From owner-p4-projects@FreeBSD.ORG  Fri May 28 06:44:30 2004
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 6F2EE16A4D0; Fri, 28 May 2004 06:44:30 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 48B2716A4CE
	for <perforce@freebsd.org>; Fri, 28 May 2004 06:44:30 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 27CA443D41
	for <perforce@freebsd.org>; Fri, 28 May 2004 06:44:30 -0700 (PDT)
	(envelope-from cvance@nailabs.com)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.11/8.12.11) with ESMTP id i4SDhRim053342
	for <perforce@freebsd.org>; Fri, 28 May 2004 06:43:27 -0700 (PDT)
	(envelope-from cvance@nailabs.com)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.11/8.12.11/Submit) id i4SDhRmY053339
	for perforce@freebsd.org; Fri, 28 May 2004 06:43:27 -0700 (PDT)
	(envelope-from cvance@nailabs.com)
Date: Fri, 28 May 2004 06:43:27 -0700 (PDT)
Message-Id: <200405281343.i4SDhRmY053339@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	cvance@nailabs.com using -f
From: Chris Vance <cvance@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 53659 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 28 May 2004 13:44:31 -0000

http://perforce.freebsd.org/chv.cgi?CH=53659

Change 53659 by cvance@cvance_sony on 2004/05/28 06:43:25

	Consistently call cap_check_cred with a thread as the second 
	parameter.  It's ok to use a NULL thread (though it's odd that
	cap_check_cred even requires a thread, since it doesn't use it)

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/kern/kern_cap.c#6 edit
.. //depot/projects/trustedbsd/sebsd/sys/netinet/in_pcb.c#12 edit
.. //depot/projects/trustedbsd/sebsd/sys/netinet/raw_ip.c#11 edit
.. //depot/projects/trustedbsd/sebsd/sys/netinet6/in6_pcb.c#11 edit
.. //depot/projects/trustedbsd/sebsd/sys/netinet6/in6_src.c#8 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_cap.c#6 (text+ko) ====

@@ -153,5 +153,5 @@
 int
 cap_check(struct thread *td, cap_value_t cap)
 {
-	return cap_check_cred(td->td_ucred, cap, 0);
+	return cap_check_cred(td->td_ucred, td, cap, 0);
 }

==== //depot/projects/trustedbsd/sebsd/sys/netinet/in_pcb.c#12 (text+ko) ====

@@ -320,7 +320,7 @@
 			/* GROSS */
 			if (ntohs(lport) <= ipport_reservedhigh &&
 			    ntohs(lport) >= ipport_reservedlow &&
-			    cap_check_cred(cred, CAP_NET_BIND_SERVICE, PRISON_ROOT))
+			    cap_check_cred(cred, NULL, CAP_NET_BIND_SERVICE, PRISON_ROOT))
 				return (EACCES);
 			if (jailed(cred))
 				prison = 1;
@@ -395,7 +395,7 @@
 			last  = ipport_hilastauto;
 			lastport = &pcbinfo->lasthi;
 		} else if (inp->inp_flags & INP_LOWPORT) {
-			if ((error = cap_check_cred(cred, CAP_NET_BIND_SERVICE, PRISON_ROOT)) != 0)
+			if ((error = cap_check_cred(cred, NULL, CAP_NET_BIND_SERVICE, PRISON_ROOT)) != 0)
 				return error;
 			first = ipport_lowfirstauto;	/* 1023 */
 			last  = ipport_lowlastauto;	/* 600 */

==== //depot/projects/trustedbsd/sebsd/sys/netinet/raw_ip.c#11 (text+ko) ====

@@ -543,7 +543,7 @@
 		INP_INFO_WUNLOCK(&ripcbinfo);
 		return (EPERM);
 	}
-	if (td && (error = cap_check_cred(td->td_ucred, CAP_NET_RAW, PRISON_ROOT)) != 0) {
+	if (td && (error = cap_check_cred(td->td_ucred, td, CAP_NET_RAW, PRISON_ROOT)) != 0) {
 		INP_INFO_WUNLOCK(&ripcbinfo);
 		return error;
 	}

==== //depot/projects/trustedbsd/sebsd/sys/netinet6/in6_pcb.c#11 (text+ko) ====

@@ -188,7 +188,7 @@
 
 			/* GROSS */
 			if (ntohs(lport) < IPV6PORT_RESERVED &&
-			    cap_check_cred(cred, CAP_NET_BIND_SERVICE, PRISON_ROOT))
+			    cap_check_cred(cred, NULL, CAP_NET_BIND_SERVICE, PRISON_ROOT))
 				return (EACCES);
 			if (so->so_cred->cr_uid != 0 &&
 			    !IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) {

==== //depot/projects/trustedbsd/sebsd/sys/netinet6/in6_src.c#8 (text+ko) ====

@@ -760,7 +760,7 @@
 		last  = ipport_hilastauto;
 		lastport = &pcbinfo->lasthi;
 	} else if (inp->inp_flags & INP_LOWPORT) {
-		if ((error = cap_check_cred(cred, CAP_NET_BIND_SERVICE, 0)))
+		if ((error = cap_check_cred(cred, NULL, CAP_NET_BIND_SERVICE, 0)))
 			return error;
 		first = ipport_lowfirstauto;	/* 1023 */
 		last  = ipport_lowlastauto;	/* 600 */