From owner-p4-projects Mon Mar 25 10:25:41 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 6992537B417; Mon, 25 Mar 2002 10:25:23 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 9FAF537B405 for ; Mon, 25 Mar 2002 10:25:21 -0800 (PST) Received: (from perforce@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g2PIPLH68130 for perforce@freebsd.org; Mon, 25 Mar 2002 10:25:21 -0800 (PST) (envelope-from jhb@freebsd.org) Date: Mon, 25 Mar 2002 10:25:21 -0800 (PST) Message-Id: <200203251825.g2PIPLH68130@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to jhb@freebsd.org using -f From: John Baldwin Subject: PERFORCE change 8383 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=8383 Change 8383 by jhb@jhb_laptop on 2002/03/25 10:24:57 Integ the new suser() API from jhb_proc. Affected files ... ... //depot/projects/smpng/sys/kern/kern_prot.c#48 integrate ... //depot/projects/smpng/sys/sys/systm.h#25 integrate Differences ... ==== //depot/projects/smpng/sys/kern/kern_prot.c#48 (text+ko) ==== @@ -1266,58 +1266,35 @@ /* * Test whether the specified credentials imply "super-user" privilege. - * Return 0 or EPERM. + * Return 0 or EPERM. The flag argument is currently used only to + * specify jail interaction. */ int -suser(p) - struct proc *p; +suser_cred(cred, flag) + struct ucred *cred; + int flag; { - return (suser_xxx(0, p, 0)); + if (!suser_enabled) + return (EPERM); + if (cred->cr_uid != 0) + return (EPERM); + if (jailed(cred) && !(flag & PRISON_ROOT)) + return (EPERM); + return (0); } /* - * version for when the thread pointer is available and not the proc. - * (saves having to include proc.h into every file that needs to do the change.) + * Shortcut to hide contents of struct td and struct proc from the + * caller, promoting binary compatibility. */ int -suser_td(td) +suser(td, flag) struct thread *td; -{ - return (suser_xxx(0, td->td_proc, 0)); -} - -/* - * wrapper to use if you have the thread on hand but not the proc. - */ -int -suser_xxx_td(cred, td, flag) - struct ucred *cred; - struct thread *td; int flag; { - return(suser_xxx(cred, td->td_proc, flag)); -} -int -suser_xxx(cred, proc, flag) - struct ucred *cred; - struct proc *proc; - int flag; -{ - if (!suser_enabled) - return (EPERM); - if (!cred && !proc) { - printf("suser_xxx(): THINK!\n"); - return (EPERM); - } - if (cred == NULL) - cred = proc->p_ucred; - if (cred->cr_uid != 0) - return (EPERM); - if (jailed(cred) && !(flag & PRISON_ROOT)) - return (EPERM); - return (0); + return (suser_cred(td->td_ucred, flag)); } /* ==== //depot/projects/smpng/sys/sys/systm.h#25 (text+ko) ==== @@ -47,7 +47,7 @@ #include extern int securelevel; /* system security level (see init(8)) */ -extern int suser_enabled; /* suser_xxx() is permitted to return 0 */ +extern int suser_enabled; /* suser() is permitted to return 0 */ extern int cold; /* nonzero if we are doing a cold boot */ extern const char *panicstr; /* panic message */ @@ -192,13 +192,11 @@ void stopprofclock(struct proc *); void setstatclockrate(int hzrate); -/* flags for suser_xxx() */ +/* flags for suser() and suser_cred() */ #define PRISON_ROOT 1 -int suser(struct proc *); -int suser_td(struct thread *); -int suser_xxx(struct ucred *cred, struct proc *proc, int flag); -int suser_xxx_td(struct ucred *cred, struct thread *thread, int flag); +int suser(struct thread *td, int flag); +int suser_cred(struct ucred *cred, int flag); int cr_cansee(struct ucred *u1, struct ucred *u2); int cr_canseesocket(struct ucred *cred, struct socket *so); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message