From 1e70d64818a4207805e2f0fdf6a91832efb82811 Mon Sep 17 00:00:00 2001 From: elad Date: Thu, 4 Jan 2007 16:55:29 +0000 Subject: [PATCH] Consistent usage of KAUTH_GENERIC_ISSUSER. --- sys/arch/m68k/m68k/svr4_machdep.c | 6 +++--- sys/arch/pc532/dev/lpt.c | 6 +++--- sys/arch/sparc/dev/tctrl.c | 6 +++--- sys/arch/sun3/dev/xd.c | 6 +++--- sys/arch/sun3/dev/xy.c | 6 +++--- sys/fs/smbfs/smbfs_vnops.c | 6 +++--- sys/kern/kern_event.c | 6 +++--- sys/kern/kern_ktrace.c | 7 ++++--- sys/kern/kern_sysctl.c | 6 +++--- sys/kern/kern_systrace.c | 6 +++--- sys/kern/kern_tc.c | 6 +++--- sys/kern/sysv_ipc.c | 6 +++--- sys/kern/sysv_msg.c | 7 ++++--- sys/kern/tty.c | 15 +++++++++------ sys/kern/uipc_sem.c | 6 +++--- sys/kern/vfs_subr.c | 6 +++--- sys/kern/vfs_syscalls.c | 11 +++++------ sys/kern/vfs_xattr.c | 6 +++--- sys/ufs/ext2fs/ext2fs_alloc.c | 7 ++++--- sys/ufs/ext2fs/ext2fs_lookup.c | 6 +++--- sys/ufs/ext2fs/ext2fs_readwrite.c | 7 ++++--- sys/ufs/ext2fs/ext2fs_vfsops.c | 7 ++++--- sys/ufs/ext2fs/ext2fs_vnops.c | 28 ++++++++++++++++------------ sys/ufs/ffs/ffs_alloc.c | 10 ++++++---- sys/ufs/ffs/ffs_snapshot.c | 6 +++--- sys/ufs/ffs/ffs_vfsops.c | 7 ++++--- sys/ufs/lfs/lfs_syscalls.c | 16 ++++++++-------- sys/ufs/lfs/lfs_vfsops.c | 7 ++++--- sys/ufs/lfs/lfs_vnops.c | 8 ++++---- sys/ufs/ufs/ufs_extattr.c | 6 +++--- sys/ufs/ufs/ufs_lookup.c | 7 ++++--- sys/ufs/ufs/ufs_quota.c | 9 +++++---- sys/ufs/ufs/ufs_readwrite.c | 6 +++--- sys/ufs/ufs/ufs_vfsops.c | 6 +++--- sys/ufs/ufs/ufs_vnops.c | 22 ++++++++++++---------- 35 files changed, 154 insertions(+), 135 deletions(-) diff --git a/sys/arch/m68k/m68k/svr4_machdep.c b/sys/arch/m68k/m68k/svr4_machdep.c index a55a14d73a5a..4124afa2772b 100644 --- a/sys/arch/m68k/m68k/svr4_machdep.c +++ b/sys/arch/m68k/m68k/svr4_machdep.c @@ -1,4 +1,4 @@ -/* $NetBSD: svr4_machdep.c,v 1.22 2006/07/23 22:06:05 ad Exp $ */ +/* $NetBSD: svr4_machdep.c,v 1.23 2007/01/04 17:50:00 elad Exp $ */ /*- * Copyright (c) 1999 The NetBSD Foundation, Inc. @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: svr4_machdep.c,v 1.22 2006/07/23 22:06:05 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: svr4_machdep.c,v 1.23 2007/01/04 17:50:00 elad Exp $"); #include #include @@ -296,7 +296,7 @@ svr4_sys_sysarch(struct lwp *l, void *v, register_t *retval) switch (SCARG(uap, op)) { case SVR4_SYSARCH_SETNAME: if ((error = kauth_authorize_generic(l->l_cred, - KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0) + KAUTH_GENERIC_ISSUSER, NULL)) != 0) return (error); if ((error = copyinstr(SCARG(uap, a1), tmp, sizeof (tmp), &len)) != 0) diff --git a/sys/arch/pc532/dev/lpt.c b/sys/arch/pc532/dev/lpt.c index cc4c87f38707..0a3fe8d72132 100644 --- a/sys/arch/pc532/dev/lpt.c +++ b/sys/arch/pc532/dev/lpt.c @@ -1,4 +1,4 @@ -/* $NetBSD: lpt.c,v 1.46 2006/07/23 22:06:06 ad Exp $ */ +/* $NetBSD: lpt.c,v 1.47 2007/01/04 17:50:00 elad Exp $ */ /* * Copyright (c) 1994 Matthias Pfaller. @@ -60,7 +60,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: lpt.c,v 1.46 2006/07/23 22:06:06 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: lpt.c,v 1.47 2007/01/04 17:50:00 elad Exp $"); #include "opt_inet.h" @@ -613,7 +613,7 @@ plipioctl(struct ifnet *ifp, u_long cmd, caddr_t data) case SIOCSIFMTU: if ((error = kauth_authorize_generic(l->l_cred, - KAUTH_GENERIC_ISSUSER, &l->l_acflag))) + KAUTH_GENERIC_ISSUSER, NULL))) return(error); if (ifp->if_mtu != ifr->ifr_mtu) { ifp->if_mtu = ifr->ifr_mtu; diff --git a/sys/arch/sparc/dev/tctrl.c b/sys/arch/sparc/dev/tctrl.c index d82954fd2cb7..9759c0304b53 100644 --- a/sys/arch/sparc/dev/tctrl.c +++ b/sys/arch/sparc/dev/tctrl.c @@ -1,4 +1,4 @@ -/* $NetBSD: tctrl.c,v 1.35 2006/07/23 22:06:07 ad Exp $ */ +/* $NetBSD: tctrl.c,v 1.36 2007/01/04 17:50:00 elad Exp $ */ /*- * Copyright (c) 1998, 2005, 2006 The NetBSD Foundation, Inc. @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tctrl.c,v 1.35 2006/07/23 22:06:07 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tctrl.c,v 1.36 2007/01/04 17:50:00 elad Exp $"); #include #include @@ -1175,7 +1175,7 @@ tctrlioctl(dev_t dev, u_long cmd, caddr_t data, int flags, struct lwp *l) case TCTRL_CMD_REQ: reqn = (struct tctrl_req *)data; if ((i = kauth_authorize_generic(l->l_cred, - KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0 && + KAUTH_GENERIC_ISSUSER, NULL)) != 0 && (reqn->cmdbuf[0] == TS102_OP_CTL_BITPORT || (reqn->cmdbuf[0] >= TS102_OP_CTL_WATCHDOG && reqn->cmdbuf[0] <= TS102_OP_CTL_SECURITY_KEY) || diff --git a/sys/arch/sun3/dev/xd.c b/sys/arch/sun3/dev/xd.c index 6fa9f35d9b12..a82a4b3654dd 100644 --- a/sys/arch/sun3/dev/xd.c +++ b/sys/arch/sun3/dev/xd.c @@ -1,4 +1,4 @@ -/* $NetBSD: xd.c,v 1.54 2006/07/23 22:06:07 ad Exp $ */ +/* $NetBSD: xd.c,v 1.55 2007/01/04 17:50:00 elad Exp $ */ /* * @@ -52,7 +52,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: xd.c,v 1.54 2006/07/23 22:06:07 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xd.c,v 1.55 2007/01/04 17:50:00 elad Exp $"); #undef XDC_DEBUG /* full debug */ #define XDC_DIAG /* extra sanity checks */ @@ -875,7 +875,7 @@ xdioctl(dev_t dev, u_long command, caddr_t addr, int flag, struct lwp *l) case DIOSXDCMD: xio = (struct xd_iocmd *) addr; if ((error = kauth_authorize_generic(l->l_cred, - KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0) + KAUTH_GENERIC_ISSUSER, NULL)) != 0) return (error); return (xdc_ioctlcmd(xd, dev, xio)); diff --git a/sys/arch/sun3/dev/xy.c b/sys/arch/sun3/dev/xy.c index 21a30af11861..ff8dfe79de12 100644 --- a/sys/arch/sun3/dev/xy.c +++ b/sys/arch/sun3/dev/xy.c @@ -1,4 +1,4 @@ -/* $NetBSD: xy.c,v 1.57 2006/07/23 22:06:07 ad Exp $ */ +/* $NetBSD: xy.c,v 1.58 2007/01/04 17:50:00 elad Exp $ */ /* * @@ -52,7 +52,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: xy.c,v 1.57 2006/07/23 22:06:07 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xy.c,v 1.58 2007/01/04 17:50:00 elad Exp $"); #undef XYC_DEBUG /* full debug */ #undef XYC_DIAG /* extra sanity checks */ @@ -828,7 +828,7 @@ xyioctl(dev_t dev, u_long command, caddr_t addr, int flag, struct lwp *l) case DIOSXDCMD: xio = (struct xd_iocmd *) addr; if ((error = kauth_authorize_generic(l->l_cred, - KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0) + KAUTH_GENERIC_ISSUSER, NULL)) != 0) return (error); return (xyc_ioctlcmd(xy, dev, xio)); diff --git a/sys/fs/smbfs/smbfs_vnops.c b/sys/fs/smbfs/smbfs_vnops.c index cf6cef700bfb..d77727260e7c 100644 --- a/sys/fs/smbfs/smbfs_vnops.c +++ b/sys/fs/smbfs/smbfs_vnops.c @@ -1,4 +1,4 @@ -/* $NetBSD: smbfs_vnops.c,v 1.57 2006/12/09 16:11:51 chs Exp $ */ +/* $NetBSD: smbfs_vnops.c,v 1.58 2007/01/04 17:26:12 elad Exp $ */ /*- * Copyright (c) 2003 The NetBSD Foundation, Inc. @@ -71,7 +71,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: smbfs_vnops.c,v 1.57 2006/12/09 16:11:51 chs Exp $"); +__KERNEL_RCSID(0, "$NetBSD: smbfs_vnops.c,v 1.58 2007/01/04 17:26:12 elad Exp $"); #include #include @@ -453,7 +453,7 @@ smbfs_setattr(v) if (kauth_cred_geteuid(ap->a_cred) != VTOSMBFS(vp)->sm_args.uid && (error = kauth_authorize_generic(ap->a_cred, - KAUTH_GENERIC_ISSUSER, &ap->a_l->l_acflag)) && + KAUTH_GENERIC_ISSUSER, NULL)) && ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || (error = VOP_ACCESS(ap->a_vp, VWRITE, ap->a_cred, ap->a_l)))) return (error); diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c index dc6fb49dc895..a8465e922b95 100644 --- a/sys/kern/kern_event.c +++ b/sys/kern/kern_event.c @@ -1,4 +1,4 @@ -/* $NetBSD: kern_event.c,v 1.33 2006/11/01 10:17:58 yamt Exp $ */ +/* $NetBSD: kern_event.c,v 1.34 2007/01/04 17:38:25 elad Exp $ */ /*- * Copyright (c) 1999,2000,2001 Jonathan Lemon @@ -29,7 +29,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_event.c,v 1.33 2006/11/01 10:17:58 yamt Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_event.c,v 1.34 2007/01/04 17:38:25 elad Exp $"); #include #include @@ -382,7 +382,7 @@ filt_procattach(struct knote *kn) */ if ((kauth_cred_getuid(p->p_cred) != kauth_cred_getuid(curl->l_cred) || (p->p_flag & P_SUGID)) && kauth_authorize_generic(curl->l_cred, - KAUTH_GENERIC_ISSUSER, &curl->l_acflag) != 0) + KAUTH_GENERIC_ISSUSER, NULL) != 0) return (EACCES); kn->kn_ptr.p_proc = p; diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c index 55ad18672ee3..fc88c04f30cd 100644 --- a/sys/kern/kern_ktrace.c +++ b/sys/kern/kern_ktrace.c @@ -1,4 +1,4 @@ -/* $NetBSD: kern_ktrace.c,v 1.112 2006/11/28 17:27:10 elad Exp $ */ +/* $NetBSD: kern_ktrace.c,v 1.113 2007/01/04 17:38:26 elad Exp $ */ /* * Copyright (c) 1989, 1993 @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.112 2006/11/28 17:27:10 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.113 2007/01/04 17:38:26 elad Exp $"); #include "opt_ktrace.h" #include "opt_compat_mach.h" @@ -1079,7 +1079,8 @@ ktrops(struct lwp *curl, struct proc *p, int ops, int facs, ktradref(p); } p->p_traceflag |= facs; - if (kauth_cred_geteuid(curl->l_cred) == 0) + if (kauth_authorize_generic(curl->l_cred, + KAUTH_GENERIC_ISSUSER, NULL) == 0) p->p_traceflag |= KTRFAC_ROOT; } else { /* KTROP_CLEAR */ diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index 7d183db20715..9b04a7ed93aa 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1,4 +1,4 @@ -/* $NetBSD: kern_sysctl.c,v 1.206 2006/11/01 10:17:58 yamt Exp $ */ +/* $NetBSD: kern_sysctl.c,v 1.207 2007/01/04 17:38:25 elad Exp $ */ /*- * Copyright (c) 2003 The NetBSD Foundation, Inc. @@ -75,7 +75,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_sysctl.c,v 1.206 2006/11/01 10:17:58 yamt Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_sysctl.c,v 1.207 2007/01/04 17:38:25 elad Exp $"); #include "opt_defcorename.h" #include "opt_ktrace.h" @@ -1481,7 +1481,7 @@ sysctl_lookup(SYSCTLFN_ARGS) if (l != NULL && newp != NULL && !(rnode->sysctl_flags & CTLFLAG_ANYWRITE) && (error = kauth_authorize_generic(l->l_cred, - KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0) + KAUTH_GENERIC_ISSUSER, NULL)) != 0) return (error); /* diff --git a/sys/kern/kern_systrace.c b/sys/kern/kern_systrace.c index 538bb7c74a38..f139522f9191 100644 --- a/sys/kern/kern_systrace.c +++ b/sys/kern/kern_systrace.c @@ -1,4 +1,4 @@ -/* $NetBSD: kern_systrace.c,v 1.63 2006/11/28 17:58:10 elad Exp $ */ +/* $NetBSD: kern_systrace.c,v 1.64 2007/01/04 17:38:26 elad Exp $ */ /* * Copyright 2002, 2003 Niels Provos @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_systrace.c,v 1.63 2006/11/28 17:58:10 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_systrace.c,v 1.64 2007/01/04 17:38:26 elad Exp $"); #include "opt_systrace.h" @@ -584,7 +584,7 @@ systraceopen(dev_t dev, int flag, int mode, struct lwp *l) TAILQ_INIT(&fst->policies); if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag) == 0) + NULL) == 0) fst->issuser = 1; fst->p_ruid = kauth_cred_getuid(l->l_cred); fst->p_rgid = kauth_cred_getgid(l->l_cred); diff --git a/sys/kern/kern_tc.c b/sys/kern/kern_tc.c index ad9fd2631067..a4b906943dba 100644 --- a/sys/kern/kern_tc.c +++ b/sys/kern/kern_tc.c @@ -1,4 +1,4 @@ -/* $NetBSD: kern_tc.c,v 1.16 2006/11/01 10:17:58 yamt Exp $ */ +/* $NetBSD: kern_tc.c,v 1.17 2007/01/04 17:38:26 elad Exp $ */ /*- * ---------------------------------------------------------------------------- @@ -11,7 +11,7 @@ #include /* __FBSDID("$FreeBSD: src/sys/kern/kern_tc.c,v 1.166 2005/09/19 22:16:31 andre Exp $"); */ -__KERNEL_RCSID(0, "$NetBSD: kern_tc.c,v 1.16 2006/11/01 10:17:58 yamt Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_tc.c,v 1.17 2007/01/04 17:38:26 elad Exp $"); #include "opt_ntp.h" @@ -129,7 +129,7 @@ sysctl_kern_timecounter_hardware(SYSCTLFN_ARGS) return error; if (l != NULL && (error = kauth_authorize_generic(l->l_cred, - KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0) + KAUTH_GENERIC_ISSUSER, NULL)) != 0) return (error); /* XXX locking */ diff --git a/sys/kern/sysv_ipc.c b/sys/kern/sysv_ipc.c index 11150d6904a4..20f5c56266f9 100644 --- a/sys/kern/sysv_ipc.c +++ b/sys/kern/sysv_ipc.c @@ -1,4 +1,4 @@ -/* $NetBSD: sysv_ipc.c,v 1.18 2006/11/25 21:40:05 christos Exp $ */ +/* $NetBSD: sysv_ipc.c,v 1.19 2007/01/04 17:38:26 elad Exp $ */ /*- * Copyright (c) 1998 The NetBSD Foundation, Inc. @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: sysv_ipc.c,v 1.18 2006/11/25 21:40:05 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sysv_ipc.c,v 1.19 2007/01/04 17:38:26 elad Exp $"); #include "opt_sysv.h" @@ -72,7 +72,7 @@ ipcperm(kauth_cred_t cred, struct ipc_perm *perm, int mode) mode_t mask; int ismember = 0; - if (kauth_cred_geteuid(cred) == 0) + if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) == 0) return (0); if (mode == IPC_M) { diff --git a/sys/kern/sysv_msg.c b/sys/kern/sysv_msg.c index f59fb7af8742..42cee025487a 100644 --- a/sys/kern/sysv_msg.c +++ b/sys/kern/sysv_msg.c @@ -1,4 +1,4 @@ -/* $NetBSD: sysv_msg.c,v 1.46 2006/11/01 10:17:59 yamt Exp $ */ +/* $NetBSD: sysv_msg.c,v 1.47 2007/01/04 17:38:26 elad Exp $ */ /*- * Copyright (c) 1999 The NetBSD Foundation, Inc. @@ -57,7 +57,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: sysv_msg.c,v 1.46 2006/11/01 10:17:59 yamt Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sysv_msg.c,v 1.47 2007/01/04 17:38:26 elad Exp $"); #define SYSVMSG @@ -270,7 +270,8 @@ msgctl1(struct lwp *l, int msqid, int cmd, struct msqid_ds *msqbuf) if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_M))) return (error); if (msqbuf->msg_qbytes > msqptr->msg_qbytes && - kauth_cred_geteuid(cred) != 0) + kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, + NULL) != 0) return (EPERM); if (msqbuf->msg_qbytes > msginfo.msgmnb) { MSG_PRINTF(("can't increase msg_qbytes beyond %d " diff --git a/sys/kern/tty.c b/sys/kern/tty.c index 2259ed1ab14f..56ade826d162 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -1,4 +1,4 @@ -/* $NetBSD: tty.c,v 1.188 2006/09/13 13:28:22 martin Exp $ */ +/* $NetBSD: tty.c,v 1.189 2007/01/04 17:38:26 elad Exp $ */ /*- * Copyright (c) 1982, 1986, 1990, 1991, 1993 @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tty.c,v 1.188 2006/09/13 13:28:22 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tty.c,v 1.189 2007/01/04 17:38:26 elad Exp $"); #include #include @@ -1112,10 +1112,13 @@ ttioctl(struct tty *tp, u_long cmd, caddr_t data, int flag, struct lwp *l) splx(s); break; case TIOCSTI: /* simulate terminal input */ - if (kauth_cred_geteuid(l->l_cred) && (flag & FREAD) == 0) - return (EPERM); - if (kauth_cred_geteuid(l->l_cred) && !isctty(p, tp)) - return (EACCES); + if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, + NULL) != 0) { + if (!ISSET(flag, FREAD)) + return (EPERM); + if (!isctty(p, tp)) + return (EACCES); + } (*tp->t_linesw->l_rint)(*(u_char *)data, tp); break; case TIOCSTOP: /* stop output, like ^S */ diff --git a/sys/kern/uipc_sem.c b/sys/kern/uipc_sem.c index 5d10dda089ad..3ad30ef20bed 100644 --- a/sys/kern/uipc_sem.c +++ b/sys/kern/uipc_sem.c @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_sem.c,v 1.18 2006/11/01 10:17:59 yamt Exp $ */ +/* $NetBSD: uipc_sem.c,v 1.19 2007/01/04 17:38:26 elad Exp $ */ /*- * Copyright (c) 2003 The NetBSD Foundation, Inc. @@ -63,7 +63,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: uipc_sem.c,v 1.18 2006/11/01 10:17:59 yamt Exp $"); +__KERNEL_RCSID(0, "$NetBSD: uipc_sem.c,v 1.19 2007/01/04 17:38:26 elad Exp $"); #include "opt_posix.h" @@ -270,7 +270,7 @@ ksem_perm(struct lwp *l, struct ksem *ks) if ((kauth_cred_geteuid(uc) == ks->ks_uid && (ks->ks_mode & S_IWUSR) != 0) || (kauth_cred_getegid(uc) == ks->ks_gid && (ks->ks_mode & S_IWGRP) != 0) || (ks->ks_mode & S_IWOTH) != 0 || - kauth_authorize_generic(uc, KAUTH_GENERIC_ISSUSER, &l->l_acflag) == 0) + kauth_authorize_generic(uc, KAUTH_GENERIC_ISSUSER, NULL) == 0) return (0); return (EPERM); } diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index eadecc51f6cc..503e61eddad8 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_subr.c,v 1.277 2006/12/27 12:22:14 yamt Exp $ */ +/* $NetBSD: vfs_subr.c,v 1.278 2007/01/04 17:38:27 elad Exp $ */ /*- * Copyright (c) 1997, 1998, 2004, 2005 The NetBSD Foundation, Inc. @@ -80,7 +80,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: vfs_subr.c,v 1.277 2006/12/27 12:22:14 yamt Exp $"); +__KERNEL_RCSID(0, "$NetBSD: vfs_subr.c,v 1.278 2007/01/04 17:38:27 elad Exp $"); #include "opt_inet.h" #include "opt_ddb.h" @@ -2120,7 +2120,7 @@ vaccess(enum vtype type, mode_t file_mode, uid_t uid, gid_t gid, * Super-user always gets read/write access, but execute access depends * on at least one execute bit being set. */ - if (kauth_cred_geteuid(cred) == 0) { + if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) == 0) { if ((acc_mode & VEXEC) && type != VDIR && (file_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) == 0) return (EACCES); diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 9c87dee4c73d..3c624d8a27fd 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_syscalls.c,v 1.293 2007/01/03 23:20:58 wrstuden Exp $ */ +/* $NetBSD: vfs_syscalls.c,v 1.294 2007/01/04 17:38:26 elad Exp $ */ /* * Copyright (c) 1989, 1993 @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.293 2007/01/03 23:20:58 wrstuden Exp $"); +__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.294 2007/01/04 17:38:26 elad Exp $"); #include "opt_compat_netbsd.h" #include "opt_compat_43.h" @@ -550,7 +550,7 @@ sys_unmount(struct lwp *l, void *v, register_t *retval) */ if ((mp->mnt_stat.f_owner != kauth_cred_geteuid(l->l_cred)) && (error = kauth_authorize_generic(l->l_cred, - KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0) { + KAUTH_GENERIC_ISSUSER, NULL)) != 0) { vput(vp); return (error); } @@ -2659,8 +2659,7 @@ change_flags(struct vnode *vp, u_long flags, struct lwp *l) * Non-superusers cannot change the flags on devices, even if they * own them. */ - if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag) != 0) { + if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, NULL)) { if ((error = VOP_GETATTR(vp, &vattr, l->l_cred, l)) != 0) goto out; if (vattr.va_type == VCHR || vattr.va_type == VBLK) { @@ -3679,7 +3678,7 @@ sys_revoke(struct lwp *l, void *v, register_t *retval) goto out; if (kauth_cred_geteuid(l->l_cred) != vattr.va_uid && (error = kauth_authorize_generic(l->l_cred, - KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0) + KAUTH_GENERIC_ISSUSER, NULL)) != 0) goto out; if ((error = vn_start_write(vp, &mp, V_WAIT | V_PCATCH)) != 0) goto out; diff --git a/sys/kern/vfs_xattr.c b/sys/kern/vfs_xattr.c index 0b285281f986..ad417542d16a 100644 --- a/sys/kern/vfs_xattr.c +++ b/sys/kern/vfs_xattr.c @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_xattr.c,v 1.9 2006/11/01 10:17:59 yamt Exp $ */ +/* $NetBSD: vfs_xattr.c,v 1.10 2007/01/04 17:38:26 elad Exp $ */ /*- * Copyright (c) 2005 The NetBSD Foundation, Inc. @@ -75,7 +75,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: vfs_xattr.c,v 1.9 2006/11/01 10:17:59 yamt Exp $"); +__KERNEL_RCSID(0, "$NetBSD: vfs_xattr.c,v 1.10 2007/01/04 17:38:26 elad Exp $"); #include #include @@ -115,7 +115,7 @@ extattr_check_cred(struct vnode *vp, int attrnamespace, * these requests come from kernel code (NOCRED case above)? */ return (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag)); + NULL)); case EXTATTR_NAMESPACE_USER: return (VOP_ACCESS(vp, access, cred, l)); diff --git a/sys/ufs/ext2fs/ext2fs_alloc.c b/sys/ufs/ext2fs/ext2fs_alloc.c index 3e4412f63c07..35e9b1423da0 100644 --- a/sys/ufs/ext2fs/ext2fs_alloc.c +++ b/sys/ufs/ext2fs/ext2fs_alloc.c @@ -1,4 +1,4 @@ -/* $NetBSD: ext2fs_alloc.c,v 1.33 2006/12/09 22:07:48 chs Exp $ */ +/* $NetBSD: ext2fs_alloc.c,v 1.34 2007/01/04 16:55:29 elad Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1993 @@ -65,7 +65,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ext2fs_alloc.c,v 1.33 2006/12/09 22:07:48 chs Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ext2fs_alloc.c,v 1.34 2007/01/04 16:55:29 elad Exp $"); #include #include @@ -128,7 +128,8 @@ ext2fs_alloc(struct inode *ip, daddr_t lbn, daddr_t bpref, #endif /* DIAGNOSTIC */ if (fs->e2fs.e2fs_fbcount == 0) goto nospace; - if (kauth_cred_geteuid(cred) != 0 && freespace(fs) <= 0) + if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) != 0 && + freespace(fs) <= 0) goto nospace; if (bpref >= fs->e2fs.e2fs_bcount) bpref = 0; diff --git a/sys/ufs/ext2fs/ext2fs_lookup.c b/sys/ufs/ext2fs/ext2fs_lookup.c index 2a678652d2b9..67f7bfb49f5f 100644 --- a/sys/ufs/ext2fs/ext2fs_lookup.c +++ b/sys/ufs/ext2fs/ext2fs_lookup.c @@ -1,4 +1,4 @@ -/* $NetBSD: ext2fs_lookup.c,v 1.47 2006/12/09 16:11:52 chs Exp $ */ +/* $NetBSD: ext2fs_lookup.c,v 1.48 2007/01/04 16:55:29 elad Exp $ */ /* * Modified for NetBSD 1.2E @@ -48,7 +48,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ext2fs_lookup.c,v 1.47 2006/12/09 16:11:52 chs Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ext2fs_lookup.c,v 1.48 2007/01/04 16:55:29 elad Exp $"); #include #include @@ -597,7 +597,7 @@ found: * implements append-only directories. */ if ((dp->i_e2fs_mode & ISVTX) && - kauth_cred_geteuid(cred) != 0 && + kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) && kauth_cred_geteuid(cred) != dp->i_e2fs_uid && VTOI(tdp)->i_e2fs_uid != kauth_cred_geteuid(cred)) { vput(tdp); diff --git a/sys/ufs/ext2fs/ext2fs_readwrite.c b/sys/ufs/ext2fs/ext2fs_readwrite.c index e66ae6cd78cf..6e5d2cf0a662 100644 --- a/sys/ufs/ext2fs/ext2fs_readwrite.c +++ b/sys/ufs/ext2fs/ext2fs_readwrite.c @@ -1,4 +1,4 @@ -/* $NetBSD: ext2fs_readwrite.c,v 1.43 2006/05/14 21:32:21 elad Exp $ */ +/* $NetBSD: ext2fs_readwrite.c,v 1.44 2007/01/04 16:55:29 elad Exp $ */ /*- * Copyright (c) 1993 @@ -65,7 +65,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ext2fs_readwrite.c,v 1.43 2006/05/14 21:32:21 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ext2fs_readwrite.c,v 1.44 2007/01/04 16:55:29 elad Exp $"); #include #include @@ -394,7 +394,8 @@ ext2fs_write(void *v) out: ip->i_flag |= IN_CHANGE | IN_UPDATE; - if (resid > uio->uio_resid && ap->a_cred && kauth_cred_geteuid(ap->a_cred) != 0) + if (resid > uio->uio_resid && ap->a_cred && + kauth_authorize_generic(ap->a_cred, KAUTH_GENERIC_ISSUSER, NULL)) ip->i_e2fs_mode &= ~(ISUID | ISGID); if (resid > uio->uio_resid) VN_KNOTE(vp, NOTE_WRITE | (extended ? NOTE_EXTEND : 0)); diff --git a/sys/ufs/ext2fs/ext2fs_vfsops.c b/sys/ufs/ext2fs/ext2fs_vfsops.c index e81cfe87b363..3ad1296eb04b 100644 --- a/sys/ufs/ext2fs/ext2fs_vfsops.c +++ b/sys/ufs/ext2fs/ext2fs_vfsops.c @@ -1,4 +1,4 @@ -/* $NetBSD: ext2fs_vfsops.c,v 1.105 2006/11/16 01:33:51 christos Exp $ */ +/* $NetBSD: ext2fs_vfsops.c,v 1.106 2007/01/04 16:55:29 elad Exp $ */ /* * Copyright (c) 1989, 1991, 1993, 1994 @@ -65,7 +65,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ext2fs_vfsops.c,v 1.105 2006/11/16 01:33:51 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ext2fs_vfsops.c,v 1.106 2007/01/04 16:55:29 elad Exp $"); #if defined(_KERNEL_OPT) #include "opt_compat_netbsd.h" @@ -317,7 +317,8 @@ ext2fs_mount(struct mount *mp, const char *path, void *data, * If mount by non-root, then verify that user has necessary * permissions on the device. */ - if (error == 0 && kauth_cred_geteuid(l->l_cred) != 0) { + if (error == 0 && kauth_authorize_generic(l->l_cred, + KAUTH_GENERIC_ISSUSER, NULL) != 0) { accessmode = VREAD; if (update ? (mp->mnt_iflag & IMNT_WANTRDWR) != 0 : diff --git a/sys/ufs/ext2fs/ext2fs_vnops.c b/sys/ufs/ext2fs/ext2fs_vnops.c index f1200e747b4c..f7d7c0fa573a 100644 --- a/sys/ufs/ext2fs/ext2fs_vnops.c +++ b/sys/ufs/ext2fs/ext2fs_vnops.c @@ -1,4 +1,4 @@ -/* $NetBSD: ext2fs_vnops.c,v 1.71 2007/01/02 11:18:57 elad Exp $ */ +/* $NetBSD: ext2fs_vnops.c,v 1.72 2007/01/04 16:55:29 elad Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1993 @@ -70,7 +70,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.71 2007/01/02 11:18:57 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.72 2007/01/04 16:55:29 elad Exp $"); #include #include @@ -350,10 +350,11 @@ ext2fs_setattr(void *v) return (EROFS); if (kauth_cred_geteuid(cred) != ip->i_e2fs_uid && (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag))) + NULL))) return (error); #ifdef EXT2FS_SYSTEM_FLAGS - if (kauth_cred_geteuid(cred) == 0) { + if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, + NULL) == 0) { if ((ip->i_e2fs_flags & (EXT2_APPEND | EXT2_IMMUTABLE)) && kauth_authorize_system(l->l_cred, @@ -413,7 +414,7 @@ ext2fs_setattr(void *v) return (EROFS); if (kauth_cred_geteuid(cred) != ip->i_e2fs_uid && (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag)) && + NULL)) && ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || (error = VOP_ACCESS(vp, VWRITE, cred, l)))) return (error); @@ -449,9 +450,9 @@ ext2fs_chmod(struct vnode *vp, int mode, kauth_cred_t cred, struct lwp *l) if (kauth_cred_geteuid(cred) != ip->i_e2fs_uid && (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag))) + NULL))) return (error); - if (kauth_cred_geteuid(cred)) { + if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL)) { if (vp->v_type != VDIR && (mode & S_ISTXT)) return (EFTYPE); if ((kauth_cred_ismember_gid(cred, ip->i_e2fs_gid, &ismember) != 0 || @@ -490,8 +491,7 @@ ext2fs_chown(struct vnode *vp, uid_t uid, gid_t gid, kauth_cred_t cred, (gid != ip->i_e2fs_gid && !(kauth_cred_getegid(cred) == gid || (kauth_cred_ismember_gid(cred, gid, &ismember) == 0 && ismember)))) && - (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag))) + (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL))) return (error); ogid = ip->i_e2fs_gid; ouid = ip->i_e2fs_uid; @@ -500,9 +500,11 @@ ext2fs_chown(struct vnode *vp, uid_t uid, gid_t gid, kauth_cred_t cred, ip->i_e2fs_uid = uid; if (ouid != uid || ogid != gid) ip->i_flag |= IN_CHANGE; - if (ouid != uid && kauth_cred_geteuid(cred) != 0) + if (ouid != uid && kauth_authorize_generic(cred, + KAUTH_GENERIC_ISSUSER, NULL) != 0) ip->i_e2fs_mode &= ~ISUID; - if (ogid != gid && kauth_cred_geteuid(cred) != 0) + if (ogid != gid && kauth_authorize_generic(cred, + KAUTH_GENERIC_ISSUSER, NULL) != 0) ip->i_e2fs_mode &= ~ISGID; return (0); } @@ -865,7 +867,9 @@ abortit: * otherwise the destination may not be changed (except by * root). This implements append-only directories. */ - if ((dp->i_e2fs_mode & S_ISTXT) && kauth_cred_geteuid(tcnp->cn_cred) != 0 && + if ((dp->i_e2fs_mode & S_ISTXT) && + kauth_authorize_generic(tcnp->cn_cred, + KAUTH_GENERIC_ISSUSER, NULL) != 0 && kauth_cred_geteuid(tcnp->cn_cred) != dp->i_e2fs_uid && xp->i_e2fs_uid != kauth_cred_geteuid(tcnp->cn_cred)) { error = EPERM; diff --git a/sys/ufs/ffs/ffs_alloc.c b/sys/ufs/ffs/ffs_alloc.c index 348553efcebd..a6f876b7919a 100644 --- a/sys/ufs/ffs/ffs_alloc.c +++ b/sys/ufs/ffs/ffs_alloc.c @@ -1,4 +1,4 @@ -/* $NetBSD: ffs_alloc.c,v 1.96 2006/11/16 01:33:53 christos Exp $ */ +/* $NetBSD: ffs_alloc.c,v 1.97 2007/01/04 16:55:29 elad Exp $ */ /* * Copyright (c) 2002 Networks Associates Technology, Inc. @@ -41,7 +41,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ffs_alloc.c,v 1.96 2006/11/16 01:33:53 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ffs_alloc.c,v 1.97 2007/01/04 16:55:29 elad Exp $"); #if defined(_KERNEL_OPT) #include "opt_ffs.h" @@ -157,7 +157,8 @@ ffs_alloc(struct inode *ip, daddr_t lbn, daddr_t bpref, int size, #endif /* DIAGNOSTIC */ if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0) goto nospace; - if (kauth_cred_geteuid(cred) != 0 && freespace(fs, fs->fs_minfree) <= 0) + if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) != 0 && + freespace(fs, fs->fs_minfree) <= 0) goto nospace; #ifdef QUOTA if ((error = chkdq(ip, btodb(size), cred, 0)) != 0) @@ -236,7 +237,8 @@ ffs_realloccg(struct inode *ip, daddr_t lbprev, daddr_t bpref, int osize, if (cred == NOCRED) panic("ffs_realloccg: missing credential"); #endif /* DIAGNOSTIC */ - if (kauth_cred_geteuid(cred) != 0 && freespace(fs, fs->fs_minfree) <= 0) + if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) != 0 && + freespace(fs, fs->fs_minfree) <= 0) goto nospace; if (fs->fs_magic == FS_UFS2_MAGIC) bprev = ufs_rw64(ip->i_ffs2_db[lbprev], UFS_FSNEEDSWAP(fs)); diff --git a/sys/ufs/ffs/ffs_snapshot.c b/sys/ufs/ffs/ffs_snapshot.c index 2363df86a1a2..b89487719d1e 100644 --- a/sys/ufs/ffs/ffs_snapshot.c +++ b/sys/ufs/ffs/ffs_snapshot.c @@ -1,4 +1,4 @@ -/* $NetBSD: ffs_snapshot.c,v 1.38 2006/12/02 17:21:11 hannken Exp $ */ +/* $NetBSD: ffs_snapshot.c,v 1.39 2007/01/04 16:55:29 elad Exp $ */ /* * Copyright 2000 Marshall Kirk McKusick. All Rights Reserved. @@ -38,7 +38,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ffs_snapshot.c,v 1.38 2006/12/02 17:21:11 hannken Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ffs_snapshot.c,v 1.39 2007/01/04 16:55:29 elad Exp $"); #if defined(_KERNEL_OPT) #include "opt_ffs.h" @@ -183,7 +183,7 @@ ffs_snapshot(struct mount *mp, struct vnode *vp, if (vp->v_usecount != 1 || vp->v_writecount != 0) return EBUSY; if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag) != 0 && + NULL) != 0 && VTOI(vp)->i_uid != kauth_cred_geteuid(l->l_cred)) return EACCES; diff --git a/sys/ufs/ffs/ffs_vfsops.c b/sys/ufs/ffs/ffs_vfsops.c index 6d2d1c267d94..e01ad0296f76 100644 --- a/sys/ufs/ffs/ffs_vfsops.c +++ b/sys/ufs/ffs/ffs_vfsops.c @@ -1,4 +1,4 @@ -/* $NetBSD: ffs_vfsops.c,v 1.190 2006/11/16 01:33:53 christos Exp $ */ +/* $NetBSD: ffs_vfsops.c,v 1.191 2007/01/04 16:55:29 elad Exp $ */ /* * Copyright (c) 1989, 1991, 1993, 1994 @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ffs_vfsops.c,v 1.190 2006/11/16 01:33:53 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ffs_vfsops.c,v 1.191 2007/01/04 16:55:29 elad Exp $"); #if defined(_KERNEL_OPT) #include "opt_ffs.h" @@ -262,7 +262,8 @@ ffs_mount(struct mount *mp, const char *path, void *data, * If mount by non-root, then verify that user has necessary * permissions on the device. */ - if (error == 0 && kauth_cred_geteuid(l->l_cred) != 0) { + if (error == 0 && kauth_authorize_generic(l->l_cred, + KAUTH_GENERIC_ISSUSER, NULL) != 0) { accessmode = VREAD; if (update ? (mp->mnt_iflag & IMNT_WANTRDWR) != 0 : diff --git a/sys/ufs/lfs/lfs_syscalls.c b/sys/ufs/lfs/lfs_syscalls.c index e9e498f0fadf..8ecf4c5107b6 100644 --- a/sys/ufs/lfs/lfs_syscalls.c +++ b/sys/ufs/lfs/lfs_syscalls.c @@ -1,4 +1,4 @@ -/* $NetBSD: lfs_syscalls.c,v 1.118 2006/11/16 01:33:53 christos Exp $ */ +/* $NetBSD: lfs_syscalls.c,v 1.119 2007/01/04 16:55:29 elad Exp $ */ /*- * Copyright (c) 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc. @@ -67,7 +67,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: lfs_syscalls.c,v 1.118 2006/11/16 01:33:53 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: lfs_syscalls.c,v 1.119 2007/01/04 16:55:29 elad Exp $"); #ifndef LFS # define LFS /* for prototypes in syscallargs.h */ @@ -126,7 +126,7 @@ sys_lfs_markv(struct lwp *l, void *v, register_t *retval) struct mount *mntp; if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag)) != 0) + NULL)) != 0) return (error); if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0) @@ -169,7 +169,7 @@ sys_lfs_markv(struct lwp *l, void *v, register_t *retval) struct mount *mntp; if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag)) != 0) + NULL)) != 0) return (error); if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0) @@ -565,7 +565,7 @@ sys_lfs_bmapv(struct lwp *l, void *v, register_t *retval) struct mount *mntp; if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag)) != 0) + NULL)) != 0) return (error); if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0) @@ -607,7 +607,7 @@ sys_lfs_bmapv(struct lwp *l, void *v, register_t *retval) struct mount *mntp; if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag)) != 0) + NULL)) != 0) return (error); if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0) @@ -841,7 +841,7 @@ sys_lfs_segclean(struct lwp *l, void *v, register_t *retval) unsigned long segnum; if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag)) != 0) + NULL)) != 0) return (error); if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0) @@ -980,7 +980,7 @@ sys_lfs_segwait(struct lwp *l, void *v, register_t *retval) /* XXX need we be su to segwait? */ if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag)) != 0) + NULL)) != 0) return (error); if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0) return (error); diff --git a/sys/ufs/lfs/lfs_vfsops.c b/sys/ufs/lfs/lfs_vfsops.c index 48ee45bebe67..3d81007738cb 100644 --- a/sys/ufs/lfs/lfs_vfsops.c +++ b/sys/ufs/lfs/lfs_vfsops.c @@ -1,4 +1,4 @@ -/* $NetBSD: lfs_vfsops.c,v 1.224 2006/11/16 01:33:53 christos Exp $ */ +/* $NetBSD: lfs_vfsops.c,v 1.225 2007/01/04 16:55:30 elad Exp $ */ /*- * Copyright (c) 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc. @@ -67,7 +67,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: lfs_vfsops.c,v 1.224 2006/11/16 01:33:53 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: lfs_vfsops.c,v 1.225 2007/01/04 16:55:30 elad Exp $"); #if defined(_KERNEL_OPT) #include "opt_quota.h" @@ -428,7 +428,8 @@ lfs_mount(struct mount *mp, const char *path, void *data, struct nameidata *ndp, * If mount by non-root, then verify that user has necessary * permissions on the device. */ - if (error == 0 && kauth_cred_geteuid(l->l_cred) != 0) { + if (error == 0 && kauth_authorize_generic(l->l_cred, + KAUTH_GENERIC_ISSUSER, NULL) != 0) { accessmode = VREAD; if (update ? (mp->mnt_iflag & IMNT_WANTRDWR) != 0 : diff --git a/sys/ufs/lfs/lfs_vnops.c b/sys/ufs/lfs/lfs_vnops.c index 040b4da05ab3..3a50248f4c5c 100644 --- a/sys/ufs/lfs/lfs_vnops.c +++ b/sys/ufs/lfs/lfs_vnops.c @@ -1,4 +1,4 @@ -/* $NetBSD: lfs_vnops.c,v 1.195 2007/01/03 02:42:23 perseant Exp $ */ +/* $NetBSD: lfs_vnops.c,v 1.196 2007/01/04 16:55:30 elad Exp $ */ /*- * Copyright (c) 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc. @@ -67,7 +67,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: lfs_vnops.c,v 1.195 2007/01/03 02:42:23 perseant Exp $"); +__KERNEL_RCSID(0, "$NetBSD: lfs_vnops.c,v 1.196 2007/01/04 16:55:30 elad Exp $"); #ifdef _KERNEL_OPT #include "opt_compat_netbsd.h" @@ -1427,7 +1427,7 @@ lfs_fcntl(void *v) l = ap->a_l; if (((ap->a_command & 0xff00) >> 8) == 'L' && (error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag)) != 0) + NULL)) != 0) return (error); fs = VTOI(ap->a_vp)->i_lfs; @@ -1517,7 +1517,7 @@ lfs_fcntl(void *v) case LFCNIFILEFH_COMPAT: /* Return the filehandle of the Ifile */ if ((error = kauth_authorize_generic(l->l_cred, - KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0) + KAUTH_GENERIC_ISSUSER, NULL)) != 0) return (error); fhp = (struct fhandle *)ap->a_data; fhp->fh_fsid = *fsidp; diff --git a/sys/ufs/ufs/ufs_extattr.c b/sys/ufs/ufs/ufs_extattr.c index badfeb29ae4a..acd3a45c95b3 100644 --- a/sys/ufs/ufs/ufs_extattr.c +++ b/sys/ufs/ufs/ufs_extattr.c @@ -1,4 +1,4 @@ -/* $NetBSD: ufs_extattr.c,v 1.11 2006/12/09 16:11:52 chs Exp $ */ +/* $NetBSD: ufs_extattr.c,v 1.12 2007/01/04 16:55:30 elad Exp $ */ /*- * Copyright (c) 1999-2002 Robert N. M. Watson @@ -48,7 +48,7 @@ */ #include -__RCSID("$NetBSD: ufs_extattr.c,v 1.11 2006/12/09 16:11:52 chs Exp $"); +__RCSID("$NetBSD: ufs_extattr.c,v 1.12 2007/01/04 16:55:30 elad Exp $"); #include "opt_ffs.h" @@ -712,7 +712,7 @@ ufs_extattrctl(struct mount *mp, int cmd, struct vnode *filename_vp, * Only privileged processes can configure extended attributes. */ if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag)) != 0) { + NULL)) != 0) { if (filename_vp != NULL) VOP_UNLOCK(filename_vp, 0); return (error); diff --git a/sys/ufs/ufs/ufs_lookup.c b/sys/ufs/ufs/ufs_lookup.c index 9dc2929ff592..f8a725d1c8e9 100644 --- a/sys/ufs/ufs/ufs_lookup.c +++ b/sys/ufs/ufs/ufs_lookup.c @@ -1,4 +1,4 @@ -/* $NetBSD: ufs_lookup.c,v 1.81 2006/12/09 16:11:52 chs Exp $ */ +/* $NetBSD: ufs_lookup.c,v 1.82 2007/01/04 16:55:30 elad Exp $ */ /* * Copyright (c) 1989, 1993 @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ufs_lookup.c,v 1.81 2006/12/09 16:11:52 chs Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ufs_lookup.c,v 1.82 2007/01/04 16:55:30 elad Exp $"); #ifdef _KERNEL_OPT #include "opt_ffs.h" @@ -539,7 +539,8 @@ found: * implements append-only directories. */ if ((dp->i_mode & ISVTX) && - kauth_cred_geteuid(cred) != 0 && + kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, + NULL) != 0 && kauth_cred_geteuid(cred) != dp->i_uid && VTOI(tdp)->i_uid != kauth_cred_geteuid(cred)) { vput(tdp); diff --git a/sys/ufs/ufs/ufs_quota.c b/sys/ufs/ufs/ufs_quota.c index a145a18447b2..cd53e86b737f 100644 --- a/sys/ufs/ufs/ufs_quota.c +++ b/sys/ufs/ufs/ufs_quota.c @@ -1,4 +1,4 @@ -/* $NetBSD: ufs_quota.c,v 1.42 2006/10/20 18:58:13 reinoud Exp $ */ +/* $NetBSD: ufs_quota.c,v 1.43 2007/01/04 16:55:30 elad Exp $ */ /* * Copyright (c) 1982, 1986, 1990, 1993, 1995 @@ -35,7 +35,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ufs_quota.c,v 1.42 2006/10/20 18:58:13 reinoud Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ufs_quota.c,v 1.43 2007/01/04 16:55:30 elad Exp $"); #include #include @@ -129,7 +129,7 @@ chkdq(struct inode *ip, int64_t change, kauth_cred_t cred, int flags) return (0); } if ((flags & FORCE) == 0 && - (cred != NOCRED && kauth_cred_geteuid(cred) != 0)) { + kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) != 0) { for (i = 0; i < MAXQUOTAS; i++) { if ((dq = ip->i_dquot[i]) == NODQUOT) continue; @@ -235,7 +235,8 @@ chkiq(struct inode *ip, int32_t change, kauth_cred_t cred, int flags) } return (0); } - if ((flags & FORCE) == 0 && kauth_cred_geteuid(cred) != 0) { + if ((flags & FORCE) == 0 && kauth_authorize_generic(cred, + KAUTH_GENERIC_ISSUSER, NULL) != 0) { for (i = 0; i < MAXQUOTAS; i++) { if ((dq = ip->i_dquot[i]) == NODQUOT) continue; diff --git a/sys/ufs/ufs/ufs_readwrite.c b/sys/ufs/ufs/ufs_readwrite.c index 7947b981c195..7e60c856ce9c 100644 --- a/sys/ufs/ufs/ufs_readwrite.c +++ b/sys/ufs/ufs/ufs_readwrite.c @@ -1,4 +1,4 @@ -/* $NetBSD: ufs_readwrite.c,v 1.71 2006/10/14 09:17:26 yamt Exp $ */ +/* $NetBSD: ufs_readwrite.c,v 1.72 2007/01/04 16:55:30 elad Exp $ */ /*- * Copyright (c) 1993 @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(1, "$NetBSD: ufs_readwrite.c,v 1.71 2006/10/14 09:17:26 yamt Exp $"); +__KERNEL_RCSID(1, "$NetBSD: ufs_readwrite.c,v 1.72 2007/01/04 16:55:30 elad Exp $"); #ifdef LFS_READWRITE #define BLKSIZE(a, b, c) blksize(a, b, c) @@ -494,7 +494,7 @@ WRITE(void *v) out: ip->i_flag |= IN_CHANGE | IN_UPDATE; if (resid > uio->uio_resid && ap->a_cred && - kauth_cred_geteuid(ap->a_cred) != 0) { + kauth_authorize_generic(ap->a_cred, KAUTH_GENERIC_ISSUSER, NULL)) { ip->i_mode &= ~(ISUID | ISGID); DIP_ASSIGN(ip, mode, ip->i_mode); } diff --git a/sys/ufs/ufs/ufs_vfsops.c b/sys/ufs/ufs/ufs_vfsops.c index 8c61d973187f..6f67d94ba257 100644 --- a/sys/ufs/ufs/ufs_vfsops.c +++ b/sys/ufs/ufs/ufs_vfsops.c @@ -1,4 +1,4 @@ -/* $NetBSD: ufs_vfsops.c,v 1.31 2006/11/16 01:33:53 christos Exp $ */ +/* $NetBSD: ufs_vfsops.c,v 1.32 2007/01/04 16:55:30 elad Exp $ */ /* * Copyright (c) 1991, 1993, 1994 @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ufs_vfsops.c,v 1.31 2006/11/16 01:33:53 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ufs_vfsops.c,v 1.32 2007/01/04 16:55:30 elad Exp $"); #if defined(_KERNEL_OPT) #include "opt_ffs.h" @@ -126,7 +126,7 @@ ufs_quotactl(struct mount *mp, int cmds, uid_t uid, void *arg, struct lwp *l) /* fall through */ default: if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag)) != 0) + NULL)) != 0) return (error); } diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c index 55d0dee33fc5..909e7501cde4 100644 --- a/sys/ufs/ufs/ufs_vnops.c +++ b/sys/ufs/ufs/ufs_vnops.c @@ -1,4 +1,4 @@ -/* $NetBSD: ufs_vnops.c,v 1.146 2007/01/02 11:18:57 elad Exp $ */ +/* $NetBSD: ufs_vnops.c,v 1.147 2007/01/04 16:55:30 elad Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1993, 1995 @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ufs_vnops.c,v 1.146 2007/01/02 11:18:57 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ufs_vnops.c,v 1.147 2007/01/04 16:55:30 elad Exp $"); #if defined(_KERNEL_OPT) #include "opt_ffs.h" @@ -389,9 +389,10 @@ ufs_setattr(void *v) return (EROFS); if (kauth_cred_geteuid(cred) != ip->i_uid && (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag))) + NULL))) return (error); - if (kauth_cred_geteuid(cred) == 0) { + if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, + NULL) == 0) { if ((ip->i_flags & (SF_IMMUTABLE | SF_APPEND)) && kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_CHSYSFLAGS, 0, NULL, NULL, NULL)) @@ -464,7 +465,7 @@ ufs_setattr(void *v) return (EPERM); if (kauth_cred_geteuid(cred) != ip->i_uid && (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag)) && + NULL)) && ((vap->va_vaflags & VA_UTIMES_NULL) == 0 || (error = VOP_ACCESS(vp, VWRITE, cred, l)))) return (error); @@ -508,10 +509,9 @@ ufs_chmod(struct vnode *vp, int mode, kauth_cred_t cred, struct lwp *l) ip = VTOI(vp); if (kauth_cred_geteuid(cred) != ip->i_uid && - (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag))) + (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL))) return (error); - if (kauth_cred_geteuid(cred)) { + if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL)) { if (vp->v_type != VDIR && (mode & S_ISTXT)) return (EFTYPE); if ((kauth_cred_ismember_gid(cred, ip->i_gid, &ismember) != 0 || @@ -560,7 +560,7 @@ ufs_chown(struct vnode *vp, uid_t uid, gid_t gid, kauth_cred_t cred, (kauth_cred_ismember_gid(cred, gid, &ismember) == 0 && ismember)))) && ((error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, - &l->l_acflag)) != 0)) + NULL)) != 0)) return (error); #ifdef QUOTA @@ -1084,7 +1084,9 @@ ufs_rename(void *v) * otherwise the destination may not be changed (except by * root). This implements append-only directories. */ - if ((dp->i_mode & S_ISTXT) && kauth_cred_geteuid(tcnp->cn_cred) != 0 && + if ((dp->i_mode & S_ISTXT) && + kauth_authorize_generic(tcnp->cn_cred, + KAUTH_GENERIC_ISSUSER, NULL) != 0 && kauth_cred_geteuid(tcnp->cn_cred) != dp->i_uid && xp->i_uid != kauth_cred_geteuid(tcnp->cn_cred)) { error = EPERM;