kernel - use new td_ucred in numerous places
[dragonfly.git] / sys / kern / kern_prot.c
CommitLineData
984263bc
MD
1/*
2 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by the University of
21 * California, Berkeley and its contributors.
22 * 4. Neither the name of the University nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 *
38 * @(#)kern_prot.c 8.6 (Berkeley) 1/21/94
39 * $FreeBSD: src/sys/kern/kern_prot.c,v 1.53.2.9 2002/03/09 05:20:26 dd Exp $
420eedf5 40 * $DragonFly: src/sys/kern/kern_prot.c,v 1.29 2008/02/16 15:53:39 matthias Exp $
984263bc
MD
41 */
42
43/*
44 * System calls related to processes and protection
45 */
46
47#include "opt_compat.h"
48
49#include <sys/param.h>
50#include <sys/acct.h>
51#include <sys/systm.h>
52#include <sys/sysproto.h>
53#include <sys/kernel.h>
3b564f1f 54#include <sys/lock.h>
984263bc 55#include <sys/proc.h>
28eeae89 56#include <sys/priv.h>
984263bc
MD
57#include <sys/malloc.h>
58#include <sys/pioctl.h>
59#include <sys/resourcevar.h>
41c20dac 60#include <sys/jail.h>
508ceb09 61#include <sys/lockf.h>
d9b2033e
MD
62#include <sys/spinlock.h>
63
64#include <sys/thread2.h>
65#include <sys/spinlock2.h>
984263bc
MD
66
67static MALLOC_DEFINE(M_CRED, "cred", "credentials");
68
984263bc 69/*
3919ced0 70 * MPALMOSTSAFE
984263bc 71 */
984263bc 72int
753fd850 73sys_getpid(struct getpid_args *uap)
984263bc 74{
41c20dac 75 struct proc *p = curproc;
984263bc 76
c7114eea 77 uap->sysmsg_fds[0] = p->p_pid;
984263bc 78#if defined(COMPAT_43) || defined(COMPAT_SUNOS)
3919ced0 79 get_mplock();
c7114eea 80 uap->sysmsg_fds[1] = p->p_pptr->p_pid;
3919ced0 81 rel_mplock();
984263bc
MD
82#endif
83 return (0);
84}
85
3919ced0
MD
86/*
87 * MPALMOSTSAFE
88 */
984263bc 89int
753fd850 90sys_getppid(struct getppid_args *uap)
984263bc 91{
41c20dac 92 struct proc *p = curproc;
984263bc 93
3919ced0 94 get_mplock();
c7114eea 95 uap->sysmsg_result = p->p_pptr->p_pid;
3919ced0
MD
96 rel_mplock();
97
984263bc 98 return (0);
f9366a82
SS
99}
100
3919ced0
MD
101/*
102 * MPSAFE
103 */
f9366a82
SS
104int
105sys_lwp_gettid(struct lwp_gettid_args *uap)
106{
107 struct lwp *lp = curthread->td_lwp;
108
109 uap->sysmsg_result = lp->lwp_tid;
110 return (0);
984263bc
MD
111}
112
113/*
114 * Get process group ID; note that POSIX getpgrp takes no parameter
115 *
3919ced0 116 * MPSAFE XXX pgrp
984263bc 117 */
984263bc 118int
753fd850 119sys_getpgrp(struct getpgrp_args *uap)
984263bc 120{
41c20dac 121 struct proc *p = curproc;
984263bc 122
c7114eea 123 uap->sysmsg_result = p->p_pgrp->pg_id;
984263bc
MD
124 return (0);
125}
126
a64ba182 127/*
420eedf5 128 * Get an arbitrary pid's process group id
3919ced0
MD
129 *
130 * MPALMOSTSAFE
a64ba182 131 */
984263bc 132int
753fd850 133sys_getpgid(struct getpgid_args *uap)
984263bc 134{
41c20dac 135 struct proc *p = curproc;
984263bc 136 struct proc *pt;
3919ced0 137 int error;
984263bc 138
3919ced0
MD
139 get_mplock();
140 error = 0;
984263bc 141
3919ced0
MD
142 if (uap->pid == 0) {
143 pt = p;
144 } else {
145 pt = pfind(uap->pid);
146 if (pt == NULL)
147 error = ESRCH;
148 }
149 if (error == 0)
150 uap->sysmsg_result = pt->p_pgrp->pg_id;
151 rel_mplock();
152 return (error);
984263bc
MD
153}
154
155/*
420eedf5 156 * Get an arbitrary pid's session id.
3919ced0
MD
157 *
158 * MPALMOSTSAFE
984263bc 159 */
984263bc 160int
753fd850 161sys_getsid(struct getsid_args *uap)
984263bc 162{
41c20dac 163 struct proc *p = curproc;
984263bc 164 struct proc *pt;
3919ced0 165 int error;
984263bc 166
3919ced0
MD
167 get_mplock();
168 error = 0;
984263bc 169
3919ced0
MD
170 if (uap->pid == 0) {
171 pt = p;
172 } else {
173 pt = pfind(uap->pid);
174 if (pt == NULL)
175 error = ESRCH;
176 }
177 if (error == 0)
178 uap->sysmsg_result = pt->p_session->s_sid;
179 rel_mplock();
180 return (error);
984263bc
MD
181}
182
183
184/*
3919ced0
MD
185 * getuid()
186 *
9910d07b 187 * MPSAFE
984263bc 188 */
984263bc 189int
753fd850 190sys_getuid(struct getuid_args *uap)
984263bc 191{
9910d07b 192 struct ucred *cred = curthread->td_ucred;
984263bc 193
9910d07b 194 uap->sysmsg_fds[0] = cred->cr_ruid;
984263bc 195#if defined(COMPAT_43) || defined(COMPAT_SUNOS)
9910d07b 196 uap->sysmsg_fds[1] = cred->cr_uid;
984263bc
MD
197#endif
198 return (0);
199}
200
201/*
3919ced0
MD
202 * geteuid()
203 *
9910d07b 204 * MPSAFE
984263bc 205 */
984263bc 206int
753fd850 207sys_geteuid(struct geteuid_args *uap)
984263bc 208{
9910d07b 209 struct ucred *cred = curthread->td_ucred;
984263bc 210
9910d07b 211 uap->sysmsg_result = cred->cr_uid;
984263bc
MD
212 return (0);
213}
214
215/*
3919ced0
MD
216 * getgid()
217 *
9910d07b 218 * MPSAFE
984263bc 219 */
984263bc 220int
753fd850 221sys_getgid(struct getgid_args *uap)
984263bc 222{
9910d07b 223 struct ucred *cred = curthread->td_ucred;
984263bc 224
9910d07b 225 uap->sysmsg_fds[0] = cred->cr_rgid;
984263bc 226#if defined(COMPAT_43) || defined(COMPAT_SUNOS)
9910d07b 227 uap->sysmsg_fds[1] = cred->cr_groups[0];
984263bc
MD
228#endif
229 return (0);
230}
231
232/*
233 * Get effective group ID. The "egid" is groups[0], and could be obtained
234 * via getgroups. This syscall exists because it is somewhat painful to do
235 * correctly in a library function.
6ad3ed15 236 *
3919ced0 237 * MPSAFE
984263bc 238 */
984263bc 239int
753fd850 240sys_getegid(struct getegid_args *uap)
984263bc 241{
9910d07b 242 struct ucred *cred = curthread->td_ucred;
984263bc 243
9910d07b 244 uap->sysmsg_result = cred->cr_groups[0];
984263bc
MD
245 return (0);
246}
247
3919ced0
MD
248/*
249 * MPSAFE
250 */
984263bc 251int
753fd850 252sys_getgroups(struct getgroups_args *uap)
984263bc 253{
41c20dac
MD
254 struct ucred *cr;
255 u_int ngrp;
984263bc
MD
256 int error;
257
9910d07b 258 cr = curthread->td_ucred;
984263bc 259 if ((ngrp = uap->gidsetsize) == 0) {
c7114eea 260 uap->sysmsg_result = cr->cr_ngroups;
984263bc
MD
261 return (0);
262 }
41c20dac 263 if (ngrp < cr->cr_ngroups)
984263bc 264 return (EINVAL);
41c20dac 265 ngrp = cr->cr_ngroups;
3919ced0
MD
266 error = copyout((caddr_t)cr->cr_groups,
267 (caddr_t)uap->gidset, ngrp * sizeof(gid_t));
268 if (error == 0)
269 uap->sysmsg_result = ngrp;
270 return (error);
984263bc
MD
271}
272
3919ced0
MD
273/*
274 * MPALMOSTSAFE
275 */
984263bc 276int
753fd850 277sys_setsid(struct setsid_args *uap)
984263bc 278{
41c20dac 279 struct proc *p = curproc;
3919ced0 280 int error;
984263bc 281
3919ced0 282 get_mplock();
984263bc 283 if (p->p_pgid == p->p_pid || pgfind(p->p_pid)) {
3919ced0 284 error = EPERM;
984263bc 285 } else {
3919ced0 286 enterpgrp(p, p->p_pid, 1);
c7114eea 287 uap->sysmsg_result = p->p_pid;
3919ced0 288 error = 0;
984263bc 289 }
3919ced0
MD
290 rel_mplock();
291 return (error);
984263bc
MD
292}
293
294/*
295 * set process group (setpgid/old setpgrp)
296 *
297 * caller does setpgid(targpid, targpgid)
298 *
299 * pid must be caller or child of caller (ESRCH)
300 * if a child
301 * pid must be in same session (EPERM)
302 * pid can't have done an exec (EACCES)
303 * if pgid != pid
304 * there must exist some pid in same session having pgid (EPERM)
305 * pid must not be session leader (EPERM)
3919ced0
MD
306 *
307 * MPALMOSTSAFE
984263bc 308 */
984263bc 309int
753fd850 310sys_setpgid(struct setpgid_args *uap)
984263bc 311{
41c20dac
MD
312 struct proc *curp = curproc;
313 struct proc *targp; /* target process */
314 struct pgrp *pgrp; /* target pgrp */
3919ced0 315 int error;
984263bc
MD
316
317 if (uap->pgid < 0)
318 return (EINVAL);
3919ced0
MD
319
320 get_mplock();
984263bc 321 if (uap->pid != 0 && uap->pid != curp->p_pid) {
3919ced0
MD
322 if ((targp = pfind(uap->pid)) == 0 || !inferior(targp)) {
323 error = ESRCH;
324 goto done;
325 }
326 if (targp->p_pgrp == NULL ||
327 targp->p_session != curp->p_session) {
328 error = EPERM;
329 goto done;
330 }
331 if (targp->p_flag & P_EXEC) {
332 error = EACCES;
333 goto done;
334 }
335 } else {
984263bc 336 targp = curp;
3919ced0
MD
337 }
338 if (SESS_LEADER(targp)) {
339 error = EPERM;
340 goto done;
341 }
342 if (uap->pgid == 0) {
984263bc 343 uap->pgid = targp->p_pid;
3919ced0 344 } else if (uap->pgid != targp->p_pid) {
984263bc 345 if ((pgrp = pgfind(uap->pgid)) == 0 ||
3919ced0
MD
346 pgrp->pg_session != curp->p_session) {
347 error = EPERM;
348 goto done;
349 }
350 }
351 error = enterpgrp(targp, uap->pgid, 0);
352done:
353 rel_mplock();
354 return (error);
984263bc
MD
355}
356
357/*
358 * Use the clause in B.4.2.2 that allows setuid/setgid to be 4.2/4.3BSD
9a7c6212 359 * compatible. It says that setting the uid/gid to euid/egid is a special
984263bc
MD
360 * case of "appropriate privilege". Once the rules are expanded out, this
361 * basically means that setuid(nnn) sets all three id's, in all permitted
362 * cases unless _POSIX_SAVED_IDS is enabled. In that case, setuid(getuid())
363 * does not set the saved id - this is dangerous for traditional BSD
364 * programs. For this reason, we *really* do not want to set
365 * _POSIX_SAVED_IDS and do not want to clear POSIX_APPENDIX_B_4_2_2.
366 */
367#define POSIX_APPENDIX_B_4_2_2
368
3919ced0
MD
369/*
370 * MPALMOSTSAFE
371 */
984263bc 372int
753fd850 373sys_setuid(struct setuid_args *uap)
984263bc 374{
41c20dac
MD
375 struct proc *p = curproc;
376 struct ucred *cr;
377 uid_t uid;
984263bc
MD
378 int error;
379
3919ced0 380 get_mplock();
41c20dac
MD
381 cr = p->p_ucred;
382
984263bc
MD
383 /*
384 * See if we have "permission" by POSIX 1003.1 rules.
385 *
386 * Note that setuid(geteuid()) is a special case of
387 * "appropriate privileges" in appendix B.4.2.2. We need
9a7c6212 388 * to use this clause to be compatible with traditional BSD
984263bc
MD
389 * semantics. Basically, it means that "setuid(xx)" sets all
390 * three id's (assuming you have privs).
391 *
392 * Notes on the logic. We do things in three steps.
393 * 1: We determine if the euid is going to change, and do EPERM
394 * right away. We unconditionally change the euid later if this
395 * test is satisfied, simplifying that part of the logic.
396 * 2: We determine if the real and/or saved uid's are going to
397 * change. Determined by compile options.
398 * 3: Change euid last. (after tests in #2 for "appropriate privs")
399 */
400 uid = uap->uid;
41c20dac 401 if (uid != cr->cr_ruid && /* allow setuid(getuid()) */
984263bc 402#ifdef _POSIX_SAVED_IDS
41c20dac 403 uid != crc->cr_svuid && /* allow setuid(saved gid) */
984263bc
MD
404#endif
405#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
41c20dac 406 uid != cr->cr_uid && /* allow setuid(geteuid()) */
984263bc 407#endif
3a591c90 408 (error = priv_check_cred(cr, PRIV_CRED_SETUID, 0)))
3919ced0 409 goto done;
984263bc
MD
410
411#ifdef _POSIX_SAVED_IDS
412 /*
413 * Do we have "appropriate privileges" (are we root or uid == euid)
414 * If so, we are changing the real uid and/or saved uid.
415 */
416 if (
417#ifdef POSIX_APPENDIX_B_4_2_2 /* Use the clause from B.4.2.2 */
41c20dac 418 uid == cr->cr_uid ||
984263bc 419#endif
3a591c90 420 priv_check_cred(cr, PRIV_CRED_SETUID, 0) == 0) /* we are using privs */
984263bc
MD
421#endif
422 {
423 /*
424 * Set the real uid and transfer proc count to new user.
425 */
41c20dac 426 if (uid != cr->cr_ruid) {
be170d6b 427 cr = change_ruid(uid);
41c20dac 428 setsugid();
984263bc
MD
429 }
430 /*
431 * Set saved uid
432 *
433 * XXX always set saved uid even if not _POSIX_SAVED_IDS, as
434 * the security of seteuid() depends on it. B.4.2.2 says it
435 * is important that we should do this.
436 */
41c20dac 437 if (cr->cr_svuid != uid) {
115ccd83 438 cr = cratom(&p->p_ucred);
41c20dac
MD
439 cr->cr_svuid = uid;
440 setsugid();
984263bc
MD
441 }
442 }
443
444 /*
445 * In all permitted cases, we are changing the euid.
446 * Copy credentials so other references do not see our changes.
447 */
41c20dac
MD
448 if (cr->cr_uid != uid) {
449 change_euid(uid);
450 setsugid();
984263bc 451 }
3919ced0
MD
452 error = 0;
453done:
454 rel_mplock();
455 return (error);
984263bc
MD
456}
457
3919ced0
MD
458/*
459 * MPALMOSTSAFE
460 */
984263bc 461int
753fd850 462sys_seteuid(struct seteuid_args *uap)
984263bc 463{
41c20dac
MD
464 struct proc *p = curproc;
465 struct ucred *cr;
466 uid_t euid;
984263bc
MD
467 int error;
468
9910d07b 469 get_mplock();
41c20dac 470 cr = p->p_ucred;
984263bc 471 euid = uap->euid;
41c20dac
MD
472 if (euid != cr->cr_ruid && /* allow seteuid(getuid()) */
473 euid != cr->cr_svuid && /* allow seteuid(saved uid) */
3919ced0 474 (error = priv_check_cred(cr, PRIV_CRED_SETEUID, 0))) {
9910d07b 475 rel_mplock();
984263bc 476 return (error);
3919ced0
MD
477 }
478
984263bc
MD
479 /*
480 * Everything's okay, do it. Copy credentials so other references do
481 * not see our changes.
482 */
41c20dac
MD
483 if (cr->cr_uid != euid) {
484 change_euid(euid);
485 setsugid();
984263bc 486 }
9910d07b 487 rel_mplock();
984263bc
MD
488 return (0);
489}
490
3919ced0
MD
491/*
492 * MPALMOSTSAFE
493 */
984263bc 494int
753fd850 495sys_setgid(struct setgid_args *uap)
984263bc 496{
41c20dac
MD
497 struct proc *p = curproc;
498 struct ucred *cr;
499 gid_t gid;
984263bc
MD
500 int error;
501
3919ced0 502 get_mplock();
41c20dac
MD
503 cr = p->p_ucred;
504
984263bc
MD
505 /*
506 * See if we have "permission" by POSIX 1003.1 rules.
507 *
508 * Note that setgid(getegid()) is a special case of
509 * "appropriate privileges" in appendix B.4.2.2. We need
9a7c6212 510 * to use this clause to be compatible with traditional BSD
984263bc
MD
511 * semantics. Basically, it means that "setgid(xx)" sets all
512 * three id's (assuming you have privs).
513 *
514 * For notes on the logic here, see setuid() above.
515 */
516 gid = uap->gid;
41c20dac 517 if (gid != cr->cr_rgid && /* allow setgid(getgid()) */
984263bc 518#ifdef _POSIX_SAVED_IDS
41c20dac 519 gid != cr->cr_svgid && /* allow setgid(saved gid) */
984263bc
MD
520#endif
521#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
41c20dac 522 gid != cr->cr_groups[0] && /* allow setgid(getegid()) */
984263bc 523#endif
3919ced0
MD
524 (error = priv_check_cred(cr, PRIV_CRED_SETGID, 0))) {
525 goto done;
526 }
984263bc
MD
527
528#ifdef _POSIX_SAVED_IDS
529 /*
530 * Do we have "appropriate privileges" (are we root or gid == egid)
531 * If so, we are changing the real uid and saved gid.
532 */
533 if (
534#ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */
41c20dac 535 gid == cr->cr_groups[0] ||
984263bc 536#endif
3a591c90 537 priv_check_cred(cr, PRIV_CRED_SETGID, 0) == 0) /* we are using privs */
984263bc
MD
538#endif
539 {
540 /*
541 * Set real gid
542 */
41c20dac 543 if (cr->cr_rgid != gid) {
115ccd83 544 cr = cratom(&p->p_ucred);
41c20dac
MD
545 cr->cr_rgid = gid;
546 setsugid();
984263bc
MD
547 }
548 /*
549 * Set saved gid
550 *
551 * XXX always set saved gid even if not _POSIX_SAVED_IDS, as
552 * the security of setegid() depends on it. B.4.2.2 says it
553 * is important that we should do this.
554 */
41c20dac 555 if (cr->cr_svgid != gid) {
115ccd83 556 cr = cratom(&p->p_ucred);
41c20dac
MD
557 cr->cr_svgid = gid;
558 setsugid();
984263bc
MD
559 }
560 }
561 /*
562 * In all cases permitted cases, we are changing the egid.
563 * Copy credentials so other references do not see our changes.
564 */
41c20dac 565 if (cr->cr_groups[0] != gid) {
e9a372eb 566 cr = cratom(&p->p_ucred);
41c20dac
MD
567 cr->cr_groups[0] = gid;
568 setsugid();
984263bc 569 }
3919ced0
MD
570 error = 0;
571done:
572 rel_mplock();
573 return (error);
984263bc
MD
574}
575
3919ced0
MD
576/*
577 * MPALMOSTSAFE
578 */
984263bc 579int
753fd850 580sys_setegid(struct setegid_args *uap)
984263bc 581{
41c20dac
MD
582 struct proc *p = curproc;
583 struct ucred *cr;
584 gid_t egid;
984263bc
MD
585 int error;
586
3919ced0 587 get_mplock();
41c20dac 588 cr = p->p_ucred;
984263bc 589 egid = uap->egid;
41c20dac
MD
590 if (egid != cr->cr_rgid && /* allow setegid(getgid()) */
591 egid != cr->cr_svgid && /* allow setegid(saved gid) */
3919ced0
MD
592 (error = priv_check_cred(cr, PRIV_CRED_SETEGID, 0))) {
593 goto done;
594 }
41c20dac 595 if (cr->cr_groups[0] != egid) {
e9a372eb 596 cr = cratom(&p->p_ucred);
41c20dac
MD
597 cr->cr_groups[0] = egid;
598 setsugid();
984263bc 599 }
3919ced0
MD
600 error = 0;
601done:
602 rel_mplock();
603 return (error);
984263bc
MD
604}
605
3919ced0
MD
606/*
607 * MPALMOSTSAFE
608 */
984263bc 609int
753fd850 610sys_setgroups(struct setgroups_args *uap)
984263bc 611{
41c20dac
MD
612 struct proc *p = curproc;
613 struct ucred *cr;
614 u_int ngrp;
984263bc
MD
615 int error;
616
3919ced0 617 get_mplock();
41c20dac
MD
618 cr = p->p_ucred;
619
3a591c90 620 if ((error = priv_check_cred(cr, PRIV_CRED_SETGROUPS, 0)))
3919ced0 621 goto done;
984263bc 622 ngrp = uap->gidsetsize;
3919ced0
MD
623 if (ngrp > NGROUPS) {
624 error = EINVAL;
625 goto done;
626 }
984263bc
MD
627 /*
628 * XXX A little bit lazy here. We could test if anything has
e9a372eb 629 * changed before cratom() and setting P_SUGID.
984263bc 630 */
e9a372eb 631 cr = cratom(&p->p_ucred);
984263bc
MD
632 if (ngrp < 1) {
633 /*
634 * setgroups(0, NULL) is a legitimate way of clearing the
635 * groups vector on non-BSD systems (which generally do not
636 * have the egid in the groups[0]). We risk security holes
637 * when running non-BSD software if we do not do the same.
638 */
41c20dac 639 cr->cr_ngroups = 1;
984263bc 640 } else {
3919ced0
MD
641 error = copyin(uap->gidset, cr->cr_groups,
642 ngrp * sizeof(gid_t));
643 if (error)
644 goto done;
41c20dac 645 cr->cr_ngroups = ngrp;
984263bc 646 }
41c20dac 647 setsugid();
3919ced0
MD
648 error = 0;
649done:
650 rel_mplock();
651 return (error);
984263bc
MD
652}
653
3919ced0
MD
654/*
655 * MPALMOSTSAFE
656 */
984263bc 657int
753fd850 658sys_setreuid(struct setreuid_args *uap)
984263bc 659{
41c20dac
MD
660 struct proc *p = curproc;
661 struct ucred *cr;
662 uid_t ruid, euid;
984263bc
MD
663 int error;
664
3919ced0 665 get_mplock();
41c20dac
MD
666 cr = p->p_ucred;
667
984263bc
MD
668 ruid = uap->ruid;
669 euid = uap->euid;
41c20dac
MD
670 if (((ruid != (uid_t)-1 && ruid != cr->cr_ruid && ruid != cr->cr_svuid) ||
671 (euid != (uid_t)-1 && euid != cr->cr_uid &&
672 euid != cr->cr_ruid && euid != cr->cr_svuid)) &&
3919ced0
MD
673 (error = priv_check_cred(cr, PRIV_CRED_SETREUID, 0)) != 0) {
674 goto done;
675 }
984263bc 676
41c20dac 677 if (euid != (uid_t)-1 && cr->cr_uid != euid) {
be170d6b 678 cr = change_euid(euid);
41c20dac 679 setsugid();
984263bc 680 }
41c20dac 681 if (ruid != (uid_t)-1 && cr->cr_ruid != ruid) {
be170d6b 682 cr = change_ruid(ruid);
41c20dac 683 setsugid();
984263bc 684 }
41c20dac
MD
685 if ((ruid != (uid_t)-1 || cr->cr_uid != cr->cr_ruid) &&
686 cr->cr_svuid != cr->cr_uid) {
e9a372eb 687 cr = cratom(&p->p_ucred);
41c20dac
MD
688 cr->cr_svuid = cr->cr_uid;
689 setsugid();
984263bc 690 }
3919ced0
MD
691 error = 0;
692done:
693 rel_mplock();
694 return (error);
984263bc
MD
695}
696
3919ced0
MD
697/*
698 * MPALMOSTSAFE
699 */
984263bc 700int
753fd850 701sys_setregid(struct setregid_args *uap)
984263bc 702{
41c20dac
MD
703 struct proc *p = curproc;
704 struct ucred *cr;
705 gid_t rgid, egid;
984263bc
MD
706 int error;
707
3919ced0 708 get_mplock();
41c20dac
MD
709 cr = p->p_ucred;
710
984263bc
MD
711 rgid = uap->rgid;
712 egid = uap->egid;
41c20dac
MD
713 if (((rgid != (gid_t)-1 && rgid != cr->cr_rgid && rgid != cr->cr_svgid) ||
714 (egid != (gid_t)-1 && egid != cr->cr_groups[0] &&
715 egid != cr->cr_rgid && egid != cr->cr_svgid)) &&
3919ced0
MD
716 (error = priv_check_cred(cr, PRIV_CRED_SETREGID, 0)) != 0) {
717 goto done;
718 }
984263bc 719
41c20dac 720 if (egid != (gid_t)-1 && cr->cr_groups[0] != egid) {
e9a372eb 721 cr = cratom(&p->p_ucred);
41c20dac
MD
722 cr->cr_groups[0] = egid;
723 setsugid();
984263bc 724 }
41c20dac 725 if (rgid != (gid_t)-1 && cr->cr_rgid != rgid) {
e9a372eb 726 cr = cratom(&p->p_ucred);
41c20dac
MD
727 cr->cr_rgid = rgid;
728 setsugid();
984263bc 729 }
41c20dac
MD
730 if ((rgid != (gid_t)-1 || cr->cr_groups[0] != cr->cr_rgid) &&
731 cr->cr_svgid != cr->cr_groups[0]) {
e9a372eb 732 cr = cratom(&p->p_ucred);
41c20dac
MD
733 cr->cr_svgid = cr->cr_groups[0];
734 setsugid();
984263bc 735 }
3919ced0
MD
736 error = 0;
737done:
738 rel_mplock();
739 return (error);
984263bc
MD
740}
741
742/*
743 * setresuid(ruid, euid, suid) is like setreuid except control over the
744 * saved uid is explicit.
3919ced0
MD
745 *
746 * MPALMOSTSAFE
984263bc 747 */
984263bc 748int
753fd850 749sys_setresuid(struct setresuid_args *uap)
984263bc 750{
41c20dac
MD
751 struct proc *p = curproc;
752 struct ucred *cr;
753 uid_t ruid, euid, suid;
984263bc
MD
754 int error;
755
3919ced0 756 get_mplock();
41c20dac 757 cr = p->p_ucred;
3919ced0 758
984263bc
MD
759 ruid = uap->ruid;
760 euid = uap->euid;
761 suid = uap->suid;
41c20dac
MD
762 if (((ruid != (uid_t)-1 && ruid != cr->cr_ruid && ruid != cr->cr_svuid &&
763 ruid != cr->cr_uid) ||
764 (euid != (uid_t)-1 && euid != cr->cr_ruid && euid != cr->cr_svuid &&
765 euid != cr->cr_uid) ||
766 (suid != (uid_t)-1 && suid != cr->cr_ruid && suid != cr->cr_svuid &&
767 suid != cr->cr_uid)) &&
3919ced0
MD
768 (error = priv_check_cred(cr, PRIV_CRED_SETRESUID, 0)) != 0) {
769 goto done;
770 }
41c20dac 771 if (euid != (uid_t)-1 && cr->cr_uid != euid) {
be170d6b 772 cr = change_euid(euid);
41c20dac 773 setsugid();
984263bc 774 }
41c20dac 775 if (ruid != (uid_t)-1 && cr->cr_ruid != ruid) {
be170d6b 776 cr = change_ruid(ruid);
41c20dac 777 setsugid();
984263bc 778 }
41c20dac 779 if (suid != (uid_t)-1 && cr->cr_svuid != suid) {
e9a372eb 780 cr = cratom(&p->p_ucred);
41c20dac
MD
781 cr->cr_svuid = suid;
782 setsugid();
984263bc 783 }
3919ced0
MD
784 error = 0;
785done:
786 rel_mplock();
787 return (error);
984263bc
MD
788}
789
790/*
791 * setresgid(rgid, egid, sgid) is like setregid except control over the
792 * saved gid is explicit.
3919ced0
MD
793 *
794 * MPALMOSTSAFE
984263bc 795 */
984263bc 796int
753fd850 797sys_setresgid(struct setresgid_args *uap)
984263bc 798{
41c20dac
MD
799 struct proc *p = curproc;
800 struct ucred *cr;
801 gid_t rgid, egid, sgid;
984263bc
MD
802 int error;
803
3919ced0 804 get_mplock();
41c20dac 805 cr = p->p_ucred;
984263bc
MD
806 rgid = uap->rgid;
807 egid = uap->egid;
808 sgid = uap->sgid;
41c20dac
MD
809 if (((rgid != (gid_t)-1 && rgid != cr->cr_rgid && rgid != cr->cr_svgid &&
810 rgid != cr->cr_groups[0]) ||
811 (egid != (gid_t)-1 && egid != cr->cr_rgid && egid != cr->cr_svgid &&
812 egid != cr->cr_groups[0]) ||
813 (sgid != (gid_t)-1 && sgid != cr->cr_rgid && sgid != cr->cr_svgid &&
814 sgid != cr->cr_groups[0])) &&
3919ced0
MD
815 (error = priv_check_cred(cr, PRIV_CRED_SETRESGID, 0)) != 0) {
816 goto done;
817 }
984263bc 818
41c20dac 819 if (egid != (gid_t)-1 && cr->cr_groups[0] != egid) {
e9a372eb 820 cr = cratom(&p->p_ucred);
41c20dac
MD
821 cr->cr_groups[0] = egid;
822 setsugid();
984263bc 823 }
41c20dac 824 if (rgid != (gid_t)-1 && cr->cr_rgid != rgid) {
e9a372eb 825 cr = cratom(&p->p_ucred);
41c20dac
MD
826 cr->cr_rgid = rgid;
827 setsugid();
984263bc 828 }
41c20dac 829 if (sgid != (gid_t)-1 && cr->cr_svgid != sgid) {
e9a372eb 830 cr = cratom(&p->p_ucred);
41c20dac
MD
831 cr->cr_svgid = sgid;
832 setsugid();
984263bc 833 }
3919ced0
MD
834 error = 0;
835done:
836 rel_mplock();
837 return (error);
984263bc
MD
838}
839
3919ced0
MD
840/*
841 * MPALMOSTSAFE
842 */
984263bc 843int
753fd850 844sys_getresuid(struct getresuid_args *uap)
984263bc 845{
41c20dac 846 struct proc *p = curproc;
3919ced0 847 struct ucred *cr;
984263bc
MD
848 int error1 = 0, error2 = 0, error3 = 0;
849
3919ced0
MD
850 get_mplock();
851 cr = p->p_ucred;
984263bc 852 if (uap->ruid)
41c20dac
MD
853 error1 = copyout((caddr_t)&cr->cr_ruid,
854 (caddr_t)uap->ruid, sizeof(cr->cr_ruid));
984263bc 855 if (uap->euid)
41c20dac
MD
856 error2 = copyout((caddr_t)&cr->cr_uid,
857 (caddr_t)uap->euid, sizeof(cr->cr_uid));
984263bc 858 if (uap->suid)
41c20dac
MD
859 error3 = copyout((caddr_t)&cr->cr_svuid,
860 (caddr_t)uap->suid, sizeof(cr->cr_svuid));
3919ced0 861 rel_mplock();
984263bc
MD
862 return error1 ? error1 : (error2 ? error2 : error3);
863}
864
3919ced0 865/*
9910d07b 866 * MPSAFE
3919ced0 867 */
984263bc 868int
753fd850 869sys_getresgid(struct getresgid_args *uap)
984263bc 870{
3919ced0 871 struct ucred *cr;
984263bc
MD
872 int error1 = 0, error2 = 0, error3 = 0;
873
9910d07b 874 cr = curthread->td_ucred;
984263bc 875 if (uap->rgid)
9910d07b
MD
876 error1 = copyout(&cr->cr_rgid, uap->rgid,
877 sizeof(cr->cr_rgid));
984263bc 878 if (uap->egid)
9910d07b
MD
879 error2 = copyout(&cr->cr_groups[0], uap->egid,
880 sizeof(cr->cr_groups[0]));
984263bc 881 if (uap->sgid)
9910d07b
MD
882 error3 = copyout(&cr->cr_svgid, uap->sgid,
883 sizeof(cr->cr_svgid));
984263bc
MD
884 return error1 ? error1 : (error2 ? error2 : error3);
885}
886
887
3919ced0
MD
888/*
889 * NOTE: OpenBSD sets a P_SUGIDEXEC flag set at execve() time,
890 * we use P_SUGID because we consider changing the owners as
891 * "tainting" as well.
892 * This is significant for procs that start as root and "become"
893 * a user without an exec - programs cannot know *everything*
894 * that libc *might* have put in their data segment.
895 *
896 * MPSAFE
897 */
984263bc 898int
753fd850 899sys_issetugid(struct issetugid_args *uap)
984263bc 900{
3919ced0 901 uap->sysmsg_result = (curproc->p_flag & P_SUGID) ? 1 : 0;
984263bc
MD
902 return (0);
903}
904
905/*
906 * Check if gid is a member of the group set.
907 */
908int
41c20dac 909groupmember(gid_t gid, struct ucred *cred)
984263bc 910{
41c20dac 911 gid_t *gp;
984263bc
MD
912 gid_t *egp;
913
914 egp = &(cred->cr_groups[cred->cr_ngroups]);
4f645dbb 915 for (gp = cred->cr_groups; gp < egp; gp++) {
984263bc
MD
916 if (*gp == gid)
917 return (1);
4f645dbb 918 }
984263bc
MD
919 return (0);
920}
921
922/*
d46b588e
MN
923 * Test whether the specified credentials have the privilege
924 * in question.
925 *
926 * A kernel thread without a process context is assumed to have
927 * the privilege in question. In situations where the caller always
928 * expect a cred to exist, the cred should be passed separately and
929 * priv_check_cred() should be used instead of priv_check().
dadab5e9 930 *
984263bc 931 * Returns 0 or error.
1ee6e3c6
MD
932 *
933 * MPSAFE
984263bc
MD
934 */
935int
d46b588e 936priv_check(struct thread *td, int priv)
984263bc 937{
9910d07b
MD
938 if (td->td_lwp != NULL)
939 return priv_check_cred(td->td_ucred, priv, 0);
940 return (0);
984263bc
MD
941}
942
e4700d00 943/*
d46b588e
MN
944 * Check a credential for privilege.
945 *
e4700d00 946 * A non-null credential is expected unless NULL_CRED_OKAY is set.
1ee6e3c6
MD
947 *
948 * MPSAFE
e4700d00 949 */
984263bc 950int
d46b588e 951priv_check_cred(struct ucred *cred, int priv, int flags)
984263bc 952{
cd554aa4
MN
953 int error;
954
d46b588e
MN
955 KASSERT(PRIV_VALID(priv), ("priv_check_cred: invalid privilege"));
956
957 KASSERT(cred != NULL || flags & NULL_CRED_OKAY,
958 ("priv_check_cred: NULL cred!"));
41c20dac 959
e4700d00 960 if (cred == NULL) {
d46b588e 961 if (flags & NULL_CRED_OKAY)
e4700d00
JH
962 return (0);
963 else
964 return (EPERM);
965 }
984263bc
MD
966 if (cred->cr_uid != 0)
967 return (EPERM);
cd554aa4 968
1b6db7be
MN
969 error = prison_priv_check(cred, priv);
970 if (error)
971 return (error);
cd554aa4 972
dadab5e9 973 /* NOTE: accounting for suser access (p_acflag/ASU) removed */
984263bc
MD
974 return (0);
975}
976
977/*
978 * Return zero if p1 can fondle p2, return errno (EPERM/ESRCH) otherwise.
979 */
984263bc 980int
41c20dac 981p_trespass(struct ucred *cr1, struct ucred *cr2)
984263bc 982{
41c20dac 983 if (cr1 == cr2)
984263bc 984 return (0);
41c20dac 985 if (!PRISON_CHECK(cr1, cr2))
984263bc 986 return (ESRCH);
41c20dac 987 if (cr1->cr_ruid == cr2->cr_ruid)
984263bc 988 return (0);
41c20dac 989 if (cr1->cr_uid == cr2->cr_ruid)
984263bc 990 return (0);
41c20dac 991 if (cr1->cr_ruid == cr2->cr_uid)
984263bc 992 return (0);
41c20dac 993 if (cr1->cr_uid == cr2->cr_uid)
984263bc 994 return (0);
14272f2d 995 if (priv_check_cred(cr1, PRIV_PROC_TRESPASS, 0) == 0)
984263bc
MD
996 return (0);
997 return (EPERM);
998}
999
1000/*
d9b2033e
MD
1001 * MPSAFE
1002 */
1003static __inline void
1004_crinit(struct ucred *cr)
1005{
d9b2033e
MD
1006 cr->cr_ref = 1;
1007 spin_init(&cr->cr_spin);
1008}
1009
1010/*
1011 * MPSAFE
1012 */
1013void
1014crinit(struct ucred *cr)
1015{
4eee9a80 1016 bzero(cr, sizeof(*cr));
d9b2033e
MD
1017 _crinit(cr);
1018}
1019
1020/*
984263bc 1021 * Allocate a zeroed cred structure.
d9b2033e
MD
1022 *
1023 * MPSAFE
984263bc
MD
1024 */
1025struct ucred *
77153250 1026crget(void)
984263bc 1027{
1fd87d54 1028 struct ucred *cr;
984263bc 1029
4eee9a80 1030 cr = kmalloc(sizeof(*cr), M_CRED, M_WAITOK|M_ZERO);
d9b2033e 1031 _crinit(cr);
984263bc
MD
1032 return (cr);
1033}
1034
1035/*
e9a372eb
MD
1036 * Claim another reference to a ucred structure. Can be used with special
1037 * creds.
d9b2033e
MD
1038 *
1039 * It must be possible to call this routine with spinlocks held, meaning
1040 * that this routine itself cannot obtain a spinlock.
1041 *
1042 * MPSAFE
984263bc 1043 */
dadab5e9 1044struct ucred *
41c20dac 1045crhold(struct ucred *cr)
984263bc 1046{
e9a372eb 1047 if (cr != NOCRED && cr != FSCRED)
d9b2033e 1048 atomic_add_int(&cr->cr_ref, 1);
dadab5e9 1049 return(cr);
984263bc
MD
1050}
1051
1052/*
d9b2033e
MD
1053 * Drop a reference from the cred structure, free it if the reference count
1054 * reaches 0.
1055 *
1056 * NOTE: because we used atomic_add_int() above, without a spinlock, we
1057 * must also use atomic_subtract_int() below. A spinlock is required
1058 * in crfree() to handle multiple callers racing the refcount to 0.
1059 *
1060 * MPALMOSTSAFE - acquires mplock on 1->0 transition of ref count
984263bc
MD
1061 */
1062void
41c20dac 1063crfree(struct ucred *cr)
984263bc 1064{
d9b2033e 1065 if (cr->cr_ref <= 0)
984263bc 1066 panic("Freeing already free credential! %p", cr);
d9b2033e
MD
1067 spin_lock_wr(&cr->cr_spin);
1068 atomic_subtract_int(&cr->cr_ref, 1);
1069 if (cr->cr_ref == 0) {
1070 spin_unlock_wr(&cr->cr_spin);
984263bc
MD
1071 /*
1072 * Some callers of crget(), such as nfs_statfs(),
1073 * allocate a temporary credential, but don't
1074 * allocate a uidinfo structure.
1075 */
d9b2033e 1076 get_mplock();
792033e7
MD
1077 if (cr->cr_uidinfo != NULL) {
1078 uidrop(cr->cr_uidinfo);
1079 cr->cr_uidinfo = NULL;
1080 }
1081 if (cr->cr_ruidinfo != NULL) {
1082 uidrop(cr->cr_ruidinfo);
1083 cr->cr_ruidinfo = NULL;
1084 }
41c20dac
MD
1085
1086 /*
1087 * Destroy empty prisons
1088 */
b40e316c
JS
1089 if (jailed(cr))
1090 prison_free(cr->cr_prison);
41c20dac
MD
1091 cr->cr_prison = NULL; /* safety */
1092
984263bc 1093 FREE((caddr_t)cr, M_CRED);
d9b2033e
MD
1094 rel_mplock();
1095 } else {
1096 spin_unlock_wr(&cr->cr_spin);
984263bc
MD
1097 }
1098}
1099
1100/*
e9a372eb
MD
1101 * Atomize a cred structure so it can be modified without polluting
1102 * other references to it.
1103 */
1104struct ucred *
1105cratom(struct ucred **pcr)
1106{
1107 struct ucred *oldcr;
1108 struct ucred *newcr;
1109
1110 oldcr = *pcr;
1111 if (oldcr->cr_ref == 1)
1112 return (oldcr);
1113 newcr = crget();
1114 *newcr = *oldcr;
1115 if (newcr->cr_uidinfo)
1116 uihold(newcr->cr_uidinfo);
1117 if (newcr->cr_ruidinfo)
1118 uihold(newcr->cr_ruidinfo);
b40e316c
JS
1119 if (jailed(newcr))
1120 prison_hold(newcr->cr_prison);
e9a372eb
MD
1121 newcr->cr_ref = 1;
1122 crfree(oldcr);
1123 *pcr = newcr;
1124 return (newcr);
1125}
1126
1127#if 0 /* no longer used but keep around for a little while */
1128/*
984263bc
MD
1129 * Copy cred structure to a new one and free the old one.
1130 */
1131struct ucred *
41c20dac 1132crcopy(struct ucred *cr)
984263bc
MD
1133{
1134 struct ucred *newcr;
1135
1136 if (cr->cr_ref == 1)
1137 return (cr);
1138 newcr = crget();
1139 *newcr = *cr;
41c20dac
MD
1140 if (newcr->cr_uidinfo)
1141 uihold(newcr->cr_uidinfo);
1142 if (newcr->cr_ruidinfo)
1143 uihold(newcr->cr_ruidinfo);
b40e316c
JS
1144 if (jailed(newcr))
1145 prison_hold(newcr->cr_prison);
984263bc 1146 newcr->cr_ref = 1;
41c20dac 1147 crfree(cr);
984263bc
MD
1148 return (newcr);
1149}
e9a372eb 1150#endif
984263bc
MD
1151
1152/*
1153 * Dup cred struct to a new held one.
1154 */
1155struct ucred *
77153250 1156crdup(struct ucred *cr)
984263bc
MD
1157{
1158 struct ucred *newcr;
1159
1160 newcr = crget();
1161 *newcr = *cr;
41c20dac
MD
1162 if (newcr->cr_uidinfo)
1163 uihold(newcr->cr_uidinfo);
1164 if (newcr->cr_ruidinfo)
1165 uihold(newcr->cr_ruidinfo);
b40e316c
JS
1166 if (jailed(newcr))
1167 prison_hold(newcr->cr_prison);
984263bc
MD
1168 newcr->cr_ref = 1;
1169 return (newcr);
1170}
1171
1172/*
1173 * Fill in a struct xucred based on a struct ucred.
1174 */
1175void
77153250 1176cru2x(struct ucred *cr, struct xucred *xcr)
984263bc
MD
1177{
1178
1179 bzero(xcr, sizeof(*xcr));
1180 xcr->cr_version = XUCRED_VERSION;
1181 xcr->cr_uid = cr->cr_uid;
1182 xcr->cr_ngroups = cr->cr_ngroups;
1183 bcopy(cr->cr_groups, xcr->cr_groups, sizeof(cr->cr_groups));
1184}
1185
1186/*
1187 * Get login name, if available.
3919ced0
MD
1188 *
1189 * MPALMOSTSAFE
984263bc 1190 */
984263bc 1191int
753fd850 1192sys_getlogin(struct getlogin_args *uap)
984263bc 1193{
41c20dac 1194 struct proc *p = curproc;
3919ced0
MD
1195 char buf[MAXLOGNAME];
1196 int error;
984263bc 1197
3919ced0 1198 if (uap->namelen > MAXLOGNAME) /* namelen is unsigned */
984263bc 1199 uap->namelen = MAXLOGNAME;
3919ced0
MD
1200 get_mplock();
1201 bzero(buf, sizeof(buf));
1202 bcopy(p->p_pgrp->pg_session->s_login, buf, uap->namelen);
1203 rel_mplock();
1204
1205 error = copyout(buf, uap->namebuf, uap->namelen);
1206 return (error);
984263bc
MD
1207}
1208
1209/*
1210 * Set login name.
3919ced0
MD
1211 *
1212 * MPALMOSTSAFE
984263bc 1213 */
984263bc 1214int
753fd850 1215sys_setlogin(struct setlogin_args *uap)
984263bc 1216{
9910d07b
MD
1217 struct thread *td = curthread;
1218 struct proc *p;
1219 struct ucred *cred;
3919ced0 1220 char buf[MAXLOGNAME];
984263bc 1221 int error;
984263bc 1222
9910d07b
MD
1223 cred = td->td_ucred;
1224 p = td->td_proc;
1225
1226 if ((error = priv_check_cred(cred, PRIV_PROC_SETLOGIN, 0)))
984263bc 1227 return (error);
3919ced0
MD
1228 bzero(buf, sizeof(buf));
1229 error = copyinstr(uap->namebuf, buf, sizeof(buf), NULL);
984263bc
MD
1230 if (error == ENAMETOOLONG)
1231 error = EINVAL;
3919ced0
MD
1232 if (error == 0) {
1233 get_mplock();
1234 memcpy(p->p_pgrp->pg_session->s_login, buf, sizeof(buf));
1235 rel_mplock();
1236 }
984263bc
MD
1237 return (error);
1238}
1239
1240void
77153250 1241setsugid(void)
984263bc 1242{
41c20dac
MD
1243 struct proc *p = curproc;
1244
1245 KKASSERT(p != NULL);
984263bc
MD
1246 p->p_flag |= P_SUGID;
1247 if (!(p->p_pfsflags & PF_ISUGID))
1248 p->p_stops = 0;
1249}
1250
1251/*
1252 * Helper function to change the effective uid of a process
1253 */
be170d6b 1254struct ucred *
41c20dac 1255change_euid(uid_t euid)
984263bc 1256{
41c20dac
MD
1257 struct proc *p = curproc;
1258 struct ucred *cr;
984263bc 1259
41c20dac 1260 KKASSERT(p != NULL);
94507578 1261 lf_count_adjust(p, 0);
e9a372eb 1262 cr = cratom(&p->p_ucred);
41c20dac 1263 cr->cr_uid = euid;
792033e7 1264 uireplace(&cr->cr_uidinfo, uifind(euid));
94507578 1265 lf_count_adjust(p, 1);
be170d6b 1266 return (cr);
984263bc
MD
1267}
1268
1269/*
1270 * Helper function to change the real uid of a process
1271 *
1272 * The per-uid process count for this process is transfered from
1273 * the old uid to the new uid.
1274 */
be170d6b 1275struct ucred *
41c20dac 1276change_ruid(uid_t ruid)
984263bc 1277{
41c20dac
MD
1278 struct proc *p = curproc;
1279 struct ucred *cr;
984263bc 1280
41c20dac
MD
1281 KKASSERT(p != NULL);
1282
e9a372eb 1283 cr = cratom(&p->p_ucred);
be170d6b 1284 chgproccnt(cr->cr_ruidinfo, -1, 0);
41c20dac 1285 cr->cr_ruid = ruid;
792033e7 1286 uireplace(&cr->cr_ruidinfo, uifind(ruid));
be170d6b
SS
1287 chgproccnt(cr->cr_ruidinfo, 1, 0);
1288 return (cr);
984263bc 1289}