Consistent usage of KAUTH_GENERIC_ISSUSER.

2007-01-04 16:55:29 +00:00 · 2007-01-04 16:55:29 +00:00 · 1e70d64818
parent 878f749ef4
commit 1e70d64818
35 changed files with 154 additions and 135 deletions
--- a/sys/arch/m68k/m68k/svr4_machdep.c
+++ b/sys/arch/m68k/m68k/svr4_machdep.c
@ -1,4 +1,4 @@
-/*	$NetBSD: svr4_machdep.c,v 1.22 2006/07/23 22:06:05 ad Exp $	*/
+/*	$NetBSD: svr4_machdep.c,v 1.23 2007/01/04 17:50:00 elad Exp $	*/
 /*-
 * Copyright (c) 1999 The NetBSD Foundation, Inc.
@ -37,7 +37,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: svr4_machdep.c,v 1.22 2006/07/23 22:06:05 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: svr4_machdep.c,v 1.23 2007/01/04 17:50:00 elad Exp $");
 #include <sys/param.h>
 #include <sys/systm.h>
@ -296,7 +296,7 @@ svr4_sys_sysarch(struct lwp *l, void *v, register_t *retval)
 	switch (SCARG(uap, op)) {
 	case SVR4_SYSARCH_SETNAME:
 		if ((error = kauth_authorize_generic(l->l_cred,
-		    KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0)
+		    KAUTH_GENERIC_ISSUSER, NULL)) != 0)
 			return (error);
 		if ((error = copyinstr(SCARG(uap, a1), tmp, sizeof (tmp), &len))
 		    != 0)
--- a/sys/arch/pc532/dev/lpt.c
+++ b/sys/arch/pc532/dev/lpt.c
@ -1,4 +1,4 @@
-/*	$NetBSD: lpt.c,v 1.46 2006/07/23 22:06:06 ad Exp $	*/
+/*	$NetBSD: lpt.c,v 1.47 2007/01/04 17:50:00 elad Exp $	*/
 /*
 * Copyright (c) 1994 Matthias Pfaller.
@ -60,7 +60,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: lpt.c,v 1.46 2006/07/23 22:06:06 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: lpt.c,v 1.47 2007/01/04 17:50:00 elad Exp $");
 #include "opt_inet.h"
@ -613,7 +613,7 @@ plipioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 	case SIOCSIFMTU:
        	if ((error = kauth_authorize_generic(l->l_cred,
-		    KAUTH_GENERIC_ISSUSER, &l->l_acflag)))
+		    KAUTH_GENERIC_ISSUSER, NULL)))
            		return(error);
 		if (ifp->if_mtu != ifr->ifr_mtu) {
 		        ifp->if_mtu = ifr->ifr_mtu;
--- a/sys/arch/sparc/dev/tctrl.c
+++ b/sys/arch/sparc/dev/tctrl.c
@ -1,4 +1,4 @@
-/*	$NetBSD: tctrl.c,v 1.35 2006/07/23 22:06:07 ad Exp $	*/
+/*	$NetBSD: tctrl.c,v 1.36 2007/01/04 17:50:00 elad Exp $	*/
 /*-
 * Copyright (c) 1998, 2005, 2006 The NetBSD Foundation, Inc.
@ -37,7 +37,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tctrl.c,v 1.35 2006/07/23 22:06:07 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tctrl.c,v 1.36 2007/01/04 17:50:00 elad Exp $");
 #include <sys/param.h>
 #include <sys/systm.h>
@ -1175,7 +1175,7 @@ tctrlioctl(dev_t dev, u_long cmd, caddr_t data, int flags, struct lwp *l)
 	case TCTRL_CMD_REQ:
 		reqn = (struct tctrl_req *)data;
 		if ((i = kauth_authorize_generic(l->l_cred,
-		    KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0 &&
+		    KAUTH_GENERIC_ISSUSER, NULL)) != 0 &&
 		    (reqn->cmdbuf[0] == TS102_OP_CTL_BITPORT ||
 		    (reqn->cmdbuf[0] >= TS102_OP_CTL_WATCHDOG &&
 		    reqn->cmdbuf[0] <= TS102_OP_CTL_SECURITY_KEY) ||
--- a/sys/arch/sun3/dev/xd.c
+++ b/sys/arch/sun3/dev/xd.c
@ -1,4 +1,4 @@
-/*	$NetBSD: xd.c,v 1.54 2006/07/23 22:06:07 ad Exp $	*/
+/*	$NetBSD: xd.c,v 1.55 2007/01/04 17:50:00 elad Exp $	*/
 /*
 *
@ -52,7 +52,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xd.c,v 1.54 2006/07/23 22:06:07 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xd.c,v 1.55 2007/01/04 17:50:00 elad Exp $");
 #undef XDC_DEBUG		/* full debug */
 #define XDC_DIAG		/* extra sanity checks */
@ -875,7 +875,7 @@ xdioctl(dev_t dev, u_long command, caddr_t addr, int flag, struct lwp *l)
 	case DIOSXDCMD:
 		xio = (struct xd_iocmd *) addr;
 		if ((error = kauth_authorize_generic(l->l_cred,
-		    KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0)
+		    KAUTH_GENERIC_ISSUSER, NULL)) != 0)
 			return (error);
 		return (xdc_ioctlcmd(xd, dev, xio));
--- a/sys/arch/sun3/dev/xy.c
+++ b/sys/arch/sun3/dev/xy.c
@ -1,4 +1,4 @@
-/*	$NetBSD: xy.c,v 1.57 2006/07/23 22:06:07 ad Exp $	*/
+/*	$NetBSD: xy.c,v 1.58 2007/01/04 17:50:00 elad Exp $	*/
 /*
 *
@ -52,7 +52,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xy.c,v 1.57 2006/07/23 22:06:07 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xy.c,v 1.58 2007/01/04 17:50:00 elad Exp $");
 #undef XYC_DEBUG		/* full debug */
 #undef XYC_DIAG			/* extra sanity checks */
@ -828,7 +828,7 @@ xyioctl(dev_t dev, u_long command, caddr_t addr, int flag, struct lwp *l)
 	case DIOSXDCMD:
 		xio = (struct xd_iocmd *) addr;
 		if ((error = kauth_authorize_generic(l->l_cred,
-		    KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0)
+		    KAUTH_GENERIC_ISSUSER, NULL)) != 0)
 			return (error);
 		return (xyc_ioctlcmd(xy, dev, xio));
--- a/sys/fs/smbfs/smbfs_vnops.c
+++ b/sys/fs/smbfs/smbfs_vnops.c
@ -1,4 +1,4 @@
-/*	$NetBSD: smbfs_vnops.c,v 1.57 2006/12/09 16:11:51 chs Exp $	*/
+/*	$NetBSD: smbfs_vnops.c,v 1.58 2007/01/04 17:26:12 elad Exp $	*/
 /*-
 * Copyright (c) 2003 The NetBSD Foundation, Inc.
@ -71,7 +71,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: smbfs_vnops.c,v 1.57 2006/12/09 16:11:51 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: smbfs_vnops.c,v 1.58 2007/01/04 17:26:12 elad Exp $");
 #include <sys/param.h>
 #include <sys/systm.h>
@ -453,7 +453,7 @@ smbfs_setattr(v)
                if (kauth_cred_geteuid(ap->a_cred) !=
 		    VTOSMBFS(vp)->sm_args.uid &&
                    (error = kauth_authorize_generic(ap->a_cred,
-		    KAUTH_GENERIC_ISSUSER, &ap->a_l->l_acflag)) &&
+		    KAUTH_GENERIC_ISSUSER, NULL)) &&
                    ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
                    (error = VOP_ACCESS(ap->a_vp, VWRITE, ap->a_cred, ap->a_l))))
                        return (error);
--- a/sys/kern/kern_event.c
+++ b/sys/kern/kern_event.c
@ -1,4 +1,4 @@
-/*	$NetBSD: kern_event.c,v 1.33 2006/11/01 10:17:58 yamt Exp $	*/
+/*	$NetBSD: kern_event.c,v 1.34 2007/01/04 17:38:25 elad Exp $	*/
 /*-
 * Copyright (c) 1999,2000,2001 Jonathan Lemon <jlemon@FreeBSD.org>
@ -29,7 +29,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_event.c,v 1.33 2006/11/01 10:17:58 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_event.c,v 1.34 2007/01/04 17:38:25 elad Exp $");
 #include <sys/param.h>
 #include <sys/systm.h>
@ -382,7 +382,7 @@ filt_procattach(struct knote *kn)
 	 */
 	if ((kauth_cred_getuid(p->p_cred) != kauth_cred_getuid(curl->l_cred) ||
 	    (p->p_flag & P_SUGID)) && kauth_authorize_generic(curl->l_cred,
-	    KAUTH_GENERIC_ISSUSER, &curl->l_acflag) != 0)
+	    KAUTH_GENERIC_ISSUSER, NULL) != 0)
 		return (EACCES);
 	kn->kn_ptr.p_proc = p;
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c
@ -1,4 +1,4 @@
-/*	$NetBSD: kern_ktrace.c,v 1.112 2006/11/28 17:27:10 elad Exp $	*/
+/*	$NetBSD: kern_ktrace.c,v 1.113 2007/01/04 17:38:26 elad Exp $	*/
 /*
 * Copyright (c) 1989, 1993
@ -32,7 +32,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.112 2006/11/28 17:27:10 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.113 2007/01/04 17:38:26 elad Exp $");
 #include "opt_ktrace.h"
 #include "opt_compat_mach.h"
@ -1079,7 +1079,8 @@ ktrops(struct lwp *curl, struct proc *p, int ops, int facs,
 			ktradref(p);
 		}
 		p->p_traceflag |= facs;
-		if (kauth_cred_geteuid(curl->l_cred) == 0)
+		if (kauth_authorize_generic(curl->l_cred,
 		    KAUTH_GENERIC_ISSUSER, NULL) == 0)
 			p->p_traceflag |= KTRFAC_ROOT;
 	} else {
 		/* KTROP_CLEAR */
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@ -1,4 +1,4 @@
-/*	$NetBSD: kern_sysctl.c,v 1.206 2006/11/01 10:17:58 yamt Exp $	*/
+/*	$NetBSD: kern_sysctl.c,v 1.207 2007/01/04 17:38:25 elad Exp $	*/
 /*-
 * Copyright (c) 2003 The NetBSD Foundation, Inc.
@ -75,7 +75,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_sysctl.c,v 1.206 2006/11/01 10:17:58 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_sysctl.c,v 1.207 2007/01/04 17:38:25 elad Exp $");
 #include "opt_defcorename.h"
 #include "opt_ktrace.h"
@ -1481,7 +1481,7 @@ sysctl_lookup(SYSCTLFN_ARGS)
 	if (l != NULL && newp != NULL &&
 	    !(rnode->sysctl_flags & CTLFLAG_ANYWRITE) &&
 	    (error = kauth_authorize_generic(l->l_cred,
-	    KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0)
+	    KAUTH_GENERIC_ISSUSER, NULL)) != 0)
 		return (error);
 	/*
--- a/sys/kern/kern_systrace.c
+++ b/sys/kern/kern_systrace.c
@ -1,4 +1,4 @@
-/*	$NetBSD: kern_systrace.c,v 1.63 2006/11/28 17:58:10 elad Exp $	*/
+/*	$NetBSD: kern_systrace.c,v 1.64 2007/01/04 17:38:26 elad Exp $	*/
 /*
 * Copyright 2002, 2003 Niels Provos <provos@citi.umich.edu>
@ -31,7 +31,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_systrace.c,v 1.63 2006/11/28 17:58:10 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_systrace.c,v 1.64 2007/01/04 17:38:26 elad Exp $");
 #include "opt_systrace.h"
@ -584,7 +584,7 @@ systraceopen(dev_t dev, int flag, int mode, struct lwp *l)
 	TAILQ_INIT(&fst->policies);
 	if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
-	    &l->l_acflag) == 0)
+	    NULL) == 0)
 		fst->issuser = 1;
 	fst->p_ruid = kauth_cred_getuid(l->l_cred);
 	fst->p_rgid = kauth_cred_getgid(l->l_cred);
--- a/sys/kern/kern_tc.c
+++ b/sys/kern/kern_tc.c
@ -1,4 +1,4 @@
-/* $NetBSD: kern_tc.c,v 1.16 2006/11/01 10:17:58 yamt Exp $ */
+/* $NetBSD: kern_tc.c,v 1.17 2007/01/04 17:38:26 elad Exp $ */
 /*-
 * ----------------------------------------------------------------------------
@ -11,7 +11,7 @@
 #include <sys/cdefs.h>
 /* __FBSDID("$FreeBSD: src/sys/kern/kern_tc.c,v 1.166 2005/09/19 22:16:31 andre Exp $"); */
-__KERNEL_RCSID(0, "$NetBSD: kern_tc.c,v 1.16 2006/11/01 10:17:58 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_tc.c,v 1.17 2007/01/04 17:38:26 elad Exp $");
 #include "opt_ntp.h"
@ -129,7 +129,7 @@ sysctl_kern_timecounter_hardware(SYSCTLFN_ARGS)
 		return error;
 	if (l != NULL && (error = kauth_authorize_generic(l->l_cred, 
-	    KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0)
+	    KAUTH_GENERIC_ISSUSER, NULL)) != 0)
 		return (error);
 	/* XXX locking */
--- a/sys/kern/sysv_ipc.c
+++ b/sys/kern/sysv_ipc.c
@ -1,4 +1,4 @@
-/*	$NetBSD: sysv_ipc.c,v 1.18 2006/11/25 21:40:05 christos Exp $	*/
+/*	$NetBSD: sysv_ipc.c,v 1.19 2007/01/04 17:38:26 elad Exp $	*/
 /*-
 * Copyright (c) 1998 The NetBSD Foundation, Inc.
@ -37,7 +37,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sysv_ipc.c,v 1.18 2006/11/25 21:40:05 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sysv_ipc.c,v 1.19 2007/01/04 17:38:26 elad Exp $");
 #include "opt_sysv.h"
@ -72,7 +72,7 @@ ipcperm(kauth_cred_t cred, struct ipc_perm *perm, int mode)
 	mode_t mask;
 	int ismember = 0;
-	if (kauth_cred_geteuid(cred) == 0)
+	if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) == 0)
 		return (0);
 	if (mode == IPC_M) {
--- a/sys/kern/sysv_msg.c
+++ b/sys/kern/sysv_msg.c
@ -1,4 +1,4 @@
-/*	$NetBSD: sysv_msg.c,v 1.46 2006/11/01 10:17:59 yamt Exp $	*/
+/*	$NetBSD: sysv_msg.c,v 1.47 2007/01/04 17:38:26 elad Exp $	*/
 /*-
 * Copyright (c) 1999 The NetBSD Foundation, Inc.
@ -57,7 +57,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sysv_msg.c,v 1.46 2006/11/01 10:17:59 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sysv_msg.c,v 1.47 2007/01/04 17:38:26 elad Exp $");
 #define SYSVMSG
@ -270,7 +270,8 @@ msgctl1(struct lwp *l, int msqid, int cmd, struct msqid_ds *msqbuf)
 		if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_M)))
 			return (error);
 		if (msqbuf->msg_qbytes > msqptr->msg_qbytes &&
-		    kauth_cred_geteuid(cred) != 0)
+		    kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
 		    NULL) != 0)
 			return (EPERM);
 		if (msqbuf->msg_qbytes > msginfo.msgmnb) {
 			MSG_PRINTF(("can't increase msg_qbytes beyond %d "
--- a/sys/kern/tty.c
+++ b/sys/kern/tty.c
@ -1,4 +1,4 @@
-/*	$NetBSD: tty.c,v 1.188 2006/09/13 13:28:22 martin Exp $	*/
+/*	$NetBSD: tty.c,v 1.189 2007/01/04 17:38:26 elad Exp $	*/
 /*-
 * Copyright (c) 1982, 1986, 1990, 1991, 1993
@ -37,7 +37,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tty.c,v 1.188 2006/09/13 13:28:22 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tty.c,v 1.189 2007/01/04 17:38:26 elad Exp $");
 #include <sys/param.h>
 #include <sys/systm.h>
@ -1112,10 +1112,13 @@ ttioctl(struct tty *tp, u_long cmd, caddr_t data, int flag, struct lwp *l)
 		splx(s);
 		break;
 	case TIOCSTI:			/* simulate terminal input */
-		if (kauth_cred_geteuid(l->l_cred) && (flag & FREAD) == 0)
+		if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
-			return (EPERM);
+		    NULL) != 0) {
-		if (kauth_cred_geteuid(l->l_cred) && !isctty(p, tp))
+			if (!ISSET(flag, FREAD))
-			return (EACCES);
+				return (EPERM);
 			if (!isctty(p, tp))
 				return (EACCES);
 		}
 		(*tp->t_linesw->l_rint)(*(u_char *)data, tp);
 		break;
 	case TIOCSTOP:			/* stop output, like ^S */
--- a/sys/kern/uipc_sem.c
+++ b/sys/kern/uipc_sem.c
@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_sem.c,v 1.18 2006/11/01 10:17:59 yamt Exp $	*/
+/*	$NetBSD: uipc_sem.c,v 1.19 2007/01/04 17:38:26 elad Exp $	*/
 /*-
 * Copyright (c) 2003 The NetBSD Foundation, Inc.
@ -63,7 +63,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_sem.c,v 1.18 2006/11/01 10:17:59 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_sem.c,v 1.19 2007/01/04 17:38:26 elad Exp $");
 #include "opt_posix.h"
@ -270,7 +270,7 @@ ksem_perm(struct lwp *l, struct ksem *ks)
 	if ((kauth_cred_geteuid(uc) == ks->ks_uid && (ks->ks_mode & S_IWUSR) != 0) ||
 	    (kauth_cred_getegid(uc) == ks->ks_gid && (ks->ks_mode & S_IWGRP) != 0) ||
 	    (ks->ks_mode & S_IWOTH) != 0 ||
-	    kauth_authorize_generic(uc, KAUTH_GENERIC_ISSUSER, &l->l_acflag) == 0)
+	    kauth_authorize_generic(uc, KAUTH_GENERIC_ISSUSER, NULL) == 0)
 		return (0);
 	return (EPERM);
 }
--- a/sys/kern/vfs_subr.c
+++ b/sys/kern/vfs_subr.c
@ -1,4 +1,4 @@
-/*	$NetBSD: vfs_subr.c,v 1.277 2006/12/27 12:22:14 yamt Exp $	*/
+/*	$NetBSD: vfs_subr.c,v 1.278 2007/01/04 17:38:27 elad Exp $	*/
 /*-
 * Copyright (c) 1997, 1998, 2004, 2005 The NetBSD Foundation, Inc.
@ -80,7 +80,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_subr.c,v 1.277 2006/12/27 12:22:14 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_subr.c,v 1.278 2007/01/04 17:38:27 elad Exp $");
 #include "opt_inet.h"
 #include "opt_ddb.h"
@ -2120,7 +2120,7 @@ vaccess(enum vtype type, mode_t file_mode, uid_t uid, gid_t gid,
 	 * Super-user always gets read/write access, but execute access depends
 	 * on at least one execute bit being set.
 	 */
-	if (kauth_cred_geteuid(cred) == 0) {
+	if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) == 0) {
 		if ((acc_mode & VEXEC) && type != VDIR &&
 		    (file_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) == 0)
 			return (EACCES);
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@ -1,4 +1,4 @@
-/*	$NetBSD: vfs_syscalls.c,v 1.293 2007/01/03 23:20:58 wrstuden Exp $	*/
+/*	$NetBSD: vfs_syscalls.c,v 1.294 2007/01/04 17:38:26 elad Exp $	*/
 /*
 * Copyright (c) 1989, 1993
@ -37,7 +37,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.293 2007/01/03 23:20:58 wrstuden Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.294 2007/01/04 17:38:26 elad Exp $");
 #include "opt_compat_netbsd.h"
 #include "opt_compat_43.h"
@ -550,7 +550,7 @@ sys_unmount(struct lwp *l, void *v, register_t *retval)
 	 */
 	if ((mp->mnt_stat.f_owner != kauth_cred_geteuid(l->l_cred)) &&
 	    (error = kauth_authorize_generic(l->l_cred,
-	 	KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0) {
+	 	KAUTH_GENERIC_ISSUSER, NULL)) != 0) {
 		vput(vp);
 		return (error);
 	}
@ -2659,8 +2659,7 @@ change_flags(struct vnode *vp, u_long flags, struct lwp *l)
 	 * Non-superusers cannot change the flags on devices, even if they
 	 * own them.
 	 */
-	if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
+	if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, NULL)) {
 	    &l->l_acflag) != 0) {
 		if ((error = VOP_GETATTR(vp, &vattr, l->l_cred, l)) != 0)
 			goto out;
 		if (vattr.va_type == VCHR || vattr.va_type == VBLK) {
@ -3679,7 +3678,7 @@ sys_revoke(struct lwp *l, void *v, register_t *retval)
 		goto out;
 	if (kauth_cred_geteuid(l->l_cred) != vattr.va_uid &&
 	    (error = kauth_authorize_generic(l->l_cred,
-	    KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0)
+	    KAUTH_GENERIC_ISSUSER, NULL)) != 0)
 		goto out;
 	if ((error = vn_start_write(vp, &mp, V_WAIT | V_PCATCH)) != 0)
 		goto out;
--- a/sys/kern/vfs_xattr.c
+++ b/sys/kern/vfs_xattr.c
@ -1,4 +1,4 @@
-/*	$NetBSD: vfs_xattr.c,v 1.9 2006/11/01 10:17:59 yamt Exp $	*/
+/*	$NetBSD: vfs_xattr.c,v 1.10 2007/01/04 17:38:26 elad Exp $	*/
 /*-
 * Copyright (c) 2005 The NetBSD Foundation, Inc.
@ -75,7 +75,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_xattr.c,v 1.9 2006/11/01 10:17:59 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_xattr.c,v 1.10 2007/01/04 17:38:26 elad Exp $");
 #include <sys/param.h>
 #include <sys/systm.h>
@ -115,7 +115,7 @@ extattr_check_cred(struct vnode *vp, int attrnamespace,
 		 * these requests come from kernel code (NOCRED case above)?
 		 */
 		return (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
-		    &l->l_acflag));
+		    NULL));
 	case EXTATTR_NAMESPACE_USER:
 		return (VOP_ACCESS(vp, access, cred, l));
--- a/sys/ufs/ext2fs/ext2fs_alloc.c
+++ b/sys/ufs/ext2fs/ext2fs_alloc.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ext2fs_alloc.c,v 1.33 2006/12/09 22:07:48 chs Exp $	*/
+/*	$NetBSD: ext2fs_alloc.c,v 1.34 2007/01/04 16:55:29 elad Exp $	*/
 /*
 * Copyright (c) 1982, 1986, 1989, 1993
@ -65,7 +65,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ext2fs_alloc.c,v 1.33 2006/12/09 22:07:48 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ext2fs_alloc.c,v 1.34 2007/01/04 16:55:29 elad Exp $");
 #include <sys/param.h>
 #include <sys/systm.h>
@ -128,7 +128,8 @@ ext2fs_alloc(struct inode *ip, daddr_t lbn, daddr_t bpref,
 #endif /* DIAGNOSTIC */
 	if (fs->e2fs.e2fs_fbcount == 0)
 		goto nospace;
-	if (kauth_cred_geteuid(cred) != 0 && freespace(fs) <= 0)
+	if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) != 0 &&
 	    freespace(fs) <= 0)
 		goto nospace;
 	if (bpref >= fs->e2fs.e2fs_bcount)
 		bpref = 0;
--- a/sys/ufs/ext2fs/ext2fs_lookup.c
+++ b/sys/ufs/ext2fs/ext2fs_lookup.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ext2fs_lookup.c,v 1.47 2006/12/09 16:11:52 chs Exp $	*/
+/*	$NetBSD: ext2fs_lookup.c,v 1.48 2007/01/04 16:55:29 elad Exp $	*/
 /*
 * Modified for NetBSD 1.2E
@ -48,7 +48,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ext2fs_lookup.c,v 1.47 2006/12/09 16:11:52 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ext2fs_lookup.c,v 1.48 2007/01/04 16:55:29 elad Exp $");
 #include <sys/param.h>
 #include <sys/systm.h>
@ -597,7 +597,7 @@ found:
 		 * implements append-only directories.
 		 */
 		if ((dp->i_e2fs_mode & ISVTX) &&
-		    kauth_cred_geteuid(cred) != 0 &&
+		    kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) &&
 		    kauth_cred_geteuid(cred) != dp->i_e2fs_uid &&
 		    VTOI(tdp)->i_e2fs_uid != kauth_cred_geteuid(cred)) {
 			vput(tdp);
--- a/sys/ufs/ext2fs/ext2fs_readwrite.c
+++ b/sys/ufs/ext2fs/ext2fs_readwrite.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ext2fs_readwrite.c,v 1.43 2006/05/14 21:32:21 elad Exp $	*/
+/*	$NetBSD: ext2fs_readwrite.c,v 1.44 2007/01/04 16:55:29 elad Exp $	*/
 /*-
 * Copyright (c) 1993
@ -65,7 +65,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ext2fs_readwrite.c,v 1.43 2006/05/14 21:32:21 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ext2fs_readwrite.c,v 1.44 2007/01/04 16:55:29 elad Exp $");
 #include <sys/param.h>
 #include <sys/systm.h>
@ -394,7 +394,8 @@ ext2fs_write(void *v)
 out:
 	ip->i_flag |= IN_CHANGE | IN_UPDATE;
-	if (resid > uio->uio_resid && ap->a_cred && kauth_cred_geteuid(ap->a_cred) != 0)
+	if (resid > uio->uio_resid && ap->a_cred &&
 	    kauth_authorize_generic(ap->a_cred, KAUTH_GENERIC_ISSUSER, NULL))
 		ip->i_e2fs_mode &= ~(ISUID | ISGID);
 	if (resid > uio->uio_resid)
 		VN_KNOTE(vp, NOTE_WRITE | (extended ? NOTE_EXTEND : 0));
--- a/sys/ufs/ext2fs/ext2fs_vfsops.c
+++ b/sys/ufs/ext2fs/ext2fs_vfsops.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ext2fs_vfsops.c,v 1.105 2006/11/16 01:33:51 christos Exp $	*/
+/*	$NetBSD: ext2fs_vfsops.c,v 1.106 2007/01/04 16:55:29 elad Exp $	*/
 /*
 * Copyright (c) 1989, 1991, 1993, 1994
@ -65,7 +65,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ext2fs_vfsops.c,v 1.105 2006/11/16 01:33:51 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ext2fs_vfsops.c,v 1.106 2007/01/04 16:55:29 elad Exp $");
 #if defined(_KERNEL_OPT)
 #include "opt_compat_netbsd.h"
@ -317,7 +317,8 @@ ext2fs_mount(struct mount *mp, const char *path, void *data,
 	 * If mount by non-root, then verify that user has necessary
 	 * permissions on the device.
 	 */
-	if (error == 0 && kauth_cred_geteuid(l->l_cred) != 0) {
+	if (error == 0 && kauth_authorize_generic(l->l_cred,
 	    KAUTH_GENERIC_ISSUSER, NULL) != 0) {
 		accessmode = VREAD;
 		if (update ?
 		    (mp->mnt_iflag & IMNT_WANTRDWR) != 0 :
--- a/sys/ufs/ext2fs/ext2fs_vnops.c
+++ b/sys/ufs/ext2fs/ext2fs_vnops.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ext2fs_vnops.c,v 1.71 2007/01/02 11:18:57 elad Exp $	*/
+/*	$NetBSD: ext2fs_vnops.c,v 1.72 2007/01/04 16:55:29 elad Exp $	*/
 /*
 * Copyright (c) 1982, 1986, 1989, 1993
@ -70,7 +70,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.71 2007/01/02 11:18:57 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.72 2007/01/04 16:55:29 elad Exp $");
 #include <sys/param.h>
 #include <sys/systm.h>
@ -350,10 +350,11 @@ ext2fs_setattr(void *v)
 			return (EROFS);
 		if (kauth_cred_geteuid(cred) != ip->i_e2fs_uid &&
 		    (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
-		    &l->l_acflag)))
+		    NULL)))
 			return (error);
 #ifdef EXT2FS_SYSTEM_FLAGS
-		if (kauth_cred_geteuid(cred) == 0) {
+		if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
 		    NULL) == 0) {
 			if ((ip->i_e2fs_flags &
 			    (EXT2_APPEND | EXT2_IMMUTABLE)) &&
 			    kauth_authorize_system(l->l_cred,
@ -413,7 +414,7 @@ ext2fs_setattr(void *v)
 			return (EROFS);
 		if (kauth_cred_geteuid(cred) != ip->i_e2fs_uid &&
 			(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, 
-			&l->l_acflag)) &&
+			NULL)) &&
 			((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
 			(error = VOP_ACCESS(vp, VWRITE, cred, l))))
 			return (error);
@ -449,9 +450,9 @@ ext2fs_chmod(struct vnode *vp, int mode, kauth_cred_t cred, struct lwp *l)
 	if (kauth_cred_geteuid(cred) != ip->i_e2fs_uid &&
 	    (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
-	    &l->l_acflag)))
+	    NULL)))
 		return (error);
-	if (kauth_cred_geteuid(cred)) {
+	if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL)) {
 		if (vp->v_type != VDIR && (mode & S_ISTXT))
 			return (EFTYPE);
 		if ((kauth_cred_ismember_gid(cred, ip->i_e2fs_gid, &ismember) != 0 ||
@ -490,8 +491,7 @@ ext2fs_chown(struct vnode *vp, uid_t uid, gid_t gid, kauth_cred_t cred,
 	    (gid != ip->i_e2fs_gid &&
 	    !(kauth_cred_getegid(cred) == gid ||
 	    (kauth_cred_ismember_gid(cred, gid, &ismember) == 0 && ismember)))) &&
-	    (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
+	    (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL)))
 	    &l->l_acflag)))
 		return (error);
 	ogid = ip->i_e2fs_gid;
 	ouid = ip->i_e2fs_uid;
@ -500,9 +500,11 @@ ext2fs_chown(struct vnode *vp, uid_t uid, gid_t gid, kauth_cred_t cred,
 	ip->i_e2fs_uid = uid;
 	if (ouid != uid || ogid != gid)
 		ip->i_flag |= IN_CHANGE;
-	if (ouid != uid && kauth_cred_geteuid(cred) != 0)
+	if (ouid != uid && kauth_authorize_generic(cred,
 	    KAUTH_GENERIC_ISSUSER, NULL) != 0)
 		ip->i_e2fs_mode &= ~ISUID;
-	if (ogid != gid && kauth_cred_geteuid(cred) != 0)
+	if (ogid != gid && kauth_authorize_generic(cred,
 	    KAUTH_GENERIC_ISSUSER, NULL) != 0)
 		ip->i_e2fs_mode &= ~ISGID;
 	return (0);
 }
@ -865,7 +867,9 @@ abortit:
 		 * otherwise the destination may not be changed (except by
 		 * root). This implements append-only directories.
 		 */
-		if ((dp->i_e2fs_mode & S_ISTXT) && kauth_cred_geteuid(tcnp->cn_cred) != 0 &&
+		if ((dp->i_e2fs_mode & S_ISTXT) &&
 		    kauth_authorize_generic(tcnp->cn_cred,
 		     KAUTH_GENERIC_ISSUSER, NULL) != 0 &&
 		    kauth_cred_geteuid(tcnp->cn_cred) != dp->i_e2fs_uid &&
 		    xp->i_e2fs_uid != kauth_cred_geteuid(tcnp->cn_cred)) {
 			error = EPERM;
--- a/sys/ufs/ffs/ffs_alloc.c
+++ b/sys/ufs/ffs/ffs_alloc.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ffs_alloc.c,v 1.96 2006/11/16 01:33:53 christos Exp $	*/
+/*	$NetBSD: ffs_alloc.c,v 1.97 2007/01/04 16:55:29 elad Exp $	*/
 /*
 * Copyright (c) 2002 Networks Associates Technology, Inc.
@ -41,7 +41,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ffs_alloc.c,v 1.96 2006/11/16 01:33:53 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ffs_alloc.c,v 1.97 2007/01/04 16:55:29 elad Exp $");
 #if defined(_KERNEL_OPT)
 #include "opt_ffs.h"
@ -157,7 +157,8 @@ ffs_alloc(struct inode *ip, daddr_t lbn, daddr_t bpref, int size,
 #endif /* DIAGNOSTIC */
 	if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0)
 		goto nospace;
-	if (kauth_cred_geteuid(cred) != 0 && freespace(fs, fs->fs_minfree) <= 0)
+	if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) != 0 &&
 	    freespace(fs, fs->fs_minfree) <= 0)
 		goto nospace;
 #ifdef QUOTA
 	if ((error = chkdq(ip, btodb(size), cred, 0)) != 0)
@ -236,7 +237,8 @@ ffs_realloccg(struct inode *ip, daddr_t lbprev, daddr_t bpref, int osize,
 	if (cred == NOCRED)
 		panic("ffs_realloccg: missing credential");
 #endif /* DIAGNOSTIC */
-	if (kauth_cred_geteuid(cred) != 0 && freespace(fs, fs->fs_minfree) <= 0)
+	if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) != 0 &&
 	    freespace(fs, fs->fs_minfree) <= 0)
 		goto nospace;
 	if (fs->fs_magic == FS_UFS2_MAGIC)
 		bprev = ufs_rw64(ip->i_ffs2_db[lbprev], UFS_FSNEEDSWAP(fs));
--- a/sys/ufs/ffs/ffs_snapshot.c
+++ b/sys/ufs/ffs/ffs_snapshot.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ffs_snapshot.c,v 1.38 2006/12/02 17:21:11 hannken Exp $	*/
+/*	$NetBSD: ffs_snapshot.c,v 1.39 2007/01/04 16:55:29 elad Exp $	*/
 /*
 * Copyright 2000 Marshall Kirk McKusick. All Rights Reserved.
@ -38,7 +38,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ffs_snapshot.c,v 1.38 2006/12/02 17:21:11 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ffs_snapshot.c,v 1.39 2007/01/04 16:55:29 elad Exp $");
 #if defined(_KERNEL_OPT)
 #include "opt_ffs.h"
@ -183,7 +183,7 @@ ffs_snapshot(struct mount *mp, struct vnode *vp,
 	if (vp->v_usecount != 1 || vp->v_writecount != 0)
 		return EBUSY;
 	if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
-	    &l->l_acflag) != 0 &&
+	    NULL) != 0 &&
 	    VTOI(vp)->i_uid != kauth_cred_geteuid(l->l_cred))
 		return EACCES;
--- a/sys/ufs/ffs/ffs_vfsops.c
+++ b/sys/ufs/ffs/ffs_vfsops.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ffs_vfsops.c,v 1.190 2006/11/16 01:33:53 christos Exp $	*/
+/*	$NetBSD: ffs_vfsops.c,v 1.191 2007/01/04 16:55:29 elad Exp $	*/
 /*
 * Copyright (c) 1989, 1991, 1993, 1994
@ -32,7 +32,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ffs_vfsops.c,v 1.190 2006/11/16 01:33:53 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ffs_vfsops.c,v 1.191 2007/01/04 16:55:29 elad Exp $");
 #if defined(_KERNEL_OPT)
 #include "opt_ffs.h"
@ -262,7 +262,8 @@ ffs_mount(struct mount *mp, const char *path, void *data,
 	 * If mount by non-root, then verify that user has necessary
 	 * permissions on the device.
 	 */
-	if (error == 0 && kauth_cred_geteuid(l->l_cred) != 0) {
+	if (error == 0 && kauth_authorize_generic(l->l_cred,
 	    KAUTH_GENERIC_ISSUSER, NULL) != 0) {
 		accessmode = VREAD;
 		if (update ?
 		    (mp->mnt_iflag & IMNT_WANTRDWR) != 0 :
--- a/sys/ufs/lfs/lfs_syscalls.c
+++ b/sys/ufs/lfs/lfs_syscalls.c
@ -1,4 +1,4 @@
-/*	$NetBSD: lfs_syscalls.c,v 1.118 2006/11/16 01:33:53 christos Exp $	*/
+/*	$NetBSD: lfs_syscalls.c,v 1.119 2007/01/04 16:55:29 elad Exp $	*/
 /*-
 * Copyright (c) 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc.
@ -67,7 +67,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: lfs_syscalls.c,v 1.118 2006/11/16 01:33:53 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: lfs_syscalls.c,v 1.119 2007/01/04 16:55:29 elad Exp $");
 #ifndef LFS
 # define LFS		/* for prototypes in syscallargs.h */
@ -126,7 +126,7 @@ sys_lfs_markv(struct lwp *l, void *v, register_t *retval)
 	struct mount *mntp;
 	if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
-	    &l->l_acflag)) != 0)
+	    NULL)) != 0)
 		return (error);
 	if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
@ -169,7 +169,7 @@ sys_lfs_markv(struct lwp *l, void *v, register_t *retval)
 	struct mount *mntp;
 	if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
-	    &l->l_acflag)) != 0)
+	    NULL)) != 0)
 		return (error);
 	if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
@ -565,7 +565,7 @@ sys_lfs_bmapv(struct lwp *l, void *v, register_t *retval)
 	struct mount *mntp;
 	if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
-	    &l->l_acflag)) != 0)
+	    NULL)) != 0)
 		return (error);
 	if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
@ -607,7 +607,7 @@ sys_lfs_bmapv(struct lwp *l, void *v, register_t *retval)
 	struct mount *mntp;
 	if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
-	    &l->l_acflag)) != 0)
+	    NULL)) != 0)
 		return (error);
 	if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
@ -841,7 +841,7 @@ sys_lfs_segclean(struct lwp *l, void *v, register_t *retval)
 	unsigned long segnum;
 	if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
-	    &l->l_acflag)) != 0)
+	    NULL)) != 0)
 		return (error);
 	if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
@ -980,7 +980,7 @@ sys_lfs_segwait(struct lwp *l, void *v, register_t *retval)
 	/* XXX need we be su to segwait? */
 	if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
-	    &l->l_acflag)) != 0)
+	    NULL)) != 0)
 		return (error);
 	if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
 		return (error);
--- a/sys/ufs/lfs/lfs_vfsops.c
+++ b/sys/ufs/lfs/lfs_vfsops.c
@ -1,4 +1,4 @@
-/*	$NetBSD: lfs_vfsops.c,v 1.224 2006/11/16 01:33:53 christos Exp $	*/
+/*	$NetBSD: lfs_vfsops.c,v 1.225 2007/01/04 16:55:30 elad Exp $	*/
 /*-
 * Copyright (c) 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc.
@ -67,7 +67,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: lfs_vfsops.c,v 1.224 2006/11/16 01:33:53 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: lfs_vfsops.c,v 1.225 2007/01/04 16:55:30 elad Exp $");
 #if defined(_KERNEL_OPT)
 #include "opt_quota.h"
@ -428,7 +428,8 @@ lfs_mount(struct mount *mp, const char *path, void *data, struct nameidata *ndp,
 	 * If mount by non-root, then verify that user has necessary
 	 * permissions on the device.
 	 */
-	if (error == 0 && kauth_cred_geteuid(l->l_cred) != 0) {
+	if (error == 0 && kauth_authorize_generic(l->l_cred,
 	    KAUTH_GENERIC_ISSUSER, NULL) != 0) {
 		accessmode = VREAD;
 		if (update ?
 		    (mp->mnt_iflag & IMNT_WANTRDWR) != 0 :
--- a/sys/ufs/lfs/lfs_vnops.c
+++ b/sys/ufs/lfs/lfs_vnops.c
@ -1,4 +1,4 @@
-/*	$NetBSD: lfs_vnops.c,v 1.195 2007/01/03 02:42:23 perseant Exp $	*/
+/*	$NetBSD: lfs_vnops.c,v 1.196 2007/01/04 16:55:30 elad Exp $	*/
 /*-
 * Copyright (c) 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc.
@ -67,7 +67,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: lfs_vnops.c,v 1.195 2007/01/03 02:42:23 perseant Exp $");
+__KERNEL_RCSID(0, "$NetBSD: lfs_vnops.c,v 1.196 2007/01/04 16:55:30 elad Exp $");
 #ifdef _KERNEL_OPT
 #include "opt_compat_netbsd.h"
@ -1427,7 +1427,7 @@ lfs_fcntl(void *v)
 	l = ap->a_l;
 	if (((ap->a_command & 0xff00) >> 8) == 'L' &&
 	    (error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
-	    &l->l_acflag)) != 0)
+	    NULL)) != 0)
 		return (error);
 	fs = VTOI(ap->a_vp)->i_lfs;
@ -1517,7 +1517,7 @@ lfs_fcntl(void *v)
 	    case LFCNIFILEFH_COMPAT:
 		/* Return the filehandle of the Ifile */
 		if ((error = kauth_authorize_generic(l->l_cred,
-		    KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0)
+		    KAUTH_GENERIC_ISSUSER, NULL)) != 0)
 			return (error);
 		fhp = (struct fhandle *)ap->a_data;
 		fhp->fh_fsid = *fsidp;
--- a/sys/ufs/ufs/ufs_extattr.c
+++ b/sys/ufs/ufs/ufs_extattr.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ufs_extattr.c,v 1.11 2006/12/09 16:11:52 chs Exp $	*/
+/*	$NetBSD: ufs_extattr.c,v 1.12 2007/01/04 16:55:30 elad Exp $	*/
 /*-
 * Copyright (c) 1999-2002 Robert N. M. Watson
@ -48,7 +48,7 @@
 */
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: ufs_extattr.c,v 1.11 2006/12/09 16:11:52 chs Exp $");
+__RCSID("$NetBSD: ufs_extattr.c,v 1.12 2007/01/04 16:55:30 elad Exp $");
 #include "opt_ffs.h"
@ -712,7 +712,7 @@ ufs_extattrctl(struct mount *mp, int cmd, struct vnode *filename_vp,
 	 * Only privileged processes can configure extended attributes.
 	 */
 	if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
-	    &l->l_acflag)) != 0) {
+	    NULL)) != 0) {
 		if (filename_vp != NULL)
 			VOP_UNLOCK(filename_vp, 0);
 		return (error);
--- a/sys/ufs/ufs/ufs_lookup.c
+++ b/sys/ufs/ufs/ufs_lookup.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ufs_lookup.c,v 1.81 2006/12/09 16:11:52 chs Exp $	*/
+/*	$NetBSD: ufs_lookup.c,v 1.82 2007/01/04 16:55:30 elad Exp $	*/
 /*
 * Copyright (c) 1989, 1993
@ -37,7 +37,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ufs_lookup.c,v 1.81 2006/12/09 16:11:52 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ufs_lookup.c,v 1.82 2007/01/04 16:55:30 elad Exp $");
 #ifdef _KERNEL_OPT
 #include "opt_ffs.h"
@ -539,7 +539,8 @@ found:
 		 * implements append-only directories.
 		 */
 		if ((dp->i_mode & ISVTX) &&
-		    kauth_cred_geteuid(cred) != 0 &&
+		    kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
 		     NULL) != 0 &&
 		    kauth_cred_geteuid(cred) != dp->i_uid &&
 		    VTOI(tdp)->i_uid != kauth_cred_geteuid(cred)) {
 			vput(tdp);
--- a/sys/ufs/ufs/ufs_quota.c
+++ b/sys/ufs/ufs/ufs_quota.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ufs_quota.c,v 1.42 2006/10/20 18:58:13 reinoud Exp $	*/
+/*	$NetBSD: ufs_quota.c,v 1.43 2007/01/04 16:55:30 elad Exp $	*/
 /*
 * Copyright (c) 1982, 1986, 1990, 1993, 1995
@ -35,7 +35,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ufs_quota.c,v 1.42 2006/10/20 18:58:13 reinoud Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ufs_quota.c,v 1.43 2007/01/04 16:55:30 elad Exp $");
 #include <sys/param.h>
 #include <sys/kernel.h>
@ -129,7 +129,7 @@ chkdq(struct inode *ip, int64_t change, kauth_cred_t cred, int flags)
 		return (0);
 	}
 	if ((flags & FORCE) == 0 &&
-	    (cred != NOCRED && kauth_cred_geteuid(cred) != 0)) {
+	    kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) != 0) {
 		for (i = 0; i < MAXQUOTAS; i++) {
 			if ((dq = ip->i_dquot[i]) == NODQUOT)
 				continue;
@ -235,7 +235,8 @@ chkiq(struct inode *ip, int32_t change, kauth_cred_t cred, int flags)
 		}
 		return (0);
 	}
-	if ((flags & FORCE) == 0 && kauth_cred_geteuid(cred) != 0) {
+	if ((flags & FORCE) == 0 && kauth_authorize_generic(cred,
 	    KAUTH_GENERIC_ISSUSER, NULL) != 0) {
 		for (i = 0; i < MAXQUOTAS; i++) {
 			if ((dq = ip->i_dquot[i]) == NODQUOT)
 				continue;
--- a/sys/ufs/ufs/ufs_readwrite.c
+++ b/sys/ufs/ufs/ufs_readwrite.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ufs_readwrite.c,v 1.71 2006/10/14 09:17:26 yamt Exp $	*/
+/*	$NetBSD: ufs_readwrite.c,v 1.72 2007/01/04 16:55:30 elad Exp $	*/
 /*-
 * Copyright (c) 1993
@ -32,7 +32,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: ufs_readwrite.c,v 1.71 2006/10/14 09:17:26 yamt Exp $");
+__KERNEL_RCSID(1, "$NetBSD: ufs_readwrite.c,v 1.72 2007/01/04 16:55:30 elad Exp $");
 #ifdef LFS_READWRITE
 #define	BLKSIZE(a, b, c)	blksize(a, b, c)
@ -494,7 +494,7 @@ WRITE(void *v)
 out:
 	ip->i_flag |= IN_CHANGE | IN_UPDATE;
 	if (resid > uio->uio_resid && ap->a_cred &&
-	    kauth_cred_geteuid(ap->a_cred) != 0) {
+	    kauth_authorize_generic(ap->a_cred, KAUTH_GENERIC_ISSUSER, NULL)) {
 		ip->i_mode &= ~(ISUID | ISGID);
 		DIP_ASSIGN(ip, mode, ip->i_mode);
 	}
--- a/sys/ufs/ufs/ufs_vfsops.c
+++ b/sys/ufs/ufs/ufs_vfsops.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ufs_vfsops.c,v 1.31 2006/11/16 01:33:53 christos Exp $	*/
+/*	$NetBSD: ufs_vfsops.c,v 1.32 2007/01/04 16:55:30 elad Exp $	*/
 /*
 * Copyright (c) 1991, 1993, 1994
@ -37,7 +37,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ufs_vfsops.c,v 1.31 2006/11/16 01:33:53 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ufs_vfsops.c,v 1.32 2007/01/04 16:55:30 elad Exp $");
 #if defined(_KERNEL_OPT)
 #include "opt_ffs.h"
@ -126,7 +126,7 @@ ufs_quotactl(struct mount *mp, int cmds, uid_t uid, void *arg, struct lwp *l)
 		/* fall through */
 	default:
 		if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
-		    &l->l_acflag)) != 0)
+		    NULL)) != 0)
 			return (error);
 	}
--- a/sys/ufs/ufs/ufs_vnops.c
+++ b/sys/ufs/ufs/ufs_vnops.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ufs_vnops.c,v 1.146 2007/01/02 11:18:57 elad Exp $	*/
+/*	$NetBSD: ufs_vnops.c,v 1.147 2007/01/04 16:55:30 elad Exp $	*/
 /*
 * Copyright (c) 1982, 1986, 1989, 1993, 1995
@ -37,7 +37,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ufs_vnops.c,v 1.146 2007/01/02 11:18:57 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ufs_vnops.c,v 1.147 2007/01/04 16:55:30 elad Exp $");
 #if defined(_KERNEL_OPT)
 #include "opt_ffs.h"
@ -389,9 +389,10 @@ ufs_setattr(void *v)
 			return (EROFS);
 		if (kauth_cred_geteuid(cred) != ip->i_uid &&
 		    (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
-		    &l->l_acflag)))
+		    NULL)))
 			return (error);
-		if (kauth_cred_geteuid(cred) == 0) {
+		if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
 		    NULL) == 0) {
 			if ((ip->i_flags & (SF_IMMUTABLE | SF_APPEND)) &&
 			    kauth_authorize_system(l->l_cred,
 			     KAUTH_SYSTEM_CHSYSFLAGS, 0, NULL, NULL, NULL))
@ -464,7 +465,7 @@ ufs_setattr(void *v)
 			return (EPERM);
 		if (kauth_cred_geteuid(cred) != ip->i_uid &&
 		    (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
-		    &l->l_acflag)) &&
+		    NULL)) &&
 		    ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
 		    (error = VOP_ACCESS(vp, VWRITE, cred, l))))
 			return (error);
@ -508,10 +509,9 @@ ufs_chmod(struct vnode *vp, int mode, kauth_cred_t cred, struct lwp *l)
 	ip = VTOI(vp);
 	if (kauth_cred_geteuid(cred) != ip->i_uid &&
-	    (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
+	    (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL)))
 	    &l->l_acflag)))
 		return (error);
-	if (kauth_cred_geteuid(cred)) {
+	if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL)) {
 		if (vp->v_type != VDIR && (mode & S_ISTXT))
 			return (EFTYPE);
 		if ((kauth_cred_ismember_gid(cred, ip->i_gid, &ismember) != 0 ||
@ -560,7 +560,7 @@ ufs_chown(struct vnode *vp, uid_t uid, gid_t gid, kauth_cred_t cred,
 	    (kauth_cred_ismember_gid(cred, gid, &ismember) == 0 &&
 	    ismember)))) &&
 	    ((error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
-	    &l->l_acflag)) != 0))
+	    NULL)) != 0))
 		return (error);
 #ifdef QUOTA
@ -1084,7 +1084,9 @@ ufs_rename(void *v)
 		 * otherwise the destination may not be changed (except by
 		 * root). This implements append-only directories.
 		 */
-		if ((dp->i_mode & S_ISTXT) && kauth_cred_geteuid(tcnp->cn_cred) != 0 &&
+		if ((dp->i_mode & S_ISTXT) &&
 		    kauth_authorize_generic(tcnp->cn_cred,
 		     KAUTH_GENERIC_ISSUSER, NULL) != 0 &&
 		    kauth_cred_geteuid(tcnp->cn_cred) != dp->i_uid &&
 		    xp->i_uid != kauth_cred_geteuid(tcnp->cn_cred)) {
 			error = EPERM;