabled */ if (dbregs->dr0 >= VM_MAXUSER_ADDRESS) diff --git a/sys/amd64/amd64/mem.c b/sys/amd64/amd64/mem.c index 94851fd..220bad3 100644 --- a/sys/amd64/amd64/mem.c +++ b/sys/amd64/amd64/mem.c @@ -122,7 +122,7 @@ mmopen(dev_t dev, int flags, int fmt, struct thread *td) } break; case 14: - error = suser_td(td); + error = suser(td); if (error != 0) return (error); error = securelevel_gt(td->td_ucred, 0); diff --git a/sys/amd64/amd64/sys_machdep.c b/sys/amd64/amd64/sys_machdep.c index b039b51..c756be7 100644 --- a/sys/amd64/amd64/sys_machdep.c +++ b/sys/amd64/amd64/sys_machdep.c @@ -183,7 +183,7 @@ i386_set_ioperm(td, args) if ((error = copyin(args, &ua, sizeof(struct i386_ioperm_args))) != 0) return (error); - if ((error = suser_td(td)) != 0) + if ((error = suser(td)) != 0) return (error); if ((error = securelevel_gt(td->td_ucred, 0)) != 0) return (error); diff --git a/sys/compat/linux/linux_misc.c b/sys/compat/linux/linux_misc.c index b43c1d5..46f0d52 100644 --- a/sys/compat/linux/linux_misc.c +++ b/sys/compat/linux/linux_misc.c @@ -980,7 +980,7 @@ linux_setgroups(struct thread *td, struct linux_setgroups_args *args) * Keep cr_groups[0] unchanged to prevent that. */ - if ((error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) + if ((error = suser_cred(oldcred, PRISON_ROOT)) != 0) return (error); if (ngrp >= NGROUPS) diff --git a/sys/compat/linux/linux_uid16.c b/sys/compat/linux/linux_uid16.c index f768bae..b29368c 100644 --- a/sys/compat/linux/linux_uid16.c +++ b/sys/compat/linux/linux_uid16.c @@ -108,7 +108,7 @@ linux_setgroups16(struct thread *td, struct linux_setgroups16_args *args) * Keep cr_groups[0] unchanged to prevent that. */ - if ((error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) + if ((error = suser_cred(oldcred, PRISON_ROOT)) != 0) return (error); if (ngrp >= NGROUPS) diff --git a/sys/compat/svr4/svr4_fcntl.c b/sys/compat/svr4/svr4_fcntl.c index fd20dde..cf2fa0a 100644 --- a/sys/compat/svr4/svr4_fcntl.c +++ b/sys/compat/svr4/svr4_fcntl.c @@ -264,7 +264,7 @@ fd_revoke(td, fd) goto out; if (td->td_ucred->cr_uid != vattr.va_uid && - (error = suser_td(td)) != 0) + (error = suser(td)) != 0) goto out; if ((error = vn_start_write(vp, &mp, V_WAIT | PCATCH)) != 0) diff --git a/sys/compat/svr4/svr4_misc.c b/sys/compat/svr4/svr4_misc.c index 3780fd0..c6870b3 100644 --- a/sys/compat/svr4/svr4_misc.c +++ b/sys/compat/svr4/svr4_misc.c @@ -607,7 +607,7 @@ svr4_sys_fchroot(td, uap) struct file *fp; int error; - if ((error = suser_td(td)) != 0) + if ((error = suser(td)) != 0) return error; if ((error = getvnode(fdp, SCARG(uap, fd), &fp)) != 0) return error; diff --git a/sys/compat/svr4/svr4_stat.c b/sys/compat/svr4/svr4_stat.c index 997e474..b1d63ec 100644 --- a/sys/compat/svr4/svr4_stat.c +++ b/sys/compat/svr4/svr4_stat.c @@ -559,13 +559,13 @@ svr4_sys_systeminfo(td, uap) break; #if defined(WHY_DOES_AN_EMULATOR_WANT_TO_SET_HOSTNAMES) case SVR4_SI_SET_HOSTNAME: - if ((error = suser(p)) != 0) + if ((error = suser(td)) != 0) return error; name = KERN_HOSTNAME; return kern_sysctl(&name, 1, 0, 0, SCARG(uap, buf), rlen, td); case SVR4_SI_SET_SRPC_DOMAIN: - if ((error = suser(p)) != 0) + if ((error = suser(td)) != 0) return error; name = KERN_NISDOMAINNAME; return kern_sysctl(&name, 1, 0, 0, SCARG(uap, buf), rlen, td); diff --git a/sys/dev/an/if_an.c b/sys/dev/an/if_an.c index e713796..826d069 100644 --- a/sys/dev/an/if_an.c +++ b/sys/dev/an/if_an.c @@ -1266,7 +1266,7 @@ an_ioctl(ifp, command, data) int i; struct an_softc *sc; struct ifreq *ifr; - struct proc *p = curproc; + struct thread *td = curthread; struct ieee80211req *ireq; u_int8_t tmpstr[IEEE80211_NWID_LEN*2]; u_int8_t *tmpptr; @@ -1353,7 +1353,7 @@ an_ioctl(ifp, command, data) error = copyout(&sc->areq, ifr->ifr_data, sizeof(sc->areq)); break; case SIOCSAIRONET: - if ((error = suser(p))) + if ((error = suser(td))) goto out; error = copyin(ifr->ifr_data, &sc->areq, sizeof(sc->areq)); if (error != 0) @@ -1361,7 +1361,7 @@ an_ioctl(ifp, command, data) an_setdef(sc, &sc->areq); break; case SIOCGPRIVATE_0: /* used by Cisco client utility */ - if ((error = suser(p))) + if ((error = suser(td))) goto out; copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl)); mode = l_ioctl.command; @@ -1381,7 +1381,7 @@ an_ioctl(ifp, command, data) break; case SIOCGPRIVATE_1: /* used by Cisco client utility */ - if ((error = suser(p))) + if ((error = suser(td))) goto out; copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl)); l_ioctl.command = 0; @@ -1614,7 +1614,7 @@ an_ioctl(ifp, command, data) } break; case SIOCS80211: - if ((error = suser(p))) + if ((error = suser(td))) goto out; sc->areq.an_len = sizeof(sc->areq); /* diff --git a/sys/dev/asr/asr.c b/sys/dev/asr/asr.c index cdef43d..a232d62 100644 --- a/sys/dev/asr/asr.c +++ b/sys/dev/asr/asr.c @@ -3879,7 +3879,7 @@ asr_open( s = splcam (); if (ASR_ctlr_held) { error = EBUSY; - } else if ((error = suser(td->td_proc)) == 0) { + } else if ((error = suser(td)) == 0) { ++ASR_ctlr_held; } splx(s); diff --git a/sys/dev/ata/atapi-cd.c b/sys/dev/ata/atapi-cd.c index c4d1528..51cc51d 100644 --- a/sys/dev/ata/atapi-cd.c +++ b/sys/dev/ata/atapi-cd.c @@ -573,7 +573,7 @@ acdioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct thread *td) break; case CDIOCRESET: - error = suser(td->td_proc); + error = suser(td); if (error) break; error = atapi_test_ready(cdp->device); diff --git a/sys/dev/awi/awi.c b/sys/dev/awi/awi.c index fe764b0..6dfde41 100644 --- a/sys/dev/awi/awi.c +++ b/sys/dev/awi/awi.c @@ -521,7 +521,11 @@ awi_ioctl(ifp, cmd, data) break; case SIOCS80211NWID: #ifdef __FreeBSD__ +#if __FreeBSD__ >= 5 + error = suser(curthread); +#else error = suser(curproc); +#endif if (error) break; #endif @@ -555,7 +559,11 @@ awi_ioctl(ifp, cmd, data) break; case SIOCS80211NWKEY: #ifdef __FreeBSD__ +#if __FreeBSD__ >= 5 + error = suser(curthread); +#else error = suser(curproc); +#endif if (error) break; #endif @@ -613,7 +621,11 @@ awi_ioctl(ifp, cmd, data) error = awi_wep_getkey(sc, ireq->i_val, tmpstr, &len); if(error) break; +#if __FreeBSD__ >= 5 + if(!suser(curthread)) +#else if(!suser(curproc)) +#endif bzero(tmpstr, len); ireq->i_len = len; error = copyout(tmpstr, ireq->i_data, len); @@ -650,7 +662,11 @@ awi_ioctl(ifp, cmd, data) } break; case SIOCS80211: +#if __FreeBSD__ >= 5 + error = suser(curthread); +#else error = suser(curproc); +#endif if(error) break; switch(ireq->i_type) { diff --git a/sys/dev/awi/awi_wep.c b/sys/dev/awi/awi_wep.c index 750b165..bdd38b2 100644 --- a/sys/dev/awi/awi_wep.c +++ b/sys/dev/awi/awi_wep.c @@ -189,7 +189,11 @@ awi_wep_getnwkey(sc, nwkey) nwkey->i_defkid = sc->sc_wep_defkid + 1; /* do not show any keys to non-root user */ #ifdef __FreeBSD__ +#if __FreeBSD__ >= 5 + suerr = suser(curthread); +#else suerr = suser(curproc); +#endif #else suerr = suser(curproc->p_ucred, &curproc->p_acflag); #endif diff --git a/sys/dev/awi/awi_wicfg.c b/sys/dev/awi/awi_wicfg.c index 80b8160..639ea9b 100644 --- a/sys/dev/awi/awi_wicfg.c +++ b/sys/dev/awi/awi_wicfg.c @@ -108,7 +108,11 @@ awi_wicfg(ifp, cmd, data) break; case SIOCSWAVELAN: #ifdef __FreeBSD__ +#if __FreeBSD__ >= 5 + error = suser(curthread); +#else error = suser(curproc); +#endif #else error = suser(curproc->p_ucred, &curproc->p_acflag); #endif @@ -272,7 +276,11 @@ awi_cfgget(ifp, cmd, data) keys = (struct wi_ltv_keys *)&wreq; /* do not show keys to non-root user */ #ifdef __FreeBSD__ +#if __FreeBSD__ >= 5 + error = suser(curthread); +#else error = suser(curproc); +#endif #else error = suser(curproc->p_ucred, &curproc->p_acflag); #endif diff --git a/sys/dev/cnw/if_cnw.c b/sys/dev/cnw/if_cnw.c index d17f6cd..80ebef5 100644 --- a/sys/dev/cnw/if_cnw.c +++ b/sys/dev/cnw/if_cnw.c @@ -1239,7 +1239,11 @@ cnw_ioctl(ifp, cmd, data) #endif struct ifreq *ifr = (struct ifreq *)data; int s, error = 0; - struct proc *p = curproc; /*XXX*/ +#if __FreeBSD__ >= 5 + struct thread *td = curthread; /* XXX */ +#else + struct proc *td = curproc; /*XXX*/ +#endif s = splnet(); @@ -1331,7 +1335,7 @@ cnw_ioctl(ifp, cmd, data) #if !defined(__FreeBSD__) error = suser(p->p_ucred, &p->p_acflag); #else - error = suser(p); + error = suser(td); #endif if (error) break; @@ -1342,7 +1346,7 @@ cnw_ioctl(ifp, cmd, data) #if !defined(__FreeBSD__) error = suser(p->p_ucred, &p->p_acflag); #else - error = suser(p); + error = suser(td); #endif if (error) break; @@ -1353,7 +1357,7 @@ cnw_ioctl(ifp, cmd, data) #if !defined(__FreeBSD__) error = suser(p->p_ucred, &p->p_acflag); #else - error = suser(p); + error = suser(td); #endif if (error) break; diff --git a/sys/dev/cy/cy.c b/sys/dev/cy/cy.c index dc523c2..f42bdb3 100644 --- a/sys/dev/cy/cy.c +++ b/sys/dev/cy/cy.c @@ -718,7 +718,7 @@ open_top: } } if (tp->t_state & TS_XCLUDE && - suser_td(td)) { + suser(td)) { error = EBUSY; goto out; } @@ -1637,7 +1637,7 @@ sioioctl(dev, cmd, data, flag, td) } switch (cmd) { case TIOCSETA: - error = suser_td(td); + error = suser(td); if (error != 0) return (error); *ct = *(struct termios *)data; @@ -1736,7 +1736,7 @@ sioioctl(dev, cmd, data, flag, td) break; case TIOCMSDTRWAIT: /* must be root since the wait applies to following logins */ - error = suser_td(td); + error = suser(td); if (error != 0) { splx(s); return (error); diff --git a/sys/dev/cy/cy_isa.c b/sys/dev/cy/cy_isa.c index dc523c2..f42bdb3 100644 --- a/sys/dev/cy/cy_isa.c +++ b/sys/dev/cy/cy_isa.c @@ -718,7 +718,7 @@ open_top: } } if (tp->t_state & TS_XCLUDE && - suser_td(td)) { + suser(td)) { error = EBUSY; goto out; } @@ -1637,7 +1637,7 @@ sioioctl(dev, cmd, data, flag, td) } switch (cmd) { case TIOCSETA: - error = suser_td(td); + error = suser(td); if (error != 0) return (error); *ct = *(struct termios *)data; @@ -1736,7 +1736,7 @@ sioioctl(dev, cmd, data, flag, td) break; case TIOCMSDTRWAIT: /* must be root since the wait applies to following logins */ - error = suser_td(td); + error = suser(td); if (error != 0) { splx(s); return (error); diff --git a/sys/dev/dgb/dgb.c b/sys/dev/dgb/dgb.c index 4d36f2e..c276ed3 100644 --- a/sys/dev/dgb/dgb.c +++ b/sys/dev/dgb/dgb.c @@ -1050,7 +1050,7 @@ open_top: } } if (tp->t_state & TS_XCLUDE && - suser_td(td)) { + suser(td)) { error = EBUSY; goto out; } @@ -1548,7 +1548,7 @@ dgbioctl(dev, cmd, data, flag, td) } switch (cmd) { case TIOCSETA: - error = suser_td(td); + error = suser(td); if (error != 0) return (error); *ct = *(struct termios *)data; @@ -1770,7 +1770,7 @@ dgbioctl(dev, cmd, data, flag, td) break; case TIOCMSDTRWAIT: /* must be root since the wait applies to following logins */ - error = suser_td(td); + error = suser(td); if (error != 0) { splx(s); return (error); diff --git a/sys/dev/digi/digi.c b/sys/dev/digi/digi.c index 2f069c5..df4df2a 100644 --- a/sys/dev/digi/digi.c +++ b/sys/dev/digi/digi.c @@ -783,7 +783,7 @@ open_top: } goto open_top; } - if (tp->t_state & TS_XCLUDE && suser(td->td_proc) != 0) { + if (tp->t_state & TS_XCLUDE && suser(td) != 0) { error = EBUSY; goto out; } @@ -1146,7 +1146,7 @@ digiioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct thread *td) switch (cmd) { case TIOCSETA: - error = suser_td(td); + error = suser(td); if (error != 0) return (error); *ct = *(struct termios *)data; @@ -1317,7 +1317,7 @@ digiioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct thread *td) *(int *)data = digimctl(port, 0, DMGET); break; case TIOCMSDTRWAIT: - error = suser_td(td); + error = suser(td); if (error != 0) { splx(s); return (error); diff --git a/sys/dev/fdc/fdc.c b/sys/dev/fdc/fdc.c index 0d659ab..6fe54cd 100644 --- a/sys/dev/fdc/fdc.c +++ b/sys/dev/fdc/fdc.c @@ -2644,7 +2644,7 @@ fdioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct thread *td) * Set density definition permanently. Only * allow for superuser. */ - if (suser_td(td) != 0) + if (suser(td) != 0) return (EPERM); fd->fts[type] = *(struct fd_type *)addr; } @@ -2669,7 +2669,7 @@ fdioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct thread *td) #endif case FD_CLRERR: - if (suser_td(td) != 0) + if (suser(td) != 0) return (EPERM); fd->fdc->fdc_errs = 0; return (0); @@ -2751,7 +2751,7 @@ fdioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct thread *td) case FD_STYPE: /* set drive type */ /* this is considered harmful; only allow for superuser */ - if (suser_td(td) != 0) + if (suser(td) != 0) return (EPERM); *fd->ft = *(struct fd_type *)addr; break; @@ -2775,7 +2775,7 @@ fdioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct thread *td) #endif case FD_CLRERR: - if (suser_td(td) != 0) + if (suser(td) != 0) return (EPERM); fd->fdc->fdc_errs = 0; break; diff --git a/sys/dev/nmdm/nmdm.c b/sys/dev/nmdm/nmdm.c index 10d5d70..6037451 100644 --- a/sys/dev/nmdm/nmdm.c +++ b/sys/dev/nmdm/nmdm.c @@ -209,7 +209,7 @@ nmdmopen(dev_t dev, int flag, int devtype, struct thread *td) tp->t_lflag = TTYDEF_LFLAG; tp->t_cflag = TTYDEF_CFLAG; tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED; - } else if (tp->t_state & TS_XCLUDE && suser_td(td)) { + } else if (tp->t_state & TS_XCLUDE && suser(td)) { return (EBUSY); } else if (pti->pt_prison != td->td_ucred->cr_prison) { return (EBUSY); diff --git a/sys/dev/null/null.c b/sys/dev/null/null.c index ec0d521..043843d 100644 --- a/sys/dev/null/null.c +++ b/sys/dev/null/null.c @@ -99,7 +99,7 @@ null_ioctl(dev_t dev, u_long cmd, caddr_t data, int fflag, struct thread *td) if (cmd != DIOCGKERNELDUMP) return (noioctl(dev, cmd, data, fflag, td)); - error = suser_td(td); + error = suser(td); if (error) return (error); return (set_dumper(NULL)); diff --git a/sys/dev/ofw/ofw_console.c b/sys/dev/ofw/ofw_console.c index 154f7ff..cce7fb8 100644 --- a/sys/dev/ofw/ofw_console.c +++ b/sys/dev/ofw/ofw_console.c @@ -123,7 +123,7 @@ ofw_dev_open(dev_t dev, int flag, int mode, struct thread *td) ttsetwater(tp); setuptimeout = 1; - } else if ((tp->t_state & TS_XCLUDE) && suser_td(td)) { + } else if ((tp->t_state & TS_XCLUDE) && suser(td)) { return (EBUSY); } diff --git a/sys/dev/random/randomdev.c b/sys/dev/random/randomdev.c index bb7440c..9db07a1 100644 --- a/sys/dev/random/randomdev.c +++ b/sys/dev/random/randomdev.c @@ -147,7 +147,7 @@ random_open(dev_t dev __unused, int flags, int fmt __unused, struct thread *td) int error; if (flags & FWRITE) { - error = suser(td->td_proc); + error = suser(td); if (error) return (error); error = securelevel_gt(td->td_ucred, 0); @@ -162,7 +162,7 @@ static int random_close(dev_t dev __unused, int flags, int fmt __unused, struct thread *td) { if (flags & FWRITE) { - if (!(suser(td->td_proc) || + if (!(suser(td) || securelevel_gt(td->td_ucred, 0))) random_reseed(); } diff --git a/sys/dev/rc/rc.c b/sys/dev/rc/rc.c index 43f77f9..291c0e2 100644 --- a/sys/dev/rc/rc.c +++ b/sys/dev/rc/rc.c @@ -764,7 +764,7 @@ again: } } if (tp->t_state & TS_XCLUDE && - suser_td(td)) { + suser(td)) { error = EBUSY; goto out; } @@ -1118,7 +1118,7 @@ struct thread *td; break; case TIOCMSDTRWAIT: - error = suser_td(td); + error = suser(td); if (error != 0) { splx(s); return (error); diff --git a/sys/dev/rp/rp.c b/sys/dev/rp/rp.c index 53b7368..3176ca4 100644 --- a/sys/dev/rp/rp.c +++ b/sys/dev/rp/rp.c @@ -1010,7 +1010,7 @@ open_top: goto open_top; } } - if(tp->t_state & TS_XCLUDE && suser_td(td) != 0) { + if(tp->t_state & TS_XCLUDE && suser(td) != 0) { splx(oldspl); error = EBUSY; goto out2; @@ -1271,7 +1271,7 @@ rpioctl(dev, cmd, data, flag, td) } switch (cmd) { case TIOCSETA: - error = suser_td(td); + error = suser(td); if(error != 0) return(error); *ct = *(struct termios *)data; @@ -1416,7 +1416,7 @@ rpioctl(dev, cmd, data, flag, td) *(int *)data = result; break; case TIOCMSDTRWAIT: - error = suser_td(td); + error = suser(td); if(error != 0) { splx(oldspl); return(error); diff --git a/sys/dev/sbni/if_sbni.c b/sys/dev/sbni/if_sbni.c index f4d2887..4be96a4 100644 --- a/sys/dev/sbni/if_sbni.c +++ b/sys/dev/sbni/if_sbni.c @@ -1042,6 +1042,7 @@ sbni_ioctl(struct ifnet *ifp, u_long command, caddr_t data) { struct sbni_softc *sc; struct ifreq *ifr; + struct thread *td; struct proc *p; struct sbni_in_stats *in_stats; struct sbni_flags flags; @@ -1049,7 +1050,8 @@ sbni_ioctl(struct ifnet *ifp, u_long command, caddr_t data) sc = ifp->if_softc; ifr = (struct ifreq *)data; - p = curproc; + td = curthread; + p = td->td_proc; error = 0; s = splimp(); @@ -1114,7 +1116,7 @@ sbni_ioctl(struct ifnet *ifp, u_long command, caddr_t data) case SIOCSHWFLAGS: /* set flags */ /* root only */ - error = suser(p); + error = suser(td); if (error) break; flags = *(struct sbni_flags*)&ifr->ifr_data; @@ -1136,7 +1138,7 @@ sbni_ioctl(struct ifnet *ifp, u_long command, caddr_t data) break; case SIOCRINSTATS: - if (!(error = suser(p))) /* root only */ + if (!(error = suser(td))) /* root only */ bzero(&sc->in_stats, sizeof(struct sbni_in_stats)); break; diff --git a/sys/dev/si/si.c b/sys/dev/si/si.c index dc1858f..1a064ed 100644 --- a/sys/dev/si/si.c +++ b/sys/dev/si/si.c @@ -607,7 +607,7 @@ siopen(dev_t dev, int flag, int mode, struct thread *td) /* quickly let in /dev/si_control */ if (IS_CONTROLDEV(mynor)) { - if ((error = suser_td(td))) + if ((error = suser(td))) return(error); return(0); } @@ -686,7 +686,7 @@ open_top: } } if (tp->t_state & TS_XCLUDE && - suser_td(td)) { + suser(td)) { DPRINT((pp, DBG_OPEN|DBG_FAIL, "already open and EXCLUSIVE set\n")); error = EBUSY; @@ -951,7 +951,7 @@ siioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct thread *td) } switch (cmd) { case TIOCSETA: - error = suser_td(td); + error = suser(td); if (error != 0) return (error); *ct = *(struct termios *)data; @@ -1064,7 +1064,7 @@ siioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct thread *td) break; case TIOCMSDTRWAIT: /* must be root since the wait applies to following logins */ - error = suser_td(td); + error = suser(td); if (error == 0) pp->sp_dtr_wait = *(int *)data * hz / 100; break; @@ -1117,7 +1117,7 @@ si_Sioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct thread *td) ip = (int *)data; -#define SUCHECK if ((error = suser_td(td))) goto out +#define SUCHECK if ((error = suser(td))) goto out switch (cmd) { case TCSIPORTS: diff --git a/sys/dev/sio/sio.c b/sys/dev/sio/sio.c index 11894df..0c434cb 100644 --- a/sys/dev/sio/sio.c +++ b/sys/dev/sio/sio.c @@ -1206,7 +1206,7 @@ open_top: } } if (tp->t_state & TS_XCLUDE && - suser_td(td)) { + suser(td)) { error = EBUSY; goto out; } @@ -1980,7 +1980,7 @@ sioioctl(dev, cmd, data, flag, td) } switch (cmd) { case TIOCSETA: - error = suser_td(td); + error = suser(td); if (error != 0) return (error); *ct = *(struct termios *)data; @@ -2071,7 +2071,7 @@ sioioctl(dev, cmd, data, flag, td) break; case TIOCMSDTRWAIT: /* must be root since the wait applies to following logins */ - error = suser_td(td); + error = suser(td); if (error != 0) { splx(s); return (error); diff --git a/sys/dev/syscons/syscons.c b/sys/dev/syscons/syscons.c index 29d0332..f572f8a 100644 --- a/sys/dev/syscons/syscons.c +++ b/sys/dev/syscons/syscons.c @@ -479,7 +479,7 @@ scopen(dev_t dev, int flag, int mode, struct thread *td) (*linesw[tp->t_line].l_modem)(tp, 1); } else - if (tp->t_state & TS_XCLUDE && suser_td(td)) + if (tp->t_state & TS_XCLUDE && suser(td)) return(EBUSY); error = (*linesw[tp->t_line].l_open)(dev, tp); @@ -976,7 +976,7 @@ scioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct thread *td) return 0; case KDENABIO: /* allow io operations */ - error = suser_td(td); + error = suser(td); if (error != 0) return error; error = securelevel_gt(td->td_ucred, 0); diff --git a/sys/dev/syscons/sysmouse.c b/sys/dev/syscons/sysmouse.c index 80eac8e..310052a 100644 --- a/sys/dev/syscons/sysmouse.c +++ b/sys/dev/syscons/sysmouse.c @@ -99,7 +99,7 @@ smopen(dev_t dev, int flag, int mode, struct thread *td) tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED; smparam(tp, &tp->t_termios); (*linesw[tp->t_line].l_modem)(tp, 1); - } else if (tp->t_state & TS_XCLUDE && suser_td(td)) { + } else if (tp->t_state & TS_XCLUDE && suser(td)) { return EBUSY; } diff --git a/sys/dev/usb/ucom.c b/sys/dev/usb/ucom.c index b4d197e..8e697fe 100644 --- a/sys/dev/usb/ucom.c +++ b/sys/dev/usb/ucom.c @@ -257,7 +257,7 @@ ucomopen(dev_t dev, int flag, int mode, usb_proc_ptr p) if (ISSET(tp->t_state, TS_ISOPEN) && ISSET(tp->t_state, TS_XCLUDE) && - suser_td(p)) + suser(p)) return (EBUSY); /* diff --git a/sys/dev/usb/umodem.c b/sys/dev/usb/umodem.c index 3d24746..d6b4fc8 100644 --- a/sys/dev/usb/umodem.c +++ b/sys/dev/usb/umodem.c @@ -593,7 +593,7 @@ umodemopen(dev_t dev, int flag, int mode, usb_proc_ptr p) if (ISSET(tp->t_state, TS_ISOPEN) && ISSET(tp->t_state, TS_XCLUDE) && - suser_td(p)) + suser(p)) return (EBUSY); /* diff --git a/sys/dev/vinum/vinum.c b/sys/dev/vinum/vinum.c index 5ea226d..ac98a5e 100644 --- a/sys/dev/vinum/vinum.c +++ b/sys/dev/vinum/vinum.c @@ -375,7 +375,7 @@ vinumopen(dev_t dev, } case VINUM_SUPERDEV_TYPE: - error = suser_td(td); /* are we root? */ + error = suser(td); /* are we root? */ if (error == 0) { /* yes, can do */ if (devminor == VINUM_DAEMON_DEV) /* daemon device */ vinum_conf.flags |= VF_DAEMONOPEN; /* we're open */ diff --git a/sys/dev/wi/if_wi.c b/sys/dev/wi/if_wi.c index 3b88f95..71a66ee 100644 --- a/sys/dev/wi/if_wi.c +++ b/sys/dev/wi/if_wi.c @@ -1672,7 +1672,7 @@ wi_ioctl(ifp, command, data) struct wi_req wreq; struct ifreq *ifr; struct ieee80211req *ireq; - struct proc *p = curproc; + struct thread *td = curthread; sc = ifp->if_softc; WI_LOCK(sc); @@ -1724,7 +1724,7 @@ wi_ioctl(ifp, command, data) if (error) break; /* Don't show WEP keys to non-root users. */ - if (wreq.wi_type == WI_RID_DEFLT_CRYPT_KEYS && suser(p)) + if (wreq.wi_type == WI_RID_DEFLT_CRYPT_KEYS && suser(td)) break; if (wreq.wi_type == WI_RID_IFACE_STATS) { bcopy((char *)&sc->wi_stats, (char *)&wreq.wi_val, @@ -1768,7 +1768,7 @@ wi_ioctl(ifp, command, data) error = copyout(&wreq, ifr->ifr_data, sizeof(wreq)); break; case SIOCSWAVELAN: - if ((error = suser(p))) + if ((error = suser(td))) goto out; error = copyin(ifr->ifr_data, &wreq, sizeof(wreq)); if (error) @@ -1809,7 +1809,7 @@ wi_ioctl(ifp, command, data) error = copyout(&wreq, ifr->ifr_data, sizeof(wreq)); break; case SIOCSPRISM2DEBUG: - if ((error = suser(p))) + if ((error = suser(td))) goto out; error = copyin(ifr->ifr_data, &wreq, sizeof(wreq)); if (error) @@ -1858,7 +1858,7 @@ wi_ioctl(ifp, command, data) break; } len = sc->wi_keys.wi_keys[ireq->i_val].wi_keylen; - if (suser(p)) + if (suser(td)) bcopy(sc->wi_keys.wi_keys[ireq->i_val].wi_keydat, tmpkey, len); else @@ -1911,7 +1911,7 @@ wi_ioctl(ifp, command, data) } break; case SIOCS80211: - if ((error = suser(p))) + if ((error = suser(td))) goto out; switch(ireq->i_type) { case IEEE80211_IOC_SSID: diff --git a/sys/dev/wl/if_wl.c b/sys/dev/wl/if_wl.c index dc9ca96..2563bcd 100644 --- a/sys/dev/wl/if_wl.c +++ b/sys/dev/wl/if_wl.c @@ -1214,7 +1214,7 @@ wlioctl(struct ifnet *ifp, u_long cmd, caddr_t data) /* pointer to buffer in user space */ up = (void *)ifr->ifr_data; /* work out if they're root */ - isroot = (suser_td(td) == 0); + isroot = (suser(td) == 0); for (i = 0; i < 0x40; i++) { /* don't hand the DES key out to non-root users */ @@ -1229,7 +1229,7 @@ wlioctl(struct ifnet *ifp, u_long cmd, caddr_t data) /* copy the PSA in from the caller; we only copy _some_ values */ case SIOCSWLPSA: /* root only */ - if ((error = suser_td(td))) + if ((error = suser(td))) break; error = EINVAL; /* assume the worst */ /* pointer to buffer in user space containing data */ @@ -1283,7 +1283,7 @@ wlioctl(struct ifnet *ifp, u_long cmd, caddr_t data) */ case SIOCSWLCNWID: /* root only */ - if ((error = suser_td(td))) + if ((error = suser(td))) break; if (!(ifp->if_flags & IFF_UP)) { error = EIO; /* only allowed while up */ @@ -1301,7 +1301,7 @@ wlioctl(struct ifnet *ifp, u_long cmd, caddr_t data) /* copy the EEPROM in 2.4 Gz WaveMODEM out to the caller */ case SIOCGWLEEPROM: /* root only */ - if ((error = suser_td(td))) + if ((error = suser(td))) break; /* pointer to buffer in user space */ up = (void *)ifr->ifr_data; @@ -1324,7 +1324,7 @@ wlioctl(struct ifnet *ifp, u_long cmd, caddr_t data) /* zero (Delete) the wl cache */ case SIOCDWLCACHE: /* root only */ - if ((error = suser_td(td))) + if ((error = suser(td))) break; wl_cache_zero(unit); break; diff --git a/sys/fs/cd9660/cd9660_vfsops.c b/sys/fs/cd9660/cd9660_vfsops.c index 1d9e073..70ecb01 100644 --- a/sys/fs/cd9660/cd9660_vfsops.c +++ b/sys/fs/cd9660/cd9660_vfsops.c @@ -238,7 +238,7 @@ cd9660_mount(mp, path, data, ndp, td) vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td); if (error) - error = suser_td(td); + error = suser(td); if (error) { vput(devvp); return (error); diff --git a/sys/fs/devfs/devfs_vnops.c b/sys/fs/devfs/devfs_vnops.c index 7310001..c0a8098 100644 --- a/sys/fs/devfs/devfs_vnops.c +++ b/sys/fs/devfs/devfs_vnops.c @@ -718,8 +718,7 @@ devfs_setattr(ap) if (uid != de->de_uid || gid != de->de_gid) { if (((ap->a_cred->cr_uid != de->de_uid) || uid != de->de_uid || (gid != de->de_gid && !groupmember(gid, ap->a_cred))) && - (error = suser_xxx(NULL, ap->a_td->td_proc, - PRISON_ROOT)) != 0) + (error = suser_cred(ap->a_td->td_ucred, PRISON_ROOT)) != 0) return (error); de->de_uid = uid; de->de_gid = gid; @@ -736,21 +735,21 @@ devfs_setattr(ap) if (vap->va_mode != (mode_t)VNOVAL) { if ((ap->a_cred->cr_uid != de->de_uid) && - (error = suser_xxx(NULL, ap->a_td->td_proc, PRISON_ROOT))) + (error = suser_cred(ap->a_td->td_ucred, PRISON_ROOT))) return (error); de->de_mode = vap->va_mode; c = 1; } if (vap->va_atime.tv_sec != VNOVAL) { if ((ap->a_cred->cr_uid != de->de_uid) && - (error = suser_xxx(NULL, ap->a_td->td_proc, PRISON_ROOT))) + (error = suser_cred(ap->a_td->td_ucred, PRISON_ROOT))) return (error); de->de_atime = vap->va_atime; c = 1; } if (vap->va_mtime.tv_sec != VNOVAL) { if ((ap->a_cred->cr_uid != de->de_uid) && - (error = suser_xxx(NULL, ap->a_td->td_proc, PRISON_ROOT))) + (error = suser_cred(ap->a_td->td_ucred, PRISON_ROOT))) return (error); de->de_mtime = vap->va_mtime; c = 1; @@ -776,7 +775,7 @@ devfs_symlink(ap) struct devfs_dirent *de; struct devfs_mount *dmp; - error = suser(ap->a_cnp->cn_thread->td_proc); + error = suser(ap->a_cnp->cn_thread); if (error) return(error); dmp = VFSTODEVFS(ap->a_dvp->v_mount); diff --git a/sys/fs/hpfs/hpfs_vnops.c b/sys/fs/hpfs/hpfs_vnops.c index af836cb..69dff53 100644 --- a/sys/fs/hpfs/hpfs_vnops.c +++ b/sys/fs/hpfs/hpfs_vnops.c @@ -529,7 +529,7 @@ hpfs_setattr(ap) if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != hp->h_uid && - (error = suser_xxx(cred, td->td_proc, PRISON_ROOT)) && + (error = suser_cred(cred, PRISON_ROOT)) && ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || (error = VOP_ACCESS(vp, VWRITE, cred, td)))) return (error); diff --git a/sys/fs/msdosfs/msdosfs_vfsops.c b/sys/fs/msdosfs/msdosfs_vfsops.c index ff4c418..f62b0c7 100644 --- a/sys/fs/msdosfs/msdosfs_vfsops.c +++ b/sys/fs/msdosfs/msdosfs_vfsops.c @@ -194,7 +194,7 @@ msdosfs_mount(mp, path, data, ndp, td) * If upgrade to read-write by non-root, then verify * that user has necessary permissions on the device. */ - if (suser_td(td)) { + if (suser(td)) { devvp = pmp->pm_devvp; vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); error = VOP_ACCESS(devvp, VREAD | VWRITE, @@ -241,7 +241,7 @@ msdosfs_mount(mp, path, data, ndp, td) * If mount by non-root, then verify that user has necessary * permissions on the device. */ - if (suser_td(td)) { + if (suser(td)) { accessmode = VREAD; if ((mp->mnt_flag & MNT_RDONLY) == 0) accessmode |= VWRITE; diff --git a/sys/fs/msdosfs/msdosfs_vnops.c b/sys/fs/msdosfs/msdosfs_vnops.c index 5118409..f8e3742 100644 --- a/sys/fs/msdosfs/msdosfs_vnops.c +++ b/sys/fs/msdosfs/msdosfs_vnops.c @@ -376,7 +376,7 @@ msdosfs_setattr(ap) if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid && - (error = suser_xxx(cred, ap->a_td->td_proc, PRISON_ROOT))) + (error = suser_cred(cred, PRISON_ROOT))) return (error); /* * We are very inconsistent about handling unsupported @@ -390,7 +390,7 @@ msdosfs_setattr(ap) * set ATTR_ARCHIVE for directories `cp -pr' from a more * sensible file system attempts it a lot. */ - if (suser_xxx(cred, ap->a_td->td_proc, PRISON_ROOT)) { + if (suser_cred(cred, PRISON_ROOT)) { if (vap->va_flags & SF_SETTABLE) return EPERM; } @@ -417,7 +417,7 @@ msdosfs_setattr(ap) gid = pmp->pm_gid; if ((cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid || (gid != pmp->pm_gid && !groupmember(gid, cred))) && - (error = suser_xxx(cred, ap->a_td->td_proc, PRISON_ROOT))) + (error = suser_cred(cred, PRISON_ROOT))) return error; if (uid != pmp->pm_uid || gid != pmp->pm_gid) return EINVAL; @@ -449,7 +449,7 @@ msdosfs_setattr(ap) if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid && - (error = suser_xxx(cred, ap->a_td->td_proc, PRISON_ROOT)) && + (error = suser_cred(cred, PRISON_ROOT)) && ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || (error = VOP_ACCESS(ap->a_vp, VWRITE, cred, ap->a_td)))) return (error); @@ -472,7 +472,7 @@ msdosfs_setattr(ap) if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid && - (error = suser_xxx(cred, ap->a_td->td_proc, PRISON_ROOT))) + (error = suser_cred(cred, PRISON_ROOT))) return (error); if (vp->v_type != VDIR) { /* We ignore the read and execute bits. */ diff --git a/sys/fs/procfs/procfs_ioctl.c b/sys/fs/procfs/procfs_ioctl.c index 1d1124c..09aef86 100644 --- a/sys/fs/procfs/procfs_ioctl.c +++ b/sys/fs/procfs/procfs_ioctl.c @@ -59,7 +59,7 @@ procfs_ioctl(PFS_IOCTL_ARGS) break; case PIOCSFL: flags = *(unsigned int *)data; - if (flags & PF_ISUGID && (error = suser(td->td_proc)) != 0) + if (flags & PF_ISUGID && (error = suser(td)) != 0) break; p->p_pfsflags = flags; break; diff --git a/sys/fs/umapfs/umap_vfsops.c b/sys/fs/umapfs/umap_vfsops.c index ebdcf85..9e5f0fc 100644 --- a/sys/fs/umapfs/umap_vfsops.c +++ b/sys/fs/umapfs/umap_vfsops.c @@ -105,7 +105,7 @@ umapfs_mount(mp, path, data, ndp, td) /* * Only for root */ - if ((error = suser_td(td)) != 0) + if ((error = suser(td)) != 0) return (error); #ifdef DEBUG diff --git a/sys/gnu/ext2fs/ext2_vfsops.c b/sys/gnu/ext2fs/ext2_vfsops.c index 3bf08fe..54c4305 100644 --- a/sys/gnu/ext2fs/ext2_vfsops.c +++ b/sys/gnu/ext2fs/ext2_vfsops.c @@ -233,7 +233,7 @@ ext2_mount(mp, path, data, ndp, td) * If upgrade to read-write by non-root, then verify * that user has necessary permissions on the device. */ - if (suser_td(td)) { + if (suser(td)) { vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); if ((error = VOP_ACCESS(devvp, VREAD | VWRITE, td->td_ucred, td)) != 0) { @@ -286,7 +286,7 @@ ext2_mount(mp, path, data, ndp, td) * If mount by non-root, then verify that user has necessary * permissions on the device. */ - if (suser_td(td)) { + if (suser(td)) { accessmode = VREAD; if ((mp->mnt_flag & MNT_RDONLY) == 0) accessmode |= VWRITE; diff --git a/sys/gnu/ext2fs/ext2_vnops.c b/sys/gnu/ext2fs/ext2_vnops.c index 55c59fd..75d2da3 100644 --- a/sys/gnu/ext2fs/ext2_vnops.c +++ b/sys/gnu/ext2fs/ext2_vnops.c @@ -1153,7 +1153,7 @@ ext2_makeinode(mode, dvp, vpp, cnp) tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ ip->i_nlink = 1; if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && - suser_xxx(cnp->cn_cred, 0, PRISON_ROOT)) + suser_cred(cnp->cn_cred, PRISON_ROOT)) ip->i_mode &= ~ISGID; if (cnp->cn_flags & ISWHITEOUT) diff --git a/sys/gnu/fs/ext2fs/ext2_vfsops.c b/sys/gnu/fs/ext2fs/ext2_vfsops.c index 3bf08fe..54c4305 100644 --- a/sys/gnu/fs/ext2fs/ext2_vfsops.c +++ b/sys/gnu/fs/ext2fs/ext2_vfsops.c @@ -233,7 +233,7 @@ ext2_mount(mp, path, data, ndp, td) * If upgrade to read-write by non-root, then verify * that user has necessary permissions on the device. */ - if (suser_td(td)) { + if (suser(td)) { vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); if ((error = VOP_ACCESS(devvp, VREAD | VWRITE, td->td_ucred, td)) != 0) { @@ -286,7 +286,7 @@ ext2_mount(mp, path, data, ndp, td) * If mount by non-root, then verify that user has necessary * permissions on the device. */ - if (suser_td(td)) { + if (suser(td)) { accessmode = VREAD; if ((mp->mnt_flag & MNT_RDONLY) == 0) accessmode |= VWRITE; diff --git a/sys/gnu/fs/ext2fs/ext2_vnops.c b/sys/gnu/fs/ext2fs/ext2_vnops.c index 55c59fd..75d2da3 100644 --- a/sys/gnu/fs/ext2fs/ext2_vnops.c +++ b/sys/gnu/fs/ext2fs/ext2_vnops.c @@ -1153,7 +1153,7 @@ ext2_makeinode(mode, dvp, vpp, cnp) tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ ip->i_nlink = 1; if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && - suser_xxx(cnp->cn_cred, 0, PRISON_ROOT)) + suser_cred(cnp->cn_cred, PRISON_ROOT)) ip->i_mode &= ~ISGID; if (cnp->cn_flags & ISWHITEOUT) diff --git a/sys/i386/i386/machdep.c b/sys/i386/i386/machdep.c index 6617f17..485a69e 100644 --- a/sys/i386/i386/machdep.c +++ b/sys/i386/i386/machdep.c @@ -2140,7 +2140,7 @@ set_dbregs(struct thread *td, struct dbreg *dbregs) * from within kernel mode? */ - if (suser_td(td) != 0) { + if (suser(td) != 0) { if (dbregs->dr7 & 0x3) { /* dr0 is enabled */ if (dbregs->dr0 >= VM_MAXUSER_ADDRESS) diff --git a/sys/i386/i386/mem.c b/sys/i386/i386/mem.c index 94851fd..220bad3 100644 --- a/sys/i386/i386/mem.c +++ b/sys/i386/i386/mem.c @@ -122,7 +122,7 @@ mmopen(dev_t dev, int flags, int fmt, struct thread *td) } break; case 14: - error = suser_td(td); + error = suser(td); if (error != 0) return (error); error = securelevel_gt(td->td_ucred, 0); diff --git a/sys/i386/i386/sys_machdep.c b/sys/i386/i386/sys_machdep.c index b039b51..c756be7 100644 --- a/sys/i386/i386/sys_machdep.c +++ b/sys/i386/i386/sys_machdep.c @@ -183,7 +183,7 @@ i386_set_ioperm(td, args) if ((error = copyin(args, &ua, sizeof(struct i386_ioperm_args))) != 0) return (error); - if ((error = suser_td(td)) != 0) + if ((error = suser(td)) != 0) return (error); if ((error = securelevel_gt(td->td_ucred, 0)) != 0) return (error); diff --git a/sys/i386/i386/vm86.c b/sys/i386/i386/vm86.c index 6a85718..fef6a00 100644 --- a/sys/i386/i386/vm86.c +++ b/sys/i386/i386/vm86.c @@ -659,7 +659,6 @@ vm86_sysarch(td, args) struct thread *td; char *args; { - struct proc *p = td->td_proc; int error = 0; struct i386_vm86_args ua; struct vm86_kernel *vm86; @@ -716,7 +715,7 @@ vm86_sysarch(td, args) case VM86_INTCALL: { struct vm86_intcall_args sa; - if ((error = suser(p))) + if ((error = suser(td))) return (error); if ((error = copyin(ua.sub_args, &sa, sizeof(sa)))) return (error); diff --git a/sys/i386/ibcs2/ibcs2_misc.c b/sys/i386/ibcs2/ibcs2_misc.c index 3be77c8..7274ea7 100644 --- a/sys/i386/ibcs2/ibcs2_misc.c +++ b/sys/i386/ibcs2/ibcs2_misc.c @@ -1013,7 +1013,7 @@ ibcs2_plock(td, uap) #define IBCS2_DATALOCK 4 - if ((error = suser_td(td)) != 0) + if ((error = suser(td)) != 0) return EPERM; switch(SCARG(uap, cmd)) { case IBCS2_UNLOCK: @@ -1048,7 +1048,7 @@ ibcs2_uadmin(td, uap) #define SCO_AD_GETBMAJ 0 #define SCO_AD_GETCMAJ 1 - if (suser_td(td)) + if (suser(td)) return EPERM; switch(SCARG(uap, cmd)) { diff --git a/sys/i386/ibcs2/ibcs2_socksys.c b/sys/i386/ibcs2/ibcs2_socksys.c index 0bd14d6..4c0774e 100644 --- a/sys/i386/ibcs2/ibcs2_socksys.c +++ b/sys/i386/ibcs2/ibcs2_socksys.c @@ -173,7 +173,7 @@ ibcs2_setipdomainname(td, uap) char hname[MAXHOSTNAMELEN], *ptr; int error, sctl[2], hlen; - if ((error = suser_td(td))) + if ((error = suser(td))) return (error); /* W/out a hostname a domain-name is nonsense */ diff --git a/sys/i386/ibcs2/ibcs2_sysi86.c b/sys/i386/ibcs2/ibcs2_sysi86.c index ae5215f..19a7917 100644 --- a/sys/i386/ibcs2/ibcs2_sysi86.c +++ b/sys/i386/ibcs2/ibcs2_sysi86.c @@ -73,7 +73,7 @@ ibcs2_sysi86(struct thread *td, struct ibcs2_sysi86_args *args) int name[2]; int error; - if ((error = suser_td(td))) + if ((error = suser(td))) return (error); name[0] = CTL_KERN; name[1] = KERN_HOSTNAME; diff --git a/sys/i386/isa/cx.c b/sys/i386/isa/cx.c index e9817d0..7809476 100644 --- a/sys/i386/isa/cx.c +++ b/sys/i386/isa/cx.c @@ -162,7 +162,7 @@ int cxopen (dev_t dev, int flag, int mode, struct thread *td) tp = c->ttyp; tp->t_dev = dev; if ((tp->t_state & TS_ISOPEN) && (tp->t_state & TS_XCLUDE) && - suser_td(td)) + suser(td)) return (EBUSY); if (! (tp->t_state & TS_ISOPEN)) { ttychars (tp); diff --git a/sys/i386/isa/cy.c b/sys/i386/isa/cy.c index dc523c2..f42bdb3 100644 --- a/sys/i386/isa/cy.c +++ b/sys/i386/isa/cy.c @@ -718,7 +718,7 @@ open_top: } } if (tp->t_state & TS_XCLUDE && - suser_td(td)) { + suser(td)) { error = EBUSY; goto out; } @@ -1637,7 +1637,7 @@ sioioctl(dev, cmd, data, flag, td) } switch (cmd) { case TIOCSETA: - error = suser_td(td); + error = suser(td); if (error != 0) return (error); *ct = *(struct termios *)data; @@ -1736,7 +1736,7 @@ sioioctl(dev, cmd, data, flag, td) break; case TIOCMSDTRWAIT: /* must be root since the wait applies to following logins */ - error = suser_td(td); + error = suser(td); if (error != 0) { splx(s); return (error); diff --git a/sys/i386/isa/istallion.c b/sys/i386/isa/istallion.c index 0b95211..d56a294 100644 --- a/sys/i386/isa/istallion.c +++ b/sys/i386/isa/istallion.c @@ -1010,7 +1010,7 @@ stliopen_restart: } } if ((tp->t_state & TS_XCLUDE) && - suser_td(td)) { + suser(td)) { error = EBUSY; goto stliopen_end; } @@ -1182,7 +1182,7 @@ STATIC int stliioctl(dev_t dev, unsigned long cmd, caddr_t data, int flag, switch (cmd) { case TIOCSETA: - if ((error = suser_td(td)) == 0) + if ((error = suser(td)) == 0) *localtios = *((struct termios *) data); break; case TIOCGETA: @@ -1318,7 +1318,7 @@ STATIC int stliioctl(dev_t dev, unsigned long cmd, caddr_t data, int flag, *((int *) data) = (portp->sigs | TIOCM_LE); break; case TIOCMSDTRWAIT: - if ((error = suser_td(td)) == 0) + if ((error = suser(td)) == 0) portp->dtrwait = *((int *) data) * hz / 100; break; case TIOCMGDTRWAIT: diff --git a/sys/i386/isa/pcvt/pcvt_drv.c b/sys/i386/isa/pcvt/pcvt_drv.c index 3b0a64f..ffbba2c 100644 --- a/sys/i386/isa/pcvt/pcvt_drv.c +++ b/sys/i386/isa/pcvt/pcvt_drv.c @@ -316,7 +316,7 @@ pcvt_open(dev_t dev, int flag, int mode, struct thread *td) (*linesw[tp->t_line].l_modem)(tp, 1); /* fake connection */ winsz = 1; /* set winsize later */ } - else if (tp->t_state & TS_XCLUDE && suser_td(td)) + else if (tp->t_state & TS_XCLUDE && suser(td)) { return (EBUSY); } diff --git a/sys/i386/isa/pcvt/pcvt_ext.c b/sys/i386/isa/pcvt/pcvt_ext.c index afa1380..ad0ea38 100644 --- a/sys/i386/isa/pcvt/pcvt_ext.c +++ b/sys/i386/isa/pcvt/pcvt_ext.c @@ -2619,7 +2619,7 @@ usl_vt_ioctl(dev_t dev, int cmd, caddr_t data, int flag, struct thread *td) { struct trapframe *fp = td->td_frame; - error = suser_td(td); + error = suser(td); if (error != 0) return (error); error = securelevel_gt(td->td_ucred, 0); diff --git a/sys/i386/isa/rc.c b/sys/i386/isa/rc.c index 43f77f9..291c0e2 100644 --- a/sys/i386/isa/rc.c +++ b/sys/i386/isa/rc.c @@ -764,7 +764,7 @@ again: } } if (tp->t_state & TS_XCLUDE && - suser_td(td)) { + suser(td)) { error = EBUSY; goto out; } @@ -1118,7 +1118,7 @@ struct thread *td; break; case TIOCMSDTRWAIT: - error = suser_td(td); + error = suser(td); if (error != 0) { splx(s); return (error); diff --git a/sys/i386/isa/spigot.c b/sys/i386/isa/spigot.c index cc51b18..bc6df62 100644 --- a/sys/i386/isa/spigot.c +++ b/sys/i386/isa/spigot.c @@ -175,7 +175,7 @@ struct spigot_softc *ss = (struct spigot_softc *)&spigot_softc[UNIT(dev)]; * require sufficient privilege soon and nothing much can be done * without them. */ - error = suser_td(td); + error = suser(td); if (error != 0) return error; error = securelevel_gt(td->td_ucred, 0); @@ -232,7 +232,7 @@ struct spigot_info *info; break; case SPIGOT_IOPL_ON: /* allow access to the IO PAGE */ #if !defined(SPIGOT_UNSECURE) - error = suser_td(td); + error = suser(td); if (error != 0) return error; error = securelevel_gt(td->td_ucred, 0); diff --git a/sys/i386/isa/stallion.c b/sys/i386/isa/stallion.c index c9c0df5..5706ea2 100644 --- a/sys/i386/isa/stallion.c +++ b/sys/i386/isa/stallion.c @@ -832,7 +832,7 @@ stlopen_restart: } } if ((tp->t_state & TS_XCLUDE) && - suser_td(td)) { + suser(td)) { error = EBUSY; goto stlopen_end; } @@ -970,7 +970,7 @@ STATIC int stlioctl(dev_t dev, unsigned long cmd, caddr_t data, int flag, switch (cmd) { case TIOCSETA: - if ((error = suser_td(td)) == 0) + if ((error = suser(td)) == 0) *localtios = *((struct termios *) data); break; case TIOCGETA: @@ -1088,7 +1088,7 @@ STATIC int stlioctl(dev_t dev, unsigned long cmd, caddr_t data, int flag, *((int *) data) = (stl_getsignals(portp) | TIOCM_LE); break; case TIOCMSDTRWAIT: - if ((error = suser_td(td)) == 0) + if ((error = suser(td)) == 0) portp->dtrwait = *((int *) data) * hz / 100; break; case TIOCMGDTRWAIT: diff --git a/sys/i386/linux/linux_machdep.c b/sys/i386/linux/linux_machdep.c index 59325c4..245c96a 100644 --- a/sys/i386/linux/linux_machdep.c +++ b/sys/i386/linux/linux_machdep.c @@ -559,7 +559,7 @@ linux_iopl(struct thread *td, struct linux_iopl_args *args) if (args->level < 0 || args->level > 3) return (EINVAL); - if ((error = suser_td(td)) != 0) + if ((error = suser(td)) != 0) return (error); if ((error = securelevel_gt(td->td_ucred, 0)) != 0) return (error); diff --git a/sys/i4b/driver/i4b_ipr.c b/sys/i4b/driver/i4b_ipr.c index 8023bb4..5489688 100644 --- a/sys/i4b/driver/i4b_ipr.c +++ b/sys/i4b/driver/i4b_ipr.c @@ -481,9 +481,9 @@ i4biprioctl(struct ifnet *ifp, u_long cmd, caddr_t data) #ifdef IPR_VJ case IPRIOCSMAXCID: { - struct proc *p = curproc; /* XXX */ + struct thread *td = curthread; /* XXX */ - if((error = suser(p)) != 0) + if((error = suser(td))) return (error); sl_compress_setup(sc->sc_compr, *(int *)data); } diff --git a/sys/ia64/ia64/ssc.c b/sys/ia64/ia64/ssc.c index b45909c..fdc7a4e 100644 --- a/sys/ia64/ia64/ssc.c +++ b/sys/ia64/ia64/ssc.c @@ -164,7 +164,7 @@ sscopen(dev_t dev, int flag, int mode, struct thread *td) ttsetwater(tp); setuptimeout = 1; - } else if ((tp->t_state & TS_XCLUDE) && suser(td->td_proc)) { + } else if ((tp->t_state & TS_XCLUDE) && suser(td)) { splx(s); return EBUSY; } diff --git a/sys/isa/fd.c b/sys/isa/fd.c index 0d659ab..6fe54cd 100644 --- a/sys/isa/fd.c +++ b/sys/isa/fd.c @@ -2644,7 +2644,7 @@ fdioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct thread *td) * Set density definition permanently. Only * allow for superuser. */ - if (suser_td(td) != 0) + if (suser(td) != 0) return (EPERM); fd->fts[type] = *(struct fd_type *)addr; } @@ -2669,7 +2669,7 @@ fdioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct thread *td) #endif case FD_CLRERR: - if (suser_td(td) != 0) + if (suser(td) != 0) return (EPERM); fd->fdc->fdc_errs = 0; return (0); @@ -2751,7 +2751,7 @@ fdioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct thread *td) case FD_STYPE: /* set drive type */ /* this is considered harmful; only allow for superuser */ - if (suser_td(td) != 0) + if (suser(td) != 0) return (EPERM); *fd->ft = *(struct fd_type *)addr; break; @@ -2775,7 +2775,7 @@ fdioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct thread *td) #endif case FD_CLRERR: - if (suser_td(td) != 0) + if (suser(td) != 0) return (EPERM); fd->fdc->fdc_errs = 0; break; diff --git a/sys/isofs/cd9660/cd9660_vfsops.c b/sys/isofs/cd9660/cd9660_vfsops.c index 1d9e073..70ecb01 100644 --- a/sys/isofs/cd9660/cd9660_vfsops.c +++ b/sys/isofs/cd9660/cd9660_vfsops.c @@ -238,7 +238,7 @@ cd9660_mount(mp, path, data, ndp, td) vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); error = VOP_ACCESS(devvp, accessmode, td->td_ucred, td); if (error) - error = suser_td(td); + error = suser(td); if (error) { vput(devvp); return (error); diff --git a/sys/kern/kern_acct.c b/sys/kern/kern_acct.c index afb0ab0..12c72cc 100644 --- a/sys/kern/kern_acct.c +++ b/sys/kern/kern_acct.c @@ -123,7 +123,7 @@ acct(td, uap) if (td != curthread) panic("acct"); /* XXXKSE DIAGNOSTIC */ /* Make sure that the caller is root. */ - error = suser_xxx(td->td_proc->p_ucred, NULL, 0); + error = suser(td); if (error) goto done2; diff --git a/sys/kern/kern_acl.c b/sys/kern/kern_acl.c index b0d0baf..55ab33e 100644 --- a/sys/kern/kern_acl.c +++ b/sys/kern/kern_acl.c @@ -89,7 +89,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, * a DAC entry that matches but has failed to allow access. */ #ifndef CAPABILITIES - if (suser_xxx(cred, NULL, PRISON_ROOT) == 0) + if (suser_cred(cred, PRISON_ROOT) == 0) cap_granted = (VEXEC | VREAD | VWRITE | VADMIN); else cap_granted = 0; diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index ba68e68..36003c6 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -353,7 +353,7 @@ interpret: * we do not regain any tracing during a possible block. */ setsugid(p); - if (p->p_tracep && suser_xxx(oldcred, NULL, PRISON_ROOT)) { + if (p->p_tracep && suser_cred(oldcred, PRISON_ROOT)) { struct vnode *vtmp; if ((vtmp = p->p_tracep) != NULL) { diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index ac5b732..aae12be 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -87,7 +87,7 @@ jail(td, uap) pr->pr_ip = j.ip_number; PROC_LOCK(p); /* Implicitly fail if already in jail. */ - error = suser_xxx(p->p_ucred, NULL, 0); + error = suser_cred(p->p_ucred, 0); if (error) goto badcred; oldcred = p->p_ucred; diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c index 4991b0d..b94db2a 100644 --- a/sys/kern/kern_ktrace.c +++ b/sys/kern/kern_ktrace.c @@ -594,7 +594,7 @@ ktrcanset(callp, targetp) { if (targetp->p_traceflag & KTRFAC_ROOT && - suser_xxx(NULL, callp, PRISON_ROOT)) + suser_cred(callp->p_ucred, PRISON_ROOT)) return (0); if (p_candebug(callp, targetp) != 0) diff --git a/sys/kern/kern_linker.c b/sys/kern/kern_linker.c index 1050b33..bad5e1e 100644 --- a/sys/kern/kern_linker.c +++ b/sys/kern/kern_linker.c @@ -703,7 +703,7 @@ kldload(struct thread *td, struct kldload_args *uap) if ((error = securelevel_gt(td->td_ucred, 0)) != 0) goto out; - if ((error = suser_xxx(td->td_ucred, NULL, 0)) != 0) + if ((error = suser(td)) != 0) goto out; pathname = malloc(MAXPATHLEN, M_TEMP, M_WAITOK); @@ -750,7 +750,7 @@ kldunload(struct thread *td, struct kldunload_args *uap) if ((error = securelevel_gt(td->td_ucred, 0)) != 0) goto out; - if ((error = suser_xxx(td->td_ucred, NULL, 0)) != 0) + if ((error = suser(td)) != 0) goto out; lf = linker_find_file_by_id(SCARG(uap, fileid)); diff --git a/sys/kern/kern_ntptime.c b/sys/kern/kern_ntptime.c index 91daee0..96870e0 100644 --- a/sys/kern/kern_ntptime.c +++ b/sys/kern/kern_ntptime.c @@ -300,7 +300,7 @@ ntp_adjtime(struct thread *td, struct ntp_adjtime_args *uap) mtx_lock(&Giant); modes = ntv.modes; if (modes) - error = suser_td(td); + error = suser(td); if (error) goto done2; s = splclock(); diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index dc2a6be..3ba42b1 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -555,7 +555,7 @@ setuid(struct thread *td, struct setuid_args *uap) #ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ uid != oldcred->cr_uid && /* allow setuid(geteuid()) */ #endif - (error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) + (error = suser_cred(oldcred, PRISON_ROOT)) != 0) goto done2; newcred = crdup(oldcred); @@ -568,7 +568,7 @@ setuid(struct thread *td, struct setuid_args *uap) #ifdef POSIX_APPENDIX_B_4_2_2 /* Use the clause from B.4.2.2 */ uid == oldcred->cr_uid || #endif - suser_xxx(oldcred, NULL, PRISON_ROOT) == 0) /* we are using privs */ + suser_cred(oldcred, PRISON_ROOT) == 0) /* we are using privs */ #endif { /* @@ -629,7 +629,7 @@ seteuid(struct thread *td, struct seteuid_args *uap) oldcred = p->p_ucred; if (euid != oldcred->cr_ruid && /* allow seteuid(getuid()) */ euid != oldcred->cr_svuid && /* allow seteuid(saved uid) */ - (error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) + (error = suser_cred(oldcred, PRISON_ROOT)) != 0) goto done2; /* * Everything's okay, do it. Copy credentials so other references do @@ -687,7 +687,7 @@ setgid(struct thread *td, struct setgid_args *uap) #ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */ #endif - (error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) + (error = suser_cred(oldcred, PRISON_ROOT)) != 0) goto done2; newcred = crdup(oldcred); @@ -700,7 +700,7 @@ setgid(struct thread *td, struct setgid_args *uap) #ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */ gid == oldcred->cr_groups[0] || #endif - suser_xxx(oldcred, NULL, PRISON_ROOT) == 0) /* we are using privs */ + suser_cred(oldcred, PRISON_ROOT) == 0) /* we are using privs */ #endif { /* @@ -760,7 +760,7 @@ setegid(struct thread *td, struct setegid_args *uap) oldcred = p->p_ucred; if (egid != oldcred->cr_rgid && /* allow setegid(getgid()) */ egid != oldcred->cr_svgid && /* allow setegid(saved gid) */ - (error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) + (error = suser_cred(oldcred, PRISON_ROOT)) != 0) goto done2; newcred = crdup(oldcred); if (oldcred->cr_groups[0] != egid) { @@ -795,7 +795,7 @@ setgroups(struct thread *td, struct setgroups_args *uap) ngrp = uap->gidsetsize; mtx_lock(&Giant); oldcred = p->p_ucred; - if ((error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) + if ((error = suser_cred(oldcred, PRISON_ROOT)) != 0) goto done2; if (ngrp > NGROUPS) { error = EINVAL; @@ -857,7 +857,7 @@ setreuid(register struct thread *td, struct setreuid_args *uap) ruid != oldcred->cr_svuid) || (euid != (uid_t)-1 && euid != oldcred->cr_uid && euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) && - (error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) + (error = suser_cred(oldcred, PRISON_ROOT)) != 0) goto done2; newcred = crdup(oldcred); if (euid != (uid_t)-1 && oldcred->cr_uid != euid) { @@ -907,7 +907,7 @@ setregid(register struct thread *td, struct setregid_args *uap) rgid != oldcred->cr_svgid) || (egid != (gid_t)-1 && egid != oldcred->cr_groups[0] && egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) && - (error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) + (error = suser_cred(oldcred, PRISON_ROOT)) != 0) goto done2; newcred = crdup(oldcred); if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) { @@ -968,7 +968,7 @@ setresuid(register struct thread *td, struct setresuid_args *uap) (suid != (uid_t)-1 && suid != oldcred->cr_ruid && suid != oldcred->cr_svuid && suid != oldcred->cr_uid)) && - (error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) + (error = suser_cred(oldcred, PRISON_ROOT)) != 0) goto done2; newcred = crdup(oldcred); if (euid != (uid_t)-1 && oldcred->cr_uid != euid) { @@ -1029,7 +1029,7 @@ setresgid(register struct thread *td, struct setresgid_args *uap) (sgid != (gid_t)-1 && sgid != oldcred->cr_rgid && sgid != oldcred->cr_svgid && sgid != oldcred->cr_groups[0])) && - (error = suser_xxx(oldcred, NULL, PRISON_ROOT)) != 0) + (error = suser_cred(oldcred, PRISON_ROOT)) != 0) goto done2; newcred = crdup(oldcred); if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) { @@ -1209,47 +1209,15 @@ TUNABLE_INT("security.bsd.suser_enabled", &suser_enabled); /* * Test whether the specified credentials imply "super-user" privilege. - * Return 0 or EPERM. + * Return 0 or EPERM. The flag argument is currently used only to + * specify jail interaction. */ int -suser(struct proc *p) +suser_cred(struct ucred *cred, int flag) { - return (suser_xxx(0, p, 0)); -} - -/* - * version for when the thread pointer is available and not the proc. - * (saves having to include proc.h into every file that needs to do the change.) - */ -int -suser_td(struct thread *td) -{ - return (suser_xxx(0, td->td_proc, 0)); -} - -/* - * wrapper to use if you have the thread on hand but not the proc. - * - * MPSAFE (cred must be held) - */ -int -suser_xxx_td(struct ucred *cred, struct thread *td, int flag) -{ - return(suser_xxx(cred, td->td_proc, flag)); -} - -int -suser_xxx(struct ucred *cred, struct proc *proc, int flag) -{ if (!suser_enabled) return (EPERM); - if (!cred && !proc) { - printf("suser_xxx(): THINK!\n"); - return (EPERM); - } - if (cred == NULL) - cred = proc->p_ucred; if (cred->cr_uid != 0) return (EPERM); if (jailed(cred) && !(flag & PRISON_ROOT)) @@ -1258,6 +1226,17 @@ suser_xxx(struct ucred *cred, struct proc *proc, int flag) } /* + * Shortcut to hide contents of struct td and struct proc from the + * caller, promoting binary compatibility. + */ +int +suser(struct thread *td) +{ + + return (suser_cred(td->td_ucred, 0)); +} + +/* * Test the active securelevel against a given level. securelevel_gt() * implements (securelevel > level). securelevel_ge() implements * (securelevel >= level). Note that the logic is inverted -- these @@ -1328,7 +1307,7 @@ cr_seeotheruids(struct ucred *u1, struct ucred *u2) { if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) { - if (suser_xxx(u1, NULL, PRISON_ROOT) != 0) + if (suser_cred(u1, PRISON_ROOT) != 0) return (ESRCH); } return (0); @@ -1416,7 +1395,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum) break; default: /* Not permitted without privilege. */ - error = suser_xxx(cred, NULL, PRISON_ROOT); + error = suser_cred(cred, PRISON_ROOT); if (error) return (error); } @@ -1431,7 +1410,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum) cred->cr_uid != proc->p_ucred->cr_ruid && cred->cr_uid != proc->p_ucred->cr_svuid) { /* Not permitted without privilege. */ - error = suser_xxx(cred, NULL, PRISON_ROOT); + error = suser_cred(cred, PRISON_ROOT); if (error) return (error); } @@ -1489,7 +1468,7 @@ p_cansched(struct proc *p1, struct proc *p2) return (0); if (p1->p_ucred->cr_uid == p2->p_ucred->cr_ruid) return (0); - if (suser_xxx(0, p1, PRISON_ROOT) == 0) + if (suser_cred(p1->p_ucred, PRISON_ROOT) == 0) return (0); #ifdef CAPABILITIES @@ -1530,7 +1509,7 @@ p_candebug(struct proc *p1, struct proc *p2) int credentialchanged, error, grpsubset, i, uidsubset; if (!unprivileged_proc_debug) { - error = suser_xxx(NULL, p1, PRISON_ROOT); + error = suser_cred(p1->p_ucred, PRISON_ROOT); if (error) return (error); } @@ -1576,7 +1555,7 @@ p_candebug(struct proc *p1, struct proc *p2) * require CAP_SYS_PTRACE. */ if (!grpsubset || !uidsubset || credentialchanged) { - error = suser_xxx(NULL, p1, PRISON_ROOT); + error = suser_cred(p1->p_ucred, PRISON_ROOT); if (error) return (error); } @@ -1828,7 +1807,7 @@ setlogin(struct thread *td, struct setlogin_args *uap) char logintmp[MAXLOGNAME]; mtx_lock(&Giant); - if ((error = suser_xxx(0, p, PRISON_ROOT)) != 0) + if ((error = suser_cred(td->td_ucred, PRISON_ROOT)) != 0) goto done2; error = copyinstr((caddr_t) uap->namebuf, (caddr_t) logintmp, sizeof(logintmp), (size_t *)0); diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c index fbd76c2..26349bd 100644 --- a/sys/kern/kern_resource.c +++ b/sys/kern/kern_resource.c @@ -258,7 +258,7 @@ donice(curp, chgp, n) if (n < PRIO_MIN) n = PRIO_MIN; if (n < chgp->p_ksegrp.kg_nice /* XXXKSE */ && - suser_xxx(curp->p_ucred, NULL, 0)) + suser_cred(curp->p_ucred, 0)) return (EACCES); chgp->p_ksegrp.kg_nice /* XXXKSE */ = n; (void)resetpriority(&chgp->p_ksegrp); /* XXXKSE */ @@ -320,7 +320,7 @@ rtprio(td, uap) (error = copyin(uap->rtp, &rtp, sizeof(struct rtprio)))) break; /* disallow setting rtprio in most cases if not superuser */ - if (suser_xxx(curp->p_ucred, NULL, 0) != 0) { + if (suser(td) != 0) { /* can't set someone else's */ if (uap->pid) { error = EPERM; @@ -521,7 +521,7 @@ dosetrlimit(td, which, limp) if (limp->rlim_cur > alimp->rlim_max || limp->rlim_max > alimp->rlim_max) - if ((error = suser_xxx(0, p, PRISON_ROOT))) + if ((error = suser_cred(td->td_ucred, PRISON_ROOT))) return (error); if (limp->rlim_cur > limp->rlim_max) limp->rlim_cur = limp->rlim_max; diff --git a/sys/kern/kern_shutdown.c b/sys/kern/kern_shutdown.c index 3312b54..fe0cbb0 100644 --- a/sys/kern/kern_shutdown.c +++ b/sys/kern/kern_shutdown.c @@ -148,7 +148,7 @@ reboot(struct thread *td, struct reboot_args *uap) int error; mtx_lock(&Giant); - if ((error = suser_td(td)) == 0) + if ((error = suser(td)) == 0) boot(uap->opt); mtx_unlock(&Giant); return (error); diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index 9942ca1..6938706 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -463,7 +463,7 @@ sysctl_sysctl_debug(SYSCTL_HANDLER_ARGS) { int error; - error = suser(req->td->td_proc); + error = suser(req->td); if (error) return error; sysctl_sysctl_debug_dump_node(&sysctl__children, 0); @@ -1084,7 +1084,7 @@ sysctl_root(SYSCTL_HANDLER_ARGS) flags = PRISON_ROOT; else flags = 0; - error = suser_xxx(NULL, req->td->td_proc, flags); + error = suser_cred(req->td->td_ucred, flags); if (error) return (error); } diff --git a/sys/kern/kern_time.c b/sys/kern/kern_time.c index 970cb93..58c81ab 100644 --- a/sys/kern/kern_time.c +++ b/sys/kern/kern_time.c @@ -187,7 +187,7 @@ clock_settime(td, uap) int error; mtx_lock(&Giant); - if ((error = suser_td(td)) != 0) + if ((error = suser(td)) != 0) goto done2; if (SCARG(uap, clock_id) != CLOCK_REALTIME) { error = EINVAL; @@ -370,7 +370,7 @@ settimeofday(td, uap) mtx_lock(&Giant); - if ((error = suser_td(td))) + if ((error = suser(td))) goto done2; /* Verify all parameters before changing time. */ if (uap->tv) { @@ -421,7 +421,7 @@ adjtime(td, uap) mtx_lock(&Giant); - if ((error = suser_td(td))) + if ((error = suser(td))) goto done2; error = copyin((caddr_t)uap->delta, (caddr_t)&atv, sizeof(struct timeval)); diff --git a/sys/kern/kern_xxx.c b/sys/kern/kern_xxx.c index f3f19ee..9d4136b 100644 --- a/sys/kern/kern_xxx.c +++ b/sys/kern/kern_xxx.c @@ -97,7 +97,7 @@ osethostname(td, uap) name[0] = CTL_KERN; name[1] = KERN_HOSTNAME; mtx_lock(&Giant); - if ((error = suser_xxx(0, td->td_proc, PRISON_ROOT)) == 0) { + if ((error = suser_cred(td->td_ucred, PRISON_ROOT)) == 0) { error = userland_sysctl(td, name, 2, 0, 0, 0, uap->hostname, uap->len, 0); } @@ -143,7 +143,7 @@ osethostid(td, uap) int error; mtx_lock(&Giant); - if ((error = suser_td(td))) + if ((error = suser(td))) hostid = uap->hostid; mtx_unlock(&Giant); return (error); @@ -298,7 +298,7 @@ setdomainname(td, uap) int error, domainnamelen; mtx_lock(&Giant); - if ((error = suser_td(td))) + if ((error = suser(td))) goto done2; if ((u_int)uap->len > sizeof (domainname) - 1) { error = EINVAL; diff --git a/sys/kern/subr_acl_posix1e.c b/sys/kern/subr_acl_posix1e.c index b0d0baf..55ab33e 100644 --- a/sys/kern/subr_acl_posix1e.c +++ b/sys/kern/subr_acl_posix1e.c @@ -89,7 +89,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, * a DAC entry that matches but has failed to allow access. */ #ifndef CAPABILITIES - if (suser_xxx(cred, NULL, PRISON_ROOT) == 0) + if (suser_cred(cred, PRISON_ROOT) == 0) cap_granted = (VEXEC | VREAD | VWRITE | VADMIN); else cap_granted = 0; diff --git a/sys/kern/subr_prf.c b/sys/kern/subr_prf.c index b670c67..d1c42a6 100644 --- a/sys/kern/subr_prf.c +++ b/sys/kern/subr_prf.c @@ -861,7 +861,7 @@ sysctl_kern_msgbuf(SYSCTL_HANDLER_ARGS) int error; if (!unprivileged_read_msgbuf) { - error = suser_td(req->td); + error = suser(req->td); if (error) return (error); } diff --git a/sys/kern/sysv_ipc.c b/sys/kern/sysv_ipc.c index 42a1465..fc5fd8f 100644 --- a/sys/kern/sysv_ipc.c +++ b/sys/kern/sysv_ipc.c @@ -81,7 +81,7 @@ ipcperm(td, perm, mode) /* Check for user match. */ if (cred->cr_uid != perm->cuid && cred->cr_uid != perm->uid) { if (mode & IPC_M) - return (suser_td(td) == 0 ? 0 : EPERM); + return (suser(td) == 0 ? 0 : EPERM); /* Check for group match. */ mode >>= 3; if (!groupmember(perm->gid, cred) && @@ -93,5 +93,5 @@ ipcperm(td, perm, mode) if (mode & IPC_M) return (0); return ((mode & perm->mode) == mode || - suser_td(td) == 0 ? 0 : EACCES); + suser(td) == 0 ? 0 : EACCES); } diff --git a/sys/kern/sysv_msg.c b/sys/kern/sysv_msg.c index a26a172..4dd2249 100644 --- a/sys/kern/sysv_msg.c +++ b/sys/kern/sysv_msg.c @@ -421,7 +421,7 @@ msgctl(td, uap) if ((error = copyin(user_msqptr, &msqbuf, sizeof(msqbuf))) != 0) goto done2; if (msqbuf.msg_qbytes > msqptr->msg_qbytes) { - error = suser_td(td); + error = suser(td); if (error) goto done2; } diff --git a/sys/kern/tty.c b/sys/kern/tty.c index c9a56fd..1214513 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -730,9 +730,11 @@ ttioctl(tp, cmd, data, flag) void *data; { register struct proc *p; + struct thread *td; int s, error; - p = curproc; /* XXX */ + td = curthread; /* XXX */ + p = td->td_proc; /* If the ioctl involves modification, hang if in the background. */ switch (cmd) { @@ -851,7 +853,7 @@ ttioctl(tp, cmd, data, flag) ISSET(constty->t_state, TS_CONNECTED)) return (EBUSY); #ifndef UCONSOLE - if ((error = suser_xxx(p->p_ucred, NULL, 0)) != 0) + if ((error = suser(td)) != 0) return (error); #endif constty = tp; @@ -1023,9 +1025,9 @@ ttioctl(tp, cmd, data, flag) splx(s); break; case TIOCSTI: /* simulate terminal input */ - if ((flag & FREAD) == 0 && suser_xxx(p->p_ucred, NULL, 0)) + if ((flag & FREAD) == 0 && suser(td)) return (EPERM); - if (!isctty(p, tp) && suser_xxx(p->p_ucred, NULL, 0)) + if (!isctty(p, tp) && suser(td)) return (EACCES); s = spltty(); (*linesw[tp->t_line].l_rint)(*(u_char *)data, tp); @@ -1099,7 +1101,7 @@ ttioctl(tp, cmd, data, flag) } break; case TIOCSDRAINWAIT: - error = suser_xxx(p->p_ucred, NULL, 0); + error = suser(td); if (error) return (error); tp->t_timeout = *(int *)data * hz; diff --git a/sys/kern/tty_cons.c b/sys/kern/tty_cons.c index d6f805c..91713c1 100644 --- a/sys/kern/tty_cons.c +++ b/sys/kern/tty_cons.c @@ -456,7 +456,7 @@ cnioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct thread *td) * output from the "virtual" console. */ if (cmd == TIOCCONS && constty) { - error = suser_td(td); + error = suser(td); if (error) return (error); constty = NULL; diff --git a/sys/kern/tty_pty.c b/sys/kern/tty_pty.c index f1aa946..9bc2360 100644 --- a/sys/kern/tty_pty.c +++ b/sys/kern/tty_pty.c @@ -187,7 +187,7 @@ ptsopen(dev, flag, devtype, td) tp->t_lflag = TTYDEF_LFLAG; tp->t_cflag = TTYDEF_CFLAG; tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED; - } else if (tp->t_state & TS_XCLUDE && suser_xxx(td->td_ucred, NULL, 0)) { + } else if (tp->t_state & TS_XCLUDE && suser(td)) { return (EBUSY); } else if (pti->pt_prison != td->td_ucred->cr_prison) { return (EBUSY); diff --git a/sys/kern/vfs_acl.c b/sys/kern/vfs_acl.c index b0d0baf..55ab33e 100644 --- a/sys/kern/vfs_acl.c +++ b/sys/kern/vfs_acl.c @@ -89,7 +89,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, * a DAC entry that matches but has failed to allow access. */ #ifndef CAPABILITIES - if (suser_xxx(cred, NULL, PRISON_ROOT) == 0) + if (suser_cred(cred, PRISON_ROOT) == 0) cap_granted = (VEXEC | VREAD | VWRITE | VADMIN); else cap_granted = 0; diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c index 9ed164b..3ecd199 100644 --- a/sys/kern/vfs_extattr.c +++ b/sys/kern/vfs_extattr.c @@ -374,7 +374,7 @@ vfs_nmount(td, fsflags, fsoptions) } if (usermount == 0) { - error = suser_td(td); + error = suser(td); if (error) goto bad; } @@ -382,14 +382,14 @@ vfs_nmount(td, fsflags, fsoptions) * Do not allow NFS export by non-root users. */ if (fsflags & MNT_EXPORTED) { - error = suser_td(td); + error = suser(td); if (error) goto bad; } /* * Silently enforce MNT_NOSUID and MNT_NODEV for non-root users. */ - if (suser_xxx(td->td_ucred, NULL, 0) != 0) + if (suser(td)) fsflags |= MNT_NOSUID | MNT_NODEV; /* * Get vnode to be covered @@ -423,7 +423,7 @@ vfs_nmount(td, fsflags, fsoptions) * permitted to update it. */ if (mp->mnt_stat.f_owner != td->td_ucred->cr_uid) { - error = suser_td(td); + error = suser(td); if (error) { vput(vp); goto bad; @@ -460,7 +460,7 @@ vfs_nmount(td, fsflags, fsoptions) goto bad; } if (va.va_uid != td->td_ucred->cr_uid) { - error = suser_td(td); + error = suser(td); if (error) { vput(vp); goto bad; @@ -480,7 +480,7 @@ vfs_nmount(td, fsflags, fsoptions) break; if (vfsp == NULL) { /* Only load modules for root (very important!). */ - error = suser_td(td); + error = suser(td); if (error) { vput(vp); goto bad; @@ -722,7 +722,7 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata) return (ENAMETOOLONG); if (usermount == 0) { - error = suser_td(td); + error = suser(td); if (error) return (error); } @@ -730,14 +730,14 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata) * Do not allow NFS export by non-root users. */ if (fsflags & MNT_EXPORTED) { - error = suser_td(td); + error = suser(td); if (error) return (error); } /* * Silently enforce MNT_NOSUID and MNT_NODEV for non-root users. */ - if (suser_xxx(td->td_ucred, NULL, 0) != 0) + if (suser(td)) fsflags |= MNT_NOSUID | MNT_NODEV; /* * Get vnode to be covered @@ -769,7 +769,7 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata) * permitted to update it. */ if (mp->mnt_stat.f_owner != td->td_ucred->cr_uid) { - error = suser_td(td); + error = suser(td); if (error) { vput(vp); return (error); @@ -803,7 +803,7 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata) return (error); } if (va.va_uid != td->td_ucred->cr_uid) { - error = suser_td(td); + error = suser(td); if (error) { vput(vp); return (error); @@ -822,7 +822,7 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata) break; if (vfsp == NULL) { /* Only load modules for root (very important!). */ - error = suser_td(td); + error = suser(td); if (error) { vput(vp); return (error); @@ -1056,7 +1056,7 @@ unmount(td, uap) * permitted to unmount this filesystem. */ if (mp->mnt_stat.f_owner != td->td_ucred->cr_uid) { - error = suser_td(td); + error = suser(td); if (error) { vput(vp); return (error); @@ -1313,7 +1313,7 @@ statfs(td, uap) if (error) return (error); sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; - if (suser_xxx(td->td_ucred, 0, 0)) { + if (suser(td)) { bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb)); sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0; sp = &sb; @@ -1356,7 +1356,7 @@ fstatfs(td, uap) if (error) return (error); sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; - if (suser_xxx(td->td_ucred, 0, 0)) { + if (suser(td)) { bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb)); sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0; sp = &sb; @@ -1585,7 +1585,7 @@ chroot(td, uap) struct nameidata nd; struct vnode *vp; - error = suser_xxx(0, td->td_proc, PRISON_ROOT); + error = suser_cred(td->td_ucred, PRISON_ROOT); if (error) return (error); FILEDESC_LOCK(fdp); @@ -1868,10 +1868,10 @@ mknod(td, uap) switch (SCARG(uap, mode) & S_IFMT) { case S_IFCHR: case S_IFBLK: - error = suser_td(td); + error = suser(td); break; default: - error = suser_xxx(0, td->td_proc, PRISON_ROOT); + error = suser_cred(td->td_ucred, PRISON_ROOT); break; } if (error) @@ -2831,7 +2831,7 @@ setfflags(td, vp, flags) * chown can't fail when done as root. */ if (vp->v_type == VCHR || vp->v_type == VBLK) { - error = suser_xxx(td->td_ucred, td->td_proc, PRISON_ROOT); + error = suser_cred(td->td_ucred, PRISON_ROOT); if (error) return (error); } @@ -4089,7 +4089,7 @@ revoke(td, uap) } VOP_UNLOCK(vp, 0, td); if (td->td_ucred->cr_uid != vattr.va_uid) { - error = suser_xxx(0, td->td_proc, PRISON_ROOT); + error = suser_cred(td->td_ucred, PRISON_ROOT); if (error) goto out; } @@ -4158,7 +4158,7 @@ getfh(td, uap) /* * Must be super user */ - error = suser_td(td); + error = suser(td); if (error) return (error); NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, uap->fname, td); @@ -4214,7 +4214,7 @@ fhopen(td, uap) /* * Must be super user */ - error = suser_td(td); + error = suser(td); if (error) return (error); @@ -4390,7 +4390,7 @@ fhstat(td, uap) /* * Must be super user */ - error = suser_td(td); + error = suser(td); if (error) return (error); @@ -4437,7 +4437,7 @@ fhstatfs(td, uap) /* * Must be super user */ - error = suser_td(td); + error = suser(td); if (error) return (error); @@ -4454,7 +4454,7 @@ fhstatfs(td, uap) if ((error = VFS_STATFS(mp, sp, td)) != 0) return (error); sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; - if (suser_xxx(td->td_ucred, 0, 0)) { + if (suser(td)) { bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb)); sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0; sp = &sb; diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index e3290a1..7967b04 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -3217,7 +3217,7 @@ vaccess(type, file_mode, file_uid, file_gid, acc_mode, cred, privused) return (0); privcheck: - if (!suser_xxx(cred, NULL, PRISON_ROOT)) { + if (!suser_cred(cred, PRISON_ROOT)) { /* XXX audit: privilege used */ if (privused != NULL) *privused = 1; diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 9ed164b..3ecd199 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -374,7 +374,7 @@ vfs_nmount(td, fsflags, fsoptions) } if (usermount == 0) { - error = suser_td(td); + error = suser(td); if (error) goto bad; } @@ -382,14 +382,14 @@ vfs_nmount(td, fsflags, fsoptions) * Do not allow NFS export by non-root users. */ if (fsflags & MNT_EXPORTED) { - error = suser_td(td); + error = suser(td); if (error) goto bad; } /* * Silently enforce MNT_NOSUID and MNT_NODEV for non-root users. */ - if (suser_xxx(td->td_ucred, NULL, 0) != 0) + if (suser(td)) fsflags |= MNT_NOSUID | MNT_NODEV; /* * Get vnode to be covered @@ -423,7 +423,7 @@ vfs_nmount(td, fsflags, fsoptions) * permitted to update it. */ if (mp->mnt_stat.f_owner != td->td_ucred->cr_uid) { - error = suser_td(td); + error = suser(td); if (error) { vput(vp); goto bad; @@ -460,7 +460,7 @@ vfs_nmount(td, fsflags, fsoptions) goto bad; } if (va.va_uid != td->td_ucred->cr_uid) { - error = suser_td(td); + error = suser(td); if (error) { vput(vp); goto bad; @@ -480,7 +480,7 @@ vfs_nmount(td, fsflags, fsoptions) break; if (vfsp == NULL) { /* Only load modules for root (very important!). */ - error = suser_td(td); + error = suser(td); if (error) { vput(vp); goto bad; @@ -722,7 +722,7 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata) return (ENAMETOOLONG); if (usermount == 0) { - error = suser_td(td); + error = suser(td); if (error) return (error); } @@ -730,14 +730,14 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata) * Do not allow NFS export by non-root users. */ if (fsflags & MNT_EXPORTED) { - error = suser_td(td); + error = suser(td); if (error) return (error); } /* * Silently enforce MNT_NOSUID and MNT_NODEV for non-root users. */ - if (suser_xxx(td->td_ucred, NULL, 0) != 0) + if (suser(td)) fsflags |= MNT_NOSUID | MNT_NODEV; /* * Get vnode to be covered @@ -769,7 +769,7 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata) * permitted to update it. */ if (mp->mnt_stat.f_owner != td->td_ucred->cr_uid) { - error = suser_td(td); + error = suser(td); if (error) { vput(vp); return (error); @@ -803,7 +803,7 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata) return (error); } if (va.va_uid != td->td_ucred->cr_uid) { - error = suser_td(td); + error = suser(td); if (error) { vput(vp); return (error); @@ -822,7 +822,7 @@ vfs_mount(td, fstype, fspath, fsflags, fsdata) break; if (vfsp == NULL) { /* Only load modules for root (very important!). */ - error = suser_td(td); + error = suser(td); if (error) { vput(vp); return (error); @@ -1056,7 +1056,7 @@ unmount(td, uap) * permitted to unmount this filesystem. */ if (mp->mnt_stat.f_owner != td->td_ucred->cr_uid) { - error = suser_td(td); + error = suser(td); if (error) { vput(vp); return (error); @@ -1313,7 +1313,7 @@ statfs(td, uap) if (error) return (error); sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; - if (suser_xxx(td->td_ucred, 0, 0)) { + if (suser(td)) { bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb)); sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0; sp = &sb; @@ -1356,7 +1356,7 @@ fstatfs(td, uap) if (error) return (error); sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; - if (suser_xxx(td->td_ucred, 0, 0)) { + if (suser(td)) { bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb)); sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0; sp = &sb; @@ -1585,7 +1585,7 @@ chroot(td, uap) struct nameidata nd; struct vnode *vp; - error = suser_xxx(0, td->td_proc, PRISON_ROOT); + error = suser_cred(td->td_ucred, PRISON_ROOT); if (error) return (error); FILEDESC_LOCK(fdp); @@ -1868,10 +1868,10 @@ mknod(td, uap) switch (SCARG(uap, mode) & S_IFMT) { case S_IFCHR: case S_IFBLK: - error = suser_td(td); + error = suser(td); break; default: - error = suser_xxx(0, td->td_proc, PRISON_ROOT); + error = suser_cred(td->td_ucred, PRISON_ROOT); break; } if (error) @@ -2831,7 +2831,7 @@ setfflags(td, vp, flags) * chown can't fail when done as root. */ if (vp->v_type == VCHR || vp->v_type == VBLK) { - error = suser_xxx(td->td_ucred, td->td_proc, PRISON_ROOT); + error = suser_cred(td->td_ucred, PRISON_ROOT); if (error) return (error); } @@ -4089,7 +4089,7 @@ revoke(td, uap) } VOP_UNLOCK(vp, 0, td); if (td->td_ucred->cr_uid != vattr.va_uid) { - error = suser_xxx(0, td->td_proc, PRISON_ROOT); + error = suser_cred(td->td_ucred, PRISON_ROOT); if (error) goto out; } @@ -4158,7 +4158,7 @@ getfh(td, uap) /* * Must be super user */ - error = suser_td(td); + error = suser(td); if (error) return (error); NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, uap->fname, td); @@ -4214,7 +4214,7 @@ fhopen(td, uap) /* * Must be super user */ - error = suser_td(td); + error = suser(td); if (error) return (error); @@ -4390,7 +4390,7 @@ fhstat(td, uap) /* * Must be super user */ - error = suser_td(td); + error = suser(td); if (error) return (error); @@ -4437,7 +4437,7 @@ fhstatfs(td, uap) /* * Must be super user */ - error = suser_td(td); + error = suser(td); if (error) return (error); @@ -4454,7 +4454,7 @@ fhstatfs(td, uap) if ((error = VFS_STATFS(mp, sp, td)) != 0) return (error); sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK; - if (suser_xxx(td->td_ucred, 0, 0)) { + if (suser(td)) { bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb)); sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0; sp = &sb; diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c index f60ce7d..9eb60f9 100644 --- a/sys/kern/vfs_vnops.c +++ b/sys/kern/vfs_vnops.c @@ -638,7 +638,7 @@ vn_stat(vp, sb, td) } sb->st_flags = vap->va_flags; - if (suser_xxx(td->td_ucred, 0, 0)) + if (suser(td)) sb->st_gen = 0; else sb->st_gen = vap->va_gen; diff --git a/sys/net/if.c b/sys/net/if.c index 5ec27bf..4b8573f 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -1230,7 +1230,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td) break; case SIOCSIFFLAGS: - error = suser_td(td); + error = suser(td); if (error) return (error); ifr->ifr_prevflags = ifp->if_flags; @@ -1255,7 +1255,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td) break; case SIOCSIFCAP: - error = suser_td(td); + error = suser(td); if (error) return (error); if (ifr->ifr_reqcap & ~ifp->if_capabilities) @@ -1264,7 +1264,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td) break; case SIOCSIFMETRIC: - error = suser_td(td); + error = suser(td); if (error) return (error); ifp->if_metric = ifr->ifr_metric; @@ -1272,7 +1272,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td) break; case SIOCSIFPHYS: - error = suser_td(td); + error = suser(td); if (error) return error; if (!ifp->if_ioctl) @@ -1286,7 +1286,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td) { u_long oldmtu = ifp->if_mtu; - error = suser_td(td); + error = suser(td); if (error) return (error); if (ifr->ifr_mtu < IF_MINMTU || ifr->ifr_mtu > IF_MAXMTU) @@ -1311,7 +1311,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td) case SIOCADDMULTI: case SIOCDELMULTI: - error = suser_td(td); + error = suser(td); if (error) return (error); @@ -1341,7 +1341,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td) case SIOCSLIFPHYADDR: case SIOCSIFMEDIA: case SIOCSIFGENERIC: - error = suser_td(td); + error = suser(td); if (error) return (error); if (ifp->if_ioctl == NULL) @@ -1366,7 +1366,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td) break; case SIOCSIFLLADDR: - error = suser_td(td); + error = suser(td); if (error) return (error); error = if_setlladdr(ifp, @@ -1405,7 +1405,7 @@ ifioctl(so, cmd, data, td) switch (cmd) { case SIOCIFCREATE: case SIOCIFDESTROY: - if ((error = suser_td(td)) != 0) + if ((error = suser(td)) != 0) return (error); return ((cmd == SIOCIFCREATE) ? if_clone_create(ifr->ifr_name, sizeof(ifr->ifr_name)) : diff --git a/sys/net/if_ppp.c b/sys/net/if_ppp.c index 091b25e..e2c25eb 100644 --- a/sys/net/if_ppp.c +++ b/sys/net/if_ppp.c @@ -376,7 +376,7 @@ pppioctl(sc, cmd, data, flag, td) break; case PPPIOCSFLAGS: - if ((error = suser(p)) != 0) + if ((error = suser(td)) != 0) break; flags = *(int *)data & SC_MASK; s = splsoftnet(); @@ -390,7 +390,7 @@ pppioctl(sc, cmd, data, flag, td) break; case PPPIOCSMRU: - if ((error = suser(p)) != 0) + if ((error = suser(td)) != 0) return (error); mru = *(int *)data; if (mru >= PPP_MRU && mru <= PPP_MAXMRU) @@ -403,7 +403,7 @@ pppioctl(sc, cmd, data, flag, td) #ifdef VJC case PPPIOCSMAXCID: - if ((error = suser(p)) != 0) + if ((error = suser(td)) != 0) break; if (sc->sc_comp) { s = splsoftnet(); @@ -414,14 +414,14 @@ pppioctl(sc, cmd, data, flag, td) #endif case PPPIOCXFERUNIT: - if ((error = suser(p)) != 0) + if ((error = suser(td)) != 0) break; sc->sc_xfer = p->p_pid; break; #ifdef PPP_COMPRESS case PPPIOCSCOMPRESS: - if ((error = suser(p)) != 0) + if ((error = suser(td)) != 0) break; odp = (struct ppp_option_data *) data; nb = odp->length; @@ -497,7 +497,7 @@ pppioctl(sc, cmd, data, flag, td) if (cmd == PPPIOCGNPMODE) { npi->mode = sc->sc_npmode[npx]; } else { - if ((error = suser(p)) != 0) + if ((error = suser(td)) != 0) break; if (npi->mode != sc->sc_npmode[npx]) { s = splsoftnet(); @@ -573,7 +573,7 @@ pppsioctl(ifp, cmd, data) u_long cmd; caddr_t data; { - struct proc *p = curproc; /* XXX */ + struct thread *td = curthread; /* XXX */ register struct ppp_softc *sc = &ppp_softc[ifp->if_unit]; register struct ifaddr *ifa = (struct ifaddr *)data; register struct ifreq *ifr = (struct ifreq *)data; @@ -623,7 +623,7 @@ pppsioctl(ifp, cmd, data) break; case SIOCSIFMTU: - if ((error = suser(p)) != 0) + if ((error = suser(td)) != 0) break; if (ifr->ifr_mtu > PPP_MAXMTU) error = EINVAL; diff --git a/sys/net/if_sl.c b/sys/net/if_sl.c index 346252a..c8e284a 100644 --- a/sys/net/if_sl.c +++ b/sys/net/if_sl.c @@ -341,7 +341,7 @@ slopen(dev, tp) register struct sl_softc *sc; int s, error; - error = suser_td(curthread); + error = suser(curthread); if (error) return (error); diff --git a/sys/net/if_tap.c b/sys/net/if_tap.c index 605d287..253af5a 100644 --- a/sys/net/if_tap.c +++ b/sys/net/if_tap.c @@ -399,7 +399,7 @@ tapopen(dev, flag, mode, td) int unit, error; struct resource *r = NULL; - if ((error = suser_td(td)) != 0) + if ((error = suser(td)) != 0) return (error); unit = dev2unit(dev) & TAPMAXUNIT; diff --git a/sys/net/if_tun.c b/sys/net/if_tun.c index 6082949..1061274 100644 --- a/sys/net/if_tun.c +++ b/sys/net/if_tun.c @@ -533,7 +533,7 @@ tunioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct thread *td) if (tunp->mtu < IF_MINMTU) return (EINVAL); if (tp->tun_if.if_mtu != tunp->mtu - && (error = suser_td(td)) != 0) + && (error = suser(td)) != 0) return (error); tp->tun_if.if_mtu = tunp->mtu; tp->tun_if.if_type = tunp->type; diff --git a/sys/net/net_osdep.h b/sys/net/net_osdep.h index 57a1fb5..a5ff633 100644 --- a/sys/net/net_osdep.h +++ b/sys/net/net_osdep.h @@ -79,6 +79,10 @@ * struct proc *p; * if (p && !suser(p)) * privileged; + * FreeBSD 5 + * struct thread *td; + * if (suser(td)) + * privileged; * OpenBSD, BSDI [34], FreeBSD 2 * struct socket *so; * if (so->so_state & SS_PRIV) diff --git a/sys/net/ppp_tty.c b/sys/net/ppp_tty.c index e769b1b..2f65fdb 100644 --- a/sys/net/ppp_tty.c +++ b/sys/net/ppp_tty.c @@ -175,7 +175,7 @@ pppopen(dev, tp) register struct ppp_softc *sc; int error, s; - if ((error = suser_td(td)) != 0) + if ((error = suser(td)) != 0) return (error); s = spltty(); @@ -444,7 +444,7 @@ ppptioctl(tp, cmd, data, flag, td) error = 0; switch (cmd) { case PPPIOCSASYNCMAP: - if ((error = suser_td(td)) != 0) + if ((error = suser(td)) != 0) break; sc->sc_asyncmap[0] = *(u_int *)data; break; @@ -454,7 +454,7 @@ ppptioctl(tp, cmd, data, flag, td) break; case PPPIOCSRASYNCMAP: - if ((error = suser_td(td)) != 0) + if ((error = suser(td)) != 0) break; sc->sc_rasyncmap = *(u_int *)data; break; @@ -464,7 +464,7 @@ ppptioctl(tp, cmd, data, flag, td) break; case PPPIOCSXASYNCMAP: - if ((error = suser_td(td)) != 0) + if ((error = suser(td)) != 0) break; s = spltty(); bcopy(data, sc->sc_asyncmap, sizeof(sc->sc_asyncmap)); diff --git a/sys/net/raw_usrreq.c b/sys/net/raw_usrreq.c index 3138b10..47df8d0 100644 --- a/sys/net/raw_usrreq.c +++ b/sys/net/raw_usrreq.c @@ -157,7 +157,7 @@ raw_uattach(struct socket *so, int proto, struct thread *td) if (rp == 0) return EINVAL; - if (td && (error = suser_td(td)) != 0) + if (td && (error = suser(td)) != 0) return error; return raw_attach(so, proto); } diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index 5b87991..ea9f4d3 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -332,7 +332,7 @@ route_output(m, so) * Verify that the caller has the appropriate privilege; RTM_GET * is the only operation the non-superuser is allowed. */ - if (rtm->rtm_type != RTM_GET && (error = suser(curproc)) != 0) + if (rtm->rtm_type != RTM_GET && (error = suser(curthread)) != 0) senderr(error); switch (rtm->rtm_type) { diff --git a/sys/netatalk/at_control.c b/sys/netatalk/at_control.c index 5144115..c0e6727 100644 --- a/sys/netatalk/at_control.c +++ b/sys/netatalk/at_control.c @@ -99,7 +99,7 @@ at_control(struct socket *so, u_long cmd, caddr_t data, /* * If we are not superuser, then we don't get to do these ops. */ - if ( suser_td(td) ) { + if ( suser(td) ) { return( EPERM ); } diff --git a/sys/netatalk/ddp_pcb.c b/sys/netatalk/ddp_pcb.c index a4b8404..48e17d4 100644 --- a/sys/netatalk/ddp_pcb.c +++ b/sys/netatalk/ddp_pcb.c @@ -254,7 +254,7 @@ at_pcbsetaddr(struct ddpcb *ddp, struct sockaddr *addr, struct thread *td) return( EINVAL ); } if ( sat->sat_port < ATPORT_RESERVED && - suser_td(td) ) { + suser(td) ) { return( EACCES ); } } diff --git a/sys/netatalk/ddp_usrreq.c b/sys/netatalk/ddp_usrreq.c index a4b8404..48e17d4 100644 --- a/sys/netatalk/ddp_usrreq.c +++ b/sys/netatalk/ddp_usrreq.c @@ -254,7 +254,7 @@ at_pcbsetaddr(struct ddpcb *ddp, struct sockaddr *addr, struct thread *td) return( EINVAL ); } if ( sat->sat_port < ATPORT_RESERVED && - suser_td(td) ) { + suser(td) ) { return( EACCES ); } } diff --git a/sys/netatm/atm_usrreq.c b/sys/netatm/atm_usrreq.c index 979a656..7f8716c 100644 --- a/sys/netatm/atm_usrreq.c +++ b/sys/netatm/atm_usrreq.c @@ -192,7 +192,7 @@ atm_dgram_control(so, cmd, data, ifp, td) struct atmcfgreq *acp = (struct atmcfgreq *)data; struct atm_pif *pip; - if (td && (suser_td(td) != 0)) + if (td && (suser(td) != 0)) ATM_RETERR(EPERM); switch (acp->acr_opcode) { @@ -225,7 +225,7 @@ atm_dgram_control(so, cmd, data, ifp, td) struct atmaddreq *aap = (struct atmaddreq *)data; Atm_endpoint *epp; - if (td && (suser_td(td) != 0)) + if (td && (suser(td) != 0)) ATM_RETERR(EPERM); switch (aap->aar_opcode) { @@ -275,7 +275,7 @@ atm_dgram_control(so, cmd, data, ifp, td) struct sigmgr *smp; Atm_endpoint *epp; - if (td && (suser_td(td) != 0)) + if (td && (suser(td) != 0)) ATM_RETERR(EPERM); switch (adp->adr_opcode) { @@ -328,7 +328,7 @@ atm_dgram_control(so, cmd, data, ifp, td) struct sigmgr *smp; struct ifnet *ifp2; - if (td && (suser_td(td) != 0)) + if (td && (suser(td) != 0)) ATM_RETERR(EPERM); switch (asp->asr_opcode) { diff --git a/sys/netgraph/ng_socket.c b/sys/netgraph/ng_socket.c index 206d752..02183f0 100644 --- a/sys/netgraph/ng_socket.c +++ b/sys/netgraph/ng_socket.c @@ -166,7 +166,7 @@ ngc_attach(struct socket *so, int proto, struct thread *td) { struct ngpcb *const pcbp = sotongpcb(so); - if (suser_td(td)) + if (suser(td)) return (EPERM); if (pcbp != NULL) return (EISCONN); diff --git a/sys/netgraph/ng_tty.c b/sys/netgraph/ng_tty.c index 6b0a388..9a0175e 100644 --- a/sys/netgraph/ng_tty.c +++ b/sys/netgraph/ng_tty.c @@ -190,7 +190,7 @@ ngt_open(dev_t dev, struct tty *tp) int s, error; /* Super-user only */ - if ((error = suser_td(td))) + if ((error = suser(td))) return (error); s = splnet(); (void) spltty(); /* XXX is this necessary? */ diff --git a/sys/netinet/in.c b/sys/netinet/in.c index eb4877d..6631f07 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -204,7 +204,7 @@ in_control(so, cmd, data, ifp, td) switch (cmd) { case SIOCALIFADDR: case SIOCDLIFADDR: - if (td && (error = suser_td(td)) != 0) + if (td && (error = suser(td)) != 0) return error; /*fall through*/ case SIOCGLIFADDR: @@ -263,7 +263,7 @@ in_control(so, cmd, data, ifp, td) case SIOCSIFADDR: case SIOCSIFNETMASK: case SIOCSIFDSTADDR: - if (td && (error = suser_td(td)) != 0) + if (td && (error = suser(td)) != 0) return error; if (ifp == 0) @@ -301,7 +301,7 @@ in_control(so, cmd, data, ifp, td) break; case SIOCSIFBRDADDR: - if (td && (error = suser_td(td)) != 0) + if (td && (error = suser(td)) != 0) return error; /* FALLTHROUGH */ diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 7631c44..be95188 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -178,7 +178,6 @@ in_pcbbind(inp, nam, td) struct sockaddr *nam; struct thread *td; { - struct proc *p = td->td_proc; register struct socket *so = inp->inp_socket; unsigned short *lastport; struct sockaddr_in *sin; @@ -228,8 +227,8 @@ in_pcbbind(inp, nam, td) if (lport) { struct inpcb *t; /* GROSS */ - if (ntohs(lport) < IPPORT_RESERVED && p && - suser_xxx(0, p, PRISON_ROOT)) + if (ntohs(lport) < IPPORT_RESERVED && td && + suser_cred(td->td_ucred, PRISON_ROOT)) return (EACCES); if (td && jailed(td->td_ucred)) prison = 1; @@ -292,7 +291,7 @@ in_pcbbind(inp, nam, td) last = ipport_hilastauto; lastport = &pcbinfo->lasthi; } else if (inp->inp_flags & INP_LOWPORT) { - if (p && (error = suser_xxx(0, p, PRISON_ROOT))) { + if (td && (error = suser_cred(td->td_ucred, PRISON_ROOT))) { inp->inp_laddr.s_addr = INADDR_ANY; return error; } diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index 25a5329..5650d26 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -345,7 +345,7 @@ div_attach(struct socket *so, int proto, struct thread *td) inp = sotoinpcb(so); if (inp) panic("div_attach"); - if (td && (error = suser_td(td)) != 0) + if (td && (error = suser(td)) != 0) return error; error = soreserve(so, div_sendspace, div_recvspace); diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index f456456..d3628f1 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1286,7 +1286,7 @@ ip_ctloutput(so, sopt) if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */ break; priv = (sopt->sopt_td != NULL && - suser_td(sopt->sopt_td) != 0) ? 0 : 1; + suser(sopt->sopt_td) != 0) ? 0 : 1; req = mtod(m, caddr_t); len = m->m_len; optname = sopt->sopt_name; diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 60d3988..3b44d02 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -467,7 +467,7 @@ rip_attach(struct socket *so, int proto, struct thread *td) inp = sotoinpcb(so); if (inp) panic("rip_attach"); - if (td && (error = suser_td(td)) != 0) + if (td && (error = suser(td)) != 0) return error; error = soreserve(so, rip_sendspace, rip_recvspace); diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index db910e0..63af863 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -907,7 +907,7 @@ tcp_getcred(SYSCTL_HANDLER_ARGS) struct inpcb *inp; int error, s; - error = suser_xxx(0, req->td->td_proc, PRISON_ROOT); + error = suser_cred(req->td->td_ucred, PRISON_ROOT); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); @@ -943,7 +943,7 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS) struct inpcb *inp; int error, s, mapped = 0; - error = suser_xxx(0, req->td->td_proc, PRISON_ROOT); + error = suser_cred(req->td->td_ucred, PRISON_ROOT); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index db910e0..63af863 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -907,7 +907,7 @@ tcp_getcred(SYSCTL_HANDLER_ARGS) struct inpcb *inp; int error, s; - error = suser_xxx(0, req->td->td_proc, PRISON_ROOT); + error = suser_cred(req->td->td_ucred, PRISON_ROOT); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); @@ -943,7 +943,7 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS) struct inpcb *inp; int error, s, mapped = 0; - error = suser_xxx(0, req->td->td_proc, PRISON_ROOT); + error = suser_cred(req->td->td_ucred, PRISON_ROOT); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 79ada7f..04e68f9 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -636,7 +636,7 @@ udp_getcred(SYSCTL_HANDLER_ARGS) struct inpcb *inp; int error, s; - error = suser_xxx(0, req->td->td_proc, PRISON_ROOT); + error = suser_cred(req->td->td_ucred, PRISON_ROOT); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index d376b58..f427c7c 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -376,7 +376,7 @@ in6_control(so, cmd, data, ifp, td) int privileged; privileged = 0; - if (td == NULL || !suser_td(td)) + if (td == NULL || !suser(td)) privileged++; switch (cmd) { diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index 093fe71..cca0c6f 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -183,7 +183,7 @@ in6_pcbbind(inp, nam, td) /* GROSS */ if (ntohs(lport) < IPV6PORT_RESERVED && td && - suser_xxx(0, td->td_proc, PRISON_ROOT)) + suser_cred(td->td_ucred, PRISON_ROOT)) return(EACCES); if (so->so_cred->cr_uid != 0 && !IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { diff --git a/sys/netinet6/in6_src.c b/sys/netinet6/in6_src.c index 16a78ad..3dd2212 100644 --- a/sys/netinet6/in6_src.c +++ b/sys/netinet6/in6_src.c @@ -349,7 +349,7 @@ in6_pcbsetport(laddr, inp, td) last = ipport_hilastauto; lastport = &pcbinfo->lasthi; } else if (inp->inp_flags & INP_LOWPORT) { - if (td && (error = suser_td(td))) + if (td && (error = suser(td))) return error; first = ipport_lowfirstauto; /* 1023 */ last = ipport_lowlastauto; /* 600 */ diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index f492fd0..d29bcae 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -1134,12 +1134,16 @@ ip6_savecontrol(in6p, mp, ip6, m) struct ip6_hdr *ip6; struct mbuf *m; { - struct proc *p = curproc; /* XXX */ +#if __FreeBSD__ >= 5 + struct thread *td = curthread; /* XXX */ +#else + struct proc *td = curproc; /* XXX */ +#endif int privileged = 0; int rthdr_exist = 0; - if (p && !suser(p)) + if (td && !suser(td)) privileged++; #ifdef SO_TIMESTAMP diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index e4d2c77..2d214eb 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1283,7 +1283,7 @@ ip6_ctloutput(so, sopt) } error = optval = 0; - privileged = (td == 0 || suser_td(td)) ? 0 : 1; + privileged = (td == 0 || suser(td)) ? 0 : 1; if (level == IPPROTO_IPV6) { switch (op) { @@ -1733,7 +1733,7 @@ ip6_pcbopts(pktopt, m, so, sopt) } /* set options specified by user. */ - if (td && !suser_td(td)) + if (td && !suser(td)) priv = 1; if ((error = ip6_setpktoptions(m, opt, priv, 1)) != 0) { ip6_clearpktopts(opt, 1, -1); /* XXX: discard all options */ @@ -1989,7 +1989,7 @@ ip6_setmoptions(optname, im6op, m) * all multicast addresses. Only super user is allowed * to do this. */ - if (suser_td(td)) + if (suser(td)) { error = EACCES; break; @@ -2096,7 +2096,7 @@ ip6_setmoptions(optname, im6op, m) } mreq = mtod(m, struct ipv6_mreq *); if (IN6_IS_ADDR_UNSPECIFIED(&mreq->ipv6mr_multiaddr)) { - if (suser_td(td)) { + if (suser(td)) { error = EACCES; break; } diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index f16651b..ca09142 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -544,7 +544,7 @@ rip6_attach(struct socket *so, int proto, struct thread *td) inp = sotoinpcb(so); if (inp) panic("rip6_attach"); - if (td && (error = suser_td(td)) != 0) + if (td && (error = suser(td)) != 0) return error; error = soreserve(so, rip_sendspace, rip_recvspace); diff --git a/sys/netinet6/udp6_output.c b/sys/netinet6/udp6_output.c index d1d6a19..b085943 100644 --- a/sys/netinet6/udp6_output.c +++ b/sys/netinet6/udp6_output.c @@ -140,7 +140,7 @@ udp6_output(in6p, m, addr6, control, td) struct sockaddr_in6 tmp; priv = 0; - if (td && !suser_td(td)) + if (td && !suser(td)) priv = 1; if (control) { if ((error = ip6_setpktoptions(control, &opt, priv, 0)) != 0) diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c index 2861f7f..f1bf3a9 100644 --- a/sys/netinet6/udp6_usrreq.c +++ b/sys/netinet6/udp6_usrreq.c @@ -466,7 +466,7 @@ udp6_getcred(SYSCTL_HANDLER_ARGS) struct inpcb *inp; int error, s; - error = suser(req->td->td_proc); + error = suser(req->td); if (error) return (error); diff --git a/sys/netipx/ipx.c b/sys/netipx/ipx.c index 2727875..35aa27d 100644 --- a/sys/netipx/ipx.c +++ b/sys/netipx/ipx.c @@ -108,7 +108,7 @@ ipx_control(so, cmd, data, ifp, td) return (0); } - if (td && (error = suser_td(td)) != 0) + if (td && (error = suser(td)) != 0) return (error); switch (cmd) { diff --git a/sys/netipx/ipx_pcb.c b/sys/netipx/ipx_pcb.c index ea038fe..8fe9796 100644 --- a/sys/netipx/ipx_pcb.c +++ b/sys/netipx/ipx_pcb.c @@ -99,7 +99,7 @@ ipx_pcbbind(ipxp, nam, td) int error; if (aport < IPXPORT_RESERVED && - td != NULL && (error = suser_td(td)) != 0) + td != NULL && (error = suser(td)) != 0) return (error); if (ipx_pcblookup(&zeroipx_addr, lport, 0)) return (EADDRINUSE); diff --git a/sys/netipx/ipx_usrreq.c b/sys/netipx/ipx_usrreq.c index 7cddcfc..1261748 100644 --- a/sys/netipx/ipx_usrreq.c +++ b/sys/netipx/ipx_usrreq.c @@ -602,7 +602,7 @@ ripx_attach(so, proto, td) int s; struct ipxpcb *ipxp = sotoipxpcb(so); - if (td != NULL && (error = suser_td(td)) != 0) + if (td != NULL && (error = suser(td)) != 0) return (error); s = splnet(); error = ipx_pcballoc(so, &ipxrawpcb, td); diff --git a/sys/netncp/ncp_subr.h b/sys/netncp/ncp_subr.h index a4c4559..46099d7 100644 --- a/sys/netncp/ncp_subr.h +++ b/sys/netncp/ncp_subr.h @@ -84,7 +84,7 @@ #define checkbad(fn) {error=(fn);if(error) goto bad;} -#define ncp_suser(cred) suser_xxx(cred, NULL, 0) +#define ncp_suser(cred) suser_cred(cred, 0) #define ncp_isowner(conn,cred) ((cred)->cr_uid == (conn)->nc_owner->cr_uid) diff --git a/sys/netsmb/smb_subr.h b/sys/netsmb/smb_subr.h index 1d2a304..b1696e6 100644 --- a/sys/netsmb/smb_subr.h +++ b/sys/netsmb/smb_subr.h @@ -70,7 +70,7 @@ void m_dumpm(struct mbuf *m); SIGISMEMBER(set, SIGHUP) || SIGISMEMBER(set, SIGKILL) || \ SIGISMEMBER(set, SIGQUIT)) -#define smb_suser(cred) suser_xxx(cred, NULL, 0) +#define smb_suser(cred) suser_cred(cred, 0) /* * Compatibility wrappers for simple locks diff --git a/sys/nfsclient/nfs_lock.c b/sys/nfsclient/nfs_lock.c index 4726c2c..0c9d6ac 100644 --- a/sys/nfsclient/nfs_lock.c +++ b/sys/nfsclient/nfs_lock.c @@ -241,7 +241,7 @@ nfslockdans(struct thread *td, struct lockd_ans *ansp) * * XXX This authorization check is probably not right. */ - if ((error = suser(td->td_proc)) != 0 && + if ((error = suser(td)) != 0 && td->td_ucred->cr_svuid != 0) return (error); diff --git a/sys/nfsserver/nfs_serv.c b/sys/nfsserver/nfs_serv.c index 2d79643..21c225b 100644 --- a/sys/nfsserver/nfs_serv.c +++ b/sys/nfsserver/nfs_serv.c @@ -1742,7 +1742,7 @@ nfsrv_create(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, if (vap->va_type == VCHR && rdev == 0xffffffff) vap->va_type = VFIFO; if (vap->va_type != VFIFO && - (error = suser_xxx(cred, 0, 0))) { + (error = suser_cred(cred, 0))) { goto ereply; } vap->va_rdev = rdev; @@ -1947,7 +1947,7 @@ nfsrv_mknod(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, if (error) NDFREE(&nd, NDF_ONLY_PNBUF); } else { - if (vtyp != VFIFO && (error = suser_xxx(cred, 0, 0))) + if (vtyp != VFIFO && (error = suser_cred(cred, 0))) goto out; error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap); if (error) { diff --git a/sys/nfsserver/nfs_syscalls.c b/sys/nfsserver/nfs_syscalls.c index 39f6e61..5e9075b 100644 --- a/sys/nfsserver/nfs_syscalls.c +++ b/sys/nfsserver/nfs_syscalls.c @@ -129,7 +129,7 @@ nfssvc(struct thread *td, struct nfssvc_args *uap) int error; mtx_lock(&Giant); - error = suser_td(td); + error = suser(td); if (error) goto done2; while (nfssvc_sockhead_flag & SLP_INIT) { diff --git a/sys/pc98/cbus/fdc.c b/sys/pc98/cbus/fdc.c index d52138d..e8b85c3 100644 --- a/sys/pc98/cbus/fdc.c +++ b/sys/pc98/cbus/fdc.c @@ -3188,7 +3188,7 @@ fdioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct thread *td) * Set density definition permanently. Only * allow for superuser. */ - if (suser_td(td) != 0) + if (suser(td) != 0) return (EPERM); fd->fts[type] = *(struct fd_type *)addr; } @@ -3213,7 +3213,7 @@ fdioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct thread *td) #endif case FD_CLRERR: - if (suser_td(td) != 0) + if (suser(td) != 0) return (EPERM); fd->fdc->fdc_errs = 0; return (0); @@ -3295,7 +3295,7 @@ fdioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct thread *td) case FD_STYPE: /* set drive type */ /* this is considered harmful; only allow for superuser */ - if (suser_td(td) != 0) + if (suser(td) != 0) return (EPERM); *fd->ft = *(struct fd_type *)addr; break; @@ -3319,7 +3319,7 @@ fdioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct thread *td) #endif case FD_CLRERR: - if (suser_td(td) != 0) + if (suser(td) != 0) return (EPERM); fd->fdc->fdc_errs = 0; break; diff --git a/sys/pc98/cbus/sio.c b/sys/pc98/cbus/sio.c index 65cf662..375527a 100644 --- a/sys/pc98/cbus/sio.c +++ b/sys/pc98/cbus/sio.c @@ -1902,7 +1902,7 @@ open_top: } } if (tp->t_state & TS_XCLUDE && - suser_td(td)) { + suser(td)) { error = EBUSY; goto out; } @@ -2935,7 +2935,7 @@ sioioctl(dev, cmd, data, flag, td) } switch (cmd) { case TIOCSETA: - error = suser_td(td); + error = suser(td); if (error != 0) return (error); *ct = *(struct termios *)data; @@ -3028,7 +3028,7 @@ sioioctl(dev, cmd, data, flag, td) break; case TIOCMSDTRWAIT: /* must be root since the wait applies to following logins */ - error = suser_td(td); + error = suser(td); if (error != 0) { splx(s); return (error); @@ -3086,7 +3086,7 @@ sioioctl(dev, cmd, data, flag, td) break; case TIOCMSDTRWAIT: /* must be root since the wait applies to following logins */ - error = suser_td(td); + error = suser(td); if (error != 0) { splx(s); return (error); diff --git a/sys/pc98/i386/machdep.c b/sys/pc98/i386/machdep.c index 65c9201..8c904dc 100644 --- a/sys/pc98/i386/machdep.c +++ b/sys/pc98/i386/machdep.c @@ -2204,7 +2204,7 @@ set_dbregs(struct thread *td, struct dbreg *dbregs) * from within kernel mode? */ - if (suser_td(td) != 0) { + if (suser(td) != 0) { if (dbregs->dr7 & 0x3) { /* dr0 is enabled */ if (dbregs->dr0 >= VM_MAXUSER_ADDRESS) diff --git a/sys/pc98/pc98/fd.c b/sys/pc98/pc98/fd.c index d52138d..e8b85c3 100644 --- a/sys/pc98/pc98/fd.c +++ b/sys/pc98/pc98/fd.c @@ -3188,7 +3188,7 @@ fdioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct thread *td) * Set density definition permanently. Only * allow for superuser. */ - if (suser_td(td) != 0) + if (suser(td) != 0) return (EPERM); fd->fts[type] = *(struct fd_type *)addr; } @@ -3213,7 +3213,7 @@ fdioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct thread *td) #endif case FD_CLRERR: - if (suser_td(td) != 0) + if (suser(td) != 0) return (EPERM); fd->fdc->fdc_errs = 0; return (0); @@ -3295,7 +3295,7 @@ fdioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct thread *td) case FD_STYPE: /* set drive type */ /* this is considered harmful; only allow for superuser */ - if (suser_td(td) != 0) + if (suser(td) != 0) return (EPERM); *fd->ft = *(struct fd_type *)addr; break; @@ -3319,7 +3319,7 @@ fdioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct thread *td) #endif case FD_CLRERR: - if (suser_td(td) != 0) + if (suser(td) != 0) return (EPERM); fd->fdc->fdc_errs = 0; break; diff --git a/sys/pc98/pc98/machdep.c b/sys/pc98/pc98/machdep.c index 65c9201..8c904dc 100644 --- a/sys/pc98/pc98/machdep.c +++ b/sys/pc98/pc98/machdep.c @@ -2204,7 +2204,7 @@ set_dbregs(struct thread *td, struct dbreg *dbregs) * from within kernel mode? */ - if (suser_td(td) != 0) { + if (suser(td) != 0) { if (dbregs->dr7 & 0x3) { /* dr0 is enabled */ if (dbregs->dr0 >= VM_MAXUSER_ADDRESS) diff --git a/sys/pc98/pc98/sio.c b/sys/pc98/pc98/sio.c index 65cf662..375527a 100644 --- a/sys/pc98/pc98/sio.c +++ b/sys/pc98/pc98/sio.c @@ -1902,7 +1902,7 @@ open_top: } } if (tp->t_state & TS_XCLUDE && - suser_td(td)) { + suser(td)) { error = EBUSY; goto out; } @@ -2935,7 +2935,7 @@ sioioctl(dev, cmd, data, flag, td) } switch (cmd) { case TIOCSETA: - error = suser_td(td); + error = suser(td); if (error != 0) return (error); *ct = *(struct termios *)data; @@ -3028,7 +3028,7 @@ sioioctl(dev, cmd, data, flag, td) break; case TIOCMSDTRWAIT: /* must be root since the wait applies to following logins */ - error = suser_td(td); + error = suser(td); if (error != 0) { splx(s); return (error); @@ -3086,7 +3086,7 @@ sioioctl(dev, cmd, data, flag, td) break; case TIOCMSDTRWAIT: /* must be root since the wait applies to following logins */ - error = suser_td(td); + error = suser(td); if (error != 0) { splx(s); return (error); diff --git a/sys/pc98/pc98/syscons.c b/sys/pc98/pc98/syscons.c index aaabf37..ef449d0 100644 --- a/sys/pc98/pc98/syscons.c +++ b/sys/pc98/pc98/syscons.c @@ -476,7 +476,7 @@ scopen(dev_t dev, int flag, int mode, struct thread *td) (*linesw[tp->t_line].l_modem)(tp, 1); } else - if (tp->t_state & TS_XCLUDE && suser_td(td)) + if (tp->t_state & TS_XCLUDE && suser(td)) return(EBUSY); error = (*linesw[tp->t_line].l_open)(dev, tp); @@ -978,7 +978,7 @@ scioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct thread *td) return 0; case KDENABIO: /* allow io operations */ - error = suser_td(td); + error = suser(td); if (error != 0) return error; error = securelevel_gt(td->td_ucred, 0); diff --git a/sys/pc98/pc98/wd_cd.c b/sys/pc98/pc98/wd_cd.c index 909a409..f0e6093 100644 --- a/sys/pc98/pc98/wd_cd.c +++ b/sys/pc98/pc98/wd_cd.c @@ -630,7 +630,7 @@ acdioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct thread *td) 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0); case CDIOCRESET: - error = suser_td(td); + error = suser(td); if (error) return (error); return acd_request_wait(cdp, ATAPI_TEST_UNIT_READY, diff --git a/sys/pccard/pccard.c b/sys/pccard/pccard.c index a65d618..964748b 100644 --- a/sys/pccard/pccard.c +++ b/sys/pccard/pccard.c @@ -52,10 +52,6 @@ #include <machine/md_var.h> -#if __FreeBSD_version < 500000 -#define suser_td(a) suser(a) -#endif - #define MIN(a,b) ((a)<(b)?(a):(b)) static int allocate_driver(struct slot *, struct dev_desc *); @@ -517,7 +513,7 @@ crdioctl(dev_t dev, u_long cmd, caddr_t data, int fflag, d_thread_t *td) * At the very least, we only allow root to set the context. */ case PIOCSMEM: - if (suser_td(td)) + if (suser(td)) return (EPERM); if (slt->state != filled) return (ENXIO); @@ -542,7 +538,7 @@ crdioctl(dev_t dev, u_long cmd, caddr_t data, int fflag, d_thread_t *td) * Set I/O port context. */ case PIOCSIO: - if (suser_td(td)) + if (suser(td)) return (EPERM); if (slt->state != filled) return (ENXIO); @@ -568,7 +564,7 @@ crdioctl(dev_t dev, u_long cmd, caddr_t data, int fflag, d_thread_t *td) *(unsigned long *)data = pccard_mem; break; } - if (suser_td(td)) + if (suser(td)) return (EPERM); /* * Validate the memory by checking it against the I/O @@ -600,7 +596,7 @@ crdioctl(dev_t dev, u_long cmd, caddr_t data, int fflag, d_thread_t *td) * Allocate a driver to this slot. */ case PIOCSDRV: - if (suser_td(td)) + if (suser(td)) return (EPERM); err = allocate_driver(slt, (struct dev_desc *)data); if (!err) diff --git a/sys/security/lomac/kernel_mmap.c b/sys/security/lomac/kernel_mmap.c index 72e31ee..8e5330d 100644 --- a/sys/security/lomac/kernel_mmap.c +++ b/sys/security/lomac/kernel_mmap.c @@ -307,7 +307,7 @@ mmap(td, uap) if (securelevel >= 1) disablexworkaround = 1; else - disablexworkaround = suser(p); + disablexworkaround = suser(td); if (vp->v_type == VCHR && disablexworkaround && (flags & (MAP_PRIVATE|MAP_COPY))) { error = EINVAL; diff --git a/sys/security/lomac/kernel_util.c b/sys/security/lomac/kernel_util.c index 21e4a7c..99cd6cb 100644 --- a/sys/security/lomac/kernel_util.c +++ b/sys/security/lomac/kernel_util.c @@ -233,7 +233,7 @@ kldload(struct thread* td, struct kldload_args* uap) mtx_lock(&Giant); - if ((error = suser_td(td)) != 0) + if ((error = suser(td)) != 0) goto out; pathname = malloc(MAXPATHLEN, M_TEMP, M_WAITOK); @@ -384,7 +384,7 @@ unmount(td, uap) if (!mediate_subject_at_level("unmount", td->td_proc, LOMAC_HIGHEST_LEVEL) || ((mp->mnt_stat.f_owner != td->td_ucred->cr_uid) && - (error = suser_td(td)))) { + (error = suser(td)))) { vput(vp); return (error); } diff --git a/sys/sys/systm.h b/sys/sys/systm.h index f98d1d7..10eb911 100644 --- a/sys/sys/systm.h +++ b/sys/sys/systm.h @@ -47,7 +47,7 @@ #include <sys/callout.h> extern int securelevel; /* system security level (see init(8)) */ -extern int suser_enabled; /* suser_xxx() is permitted to return 0 */ +extern int suser_enabled; /* suser() is permitted to return 0 */ extern int cold; /* nonzero if we are doing a cold boot */ extern const char *panicstr; /* panic message */ @@ -188,13 +188,11 @@ void startprofclock(struct proc *); void stopprofclock(struct proc *); void setstatclockrate(int hzrate); -/* flags for suser_xxx() */ +/* flags for suser() and suser_cred() */ #define PRISON_ROOT 1 -int suser(struct proc *); -int suser_td(struct thread *); -int suser_xxx(struct ucred *cred, struct proc *proc, int flag); -int suser_xxx_td(struct ucred *cred, struct thread *thread, int flag); +int suser(struct thread *td); +int suser_cred(struct ucred *cred, int flag); int cr_cansee(struct ucred *u1, struct ucred *u2); int cr_canseesocket(struct ucred *cred, struct socket *so); diff --git a/sys/sys/ucred.h b/sys/sys/ucred.h index d239c7d..7493a65 100644 --- a/sys/sys/ucred.h +++ b/sys/sys/ucred.h @@ -45,7 +45,7 @@ * Credentials. * * Please do not inspect cr_uid directly to determine superuserness. - * Only the suser()/suser_xxx() function should be used for this. + * Only the suser() or suser_cred() function should be used for this. */ struct ucred { u_int cr_ref; /* reference count */ diff --git a/sys/ufs/ffs/ffs_alloc.c b/sys/ufs/ffs/ffs_alloc.c index 0dd7269..3793f05 100644 --- a/sys/ufs/ffs/ffs_alloc.c +++ b/sys/ufs/ffs/ffs_alloc.c @@ -126,7 +126,7 @@ ffs_alloc(ip, lbn, bpref, size, cred, bnp) retry: if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0) goto nospace; - if (suser_xxx(cred, NULL, PRISON_ROOT) && + if (suser_cred(cred, PRISON_ROOT) && freespace(fs, fs->fs_minfree) - numfrags(fs, size) < 0) goto nospace; #ifdef QUOTA @@ -207,7 +207,7 @@ ffs_realloccg(ip, lbprev, bpref, osize, nsize, cred, bpp) #endif /* DIAGNOSTIC */ reclaimed = 0; retry: - if (suser_xxx(cred, NULL, PRISON_ROOT) && + if (suser_cred(cred, PRISON_ROOT) && freespace(fs, fs->fs_minfree) - numfrags(fs, nsize - osize) < 0) goto nospace; if ((bprev = ip->i_db[lbprev]) == 0) { diff --git a/sys/ufs/ffs/ffs_vfsops.c b/sys/ufs/ffs/ffs_vfsops.c index 67c7772..b283489 100644 --- a/sys/ufs/ffs/ffs_vfsops.c +++ b/sys/ufs/ffs/ffs_vfsops.c @@ -226,7 +226,7 @@ ffs_mount(mp, path, data, ndp, td) * If upgrade to read-write by non-root, then verify * that user has necessary permissions on the device. */ - if (suser_td(td)) { + if (suser(td)) { vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, td); if ((error = VOP_ACCESS(devvp, VREAD | VWRITE, td->td_ucred, td)) != 0) { @@ -307,7 +307,7 @@ ffs_mount(mp, path, data, ndp, td) * If mount by non-root, then verify that user has necessary * permissions on the device. */ - if (suser_td(td)) { + if (suser(td)) { accessmode = VREAD; if ((mp->mnt_flag & MNT_RDONLY) == 0) accessmode |= VWRITE; diff --git a/sys/ufs/ifs/ifs_vnops.c b/sys/ufs/ifs/ifs_vnops.c index 0407032..5bbfc44 100644 --- a/sys/ufs/ifs/ifs_vnops.c +++ b/sys/ufs/ifs/ifs_vnops.c @@ -269,7 +269,7 @@ ifs_makeinode(mode, dvp, vpp, cnp) if (DOINGSOFTDEP(tvp)) softdep_change_linkcnt(ip); if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && - suser_xxx(cnp->cn_cred, 0, 0)) + suser_cred(cnp->cn_cred, 0)) ip->i_mode &= ~ISGID; if (cnp->cn_flags & ISWHITEOUT) diff --git a/sys/ufs/ufs/ufs_extattr.c b/sys/ufs/ufs/ufs_extattr.c index 238acd8..2cb87fc 100644 --- a/sys/ufs/ufs/ufs_extattr.c +++ b/sys/ufs/ufs/ufs_extattr.c @@ -714,7 +714,7 @@ ufs_extattrctl(struct mount *mp, int cmd, struct vnode *filename_vp, * Processes with privilege, but in jail, are not allowed to * configure extended attributes. */ - if ((error = suser_xxx(td->td_ucred, td->td_proc, 0))) { + if ((error = suser(td))) { if (filename_vp != NULL) VOP_UNLOCK(filename_vp, 0, td); return (error); @@ -811,7 +811,7 @@ ufs_extattr_credcheck(struct vnode *vp, struct ufs_extattr_list_entry *uele, switch (uele->uele_attrnamespace) { case EXTATTR_NAMESPACE_SYSTEM: /* Potentially should be: return (EPERM); */ - return (suser_xxx(cred, td->td_proc, 0)); + return (suser_cred(cred, 0)); case EXTATTR_NAMESPACE_USER: return (VOP_ACCESS(vp, access, cred, td)); default: diff --git a/sys/ufs/ufs/ufs_quota.c b/sys/ufs/ufs/ufs_quota.c index d9091c8..0d893b4 100644 --- a/sys/ufs/ufs/ufs_quota.c +++ b/sys/ufs/ufs/ufs_quota.c @@ -150,7 +150,7 @@ chkdq(ip, change, cred, flags) } return (0); } - if ((flags & FORCE) == 0 && suser_xxx(cred, NULL, 0)) { + if ((flags & FORCE) == 0 && suser_cred(cred, 0)) { for (i = 0; i < MAXQUOTAS; i++) { if ((dq = ip->i_dquot[i]) == NODQUOT) continue; @@ -271,7 +271,7 @@ chkiq(ip, change, cred, flags) } return (0); } - if ((flags & FORCE) == 0 && suser_xxx(cred, NULL, 0)) { + if ((flags & FORCE) == 0 && suser_cred(cred, 0)) { for (i = 0; i < MAXQUOTAS; i++) { if ((dq = ip->i_dquot[i]) == NODQUOT) continue; diff --git a/sys/ufs/ufs/ufs_readwrite.c b/sys/ufs/ufs/ufs_readwrite.c index b098785..cf8a5a0 100644 --- a/sys/ufs/ufs/ufs_readwrite.c +++ b/sys/ufs/ufs/ufs_readwrite.c @@ -566,7 +566,7 @@ WRITE(ap) * tampering. */ if (resid > uio->uio_resid && ap->a_cred && - suser_xxx(ap->a_cred, NULL, PRISON_ROOT)) + suser_cred(ap->a_cred, PRISON_ROOT)) ip->i_mode &= ~(ISUID | ISGID); if (resid > uio->uio_resid) VN_KNOTE(vp, NOTE_WRITE | (extended ? NOTE_EXTEND : 0)); diff --git a/sys/ufs/ufs/ufs_vfsops.c b/sys/ufs/ufs/ufs_vfsops.c index c9176d9..f7ec4c2 100644 --- a/sys/ufs/ufs/ufs_vfsops.c +++ b/sys/ufs/ufs/ufs_vfsops.c @@ -119,7 +119,7 @@ ufs_quotactl(mp, cmds, uid, arg, td) break; /* fall through */ default: - if ((error = suser_xxx(0, td->td_proc, PRISON_ROOT)) != 0) + if ((error = suser_cred(td->td_ucred, PRISON_ROOT)) != 0) return (error); } diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c index 8ed1596..11f43a2 100644 --- a/sys/ufs/ufs/ufs_vnops.c +++ b/sys/ufs/ufs/ufs_vnops.c @@ -484,7 +484,7 @@ ufs_setattr(ap) * Privileged non-jail processes may not modify system flags * if securelevel > 0 and any existing system flags are set. */ - if (!suser_xxx(cred, NULL, PRISON_ROOT)) { + if (!suser_cred(cred, PRISON_ROOT)) { if (ip->i_flags & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { error = securelevel_gt(cred, 0); @@ -616,7 +616,7 @@ ufs_chmod(vp, mode, cred, td) * as well as set the setgid bit on a file with a group that the * process is not a member of. */ - if (suser_xxx(cred, NULL, PRISON_ROOT)) { + if (suser_cred(cred, PRISON_ROOT)) { if (vp->v_type != VDIR && (mode & S_ISTXT)) return (EFTYPE); if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) @@ -666,7 +666,7 @@ ufs_chown(vp, uid, gid, cred, td) */ if ((uid != ip->i_uid || (gid != ip->i_gid && !groupmember(gid, cred))) && - (error = suser_xxx(cred, td->td_proc, PRISON_ROOT))) + (error = suser_cred(cred, PRISON_ROOT))) return (error); ogid = ip->i_gid; ouid = ip->i_uid; @@ -733,7 +733,7 @@ good: panic("ufs_chown: lost quota"); #endif /* QUOTA */ ip->i_flag |= IN_CHANGE; - if (suser_xxx(cred, NULL, PRISON_ROOT) && (ouid != uid || ogid != gid)) + if (suser_cred(cred, PRISON_ROOT) && (ouid != uid || ogid != gid)) ip->i_mode &= ~(ISUID | ISGID); return (0); } @@ -2370,7 +2370,7 @@ ufs_makeinode(mode, dvp, vpp, cnp) if (DOINGSOFTDEP(tvp)) softdep_change_linkcnt(ip); if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) && - suser_xxx(cnp->cn_cred, NULL, PRISON_ROOT)) + suser_cred(cnp->cn_cred, PRISON_ROOT)) ip->i_mode &= ~ISGID; if (cnp->cn_flags & ISWHITEOUT) diff --git a/sys/vm/vm_mmap.c b/sys/vm/vm_mmap.c index 603ce6e..8b8b4f8 100644 --- a/sys/vm/vm_mmap.c +++ b/sys/vm/vm_mmap.c @@ -348,7 +348,7 @@ mmap(td, uap) if (securelevel_ge(td->td_ucred, 1)) disablexworkaround = 1; else - disablexworkaround = suser_td(td); + disablexworkaround = suser(td); if (vp->v_type == VCHR && disablexworkaround && (flags & (MAP_PRIVATE|MAP_COPY))) { error = EINVAL; @@ -1019,7 +1019,7 @@ mlock(td, uap) td->td_proc->p_rlimit[RLIMIT_MEMLOCK].rlim_cur) return (ENOMEM); #else - error = suser_td(td); + error = suser(td); if (error) return (error); #endif @@ -1100,7 +1100,7 @@ munlock(td, uap) return (EINVAL); #ifndef pmap_wired_count - error = suser_td(td); + error = suser(td); if (error) return (error); #endif diff --git a/sys/vm/vm_swap.c b/sys/vm/vm_swap.c index ac775be..f1f2271 100644 --- a/sys/vm/vm_swap.c +++ b/sys/vm/vm_swap.c @@ -197,7 +197,7 @@ swapon(td, uap) int error; mtx_lock(&Giant); - error = suser_td(td); + error = suser(td); if (error) goto done2; |