kernel - misc MPSAFe work
[dragonfly.git] / sys / kern / kern_prot.c
CommitLineData
984263bc
MD
1/*
2 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by the University of
21 * California, Berkeley and its contributors.
22 * 4. Neither the name of the University nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 *
38 * @(#)kern_prot.c 8.6 (Berkeley) 1/21/94
39 * $FreeBSD: src/sys/kern/kern_prot.c,v 1.53.2.9 2002/03/09 05:20:26 dd Exp $
420eedf5 40 * $DragonFly: src/sys/kern/kern_prot.c,v 1.29 2008/02/16 15:53:39 matthias Exp $
984263bc
MD
41 */
42
43/*
44 * System calls related to processes and protection
45 */
46
47#include "opt_compat.h"
48
49#include <sys/param.h>
50#include <sys/acct.h>
51#include <sys/systm.h>
52#include <sys/sysproto.h>
53#include <sys/kernel.h>
3b564f1f 54#include <sys/lock.h>
984263bc 55#include <sys/proc.h>
28eeae89 56#include <sys/priv.h>
984263bc
MD
57#include <sys/malloc.h>
58#include <sys/pioctl.h>
59#include <sys/resourcevar.h>
41c20dac 60#include <sys/jail.h>
508ceb09 61#include <sys/lockf.h>
d9b2033e
MD
62#include <sys/spinlock.h>
63
64#include <sys/thread2.h>
65#include <sys/spinlock2.h>
684a93c4 66#include <sys/mplock2.h>
984263bc
MD
67
68static MALLOC_DEFINE(M_CRED, "cred", "credentials");
69
984263bc 70/*
3919ced0 71 * MPALMOSTSAFE
984263bc 72 */
984263bc 73int
753fd850 74sys_getpid(struct getpid_args *uap)
984263bc 75{
41c20dac 76 struct proc *p = curproc;
984263bc 77
c7114eea 78 uap->sysmsg_fds[0] = p->p_pid;
984263bc 79#if defined(COMPAT_43) || defined(COMPAT_SUNOS)
3919ced0 80 get_mplock();
c7114eea 81 uap->sysmsg_fds[1] = p->p_pptr->p_pid;
3919ced0 82 rel_mplock();
984263bc
MD
83#endif
84 return (0);
85}
86
3919ced0
MD
87/*
88 * MPALMOSTSAFE
89 */
984263bc 90int
753fd850 91sys_getppid(struct getppid_args *uap)
984263bc 92{
41c20dac 93 struct proc *p = curproc;
984263bc 94
3919ced0 95 get_mplock();
c7114eea 96 uap->sysmsg_result = p->p_pptr->p_pid;
3919ced0
MD
97 rel_mplock();
98
984263bc 99 return (0);
f9366a82
SS
100}
101
3919ced0
MD
102/*
103 * MPSAFE
104 */
f9366a82
SS
105int
106sys_lwp_gettid(struct lwp_gettid_args *uap)
107{
108 struct lwp *lp = curthread->td_lwp;
109
110 uap->sysmsg_result = lp->lwp_tid;
111 return (0);
984263bc
MD
112}
113
114/*
115 * Get process group ID; note that POSIX getpgrp takes no parameter
116 *
3919ced0 117 * MPSAFE XXX pgrp
984263bc 118 */
984263bc 119int
753fd850 120sys_getpgrp(struct getpgrp_args *uap)
984263bc 121{
41c20dac 122 struct proc *p = curproc;
984263bc 123
c7114eea 124 uap->sysmsg_result = p->p_pgrp->pg_id;
984263bc
MD
125 return (0);
126}
127
a64ba182 128/*
420eedf5 129 * Get an arbitrary pid's process group id
3919ced0
MD
130 *
131 * MPALMOSTSAFE
a64ba182 132 */
984263bc 133int
753fd850 134sys_getpgid(struct getpgid_args *uap)
984263bc 135{
41c20dac 136 struct proc *p = curproc;
984263bc 137 struct proc *pt;
3919ced0 138 int error;
984263bc 139
3919ced0
MD
140 get_mplock();
141 error = 0;
984263bc 142
3919ced0
MD
143 if (uap->pid == 0) {
144 pt = p;
145 } else {
146 pt = pfind(uap->pid);
147 if (pt == NULL)
148 error = ESRCH;
149 }
150 if (error == 0)
151 uap->sysmsg_result = pt->p_pgrp->pg_id;
152 rel_mplock();
153 return (error);
984263bc
MD
154}
155
156/*
420eedf5 157 * Get an arbitrary pid's session id.
3919ced0
MD
158 *
159 * MPALMOSTSAFE
984263bc 160 */
984263bc 161int
753fd850 162sys_getsid(struct getsid_args *uap)
984263bc 163{
41c20dac 164 struct proc *p = curproc;
984263bc 165 struct proc *pt;
3919ced0 166 int error;
984263bc 167
3919ced0
MD
168 get_mplock();
169 error = 0;
984263bc 170
3919ced0
MD
171 if (uap->pid == 0) {
172 pt = p;
173 } else {
174 pt = pfind(uap->pid);
175 if (pt == NULL)
176 error = ESRCH;
177 }
178 if (error == 0)
179 uap->sysmsg_result = pt->p_session->s_sid;
180 rel_mplock();
181 return (error);
984263bc
MD
182}
183
184
185/*
3919ced0
MD
186 * getuid()
187 *
9910d07b 188 * MPSAFE
984263bc 189 */
984263bc 190int
753fd850 191sys_getuid(struct getuid_args *uap)
984263bc 192{
9910d07b 193 struct ucred *cred = curthread->td_ucred;
984263bc 194
9910d07b 195 uap->sysmsg_fds[0] = cred->cr_ruid;
984263bc 196#if defined(COMPAT_43) || defined(COMPAT_SUNOS)
9910d07b 197 uap->sysmsg_fds[1] = cred->cr_uid;
984263bc
MD
198#endif
199 return (0);
200}
201
202/*
3919ced0
MD
203 * geteuid()
204 *
9910d07b 205 * MPSAFE
984263bc 206 */
984263bc 207int
753fd850 208sys_geteuid(struct geteuid_args *uap)
984263bc 209{
9910d07b 210 struct ucred *cred = curthread->td_ucred;
984263bc 211
9910d07b 212 uap->sysmsg_result = cred->cr_uid;
984263bc
MD
213 return (0);
214}
215
216/*
3919ced0
MD
217 * getgid()
218 *
9910d07b 219 * MPSAFE
984263bc 220 */
984263bc 221int
753fd850 222sys_getgid(struct getgid_args *uap)
984263bc 223{
9910d07b 224 struct ucred *cred = curthread->td_ucred;
984263bc 225
9910d07b 226 uap->sysmsg_fds[0] = cred->cr_rgid;
984263bc 227#if defined(COMPAT_43) || defined(COMPAT_SUNOS)
9910d07b 228 uap->sysmsg_fds[1] = cred->cr_groups[0];
984263bc
MD
229#endif
230 return (0);
231}
232
233/*
234 * Get effective group ID. The "egid" is groups[0], and could be obtained
235 * via getgroups. This syscall exists because it is somewhat painful to do
236 * correctly in a library function.
6ad3ed15 237 *
3919ced0 238 * MPSAFE
984263bc 239 */
984263bc 240int
753fd850 241sys_getegid(struct getegid_args *uap)
984263bc 242{
9910d07b 243 struct ucred *cred = curthread->td_ucred;
984263bc 244
9910d07b 245 uap->sysmsg_result = cred->cr_groups[0];
984263bc
MD
246 return (0);
247}
248
3919ced0
MD
249/*
250 * MPSAFE
251 */
984263bc 252int
753fd850 253sys_getgroups(struct getgroups_args *uap)
984263bc 254{
41c20dac
MD
255 struct ucred *cr;
256 u_int ngrp;
984263bc
MD
257 int error;
258
9910d07b 259 cr = curthread->td_ucred;
984263bc 260 if ((ngrp = uap->gidsetsize) == 0) {
c7114eea 261 uap->sysmsg_result = cr->cr_ngroups;
984263bc
MD
262 return (0);
263 }
41c20dac 264 if (ngrp < cr->cr_ngroups)
984263bc 265 return (EINVAL);
41c20dac 266 ngrp = cr->cr_ngroups;
3919ced0
MD
267 error = copyout((caddr_t)cr->cr_groups,
268 (caddr_t)uap->gidset, ngrp * sizeof(gid_t));
269 if (error == 0)
270 uap->sysmsg_result = ngrp;
271 return (error);
984263bc
MD
272}
273
3919ced0
MD
274/*
275 * MPALMOSTSAFE
276 */
984263bc 277int
753fd850 278sys_setsid(struct setsid_args *uap)
984263bc 279{
41c20dac 280 struct proc *p = curproc;
3919ced0 281 int error;
984263bc 282
3919ced0 283 get_mplock();
984263bc 284 if (p->p_pgid == p->p_pid || pgfind(p->p_pid)) {
3919ced0 285 error = EPERM;
984263bc 286 } else {
3919ced0 287 enterpgrp(p, p->p_pid, 1);
c7114eea 288 uap->sysmsg_result = p->p_pid;
3919ced0 289 error = 0;
984263bc 290 }
3919ced0
MD
291 rel_mplock();
292 return (error);
984263bc
MD
293}
294
295/*
296 * set process group (setpgid/old setpgrp)
297 *
298 * caller does setpgid(targpid, targpgid)
299 *
300 * pid must be caller or child of caller (ESRCH)
301 * if a child
302 * pid must be in same session (EPERM)
303 * pid can't have done an exec (EACCES)
304 * if pgid != pid
305 * there must exist some pid in same session having pgid (EPERM)
306 * pid must not be session leader (EPERM)
3919ced0
MD
307 *
308 * MPALMOSTSAFE
984263bc 309 */
984263bc 310int
753fd850 311sys_setpgid(struct setpgid_args *uap)
984263bc 312{
41c20dac
MD
313 struct proc *curp = curproc;
314 struct proc *targp; /* target process */
315 struct pgrp *pgrp; /* target pgrp */
3919ced0 316 int error;
984263bc
MD
317
318 if (uap->pgid < 0)
319 return (EINVAL);
3919ced0
MD
320
321 get_mplock();
984263bc 322 if (uap->pid != 0 && uap->pid != curp->p_pid) {
3919ced0
MD
323 if ((targp = pfind(uap->pid)) == 0 || !inferior(targp)) {
324 error = ESRCH;
325 goto done;
326 }
327 if (targp->p_pgrp == NULL ||
328 targp->p_session != curp->p_session) {
329 error = EPERM;
330 goto done;
331 }
332 if (targp->p_flag & P_EXEC) {
333 error = EACCES;
334 goto done;
335 }
336 } else {
984263bc 337 targp = curp;
3919ced0
MD
338 }
339 if (SESS_LEADER(targp)) {
340 error = EPERM;
341 goto done;
342 }
343 if (uap->pgid == 0) {
984263bc 344 uap->pgid = targp->p_pid;
3919ced0 345 } else if (uap->pgid != targp->p_pid) {
984263bc 346 if ((pgrp = pgfind(uap->pgid)) == 0 ||
3919ced0
MD
347 pgrp->pg_session != curp->p_session) {
348 error = EPERM;
349 goto done;
350 }
351 }
352 error = enterpgrp(targp, uap->pgid, 0);
353done:
354 rel_mplock();
355 return (error);
984263bc
MD
356}
357
358/*
359 * Use the clause in B.4.2.2 that allows setuid/setgid to be 4.2/4.3BSD
9a7c6212 360 * compatible. It says that setting the uid/gid to euid/egid is a special
984263bc
MD
361 * case of "appropriate privilege". Once the rules are expanded out, this
362 * basically means that setuid(nnn) sets all three id's, in all permitted
363 * cases unless _POSIX_SAVED_IDS is enabled. In that case, setuid(getuid())
364 * does not set the saved id - this is dangerous for traditional BSD
365 * programs. For this reason, we *really* do not want to set
366 * _POSIX_SAVED_IDS and do not want to clear POSIX_APPENDIX_B_4_2_2.
367 */
368#define POSIX_APPENDIX_B_4_2_2
369
3919ced0
MD
370/*
371 * MPALMOSTSAFE
372 */
984263bc 373int
753fd850 374sys_setuid(struct setuid_args *uap)
984263bc 375{
41c20dac
MD
376 struct proc *p = curproc;
377 struct ucred *cr;
378 uid_t uid;
984263bc
MD
379 int error;
380
3919ced0 381 get_mplock();
41c20dac
MD
382 cr = p->p_ucred;
383
984263bc
MD
384 /*
385 * See if we have "permission" by POSIX 1003.1 rules.
386 *
387 * Note that setuid(geteuid()) is a special case of
388 * "appropriate privileges" in appendix B.4.2.2. We need
9a7c6212 389 * to use this clause to be compatible with traditional BSD
984263bc
MD
390 * semantics. Basically, it means that "setuid(xx)" sets all
391 * three id's (assuming you have privs).
392 *
393 * Notes on the logic. We do things in three steps.
394 * 1: We determine if the euid is going to change, and do EPERM
395 * right away. We unconditionally change the euid later if this
396 * test is satisfied, simplifying that part of the logic.
397 * 2: We determine if the real and/or saved uid's are going to
398 * change. Determined by compile options.
399 * 3: Change euid last. (after tests in #2 for "appropriate privs")
400 */
401 uid = uap->uid;
41c20dac 402 if (uid != cr->cr_ruid && /* allow setuid(getuid()) */
984263bc 403#ifdef _POSIX_SAVED_IDS
41c20dac 404 uid != crc->cr_svuid && /* allow setuid(saved gid) */
984263bc
MD
405#endif
406#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
41c20dac 407 uid != cr->cr_uid && /* allow setuid(geteuid()) */
984263bc 408#endif
3a591c90 409 (error = priv_check_cred(cr, PRIV_CRED_SETUID, 0)))
3919ced0 410 goto done;
984263bc
MD
411
412#ifdef _POSIX_SAVED_IDS
413 /*
414 * Do we have "appropriate privileges" (are we root or uid == euid)
415 * If so, we are changing the real uid and/or saved uid.
416 */
417 if (
418#ifdef POSIX_APPENDIX_B_4_2_2 /* Use the clause from B.4.2.2 */
41c20dac 419 uid == cr->cr_uid ||
984263bc 420#endif
3a591c90 421 priv_check_cred(cr, PRIV_CRED_SETUID, 0) == 0) /* we are using privs */
984263bc
MD
422#endif
423 {
424 /*
425 * Set the real uid and transfer proc count to new user.
426 */
41c20dac 427 if (uid != cr->cr_ruid) {
be170d6b 428 cr = change_ruid(uid);
41c20dac 429 setsugid();
984263bc
MD
430 }
431 /*
432 * Set saved uid
433 *
434 * XXX always set saved uid even if not _POSIX_SAVED_IDS, as
435 * the security of seteuid() depends on it. B.4.2.2 says it
436 * is important that we should do this.
437 */
41c20dac 438 if (cr->cr_svuid != uid) {
115ccd83 439 cr = cratom(&p->p_ucred);
41c20dac
MD
440 cr->cr_svuid = uid;
441 setsugid();
984263bc
MD
442 }
443 }
444
445 /*
446 * In all permitted cases, we are changing the euid.
447 * Copy credentials so other references do not see our changes.
448 */
41c20dac
MD
449 if (cr->cr_uid != uid) {
450 change_euid(uid);
451 setsugid();
984263bc 452 }
3919ced0
MD
453 error = 0;
454done:
455 rel_mplock();
456 return (error);
984263bc
MD
457}
458
3919ced0
MD
459/*
460 * MPALMOSTSAFE
461 */
984263bc 462int
753fd850 463sys_seteuid(struct seteuid_args *uap)
984263bc 464{
41c20dac
MD
465 struct proc *p = curproc;
466 struct ucred *cr;
467 uid_t euid;
984263bc
MD
468 int error;
469
9910d07b 470 get_mplock();
41c20dac 471 cr = p->p_ucred;
984263bc 472 euid = uap->euid;
41c20dac
MD
473 if (euid != cr->cr_ruid && /* allow seteuid(getuid()) */
474 euid != cr->cr_svuid && /* allow seteuid(saved uid) */
3919ced0 475 (error = priv_check_cred(cr, PRIV_CRED_SETEUID, 0))) {
9910d07b 476 rel_mplock();
984263bc 477 return (error);
3919ced0
MD
478 }
479
984263bc
MD
480 /*
481 * Everything's okay, do it. Copy credentials so other references do
482 * not see our changes.
483 */
41c20dac
MD
484 if (cr->cr_uid != euid) {
485 change_euid(euid);
486 setsugid();
984263bc 487 }
9910d07b 488 rel_mplock();
984263bc
MD
489 return (0);
490}
491
3919ced0
MD
492/*
493 * MPALMOSTSAFE
494 */
984263bc 495int
753fd850 496sys_setgid(struct setgid_args *uap)
984263bc 497{
41c20dac
MD
498 struct proc *p = curproc;
499 struct ucred *cr;
500 gid_t gid;
984263bc
MD
501 int error;
502
3919ced0 503 get_mplock();
41c20dac
MD
504 cr = p->p_ucred;
505
984263bc
MD
506 /*
507 * See if we have "permission" by POSIX 1003.1 rules.
508 *
509 * Note that setgid(getegid()) is a special case of
510 * "appropriate privileges" in appendix B.4.2.2. We need
9a7c6212 511 * to use this clause to be compatible with traditional BSD
984263bc
MD
512 * semantics. Basically, it means that "setgid(xx)" sets all
513 * three id's (assuming you have privs).
514 *
515 * For notes on the logic here, see setuid() above.
516 */
517 gid = uap->gid;
41c20dac 518 if (gid != cr->cr_rgid && /* allow setgid(getgid()) */
984263bc 519#ifdef _POSIX_SAVED_IDS
41c20dac 520 gid != cr->cr_svgid && /* allow setgid(saved gid) */
984263bc
MD
521#endif
522#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
41c20dac 523 gid != cr->cr_groups[0] && /* allow setgid(getegid()) */
984263bc 524#endif
3919ced0
MD
525 (error = priv_check_cred(cr, PRIV_CRED_SETGID, 0))) {
526 goto done;
527 }
984263bc
MD
528
529#ifdef _POSIX_SAVED_IDS
530 /*
531 * Do we have "appropriate privileges" (are we root or gid == egid)
532 * If so, we are changing the real uid and saved gid.
533 */
534 if (
535#ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */
41c20dac 536 gid == cr->cr_groups[0] ||
984263bc 537#endif
3a591c90 538 priv_check_cred(cr, PRIV_CRED_SETGID, 0) == 0) /* we are using privs */
984263bc
MD
539#endif
540 {
541 /*
542 * Set real gid
543 */
41c20dac 544 if (cr->cr_rgid != gid) {
115ccd83 545 cr = cratom(&p->p_ucred);
41c20dac
MD
546 cr->cr_rgid = gid;
547 setsugid();
984263bc
MD
548 }
549 /*
550 * Set saved gid
551 *
552 * XXX always set saved gid even if not _POSIX_SAVED_IDS, as
553 * the security of setegid() depends on it. B.4.2.2 says it
554 * is important that we should do this.
555 */
41c20dac 556 if (cr->cr_svgid != gid) {
115ccd83 557 cr = cratom(&p->p_ucred);
41c20dac
MD
558 cr->cr_svgid = gid;
559 setsugid();
984263bc
MD
560 }
561 }
562 /*
563 * In all cases permitted cases, we are changing the egid.
564 * Copy credentials so other references do not see our changes.
565 */
41c20dac 566 if (cr->cr_groups[0] != gid) {
e9a372eb 567 cr = cratom(&p->p_ucred);
41c20dac
MD
568 cr->cr_groups[0] = gid;
569 setsugid();
984263bc 570 }
3919ced0
MD
571 error = 0;
572done:
573 rel_mplock();
574 return (error);
984263bc
MD
575}
576
3919ced0
MD
577/*
578 * MPALMOSTSAFE
579 */
984263bc 580int
753fd850 581sys_setegid(struct setegid_args *uap)
984263bc 582{
41c20dac
MD
583 struct proc *p = curproc;
584 struct ucred *cr;
585 gid_t egid;
984263bc
MD
586 int error;
587
3919ced0 588 get_mplock();
41c20dac 589 cr = p->p_ucred;
984263bc 590 egid = uap->egid;
41c20dac
MD
591 if (egid != cr->cr_rgid && /* allow setegid(getgid()) */
592 egid != cr->cr_svgid && /* allow setegid(saved gid) */
3919ced0
MD
593 (error = priv_check_cred(cr, PRIV_CRED_SETEGID, 0))) {
594 goto done;
595 }
41c20dac 596 if (cr->cr_groups[0] != egid) {
e9a372eb 597 cr = cratom(&p->p_ucred);
41c20dac
MD
598 cr->cr_groups[0] = egid;
599 setsugid();
984263bc 600 }
3919ced0
MD
601 error = 0;
602done:
603 rel_mplock();
604 return (error);
984263bc
MD
605}
606
3919ced0
MD
607/*
608 * MPALMOSTSAFE
609 */
984263bc 610int
753fd850 611sys_setgroups(struct setgroups_args *uap)
984263bc 612{
41c20dac
MD
613 struct proc *p = curproc;
614 struct ucred *cr;
615 u_int ngrp;
984263bc
MD
616 int error;
617
3919ced0 618 get_mplock();
41c20dac
MD
619 cr = p->p_ucred;
620
3a591c90 621 if ((error = priv_check_cred(cr, PRIV_CRED_SETGROUPS, 0)))
3919ced0 622 goto done;
984263bc 623 ngrp = uap->gidsetsize;
3919ced0
MD
624 if (ngrp > NGROUPS) {
625 error = EINVAL;
626 goto done;
627 }
984263bc
MD
628 /*
629 * XXX A little bit lazy here. We could test if anything has
e9a372eb 630 * changed before cratom() and setting P_SUGID.
984263bc 631 */
e9a372eb 632 cr = cratom(&p->p_ucred);
984263bc
MD
633 if (ngrp < 1) {
634 /*
635 * setgroups(0, NULL) is a legitimate way of clearing the
636 * groups vector on non-BSD systems (which generally do not
637 * have the egid in the groups[0]). We risk security holes
638 * when running non-BSD software if we do not do the same.
639 */
41c20dac 640 cr->cr_ngroups = 1;
984263bc 641 } else {
3919ced0
MD
642 error = copyin(uap->gidset, cr->cr_groups,
643 ngrp * sizeof(gid_t));
644 if (error)
645 goto done;
41c20dac 646 cr->cr_ngroups = ngrp;
984263bc 647 }
41c20dac 648 setsugid();
3919ced0
MD
649 error = 0;
650done:
651 rel_mplock();
652 return (error);
984263bc
MD
653}
654
3919ced0
MD
655/*
656 * MPALMOSTSAFE
657 */
984263bc 658int
753fd850 659sys_setreuid(struct setreuid_args *uap)
984263bc 660{
41c20dac
MD
661 struct proc *p = curproc;
662 struct ucred *cr;
663 uid_t ruid, euid;
984263bc
MD
664 int error;
665
3919ced0 666 get_mplock();
41c20dac
MD
667 cr = p->p_ucred;
668
984263bc
MD
669 ruid = uap->ruid;
670 euid = uap->euid;
41c20dac
MD
671 if (((ruid != (uid_t)-1 && ruid != cr->cr_ruid && ruid != cr->cr_svuid) ||
672 (euid != (uid_t)-1 && euid != cr->cr_uid &&
673 euid != cr->cr_ruid && euid != cr->cr_svuid)) &&
3919ced0
MD
674 (error = priv_check_cred(cr, PRIV_CRED_SETREUID, 0)) != 0) {
675 goto done;
676 }
984263bc 677
41c20dac 678 if (euid != (uid_t)-1 && cr->cr_uid != euid) {
be170d6b 679 cr = change_euid(euid);
41c20dac 680 setsugid();
984263bc 681 }
41c20dac 682 if (ruid != (uid_t)-1 && cr->cr_ruid != ruid) {
be170d6b 683 cr = change_ruid(ruid);
41c20dac 684 setsugid();
984263bc 685 }
41c20dac
MD
686 if ((ruid != (uid_t)-1 || cr->cr_uid != cr->cr_ruid) &&
687 cr->cr_svuid != cr->cr_uid) {
e9a372eb 688 cr = cratom(&p->p_ucred);
41c20dac
MD
689 cr->cr_svuid = cr->cr_uid;
690 setsugid();
984263bc 691 }
3919ced0
MD
692 error = 0;
693done:
694 rel_mplock();
695 return (error);
984263bc
MD
696}
697
3919ced0
MD
698/*
699 * MPALMOSTSAFE
700 */
984263bc 701int
753fd850 702sys_setregid(struct setregid_args *uap)
984263bc 703{
41c20dac
MD
704 struct proc *p = curproc;
705 struct ucred *cr;
706 gid_t rgid, egid;
984263bc
MD
707 int error;
708
3919ced0 709 get_mplock();
41c20dac
MD
710 cr = p->p_ucred;
711
984263bc
MD
712 rgid = uap->rgid;
713 egid = uap->egid;
41c20dac
MD
714 if (((rgid != (gid_t)-1 && rgid != cr->cr_rgid && rgid != cr->cr_svgid) ||
715 (egid != (gid_t)-1 && egid != cr->cr_groups[0] &&
716 egid != cr->cr_rgid && egid != cr->cr_svgid)) &&
3919ced0
MD
717 (error = priv_check_cred(cr, PRIV_CRED_SETREGID, 0)) != 0) {
718 goto done;
719 }
984263bc 720
41c20dac 721 if (egid != (gid_t)-1 && cr->cr_groups[0] != egid) {
e9a372eb 722 cr = cratom(&p->p_ucred);
41c20dac
MD
723 cr->cr_groups[0] = egid;
724 setsugid();
984263bc 725 }
41c20dac 726 if (rgid != (gid_t)-1 && cr->cr_rgid != rgid) {
e9a372eb 727 cr = cratom(&p->p_ucred);
41c20dac
MD
728 cr->cr_rgid = rgid;
729 setsugid();
984263bc 730 }
41c20dac
MD
731 if ((rgid != (gid_t)-1 || cr->cr_groups[0] != cr->cr_rgid) &&
732 cr->cr_svgid != cr->cr_groups[0]) {
e9a372eb 733 cr = cratom(&p->p_ucred);
41c20dac
MD
734 cr->cr_svgid = cr->cr_groups[0];
735 setsugid();
984263bc 736 }
3919ced0
MD
737 error = 0;
738done:
739 rel_mplock();
740 return (error);
984263bc
MD
741}
742
743/*
744 * setresuid(ruid, euid, suid) is like setreuid except control over the
745 * saved uid is explicit.
3919ced0
MD
746 *
747 * MPALMOSTSAFE
984263bc 748 */
984263bc 749int
753fd850 750sys_setresuid(struct setresuid_args *uap)
984263bc 751{
41c20dac
MD
752 struct proc *p = curproc;
753 struct ucred *cr;
754 uid_t ruid, euid, suid;
984263bc
MD
755 int error;
756
3919ced0 757 get_mplock();
41c20dac 758 cr = p->p_ucred;
3919ced0 759
984263bc
MD
760 ruid = uap->ruid;
761 euid = uap->euid;
762 suid = uap->suid;
41c20dac
MD
763 if (((ruid != (uid_t)-1 && ruid != cr->cr_ruid && ruid != cr->cr_svuid &&
764 ruid != cr->cr_uid) ||
765 (euid != (uid_t)-1 && euid != cr->cr_ruid && euid != cr->cr_svuid &&
766 euid != cr->cr_uid) ||
767 (suid != (uid_t)-1 && suid != cr->cr_ruid && suid != cr->cr_svuid &&
768 suid != cr->cr_uid)) &&
3919ced0
MD
769 (error = priv_check_cred(cr, PRIV_CRED_SETRESUID, 0)) != 0) {
770 goto done;
771 }
41c20dac 772 if (euid != (uid_t)-1 && cr->cr_uid != euid) {
be170d6b 773 cr = change_euid(euid);
41c20dac 774 setsugid();
984263bc 775 }
41c20dac 776 if (ruid != (uid_t)-1 && cr->cr_ruid != ruid) {
be170d6b 777 cr = change_ruid(ruid);
41c20dac 778 setsugid();
984263bc 779 }
41c20dac 780 if (suid != (uid_t)-1 && cr->cr_svuid != suid) {
e9a372eb 781 cr = cratom(&p->p_ucred);
41c20dac
MD
782 cr->cr_svuid = suid;
783 setsugid();
984263bc 784 }
3919ced0
MD
785 error = 0;
786done:
787 rel_mplock();
788 return (error);
984263bc
MD
789}
790
791/*
792 * setresgid(rgid, egid, sgid) is like setregid except control over the
793 * saved gid is explicit.
3919ced0
MD
794 *
795 * MPALMOSTSAFE
984263bc 796 */
984263bc 797int
753fd850 798sys_setresgid(struct setresgid_args *uap)
984263bc 799{
41c20dac
MD
800 struct proc *p = curproc;
801 struct ucred *cr;
802 gid_t rgid, egid, sgid;
984263bc
MD
803 int error;
804
3919ced0 805 get_mplock();
41c20dac 806 cr = p->p_ucred;
984263bc
MD
807 rgid = uap->rgid;
808 egid = uap->egid;
809 sgid = uap->sgid;
41c20dac
MD
810 if (((rgid != (gid_t)-1 && rgid != cr->cr_rgid && rgid != cr->cr_svgid &&
811 rgid != cr->cr_groups[0]) ||
812 (egid != (gid_t)-1 && egid != cr->cr_rgid && egid != cr->cr_svgid &&
813 egid != cr->cr_groups[0]) ||
814 (sgid != (gid_t)-1 && sgid != cr->cr_rgid && sgid != cr->cr_svgid &&
815 sgid != cr->cr_groups[0])) &&
3919ced0
MD
816 (error = priv_check_cred(cr, PRIV_CRED_SETRESGID, 0)) != 0) {
817 goto done;
818 }
984263bc 819
41c20dac 820 if (egid != (gid_t)-1 && cr->cr_groups[0] != egid) {
e9a372eb 821 cr = cratom(&p->p_ucred);
41c20dac
MD
822 cr->cr_groups[0] = egid;
823 setsugid();
984263bc 824 }
41c20dac 825 if (rgid != (gid_t)-1 && cr->cr_rgid != rgid) {
e9a372eb 826 cr = cratom(&p->p_ucred);
41c20dac
MD
827 cr->cr_rgid = rgid;
828 setsugid();
984263bc 829 }
41c20dac 830 if (sgid != (gid_t)-1 && cr->cr_svgid != sgid) {
e9a372eb 831 cr = cratom(&p->p_ucred);
41c20dac
MD
832 cr->cr_svgid = sgid;
833 setsugid();
984263bc 834 }
3919ced0
MD
835 error = 0;
836done:
837 rel_mplock();
838 return (error);
984263bc
MD
839}
840
3919ced0
MD
841/*
842 * MPALMOSTSAFE
843 */
984263bc 844int
753fd850 845sys_getresuid(struct getresuid_args *uap)
984263bc 846{
41c20dac 847 struct proc *p = curproc;
3919ced0 848 struct ucred *cr;
984263bc
MD
849 int error1 = 0, error2 = 0, error3 = 0;
850
3919ced0
MD
851 get_mplock();
852 cr = p->p_ucred;
984263bc 853 if (uap->ruid)
41c20dac
MD
854 error1 = copyout((caddr_t)&cr->cr_ruid,
855 (caddr_t)uap->ruid, sizeof(cr->cr_ruid));
984263bc 856 if (uap->euid)
41c20dac
MD
857 error2 = copyout((caddr_t)&cr->cr_uid,
858 (caddr_t)uap->euid, sizeof(cr->cr_uid));
984263bc 859 if (uap->suid)
41c20dac
MD
860 error3 = copyout((caddr_t)&cr->cr_svuid,
861 (caddr_t)uap->suid, sizeof(cr->cr_svuid));
3919ced0 862 rel_mplock();
984263bc
MD
863 return error1 ? error1 : (error2 ? error2 : error3);
864}
865
3919ced0 866/*
9910d07b 867 * MPSAFE
3919ced0 868 */
984263bc 869int
753fd850 870sys_getresgid(struct getresgid_args *uap)
984263bc 871{
3919ced0 872 struct ucred *cr;
984263bc
MD
873 int error1 = 0, error2 = 0, error3 = 0;
874
9910d07b 875 cr = curthread->td_ucred;
984263bc 876 if (uap->rgid)
9910d07b
MD
877 error1 = copyout(&cr->cr_rgid, uap->rgid,
878 sizeof(cr->cr_rgid));
984263bc 879 if (uap->egid)
9910d07b
MD
880 error2 = copyout(&cr->cr_groups[0], uap->egid,
881 sizeof(cr->cr_groups[0]));
984263bc 882 if (uap->sgid)
9910d07b
MD
883 error3 = copyout(&cr->cr_svgid, uap->sgid,
884 sizeof(cr->cr_svgid));
984263bc
MD
885 return error1 ? error1 : (error2 ? error2 : error3);
886}
887
888
3919ced0
MD
889/*
890 * NOTE: OpenBSD sets a P_SUGIDEXEC flag set at execve() time,
891 * we use P_SUGID because we consider changing the owners as
892 * "tainting" as well.
893 * This is significant for procs that start as root and "become"
894 * a user without an exec - programs cannot know *everything*
895 * that libc *might* have put in their data segment.
896 *
897 * MPSAFE
898 */
984263bc 899int
753fd850 900sys_issetugid(struct issetugid_args *uap)
984263bc 901{
3919ced0 902 uap->sysmsg_result = (curproc->p_flag & P_SUGID) ? 1 : 0;
984263bc
MD
903 return (0);
904}
905
906/*
907 * Check if gid is a member of the group set.
908 */
909int
41c20dac 910groupmember(gid_t gid, struct ucred *cred)
984263bc 911{
41c20dac 912 gid_t *gp;
984263bc
MD
913 gid_t *egp;
914
915 egp = &(cred->cr_groups[cred->cr_ngroups]);
4f645dbb 916 for (gp = cred->cr_groups; gp < egp; gp++) {
984263bc
MD
917 if (*gp == gid)
918 return (1);
4f645dbb 919 }
984263bc
MD
920 return (0);
921}
922
923/*
d46b588e
MN
924 * Test whether the specified credentials have the privilege
925 * in question.
926 *
927 * A kernel thread without a process context is assumed to have
928 * the privilege in question. In situations where the caller always
929 * expect a cred to exist, the cred should be passed separately and
930 * priv_check_cred() should be used instead of priv_check().
dadab5e9 931 *
984263bc 932 * Returns 0 or error.
1ee6e3c6
MD
933 *
934 * MPSAFE
984263bc
MD
935 */
936int
d46b588e 937priv_check(struct thread *td, int priv)
984263bc 938{
9910d07b
MD
939 if (td->td_lwp != NULL)
940 return priv_check_cred(td->td_ucred, priv, 0);
941 return (0);
984263bc
MD
942}
943
e4700d00 944/*
d46b588e
MN
945 * Check a credential for privilege.
946 *
e4700d00 947 * A non-null credential is expected unless NULL_CRED_OKAY is set.
1ee6e3c6
MD
948 *
949 * MPSAFE
e4700d00 950 */
984263bc 951int
d46b588e 952priv_check_cred(struct ucred *cred, int priv, int flags)
984263bc 953{
cd554aa4
MN
954 int error;
955
d46b588e
MN
956 KASSERT(PRIV_VALID(priv), ("priv_check_cred: invalid privilege"));
957
958 KASSERT(cred != NULL || flags & NULL_CRED_OKAY,
959 ("priv_check_cred: NULL cred!"));
41c20dac 960
e4700d00 961 if (cred == NULL) {
d46b588e 962 if (flags & NULL_CRED_OKAY)
e4700d00
JH
963 return (0);
964 else
965 return (EPERM);
966 }
984263bc
MD
967 if (cred->cr_uid != 0)
968 return (EPERM);
cd554aa4 969
1b6db7be
MN
970 error = prison_priv_check(cred, priv);
971 if (error)
972 return (error);
cd554aa4 973
dadab5e9 974 /* NOTE: accounting for suser access (p_acflag/ASU) removed */
984263bc
MD
975 return (0);
976}
977
978/*
979 * Return zero if p1 can fondle p2, return errno (EPERM/ESRCH) otherwise.
980 */
984263bc 981int
41c20dac 982p_trespass(struct ucred *cr1, struct ucred *cr2)
984263bc 983{
41c20dac 984 if (cr1 == cr2)
984263bc 985 return (0);
41c20dac 986 if (!PRISON_CHECK(cr1, cr2))
984263bc 987 return (ESRCH);
41c20dac 988 if (cr1->cr_ruid == cr2->cr_ruid)
984263bc 989 return (0);
41c20dac 990 if (cr1->cr_uid == cr2->cr_ruid)
984263bc 991 return (0);
41c20dac 992 if (cr1->cr_ruid == cr2->cr_uid)
984263bc 993 return (0);
41c20dac 994 if (cr1->cr_uid == cr2->cr_uid)
984263bc 995 return (0);
14272f2d 996 if (priv_check_cred(cr1, PRIV_PROC_TRESPASS, 0) == 0)
984263bc
MD
997 return (0);
998 return (EPERM);
999}
1000
1001/*
d9b2033e
MD
1002 * MPSAFE
1003 */
1004static __inline void
1005_crinit(struct ucred *cr)
1006{
d9b2033e 1007 cr->cr_ref = 1;
d9b2033e
MD
1008}
1009
1010/*
1011 * MPSAFE
1012 */
1013void
1014crinit(struct ucred *cr)
1015{
4eee9a80 1016 bzero(cr, sizeof(*cr));
d9b2033e
MD
1017 _crinit(cr);
1018}
1019
1020/*
984263bc 1021 * Allocate a zeroed cred structure.
d9b2033e
MD
1022 *
1023 * MPSAFE
984263bc
MD
1024 */
1025struct ucred *
77153250 1026crget(void)
984263bc 1027{
1fd87d54 1028 struct ucred *cr;
984263bc 1029
4eee9a80 1030 cr = kmalloc(sizeof(*cr), M_CRED, M_WAITOK|M_ZERO);
d9b2033e 1031 _crinit(cr);
984263bc
MD
1032 return (cr);
1033}
1034
1035/*
e9a372eb
MD
1036 * Claim another reference to a ucred structure. Can be used with special
1037 * creds.
d9b2033e
MD
1038 *
1039 * It must be possible to call this routine with spinlocks held, meaning
1040 * that this routine itself cannot obtain a spinlock.
1041 *
1042 * MPSAFE
984263bc 1043 */
dadab5e9 1044struct ucred *
41c20dac 1045crhold(struct ucred *cr)
984263bc 1046{
e9a372eb 1047 if (cr != NOCRED && cr != FSCRED)
d9b2033e 1048 atomic_add_int(&cr->cr_ref, 1);
dadab5e9 1049 return(cr);
984263bc
MD
1050}
1051
1052/*
d9b2033e
MD
1053 * Drop a reference from the cred structure, free it if the reference count
1054 * reaches 0.
1055 *
1056 * NOTE: because we used atomic_add_int() above, without a spinlock, we
1057 * must also use atomic_subtract_int() below. A spinlock is required
1058 * in crfree() to handle multiple callers racing the refcount to 0.
1059 *
61f96b6f 1060 * MPSAFE
984263bc
MD
1061 */
1062void
41c20dac 1063crfree(struct ucred *cr)
984263bc 1064{
d9b2033e 1065 if (cr->cr_ref <= 0)
984263bc 1066 panic("Freeing already free credential! %p", cr);
61f96b6f 1067 if (atomic_fetchadd_int(&cr->cr_ref, -1) == 1) {
984263bc
MD
1068 /*
1069 * Some callers of crget(), such as nfs_statfs(),
1070 * allocate a temporary credential, but don't
1071 * allocate a uidinfo structure.
1072 */
792033e7
MD
1073 if (cr->cr_uidinfo != NULL) {
1074 uidrop(cr->cr_uidinfo);
1075 cr->cr_uidinfo = NULL;
1076 }
1077 if (cr->cr_ruidinfo != NULL) {
1078 uidrop(cr->cr_ruidinfo);
1079 cr->cr_ruidinfo = NULL;
1080 }
41c20dac
MD
1081
1082 /*
1083 * Destroy empty prisons
1084 */
b40e316c
JS
1085 if (jailed(cr))
1086 prison_free(cr->cr_prison);
41c20dac
MD
1087 cr->cr_prison = NULL; /* safety */
1088
984263bc
MD
1089 FREE((caddr_t)cr, M_CRED);
1090 }
1091}
1092
1093/*
e9a372eb
MD
1094 * Atomize a cred structure so it can be modified without polluting
1095 * other references to it.
61f96b6f
MD
1096 *
1097 * MPSAFE (however, *pcr must be stable)
e9a372eb
MD
1098 */
1099struct ucred *
1100cratom(struct ucred **pcr)
1101{
1102 struct ucred *oldcr;
1103 struct ucred *newcr;
1104
1105 oldcr = *pcr;
1106 if (oldcr->cr_ref == 1)
1107 return (oldcr);
1108 newcr = crget();
1109 *newcr = *oldcr;
1110 if (newcr->cr_uidinfo)
1111 uihold(newcr->cr_uidinfo);
1112 if (newcr->cr_ruidinfo)
1113 uihold(newcr->cr_ruidinfo);
b40e316c
JS
1114 if (jailed(newcr))
1115 prison_hold(newcr->cr_prison);
e9a372eb
MD
1116 newcr->cr_ref = 1;
1117 crfree(oldcr);
1118 *pcr = newcr;
1119 return (newcr);
1120}
1121
1122#if 0 /* no longer used but keep around for a little while */
1123/*
984263bc 1124 * Copy cred structure to a new one and free the old one.
61f96b6f
MD
1125 *
1126 * MPSAFE (*cr must be stable)
984263bc
MD
1127 */
1128struct ucred *
41c20dac 1129crcopy(struct ucred *cr)
984263bc
MD
1130{
1131 struct ucred *newcr;
1132
1133 if (cr->cr_ref == 1)
1134 return (cr);
1135 newcr = crget();
1136 *newcr = *cr;
41c20dac
MD
1137 if (newcr->cr_uidinfo)
1138 uihold(newcr->cr_uidinfo);
1139 if (newcr->cr_ruidinfo)
1140 uihold(newcr->cr_ruidinfo);
b40e316c
JS
1141 if (jailed(newcr))
1142 prison_hold(newcr->cr_prison);
984263bc 1143 newcr->cr_ref = 1;
41c20dac 1144 crfree(cr);
984263bc
MD
1145 return (newcr);
1146}
e9a372eb 1147#endif
984263bc
MD
1148
1149/*
1150 * Dup cred struct to a new held one.
1151 */
1152struct ucred *
77153250 1153crdup(struct ucred *cr)
984263bc
MD
1154{
1155 struct ucred *newcr;
1156
1157 newcr = crget();
1158 *newcr = *cr;
41c20dac
MD
1159 if (newcr->cr_uidinfo)
1160 uihold(newcr->cr_uidinfo);
1161 if (newcr->cr_ruidinfo)
1162 uihold(newcr->cr_ruidinfo);
b40e316c
JS
1163 if (jailed(newcr))
1164 prison_hold(newcr->cr_prison);
984263bc
MD
1165 newcr->cr_ref = 1;
1166 return (newcr);
1167}
1168
1169/*
1170 * Fill in a struct xucred based on a struct ucred.
1171 */
1172void
77153250 1173cru2x(struct ucred *cr, struct xucred *xcr)
984263bc
MD
1174{
1175
1176 bzero(xcr, sizeof(*xcr));
1177 xcr->cr_version = XUCRED_VERSION;
1178 xcr->cr_uid = cr->cr_uid;
1179 xcr->cr_ngroups = cr->cr_ngroups;
1180 bcopy(cr->cr_groups, xcr->cr_groups, sizeof(cr->cr_groups));
1181}
1182
1183/*
1184 * Get login name, if available.
3919ced0
MD
1185 *
1186 * MPALMOSTSAFE
984263bc 1187 */
984263bc 1188int
753fd850 1189sys_getlogin(struct getlogin_args *uap)
984263bc 1190{
41c20dac 1191 struct proc *p = curproc;
3919ced0
MD
1192 char buf[MAXLOGNAME];
1193 int error;
984263bc 1194
3919ced0 1195 if (uap->namelen > MAXLOGNAME) /* namelen is unsigned */
984263bc 1196 uap->namelen = MAXLOGNAME;
3919ced0
MD
1197 get_mplock();
1198 bzero(buf, sizeof(buf));
1199 bcopy(p->p_pgrp->pg_session->s_login, buf, uap->namelen);
1200 rel_mplock();
1201
1202 error = copyout(buf, uap->namebuf, uap->namelen);
1203 return (error);
984263bc
MD
1204}
1205
1206/*
1207 * Set login name.
3919ced0
MD
1208 *
1209 * MPALMOSTSAFE
984263bc 1210 */
984263bc 1211int
753fd850 1212sys_setlogin(struct setlogin_args *uap)
984263bc 1213{
9910d07b
MD
1214 struct thread *td = curthread;
1215 struct proc *p;
1216 struct ucred *cred;
3919ced0 1217 char buf[MAXLOGNAME];
984263bc 1218 int error;
984263bc 1219
9910d07b
MD
1220 cred = td->td_ucred;
1221 p = td->td_proc;
1222
1223 if ((error = priv_check_cred(cred, PRIV_PROC_SETLOGIN, 0)))
984263bc 1224 return (error);
3919ced0
MD
1225 bzero(buf, sizeof(buf));
1226 error = copyinstr(uap->namebuf, buf, sizeof(buf), NULL);
984263bc
MD
1227 if (error == ENAMETOOLONG)
1228 error = EINVAL;
3919ced0
MD
1229 if (error == 0) {
1230 get_mplock();
1231 memcpy(p->p_pgrp->pg_session->s_login, buf, sizeof(buf));
1232 rel_mplock();
1233 }
984263bc
MD
1234 return (error);
1235}
1236
1237void
77153250 1238setsugid(void)
984263bc 1239{
41c20dac
MD
1240 struct proc *p = curproc;
1241
1242 KKASSERT(p != NULL);
984263bc
MD
1243 p->p_flag |= P_SUGID;
1244 if (!(p->p_pfsflags & PF_ISUGID))
1245 p->p_stops = 0;
1246}
1247
1248/*
1249 * Helper function to change the effective uid of a process
1250 */
be170d6b 1251struct ucred *
41c20dac 1252change_euid(uid_t euid)
984263bc 1253{
41c20dac
MD
1254 struct proc *p = curproc;
1255 struct ucred *cr;
984263bc 1256
41c20dac 1257 KKASSERT(p != NULL);
94507578 1258 lf_count_adjust(p, 0);
e9a372eb 1259 cr = cratom(&p->p_ucred);
41c20dac 1260 cr->cr_uid = euid;
792033e7 1261 uireplace(&cr->cr_uidinfo, uifind(euid));
94507578 1262 lf_count_adjust(p, 1);
be170d6b 1263 return (cr);
984263bc
MD
1264}
1265
1266/*
1267 * Helper function to change the real uid of a process
1268 *
1269 * The per-uid process count for this process is transfered from
1270 * the old uid to the new uid.
1271 */
be170d6b 1272struct ucred *
41c20dac 1273change_ruid(uid_t ruid)
984263bc 1274{
41c20dac
MD
1275 struct proc *p = curproc;
1276 struct ucred *cr;
984263bc 1277
41c20dac
MD
1278 KKASSERT(p != NULL);
1279
e9a372eb 1280 cr = cratom(&p->p_ucred);
be170d6b 1281 chgproccnt(cr->cr_ruidinfo, -1, 0);
41c20dac 1282 cr->cr_ruid = ruid;
792033e7 1283 uireplace(&cr->cr_ruidinfo, uifind(ruid));
be170d6b
SS
1284 chgproccnt(cr->cr_ruidinfo, 1, 0);
1285 return (cr);
984263bc 1286}