PERFORCE change 64819 for review
Robert Watson
rwatson at FreeBSD.org
Wed Nov 10 14:43:01 GMT 2004
http://perforce.freebsd.org/chv.cgi?CH=64819
Change 64819 by rwatson at rwatson_tislabs on 2004/11/10 14:42:58
Clean up some other suser-related loose ends from the integ:
- Remove unneeded thread argument to cap_check_cred() to match
suser_cred() API in FreeBSD.
- Catch up with event handler changes for device cloning: use struct
cdev instead of dev_t.
- Replace vfs_suser() with vfs_cap_check(), but use u_int64_t for
the cap argument for now due to type issues. We need to revisit
this.
Affected files ...
.. //depot/projects/trustedbsd/sebsd/sys/alpha/osf1/osf1_misc.c#8 edit
.. //depot/projects/trustedbsd/sebsd/sys/compat/linux/linux_misc.c#10 edit
.. //depot/projects/trustedbsd/sebsd/sys/compat/linux/linux_uid16.c#7 edit
.. //depot/projects/trustedbsd/sebsd/sys/fs/devfs/devfs_vnops.c#10 edit
.. //depot/projects/trustedbsd/sebsd/sys/fs/hpfs/hpfs_vnops.c#7 edit
.. //depot/projects/trustedbsd/sebsd/sys/fs/msdosfs/msdosfs_vnops.c#10 edit
.. //depot/projects/trustedbsd/sebsd/sys/fs/smbfs/smbfs_vnops.c#10 edit
.. //depot/projects/trustedbsd/sebsd/sys/gnu/ext2fs/ext2_vnops.c#10 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/kern_acl.c#7 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/kern_cap.c#7 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/kern_conf.c#10 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/kern_exec.c#15 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/kern_ktrace.c#10 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/kern_prot.c#11 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/kern_resource.c#9 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/kern_sysctl.c#9 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/vfs_mount.c#15 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/vfs_subr.c#12 edit
.. //depot/projects/trustedbsd/sebsd/sys/kern/vfs_syscalls.c#14 edit
.. //depot/projects/trustedbsd/sebsd/sys/netinet/in_pcb.c#14 edit
.. //depot/projects/trustedbsd/sebsd/sys/netinet/raw_ip.c#13 edit
.. //depot/projects/trustedbsd/sebsd/sys/netinet/tcp_subr.c#13 edit
.. //depot/projects/trustedbsd/sebsd/sys/netinet/udp_usrreq.c#12 edit
.. //depot/projects/trustedbsd/sebsd/sys/netinet6/in6_pcb.c#13 edit
.. //depot/projects/trustedbsd/sebsd/sys/netinet6/in6_src.c#9 edit
.. //depot/projects/trustedbsd/sebsd/sys/netncp/ncp_conn.c#6 edit
.. //depot/projects/trustedbsd/sebsd/sys/netncp/ncp_mod.c#8 edit
.. //depot/projects/trustedbsd/sebsd/sys/netsmb/smb_subr.h#7 edit
.. //depot/projects/trustedbsd/sebsd/sys/nfsclient/nfs_vfsops.c#12 edit
.. //depot/projects/trustedbsd/sebsd/sys/sys/capability.h#5 edit
.. //depot/projects/trustedbsd/sebsd/sys/sys/conf.h#11 edit
.. //depot/projects/trustedbsd/sebsd/sys/sys/mount.h#12 edit
.. //depot/projects/trustedbsd/sebsd/sys/ufs/ffs/ffs_alloc.c#9 edit
.. //depot/projects/trustedbsd/sebsd/sys/ufs/ufs/ufs_quota.c#9 edit
.. //depot/projects/trustedbsd/sebsd/sys/ufs/ufs/ufs_vnops.c#9 edit
Differences ...
==== //depot/projects/trustedbsd/sebsd/sys/alpha/osf1/osf1_misc.c#8 (text+ko) ====
@@ -1043,7 +1043,7 @@
oldcred = p->p_ucred;
if (uid != oldcred->cr_ruid && uid != oldcred->cr_svuid
- && (error = cap_check_cred(p->p_ucred, NULL, CAP_SETUID,
+ && (error = cap_check_cred(p->p_ucred, CAP_SETUID,
SUSER_ALLOWJAIL)) != 0) {
PROC_UNLOCK(p);
uifree(uip);
@@ -1098,7 +1098,7 @@
oldcred = p->p_ucred;
if (gid != oldcred->cr_rgid && gid != oldcred->cr_svgid
- && ((error = cap_check_cred(p->p_ucred, NULL, CAP_SETGID,
+ && ((error = cap_check_cred(p->p_ucred, CAP_SETGID,
SUSER_ALLOWJAIL)) != 0 )) {
PROC_UNLOCK(p);
crfree(newcred);
==== //depot/projects/trustedbsd/sebsd/sys/compat/linux/linux_misc.c#10 (text+ko) ====
@@ -1078,8 +1078,8 @@
* Keep cr_groups[0] unchanged to prevent that.
*/
- if ((error = cap_check_cred(oldcred, NULL, CAP_SETGID,
- SUSER_ALLOWJAIL)) != 0) {
+ if ((error = cap_check_cred(oldcred, CAP_SETGID, SUSER_ALLOWJAIL))
+ != 0) {
PROC_UNLOCK(p);
crfree(newcred);
return (error);
==== //depot/projects/trustedbsd/sebsd/sys/compat/linux/linux_uid16.c#7 (text+ko) ====
@@ -124,8 +124,8 @@
* Keep cr_groups[0] unchanged to prevent that.
*/
- if ((error = cap_check_cred(oldcred, NULL, CAP_SETGID,
- SUSER_ALLOWJAIL)) != 0) {
+ if ((error = cap_check_cred(oldcred, CAP_SETGID, SUSER_ALLOWJAIL))
+ != 0) {
PROC_UNLOCK(p);
crfree(newcred);
return (error);
==== //depot/projects/trustedbsd/sebsd/sys/fs/devfs/devfs_vnops.c#10 (text+ko) ====
@@ -559,7 +559,8 @@
goto notfound;
cdev = NULL;
- EVENTHANDLER_INVOKE(dev_clone_cred, td->td_ucred, pname, strlen(pname), &cdev);
+ EVENTHANDLER_INVOKE(dev_clone_cred, td->td_ucred, pname,
+ strlen(pname), &cdev);
EVENTHANDLER_INVOKE(dev_clone, pname, strlen(pname), &cdev);
if (cdev == NULL)
goto notfound;
@@ -1118,8 +1119,8 @@
if (uid != de->de_uid || gid != de->de_gid) {
if (((ap->a_cred->cr_uid != de->de_uid) || uid != de->de_uid ||
(gid != de->de_gid && !groupmember(gid, ap->a_cred))) &&
- (error = cap_check_cred(ap->a_td->td_ucred, ap->a_td,
- CAP_FOWNER, SUSER_ALLOWJAIL)) != 0)
+ (error = cap_check_cred(ap->a_td->td_ucred, CAP_FOWNER,
+ SUSER_ALLOWJAIL)) != 0)
return (error);
de->de_uid = uid;
de->de_gid = gid;
@@ -1128,8 +1129,8 @@
if (vap->va_mode != (mode_t)VNOVAL) {
if ((ap->a_cred->cr_uid != de->de_uid) &&
- (error = cap_check_cred(ap->a_td->td_ucred, ap->a_td,
- CAP_FOWNER, SUSER_ALLOWJAIL)))
+ (error = cap_check_cred(ap->a_td->td_ucred, CAP_FOWNER,
+ SUSER_ALLOWJAIL)))
return (error);
de->de_mode = vap->va_mode;
c = 1;
==== //depot/projects/trustedbsd/sebsd/sys/fs/hpfs/hpfs_vnops.c#7 (text+ko) ====
@@ -502,7 +502,7 @@
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != hp->h_uid &&
- (error = cap_check_cred(cred, NULL, CAP_FOWNER,
+ (error = cap_check_cred(cred, CAP_FOWNER,
SUSER_ALLOWJAIL)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(vp, VWRITE, cred, td))))
==== //depot/projects/trustedbsd/sebsd/sys/fs/msdosfs/msdosfs_vnops.c#10 (text+ko) ====
@@ -388,7 +388,7 @@
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != pmp->pm_uid &&
- (error = cap_check_cred(cred, NULL, CAP_FOWNER,
+ (error = cap_check_cred(cred, CAP_FOWNER,
SUSER_ALLOWJAIL)))
return (error);
/*
@@ -403,8 +403,7 @@
* set ATTR_ARCHIVE for directories `cp -pr' from a more
* sensible filesystem attempts it a lot.
*/
- if (cap_check_cred(cred, NULL, CAP_SYS_SETFFLAG,
- SUSER_ALLOWJAIL)) {
+ if (cap_check_cred(cred, CAP_SYS_SETFFLAG, SUSER_ALLOWJAIL)) {
if (vap->va_flags & SF_SETTABLE)
return EPERM;
}
@@ -431,7 +430,7 @@
gid = pmp->pm_gid;
if ((cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid ||
(gid != pmp->pm_gid && !groupmember(gid, cred))) &&
- (error = cap_check_cred(cred, NULL, CAP_FOWNER,
+ (error = cap_check_cred(cred, CAP_FOWNER,
SUSER_ALLOWJAIL)))
return error;
if (uid != pmp->pm_uid || gid != pmp->pm_gid)
@@ -464,7 +463,7 @@
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != pmp->pm_uid &&
- (error = cap_check_cred(cred, NULL, CAP_FOWNER,
+ (error = cap_check_cred(cred, CAP_FOWNER,
SUSER_ALLOWJAIL)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(ap->a_vp, VWRITE, cred, ap->a_td))))
@@ -494,7 +493,7 @@
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != pmp->pm_uid &&
- (error = cap_check_cred(cred, NULL, CAP_FOWNER,
+ (error = cap_check_cred(cred, CAP_FOWNER,
SUSER_ALLOWJAIL)))
return (error);
if (vp->v_type != VDIR) {
==== //depot/projects/trustedbsd/sebsd/sys/fs/smbfs/smbfs_vnops.c#10 (text+ko) ====
@@ -372,7 +372,7 @@
atime = &vap->va_atime;
if (mtime != atime) {
if (ap->a_cred->cr_uid != VTOSMBFS(vp)->sm_args.uid &&
- (error = cap_check_cred(ap->a_cred, NULL, CAP_FOWNER,
+ (error = cap_check_cred(ap->a_cred, CAP_FOWNER,
SUSER_ALLOWJAIL)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(vp, VWRITE, ap->a_cred, ap->a_td))))
==== //depot/projects/trustedbsd/sebsd/sys/gnu/ext2fs/ext2_vnops.c#10 (text+ko) ====
@@ -448,8 +448,8 @@
* Privileged non-jail processes may not modify system flags
* if securelevel > 0 and any existing system flags are set.
*/
- if (cap_check_cred(cred, NULL, CAP_SYS_SETFFLAG,
- SUSER_ALLOWJAIL) == 0) {
+ if (cap_check_cred(cred, CAP_SYS_SETFFLAG, SUSER_ALLOWJAIL)
+ == 0) {
if (ip->i_flags
& (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
error = securelevel_gt(cred, 0);
@@ -567,7 +567,7 @@
* Privileged processes may set the sticky bit on non-directories.
*/
if (vp->v_type != VDIR && (mode & S_ISTXT)) {
- if (cap_check_cred(cred, NULL, CAP_SYS_RAWIO, 0) != 0)
+ if (cap_check_cred(cred, CAP_SYS_RAWIO, 0) != 0)
return (EFTYPE);
}
@@ -576,8 +576,7 @@
*/
if (((mode & ISGID) && !groupmember(ip->i_gid, cred)) ||
((mode & ISUID) && ip->i_uid != cred->cr_uid)) {
- if (cap_check_cred (cred, NULL, CAP_FSETID, SUSER_ALLOWJAIL)
- != 0)
+ if (cap_check_cred (cred, CAP_FSETID, SUSER_ALLOWJAIL) != 0)
return (EPERM);
}
@@ -621,8 +620,7 @@
*/
if ((uid != ip->i_uid ||
(gid != ip->i_gid && !groupmember(gid, cred)))) {
- error = cap_check_cred(cred, NULL, CAP_FOWNER,
- SUSER_ALLOWJAIL);
+ error = cap_check_cred(cred, CAP_FOWNER, SUSER_ALLOWJAIL);
if (error)
return (error);
}
@@ -637,8 +635,7 @@
* change.
*/
if ((ouid != uid || ogid != gid) && (ip->i_mode & (ISUID | ISGID))) {
- if (cap_check_cred (cred, NULL, CAP_FSETID, SUSER_ALLOWJAIL)
- != 0)
+ if (cap_check_cred(cred, CAP_FSETID, SUSER_ALLOWJAIL) != 0)
ip->i_mode &= ~(ISUID | ISGID);
}
return (0);
@@ -1718,8 +1715,8 @@
tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
ip->i_nlink = 1;
if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred)) {
- if (cap_check_cred(cnp->cn_cred, NULL, CAP_FSETID,
- SUSER_ALLOWJAIL) != 0)
+ if (cap_check_cred(cnp->cn_cred, CAP_FSETID, SUSER_ALLOWJAIL)
+ != 0)
ip->i_mode &= ~ISGID;
}
==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_acl.c#7 (text+ko) ====
@@ -95,24 +95,24 @@
cap_granted = 0;
if (type == VDIR) {
- if ((acc_mode & VEXEC) && !cap_check_cred (cred, NULL,
+ if ((acc_mode & VEXEC) && !cap_check_cred (cred,
CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL))
cap_granted |= VEXEC;
} else {
- if ((acc_mode & VEXEC) && !cap_check_cred(cred, NULL,
+ if ((acc_mode & VEXEC) && !cap_check_cred(cred,
CAP_DAC_EXECUTE, SUSER_ALLOWJAIL))
cap_granted |= VEXEC;
}
- if ((acc_mode & VREAD) && !cap_check_cred(cred, NULL,
- CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL))
+ if ((acc_mode & VREAD) && !cap_check_cred(cred, CAP_DAC_READ_SEARCH,
+ SUSER_ALLOWJAIL))
cap_granted |= VREAD;
if (((acc_mode & VWRITE) || (acc_mode & VAPPEND)) &&
- !cap_check_cred(cred, NULL, CAP_DAC_WRITE, SUSER_ALLOWJAIL))
+ !cap_check_cred(cred, CAP_DAC_WRITE, SUSER_ALLOWJAIL))
cap_granted |= (VWRITE | VAPPEND);
- if ((acc_mode & VADMIN) && !cap_check_cred(cred, NULL, CAP_FOWNER,
+ if ((acc_mode & VADMIN) && !cap_check_cred(cred, CAP_FOWNER,
SUSER_ALLOWJAIL))
cap_granted |= VADMIN;
==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_cap.c#7 (text+ko) ====
@@ -134,8 +134,7 @@
}
int
-cap_check_cred(struct ucred *cred, struct thread *td, cap_value_t cap,
- int jailflags)
+cap_check_cred(struct ucred *cred, cap_value_t cap, int jailflags)
{
int error;
@@ -147,11 +146,12 @@
error = suser_cred(cred, jailflags);
- return error;
+ return (error);
}
int
cap_check(struct thread *td, cap_value_t cap)
{
- return cap_check_cred(td->td_ucred, td, cap, 0);
+
+ return (cap_check_cred(td->td_ucred, cap, 0));
}
==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_conf.c#10 (text+ko) ====
@@ -440,7 +440,7 @@
dev_unlock();
}
-struct cdev *
+static struct cdev *
make_dev_credv(struct cdevsw *devsw, int minornr, uid_t uid, gid_t gid,
struct ucred *cr, int perms, const char *fmt, ...)
{
@@ -489,24 +489,29 @@
return (dev);
}
-dev_t
+struct cdev *
make_dev_cred(struct cdevsw *devsw, int minor, struct ucred *cr, int perms, const char *fmt, ...)
{
+ struct cdev *dev;
va_list ap;
- va_start (ap, fmt);
- dev_t ret = make_dev_credv (devsw, minor, 0, 0, cr, perms, fmt, ap);
- va_end (ap);
- return (ret);
+
+ va_start(ap, fmt);
+ dev = make_dev_credv(devsw, minor, 0, 0, cr, perms, fmt, ap);
+ va_end(ap);
+ return (dev);
}
-dev_t
+struct cdev *
make_dev(struct cdevsw *devsw, int minor, uid_t uid, gid_t gid, int perms, const char *fmt, ...)
{
+ struct cdev *dev;
va_list ap;
- va_start (ap, fmt);
- dev_t ret = make_dev_credv (devsw, minor, uid, gid, NULL, perms, fmt, ap);
- va_end (ap);
- return (ret);
+
+ va_start(ap, fmt);
+ dev = make_dev_credv(devsw, minor, uid, gid, NULL, perms, fmt, ap);
+ va_end(ap);
+
+ return (dev);
}
int
==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_exec.c#15 (text+ko) ====
@@ -564,7 +564,7 @@
*/
setsugid(p);
#ifdef KTRACE
- if (p->p_tracevp != NULL && cap_check_cred (oldcred, NULL,
+ if (p->p_tracevp != NULL && cap_check_cred(oldcred,
CAP_SYS_PTRACE, SUSER_ALLOWJAIL)) {
mtx_lock(&ktrace_mtx);
p->p_traceflag = 0;
==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_ktrace.c#10 (text+ko) ====
@@ -896,7 +896,7 @@
PROC_LOCK_ASSERT(targetp, MA_OWNED);
if (targetp->p_traceflag & KTRFAC_ROOT &&
- cap_check_cred(td->td_ucred, NULL, CAP_SYS_PTRACE, SUSER_ALLOWJAIL))
+ cap_check_cred(td->td_ucred, CAP_SYS_PTRACE, SUSER_ALLOWJAIL))
return (0);
if (p_candebug(td, targetp) != 0)
==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_prot.c#11 (text+ko) ====
@@ -525,8 +525,8 @@
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
uid != oldcred->cr_uid && /* allow setuid(geteuid()) */
#endif
- (error = cap_check_cred(oldcred, NULL, CAP_SETUID,
- SUSER_ALLOWJAIL)) != 0) {
+ (error = cap_check_cred(oldcred, CAP_SETUID, SUSER_ALLOWJAIL))
+ != 0) {
PROC_UNLOCK(p);
uifree(uip);
crfree(newcred);
@@ -608,8 +608,8 @@
oldcred = p->p_ucred;
if (euid != oldcred->cr_ruid && /* allow seteuid(getuid()) */
euid != oldcred->cr_svuid && /* allow seteuid(saved uid) */
- (error = cap_check_cred(oldcred, NULL, CAP_SETUID,
- SUSER_ALLOWJAIL)) != 0) {
+ (error = cap_check_cred(oldcred, CAP_SETUID, SUSER_ALLOWJAIL))
+ != 0) {
PROC_UNLOCK(p);
uifree(euip);
crfree(newcred);
@@ -671,8 +671,8 @@
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */
#endif
- (error = cap_check_cred(oldcred, NULL, CAP_SETGID,
- SUSER_ALLOWJAIL)) != 0) {
+ (error = cap_check_cred(oldcred, CAP_SETGID, SUSER_ALLOWJAIL))
+ != 0) {
PROC_UNLOCK(p);
crfree(newcred);
return (error);
@@ -747,8 +747,8 @@
oldcred = p->p_ucred;
if (egid != oldcred->cr_rgid && /* allow setegid(getgid()) */
egid != oldcred->cr_svgid && /* allow setegid(saved gid) */
- (error = cap_check_cred(oldcred, NULL, CAP_SETGID,
- SUSER_ALLOWJAIL)) != 0) {
+ (error = cap_check_cred(oldcred, CAP_SETGID, SUSER_ALLOWJAIL))
+ != 0) {
PROC_UNLOCK(p);
crfree(newcred);
return (error);
@@ -794,7 +794,7 @@
newcred = crget();
PROC_LOCK(p);
oldcred = p->p_ucred;
- error = cap_check_cred(oldcred, NULL, CAP_SETGID, SUSER_ALLOWJAIL);
+ error = cap_check_cred(oldcred, CAP_SETGID, SUSER_ALLOWJAIL);
if (error) {
PROC_UNLOCK(p);
crfree(newcred);
@@ -858,8 +858,8 @@
ruid != oldcred->cr_svuid) ||
(euid != (uid_t)-1 && euid != oldcred->cr_uid &&
euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) &&
- (error = cap_check_cred(oldcred, NULL, CAP_SETUID,
- SUSER_ALLOWJAIL)) != 0) {
+ (error = cap_check_cred(oldcred, CAP_SETUID, SUSER_ALLOWJAIL))
+ != 0) {
PROC_UNLOCK(p);
uifree(ruip);
uifree(euip);
@@ -915,8 +915,8 @@
rgid != oldcred->cr_svgid) ||
(egid != (gid_t)-1 && egid != oldcred->cr_groups[0] &&
egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) &&
- (error = cap_check_cred(oldcred, NULL, CAP_SETGID,
- SUSER_ALLOWJAIL)) != 0) {
+ (error = cap_check_cred(oldcred, CAP_SETGID, SUSER_ALLOWJAIL))
+ != 0) {
PROC_UNLOCK(p);
crfree(newcred);
return (error);
@@ -990,8 +990,8 @@
(suid != (uid_t)-1 && suid != oldcred->cr_ruid &&
suid != oldcred->cr_svuid &&
suid != oldcred->cr_uid)) &&
- (error = cap_check_cred(oldcred, NULL, CAP_SETUID,
- SUSER_ALLOWJAIL)) != 0) {
+ (error = cap_check_cred(oldcred, CAP_SETUID, SUSER_ALLOWJAIL))
+ != 0) {
PROC_UNLOCK(p);
uifree(ruip);
uifree(euip);
@@ -1059,8 +1059,8 @@
(sgid != (gid_t)-1 && sgid != oldcred->cr_rgid &&
sgid != oldcred->cr_svgid &&
sgid != oldcred->cr_groups[0])) &&
- (error = cap_check_cred(oldcred, NULL, CAP_SETGID,
- SUSER_ALLOWJAIL)) != 0) {
+ (error = cap_check_cred(oldcred, CAP_SETGID, SUSER_ALLOWJAIL))
+ != 0) {
PROC_UNLOCK(p);
crfree(newcred);
return (error);
@@ -1338,7 +1338,7 @@
{
if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) {
- if (cap_check_cred(u1, NULL, CAP_SETUID, SUSER_ALLOWJAIL) != 0)
+ if (cap_check_cred(u1, CAP_SETUID, SUSER_ALLOWJAIL) != 0)
return (ESRCH);
}
return (0);
@@ -1494,7 +1494,7 @@
break;
default:
/* Not permitted without privilege. */
- error = cap_check_cred(cred, NULL, CAP_KILL,
+ error = cap_check_cred(cred, CAP_KILL,
SUSER_ALLOWJAIL);
if (error)
return (error);
@@ -1510,7 +1510,7 @@
cred->cr_uid != proc->p_ucred->cr_ruid &&
cred->cr_uid != proc->p_ucred->cr_svuid) {
/* Not permitted without privilege. */
- error = cap_check_cred(cred, NULL, CAP_KILL, SUSER_ALLOWJAIL);
+ error = cap_check_cred(cred, CAP_KILL, SUSER_ALLOWJAIL);
if (error)
return (error);
}
@@ -1579,8 +1579,7 @@
return (0);
if (td->td_ucred->cr_uid == p->p_ucred->cr_ruid)
return (0);
- if (cap_check_cred(td->td_ucred, td, CAP_SYS_NICE, SUSER_ALLOWJAIL)
- == 0)
+ if (cap_check_cred(td->td_ucred, CAP_SYS_NICE, SUSER_ALLOWJAIL) == 0)
return (0);
return (EPERM);
@@ -1618,7 +1617,7 @@
KASSERT(td == curthread, ("%s: td not curthread", __func__));
PROC_LOCK_ASSERT(p, MA_OWNED);
if (!unprivileged_proc_debug) {
- error = cap_check_cred(td->td_ucred, td, CAP_SYS_PTRACE,
+ error = cap_check_cred(td->td_ucred, CAP_SYS_PTRACE,
SUSER_ALLOWJAIL);
if (error)
return (error);
@@ -1671,7 +1670,7 @@
* require CAP_SYS_PTRACE.
*/
if (!grpsubset || !uidsubset || credentialchanged) {
- error = cap_check_cred(td->td_ucred, td, CAP_SYS_PTRACE,
+ error = cap_check_cred(td->td_ucred, CAP_SYS_PTRACE,
SUSER_ALLOWJAIL);
if (error)
return (error);
@@ -1958,7 +1957,7 @@
int error;
char logintmp[MAXLOGNAME];
- error = cap_check_cred(td->td_ucred, td, CAP_SETUID, SUSER_ALLOWJAIL);
+ error = cap_check_cred(td->td_ucred, CAP_SETUID, SUSER_ALLOWJAIL);
if (error)
return (error);
error = copyinstr(uap->namebuf, logintmp, sizeof(logintmp), NULL);
==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_resource.c#9 (text+ko) ====
@@ -575,7 +575,7 @@
alimp = &oldlim->pl_rlimit[which];
if (limp->rlim_cur > alimp->rlim_max ||
limp->rlim_max > alimp->rlim_max)
- if ((error = cap_check_cred(td->td_ucred, td, CAP_SYS_RESOURCE,
+ if ((error = cap_check_cred(td->td_ucred, CAP_SYS_RESOURCE,
SUSER_ALLOWJAIL))) {
PROC_UNLOCK(p);
lim_free(newlim);
==== //depot/projects/trustedbsd/sebsd/sys/kern/kern_sysctl.c#9 (text+ko) ====
@@ -1218,7 +1218,7 @@
flags = SUSER_ALLOWJAIL;
else
flags = 0;
- error = cap_check_cred(req->td->td_ucred, req->td, CAP_SYS_ADMIN, flags);
+ error = cap_check_cred(req->td->td_ucred, CAP_SYS_ADMIN, flags);
if (error)
return (error);
}
==== //depot/projects/trustedbsd/sebsd/sys/kern/vfs_mount.c#15 (text+ko) ====
@@ -1498,7 +1498,7 @@
vfsp = vfs_byname("devfs");
if (vfsp == NULL)
break;
- error = vfs_mount_alloc(NULLVP, vfsp, "/dev", td, &mp);
+ error = vfs_mount_alloc(NULLVP, vfsp, "/dev", td, NULL, &mp);
if (error)
break;
mp->mnt_flag |= MNT_RDONLY;
==== //depot/projects/trustedbsd/sebsd/sys/kern/vfs_subr.c#12 (text+ko) ====
@@ -3605,26 +3605,25 @@
* VEXEC requests, instead of CAP_DAC_EXECUTE.
*/
if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
- !cap_check_cred(cred, NULL, CAP_DAC_READ_SEARCH,
+ !cap_check_cred(cred, CAP_DAC_READ_SEARCH,
SUSER_ALLOWJAIL))
cap_granted |= VEXEC;
} else {
if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
- !cap_check_cred(cred, NULL, CAP_DAC_EXECUTE,
- SUSER_ALLOWJAIL))
+ !cap_check_cred(cred, CAP_DAC_EXECUTE, SUSER_ALLOWJAIL))
cap_granted |= VEXEC;
}
if ((acc_mode & VREAD) && ((dac_granted & VREAD) == 0) &&
- !cap_check_cred(cred, NULL, CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL))
+ !cap_check_cred(cred, CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL))
cap_granted |= VREAD;
if ((acc_mode & VWRITE) && ((dac_granted & VWRITE) == 0) &&
- !cap_check_cred(cred, NULL, CAP_DAC_WRITE, SUSER_ALLOWJAIL))
+ !cap_check_cred(cred, CAP_DAC_WRITE, SUSER_ALLOWJAIL))
cap_granted |= (VWRITE | VAPPEND);
if ((acc_mode & VADMIN) && ((dac_granted & VADMIN) == 0) &&
- !cap_check_cred(cred, NULL, CAP_FOWNER, SUSER_ALLOWJAIL))
+ !cap_check_cred(cred, CAP_FOWNER, SUSER_ALLOWJAIL))
cap_granted |= VADMIN;
if ((acc_mode & (cap_granted | dac_granted)) == acc_mode) {
@@ -3662,7 +3661,7 @@
switch (attrnamespace) {
case EXTATTR_NAMESPACE_SYSTEM:
/* Potentially should be: return (EPERM); */
- return (cap_check_cred(cred, td, CAP_SYS_SETFFLAG, 0));
+ return (cap_check_cred(cred, CAP_SYS_SETFFLAG, 0));
case EXTATTR_NAMESPACE_USER:
return (VOP_ACCESS(vp, access, cred, td));
default:
==== //depot/projects/trustedbsd/sebsd/sys/kern/vfs_syscalls.c#14 (text+ko) ====
@@ -813,8 +813,7 @@
int error;
struct nameidata nd;
- error = cap_check_cred(td->td_ucred, td, CAP_SYS_CHROOT,
- SUSER_ALLOWJAIL);
+ error = cap_check_cred(td->td_ucred, CAP_SYS_CHROOT, SUSER_ALLOWJAIL);
if (error)
return (error);
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, uap->path, td);
@@ -1178,7 +1177,7 @@
error = cap_check(td, CAP_MKNOD);
break;
default:
- error = cap_check_cred(td->td_ucred, td, CAP_MKNOD,
+ error = cap_check_cred(td->td_ucred, CAP_MKNOD,
SUSER_ALLOWJAIL);
break;
}
@@ -1374,7 +1373,7 @@
struct vattr va;
int error;
- if (cap_check_cred(cred, NULL, CAP_SYS_ADMIN, SUSER_ALLOWJAIL) == 0)
+ if (cap_check_cred(cred, CAP_SYS_ADMIN, SUSER_ALLOWJAIL) == 0)
return (0);
if (!hardlink_check_uid && !hardlink_check_gid)
@@ -2320,7 +2319,7 @@
* chown can't fail when done as root.
*/
if (vp->v_type == VCHR || vp->v_type == VBLK) {
- error = cap_check_cred(td->td_ucred, td, CAP_SYS_SETFFLAG,
+ error = cap_check_cred(td->td_ucred, CAP_SYS_SETFFLAG,
SUSER_ALLOWJAIL);
if (error)
return (error);
@@ -3762,7 +3761,7 @@
}
VOP_UNLOCK(vp, 0, td);
if (td->td_ucred->cr_uid != vattr.va_uid) {
- error = cap_check_cred(td->td_ucred, td, CAP_SYS_ADMIN,
+ error = cap_check_cred(td->td_ucred, CAP_SYS_ADMIN,
SUSER_ALLOWJAIL);
if (error)
goto out;
==== //depot/projects/trustedbsd/sebsd/sys/netinet/in_pcb.c#14 (text+ko) ====
@@ -322,7 +322,7 @@
/* GROSS */
if (ntohs(lport) <= ipport_reservedhigh &&
ntohs(lport) >= ipport_reservedlow &&
- cap_check_cred(cred, NULL, CAP_NET_BIND_SERVICE,
+ cap_check_cred(cred, CAP_NET_BIND_SERVICE,
SUSER_ALLOWJAIL))
return (EACCES);
if (jailed(cred))
@@ -385,7 +385,7 @@
last = ipport_hilastauto;
lastport = &pcbinfo->lasthi;
} else if (inp->inp_flags & INP_LOWPORT) {
- if ((error = cap_check_cred(cred, NULL,
+ if ((error = cap_check_cred(cred,
CAP_NET_BIND_SERVICE, SUSER_ALLOWJAIL)) != 0)
return error;
first = ipport_lowfirstauto; /* 1023 */
==== //depot/projects/trustedbsd/sebsd/sys/netinet/raw_ip.c#13 (text+ko) ====
@@ -585,7 +585,7 @@
INP_INFO_WUNLOCK(&ripcbinfo);
return (EPERM);
}
- if (td && (error = cap_check_cred(td->td_ucred, td, CAP_NET_RAW,
+ if (td && (error = cap_check_cred(td->td_ucred, CAP_NET_RAW,
SUSER_ALLOWJAIL)) != 0) {
INP_INFO_WUNLOCK(&ripcbinfo);
return error;
==== //depot/projects/trustedbsd/sebsd/sys/netinet/tcp_subr.c#13 (text+ko) ====
@@ -996,7 +996,7 @@
struct inpcb *inp;
int error, s;
- error = cap_check_cred(req->td->td_ucred, req->td, CAP_SYS_ADMIN,
+ error = cap_check_cred(req->td->td_ucred, CAP_SYS_ADMIN,
SUSER_ALLOWJAIL);
if (error)
return (error);
@@ -1043,7 +1043,7 @@
struct inpcb *inp;
int error, s, mapped = 0;
- error = cap_check_cred(req->td->td_ucred, req->td, CAP_SYS_ADMIN,
+ error = cap_check_cred(req->td->td_ucred, CAP_SYS_ADMIN,
SUSER_ALLOWJAIL);
if (error)
return (error);
==== //depot/projects/trustedbsd/sebsd/sys/netinet/udp_usrreq.c#12 (text+ko) ====
@@ -688,7 +688,7 @@
struct inpcb *inp;
int error, s;
- error = cap_check_cred(req->td->td_ucred, req->td, CAP_SYS_ADMIN,
+ error = cap_check_cred(req->td->td_ucred, CAP_SYS_ADMIN,
SUSER_ALLOWJAIL);
if (error)
return (error);
==== //depot/projects/trustedbsd/sebsd/sys/netinet6/in6_pcb.c#13 (text+ko) ====
@@ -190,7 +190,7 @@
/* GROSS */
if (ntohs(lport) < IPV6PORT_RESERVED &&
- cap_check_cred(cred, NULL, CAP_NET_BIND_SERVICE,
+ cap_check_cred(cred, CAP_NET_BIND_SERVICE,
SUSER_ALLOWJAIL))
return (EACCES);
if (so->so_cred->cr_uid != 0 &&
==== //depot/projects/trustedbsd/sebsd/sys/netinet6/in6_src.c#9 (text+ko) ====
@@ -760,7 +760,7 @@
last = ipport_hilastauto;
lastport = &pcbinfo->lasthi;
} else if (inp->inp_flags & INP_LOWPORT) {
- if ((error = cap_check_cred(cred, NULL, CAP_NET_BIND_SERVICE, 0)))
+ if ((error = cap_check_cred(cred, CAP_NET_BIND_SERVICE, 0)))
return error;
first = ipport_lowfirstauto; /* 1023 */
last = ipport_lowlastauto; /* 600 */
==== //depot/projects/trustedbsd/sebsd/sys/netncp/ncp_conn.c#6 (text+ko) ====
@@ -113,7 +113,7 @@
{
int error;
- if (cred == NOCRED || !cap_check_cred (cred, NULL, CAP_NET_ADMIN, 0) ||
+ if (cred == NOCRED || !cap_check_cred(cred, CAP_NET_ADMIN, 0) ||
cred->cr_uid == conn->nc_owner->cr_uid)
return 0;
mode >>= 3;
@@ -226,10 +226,10 @@
/*
* Only root can change ownership
*/
- if (cap->owner != NCP_DEFAULT_OWNER && !cap_check_cred (cred, NULL, CAP_NET_ADMIN, 0))
+ if (cap->owner != NCP_DEFAULT_OWNER && !cap_check_cred(cred, CAP_NET_ADMIN, 0))
return EPERM;
if (cap->group != NCP_DEFAULT_GROUP &&
- !groupmember(cap->group, cred) && !cap_check_cred (cred, NULL, CAP_NET_ADMIN, 0))
+ !groupmember(cap->group, cred) && !cap_check_cred(cred, CAP_NET_ADMIN, 0))
return EPERM;
if (cap->owner != NCP_DEFAULT_OWNER) {
owner = crget();
@@ -417,7 +417,7 @@
bcmp(&ncp->li.saddr,&ncp->li.saddr,li->saddr.sa_len) != 0)
continue;
if (cred->cr_uid == ncp->nc_owner->cr_uid ||
- !cap_check_cred (cred, NULL, CAP_NET_ADMIN, 0))
+ !cap_check_cred(cred, CAP_NET_ADMIN, 0))
break;
error = ncp_conn_access(ncp,cred,mode);
if (!error && ncp2 == NULL)
@@ -475,7 +475,7 @@
if (cred->cr_uid == ncp->nc_owner->cr_uid)
break;
/* XXX: seems redundant with lower ncp_conn_access() call */
- if (cap_check_cred(cred, NULL, CAP_NET_ADMIN, 0) == 0)
+ if (cap_check_cred(cred, CAP_NET_ADMIN, 0) == 0)
ncp2 = ncp;
}
error = ncp_conn_access(ncp,cred,mode);
==== //depot/projects/trustedbsd/sebsd/sys/netncp/ncp_mod.c#8 (text+ko) ====
@@ -178,7 +178,8 @@
{
int error;
- if (cred->cr_uid != conn->nc_owner->cr_uid && cap_check_cred(cred, NULL, CAP_NET_ADMIN, 0) != 0)
+ if (cred->cr_uid != conn->nc_owner->cr_uid && cap_check_cred(cred,
+ CAP_NET_ADMIN, 0) != 0)
return EACCES;
conn->li.user = ncp_str_dup(user);
if (conn->li.user == NULL)
==== //depot/projects/trustedbsd/sebsd/sys/netsmb/smb_subr.h#7 (text+ko) ====
@@ -68,7 +68,7 @@
SIGISMEMBER(set, SIGHUP) || SIGISMEMBER(set, SIGKILL) || \
SIGISMEMBER(set, SIGQUIT))
-#define smb_suser(cred) cap_check_cred(cred, NULL, CAP_NET_ADMIN, 0)
+#define smb_suser(cred) cap_check_cred(cred, CAP_NET_ADMIN, 0)
/*
* Compatibility wrappers for simple locks
==== //depot/projects/trustedbsd/sebsd/sys/nfsclient/nfs_vfsops.c#12 (text+ko) ====
@@ -53,6 +53,7 @@
#include <sys/sockio.h>
#include <sys/sysctl.h>
#include <sys/vnode.h>
+#include <sys/capability.h>
#include <vm/vm.h>
#include <vm/vm_extern.h>
@@ -1023,7 +1024,7 @@
return (error);
}
if (req->newptr != NULL) {
- error = vfs_suser(mp, req->td);
+ error = vfs_cap_check(mp, req->td, CAP_SYS_ADMIN);
if (error)
return (error);
error = SYSCTL_IN(req, &nmp->nm_tprintf_initial_delay,
==== //depot/projects/trustedbsd/sebsd/sys/sys/capability.h#5 (text+ko) ====
@@ -195,8 +195,7 @@
struct ucred;
struct vnode;
-int cap_check_cred(struct ucred *, struct thread *, cap_value_t,
- int jailflag);
+int cap_check_cred(struct ucred *, cap_value_t, int jailflag);
int cap_check(struct thread *, cap_value_t);
const char *capv_to_text(cap_value_t capv);
==== //depot/projects/trustedbsd/sebsd/sys/sys/conf.h#11 (text+ko) ====
@@ -262,7 +262,7 @@
struct cdev *makebdev(int _maj, int _min);
struct cdev *make_dev(struct cdevsw *_devsw, int _minor, uid_t _uid, gid_t _gid,
int _perms, const char *_fmt, ...) __printflike(6, 7);
-dev_t make_dev_cred(struct cdevsw *_devsw, int _minor, struct ucred *cr,
+struct cdev *make_dev_cred(struct cdevsw *_devsw, int _minor, struct ucred *cr,
int _perms, const char *_fmt, ...) __printflike(5, 6);
struct cdev *make_dev_alias(struct cdev *_pdev, const char *_fmt, ...) __printflike(2, 3);
int dev2unit(struct cdev *_dev);
@@ -291,7 +291,8 @@
int dev_stdclone(char *_name, char **_namep, const char *_stem, int *_unit);
EVENTHANDLER_DECLARE(dev_clone, dev_clone_fn);
-typedef void (*dev_clone_cred_fn)(void *arg, struct ucred *cr, char *name, int namelen, dev_t *result);
+typedef void (*dev_clone_cred_fn)(void *arg, struct ucred *cred, char *name,
+ int namelen, struct cdev **result);
EVENTHANDLER_DECLARE(dev_clone_cred, dev_clone_cred_fn);
/* Stuff relating to kernel-dump */
==== //depot/projects/trustedbsd/sebsd/sys/sys/mount.h#12 (text+ko) ====
@@ -588,7 +588,7 @@
void vfs_mountroot(void); /* mount our root filesystem */
int vfs_rootmountalloc(char *, char *, struct mount **);
void vfs_mount_destroy(struct mount *, struct thread *);
-int vfs_suser(struct mount *, struct thread *);
+int vfs_cap_check(struct mount *, struct thread *, u_int64_t);
void vfs_unbusy(struct mount *, struct thread *);
void vfs_unmountall(void);
int vfs_register(struct vfsconf *);
==== //depot/projects/trustedbsd/sebsd/sys/ufs/ffs/ffs_alloc.c#9 (text+ko) ====
@@ -159,7 +159,7 @@
if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0)
goto nospace;
if (freespace(fs, fs->fs_minfree) - numfrags(fs, size) < 0 &&
- cap_check_cred(cred, NULL, CAP_SYS_RESOURCE, SUSER_ALLOWJAIL))
+ cap_check_cred(cred, CAP_SYS_RESOURCE, SUSER_ALLOWJAIL))
goto nospace;
#ifdef QUOTA
error = chkdq(ip, btodb(size), cred, 0);
@@ -240,7 +240,7 @@
reclaimed = 0;
retry:
if (freespace(fs, fs->fs_minfree) - numfrags(fs, nsize - osize) < 0 &&
- cap_check_cred(cred, NULL, CAP_SYS_RESOURCE, SUSER_ALLOWJAIL))
+ cap_check_cred(cred, CAP_SYS_RESOURCE, SUSER_ALLOWJAIL))
goto nospace;
if (bprev == 0) {
printf("dev = %s, bsize = %ld, bprev = %jd, fs = %s\n",
==== //depot/projects/trustedbsd/sebsd/sys/ufs/ufs/ufs_quota.c#9 (text+ko) ====
@@ -157,7 +157,8 @@
}
return (0);
}
- if ((flags & FORCE) == 0 && cap_check_cred(cred, NULL, CAP_SYS_RESOURCE, 0)) {
+ if ((flags & FORCE) == 0 && cap_check_cred(cred, CAP_SYS_RESOURCE,
+ 0)) {
for (i = 0; i < MAXQUOTAS; i++) {
if ((dq = ip->i_dquot[i]) == NODQUOT)
continue;
@@ -280,7 +281,8 @@
}
return (0);
}
- if ((flags & FORCE) == 0 && cap_check_cred(cred, NULL, CAP_SYS_RESOURCE, 0)) {
+ if ((flags & FORCE) == 0 && cap_check_cred(cred, CAP_SYS_RESOURCE,
+ 0)) {
for (i = 0; i < MAXQUOTAS; i++) {
if ((dq = ip->i_dquot[i]) == NODQUOT)
continue;
@@ -408,8 +410,7 @@
int error, flags;
struct nameidata nd;
- error = cap_check_cred(td->td_ucred, NULL, CAP_SYS_ADMIN,
- SUSER_ALLOWJAIL);
+ error = cap_check_cred(td->td_ucred, CAP_SYS_ADMIN, SUSER_ALLOWJAIL);
if (error)
return (error);
@@ -497,8 +498,7 @@
struct inode *ip;
int error;
- error = cap_check_cred(td->td_ucred, NULL, CAP_SYS_ADMIN,
- SUSER_ALLOWJAIL);
+ error = cap_check_cred(td->td_ucred, CAP_SYS_ADMIN, SUSER_ALLOWJAIL);
if (error)
return (error);
@@ -565,8 +565,8 @@
switch (type) {
case USRQUOTA:
if ((td->td_ucred->cr_uid != id) && !unprivileged_get_quota) {
- error = cap_check_cred(td->td_ucred, td,
- CAP_SYS_ADMIN, SUSER_ALLOWJAIL);
+ error = cap_check_cred(td->td_ucred, CAP_SYS_ADMIN,
+ SUSER_ALLOWJAIL);
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list