Consistent usage of KAUTH_GENERIC_ISSUSER.
This commit is contained in:
elad
parent
878f749ef4
commit
1e70d64818
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: svr4_machdep.c,v 1.22 2006/07/23 22:06:05 ad Exp $ */
|
||||
/* $NetBSD: svr4_machdep.c,v 1.23 2007/01/04 17:50:00 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1999 The NetBSD Foundation, Inc.
|
||||
|
|
@ -37,7 +37,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: svr4_machdep.c,v 1.22 2006/07/23 22:06:05 ad Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: svr4_machdep.c,v 1.23 2007/01/04 17:50:00 elad Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
|
|
@ -296,7 +296,7 @@ svr4_sys_sysarch(struct lwp *l, void *v, register_t *retval)
|
|||
switch (SCARG(uap, op)) {
|
||||
case SVR4_SYSARCH_SETNAME:
|
||||
if ((error = kauth_authorize_generic(l->l_cred,
|
||||
KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0)
|
||||
KAUTH_GENERIC_ISSUSER, NULL)) != 0)
|
||||
return (error);
|
||||
if ((error = copyinstr(SCARG(uap, a1), tmp, sizeof (tmp), &len))
|
||||
!= 0)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: lpt.c,v 1.46 2006/07/23 22:06:06 ad Exp $ */
|
||||
/* $NetBSD: lpt.c,v 1.47 2007/01/04 17:50:00 elad Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1994 Matthias Pfaller.
|
||||
|
|
@ -60,7 +60,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: lpt.c,v 1.46 2006/07/23 22:06:06 ad Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: lpt.c,v 1.47 2007/01/04 17:50:00 elad Exp $");
|
||||
|
||||
#include "opt_inet.h"
|
||||
|
||||
|
|
@ -613,7 +613,7 @@ plipioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
|||
|
||||
case SIOCSIFMTU:
|
||||
if ((error = kauth_authorize_generic(l->l_cred,
|
||||
KAUTH_GENERIC_ISSUSER, &l->l_acflag)))
|
||||
KAUTH_GENERIC_ISSUSER, NULL)))
|
||||
return(error);
|
||||
if (ifp->if_mtu != ifr->ifr_mtu) {
|
||||
ifp->if_mtu = ifr->ifr_mtu;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: tctrl.c,v 1.35 2006/07/23 22:06:07 ad Exp $ */
|
||||
/* $NetBSD: tctrl.c,v 1.36 2007/01/04 17:50:00 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1998, 2005, 2006 The NetBSD Foundation, Inc.
|
||||
|
|
@ -37,7 +37,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: tctrl.c,v 1.35 2006/07/23 22:06:07 ad Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: tctrl.c,v 1.36 2007/01/04 17:50:00 elad Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
|
|
@ -1175,7 +1175,7 @@ tctrlioctl(dev_t dev, u_long cmd, caddr_t data, int flags, struct lwp *l)
|
|||
case TCTRL_CMD_REQ:
|
||||
reqn = (struct tctrl_req *)data;
|
||||
if ((i = kauth_authorize_generic(l->l_cred,
|
||||
KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0 &&
|
||||
KAUTH_GENERIC_ISSUSER, NULL)) != 0 &&
|
||||
(reqn->cmdbuf[0] == TS102_OP_CTL_BITPORT ||
|
||||
(reqn->cmdbuf[0] >= TS102_OP_CTL_WATCHDOG &&
|
||||
reqn->cmdbuf[0] <= TS102_OP_CTL_SECURITY_KEY) ||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: xd.c,v 1.54 2006/07/23 22:06:07 ad Exp $ */
|
||||
/* $NetBSD: xd.c,v 1.55 2007/01/04 17:50:00 elad Exp $ */
|
||||
|
||||
/*
|
||||
*
|
||||
|
|
@ -52,7 +52,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: xd.c,v 1.54 2006/07/23 22:06:07 ad Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: xd.c,v 1.55 2007/01/04 17:50:00 elad Exp $");
|
||||
|
||||
#undef XDC_DEBUG /* full debug */
|
||||
#define XDC_DIAG /* extra sanity checks */
|
||||
|
|
@ -875,7 +875,7 @@ xdioctl(dev_t dev, u_long command, caddr_t addr, int flag, struct lwp *l)
|
|||
case DIOSXDCMD:
|
||||
xio = (struct xd_iocmd *) addr;
|
||||
if ((error = kauth_authorize_generic(l->l_cred,
|
||||
KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0)
|
||||
KAUTH_GENERIC_ISSUSER, NULL)) != 0)
|
||||
return (error);
|
||||
return (xdc_ioctlcmd(xd, dev, xio));
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: xy.c,v 1.57 2006/07/23 22:06:07 ad Exp $ */
|
||||
/* $NetBSD: xy.c,v 1.58 2007/01/04 17:50:00 elad Exp $ */
|
||||
|
||||
/*
|
||||
*
|
||||
|
|
@ -52,7 +52,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: xy.c,v 1.57 2006/07/23 22:06:07 ad Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: xy.c,v 1.58 2007/01/04 17:50:00 elad Exp $");
|
||||
|
||||
#undef XYC_DEBUG /* full debug */
|
||||
#undef XYC_DIAG /* extra sanity checks */
|
||||
|
|
@ -828,7 +828,7 @@ xyioctl(dev_t dev, u_long command, caddr_t addr, int flag, struct lwp *l)
|
|||
case DIOSXDCMD:
|
||||
xio = (struct xd_iocmd *) addr;
|
||||
if ((error = kauth_authorize_generic(l->l_cred,
|
||||
KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0)
|
||||
KAUTH_GENERIC_ISSUSER, NULL)) != 0)
|
||||
return (error);
|
||||
return (xyc_ioctlcmd(xy, dev, xio));
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: smbfs_vnops.c,v 1.57 2006/12/09 16:11:51 chs Exp $ */
|
||||
/* $NetBSD: smbfs_vnops.c,v 1.58 2007/01/04 17:26:12 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2003 The NetBSD Foundation, Inc.
|
||||
|
|
@ -71,7 +71,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: smbfs_vnops.c,v 1.57 2006/12/09 16:11:51 chs Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: smbfs_vnops.c,v 1.58 2007/01/04 17:26:12 elad Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
|
|
@ -453,7 +453,7 @@ smbfs_setattr(v)
|
|||
if (kauth_cred_geteuid(ap->a_cred) !=
|
||||
VTOSMBFS(vp)->sm_args.uid &&
|
||||
(error = kauth_authorize_generic(ap->a_cred,
|
||||
KAUTH_GENERIC_ISSUSER, &ap->a_l->l_acflag)) &&
|
||||
KAUTH_GENERIC_ISSUSER, NULL)) &&
|
||||
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
|
||||
(error = VOP_ACCESS(ap->a_vp, VWRITE, ap->a_cred, ap->a_l))))
|
||||
return (error);
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: kern_event.c,v 1.33 2006/11/01 10:17:58 yamt Exp $ */
|
||||
/* $NetBSD: kern_event.c,v 1.34 2007/01/04 17:38:25 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1999,2000,2001 Jonathan Lemon <jlemon@FreeBSD.org>
|
||||
|
|
@ -29,7 +29,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: kern_event.c,v 1.33 2006/11/01 10:17:58 yamt Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: kern_event.c,v 1.34 2007/01/04 17:38:25 elad Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
|
|
@ -382,7 +382,7 @@ filt_procattach(struct knote *kn)
|
|||
*/
|
||||
if ((kauth_cred_getuid(p->p_cred) != kauth_cred_getuid(curl->l_cred) ||
|
||||
(p->p_flag & P_SUGID)) && kauth_authorize_generic(curl->l_cred,
|
||||
KAUTH_GENERIC_ISSUSER, &curl->l_acflag) != 0)
|
||||
KAUTH_GENERIC_ISSUSER, NULL) != 0)
|
||||
return (EACCES);
|
||||
|
||||
kn->kn_ptr.p_proc = p;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: kern_ktrace.c,v 1.112 2006/11/28 17:27:10 elad Exp $ */
|
||||
/* $NetBSD: kern_ktrace.c,v 1.113 2007/01/04 17:38:26 elad Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1989, 1993
|
||||
|
|
@ -32,7 +32,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.112 2006/11/28 17:27:10 elad Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.113 2007/01/04 17:38:26 elad Exp $");
|
||||
|
||||
#include "opt_ktrace.h"
|
||||
#include "opt_compat_mach.h"
|
||||
|
|
@ -1079,7 +1079,8 @@ ktrops(struct lwp *curl, struct proc *p, int ops, int facs,
|
|||
ktradref(p);
|
||||
}
|
||||
p->p_traceflag |= facs;
|
||||
if (kauth_cred_geteuid(curl->l_cred) == 0)
|
||||
if (kauth_authorize_generic(curl->l_cred,
|
||||
KAUTH_GENERIC_ISSUSER, NULL) == 0)
|
||||
p->p_traceflag |= KTRFAC_ROOT;
|
||||
} else {
|
||||
/* KTROP_CLEAR */
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: kern_sysctl.c,v 1.206 2006/11/01 10:17:58 yamt Exp $ */
|
||||
/* $NetBSD: kern_sysctl.c,v 1.207 2007/01/04 17:38:25 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2003 The NetBSD Foundation, Inc.
|
||||
|
|
@ -75,7 +75,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: kern_sysctl.c,v 1.206 2006/11/01 10:17:58 yamt Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: kern_sysctl.c,v 1.207 2007/01/04 17:38:25 elad Exp $");
|
||||
|
||||
#include "opt_defcorename.h"
|
||||
#include "opt_ktrace.h"
|
||||
|
|
@ -1481,7 +1481,7 @@ sysctl_lookup(SYSCTLFN_ARGS)
|
|||
if (l != NULL && newp != NULL &&
|
||||
!(rnode->sysctl_flags & CTLFLAG_ANYWRITE) &&
|
||||
(error = kauth_authorize_generic(l->l_cred,
|
||||
KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0)
|
||||
KAUTH_GENERIC_ISSUSER, NULL)) != 0)
|
||||
return (error);
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: kern_systrace.c,v 1.63 2006/11/28 17:58:10 elad Exp $ */
|
||||
/* $NetBSD: kern_systrace.c,v 1.64 2007/01/04 17:38:26 elad Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 2002, 2003 Niels Provos <provos@citi.umich.edu>
|
||||
|
|
@ -31,7 +31,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: kern_systrace.c,v 1.63 2006/11/28 17:58:10 elad Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: kern_systrace.c,v 1.64 2007/01/04 17:38:26 elad Exp $");
|
||||
|
||||
#include "opt_systrace.h"
|
||||
|
||||
|
|
@ -584,7 +584,7 @@ systraceopen(dev_t dev, int flag, int mode, struct lwp *l)
|
|||
TAILQ_INIT(&fst->policies);
|
||||
|
||||
if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag) == 0)
|
||||
NULL) == 0)
|
||||
fst->issuser = 1;
|
||||
fst->p_ruid = kauth_cred_getuid(l->l_cred);
|
||||
fst->p_rgid = kauth_cred_getgid(l->l_cred);
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: kern_tc.c,v 1.16 2006/11/01 10:17:58 yamt Exp $ */
|
||||
/* $NetBSD: kern_tc.c,v 1.17 2007/01/04 17:38:26 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* ----------------------------------------------------------------------------
|
||||
|
|
@ -11,7 +11,7 @@
|
|||
|
||||
#include <sys/cdefs.h>
|
||||
/* __FBSDID("$FreeBSD: src/sys/kern/kern_tc.c,v 1.166 2005/09/19 22:16:31 andre Exp $"); */
|
||||
__KERNEL_RCSID(0, "$NetBSD: kern_tc.c,v 1.16 2006/11/01 10:17:58 yamt Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: kern_tc.c,v 1.17 2007/01/04 17:38:26 elad Exp $");
|
||||
|
||||
#include "opt_ntp.h"
|
||||
|
||||
|
|
@ -129,7 +129,7 @@ sysctl_kern_timecounter_hardware(SYSCTLFN_ARGS)
|
|||
return error;
|
||||
|
||||
if (l != NULL && (error = kauth_authorize_generic(l->l_cred,
|
||||
KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0)
|
||||
KAUTH_GENERIC_ISSUSER, NULL)) != 0)
|
||||
return (error);
|
||||
|
||||
/* XXX locking */
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: sysv_ipc.c,v 1.18 2006/11/25 21:40:05 christos Exp $ */
|
||||
/* $NetBSD: sysv_ipc.c,v 1.19 2007/01/04 17:38:26 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1998 The NetBSD Foundation, Inc.
|
||||
|
|
@ -37,7 +37,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: sysv_ipc.c,v 1.18 2006/11/25 21:40:05 christos Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: sysv_ipc.c,v 1.19 2007/01/04 17:38:26 elad Exp $");
|
||||
|
||||
#include "opt_sysv.h"
|
||||
|
||||
|
|
@ -72,7 +72,7 @@ ipcperm(kauth_cred_t cred, struct ipc_perm *perm, int mode)
|
|||
mode_t mask;
|
||||
int ismember = 0;
|
||||
|
||||
if (kauth_cred_geteuid(cred) == 0)
|
||||
if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) == 0)
|
||||
return (0);
|
||||
|
||||
if (mode == IPC_M) {
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: sysv_msg.c,v 1.46 2006/11/01 10:17:59 yamt Exp $ */
|
||||
/* $NetBSD: sysv_msg.c,v 1.47 2007/01/04 17:38:26 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1999 The NetBSD Foundation, Inc.
|
||||
|
|
@ -57,7 +57,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: sysv_msg.c,v 1.46 2006/11/01 10:17:59 yamt Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: sysv_msg.c,v 1.47 2007/01/04 17:38:26 elad Exp $");
|
||||
|
||||
#define SYSVMSG
|
||||
|
||||
|
|
@ -270,7 +270,8 @@ msgctl1(struct lwp *l, int msqid, int cmd, struct msqid_ds *msqbuf)
|
|||
if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_M)))
|
||||
return (error);
|
||||
if (msqbuf->msg_qbytes > msqptr->msg_qbytes &&
|
||||
kauth_cred_geteuid(cred) != 0)
|
||||
kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
|
||||
NULL) != 0)
|
||||
return (EPERM);
|
||||
if (msqbuf->msg_qbytes > msginfo.msgmnb) {
|
||||
MSG_PRINTF(("can't increase msg_qbytes beyond %d "
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: tty.c,v 1.188 2006/09/13 13:28:22 martin Exp $ */
|
||||
/* $NetBSD: tty.c,v 1.189 2007/01/04 17:38:26 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1982, 1986, 1990, 1991, 1993
|
||||
|
|
@ -37,7 +37,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: tty.c,v 1.188 2006/09/13 13:28:22 martin Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: tty.c,v 1.189 2007/01/04 17:38:26 elad Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
|
|
@ -1112,10 +1112,13 @@ ttioctl(struct tty *tp, u_long cmd, caddr_t data, int flag, struct lwp *l)
|
|||
splx(s);
|
||||
break;
|
||||
case TIOCSTI: /* simulate terminal input */
|
||||
if (kauth_cred_geteuid(l->l_cred) && (flag & FREAD) == 0)
|
||||
return (EPERM);
|
||||
if (kauth_cred_geteuid(l->l_cred) && !isctty(p, tp))
|
||||
return (EACCES);
|
||||
if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
|
||||
NULL) != 0) {
|
||||
if (!ISSET(flag, FREAD))
|
||||
return (EPERM);
|
||||
if (!isctty(p, tp))
|
||||
return (EACCES);
|
||||
}
|
||||
(*tp->t_linesw->l_rint)(*(u_char *)data, tp);
|
||||
break;
|
||||
case TIOCSTOP: /* stop output, like ^S */
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: uipc_sem.c,v 1.18 2006/11/01 10:17:59 yamt Exp $ */
|
||||
/* $NetBSD: uipc_sem.c,v 1.19 2007/01/04 17:38:26 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2003 The NetBSD Foundation, Inc.
|
||||
|
|
@ -63,7 +63,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: uipc_sem.c,v 1.18 2006/11/01 10:17:59 yamt Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: uipc_sem.c,v 1.19 2007/01/04 17:38:26 elad Exp $");
|
||||
|
||||
#include "opt_posix.h"
|
||||
|
||||
|
|
@ -270,7 +270,7 @@ ksem_perm(struct lwp *l, struct ksem *ks)
|
|||
if ((kauth_cred_geteuid(uc) == ks->ks_uid && (ks->ks_mode & S_IWUSR) != 0) ||
|
||||
(kauth_cred_getegid(uc) == ks->ks_gid && (ks->ks_mode & S_IWGRP) != 0) ||
|
||||
(ks->ks_mode & S_IWOTH) != 0 ||
|
||||
kauth_authorize_generic(uc, KAUTH_GENERIC_ISSUSER, &l->l_acflag) == 0)
|
||||
kauth_authorize_generic(uc, KAUTH_GENERIC_ISSUSER, NULL) == 0)
|
||||
return (0);
|
||||
return (EPERM);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: vfs_subr.c,v 1.277 2006/12/27 12:22:14 yamt Exp $ */
|
||||
/* $NetBSD: vfs_subr.c,v 1.278 2007/01/04 17:38:27 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1997, 1998, 2004, 2005 The NetBSD Foundation, Inc.
|
||||
|
|
@ -80,7 +80,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: vfs_subr.c,v 1.277 2006/12/27 12:22:14 yamt Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: vfs_subr.c,v 1.278 2007/01/04 17:38:27 elad Exp $");
|
||||
|
||||
#include "opt_inet.h"
|
||||
#include "opt_ddb.h"
|
||||
|
|
@ -2120,7 +2120,7 @@ vaccess(enum vtype type, mode_t file_mode, uid_t uid, gid_t gid,
|
|||
* Super-user always gets read/write access, but execute access depends
|
||||
* on at least one execute bit being set.
|
||||
*/
|
||||
if (kauth_cred_geteuid(cred) == 0) {
|
||||
if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) == 0) {
|
||||
if ((acc_mode & VEXEC) && type != VDIR &&
|
||||
(file_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) == 0)
|
||||
return (EACCES);
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: vfs_syscalls.c,v 1.293 2007/01/03 23:20:58 wrstuden Exp $ */
|
||||
/* $NetBSD: vfs_syscalls.c,v 1.294 2007/01/04 17:38:26 elad Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1989, 1993
|
||||
|
|
@ -37,7 +37,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.293 2007/01/03 23:20:58 wrstuden Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.294 2007/01/04 17:38:26 elad Exp $");
|
||||
|
||||
#include "opt_compat_netbsd.h"
|
||||
#include "opt_compat_43.h"
|
||||
|
|
@ -550,7 +550,7 @@ sys_unmount(struct lwp *l, void *v, register_t *retval)
|
|||
*/
|
||||
if ((mp->mnt_stat.f_owner != kauth_cred_geteuid(l->l_cred)) &&
|
||||
(error = kauth_authorize_generic(l->l_cred,
|
||||
KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0) {
|
||||
KAUTH_GENERIC_ISSUSER, NULL)) != 0) {
|
||||
vput(vp);
|
||||
return (error);
|
||||
}
|
||||
|
|
@ -2659,8 +2659,7 @@ change_flags(struct vnode *vp, u_long flags, struct lwp *l)
|
|||
* Non-superusers cannot change the flags on devices, even if they
|
||||
* own them.
|
||||
*/
|
||||
if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag) != 0) {
|
||||
if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, NULL)) {
|
||||
if ((error = VOP_GETATTR(vp, &vattr, l->l_cred, l)) != 0)
|
||||
goto out;
|
||||
if (vattr.va_type == VCHR || vattr.va_type == VBLK) {
|
||||
|
|
@ -3679,7 +3678,7 @@ sys_revoke(struct lwp *l, void *v, register_t *retval)
|
|||
goto out;
|
||||
if (kauth_cred_geteuid(l->l_cred) != vattr.va_uid &&
|
||||
(error = kauth_authorize_generic(l->l_cred,
|
||||
KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0)
|
||||
KAUTH_GENERIC_ISSUSER, NULL)) != 0)
|
||||
goto out;
|
||||
if ((error = vn_start_write(vp, &mp, V_WAIT | V_PCATCH)) != 0)
|
||||
goto out;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: vfs_xattr.c,v 1.9 2006/11/01 10:17:59 yamt Exp $ */
|
||||
/* $NetBSD: vfs_xattr.c,v 1.10 2007/01/04 17:38:26 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2005 The NetBSD Foundation, Inc.
|
||||
|
|
@ -75,7 +75,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: vfs_xattr.c,v 1.9 2006/11/01 10:17:59 yamt Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: vfs_xattr.c,v 1.10 2007/01/04 17:38:26 elad Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
|
|
@ -115,7 +115,7 @@ extattr_check_cred(struct vnode *vp, int attrnamespace,
|
|||
* these requests come from kernel code (NOCRED case above)?
|
||||
*/
|
||||
return (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag));
|
||||
NULL));
|
||||
|
||||
case EXTATTR_NAMESPACE_USER:
|
||||
return (VOP_ACCESS(vp, access, cred, l));
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ext2fs_alloc.c,v 1.33 2006/12/09 22:07:48 chs Exp $ */
|
||||
/* $NetBSD: ext2fs_alloc.c,v 1.34 2007/01/04 16:55:29 elad Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1982, 1986, 1989, 1993
|
||||
|
|
@ -65,7 +65,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ext2fs_alloc.c,v 1.33 2006/12/09 22:07:48 chs Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ext2fs_alloc.c,v 1.34 2007/01/04 16:55:29 elad Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
|
|
@ -128,7 +128,8 @@ ext2fs_alloc(struct inode *ip, daddr_t lbn, daddr_t bpref,
|
|||
#endif /* DIAGNOSTIC */
|
||||
if (fs->e2fs.e2fs_fbcount == 0)
|
||||
goto nospace;
|
||||
if (kauth_cred_geteuid(cred) != 0 && freespace(fs) <= 0)
|
||||
if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) != 0 &&
|
||||
freespace(fs) <= 0)
|
||||
goto nospace;
|
||||
if (bpref >= fs->e2fs.e2fs_bcount)
|
||||
bpref = 0;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ext2fs_lookup.c,v 1.47 2006/12/09 16:11:52 chs Exp $ */
|
||||
/* $NetBSD: ext2fs_lookup.c,v 1.48 2007/01/04 16:55:29 elad Exp $ */
|
||||
|
||||
/*
|
||||
* Modified for NetBSD 1.2E
|
||||
|
|
@ -48,7 +48,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ext2fs_lookup.c,v 1.47 2006/12/09 16:11:52 chs Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ext2fs_lookup.c,v 1.48 2007/01/04 16:55:29 elad Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
|
|
@ -597,7 +597,7 @@ found:
|
|||
* implements append-only directories.
|
||||
*/
|
||||
if ((dp->i_e2fs_mode & ISVTX) &&
|
||||
kauth_cred_geteuid(cred) != 0 &&
|
||||
kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) &&
|
||||
kauth_cred_geteuid(cred) != dp->i_e2fs_uid &&
|
||||
VTOI(tdp)->i_e2fs_uid != kauth_cred_geteuid(cred)) {
|
||||
vput(tdp);
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ext2fs_readwrite.c,v 1.43 2006/05/14 21:32:21 elad Exp $ */
|
||||
/* $NetBSD: ext2fs_readwrite.c,v 1.44 2007/01/04 16:55:29 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1993
|
||||
|
|
@ -65,7 +65,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ext2fs_readwrite.c,v 1.43 2006/05/14 21:32:21 elad Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ext2fs_readwrite.c,v 1.44 2007/01/04 16:55:29 elad Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
|
|
@ -394,7 +394,8 @@ ext2fs_write(void *v)
|
|||
|
||||
out:
|
||||
ip->i_flag |= IN_CHANGE | IN_UPDATE;
|
||||
if (resid > uio->uio_resid && ap->a_cred && kauth_cred_geteuid(ap->a_cred) != 0)
|
||||
if (resid > uio->uio_resid && ap->a_cred &&
|
||||
kauth_authorize_generic(ap->a_cred, KAUTH_GENERIC_ISSUSER, NULL))
|
||||
ip->i_e2fs_mode &= ~(ISUID | ISGID);
|
||||
if (resid > uio->uio_resid)
|
||||
VN_KNOTE(vp, NOTE_WRITE | (extended ? NOTE_EXTEND : 0));
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ext2fs_vfsops.c,v 1.105 2006/11/16 01:33:51 christos Exp $ */
|
||||
/* $NetBSD: ext2fs_vfsops.c,v 1.106 2007/01/04 16:55:29 elad Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1989, 1991, 1993, 1994
|
||||
|
|
@ -65,7 +65,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ext2fs_vfsops.c,v 1.105 2006/11/16 01:33:51 christos Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ext2fs_vfsops.c,v 1.106 2007/01/04 16:55:29 elad Exp $");
|
||||
|
||||
#if defined(_KERNEL_OPT)
|
||||
#include "opt_compat_netbsd.h"
|
||||
|
|
@ -317,7 +317,8 @@ ext2fs_mount(struct mount *mp, const char *path, void *data,
|
|||
* If mount by non-root, then verify that user has necessary
|
||||
* permissions on the device.
|
||||
*/
|
||||
if (error == 0 && kauth_cred_geteuid(l->l_cred) != 0) {
|
||||
if (error == 0 && kauth_authorize_generic(l->l_cred,
|
||||
KAUTH_GENERIC_ISSUSER, NULL) != 0) {
|
||||
accessmode = VREAD;
|
||||
if (update ?
|
||||
(mp->mnt_iflag & IMNT_WANTRDWR) != 0 :
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ext2fs_vnops.c,v 1.71 2007/01/02 11:18:57 elad Exp $ */
|
||||
/* $NetBSD: ext2fs_vnops.c,v 1.72 2007/01/04 16:55:29 elad Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1982, 1986, 1989, 1993
|
||||
|
|
@ -70,7 +70,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.71 2007/01/02 11:18:57 elad Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.72 2007/01/04 16:55:29 elad Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
|
|
@ -350,10 +350,11 @@ ext2fs_setattr(void *v)
|
|||
return (EROFS);
|
||||
if (kauth_cred_geteuid(cred) != ip->i_e2fs_uid &&
|
||||
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag)))
|
||||
NULL)))
|
||||
return (error);
|
||||
#ifdef EXT2FS_SYSTEM_FLAGS
|
||||
if (kauth_cred_geteuid(cred) == 0) {
|
||||
if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
|
||||
NULL) == 0) {
|
||||
if ((ip->i_e2fs_flags &
|
||||
(EXT2_APPEND | EXT2_IMMUTABLE)) &&
|
||||
kauth_authorize_system(l->l_cred,
|
||||
|
|
@ -413,7 +414,7 @@ ext2fs_setattr(void *v)
|
|||
return (EROFS);
|
||||
if (kauth_cred_geteuid(cred) != ip->i_e2fs_uid &&
|
||||
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag)) &&
|
||||
NULL)) &&
|
||||
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
|
||||
(error = VOP_ACCESS(vp, VWRITE, cred, l))))
|
||||
return (error);
|
||||
|
|
@ -449,9 +450,9 @@ ext2fs_chmod(struct vnode *vp, int mode, kauth_cred_t cred, struct lwp *l)
|
|||
|
||||
if (kauth_cred_geteuid(cred) != ip->i_e2fs_uid &&
|
||||
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag)))
|
||||
NULL)))
|
||||
return (error);
|
||||
if (kauth_cred_geteuid(cred)) {
|
||||
if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL)) {
|
||||
if (vp->v_type != VDIR && (mode & S_ISTXT))
|
||||
return (EFTYPE);
|
||||
if ((kauth_cred_ismember_gid(cred, ip->i_e2fs_gid, &ismember) != 0 ||
|
||||
|
|
@ -490,8 +491,7 @@ ext2fs_chown(struct vnode *vp, uid_t uid, gid_t gid, kauth_cred_t cred,
|
|||
(gid != ip->i_e2fs_gid &&
|
||||
!(kauth_cred_getegid(cred) == gid ||
|
||||
(kauth_cred_ismember_gid(cred, gid, &ismember) == 0 && ismember)))) &&
|
||||
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag)))
|
||||
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL)))
|
||||
return (error);
|
||||
ogid = ip->i_e2fs_gid;
|
||||
ouid = ip->i_e2fs_uid;
|
||||
|
|
@ -500,9 +500,11 @@ ext2fs_chown(struct vnode *vp, uid_t uid, gid_t gid, kauth_cred_t cred,
|
|||
ip->i_e2fs_uid = uid;
|
||||
if (ouid != uid || ogid != gid)
|
||||
ip->i_flag |= IN_CHANGE;
|
||||
if (ouid != uid && kauth_cred_geteuid(cred) != 0)
|
||||
if (ouid != uid && kauth_authorize_generic(cred,
|
||||
KAUTH_GENERIC_ISSUSER, NULL) != 0)
|
||||
ip->i_e2fs_mode &= ~ISUID;
|
||||
if (ogid != gid && kauth_cred_geteuid(cred) != 0)
|
||||
if (ogid != gid && kauth_authorize_generic(cred,
|
||||
KAUTH_GENERIC_ISSUSER, NULL) != 0)
|
||||
ip->i_e2fs_mode &= ~ISGID;
|
||||
return (0);
|
||||
}
|
||||
|
|
@ -865,7 +867,9 @@ abortit:
|
|||
* otherwise the destination may not be changed (except by
|
||||
* root). This implements append-only directories.
|
||||
*/
|
||||
if ((dp->i_e2fs_mode & S_ISTXT) && kauth_cred_geteuid(tcnp->cn_cred) != 0 &&
|
||||
if ((dp->i_e2fs_mode & S_ISTXT) &&
|
||||
kauth_authorize_generic(tcnp->cn_cred,
|
||||
KAUTH_GENERIC_ISSUSER, NULL) != 0 &&
|
||||
kauth_cred_geteuid(tcnp->cn_cred) != dp->i_e2fs_uid &&
|
||||
xp->i_e2fs_uid != kauth_cred_geteuid(tcnp->cn_cred)) {
|
||||
error = EPERM;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ffs_alloc.c,v 1.96 2006/11/16 01:33:53 christos Exp $ */
|
||||
/* $NetBSD: ffs_alloc.c,v 1.97 2007/01/04 16:55:29 elad Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2002 Networks Associates Technology, Inc.
|
||||
|
|
@ -41,7 +41,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ffs_alloc.c,v 1.96 2006/11/16 01:33:53 christos Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ffs_alloc.c,v 1.97 2007/01/04 16:55:29 elad Exp $");
|
||||
|
||||
#if defined(_KERNEL_OPT)
|
||||
#include "opt_ffs.h"
|
||||
|
|
@ -157,7 +157,8 @@ ffs_alloc(struct inode *ip, daddr_t lbn, daddr_t bpref, int size,
|
|||
#endif /* DIAGNOSTIC */
|
||||
if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0)
|
||||
goto nospace;
|
||||
if (kauth_cred_geteuid(cred) != 0 && freespace(fs, fs->fs_minfree) <= 0)
|
||||
if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) != 0 &&
|
||||
freespace(fs, fs->fs_minfree) <= 0)
|
||||
goto nospace;
|
||||
#ifdef QUOTA
|
||||
if ((error = chkdq(ip, btodb(size), cred, 0)) != 0)
|
||||
|
|
@ -236,7 +237,8 @@ ffs_realloccg(struct inode *ip, daddr_t lbprev, daddr_t bpref, int osize,
|
|||
if (cred == NOCRED)
|
||||
panic("ffs_realloccg: missing credential");
|
||||
#endif /* DIAGNOSTIC */
|
||||
if (kauth_cred_geteuid(cred) != 0 && freespace(fs, fs->fs_minfree) <= 0)
|
||||
if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) != 0 &&
|
||||
freespace(fs, fs->fs_minfree) <= 0)
|
||||
goto nospace;
|
||||
if (fs->fs_magic == FS_UFS2_MAGIC)
|
||||
bprev = ufs_rw64(ip->i_ffs2_db[lbprev], UFS_FSNEEDSWAP(fs));
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ffs_snapshot.c,v 1.38 2006/12/02 17:21:11 hannken Exp $ */
|
||||
/* $NetBSD: ffs_snapshot.c,v 1.39 2007/01/04 16:55:29 elad Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 2000 Marshall Kirk McKusick. All Rights Reserved.
|
||||
|
|
@ -38,7 +38,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ffs_snapshot.c,v 1.38 2006/12/02 17:21:11 hannken Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ffs_snapshot.c,v 1.39 2007/01/04 16:55:29 elad Exp $");
|
||||
|
||||
#if defined(_KERNEL_OPT)
|
||||
#include "opt_ffs.h"
|
||||
|
|
@ -183,7 +183,7 @@ ffs_snapshot(struct mount *mp, struct vnode *vp,
|
|||
if (vp->v_usecount != 1 || vp->v_writecount != 0)
|
||||
return EBUSY;
|
||||
if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag) != 0 &&
|
||||
NULL) != 0 &&
|
||||
VTOI(vp)->i_uid != kauth_cred_geteuid(l->l_cred))
|
||||
return EACCES;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ffs_vfsops.c,v 1.190 2006/11/16 01:33:53 christos Exp $ */
|
||||
/* $NetBSD: ffs_vfsops.c,v 1.191 2007/01/04 16:55:29 elad Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1989, 1991, 1993, 1994
|
||||
|
|
@ -32,7 +32,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ffs_vfsops.c,v 1.190 2006/11/16 01:33:53 christos Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ffs_vfsops.c,v 1.191 2007/01/04 16:55:29 elad Exp $");
|
||||
|
||||
#if defined(_KERNEL_OPT)
|
||||
#include "opt_ffs.h"
|
||||
|
|
@ -262,7 +262,8 @@ ffs_mount(struct mount *mp, const char *path, void *data,
|
|||
* If mount by non-root, then verify that user has necessary
|
||||
* permissions on the device.
|
||||
*/
|
||||
if (error == 0 && kauth_cred_geteuid(l->l_cred) != 0) {
|
||||
if (error == 0 && kauth_authorize_generic(l->l_cred,
|
||||
KAUTH_GENERIC_ISSUSER, NULL) != 0) {
|
||||
accessmode = VREAD;
|
||||
if (update ?
|
||||
(mp->mnt_iflag & IMNT_WANTRDWR) != 0 :
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: lfs_syscalls.c,v 1.118 2006/11/16 01:33:53 christos Exp $ */
|
||||
/* $NetBSD: lfs_syscalls.c,v 1.119 2007/01/04 16:55:29 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc.
|
||||
|
|
@ -67,7 +67,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: lfs_syscalls.c,v 1.118 2006/11/16 01:33:53 christos Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: lfs_syscalls.c,v 1.119 2007/01/04 16:55:29 elad Exp $");
|
||||
|
||||
#ifndef LFS
|
||||
# define LFS /* for prototypes in syscallargs.h */
|
||||
|
|
@ -126,7 +126,7 @@ sys_lfs_markv(struct lwp *l, void *v, register_t *retval)
|
|||
struct mount *mntp;
|
||||
|
||||
if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag)) != 0)
|
||||
NULL)) != 0)
|
||||
return (error);
|
||||
|
||||
if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
|
||||
|
|
@ -169,7 +169,7 @@ sys_lfs_markv(struct lwp *l, void *v, register_t *retval)
|
|||
struct mount *mntp;
|
||||
|
||||
if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag)) != 0)
|
||||
NULL)) != 0)
|
||||
return (error);
|
||||
|
||||
if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
|
||||
|
|
@ -565,7 +565,7 @@ sys_lfs_bmapv(struct lwp *l, void *v, register_t *retval)
|
|||
struct mount *mntp;
|
||||
|
||||
if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag)) != 0)
|
||||
NULL)) != 0)
|
||||
return (error);
|
||||
|
||||
if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
|
||||
|
|
@ -607,7 +607,7 @@ sys_lfs_bmapv(struct lwp *l, void *v, register_t *retval)
|
|||
struct mount *mntp;
|
||||
|
||||
if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag)) != 0)
|
||||
NULL)) != 0)
|
||||
return (error);
|
||||
|
||||
if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
|
||||
|
|
@ -841,7 +841,7 @@ sys_lfs_segclean(struct lwp *l, void *v, register_t *retval)
|
|||
unsigned long segnum;
|
||||
|
||||
if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag)) != 0)
|
||||
NULL)) != 0)
|
||||
return (error);
|
||||
|
||||
if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
|
||||
|
|
@ -980,7 +980,7 @@ sys_lfs_segwait(struct lwp *l, void *v, register_t *retval)
|
|||
|
||||
/* XXX need we be su to segwait? */
|
||||
if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag)) != 0)
|
||||
NULL)) != 0)
|
||||
return (error);
|
||||
if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
|
||||
return (error);
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: lfs_vfsops.c,v 1.224 2006/11/16 01:33:53 christos Exp $ */
|
||||
/* $NetBSD: lfs_vfsops.c,v 1.225 2007/01/04 16:55:30 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc.
|
||||
|
|
@ -67,7 +67,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: lfs_vfsops.c,v 1.224 2006/11/16 01:33:53 christos Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: lfs_vfsops.c,v 1.225 2007/01/04 16:55:30 elad Exp $");
|
||||
|
||||
#if defined(_KERNEL_OPT)
|
||||
#include "opt_quota.h"
|
||||
|
|
@ -428,7 +428,8 @@ lfs_mount(struct mount *mp, const char *path, void *data, struct nameidata *ndp,
|
|||
* If mount by non-root, then verify that user has necessary
|
||||
* permissions on the device.
|
||||
*/
|
||||
if (error == 0 && kauth_cred_geteuid(l->l_cred) != 0) {
|
||||
if (error == 0 && kauth_authorize_generic(l->l_cred,
|
||||
KAUTH_GENERIC_ISSUSER, NULL) != 0) {
|
||||
accessmode = VREAD;
|
||||
if (update ?
|
||||
(mp->mnt_iflag & IMNT_WANTRDWR) != 0 :
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: lfs_vnops.c,v 1.195 2007/01/03 02:42:23 perseant Exp $ */
|
||||
/* $NetBSD: lfs_vnops.c,v 1.196 2007/01/04 16:55:30 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc.
|
||||
|
|
@ -67,7 +67,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: lfs_vnops.c,v 1.195 2007/01/03 02:42:23 perseant Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: lfs_vnops.c,v 1.196 2007/01/04 16:55:30 elad Exp $");
|
||||
|
||||
#ifdef _KERNEL_OPT
|
||||
#include "opt_compat_netbsd.h"
|
||||
|
|
@ -1427,7 +1427,7 @@ lfs_fcntl(void *v)
|
|||
l = ap->a_l;
|
||||
if (((ap->a_command & 0xff00) >> 8) == 'L' &&
|
||||
(error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag)) != 0)
|
||||
NULL)) != 0)
|
||||
return (error);
|
||||
|
||||
fs = VTOI(ap->a_vp)->i_lfs;
|
||||
|
|
@ -1517,7 +1517,7 @@ lfs_fcntl(void *v)
|
|||
case LFCNIFILEFH_COMPAT:
|
||||
/* Return the filehandle of the Ifile */
|
||||
if ((error = kauth_authorize_generic(l->l_cred,
|
||||
KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0)
|
||||
KAUTH_GENERIC_ISSUSER, NULL)) != 0)
|
||||
return (error);
|
||||
fhp = (struct fhandle *)ap->a_data;
|
||||
fhp->fh_fsid = *fsidp;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ufs_extattr.c,v 1.11 2006/12/09 16:11:52 chs Exp $ */
|
||||
/* $NetBSD: ufs_extattr.c,v 1.12 2007/01/04 16:55:30 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1999-2002 Robert N. M. Watson
|
||||
|
|
@ -48,7 +48,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__RCSID("$NetBSD: ufs_extattr.c,v 1.11 2006/12/09 16:11:52 chs Exp $");
|
||||
__RCSID("$NetBSD: ufs_extattr.c,v 1.12 2007/01/04 16:55:30 elad Exp $");
|
||||
|
||||
#include "opt_ffs.h"
|
||||
|
||||
|
|
@ -712,7 +712,7 @@ ufs_extattrctl(struct mount *mp, int cmd, struct vnode *filename_vp,
|
|||
* Only privileged processes can configure extended attributes.
|
||||
*/
|
||||
if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag)) != 0) {
|
||||
NULL)) != 0) {
|
||||
if (filename_vp != NULL)
|
||||
VOP_UNLOCK(filename_vp, 0);
|
||||
return (error);
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ufs_lookup.c,v 1.81 2006/12/09 16:11:52 chs Exp $ */
|
||||
/* $NetBSD: ufs_lookup.c,v 1.82 2007/01/04 16:55:30 elad Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1989, 1993
|
||||
|
|
@ -37,7 +37,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ufs_lookup.c,v 1.81 2006/12/09 16:11:52 chs Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ufs_lookup.c,v 1.82 2007/01/04 16:55:30 elad Exp $");
|
||||
|
||||
#ifdef _KERNEL_OPT
|
||||
#include "opt_ffs.h"
|
||||
|
|
@ -539,7 +539,8 @@ found:
|
|||
* implements append-only directories.
|
||||
*/
|
||||
if ((dp->i_mode & ISVTX) &&
|
||||
kauth_cred_geteuid(cred) != 0 &&
|
||||
kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
|
||||
NULL) != 0 &&
|
||||
kauth_cred_geteuid(cred) != dp->i_uid &&
|
||||
VTOI(tdp)->i_uid != kauth_cred_geteuid(cred)) {
|
||||
vput(tdp);
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ufs_quota.c,v 1.42 2006/10/20 18:58:13 reinoud Exp $ */
|
||||
/* $NetBSD: ufs_quota.c,v 1.43 2007/01/04 16:55:30 elad Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1982, 1986, 1990, 1993, 1995
|
||||
|
|
@ -35,7 +35,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ufs_quota.c,v 1.42 2006/10/20 18:58:13 reinoud Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ufs_quota.c,v 1.43 2007/01/04 16:55:30 elad Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/kernel.h>
|
||||
|
|
@ -129,7 +129,7 @@ chkdq(struct inode *ip, int64_t change, kauth_cred_t cred, int flags)
|
|||
return (0);
|
||||
}
|
||||
if ((flags & FORCE) == 0 &&
|
||||
(cred != NOCRED && kauth_cred_geteuid(cred) != 0)) {
|
||||
kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) != 0) {
|
||||
for (i = 0; i < MAXQUOTAS; i++) {
|
||||
if ((dq = ip->i_dquot[i]) == NODQUOT)
|
||||
continue;
|
||||
|
|
@ -235,7 +235,8 @@ chkiq(struct inode *ip, int32_t change, kauth_cred_t cred, int flags)
|
|||
}
|
||||
return (0);
|
||||
}
|
||||
if ((flags & FORCE) == 0 && kauth_cred_geteuid(cred) != 0) {
|
||||
if ((flags & FORCE) == 0 && kauth_authorize_generic(cred,
|
||||
KAUTH_GENERIC_ISSUSER, NULL) != 0) {
|
||||
for (i = 0; i < MAXQUOTAS; i++) {
|
||||
if ((dq = ip->i_dquot[i]) == NODQUOT)
|
||||
continue;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ufs_readwrite.c,v 1.71 2006/10/14 09:17:26 yamt Exp $ */
|
||||
/* $NetBSD: ufs_readwrite.c,v 1.72 2007/01/04 16:55:30 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1993
|
||||
|
|
@ -32,7 +32,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(1, "$NetBSD: ufs_readwrite.c,v 1.71 2006/10/14 09:17:26 yamt Exp $");
|
||||
__KERNEL_RCSID(1, "$NetBSD: ufs_readwrite.c,v 1.72 2007/01/04 16:55:30 elad Exp $");
|
||||
|
||||
#ifdef LFS_READWRITE
|
||||
#define BLKSIZE(a, b, c) blksize(a, b, c)
|
||||
|
|
@ -494,7 +494,7 @@ WRITE(void *v)
|
|||
out:
|
||||
ip->i_flag |= IN_CHANGE | IN_UPDATE;
|
||||
if (resid > uio->uio_resid && ap->a_cred &&
|
||||
kauth_cred_geteuid(ap->a_cred) != 0) {
|
||||
kauth_authorize_generic(ap->a_cred, KAUTH_GENERIC_ISSUSER, NULL)) {
|
||||
ip->i_mode &= ~(ISUID | ISGID);
|
||||
DIP_ASSIGN(ip, mode, ip->i_mode);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ufs_vfsops.c,v 1.31 2006/11/16 01:33:53 christos Exp $ */
|
||||
/* $NetBSD: ufs_vfsops.c,v 1.32 2007/01/04 16:55:30 elad Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1991, 1993, 1994
|
||||
|
|
@ -37,7 +37,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ufs_vfsops.c,v 1.31 2006/11/16 01:33:53 christos Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ufs_vfsops.c,v 1.32 2007/01/04 16:55:30 elad Exp $");
|
||||
|
||||
#if defined(_KERNEL_OPT)
|
||||
#include "opt_ffs.h"
|
||||
|
|
@ -126,7 +126,7 @@ ufs_quotactl(struct mount *mp, int cmds, uid_t uid, void *arg, struct lwp *l)
|
|||
/* fall through */
|
||||
default:
|
||||
if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag)) != 0)
|
||||
NULL)) != 0)
|
||||
return (error);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ufs_vnops.c,v 1.146 2007/01/02 11:18:57 elad Exp $ */
|
||||
/* $NetBSD: ufs_vnops.c,v 1.147 2007/01/04 16:55:30 elad Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1982, 1986, 1989, 1993, 1995
|
||||
|
|
@ -37,7 +37,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ufs_vnops.c,v 1.146 2007/01/02 11:18:57 elad Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ufs_vnops.c,v 1.147 2007/01/04 16:55:30 elad Exp $");
|
||||
|
||||
#if defined(_KERNEL_OPT)
|
||||
#include "opt_ffs.h"
|
||||
|
|
@ -389,9 +389,10 @@ ufs_setattr(void *v)
|
|||
return (EROFS);
|
||||
if (kauth_cred_geteuid(cred) != ip->i_uid &&
|
||||
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag)))
|
||||
NULL)))
|
||||
return (error);
|
||||
if (kauth_cred_geteuid(cred) == 0) {
|
||||
if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
|
||||
NULL) == 0) {
|
||||
if ((ip->i_flags & (SF_IMMUTABLE | SF_APPEND)) &&
|
||||
kauth_authorize_system(l->l_cred,
|
||||
KAUTH_SYSTEM_CHSYSFLAGS, 0, NULL, NULL, NULL))
|
||||
|
|
@ -464,7 +465,7 @@ ufs_setattr(void *v)
|
|||
return (EPERM);
|
||||
if (kauth_cred_geteuid(cred) != ip->i_uid &&
|
||||
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag)) &&
|
||||
NULL)) &&
|
||||
((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
|
||||
(error = VOP_ACCESS(vp, VWRITE, cred, l))))
|
||||
return (error);
|
||||
|
|
@ -508,10 +509,9 @@ ufs_chmod(struct vnode *vp, int mode, kauth_cred_t cred, struct lwp *l)
|
|||
|
||||
ip = VTOI(vp);
|
||||
if (kauth_cred_geteuid(cred) != ip->i_uid &&
|
||||
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag)))
|
||||
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL)))
|
||||
return (error);
|
||||
if (kauth_cred_geteuid(cred)) {
|
||||
if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL)) {
|
||||
if (vp->v_type != VDIR && (mode & S_ISTXT))
|
||||
return (EFTYPE);
|
||||
if ((kauth_cred_ismember_gid(cred, ip->i_gid, &ismember) != 0 ||
|
||||
|
|
@ -560,7 +560,7 @@ ufs_chown(struct vnode *vp, uid_t uid, gid_t gid, kauth_cred_t cred,
|
|||
(kauth_cred_ismember_gid(cred, gid, &ismember) == 0 &&
|
||||
ismember)))) &&
|
||||
((error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
|
||||
&l->l_acflag)) != 0))
|
||||
NULL)) != 0))
|
||||
return (error);
|
||||
|
||||
#ifdef QUOTA
|
||||
|
|
@ -1084,7 +1084,9 @@ ufs_rename(void *v)
|
|||
* otherwise the destination may not be changed (except by
|
||||
* root). This implements append-only directories.
|
||||
*/
|
||||
if ((dp->i_mode & S_ISTXT) && kauth_cred_geteuid(tcnp->cn_cred) != 0 &&
|
||||
if ((dp->i_mode & S_ISTXT) &&
|
||||
kauth_authorize_generic(tcnp->cn_cred,
|
||||
KAUTH_GENERIC_ISSUSER, NULL) != 0 &&
|
||||
kauth_cred_geteuid(tcnp->cn_cred) != dp->i_uid &&
|
||||
xp->i_uid != kauth_cred_geteuid(tcnp->cn_cred)) {
|
||||
error = EPERM;
|
||||
|
|
|
|||
Loading…
Reference in New Issue