PERFORCE change 107146 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=107146

Change 107146 by rwatson at rwatson_peppercorn on 2006/10/03 07:50:08

	Update alpha for priv(9), as alpha does not exist in 7-CURRENT.

Affected files ...

.. //depot/projects/trustedbsd/priv6/src/sys/alpha/alpha/promcons.c#2 edit
.. //depot/projects/trustedbsd/priv6/src/sys/alpha/alpha/sys_machdep.c#2 edit
.. //depot/projects/trustedbsd/priv6/src/sys/alpha/osf1/osf1_misc.c#2 edit

Differences ...

==== //depot/projects/trustedbsd/priv6/src/sys/alpha/alpha/promcons.c#2 (text+ko) ====

@@ -36,6 +36,7 @@
 #include <sys/bus.h>
 #include <sys/conf.h>
 #include <sys/tty.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/cons.h>
 
@@ -111,7 +112,8 @@
 		ttsetwater(tp);
 
 		setuptimeout = 1;
-	} else if ((tp->t_state & TS_XCLUDE) && suser(td)) {
+	} else if ((tp->t_state & TS_XCLUDE) &&
+	    priv_check(td, PRIV_TTY_EXCLUSIVE)) {
 		splx(s);
 		return EBUSY;
 	}

==== //depot/projects/trustedbsd/priv6/src/sys/alpha/alpha/sys_machdep.c#2 (text+ko) ====

@@ -39,6 +39,7 @@
 #include <sys/lock.h>
 #include <sys/mac.h>
 #include <sys/mutex.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/sysent.h>
 #include <sys/sysproto.h>
@@ -124,7 +125,7 @@
 	if (error)
 		return (error);
 
-	error = suser(td);
+	error = priv_check(td, PRIV_IO);
 	if (error)
 		return (error);
 

==== //depot/projects/trustedbsd/priv6/src/sys/alpha/osf1/osf1_misc.c#2 (text+ko) ====

@@ -49,6 +49,7 @@
 #include <sys/mutex.h>
 #include <sys/namei.h>
 #include <sys/param.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/reboot.h>
 #include <sys/resource.h>
@@ -902,12 +903,15 @@
 	PROC_LOCK(p);
 	oldcred = p->p_ucred;
 
-	if ((error = suser_cred(p->p_ucred, SUSER_ALLOWJAIL)) != 0 &&
-	    uid != oldcred->cr_ruid && uid != oldcred->cr_svuid) {
-		PROC_UNLOCK(p);
-		uifree(uip);
-		crfree(newcred);
-		return (error);
+	if (uid != oldcred->cr_ruid && uid != oldcred->cr_svuid) {
+		error = priv_check_cred(p->p_ucred, PRIV_SETUID,
+		    SUSER_ALLOWJAIL);
+		if (error) {
+			PROC_UNLOCK(p);
+			uifree(uip);
+			crfree(newcred);
+			return (error);
+		}
 	}
 
 	crcopy(newcred, oldcred);
@@ -956,11 +960,14 @@
 	PROC_LOCK(p);
 	oldcred = p->p_ucred;
 
-	if (((error = suser_cred(p->p_ucred, SUSER_ALLOWJAIL)) != 0 ) &&
-	    gid != oldcred->cr_rgid && gid != oldcred->cr_svgid) {
-		PROC_UNLOCK(p);
-		crfree(newcred);
-		return (error);
+	if (gid != oldcred->cr_rgid && gid != oldcred->cr_svgid) {
+		error = priv_check_cred(p->p_ucred, PRIV_SETGID,
+		    SUSER_ALLOWJAIL);
+		if (error) {
+			PROC_UNLOCK(p);
+			crfree(newcred);
+			return (error);
+		}
 	}
 
 	crcopy(newcred, oldcred);