From 00b02345d424dac8a490ff28ff75fd9386196583 Mon Sep 17 00:00:00 2001 From: rwatson Date: Tue, 12 Jun 2007 00:12:01 +0000 Subject: Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in some cases, move to priv_check() if it was an operation on a thread and no other flags were present. Eliminate caller-side jail exception checking (also now-unused); jail privilege exception code now goes solely in kern_jail.c. We can't yet eliminate suser() due to some cases in the KAME code where a privilege check is performed and then used in many different deferred paths. Do, however, move those prototypes to priv.h. Reviewed by: csjp Obtained from: TrustedBSD Project --- sys/sys/priv.h | 12 ++++++++++++ sys/sys/systm.h | 6 ------ 2 files changed, 12 insertions(+), 6 deletions(-) (limited to 'sys/sys') diff --git a/sys/sys/priv.h b/sys/sys/priv.h index 2b215c8..e79cc40 100644 --- a/sys/sys/priv.h +++ b/sys/sys/priv.h @@ -466,6 +466,18 @@ struct thread; struct ucred; int priv_check(struct thread *td, int priv); int priv_check_cred(struct ucred *cred, int priv, int flags); + +/* + * Continue to support external modules that rely on suser(9) -- for now. + */ +int suser(struct thread *td); +int suser_cred(struct ucred *cred, int flags); + +/* + * For historical reasons, flags to priv_check_cred() retain the SUSER_ + * prefix. + */ +#define SUSER_RUID 2 #endif #endif /* !_SYS_PRIV_H_ */ diff --git a/sys/sys/systm.h b/sys/sys/systm.h index 817982c..c523378 100644 --- a/sys/sys/systm.h +++ b/sys/sys/systm.h @@ -234,12 +234,6 @@ void stopprofclock(struct proc *); void cpu_startprofclock(void); void cpu_stopprofclock(void); -/* flags for suser() and suser_cred() */ -#define SUSER_ALLOWJAIL 1 -#define SUSER_RUID 2 - -int suser(struct thread *td); -int suser_cred(struct ucred *cred, int flags); int cr_cansee(struct ucred *u1, struct ucred *u2); int cr_canseesocket(struct ucred *cred, struct socket *so); -- cgit v1.1