2 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by the University of
21 * California, Berkeley and its contributors.
22 * 4. Neither the name of the University nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * @(#)kern_prot.c 8.6 (Berkeley) 1/21/94
39 * $FreeBSD: src/sys/kern/kern_prot.c,v 1.53.2.9 2002/03/09 05:20:26 dd Exp $
40 * $DragonFly: src/sys/kern/kern_prot.c,v 1.29 2008/02/16 15:53:39 matthias Exp $
44 * System calls related to processes and protection
47 #include "opt_compat.h"
49 #include <sys/param.h>
51 #include <sys/systm.h>
52 #include <sys/sysproto.h>
53 #include <sys/kernel.h>
57 #include <sys/malloc.h>
58 #include <sys/pioctl.h>
59 #include <sys/resourcevar.h>
61 #include <sys/lockf.h>
62 #include <sys/spinlock.h>
64 #include <sys/thread2.h>
65 #include <sys/spinlock2.h>
66 #include <sys/mplock2.h>
68 static MALLOC_DEFINE(M_CRED, "cred", "credentials");
74 sys_getpid(struct getpid_args *uap)
76 struct proc *p = curproc;
78 uap->sysmsg_fds[0] = p->p_pid;
79 #if defined(COMPAT_43) || defined(COMPAT_SUNOS)
81 uap->sysmsg_fds[1] = p->p_pptr->p_pid;
91 sys_getppid(struct getppid_args *uap)
93 struct proc *p = curproc;
96 uap->sysmsg_result = p->p_pptr->p_pid;
106 sys_lwp_gettid(struct lwp_gettid_args *uap)
108 struct lwp *lp = curthread->td_lwp;
110 uap->sysmsg_result = lp->lwp_tid;
115 * Get process group ID; note that POSIX getpgrp takes no parameter
120 sys_getpgrp(struct getpgrp_args *uap)
122 struct proc *p = curproc;
124 uap->sysmsg_result = p->p_pgrp->pg_id;
129 * Get an arbitrary pid's process group id
134 sys_getpgid(struct getpgid_args *uap)
136 struct proc *p = curproc;
146 pt = pfind(uap->pid);
151 uap->sysmsg_result = pt->p_pgrp->pg_id;
157 * Get an arbitrary pid's session id.
162 sys_getsid(struct getsid_args *uap)
164 struct proc *p = curproc;
174 pt = pfind(uap->pid);
179 uap->sysmsg_result = pt->p_session->s_sid;
191 sys_getuid(struct getuid_args *uap)
193 struct ucred *cred = curthread->td_ucred;
195 uap->sysmsg_fds[0] = cred->cr_ruid;
196 #if defined(COMPAT_43) || defined(COMPAT_SUNOS)
197 uap->sysmsg_fds[1] = cred->cr_uid;
208 sys_geteuid(struct geteuid_args *uap)
210 struct ucred *cred = curthread->td_ucred;
212 uap->sysmsg_result = cred->cr_uid;
222 sys_getgid(struct getgid_args *uap)
224 struct ucred *cred = curthread->td_ucred;
226 uap->sysmsg_fds[0] = cred->cr_rgid;
227 #if defined(COMPAT_43) || defined(COMPAT_SUNOS)
228 uap->sysmsg_fds[1] = cred->cr_groups[0];
234 * Get effective group ID. The "egid" is groups[0], and could be obtained
235 * via getgroups. This syscall exists because it is somewhat painful to do
236 * correctly in a library function.
241 sys_getegid(struct getegid_args *uap)
243 struct ucred *cred = curthread->td_ucred;
245 uap->sysmsg_result = cred->cr_groups[0];
253 sys_getgroups(struct getgroups_args *uap)
259 cr = curthread->td_ucred;
260 if ((ngrp = uap->gidsetsize) == 0) {
261 uap->sysmsg_result = cr->cr_ngroups;
264 if (ngrp < cr->cr_ngroups)
266 ngrp = cr->cr_ngroups;
267 error = copyout((caddr_t)cr->cr_groups,
268 (caddr_t)uap->gidset, ngrp * sizeof(gid_t));
270 uap->sysmsg_result = ngrp;
278 sys_setsid(struct setsid_args *uap)
280 struct proc *p = curproc;
284 if (p->p_pgid == p->p_pid || pgfind(p->p_pid)) {
287 enterpgrp(p, p->p_pid, 1);
288 uap->sysmsg_result = p->p_pid;
296 * set process group (setpgid/old setpgrp)
298 * caller does setpgid(targpid, targpgid)
300 * pid must be caller or child of caller (ESRCH)
302 * pid must be in same session (EPERM)
303 * pid can't have done an exec (EACCES)
305 * there must exist some pid in same session having pgid (EPERM)
306 * pid must not be session leader (EPERM)
311 sys_setpgid(struct setpgid_args *uap)
313 struct proc *curp = curproc;
314 struct proc *targp; /* target process */
315 struct pgrp *pgrp; /* target pgrp */
322 if (uap->pid != 0 && uap->pid != curp->p_pid) {
323 if ((targp = pfind(uap->pid)) == 0 || !inferior(targp)) {
327 if (targp->p_pgrp == NULL ||
328 targp->p_session != curp->p_session) {
332 if (targp->p_flag & P_EXEC) {
339 if (SESS_LEADER(targp)) {
343 if (uap->pgid == 0) {
344 uap->pgid = targp->p_pid;
345 } else if (uap->pgid != targp->p_pid) {
346 if ((pgrp = pgfind(uap->pgid)) == 0 ||
347 pgrp->pg_session != curp->p_session) {
352 error = enterpgrp(targp, uap->pgid, 0);
359 * Use the clause in B.4.2.2 that allows setuid/setgid to be 4.2/4.3BSD
360 * compatible. It says that setting the uid/gid to euid/egid is a special
361 * case of "appropriate privilege". Once the rules are expanded out, this
362 * basically means that setuid(nnn) sets all three id's, in all permitted
363 * cases unless _POSIX_SAVED_IDS is enabled. In that case, setuid(getuid())
364 * does not set the saved id - this is dangerous for traditional BSD
365 * programs. For this reason, we *really* do not want to set
366 * _POSIX_SAVED_IDS and do not want to clear POSIX_APPENDIX_B_4_2_2.
368 #define POSIX_APPENDIX_B_4_2_2
374 sys_setuid(struct setuid_args *uap)
376 struct proc *p = curproc;
385 * See if we have "permission" by POSIX 1003.1 rules.
387 * Note that setuid(geteuid()) is a special case of
388 * "appropriate privileges" in appendix B.4.2.2. We need
389 * to use this clause to be compatible with traditional BSD
390 * semantics. Basically, it means that "setuid(xx)" sets all
391 * three id's (assuming you have privs).
393 * Notes on the logic. We do things in three steps.
394 * 1: We determine if the euid is going to change, and do EPERM
395 * right away. We unconditionally change the euid later if this
396 * test is satisfied, simplifying that part of the logic.
397 * 2: We determine if the real and/or saved uid's are going to
398 * change. Determined by compile options.
399 * 3: Change euid last. (after tests in #2 for "appropriate privs")
402 if (uid != cr->cr_ruid && /* allow setuid(getuid()) */
403 #ifdef _POSIX_SAVED_IDS
404 uid != crc->cr_svuid && /* allow setuid(saved gid) */
406 #ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
407 uid != cr->cr_uid && /* allow setuid(geteuid()) */
409 (error = priv_check_cred(cr, PRIV_CRED_SETUID, 0)))
412 #ifdef _POSIX_SAVED_IDS
414 * Do we have "appropriate privileges" (are we root or uid == euid)
415 * If so, we are changing the real uid and/or saved uid.
418 #ifdef POSIX_APPENDIX_B_4_2_2 /* Use the clause from B.4.2.2 */
421 priv_check_cred(cr, PRIV_CRED_SETUID, 0) == 0) /* we are using privs */
425 * Set the real uid and transfer proc count to new user.
427 if (uid != cr->cr_ruid) {
428 cr = change_ruid(uid);
434 * XXX always set saved uid even if not _POSIX_SAVED_IDS, as
435 * the security of seteuid() depends on it. B.4.2.2 says it
436 * is important that we should do this.
438 if (cr->cr_svuid != uid) {
439 cr = cratom(&p->p_ucred);
446 * In all permitted cases, we are changing the euid.
447 * Copy credentials so other references do not see our changes.
449 if (cr->cr_uid != uid) {
463 sys_seteuid(struct seteuid_args *uap)
465 struct proc *p = curproc;
473 if (euid != cr->cr_ruid && /* allow seteuid(getuid()) */
474 euid != cr->cr_svuid && /* allow seteuid(saved uid) */
475 (error = priv_check_cred(cr, PRIV_CRED_SETEUID, 0))) {
481 * Everything's okay, do it. Copy credentials so other references do
482 * not see our changes.
484 if (cr->cr_uid != euid) {
496 sys_setgid(struct setgid_args *uap)
498 struct proc *p = curproc;
507 * See if we have "permission" by POSIX 1003.1 rules.
509 * Note that setgid(getegid()) is a special case of
510 * "appropriate privileges" in appendix B.4.2.2. We need
511 * to use this clause to be compatible with traditional BSD
512 * semantics. Basically, it means that "setgid(xx)" sets all
513 * three id's (assuming you have privs).
515 * For notes on the logic here, see setuid() above.
518 if (gid != cr->cr_rgid && /* allow setgid(getgid()) */
519 #ifdef _POSIX_SAVED_IDS
520 gid != cr->cr_svgid && /* allow setgid(saved gid) */
522 #ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
523 gid != cr->cr_groups[0] && /* allow setgid(getegid()) */
525 (error = priv_check_cred(cr, PRIV_CRED_SETGID, 0))) {
529 #ifdef _POSIX_SAVED_IDS
531 * Do we have "appropriate privileges" (are we root or gid == egid)
532 * If so, we are changing the real uid and saved gid.
535 #ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */
536 gid == cr->cr_groups[0] ||
538 priv_check_cred(cr, PRIV_CRED_SETGID, 0) == 0) /* we are using privs */
544 if (cr->cr_rgid != gid) {
545 cr = cratom(&p->p_ucred);
552 * XXX always set saved gid even if not _POSIX_SAVED_IDS, as
553 * the security of setegid() depends on it. B.4.2.2 says it
554 * is important that we should do this.
556 if (cr->cr_svgid != gid) {
557 cr = cratom(&p->p_ucred);
563 * In all cases permitted cases, we are changing the egid.
564 * Copy credentials so other references do not see our changes.
566 if (cr->cr_groups[0] != gid) {
567 cr = cratom(&p->p_ucred);
568 cr->cr_groups[0] = gid;
581 sys_setegid(struct setegid_args *uap)
583 struct proc *p = curproc;
591 if (egid != cr->cr_rgid && /* allow setegid(getgid()) */
592 egid != cr->cr_svgid && /* allow setegid(saved gid) */
593 (error = priv_check_cred(cr, PRIV_CRED_SETEGID, 0))) {
596 if (cr->cr_groups[0] != egid) {
597 cr = cratom(&p->p_ucred);
598 cr->cr_groups[0] = egid;
611 sys_setgroups(struct setgroups_args *uap)
613 struct proc *p = curproc;
621 if ((error = priv_check_cred(cr, PRIV_CRED_SETGROUPS, 0)))
623 ngrp = uap->gidsetsize;
624 if (ngrp > NGROUPS) {
629 * XXX A little bit lazy here. We could test if anything has
630 * changed before cratom() and setting P_SUGID.
632 cr = cratom(&p->p_ucred);
635 * setgroups(0, NULL) is a legitimate way of clearing the
636 * groups vector on non-BSD systems (which generally do not
637 * have the egid in the groups[0]). We risk security holes
638 * when running non-BSD software if we do not do the same.
642 error = copyin(uap->gidset, cr->cr_groups,
643 ngrp * sizeof(gid_t));
646 cr->cr_ngroups = ngrp;
659 sys_setreuid(struct setreuid_args *uap)
661 struct proc *p = curproc;
671 if (((ruid != (uid_t)-1 && ruid != cr->cr_ruid && ruid != cr->cr_svuid) ||
672 (euid != (uid_t)-1 && euid != cr->cr_uid &&
673 euid != cr->cr_ruid && euid != cr->cr_svuid)) &&
674 (error = priv_check_cred(cr, PRIV_CRED_SETREUID, 0)) != 0) {
678 if (euid != (uid_t)-1 && cr->cr_uid != euid) {
679 cr = change_euid(euid);
682 if (ruid != (uid_t)-1 && cr->cr_ruid != ruid) {
683 cr = change_ruid(ruid);
686 if ((ruid != (uid_t)-1 || cr->cr_uid != cr->cr_ruid) &&
687 cr->cr_svuid != cr->cr_uid) {
688 cr = cratom(&p->p_ucred);
689 cr->cr_svuid = cr->cr_uid;
702 sys_setregid(struct setregid_args *uap)
704 struct proc *p = curproc;
714 if (((rgid != (gid_t)-1 && rgid != cr->cr_rgid && rgid != cr->cr_svgid) ||
715 (egid != (gid_t)-1 && egid != cr->cr_groups[0] &&
716 egid != cr->cr_rgid && egid != cr->cr_svgid)) &&
717 (error = priv_check_cred(cr, PRIV_CRED_SETREGID, 0)) != 0) {
721 if (egid != (gid_t)-1 && cr->cr_groups[0] != egid) {
722 cr = cratom(&p->p_ucred);
723 cr->cr_groups[0] = egid;
726 if (rgid != (gid_t)-1 && cr->cr_rgid != rgid) {
727 cr = cratom(&p->p_ucred);
731 if ((rgid != (gid_t)-1 || cr->cr_groups[0] != cr->cr_rgid) &&
732 cr->cr_svgid != cr->cr_groups[0]) {
733 cr = cratom(&p->p_ucred);
734 cr->cr_svgid = cr->cr_groups[0];
744 * setresuid(ruid, euid, suid) is like setreuid except control over the
745 * saved uid is explicit.
750 sys_setresuid(struct setresuid_args *uap)
752 struct proc *p = curproc;
754 uid_t ruid, euid, suid;
763 if (((ruid != (uid_t)-1 && ruid != cr->cr_ruid && ruid != cr->cr_svuid &&
764 ruid != cr->cr_uid) ||
765 (euid != (uid_t)-1 && euid != cr->cr_ruid && euid != cr->cr_svuid &&
766 euid != cr->cr_uid) ||
767 (suid != (uid_t)-1 && suid != cr->cr_ruid && suid != cr->cr_svuid &&
768 suid != cr->cr_uid)) &&
769 (error = priv_check_cred(cr, PRIV_CRED_SETRESUID, 0)) != 0) {
772 if (euid != (uid_t)-1 && cr->cr_uid != euid) {
773 cr = change_euid(euid);
776 if (ruid != (uid_t)-1 && cr->cr_ruid != ruid) {
777 cr = change_ruid(ruid);
780 if (suid != (uid_t)-1 && cr->cr_svuid != suid) {
781 cr = cratom(&p->p_ucred);
792 * setresgid(rgid, egid, sgid) is like setregid except control over the
793 * saved gid is explicit.
798 sys_setresgid(struct setresgid_args *uap)
800 struct proc *p = curproc;
802 gid_t rgid, egid, sgid;
810 if (((rgid != (gid_t)-1 && rgid != cr->cr_rgid && rgid != cr->cr_svgid &&
811 rgid != cr->cr_groups[0]) ||
812 (egid != (gid_t)-1 && egid != cr->cr_rgid && egid != cr->cr_svgid &&
813 egid != cr->cr_groups[0]) ||
814 (sgid != (gid_t)-1 && sgid != cr->cr_rgid && sgid != cr->cr_svgid &&
815 sgid != cr->cr_groups[0])) &&
816 (error = priv_check_cred(cr, PRIV_CRED_SETRESGID, 0)) != 0) {
820 if (egid != (gid_t)-1 && cr->cr_groups[0] != egid) {
821 cr = cratom(&p->p_ucred);
822 cr->cr_groups[0] = egid;
825 if (rgid != (gid_t)-1 && cr->cr_rgid != rgid) {
826 cr = cratom(&p->p_ucred);
830 if (sgid != (gid_t)-1 && cr->cr_svgid != sgid) {
831 cr = cratom(&p->p_ucred);
845 sys_getresuid(struct getresuid_args *uap)
847 struct proc *p = curproc;
849 int error1 = 0, error2 = 0, error3 = 0;
854 error1 = copyout((caddr_t)&cr->cr_ruid,
855 (caddr_t)uap->ruid, sizeof(cr->cr_ruid));
857 error2 = copyout((caddr_t)&cr->cr_uid,
858 (caddr_t)uap->euid, sizeof(cr->cr_uid));
860 error3 = copyout((caddr_t)&cr->cr_svuid,
861 (caddr_t)uap->suid, sizeof(cr->cr_svuid));
863 return error1 ? error1 : (error2 ? error2 : error3);
870 sys_getresgid(struct getresgid_args *uap)
873 int error1 = 0, error2 = 0, error3 = 0;
875 cr = curthread->td_ucred;
877 error1 = copyout(&cr->cr_rgid, uap->rgid,
878 sizeof(cr->cr_rgid));
880 error2 = copyout(&cr->cr_groups[0], uap->egid,
881 sizeof(cr->cr_groups[0]));
883 error3 = copyout(&cr->cr_svgid, uap->sgid,
884 sizeof(cr->cr_svgid));
885 return error1 ? error1 : (error2 ? error2 : error3);
890 * NOTE: OpenBSD sets a P_SUGIDEXEC flag set at execve() time,
891 * we use P_SUGID because we consider changing the owners as
892 * "tainting" as well.
893 * This is significant for procs that start as root and "become"
894 * a user without an exec - programs cannot know *everything*
895 * that libc *might* have put in their data segment.
900 sys_issetugid(struct issetugid_args *uap)
902 uap->sysmsg_result = (curproc->p_flag & P_SUGID) ? 1 : 0;
907 * Check if gid is a member of the group set.
910 groupmember(gid_t gid, struct ucred *cred)
915 egp = &(cred->cr_groups[cred->cr_ngroups]);
916 for (gp = cred->cr_groups; gp < egp; gp++) {
924 * Test whether the specified credentials have the privilege
927 * A kernel thread without a process context is assumed to have
928 * the privilege in question. In situations where the caller always
929 * expect a cred to exist, the cred should be passed separately and
930 * priv_check_cred() should be used instead of priv_check().
932 * Returns 0 or error.
937 priv_check(struct thread *td, int priv)
939 if (td->td_lwp != NULL)
940 return priv_check_cred(td->td_ucred, priv, 0);
945 * Check a credential for privilege.
947 * A non-null credential is expected unless NULL_CRED_OKAY is set.
952 priv_check_cred(struct ucred *cred, int priv, int flags)
956 KASSERT(PRIV_VALID(priv), ("priv_check_cred: invalid privilege"));
958 KASSERT(cred != NULL || flags & NULL_CRED_OKAY,
959 ("priv_check_cred: NULL cred!"));
962 if (flags & NULL_CRED_OKAY)
967 if (cred->cr_uid != 0)
970 error = prison_priv_check(cred, priv);
974 /* NOTE: accounting for suser access (p_acflag/ASU) removed */
979 * Return zero if p1 can fondle p2, return errno (EPERM/ESRCH) otherwise.
982 p_trespass(struct ucred *cr1, struct ucred *cr2)
986 if (!PRISON_CHECK(cr1, cr2))
988 if (cr1->cr_ruid == cr2->cr_ruid)
990 if (cr1->cr_uid == cr2->cr_ruid)
992 if (cr1->cr_ruid == cr2->cr_uid)
994 if (cr1->cr_uid == cr2->cr_uid)
996 if (priv_check_cred(cr1, PRIV_PROC_TRESPASS, 0) == 0)
1004 static __inline void
1005 _crinit(struct ucred *cr)
1014 crinit(struct ucred *cr)
1016 bzero(cr, sizeof(*cr));
1021 * Allocate a zeroed cred structure.
1030 cr = kmalloc(sizeof(*cr), M_CRED, M_WAITOK|M_ZERO);
1036 * Claim another reference to a ucred structure. Can be used with special
1039 * It must be possible to call this routine with spinlocks held, meaning
1040 * that this routine itself cannot obtain a spinlock.
1045 crhold(struct ucred *cr)
1047 if (cr != NOCRED && cr != FSCRED)
1048 atomic_add_int(&cr->cr_ref, 1);
1053 * Drop a reference from the cred structure, free it if the reference count
1056 * NOTE: because we used atomic_add_int() above, without a spinlock, we
1057 * must also use atomic_subtract_int() below. A spinlock is required
1058 * in crfree() to handle multiple callers racing the refcount to 0.
1063 crfree(struct ucred *cr)
1065 if (cr->cr_ref <= 0)
1066 panic("Freeing already free credential! %p", cr);
1067 if (atomic_fetchadd_int(&cr->cr_ref, -1) == 1) {
1069 * Some callers of crget(), such as nfs_statfs(),
1070 * allocate a temporary credential, but don't
1071 * allocate a uidinfo structure.
1073 if (cr->cr_uidinfo != NULL) {
1074 uidrop(cr->cr_uidinfo);
1075 cr->cr_uidinfo = NULL;
1077 if (cr->cr_ruidinfo != NULL) {
1078 uidrop(cr->cr_ruidinfo);
1079 cr->cr_ruidinfo = NULL;
1083 * Destroy empty prisons
1086 prison_free(cr->cr_prison);
1087 cr->cr_prison = NULL; /* safety */
1089 FREE((caddr_t)cr, M_CRED);
1094 * Atomize a cred structure so it can be modified without polluting
1095 * other references to it.
1097 * MPSAFE (however, *pcr must be stable)
1100 cratom(struct ucred **pcr)
1102 struct ucred *oldcr;
1103 struct ucred *newcr;
1106 if (oldcr->cr_ref == 1)
1110 if (newcr->cr_uidinfo)
1111 uihold(newcr->cr_uidinfo);
1112 if (newcr->cr_ruidinfo)
1113 uihold(newcr->cr_ruidinfo);
1115 prison_hold(newcr->cr_prison);
1122 #if 0 /* no longer used but keep around for a little while */
1124 * Copy cred structure to a new one and free the old one.
1126 * MPSAFE (*cr must be stable)
1129 crcopy(struct ucred *cr)
1131 struct ucred *newcr;
1133 if (cr->cr_ref == 1)
1137 if (newcr->cr_uidinfo)
1138 uihold(newcr->cr_uidinfo);
1139 if (newcr->cr_ruidinfo)
1140 uihold(newcr->cr_ruidinfo);
1142 prison_hold(newcr->cr_prison);
1150 * Dup cred struct to a new held one.
1153 crdup(struct ucred *cr)
1155 struct ucred *newcr;
1159 if (newcr->cr_uidinfo)
1160 uihold(newcr->cr_uidinfo);
1161 if (newcr->cr_ruidinfo)
1162 uihold(newcr->cr_ruidinfo);
1164 prison_hold(newcr->cr_prison);
1170 * Fill in a struct xucred based on a struct ucred.
1173 cru2x(struct ucred *cr, struct xucred *xcr)
1176 bzero(xcr, sizeof(*xcr));
1177 xcr->cr_version = XUCRED_VERSION;
1178 xcr->cr_uid = cr->cr_uid;
1179 xcr->cr_ngroups = cr->cr_ngroups;
1180 bcopy(cr->cr_groups, xcr->cr_groups, sizeof(cr->cr_groups));
1184 * Get login name, if available.
1189 sys_getlogin(struct getlogin_args *uap)
1191 struct proc *p = curproc;
1192 char buf[MAXLOGNAME];
1195 if (uap->namelen > MAXLOGNAME) /* namelen is unsigned */
1196 uap->namelen = MAXLOGNAME;
1198 bzero(buf, sizeof(buf));
1199 bcopy(p->p_pgrp->pg_session->s_login, buf, uap->namelen);
1202 error = copyout(buf, uap->namebuf, uap->namelen);
1212 sys_setlogin(struct setlogin_args *uap)
1214 struct thread *td = curthread;
1217 char buf[MAXLOGNAME];
1220 cred = td->td_ucred;
1223 if ((error = priv_check_cred(cred, PRIV_PROC_SETLOGIN, 0)))
1225 bzero(buf, sizeof(buf));
1226 error = copyinstr(uap->namebuf, buf, sizeof(buf), NULL);
1227 if (error == ENAMETOOLONG)
1231 memcpy(p->p_pgrp->pg_session->s_login, buf, sizeof(buf));
1240 struct proc *p = curproc;
1242 KKASSERT(p != NULL);
1243 p->p_flag |= P_SUGID;
1244 if (!(p->p_pfsflags & PF_ISUGID))
1249 * Helper function to change the effective uid of a process
1252 change_euid(uid_t euid)
1254 struct proc *p = curproc;
1257 KKASSERT(p != NULL);
1258 lf_count_adjust(p, 0);
1259 cr = cratom(&p->p_ucred);
1261 uireplace(&cr->cr_uidinfo, uifind(euid));
1262 lf_count_adjust(p, 1);
1267 * Helper function to change the real uid of a process
1269 * The per-uid process count for this process is transfered from
1270 * the old uid to the new uid.
1273 change_ruid(uid_t ruid)
1275 struct proc *p = curproc;
1278 KKASSERT(p != NULL);
1280 cr = cratom(&p->p_ucred);
1281 chgproccnt(cr->cr_ruidinfo, -1, 0);
1283 uireplace(&cr->cr_ruidinfo, uifind(ruid));
1284 chgproccnt(cr->cr_ruidinfo, 1, 0);