Date: Mon, 25 Mar 2002 10:40:40 -0800 (PST) From: John Baldwin <jhb@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 8385 for review Message-ID: <200203251840.g2PIee770355@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=8385 Change 8385 by jhb@jhb_laptop on 2002/03/25 10:39:57 Integ of first round of suser() API changes. Affected files ... ... //depot/projects/smpng/sys/alpha/alpha/promcons.c#8 integrate ... //depot/projects/smpng/sys/alpha/alpha/sys_machdep.c#7 integrate ... //depot/projects/smpng/sys/alpha/tlsb/zs_tlsb.c#6 integrate ... //depot/projects/smpng/sys/compat/svr4/svr4_stat.c#6 integrate ... //depot/projects/smpng/sys/dev/an/if_an.c#15 integrate ... //depot/projects/smpng/sys/dev/asr/asr.c#8 integrate ... //depot/projects/smpng/sys/dev/ata/atapi-cd.c#15 integrate ... //depot/projects/smpng/sys/dev/awi/awi.c#4 integrate ... //depot/projects/smpng/sys/dev/awi/awi_wep.c#4 integrate ... //depot/projects/smpng/sys/dev/awi/awi_wicfg.c#4 integrate ... //depot/projects/smpng/sys/dev/cnw/if_cnw.c#4 integrate ... //depot/projects/smpng/sys/dev/random/randomdev.c#7 integrate ... //depot/projects/smpng/sys/dev/sbni/if_sbni.c#3 integrate ... //depot/projects/smpng/sys/dev/wi/if_wi.c#19 integrate ... //depot/projects/smpng/sys/fs/devfs/devfs_vnops.c#10 integrate ... //depot/projects/smpng/sys/fs/procfs/procfs_ioctl.c#4 integrate ... //depot/projects/smpng/sys/i386/i386/vm86.c#5 integrate ... //depot/projects/smpng/sys/i4b/driver/i4b_ipr.c#5 integrate ... //depot/projects/smpng/sys/ia64/ia64/ssc.c#5 integrate ... //depot/projects/smpng/sys/kern/kern_sysctl.c#13 integrate ... //depot/projects/smpng/sys/net/if_ppp.c#8 integrate ... //depot/projects/smpng/sys/net/rtsock.c#13 integrate ... //depot/projects/smpng/sys/netinet6/ip6_input.c#6 integrate ... //depot/projects/smpng/sys/netinet6/udp6_usrreq.c#8 integrate ... //depot/projects/smpng/sys/nfsclient/nfs_lock.c#15 integrate ... //depot/projects/smpng/sys/security/lomac/kernel_mmap.c#6 integrate Differences ... ==== //depot/projects/smpng/sys/alpha/alpha/promcons.c#8 (text+ko) ==== @@ -123,7 +123,7 @@ ttsetwater(tp); setuptimeout = 1; - } else if ((tp->t_state & TS_XCLUDE) && suser(td->td_proc)) { + } else if ((tp->t_state & TS_XCLUDE) && suser(td, 0)) { splx(s); return EBUSY; } ==== //depot/projects/smpng/sys/alpha/alpha/sys_machdep.c#7 (text+ko) ==== @@ -118,7 +118,7 @@ if (error) return (error); - error = suser(td->td_proc); + error = suser(td, 0); if (error) return (error); ==== //depot/projects/smpng/sys/alpha/tlsb/zs_tlsb.c#6 (text+ko) ==== @@ -290,7 +290,7 @@ tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED; ttsetwater(tp); setuptimeout = 1; - } else if ((tp->t_state & TS_XCLUDE) && suser(td->td_proc)) { + } else if ((tp->t_state & TS_XCLUDE) && suser(td, 0)) { splx(s); return EBUSY; } ==== //depot/projects/smpng/sys/compat/svr4/svr4_stat.c#6 (text+ko) ==== @@ -559,13 +559,13 @@ break; #if defined(WHY_DOES_AN_EMULATOR_WANT_TO_SET_HOSTNAMES) case SVR4_SI_SET_HOSTNAME: - if ((error = suser(p)) != 0) + if ((error = suser(td, 0)) != 0) return error; name = KERN_HOSTNAME; return kern_sysctl(&name, 1, 0, 0, SCARG(uap, buf), rlen, td); case SVR4_SI_SET_SRPC_DOMAIN: - if ((error = suser(p)) != 0) + if ((error = suser(td, 0)) != 0) return error; name = KERN_NISDOMAINNAME; return kern_sysctl(&name, 1, 0, 0, SCARG(uap, buf), rlen, td); ==== //depot/projects/smpng/sys/dev/an/if_an.c#15 (text+ko) ==== @@ -1266,7 +1266,8 @@ int i; struct an_softc *sc; struct ifreq *ifr; - struct proc *p = curproc; + struct thread *td = curthread; + struct proc *p = td->td_proc; struct ieee80211req *ireq; u_int8_t tmpstr[IEEE80211_NWID_LEN*2]; u_int8_t *tmpptr; @@ -1353,7 +1354,7 @@ error = copyout(&sc->areq, ifr->ifr_data, sizeof(sc->areq)); break; case SIOCSAIRONET: - if ((error = suser(p))) + if ((error = suser(td, 0))) goto out; error = copyin(ifr->ifr_data, &sc->areq, sizeof(sc->areq)); if (error != 0) @@ -1614,7 +1615,7 @@ } break; case SIOCS80211: - if ((error = suser(p))) + if ((error = suser(td, 0))) goto out; sc->areq.an_len = sizeof(sc->areq); /* ==== //depot/projects/smpng/sys/dev/asr/asr.c#8 (text+ko) ==== @@ -3880,7 +3880,7 @@ s = splcam (); if (ASR_ctlr_held) { error = EBUSY; - } else if ((error = suser(td->td_proc)) == 0) { + } else if ((error = suser(td, 0)) == 0) { ++ASR_ctlr_held; } splx(s); ==== //depot/projects/smpng/sys/dev/ata/atapi-cd.c#15 (text+ko) ==== @@ -576,7 +576,7 @@ break; case CDIOCRESET: - error = suser(td->td_proc); + error = suser(td, 0); if (error) break; error = atapi_test_ready(cdp->device); ==== //depot/projects/smpng/sys/dev/awi/awi.c#4 (text+ko) ==== @@ -521,7 +521,11 @@ break; case SIOCS80211NWID: #ifdef __FreeBSD__ +#if __FreeBSD__ >= 5 + error = suser(curthread, 0); +#else error = suser(curproc); +#endif if (error) break; #endif @@ -555,7 +559,11 @@ break; case SIOCS80211NWKEY: #ifdef __FreeBSD__ +#if __FreeBSD__ >= 5 + error = suser(curthread, 0); +#else error = suser(curproc); +#endif if (error) break; #endif @@ -613,7 +621,11 @@ error = awi_wep_getkey(sc, ireq->i_val, tmpstr, &len); if(error) break; +#if __FreeBSD__ >= 5 + if(!suser(curthread, 0)) +#else if(!suser(curproc)) +#endif bzero(tmpstr, len); ireq->i_len = len; error = copyout(tmpstr, ireq->i_data, len); @@ -650,7 +662,11 @@ } break; case SIOCS80211: +#if __FreeBSD__ >= 5 + error = suser(curthread, 0); +#else error = suser(curproc); +#endif if(error) break; switch(ireq->i_type) { ==== //depot/projects/smpng/sys/dev/awi/awi_wep.c#4 (text+ko) ==== @@ -189,7 +189,11 @@ nwkey->i_defkid = sc->sc_wep_defkid + 1; /* do not show any keys to non-root user */ #ifdef __FreeBSD__ +#if __FreeBSD__ >= 5 + suerr = suser(curthread, 0); +#else suerr = suser(curproc); +#endif #else suerr = suser(curproc->p_ucred, &curproc->p_acflag); #endif ==== //depot/projects/smpng/sys/dev/awi/awi_wicfg.c#4 (text+ko) ==== @@ -108,7 +108,11 @@ break; case SIOCSWAVELAN: #ifdef __FreeBSD__ +#if __FreeBSD__ >= 5 + error = suser(curthread, 0); +#else error = suser(curproc); +#endif #else error = suser(curproc->p_ucred, &curproc->p_acflag); #endif @@ -272,7 +276,11 @@ keys = (struct wi_ltv_keys *)&wreq; /* do not show keys to non-root user */ #ifdef __FreeBSD__ +#if __FreeBSD__ >= 5 + error = suser(curthread, 0); +#else error = suser(curproc); +#endif #else error = suser(curproc->p_ucred, &curproc->p_acflag); #endif ==== //depot/projects/smpng/sys/dev/cnw/if_cnw.c#4 (text+ko) ==== @@ -1239,7 +1239,12 @@ #endif struct ifreq *ifr = (struct ifreq *)data; int s, error = 0; +#if defined(__FreeBSD__) && __FreeBSD__ >= 5 + struct thread *td = curthread; /* XXX */ + struct proc *p = td->td_proc; +#else struct proc *p = curproc; /*XXX*/ +#endif s = splnet(); @@ -1331,8 +1336,12 @@ #if !defined(__FreeBSD__) error = suser(p->p_ucred, &p->p_acflag); #else +#if __FreeBSD__ >= 5 + error = suser(td, 0); +#else error = suser(p); #endif +#endif if (error) break; error = cnw_setdomain(sc, ifr->ifr_domain); @@ -1342,8 +1351,12 @@ #if !defined(__FreeBSD__) error = suser(p->p_ucred, &p->p_acflag); #else +#if __FreeBSD__ >= 5 + error = suser(td, 0); +#else error = suser(p); #endif +#endif if (error) break; error = cnw_setkey(sc, (int)ifr->ifr_key); @@ -1353,8 +1366,12 @@ #if !defined(__FreeBSD__) error = suser(p->p_ucred, &p->p_acflag); #else +#if __FreeBSD__ >= 5 + error = suser(td, 0); +#else error = suser(p); #endif +#endif if (error) break; if ((ifp->if_flags & IFF_RUNNING) == 0) ==== //depot/projects/smpng/sys/dev/random/randomdev.c#7 (text+ko) ==== @@ -147,7 +147,7 @@ int error; if (flags & FWRITE) { - error = suser(td->td_proc); + error = suser(td, 0); if (error) return (error); error = securelevel_gt(td->td_ucred, 0); @@ -162,7 +162,7 @@ random_close(dev_t dev __unused, int flags, int fmt __unused, struct thread *td) { if (flags & FWRITE) { - if (!(suser(td->td_proc) || + if (!(suser(td, 0) || securelevel_gt(td->td_ucred, 0))) random_reseed(); } ==== //depot/projects/smpng/sys/dev/sbni/if_sbni.c#3 (text+ko) ==== @@ -1042,6 +1042,7 @@ { struct sbni_softc *sc; struct ifreq *ifr; + struct thread *td; struct proc *p; struct sbni_in_stats *in_stats; struct sbni_flags flags; @@ -1049,7 +1050,8 @@ sc = ifp->if_softc; ifr = (struct ifreq *)data; - p = curproc; + td = curthread; + p = td->td_proc; error = 0; s = splimp(); @@ -1114,7 +1116,7 @@ case SIOCSHWFLAGS: /* set flags */ /* root only */ - error = suser(p); + error = suser(td, 0); if (error) break; flags = *(struct sbni_flags*)&ifr->ifr_data; @@ -1136,7 +1138,7 @@ break; case SIOCRINSTATS: - if (!(error = suser(p))) /* root only */ + if (!(error = suser(td, 0))) /* root only */ bzero(&sc->in_stats, sizeof(struct sbni_in_stats)); break; ==== //depot/projects/smpng/sys/dev/wi/if_wi.c#19 (text+ko) ==== @@ -1540,7 +1540,8 @@ struct wi_req wreq; struct ifreq *ifr; struct ieee80211req *ireq; - struct proc *p = curproc; + struct thread *td = curthread; + struct proc *p = td->td_proc; sc = ifp->if_softc; WI_LOCK(sc); @@ -1592,7 +1593,7 @@ if (error) break; /* Don't show WEP keys to non-root users. */ - if (wreq.wi_type == WI_RID_DEFLT_CRYPT_KEYS && suser(p)) + if (wreq.wi_type == WI_RID_DEFLT_CRYPT_KEYS && suser(td, 0)) break; if (wreq.wi_type == WI_RID_IFACE_STATS) { bcopy((char *)&sc->wi_stats, (char *)&wreq.wi_val, @@ -1626,7 +1627,7 @@ error = copyout(&wreq, ifr->ifr_data, sizeof(wreq)); break; case SIOCSWAVELAN: - if ((error = suser(p))) + if ((error = suser(td, 0))) goto out; error = copyin(ifr->ifr_data, &wreq, sizeof(wreq)); if (error) @@ -1685,7 +1686,7 @@ break; } len = sc->wi_keys.wi_keys[ireq->i_val].wi_keylen; - if (suser(p)) + if (suser(td, 0)) bcopy(sc->wi_keys.wi_keys[ireq->i_val].wi_keydat, tmpkey, len); else @@ -1738,7 +1739,7 @@ } break; case SIOCS80211: - if ((error = suser(p))) + if ((error = suser(td, 0))) goto out; switch(ireq->i_type) { case IEEE80211_IOC_SSID: ==== //depot/projects/smpng/sys/fs/devfs/devfs_vnops.c#10 (text+ko) ==== @@ -718,8 +718,7 @@ if (uid != de->de_uid || gid != de->de_gid) { if (((ap->a_cred->cr_uid != de->de_uid) || uid != de->de_uid || (gid != de->de_gid && !groupmember(gid, ap->a_cred))) && - (error = suser_xxx(NULL, ap->a_td->td_proc, - PRISON_ROOT)) != 0) + (error = suser(ap->a_td, PRISON_ROOT)) != 0) return (error); de->de_uid = uid; de->de_gid = gid; @@ -736,21 +735,21 @@ if (vap->va_mode != (mode_t)VNOVAL) { if ((ap->a_cred->cr_uid != de->de_uid) && - (error = suser_xxx(NULL, ap->a_td->td_proc, PRISON_ROOT))) + (error = suser(ap->a_td, PRISON_ROOT))) return (error); de->de_mode = vap->va_mode; c = 1; } if (vap->va_atime.tv_sec != VNOVAL) { if ((ap->a_cred->cr_uid != de->de_uid) && - (error = suser_xxx(NULL, ap->a_td->td_proc, PRISON_ROOT))) + (error = suser(ap->a_td, PRISON_ROOT))) return (error); de->de_atime = vap->va_atime; c = 1; } if (vap->va_mtime.tv_sec != VNOVAL) { if ((ap->a_cred->cr_uid != de->de_uid) && - (error = suser_xxx(NULL, ap->a_td->td_proc, PRISON_ROOT))) + (error = suser(ap->a_td, PRISON_ROOT))) return (error); de->de_mtime = vap->va_mtime; c = 1; @@ -776,7 +775,7 @@ struct devfs_dirent *de; struct devfs_mount *dmp; - error = suser(ap->a_cnp->cn_thread->td_proc); + error = suser(ap->a_cnp->cn_thread, 0); if (error) return(error); dmp = VFSTODEVFS(ap->a_dvp->v_mount); ==== //depot/projects/smpng/sys/fs/procfs/procfs_ioctl.c#4 (text+ko) ==== @@ -59,7 +59,7 @@ break; case PIOCSFL: flags = *(unsigned int *)data; - if (flags & PF_ISUGID && (error = suser(td->td_proc)) != 0) + if (flags & PF_ISUGID && (error = suser(td, 0)) != 0) break; p->p_pfsflags = flags; break; ==== //depot/projects/smpng/sys/i386/i386/vm86.c#5 (text+ko) ==== @@ -716,7 +716,7 @@ case VM86_INTCALL: { struct vm86_intcall_args sa; - if ((error = suser(p))) + if ((error = suser(td, 0))) return (error); if ((error = copyin(ua.sub_args, &sa, sizeof(sa)))) return (error); ==== //depot/projects/smpng/sys/i4b/driver/i4b_ipr.c#5 (text+ko) ==== @@ -481,9 +481,9 @@ #ifdef IPR_VJ case IPRIOCSMAXCID: { - struct proc *p = curproc; /* XXX */ + struct thread *td = curthread; /* XXX */ - if((error = suser(p)) != 0) + if((error = suser(td, 0))) return (error); sl_compress_setup(sc->sc_compr, *(int *)data); } ==== //depot/projects/smpng/sys/ia64/ia64/ssc.c#5 (text+ko) ==== @@ -164,7 +164,7 @@ ttsetwater(tp); setuptimeout = 1; - } else if ((tp->t_state & TS_XCLUDE) && suser(td->td_proc)) { + } else if ((tp->t_state & TS_XCLUDE) && suser(td, 0)) { splx(s); return EBUSY; } ==== //depot/projects/smpng/sys/kern/kern_sysctl.c#13 (text+ko) ==== @@ -463,7 +463,7 @@ { int error; - error = suser(req->td->td_proc); + error = suser(req->td, 0); if (error) return error; sysctl_sysctl_debug_dump_node(&sysctl__children, 0); ==== //depot/projects/smpng/sys/net/if_ppp.c#8 (text+ko) ==== @@ -376,7 +376,7 @@ break; case PPPIOCSFLAGS: - if ((error = suser(p)) != 0) + if ((error = suser(td, 0)) != 0) break; flags = *(int *)data & SC_MASK; s = splsoftnet(); @@ -390,7 +390,7 @@ break; case PPPIOCSMRU: - if ((error = suser(p)) != 0) + if ((error = suser(td, 0)) != 0) return (error); mru = *(int *)data; if (mru >= PPP_MRU && mru <= PPP_MAXMRU) @@ -403,7 +403,7 @@ #ifdef VJC case PPPIOCSMAXCID: - if ((error = suser(p)) != 0) + if ((error = suser(td, 0)) != 0) break; if (sc->sc_comp) { s = splsoftnet(); @@ -414,14 +414,14 @@ #endif case PPPIOCXFERUNIT: - if ((error = suser(p)) != 0) + if ((error = suser(td, 0)) != 0) break; sc->sc_xfer = p->p_pid; break; #ifdef PPP_COMPRESS case PPPIOCSCOMPRESS: - if ((error = suser(p)) != 0) + if ((error = suser(td, 0)) != 0) break; odp = (struct ppp_option_data *) data; nb = odp->length; @@ -497,7 +497,7 @@ if (cmd == PPPIOCGNPMODE) { npi->mode = sc->sc_npmode[npx]; } else { - if ((error = suser(p)) != 0) + if ((error = suser(td, 0)) != 0) break; if (npi->mode != sc->sc_npmode[npx]) { s = splsoftnet(); @@ -623,7 +623,7 @@ break; case SIOCSIFMTU: - if ((error = suser(p)) != 0) + if ((error = suser(td, 0)) != 0) break; if (ifr->ifr_mtu > PPP_MAXMTU) error = EINVAL; ==== //depot/projects/smpng/sys/net/rtsock.c#13 (text+ko) ==== @@ -332,7 +332,7 @@ * Verify that the caller has the appropriate privilege; RTM_GET * is the only operation the non-superuser is allowed. */ - if (rtm->rtm_type != RTM_GET && (error = suser(curproc)) != 0) + if (rtm->rtm_type != RTM_GET && (error = suser(curthread, 0)) != 0) senderr(error); switch (rtm->rtm_type) { ==== //depot/projects/smpng/sys/netinet6/ip6_input.c#6 (text+ko) ==== @@ -1134,12 +1134,21 @@ struct ip6_hdr *ip6; struct mbuf *m; { +#if __FreeBSD__ >= 5 + struct thread *td = curthread; /* XXX */ + struct proc *p = td->td_proc; +#else struct proc *p = curproc; /* XXX */ +#endif int privileged = 0; int rthdr_exist = 0; +#if __FreeBSD__ >= 5 + if (!suser(td, 0)) +#else if (p && !suser(p)) +#endif privileged++; #ifdef SO_TIMESTAMP ==== //depot/projects/smpng/sys/netinet6/udp6_usrreq.c#8 (text+ko) ==== @@ -466,7 +466,7 @@ struct inpcb *inp; int error, s; - error = suser(req->td->td_proc); + error = suser(req->td, 0); if (error) return (error); ==== //depot/projects/smpng/sys/nfsclient/nfs_lock.c#15 (text+ko) ==== @@ -241,7 +241,7 @@ * * XXX This authorization check is probably not right. */ - if ((error = suser(td->td_proc)) != 0 && + if ((error = suser(td, 0)) != 0 && td->td_ucred->cr_svuid != 0) return (error); ==== //depot/projects/smpng/sys/security/lomac/kernel_mmap.c#6 (text+ko) ==== @@ -307,7 +307,7 @@ if (securelevel >= 1) disablexworkaround = 1; else - disablexworkaround = suser(p); + disablexworkaround = suser(td, 0); if (vp->v_type == VCHR && disablexworkaround && (flags & (MAP_PRIVATE|MAP_COPY))) { error = EINVAL; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203251840.g2PIee770355>