Date: Tue, 11 Dec 2018 19:32:17 +0000 (UTC) From: Mateusz Guzik <mjg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r341827 - in head/sys: cddl/compat/opensolaris/kern cddl/contrib/opensolaris/uts/common/fs/zfs compat/linux dev/filemon fs/ext2fs fs/fuse fs/msdosfs fs/nandfs fs/nfs fs/nfsserver fs/tmp... Message-ID: <201812111932.wBBJWHhh067846@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mjg Date: Tue Dec 11 19:32:16 2018 New Revision: 341827 URL: https://svnweb.freebsd.org/changeset/base/341827 Log: Remove unused argument to priv_check_cred. Patch mostly generated with cocinnelle: @@ expression E1,E2; @@ - priv_check_cred(E1,E2,0) + priv_check_cred(E1,E2) Sponsored by: The FreeBSD Foundation Modified: head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c head/sys/cddl/compat/opensolaris/kern/opensolaris_zone.c head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c head/sys/compat/linux/linux_misc.c head/sys/compat/linux/linux_uid16.c head/sys/dev/filemon/filemon_wrapper.c head/sys/fs/ext2fs/ext2_vnops.c head/sys/fs/fuse/fuse_internal.c head/sys/fs/fuse/fuse_vnops.c head/sys/fs/msdosfs/msdosfs_vnops.c head/sys/fs/nandfs/nandfs_vnops.c head/sys/fs/nfs/nfs_commonsubs.c head/sys/fs/nfsserver/nfs_nfsdport.c head/sys/fs/tmpfs/tmpfs_subr.c head/sys/fs/tmpfs/tmpfs_vnops.c head/sys/kern/kern_exec.c head/sys/kern/kern_fork.c head/sys/kern/kern_priv.c head/sys/kern/kern_prot.c head/sys/kern/subr_acl_nfs4.c head/sys/kern/subr_acl_posix1e.c head/sys/kern/uipc_mqueue.c head/sys/kern/uipc_sem.c head/sys/kern/uipc_shm.c head/sys/kern/vfs_mount.c head/sys/kern/vfs_subr.c head/sys/kern/vfs_syscalls.c head/sys/net/if_tap.c head/sys/net/if_tun.c head/sys/netinet/in_pcb.c head/sys/netinet6/in6_pcb.c head/sys/netinet6/ip6_output.c head/sys/netipsec/ipsec_pcb.c head/sys/netsmb/smb_subr.h head/sys/security/audit/audit_syscalls.c head/sys/security/mac/mac_net.c head/sys/security/mac_bsdextended/mac_bsdextended.c head/sys/security/mac_lomac/mac_lomac.c head/sys/security/mac_partition/mac_partition.c head/sys/security/mac_portacl/mac_portacl.c head/sys/security/mac_seeotheruids/mac_seeotheruids.c head/sys/sys/priv.h head/sys/ufs/ffs/ffs_alloc.c head/sys/ufs/ffs/ffs_softdep.c head/sys/ufs/ffs/ffs_vnops.c head/sys/ufs/ufs/ufs_quota.c head/sys/ufs/ufs/ufs_vnops.c head/sys/vm/vm_mmap.c Modified: head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c ============================================================================== --- head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c Tue Dec 11 19:32:16 2018 (r341827) @@ -41,35 +41,35 @@ int secpolicy_nfs(cred_t *cr) { - return (priv_check_cred(cr, PRIV_NFS_DAEMON, 0)); + return (priv_check_cred(cr, PRIV_NFS_DAEMON)); } int secpolicy_zfs(cred_t *cr) { - return (priv_check_cred(cr, PRIV_VFS_MOUNT, 0)); + return (priv_check_cred(cr, PRIV_VFS_MOUNT)); } int secpolicy_sys_config(cred_t *cr, int checkonly __unused) { - return (priv_check_cred(cr, PRIV_ZFS_POOL_CONFIG, 0)); + return (priv_check_cred(cr, PRIV_ZFS_POOL_CONFIG)); } int secpolicy_zinject(cred_t *cr) { - return (priv_check_cred(cr, PRIV_ZFS_INJECT, 0)); + return (priv_check_cred(cr, PRIV_ZFS_INJECT)); } int secpolicy_fs_unmount(cred_t *cr, struct mount *vfsp __unused) { - return (priv_check_cred(cr, PRIV_VFS_UNMOUNT, 0)); + return (priv_check_cred(cr, PRIV_VFS_UNMOUNT)); } int @@ -97,7 +97,7 @@ secpolicy_basic_link(vnode_t *vp, cred_t *cr) return (0); if (secpolicy_fs_owner(vp->v_mount, cr) == 0) return (0); - return (priv_check_cred(cr, PRIV_VFS_LINK, 0)); + return (priv_check_cred(cr, PRIV_VFS_LINK)); } int @@ -113,7 +113,7 @@ secpolicy_vnode_remove(vnode_t *vp, cred_t *cr) if (secpolicy_fs_owner(vp->v_mount, cr) == 0) return (0); - return (priv_check_cred(cr, PRIV_VFS_ADMIN, 0)); + return (priv_check_cred(cr, PRIV_VFS_ADMIN)); } int @@ -123,18 +123,18 @@ secpolicy_vnode_access(cred_t *cr, vnode_t *vp, uid_t if (secpolicy_fs_owner(vp->v_mount, cr) == 0) return (0); - if ((accmode & VREAD) && priv_check_cred(cr, PRIV_VFS_READ, 0) != 0) + if ((accmode & VREAD) && priv_check_cred(cr, PRIV_VFS_READ) != 0) return (EACCES); if ((accmode & VWRITE) && - priv_check_cred(cr, PRIV_VFS_WRITE, 0) != 0) { + priv_check_cred(cr, PRIV_VFS_WRITE) != 0) { return (EACCES); } if (accmode & VEXEC) { if (vp->v_type == VDIR) { - if (priv_check_cred(cr, PRIV_VFS_LOOKUP, 0) != 0) + if (priv_check_cred(cr, PRIV_VFS_LOOKUP) != 0) return (EACCES); } else { - if (priv_check_cred(cr, PRIV_VFS_EXEC, 0) != 0) + if (priv_check_cred(cr, PRIV_VFS_EXEC) != 0) return (EACCES); } } @@ -192,7 +192,7 @@ secpolicy_vnode_any_access(cred_t *cr, vnode_t *vp, ui continue; break; } - if (priv_check_cred(cr, priv, 0) == 0) + if (priv_check_cred(cr, priv) == 0) return (0); } return (EPERM); @@ -206,7 +206,7 @@ secpolicy_vnode_setdac(vnode_t *vp, cred_t *cr, uid_t return (0); if (secpolicy_fs_owner(vp->v_mount, cr) == 0) return (0); - return (priv_check_cred(cr, PRIV_VFS_ADMIN, 0)); + return (priv_check_cred(cr, PRIV_VFS_ADMIN)); } int @@ -256,7 +256,7 @@ secpolicy_vnode_setattr(cred_t *cr, vnode_t *vp, struc ((mask & AT_GID) && vap->va_gid != ovap->va_gid && !groupmember(vap->va_gid, cr))) { if (secpolicy_fs_owner(vp->v_mount, cr) != 0) { - error = priv_check_cred(cr, PRIV_VFS_CHOWN, 0); + error = priv_check_cred(cr, PRIV_VFS_CHOWN); if (error) return (error); } @@ -300,7 +300,7 @@ secpolicy_vnode_setids_setgids(vnode_t *vp, cred_t *cr return (0); if (secpolicy_fs_owner(vp->v_mount, cr) == 0) return (0); - return (priv_check_cred(cr, PRIV_VFS_SETGID, 0)); + return (priv_check_cred(cr, PRIV_VFS_SETGID)); } int @@ -310,7 +310,7 @@ secpolicy_vnode_setid_retain(vnode_t *vp, cred_t *cr, if (secpolicy_fs_owner(vp->v_mount, cr) == 0) return (0); - return (priv_check_cred(cr, PRIV_VFS_RETAINSUGID, 0)); + return (priv_check_cred(cr, PRIV_VFS_RETAINSUGID)); } void @@ -321,7 +321,7 @@ secpolicy_setid_clear(struct vattr *vap, vnode_t *vp, return; if ((vap->va_mode & (S_ISUID | S_ISGID)) != 0) { - if (priv_check_cred(cr, PRIV_VFS_RETAINSUGID, 0)) { + if (priv_check_cred(cr, PRIV_VFS_RETAINSUGID)) { vap->va_mask |= AT_MODE; vap->va_mode &= ~(S_ISUID|S_ISGID); } @@ -343,7 +343,7 @@ secpolicy_setid_setsticky_clear(vnode_t *vp, struct va * is not a member of. Both of these are allowed in jail(8). */ if (vp->v_type != VDIR && (vap->va_mode & S_ISTXT)) { - if (priv_check_cred(cr, PRIV_VFS_STICKYFILE, 0)) + if (priv_check_cred(cr, PRIV_VFS_STICKYFILE)) return (EFTYPE); } /* @@ -359,7 +359,7 @@ secpolicy_setid_setsticky_clear(vnode_t *vp, struct va * Deny setting setuid if we are not the file owner. */ if ((vap->va_mode & S_ISUID) && ovap->va_uid != cr->cr_uid) { - error = priv_check_cred(cr, PRIV_VFS_ADMIN, 0); + error = priv_check_cred(cr, PRIV_VFS_ADMIN); if (error) return (error); } @@ -370,7 +370,7 @@ int secpolicy_fs_mount(cred_t *cr, vnode_t *mvp, struct mount *vfsp) { - return (priv_check_cred(cr, PRIV_VFS_MOUNT, 0)); + return (priv_check_cred(cr, PRIV_VFS_MOUNT)); } int @@ -383,7 +383,7 @@ secpolicy_vnode_owner(vnode_t *vp, cred_t *cr, uid_t o return (0); /* XXX: vfs_suser()? */ - return (priv_check_cred(cr, PRIV_VFS_MOUNT_OWNER, 0)); + return (priv_check_cred(cr, PRIV_VFS_MOUNT_OWNER)); } int @@ -392,14 +392,14 @@ secpolicy_vnode_chown(vnode_t *vp, cred_t *cr, uid_t o if (secpolicy_fs_owner(vp->v_mount, cr) == 0) return (0); - return (priv_check_cred(cr, PRIV_VFS_CHOWN, 0)); + return (priv_check_cred(cr, PRIV_VFS_CHOWN)); } void secpolicy_fs_mount_clearopts(cred_t *cr, struct mount *vfsp) { - if (priv_check_cred(cr, PRIV_VFS_MOUNT_NONUSER, 0) != 0) { + if (priv_check_cred(cr, PRIV_VFS_MOUNT_NONUSER) != 0) { MNT_ILOCK(vfsp); vfsp->vfs_flag |= VFS_NOSETUID | MNT_USER; vfs_clearmntopt(vfsp, MNTOPT_SETUID); @@ -418,12 +418,12 @@ secpolicy_xvattr(vnode_t *vp, xvattr_t *xvap, uid_t ow if (secpolicy_fs_owner(vp->v_mount, cr) == 0) return (0); - return (priv_check_cred(cr, PRIV_VFS_SYSFLAGS, 0)); + return (priv_check_cred(cr, PRIV_VFS_SYSFLAGS)); } int secpolicy_smb(cred_t *cr) { - return (priv_check_cred(cr, PRIV_NETSMB, 0)); + return (priv_check_cred(cr, PRIV_NETSMB)); } Modified: head/sys/cddl/compat/opensolaris/kern/opensolaris_zone.c ============================================================================== --- head/sys/cddl/compat/opensolaris/kern/opensolaris_zone.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/cddl/compat/opensolaris/kern/opensolaris_zone.c Tue Dec 11 19:32:16 2018 (r341827) @@ -63,7 +63,7 @@ zone_dataset_attach(struct ucred *cred, const char *da struct prison *pr; int dofree, error; - if ((error = priv_check_cred(cred, PRIV_ZFS_JAIL, 0)) != 0) + if ((error = priv_check_cred(cred, PRIV_ZFS_JAIL)) != 0) return (error); /* Allocate memory before we grab prison's mutex. */ @@ -115,7 +115,7 @@ zone_dataset_detach(struct ucred *cred, const char *da struct prison *pr; int error; - if ((error = priv_check_cred(cred, PRIV_ZFS_JAIL, 0)) != 0) + if ((error = priv_check_cred(cred, PRIV_ZFS_JAIL)) != 0) return (error); sx_slock(&allprison_lock); Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c ============================================================================== --- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c Tue Dec 11 19:32:16 2018 (r341827) @@ -5205,7 +5205,7 @@ zfs_freebsd_setattr(ap) * otherwise, they behave like unprivileged processes. */ if (secpolicy_fs_owner(vp->v_mount, cred) == 0 || - priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0) == 0) { + priv_check_cred(cred, PRIV_VFS_SYSFLAGS) == 0) { if (zflags & (ZFS_IMMUTABLE | ZFS_APPENDONLY | ZFS_NOUNLINK)) { error = securelevel_gt(cred, 0); Modified: head/sys/compat/linux/linux_misc.c ============================================================================== --- head/sys/compat/linux/linux_misc.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/compat/linux/linux_misc.c Tue Dec 11 19:32:16 2018 (r341827) @@ -1336,7 +1336,7 @@ linux_setgroups(struct thread *td, struct linux_setgro * Keep cr_groups[0] unchanged to prevent that. */ - if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0)) != 0) { + if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS)) != 0) { PROC_UNLOCK(p); crfree(newcred); goto out; Modified: head/sys/compat/linux/linux_uid16.c ============================================================================== --- head/sys/compat/linux/linux_uid16.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/compat/linux/linux_uid16.c Tue Dec 11 19:32:16 2018 (r341827) @@ -192,7 +192,7 @@ linux_setgroups16(struct thread *td, struct linux_setg * Keep cr_groups[0] unchanged to prevent that. */ - if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0)) != 0) { + if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS)) != 0) { PROC_UNLOCK(p); crfree(newcred); Modified: head/sys/dev/filemon/filemon_wrapper.c ============================================================================== --- head/sys/dev/filemon/filemon_wrapper.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/dev/filemon/filemon_wrapper.c Tue Dec 11 19:32:16 2018 (r341827) @@ -129,8 +129,7 @@ filemon_event_process_exec(void *arg __unused, struct /* If the credentials changed then cease tracing. */ if (imgp->newcred != NULL && imgp->credential_setid && - priv_check_cred(filemon->cred, - PRIV_DEBUG_DIFFCRED, 0) != 0) { + priv_check_cred(filemon->cred, PRIV_DEBUG_DIFFCRED) != 0) { /* * It may have changed to NULL already, but * will not be re-attached by anything else. Modified: head/sys/fs/ext2fs/ext2_vnops.c ============================================================================== --- head/sys/fs/ext2fs/ext2_vnops.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/fs/ext2fs/ext2_vnops.c Tue Dec 11 19:32:16 2018 (r341827) @@ -420,7 +420,7 @@ ext2_setattr(struct vop_setattr_args *ap) * Privileged non-jail processes may not modify system flags * if securelevel > 0 and any existing system flags are set. */ - if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) { + if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) { if (ip->i_flags & (SF_IMMUTABLE | SF_APPEND)) { error = securelevel_gt(cred, 0); if (error) @@ -531,12 +531,12 @@ ext2_chmod(struct vnode *vp, int mode, struct ucred *c * process is not a member of. */ if (vp->v_type != VDIR && (mode & S_ISTXT)) { - error = priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0); + error = priv_check_cred(cred, PRIV_VFS_STICKYFILE); if (error) return (EFTYPE); } if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) { - error = priv_check_cred(cred, PRIV_VFS_SETGID, 0); + error = priv_check_cred(cred, PRIV_VFS_SETGID); if (error) return (error); } @@ -576,7 +576,7 @@ ext2_chown(struct vnode *vp, uid_t uid, gid_t gid, str */ if (uid != ip->i_uid || (gid != ip->i_gid && !groupmember(gid, cred))) { - error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0); + error = priv_check_cred(cred, PRIV_VFS_CHOWN); if (error) return (error); } @@ -586,7 +586,7 @@ ext2_chown(struct vnode *vp, uid_t uid, gid_t gid, str ip->i_uid = uid; ip->i_flag |= IN_CHANGE; if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { - if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0) != 0) + if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID) != 0) ip->i_mode &= ~(ISUID | ISGID); } return (0); @@ -1983,7 +1983,7 @@ ext2_makeinode(int mode, struct vnode *dvp, struct vno tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */ ip->i_nlink = 1; if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred)) { - if (priv_check_cred(cnp->cn_cred, PRIV_VFS_RETAINSUGID, 0)) + if (priv_check_cred(cnp->cn_cred, PRIV_VFS_RETAINSUGID)) ip->i_mode &= ~ISGID; } @@ -2311,7 +2311,7 @@ ext2_write(struct vop_write_args *ap) */ if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && ap->a_cred) { - if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID, 0)) + if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID)) ip->i_mode &= ~(ISUID | ISGID); } if (error) { Modified: head/sys/fs/fuse/fuse_internal.c ============================================================================== --- head/sys/fs/fuse/fuse_internal.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/fs/fuse/fuse_internal.c Tue Dec 11 19:32:16 2018 (r341827) @@ -171,7 +171,7 @@ fuse_internal_access(struct vnode *vp, return 0; } if ((mode & VADMIN) != 0) { - err = priv_check_cred(cred, PRIV_VFS_ADMIN, 0); + err = priv_check_cred(cred, PRIV_VFS_ADMIN); if (err) { return err; } Modified: head/sys/fs/fuse/fuse_vnops.c ============================================================================== --- head/sys/fs/fuse/fuse_vnops.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/fs/fuse/fuse_vnops.c Tue Dec 11 19:32:16 2018 (r341827) @@ -242,7 +242,7 @@ fuse_vnop_access(struct vop_access_args *ap) } if (!(data->dataflags & FSESS_INITED)) { if (vnode_isvroot(vp)) { - if (priv_check_cred(cred, PRIV_VFS_ADMIN, 0) || + if (priv_check_cred(cred, PRIV_VFS_ADMIN) || (fuse_match_cred(data->daemoncred, cred) == 0)) { return 0; } Modified: head/sys/fs/msdosfs/msdosfs_vnops.c ============================================================================== --- head/sys/fs/msdosfs/msdosfs_vnops.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/fs/msdosfs/msdosfs_vnops.c Tue Dec 11 19:32:16 2018 (r341827) @@ -378,7 +378,7 @@ msdosfs_setattr(struct vop_setattr_args *ap) if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid) { - error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0); + error = priv_check_cred(cred, PRIV_VFS_ADMIN); if (error) return (error); } @@ -427,7 +427,7 @@ msdosfs_setattr(struct vop_setattr_args *ap) gid = pmp->pm_gid; if (cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid || (gid != pmp->pm_gid && !groupmember(gid, cred))) { - error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0); + error = priv_check_cred(cred, PRIV_VFS_CHOWN); if (error) return (error); } @@ -498,7 +498,7 @@ msdosfs_setattr(struct vop_setattr_args *ap) if (vp->v_mount->mnt_flag & MNT_RDONLY) return (EROFS); if (cred->cr_uid != pmp->pm_uid) { - error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0); + error = priv_check_cred(cred, PRIV_VFS_ADMIN); if (error) return (error); } Modified: head/sys/fs/nandfs/nandfs_vnops.c ============================================================================== --- head/sys/fs/nandfs/nandfs_vnops.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/fs/nandfs/nandfs_vnops.c Tue Dec 11 19:32:16 2018 (r341827) @@ -721,11 +721,11 @@ nandfs_chmod(struct vnode *vp, int mode, struct ucred * jail(8). */ if (vp->v_type != VDIR && (mode & S_ISTXT)) { - if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0)) + if (priv_check_cred(cred, PRIV_VFS_STICKYFILE)) return (EFTYPE); } if (!groupmember(inode->i_gid, cred) && (mode & ISGID)) { - error = priv_check_cred(cred, PRIV_VFS_SETGID, 0); + error = priv_check_cred(cred, PRIV_VFS_SETGID); if (error) return (error); } @@ -734,7 +734,7 @@ nandfs_chmod(struct vnode *vp, int mode, struct ucred * Deny setting setuid if we are not the file owner. */ if ((mode & ISUID) && inode->i_uid != cred->cr_uid) { - error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0); + error = priv_check_cred(cred, PRIV_VFS_ADMIN); if (error) return (error); } @@ -777,7 +777,7 @@ nandfs_chown(struct vnode *vp, uid_t uid, gid_t gid, s */ if (((uid != inode->i_uid && uid != cred->cr_uid) || (gid != inode->i_gid && !groupmember(gid, cred))) && - (error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0))) + (error = priv_check_cred(cred, PRIV_VFS_CHOWN))) return (error); ogid = inode->i_gid; ouid = inode->i_uid; @@ -788,7 +788,7 @@ nandfs_chown(struct vnode *vp, uid_t uid, gid_t gid, s node->nn_flags |= IN_CHANGE; if ((inode->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) { - if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0)) + if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID)) inode->i_mode &= ~(ISUID | ISGID); } DPRINTF(VNCALL, ("%s: vp %p, cred %p, td %p - ret OK\n", __func__, vp, @@ -839,7 +839,7 @@ nandfs_setattr(struct vop_setattr_args *ap) */ flags = inode->i_flags; - if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) { + if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) { if (flags & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { error = securelevel_gt(cred, 0); if (error) Modified: head/sys/fs/nfs/nfs_commonsubs.c ============================================================================== --- head/sys/fs/nfs/nfs_commonsubs.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/fs/nfs/nfs_commonsubs.c Tue Dec 11 19:32:16 2018 (r341827) @@ -1869,7 +1869,7 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp, case NFSATTRBIT_QUOTAHARD: NFSM_DISSECT(tl, u_int32_t *, NFSX_HYPER); if (sbp != NULL) { - if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0)) + if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA)) freenum = sbp->f_bfree; else freenum = sbp->f_bavail; @@ -1898,7 +1898,7 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp, case NFSATTRBIT_QUOTASOFT: NFSM_DISSECT(tl, u_int32_t *, NFSX_HYPER); if (sbp != NULL) { - if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0)) + if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA)) freenum = sbp->f_bfree; else freenum = sbp->f_bavail; @@ -2756,7 +2756,7 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount free(cp, M_NFSSTRING); break; case NFSATTRBIT_QUOTAHARD: - if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0)) + if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA)) freenum = fs->f_bfree; else freenum = fs->f_bavail; @@ -2780,7 +2780,7 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount retnum += NFSX_HYPER; break; case NFSATTRBIT_QUOTASOFT: - if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0)) + if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA)) freenum = fs->f_bfree; else freenum = fs->f_bavail; @@ -2832,7 +2832,7 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount break; case NFSATTRBIT_SPACEAVAIL: NFSM_BUILD(tl, u_int32_t *, NFSX_HYPER); - if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0)) { + if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE)) { if (pnfssf != NULL) uquad = (u_int64_t)pnfssf->f_bfree; else Modified: head/sys/fs/nfsserver/nfs_nfsdport.c ============================================================================== --- head/sys/fs/nfsserver/nfs_nfsdport.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/fs/nfsserver/nfs_nfsdport.c Tue Dec 11 19:32:16 2018 (r341827) @@ -996,8 +996,7 @@ nfsvno_createsub(struct nfsrv_descript *nd, struct nam if (nvap->na_type == VCHR && rdev == 0xffffffff) nvap->na_type = VFIFO; if (nvap->na_type != VFIFO && - (error = priv_check_cred(nd->nd_cred, - PRIV_VFS_MKNOD_DEV, 0))) { + (error = priv_check_cred(nd->nd_cred, PRIV_VFS_MKNOD_DEV))) { vrele(ndp->ni_startdir); nfsvno_relpathbuf(ndp); vput(ndp->ni_dvp); @@ -1091,7 +1090,7 @@ nfsvno_mknod(struct nameidata *ndp, struct nfsvattr *n nfsvno_relpathbuf(ndp); } else { if (nvap->na_type != VFIFO && - (error = priv_check_cred(cred, PRIV_VFS_MKNOD_DEV, 0))) { + (error = priv_check_cred(cred, PRIV_VFS_MKNOD_DEV))) { vrele(ndp->ni_startdir); nfsvno_relpathbuf(ndp); vput(ndp->ni_dvp); Modified: head/sys/fs/tmpfs/tmpfs_subr.c ============================================================================== --- head/sys/fs/tmpfs/tmpfs_subr.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/fs/tmpfs/tmpfs_subr.c Tue Dec 11 19:32:16 2018 (r341827) @@ -1522,7 +1522,7 @@ tmpfs_chflags(struct vnode *vp, u_long flags, struct u * Unprivileged processes are not permitted to unset system * flags, or modify flags if any system flags are set. */ - if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) { + if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) { if (node->tn_flags & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) { error = securelevel_gt(cred, 0); @@ -1579,11 +1579,11 @@ tmpfs_chmod(struct vnode *vp, mode_t mode, struct ucre * process is not a member of. */ if (vp->v_type != VDIR && (mode & S_ISTXT)) { - if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0)) + if (priv_check_cred(cred, PRIV_VFS_STICKYFILE)) return (EFTYPE); } if (!groupmember(node->tn_gid, cred) && (mode & S_ISGID)) { - error = priv_check_cred(cred, PRIV_VFS_SETGID, 0); + error = priv_check_cred(cred, PRIV_VFS_SETGID); if (error) return (error); } @@ -1649,7 +1649,7 @@ tmpfs_chown(struct vnode *vp, uid_t uid, gid_t gid, st */ if ((uid != node->tn_uid || (gid != node->tn_gid && !groupmember(gid, cred))) && - (error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0))) + (error = priv_check_cred(cred, PRIV_VFS_CHOWN))) return (error); ogid = node->tn_gid; @@ -1661,7 +1661,7 @@ tmpfs_chown(struct vnode *vp, uid_t uid, gid_t gid, st node->tn_status |= TMPFS_NODE_CHANGED; if ((node->tn_mode & (S_ISUID | S_ISGID)) && (ouid != uid || ogid != gid)) { - if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0)) + if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID)) node->tn_mode &= ~(S_ISUID | S_ISGID); } Modified: head/sys/fs/tmpfs/tmpfs_vnops.c ============================================================================== --- head/sys/fs/tmpfs/tmpfs_vnops.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/fs/tmpfs/tmpfs_vnops.c Tue Dec 11 19:32:16 2018 (r341827) @@ -523,7 +523,7 @@ tmpfs_write(struct vop_write_args *v) node->tn_status |= TMPFS_NODE_ACCESSED | TMPFS_NODE_MODIFIED | TMPFS_NODE_CHANGED; if (node->tn_mode & (S_ISUID | S_ISGID)) { - if (priv_check_cred(v->a_cred, PRIV_VFS_RETAINSUGID, 0)) + if (priv_check_cred(v->a_cred, PRIV_VFS_RETAINSUGID)) node->tn_mode &= ~(S_ISUID | S_ISGID); } if (error != 0) Modified: head/sys/kern/kern_exec.c ============================================================================== --- head/sys/kern/kern_exec.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/kern/kern_exec.c Tue Dec 11 19:32:16 2018 (r341827) @@ -786,7 +786,7 @@ interpret: #ifdef KTRACE if (p->p_tracecred != NULL && - priv_check_cred(p->p_tracecred, PRIV_DEBUG_DIFFCRED, 0)) + priv_check_cred(p->p_tracecred, PRIV_DEBUG_DIFFCRED)) ktrprocexec(p, &tracecred, &tracevp); #endif /* Modified: head/sys/kern/kern_fork.c ============================================================================== --- head/sys/kern/kern_fork.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/kern/kern_fork.c Tue Dec 11 19:32:16 2018 (r341827) @@ -838,8 +838,7 @@ fork1(struct thread *td, struct fork_req *fr) * processes; don't let root exceed the limit. */ nprocs_new = atomic_fetchadd_int(&nprocs, 1) + 1; - if ((nprocs_new >= maxproc - 10 && priv_check_cred(td->td_ucred, - PRIV_MAXPROC, 0) != 0) || nprocs_new >= maxproc) { + if ((nprocs_new >= maxproc - 10 && priv_check_cred(td->td_ucred, PRIV_MAXPROC) != 0) || nprocs_new >= maxproc) { error = EAGAIN; sx_xlock(&allproc_lock); if (ppsratecheck(&lastfail, &curfail, 1)) { @@ -936,7 +935,7 @@ fork1(struct thread *td, struct fork_req *fr) * * XXXRW: Can we avoid privilege here if it's not needed? */ - error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT, 0); + error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT); if (error == 0) ok = chgproccnt(td->td_ucred->cr_ruidinfo, 1, 0); else { Modified: head/sys/kern/kern_priv.c ============================================================================== --- head/sys/kern/kern_priv.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/kern/kern_priv.c Tue Dec 11 19:32:16 2018 (r341827) @@ -76,7 +76,7 @@ SDT_PROBE_DEFINE1(priv, kernel, priv_check, priv__err, * only a few to grant it. */ int -priv_check_cred(struct ucred *cred, int priv, int flags) +priv_check_cred(struct ucred *cred, int priv) { int error; @@ -207,5 +207,5 @@ priv_check(struct thread *td, int priv) KASSERT(td == curthread, ("priv_check: td != curthread")); - return (priv_check_cred(td->td_ucred, priv, 0)); + return (priv_check_cred(td->td_ucred, priv)); } Modified: head/sys/kern/kern_prot.c ============================================================================== --- head/sys/kern/kern_prot.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/kern/kern_prot.c Tue Dec 11 19:32:16 2018 (r341827) @@ -518,7 +518,7 @@ sys_setuid(struct thread *td, struct setuid_args *uap) #ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ uid != oldcred->cr_uid && /* allow setuid(geteuid()) */ #endif - (error = priv_check_cred(oldcred, PRIV_CRED_SETUID, 0)) != 0) + (error = priv_check_cred(oldcred, PRIV_CRED_SETUID)) != 0) goto fail; #ifdef _POSIX_SAVED_IDS @@ -531,7 +531,7 @@ sys_setuid(struct thread *td, struct setuid_args *uap) uid == oldcred->cr_uid || #endif /* We are using privs. */ - priv_check_cred(oldcred, PRIV_CRED_SETUID, 0) == 0) + priv_check_cred(oldcred, PRIV_CRED_SETUID) == 0) #endif { /* @@ -615,7 +615,7 @@ sys_seteuid(struct thread *td, struct seteuid_args *ua if (euid != oldcred->cr_ruid && /* allow seteuid(getuid()) */ euid != oldcred->cr_svuid && /* allow seteuid(saved uid) */ - (error = priv_check_cred(oldcred, PRIV_CRED_SETEUID, 0)) != 0) + (error = priv_check_cred(oldcred, PRIV_CRED_SETEUID)) != 0) goto fail; /* @@ -682,7 +682,7 @@ sys_setgid(struct thread *td, struct setgid_args *uap) #ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */ #endif - (error = priv_check_cred(oldcred, PRIV_CRED_SETGID, 0)) != 0) + (error = priv_check_cred(oldcred, PRIV_CRED_SETGID)) != 0) goto fail; #ifdef _POSIX_SAVED_IDS @@ -695,7 +695,7 @@ sys_setgid(struct thread *td, struct setgid_args *uap) gid == oldcred->cr_groups[0] || #endif /* We are using privs. */ - priv_check_cred(oldcred, PRIV_CRED_SETGID, 0) == 0) + priv_check_cred(oldcred, PRIV_CRED_SETGID) == 0) #endif { /* @@ -764,7 +764,7 @@ sys_setegid(struct thread *td, struct setegid_args *ua if (egid != oldcred->cr_rgid && /* allow setegid(getgid()) */ egid != oldcred->cr_svgid && /* allow setegid(saved gid) */ - (error = priv_check_cred(oldcred, PRIV_CRED_SETEGID, 0)) != 0) + (error = priv_check_cred(oldcred, PRIV_CRED_SETEGID)) != 0) goto fail; if (oldcred->cr_groups[0] != egid) { @@ -835,7 +835,7 @@ kern_setgroups(struct thread *td, u_int ngrp, gid_t *g goto fail; #endif - error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0); + error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS); if (error) goto fail; @@ -898,7 +898,7 @@ sys_setreuid(struct thread *td, struct setreuid_args * ruid != oldcred->cr_svuid) || (euid != (uid_t)-1 && euid != oldcred->cr_uid && euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) && - (error = priv_check_cred(oldcred, PRIV_CRED_SETREUID, 0)) != 0) + (error = priv_check_cred(oldcred, PRIV_CRED_SETREUID)) != 0) goto fail; if (euid != (uid_t)-1 && oldcred->cr_uid != euid) { @@ -970,7 +970,7 @@ sys_setregid(struct thread *td, struct setregid_args * rgid != oldcred->cr_svgid) || (egid != (gid_t)-1 && egid != oldcred->cr_groups[0] && egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) && - (error = priv_check_cred(oldcred, PRIV_CRED_SETREGID, 0)) != 0) + (error = priv_check_cred(oldcred, PRIV_CRED_SETREGID)) != 0) goto fail; if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) { @@ -1045,7 +1045,7 @@ sys_setresuid(struct thread *td, struct setresuid_args (suid != (uid_t)-1 && suid != oldcred->cr_ruid && suid != oldcred->cr_svuid && suid != oldcred->cr_uid)) && - (error = priv_check_cred(oldcred, PRIV_CRED_SETRESUID, 0)) != 0) + (error = priv_check_cred(oldcred, PRIV_CRED_SETRESUID)) != 0) goto fail; if (euid != (uid_t)-1 && oldcred->cr_uid != euid) { @@ -1129,7 +1129,7 @@ sys_setresgid(struct thread *td, struct setresgid_args (sgid != (gid_t)-1 && sgid != oldcred->cr_rgid && sgid != oldcred->cr_svgid && sgid != oldcred->cr_groups[0])) && - (error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID, 0)) != 0) + (error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID)) != 0) goto fail; if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) { @@ -1343,7 +1343,7 @@ cr_canseeotheruids(struct ucred *u1, struct ucred *u2) { if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) { - if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, 0) != 0) + if (priv_check_cred(u1, PRIV_SEEOTHERUIDS) != 0) return (ESRCH); } return (0); @@ -1382,7 +1382,7 @@ cr_canseeothergids(struct ucred *u1, struct ucred *u2) break; } if (!match) { - if (priv_check_cred(u1, PRIV_SEEOTHERGIDS, 0) != 0) + if (priv_check_cred(u1, PRIV_SEEOTHERGIDS) != 0) return (ESRCH); } } @@ -1530,7 +1530,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, in break; default: /* Not permitted without privilege. */ - error = priv_check_cred(cred, PRIV_SIGNAL_SUGID, 0); + error = priv_check_cred(cred, PRIV_SIGNAL_SUGID); if (error) return (error); } @@ -1544,7 +1544,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, in cred->cr_ruid != proc->p_ucred->cr_svuid && cred->cr_uid != proc->p_ucred->cr_ruid && cred->cr_uid != proc->p_ucred->cr_svuid) { - error = priv_check_cred(cred, PRIV_SIGNAL_DIFFCRED, 0); + error = priv_check_cred(cred, PRIV_SIGNAL_DIFFCRED); if (error) return (error); } Modified: head/sys/kern/subr_acl_nfs4.c ============================================================================== --- head/sys/kern/subr_acl_nfs4.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/kern/subr_acl_nfs4.c Tue Dec 11 19:32:16 2018 (r341827) @@ -259,8 +259,7 @@ vaccess_acl_nfs4(enum vtype type, uid_t file_uid, gid_ * No match. Try to use privileges, if there are any. */ if (is_directory) { - if ((accmode & VEXEC) && !priv_check_cred(cred, - PRIV_VFS_LOOKUP, 0)) + if ((accmode & VEXEC) && !priv_check_cred(cred, PRIV_VFS_LOOKUP)) priv_granted |= VEXEC; } else { /* @@ -270,23 +269,23 @@ vaccess_acl_nfs4(enum vtype type, uid_t file_uid, gid_ */ if ((accmode & VEXEC) && (file_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) != 0 && - !priv_check_cred(cred, PRIV_VFS_EXEC, 0)) + !priv_check_cred(cred, PRIV_VFS_EXEC)) priv_granted |= VEXEC; } - if ((accmode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ, 0)) + if ((accmode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ)) priv_granted |= VREAD; if ((accmode & (VWRITE | VAPPEND | VDELETE_CHILD)) && - !priv_check_cred(cred, PRIV_VFS_WRITE, 0)) + !priv_check_cred(cred, PRIV_VFS_WRITE)) priv_granted |= (VWRITE | VAPPEND | VDELETE_CHILD); if ((accmode & VADMIN_PERMS) && - !priv_check_cred(cred, PRIV_VFS_ADMIN, 0)) + !priv_check_cred(cred, PRIV_VFS_ADMIN)) priv_granted |= VADMIN_PERMS; if ((accmode & VSTAT_PERMS) && - !priv_check_cred(cred, PRIV_VFS_STAT, 0)) + !priv_check_cred(cred, PRIV_VFS_STAT)) priv_granted |= VSTAT_PERMS; if ((accmode & priv_granted) == accmode) { Modified: head/sys/kern/subr_acl_posix1e.c ============================================================================== --- head/sys/kern/subr_acl_posix1e.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/kern/subr_acl_posix1e.c Tue Dec 11 19:32:16 2018 (r341827) @@ -90,8 +90,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, g priv_granted = 0; if (type == VDIR) { - if ((accmode & VEXEC) && !priv_check_cred(cred, - PRIV_VFS_LOOKUP, 0)) + if ((accmode & VEXEC) && !priv_check_cred(cred, PRIV_VFS_LOOKUP)) priv_granted |= VEXEC; } else { /* @@ -101,18 +100,18 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, g */ if ((accmode & VEXEC) && (acl_posix1e_acl_to_mode(acl) & (S_IXUSR | S_IXGRP | S_IXOTH)) != 0 && - !priv_check_cred(cred, PRIV_VFS_EXEC, 0)) + !priv_check_cred(cred, PRIV_VFS_EXEC)) priv_granted |= VEXEC; } - if ((accmode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ, 0)) + if ((accmode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ)) priv_granted |= VREAD; if (((accmode & VWRITE) || (accmode & VAPPEND)) && - !priv_check_cred(cred, PRIV_VFS_WRITE, 0)) + !priv_check_cred(cred, PRIV_VFS_WRITE)) priv_granted |= (VWRITE | VAPPEND); - if ((accmode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN, 0)) + if ((accmode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN)) priv_granted |= VADMIN; /* Modified: head/sys/kern/uipc_mqueue.c ============================================================================== --- head/sys/kern/uipc_mqueue.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/kern/uipc_mqueue.c Tue Dec 11 19:32:16 2018 (r341827) @@ -1032,7 +1032,7 @@ int do_unlink(struct mqfs_node *pn, struct ucred *ucre sx_assert(&pn->mn_info->mi_lock, SX_LOCKED); if (ucred->cr_uid != pn->mn_uid && - (error = priv_check_cred(ucred, PRIV_MQ_ADMIN, 0)) != 0) + (error = priv_check_cred(ucred, PRIV_MQ_ADMIN)) != 0) error = EACCES; else if (!pn->mn_deleted) { parent = pn->mn_parent; @@ -2581,7 +2581,7 @@ mqf_chown(struct file *fp, uid_t uid, gid_t gid, struc gid = pn->mn_gid; if (((uid != pn->mn_uid && uid != active_cred->cr_uid) || (gid != pn->mn_gid && !groupmember(gid, active_cred))) && - (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN, 0))) + (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN))) goto out; pn->mn_uid = uid; pn->mn_gid = gid; Modified: head/sys/kern/uipc_sem.c ============================================================================== --- head/sys/kern/uipc_sem.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/kern/uipc_sem.c Tue Dec 11 19:32:16 2018 (r341827) @@ -242,7 +242,7 @@ ksem_chown(struct file *fp, uid_t uid, gid_t gid, stru gid = ks->ks_gid; if (((uid != ks->ks_uid && uid != active_cred->cr_uid) || (gid != ks->ks_gid && !groupmember(gid, active_cred))) && - (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN, 0))) + (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN))) goto out; ks->ks_uid = uid; ks->ks_gid = gid; @@ -364,7 +364,7 @@ ksem_access(struct ksem *ks, struct ucred *ucred) error = vaccess(VREG, ks->ks_mode, ks->ks_uid, ks->ks_gid, VREAD | VWRITE, ucred, NULL); if (error) - error = priv_check_cred(ucred, PRIV_SEM_WRITE, 0); + error = priv_check_cred(ucred, PRIV_SEM_WRITE); return (error); } Modified: head/sys/kern/uipc_shm.c ============================================================================== --- head/sys/kern/uipc_shm.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/kern/uipc_shm.c Tue Dec 11 19:32:16 2018 (r341827) @@ -968,7 +968,7 @@ shm_chown(struct file *fp, uid_t uid, gid_t gid, struc gid = shmfd->shm_gid; if (((uid != shmfd->shm_uid && uid != active_cred->cr_uid) || (gid != shmfd->shm_gid && !groupmember(gid, active_cred))) && - (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN, 0))) + (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN))) goto out; shmfd->shm_uid = uid; shmfd->shm_gid = gid; Modified: head/sys/kern/vfs_mount.c ============================================================================== --- head/sys/kern/vfs_mount.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/kern/vfs_mount.c Tue Dec 11 19:32:16 2018 (r341827) @@ -862,7 +862,7 @@ vfs_domount_first( */ error = VOP_GETATTR(vp, &va, td->td_ucred); if (error == 0 && va.va_uid != td->td_ucred->cr_uid) - error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN, 0); + error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN); if (error == 0) error = vinvalbuf(vp, V_SAVE, 0, 0); if (error == 0 && vp->v_type != VDIR) Modified: head/sys/kern/vfs_subr.c ============================================================================== --- head/sys/kern/vfs_subr.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/kern/vfs_subr.c Tue Dec 11 19:32:16 2018 (r341827) @@ -4469,7 +4469,7 @@ privcheck: * requests, instead of PRIV_VFS_EXEC. */ if ((accmode & VEXEC) && ((dac_granted & VEXEC) == 0) && - !priv_check_cred(cred, PRIV_VFS_LOOKUP, 0)) + !priv_check_cred(cred, PRIV_VFS_LOOKUP)) priv_granted |= VEXEC; } else { /* @@ -4479,20 +4479,20 @@ privcheck: */ if ((accmode & VEXEC) && ((dac_granted & VEXEC) == 0) && (file_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) != 0 && - !priv_check_cred(cred, PRIV_VFS_EXEC, 0)) + !priv_check_cred(cred, PRIV_VFS_EXEC)) priv_granted |= VEXEC; } if ((accmode & VREAD) && ((dac_granted & VREAD) == 0) && - !priv_check_cred(cred, PRIV_VFS_READ, 0)) + !priv_check_cred(cred, PRIV_VFS_READ)) priv_granted |= VREAD; if ((accmode & VWRITE) && ((dac_granted & VWRITE) == 0) && - !priv_check_cred(cred, PRIV_VFS_WRITE, 0)) + !priv_check_cred(cred, PRIV_VFS_WRITE)) priv_granted |= (VWRITE | VAPPEND); if ((accmode & VADMIN) && ((dac_granted & VADMIN) == 0) && - !priv_check_cred(cred, PRIV_VFS_ADMIN, 0)) + !priv_check_cred(cred, PRIV_VFS_ADMIN)) priv_granted |= VADMIN; if ((accmode & (priv_granted | dac_granted)) == accmode) { @@ -4527,7 +4527,7 @@ extattr_check_cred(struct vnode *vp, int attrnamespace switch (attrnamespace) { case EXTATTR_NAMESPACE_SYSTEM: /* Potentially should be: return (EPERM); */ - return (priv_check_cred(cred, PRIV_VFS_EXTATTR_SYSTEM, 0)); + return (priv_check_cred(cred, PRIV_VFS_EXTATTR_SYSTEM)); case EXTATTR_NAMESPACE_USER: return (VOP_ACCESS(vp, accmode, cred, td)); default: Modified: head/sys/kern/vfs_syscalls.c ============================================================================== --- head/sys/kern/vfs_syscalls.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/kern/vfs_syscalls.c Tue Dec 11 19:32:16 2018 (r341827) @@ -1484,13 +1484,13 @@ can_hardlink(struct vnode *vp, struct ucred *cred) return (error); if (hardlink_check_uid && cred->cr_uid != va.va_uid) { - error = priv_check_cred(cred, PRIV_VFS_LINK, 0); + error = priv_check_cred(cred, PRIV_VFS_LINK); if (error != 0) return (error); } if (hardlink_check_gid && !groupmember(va.va_gid, cred)) { - error = priv_check_cred(cred, PRIV_VFS_LINK, 0); + error = priv_check_cred(cred, PRIV_VFS_LINK); if (error != 0) return (error); } Modified: head/sys/net/if_tap.c ============================================================================== --- head/sys/net/if_tap.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/net/if_tap.c Tue Dec 11 19:32:16 2018 (r341827) @@ -346,7 +346,7 @@ tapclone(void *arg, struct ucred *cred, char *name, in return; if (!tapdclone || - (!tapuopen && priv_check_cred(cred, PRIV_NET_IFCREATE, 0) != 0)) + (!tapuopen && priv_check_cred(cred, PRIV_NET_IFCREATE) != 0)) return; unit = 0; Modified: head/sys/net/if_tun.c ============================================================================== --- head/sys/net/if_tun.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/net/if_tun.c Tue Dec 11 19:32:16 2018 (r341827) @@ -204,7 +204,7 @@ tunclone(void *arg, struct ucred *cred, char *name, in * If tun cloning is enabled, only the superuser can create an * interface. */ - if (!tundclone || priv_check_cred(cred, PRIV_NET_IFCREATE, 0) != 0) + if (!tundclone || priv_check_cred(cred, PRIV_NET_IFCREATE) != 0) return; if (strcmp(name, tunname) == 0) { Modified: head/sys/netinet/in_pcb.c ============================================================================== --- head/sys/netinet/in_pcb.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/netinet/in_pcb.c Tue Dec 11 19:32:16 2018 (r341827) @@ -622,7 +622,7 @@ in_pcb_lport(struct inpcb *inp, struct in_addr *laddrp last = V_ipport_hilastauto; lastport = &pcbinfo->ipi_lasthi; } else if (inp->inp_flags & INP_LOWPORT) { - error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0); + error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT); if (error) return (error); first = V_ipport_lowfirstauto; /* 1023 */ @@ -866,12 +866,10 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr *n /* GROSS */ if (ntohs(lport) <= V_ipport_reservedhigh && ntohs(lport) >= V_ipport_reservedlow && - priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, - 0)) + priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT)) return (EACCES); if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) && - priv_check_cred(inp->inp_cred, - PRIV_NETINET_REUSEPORT, 0) != 0) { + priv_check_cred(inp->inp_cred, PRIV_NETINET_REUSEPORT) != 0) { t = in_pcblookup_local(pcbinfo, sin->sin_addr, lport, INPLOOKUP_WILDCARD, cred); /* Modified: head/sys/netinet6/in6_pcb.c ============================================================================== --- head/sys/netinet6/in6_pcb.c Tue Dec 11 19:12:44 2018 (r341826) +++ head/sys/netinet6/in6_pcb.c Tue Dec 11 19:32:16 2018 (r341827) @@ -212,12 +212,10 @@ in6_pcbbind(struct inpcb *inp, struct sockaddr *nam, /* GROSS */ if (ntohs(lport) <= V_ipport_reservedhigh && ntohs(lport) >= V_ipport_reservedlow && *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201812111932.wBBJWHhh067846>