From dc2e474f79c1287592679cd5e0c4c2307feccd60 Mon Sep 17 00:00:00 2001
From: jhb <jhb@FreeBSD.org>
Date: Mon, 1 Apr 2002 21:31:13 +0000
Subject: Change the suser() API to take advantage of td_ucred as well as do a
general cleanup of the API. The entire API now consists of two functions
similar to the pre-KSE API. The suser() function takes a thread pointer as
its only argument. The td_ucred member of this thread must be valid so the
only valid thread pointers are curthread and a few kernel threads such as
thread0. The suser_cred() function takes a pointer to a struct ucred as its
first argument and an integer flag as its second argument. The flag is
currently only used for the PRISON_ROOT flag.
Discussed on: smp@
---
sys/netinet/in.c | 6 +++---
sys/netinet/in_pcb.c | 7 +++----
sys/netinet/ip_divert.c | 2 +-
sys/netinet/ip_output.c | 2 +-
sys/netinet/raw_ip.c | 2 +-
sys/netinet/tcp_subr.c | 4 ++--
sys/netinet/tcp_timewait.c | 4 ++--
sys/netinet/udp_usrreq.c | 2 +-
8 files changed, 14 insertions(+), 15 deletions(-)
(limited to 'sys/netinet')
diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index eb4877d..6631f07 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -204,7 +204,7 @@ in_control(so, cmd, data, ifp, td)
switch (cmd) {
case SIOCALIFADDR:
case SIOCDLIFADDR:
- if (td && (error = suser_td(td)) != 0)
+ if (td && (error = suser(td)) != 0)
return error;
/*fall through*/
case SIOCGLIFADDR:
@@ -263,7 +263,7 @@ in_control(so, cmd, data, ifp, td)
case SIOCSIFADDR:
case SIOCSIFNETMASK:
case SIOCSIFDSTADDR:
- if (td && (error = suser_td(td)) != 0)
+ if (td && (error = suser(td)) != 0)
return error;
if (ifp == 0)
@@ -301,7 +301,7 @@ in_control(so, cmd, data, ifp, td)
break;
case SIOCSIFBRDADDR:
- if (td && (error = suser_td(td)) != 0)
+ if (td && (error = suser(td)) != 0)
return error;
/* FALLTHROUGH */
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 7631c44..be95188 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -178,7 +178,6 @@ in_pcbbind(inp, nam, td)
struct sockaddr *nam;
struct thread *td;
{
- struct proc *p = td->td_proc;
register struct socket *so = inp->inp_socket;
unsigned short *lastport;
struct sockaddr_in *sin;
@@ -228,8 +227,8 @@ in_pcbbind(inp, nam, td)
if (lport) {
struct inpcb *t;
/* GROSS */
- if (ntohs(lport) < IPPORT_RESERVED && p &&
- suser_xxx(0, p, PRISON_ROOT))
+ if (ntohs(lport) < IPPORT_RESERVED && td &&
+ suser_cred(td->td_ucred, PRISON_ROOT))
return (EACCES);
if (td && jailed(td->td_ucred))
prison = 1;
@@ -292,7 +291,7 @@ in_pcbbind(inp, nam, td)
last = ipport_hilastauto;
lastport = &pcbinfo->lasthi;
} else if (inp->inp_flags & INP_LOWPORT) {
- if (p && (error = suser_xxx(0, p, PRISON_ROOT))) {
+ if (td && (error = suser_cred(td->td_ucred, PRISON_ROOT))) {
inp->inp_laddr.s_addr = INADDR_ANY;
return error;
}
diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c
index 25a5329..5650d26 100644
--- a/sys/netinet/ip_divert.c
+++ b/sys/netinet/ip_divert.c
@@ -345,7 +345,7 @@ div_attach(struct socket *so, int proto, struct thread *td)
inp = sotoinpcb(so);
if (inp)
panic("div_attach");
- if (td && (error = suser_td(td)) != 0)
+ if (td && (error = suser(td)) != 0)
return error;
error = soreserve(so, div_sendspace, div_recvspace);
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index f456456..d3628f1 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1286,7 +1286,7 @@ ip_ctloutput(so, sopt)
if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */
break;
priv = (sopt->sopt_td != NULL &&
- suser_td(sopt->sopt_td) != 0) ? 0 : 1;
+ suser(sopt->sopt_td) != 0) ? 0 : 1;
req = mtod(m, caddr_t);
len = m->m_len;
optname = sopt->sopt_name;
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c
index 60d3988..3b44d02 100644
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c
@@ -467,7 +467,7 @@ rip_attach(struct socket *so, int proto, struct thread *td)
inp = sotoinpcb(so);
if (inp)
panic("rip_attach");
- if (td && (error = suser_td(td)) != 0)
+ if (td && (error = suser(td)) != 0)
return error;
error = soreserve(so, rip_sendspace, rip_recvspace);
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index db910e0..63af863 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -907,7 +907,7 @@ tcp_getcred(SYSCTL_HANDLER_ARGS)
struct inpcb *inp;
int error, s;
- error = suser_xxx(0, req->td->td_proc, PRISON_ROOT);
+ error = suser_cred(req->td->td_ucred, PRISON_ROOT);
if (error)
return (error);
error = SYSCTL_IN(req, addrs, sizeof(addrs));
@@ -943,7 +943,7 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS)
struct inpcb *inp;
int error, s, mapped = 0;
- error = suser_xxx(0, req->td->td_proc, PRISON_ROOT);
+ error = suser_cred(req->td->td_ucred, PRISON_ROOT);
if (error)
return (error);
error = SYSCTL_IN(req, addrs, sizeof(addrs));
diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c
index db910e0..63af863 100644
--- a/sys/netinet/tcp_timewait.c
+++ b/sys/netinet/tcp_timewait.c
@@ -907,7 +907,7 @@ tcp_getcred(SYSCTL_HANDLER_ARGS)
struct inpcb *inp;
int error, s;
- error = suser_xxx(0, req->td->td_proc, PRISON_ROOT);
+ error = suser_cred(req->td->td_ucred, PRISON_ROOT);
if (error)
return (error);
error = SYSCTL_IN(req, addrs, sizeof(addrs));
@@ -943,7 +943,7 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS)
struct inpcb *inp;
int error, s, mapped = 0;
- error = suser_xxx(0, req->td->td_proc, PRISON_ROOT);
+ error = suser_cred(req->td->td_ucred, PRISON_ROOT);
if (error)
return (error);
error = SYSCTL_IN(req, addrs, sizeof(addrs));
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 79ada7f..04e68f9 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -636,7 +636,7 @@ udp_getcred(SYSCTL_HANDLER_ARGS)
struct inpcb *inp;
int error, s;
- error = suser_xxx(0, req->td->td_proc, PRISON_ROOT);
+ error = suser_cred(req->td->td_ucred, PRISON_ROOT);
if (error)
return (error);
error = SYSCTL_IN(req, addrs, sizeof(addrs));
--
cgit v1.1