DragonFly submit List (threaded) for 2008-12
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Hi,
So instead of
suser(td)
you write:
priv_check(td, PRIV_ROOT);
In sys/priv.h all existing privileges are defined.
The new API is as follows:
Regards,
Michael
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
suser to priv conversion patch
| From: | Michael Neumann <mneumann@xxxxxxxx> |
| Date: | Mon, 29 Dec 2008 19:16:02 +0100 |
Hi,
I've attached a patch that replaces suser(9) with priv(9). Priv(9) is a new API used by FreeBSD, and what it adds is fine-grained control over which privelges are requested (and granted in turn).
So instead of
suser(td)
you write:
priv_check(td, PRIV_ROOT);
This will request ROOT privileges (which is equivalent to the suser() call above). Of course PRIV_ROOT is not recommended and only serves until all privileges are replaced by more fine grained privileges.
In sys/priv.h all existing privileges are defined.
The new API is as follows:
int priv_check(struct thread *td, int priv); int priv_check_cred(struct ucred *cred, int priv, int flag);
Old suser calls still work, but should be avoided and replaced by the corresponding priv_* call.
The patch does not (yet) modify the way privileges are granted, i.e. the implementation is identical to the corresponding suser_*() function.
If no one objects, I'd like to commit this soon to then concentrate on introducing fine-grained privileges. If possible, I'd like to (later) get rid of the flags argument of priv_check_cred() (or suser_cred()), which can be either NULL_CRED_OKAY or PRISON_ROOT, but I've not yet thought about it throrrowly enough.
Regards,
Michael
commit 57962f80aecf03c023853992fea471246a0adc3a
Author: Michael Neumann <mneumann@ntecs.de>
Date: Tue Dec 16 21:48:47 2008 +0000
Use jailed() inline-function
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 948c724..3d01f14 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -126,7 +126,7 @@ sys_mount(struct mount_args *uap)
struct ucred *cred = p->p_ucred;
KKASSERT(p);
- if (cred->cr_prison != NULL)
+ if (jailed(cred))
return (EPERM);
if (usermount == 0 && (error = priv_check(td, PRIV_ROOT)))
return (error);
commit f00b5e4e0872278fd14729354d116502c11cffe5
Author: Michael Neumann <mneumann@ntecs.de>
Date: Tue Dec 16 21:46:10 2008 +0000
Use more specific privilege PRIV_VFS_GENERATION
diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index db2c1ec..cf0ca8e 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -945,7 +945,9 @@ vn_stat(struct vnode *vp, struct stat *sb, struct ucred *cred)
}
sb->st_flags = vap->va_flags;
- if (priv_check_cred(cred, PRIV_ROOT, 0))
+
+ error = priv_check_cred(cred, PRIV_VFS_GENERATION, 0);
+ if (error)
sb->st_gen = 0;
else
sb->st_gen = (u_int32_t)vap->va_gen;
commit 75bda2d9f3adc0b067ea8c5ef2c1ceef0ddd3cab
Author: Michael Neumann <mneumann@ntecs.de>
Date: Mon Dec 15 16:17:49 2008 +0000
Fix missing includes
diff --git a/sys/vfs/procfs/procfs_ctl.c b/sys/vfs/procfs/procfs_ctl.c
index f5b260e..3912fd1 100644
--- a/sys/vfs/procfs/procfs_ctl.c
+++ b/sys/vfs/procfs/procfs_ctl.c
@@ -44,6 +44,7 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/vnode.h>
#include <sys/ptrace.h>
#include <sys/signalvar.h>
diff --git a/sys/vfs/procfs/procfs_dbregs.c b/sys/vfs/procfs/procfs_dbregs.c
index 291af64..939a6b5 100644
--- a/sys/vfs/procfs/procfs_dbregs.c
+++ b/sys/vfs/procfs/procfs_dbregs.c
@@ -46,6 +46,7 @@
#include <sys/param.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/vnode.h>
#include <sys/reg.h>
#include <vfs/procfs/procfs.h>
diff --git a/sys/vfs/procfs/procfs_fpregs.c b/sys/vfs/procfs/procfs_fpregs.c
index b57d676..7692af3 100644
--- a/sys/vfs/procfs/procfs_fpregs.c
+++ b/sys/vfs/procfs/procfs_fpregs.c
@@ -43,6 +43,7 @@
#include <sys/param.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/vnode.h>
#include <sys/reg.h>
#include <vfs/procfs/procfs.h>
diff --git a/sys/vfs/procfs/procfs_mem.c b/sys/vfs/procfs/procfs_mem.c
index 56e6a2b..9d1426e 100644
--- a/sys/vfs/procfs/procfs_mem.c
+++ b/sys/vfs/procfs/procfs_mem.c
@@ -49,6 +49,7 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/vnode.h>
#include <vfs/procfs/procfs.h>
#include <vm/vm.h>
diff --git a/sys/vfs/procfs/procfs_regs.c b/sys/vfs/procfs/procfs_regs.c
index 932b7e9..5e51c71 100644
--- a/sys/vfs/procfs/procfs_regs.c
+++ b/sys/vfs/procfs/procfs_regs.c
@@ -43,6 +43,7 @@
#include <sys/param.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/vnode.h>
#include <sys/reg.h>
#include <vfs/procfs/procfs.h>
diff --git a/sys/vfs/procfs/procfs_status.c b/sys/vfs/procfs/procfs_status.c
index 628cf81..9a42620 100644
--- a/sys/vfs/procfs/procfs_status.c
+++ b/sys/vfs/procfs/procfs_status.c
@@ -45,6 +45,7 @@
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/jail.h>
#include <sys/vnode.h>
#include <sys/tty.h>
commit 28eeae899942460b3f51aa64811fc3ae0d46797b
Author: Michael Neumann <mneumann@ntecs.de>
Date: Mon Dec 15 16:05:25 2008 +0000
Fix missing include
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 5ebfe17..732659d 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -53,6 +53,7 @@
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/malloc.h>
#include <sys/pioctl.h>
#include <sys/resourcevar.h>
commit d46b588e8181306f8e88c9068d70b4a8ab9c54b5
Author: Michael Neumann <mneumann@ntecs.de>
Date: Mon Dec 15 16:00:10 2008 +0000
Depreciate suser_*. Instead use priv_check_*.
The suser_* functions now internally call the corresponding
priv_check_* functions.
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 68df28e..5ebfe17 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -817,72 +817,76 @@ groupmember(gid_t gid, struct ucred *cred)
/*
* Test whether the specified credentials imply "super-user"
- * privilege; if so, and we have accounting info, set the flag
- * indicating use of super-powers. A kernel thread without a process
- * context is assumed to have super user capabilities. In situations
- * where the caller always expect a cred to exist, the cred should be
- * passed separately and suser_cred()should be used instead of suser().
+ * privilege.
+ *
+ * Depreciated! Use priv_check() instead.
+ */
+int
+suser(struct thread *td)
+{
+ return priv_check(td, PRIV_ROOT);
+}
+
+/*
+ * Depreciated! Use priv_check_cred() instead.
+ */
+int
+suser_cred(struct ucred *cred, int flag)
+{
+ return priv_check_cred(cred, PRIV_ROOT, flag);
+}
+
+/*
+ * Test whether the specified credentials have the privilege
+ * in question.
+ *
+ * A kernel thread without a process context is assumed to have
+ * the privilege in question. In situations where the caller always
+ * expect a cred to exist, the cred should be passed separately and
+ * priv_check_cred() should be used instead of priv_check().
*
* Returns 0 or error.
*/
int
-suser(struct thread *td)
+priv_check(struct thread *td, int priv)
{
struct proc *p = td->td_proc;
if (p != NULL) {
- return suser_cred(p->p_ucred, 0);
+ return priv_check_cred(p->p_ucred, priv, 0);
} else {
return (0);
}
}
/*
+ * Check a credential for privilege.
+ *
* A non-null credential is expected unless NULL_CRED_OKAY is set.
*/
int
-suser_cred(struct ucred *cred, int flag)
+priv_check_cred(struct ucred *cred, int priv, int flags)
{
- KASSERT(cred != NULL || flag & NULL_CRED_OKAY,
- ("suser_cred: NULL cred!"));
+ KASSERT(PRIV_VALID(priv), ("priv_check_cred: invalid privilege"));
+
+ KASSERT(cred != NULL || flags & NULL_CRED_OKAY,
+ ("priv_check_cred: NULL cred!"));
if (cred == NULL) {
- if (flag & NULL_CRED_OKAY)
+ if (flags & NULL_CRED_OKAY)
return (0);
else
return (EPERM);
}
if (cred->cr_uid != 0)
return (EPERM);
- if (cred->cr_prison && !(flag & PRISON_ROOT))
+ if (cred->cr_prison && !(flags & PRISON_ROOT))
return (EPERM);
/* NOTE: accounting for suser access (p_acflag/ASU) removed */
return (0);
}
/*
- * Check for privilege.
- *
- * YYY: For now this is just a wrapper calling suser().
- */
-int
-priv_check(struct thread *td, int priv)
-{
- return suser(td);
-}
-
-/*
- * Check a credential for privilege.
- *
- * YYY: For now this is just a wrapper calling suser_cred().
- */
-int
-priv_check_cred(struct ucred *cred, int priv, int flags)
-{
- return suser_cred(cred, flags);
-}
-
-/*
* Return zero if p1 can fondle p2, return errno (EPERM/ESRCH) otherwise.
*/
int
commit 895c1f850848cf50a3243e134345f0d4ff33ac59
Author: Michael Neumann <mneumann@ntecs.de>
Date: Mon Dec 15 14:55:51 2008 +0000
suser_* to priv_* conversion
diff --git a/sys/dev/disk/ata/atapi-cd.c b/sys/dev/disk/ata/atapi-cd.c
index 413a79e..37f6b6e 100644
--- a/sys/dev/disk/ata/atapi-cd.c
+++ b/sys/dev/disk/ata/atapi-cd.c
@@ -36,6 +36,7 @@
#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/buf.h>
#include <sys/bus.h>
#include <sys/disk.h>
@@ -596,7 +597,7 @@ acdioctl(struct dev_ioctl_args *ap)
case CDIOCRESET:
; /* note: if no proc EPERM will be returned */
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error)
break;
error = atapi_test_ready(cdp->device);
diff --git a/sys/dev/disk/fd/fd.c b/sys/dev/disk/fd/fd.c
index 5d454e6..a50f848 100644
--- a/sys/dev/disk/fd/fd.c
+++ b/sys/dev/disk/fd/fd.c
@@ -72,6 +72,7 @@
#include <sys/malloc.h>
#include <sys/module.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/syslog.h>
#include <sys/device.h>
#include <sys/bus.h>
@@ -2307,7 +2308,7 @@ fdioctl(struct dev_ioctl_args *ap)
case FD_STYPE: /* set drive type */
/* this is considered harmful; only allow for superuser */
- if (suser_cred(ap->a_cred, 0) != 0)
+ if (priv_check_cred(ap->a_cred, PRIV_ROOT, 0) != 0)
return EPERM;
fd->ft = *(struct fd_type *)ap->a_data;
break;
diff --git a/sys/dev/disk/nata/atapi-cd.c b/sys/dev/disk/nata/atapi-cd.c
index 8934366..5346ee0 100644
--- a/sys/dev/disk/nata/atapi-cd.c
+++ b/sys/dev/disk/nata/atapi-cd.c
@@ -44,6 +44,7 @@
#include <sys/module.h>
#include <sys/nata.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/systm.h>
#include "ata-all.h"
@@ -345,7 +346,7 @@ acd_ioctl(struct dev_ioctl_args *ap)
break;
case CDIOCRESET:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error)
break;
error = acd_test_ready(dev);
diff --git a/sys/dev/disk/vn/vn.c b/sys/dev/disk/vn/vn.c
index e012a26..a6f9342 100644
--- a/sys/dev/disk/vn/vn.c
+++ b/sys/dev/disk/vn/vn.c
@@ -61,6 +61,7 @@
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/nlookup.h>
#include <sys/buf.h>
#include <sys/malloc.h>
@@ -479,7 +480,7 @@ vnioctl(struct dev_ioctl_args *ap)
vn_specific:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error)
return (error);
diff --git a/sys/dev/drm/drmP.h b/sys/dev/drm/drmP.h
index f1c8519..859e639 100644
--- a/sys/dev/drm/drmP.h
+++ b/sys/dev/drm/drmP.h
@@ -48,9 +48,7 @@ typedef struct drm_file drm_file_t;
#include <sys/systm.h>
#include <sys/conf.h>
#include <sys/stat.h>
-#if __FreeBSD_version >= 700000
#include <sys/priv.h>
-#endif
#include <sys/proc.h>
#include <sys/lock.h>
#include <sys/fcntl.h>
@@ -276,11 +274,7 @@ enum {
#if defined(__FreeBSD__) || defined(__DragonFly__)
#define PAGE_ALIGN(addr) round_page(addr)
/* DRM_SUSER returns true if the user is superuser */
-#if __FreeBSD_version >= 700000
#define DRM_SUSER(p) (priv_check(p, PRIV_DRIVER) == 0)
-#else
-#define DRM_SUSER(p) (suser(p) == 0)
-#endif
#define DRM_AGP_FIND_DEVICE() agp_find_device()
#define DRM_MTRR_WC MDF_WRITECOMBINE
#define jiffies ticks
diff --git a/sys/dev/misc/dcons/dcons_os.c b/sys/dev/misc/dcons/dcons_os.c
index cf71142..a8edd34 100644
--- a/sys/dev/misc/dcons/dcons_os.c
+++ b/sys/dev/misc/dcons/dcons_os.c
@@ -50,6 +50,7 @@
#include <sys/tty.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/thread2.h>
#include <sys/ucred.h>
#include <sys/bus.h>
@@ -272,7 +273,7 @@ dcons_open(struct dev_open_args *ap)
tp->t_lflag = TTYDEF_LFLAG;
tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
ttsetwater(tp);
- } else if ((tp->t_state & TS_XCLUDE) && suser_cred(ap->a_cred, 0)) {
+ } else if ((tp->t_state & TS_XCLUDE) && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
crit_exit();
return (EBUSY);
}
diff --git a/sys/dev/misc/nmdm/nmdm.c b/sys/dev/misc/nmdm/nmdm.c
index 3cf30c7..be1546d 100644
--- a/sys/dev/misc/nmdm/nmdm.c
+++ b/sys/dev/misc/nmdm/nmdm.c
@@ -44,6 +44,7 @@
#include <sys/ioctl_compat.h>
#endif
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/thread2.h>
#include <sys/tty.h>
#include <sys/conf.h>
@@ -203,7 +204,7 @@ nmdmopen(struct dev_open_args *ap)
tp->t_lflag = TTYDEF_LFLAG;
tp->t_cflag = TTYDEF_CFLAG;
tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
- } else if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0)) {
+ } else if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
return (EBUSY);
} else if (pti->pt_prison != ap->a_cred->cr_prison) {
return (EBUSY);
diff --git a/sys/dev/misc/spigot/spigot.c b/sys/dev/misc/spigot/spigot.c
index a07feb3..8054827 100644
--- a/sys/dev/misc/spigot/spigot.c
+++ b/sys/dev/misc/spigot/spigot.c
@@ -60,6 +60,7 @@ error "Can only have 1 spigot configured."
#include <sys/conf.h>
#include <sys/device.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/signalvar.h>
#include <sys/mman.h>
@@ -166,7 +167,7 @@ spigot_open(struct dev_open_args *ap)
* require sufficient privilege soon and nothing much can be done
* without them.
*/
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return error;
if (securelevel > 0)
@@ -231,7 +232,7 @@ spigot_ioctl(struct dev_ioctl_args *ap)
break;
case SPIGOT_IOPL_ON: /* allow access to the IO PAGE */
#if !defined(SPIGOT_UNSECURE)
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return error;
if (securelevel > 0)
diff --git a/sys/dev/misc/syscons/syscons.c b/sys/dev/misc/syscons/syscons.c
index 9994b31..ce6f4b8 100644
--- a/sys/dev/misc/syscons/syscons.c
+++ b/sys/dev/misc/syscons/syscons.c
@@ -43,6 +43,7 @@
#include <sys/reboot.h>
#include <sys/conf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/signalvar.h>
#include <sys/sysctl.h>
#include <sys/tty.h>
@@ -492,7 +493,7 @@ scopen(struct dev_open_args *ap)
(*linesw[tp->t_line].l_modem)(tp, 1);
}
else
- if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0))
+ if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0))
return(EBUSY);
error = (*linesw[tp->t_line].l_open)(dev, tp);
@@ -1002,7 +1003,7 @@ scioctl(struct dev_ioctl_args *ap)
return 0;
case KDENABIO: /* allow io operations */
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return error;
if (securelevel > 0)
diff --git a/sys/dev/misc/syscons/sysmouse.c b/sys/dev/misc/syscons/sysmouse.c
index a51d17c..86e1e40 100644
--- a/sys/dev/misc/syscons/sysmouse.c
+++ b/sys/dev/misc/syscons/sysmouse.c
@@ -33,6 +33,7 @@
#include <sys/systm.h>
#include <sys/conf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/tty.h>
#include <sys/kernel.h>
#include <sys/thread2.h>
@@ -97,7 +98,7 @@ smopen(struct dev_open_args *ap)
tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
smparam(tp, &tp->t_termios);
(*linesw[tp->t_line].l_modem)(tp, 1);
- } else if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0)) {
+ } else if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
return EBUSY;
}
diff --git a/sys/dev/netif/an/if_an.c b/sys/dev/netif/an/if_an.c
index 1672e8b..c2ff0bd 100644
--- a/sys/dev/netif/an/if_an.c
+++ b/sys/dev/netif/an/if_an.c
@@ -94,6 +94,7 @@
#include <sys/mbuf.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/ucred.h>
#include <sys/socket.h>
#ifdef ANCACHE
@@ -1843,7 +1844,7 @@ an_ioctl(struct ifnet *ifp, u_long command, caddr_t data, struct ucred *cr)
break;
#ifdef ANCACHE
if (sc->areq.an_type == AN_RID_ZERO_CACHE) {
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error)
break;
sc->an_sigitems = sc->an_nextitem = 0;
@@ -1867,7 +1868,7 @@ an_ioctl(struct ifnet *ifp, u_long command, caddr_t data, struct ucred *cr)
error = copyout(&sc->areq, ifr->ifr_data, sizeof(sc->areq));
break;
case SIOCSAIRONET:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)))
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
break;
error = copyin(ifr->ifr_data, &sc->areq, sizeof(sc->areq));
if (error != 0)
@@ -1875,7 +1876,7 @@ an_ioctl(struct ifnet *ifp, u_long command, caddr_t data, struct ucred *cr)
an_setdef(sc, &sc->areq);
break;
case SIOCGPRIVATE_0: /* used by Cisco client utility */
- if ((error = suser_cred(cr, NULL_CRED_OKAY)))
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
break;
copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl));
mode = l_ioctl.command;
@@ -1895,7 +1896,7 @@ an_ioctl(struct ifnet *ifp, u_long command, caddr_t data, struct ucred *cr)
break;
case SIOCGPRIVATE_1: /* used by Cisco client utility */
- if ((error = suser_cred(cr, NULL_CRED_OKAY)))
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
break;
copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl));
l_ioctl.command = 0;
@@ -2145,7 +2146,7 @@ an_ioctl(struct ifnet *ifp, u_long command, caddr_t data, struct ucred *cr)
}
break;
case SIOCS80211:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)))
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
break;
sc->areq.an_len = sizeof(sc->areq);
/*
diff --git a/sys/dev/netif/ath/hal/ah_osdep.c b/sys/dev/netif/ath/hal/ah_osdep.c
index d95352d..6a7674a 100644
--- a/sys/dev/netif/ath/hal/ah_osdep.c
+++ b/sys/dev/netif/ath/hal/ah_osdep.c
@@ -46,6 +46,7 @@
#include <sys/bus.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <machine/stdarg.h>
@@ -203,7 +204,7 @@ ath_hal_setlogging(int enable)
int error;
if (enable) {
- error = suser(curthread);
+ error = priv_check(curthread, PRIV_ROOT);
if (error == 0) {
error = alq_open(&ath_hal_alq, ath_hal_logfile,
curthread->td_ucred, ALQ_DEFAULT_CMODE,
diff --git a/sys/dev/netif/cx/cx.c b/sys/dev/netif/cx/cx.c
index f2baf09..d58fe22 100644
--- a/sys/dev/netif/cx/cx.c
+++ b/sys/dev/netif/cx/cx.c
@@ -29,6 +29,7 @@
#include <sys/fcntl.h>
#include <sys/conf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/tty.h>
#include <sys/socket.h>
#include <sys/thread2.h>
@@ -162,7 +163,7 @@ cxopen (struct dev_open_args *ap)
tp = c->ttyp;
tp->t_dev = dev;
if ((tp->t_state & TS_ISOPEN) && (tp->t_state & TS_XCLUDE) &&
- suser_cred(ap->a_cred, 0))
+ priv_check_cred(ap->a_cred, PRIV_ROOT, 0))
return (EBUSY);
if (! (tp->t_state & TS_ISOPEN)) {
ttychars (tp);
diff --git a/sys/dev/netif/iwi/if_iwi.c b/sys/dev/netif/iwi/if_iwi.c
index 44c1ae0..aee63de 100644
--- a/sys/dev/netif/iwi/if_iwi.c
+++ b/sys/dev/netif/iwi/if_iwi.c
@@ -50,6 +50,7 @@
#include <sys/module.h>
#include <sys/endian.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/ucred.h>
#include <sys/bus.h>
#include <sys/rman.h>
@@ -1953,7 +1954,7 @@ iwi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
case SIOCSLOADFW:
/* only super-user can do that! */
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error != 0)
break;
@@ -1963,7 +1964,7 @@ iwi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
case SIOCSKILLFW:
/* only super-user can do that! */
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error != 0)
break;
diff --git a/sys/dev/netif/ndis/if_ndis.c b/sys/dev/netif/ndis/if_ndis.c
index fd4d04a..a367764 100644
--- a/sys/dev/netif/ndis/if_ndis.c
+++ b/sys/dev/netif/ndis/if_ndis.c
@@ -42,6 +42,7 @@
#include <sys/socket.h>
#include <sys/queue.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sysctl.h>
#include <sys/bus.h>
#include <sys/rman.h>
@@ -1939,7 +1940,7 @@ ndis_wi_ioctl_set(struct ifnet *ifp, u_long command, caddr_t data)
uint32_t foo;
int error, len;
- error = suser(curthread);
+ error = priv_check(curthread, PRIV_ROOT);
if (error)
return (error);
diff --git a/sys/dev/netif/sbni/if_sbni.c b/sys/dev/netif/sbni/if_sbni.c
index 862e9f0..21f4f5c 100644
--- a/sys/dev/netif/sbni/if_sbni.c
+++ b/sys/dev/netif/sbni/if_sbni.c
@@ -67,6 +67,7 @@
#include <sys/mbuf.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/callout.h>
#include <sys/syslog.h>
#include <sys/random.h>
@@ -1091,7 +1092,7 @@ sbni_ioctl(struct ifnet *ifp, u_long command, caddr_t data, struct ucred *cr)
case SIOCSHWFLAGS: /* set flags */
/* root only */
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
/* NOTE: returns EPERM if no proc */
if (error)
break;
@@ -1114,7 +1115,7 @@ sbni_ioctl(struct ifnet *ifp, u_long command, caddr_t data, struct ucred *cr)
break;
case SIOCRINSTATS:
- if (!(error = suser_cred(cr, NULL_CRED_OKAY))) /* root only */
+ if (!(error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY))) /* root only */
bzero(&sc->in_stats, sizeof(struct sbni_in_stats));
break;
diff --git a/sys/dev/netif/sbsh/if_sbsh.c b/sys/dev/netif/sbsh/if_sbsh.c
index e26549a..5b3349e 100644
--- a/sys/dev/netif/sbsh/if_sbsh.c
+++ b/sys/dev/netif/sbsh/if_sbsh.c
@@ -34,6 +34,7 @@
#include <sys/malloc.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/socket.h>
#include <sys/random.h>
#include <sys/serialize.h>
@@ -398,7 +399,7 @@ sbsh_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
switch(cmd) {
case SIOCLOADFIRMW:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
if (ifp->if_flags & IFF_UP)
error = EBUSY;
@@ -418,7 +419,7 @@ sbsh_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
break;
case SIOCGETSTATS :
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
t = 0;
@@ -452,7 +453,7 @@ sbsh_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
break;
case SIOCCLRSTATS :
- if (!(error = suser_cred(cr, NULL_CRED_OKAY))) {
+ if (!(error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY))) {
bzero(&sc->in_stats, sizeof(struct sbni16_stats));
t = 2;
if (issue_cx28975_cmd(sc, _DSL_CLEAR_ERROR_CTRS, &t, 1))
diff --git a/sys/dev/netif/wi/if_wi.c b/sys/dev/netif/wi/if_wi.c
index 34a966d..479ea01 100644
--- a/sys/dev/netif/wi/if_wi.c
+++ b/sys/dev/netif/wi/if_wi.c
@@ -75,6 +75,7 @@
#include <sys/sockio.h>
#include <sys/mbuf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/kernel.h>
#include <sys/socket.h>
#include <sys/module.h>
@@ -1110,7 +1111,7 @@ wi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
error = wi_get_cfg(ifp, cmd, data, cr);
break;
case SIOCSIFGENERIC:
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error)
break;
error = wi_set_cfg(ifp, cmd, data);
@@ -1129,7 +1130,7 @@ wi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
error = copyout(&wreq, ifr->ifr_data, sizeof(wreq));
break;
case SIOCSPRISM2DEBUG:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)))
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
goto out;
error = copyin(ifr->ifr_data, &wreq, sizeof(wreq));
if (error)
@@ -1150,7 +1151,7 @@ wi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
}
break;
case SIOCS80211:
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error)
break;
ireq = (struct ieee80211req *) data;
diff --git a/sys/dev/netif/wl/if_wl.c b/sys/dev/netif/wl/if_wl.c
index 07bdbb4..146f99b 100644
--- a/sys/dev/netif/wl/if_wl.c
+++ b/sys/dev/netif/wl/if_wl.c
@@ -200,6 +200,7 @@ WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#include <sys/socket.h>
#include <sys/syslog.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/serialize.h>
#include <sys/sysctl.h>
#include <sys/bus.h>
@@ -1341,7 +1342,7 @@ wlioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cred)
/* pointer to buffer in user space */
up = (void *)ifr->ifr_data;
/* work out if they're root */
- isroot = (suser(td) == 0);
+ isroot = (priv_check(td, PRIV_ROOT) == 0);
for (i = 0; i < 0x40; i++) {
/* don't hand the DES key out to non-root users */
@@ -1356,7 +1357,7 @@ wlioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cred)
/* copy the PSA in from the caller; we only copy _some_ values */
case SIOCSWLPSA:
/* root only */
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
break;
error = EINVAL; /* assume the worst */
/* pointer to buffer in user space containing data */
@@ -1410,7 +1411,7 @@ wlioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cred)
*/
case SIOCSWLCNWID:
/* root only */
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
break;
if (!(ifp->if_flags & IFF_UP)) {
error = EIO; /* only allowed while up */
@@ -1428,7 +1429,7 @@ wlioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cred)
/* copy the EEPROM in 2.4 Gz WaveMODEM out to the caller */
case SIOCGWLEEPROM:
/* root only */
- if ((error = suser(td)))
+ if ((error = priv_check(td; PRIV_ROOT)))
break;
/* pointer to buffer in user space */
up = (void *)ifr->ifr_data;
@@ -1451,7 +1452,7 @@ wlioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cred)
/* zero (Delete) the wl cache */
case SIOCDWLCACHE:
/* root only */
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
break;
wl_cache_zero(sc);
break;
diff --git a/sys/dev/raid/asr/asr.c b/sys/dev/raid/asr/asr.c
index 627fa26..1edc6d4 100644
--- a/sys/dev/raid/asr/asr.c
+++ b/sys/dev/raid/asr/asr.c
@@ -215,6 +215,7 @@ static dpt_sig_S ASR_sig = {
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/bus.h>
#include <sys/rman.h>
@@ -3243,7 +3244,7 @@ asr_open(struct dev_open_args *ap)
crit_enter();
if (ASR_ctlr_held) {
error = EBUSY;
- } else if ((error = suser_cred(ap->a_cred, 0)) == 0) {
+ } else if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0) {
++ASR_ctlr_held;
}
crit_exit();
diff --git a/sys/dev/raid/vinum/vinum.c b/sys/dev/raid/vinum/vinum.c
index e3b078f..7a847b3 100644
--- a/sys/dev/raid/vinum/vinum.c
+++ b/sys/dev/raid/vinum/vinum.c
@@ -387,7 +387,7 @@ vinumopen(struct dev_open_args *ap)
}
case VINUM_SUPERDEV_TYPE:
- error = suser_cred(ap->a_cred, 0); /* are we root? */
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0); /* are we root? */
if (error == 0) { /* yes, can do */
if (devminor == VINUM_DAEMON_DEV) /* daemon device */
vinum_conf.flags |= VF_DAEMONOPEN; /* we're open */
diff --git a/sys/dev/raid/vinum/vinumhdr.h b/sys/dev/raid/vinum/vinumhdr.h
index ffb3d95..673a408 100644
--- a/sys/dev/raid/vinum/vinumhdr.h
+++ b/sys/dev/raid/vinum/vinumhdr.h
@@ -47,6 +47,7 @@
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/mount.h>
#include <sys/vnode.h>
diff --git a/sys/dev/serial/cy/cy.c b/sys/dev/serial/cy/cy.c
index 23344b5..0c5fe03 100644
--- a/sys/dev/serial/cy/cy.c
+++ b/sys/dev/serial/cy/cy.c
@@ -72,6 +72,7 @@
#include <sys/systm.h>
#include <sys/tty.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/dkstat.h>
#include <sys/fcntl.h>
@@ -698,7 +699,7 @@ open_top:
}
}
if (tp->t_state & TS_XCLUDE &&
- suser_cred(ap->a_cred, 0)) {
+ priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
error = EBUSY;
goto out;
}
@@ -1576,7 +1577,7 @@ sioioctl(struct dev_ioctl_args *ap)
}
switch (cmd) {
case TIOCSETA:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return (error);
*ct = *(struct termios *)data;
@@ -1676,7 +1677,7 @@ sioioctl(struct dev_ioctl_args *ap)
break;
case TIOCMSDTRWAIT:
/* must be root since the wait applies to following logins */
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0) {
crit_exit();
return (error);
diff --git a/sys/dev/serial/dgb/dgm.c b/sys/dev/serial/dgb/dgm.c
index bf79dde..6e8ba89 100644
--- a/sys/dev/serial/dgb/dgm.c
+++ b/sys/dev/serial/dgb/dgm.c
@@ -75,6 +75,7 @@
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/dkstat.h>
#include <sys/fcntl.h>
@@ -1020,7 +1021,7 @@ open_top:
crit_exit();
goto open_top;
}
- if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0)) {
+ if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
error = EBUSY;
goto out;
}
@@ -1530,7 +1531,7 @@ dgmioctl(struct dev_ioctl_args *ap)
}
switch (cmd) {
case TIOCSETA:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return (error);
*ct = *(struct termios *)data;
@@ -1753,7 +1754,7 @@ dgmioctl(struct dev_ioctl_args *ap)
break;
case TIOCMSDTRWAIT:
/* must be root since the wait applies to following logins */
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0) {
crit_exit();
return (error);
diff --git a/sys/dev/serial/digi/digi.c b/sys/dev/serial/digi/digi.c
index 3c19b2f..1da319d 100644
--- a/sys/dev/serial/digi/digi.c
+++ b/sys/dev/serial/digi/digi.c
@@ -41,6 +41,7 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/linker.h>
#include <sys/kernel.h>
@@ -788,7 +789,7 @@ open_top:
}
goto open_top;
}
- if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0) != 0) {
+ if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0) != 0) {
error = EBUSY;
goto out;
}
@@ -1131,7 +1132,7 @@ digiioctl(struct dev_ioctl_args *ap)
switch (cmd) {
case TIOCSETA:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return (error);
*ct = *(struct termios *)data;
@@ -1303,7 +1304,7 @@ digiioctl(struct dev_ioctl_args *ap)
*(int *)data = digimctl(port, 0, DMGET);
break;
case TIOCMSDTRWAIT:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0) {
crit_exit();
return (error);
diff --git a/sys/dev/serial/rc/rc.c b/sys/dev/serial/rc/rc.c
index 341b8fa..4e8623a 100644
--- a/sys/dev/serial/rc/rc.c
+++ b/sys/dev/serial/rc/rc.c
@@ -42,6 +42,7 @@
#include <sys/systm.h>
#include <sys/tty.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/dkstat.h>
#include <sys/fcntl.h>
@@ -752,7 +753,7 @@ again:
}
}
if (tp->t_state & TS_XCLUDE &&
- suser_cred(ap->a_cred, 0)) {
+ priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
error = EBUSY;
goto out;
}
@@ -1100,7 +1101,7 @@ rcioctl(struct dev_ioctl_args *ap)
break;
case TIOCMSDTRWAIT:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0) {
crit_exit();
return (error);
diff --git a/sys/dev/serial/rp/rp.c b/sys/dev/serial/rp/rp.c
index c13347c..238bd91 100644
--- a/sys/dev/serial/rp/rp.c
+++ b/sys/dev/serial/rp/rp.c
@@ -43,6 +43,7 @@
#include <sys/malloc.h>
#include <sys/tty.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/dkstat.h>
#include <sys/conf.h>
#include <sys/kernel.h>
@@ -986,7 +987,7 @@ open_top:
goto open_top;
}
}
- if(tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0) != 0) {
+ if(tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0) != 0) {
crit_exit();
error = EBUSY;
goto out2;
@@ -1236,7 +1237,7 @@ rpioctl(struct dev_ioctl_args *ap)
}
switch (cmd) {
case TIOCSETA:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if(error != 0)
return(error);
*ct = *(struct termios *)data;
@@ -1382,7 +1383,7 @@ rpioctl(struct dev_ioctl_args *ap)
*(int *)data = result;
break;
case TIOCMSDTRWAIT:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if(error != 0) {
crit_exit();
return(error);
diff --git a/sys/dev/serial/si/si.c b/sys/dev/serial/si/si.c
index 960d317..3a19c35 100644
--- a/sys/dev/serial/si/si.c
+++ b/sys/dev/serial/si/si.c
@@ -50,6 +50,7 @@ static const char si_copyright1[] = "@(#) Copyright (C) Specialix International
#endif
#include <sys/tty.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/fcntl.h>
#include <sys/dkstat.h>
@@ -628,7 +629,7 @@ siopen(struct dev_open_args *ap)
/* quickly let in /dev/si_control */
if (IS_CONTROLDEV(mynor)) {
- if ((error = suser_cred(ap->a_cred, 0)))
+ if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)))
return(error);
return(0);
}
@@ -707,7 +708,7 @@ open_top:
}
}
if (tp->t_state & TS_XCLUDE &&
- suser_cred(ap->a_cred, 0)) {
+ priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
DPRINT((pp, DBG_OPEN|DBG_FAIL,
"already open and EXCLUSIVE set\n"));
error = EBUSY;
@@ -973,7 +974,7 @@ siioctl(struct dev_ioctl_args *ap)
}
switch (cmd) {
case TIOCSETA:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return (error);
*ct = *(struct termios *)data;
@@ -1087,7 +1088,7 @@ siioctl(struct dev_ioctl_args *ap)
break;
case TIOCMSDTRWAIT:
/* must be root since the wait applies to following logins */
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error == 0)
pp->sp_dtr_wait = *(int *)data * hz / 100;
break;
@@ -1139,7 +1140,7 @@ si_Sioctl(cdev_t dev, u_long cmd, caddr_t data, int flag, struct ucred *cred)
ip = (int *)data;
-#define SUCHECK if ((error = suser_cred(cred, 0))) goto out
+#define SUCHECK if ((error = priv_check_cred(cred, PRIV_ROOT, 0))) goto out
switch (cmd) {
case TCSIPORTS:
diff --git a/sys/dev/serial/sio/sio.c b/sys/dev/serial/sio/sio.c
index 4ed61ec..441e792 100644
--- a/sys/dev/serial/sio/sio.c
+++ b/sys/dev/serial/sio/sio.c
@@ -61,6 +61,7 @@
#include <sys/malloc.h>
#include <sys/tty.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/module.h>
#include <sys/conf.h>
#include <sys/dkstat.h>
@@ -1285,7 +1286,7 @@ open_top:
goto open_top;
}
}
- if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0)) {
+ if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
error = EBUSY;
goto out;
}
@@ -1979,7 +1980,7 @@ sioioctl(struct dev_ioctl_args *ap)
}
switch (ap->a_cmd) {
case TIOCSETA:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return (error);
*ct = *(struct termios *)data;
@@ -2071,7 +2072,7 @@ sioioctl(struct dev_ioctl_args *ap)
break;
case TIOCMSDTRWAIT:
/* must be root since the wait applies to following logins */
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0) {
crit_exit();
return (error);
diff --git a/sys/dev/serial/stl/stallion.c b/sys/dev/serial/stl/stallion.c
index dfc2d22..71a2da0 100644
--- a/sys/dev/serial/stl/stallion.c
+++ b/sys/dev/serial/stl/stallion.c
@@ -50,6 +50,7 @@
#include <sys/malloc.h>
#include <sys/tty.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/fcntl.h>
#include <sys/thread2.h>
@@ -1214,7 +1215,7 @@ stlopen_restart:
goto stlopen_restart;
}
}
- if ((tp->t_state & TS_XCLUDE) && suser_cred(ap->a_cred, 0)) {
+ if ((tp->t_state & TS_XCLUDE) && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
error = EBUSY;
goto stlopen_end;
}
@@ -1356,7 +1357,7 @@ STATIC int stlioctl(struct dev_ioctl_args *ap)
switch (cmd) {
case TIOCSETA:
- if ((error = suser_cred(ap->a_cred, 0)) == 0)
+ if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0)
*localtios = *((struct termios *) data);
break;
case TIOCGETA:
@@ -1475,7 +1476,7 @@ STATIC int stlioctl(struct dev_ioctl_args *ap)
*((int *) data) = (stl_getsignals(portp) | TIOCM_LE);
break;
case TIOCMSDTRWAIT:
- if ((error = suser_cred(ap->a_cred, 0)) == 0)
+ if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0)
portp->dtrwait = *((int *) data) * hz / 100;
break;
case TIOCMGDTRWAIT:
diff --git a/sys/dev/serial/stli/istallion.c b/sys/dev/serial/stli/istallion.c
index 64bc656..233b906 100644
--- a/sys/dev/serial/stli/istallion.c
+++ b/sys/dev/serial/stli/istallion.c
@@ -49,6 +49,7 @@
#include <sys/malloc.h>
#include <sys/tty.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/fcntl.h>
#include <sys/uio.h>
@@ -942,7 +943,7 @@ stliopen_restart:
}
}
if ((tp->t_state & TS_XCLUDE) &&
- suser_cred(ap->a_cred, 0)) {
+ priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
error = EBUSY;
goto stliopen_end;
}
@@ -1132,7 +1133,7 @@ STATIC int stliioctl(struct dev_ioctl_args *ap)
switch (cmd) {
case TIOCSETA:
- if ((error = suser_cred(ap->a_cred, 0)) == 0)
+ if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0)
*localtios = *((struct termios *) data);
break;
case TIOCGETA:
@@ -1269,7 +1270,7 @@ STATIC int stliioctl(struct dev_ioctl_args *ap)
*((int *) data) = (portp->sigs | TIOCM_LE);
break;
case TIOCMSDTRWAIT:
- if ((error = suser_cred(ap->a_cred, 0)) == 0)
+ if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0)
portp->dtrwait = *((int *) data) * hz / 100;
break;
case TIOCMGDTRWAIT:
diff --git a/sys/dev/usbmisc/ucom/ucom.c b/sys/dev/usbmisc/ucom/ucom.c
index 8ac4856..3016b1f 100644
--- a/sys/dev/usbmisc/ucom/ucom.c
+++ b/sys/dev/usbmisc/ucom/ucom.c
@@ -80,6 +80,7 @@
#include <sys/file.h>
#include <sys/select.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/poll.h>
#include <sys/sysctl.h>
#include <sys/thread2.h>
@@ -264,7 +265,7 @@ ucomopen(struct dev_open_args *ap)
if (ISSET(tp->t_state, TS_ISOPEN) &&
ISSET(tp->t_state, TS_XCLUDE) &&
- suser_cred(ap->a_cred, 0)
+ priv_check_cred(ap->a_cred, PRIV_ROOT, 0)
) {
return (EBUSY);
}
diff --git a/sys/emulation/43bsd/43bsd_hostinfo.c b/sys/emulation/43bsd/43bsd_hostinfo.c
index bb72015..21bedfd 100644
--- a/sys/emulation/43bsd/43bsd_hostinfo.c
+++ b/sys/emulation/43bsd/43bsd_hostinfo.c
@@ -46,6 +46,7 @@
#include <sys/sysproto.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <vm/vm_param.h>
@@ -84,7 +85,7 @@ sys_osethostname(struct sethostname_args *uap)
KKASSERT(p);
name[0] = CTL_KERN;
name[1] = KERN_HOSTNAME;
- error = suser_cred(p->p_ucred, PRISON_ROOT);
+ error = priv_check_cred(p->p_ucred, PRIV_ROOT, PRISON_ROOT);
if (error)
return (error);
len = MIN(uap->len, MAXHOSTNAMELEN);
@@ -115,7 +116,7 @@ sys_osethostid(struct osethostid_args *uap)
struct thread *td = curthread;
int error;
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
hostid = uap->hostid;
diff --git a/sys/emulation/dragonfly12/dfbsd12_stat.c b/sys/emulation/dragonfly12/dfbsd12_stat.c
index ffbeae7..c8daa1e 100644
--- a/sys/emulation/dragonfly12/dfbsd12_stat.c
+++ b/sys/emulation/dragonfly12/dfbsd12_stat.c
@@ -41,6 +41,7 @@
#include <sys/mount.h>
#include <sys/nlookup.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/stat.h>
#include <sys/sysproto.h>
#include <sys/systm.h>
@@ -137,7 +138,7 @@ sys_dfbsd12_fhstat(struct dfbsd12_fhstat_args *uap)
/*
* Must be super user
*/
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
diff --git a/sys/emulation/linux/i386/linprocfs/linprocfs_vnops.c b/sys/emulation/linux/i386/linprocfs/linprocfs_vnops.c
index 372e84c..14bc703 100644
--- a/sys/emulation/linux/i386/linprocfs/linprocfs_vnops.c
+++ b/sys/emulation/linux/i386/linprocfs/linprocfs_vnops.c
@@ -53,6 +53,7 @@
#include <sys/lock.h>
#include <sys/fcntl.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/signalvar.h>
#include <sys/vnode.h>
#include <sys/mount.h>
@@ -263,7 +264,7 @@ linprocfs_ioctl(struct vop_ioctl_args *ap)
*/
#define NFLAGS (PF_ISUGID)
flags = (unsigned char)*(unsigned int*)ap->a_data;
- if (flags & NFLAGS && (error = suser_cred(ap->a_cred, 0)))
+ if (flags & NFLAGS && (error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)))
return error;
procp->p_pfsflags = flags;
break;
diff --git a/sys/emulation/linux/i386/linux_machdep.c b/sys/emulation/linux/i386/linux_machdep.c
index b23d9d2..894c537 100644
--- a/sys/emulation/linux/i386/linux_machdep.c
+++ b/sys/emulation/linux/i386/linux_machdep.c
@@ -37,6 +37,7 @@
#include <sys/mman.h>
#include <sys/nlookup.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/resource.h>
#include <sys/resourcevar.h>
#include <sys/sysproto.h>
@@ -677,7 +678,7 @@ sys_linux_iopl(struct linux_iopl_args *args)
if (args->level < 0 || args->level > 3)
return (EINVAL);
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
if (securelevel > 0)
return (EPERM);
diff --git a/sys/emulation/linux/linux_misc.c b/sys/emulation/linux/linux_misc.c
index 4e8ae14..a9c7960 100644
--- a/sys/emulation/linux/linux_misc.c
+++ b/sys/emulation/linux/linux_misc.c
@@ -42,6 +42,7 @@
#include <sys/mount.h>
#include <sys/poll.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/nlookup.h>
#include <sys/blist.h>
#include <sys/reboot.h>
@@ -975,7 +976,7 @@ sys_linux_setgroups(struct linux_setgroups_args *args)
* Keep cr_groups[0] unchanged to prevent that.
*/
- if ((error = suser_cred(oldcred, PRISON_ROOT)) != 0)
+ if ((error = priv_check_cred(oldcred, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
if (ngrp >= NGROUPS)
diff --git a/sys/emulation/linux/linux_uid16.c b/sys/emulation/linux/linux_uid16.c
index 6cba97c..f476cf6 100644
--- a/sys/emulation/linux/linux_uid16.c
+++ b/sys/emulation/linux/linux_uid16.c
@@ -34,6 +34,7 @@
#include <sys/kern_syscall.h>
#include <sys/nlookup.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sysproto.h>
#include <sys/thread.h>
@@ -121,7 +122,7 @@ sys_linux_setgroups16(struct linux_setgroups16_args *args)
* Keep cr_groups[0] unchanged to prevent that.
*/
- if ((error = suser_cred(oldcred, PRISON_ROOT)) != 0)
+ if ((error = priv_check_cred(oldcred, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
if (ngrp >= NGROUPS)
diff --git a/sys/kern/imgact_resident.c b/sys/kern/imgact_resident.c
index 72128a1..0107c55 100644
--- a/sys/kern/imgact_resident.c
+++ b/sys/kern/imgact_resident.c
@@ -43,6 +43,7 @@
#include <sys/imgact_aout.h>
#include <sys/mman.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/resourcevar.h>
#include <sys/sysent.h>
#include <sys/systm.h>
@@ -132,7 +133,7 @@ sysctl_vm_resident(SYSCTL_HANDLER_ARGS)
/* only super-user should call this sysctl */
td = req->td;
- if ((suser(td)) != 0)
+ if ((priv_check(td, PRIV_ROOT)) != 0)
return EPERM;
error = count = 0;
@@ -197,7 +198,7 @@ sys_exec_sys_register(struct exec_sys_register_args *uap)
int error;
p = curproc;
- if ((error = suser_cred(p->p_ucred, 0)) != 0)
+ if ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, 0)) != 0)
return(error);
if ((vp = p->p_textvp) == NULL)
return(ENOENT);
@@ -236,7 +237,7 @@ sys_exec_sys_unregister(struct exec_sys_unregister_args *uap)
int count;
p = curproc;
- if ((error = suser_cred(p->p_ucred, 0)) != 0)
+ if ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, 0)) != 0)
return(error);
/*
diff --git a/sys/kern/kern_acct.c b/sys/kern/kern_acct.c
index 4856779..2c63d26 100644
--- a/sys/kern/kern_acct.c
+++ b/sys/kern/kern_acct.c
@@ -45,6 +45,7 @@
#include <sys/systm.h>
#include <sys/sysproto.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/mount.h>
#include <sys/vnode.h>
#include <sys/fcntl.h>
@@ -127,7 +128,7 @@ sys_acct(struct acct_args *uap)
int error;
/* Make sure that the caller is root. */
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index ba3beef..1212eef 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -42,6 +42,7 @@
#include <sys/wait.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/ktrace.h>
#include <sys/signalvar.h>
#include <sys/pioctl.h>
@@ -398,7 +399,7 @@ interpret:
* we do not regain any tracing during a possible block.
*/
setsugid();
- if (p->p_tracenode && suser(td) != 0) {
+ if (p->p_tracenode && priv_check(td, PRIV_ROOT) != 0) {
ktrdestroy(&p->p_tracenode);
p->p_traceflag = 0;
}
diff --git a/sys/kern/kern_fp.c b/sys/kern/kern_fp.c
index 980b6e9..564c6e6 100644
--- a/sys/kern/kern_fp.c
+++ b/sys/kern/kern_fp.c
@@ -54,6 +54,7 @@
#include <sys/sysctl.h>
#include <sys/vnode.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/nlookup.h>
#include <sys/file.h>
#include <sys/stat.h>
@@ -511,7 +512,7 @@ fp_mmap(void *addr_arg, size_t size, int prot, int flags, struct file *fp,
if (securelevel >= 1)
disablexworkaround = 1;
else
- disablexworkaround = suser(td);
+ disablexworkaround = priv_check(td, PRIV_ROOT);
if (vp->v_type == VCHR && disablexworkaround &&
(flags & (MAP_PRIVATE|MAP_COPY))) {
error = EINVAL;
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 749820f..acd7022 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -51,6 +51,7 @@
#include <sys/nlookup.h>
#include <sys/namecache.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/jail.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
@@ -142,7 +143,7 @@ sys_jail(struct jail_args *uap)
struct jail_ip_storage *jip;
/* Multiip */
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error) {
uap->sysmsg_result = -1;
return(error);
@@ -256,7 +257,7 @@ sys_jail_attach(struct jail_attach_args *uap)
struct thread *td = curthread;
int error;
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return(error);
diff --git a/sys/kern/kern_linker.c b/sys/kern/kern_linker.c
index aabe8ad..b778ee8 100644
--- a/sys/kern/kern_linker.c
+++ b/sys/kern/kern_linker.c
@@ -36,6 +36,7 @@
#include <sys/sysproto.h>
#include <sys/sysent.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/lock.h>
#include <sys/module.h>
#include <sys/queue.h>
@@ -701,7 +702,7 @@ sys_kldload(struct kldload_args *uap)
if (securelevel > 0 || kernel_mem_readonly) /* redundant, but that's OK */
return EPERM;
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return error;
filename = kmalloc(MAXPATHLEN, M_TEMP, M_WAITOK);
@@ -741,7 +742,7 @@ sys_kldunload(struct kldunload_args *uap)
if (securelevel > 0 || kernel_mem_readonly) /* redundant, but that's OK */
return EPERM;
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return error;
lf = linker_find_file_by_id(uap->fileid);
diff --git a/sys/kern/kern_memio.c b/sys/kern/kern_memio.c
index d407cc5..14788ee 100644
--- a/sys/kern/kern_memio.c
+++ b/sys/kern/kern_memio.c
@@ -57,6 +57,7 @@
#include <sys/malloc.h>
#include <sys/memrange.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/random.h>
#include <sys/signalvar.h>
#include <sys/signal2.h>
@@ -114,7 +115,7 @@ mmopen(struct dev_open_args *ap)
error = 0;
break;
case 14:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
break;
if (securelevel > 0 || kernel_mem_readonly) {
@@ -491,7 +492,7 @@ random_ioctl(cdev_t dev, u_long cmd, caddr_t data, int flags, struct ucred *cred
break;
case MEM_SETIRQ:
intr = *(int16_t *)data;
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
break;
if (intr < 0 || intr >= MAX_INTS)
return (EINVAL);
@@ -499,7 +500,7 @@ random_ioctl(cdev_t dev, u_long cmd, caddr_t data, int flags, struct ucred *cred
break;
case MEM_CLEARIRQ:
intr = *(int16_t *)data;
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
break;
if (intr < 0 || intr >= MAX_INTS)
return (EINVAL);
@@ -510,7 +511,7 @@ random_ioctl(cdev_t dev, u_long cmd, caddr_t data, int flags, struct ucred *cred
break;
case MEM_FINDIRQ:
intr = *(int16_t *)data;
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
break;
if (intr < 0 || intr >= MAX_INTS)
return (EINVAL);
diff --git a/sys/kern/kern_ntptime.c b/sys/kern/kern_ntptime.c
index 90acb9d..63caddc 100644
--- a/sys/kern/kern_ntptime.c
+++ b/sys/kern/kern_ntptime.c
@@ -39,6 +39,7 @@
#include <sys/sysproto.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/time.h>
#include <sys/timex.h>
#include <sys/timepps.h>
@@ -289,7 +290,7 @@ sys_ntp_adjtime(struct ntp_adjtime_args *uap)
*/
modes = ntv.modes;
if (modes)
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
crit_enter();
diff --git a/sys/kern/kern_plimit.c b/sys/kern/kern_plimit.c
index a1d7307..4a788af 100644
--- a/sys/kern/kern_plimit.c
+++ b/sys/kern/kern_plimit.c
@@ -72,6 +72,7 @@
#include <sys/resource.h>
#include <sys/spinlock.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/file.h>
#include <sys/lockf.h>
#include <sys/kern_syscall.h>
@@ -346,7 +347,7 @@ kern_setrlimit(u_int which, struct rlimit *limp)
if (limp->rlim_cur > alimp->rlim_max ||
limp->rlim_max > alimp->rlim_max) {
spin_unlock_rd(&limit->p_spin);
- if ((error = suser_cred(p->p_ucred, PRISON_ROOT)))
+ if ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, PRISON_ROOT)))
return (error);
} else {
spin_unlock_rd(&limit->p_spin);
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index bcf03ff..68df28e 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -352,7 +352,7 @@ sys_setuid(struct setuid_args *uap)
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
uid != cr->cr_uid && /* allow setuid(geteuid()) */
#endif
- (error = suser_cred(cr, PRISON_ROOT)))
+ (error = priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT)))
return (error);
#ifdef _POSIX_SAVED_IDS
@@ -364,7 +364,7 @@ sys_setuid(struct setuid_args *uap)
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use the clause from B.4.2.2 */
uid == cr->cr_uid ||
#endif
- suser_cred(cr, PRISON_ROOT) == 0) /* we are using privs */
+ priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT) == 0) /* we are using privs */
#endif
{
/*
@@ -415,7 +415,7 @@ sys_seteuid(struct seteuid_args *uap)
euid = uap->euid;
if (euid != cr->cr_ruid && /* allow seteuid(getuid()) */
euid != cr->cr_svuid && /* allow seteuid(saved uid) */
- (error = suser_cred(cr, PRISON_ROOT)))
+ (error = priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT)))
return (error);
/*
* Everything's okay, do it. Copy credentials so other references do
@@ -460,7 +460,7 @@ sys_setgid(struct setgid_args *uap)
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
gid != cr->cr_groups[0] && /* allow setgid(getegid()) */
#endif
- (error = suser_cred(cr, PRISON_ROOT)))
+ (error = priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT)))
return (error);
#ifdef _POSIX_SAVED_IDS
@@ -472,7 +472,7 @@ sys_setgid(struct setgid_args *uap)
#ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */
gid == cr->cr_groups[0] ||
#endif
- suser_cred(cr, PRISON_ROOT) == 0) /* we are using privs */
+ priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT) == 0) /* we are using privs */
#endif
{
/*
@@ -524,7 +524,7 @@ sys_setegid(struct setegid_args *uap)
egid = uap->egid;
if (egid != cr->cr_rgid && /* allow setegid(getgid()) */
egid != cr->cr_svgid && /* allow setegid(saved gid) */
- (error = suser_cred(cr, PRISON_ROOT)))
+ (error = priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT)))
return (error);
if (cr->cr_groups[0] != egid) {
cr = cratom(&p->p_ucred);
@@ -547,7 +547,7 @@ sys_setgroups(struct setgroups_args *uap)
return(EPERM);
cr = p->p_ucred;
- if ((error = suser_cred(cr, PRISON_ROOT)))
+ if ((error = priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT)))
return (error);
ngrp = uap->gidsetsize;
if (ngrp > NGROUPS)
@@ -593,7 +593,7 @@ sys_setreuid(struct setreuid_args *uap)
if (((ruid != (uid_t)-1 && ruid != cr->cr_ruid && ruid != cr->cr_svuid) ||
(euid != (uid_t)-1 && euid != cr->cr_uid &&
euid != cr->cr_ruid && euid != cr->cr_svuid)) &&
- (error = suser_cred(cr, PRISON_ROOT)) != 0)
+ (error = priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
if (euid != (uid_t)-1 && cr->cr_uid != euid) {
@@ -631,7 +631,7 @@ sys_setregid(struct setregid_args *uap)
if (((rgid != (gid_t)-1 && rgid != cr->cr_rgid && rgid != cr->cr_svgid) ||
(egid != (gid_t)-1 && egid != cr->cr_groups[0] &&
egid != cr->cr_rgid && egid != cr->cr_svgid)) &&
- (error = suser_cred(cr, PRISON_ROOT)) != 0)
+ (error = priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
if (egid != (gid_t)-1 && cr->cr_groups[0] != egid) {
@@ -677,7 +677,7 @@ sys_setresuid(struct setresuid_args *uap)
euid != cr->cr_uid) ||
(suid != (uid_t)-1 && suid != cr->cr_ruid && suid != cr->cr_svuid &&
suid != cr->cr_uid)) &&
- (error = suser_cred(cr, PRISON_ROOT)) != 0)
+ (error = priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
if (euid != (uid_t)-1 && cr->cr_uid != euid) {
cr = change_euid(euid);
@@ -719,7 +719,7 @@ sys_setresgid(struct setresgid_args *uap)
egid != cr->cr_groups[0]) ||
(sgid != (gid_t)-1 && sgid != cr->cr_rgid && sgid != cr->cr_svgid &&
sgid != cr->cr_groups[0])) &&
- (error = suser_cred(cr, PRISON_ROOT)) != 0)
+ (error = priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
if (egid != (gid_t)-1 && cr->cr_groups[0] != egid) {
@@ -900,7 +900,7 @@ p_trespass(struct ucred *cr1, struct ucred *cr2)
return (0);
if (cr1->cr_uid == cr2->cr_uid)
return (0);
- if (suser_cred(cr1, PRISON_ROOT) == 0)
+ if (priv_check_cred(cr1, PRIV_ROOT, PRISON_ROOT) == 0)
return (0);
return (EPERM);
}
@@ -1118,7 +1118,7 @@ sys_setlogin(struct setlogin_args *uap)
char logintmp[MAXLOGNAME];
KKASSERT(p != NULL);
- if ((error = suser_cred(p->p_ucred, PRISON_ROOT)))
+ if ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, PRISON_ROOT)))
return (error);
error = copyinstr((caddr_t) uap->namebuf, (caddr_t) logintmp,
sizeof(logintmp), (size_t *)0);
diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c
index 2e07429..92a7e5f 100644
--- a/sys/kern/kern_resource.c
+++ b/sys/kern/kern_resource.c
@@ -51,6 +51,7 @@
#include <sys/resourcevar.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/time.h>
#include <sys/lockf.h>
@@ -253,7 +254,7 @@ donice(struct proc *chgp, int n)
n = PRIO_MAX;
if (n < PRIO_MIN)
n = PRIO_MIN;
- if (n < chgp->p_nice && suser_cred(cr, 0))
+ if (n < chgp->p_nice && priv_check_cred(cr, PRIV_ROOT, 0))
return (EACCES);
chgp->p_nice = n;
FOREACH_LWP_IN_PROC(lp, chgp)
@@ -311,7 +312,7 @@ sys_lwp_rtprio(struct lwp_rtprio_args *uap)
return EPERM;
}
/* disallow setting rtprio in most cases if not superuser */
- if (suser_cred(cr, 0)) {
+ if (priv_check_cred(cr, PRIV_ROOT, 0)) {
/* can't set someone else's */
if (uap->pid) { /* XXX */
return EPERM;
@@ -385,7 +386,7 @@ sys_rtprio(struct rtprio_args *uap)
cr->cr_ruid != p->p_ucred->cr_uid)
return (EPERM);
/* disallow setting rtprio in most cases if not superuser */
- if (suser_cred(cr, 0)) {
+ if (priv_check_cred(cr, PRIV_ROOT, 0)) {
/* can't set someone else's */
if (uap->pid)
return (EPERM);
diff --git a/sys/kern/kern_shutdown.c b/sys/kern/kern_shutdown.c
index 369739e..015c8e1 100644
--- a/sys/kern/kern_shutdown.c
+++ b/sys/kern/kern_shutdown.c
@@ -53,6 +53,7 @@
#include <sys/diskslice.h>
#include <sys/reboot.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/fcntl.h> /* FREAD */
#include <sys/stat.h> /* S_IFCHR */
#include <sys/vnode.h>
@@ -186,7 +187,7 @@ sys_reboot(struct reboot_args *uap)
struct thread *td = curthread;
int error;
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
return (error);
boot(uap->opt);
diff --git a/sys/kern/kern_spinlock.c b/sys/kern/kern_spinlock.c
index 32a358c..d1f31b8 100644
--- a/sys/kern/kern_spinlock.c
+++ b/sys/kern/kern_spinlock.c
@@ -42,6 +42,7 @@
#ifdef INVARIANTS
#include <sys/proc.h>
#endif
+#include <sys/priv.h>
#include <ddb/ddb.h>
#include <machine/atomic.h>
#include <machine/cpufunc.h>
@@ -347,7 +348,7 @@ sysctl_spin_lock_test(SYSCTL_HANDLER_ARGS)
int value = 0;
int i;
- if ((error = suser(curthread)) != 0)
+ if ((error = priv_check(curthread, PRIV_ROOT)) != 0)
return (error);
if ((error = SYSCTL_IN(req, &value, sizeof(value))) != 0)
return (error);
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index 30274a0..0838c6b 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -48,6 +48,7 @@
#include <sys/sysctl.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sysproto.h>
#include <sys/lock.h>
#include <vm/vm.h>
@@ -535,7 +536,7 @@ sysctl_sysctl_debug(SYSCTL_HANDLER_ARGS)
{
int error;
- error = suser(req->td);
+ error = priv_check(req->td, PRIV_ROOT);
if (error)
return error;
sysctl_sysctl_debug_dump_node(&sysctl__children, 0);
@@ -1179,7 +1180,7 @@ sysctl_root(SYSCTL_HANDLER_ARGS)
/* Most likely only root can write */
if (!(oid->oid_kind & CTLFLAG_ANYBODY) && req->newptr && p &&
- (error = suser_cred(p->p_ucred,
+ (error = priv_check_cred(p->p_ucred, PRIV_ROOT,
(oid->oid_kind & CTLFLAG_PRISON) ? PRISON_ROOT : 0)))
return (error);
diff --git a/sys/kern/kern_syslink.c b/sys/kern/kern_syslink.c
index ca2c382..4e1e747 100644
--- a/sys/kern/kern_syslink.c
+++ b/sys/kern/kern_syslink.c
@@ -47,6 +47,7 @@
#include <sys/alist.h>
#include <sys/file.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/lock.h>
#include <sys/uio.h>
#include <sys/objcache.h>
@@ -262,7 +263,7 @@ sys_syslink(struct syslink_args *uap)
*/
if (syslink_enabled == 0)
return (EAUTH);
- error = suser(curthread);
+ error = priv_check(curthread, PRIV_ROOT);
if (error)
return (error);
diff --git a/sys/kern/kern_time.c b/sys/kern/kern_time.c
index e7905a8..8383eae 100644
--- a/sys/kern/kern_time.c
+++ b/sys/kern/kern_time.c
@@ -46,6 +46,7 @@
#include <sys/sysent.h>
#include <sys/sysunion.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/time.h>
#include <sys/vnode.h>
#include <sys/sysctl.h>
@@ -166,7 +167,7 @@ sys_clock_settime(struct clock_settime_args *uap)
struct timespec ats;
int error;
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
switch(uap->clock_id) {
case CLOCK_REALTIME:
@@ -345,7 +346,7 @@ sys_settimeofday(struct settimeofday_args *uap)
struct timezone atz;
int error;
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
return (error);
/* Verify all parameters before changing time. */
if (uap->tv) {
@@ -457,7 +458,7 @@ sys_adjtime(struct adjtime_args *uap)
int64_t ndelta, odelta;
int error;
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
return (error);
if ((error =
copyin((caddr_t)uap->delta, (caddr_t)&atv, sizeof(struct timeval))))
@@ -489,7 +490,7 @@ sysctl_adjtime(SYSCTL_HANDLER_ARGS)
int error;
if (req->newptr != NULL) {
- if (suser(curthread))
+ if (priv_check(curthread, PRIV_ROOT))
return (EPERM);
error = SYSCTL_IN(req, &delta, sizeof(delta));
if (error)
@@ -513,7 +514,7 @@ sysctl_delta(SYSCTL_HANDLER_ARGS)
int error;
if (req->newptr != NULL) {
- if (suser(curthread))
+ if (priv_check(curthread, PRIV_ROOT))
return (EPERM);
error = SYSCTL_IN(req, &delta, sizeof(delta));
if (error)
@@ -538,7 +539,7 @@ sysctl_adjfreq(SYSCTL_HANDLER_ARGS)
int error;
if (req->newptr != NULL) {
- if (suser(curthread))
+ if (priv_check(curthread, PRIV_ROOT))
return (EPERM);
error = SYSCTL_IN(req, &freqdelta, sizeof(freqdelta));
if (error)
diff --git a/sys/kern/kern_usched.c b/sys/kern/kern_usched.c
index 24bbb77..3699367 100644
--- a/sys/kern/kern_usched.c
+++ b/sys/kern/kern_usched.c
@@ -37,6 +37,7 @@
#include <sys/errno.h>
#include <sys/globaldata.h> /* curthread */
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sysproto.h> /* struct usched_set_args */
#include <sys/systm.h> /* strcmp() */
#include <sys/usched.h>
@@ -162,7 +163,7 @@ sys_usched_set(struct usched_set_args *uap)
struct lwp *lp;
int cpuid;
- if ((error = suser(curthread)) != 0)
+ if ((error = priv_check(curthread, PRIV_ROOT)) != 0)
return (error);
if (uap->pid != 0 && uap->pid != curthread->td_proc->p_pid)
diff --git a/sys/kern/kern_varsym.c b/sys/kern/kern_varsym.c
index c50a57c..955ccba 100644
--- a/sys/kern/kern_varsym.c
+++ b/sys/kern/kern_varsym.c
@@ -45,6 +45,7 @@
#include <sys/ucred.h>
#include <sys/resourcevar.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/jail.h>
#include <sys/queue.h>
#include <sys/sysctl.h>
@@ -149,7 +150,7 @@ sys_varsym_set(struct varsym_set_args *uap)
uap->level = VARSYM_PRISON;
case VARSYM_PRISON:
if (curthread->td_proc != NULL &&
- (error = suser_cred(curthread->td_proc->p_ucred, PRISON_ROOT)) != 0)
+ (error = priv_check_cred(curthread->td_proc->p_ucred, PRIV_ROOT, PRISON_ROOT)) != 0)
break;
/* fall through */
case VARSYM_USER:
diff --git a/sys/kern/kern_xxx.c b/sys/kern/kern_xxx.c
index ebbed06..f057bc8 100644
--- a/sys/kern/kern_xxx.c
+++ b/sys/kern/kern_xxx.c
@@ -40,6 +40,7 @@
#include <sys/sysproto.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sysctl.h>
#include <sys/utsname.h>
@@ -125,7 +126,7 @@ sys_setdomainname(struct setdomainname_args *uap)
struct thread *td = curthread;
int error, domainnamelen;
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
return (error);
if ((u_int)uap->len > sizeof (domainname) - 1)
return EINVAL;
diff --git a/sys/kern/subr_prf.c b/sys/kern/subr_prf.c
index 35b4b80..d403a39 100644
--- a/sys/kern/subr_prf.c
+++ b/sys/kern/subr_prf.c
@@ -48,6 +48,7 @@
#include <sys/msgbuf.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/tty.h>
#include <sys/tprintf.h>
#include <sys/stdint.h>
@@ -911,7 +912,7 @@ sysctl_kern_msgbuf(SYSCTL_HANDLER_ARGS)
cred = req->td->td_proc->p_ucred;
if ((cred->cr_prison || groupmember(0, cred) == 0) &&
- suser(req->td) != 0
+ priv_check(req->td, PRIV_ROOT) != 0
) {
return (EPERM);
}
diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c
index 4427ac4..4c0d825 100644
--- a/sys/kern/sys_process.c
+++ b/sys/kern/sys_process.c
@@ -36,6 +36,7 @@
#include <sys/systm.h>
#include <sys/sysproto.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/vnode.h>
#include <sys/ptrace.h>
#include <sys/reg.h>
@@ -319,7 +320,7 @@ kern_ptrace(struct proc *curp, int req, pid_t pid, void *addr, int data, int *re
/* not owned by you, has done setuid (unless you're root) */
if ((p->p_ucred->cr_ruid != curp->p_ucred->cr_ruid) ||
(p->p_flag & P_SUGID)) {
- if ((error = suser_cred(curp->p_ucred, 0)) != 0)
+ if ((error = priv_check_cred(curp->p_ucred, PRIV_ROOT, 0)) != 0)
return error;
}
diff --git a/sys/kern/sysv_ipc.c b/sys/kern/sysv_ipc.c
index 9d14be7..7648f93 100644
--- a/sys/kern/sysv_ipc.c
+++ b/sys/kern/sysv_ipc.c
@@ -37,6 +37,7 @@
#include <sys/param.h>
#include <sys/ipc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/ucred.h>
#if defined(SYSVSEM) || defined(SYSVSHM) || defined(SYSVMSG)
@@ -53,7 +54,7 @@ ipcperm(struct proc *p, struct ipc_perm *perm, int mode)
/* Check for user match. */
if (cred->cr_uid != perm->cuid && cred->cr_uid != perm->uid) {
if (mode & IPC_M)
- return (suser_cred(cred, 0) == 0 ? 0 : EPERM);
+ return (priv_check_cred(cred, PRIV_ROOT, 0) == 0 ? 0 : EPERM);
/* Check for group match. */
mode >>= 3;
if (!groupmember(perm->gid, cred) &&
@@ -65,7 +66,7 @@ ipcperm(struct proc *p, struct ipc_perm *perm, int mode)
if (mode & IPC_M)
return (0);
return ((mode & perm->mode) == mode ||
- suser_cred(cred, 0) == 0 ? 0 : EACCES);
+ priv_check_cred(cred, PRIV_ROOT, 0) == 0 ? 0 : EACCES);
}
#endif /* defined(SYSVSEM) || defined(SYSVSHM) || defined(SYSVMSG) */
diff --git a/sys/kern/sysv_msg.c b/sys/kern/sysv_msg.c
index 574cc72..51ac36c 100644
--- a/sys/kern/sysv_msg.c
+++ b/sys/kern/sysv_msg.c
@@ -27,6 +27,7 @@
#include <sys/sysproto.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/msg.h>
#include <sys/sysent.h>
#include <sys/sysctl.h>
@@ -316,7 +317,7 @@ sys_msgctl(struct msgctl_args *uap)
if ((eval = copyin(user_msqptr, &msqbuf, sizeof(msqbuf))) != 0)
return(eval);
if (msqbuf.msg_qbytes > msqptr->msg_qbytes) {
- eval = suser(td);
+ eval = priv_check(td, PRIV_ROOT);
if (eval)
return(eval);
}
diff --git a/sys/kern/tty.c b/sys/kern/tty.c
index 14b0a3a..c252227 100644
--- a/sys/kern/tty.c
+++ b/sys/kern/tty.c
@@ -78,6 +78,7 @@
#include <sys/ioctl_compat.h>
#endif
#include <sys/proc.h>
+#include <sys/priv.h>
#define TTYDEFCHARS
#include <sys/tty.h>
#include <sys/clist.h>
@@ -902,7 +903,7 @@ ttioctl(struct tty *tp, u_long cmd, void *data, int flag)
ISSET(constty->t_state, TS_CONNECTED))
return (EBUSY);
#ifndef UCONSOLE
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
#endif
constty = tp;
@@ -1074,9 +1075,9 @@ ttioctl(struct tty *tp, u_long cmd, void *data, int flag)
crit_exit();
break;
case TIOCSTI: /* simulate terminal input */
- if ((flag & FREAD) == 0 && suser(td))
+ if ((flag & FREAD) == 0 && priv_check(td, PRIV_ROOT))
return (EPERM);
- if (!isctty(p, tp) && suser(td))
+ if (!isctty(p, tp) && priv_check(td, PRIV_ROOT))
return (EACCES);
crit_enter();
(*linesw[tp->t_line].l_rint)(*(u_char *)data, tp);
@@ -1124,7 +1125,7 @@ ttioctl(struct tty *tp, u_long cmd, void *data, int flag)
}
break;
case TIOCSDRAINWAIT:
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
tp->t_timeout = *(int *)data * hz;
diff --git a/sys/kern/tty_cons.c b/sys/kern/tty_cons.c
index e4bff4e..5115ca2 100644
--- a/sys/kern/tty_cons.c
+++ b/sys/kern/tty_cons.c
@@ -48,6 +48,7 @@
#include <sys/cons.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/reboot.h>
#include <sys/sysctl.h>
#include <sys/tty.h>
@@ -438,7 +439,7 @@ cnioctl(struct dev_ioctl_args *ap)
*/
if (ap->a_cmd == TIOCCONS && constty) {
if (ap->a_cred) {
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error)
return (error);
}
diff --git a/sys/kern/tty_pty.c b/sys/kern/tty_pty.c
index 53e4ddf..dafe757 100644
--- a/sys/kern/tty_pty.c
+++ b/sys/kern/tty_pty.c
@@ -48,6 +48,7 @@
#include <sys/ioctl_compat.h>
#endif
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/tty.h>
#include <sys/conf.h>
#include <sys/fcntl.h>
@@ -191,7 +192,7 @@ ptsopen(struct dev_open_args *ap)
tp->t_lflag = TTYDEF_LFLAG;
tp->t_cflag = TTYDEF_CFLAG;
tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
- } else if ((tp->t_state & TS_XCLUDE) && suser_cred(ap->a_cred, 0)) {
+ } else if ((tp->t_state & TS_XCLUDE) && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
return (EBUSY);
} else if (pti->pt_prison != ap->a_cred->cr_prison) {
return (EBUSY);
diff --git a/sys/kern/vfs_helper.c b/sys/kern/vfs_helper.c
index 9b82fb7..531fd3e 100644
--- a/sys/kern/vfs_helper.c
+++ b/sys/kern/vfs_helper.c
@@ -54,6 +54,7 @@
#include <sys/vnode.h>
#include <sys/file.h> /* XXX */
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/jail.h>
/*
@@ -150,7 +151,7 @@ vop_helper_setattr_flags(u_int32_t *ino_flags, u_int32_t vaflags,
* If uid doesn't match only the super-user can change the flags
*/
if (cred->cr_uid != uid &&
- (error = suser_cred(cred, PRISON_ROOT))) {
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT))) {
return(error);
}
if (cred->cr_uid == 0 &&
@@ -197,7 +198,7 @@ vop_helper_chmod(struct vnode *vp, mode_t new_mode, struct ucred *cred,
int error;
if (cred->cr_uid != cur_uid) {
- error = suser_cred(cred, PRISON_ROOT);
+ error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT);
if (error)
return (error);
}
@@ -237,7 +238,7 @@ vop_helper_chown(struct vnode *vp, uid_t new_uid, gid_t new_gid,
if ((cred->cr_uid != *cur_uidp || new_uid != *cur_uidp ||
(new_gid != *cur_gidp && !(cred->cr_gid == new_gid ||
groupmember(new_gid, cred)))) &&
- (error = suser_cred(cred, PRISON_ROOT))) {
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT))) {
return (error);
}
ogid = *cur_gidp;
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 04b5a21..948c724 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -58,6 +58,7 @@
#include <sys/unistd.h>
#include <sys/vnode.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/namei.h>
#include <sys/nlookup.h>
#include <sys/dirent.h>
@@ -127,20 +128,20 @@ sys_mount(struct mount_args *uap)
KKASSERT(p);
if (cred->cr_prison != NULL)
return (EPERM);
- if (usermount == 0 && (error = suser(td)))
+ if (usermount == 0 && (error = priv_check(td, PRIV_ROOT)))
return (error);
/*
* Do not allow NFS export by non-root users.
*/
if (uap->flags & MNT_EXPORTED) {
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
}
/*
* Silently enforce MNT_NOSUID and MNT_NODEV for non-root users
*/
- if (suser(td))
+ if (priv_check(td, PRIV_ROOT))
uap->flags |= MNT_NOSUID | MNT_NODEV;
/*
@@ -208,7 +209,7 @@ sys_mount(struct mount_args *uap)
* permitted to update it.
*/
if (mp->mnt_stat.f_owner != cred->cr_uid &&
- (error = suser(td))) {
+ (error = priv_check(td, PRIV_ROOT))) {
cache_drop(&nch);
vput(vp);
return (error);
@@ -235,7 +236,7 @@ sys_mount(struct mount_args *uap)
* onto which we are attempting to mount.
*/
if ((error = VOP_GETATTR(vp, &va)) ||
- (va.va_uid != cred->cr_uid && (error = suser(td)))) {
+ (va.va_uid != cred->cr_uid && (error = priv_check(td, PRIV_ROOT)))) {
cache_drop(&nch);
vput(vp);
return (error);
@@ -268,7 +269,7 @@ sys_mount(struct mount_args *uap)
linker_file_t lf;
/* Only load modules for root (very important!) */
- if ((error = suser(td)) != 0) {
+ if ((error = priv_check(td, PRIV_ROOT)) != 0) {
cache_drop(&nch);
vput(vp);
return error;
@@ -548,7 +549,7 @@ sys_unmount(struct unmount_args *uap)
KKASSERT(p);
if (p->p_ucred->cr_prison != NULL)
return (EPERM);
- if (usermount == 0 && (error = suser(td)))
+ if (usermount == 0 && (error = priv_check(td, PRIV_ROOT)))
return (error);
error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
@@ -564,7 +565,7 @@ sys_unmount(struct unmount_args *uap)
* permitted to unmount this filesystem.
*/
if ((mp->mnt_stat.f_owner != p->p_ucred->cr_uid) &&
- (error = suser(td)))
+ (error = priv_check(td, PRIV_ROOT)))
goto out;
/*
@@ -911,7 +912,7 @@ sys_mountctl(struct mountctl_args *uap)
KKASSERT(p);
if (p->p_ucred->cr_prison != NULL)
return (EPERM);
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
/*
@@ -1041,7 +1042,7 @@ kern_statfs(struct nlookupdata *nd, struct statfs *buf)
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
bcopy(sp, buf, sizeof(*buf));
/* Only root should have access to the fsid's. */
- if (suser(td))
+ if (priv_check(td, PRIV_ROOT))
buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
return (0);
}
@@ -1104,7 +1105,7 @@ kern_fstatfs(int fd, struct statfs *buf)
bcopy(sp, buf, sizeof(*buf));
/* Only root should have access to the fsid's. */
- if (suser(td))
+ if (priv_check(td, PRIV_ROOT))
buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
error = 0;
done:
@@ -1602,7 +1603,7 @@ kern_chroot(struct nchandle *nch)
/*
* Only root can chroot
*/
- if ((error = suser_cred(p->p_ucred, PRISON_ROOT)) != 0)
+ if ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
/*
@@ -1853,10 +1854,10 @@ kern_mknod(struct nlookupdata *nd, int mode, int rmajor, int rminor)
switch (mode & S_IFMT) {
case S_IFCHR:
case S_IFBLK:
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
break;
default:
- error = suser_cred(p->p_ucred, PRISON_ROOT);
+ error = priv_check_cred(p->p_ucred, PRIV_ROOT, PRISON_ROOT);
break;
}
if (error)
@@ -2006,7 +2007,7 @@ can_hardlink(struct vnode *vp, struct thread *td, struct ucred *cred)
/*
* root cred can always hardlink
*/
- if (suser_cred(cred, PRISON_ROOT) == 0)
+ if (priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT) == 0)
return (0);
/*
@@ -2537,7 +2538,7 @@ setfflags(struct vnode *vp, int flags)
* chown can't fail when done as root.
*/
if ((vp->v_type == VCHR || vp->v_type == VBLK) &&
- ((error = suser_cred(p->p_ucred, PRISON_ROOT)) != 0))
+ ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, PRISON_ROOT)) != 0))
return (error);
/*
@@ -3566,7 +3567,7 @@ sys_revoke(struct revoke_args *uap)
if (error == 0)
error = VOP_GETATTR(vp, &vattr);
if (error == 0 && cred->cr_uid != vattr.va_uid)
- error = suser_cred(cred, PRISON_ROOT);
+ error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT);
if (error == 0 && count_udev(vp->v_umajor, vp->v_uminor) > 0) {
error = 0;
vx_lock(vp);
@@ -3607,7 +3608,7 @@ sys_getfh(struct getfh_args *uap)
/*
* Must be super user
*/
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
vp = NULL;
@@ -3635,7 +3636,7 @@ sys_getfh(struct getfh_args *uap)
* syscall for the rpc.lockd to use to translate a NFS file handle into
* an open descriptor.
*
- * warning: do not remove the suser() call or this becomes one giant
+ * warning: do not remove the priv_check() call or this becomes one giant
* security hole.
*/
int
@@ -3657,7 +3658,7 @@ sys_fhopen(struct fhopen_args *uap)
/*
* Must be super user
*/
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
@@ -3818,7 +3819,7 @@ sys_fhstat(struct fhstat_args *uap)
/*
* Must be super user
*/
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
@@ -3857,7 +3858,7 @@ sys_fhstatfs(struct fhstatfs_args *uap)
/*
* Must be super user
*/
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
return (error);
if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
@@ -3885,7 +3886,7 @@ sys_fhstatfs(struct fhstatfs_args *uap)
kfree(freepath, M_TEMP);
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
- if (suser(td)) {
+ if (priv_check(td, PRIV_ROOT)) {
bcopy(sp, &sb, sizeof(sb));
sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
sp = &sb;
@@ -3910,7 +3911,7 @@ sys_fhstatvfs(struct fhstatvfs_args *uap)
/*
* Must be super user
*/
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
return (error);
if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index 3e9a8d1..db2c1ec 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -46,6 +46,7 @@
#include <sys/file.h>
#include <sys/stat.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/mount.h>
#include <sys/nlookup.h>
#include <sys/vnode.h>
@@ -944,7 +945,7 @@ vn_stat(struct vnode *vp, struct stat *sb, struct ucred *cred)
}
sb->st_flags = vap->va_flags;
- if (suser_cred(cred, 0))
+ if (priv_check_cred(cred, PRIV_ROOT, 0))
sb->st_gen = 0;
else
sb->st_gen = (u_int32_t)vap->va_gen;
diff --git a/sys/net/bridge/if_bridge.c b/sys/net/bridge/if_bridge.c
index 46dc088..d945bd2 100644
--- a/sys/net/bridge/if_bridge.c
+++ b/sys/net/bridge/if_bridge.c
@@ -233,6 +233,7 @@
#include <sys/sysctl.h>
#include <sys/module.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/lock.h>
#include <sys/thread.h>
#include <sys/thread2.h>
@@ -806,7 +807,7 @@ bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
}
if (bc->bc_flags & BC_F_SUSER) {
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error)
break;
}
diff --git a/sys/net/gre/if_gre.c b/sys/net/gre/if_gre.c
index a0c44ff..cce46c4 100644
--- a/sys/net/gre/if_gre.c
+++ b/sys/net/gre/if_gre.c
@@ -57,6 +57,7 @@
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/sockio.h>
@@ -423,7 +424,7 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
case SIOCSIFDSTADDR:
break;
case SIOCSIFFLAGS:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
if ((ifr->ifr_flags & IFF_LINK0) != 0)
sc->g_proto = IPPROTO_GRE;
@@ -431,7 +432,7 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
sc->g_proto = IPPROTO_MOBILE;
goto recompute;
case SIOCSIFMTU:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
if (ifr->ifr_mtu < 576) {
error = EINVAL;
@@ -444,7 +445,7 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
break;
case SIOCADDMULTI:
case SIOCDELMULTI:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
if (ifr == 0) {
error = EAFNOSUPPORT;
@@ -461,7 +462,7 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
}
break;
case GRESPROTO:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
sc->g_proto = ifr->ifr_flags;
switch (sc->g_proto) {
@@ -481,7 +482,7 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
break;
case GRESADDRS:
case GRESADDRD:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
/*
* set tunnel endpoints, compute a less specific route
@@ -547,7 +548,7 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
ifr->ifr_addr = *sa;
break;
case SIOCSIFPHYADDR:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
if (aifr->ifra_addr.sin_family != AF_INET ||
aifr->ifra_dstaddr.sin_family != AF_INET) {
@@ -563,7 +564,7 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
sc->g_dst = aifr->ifra_dstaddr.sin_addr;
goto recompute;
case SIOCSLIFPHYADDR:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
if (lifr->addr.ss_family != AF_INET ||
lifr->dstaddr.ss_family != AF_INET) {
@@ -580,7 +581,7 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
(satosin((struct sockadrr *)&lifr->dstaddr))->sin_addr;
goto recompute;
case SIOCDIFPHYADDR:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
sc->g_src.s_addr = INADDR_ANY;
sc->g_dst.s_addr = INADDR_ANY;
diff --git a/sys/net/i4b/driver/i4b_ipr.c b/sys/net/i4b/driver/i4b_ipr.c
index be2f31e..2333f6f 100644
--- a/sys/net/i4b/driver/i4b_ipr.c
+++ b/sys/net/i4b/driver/i4b_ipr.c
@@ -499,7 +499,7 @@ i4biprioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, caddr_t data, struct ucred *cr)
{
struct thread *td = curthread; /* XXX */
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
sl_compress_setup(sc->sc_compr, *(int *)data);
}
diff --git a/sys/net/if.c b/sys/net/if.c
index 8ceedb4..09f752d 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -45,6 +45,7 @@
#include <sys/mbuf.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
@@ -1195,7 +1196,7 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct ucred *cred)
switch (cmd) {
case SIOCIFCREATE:
case SIOCIFDESTROY:
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
return (error);
return ((cmd == SIOCIFCREATE) ?
if_clone_create(ifr->ifr_name, sizeof(ifr->ifr_name)) :
@@ -1248,7 +1249,7 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct ucred *cred)
break;
case SIOCSIFFLAGS:
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error)
return (error);
new_flags = (ifr->ifr_flags & 0xffff) |
@@ -1294,7 +1295,7 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct ucred *cred)
break;
case SIOCSIFCAP:
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error)
return (error);
if (ifr->ifr_reqcap & ~ifp->if_capabilities)
@@ -1305,7 +1306,7 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct ucred *cred)
break;
case SIOCSIFNAME:
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error != 0)
return (error);
error = copyinstr(ifr->ifr_data, new_name, IFNAMSIZ, NULL);
@@ -1351,7 +1352,7 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct ucred *cred)
break;
case SIOCSIFMETRIC:
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error)
return (error);
ifp->if_metric = ifr->ifr_metric;
@@ -1359,7 +1360,7 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct ucred *cred)
break;
case SIOCSIFPHYS:
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error)
return error;
if (!ifp->if_ioctl)
@@ -1375,7 +1376,7 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct ucred *cred)
{
u_long oldmtu = ifp->if_mtu;
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error)
return (error);
if (ifp->if_ioctl == NULL)
@@ -1402,7 +1403,7 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct ucred *cred)
case SIOCADDMULTI:
case SIOCDELMULTI:
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error)
return (error);
@@ -1432,7 +1433,7 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct ucred *cred)
case SIOCSLIFPHYADDR:
case SIOCSIFMEDIA:
case SIOCSIFGENERIC:
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error)
return (error);
if (ifp->if_ioctl == 0)
@@ -1461,7 +1462,7 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct ucred *cred)
return (error);
case SIOCSIFLLADDR:
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error)
return (error);
return if_setlladdr(ifp,
diff --git a/sys/net/pf/if_pfsync.c b/sys/net/pf/if_pfsync.c
index c3c5c5b..fd78d23 100644
--- a/sys/net/pf/if_pfsync.c
+++ b/sys/net/pf/if_pfsync.c
@@ -35,6 +35,7 @@
#include <sys/param.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/systm.h>
#include <sys/time.h>
#include <sys/mbuf.h>
@@ -676,7 +677,7 @@ pfsyncioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
return (error);
break;
case SIOCSETPFSYNC:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
return (error);
if ((error = copyin(ifr->ifr_data, &pfsyncr, sizeof(pfsyncr))))
return (error);
diff --git a/sys/net/ppp/if_ppp.c b/sys/net/ppp/if_ppp.c
index 3f1bc15..c35fbb9 100644
--- a/sys/net/ppp/if_ppp.c
+++ b/sys/net/ppp/if_ppp.c
@@ -88,6 +88,7 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/mbuf.h>
#include <sys/socket.h>
#include <sys/filio.h>
@@ -402,7 +403,7 @@ pppioctl(struct ppp_softc *sc, u_long cmd, caddr_t data,
break;
case PPPIOCSFLAGS:
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
return (error);
flags = *(int *)data & SC_MASK;
crit_enter();
@@ -415,7 +416,7 @@ pppioctl(struct ppp_softc *sc, u_long cmd, caddr_t data,
break;
case PPPIOCSMRU:
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
return (error);
mru = *(int *)data;
if (mru >= PPP_MRU && mru <= PPP_MAXMRU)
@@ -428,7 +429,7 @@ pppioctl(struct ppp_softc *sc, u_long cmd, caddr_t data,
#ifdef VJC
case PPPIOCSMAXCID:
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
return (error);
if (sc->sc_comp) {
crit_enter();
@@ -439,14 +440,14 @@ pppioctl(struct ppp_softc *sc, u_long cmd, caddr_t data,
#endif
case PPPIOCXFERUNIT:
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
return (error);
sc->sc_xfer = curthread;
break;
#ifdef PPP_COMPRESS
case PPPIOCSCOMPRESS:
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
return (error);
odp = (struct ppp_option_data *) data;
nb = odp->length;
@@ -514,7 +515,7 @@ pppioctl(struct ppp_softc *sc, u_long cmd, caddr_t data,
if (cmd == PPPIOCGNPMODE) {
npi->mode = sc->sc_npmode[npx];
} else {
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
return (error);
if (npi->mode != sc->sc_npmode[npx]) {
crit_enter();
@@ -630,7 +631,7 @@ pppsioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
break;
case SIOCSIFMTU:
- if ((error = suser_cred(cr, 0)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, 0)) != 0)
break;
if (ifr->ifr_mtu > PPP_MAXMTU)
error = EINVAL;
diff --git a/sys/net/ppp_layer/ppp_tty.c b/sys/net/ppp_layer/ppp_tty.c
index b101e8e..59688a7 100644
--- a/sys/net/ppp_layer/ppp_tty.c
+++ b/sys/net/ppp_layer/ppp_tty.c
@@ -80,6 +80,7 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/mbuf.h>
#include <sys/dkstat.h>
#include <sys/socket.h>
@@ -177,7 +178,7 @@ pppopen(cdev_t dev, struct tty *tp)
struct ppp_softc *sc;
int error;
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
crit_enter();
@@ -434,7 +435,7 @@ ppptioctl(struct tty *tp, u_long cmd, caddr_t data, int flag, struct ucred *cr)
error = 0;
switch (cmd) {
case PPPIOCSASYNCMAP:
- if ((error = suser_cred(cr, 0)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, 0)) != 0)
break;
sc->sc_asyncmap[0] = *(u_int *)data;
break;
@@ -444,7 +445,7 @@ ppptioctl(struct tty *tp, u_long cmd, caddr_t data, int flag, struct ucred *cr)
break;
case PPPIOCSRASYNCMAP:
- if ((error = suser_cred(cr, 0)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, 0)) != 0)
break;
sc->sc_rasyncmap = *(u_int *)data;
break;
@@ -454,7 +455,7 @@ ppptioctl(struct tty *tp, u_long cmd, caddr_t data, int flag, struct ucred *cr)
break;
case PPPIOCSXASYNCMAP:
- if ((error = suser_cred(cr, 0)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, 0)) != 0)
break;
crit_enter();
bcopy(data, sc->sc_asyncmap, sizeof(sc->sc_asyncmap));
diff --git a/sys/net/raw_usrreq.c b/sys/net/raw_usrreq.c
index 48e2335..fb38a76 100644
--- a/sys/net/raw_usrreq.c
+++ b/sys/net/raw_usrreq.c
@@ -39,6 +39,7 @@
#include <sys/systm.h>
#include <sys/mbuf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
@@ -152,7 +153,7 @@ raw_uattach(struct socket *so, int proto, struct pru_attach_info *ai)
if (rp == NULL)
return EINVAL;
- if ((error = suser_cred(ai->p_ucred, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(ai->p_ucred, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
return error;
return raw_attach(so, proto, ai->sb_rlimit);
}
diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c
index e00598c..3b95ed0 100644
--- a/sys/net/rtsock.c
+++ b/sys/net/rtsock.c
@@ -74,6 +74,7 @@
#include <sys/kernel.h>
#include <sys/sysctl.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/protosw.h>
@@ -513,7 +514,7 @@ route_output(struct mbuf *m, struct socket *so, ...)
* Verify that the caller has the appropriate privilege; RTM_GET
* is the only operation the non-superuser is allowed.
*/
- if (rtm->rtm_type != RTM_GET && suser_cred(so->so_cred, 0) != 0)
+ if (rtm->rtm_type != RTM_GET && priv_check_cred(so->so_cred, PRIV_ROOT, 0) != 0)
gotoerr(EPERM);
switch (rtm->rtm_type) {
diff --git a/sys/net/sl/if_sl.c b/sys/net/sl/if_sl.c
index aa65c02..2c9b327 100644
--- a/sys/net/sl/if_sl.c
+++ b/sys/net/sl/if_sl.c
@@ -72,6 +72,7 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/dkstat.h>
@@ -253,7 +254,7 @@ slopen(cdev_t dev, struct tty *tp)
int error;
struct thread *td = curthread; /* XXX */
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
diff --git a/sys/net/tap/if_tap.c b/sys/net/tap/if_tap.c
index c085fda..ec725a6 100644
--- a/sys/net/tap/if_tap.c
+++ b/sys/net/tap/if_tap.c
@@ -48,6 +48,7 @@
#include <sys/mbuf.h>
#include <sys/poll.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/signalvar.h>
#include <sys/socket.h>
#include <sys/sockio.h>
@@ -266,7 +267,7 @@ tapopen(struct dev_open_args *ap)
struct ifnet *ifp = NULL;
int error;
- if ((error = suser_cred(ap->a_cred, 0)) != 0)
+ if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) != 0)
return (error);
get_mplock();
diff --git a/sys/net/tun/if_tun.c b/sys/net/tun/if_tun.c
index 468954d..dc8b2c4 100644
--- a/sys/net/tun/if_tun.c
+++ b/sys/net/tun/if_tun.c
@@ -24,6 +24,7 @@
#include <sys/param.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/systm.h>
#include <sys/mbuf.h>
#include <sys/socket.h>
@@ -138,7 +139,7 @@ tunopen(struct dev_open_args *ap)
struct tun_softc *tp;
int error;
- if ((error = suser_cred(ap->a_cred, 0)) != 0)
+ if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) != 0)
return (error);
tp = dev->si_drv1;
diff --git a/sys/netbt/hci_ioctl.c b/sys/netbt/hci_ioctl.c
index cd1e168..0c75541 100644
--- a/sys/netbt/hci_ioctl.c
+++ b/sys/netbt/hci_ioctl.c
@@ -38,6 +38,7 @@
#include <sys/kernel.h>
#include <sys/mbuf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/systm.h>
#include <sys/thread2.h>
#include <sys/bus.h>
@@ -224,7 +225,7 @@ hci_ioctl(unsigned long cmd, void *data, struct proc *p)
break;
case SIOCSBTFLAGS: /* set unit flags (privileged) */
- err = suser(td);
+ err = priv_check(td, PRIV_ROOT);
if (err)
break;
@@ -249,7 +250,7 @@ hci_ioctl(unsigned long cmd, void *data, struct proc *p)
break;
case SIOCSBTPOLICY: /* set unit link policy (privileged) */
- err = suser(td);
+ err = priv_check(td, PRIV_ROOT);
if (err)
break;
@@ -259,7 +260,7 @@ hci_ioctl(unsigned long cmd, void *data, struct proc *p)
break;
case SIOCSBTPTYPE: /* set unit packet types (privileged) */
- err = suser(td);
+ err = priv_check(td, PRIV_ROOT);
if (err)
break;
@@ -273,7 +274,7 @@ hci_ioctl(unsigned long cmd, void *data, struct proc *p)
break;
case SIOCZBTSTATS: /* get & reset unit statistics */
- err = suser(td);
+ err = priv_check(td, PRIV_ROOT);
if (err)
break;
@@ -287,7 +288,7 @@ hci_ioctl(unsigned long cmd, void *data, struct proc *p)
* sent to USB bluetooth controllers that are not an
* integer number of frame sizes, the USB bus locks up.
*/
- err = suser(td);
+ err = priv_check(td, PRIV_ROOT);
if (err)
break;
diff --git a/sys/netbt/hci_socket.c b/sys/netbt/hci_socket.c
index 685086b..0489721 100644
--- a/sys/netbt/hci_socket.c
+++ b/sys/netbt/hci_socket.c
@@ -43,6 +43,7 @@
#include <sys/kernel.h>
#include <sys/mbuf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
@@ -630,7 +631,7 @@ hci_sattach (struct socket *so, int proto, struct pru_attach_info *ai)
so->so_pcb = pcb;
pcb->hp_socket = so;
- if (curproc == NULL || suser(curthread) == 0)
+ if (curproc == NULL || priv_check(curthread, PRIV_ROOT) == 0)
pcb->hp_flags |= HCI_PRIVILEGED;
/*
diff --git a/sys/netgraph/socket/ng_socket.c b/sys/netgraph/socket/ng_socket.c
index 6e11ae0..e5a31bb 100644
--- a/sys/netgraph/socket/ng_socket.c
+++ b/sys/netgraph/socket/ng_socket.c
@@ -52,6 +52,7 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/domain.h>
#include <sys/errno.h>
#include <sys/kernel.h>
@@ -162,7 +163,7 @@ ngc_attach(struct socket *so, int proto, struct pru_attach_info *ai)
{
struct ngpcb *const pcbp = sotongpcb(so);
- if (suser_cred(ai->p_ucred, NULL_CRED_OKAY) != 0)
+ if (priv_check_cred(ai->p_ucred, PRIV_ROOT, NULL_CRED_OKAY) != 0)
return (EPERM);
if (pcbp != NULL)
return (EISCONN);
diff --git a/sys/netgraph/tty/ng_tty.c b/sys/netgraph/tty/ng_tty.c
index 6688d1c..c457645 100644
--- a/sys/netgraph/tty/ng_tty.c
+++ b/sys/netgraph/tty/ng_tty.c
@@ -64,6 +64,7 @@
#include <sys/kernel.h>
#include <sys/conf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/mbuf.h>
#include <sys/malloc.h>
#include <sys/fcntl.h>
@@ -193,7 +194,7 @@ ngt_open(cdev_t dev, struct tty *tp)
int error;
/* Super-user only */
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
return (error);
crit_enter();
diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index ab41137..e730830 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -42,6 +42,7 @@
#include <sys/sockio.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/msgport.h>
#include <sys/socket.h>
@@ -227,7 +228,7 @@ in_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp,
switch (cmd) {
case SIOCALIFADDR:
case SIOCDLIFADDR:
- if (td && (error = suser(td)) != 0)
+ if (td && (error = priv_check(td, PRIV_ROOT)) != 0)
return error;
/* FALLTHROUGH */
case SIOCGLIFADDR:
@@ -511,7 +512,7 @@ in_control_internal(u_long cmd, caddr_t data, struct ifnet *ifp,
case SIOCSIFADDR:
case SIOCSIFNETMASK:
case SIOCSIFDSTADDR:
- if (td && (error = suser(td)) != 0)
+ if (td && (error = priv_check(td, PRIV_ROOT)) != 0)
return error;
if (ifp == NULL)
@@ -566,7 +567,7 @@ in_control_internal(u_long cmd, caddr_t data, struct ifnet *ifp,
break;
case SIOCSIFBRDADDR:
- if (td && (error = suser(td)) != 0)
+ if (td && (error = priv_check(td, PRIV_ROOT)) != 0)
return error;
/* FALLTHROUGH */
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 25f0684..9f7bfe1 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -80,6 +80,7 @@
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/jail.h>
#include <sys/kernel.h>
#include <sys/sysctl.h>
@@ -290,7 +291,7 @@ in_pcbbind(struct inpcb *inp, struct sockaddr *nam, struct thread *td)
/* GROSS */
if (ntohs(lport) < IPPORT_RESERVED &&
- cred && suser_cred(cred, PRISON_ROOT))
+ cred && priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT))
return (EACCES);
if (so->so_cred->cr_uid != 0 &&
!IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) {
@@ -348,7 +349,7 @@ in_pcbbind(struct inpcb *inp, struct sockaddr *nam, struct thread *td)
lastport = &pcbinfo->lasthi;
} else if (inp->inp_flags & INP_LOWPORT) {
if (cred &&
- (error = suser_cred(cred, PRISON_ROOT))) {
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT))) {
inp->inp_laddr.s_addr = INADDR_ANY;
return (error);
}
diff --git a/sys/netinet/ip_carp.c b/sys/netinet/ip_carp.c
index a20b558..cf9747c 100644
--- a/sys/netinet/ip_carp.c
+++ b/sys/netinet/ip_carp.c
@@ -41,6 +41,7 @@
#include <sys/mbuf.h>
#include <sys/time.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sockio.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
@@ -1729,7 +1730,7 @@ carp_ioctl(struct ifnet *ifp, u_long cmd, caddr_t addr, struct ucred *cr)
break;
case SIOCSVH:
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error)
break;
if ((error = copyin(ifr->ifr_data, &carpr, sizeof carpr)))
@@ -1803,7 +1804,7 @@ carp_ioctl(struct ifnet *ifp, u_long cmd, caddr_t addr, struct ucred *cr)
carpr.carpr_vhid = sc->sc_vhid;
carpr.carpr_advbase = sc->sc_advbase;
carpr.carpr_advskew = sc->sc_advskew;
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error == 0) {
bcopy(sc->sc_key, carpr.carpr_key,
sizeof(carpr.carpr_key));
diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c
index e250856..16a8241 100644
--- a/sys/netinet/ip_divert.c
+++ b/sys/netinet/ip_divert.c
@@ -55,6 +55,7 @@
#include <sys/sysctl.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/thread2.h>
#include <sys/in_cksum.h>
#include <sys/lock.h>
@@ -466,7 +467,7 @@ div_attach(struct socket *so, int proto, struct pru_attach_info *ai)
inp = so->so_pcb;
if (inp)
panic("div_attach");
- if ((error = suser_cred(ai->p_ucred, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(ai->p_ucred, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
return error;
error = soreserve(so, div_sendspace, div_recvspace, ai->sb_rlimit);
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 80c7f28..bd7a51d 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -50,6 +50,7 @@
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sysctl.h>
#include <sys/thread2.h>
#include <sys/in_cksum.h>
@@ -1489,7 +1490,7 @@ ip_ctloutput(struct socket *so, struct sockopt *sopt)
break;
soopt_to_mbuf(sopt, m);
priv = (sopt->sopt_td != NULL &&
- suser(sopt->sopt_td) != 0) ? 0 : 1;
+ priv_check(sopt->sopt_td, PRIV_ROOT) != 0) ? 0 : 1;
req = mtod(m, caddr_t);
len = m->m_len;
optname = sopt->sopt_name;
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c
index 22c8e44..1cb495f 100644
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c
@@ -45,6 +45,7 @@
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
@@ -539,7 +540,7 @@ rip_attach(struct socket *so, int proto, struct pru_attach_info *ai)
inp = so->so_pcb;
if (inp)
panic("rip_attach");
- if ((error = suser_cred(ai->p_ucred, flag)) != 0)
+ if ((error = priv_check_cred(ai->p_ucred, PRIV_ROOT, flag)) != 0)
return error;
error = soreserve(so, rip_sendspace, rip_recvspace, ai->sb_rlimit);
diff --git a/sys/netinet/sctp_pcb.c b/sys/netinet/sctp_pcb.c
index 6ca9161..3d11382 100644
--- a/sys/netinet/sctp_pcb.c
+++ b/sys/netinet/sctp_pcb.c
@@ -58,6 +58,7 @@
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/kernel.h>
#include <sys/sysctl.h>
#include <sys/thread2.h>
@@ -1933,7 +1934,7 @@ sctp_inpcb_bind(struct socket *so, struct sockaddr *addr, struct proc *p)
#elif defined(__NetBSD__) || defined(__APPLE__)
suser(p->p_ucred, &p->p_acflag)
#elif defined(__DragonFly__)
- suser(p)
+ priv_check(p, PRIV_ROOT)
#else
suser(p, 0)
#endif
diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c
index 63b7516..d3d40e4 100644
--- a/sys/netinet/sctp_usrreq.c
+++ b/sys/netinet/sctp_usrreq.c
@@ -56,6 +56,7 @@
#include <sys/mbuf.h>
#include <sys/domain.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
@@ -551,7 +552,7 @@ sctp_getcred(SYSCTL_HANDLER_ARGS)
int error;
#if __FreeBSD_version >= 500000 || defined(__DragonFly__)
- error = suser(req->td);
+ error = priv_check(req->td, PRIV_ROOT);
#else
error = suser(req->p);
#endif
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index 00bd942..22c33bc 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -85,6 +85,7 @@
#include <sys/domain.h>
#endif
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/protosw.h>
@@ -1255,7 +1256,7 @@ tcp_getcred(SYSCTL_HANDLER_ARGS)
int cpu;
int error;
- error = suser(req->td);
+ error = priv_check(req->td, PRIV_ROOT);
if (error != 0)
return (error);
error = SYSCTL_IN(req, addrs, sizeof addrs);
@@ -1288,7 +1289,7 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS)
int error;
boolean_t mapped = FALSE;
- error = suser(req->td);
+ error = priv_check(req->td, PRIV_ROOT);
if (error != 0)
return (error);
error = SYSCTL_IN(req, addrs, sizeof addrs);
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 160df66..b8c5840 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -78,6 +78,7 @@
#include <sys/mbuf.h>
#include <sys/domain.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
@@ -710,7 +711,7 @@ udp_getcred(SYSCTL_HANDLER_ARGS)
struct inpcb *inp;
int error;
- error = suser(req->td);
+ error = priv_check(req->td, PRIV_ROOT);
if (error)
return (error);
error = SYSCTL_IN(req, addrs, sizeof addrs);
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index 71316a3..b5413da 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -77,6 +77,7 @@
#include <sys/sockio.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/time.h>
#include <sys/kernel.h>
#include <sys/syslog.h>
@@ -385,7 +386,7 @@ in6_control(struct socket *so, u_long cmd, caddr_t data,
int error;
privileged = 0;
- if (suser(td) == 0)
+ if (priv_check(td, PRIV_ROOT) == 0)
privileged++;
switch (cmd) {
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c
index 3fa30a6..01dd609 100644
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@@ -83,6 +83,7 @@
#include <sys/errno.h>
#include <sys/time.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/jail.h>
#include <sys/thread2.h>
@@ -201,7 +202,7 @@ in6_pcbbind(struct inpcb *inp, struct sockaddr *nam, struct thread *td)
/* GROSS */
if (ntohs(lport) < IPV6PORT_RESERVED && cred &&
- suser_cred(cred, PRISON_ROOT))
+ priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT))
return (EACCES);
if (so->so_cred->cr_uid != 0 &&
!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) {
diff --git a/sys/netinet6/in6_src.c b/sys/netinet6/in6_src.c
index a6e0904..857edf7 100644
--- a/sys/netinet6/in6_src.c
+++ b/sys/netinet6/in6_src.c
@@ -80,6 +80,7 @@
#include <sys/errno.h>
#include <sys/time.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <net/if.h>
#include <net/route.h>
@@ -407,7 +408,7 @@ in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct thread *td)
last = ipport_hilastauto;
lastport = &pcbinfo->lasthi;
} else if (inp->inp_flags & INP_LOWPORT) {
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return error;
first = ipport_lowfirstauto; /* 1023 */
last = ipport_lowlastauto; /* 600 */
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index ab0b7fa..db60924 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -84,6 +84,7 @@
#include <sys/kernel.h>
#include <sys/syslog.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/thread2.h>
#include <sys/msgport2.h>
@@ -1130,7 +1131,7 @@ ip6_savecontrol(struct inpcb *in6p, struct mbuf **mp, struct ip6_hdr *ip6,
int rthdr_exist = 0;
- if (suser(td) == 0)
+ if (priv_check(td, PRIV_ROOT) == 0)
privileged++;
#ifdef SO_TIMESTAMP
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
index d1c018a..ae788df 100644
--- a/sys/netinet6/ip6_output.c
+++ b/sys/netinet6/ip6_output.c
@@ -81,6 +81,7 @@
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <net/if.h>
#include <net/route.h>
@@ -1395,7 +1396,7 @@ ip6_ctloutput(struct socket *so, struct sockopt *sopt)
error = optval = 0;
uproto = (int)so->so_proto->pr_protocol;
- privileged = (td == NULL || suser(td)) ? 0 : 1;
+ privileged = (td == NULL || priv_check(td, PRIV_ROOT)) ? 0 : 1;
if (level == IPPROTO_IPV6) {
switch (op) {
@@ -2592,7 +2593,7 @@ ip6_setmoptions(int optname, struct ip6_moptions **im6op, struct mbuf *m)
* all multicast addresses. Only super user is allowed
* to do this.
*/
- if (suser(td))
+ if (priv_check(td, PRIV_ROOT))
{
error = EACCES;
break;
@@ -2695,7 +2696,7 @@ ip6_setmoptions(int optname, struct ip6_moptions **im6op, struct mbuf *m)
}
mreq = mtod(m, struct ipv6_mreq *);
if (IN6_IS_ADDR_UNSPECIFIED(&mreq->ipv6mr_multiaddr)) {
- if (suser(td)) {
+ if (priv_check(td, PRIV_ROOT)) {
error = EACCES;
break;
}
diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c
index 34db51b..9294184 100644
--- a/sys/netinet6/raw_ip6.c
+++ b/sys/netinet6/raw_ip6.c
@@ -71,6 +71,7 @@
#include <sys/param.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/mbuf.h>
#include <sys/socket.h>
#include <sys/jail.h>
@@ -564,7 +565,7 @@ rip6_attach(struct socket *so, int proto, struct pru_attach_info *ai)
inp = so->so_pcb;
if (inp)
panic("rip6_attach");
- if ((error = suser_cred(ai->p_ucred, flag)) != 0)
+ if ((error = priv_check_cred(ai->p_ucred, PRIV_ROOT, flag)) != 0)
return error;
error = soreserve(so, rip_sendspace, rip_recvspace, ai->sb_rlimit);
diff --git a/sys/netinet6/udp6_output.c b/sys/netinet6/udp6_output.c
index bdb93c0..810e4e8 100644
--- a/sys/netinet6/udp6_output.c
+++ b/sys/netinet6/udp6_output.c
@@ -81,6 +81,7 @@
#include <sys/stat.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/syslog.h>
#include <net/if.h>
@@ -137,7 +138,7 @@ udp6_output(struct in6pcb *in6p, struct mbuf *m, struct sockaddr *addr6,
int flags;
struct sockaddr_in6 tmp;
- priv = !suser(td); /* 1 if privilaged, 0 if not */
+ priv = !priv_check(td, PRIV_ROOT); /* 1 if privilaged, 0 if not */
if (control) {
if ((error = ip6_setpktoptions(control, &opt,
in6p->in6p_outputopts,
diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c
index ffb4908..0b33627 100644
--- a/sys/netinet6/udp6_usrreq.c
+++ b/sys/netinet6/udp6_usrreq.c
@@ -82,6 +82,7 @@
#include <sys/systm.h>
#include <sys/syslog.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/thread2.h>
#include <net/if.h>
@@ -490,7 +491,7 @@ udp6_getcred(SYSCTL_HANDLER_ARGS)
struct inpcb *inp;
int error;
- error = suser(req->td);
+ error = priv_check(req->td, PRIV_ROOT);
if (error)
return (error);
diff --git a/sys/netproto/802_11/wlan/ieee80211_dragonfly.c b/sys/netproto/802_11/wlan/ieee80211_dragonfly.c
index 89f052d..3af1322 100644
--- a/sys/netproto/802_11/wlan/ieee80211_dragonfly.c
+++ b/sys/netproto/802_11/wlan/ieee80211_dragonfly.c
@@ -38,6 +38,7 @@
#include <sys/mbuf.h>
#include <sys/module.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sysctl.h>
#include <sys/socket.h>
@@ -321,7 +322,7 @@ ieee80211_load_module(const char *modname)
#ifdef notyet
struct thread *td = curthread;
- if (suser(td) == 0 && securelevel_gt(td->td_ucred, 0) == 0) {
+ if (priv_check(td, PRIV_ROOT) == 0 && securelevel_gt(td->td_ucred, 0) == 0) {
crit_enter(); /* NB: need BGL here */
linker_load_module(modname, NULL, NULL, NULL, NULL);
crit_exit();
diff --git a/sys/netproto/802_11/wlan/ieee80211_ioctl.c b/sys/netproto/802_11/wlan/ieee80211_ioctl.c
index bc02b47..79299c5 100644
--- a/sys/netproto/802_11/wlan/ieee80211_ioctl.c
+++ b/sys/netproto/802_11/wlan/ieee80211_ioctl.c
@@ -44,6 +44,7 @@
#include <sys/param.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/socket.h>
#include <sys/sockio.h>
#include <sys/systm.h>
@@ -346,7 +347,7 @@ ieee80211_cfgget(struct ieee80211com *ic, u_long cmd, caddr_t data,
case WI_RID_DEFLT_CRYPT_KEYS:
keys = (struct wi_ltv_keys *)&wreq;
/* do not show keys to non-root user */
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error) {
memset(keys, 0, sizeof(*keys));
error = 0;
@@ -864,7 +865,7 @@ ieee80211_ioctl_getkey(struct ieee80211com *ic, struct ieee80211req *ireq,
ik.ik_flags = wk->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV);
if (wk->wk_keyix == ic->ic_def_txkey)
ik.ik_flags |= IEEE80211_KEY_DEFAULT;
- if (suser_cred(cr, NULL_CRED_OKAY) == 0) {
+ if (priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY) == 0) {
/* NB: only root can read key data */
ik.ik_keyrsc = wk->wk_keyrsc;
ik.ik_keytsc = wk->wk_keytsc;
@@ -1363,7 +1364,7 @@ ieee80211_ioctl_get80211(struct ieee80211com *ic, u_long cmd,
return EINVAL;
len = (u_int) ic->ic_nw_keys[kid].wk_keylen;
/* NB: only root can read WEP keys */
- if (suser_cred(cr, NULL_CRED_OKAY) == 0) {
+ if (priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY) == 0) {
bcopy(ic->ic_nw_keys[kid].wk_key, tmpkey, len);
} else {
bzero(tmpkey, len);
@@ -2560,7 +2561,7 @@ ieee80211_ioctl(struct ieee80211com *ic, u_long cmd, caddr_t data,
(struct ieee80211req *) data, cr);
break;
case SIOCS80211:
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error == 0)
error = ieee80211_ioctl_set80211(ic, cmd,
(struct ieee80211req *) data);
@@ -2569,7 +2570,7 @@ ieee80211_ioctl(struct ieee80211com *ic, u_long cmd, caddr_t data,
error = ieee80211_cfgget(ic, cmd, data, cr);
break;
case SIOCSIFGENERIC:
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error)
break;
error = ieee80211_cfgset(ic, cmd, data);
diff --git a/sys/netproto/atalk/at_control.c b/sys/netproto/atalk/at_control.c
index eb2b8eb..70d55cd 100644
--- a/sys/netproto/atalk/at_control.c
+++ b/sys/netproto/atalk/at_control.c
@@ -8,6 +8,7 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sockio.h>
#include <sys/malloc.h>
#include <sys/kernel.h>
@@ -102,7 +103,7 @@ at_control(struct socket *so, u_long cmd, caddr_t data,
/*
* If we are not superuser, then we don't get to do these ops.
*/
- if (suser(td))
+ if (priv_check(td, PRIV_ROOT))
return(EPERM);
sat = satosat( &ifr->ifr_addr );
diff --git a/sys/netproto/atalk/ddp_usrreq.c b/sys/netproto/atalk/ddp_usrreq.c
index caabf9b..6f9a51d 100644
--- a/sys/netproto/atalk/ddp_usrreq.c
+++ b/sys/netproto/atalk/ddp_usrreq.c
@@ -8,6 +8,7 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/socket.h>
@@ -248,7 +249,7 @@ at_pcbsetaddr(struct ddpcb *ddp, struct sockaddr *addr, struct thread *td)
return( EINVAL );
}
if ( sat->sat_port < ATPORT_RESERVED &&
- suser(td) ) {
+ priv_check(td, PRIV_ROOT) ) {
return( EACCES );
}
}
diff --git a/sys/netproto/atm/atm_usrreq.c b/sys/netproto/atm/atm_usrreq.c
index d8efe7c..8a928fc 100644
--- a/sys/netproto/atm/atm_usrreq.c
+++ b/sys/netproto/atm/atm_usrreq.c
@@ -163,7 +163,7 @@ atm_dgram_control(struct socket *so, u_long cmd, caddr_t data,
struct atmcfgreq *acp = (struct atmcfgreq *)data;
struct atm_pif *pip;
- if (suser(td))
+ if (priv_check(td, PRIV_ROOT))
ATM_RETERR(EPERM);
switch (acp->acr_opcode) {
@@ -196,7 +196,7 @@ atm_dgram_control(struct socket *so, u_long cmd, caddr_t data,
struct atmaddreq *aap = (struct atmaddreq *)data;
Atm_endpoint *epp;
- if (suser(td))
+ if (priv_check(td, PRIV_ROOT))
ATM_RETERR(EPERM);
switch (aap->aar_opcode) {
@@ -246,7 +246,7 @@ atm_dgram_control(struct socket *so, u_long cmd, caddr_t data,
struct sigmgr *smp;
Atm_endpoint *epp;
- if (suser(td))
+ if (priv_check(td, PRIV_ROOT))
ATM_RETERR(EPERM);
switch (adp->adr_opcode) {
@@ -299,7 +299,7 @@ atm_dgram_control(struct socket *so, u_long cmd, caddr_t data,
struct sigmgr *smp;
struct ifnet *ifp2;
- if (suser(td))
+ if (priv_check(td, PRIV_ROOT))
ATM_RETERR(EPERM);
switch (asp->asr_opcode) {
diff --git a/sys/netproto/atm/kern_include.h b/sys/netproto/atm/kern_include.h
index 5a55804..4709a82 100644
--- a/sys/netproto/atm/kern_include.h
+++ b/sys/netproto/atm/kern_include.h
@@ -50,6 +50,7 @@
#include <sys/errno.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sockio.h>
#include <sys/time.h>
#include <sys/kernel.h>
diff --git a/sys/netproto/ipx/ipx.c b/sys/netproto/ipx/ipx.c
index 708d2a7..e7c03b8 100644
--- a/sys/netproto/ipx/ipx.c
+++ b/sys/netproto/ipx/ipx.c
@@ -42,6 +42,7 @@
#include <sys/malloc.h>
#include <sys/sockio.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/socket.h>
#include <sys/thread2.h>
@@ -107,7 +108,7 @@ ipx_control(struct socket *so, u_long cmd, caddr_t data,
return (0);
}
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
switch (cmd) {
diff --git a/sys/netproto/ipx/ipx_pcb.c b/sys/netproto/ipx/ipx_pcb.c
index e5c65f2..36be535 100644
--- a/sys/netproto/ipx/ipx_pcb.c
+++ b/sys/netproto/ipx/ipx_pcb.c
@@ -41,6 +41,7 @@
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/thread2.h>
@@ -97,7 +98,7 @@ ipx_pcbbind(struct ipxpcb *ipxp, struct sockaddr *nam, struct thread *td)
int error;
if (aport < IPXPORT_RESERVED &&
- td != NULL && (error = suser(td)) != 0)
+ td != NULL && (error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
if (ipx_pcblookup(&zeroipx_addr, lport, 0))
return (EADDRINUSE);
diff --git a/sys/netproto/ipx/ipx_usrreq.c b/sys/netproto/ipx/ipx_usrreq.c
index fcda47e..0326f32 100644
--- a/sys/netproto/ipx/ipx_usrreq.c
+++ b/sys/netproto/ipx/ipx_usrreq.c
@@ -44,6 +44,7 @@
#include <sys/kernel.h>
#include <sys/mbuf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
@@ -597,7 +598,7 @@ ripx_attach(struct socket *so, int proto, struct pru_attach_info *ai)
int error = 0;
struct ipxpcb *ipxp = sotoipxpcb(so);
- if ((error = suser_cred(ai->p_ucred, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(ai->p_ucred, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
return (error);
crit_enter();
error = ipx_pcballoc(so, &ipxrawpcb);
diff --git a/sys/netproto/ncp/ncp_conn.c b/sys/netproto/ncp/ncp_conn.c
index 3581905..d96473e 100644
--- a/sys/netproto/ncp/ncp_conn.c
+++ b/sys/netproto/ncp/ncp_conn.c
@@ -38,6 +38,7 @@
#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/lock.h>
#include <sys/sysctl.h>
diff --git a/sys/netproto/ncp/ncp_login.c b/sys/netproto/ncp/ncp_login.c
index ea142ce..cf6439a 100644
--- a/sys/netproto/ncp/ncp_login.c
+++ b/sys/netproto/ncp/ncp_login.c
@@ -37,6 +37,7 @@
#include <sys/malloc.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/socket.h>
#include "ncp.h"
diff --git a/sys/netproto/ncp/ncp_ncp.c b/sys/netproto/ncp/ncp_ncp.c
index be34147..f39fc8d 100644
--- a/sys/netproto/ncp/ncp_ncp.c
+++ b/sys/netproto/ncp/ncp_ncp.c
@@ -41,6 +41,7 @@
#include <sys/errno.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/poll.h>
#include <sys/signalvar.h>
#include <sys/signal2.h>
diff --git a/sys/netproto/ncp/ncp_subr.h b/sys/netproto/ncp/ncp_subr.h
index 5aff3fe..9c5f339 100644
--- a/sys/netproto/ncp/ncp_subr.h
+++ b/sys/netproto/ncp/ncp_subr.h
@@ -84,7 +84,7 @@
#define checkbad(fn) {error=(fn);if(error) goto bad;}
-#define ncp_suser(cred) suser_cred(cred, 0)
+#define ncp_suser(cred) priv_check_cred(cred, PRIV_ROOT, 0)
#define ncp_isowner(conn,cred) ((cred)->cr_uid == (conn)->nc_owner->cr_uid)
diff --git a/sys/netproto/smb/smb_conn.c b/sys/netproto/smb/smb_conn.c
index 44988f2..383a318 100644
--- a/sys/netproto/smb/smb_conn.c
+++ b/sys/netproto/smb/smb_conn.c
@@ -42,6 +42,7 @@
#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/lock.h>
#include <sys/sysctl.h>
#include <sys/socketvar.h>
diff --git a/sys/netproto/smb/smb_subr.h b/sys/netproto/smb/smb_subr.h
index c64e213..7d188f6 100644
--- a/sys/netproto/smb/smb_subr.h
+++ b/sys/netproto/smb/smb_subr.h
@@ -74,7 +74,7 @@ void m_dumpm(struct mbuf *m);
SIGISMEMBER(set, SIGHUP) || SIGISMEMBER(set, SIGKILL) || \
SIGISMEMBER(set, SIGQUIT))
-#define smb_suser(cred) suser_cred(cred, 0)
+#define smb_suser(cred) priv_check_cred(cred, PRIV_ROOT, 0)
#include <sys/lock.h>
#include <sys/spinlock.h>
diff --git a/sys/platform/pc32/gnu/isa/dgb.c b/sys/platform/pc32/gnu/isa/dgb.c
index 196971c..9ad482a 100644
--- a/sys/platform/pc32/gnu/isa/dgb.c
+++ b/sys/platform/pc32/gnu/isa/dgb.c
@@ -52,6 +52,7 @@
#include <sys/systm.h>
#include <sys/tty.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/dkstat.h>
#include <sys/fcntl.h>
@@ -1020,7 +1021,7 @@ open_top:
goto open_top;
}
}
- if (tp->t_state & TS_XCLUDE && suser(td)) {
+ if (tp->t_state & TS_XCLUDE && priv_check(td, PRIV_ROOT)) {
error = EBUSY;
goto out;
}
@@ -1505,7 +1506,7 @@ dgbioctl(cdev_t dev, u_long cmd, caddr_t data, int flag, struct thread *td)
}
switch (cmd) {
case TIOCSETA:
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error != 0)
return (error);
*ct = *(struct termios *)data;
@@ -1727,7 +1728,7 @@ dgbioctl(cdev_t dev, u_long cmd, caddr_t data, int flag, struct thread *td)
break;
case TIOCMSDTRWAIT:
/* must be root since the wait applies to following logins */
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error != 0) {
crit_exit();
return (error);
diff --git a/sys/platform/pc32/i386/machdep.c b/sys/platform/pc32/i386/machdep.c
index dca29bc..4a90a14 100644
--- a/sys/platform/pc32/i386/machdep.c
+++ b/sys/platform/pc32/i386/machdep.c
@@ -64,6 +64,7 @@
#include <sys/linker.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/buf.h>
#include <sys/reboot.h>
#include <sys/mbuf.h>
@@ -2417,7 +2418,7 @@ set_dbregs(struct lwp *lp, struct dbreg *dbregs)
* from within kernel mode?
*/
- if (suser_cred(ucred, 0) != 0) {
+ if (priv_check_cred(ucred, PRIV_ROOT, 0) != 0) {
if (dbregs->dr7 & 0x3) {
/* dr0 is enabled */
if (dbregs->dr0 >= VM_MAX_USER_ADDRESS)
diff --git a/sys/platform/pc32/i386/sys_machdep.c b/sys/platform/pc32/i386/sys_machdep.c
index 5e649fe..a179d70 100644
--- a/sys/platform/pc32/i386/sys_machdep.c
+++ b/sys/platform/pc32/i386/sys_machdep.c
@@ -42,6 +42,7 @@
#include <sys/malloc.h>
#include <sys/thread.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/thread.h>
#include <sys/memrange.h>
@@ -173,7 +174,7 @@ ki386_set_ioperm(struct lwp *lp, char *args)
if ((error = copyin(args, &ua, sizeof(struct i386_ioperm_args))) != 0)
return (error);
- if ((error = suser_cred(lp->lwp_proc->p_ucred, 0)) != 0)
+ if ((error = priv_check_cred(lp->lwp_proc->p_ucred, PRIV_ROOT, 0)) != 0)
return (error);
if (securelevel > 0)
return (EPERM);
diff --git a/sys/platform/pc32/i386/vm86.c b/sys/platform/pc32/i386/vm86.c
index 9fd6659..1d88690 100644
--- a/sys/platform/pc32/i386/vm86.c
+++ b/sys/platform/pc32/i386/vm86.c
@@ -32,6 +32,7 @@
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/sysctl.h>
@@ -772,7 +773,7 @@ vm86_sysarch(struct lwp *lp, char *args)
case VM86_INTCALL: {
struct vm86_intcall_args sa;
- if ((error = suser_cred(lp->lwp_proc->p_ucred, 0)))
+ if ((error = priv_check_cred(lp->lwp_proc->p_ucred, PRIV_ROOT, 0)))
return (error);
if ((error = copyin(ua.sub_args, &sa, sizeof(sa))))
return (error);
diff --git a/sys/platform/pc64/amd64/machdep.c b/sys/platform/pc64/amd64/machdep.c
index 6065f0b..ba4a3e0 100644
--- a/sys/platform/pc64/amd64/machdep.c
+++ b/sys/platform/pc64/amd64/machdep.c
@@ -62,6 +62,7 @@
#include <sys/linker.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/buf.h>
#include <sys/reboot.h>
#include <sys/mbuf.h>
@@ -2238,7 +2239,7 @@ set_dbregs(struct lwp *lp, struct dbreg *dbregs)
* from within kernel mode?
*/
- if (suser_cred(ucred, 0) != 0) {
+ if (priv_check_cred(ucred, PRIV_ROOT, 0) != 0) {
#if JG
if (dbregs->dr7 & 0x3) {
/* dr0 is enabled */
diff --git a/sys/vfs/gnu/ext2fs/ext2_vfsops.c b/sys/vfs/gnu/ext2fs/ext2_vfsops.c
index eb4adf5..436736c 100644
--- a/sys/vfs/gnu/ext2fs/ext2_vfsops.c
+++ b/sys/vfs/gnu/ext2fs/ext2_vfsops.c
@@ -47,6 +47,7 @@
#include <sys/systm.h>
#include <sys/nlookup.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/kernel.h>
#include <sys/vnode.h>
#include <sys/mount.h>
@@ -169,7 +170,7 @@ ext2_quotactl(struct mount *mp, int cmds, uid_t uid, caddr_t arg,
break;
/* fall through */
default:
- if ((error = suser_cred(cred, PRISON_ROOT)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
}
diff --git a/sys/vfs/gnu/ext2fs/ext2_vnops.c b/sys/vfs/gnu/ext2fs/ext2_vnops.c
index 9db9c10..3b79b1d 100644
--- a/sys/vfs/gnu/ext2fs/ext2_vnops.c
+++ b/sys/vfs/gnu/ext2fs/ext2_vnops.c
@@ -59,6 +59,7 @@
#include <sys/buf.h>
#include <sys/stat.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/mount.h>
#include <sys/time.h>
#include <sys/vnode.h>
@@ -1202,7 +1203,7 @@ ext2_makeinode(int mode, struct vnode *dvp, struct vnode **vpp,
tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
ip->i_nlink = 1;
if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
- suser_cred(cnp->cn_cred, PRISON_ROOT))
+ priv_check_cred(cnp->cn_cred, PRIV_ROOT, PRISON_ROOT))
ip->i_mode &= ~ISGID;
if (cnp->cn_flags & CNP_ISWHITEOUT)
@@ -1479,7 +1480,7 @@ ext2_setattr(struct vop_setattr_args *ap)
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != ip->i_uid &&
- (error = suser_cred(cred, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
return (error);
/*
* Note that a root chflags becomes a user chflags when
@@ -1541,7 +1542,7 @@ ext2_setattr(struct vop_setattr_args *ap)
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != ip->i_uid &&
- (error = suser_cred(cred, PRISON_ROOT)) &&
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(vp, VWRITE, cred))))
return (error);
@@ -1583,7 +1584,7 @@ ext2_chmod(struct vnode *vp, int mode, struct ucred *cred)
int error;
if (cred->cr_uid != ip->i_uid) {
- error = suser_cred(cred, PRISON_ROOT);
+ error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT);
if (error)
return (error);
}
@@ -1627,7 +1628,7 @@ ext2_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred)
if ((cred->cr_uid != ip->i_uid || uid != ip->i_uid ||
(gid != ip->i_gid && !(cred->cr_gid == gid ||
groupmember((gid_t)gid, cred)))) &&
- (error = suser_cred(cred, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
return (error);
ogid = ip->i_gid;
ouid = ip->i_uid;
diff --git a/sys/vfs/hammer/hammer.h b/sys/vfs/hammer/hammer.h
index d1055c3..3c9c7b9 100644
--- a/sys/vfs/hammer/hammer.h
+++ b/sys/vfs/hammer/hammer.h
@@ -49,6 +49,7 @@
#include <sys/mountctl.h>
#include <sys/vnode.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/stat.h>
#include <sys/globaldata.h>
#include <sys/lockf.h>
diff --git a/sys/vfs/hammer/hammer_ioctl.c b/sys/vfs/hammer/hammer_ioctl.c
index f5dc870..42a6ea4 100644
--- a/sys/vfs/hammer/hammer_ioctl.c
+++ b/sys/vfs/hammer/hammer_ioctl.c
@@ -54,7 +54,7 @@ hammer_ioctl(hammer_inode_t ip, u_long com, caddr_t data, int fflag,
struct hammer_transaction trans;
int error;
- error = suser_cred(cred, PRISON_ROOT);
+ error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT);
hammer_start_transaction(&trans, ip->hmp);
diff --git a/sys/vfs/hpfs/hpfs_vnops.c b/sys/vfs/hpfs/hpfs_vnops.c
index b435139..08469b6 100644
--- a/sys/vfs/hpfs/hpfs_vnops.c
+++ b/sys/vfs/hpfs/hpfs_vnops.c
@@ -31,6 +31,7 @@
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/stat.h>
@@ -524,7 +525,7 @@ hpfs_setattr(struct vop_setattr_args *ap)
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != hp->h_uid &&
- (error = suser_cred(cred, PRISON_ROOT)) &&
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(vp, VWRITE, cred))))
return (error);
diff --git a/sys/vfs/isofs/cd9660/cd9660_vfsops.c b/sys/vfs/isofs/cd9660/cd9660_vfsops.c
index cc13d99..ebd8097 100644
--- a/sys/vfs/isofs/cd9660/cd9660_vfsops.c
+++ b/sys/vfs/isofs/cd9660/cd9660_vfsops.c
@@ -43,6 +43,7 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/nlookup.h>
#include <sys/kernel.h>
#include <sys/vnode.h>
@@ -231,7 +232,7 @@ cd9660_mount(struct mount *mp, char *path, caddr_t data, struct ucred *cred)
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
error = VOP_ACCESS(devvp, accessmode, cred);
if (error)
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error) {
vput(devvp);
return (error);
diff --git a/sys/vfs/msdosfs/msdosfs_vnops.c b/sys/vfs/msdosfs/msdosfs_vnops.c
index c5225f9..3a2127c 100644
--- a/sys/vfs/msdosfs/msdosfs_vnops.c
+++ b/sys/vfs/msdosfs/msdosfs_vnops.c
@@ -56,6 +56,7 @@
#include <sys/stat.h>
#include <sys/buf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/namei.h>
#include <sys/mount.h>
#include <sys/unistd.h>
@@ -415,7 +416,7 @@ msdosfs_setattr(struct vop_setattr_args *ap)
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != pmp->pm_uid &&
- (error = suser_cred(cred, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
return (error);
/*
* We are very inconsistent about handling unsupported
@@ -456,7 +457,7 @@ msdosfs_setattr(struct vop_setattr_args *ap)
gid = pmp->pm_gid;
if ((cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid ||
(gid != pmp->pm_gid && !groupmember(gid, cred))) &&
- (error = suser_cred(cred, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
return error;
if (uid != pmp->pm_uid || gid != pmp->pm_gid)
return EINVAL;
@@ -488,7 +489,7 @@ msdosfs_setattr(struct vop_setattr_args *ap)
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != pmp->pm_uid &&
- (error = suser_cred(cred, PRISON_ROOT)) &&
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(ap->a_vp, VWRITE, cred))))
return (error);
@@ -517,7 +518,7 @@ msdosfs_setattr(struct vop_setattr_args *ap)
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != pmp->pm_uid &&
- (error = suser_cred(cred, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
return (error);
if (vp->v_type != VDIR) {
/* We ignore the read and execute bits. */
diff --git a/sys/vfs/nfs/nfs_serv.c b/sys/vfs/nfs/nfs_serv.c
index 8a8f7d3..c56cc07 100644
--- a/sys/vfs/nfs/nfs_serv.c
+++ b/sys/vfs/nfs/nfs_serv.c
@@ -66,6 +66,7 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/nlookup.h>
#include <sys/namei.h>
#include <sys/unistd.h>
@@ -1692,7 +1693,7 @@ nfsrv_create(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
if (vap->va_type == VCHR && rdev == 0xffffffff)
vap->va_type = VFIFO;
if (vap->va_type != VFIFO &&
- (error = suser_cred(cred, 0))) {
+ (error = priv_check_cred(cred, PRIV_ROOT, 0))) {
goto nfsmreply0;
}
vap->va_rmajor = umajor(rdev);
@@ -1891,7 +1892,7 @@ nfsrv_mknod(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
vrele(dvp);
dvp = NULL;
} else {
- if (vtyp != VFIFO && (error = suser_cred(cred, 0)))
+ if (vtyp != VFIFO && (error = priv_check_cred(cred, PRIV_ROOT, 0)))
goto out;
vn_unlock(dvp);
diff --git a/sys/vfs/nfs/nfs_syscalls.c b/sys/vfs/nfs/nfs_syscalls.c
index 1e14b61..ef361d2 100644
--- a/sys/vfs/nfs/nfs_syscalls.c
+++ b/sys/vfs/nfs/nfs_syscalls.c
@@ -49,6 +49,7 @@
#include <sys/malloc.h>
#include <sys/mount.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/buf.h>
#include <sys/mbuf.h>
#include <sys/resourcevar.h>
@@ -152,7 +153,7 @@ sys_nfssvc(struct nfssvc_args *uap)
/*
* Must be super user
*/
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if(error)
return (error);
KKASSERT(td->td_proc); /* for ucred and p_fd */
diff --git a/sys/vfs/procfs/procfs.h b/sys/vfs/procfs/procfs.h
index 2d565ed..6602700 100644
--- a/sys/vfs/procfs/procfs.h
+++ b/sys/vfs/procfs/procfs.h
@@ -99,7 +99,7 @@ struct pfsnode {
((p1)->p_ucred->cr_ruid == (p2)->p_ucred->cr_ruid) && \
((p1)->p_ucred->cr_svuid == (p2)->p_ucred->cr_ruid) && \
((p2)->p_flag & (P_SUGID|P_INEXEC)) == 0) || \
- (suser_cred((p1)->p_ucred, PRISON_ROOT) == 0))
+ (priv_check_cred((p1)->p_ucred, PRIV_ROOT, PRISON_ROOT) == 0))
/*
* Convert between pfsnode vnode
diff --git a/sys/vfs/procfs/procfs_vnops.c b/sys/vfs/procfs/procfs_vnops.c
index 6da9a4a..d7b26c0 100644
--- a/sys/vfs/procfs/procfs_vnops.c
+++ b/sys/vfs/procfs/procfs_vnops.c
@@ -51,6 +51,7 @@
#include <sys/lock.h>
#include <sys/fcntl.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/signalvar.h>
#include <sys/vnode.h>
#include <sys/uio.h>
@@ -290,7 +291,7 @@ procfs_ioctl(struct vop_ioctl_args *ap)
*/
#define NFLAGS (PF_ISUGID)
flags = (unsigned char)*(unsigned int*)ap->a_data;
- if (flags & NFLAGS && (error = suser_cred(ap->a_cred, 0)))
+ if (flags & NFLAGS && (error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)))
return error;
procp->p_pfsflags = flags;
break;
diff --git a/sys/vfs/smbfs/smbfs_vnops.c b/sys/vfs/smbfs/smbfs_vnops.c
index 4138e8e..e3a5068 100644
--- a/sys/vfs/smbfs/smbfs_vnops.c
+++ b/sys/vfs/smbfs/smbfs_vnops.c
@@ -36,6 +36,7 @@
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/namei.h>
#include <sys/fcntl.h>
#include <sys/mount.h>
@@ -365,7 +366,7 @@ smbfs_setattr(struct vop_setattr_args *ap)
atime = &vap->va_atime;
if (mtime != atime) {
if (ap->a_cred->cr_uid != VTOSMBFS(vp)->sm_args.uid &&
- (error = suser_cred(ap->a_cred, PRISON_ROOT)) &&
+ (error = priv_check_cred(ap->a_cred, PRIV_ROOT, PRISON_ROOT)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(vp, VWRITE, ap->a_cred))))
return (error);
diff --git a/sys/vfs/udf/udf_vfsops.c b/sys/vfs/udf/udf_vfsops.c
index a00c9ed..a36021b 100644
--- a/sys/vfs/udf/udf_vfsops.c
+++ b/sys/vfs/udf/udf_vfsops.c
@@ -85,6 +85,7 @@
#include <sys/mount.h>
#include <sys/nlookup.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/queue.h>
#include <sys/vnode.h>
@@ -174,7 +175,7 @@ udf_mount(struct mount *mp, char *path, caddr_t data, struct ucred *cred)
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
error = VOP_ACCESS(devvp, VREAD, cred);
if (error)
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error) {
vput(devvp);
return(error);
diff --git a/sys/vfs/ufs/ufs_vfsops.c b/sys/vfs/ufs/ufs_vfsops.c
index f9de890..0a2b00a 100644
--- a/sys/vfs/ufs/ufs_vfsops.c
+++ b/sys/vfs/ufs/ufs_vfsops.c
@@ -46,6 +46,7 @@
#include <sys/kernel.h>
#include <sys/mount.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/malloc.h>
#include <sys/vnode.h>
@@ -107,7 +108,7 @@ ufs_quotactl(struct mount *mp, int cmds, uid_t uid, caddr_t arg,
break;
/* fall through */
default:
- if ((error = suser_cred(cred, PRISON_ROOT)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
}
diff --git a/sys/vfs/ufs/ufs_vnops.c b/sys/vfs/ufs/ufs_vnops.c
index b73b016..bfcf178 100644
--- a/sys/vfs/ufs/ufs_vnops.c
+++ b/sys/vfs/ufs/ufs_vnops.c
@@ -51,6 +51,7 @@
#include <sys/stat.h>
#include <sys/buf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/namei.h>
#include <sys/mount.h>
#include <sys/unistd.h>
@@ -472,7 +473,7 @@ ufs_setattr(struct vop_setattr_args *ap)
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != ip->i_uid &&
- (error = suser_cred(cred, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
return (error);
/*
* Note that a root chflags becomes a user chflags when
@@ -534,7 +535,7 @@ ufs_setattr(struct vop_setattr_args *ap)
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != ip->i_uid &&
- (error = suser_cred(cred, PRISON_ROOT)) &&
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(vp, VWRITE, cred))))
return (error);
@@ -576,7 +577,7 @@ ufs_chmod(struct vnode *vp, int mode, struct ucred *cred)
int error;
if (cred->cr_uid != ip->i_uid) {
- error = suser_cred(cred, PRISON_ROOT);
+ error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT);
if (error)
return (error);
}
@@ -620,7 +621,7 @@ ufs_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred)
if ((cred->cr_uid != ip->i_uid || uid != ip->i_uid ||
(gid != ip->i_gid && !(cred->cr_gid == gid ||
groupmember((gid_t)gid, cred)))) &&
- (error = suser_cred(cred, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
return (error);
ogid = ip->i_gid;
ouid = ip->i_uid;
@@ -2189,7 +2190,7 @@ ufs_makeinode(int mode, struct vnode *dvp, struct vnode **vpp,
if (DOINGSOFTDEP(tvp))
softdep_change_linkcnt(ip);
if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
- suser_cred(cnp->cn_cred, 0)) {
+ priv_check_cred(cnp->cn_cred, PRIV_ROOT, 0)) {
ip->i_mode &= ~ISGID;
}
diff --git a/sys/vm/vm_mmap.c b/sys/vm/vm_mmap.c
index 758d844..cfe56ef 100644
--- a/sys/vm/vm_mmap.c
+++ b/sys/vm/vm_mmap.c
@@ -53,6 +53,7 @@
#include <sys/filedesc.h>
#include <sys/kern_syscall.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/resource.h>
#include <sys/resourcevar.h>
#include <sys/vnode.h>
@@ -332,7 +333,7 @@ kern_mmap(struct vmspace *vms, caddr_t uaddr, size_t ulen,
if (securelevel >= 1)
disablexworkaround = 1;
else
- disablexworkaround = suser(td);
+ disablexworkaround = priv_check(td, PRIV_ROOT);
if (vp->v_type == VCHR && disablexworkaround &&
(flags & (MAP_PRIVATE|MAP_COPY))) {
error = EINVAL;
@@ -909,7 +910,7 @@ sys_mlock(struct mlock_args *uap)
p->p_rlimit[RLIMIT_MEMLOCK].rlim_cur)
return (ENOMEM);
#else
- error = suser_cred(p->p_ucred, 0);
+ error = priv_check_cred(p->p_ucred, PRIV_ROOT, 0);
if (error)
return (error);
#endif
@@ -961,7 +962,7 @@ sys_munlock(struct munlock_args *uap)
return (EINVAL);
#ifndef pmap_wired_count
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
#endif
diff --git a/sys/vm/vm_swap.c b/sys/vm/vm_swap.c
index 10c29f2..4bbc472 100644
--- a/sys/vm/vm_swap.c
+++ b/sys/vm/vm_swap.c
@@ -42,6 +42,7 @@
#include <sys/sysproto.h>
#include <sys/buf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/nlookup.h>
#include <sys/dmap.h> /* XXX */
#include <sys/vnode.h>
@@ -183,7 +184,7 @@ sys_swapon(struct swapon_args *uap)
KKASSERT(td->td_proc);
cred = td->td_proc->p_ucred;
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
commit 9da9ad534cdad16661a7143ec63b3f70574b76d5
Author: Michael Neumann <mneumann@ntecs.de>
Date: Mon Dec 15 01:09:25 2008 +0000
Implement priv_check() and priv_check_cred()
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 6ec0fe8..bcf03ff 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -861,6 +861,28 @@ suser_cred(struct ucred *cred, int flag)
}
/*
+ * Check for privilege.
+ *
+ * YYY: For now this is just a wrapper calling suser().
+ */
+int
+priv_check(struct thread *td, int priv)
+{
+ return suser(td);
+}
+
+/*
+ * Check a credential for privilege.
+ *
+ * YYY: For now this is just a wrapper calling suser_cred().
+ */
+int
+priv_check_cred(struct ucred *cred, int priv, int flags)
+{
+ return suser_cred(cred, flags);
+}
+
+/*
* Return zero if p1 can fondle p2, return errno (EPERM/ESRCH) otherwise.
*/
int
commit 535425c00eedd2d8d51e03cbd4696e6efde078bf
Author: Michael Neumann <mneumann@ntecs.de>
Date: Mon Dec 15 00:57:45 2008 +0000
Import sys/priv.h (rev 1.25) from FreeBSD
diff --git a/sys/sys/priv.h b/sys/sys/priv.h
new file mode 100644
index 0000000..1d19441
--- /dev/null
+++ b/sys/sys/priv.h
@@ -0,0 +1,490 @@
+/*-
+ * Copyright (c) 2006 nCircle Network Security, Inc.
+ * All rights reserved.
+ *
+ * This software was developed by Robert N. M. Watson for the TrustedBSD
+ * Project under contract to nCircle Network Security, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY,
+ * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $FreeBSD: src/sys/sys/priv.h,v 1.25 2008/11/17 20:49:29 pjd Exp $
+ */
+
+/*
+ * Privilege checking interface for BSD kernel.
+ */
+#ifndef _SYS_PRIV_H_
+#define _SYS_PRIV_H_
+
+/*
+ * Privilege list, sorted loosely by kernel subsystem.
+ *
+ * Think carefully before adding or reusing one of these privileges -- are
+ * there existing instances referring to the same privilege? Third party
+ * vendors may request the assignment of privileges to be used in loadable
+ * modules. Particular numeric privilege assignments are part of the
+ * loadable kernel module ABI, and should not be changed across minor
+ * releases.
+ *
+ * When adding a new privilege, remember to determine if it's appropriate for
+ * use in jail, and update the privilege switch in kern_jail.c as necessary.
+ */
+
+/*
+ * Track beginning of privilege list.
+ */
+#define _PRIV_LOWEST 0
+
+/*
+ * PRIV_ROOT is a catch-all for as yet unnamed privileges. No new
+ * references to this privilege should be added.
+ */
+#define PRIV_ROOT 1 /* Catch-all during development. */
+
+/*
+ * The remaining privileges typically correspond to one or a small
+ * number of specific privilege checks, and have (relatively) precise
+ * meanings. They are loosely sorted into a set of base system
+ * privileges, such as the ability to reboot, and then loosely by
+ * subsystem, indicated by a subsystem name.
+ */
+#define PRIV_ACCT 2 /* Manage process accounting. */
+#define PRIV_MAXFILES 3 /* Exceed system open files limit. */
+#define PRIV_MAXPROC 4 /* Exceed system processes limit. */
+#define PRIV_KTRACE 5 /* Set/clear KTRFAC_ROOT on ktrace. */
+#define PRIV_SETDUMPER 6 /* Configure dump device. */
+#define PRIV_REBOOT 8 /* Can reboot system. */
+#define PRIV_SWAPON 9 /* Can swapon(). */
+#define PRIV_SWAPOFF 10 /* Can swapoff(). */
+#define PRIV_MSGBUF 11 /* Can read kernel message buffer. */
+#define PRIV_IO 12 /* Can perform low-level I/O. */
+#define PRIV_KEYBOARD 13 /* Reprogram keyboard. */
+#define PRIV_DRIVER 14 /* Low-level driver privilege. */
+#define PRIV_ADJTIME 15 /* Set time adjustment. */
+#define PRIV_NTP_ADJTIME 16 /* Set NTP time adjustment. */
+#define PRIV_CLOCK_SETTIME 17 /* Can call clock_settime. */
+#define PRIV_SETTIMEOFDAY 18 /* Can call settimeofday. */
+#define PRIV_SETHOSTID 19 /* Can call sethostid. */
+#define _PRIV_SETDOMAINNAME 20 /* Removed. */
+
+/*
+ * Audit subsystem privileges.
+ */
+#define PRIV_AUDIT_CONTROL 40 /* Can configure audit. */
+#define PRIV_AUDIT_FAILSTOP 41 /* Can run during audit fail stop. */
+#define PRIV_AUDIT_GETAUDIT 42 /* Can get proc audit properties. */
+#define PRIV_AUDIT_SETAUDIT 43 /* Can set proc audit properties. */
+#define PRIV_AUDIT_SUBMIT 44 /* Can submit an audit record. */
+
+/*
+ * Credential management privileges.
+ */
+#define PRIV_CRED_SETUID 50 /* setuid. */
+#define PRIV_CRED_SETEUID 51 /* seteuid to !ruid and !svuid. */
+#define PRIV_CRED_SETGID 52 /* setgid. */
+#define PRIV_CRED_SETEGID 53 /* setgid to !rgid and !svgid. */
+#define PRIV_CRED_SETGROUPS 54 /* Set process additional groups. */
+#define PRIV_CRED_SETREUID 55 /* setreuid. */
+#define PRIV_CRED_SETREGID 56 /* setregid. */
+#define PRIV_CRED_SETRESUID 57 /* setresuid. */
+#define PRIV_CRED_SETRESGID 58 /* setresgid. */
+#define PRIV_SEEOTHERGIDS 59 /* Exempt bsd.seeothergids. */
+#define PRIV_SEEOTHERUIDS 60 /* Exempt bsd.seeotheruids. */
+
+/*
+ * Debugging privileges.
+ */
+#define PRIV_DEBUG_DIFFCRED 80 /* Exempt debugging other users. */
+#define PRIV_DEBUG_SUGID 81 /* Exempt debugging setuid proc. */
+#define PRIV_DEBUG_UNPRIV 82 /* Exempt unprivileged debug limit. */
+
+/*
+ * Dtrace privileges.
+ */
+#define PRIV_DTRACE_KERNEL 90 /* Allow use of DTrace on the kernel. */
+#define PRIV_DTRACE_PROC 91 /* Allow attaching DTrace to process. */
+#define PRIV_DTRACE_USER 92 /* Process may submit DTrace events. */
+
+/*
+ * Firmware privilegs.
+ */
+#define PRIV_FIRMWARE_LOAD 100 /* Can load firmware. */
+
+/*
+ * Jail privileges.
+ */
+#define PRIV_JAIL_ATTACH 110 /* Attach to a jail. */
+
+/*
+ * Kernel environment priveleges.
+ */
+#define PRIV_KENV_SET 120 /* Set kernel env. variables. */
+#define PRIV_KENV_UNSET 121 /* Unset kernel env. variables. */
+
+/*
+ * Loadable kernel module privileges.
+ */
+#define PRIV_KLD_LOAD 130 /* Load a kernel module. */
+#define PRIV_KLD_UNLOAD 131 /* Unload a kernel module. */
+
+/*
+ * Privileges associated with the MAC Framework and specific MAC policy
+ * modules.
+ */
+#define PRIV_MAC_PARTITION 140 /* Privilege in mac_partition policy. */
+#define PRIV_MAC_PRIVS 141 /* Privilege in the mac_privs policy. */
+
+/*
+ * Process-related privileges.
+ */
+#define PRIV_PROC_LIMIT 160 /* Exceed user process limit. */
+#define PRIV_PROC_SETLOGIN 161 /* Can call setlogin. */
+#define PRIV_PROC_SETRLIMIT 162 /* Can raise resources limits. */
+
+/* System V IPC privileges.
+ */
+#define PRIV_IPC_READ 170 /* Can override IPC read perm. */
+#define PRIV_IPC_WRITE 171 /* Can override IPC write perm. */
+#define PRIV_IPC_ADMIN 172 /* Can override IPC owner-only perm. */
+#define PRIV_IPC_MSGSIZE 173 /* Exempt IPC message queue limit. */
+
+/*
+ * POSIX message queue privileges.
+ */
+#define PRIV_MQ_ADMIN 180 /* Can override msgq owner-only perm. */
+
+/*
+ * Performance monitoring counter privileges.
+ */
+#define PRIV_PMC_MANAGE 190 /* Can administer PMC. */
+#define PRIV_PMC_SYSTEM 191 /* Can allocate a system-wide PMC. */
+
+/*
+ * Scheduling privileges.
+ */
+#define PRIV_SCHED_DIFFCRED 200 /* Exempt scheduling other users. */
+#define PRIV_SCHED_SETPRIORITY 201 /* Can set lower nice value for proc. */
+#define PRIV_SCHED_RTPRIO 202 /* Can set real time scheduling. */
+#define PRIV_SCHED_SETPOLICY 203 /* Can set scheduler policy. */
+#define PRIV_SCHED_SET 204 /* Can set thread scheduler. */
+#define PRIV_SCHED_SETPARAM 205 /* Can set thread scheduler params. */
+#define PRIV_SCHED_CPUSET 206 /* Can manipulate cpusets. */
+
+/*
+ * POSIX semaphore privileges.
+ */
+#define PRIV_SEM_WRITE 220 /* Can override sem write perm. */
+
+/*
+ * Signal privileges.
+ */
+#define PRIV_SIGNAL_DIFFCRED 230 /* Exempt signalling other users. */
+#define PRIV_SIGNAL_SUGID 231 /* Non-conserv signal setuid proc. */
+
+/*
+ * Sysctl privileges.
+ */
+#define PRIV_SYSCTL_DEBUG 240 /* Can invoke sysctl.debug. */
+#define PRIV_SYSCTL_WRITE 241 /* Can write sysctls. */
+#define PRIV_SYSCTL_WRITEJAIL 242 /* Can write sysctls, jail permitted. */
+
+/*
+ * TTY privileges.
+ */
+#define PRIV_TTY_CONSOLE 250 /* Set console to tty. */
+#define PRIV_TTY_DRAINWAIT 251 /* Set tty drain wait time. */
+#define PRIV_TTY_DTRWAIT 252 /* Set DTR wait on tty. */
+#define PRIV_TTY_EXCLUSIVE 253 /* Override tty exclusive flag. */
+#define PRIV_TTY_PRISON 254 /* Can open pts across jails. */
+#define PRIV_TTY_STI 255 /* Simulate input on another tty. */
+#define PRIV_TTY_SETA 256 /* Set tty termios structure. */
+
+/*
+ * UFS-specific privileges.
+ */
+#define PRIV_UFS_EXTATTRCTL 270 /* Can configure EAs on UFS1. */
+#define PRIV_UFS_QUOTAOFF 271 /* quotaoff(). */
+#define PRIV_UFS_QUOTAON 272 /* quotaon(). */
+#define PRIV_UFS_SETUSE 273 /* setuse(). */
+
+/*
+ * ZFS-specific privileges.
+ */
+#define PRIV_ZFS_POOL_CONFIG 280 /* Can configure ZFS pools. */
+#define PRIV_ZFS_INJECT 281 /* Can inject faults in the ZFS fault
+ injection framework. */
+#define PRIV_ZFS_JAIL 282 /* Can attach/detach ZFS file systems
+ to/from jails. */
+
+/*
+ * NFS-specific privileges.
+ */
+#define PRIV_NFS_DAEMON 290 /* Can become the NFS daemon. */
+#define PRIV_NFS_LOCKD 291 /* Can become NFS lock daemon. */
+
+/*
+ * VFS privileges.
+ */
+#define PRIV_VFS_READ 310 /* Override vnode DAC read perm. */
+#define PRIV_VFS_WRITE 311 /* Override vnode DAC write perm. */
+#define PRIV_VFS_ADMIN 312 /* Override vnode DAC admin perm. */
+#define PRIV_VFS_EXEC 313 /* Override vnode DAC exec perm. */
+#define PRIV_VFS_LOOKUP 314 /* Override vnode DAC lookup perm. */
+#define PRIV_VFS_BLOCKRESERVE 315 /* Can use free block reserve. */
+#define PRIV_VFS_CHFLAGS_DEV 316 /* Can chflags() a device node. */
+#define PRIV_VFS_CHOWN 317 /* Can set user; group to non-member. */
+#define PRIV_VFS_CHROOT 318 /* chroot(). */
+#define PRIV_VFS_RETAINSUGID 319 /* Can retain sugid bits on change. */
+#define PRIV_VFS_EXCEEDQUOTA 320 /* Exempt from quota restrictions. */
+#define PRIV_VFS_EXTATTR_SYSTEM 321 /* Operate on system EA namespace. */
+#define PRIV_VFS_FCHROOT 322 /* fchroot(). */
+#define PRIV_VFS_FHOPEN 323 /* Can fhopen(). */
+#define PRIV_VFS_FHSTAT 324 /* Can fhstat(). */
+#define PRIV_VFS_FHSTATFS 325 /* Can fhstatfs(). */
+#define PRIV_VFS_GENERATION 326 /* stat() returns generation number. */
+#define PRIV_VFS_GETFH 327 /* Can retrieve file handles. */
+#define PRIV_VFS_GETQUOTA 328 /* getquota(). */
+#define PRIV_VFS_LINK 329 /* bsd.hardlink_check_uid */
+#define PRIV_VFS_MKNOD_BAD 330 /* Can mknod() to mark bad inodes. */
+#define PRIV_VFS_MKNOD_DEV 331 /* Can mknod() to create dev nodes. */
+#define PRIV_VFS_MKNOD_WHT 332 /* Can mknod() to create whiteout. */
+#define PRIV_VFS_MOUNT 333 /* Can mount(). */
+#define PRIV_VFS_MOUNT_OWNER 334 /* Can manage other users' file systems. */
+#define PRIV_VFS_MOUNT_EXPORTED 335 /* Can set MNT_EXPORTED on mount. */
+#define PRIV_VFS_MOUNT_PERM 336 /* Override dev node perms at mount. */
+#define PRIV_VFS_MOUNT_SUIDDIR 337 /* Can set MNT_SUIDDIR on mount. */
+#define PRIV_VFS_MOUNT_NONUSER 338 /* Can perform a non-user mount. */
+#define PRIV_VFS_SETGID 339 /* Can setgid if not in group. */
+#define PRIV_VFS_SETQUOTA 340 /* setquota(). */
+#define PRIV_VFS_STICKYFILE 341 /* Can set sticky bit on file. */
+#define PRIV_VFS_SYSFLAGS 342 /* Can modify system flags. */
+#define PRIV_VFS_UNMOUNT 343 /* Can unmount(). */
+#define PRIV_VFS_STAT 344 /* Override vnode MAC stat perm. */
+
+/*
+ * Virtual memory privileges.
+ */
+#define PRIV_VM_MADV_PROTECT 360 /* Can set MADV_PROTECT. */
+#define PRIV_VM_MLOCK 361 /* Can mlock(), mlockall(). */
+#define PRIV_VM_MUNLOCK 362 /* Can munlock(), munlockall(). */
+
+/*
+ * Device file system privileges.
+ */
+#define PRIV_DEVFS_RULE 370 /* Can manage devfs rules. */
+#define PRIV_DEVFS_SYMLINK 371 /* Can create symlinks in devfs. */
+
+/*
+ * Random number generator privileges.
+ */
+#define PRIV_RANDOM_RESEED 380 /* Closing /dev/random reseeds. */
+
+/*
+ * Network stack privileges.
+ */
+#define PRIV_NET_BRIDGE 390 /* Administer bridge. */
+#define PRIV_NET_GRE 391 /* Administer GRE. */
+#define PRIV_NET_PPP 392 /* Administer PPP. */
+#define PRIV_NET_SLIP 393 /* Administer SLIP. */
+#define PRIV_NET_BPF 394 /* Monitor BPF. */
+#define PRIV_NET_RAW 395 /* Open raw socket. */
+#define PRIV_NET_ROUTE 396 /* Administer routing. */
+#define PRIV_NET_TAP 397 /* Can open tap device. */
+#define PRIV_NET_SETIFMTU 398 /* Set interface MTU. */
+#define PRIV_NET_SETIFFLAGS 399 /* Set interface flags. */
+#define PRIV_NET_SETIFCAP 400 /* Set interface capabilities. */
+#define PRIV_NET_SETIFNAME 401 /* Set interface name. */
+#define PRIV_NET_SETIFMETRIC 402 /* Set interface metrics. */
+#define PRIV_NET_SETIFPHYS 403 /* Set interface physical layer prop. */
+#define PRIV_NET_SETIFMAC 404 /* Set interface MAC label. */
+#define PRIV_NET_ADDMULTI 405 /* Add multicast addr. to ifnet. */
+#define PRIV_NET_DELMULTI 406 /* Delete multicast addr. from ifnet. */
+#define PRIV_NET_HWIOCTL 407 /* Issue hardware ioctl on ifnet. */
+#define PRIV_NET_SETLLADDR 408 /* Set interface link-level address. */
+#define PRIV_NET_ADDIFGROUP 409 /* Add new interface group. */
+#define PRIV_NET_DELIFGROUP 410 /* Delete interface group. */
+#define PRIV_NET_IFCREATE 411 /* Create cloned interface. */
+#define PRIV_NET_IFDESTROY 412 /* Destroy cloned interface. */
+#define PRIV_NET_ADDIFADDR 413 /* Add protocol addr to interface. */
+#define PRIV_NET_DELIFADDR 414 /* Delete protocol addr on interface. */
+#define PRIV_NET_LAGG 415 /* Administer lagg interface. */
+
+/*
+ * 802.11-related privileges.
+ */
+#define PRIV_NET80211_GETKEY 440 /* Query 802.11 keys. */
+#define PRIV_NET80211_MANAGE 441 /* Administer 802.11. */
+
+/*
+ * AppleTalk privileges.
+ */
+#define PRIV_NETATALK_RESERVEDPORT 450 /* Bind low port number. */
+
+/*
+ * ATM privileges.
+ */
+#define PRIV_NETATM_CFG 460
+#define PRIV_NETATM_ADD 461
+#define PRIV_NETATM_DEL 462
+#define PRIV_NETATM_SET 463
+
+/*
+ * Bluetooth privileges.
+ */
+#define PRIV_NETBLUETOOTH_RAW 470 /* Open raw bluetooth socket. */
+
+/*
+ * Netgraph and netgraph module privileges.
+ */
+#define PRIV_NETGRAPH_CONTROL 480 /* Open netgraph control socket. */
+#define PRIV_NETGRAPH_TTY 481 /* Configure tty for netgraph. */
+
+/*
+ * IPv4 and IPv6 privileges.
+ */
+#define PRIV_NETINET_RESERVEDPORT 490 /* Bind low port number. */
+#define PRIV_NETINET_IPFW 491 /* Administer IPFW firewall. */
+#define PRIV_NETINET_DIVERT 492 /* Open IP divert socket. */
+#define PRIV_NETINET_PF 493 /* Administer pf firewall. */
+#define PRIV_NETINET_DUMMYNET 494 /* Administer DUMMYNET. */
+#define PRIV_NETINET_CARP 495 /* Administer CARP. */
+#define PRIV_NETINET_MROUTE 496 /* Administer multicast routing. */
+#define PRIV_NETINET_RAW 497 /* Open netinet raw socket. */
+#define PRIV_NETINET_GETCRED 498 /* Query netinet pcb credentials. */
+#define PRIV_NETINET_ADDRCTRL6 499 /* Administer IPv6 address scopes. */
+#define PRIV_NETINET_ND6 500 /* Administer IPv6 neighbor disc. */
+#define PRIV_NETINET_SCOPE6 501 /* Administer IPv6 address scopes. */
+#define PRIV_NETINET_ALIFETIME6 502 /* Administer IPv6 address lifetimes. */
+#define PRIV_NETINET_IPSEC 503 /* Administer IPSEC. */
+#define PRIV_NETINET_REUSEPORT 504 /* Allow [rapid] port/address reuse. */
+#define PRIV_NETINET_SETHDROPTS 505 /* Set certain IPv4/6 header options. */
+
+/*
+ * IPX/SPX privileges.
+ */
+#define PRIV_NETIPX_RESERVEDPORT 520 /* Bind low port number. */
+#define PRIV_NETIPX_RAW 521 /* Open netipx raw socket. */
+
+/*
+ * NCP privileges.
+ */
+#define PRIV_NETNCP 530 /* Use another user's connection. */
+
+/*
+ * SMB privileges.
+ */
+#define PRIV_NETSMB 540 /* Use another user's connection. */
+
+/*
+ * VM86 privileges.
+ */
+#define PRIV_VM86_INTCALL 550 /* Allow invoking vm86 int handlers. */
+
+/*
+ * Set of reserved privilege values, which will be allocated to code as
+ * needed, in order to avoid renumbering later privileges due to insertion.
+ */
+#define _PRIV_RESERVED0 560
+#define _PRIV_RESERVED1 561
+#define _PRIV_RESERVED2 562
+#define _PRIV_RESERVED3 563
+#define _PRIV_RESERVED4 564
+#define _PRIV_RESERVED5 565
+#define _PRIV_RESERVED6 566
+#define _PRIV_RESERVED7 567
+#define _PRIV_RESERVED8 568
+#define _PRIV_RESERVED9 569
+#define _PRIV_RESERVED10 570
+#define _PRIV_RESERVED11 571
+#define _PRIV_RESERVED12 572
+#define _PRIV_RESERVED13 573
+#define _PRIV_RESERVED14 574
+#define _PRIV_RESERVED15 575
+
+/*
+ * Define a set of valid privilege numbers that can be used by loadable
+ * modules that don't yet have privilege reservations. Ideally, these should
+ * not be used, since their meaning is opaque to any policies that are aware
+ * of specific privileges, such as jail, and as such may be arbitrarily
+ * denied.
+ */
+#define PRIV_MODULE0 600
+#define PRIV_MODULE1 601
+#define PRIV_MODULE2 602
+#define PRIV_MODULE3 603
+#define PRIV_MODULE4 604
+#define PRIV_MODULE5 605
+#define PRIV_MODULE6 606
+#define PRIV_MODULE7 607
+#define PRIV_MODULE8 608
+#define PRIV_MODULE9 609
+#define PRIV_MODULE10 610
+#define PRIV_MODULE11 611
+#define PRIV_MODULE12 612
+#define PRIV_MODULE13 613
+#define PRIV_MODULE14 614
+#define PRIV_MODULE15 615
+
+/*
+ * DDB(4) privileges.
+ */
+#define PRIV_DDB_CAPTURE 620 /* Allow reading of DDB capture log. */
+
+/*
+ * Arla/nnpfs privileges.
+ */
+#define PRIV_NNPFS_DEBUG 630 /* Perforn ARLA_VIOC_NNPFSDEBUG. */
+
+/*
+ * cpuctl(4) privileges.
+ */
+#define PRIV_CPUCTL_WRMSR 640 /* Write model-specific register. */
+#define PRIV_CPUCTL_UPDATE 641 /* Update cpu microcode. */
+
+/*
+ * Track end of privilege list.
+ */
+#define _PRIV_HIGHEST 642
+
+/*
+ * Validate that a named privilege is known by the privilege system. Invalid
+ * privileges presented to the privilege system by a priv_check interface
+ * will result in a panic. This is only approximate due to sparse allocation
+ * of the privilege space.
+ */
+#define PRIV_VALID(x) ((x) > _PRIV_LOWEST && (x) < _PRIV_HIGHEST)
+
+#ifdef _KERNEL
+/*
+ * Privilege check interfaces, modeled after historic suser() interfacs, but
+ * with the addition of a specific privilege name. No flags are currently
+ * defined for the API. Historically, flags specified using the real uid
+ * instead of the effective uid, and whether or not the check should be
+ * allowed in jail.
+ */
+struct thread;
+struct ucred;
+int priv_check(struct thread *td, int priv);
+int priv_check_cred(struct ucred *cred, int priv, int flags);
+#endif
+
+#endif /* !_SYS_PRIV_H_ */
- Follow-Ups:
- Re: suser to priv conversion patch
- From: Michael Neumann <mneumann@ntecs.de>
- Re: suser to priv conversion patch
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]