#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/buf.h>
#include <sys/bus.h>
#include <sys/disk.h>
case CDIOCRESET:
; /* note: if no proc EPERM will be returned */
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error)
break;
error = atapi_test_ready(cdp->device);
#include <sys/malloc.h>
#include <sys/module.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/syslog.h>
#include <sys/device.h>
#include <sys/bus.h>
case FD_STYPE: /* set drive type */
/* this is considered harmful; only allow for superuser */
- if (suser_cred(ap->a_cred, 0) != 0)
+ if (priv_check_cred(ap->a_cred, PRIV_ROOT, 0) != 0)
return EPERM;
fd->ft = *(struct fd_type *)ap->a_data;
break;
#include <sys/module.h>
#include <sys/nata.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/systm.h>
#include "ata-all.h"
break;
case CDIOCRESET:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error)
break;
error = acd_test_ready(dev);
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/nlookup.h>
#include <sys/buf.h>
#include <sys/malloc.h>
vn_specific:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error)
return (error);
#include <sys/systm.h>
#include <sys/conf.h>
#include <sys/stat.h>
-#if __FreeBSD_version >= 700000
#include <sys/priv.h>
-#endif
#include <sys/proc.h>
#include <sys/lock.h>
#include <sys/fcntl.h>
#if defined(__FreeBSD__) || defined(__DragonFly__)
#define PAGE_ALIGN(addr) round_page(addr)
/* DRM_SUSER returns true if the user is superuser */
-#if __FreeBSD_version >= 700000
#define DRM_SUSER(p) (priv_check(p, PRIV_DRIVER) == 0)
-#else
-#define DRM_SUSER(p) (suser(p) == 0)
-#endif
#define DRM_AGP_FIND_DEVICE() agp_find_device()
#define DRM_MTRR_WC MDF_WRITECOMBINE
#define jiffies ticks
#include <sys/tty.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/thread2.h>
#include <sys/ucred.h>
#include <sys/bus.h>
tp->t_lflag = TTYDEF_LFLAG;
tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
ttsetwater(tp);
- } else if ((tp->t_state & TS_XCLUDE) && suser_cred(ap->a_cred, 0)) {
+ } else if ((tp->t_state & TS_XCLUDE) && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
crit_exit();
return (EBUSY);
}
#include <sys/ioctl_compat.h>
#endif
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/thread2.h>
#include <sys/tty.h>
#include <sys/conf.h>
tp->t_lflag = TTYDEF_LFLAG;
tp->t_cflag = TTYDEF_CFLAG;
tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
- } else if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0)) {
+ } else if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
return (EBUSY);
} else if (pti->pt_prison != ap->a_cred->cr_prison) {
return (EBUSY);
#include <sys/conf.h>
#include <sys/device.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/signalvar.h>
#include <sys/mman.h>
* require sufficient privilege soon and nothing much can be done
* without them.
*/
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return error;
if (securelevel > 0)
break;
case SPIGOT_IOPL_ON: /* allow access to the IO PAGE */
#if !defined(SPIGOT_UNSECURE)
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return error;
if (securelevel > 0)
#include <sys/reboot.h>
#include <sys/conf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/signalvar.h>
#include <sys/sysctl.h>
#include <sys/tty.h>
(*linesw[tp->t_line].l_modem)(tp, 1);
}
else
- if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0))
+ if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0))
return(EBUSY);
error = (*linesw[tp->t_line].l_open)(dev, tp);
return 0;
case KDENABIO: /* allow io operations */
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return error;
if (securelevel > 0)
#include <sys/systm.h>
#include <sys/conf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/tty.h>
#include <sys/kernel.h>
#include <sys/thread2.h>
tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
smparam(tp, &tp->t_termios);
(*linesw[tp->t_line].l_modem)(tp, 1);
- } else if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0)) {
+ } else if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
return EBUSY;
}
#include <sys/mbuf.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/ucred.h>
#include <sys/socket.h>
#ifdef ANCACHE
break;
#ifdef ANCACHE
if (sc->areq.an_type == AN_RID_ZERO_CACHE) {
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error)
break;
sc->an_sigitems = sc->an_nextitem = 0;
error = copyout(&sc->areq, ifr->ifr_data, sizeof(sc->areq));
break;
case SIOCSAIRONET:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)))
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
break;
error = copyin(ifr->ifr_data, &sc->areq, sizeof(sc->areq));
if (error != 0)
an_setdef(sc, &sc->areq);
break;
case SIOCGPRIVATE_0: /* used by Cisco client utility */
- if ((error = suser_cred(cr, NULL_CRED_OKAY)))
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
break;
copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl));
mode = l_ioctl.command;
break;
case SIOCGPRIVATE_1: /* used by Cisco client utility */
- if ((error = suser_cred(cr, NULL_CRED_OKAY)))
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
break;
copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl));
l_ioctl.command = 0;
}
break;
case SIOCS80211:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)))
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
break;
sc->areq.an_len = sizeof(sc->areq);
/*
#include <sys/bus.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <machine/stdarg.h>
int error;
if (enable) {
- error = suser(curthread);
+ error = priv_check(curthread, PRIV_ROOT);
if (error == 0) {
error = alq_open(&ath_hal_alq, ath_hal_logfile,
curthread->td_ucred, ALQ_DEFAULT_CMODE,
#include <sys/fcntl.h>
#include <sys/conf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/tty.h>
#include <sys/socket.h>
#include <sys/thread2.h>
tp = c->ttyp;
tp->t_dev = dev;
if ((tp->t_state & TS_ISOPEN) && (tp->t_state & TS_XCLUDE) &&
- suser_cred(ap->a_cred, 0))
+ priv_check_cred(ap->a_cred, PRIV_ROOT, 0))
return (EBUSY);
if (! (tp->t_state & TS_ISOPEN)) {
ttychars (tp);
#include <sys/module.h>
#include <sys/endian.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/ucred.h>
#include <sys/bus.h>
#include <sys/rman.h>
case SIOCSLOADFW:
/* only super-user can do that! */
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error != 0)
break;
case SIOCSKILLFW:
/* only super-user can do that! */
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error != 0)
break;
#include <sys/socket.h>
#include <sys/queue.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sysctl.h>
#include <sys/bus.h>
#include <sys/rman.h>
uint32_t foo;
int error, len;
- error = suser(curthread);
+ error = priv_check(curthread, PRIV_ROOT);
if (error)
return (error);
#include <sys/mbuf.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/callout.h>
#include <sys/syslog.h>
#include <sys/random.h>
case SIOCSHWFLAGS: /* set flags */
/* root only */
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
/* NOTE: returns EPERM if no proc */
if (error)
break;
break;
case SIOCRINSTATS:
- if (!(error = suser_cred(cr, NULL_CRED_OKAY))) /* root only */
+ if (!(error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY))) /* root only */
bzero(&sc->in_stats, sizeof(struct sbni_in_stats));
break;
#include <sys/malloc.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/socket.h>
#include <sys/random.h>
#include <sys/serialize.h>
switch(cmd) {
case SIOCLOADFIRMW:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
if (ifp->if_flags & IFF_UP)
error = EBUSY;
break;
case SIOCGETSTATS :
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
t = 0;
break;
case SIOCCLRSTATS :
- if (!(error = suser_cred(cr, NULL_CRED_OKAY))) {
+ if (!(error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY))) {
bzero(&sc->in_stats, sizeof(struct sbni16_stats));
t = 2;
if (issue_cx28975_cmd(sc, _DSL_CLEAR_ERROR_CTRS, &t, 1))
#include <sys/sockio.h>
#include <sys/mbuf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/kernel.h>
#include <sys/socket.h>
#include <sys/module.h>
error = wi_get_cfg(ifp, cmd, data, cr);
break;
case SIOCSIFGENERIC:
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error)
break;
error = wi_set_cfg(ifp, cmd, data);
error = copyout(&wreq, ifr->ifr_data, sizeof(wreq));
break;
case SIOCSPRISM2DEBUG:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)))
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
goto out;
error = copyin(ifr->ifr_data, &wreq, sizeof(wreq));
if (error)
}
break;
case SIOCS80211:
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error)
break;
ireq = (struct ieee80211req *) data;
#include <sys/socket.h>
#include <sys/syslog.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/serialize.h>
#include <sys/sysctl.h>
#include <sys/bus.h>
/* pointer to buffer in user space */
up = (void *)ifr->ifr_data;
/* work out if they're root */
- isroot = (suser(td) == 0);
+ isroot = (priv_check(td, PRIV_ROOT) == 0);
for (i = 0; i < 0x40; i++) {
/* don't hand the DES key out to non-root users */
/* copy the PSA in from the caller; we only copy _some_ values */
case SIOCSWLPSA:
/* root only */
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
break;
error = EINVAL; /* assume the worst */
/* pointer to buffer in user space containing data */
*/
case SIOCSWLCNWID:
/* root only */
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
break;
if (!(ifp->if_flags & IFF_UP)) {
error = EIO; /* only allowed while up */
/* copy the EEPROM in 2.4 Gz WaveMODEM out to the caller */
case SIOCGWLEEPROM:
/* root only */
- if ((error = suser(td)))
+ if ((error = priv_check(td; PRIV_ROOT)))
break;
/* pointer to buffer in user space */
up = (void *)ifr->ifr_data;
/* zero (Delete) the wl cache */
case SIOCDWLCACHE:
/* root only */
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
break;
wl_cache_zero(sc);
break;
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/bus.h>
#include <sys/rman.h>
crit_enter();
if (ASR_ctlr_held) {
error = EBUSY;
- } else if ((error = suser_cred(ap->a_cred, 0)) == 0) {
+ } else if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0) {
++ASR_ctlr_held;
}
crit_exit();
}
case VINUM_SUPERDEV_TYPE:
- error = suser_cred(ap->a_cred, 0); /* are we root? */
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0); /* are we root? */
if (error == 0) { /* yes, can do */
if (devminor == VINUM_DAEMON_DEV) /* daemon device */
vinum_conf.flags |= VF_DAEMONOPEN; /* we're open */
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/mount.h>
#include <sys/vnode.h>
#include <sys/systm.h>
#include <sys/tty.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/dkstat.h>
#include <sys/fcntl.h>
}
}
if (tp->t_state & TS_XCLUDE &&
- suser_cred(ap->a_cred, 0)) {
+ priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
error = EBUSY;
goto out;
}
}
switch (cmd) {
case TIOCSETA:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return (error);
*ct = *(struct termios *)data;
break;
case TIOCMSDTRWAIT:
/* must be root since the wait applies to following logins */
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0) {
crit_exit();
return (error);
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/dkstat.h>
#include <sys/fcntl.h>
crit_exit();
goto open_top;
}
- if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0)) {
+ if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
error = EBUSY;
goto out;
}
}
switch (cmd) {
case TIOCSETA:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return (error);
*ct = *(struct termios *)data;
break;
case TIOCMSDTRWAIT:
/* must be root since the wait applies to following logins */
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0) {
crit_exit();
return (error);
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/linker.h>
#include <sys/kernel.h>
}
goto open_top;
}
- if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0) != 0) {
+ if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0) != 0) {
error = EBUSY;
goto out;
}
switch (cmd) {
case TIOCSETA:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return (error);
*ct = *(struct termios *)data;
*(int *)data = digimctl(port, 0, DMGET);
break;
case TIOCMSDTRWAIT:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0) {
crit_exit();
return (error);
#include <sys/systm.h>
#include <sys/tty.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/dkstat.h>
#include <sys/fcntl.h>
}
}
if (tp->t_state & TS_XCLUDE &&
- suser_cred(ap->a_cred, 0)) {
+ priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
error = EBUSY;
goto out;
}
break;
case TIOCMSDTRWAIT:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0) {
crit_exit();
return (error);
#include <sys/malloc.h>
#include <sys/tty.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/dkstat.h>
#include <sys/conf.h>
#include <sys/kernel.h>
goto open_top;
}
}
- if(tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0) != 0) {
+ if(tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0) != 0) {
crit_exit();
error = EBUSY;
goto out2;
}
switch (cmd) {
case TIOCSETA:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if(error != 0)
return(error);
*ct = *(struct termios *)data;
*(int *)data = result;
break;
case TIOCMSDTRWAIT:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if(error != 0) {
crit_exit();
return(error);
#endif
#include <sys/tty.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/fcntl.h>
#include <sys/dkstat.h>
/* quickly let in /dev/si_control */
if (IS_CONTROLDEV(mynor)) {
- if ((error = suser_cred(ap->a_cred, 0)))
+ if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)))
return(error);
return(0);
}
}
}
if (tp->t_state & TS_XCLUDE &&
- suser_cred(ap->a_cred, 0)) {
+ priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
DPRINT((pp, DBG_OPEN|DBG_FAIL,
"already open and EXCLUSIVE set\n"));
error = EBUSY;
}
switch (cmd) {
case TIOCSETA:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return (error);
*ct = *(struct termios *)data;
break;
case TIOCMSDTRWAIT:
/* must be root since the wait applies to following logins */
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error == 0)
pp->sp_dtr_wait = *(int *)data * hz / 100;
break;
ip = (int *)data;
-#define SUCHECK if ((error = suser_cred(cred, 0))) goto out
+#define SUCHECK if ((error = priv_check_cred(cred, PRIV_ROOT, 0))) goto out
switch (cmd) {
case TCSIPORTS:
#include <sys/malloc.h>
#include <sys/tty.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/module.h>
#include <sys/conf.h>
#include <sys/dkstat.h>
goto open_top;
}
}
- if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0)) {
+ if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
error = EBUSY;
goto out;
}
}
switch (ap->a_cmd) {
case TIOCSETA:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return (error);
*ct = *(struct termios *)data;
break;
case TIOCMSDTRWAIT:
/* must be root since the wait applies to following logins */
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0) {
crit_exit();
return (error);
#include <sys/malloc.h>
#include <sys/tty.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/fcntl.h>
#include <sys/thread2.h>
goto stlopen_restart;
}
}
- if ((tp->t_state & TS_XCLUDE) && suser_cred(ap->a_cred, 0)) {
+ if ((tp->t_state & TS_XCLUDE) && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
error = EBUSY;
goto stlopen_end;
}
switch (cmd) {
case TIOCSETA:
- if ((error = suser_cred(ap->a_cred, 0)) == 0)
+ if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0)
*localtios = *((struct termios *) data);
break;
case TIOCGETA:
*((int *) data) = (stl_getsignals(portp) | TIOCM_LE);
break;
case TIOCMSDTRWAIT:
- if ((error = suser_cred(ap->a_cred, 0)) == 0)
+ if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0)
portp->dtrwait = *((int *) data) * hz / 100;
break;
case TIOCMGDTRWAIT:
#include <sys/malloc.h>
#include <sys/tty.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/fcntl.h>
#include <sys/uio.h>
}
}
if ((tp->t_state & TS_XCLUDE) &&
- suser_cred(ap->a_cred, 0)) {
+ priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
error = EBUSY;
goto stliopen_end;
}
switch (cmd) {
case TIOCSETA:
- if ((error = suser_cred(ap->a_cred, 0)) == 0)
+ if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0)
*localtios = *((struct termios *) data);
break;
case TIOCGETA:
*((int *) data) = (portp->sigs | TIOCM_LE);
break;
case TIOCMSDTRWAIT:
- if ((error = suser_cred(ap->a_cred, 0)) == 0)
+ if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0)
portp->dtrwait = *((int *) data) * hz / 100;
break;
case TIOCMGDTRWAIT:
#include <sys/file.h>
#include <sys/select.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/poll.h>
#include <sys/sysctl.h>
#include <sys/thread2.h>
if (ISSET(tp->t_state, TS_ISOPEN) &&
ISSET(tp->t_state, TS_XCLUDE) &&
- suser_cred(ap->a_cred, 0)
+ priv_check_cred(ap->a_cred, PRIV_ROOT, 0)
) {
return (EBUSY);
}
#include <sys/sysproto.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <vm/vm_param.h>
KKASSERT(p);
name[0] = CTL_KERN;
name[1] = KERN_HOSTNAME;
- error = suser_cred(p->p_ucred, PRISON_ROOT);
+ error = priv_check_cred(p->p_ucred, PRIV_ROOT, PRISON_ROOT);
if (error)
return (error);
len = MIN(uap->len, MAXHOSTNAMELEN);
struct thread *td = curthread;
int error;
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
hostid = uap->hostid;
#include <sys/mount.h>
#include <sys/nlookup.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/stat.h>
#include <sys/sysproto.h>
#include <sys/systm.h>
/*
* Must be super user
*/
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
#include <sys/lock.h>
#include <sys/fcntl.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/signalvar.h>
#include <sys/vnode.h>
#include <sys/mount.h>
*/
#define NFLAGS (PF_ISUGID)
flags = (unsigned char)*(unsigned int*)ap->a_data;
- if (flags & NFLAGS && (error = suser_cred(ap->a_cred, 0)))
+ if (flags & NFLAGS && (error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)))
return error;
procp->p_pfsflags = flags;
break;
#include <sys/mman.h>
#include <sys/nlookup.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/resource.h>
#include <sys/resourcevar.h>
#include <sys/sysproto.h>
if (args->level < 0 || args->level > 3)
return (EINVAL);
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
if (securelevel > 0)
return (EPERM);
#include <sys/mount.h>
#include <sys/poll.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/nlookup.h>
#include <sys/blist.h>
#include <sys/reboot.h>
* Keep cr_groups[0] unchanged to prevent that.
*/
- if ((error = suser_cred(oldcred, PRISON_ROOT)) != 0)
+ if ((error = priv_check_cred(oldcred, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
if (ngrp >= NGROUPS)
#include <sys/kern_syscall.h>
#include <sys/nlookup.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sysproto.h>
#include <sys/thread.h>
* Keep cr_groups[0] unchanged to prevent that.
*/
- if ((error = suser_cred(oldcred, PRISON_ROOT)) != 0)
+ if ((error = priv_check_cred(oldcred, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
if (ngrp >= NGROUPS)
#include <sys/imgact_aout.h>
#include <sys/mman.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/resourcevar.h>
#include <sys/sysent.h>
#include <sys/systm.h>
/* only super-user should call this sysctl */
td = req->td;
- if ((suser(td)) != 0)
+ if ((priv_check(td, PRIV_ROOT)) != 0)
return EPERM;
error = count = 0;
int error;
p = curproc;
- if ((error = suser_cred(p->p_ucred, 0)) != 0)
+ if ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, 0)) != 0)
return(error);
if ((vp = p->p_textvp) == NULL)
return(ENOENT);
int count;
p = curproc;
- if ((error = suser_cred(p->p_ucred, 0)) != 0)
+ if ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, 0)) != 0)
return(error);
/*
#include <sys/systm.h>
#include <sys/sysproto.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/mount.h>
#include <sys/vnode.h>
#include <sys/fcntl.h>
int error;
/* Make sure that the caller is root. */
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
#include <sys/wait.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/ktrace.h>
#include <sys/signalvar.h>
#include <sys/pioctl.h>
* we do not regain any tracing during a possible block.
*/
setsugid();
- if (p->p_tracenode && suser(td) != 0) {
+ if (p->p_tracenode && priv_check(td, PRIV_ROOT) != 0) {
ktrdestroy(&p->p_tracenode);
p->p_traceflag = 0;
}
#include <sys/sysctl.h>
#include <sys/vnode.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/nlookup.h>
#include <sys/file.h>
#include <sys/stat.h>
if (securelevel >= 1)
disablexworkaround = 1;
else
- disablexworkaround = suser(td);
+ disablexworkaround = priv_check(td, PRIV_ROOT);
if (vp->v_type == VCHR && disablexworkaround &&
(flags & (MAP_PRIVATE|MAP_COPY))) {
error = EINVAL;
#include <sys/nlookup.h>
#include <sys/namecache.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/jail.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
struct jail_ip_storage *jip;
/* Multiip */
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error) {
uap->sysmsg_result = -1;
return(error);
struct thread *td = curthread;
int error;
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return(error);
#include <sys/sysproto.h>
#include <sys/sysent.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/lock.h>
#include <sys/module.h>
#include <sys/queue.h>
if (securelevel > 0 || kernel_mem_readonly) /* redundant, but that's OK */
return EPERM;
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return error;
filename = kmalloc(MAXPATHLEN, M_TEMP, M_WAITOK);
if (securelevel > 0 || kernel_mem_readonly) /* redundant, but that's OK */
return EPERM;
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return error;
lf = linker_find_file_by_id(uap->fileid);
#include <sys/malloc.h>
#include <sys/memrange.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/random.h>
#include <sys/signalvar.h>
#include <sys/signal2.h>
error = 0;
break;
case 14:
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
break;
if (securelevel > 0 || kernel_mem_readonly) {
break;
case MEM_SETIRQ:
intr = *(int16_t *)data;
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
break;
if (intr < 0 || intr >= MAX_INTS)
return (EINVAL);
break;
case MEM_CLEARIRQ:
intr = *(int16_t *)data;
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
break;
if (intr < 0 || intr >= MAX_INTS)
return (EINVAL);
break;
case MEM_FINDIRQ:
intr = *(int16_t *)data;
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
break;
if (intr < 0 || intr >= MAX_INTS)
return (EINVAL);
#include <sys/sysproto.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/time.h>
#include <sys/timex.h>
#include <sys/timepps.h>
*/
modes = ntv.modes;
if (modes)
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
crit_enter();
#include <sys/resource.h>
#include <sys/spinlock.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/file.h>
#include <sys/lockf.h>
#include <sys/kern_syscall.h>
if (limp->rlim_cur > alimp->rlim_max ||
limp->rlim_max > alimp->rlim_max) {
spin_unlock_rd(&limit->p_spin);
- if ((error = suser_cred(p->p_ucred, PRISON_ROOT)))
+ if ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, PRISON_ROOT)))
return (error);
} else {
spin_unlock_rd(&limit->p_spin);
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/malloc.h>
#include <sys/pioctl.h>
#include <sys/resourcevar.h>
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
uid != cr->cr_uid && /* allow setuid(geteuid()) */
#endif
- (error = suser_cred(cr, PRISON_ROOT)))
+ (error = priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT)))
return (error);
#ifdef _POSIX_SAVED_IDS
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use the clause from B.4.2.2 */
uid == cr->cr_uid ||
#endif
- suser_cred(cr, PRISON_ROOT) == 0) /* we are using privs */
+ priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT) == 0) /* we are using privs */
#endif
{
/*
euid = uap->euid;
if (euid != cr->cr_ruid && /* allow seteuid(getuid()) */
euid != cr->cr_svuid && /* allow seteuid(saved uid) */
- (error = suser_cred(cr, PRISON_ROOT)))
+ (error = priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT)))
return (error);
/*
* Everything's okay, do it. Copy credentials so other references do
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
gid != cr->cr_groups[0] && /* allow setgid(getegid()) */
#endif
- (error = suser_cred(cr, PRISON_ROOT)))
+ (error = priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT)))
return (error);
#ifdef _POSIX_SAVED_IDS
#ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */
gid == cr->cr_groups[0] ||
#endif
- suser_cred(cr, PRISON_ROOT) == 0) /* we are using privs */
+ priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT) == 0) /* we are using privs */
#endif
{
/*
egid = uap->egid;
if (egid != cr->cr_rgid && /* allow setegid(getgid()) */
egid != cr->cr_svgid && /* allow setegid(saved gid) */
- (error = suser_cred(cr, PRISON_ROOT)))
+ (error = priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT)))
return (error);
if (cr->cr_groups[0] != egid) {
cr = cratom(&p->p_ucred);
return(EPERM);
cr = p->p_ucred;
- if ((error = suser_cred(cr, PRISON_ROOT)))
+ if ((error = priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT)))
return (error);
ngrp = uap->gidsetsize;
if (ngrp > NGROUPS)
if (((ruid != (uid_t)-1 && ruid != cr->cr_ruid && ruid != cr->cr_svuid) ||
(euid != (uid_t)-1 && euid != cr->cr_uid &&
euid != cr->cr_ruid && euid != cr->cr_svuid)) &&
- (error = suser_cred(cr, PRISON_ROOT)) != 0)
+ (error = priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
if (euid != (uid_t)-1 && cr->cr_uid != euid) {
if (((rgid != (gid_t)-1 && rgid != cr->cr_rgid && rgid != cr->cr_svgid) ||
(egid != (gid_t)-1 && egid != cr->cr_groups[0] &&
egid != cr->cr_rgid && egid != cr->cr_svgid)) &&
- (error = suser_cred(cr, PRISON_ROOT)) != 0)
+ (error = priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
if (egid != (gid_t)-1 && cr->cr_groups[0] != egid) {
euid != cr->cr_uid) ||
(suid != (uid_t)-1 && suid != cr->cr_ruid && suid != cr->cr_svuid &&
suid != cr->cr_uid)) &&
- (error = suser_cred(cr, PRISON_ROOT)) != 0)
+ (error = priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
if (euid != (uid_t)-1 && cr->cr_uid != euid) {
cr = change_euid(euid);
egid != cr->cr_groups[0]) ||
(sgid != (gid_t)-1 && sgid != cr->cr_rgid && sgid != cr->cr_svgid &&
sgid != cr->cr_groups[0])) &&
- (error = suser_cred(cr, PRISON_ROOT)) != 0)
+ (error = priv_check_cred(cr, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
if (egid != (gid_t)-1 && cr->cr_groups[0] != egid) {
/*
* Test whether the specified credentials imply "super-user"
- * privilege; if so, and we have accounting info, set the flag
- * indicating use of super-powers. A kernel thread without a process
- * context is assumed to have super user capabilities. In situations
- * where the caller always expect a cred to exist, the cred should be
- * passed separately and suser_cred()should be used instead of suser().
+ * privilege.
+ *
+ * Depreciated! Use priv_check() instead.
+ */
+int
+suser(struct thread *td)
+{
+ return priv_check(td, PRIV_ROOT);
+}
+
+/*
+ * Depreciated! Use priv_check_cred() instead.
+ */
+int
+suser_cred(struct ucred *cred, int flag)
+{
+ return priv_check_cred(cred, PRIV_ROOT, flag);
+}
+
+/*
+ * Test whether the specified credentials have the privilege
+ * in question.
+ *
+ * A kernel thread without a process context is assumed to have
+ * the privilege in question. In situations where the caller always
+ * expect a cred to exist, the cred should be passed separately and
+ * priv_check_cred() should be used instead of priv_check().
*
* Returns 0 or error.
*/
int
-suser(struct thread *td)
+priv_check(struct thread *td, int priv)
{
struct proc *p = td->td_proc;
if (p != NULL) {
- return suser_cred(p->p_ucred, 0);
+ return priv_check_cred(p->p_ucred, priv, 0);
} else {
return (0);
}
}
/*
+ * Check a credential for privilege.
+ *
* A non-null credential is expected unless NULL_CRED_OKAY is set.
*/
int
-suser_cred(struct ucred *cred, int flag)
+priv_check_cred(struct ucred *cred, int priv, int flags)
{
- KASSERT(cred != NULL || flag & NULL_CRED_OKAY,
- ("suser_cred: NULL cred!"));
+ KASSERT(PRIV_VALID(priv), ("priv_check_cred: invalid privilege"));
+
+ KASSERT(cred != NULL || flags & NULL_CRED_OKAY,
+ ("priv_check_cred: NULL cred!"));
if (cred == NULL) {
- if (flag & NULL_CRED_OKAY)
+ if (flags & NULL_CRED_OKAY)
return (0);
else
return (EPERM);
}
if (cred->cr_uid != 0)
return (EPERM);
- if (cred->cr_prison && !(flag & PRISON_ROOT))
+ if (cred->cr_prison && !(flags & PRISON_ROOT))
return (EPERM);
/* NOTE: accounting for suser access (p_acflag/ASU) removed */
return (0);
return (0);
if (cr1->cr_uid == cr2->cr_uid)
return (0);
- if (suser_cred(cr1, PRISON_ROOT) == 0)
+ if (priv_check_cred(cr1, PRIV_ROOT, PRISON_ROOT) == 0)
return (0);
return (EPERM);
}
char logintmp[MAXLOGNAME];
KKASSERT(p != NULL);
- if ((error = suser_cred(p->p_ucred, PRISON_ROOT)))
+ if ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, PRISON_ROOT)))
return (error);
error = copyinstr((caddr_t) uap->namebuf, (caddr_t) logintmp,
sizeof(logintmp), (size_t *)0);
#include <sys/resourcevar.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/time.h>
#include <sys/lockf.h>
n = PRIO_MAX;
if (n < PRIO_MIN)
n = PRIO_MIN;
- if (n < chgp->p_nice && suser_cred(cr, 0))
+ if (n < chgp->p_nice && priv_check_cred(cr, PRIV_ROOT, 0))
return (EACCES);
chgp->p_nice = n;
FOREACH_LWP_IN_PROC(lp, chgp)
return EPERM;
}
/* disallow setting rtprio in most cases if not superuser */
- if (suser_cred(cr, 0)) {
+ if (priv_check_cred(cr, PRIV_ROOT, 0)) {
/* can't set someone else's */
if (uap->pid) { /* XXX */
return EPERM;
cr->cr_ruid != p->p_ucred->cr_uid)
return (EPERM);
/* disallow setting rtprio in most cases if not superuser */
- if (suser_cred(cr, 0)) {
+ if (priv_check_cred(cr, PRIV_ROOT, 0)) {
/* can't set someone else's */
if (uap->pid)
return (EPERM);
#include <sys/diskslice.h>
#include <sys/reboot.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/fcntl.h> /* FREAD */
#include <sys/stat.h> /* S_IFCHR */
#include <sys/vnode.h>
struct thread *td = curthread;
int error;
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
return (error);
boot(uap->opt);
#ifdef INVARIANTS
#include <sys/proc.h>
#endif
+#include <sys/priv.h>
#include <ddb/ddb.h>
#include <machine/atomic.h>
#include <machine/cpufunc.h>
int value = 0;
int i;
- if ((error = suser(curthread)) != 0)
+ if ((error = priv_check(curthread, PRIV_ROOT)) != 0)
return (error);
if ((error = SYSCTL_IN(req, &value, sizeof(value))) != 0)
return (error);
#include <sys/sysctl.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sysproto.h>
#include <sys/lock.h>
#include <vm/vm.h>
{
int error;
- error = suser(req->td);
+ error = priv_check(req->td, PRIV_ROOT);
if (error)
return error;
sysctl_sysctl_debug_dump_node(&sysctl__children, 0);
/* Most likely only root can write */
if (!(oid->oid_kind & CTLFLAG_ANYBODY) && req->newptr && p &&
- (error = suser_cred(p->p_ucred,
+ (error = priv_check_cred(p->p_ucred, PRIV_ROOT,
(oid->oid_kind & CTLFLAG_PRISON) ? PRISON_ROOT : 0)))
return (error);
#include <sys/alist.h>
#include <sys/file.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/lock.h>
#include <sys/uio.h>
#include <sys/objcache.h>
*/
if (syslink_enabled == 0)
return (EAUTH);
- error = suser(curthread);
+ error = priv_check(curthread, PRIV_ROOT);
if (error)
return (error);
#include <sys/sysent.h>
#include <sys/sysunion.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/time.h>
#include <sys/vnode.h>
#include <sys/sysctl.h>
struct timespec ats;
int error;
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
switch(uap->clock_id) {
case CLOCK_REALTIME:
struct timezone atz;
int error;
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
return (error);
/* Verify all parameters before changing time. */
if (uap->tv) {
int64_t ndelta, odelta;
int error;
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
return (error);
if ((error =
copyin((caddr_t)uap->delta, (caddr_t)&atv, sizeof(struct timeval))))
int error;
if (req->newptr != NULL) {
- if (suser(curthread))
+ if (priv_check(curthread, PRIV_ROOT))
return (EPERM);
error = SYSCTL_IN(req, &delta, sizeof(delta));
if (error)
int error;
if (req->newptr != NULL) {
- if (suser(curthread))
+ if (priv_check(curthread, PRIV_ROOT))
return (EPERM);
error = SYSCTL_IN(req, &delta, sizeof(delta));
if (error)
int error;
if (req->newptr != NULL) {
- if (suser(curthread))
+ if (priv_check(curthread, PRIV_ROOT))
return (EPERM);
error = SYSCTL_IN(req, &freqdelta, sizeof(freqdelta));
if (error)
#include <sys/errno.h>
#include <sys/globaldata.h> /* curthread */
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sysproto.h> /* struct usched_set_args */
#include <sys/systm.h> /* strcmp() */
#include <sys/usched.h>
struct lwp *lp;
int cpuid;
- if ((error = suser(curthread)) != 0)
+ if ((error = priv_check(curthread, PRIV_ROOT)) != 0)
return (error);
if (uap->pid != 0 && uap->pid != curthread->td_proc->p_pid)
#include <sys/ucred.h>
#include <sys/resourcevar.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/jail.h>
#include <sys/queue.h>
#include <sys/sysctl.h>
uap->level = VARSYM_PRISON;
case VARSYM_PRISON:
if (curthread->td_proc != NULL &&
- (error = suser_cred(curthread->td_proc->p_ucred, PRISON_ROOT)) != 0)
+ (error = priv_check_cred(curthread->td_proc->p_ucred, PRIV_ROOT, PRISON_ROOT)) != 0)
break;
/* fall through */
case VARSYM_USER:
#include <sys/sysproto.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sysctl.h>
#include <sys/utsname.h>
struct thread *td = curthread;
int error, domainnamelen;
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
return (error);
if ((u_int)uap->len > sizeof (domainname) - 1)
return EINVAL;
#include <sys/msgbuf.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/tty.h>
#include <sys/tprintf.h>
#include <sys/stdint.h>
cred = req->td->td_proc->p_ucred;
if ((cred->cr_prison || groupmember(0, cred) == 0) &&
- suser(req->td) != 0
+ priv_check(req->td, PRIV_ROOT) != 0
) {
return (EPERM);
}
#include <sys/systm.h>
#include <sys/sysproto.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/vnode.h>
#include <sys/ptrace.h>
#include <sys/reg.h>
/* not owned by you, has done setuid (unless you're root) */
if ((p->p_ucred->cr_ruid != curp->p_ucred->cr_ruid) ||
(p->p_flag & P_SUGID)) {
- if ((error = suser_cred(curp->p_ucred, 0)) != 0)
+ if ((error = priv_check_cred(curp->p_ucred, PRIV_ROOT, 0)) != 0)
return error;
}
#include <sys/param.h>
#include <sys/ipc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/ucred.h>
#if defined(SYSVSEM) || defined(SYSVSHM) || defined(SYSVMSG)
/* Check for user match. */
if (cred->cr_uid != perm->cuid && cred->cr_uid != perm->uid) {
if (mode & IPC_M)
- return (suser_cred(cred, 0) == 0 ? 0 : EPERM);
+ return (priv_check_cred(cred, PRIV_ROOT, 0) == 0 ? 0 : EPERM);
/* Check for group match. */
mode >>= 3;
if (!groupmember(perm->gid, cred) &&
if (mode & IPC_M)
return (0);
return ((mode & perm->mode) == mode ||
- suser_cred(cred, 0) == 0 ? 0 : EACCES);
+ priv_check_cred(cred, PRIV_ROOT, 0) == 0 ? 0 : EACCES);
}
#endif /* defined(SYSVSEM) || defined(SYSVSHM) || defined(SYSVMSG) */
#include <sys/sysproto.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/msg.h>
#include <sys/sysent.h>
#include <sys/sysctl.h>
if ((eval = copyin(user_msqptr, &msqbuf, sizeof(msqbuf))) != 0)
return(eval);
if (msqbuf.msg_qbytes > msqptr->msg_qbytes) {
- eval = suser(td);
+ eval = priv_check(td, PRIV_ROOT);
if (eval)
return(eval);
}
#include <sys/ioctl_compat.h>
#endif
#include <sys/proc.h>
+#include <sys/priv.h>
#define TTYDEFCHARS
#include <sys/tty.h>
#include <sys/clist.h>
ISSET(constty->t_state, TS_CONNECTED))
return (EBUSY);
#ifndef UCONSOLE
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
#endif
constty = tp;
crit_exit();
break;
case TIOCSTI: /* simulate terminal input */
- if ((flag & FREAD) == 0 && suser(td))
+ if ((flag & FREAD) == 0 && priv_check(td, PRIV_ROOT))
return (EPERM);
- if (!isctty(p, tp) && suser(td))
+ if (!isctty(p, tp) && priv_check(td, PRIV_ROOT))
return (EACCES);
crit_enter();
(*linesw[tp->t_line].l_rint)(*(u_char *)data, tp);
}
break;
case TIOCSDRAINWAIT:
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
tp->t_timeout = *(int *)data * hz;
#include <sys/cons.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/reboot.h>
#include <sys/sysctl.h>
#include <sys/tty.h>
*/
if (ap->a_cmd == TIOCCONS && constty) {
if (ap->a_cred) {
- error = suser_cred(ap->a_cred, 0);
+ error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error)
return (error);
}
#include <sys/ioctl_compat.h>
#endif
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/tty.h>
#include <sys/conf.h>
#include <sys/fcntl.h>
tp->t_lflag = TTYDEF_LFLAG;
tp->t_cflag = TTYDEF_CFLAG;
tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
- } else if ((tp->t_state & TS_XCLUDE) && suser_cred(ap->a_cred, 0)) {
+ } else if ((tp->t_state & TS_XCLUDE) && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
return (EBUSY);
} else if (pti->pt_prison != ap->a_cred->cr_prison) {
return (EBUSY);
#include <sys/vnode.h>
#include <sys/file.h> /* XXX */
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/jail.h>
/*
* If uid doesn't match only the super-user can change the flags
*/
if (cred->cr_uid != uid &&
- (error = suser_cred(cred, PRISON_ROOT))) {
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT))) {
return(error);
}
if (cred->cr_uid == 0 &&
int error;
if (cred->cr_uid != cur_uid) {
- error = suser_cred(cred, PRISON_ROOT);
+ error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT);
if (error)
return (error);
}
if ((cred->cr_uid != *cur_uidp || new_uid != *cur_uidp ||
(new_gid != *cur_gidp && !(cred->cr_gid == new_gid ||
groupmember(new_gid, cred)))) &&
- (error = suser_cred(cred, PRISON_ROOT))) {
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT))) {
return (error);
}
ogid = *cur_gidp;
#include <sys/unistd.h>
#include <sys/vnode.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/namei.h>
#include <sys/nlookup.h>
#include <sys/dirent.h>
struct ucred *cred = p->p_ucred;
KKASSERT(p);
- if (cred->cr_prison != NULL)
+ if (jailed(cred))
return (EPERM);
- if (usermount == 0 && (error = suser(td)))
+ if (usermount == 0 && (error = priv_check(td, PRIV_ROOT)))
return (error);
/*
* Do not allow NFS export by non-root users.
*/
if (uap->flags & MNT_EXPORTED) {
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
}
/*
* Silently enforce MNT_NOSUID and MNT_NODEV for non-root users
*/
- if (suser(td))
+ if (priv_check(td, PRIV_ROOT))
uap->flags |= MNT_NOSUID | MNT_NODEV;
/*
* permitted to update it.
*/
if (mp->mnt_stat.f_owner != cred->cr_uid &&
- (error = suser(td))) {
+ (error = priv_check(td, PRIV_ROOT))) {
cache_drop(&nch);
vput(vp);
return (error);
* onto which we are attempting to mount.
*/
if ((error = VOP_GETATTR(vp, &va)) ||
- (va.va_uid != cred->cr_uid && (error = suser(td)))) {
+ (va.va_uid != cred->cr_uid && (error = priv_check(td, PRIV_ROOT)))) {
cache_drop(&nch);
vput(vp);
return (error);
linker_file_t lf;
/* Only load modules for root (very important!) */
- if ((error = suser(td)) != 0) {
+ if ((error = priv_check(td, PRIV_ROOT)) != 0) {
cache_drop(&nch);
vput(vp);
return error;
KKASSERT(p);
if (p->p_ucred->cr_prison != NULL)
return (EPERM);
- if (usermount == 0 && (error = suser(td)))
+ if (usermount == 0 && (error = priv_check(td, PRIV_ROOT)))
return (error);
error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW);
* permitted to unmount this filesystem.
*/
if ((mp->mnt_stat.f_owner != p->p_ucred->cr_uid) &&
- (error = suser(td)))
+ (error = priv_check(td, PRIV_ROOT)))
goto out;
/*
KKASSERT(p);
if (p->p_ucred->cr_prison != NULL)
return (EPERM);
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
/*
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
bcopy(sp, buf, sizeof(*buf));
/* Only root should have access to the fsid's. */
- if (suser(td))
+ if (priv_check(td, PRIV_ROOT))
buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
return (0);
}
bcopy(sp, buf, sizeof(*buf));
/* Only root should have access to the fsid's. */
- if (suser(td))
+ if (priv_check(td, PRIV_ROOT))
buf->f_fsid.val[0] = buf->f_fsid.val[1] = 0;
error = 0;
done:
/*
* Only root can chroot
*/
- if ((error = suser_cred(p->p_ucred, PRISON_ROOT)) != 0)
+ if ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
/*
switch (mode & S_IFMT) {
case S_IFCHR:
case S_IFBLK:
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
break;
default:
- error = suser_cred(p->p_ucred, PRISON_ROOT);
+ error = priv_check_cred(p->p_ucred, PRIV_ROOT, PRISON_ROOT);
break;
}
if (error)
/*
* root cred can always hardlink
*/
- if (suser_cred(cred, PRISON_ROOT) == 0)
+ if (priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT) == 0)
return (0);
/*
* chown can't fail when done as root.
*/
if ((vp->v_type == VCHR || vp->v_type == VBLK) &&
- ((error = suser_cred(p->p_ucred, PRISON_ROOT)) != 0))
+ ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, PRISON_ROOT)) != 0))
return (error);
/*
if (error == 0)
error = VOP_GETATTR(vp, &vattr);
if (error == 0 && cred->cr_uid != vattr.va_uid)
- error = suser_cred(cred, PRISON_ROOT);
+ error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT);
if (error == 0 && count_udev(vp->v_umajor, vp->v_uminor) > 0) {
error = 0;
vx_lock(vp);
/*
* Must be super user
*/
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
vp = NULL;
* syscall for the rpc.lockd to use to translate a NFS file handle into
* an open descriptor.
*
- * warning: do not remove the suser() call or this becomes one giant
+ * warning: do not remove the priv_check() call or this becomes one giant
* security hole.
*/
int
/*
* Must be super user
*/
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
/*
* Must be super user
*/
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
/*
* Must be super user
*/
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
return (error);
if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
kfree(freepath, M_TEMP);
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
- if (suser(td)) {
+ if (priv_check(td, PRIV_ROOT)) {
bcopy(sp, &sb, sizeof(sb));
sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
sp = &sb;
/*
* Must be super user
*/
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
return (error);
if ((error = copyin(uap->u_fhp, &fh, sizeof(fhandle_t))) != 0)
#include <sys/file.h>
#include <sys/stat.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/mount.h>
#include <sys/nlookup.h>
#include <sys/vnode.h>
}
sb->st_flags = vap->va_flags;
- if (suser_cred(cred, 0))
+
+ error = priv_check_cred(cred, PRIV_VFS_GENERATION, 0);
+ if (error)
sb->st_gen = 0;
else
sb->st_gen = (u_int32_t)vap->va_gen;
#include <sys/sysctl.h>
#include <sys/module.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/lock.h>
#include <sys/thread.h>
#include <sys/thread2.h>
}
if (bc->bc_flags & BC_F_SUSER) {
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error)
break;
}
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/sockio.h>
case SIOCSIFDSTADDR:
break;
case SIOCSIFFLAGS:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
if ((ifr->ifr_flags & IFF_LINK0) != 0)
sc->g_proto = IPPROTO_GRE;
sc->g_proto = IPPROTO_MOBILE;
goto recompute;
case SIOCSIFMTU:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
if (ifr->ifr_mtu < 576) {
error = EINVAL;
break;
case SIOCADDMULTI:
case SIOCDELMULTI:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
if (ifr == 0) {
error = EAFNOSUPPORT;
}
break;
case GRESPROTO:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
sc->g_proto = ifr->ifr_flags;
switch (sc->g_proto) {
break;
case GRESADDRS:
case GRESADDRD:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
/*
* set tunnel endpoints, compute a less specific route
ifr->ifr_addr = *sa;
break;
case SIOCSIFPHYADDR:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
if (aifr->ifra_addr.sin_family != AF_INET ||
aifr->ifra_dstaddr.sin_family != AF_INET) {
sc->g_dst = aifr->ifra_dstaddr.sin_addr;
goto recompute;
case SIOCSLIFPHYADDR:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
if (lifr->addr.ss_family != AF_INET ||
lifr->dstaddr.ss_family != AF_INET) {
(satosin((struct sockadrr *)&lifr->dstaddr))->sin_addr;
goto recompute;
case SIOCDIFPHYADDR:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
sc->g_src.s_addr = INADDR_ANY;
sc->g_dst.s_addr = INADDR_ANY;
{
struct thread *td = curthread; /* XXX */
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
sl_compress_setup(sc->sc_compr, *(int *)data);
}
#include <sys/mbuf.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
switch (cmd) {
case SIOCIFCREATE:
case SIOCIFDESTROY:
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
return (error);
return ((cmd == SIOCIFCREATE) ?
if_clone_create(ifr->ifr_name, sizeof(ifr->ifr_name)) :
break;
case SIOCSIFFLAGS:
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error)
return (error);
new_flags = (ifr->ifr_flags & 0xffff) |
break;
case SIOCSIFCAP:
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error)
return (error);
if (ifr->ifr_reqcap & ~ifp->if_capabilities)
break;
case SIOCSIFNAME:
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error != 0)
return (error);
error = copyinstr(ifr->ifr_data, new_name, IFNAMSIZ, NULL);
break;
case SIOCSIFMETRIC:
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error)
return (error);
ifp->if_metric = ifr->ifr_metric;
break;
case SIOCSIFPHYS:
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error)
return error;
if (!ifp->if_ioctl)
{
u_long oldmtu = ifp->if_mtu;
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error)
return (error);
if (ifp->if_ioctl == NULL)
case SIOCADDMULTI:
case SIOCDELMULTI:
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error)
return (error);
case SIOCSLIFPHYADDR:
case SIOCSIFMEDIA:
case SIOCSIFGENERIC:
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error)
return (error);
if (ifp->if_ioctl == 0)
return (error);
case SIOCSIFLLADDR:
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error)
return (error);
return if_setlladdr(ifp,
#include <sys/param.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/systm.h>
#include <sys/time.h>
#include <sys/mbuf.h>
return (error);
break;
case SIOCSETPFSYNC:
- if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
return (error);
if ((error = copyin(ifr->ifr_data, &pfsyncr, sizeof(pfsyncr))))
return (error);
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/mbuf.h>
#include <sys/socket.h>
#include <sys/filio.h>
break;
case PPPIOCSFLAGS:
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
return (error);
flags = *(int *)data & SC_MASK;
crit_enter();
break;
case PPPIOCSMRU:
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
return (error);
mru = *(int *)data;
if (mru >= PPP_MRU && mru <= PPP_MAXMRU)
#ifdef VJC
case PPPIOCSMAXCID:
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
return (error);
if (sc->sc_comp) {
crit_enter();
#endif
case PPPIOCXFERUNIT:
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
return (error);
sc->sc_xfer = curthread;
break;
#ifdef PPP_COMPRESS
case PPPIOCSCOMPRESS:
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
return (error);
odp = (struct ppp_option_data *) data;
nb = odp->length;
if (cmd == PPPIOCGNPMODE) {
npi->mode = sc->sc_npmode[npx];
} else {
- if ((error = suser_cred(cred, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
return (error);
if (npi->mode != sc->sc_npmode[npx]) {
crit_enter();
break;
case SIOCSIFMTU:
- if ((error = suser_cred(cr, 0)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, 0)) != 0)
break;
if (ifr->ifr_mtu > PPP_MAXMTU)
error = EINVAL;
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/mbuf.h>
#include <sys/dkstat.h>
#include <sys/socket.h>
struct ppp_softc *sc;
int error;
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
crit_enter();
error = 0;
switch (cmd) {
case PPPIOCSASYNCMAP:
- if ((error = suser_cred(cr, 0)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, 0)) != 0)
break;
sc->sc_asyncmap[0] = *(u_int *)data;
break;
break;
case PPPIOCSRASYNCMAP:
- if ((error = suser_cred(cr, 0)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, 0)) != 0)
break;
sc->sc_rasyncmap = *(u_int *)data;
break;
break;
case PPPIOCSXASYNCMAP:
- if ((error = suser_cred(cr, 0)) != 0)
+ if ((error = priv_check_cred(cr, PRIV_ROOT, 0)) != 0)
break;
crit_enter();
bcopy(data, sc->sc_asyncmap, sizeof(sc->sc_asyncmap));
#include <sys/systm.h>
#include <sys/mbuf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
if (rp == NULL)
return EINVAL;
- if ((error = suser_cred(ai->p_ucred, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(ai->p_ucred, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
return error;
return raw_attach(so, proto, ai->sb_rlimit);
}
#include <sys/kernel.h>
#include <sys/sysctl.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/protosw.h>
* Verify that the caller has the appropriate privilege; RTM_GET
* is the only operation the non-superuser is allowed.
*/
- if (rtm->rtm_type != RTM_GET && suser_cred(so->so_cred, 0) != 0)
+ if (rtm->rtm_type != RTM_GET && priv_check_cred(so->so_cred, PRIV_ROOT, 0) != 0)
gotoerr(EPERM);
switch (rtm->rtm_type) {
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/dkstat.h>
int error;
struct thread *td = curthread; /* XXX */
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
#include <sys/mbuf.h>
#include <sys/poll.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/signalvar.h>
#include <sys/socket.h>
#include <sys/sockio.h>
struct ifnet *ifp = NULL;
int error;
- if ((error = suser_cred(ap->a_cred, 0)) != 0)
+ if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) != 0)
return (error);
get_mplock();
#include <sys/param.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/systm.h>
#include <sys/mbuf.h>
#include <sys/socket.h>
struct tun_softc *tp;
int error;
- if ((error = suser_cred(ap->a_cred, 0)) != 0)
+ if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) != 0)
return (error);
tp = dev->si_drv1;
#include <sys/kernel.h>
#include <sys/mbuf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/systm.h>
#include <sys/thread2.h>
#include <sys/bus.h>
break;
case SIOCSBTFLAGS: /* set unit flags (privileged) */
- err = suser(td);
+ err = priv_check(td, PRIV_ROOT);
if (err)
break;
break;
case SIOCSBTPOLICY: /* set unit link policy (privileged) */
- err = suser(td);
+ err = priv_check(td, PRIV_ROOT);
if (err)
break;
break;
case SIOCSBTPTYPE: /* set unit packet types (privileged) */
- err = suser(td);
+ err = priv_check(td, PRIV_ROOT);
if (err)
break;
break;
case SIOCZBTSTATS: /* get & reset unit statistics */
- err = suser(td);
+ err = priv_check(td, PRIV_ROOT);
if (err)
break;
* sent to USB bluetooth controllers that are not an
* integer number of frame sizes, the USB bus locks up.
*/
- err = suser(td);
+ err = priv_check(td, PRIV_ROOT);
if (err)
break;
#include <sys/kernel.h>
#include <sys/mbuf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
so->so_pcb = pcb;
pcb->hp_socket = so;
- if (curproc == NULL || suser(curthread) == 0)
+ if (curproc == NULL || priv_check(curthread, PRIV_ROOT) == 0)
pcb->hp_flags |= HCI_PRIVILEGED;
/*
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/domain.h>
#include <sys/errno.h>
#include <sys/kernel.h>
{
struct ngpcb *const pcbp = sotongpcb(so);
- if (suser_cred(ai->p_ucred, NULL_CRED_OKAY) != 0)
+ if (priv_check_cred(ai->p_ucred, PRIV_ROOT, NULL_CRED_OKAY) != 0)
return (EPERM);
if (pcbp != NULL)
return (EISCONN);
#include <sys/kernel.h>
#include <sys/conf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/mbuf.h>
#include <sys/malloc.h>
#include <sys/fcntl.h>
int error;
/* Super-user only */
- if ((error = suser(td)))
+ if ((error = priv_check(td, PRIV_ROOT)))
return (error);
crit_enter();
#include <sys/sockio.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/msgport.h>
#include <sys/socket.h>
switch (cmd) {
case SIOCALIFADDR:
case SIOCDLIFADDR:
- if (td && (error = suser(td)) != 0)
+ if (td && (error = priv_check(td, PRIV_ROOT)) != 0)
return error;
/* FALLTHROUGH */
case SIOCGLIFADDR:
case SIOCSIFADDR:
case SIOCSIFNETMASK:
case SIOCSIFDSTADDR:
- if (td && (error = suser(td)) != 0)
+ if (td && (error = priv_check(td, PRIV_ROOT)) != 0)
return error;
if (ifp == NULL)
break;
case SIOCSIFBRDADDR:
- if (td && (error = suser(td)) != 0)
+ if (td && (error = priv_check(td, PRIV_ROOT)) != 0)
return error;
/* FALLTHROUGH */
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/jail.h>
#include <sys/kernel.h>
#include <sys/sysctl.h>
/* GROSS */
if (ntohs(lport) < IPPORT_RESERVED &&
- cred && suser_cred(cred, PRISON_ROOT))
+ cred && priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT))
return (EACCES);
if (so->so_cred->cr_uid != 0 &&
!IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) {
lastport = &pcbinfo->lasthi;
} else if (inp->inp_flags & INP_LOWPORT) {
if (cred &&
- (error = suser_cred(cred, PRISON_ROOT))) {
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT))) {
inp->inp_laddr.s_addr = INADDR_ANY;
return (error);
}
#include <sys/mbuf.h>
#include <sys/time.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sockio.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
break;
case SIOCSVH:
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error)
break;
error = copyin(ifr->ifr_data, &carpr, sizeof(carpr));
carpr.carpr_vhid = sc->sc_vhid;
carpr.carpr_advbase = sc->sc_advbase;
carpr.carpr_advskew = sc->sc_advskew;
-
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error == 0) {
bcopy(sc->sc_key, carpr.carpr_key,
sizeof(carpr.carpr_key));
#include <sys/sysctl.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/thread2.h>
#include <sys/in_cksum.h>
#include <sys/lock.h>
inp = so->so_pcb;
if (inp)
panic("div_attach");
- if ((error = suser_cred(ai->p_ucred, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(ai->p_ucred, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
return error;
error = soreserve(so, div_sendspace, div_recvspace, ai->sb_rlimit);
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sysctl.h>
#include <sys/thread2.h>
#include <sys/in_cksum.h>
break;
soopt_to_mbuf(sopt, m);
priv = (sopt->sopt_td != NULL &&
- suser(sopt->sopt_td) != 0) ? 0 : 1;
+ priv_check(sopt->sopt_td, PRIV_ROOT) != 0) ? 0 : 1;
req = mtod(m, caddr_t);
len = m->m_len;
optname = sopt->sopt_name;
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
inp = so->so_pcb;
if (inp)
panic("rip_attach");
- if ((error = suser_cred(ai->p_ucred, flag)) != 0)
+ if ((error = priv_check_cred(ai->p_ucred, PRIV_ROOT, flag)) != 0)
return error;
error = soreserve(so, rip_sendspace, rip_recvspace, ai->sb_rlimit);
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/kernel.h>
#include <sys/sysctl.h>
#include <sys/thread2.h>
#elif defined(__NetBSD__) || defined(__APPLE__)
suser(p->p_ucred, &p->p_acflag)
#elif defined(__DragonFly__)
- suser(p)
+ priv_check(p, PRIV_ROOT)
#else
suser(p, 0)
#endif
#include <sys/mbuf.h>
#include <sys/domain.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
int error;
#if __FreeBSD_version >= 500000 || defined(__DragonFly__)
- error = suser(req->td);
+ error = priv_check(req->td, PRIV_ROOT);
#else
error = suser(req->p);
#endif
#include <sys/domain.h>
#endif
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/protosw.h>
int cpu;
int error;
- error = suser(req->td);
+ error = priv_check(req->td, PRIV_ROOT);
if (error != 0)
return (error);
error = SYSCTL_IN(req, addrs, sizeof addrs);
int error;
boolean_t mapped = FALSE;
- error = suser(req->td);
+ error = priv_check(req->td, PRIV_ROOT);
if (error != 0)
return (error);
error = SYSCTL_IN(req, addrs, sizeof addrs);
#include <sys/mbuf.h>
#include <sys/domain.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
struct inpcb *inp;
int error;
- error = suser(req->td);
+ error = priv_check(req->td, PRIV_ROOT);
if (error)
return (error);
error = SYSCTL_IN(req, addrs, sizeof addrs);
#include <sys/sockio.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/time.h>
#include <sys/kernel.h>
#include <sys/syslog.h>
int error;
privileged = 0;
- if (suser(td) == 0)
+ if (priv_check(td, PRIV_ROOT) == 0)
privileged++;
switch (cmd) {
#include <sys/errno.h>
#include <sys/time.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/jail.h>
#include <sys/thread2.h>
/* GROSS */
if (ntohs(lport) < IPV6PORT_RESERVED && cred &&
- suser_cred(cred, PRISON_ROOT))
+ priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT))
return (EACCES);
if (so->so_cred->cr_uid != 0 &&
!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) {
#include <sys/errno.h>
#include <sys/time.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <net/if.h>
#include <net/route.h>
last = ipport_hilastauto;
lastport = &pcbinfo->lasthi;
} else if (inp->inp_flags & INP_LOWPORT) {
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return error;
first = ipport_lowfirstauto; /* 1023 */
last = ipport_lowlastauto; /* 600 */
#include <sys/kernel.h>
#include <sys/syslog.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/thread2.h>
#include <sys/msgport2.h>
int rthdr_exist = 0;
- if (suser(td) == 0)
+ if (priv_check(td, PRIV_ROOT) == 0)
privileged++;
#ifdef SO_TIMESTAMP
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <net/if.h>
#include <net/route.h>
error = optval = 0;
uproto = (int)so->so_proto->pr_protocol;
- privileged = (td == NULL || suser(td)) ? 0 : 1;
+ privileged = (td == NULL || priv_check(td, PRIV_ROOT)) ? 0 : 1;
if (level == IPPROTO_IPV6) {
switch (op) {
* all multicast addresses. Only super user is allowed
* to do this.
*/
- if (suser(td))
+ if (priv_check(td, PRIV_ROOT))
{
error = EACCES;
break;
}
mreq = mtod(m, struct ipv6_mreq *);
if (IN6_IS_ADDR_UNSPECIFIED(&mreq->ipv6mr_multiaddr)) {
- if (suser(td)) {
+ if (priv_check(td, PRIV_ROOT)) {
error = EACCES;
break;
}
#include <sys/param.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/mbuf.h>
#include <sys/socket.h>
#include <sys/jail.h>
inp = so->so_pcb;
if (inp)
panic("rip6_attach");
- if ((error = suser_cred(ai->p_ucred, flag)) != 0)
+ if ((error = priv_check_cred(ai->p_ucred, PRIV_ROOT, flag)) != 0)
return error;
error = soreserve(so, rip_sendspace, rip_recvspace, ai->sb_rlimit);
#include <sys/stat.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/syslog.h>
#include <net/if.h>
int flags;
struct sockaddr_in6 tmp;
- priv = !suser(td); /* 1 if privilaged, 0 if not */
+ priv = !priv_check(td, PRIV_ROOT); /* 1 if privilaged, 0 if not */
if (control) {
if ((error = ip6_setpktoptions(control, &opt,
in6p->in6p_outputopts,
#include <sys/systm.h>
#include <sys/syslog.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/thread2.h>
#include <net/if.h>
struct inpcb *inp;
int error;
- error = suser(req->td);
+ error = priv_check(req->td, PRIV_ROOT);
if (error)
return (error);
#include <sys/mbuf.h>
#include <sys/module.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sysctl.h>
#include <sys/socket.h>
#ifdef notyet
struct thread *td = curthread;
- if (suser(td) == 0 && securelevel_gt(td->td_ucred, 0) == 0) {
+ if (priv_check(td, PRIV_ROOT) == 0 && securelevel_gt(td->td_ucred, 0) == 0) {
crit_enter(); /* NB: need BGL here */
linker_load_module(modname, NULL, NULL, NULL, NULL);
crit_exit();
#include <sys/param.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/socket.h>
#include <sys/sockio.h>
#include <sys/systm.h>
case WI_RID_DEFLT_CRYPT_KEYS:
keys = (struct wi_ltv_keys *)&wreq;
/* do not show keys to non-root user */
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error) {
memset(keys, 0, sizeof(*keys));
error = 0;
ik.ik_flags = wk->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV);
if (wk->wk_keyix == ic->ic_def_txkey)
ik.ik_flags |= IEEE80211_KEY_DEFAULT;
- if (suser_cred(cr, NULL_CRED_OKAY) == 0) {
+ if (priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY) == 0) {
/* NB: only root can read key data */
ik.ik_keyrsc = wk->wk_keyrsc;
ik.ik_keytsc = wk->wk_keytsc;
return EINVAL;
len = (u_int) ic->ic_nw_keys[kid].wk_keylen;
/* NB: only root can read WEP keys */
- if (suser_cred(cr, NULL_CRED_OKAY) == 0) {
+ if (priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY) == 0) {
bcopy(ic->ic_nw_keys[kid].wk_key, tmpkey, len);
} else {
bzero(tmpkey, len);
(struct ieee80211req *) data, cr);
break;
case SIOCS80211:
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error == 0)
error = ieee80211_ioctl_set80211(ic, cmd,
(struct ieee80211req *) data);
error = ieee80211_cfgget(ic, cmd, data, cr);
break;
case SIOCSIFGENERIC:
- error = suser_cred(cr, NULL_CRED_OKAY);
+ error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error)
break;
error = ieee80211_cfgset(ic, cmd, data);
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sockio.h>
#include <sys/malloc.h>
#include <sys/kernel.h>
/*
* If we are not superuser, then we don't get to do these ops.
*/
- if (suser(td))
+ if (priv_check(td, PRIV_ROOT))
return(EPERM);
sat = satosat( &ifr->ifr_addr );
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/socket.h>
return( EINVAL );
}
if ( sat->sat_port < ATPORT_RESERVED &&
- suser(td) ) {
+ priv_check(td, PRIV_ROOT) ) {
return( EACCES );
}
}
struct atmcfgreq *acp = (struct atmcfgreq *)data;
struct atm_pif *pip;
- if (suser(td))
+ if (priv_check(td, PRIV_ROOT))
ATM_RETERR(EPERM);
switch (acp->acr_opcode) {
struct atmaddreq *aap = (struct atmaddreq *)data;
Atm_endpoint *epp;
- if (suser(td))
+ if (priv_check(td, PRIV_ROOT))
ATM_RETERR(EPERM);
switch (aap->aar_opcode) {
struct sigmgr *smp;
Atm_endpoint *epp;
- if (suser(td))
+ if (priv_check(td, PRIV_ROOT))
ATM_RETERR(EPERM);
switch (adp->adr_opcode) {
struct sigmgr *smp;
struct ifnet *ifp2;
- if (suser(td))
+ if (priv_check(td, PRIV_ROOT))
ATM_RETERR(EPERM);
switch (asp->asr_opcode) {
#include <sys/errno.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/sockio.h>
#include <sys/time.h>
#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/sockio.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/socket.h>
#include <sys/thread2.h>
return (0);
}
- if ((error = suser(td)) != 0)
+ if ((error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
switch (cmd) {
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/thread2.h>
int error;
if (aport < IPXPORT_RESERVED &&
- td != NULL && (error = suser(td)) != 0)
+ td != NULL && (error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
if (ipx_pcblookup(&zeroipx_addr, lport, 0))
return (EADDRINUSE);
#include <sys/kernel.h>
#include <sys/mbuf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
int error = 0;
struct ipxpcb *ipxp;
- if ((error = suser_cred(ai->p_ucred, NULL_CRED_OKAY)) != 0)
+ if ((error = priv_check_cred(ai->p_ucred, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
return (error);
crit_enter();
error = ipx_pcballoc(so, &ipxrawpcb);
#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/lock.h>
#include <sys/sysctl.h>
#include <sys/malloc.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/socket.h>
#include "ncp.h"
#include <sys/errno.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/poll.h>
#include <sys/signalvar.h>
#include <sys/signal2.h>
#define checkbad(fn) {error=(fn);if(error) goto bad;}
-#define ncp_suser(cred) suser_cred(cred, 0)
+#define ncp_suser(cred) priv_check_cred(cred, PRIV_ROOT, 0)
#define ncp_isowner(conn,cred) ((cred)->cr_uid == (conn)->nc_owner->cr_uid)
#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/lock.h>
#include <sys/sysctl.h>
#include <sys/socketvar.h>
SIGISMEMBER(set, SIGHUP) || SIGISMEMBER(set, SIGKILL) || \
SIGISMEMBER(set, SIGQUIT))
-#define smb_suser(cred) suser_cred(cred, 0)
+#define smb_suser(cred) priv_check_cred(cred, PRIV_ROOT, 0)
#include <sys/lock.h>
#include <sys/spinlock.h>
#include <sys/systm.h>
#include <sys/tty.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/dkstat.h>
#include <sys/fcntl.h>
goto open_top;
}
}
- if (tp->t_state & TS_XCLUDE && suser(td)) {
+ if (tp->t_state & TS_XCLUDE && priv_check(td, PRIV_ROOT)) {
error = EBUSY;
goto out;
}
}
switch (cmd) {
case TIOCSETA:
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error != 0)
return (error);
*ct = *(struct termios *)data;
break;
case TIOCMSDTRWAIT:
/* must be root since the wait applies to following logins */
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error != 0) {
crit_exit();
return (error);
#include <sys/linker.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/buf.h>
#include <sys/reboot.h>
#include <sys/mbuf.h>
* from within kernel mode?
*/
- if (suser_cred(ucred, 0) != 0) {
+ if (priv_check_cred(ucred, PRIV_ROOT, 0) != 0) {
if (dbregs->dr7 & 0x3) {
/* dr0 is enabled */
if (dbregs->dr0 >= VM_MAX_USER_ADDRESS)
#include <sys/malloc.h>
#include <sys/thread.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/thread.h>
#include <sys/memrange.h>
if ((error = copyin(args, &ua, sizeof(struct i386_ioperm_args))) != 0)
return (error);
- if ((error = suser_cred(lp->lwp_proc->p_ucred, 0)) != 0)
+ if ((error = priv_check_cred(lp->lwp_proc->p_ucred, PRIV_ROOT, 0)) != 0)
return (error);
if (securelevel > 0)
return (EPERM);
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/sysctl.h>
case VM86_INTCALL: {
struct vm86_intcall_args sa;
- if ((error = suser_cred(lp->lwp_proc->p_ucred, 0)))
+ if ((error = priv_check_cred(lp->lwp_proc->p_ucred, PRIV_ROOT, 0)))
return (error);
if ((error = copyin(ua.sub_args, &sa, sizeof(sa))))
return (error);
#include <sys/linker.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/buf.h>
#include <sys/reboot.h>
#include <sys/mbuf.h>
* from within kernel mode?
*/
- if (suser_cred(ucred, 0) != 0) {
+ if (priv_check_cred(ucred, PRIV_ROOT, 0) != 0) {
if (dbregs->dr[7] & 0x3) {
/* dr0 is enabled */
if (dbregs->dr[0] >= VM_MAX_USER_ADDRESS)
--- /dev/null
+/*-
+ * Copyright (c) 2006 nCircle Network Security, Inc.
+ * All rights reserved.
+ *
+ * This software was developed by Robert N. M. Watson for the TrustedBSD
+ * Project under contract to nCircle Network Security, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY,
+ * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $FreeBSD: src/sys/sys/priv.h,v 1.25 2008/11/17 20:49:29 pjd Exp $
+ */
+
+/*
+ * Privilege checking interface for BSD kernel.
+ */
+#ifndef _SYS_PRIV_H_
+#define _SYS_PRIV_H_
+
+/*
+ * Privilege list, sorted loosely by kernel subsystem.
+ *
+ * Think carefully before adding or reusing one of these privileges -- are
+ * there existing instances referring to the same privilege? Third party
+ * vendors may request the assignment of privileges to be used in loadable
+ * modules. Particular numeric privilege assignments are part of the
+ * loadable kernel module ABI, and should not be changed across minor
+ * releases.
+ *
+ * When adding a new privilege, remember to determine if it's appropriate for
+ * use in jail, and update the privilege switch in kern_jail.c as necessary.
+ */
+
+/*
+ * Track beginning of privilege list.
+ */
+#define _PRIV_LOWEST 0
+
+/*
+ * PRIV_ROOT is a catch-all for as yet unnamed privileges. No new
+ * references to this privilege should be added.
+ */
+#define PRIV_ROOT 1 /* Catch-all during development. */
+
+/*
+ * The remaining privileges typically correspond to one or a small
+ * number of specific privilege checks, and have (relatively) precise
+ * meanings. They are loosely sorted into a set of base system
+ * privileges, such as the ability to reboot, and then loosely by
+ * subsystem, indicated by a subsystem name.
+ */
+#define PRIV_ACCT 2 /* Manage process accounting. */
+#define PRIV_MAXFILES 3 /* Exceed system open files limit. */
+#define PRIV_MAXPROC 4 /* Exceed system processes limit. */
+#define PRIV_KTRACE 5 /* Set/clear KTRFAC_ROOT on ktrace. */
+#define PRIV_SETDUMPER 6 /* Configure dump device. */
+#define PRIV_REBOOT 8 /* Can reboot system. */
+#define PRIV_SWAPON 9 /* Can swapon(). */
+#define PRIV_SWAPOFF 10 /* Can swapoff(). */
+#define PRIV_MSGBUF 11 /* Can read kernel message buffer. */
+#define PRIV_IO 12 /* Can perform low-level I/O. */
+#define PRIV_KEYBOARD 13 /* Reprogram keyboard. */
+#define PRIV_DRIVER 14 /* Low-level driver privilege. */
+#define PRIV_ADJTIME 15 /* Set time adjustment. */
+#define PRIV_NTP_ADJTIME 16 /* Set NTP time adjustment. */
+#define PRIV_CLOCK_SETTIME 17 /* Can call clock_settime. */
+#define PRIV_SETTIMEOFDAY 18 /* Can call settimeofday. */
+#define PRIV_SETHOSTID 19 /* Can call sethostid. */
+#define _PRIV_SETDOMAINNAME 20 /* Removed. */
+
+/*
+ * Audit subsystem privileges.
+ */
+#define PRIV_AUDIT_CONTROL 40 /* Can configure audit. */
+#define PRIV_AUDIT_FAILSTOP 41 /* Can run during audit fail stop. */
+#define PRIV_AUDIT_GETAUDIT 42 /* Can get proc audit properties. */
+#define PRIV_AUDIT_SETAUDIT 43 /* Can set proc audit properties. */
+#define PRIV_AUDIT_SUBMIT 44 /* Can submit an audit record. */
+
+/*
+ * Credential management privileges.
+ */
+#define PRIV_CRED_SETUID 50 /* setuid. */
+#define PRIV_CRED_SETEUID 51 /* seteuid to !ruid and !svuid. */
+#define PRIV_CRED_SETGID 52 /* setgid. */
+#define PRIV_CRED_SETEGID 53 /* setgid to !rgid and !svgid. */
+#define PRIV_CRED_SETGROUPS 54 /* Set process additional groups. */
+#define PRIV_CRED_SETREUID 55 /* setreuid. */
+#define PRIV_CRED_SETREGID 56 /* setregid. */
+#define PRIV_CRED_SETRESUID 57 /* setresuid. */
+#define PRIV_CRED_SETRESGID 58 /* setresgid. */
+#define PRIV_SEEOTHERGIDS 59 /* Exempt bsd.seeothergids. */
+#define PRIV_SEEOTHERUIDS 60 /* Exempt bsd.seeotheruids. */
+
+/*
+ * Debugging privileges.
+ */
+#define PRIV_DEBUG_DIFFCRED 80 /* Exempt debugging other users. */
+#define PRIV_DEBUG_SUGID 81 /* Exempt debugging setuid proc. */
+#define PRIV_DEBUG_UNPRIV 82 /* Exempt unprivileged debug limit. */
+
+/*
+ * Dtrace privileges.
+ */
+#define PRIV_DTRACE_KERNEL 90 /* Allow use of DTrace on the kernel. */
+#define PRIV_DTRACE_PROC 91 /* Allow attaching DTrace to process. */
+#define PRIV_DTRACE_USER 92 /* Process may submit DTrace events. */
+
+/*
+ * Firmware privilegs.
+ */
+#define PRIV_FIRMWARE_LOAD 100 /* Can load firmware. */
+
+/*
+ * Jail privileges.
+ */
+#define PRIV_JAIL_ATTACH 110 /* Attach to a jail. */
+
+/*
+ * Kernel environment priveleges.
+ */
+#define PRIV_KENV_SET 120 /* Set kernel env. variables. */
+#define PRIV_KENV_UNSET 121 /* Unset kernel env. variables. */
+
+/*
+ * Loadable kernel module privileges.
+ */
+#define PRIV_KLD_LOAD 130 /* Load a kernel module. */
+#define PRIV_KLD_UNLOAD 131 /* Unload a kernel module. */
+
+/*
+ * Privileges associated with the MAC Framework and specific MAC policy
+ * modules.
+ */
+#define PRIV_MAC_PARTITION 140 /* Privilege in mac_partition policy. */
+#define PRIV_MAC_PRIVS 141 /* Privilege in the mac_privs policy. */
+
+/*
+ * Process-related privileges.
+ */
+#define PRIV_PROC_LIMIT 160 /* Exceed user process limit. */
+#define PRIV_PROC_SETLOGIN 161 /* Can call setlogin. */
+#define PRIV_PROC_SETRLIMIT 162 /* Can raise resources limits. */
+
+/* System V IPC privileges.
+ */
+#define PRIV_IPC_READ 170 /* Can override IPC read perm. */
+#define PRIV_IPC_WRITE 171 /* Can override IPC write perm. */
+#define PRIV_IPC_ADMIN 172 /* Can override IPC owner-only perm. */
+#define PRIV_IPC_MSGSIZE 173 /* Exempt IPC message queue limit. */
+
+/*
+ * POSIX message queue privileges.
+ */
+#define PRIV_MQ_ADMIN 180 /* Can override msgq owner-only perm. */
+
+/*
+ * Performance monitoring counter privileges.
+ */
+#define PRIV_PMC_MANAGE 190 /* Can administer PMC. */
+#define PRIV_PMC_SYSTEM 191 /* Can allocate a system-wide PMC. */
+
+/*
+ * Scheduling privileges.
+ */
+#define PRIV_SCHED_DIFFCRED 200 /* Exempt scheduling other users. */
+#define PRIV_SCHED_SETPRIORITY 201 /* Can set lower nice value for proc. */
+#define PRIV_SCHED_RTPRIO 202 /* Can set real time scheduling. */
+#define PRIV_SCHED_SETPOLICY 203 /* Can set scheduler policy. */
+#define PRIV_SCHED_SET 204 /* Can set thread scheduler. */
+#define PRIV_SCHED_SETPARAM 205 /* Can set thread scheduler params. */
+#define PRIV_SCHED_CPUSET 206 /* Can manipulate cpusets. */
+
+/*
+ * POSIX semaphore privileges.
+ */
+#define PRIV_SEM_WRITE 220 /* Can override sem write perm. */
+
+/*
+ * Signal privileges.
+ */
+#define PRIV_SIGNAL_DIFFCRED 230 /* Exempt signalling other users. */
+#define PRIV_SIGNAL_SUGID 231 /* Non-conserv signal setuid proc. */
+
+/*
+ * Sysctl privileges.
+ */
+#define PRIV_SYSCTL_DEBUG 240 /* Can invoke sysctl.debug. */
+#define PRIV_SYSCTL_WRITE 241 /* Can write sysctls. */
+#define PRIV_SYSCTL_WRITEJAIL 242 /* Can write sysctls, jail permitted. */
+
+/*
+ * TTY privileges.
+ */
+#define PRIV_TTY_CONSOLE 250 /* Set console to tty. */
+#define PRIV_TTY_DRAINWAIT 251 /* Set tty drain wait time. */
+#define PRIV_TTY_DTRWAIT 252 /* Set DTR wait on tty. */
+#define PRIV_TTY_EXCLUSIVE 253 /* Override tty exclusive flag. */
+#define PRIV_TTY_PRISON 254 /* Can open pts across jails. */
+#define PRIV_TTY_STI 255 /* Simulate input on another tty. */
+#define PRIV_TTY_SETA 256 /* Set tty termios structure. */
+
+/*
+ * UFS-specific privileges.
+ */
+#define PRIV_UFS_EXTATTRCTL 270 /* Can configure EAs on UFS1. */
+#define PRIV_UFS_QUOTAOFF 271 /* quotaoff(). */
+#define PRIV_UFS_QUOTAON 272 /* quotaon(). */
+#define PRIV_UFS_SETUSE 273 /* setuse(). */
+
+/*
+ * ZFS-specific privileges.
+ */
+#define PRIV_ZFS_POOL_CONFIG 280 /* Can configure ZFS pools. */
+#define PRIV_ZFS_INJECT 281 /* Can inject faults in the ZFS fault
+ injection framework. */
+#define PRIV_ZFS_JAIL 282 /* Can attach/detach ZFS file systems
+ to/from jails. */
+
+/*
+ * NFS-specific privileges.
+ */
+#define PRIV_NFS_DAEMON 290 /* Can become the NFS daemon. */
+#define PRIV_NFS_LOCKD 291 /* Can become NFS lock daemon. */
+
+/*
+ * VFS privileges.
+ */
+#define PRIV_VFS_READ 310 /* Override vnode DAC read perm. */
+#define PRIV_VFS_WRITE 311 /* Override vnode DAC write perm. */
+#define PRIV_VFS_ADMIN 312 /* Override vnode DAC admin perm. */
+#define PRIV_VFS_EXEC 313 /* Override vnode DAC exec perm. */
+#define PRIV_VFS_LOOKUP 314 /* Override vnode DAC lookup perm. */
+#define PRIV_VFS_BLOCKRESERVE 315 /* Can use free block reserve. */
+#define PRIV_VFS_CHFLAGS_DEV 316 /* Can chflags() a device node. */
+#define PRIV_VFS_CHOWN 317 /* Can set user; group to non-member. */
+#define PRIV_VFS_CHROOT 318 /* chroot(). */
+#define PRIV_VFS_RETAINSUGID 319 /* Can retain sugid bits on change. */
+#define PRIV_VFS_EXCEEDQUOTA 320 /* Exempt from quota restrictions. */
+#define PRIV_VFS_EXTATTR_SYSTEM 321 /* Operate on system EA namespace. */
+#define PRIV_VFS_FCHROOT 322 /* fchroot(). */
+#define PRIV_VFS_FHOPEN 323 /* Can fhopen(). */
+#define PRIV_VFS_FHSTAT 324 /* Can fhstat(). */
+#define PRIV_VFS_FHSTATFS 325 /* Can fhstatfs(). */
+#define PRIV_VFS_GENERATION 326 /* stat() returns generation number. */
+#define PRIV_VFS_GETFH 327 /* Can retrieve file handles. */
+#define PRIV_VFS_GETQUOTA 328 /* getquota(). */
+#define PRIV_VFS_LINK 329 /* bsd.hardlink_check_uid */
+#define PRIV_VFS_MKNOD_BAD 330 /* Can mknod() to mark bad inodes. */
+#define PRIV_VFS_MKNOD_DEV 331 /* Can mknod() to create dev nodes. */
+#define PRIV_VFS_MKNOD_WHT 332 /* Can mknod() to create whiteout. */
+#define PRIV_VFS_MOUNT 333 /* Can mount(). */
+#define PRIV_VFS_MOUNT_OWNER 334 /* Can manage other users' file systems. */
+#define PRIV_VFS_MOUNT_EXPORTED 335 /* Can set MNT_EXPORTED on mount. */
+#define PRIV_VFS_MOUNT_PERM 336 /* Override dev node perms at mount. */
+#define PRIV_VFS_MOUNT_SUIDDIR 337 /* Can set MNT_SUIDDIR on mount. */
+#define PRIV_VFS_MOUNT_NONUSER 338 /* Can perform a non-user mount. */
+#define PRIV_VFS_SETGID 339 /* Can setgid if not in group. */
+#define PRIV_VFS_SETQUOTA 340 /* setquota(). */
+#define PRIV_VFS_STICKYFILE 341 /* Can set sticky bit on file. */
+#define PRIV_VFS_SYSFLAGS 342 /* Can modify system flags. */
+#define PRIV_VFS_UNMOUNT 343 /* Can unmount(). */
+#define PRIV_VFS_STAT 344 /* Override vnode MAC stat perm. */
+
+/*
+ * Virtual memory privileges.
+ */
+#define PRIV_VM_MADV_PROTECT 360 /* Can set MADV_PROTECT. */
+#define PRIV_VM_MLOCK 361 /* Can mlock(), mlockall(). */
+#define PRIV_VM_MUNLOCK 362 /* Can munlock(), munlockall(). */
+
+/*
+ * Device file system privileges.
+ */
+#define PRIV_DEVFS_RULE 370 /* Can manage devfs rules. */
+#define PRIV_DEVFS_SYMLINK 371 /* Can create symlinks in devfs. */
+
+/*
+ * Random number generator privileges.
+ */
+#define PRIV_RANDOM_RESEED 380 /* Closing /dev/random reseeds. */
+
+/*
+ * Network stack privileges.
+ */
+#define PRIV_NET_BRIDGE 390 /* Administer bridge. */
+#define PRIV_NET_GRE 391 /* Administer GRE. */
+#define PRIV_NET_PPP 392 /* Administer PPP. */
+#define PRIV_NET_SLIP 393 /* Administer SLIP. */
+#define PRIV_NET_BPF 394 /* Monitor BPF. */
+#define PRIV_NET_RAW 395 /* Open raw socket. */
+#define PRIV_NET_ROUTE 396 /* Administer routing. */
+#define PRIV_NET_TAP 397 /* Can open tap device. */
+#define PRIV_NET_SETIFMTU 398 /* Set interface MTU. */
+#define PRIV_NET_SETIFFLAGS 399 /* Set interface flags. */
+#define PRIV_NET_SETIFCAP 400 /* Set interface capabilities. */
+#define PRIV_NET_SETIFNAME 401 /* Set interface name. */
+#define PRIV_NET_SETIFMETRIC 402 /* Set interface metrics. */
+#define PRIV_NET_SETIFPHYS 403 /* Set interface physical layer prop. */
+#define PRIV_NET_SETIFMAC 404 /* Set interface MAC label. */
+#define PRIV_NET_ADDMULTI 405 /* Add multicast addr. to ifnet. */
+#define PRIV_NET_DELMULTI 406 /* Delete multicast addr. from ifnet. */
+#define PRIV_NET_HWIOCTL 407 /* Issue hardware ioctl on ifnet. */
+#define PRIV_NET_SETLLADDR 408 /* Set interface link-level address. */
+#define PRIV_NET_ADDIFGROUP 409 /* Add new interface group. */
+#define PRIV_NET_DELIFGROUP 410 /* Delete interface group. */
+#define PRIV_NET_IFCREATE 411 /* Create cloned interface. */
+#define PRIV_NET_IFDESTROY 412 /* Destroy cloned interface. */
+#define PRIV_NET_ADDIFADDR 413 /* Add protocol addr to interface. */
+#define PRIV_NET_DELIFADDR 414 /* Delete protocol addr on interface. */
+#define PRIV_NET_LAGG 415 /* Administer lagg interface. */
+
+/*
+ * 802.11-related privileges.
+ */
+#define PRIV_NET80211_GETKEY 440 /* Query 802.11 keys. */
+#define PRIV_NET80211_MANAGE 441 /* Administer 802.11. */
+
+/*
+ * AppleTalk privileges.
+ */
+#define PRIV_NETATALK_RESERVEDPORT 450 /* Bind low port number. */
+
+/*
+ * ATM privileges.
+ */
+#define PRIV_NETATM_CFG 460
+#define PRIV_NETATM_ADD 461
+#define PRIV_NETATM_DEL 462
+#define PRIV_NETATM_SET 463
+
+/*
+ * Bluetooth privileges.
+ */
+#define PRIV_NETBLUETOOTH_RAW 470 /* Open raw bluetooth socket. */
+
+/*
+ * Netgraph and netgraph module privileges.
+ */
+#define PRIV_NETGRAPH_CONTROL 480 /* Open netgraph control socket. */
+#define PRIV_NETGRAPH_TTY 481 /* Configure tty for netgraph. */
+
+/*
+ * IPv4 and IPv6 privileges.
+ */
+#define PRIV_NETINET_RESERVEDPORT 490 /* Bind low port number. */
+#define PRIV_NETINET_IPFW 491 /* Administer IPFW firewall. */
+#define PRIV_NETINET_DIVERT 492 /* Open IP divert socket. */
+#define PRIV_NETINET_PF 493 /* Administer pf firewall. */
+#define PRIV_NETINET_DUMMYNET 494 /* Administer DUMMYNET. */
+#define PRIV_NETINET_CARP 495 /* Administer CARP. */
+#define PRIV_NETINET_MROUTE 496 /* Administer multicast routing. */
+#define PRIV_NETINET_RAW 497 /* Open netinet raw socket. */
+#define PRIV_NETINET_GETCRED 498 /* Query netinet pcb credentials. */
+#define PRIV_NETINET_ADDRCTRL6 499 /* Administer IPv6 address scopes. */
+#define PRIV_NETINET_ND6 500 /* Administer IPv6 neighbor disc. */
+#define PRIV_NETINET_SCOPE6 501 /* Administer IPv6 address scopes. */
+#define PRIV_NETINET_ALIFETIME6 502 /* Administer IPv6 address lifetimes. */
+#define PRIV_NETINET_IPSEC 503 /* Administer IPSEC. */
+#define PRIV_NETINET_REUSEPORT 504 /* Allow [rapid] port/address reuse. */
+#define PRIV_NETINET_SETHDROPTS 505 /* Set certain IPv4/6 header options. */
+
+/*
+ * IPX/SPX privileges.
+ */
+#define PRIV_NETIPX_RESERVEDPORT 520 /* Bind low port number. */
+#define PRIV_NETIPX_RAW 521 /* Open netipx raw socket. */
+
+/*
+ * NCP privileges.
+ */
+#define PRIV_NETNCP 530 /* Use another user's connection. */
+
+/*
+ * SMB privileges.
+ */
+#define PRIV_NETSMB 540 /* Use another user's connection. */
+
+/*
+ * VM86 privileges.
+ */
+#define PRIV_VM86_INTCALL 550 /* Allow invoking vm86 int handlers. */
+
+/*
+ * Set of reserved privilege values, which will be allocated to code as
+ * needed, in order to avoid renumbering later privileges due to insertion.
+ */
+#define _PRIV_RESERVED0 560
+#define _PRIV_RESERVED1 561
+#define _PRIV_RESERVED2 562
+#define _PRIV_RESERVED3 563
+#define _PRIV_RESERVED4 564
+#define _PRIV_RESERVED5 565
+#define _PRIV_RESERVED6 566
+#define _PRIV_RESERVED7 567
+#define _PRIV_RESERVED8 568
+#define _PRIV_RESERVED9 569
+#define _PRIV_RESERVED10 570
+#define _PRIV_RESERVED11 571
+#define _PRIV_RESERVED12 572
+#define _PRIV_RESERVED13 573
+#define _PRIV_RESERVED14 574
+#define _PRIV_RESERVED15 575
+
+/*
+ * Define a set of valid privilege numbers that can be used by loadable
+ * modules that don't yet have privilege reservations. Ideally, these should
+ * not be used, since their meaning is opaque to any policies that are aware
+ * of specific privileges, such as jail, and as such may be arbitrarily
+ * denied.
+ */
+#define PRIV_MODULE0 600
+#define PRIV_MODULE1 601
+#define PRIV_MODULE2 602
+#define PRIV_MODULE3 603
+#define PRIV_MODULE4 604
+#define PRIV_MODULE5 605
+#define PRIV_MODULE6 606
+#define PRIV_MODULE7 607
+#define PRIV_MODULE8 608
+#define PRIV_MODULE9 609
+#define PRIV_MODULE10 610
+#define PRIV_MODULE11 611
+#define PRIV_MODULE12 612
+#define PRIV_MODULE13 613
+#define PRIV_MODULE14 614
+#define PRIV_MODULE15 615
+
+/*
+ * DDB(4) privileges.
+ */
+#define PRIV_DDB_CAPTURE 620 /* Allow reading of DDB capture log. */
+
+/*
+ * Arla/nnpfs privileges.
+ */
+#define PRIV_NNPFS_DEBUG 630 /* Perforn ARLA_VIOC_NNPFSDEBUG. */
+
+/*
+ * cpuctl(4) privileges.
+ */
+#define PRIV_CPUCTL_WRMSR 640 /* Write model-specific register. */
+#define PRIV_CPUCTL_UPDATE 641 /* Update cpu microcode. */
+
+/*
+ * Track end of privilege list.
+ */
+#define _PRIV_HIGHEST 642
+
+/*
+ * Validate that a named privilege is known by the privilege system. Invalid
+ * privileges presented to the privilege system by a priv_check interface
+ * will result in a panic. This is only approximate due to sparse allocation
+ * of the privilege space.
+ */
+#define PRIV_VALID(x) ((x) > _PRIV_LOWEST && (x) < _PRIV_HIGHEST)
+
+#ifdef _KERNEL
+/*
+ * Privilege check interfaces, modeled after historic suser() interfacs, but
+ * with the addition of a specific privilege name. No flags are currently
+ * defined for the API. Historically, flags specified using the real uid
+ * instead of the effective uid, and whether or not the check should be
+ * allowed in jail.
+ */
+struct thread;
+struct ucred;
+int priv_check(struct thread *td, int priv);
+int priv_check_cred(struct ucred *cred, int priv, int flags);
+#endif
+
+#endif /* !_SYS_PRIV_H_ */
#include <sys/systm.h>
#include <sys/nlookup.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/kernel.h>
#include <sys/vnode.h>
#include <sys/mount.h>
break;
/* fall through */
default:
- if ((error = suser_cred(cred, PRISON_ROOT)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
}
#include <sys/buf.h>
#include <sys/stat.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/mount.h>
#include <sys/time.h>
#include <sys/vnode.h>
tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
ip->i_nlink = 1;
if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
- suser_cred(cnp->cn_cred, PRISON_ROOT))
+ priv_check_cred(cnp->cn_cred, PRIV_ROOT, PRISON_ROOT))
ip->i_mode &= ~ISGID;
if (cnp->cn_flags & CNP_ISWHITEOUT)
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != ip->i_uid &&
- (error = suser_cred(cred, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
return (error);
/*
* Note that a root chflags becomes a user chflags when
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != ip->i_uid &&
- (error = suser_cred(cred, PRISON_ROOT)) &&
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(vp, VWRITE, cred))))
return (error);
int error;
if (cred->cr_uid != ip->i_uid) {
- error = suser_cred(cred, PRISON_ROOT);
+ error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT);
if (error)
return (error);
}
if ((cred->cr_uid != ip->i_uid || uid != ip->i_uid ||
(gid != ip->i_gid && !(cred->cr_gid == gid ||
groupmember((gid_t)gid, cred)))) &&
- (error = suser_cred(cred, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
return (error);
ogid = ip->i_gid;
ouid = ip->i_uid;
#include <sys/mountctl.h>
#include <sys/vnode.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/stat.h>
#include <sys/globaldata.h>
#include <sys/lockf.h>
struct hammer_transaction trans;
int error;
- error = suser_cred(cred, PRISON_ROOT);
+ error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT);
hammer_start_transaction(&trans, ip->hmp);
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/stat.h>
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != hp->h_uid &&
- (error = suser_cred(cred, PRISON_ROOT)) &&
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(vp, VWRITE, cred))))
return (error);
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/nlookup.h>
#include <sys/kernel.h>
#include <sys/vnode.h>
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
error = VOP_ACCESS(devvp, accessmode, cred);
if (error)
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error) {
vput(devvp);
return (error);
#include <sys/stat.h>
#include <sys/buf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/namei.h>
#include <sys/mount.h>
#include <sys/unistd.h>
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != pmp->pm_uid &&
- (error = suser_cred(cred, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
return (error);
/*
* We are very inconsistent about handling unsupported
gid = pmp->pm_gid;
if ((cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid ||
(gid != pmp->pm_gid && !groupmember(gid, cred))) &&
- (error = suser_cred(cred, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
return error;
if (uid != pmp->pm_uid || gid != pmp->pm_gid)
return EINVAL;
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != pmp->pm_uid &&
- (error = suser_cred(cred, PRISON_ROOT)) &&
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(ap->a_vp, VWRITE, cred))))
return (error);
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != pmp->pm_uid &&
- (error = suser_cred(cred, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
return (error);
if (vp->v_type != VDIR) {
/* We ignore the read and execute bits. */
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/nlookup.h>
#include <sys/namei.h>
#include <sys/unistd.h>
if (vap->va_type == VCHR && rdev == 0xffffffff)
vap->va_type = VFIFO;
if (vap->va_type != VFIFO &&
- (error = suser_cred(cred, 0))) {
+ (error = priv_check_cred(cred, PRIV_ROOT, 0))) {
goto nfsmreply0;
}
vap->va_rmajor = umajor(rdev);
vrele(dvp);
dvp = NULL;
} else {
- if (vtyp != VFIFO && (error = suser_cred(cred, 0)))
+ if (vtyp != VFIFO && (error = priv_check_cred(cred, PRIV_ROOT, 0)))
goto out;
vn_unlock(dvp);
#include <sys/malloc.h>
#include <sys/mount.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/buf.h>
#include <sys/mbuf.h>
#include <sys/resourcevar.h>
/*
* Must be super user
*/
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if(error)
return (error);
KKASSERT(td->td_proc); /* for ucred and p_fd */
((p1)->p_ucred->cr_ruid == (p2)->p_ucred->cr_ruid) && \
((p1)->p_ucred->cr_svuid == (p2)->p_ucred->cr_ruid) && \
((p2)->p_flag & (P_SUGID|P_INEXEC)) == 0) || \
- (suser_cred((p1)->p_ucred, PRISON_ROOT) == 0))
+ (priv_check_cred((p1)->p_ucred, PRIV_ROOT, PRISON_ROOT) == 0))
/*
* Convert between pfsnode vnode
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/vnode.h>
#include <sys/ptrace.h>
#include <sys/signalvar.h>
#include <sys/param.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/vnode.h>
#include <sys/reg.h>
#include <vfs/procfs/procfs.h>
#include <sys/param.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/vnode.h>
#include <sys/reg.h>
#include <vfs/procfs/procfs.h>
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/vnode.h>
#include <vfs/procfs/procfs.h>
#include <vm/vm.h>
#include <sys/param.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/vnode.h>
#include <sys/reg.h>
#include <vfs/procfs/procfs.h>
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/jail.h>
#include <sys/vnode.h>
#include <sys/tty.h>
#include <sys/lock.h>
#include <sys/fcntl.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/signalvar.h>
#include <sys/vnode.h>
#include <sys/uio.h>
*/
#define NFLAGS (PF_ISUGID)
flags = (unsigned char)*(unsigned int*)ap->a_data;
- if (flags & NFLAGS && (error = suser_cred(ap->a_cred, 0)))
+ if (flags & NFLAGS && (error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)))
return error;
procp->p_pfsflags = flags;
break;
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/namei.h>
#include <sys/fcntl.h>
#include <sys/mount.h>
atime = &vap->va_atime;
if (mtime != atime) {
if (ap->a_cred->cr_uid != VTOSMBFS(vp)->sm_args.uid &&
- (error = suser_cred(ap->a_cred, PRISON_ROOT)) &&
+ (error = priv_check_cred(ap->a_cred, PRIV_ROOT, PRISON_ROOT)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(vp, VWRITE, ap->a_cred))))
return (error);
#include <sys/mount.h>
#include <sys/nlookup.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/queue.h>
#include <sys/vnode.h>
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
error = VOP_ACCESS(devvp, VREAD, cred);
if (error)
- error = suser_cred(cred, 0);
+ error = priv_check_cred(cred, PRIV_ROOT, 0);
if (error) {
vput(devvp);
return(error);
#include <sys/kernel.h>
#include <sys/mount.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/malloc.h>
#include <sys/vnode.h>
break;
/* fall through */
default:
- if ((error = suser_cred(cred, PRISON_ROOT)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
}
#include <sys/stat.h>
#include <sys/buf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/namei.h>
#include <sys/mount.h>
#include <sys/unistd.h>
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != ip->i_uid &&
- (error = suser_cred(cred, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
return (error);
/*
* Note that a root chflags becomes a user chflags when
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != ip->i_uid &&
- (error = suser_cred(cred, PRISON_ROOT)) &&
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)) &&
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
(error = VOP_ACCESS(vp, VWRITE, cred))))
return (error);
int error;
if (cred->cr_uid != ip->i_uid) {
- error = suser_cred(cred, PRISON_ROOT);
+ error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT);
if (error)
return (error);
}
if ((cred->cr_uid != ip->i_uid || uid != ip->i_uid ||
(gid != ip->i_gid && !(cred->cr_gid == gid ||
groupmember((gid_t)gid, cred)))) &&
- (error = suser_cred(cred, PRISON_ROOT)))
+ (error = priv_check_cred(cred, PRIV_ROOT, PRISON_ROOT)))
return (error);
ogid = ip->i_gid;
ouid = ip->i_uid;
if (DOINGSOFTDEP(tvp))
softdep_change_linkcnt(ip);
if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred) &&
- suser_cred(cnp->cn_cred, 0)) {
+ priv_check_cred(cnp->cn_cred, PRIV_ROOT, 0)) {
ip->i_mode &= ~ISGID;
}
#include <sys/filedesc.h>
#include <sys/kern_syscall.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/resource.h>
#include <sys/resourcevar.h>
#include <sys/vnode.h>
if (securelevel >= 1)
disablexworkaround = 1;
else
- disablexworkaround = suser(td);
+ disablexworkaround = priv_check(td, PRIV_ROOT);
if (vp->v_type == VCHR && disablexworkaround &&
(flags & (MAP_PRIVATE|MAP_COPY))) {
error = EINVAL;
p->p_rlimit[RLIMIT_MEMLOCK].rlim_cur)
return (ENOMEM);
#else
- error = suser_cred(p->p_ucred, 0);
+ error = priv_check_cred(p->p_ucred, PRIV_ROOT, 0);
if (error)
return (error);
#endif
return (EINVAL);
#ifndef pmap_wired_count
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
#endif
#include <sys/sysproto.h>
#include <sys/buf.h>
#include <sys/proc.h>
+#include <sys/priv.h>
#include <sys/nlookup.h>
#include <sys/dmap.h> /* XXX */
#include <sys/vnode.h>
KKASSERT(td->td_proc);
cred = td->td_proc->p_ucred;
- error = suser(td);
+ error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
projects / dragonfly.git / commitdiff