Date: Wed, 10 Nov 2004 14:43:01 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 64819 for review Message-ID: <200411101443.iAAEh1lm021625@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=64819 Change 64819 by rwatson@rwatson_tislabs on 2004/11/10 14:42:58 Clean up some other suser-related loose ends from the integ: - Remove unneeded thread argument to cap_check_cred() to match suser_cred() API in FreeBSD. - Catch up with event handler changes for device cloning: use struct cdev instead of dev_t. - Replace vfs_suser() with vfs_cap_check(), but use u_int64_t for the cap argument for now due to type issues. We need to revisit this. Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/alpha/osf1/osf1_misc.c#8 edit .. //depot/projects/trustedbsd/sebsd/sys/compat/linux/linux_misc.c#10 edit .. //depot/projects/trustedbsd/sebsd/sys/compat/linux/linux_uid16.c#7 edit .. //depot/projects/trustedbsd/sebsd/sys/fs/devfs/devfs_vnops.c#10 edit .. //depot/projects/trustedbsd/sebsd/sys/fs/hpfs/hpfs_vnops.c#7 edit .. //depot/projects/trustedbsd/sebsd/sys/fs/msdosfs/msdosfs_vnops.c#10 edit .. //depot/projects/trustedbsd/sebsd/sys/fs/smbfs/smbfs_vnops.c#10 edit .. //depot/projects/trustedbsd/sebsd/sys/gnu/ext2fs/ext2_vnops.c#10 edit .. //depot/projects/trustedbsd/sebsd/sys/kern/kern_acl.c#7 edit .. //depot/projects/trustedbsd/sebsd/sys/kern/kern_cap.c#7 edit .. //depot/projects/trustedbsd/sebsd/sys/kern/kern_conf.c#10 edit .. //depot/projects/trustedbsd/sebsd/sys/kern/kern_exec.c#15 edit .. //depot/projects/trustedbsd/sebsd/sys/kern/kern_ktrace.c#10 edit .. //depot/projects/trustedbsd/sebsd/sys/kern/kern_prot.c#11 edit .. //depot/projects/trustedbsd/sebsd/sys/kern/kern_resource.c#9 edit .. //depot/projects/trustedbsd/sebsd/sys/kern/kern_sysctl.c#9 edit .. //depot/projects/trustedbsd/sebsd/sys/kern/vfs_mount.c#15 edit .. //depot/projects/trustedbsd/sebsd/sys/kern/vfs_subr.c#12 edit .. //depot/projects/trustedbsd/sebsd/sys/kern/vfs_syscalls.c#14 edit .. //depot/projects/trustedbsd/sebsd/sys/netinet/in_pcb.c#14 edit .. //depot/projects/trustedbsd/sebsd/sys/netinet/raw_ip.c#13 edit .. //depot/projects/trustedbsd/sebsd/sys/netinet/tcp_subr.c#13 edit .. //depot/projects/trustedbsd/sebsd/sys/netinet/udp_usrreq.c#12 edit .. //depot/projects/trustedbsd/sebsd/sys/netinet6/in6_pcb.c#13 edit .. //depot/projects/trustedbsd/sebsd/sys/netinet6/in6_src.c#9 edit .. //depot/projects/trustedbsd/sebsd/sys/netncp/ncp_conn.c#6 edit .. //depot/projects/trustedbsd/sebsd/sys/netncp/ncp_mod.c#8 edit .. //depot/projects/trustedbsd/sebsd/sys/netsmb/smb_subr.h#7 edit .. //depot/projects/trustedbsd/sebsd/sys/nfsclient/nfs_vfsops.c#12 edit .. //depot/projects/trustedbsd/sebsd/sys/sys/capability.h#5 edit .. //depot/projects/trustedbsd/sebsd/sys/sys/conf.h#11 edit .. //depot/projects/trustedbsd/sebsd/sys/sys/mount.h#12 edit .. //depot/projects/trustedbsd/sebsd/sys/ufs/ffs/ffs_alloc.c#9 edit .. //depot/projects/trustedbsd/sebsd/sys/ufs/ufs/ufs_quota.c#9 edit .. //depot/projects/trustedbsd/sebsd/sys/ufs/ufs/ufs_vnops.c#9 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/alpha/osf1/osf1_misc.c#8 (text+ko) ==== @@ -1043,7 +1043,7 @@ oldcred = p->p_ucred; if (uid != oldcred->cr_ruid && uid != oldcred->cr_svuid - && (error = cap_check_cred(p->p_ucred, NULL, CAP_SETUID, + && (error = cap_check_cred(p->p_ucred, CAP_SETUID, SUSER_ALLOWJAIL)) != 0) { PROC_UNLOCK(p); uifree(uip); @@ -1098,7 +1098,7 @@ oldcred = p->p_ucred; if (gid != oldcred->cr_rgid && gid != oldcred->cr_svgid - && ((error = cap_check_cred(p->p_ucred, NULL, CAP_SETGID, + && ((error = cap_check_cred(p->p_ucred, CAP_SETGID, SUSER_ALLOWJAIL)) != 0 )) { PROC_UNLOCK(p); crfree(newcred); ==== //depot/projects/trustedbsd/sebsd/sys/compat/linux/linux_misc.c#10 (text+ko) ==== @@ -1078,8 +1078,8 @@ * Keep cr_groups[0] unchanged to prevent that. */ - if ((error = cap_check_cred(oldcred, NULL, CAP_SETGID, - SUSER_ALLOWJAIL)) != 0) { + if ((error = cap_check_cred(oldcred, CAP_SETGID, SUSER_ALLOWJAIL)) + != 0) { PROC_UNLOCK(p); crfree(newcred); return (error); ==== //depot/projects/trustedbsd/sebsd/sys/compat/linux/linux_uid16.c#7 (text+ko) ==== @@ -124,8 +124,8 @@ * Keep cr_groups[0] unchanged to prevent that. */ - if ((error = cap_check_cred(oldcred, NULL, CAP_SETGID, - SUSER_ALLOWJAIL)) != 0) { + if ((error = cap_check_cred(oldcred, CAP_SETGID, SUSER_ALLOWJAIL)) + != 0) { PROC_UNLOCK(p); crfree(newcred); return (error); ==== //depot/projects/trustedbsd/sebsd/sys/fs/devfs/devfs_vnops.c#10 (text+ko) ==== @@ -559,7 +559,8 @@ goto notfound; cdev = NULL; - EVENTHANDLER_INVOKE(dev_clone_cred, td->td_ucred, pname, strlen(pname), &cdev); + EVENTHANDLER_INVOKE(dev_clone_cred, td->td_ucred, pname, + strlen(pname), &cdev); EVENTHANDLER_INVOKE(dev_clone, pname, strlen(pname), &cdev); if (cdev == NULL) goto notfound; @@ -1118,8 +1119,8 @@ if (uid != de->de_uid || gid != de->de_gid) { if (((ap->a_cred->cr_uid != de->de_uid) || uid != de->de_uid || (gid != de->de_gid && !groupmember(gid, ap->a_cred))) && - (error = cap_check_cred(ap->a_td->td_ucred, ap->a_td, - CAP_FOWNER, SUSER_ALLOWJAIL)) != 0) + (error = cap_check_cred(ap->a_td->td_ucred, CAP_FOWNER, + SUSER_ALLOWJAIL)) != 0) return (error); de->de_uid = uid; de->de_gid = gid; @@ -1128,8 +1129,8 @@ if (vap->va_mode != (mode_t)VNOVAL) { if ((ap->a_cred->cr_uid != de->de_uid) && - (error = cap_check_cred(ap->a_td->td_ucred, ap->a_td, - CAP_FOWNER, SUSER_ALLOWJAIL))) + (error = cap_check_cred(ap->a_td->td_ucred, CAP_FOWNER, + SUSER_ALLOWJAIL))) return (error); de->de_mode = vap->va_mode; c = 1; ==== //depot/projects/trustedbsd/sebsd/sys/fs/hpfs/hpfs_vnops.c#7 (text+ko) ==== @@ -502,7 +502,7 @@ if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != hp->h_uid && - (error = cap_check_cred(cred, NULL, CAP_FOWNER, + (error = cap_check_cred(cred, CAP_FOWNER, SUSER_ALLOWJAIL)) && ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || (error = VOP_ACCESS(vp, VWRITE, cred, td)))) ==== //depot/projects/trustedbsd/sebsd/sys/fs/msdosfs/msdosfs_vnops.c#10 (text+ko) ==== @@ -388,7 +388,7 @@ if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid && - (error = cap_check_cred(cred, NULL, CAP_FOWNER, + (error = cap_check_cred(cred, CAP_FOWNER, SUSER_ALLOWJAIL))) return (error); /* @@ -403,8 +403,7 @@ * set ATTR_ARCHIVE for directories `cp -pr' from a more * sensible filesystem attempts it a lot. */ - if (cap_check_cred(cred, NULL, CAP_SYS_SETFFLAG, - SUSER_ALLOWJAIL)) { + if (cap_check_cred(cred, CAP_SYS_SETFFLAG, SUSER_ALLOWJAIL)) { if (vap->va_flags & SF_SETTABLE) return EPERM; } @@ -431,7 +430,7 @@ gid = pmp->pm_gid; if ((cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid || (gid != pmp->pm_gid && !groupmember(gid, cred))) && - (error = cap_check_cred(cred, NULL, CAP_FOWNER, + (error = cap_check_cred(cred, CAP_FOWNER, SUSER_ALLOWJAIL))) return error; if (uid != pmp->pm_uid || gid != pmp->pm_gid) @@ -464,7 +463,7 @@ if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid && - (error = cap_check_cred(cred, NULL, CAP_FOWNER, + (error = cap_check_cred(cred, CAP_FOWNER, SUSER_ALLOWJAIL)) && ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || (error = VOP_ACCESS(ap->a_vp, VWRITE, cred, ap->a_td)))) @@ -494,7 +493,7 @@ if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid && - (error = cap_check_cred(cred, NULL, CAP_FOWNER, + (error = cap_check_cred(cred, CAP_FOWNER, SUSER_ALLOWJAIL))) return (error); if (vp->v_type != VDIR) { ==== //depot/projects/trustedbsd/sebsd/sys/fs/smbfs/smbfs_vnops.c#10 (text+ko) ==== @@ -372,7 +372,7 @@ atime = &vap->va_atime; if (mtime != atime) { if (ap->a_cred->cr_uid != VTOSMBFS(vp)->sm_args.uid && - (error = cap_check_cred(ap->a_cred, NULL, CAP_FOWNER, + (error = cap_check_cred(ap->a_cred, CAP_FOWNER, SUSER_ALLOWJAIL)) && ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || (error = VOP_ACCESS(vp, VWRITE, ap->a_cred, ap->a_td)))) ==== //depot/projects/trustedbsd/sebsd/sys/gnu/ext2fs/ext2_vnops.c#10 (text+ko) ==== @@ -448,8 +448,8 @@ * Privileged non-jail processes may not modify system flags * if securelevel > 0 and any existing system flags are set. */ - if (cap_check_cred(cred, NULL, CAP_SYS_SETFFLAG, - SUSER_ALLOWJAIL) == 0) { + if (cap_check_cred(cred, CAP_SYS_SETFFLAG, SUSER_ALLOWJAIL) + == 0) { if (ip->i_flags & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { error = securelevel_gt(cred, 0); @@ -567,7 +567,7 @@ * Privileged processes may set the sticky bit on non-directories. */ if (vp->v_type != VDIR && (mode & S_ISTXT)) { - if (cap_check_cred(cred, NULL, CAP_SYS_RAWIO, 0) != 0) + if (cap_check_cred(cred, CAP_SYS_RAWIO, 0) != 0) return (EFTYPE); } @@ -576,8 +576,7 @@ */ if (((mode & ISGID) && !groupmember(ip->i_gid, cred)) || ((mode & ISUID) && ip->i_uid != cred->cr_uid)) { - if (cap_check_cred (cred, NULL, CAP_FSETID, SUSER_ALLOWJAIL) - != 0) + if (cap_check_cred (cred, CAP_FSETID, SUSER_ALLOWJAIL) != 0) return (EPERM); } @@ -621,8 +620,7 @@ */ if ((uid != ip->i_uid || (gid != ip->i_gid && !groupmember(gid, cred)))) { - error = cap_check_cred(cred, NULL, CAP_FOWNER, - SUSER_ALLOWJAIL); + error = cap_check_cred(cred, CAP_FOWNER, SUSER_ALLOWJAIL); if (error) return (error); } @@ -637,8 +635,7 @@ * change. */ if ((ouid != uid || ogid != gid) && (ip->i_mode & (ISUID | ISGID))) { - if (cap_check_cred (cred, NULL, CAP_FSETID, SUSER_ALLOWJAIL) - != 0) + if (cap_check_cred(cred, CAP_FSETID, SUSER_ALLOWJAIL) != 0) ip->i_mode &= ~(ISUID | ISGID); } return (0); @@ -1718,8 +1715,8 @@ tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ ip->i_nlink = 1; if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred)) { - if (cap_check_cred(cnp->cn_cred, NULL, CAP_FSETID, - SUSER_ALLOWJAIL) != 0) + if (cap_check_cred(cnp->cn_cred, CAP_FSETID, SUSER_ALLOWJAIL) + != 0) ip->i_mode &= ~ISGID; } ==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_acl.c#7 (text+ko) ==== @@ -95,24 +95,24 @@ cap_granted = 0; if (type == VDIR) { - if ((acc_mode & VEXEC) && !cap_check_cred (cred, NULL, + if ((acc_mode & VEXEC) && !cap_check_cred (cred, CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL)) cap_granted |= VEXEC; } else { - if ((acc_mode & VEXEC) && !cap_check_cred(cred, NULL, + if ((acc_mode & VEXEC) && !cap_check_cred(cred, CAP_DAC_EXECUTE, SUSER_ALLOWJAIL)) cap_granted |= VEXEC; } - if ((acc_mode & VREAD) && !cap_check_cred(cred, NULL, - CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL)) + if ((acc_mode & VREAD) && !cap_check_cred(cred, CAP_DAC_READ_SEARCH, + SUSER_ALLOWJAIL)) cap_granted |= VREAD; if (((acc_mode & VWRITE) || (acc_mode & VAPPEND)) && - !cap_check_cred(cred, NULL, CAP_DAC_WRITE, SUSER_ALLOWJAIL)) + !cap_check_cred(cred, CAP_DAC_WRITE, SUSER_ALLOWJAIL)) cap_granted |= (VWRITE | VAPPEND); - if ((acc_mode & VADMIN) && !cap_check_cred(cred, NULL, CAP_FOWNER, + if ((acc_mode & VADMIN) && !cap_check_cred(cred, CAP_FOWNER, SUSER_ALLOWJAIL)) cap_granted |= VADMIN; ==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_cap.c#7 (text+ko) ==== @@ -134,8 +134,7 @@ } int -cap_check_cred(struct ucred *cred, struct thread *td, cap_value_t cap, - int jailflags) +cap_check_cred(struct ucred *cred, cap_value_t cap, int jailflags) { int error; @@ -147,11 +146,12 @@ error = suser_cred(cred, jailflags); - return error; + return (error); } int cap_check(struct thread *td, cap_value_t cap) { - return cap_check_cred(td->td_ucred, td, cap, 0); + + return (cap_check_cred(td->td_ucred, cap, 0)); } ==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_conf.c#10 (text+ko) ==== @@ -440,7 +440,7 @@ dev_unlock(); } -struct cdev * +static struct cdev * make_dev_credv(struct cdevsw *devsw, int minornr, uid_t uid, gid_t gid, struct ucred *cr, int perms, const char *fmt, ...) { @@ -489,24 +489,29 @@ return (dev); } -dev_t +struct cdev * make_dev_cred(struct cdevsw *devsw, int minor, struct ucred *cr, int perms, const char *fmt, ...) { + struct cdev *dev; va_list ap; - va_start (ap, fmt); - dev_t ret = make_dev_credv (devsw, minor, 0, 0, cr, perms, fmt, ap); - va_end (ap); - return (ret); + + va_start(ap, fmt); + dev = make_dev_credv(devsw, minor, 0, 0, cr, perms, fmt, ap); + va_end(ap); + return (dev); } -dev_t +struct cdev * make_dev(struct cdevsw *devsw, int minor, uid_t uid, gid_t gid, int perms, const char *fmt, ...) { + struct cdev *dev; va_list ap; - va_start (ap, fmt); - dev_t ret = make_dev_credv (devsw, minor, uid, gid, NULL, perms, fmt, ap); - va_end (ap); - return (ret); + + va_start(ap, fmt); + dev = make_dev_credv(devsw, minor, uid, gid, NULL, perms, fmt, ap); + va_end(ap); + + return (dev); } int ==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_exec.c#15 (text+ko) ==== @@ -564,7 +564,7 @@ */ setsugid(p); #ifdef KTRACE - if (p->p_tracevp != NULL && cap_check_cred (oldcred, NULL, + if (p->p_tracevp != NULL && cap_check_cred(oldcred, CAP_SYS_PTRACE, SUSER_ALLOWJAIL)) { mtx_lock(&ktrace_mtx); p->p_traceflag = 0; ==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_ktrace.c#10 (text+ko) ==== @@ -896,7 +896,7 @@ PROC_LOCK_ASSERT(targetp, MA_OWNED); if (targetp->p_traceflag & KTRFAC_ROOT && - cap_check_cred(td->td_ucred, NULL, CAP_SYS_PTRACE, SUSER_ALLOWJAIL)) + cap_check_cred(td->td_ucred, CAP_SYS_PTRACE, SUSER_ALLOWJAIL)) return (0); if (p_candebug(td, targetp) != 0) ==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_prot.c#11 (text+ko) ==== @@ -525,8 +525,8 @@ #ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ uid != oldcred->cr_uid && /* allow setuid(geteuid()) */ #endif - (error = cap_check_cred(oldcred, NULL, CAP_SETUID, - SUSER_ALLOWJAIL)) != 0) { + (error = cap_check_cred(oldcred, CAP_SETUID, SUSER_ALLOWJAIL)) + != 0) { PROC_UNLOCK(p); uifree(uip); crfree(newcred); @@ -608,8 +608,8 @@ oldcred = p->p_ucred; if (euid != oldcred->cr_ruid && /* allow seteuid(getuid()) */ euid != oldcred->cr_svuid && /* allow seteuid(saved uid) */ - (error = cap_check_cred(oldcred, NULL, CAP_SETUID, - SUSER_ALLOWJAIL)) != 0) { + (error = cap_check_cred(oldcred, CAP_SETUID, SUSER_ALLOWJAIL)) + != 0) { PROC_UNLOCK(p); uifree(euip); crfree(newcred); @@ -671,8 +671,8 @@ #ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */ #endif - (error = cap_check_cred(oldcred, NULL, CAP_SETGID, - SUSER_ALLOWJAIL)) != 0) { + (error = cap_check_cred(oldcred, CAP_SETGID, SUSER_ALLOWJAIL)) + != 0) { PROC_UNLOCK(p); crfree(newcred); return (error); @@ -747,8 +747,8 @@ oldcred = p->p_ucred; if (egid != oldcred->cr_rgid && /* allow setegid(getgid()) */ egid != oldcred->cr_svgid && /* allow setegid(saved gid) */ - (error = cap_check_cred(oldcred, NULL, CAP_SETGID, - SUSER_ALLOWJAIL)) != 0) { + (error = cap_check_cred(oldcred, CAP_SETGID, SUSER_ALLOWJAIL)) + != 0) { PROC_UNLOCK(p); crfree(newcred); return (error); @@ -794,7 +794,7 @@ newcred = crget(); PROC_LOCK(p); oldcred = p->p_ucred; - error = cap_check_cred(oldcred, NULL, CAP_SETGID, SUSER_ALLOWJAIL); + error = cap_check_cred(oldcred, CAP_SETGID, SUSER_ALLOWJAIL); if (error) { PROC_UNLOCK(p); crfree(newcred); @@ -858,8 +858,8 @@ ruid != oldcred->cr_svuid) || (euid != (uid_t)-1 && euid != oldcred->cr_uid && euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) && - (error = cap_check_cred(oldcred, NULL, CAP_SETUID, - SUSER_ALLOWJAIL)) != 0) { + (error = cap_check_cred(oldcred, CAP_SETUID, SUSER_ALLOWJAIL)) + != 0) { PROC_UNLOCK(p); uifree(ruip); uifree(euip); @@ -915,8 +915,8 @@ rgid != oldcred->cr_svgid) || (egid != (gid_t)-1 && egid != oldcred->cr_groups[0] && egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) && - (error = cap_check_cred(oldcred, NULL, CAP_SETGID, - SUSER_ALLOWJAIL)) != 0) { + (error = cap_check_cred(oldcred, CAP_SETGID, SUSER_ALLOWJAIL)) + != 0) { PROC_UNLOCK(p); crfree(newcred); return (error); @@ -990,8 +990,8 @@ (suid != (uid_t)-1 && suid != oldcred->cr_ruid && suid != oldcred->cr_svuid && suid != oldcred->cr_uid)) && - (error = cap_check_cred(oldcred, NULL, CAP_SETUID, - SUSER_ALLOWJAIL)) != 0) { + (error = cap_check_cred(oldcred, CAP_SETUID, SUSER_ALLOWJAIL)) + != 0) { PROC_UNLOCK(p); uifree(ruip); uifree(euip); @@ -1059,8 +1059,8 @@ (sgid != (gid_t)-1 && sgid != oldcred->cr_rgid && sgid != oldcred->cr_svgid && sgid != oldcred->cr_groups[0])) && - (error = cap_check_cred(oldcred, NULL, CAP_SETGID, - SUSER_ALLOWJAIL)) != 0) { + (error = cap_check_cred(oldcred, CAP_SETGID, SUSER_ALLOWJAIL)) + != 0) { PROC_UNLOCK(p); crfree(newcred); return (error); @@ -1338,7 +1338,7 @@ { if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) { - if (cap_check_cred(u1, NULL, CAP_SETUID, SUSER_ALLOWJAIL) != 0) + if (cap_check_cred(u1, CAP_SETUID, SUSER_ALLOWJAIL) != 0) return (ESRCH); } return (0); @@ -1494,7 +1494,7 @@ break; default: /* Not permitted without privilege. */ - error = cap_check_cred(cred, NULL, CAP_KILL, + error = cap_check_cred(cred, CAP_KILL, SUSER_ALLOWJAIL); if (error) return (error); @@ -1510,7 +1510,7 @@ cred->cr_uid != proc->p_ucred->cr_ruid && cred->cr_uid != proc->p_ucred->cr_svuid) { /* Not permitted without privilege. */ - error = cap_check_cred(cred, NULL, CAP_KILL, SUSER_ALLOWJAIL); + error = cap_check_cred(cred, CAP_KILL, SUSER_ALLOWJAIL); if (error) return (error); } @@ -1579,8 +1579,7 @@ return (0); if (td->td_ucred->cr_uid == p->p_ucred->cr_ruid) return (0); - if (cap_check_cred(td->td_ucred, td, CAP_SYS_NICE, SUSER_ALLOWJAIL) - == 0) + if (cap_check_cred(td->td_ucred, CAP_SYS_NICE, SUSER_ALLOWJAIL) == 0) return (0); return (EPERM); @@ -1618,7 +1617,7 @@ KASSERT(td == curthread, ("%s: td not curthread", __func__)); PROC_LOCK_ASSERT(p, MA_OWNED); if (!unprivileged_proc_debug) { - error = cap_check_cred(td->td_ucred, td, CAP_SYS_PTRACE, + error = cap_check_cred(td->td_ucred, CAP_SYS_PTRACE, SUSER_ALLOWJAIL); if (error) return (error); @@ -1671,7 +1670,7 @@ * require CAP_SYS_PTRACE. */ if (!grpsubset || !uidsubset || credentialchanged) { - error = cap_check_cred(td->td_ucred, td, CAP_SYS_PTRACE, + error = cap_check_cred(td->td_ucred, CAP_SYS_PTRACE, SUSER_ALLOWJAIL); if (error) return (error); @@ -1958,7 +1957,7 @@ int error; char logintmp[MAXLOGNAME]; - error = cap_check_cred(td->td_ucred, td, CAP_SETUID, SUSER_ALLOWJAIL); + error = cap_check_cred(td->td_ucred, CAP_SETUID, SUSER_ALLOWJAIL); if (error) return (error); error = copyinstr(uap->namebuf, logintmp, sizeof(logintmp), NULL); ==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_resource.c#9 (text+ko) ==== @@ -575,7 +575,7 @@ alimp = &oldlim->pl_rlimit[which]; if (limp->rlim_cur > alimp->rlim_max || limp->rlim_max > alimp->rlim_max) - if ((error = cap_check_cred(td->td_ucred, td, CAP_SYS_RESOURCE, + if ((error = cap_check_cred(td->td_ucred, CAP_SYS_RESOURCE, SUSER_ALLOWJAIL))) { PROC_UNLOCK(p); lim_free(newlim); ==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_sysctl.c#9 (text+ko) ==== @@ -1218,7 +1218,7 @@ flags = SUSER_ALLOWJAIL; else flags = 0; - error = cap_check_cred(req->td->td_ucred, req->td, CAP_SYS_ADMIN, flags); + error = cap_check_cred(req->td->td_ucred, CAP_SYS_ADMIN, flags); if (error) return (error); } ==== //depot/projects/trustedbsd/sebsd/sys/kern/vfs_mount.c#15 (text+ko) ==== @@ -1498,7 +1498,7 @@ vfsp = vfs_byname("devfs"); if (vfsp == NULL) break; - error = vfs_mount_alloc(NULLVP, vfsp, "/dev", td, &mp); + error = vfs_mount_alloc(NULLVP, vfsp, "/dev", td, NULL, &mp); if (error) break; mp->mnt_flag |= MNT_RDONLY; ==== //depot/projects/trustedbsd/sebsd/sys/kern/vfs_subr.c#12 (text+ko) ==== @@ -3605,26 +3605,25 @@ * VEXEC requests, instead of CAP_DAC_EXECUTE. */ if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) && - !cap_check_cred(cred, NULL, CAP_DAC_READ_SEARCH, + !cap_check_cred(cred, CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL)) cap_granted |= VEXEC; } else { if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) && - !cap_check_cred(cred, NULL, CAP_DAC_EXECUTE, - SUSER_ALLOWJAIL)) + !cap_check_cred(cred, CAP_DAC_EXECUTE, SUSER_ALLOWJAIL)) cap_granted |= VEXEC; } if ((acc_mode & VREAD) && ((dac_granted & VREAD) == 0) && - !cap_check_cred(cred, NULL, CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL)) + !cap_check_cred(cred, CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL)) cap_granted |= VREAD; if ((acc_mode & VWRITE) && ((dac_granted & VWRITE) == 0) && - !cap_check_cred(cred, NULL, CAP_DAC_WRITE, SUSER_ALLOWJAIL)) + !cap_check_cred(cred, CAP_DAC_WRITE, SUSER_ALLOWJAIL)) cap_granted |= (VWRITE | VAPPEND); if ((acc_mode & VADMIN) && ((dac_granted & VADMIN) == 0) && - !cap_check_cred(cred, NULL, CAP_FOWNER, SUSER_ALLOWJAIL)) + !cap_check_cred(cred, CAP_FOWNER, SUSER_ALLOWJAIL)) cap_granted |= VADMIN; if ((acc_mode & (cap_granted | dac_granted)) == acc_mode) { @@ -3662,7 +3661,7 @@ switch (attrnamespace) { case EXTATTR_NAMESPACE_SYSTEM: /* Potentially should be: return (EPERM); */ - return (cap_check_cred(cred, td, CAP_SYS_SETFFLAG, 0)); + return (cap_check_cred(cred, CAP_SYS_SETFFLAG, 0)); case EXTATTR_NAMESPACE_USER: return (VOP_ACCESS(vp, access, cred, td)); default: ==== //depot/projects/trustedbsd/sebsd/sys/kern/vfs_syscalls.c#14 (text+ko) ==== @@ -813,8 +813,7 @@ int error; struct nameidata nd; - error = cap_check_cred(td->td_ucred, td, CAP_SYS_CHROOT, - SUSER_ALLOWJAIL); + error = cap_check_cred(td->td_ucred, CAP_SYS_CHROOT, SUSER_ALLOWJAIL); if (error) return (error); NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, uap->path, td); @@ -1178,7 +1177,7 @@ error = cap_check(td, CAP_MKNOD); break; default: - error = cap_check_cred(td->td_ucred, td, CAP_MKNOD, + error = cap_check_cred(td->td_ucred, CAP_MKNOD, SUSER_ALLOWJAIL); break; } @@ -1374,7 +1373,7 @@ struct vattr va; int error; - if (cap_check_cred(cred, NULL, CAP_SYS_ADMIN, SUSER_ALLOWJAIL) == 0) + if (cap_check_cred(cred, CAP_SYS_ADMIN, SUSER_ALLOWJAIL) == 0) return (0); if (!hardlink_check_uid && !hardlink_check_gid) @@ -2320,7 +2319,7 @@ * chown can't fail when done as root. */ if (vp->v_type == VCHR || vp->v_type == VBLK) { - error = cap_check_cred(td->td_ucred, td, CAP_SYS_SETFFLAG, + error = cap_check_cred(td->td_ucred, CAP_SYS_SETFFLAG, SUSER_ALLOWJAIL); if (error) return (error); @@ -3762,7 +3761,7 @@ } VOP_UNLOCK(vp, 0, td); if (td->td_ucred->cr_uid != vattr.va_uid) { - error = cap_check_cred(td->td_ucred, td, CAP_SYS_ADMIN, + error = cap_check_cred(td->td_ucred, CAP_SYS_ADMIN, SUSER_ALLOWJAIL); if (error) goto out; ==== //depot/projects/trustedbsd/sebsd/sys/netinet/in_pcb.c#14 (text+ko) ==== @@ -322,7 +322,7 @@ /* GROSS */ if (ntohs(lport) <= ipport_reservedhigh && ntohs(lport) >= ipport_reservedlow && - cap_check_cred(cred, NULL, CAP_NET_BIND_SERVICE, + cap_check_cred(cred, CAP_NET_BIND_SERVICE, SUSER_ALLOWJAIL)) return (EACCES); if (jailed(cred)) @@ -385,7 +385,7 @@ last = ipport_hilastauto; lastport = &pcbinfo->lasthi; } else if (inp->inp_flags & INP_LOWPORT) { - if ((error = cap_check_cred(cred, NULL, + if ((error = cap_check_cred(cred, CAP_NET_BIND_SERVICE, SUSER_ALLOWJAIL)) != 0) return error; first = ipport_lowfirstauto; /* 1023 */ ==== //depot/projects/trustedbsd/sebsd/sys/netinet/raw_ip.c#13 (text+ko) ==== @@ -585,7 +585,7 @@ INP_INFO_WUNLOCK(&ripcbinfo); return (EPERM); } - if (td && (error = cap_check_cred(td->td_ucred, td, CAP_NET_RAW, + if (td && (error = cap_check_cred(td->td_ucred, CAP_NET_RAW, SUSER_ALLOWJAIL)) != 0) { INP_INFO_WUNLOCK(&ripcbinfo); return error; ==== //depot/projects/trustedbsd/sebsd/sys/netinet/tcp_subr.c#13 (text+ko) ==== @@ -996,7 +996,7 @@ struct inpcb *inp; int error, s; - error = cap_check_cred(req->td->td_ucred, req->td, CAP_SYS_ADMIN, + error = cap_check_cred(req->td->td_ucred, CAP_SYS_ADMIN, SUSER_ALLOWJAIL); if (error) return (error); @@ -1043,7 +1043,7 @@ struct inpcb *inp; int error, s, mapped = 0; - error = cap_check_cred(req->td->td_ucred, req->td, CAP_SYS_ADMIN, + error = cap_check_cred(req->td->td_ucred, CAP_SYS_ADMIN, SUSER_ALLOWJAIL); if (error) return (error); ==== //depot/projects/trustedbsd/sebsd/sys/netinet/udp_usrreq.c#12 (text+ko) ==== @@ -688,7 +688,7 @@ struct inpcb *inp; int error, s; - error = cap_check_cred(req->td->td_ucred, req->td, CAP_SYS_ADMIN, + error = cap_check_cred(req->td->td_ucred, CAP_SYS_ADMIN, SUSER_ALLOWJAIL); if (error) return (error); ==== //depot/projects/trustedbsd/sebsd/sys/netinet6/in6_pcb.c#13 (text+ko) ==== @@ -190,7 +190,7 @@ /* GROSS */ if (ntohs(lport) < IPV6PORT_RESERVED && - cap_check_cred(cred, NULL, CAP_NET_BIND_SERVICE, + cap_check_cred(cred, CAP_NET_BIND_SERVICE, SUSER_ALLOWJAIL)) return (EACCES); if (so->so_cred->cr_uid != 0 && ==== //depot/projects/trustedbsd/sebsd/sys/netinet6/in6_src.c#9 (text+ko) ==== @@ -760,7 +760,7 @@ last = ipport_hilastauto; lastport = &pcbinfo->lasthi; } else if (inp->inp_flags & INP_LOWPORT) { - if ((error = cap_check_cred(cred, NULL, CAP_NET_BIND_SERVICE, 0))) + if ((error = cap_check_cred(cred, CAP_NET_BIND_SERVICE, 0))) return error; first = ipport_lowfirstauto; /* 1023 */ last = ipport_lowlastauto; /* 600 */ ==== //depot/projects/trustedbsd/sebsd/sys/netncp/ncp_conn.c#6 (text+ko) ==== @@ -113,7 +113,7 @@ { int error; - if (cred == NOCRED || !cap_check_cred (cred, NULL, CAP_NET_ADMIN, 0) || + if (cred == NOCRED || !cap_check_cred(cred, CAP_NET_ADMIN, 0) || cred->cr_uid == conn->nc_owner->cr_uid) return 0; mode >>= 3; @@ -226,10 +226,10 @@ /* * Only root can change ownership */ - if (cap->owner != NCP_DEFAULT_OWNER && !cap_check_cred (cred, NULL, CAP_NET_ADMIN, 0)) + if (cap->owner != NCP_DEFAULT_OWNER && !cap_check_cred(cred, CAP_NET_ADMIN, 0)) return EPERM; if (cap->group != NCP_DEFAULT_GROUP && - !groupmember(cap->group, cred) && !cap_check_cred (cred, NULL, CAP_NET_ADMIN, 0)) + !groupmember(cap->group, cred) && !cap_check_cred(cred, CAP_NET_ADMIN, 0)) return EPERM; if (cap->owner != NCP_DEFAULT_OWNER) { owner = crget(); @@ -417,7 +417,7 @@ bcmp(&ncp->li.saddr,&ncp->li.saddr,li->saddr.sa_len) != 0) continue; if (cred->cr_uid == ncp->nc_owner->cr_uid || - !cap_check_cred (cred, NULL, CAP_NET_ADMIN, 0)) + !cap_check_cred(cred, CAP_NET_ADMIN, 0)) break; error = ncp_conn_access(ncp,cred,mode); if (!error && ncp2 == NULL) @@ -475,7 +475,7 @@ if (cred->cr_uid == ncp->nc_owner->cr_uid) break; /* XXX: seems redundant with lower ncp_conn_access() call */ - if (cap_check_cred(cred, NULL, CAP_NET_ADMIN, 0) == 0) + if (cap_check_cred(cred, CAP_NET_ADMIN, 0) == 0) ncp2 = ncp; } error = ncp_conn_access(ncp,cred,mode); ==== //depot/projects/trustedbsd/sebsd/sys/netncp/ncp_mod.c#8 (text+ko) ==== @@ -178,7 +178,8 @@ { int error; - if (cred->cr_uid != conn->nc_owner->cr_uid && cap_check_cred(cred, NULL, CAP_NET_ADMIN, 0) != 0) + if (cred->cr_uid != conn->nc_owner->cr_uid && cap_check_cred(cred, + CAP_NET_ADMIN, 0) != 0) return EACCES; conn->li.user = ncp_str_dup(user); if (conn->li.user == NULL) ==== //depot/projects/trustedbsd/sebsd/sys/netsmb/smb_subr.h#7 (text+ko) ==== @@ -68,7 +68,7 @@ SIGISMEMBER(set, SIGHUP) || SIGISMEMBER(set, SIGKILL) || \ SIGISMEMBER(set, SIGQUIT)) -#define smb_suser(cred) cap_check_cred(cred, NULL, CAP_NET_ADMIN, 0) +#define smb_suser(cred) cap_check_cred(cred, CAP_NET_ADMIN, 0) /* * Compatibility wrappers for simple locks ==== //depot/projects/trustedbsd/sebsd/sys/nfsclient/nfs_vfsops.c#12 (text+ko) ==== @@ -53,6 +53,7 @@ #include <sys/sockio.h> #include <sys/sysctl.h> #include <sys/vnode.h> +#include <sys/capability.h> #include <vm/vm.h> #include <vm/vm_extern.h> @@ -1023,7 +1024,7 @@ return (error); } if (req->newptr != NULL) { - error = vfs_suser(mp, req->td); + error = vfs_cap_check(mp, req->td, CAP_SYS_ADMIN); if (error) return (error); error = SYSCTL_IN(req, &nmp->nm_tprintf_initial_delay, ==== //depot/projects/trustedbsd/sebsd/sys/sys/capability.h#5 (text+ko) ==== @@ -195,8 +195,7 @@ struct ucred; struct vnode; -int cap_check_cred(struct ucred *, struct thread *, cap_value_t, - int jailflag); +int cap_check_cred(struct ucred *, cap_value_t, int jailflag); int cap_check(struct thread *, cap_value_t); const char *capv_to_text(cap_value_t capv); ==== //depot/projects/trustedbsd/sebsd/sys/sys/conf.h#11 (text+ko) ==== @@ -262,7 +262,7 @@ struct cdev *makebdev(int _maj, int _min); struct cdev *make_dev(struct cdevsw *_devsw, int _minor, uid_t _uid, gid_t _gid, int _perms, const char *_fmt, ...) __printflike(6, 7); -dev_t make_dev_cred(struct cdevsw *_devsw, int _minor, struct ucred *cr, +struct cdev *make_dev_cred(struct cdevsw *_devsw, int _minor, struct ucred *cr, int _perms, const char *_fmt, ...) __printflike(5, 6); struct cdev *make_dev_alias(struct cdev *_pdev, const char *_fmt, ...) __printflike(2, 3); int dev2unit(struct cdev *_dev); @@ -291,7 +291,8 @@ int dev_stdclone(char *_name, char **_namep, const char *_stem, int *_unit); EVENTHANDLER_DECLARE(dev_clone, dev_clone_fn); -typedef void (*dev_clone_cred_fn)(void *arg, struct ucred *cr, char *name, int namelen, dev_t *result); +typedef void (*dev_clone_cred_fn)(void *arg, struct ucred *cred, char *name, + int namelen, struct cdev **result); EVENTHANDLER_DECLARE(dev_clone_cred, dev_clone_cred_fn); /* Stuff relating to kernel-dump */ ==== //depot/projects/trustedbsd/sebsd/sys/sys/mount.h#12 (text+ko) ==== @@ -588,7 +588,7 @@ void vfs_mountroot(void); /* mount our root filesystem */ int vfs_rootmountalloc(char *, char *, struct mount **); void vfs_mount_destroy(struct mount *, struct thread *); -int vfs_suser(struct mount *, struct thread *); +int vfs_cap_check(struct mount *, struct thread *, u_int64_t); void vfs_unbusy(struct mount *, struct thread *); void vfs_unmountall(void); int vfs_register(struct vfsconf *); ==== //depot/projects/trustedbsd/sebsd/sys/ufs/ffs/ffs_alloc.c#9 (text+ko) ==== @@ -159,7 +159,7 @@ if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0) goto nospace; if (freespace(fs, fs->fs_minfree) - numfrags(fs, size) < 0 && - cap_check_cred(cred, NULL, CAP_SYS_RESOURCE, SUSER_ALLOWJAIL)) + cap_check_cred(cred, CAP_SYS_RESOURCE, SUSER_ALLOWJAIL)) goto nospace; #ifdef QUOTA error = chkdq(ip, btodb(size), cred, 0); @@ -240,7 +240,7 @@ reclaimed = 0; retry: if (freespace(fs, fs->fs_minfree) - numfrags(fs, nsize - osize) < 0 && - cap_check_cred(cred, NULL, CAP_SYS_RESOURCE, SUSER_ALLOWJAIL)) + cap_check_cred(cred, CAP_SYS_RESOURCE, SUSER_ALLOWJAIL)) goto nospace; if (bprev == 0) { printf("dev = %s, bsize = %ld, bprev = %jd, fs = %s\n", ==== //depot/projects/trustedbsd/sebsd/sys/ufs/ufs/ufs_quota.c#9 (text+ko) ==== @@ -157,7 +157,8 @@ } return (0); } - if ((flags & FORCE) == 0 && cap_check_cred(cred, NULL, CAP_SYS_RESOURCE, 0)) { + if ((flags & FORCE) == 0 && cap_check_cred(cred, CAP_SYS_RESOURCE, + 0)) { for (i = 0; i < MAXQUOTAS; i++) { if ((dq = ip->i_dquot[i]) == NODQUOT) continue; @@ -280,7 +281,8 @@ } return (0); } - if ((flags & FORCE) == 0 && cap_check_cred(cred, NULL, CAP_SYS_RESOURCE, 0)) { + if ((flags & FORCE) == 0 && cap_check_cred(cred, CAP_SYS_RESOURCE, + 0)) { for (i = 0; i < MAXQUOTAS; i++) { if ((dq = ip->i_dquot[i]) == NODQUOT) continue; @@ -408,8 +410,7 @@ int error, flags; struct nameidata nd; - error = cap_check_cred(td->td_ucred, NULL, CAP_SYS_ADMIN, - SUSER_ALLOWJAIL); + error = cap_check_cred(td->td_ucred, CAP_SYS_ADMIN, SUSER_ALLOWJAIL); if (error) return (error); @@ -497,8 +498,7 @@ struct inode *ip; int error; - error = cap_check_cred(td->td_ucred, NULL, CAP_SYS_ADMIN, - SUSER_ALLOWJAIL); + error = cap_check_cred(td->td_ucred, CAP_SYS_ADMIN, SUSER_ALLOWJAIL); if (error) return (error); @@ -565,8 +565,8 @@ switch (type) { case USRQUOTA: if ((td->td_ucred->cr_uid != id) && !unprivileged_get_quota) { - error = cap_check_cred(td->td_ucred, td, - CAP_SYS_ADMIN, SUSER_ALLOWJAIL); + error = cap_check_cred(td->td_ucred, CAP_SYS_ADMIN, + SUSER_ALLOWJAIL); >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200411101443.iAAEh1lm021625>