Date: Mon, 25 Mar 2002 10:25:21 -0800 (PST) From: John Baldwin <jhb@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 8383 for review Message-ID: <200203251825.g2PIPLH68130@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=8383 Change 8383 by jhb@jhb_laptop on 2002/03/25 10:24:57 Integ the new suser() API from jhb_proc. Affected files ... ... //depot/projects/smpng/sys/kern/kern_prot.c#48 integrate ... //depot/projects/smpng/sys/sys/systm.h#25 integrate Differences ... ==== //depot/projects/smpng/sys/kern/kern_prot.c#48 (text+ko) ==== @@ -1266,58 +1266,35 @@ /* * Test whether the specified credentials imply "super-user" privilege. - * Return 0 or EPERM. + * Return 0 or EPERM. The flag argument is currently used only to + * specify jail interaction. */ int -suser(p) - struct proc *p; +suser_cred(cred, flag) + struct ucred *cred; + int flag; { - return (suser_xxx(0, p, 0)); + if (!suser_enabled) + return (EPERM); + if (cred->cr_uid != 0) + return (EPERM); + if (jailed(cred) && !(flag & PRISON_ROOT)) + return (EPERM); + return (0); } /* - * version for when the thread pointer is available and not the proc. - * (saves having to include proc.h into every file that needs to do the change.) + * Shortcut to hide contents of struct td and struct proc from the + * caller, promoting binary compatibility. */ int -suser_td(td) +suser(td, flag) struct thread *td; -{ - return (suser_xxx(0, td->td_proc, 0)); -} - -/* - * wrapper to use if you have the thread on hand but not the proc. - */ -int -suser_xxx_td(cred, td, flag) - struct ucred *cred; - struct thread *td; int flag; { - return(suser_xxx(cred, td->td_proc, flag)); -} -int -suser_xxx(cred, proc, flag) - struct ucred *cred; - struct proc *proc; - int flag; -{ - if (!suser_enabled) - return (EPERM); - if (!cred && !proc) { - printf("suser_xxx(): THINK!\n"); - return (EPERM); - } - if (cred == NULL) - cred = proc->p_ucred; - if (cred->cr_uid != 0) - return (EPERM); - if (jailed(cred) && !(flag & PRISON_ROOT)) - return (EPERM); - return (0); + return (suser_cred(td->td_ucred, flag)); } /* ==== //depot/projects/smpng/sys/sys/systm.h#25 (text+ko) ==== @@ -47,7 +47,7 @@ #include <sys/callout.h> extern int securelevel; /* system security level (see init(8)) */ -extern int suser_enabled; /* suser_xxx() is permitted to return 0 */ +extern int suser_enabled; /* suser() is permitted to return 0 */ extern int cold; /* nonzero if we are doing a cold boot */ extern const char *panicstr; /* panic message */ @@ -192,13 +192,11 @@ void stopprofclock(struct proc *); void setstatclockrate(int hzrate); -/* flags for suser_xxx() */ +/* flags for suser() and suser_cred() */ #define PRISON_ROOT 1 -int suser(struct proc *); -int suser_td(struct thread *); -int suser_xxx(struct ucred *cred, struct proc *proc, int flag); -int suser_xxx_td(struct ucred *cred, struct thread *thread, int flag); +int suser(struct thread *td, int flag); +int suser_cred(struct ucred *cred, int flag); int cr_cansee(struct ucred *u1, struct ucred *u2); int cr_canseesocket(struct ucred *cred, struct socket *so); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203251825.g2PIPLH68130>