Project

General

Profile

Download (155 KB)

Bug #1191 ยป suser_to_priv.patch

mneumann, 12/29/2008 06:29 PM

View differences:

sys/kern/vfs_syscalls.c
struct ucred *cred = p->p_ucred;
KKASSERT(p);
if (cred->cr_prison != NULL)
if (jailed(cred))
return (EPERM);
if (usermount == 0 && (error = priv_check(td, PRIV_ROOT)))
return (error);
sys/kern/vfs_vnops.c
}
sb->st_flags = vap->va_flags;
if (priv_check_cred(cred, PRIV_ROOT, 0))
error = priv_check_cred(cred, PRIV_VFS_GENERATION, 0);
if (error)
sb->st_gen = 0;
else
sb->st_gen = (u_int32_t)vap->va_gen;
sys/vfs/procfs/procfs_ctl.c
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/vnode.h>
#include <sys/ptrace.h>
#include <sys/signalvar.h>
sys/vfs/procfs/procfs_dbregs.c
#include <sys/param.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/vnode.h>
#include <sys/reg.h>
#include <vfs/procfs/procfs.h>
sys/vfs/procfs/procfs_fpregs.c
#include <sys/param.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/vnode.h>
#include <sys/reg.h>
#include <vfs/procfs/procfs.h>
sys/vfs/procfs/procfs_mem.c
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/vnode.h>
#include <vfs/procfs/procfs.h>
#include <vm/vm.h>
sys/vfs/procfs/procfs_regs.c
#include <sys/param.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/vnode.h>
#include <sys/reg.h>
#include <vfs/procfs/procfs.h>
sys/vfs/procfs/procfs_status.c
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/jail.h>
#include <sys/vnode.h>
#include <sys/tty.h>
sys/kern/kern_prot.c
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/malloc.h>
#include <sys/pioctl.h>
#include <sys/resourcevar.h>
sys/kern/kern_prot.c
/*
* Test whether the specified credentials imply "super-user"
* privilege; if so, and we have accounting info, set the flag
* indicating use of super-powers. A kernel thread without a process
* context is assumed to have super user capabilities. In situations
* where the caller always expect a cred to exist, the cred should be
* passed separately and suser_cred()should be used instead of suser().
* privilege.
*
* Depreciated! Use priv_check() instead.
*/
int
suser(struct thread *td)
{
return priv_check(td, PRIV_ROOT);
}
/*
* Depreciated! Use priv_check_cred() instead.
*/
int
suser_cred(struct ucred *cred, int flag)
{
return priv_check_cred(cred, PRIV_ROOT, flag);
}
/*
* Test whether the specified credentials have the privilege
* in question.
*
* A kernel thread without a process context is assumed to have
* the privilege in question. In situations where the caller always
* expect a cred to exist, the cred should be passed separately and
* priv_check_cred() should be used instead of priv_check().
*
* Returns 0 or error.
*/
int
suser(struct thread *td)
priv_check(struct thread *td, int priv)
{
struct proc *p = td->td_proc;
if (p != NULL) {
return suser_cred(p->p_ucred, 0);
return priv_check_cred(p->p_ucred, priv, 0);
} else {
return (0);
}
}
/*
* Check a credential for privilege.
*
* A non-null credential is expected unless NULL_CRED_OKAY is set.
*/
int
suser_cred(struct ucred *cred, int flag)
priv_check_cred(struct ucred *cred, int priv, int flags)
{
KASSERT(cred != NULL || flag & NULL_CRED_OKAY,
("suser_cred: NULL cred!"));
KASSERT(PRIV_VALID(priv), ("priv_check_cred: invalid privilege"));
KASSERT(cred != NULL || flags & NULL_CRED_OKAY,
("priv_check_cred: NULL cred!"));
if (cred == NULL) {
if (flag & NULL_CRED_OKAY)
if (flags & NULL_CRED_OKAY)
return (0);
else
return (EPERM);
}
if (cred->cr_uid != 0)
return (EPERM);
if (cred->cr_prison && !(flag & PRISON_ROOT))
if (cred->cr_prison && !(flags & PRISON_ROOT))
return (EPERM);
/* NOTE: accounting for suser access (p_acflag/ASU) removed */
return (0);
}
/*
* Check for privilege.
*
* YYY: For now this is just a wrapper calling suser().
*/
int
priv_check(struct thread *td, int priv)
{
return suser(td);
}
/*
* Check a credential for privilege.
*
* YYY: For now this is just a wrapper calling suser_cred().
*/
int
priv_check_cred(struct ucred *cred, int priv, int flags)
{
return suser_cred(cred, flags);
}
/*
* Return zero if p1 can fondle p2, return errno (EPERM/ESRCH) otherwise.
*/
int
sys/dev/disk/ata/atapi-cd.c
#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/buf.h>
#include <sys/bus.h>
#include <sys/disk.h>
......
case CDIOCRESET:
; /* note: if no proc EPERM will be returned */
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error)
break;
error = atapi_test_ready(cdp->device);
sys/dev/disk/fd/fd.c
#include <sys/malloc.h>
#include <sys/module.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/syslog.h>
#include <sys/device.h>
#include <sys/bus.h>
......
case FD_STYPE: /* set drive type */
/* this is considered harmful; only allow for superuser */
if (suser_cred(ap->a_cred, 0) != 0)
if (priv_check_cred(ap->a_cred, PRIV_ROOT, 0) != 0)
return EPERM;
fd->ft = *(struct fd_type *)ap->a_data;
break;
sys/dev/disk/nata/atapi-cd.c
#include <sys/module.h>
#include <sys/nata.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/systm.h>
#include "ata-all.h"
......
break;
case CDIOCRESET:
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error)
break;
error = acd_test_ready(dev);
sys/dev/disk/vn/vn.c
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/nlookup.h>
#include <sys/buf.h>
#include <sys/malloc.h>
......
vn_specific:
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error)
return (error);
sys/dev/drm/drmP.h
#include <sys/systm.h>
#include <sys/conf.h>
#include <sys/stat.h>
#if __FreeBSD_version >= 700000
#include <sys/priv.h>
#endif
#include <sys/proc.h>
#include <sys/lock.h>
#include <sys/fcntl.h>
......
#if defined(__FreeBSD__) || defined(__DragonFly__)
#define PAGE_ALIGN(addr) round_page(addr)
/* DRM_SUSER returns true if the user is superuser */
#if __FreeBSD_version >= 700000
#define DRM_SUSER(p) (priv_check(p, PRIV_DRIVER) == 0)
#else
#define DRM_SUSER(p) (suser(p) == 0)
#endif
#define DRM_AGP_FIND_DEVICE() agp_find_device()
#define DRM_MTRR_WC MDF_WRITECOMBINE
#define jiffies ticks
sys/dev/misc/dcons/dcons_os.c
#include <sys/tty.h>
#include <sys/malloc.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/thread2.h>
#include <sys/ucred.h>
#include <sys/bus.h>
......
tp->t_lflag = TTYDEF_LFLAG;
tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
ttsetwater(tp);
} else if ((tp->t_state & TS_XCLUDE) && suser_cred(ap->a_cred, 0)) {
} else if ((tp->t_state & TS_XCLUDE) && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
crit_exit();
return (EBUSY);
}
sys/dev/misc/nmdm/nmdm.c
#include <sys/ioctl_compat.h>
#endif
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/thread2.h>
#include <sys/tty.h>
#include <sys/conf.h>
......
tp->t_lflag = TTYDEF_LFLAG;
tp->t_cflag = TTYDEF_CFLAG;
tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
} else if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0)) {
} else if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
return (EBUSY);
} else if (pti->pt_prison != ap->a_cred->cr_prison) {
return (EBUSY);
sys/dev/misc/spigot/spigot.c
#include <sys/conf.h>
#include <sys/device.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/signalvar.h>
#include <sys/mman.h>
......
* require sufficient privilege soon and nothing much can be done
* without them.
*/
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return error;
if (securelevel > 0)
......
break;
case SPIGOT_IOPL_ON: /* allow access to the IO PAGE */
#if !defined(SPIGOT_UNSECURE)
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return error;
if (securelevel > 0)
sys/dev/misc/syscons/syscons.c
#include <sys/reboot.h>
#include <sys/conf.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/signalvar.h>
#include <sys/sysctl.h>
#include <sys/tty.h>
......
(*linesw[tp->t_line].l_modem)(tp, 1);
}
else
if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0))
if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0))
return(EBUSY);
error = (*linesw[tp->t_line].l_open)(dev, tp);
......
return 0;
case KDENABIO: /* allow io operations */
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return error;
if (securelevel > 0)
sys/dev/misc/syscons/sysmouse.c
#include <sys/systm.h>
#include <sys/conf.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/tty.h>
#include <sys/kernel.h>
#include <sys/thread2.h>
......
tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
smparam(tp, &tp->t_termios);
(*linesw[tp->t_line].l_modem)(tp, 1);
} else if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0)) {
} else if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
return EBUSY;
}
sys/dev/netif/an/if_an.c
#include <sys/mbuf.h>
#include <sys/kernel.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/ucred.h>
#include <sys/socket.h>
#ifdef ANCACHE
......
break;
#ifdef ANCACHE
if (sc->areq.an_type == AN_RID_ZERO_CACHE) {
error = suser_cred(cr, NULL_CRED_OKAY);
error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error)
break;
sc->an_sigitems = sc->an_nextitem = 0;
......
error = copyout(&sc->areq, ifr->ifr_data, sizeof(sc->areq));
break;
case SIOCSAIRONET:
if ((error = suser_cred(cr, NULL_CRED_OKAY)))
if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
break;
error = copyin(ifr->ifr_data, &sc->areq, sizeof(sc->areq));
if (error != 0)
......
an_setdef(sc, &sc->areq);
break;
case SIOCGPRIVATE_0: /* used by Cisco client utility */
if ((error = suser_cred(cr, NULL_CRED_OKAY)))
if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
break;
copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl));
mode = l_ioctl.command;
......
break;
case SIOCGPRIVATE_1: /* used by Cisco client utility */
if ((error = suser_cred(cr, NULL_CRED_OKAY)))
if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
break;
copyin(ifr->ifr_data, &l_ioctl, sizeof(l_ioctl));
l_ioctl.command = 0;
......
}
break;
case SIOCS80211:
if ((error = suser_cred(cr, NULL_CRED_OKAY)))
if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
break;
sc->areq.an_len = sizeof(sc->areq);
/*
sys/dev/netif/ath/hal/ah_osdep.c
#include <sys/bus.h>
#include <sys/malloc.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <machine/stdarg.h>
......
int error;
if (enable) {
error = suser(curthread);
error = priv_check(curthread, PRIV_ROOT);
if (error == 0) {
error = alq_open(&ath_hal_alq, ath_hal_logfile,
curthread->td_ucred, ALQ_DEFAULT_CMODE,
sys/dev/netif/cx/cx.c
#include <sys/fcntl.h>
#include <sys/conf.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/tty.h>
#include <sys/socket.h>
#include <sys/thread2.h>
......
tp = c->ttyp;
tp->t_dev = dev;
if ((tp->t_state & TS_ISOPEN) && (tp->t_state & TS_XCLUDE) &&
suser_cred(ap->a_cred, 0))
priv_check_cred(ap->a_cred, PRIV_ROOT, 0))
return (EBUSY);
if (! (tp->t_state & TS_ISOPEN)) {
ttychars (tp);
sys/dev/netif/iwi/if_iwi.c
#include <sys/module.h>
#include <sys/endian.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/ucred.h>
#include <sys/bus.h>
#include <sys/rman.h>
......
case SIOCSLOADFW:
/* only super-user can do that! */
error = suser_cred(cr, NULL_CRED_OKAY);
error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error != 0)
break;
......
case SIOCSKILLFW:
/* only super-user can do that! */
error = suser_cred(cr, NULL_CRED_OKAY);
error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error != 0)
break;
sys/dev/netif/ndis/if_ndis.c
#include <sys/socket.h>
#include <sys/queue.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/sysctl.h>
#include <sys/bus.h>
#include <sys/rman.h>
......
uint32_t foo;
int error, len;
error = suser(curthread);
error = priv_check(curthread, PRIV_ROOT);
if (error)
return (error);
sys/dev/netif/sbni/if_sbni.c
#include <sys/mbuf.h>
#include <sys/kernel.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/callout.h>
#include <sys/syslog.h>
#include <sys/random.h>
......
case SIOCSHWFLAGS: /* set flags */
/* root only */
error = suser_cred(cr, NULL_CRED_OKAY);
error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
/* NOTE: returns EPERM if no proc */
if (error)
break;
......
break;
case SIOCRINSTATS:
if (!(error = suser_cred(cr, NULL_CRED_OKAY))) /* root only */
if (!(error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY))) /* root only */
bzero(&sc->in_stats, sizeof(struct sbni_in_stats));
break;
sys/dev/netif/sbsh/if_sbsh.c
#include <sys/malloc.h>
#include <sys/kernel.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/socket.h>
#include <sys/random.h>
#include <sys/serialize.h>
......
switch(cmd) {
case SIOCLOADFIRMW:
if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
if (ifp->if_flags & IFF_UP)
error = EBUSY;
......
break;
case SIOCGETSTATS :
if ((error = suser_cred(cr, NULL_CRED_OKAY)) != 0)
if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
break;
t = 0;
......
break;
case SIOCCLRSTATS :
if (!(error = suser_cred(cr, NULL_CRED_OKAY))) {
if (!(error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY))) {
bzero(&sc->in_stats, sizeof(struct sbni16_stats));
t = 2;
if (issue_cx28975_cmd(sc, _DSL_CLEAR_ERROR_CTRS, &t, 1))
sys/dev/netif/wi/if_wi.c
#include <sys/sockio.h>
#include <sys/mbuf.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/kernel.h>
#include <sys/socket.h>
#include <sys/module.h>
......
error = wi_get_cfg(ifp, cmd, data, cr);
break;
case SIOCSIFGENERIC:
error = suser_cred(cr, NULL_CRED_OKAY);
error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error)
break;
error = wi_set_cfg(ifp, cmd, data);
......
error = copyout(&wreq, ifr->ifr_data, sizeof(wreq));
break;
case SIOCSPRISM2DEBUG:
if ((error = suser_cred(cr, NULL_CRED_OKAY)))
if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
goto out;
error = copyin(ifr->ifr_data, &wreq, sizeof(wreq));
if (error)
......
}
break;
case SIOCS80211:
error = suser_cred(cr, NULL_CRED_OKAY);
error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
if (error)
break;
ireq = (struct ieee80211req *) data;
sys/dev/netif/wl/if_wl.c
#include <sys/socket.h>
#include <sys/syslog.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/serialize.h>
#include <sys/sysctl.h>
#include <sys/bus.h>
......
/* pointer to buffer in user space */
up = (void *)ifr->ifr_data;
/* work out if they're root */
isroot = (suser(td) == 0);
isroot = (priv_check(td, PRIV_ROOT) == 0);
for (i = 0; i < 0x40; i++) {
/* don't hand the DES key out to non-root users */
......
/* copy the PSA in from the caller; we only copy _some_ values */
case SIOCSWLPSA:
/* root only */
if ((error = suser(td)))
if ((error = priv_check(td, PRIV_ROOT)))
break;
error = EINVAL; /* assume the worst */
/* pointer to buffer in user space containing data */
......
*/
case SIOCSWLCNWID:
/* root only */
if ((error = suser(td)))
if ((error = priv_check(td, PRIV_ROOT)))
break;
if (!(ifp->if_flags & IFF_UP)) {
error = EIO; /* only allowed while up */
......
/* copy the EEPROM in 2.4 Gz WaveMODEM out to the caller */
case SIOCGWLEEPROM:
/* root only */
if ((error = suser(td)))
if ((error = priv_check(td; PRIV_ROOT)))
break;
/* pointer to buffer in user space */
up = (void *)ifr->ifr_data;
......
/* zero (Delete) the wl cache */
case SIOCDWLCACHE:
/* root only */
if ((error = suser(td)))
if ((error = priv_check(td, PRIV_ROOT)))
break;
wl_cache_zero(sc);
break;
sys/dev/raid/asr/asr.c
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/bus.h>
#include <sys/rman.h>
......
crit_enter();
if (ASR_ctlr_held) {
error = EBUSY;
} else if ((error = suser_cred(ap->a_cred, 0)) == 0) {
} else if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0) {
++ASR_ctlr_held;
}
crit_exit();
sys/dev/raid/vinum/vinum.c
}
case VINUM_SUPERDEV_TYPE:
error = suser_cred(ap->a_cred, 0); /* are we root? */
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0); /* are we root? */
if (error == 0) { /* yes, can do */
if (devminor == VINUM_DAEMON_DEV) /* daemon device */
vinum_conf.flags |= VF_DAEMONOPEN; /* we're open */
sys/dev/raid/vinum/vinumhdr.h
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/mount.h>
#include <sys/vnode.h>
sys/dev/serial/cy/cy.c
#include <sys/systm.h>
#include <sys/tty.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/dkstat.h>
#include <sys/fcntl.h>
......
}
}
if (tp->t_state & TS_XCLUDE &&
suser_cred(ap->a_cred, 0)) {
priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
error = EBUSY;
goto out;
}
......
}
switch (cmd) {
case TIOCSETA:
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return (error);
*ct = *(struct termios *)data;
......
break;
case TIOCMSDTRWAIT:
/* must be root since the wait applies to following logins */
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0) {
crit_exit();
return (error);
sys/dev/serial/dgb/dgm.c
#include <sys/systm.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/dkstat.h>
#include <sys/fcntl.h>
......
crit_exit();
goto open_top;
}
if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0)) {
if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
error = EBUSY;
goto out;
}
......
}
switch (cmd) {
case TIOCSETA:
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return (error);
*ct = *(struct termios *)data;
......
break;
case TIOCMSDTRWAIT:
/* must be root since the wait applies to following logins */
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0) {
crit_exit();
return (error);
sys/dev/serial/digi/digi.c
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/linker.h>
#include <sys/kernel.h>
......
}
goto open_top;
}
if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0) != 0) {
if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0) != 0) {
error = EBUSY;
goto out;
}
......
switch (cmd) {
case TIOCSETA:
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return (error);
*ct = *(struct termios *)data;
......
*(int *)data = digimctl(port, 0, DMGET);
break;
case TIOCMSDTRWAIT:
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0) {
crit_exit();
return (error);
sys/dev/serial/rc/rc.c
#include <sys/systm.h>
#include <sys/tty.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/dkstat.h>
#include <sys/fcntl.h>
......
}
}
if (tp->t_state & TS_XCLUDE &&
suser_cred(ap->a_cred, 0)) {
priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
error = EBUSY;
goto out;
}
......
break;
case TIOCMSDTRWAIT:
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0) {
crit_exit();
return (error);
sys/dev/serial/rp/rp.c
#include <sys/malloc.h>
#include <sys/tty.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/dkstat.h>
#include <sys/conf.h>
#include <sys/kernel.h>
......
goto open_top;
}
}
if(tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0) != 0) {
if(tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0) != 0) {
crit_exit();
error = EBUSY;
goto out2;
......
}
switch (cmd) {
case TIOCSETA:
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if(error != 0)
return(error);
*ct = *(struct termios *)data;
......
*(int *)data = result;
break;
case TIOCMSDTRWAIT:
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if(error != 0) {
crit_exit();
return(error);
sys/dev/serial/si/si.c
#endif
#include <sys/tty.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/fcntl.h>
#include <sys/dkstat.h>
......
/* quickly let in /dev/si_control */
if (IS_CONTROLDEV(mynor)) {
if ((error = suser_cred(ap->a_cred, 0)))
if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)))
return(error);
return(0);
}
......
}
}
if (tp->t_state & TS_XCLUDE &&
suser_cred(ap->a_cred, 0)) {
priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
DPRINT((pp, DBG_OPEN|DBG_FAIL,
"already open and EXCLUSIVE set\n"));
error = EBUSY;
......
}
switch (cmd) {
case TIOCSETA:
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return (error);
*ct = *(struct termios *)data;
......
break;
case TIOCMSDTRWAIT:
/* must be root since the wait applies to following logins */
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error == 0)
pp->sp_dtr_wait = *(int *)data * hz / 100;
break;
......
ip = (int *)data;
#define SUCHECK if ((error = suser_cred(cred, 0))) goto out
#define SUCHECK if ((error = priv_check_cred(cred, PRIV_ROOT, 0))) goto out
switch (cmd) {
case TCSIPORTS:
sys/dev/serial/sio/sio.c
#include <sys/malloc.h>
#include <sys/tty.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/module.h>
#include <sys/conf.h>
#include <sys/dkstat.h>
......
goto open_top;
}
}
if (tp->t_state & TS_XCLUDE && suser_cred(ap->a_cred, 0)) {
if (tp->t_state & TS_XCLUDE && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
error = EBUSY;
goto out;
}
......
}
switch (ap->a_cmd) {
case TIOCSETA:
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
return (error);
*ct = *(struct termios *)data;
......
break;
case TIOCMSDTRWAIT:
/* must be root since the wait applies to following logins */
error = suser_cred(ap->a_cred, 0);
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0) {
crit_exit();
return (error);
sys/dev/serial/stl/stallion.c
#include <sys/malloc.h>
#include <sys/tty.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/fcntl.h>
#include <sys/thread2.h>
......
goto stlopen_restart;
}
}
if ((tp->t_state & TS_XCLUDE) && suser_cred(ap->a_cred, 0)) {
if ((tp->t_state & TS_XCLUDE) && priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
error = EBUSY;
goto stlopen_end;
}
......
switch (cmd) {
case TIOCSETA:
if ((error = suser_cred(ap->a_cred, 0)) == 0)
if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0)
*localtios = *((struct termios *) data);
break;
case TIOCGETA:
......
*((int *) data) = (stl_getsignals(portp) | TIOCM_LE);
break;
case TIOCMSDTRWAIT:
if ((error = suser_cred(ap->a_cred, 0)) == 0)
if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0)
portp->dtrwait = *((int *) data) * hz / 100;
break;
case TIOCMGDTRWAIT:
sys/dev/serial/stli/istallion.c
#include <sys/malloc.h>
#include <sys/tty.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/conf.h>
#include <sys/fcntl.h>
#include <sys/uio.h>
......
}
}
if ((tp->t_state & TS_XCLUDE) &&
suser_cred(ap->a_cred, 0)) {
priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) {
error = EBUSY;
goto stliopen_end;
}
......
switch (cmd) {
case TIOCSETA:
if ((error = suser_cred(ap->a_cred, 0)) == 0)
if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0)
*localtios = *((struct termios *) data);
break;
case TIOCGETA:
......
*((int *) data) = (portp->sigs | TIOCM_LE);
break;
case TIOCMSDTRWAIT:
if ((error = suser_cred(ap->a_cred, 0)) == 0)
if ((error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)) == 0)
portp->dtrwait = *((int *) data) * hz / 100;
break;
case TIOCMGDTRWAIT:
sys/dev/usbmisc/ucom/ucom.c
#include <sys/file.h>
#include <sys/select.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/poll.h>
#include <sys/sysctl.h>
#include <sys/thread2.h>
......
if (ISSET(tp->t_state, TS_ISOPEN) &&
ISSET(tp->t_state, TS_XCLUDE) &&
suser_cred(ap->a_cred, 0)
priv_check_cred(ap->a_cred, PRIV_ROOT, 0)
) {
return (EBUSY);
}
sys/emulation/43bsd/43bsd_hostinfo.c
#include <sys/sysproto.h>
#include <sys/kernel.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <vm/vm_param.h>
......
KKASSERT(p);
name[0] = CTL_KERN;
name[1] = KERN_HOSTNAME;
error = suser_cred(p->p_ucred, PRISON_ROOT);
error = priv_check_cred(p->p_ucred, PRIV_ROOT, PRISON_ROOT);
if (error)
return (error);
len = MIN(uap->len, MAXHOSTNAMELEN);
......
struct thread *td = curthread;
int error;
error = suser(td);
error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
hostid = uap->hostid;
sys/emulation/dragonfly12/dfbsd12_stat.c
#include <sys/mount.h>
#include <sys/nlookup.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/stat.h>
#include <sys/sysproto.h>
#include <sys/systm.h>
......
/*
* Must be super user
*/
error = suser(td);
error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
sys/emulation/linux/i386/linprocfs/linprocfs_vnops.c
#include <sys/lock.h>
#include <sys/fcntl.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/signalvar.h>
#include <sys/vnode.h>
#include <sys/mount.h>
......
*/
#define NFLAGS (PF_ISUGID)
flags = (unsigned char)*(unsigned int*)ap->a_data;
if (flags & NFLAGS && (error = suser_cred(ap->a_cred, 0)))
if (flags & NFLAGS && (error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0)))
return error;
procp->p_pfsflags = flags;
break;
sys/emulation/linux/i386/linux_machdep.c
#include <sys/mman.h>
#include <sys/nlookup.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/resource.h>
#include <sys/resourcevar.h>
#include <sys/sysproto.h>
......
if (args->level < 0 || args->level > 3)
return (EINVAL);
if ((error = suser(td)) != 0)
if ((error = priv_check(td, PRIV_ROOT)) != 0)
return (error);
if (securelevel > 0)
return (EPERM);
sys/emulation/linux/linux_misc.c
#include <sys/mount.h>
#include <sys/poll.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/nlookup.h>
#include <sys/blist.h>
#include <sys/reboot.h>
......
* Keep cr_groups[0] unchanged to prevent that.
*/
if ((error = suser_cred(oldcred, PRISON_ROOT)) != 0)
if ((error = priv_check_cred(oldcred, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
if (ngrp >= NGROUPS)
sys/emulation/linux/linux_uid16.c
#include <sys/kern_syscall.h>
#include <sys/nlookup.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/sysproto.h>
#include <sys/thread.h>
......
* Keep cr_groups[0] unchanged to prevent that.
*/
if ((error = suser_cred(oldcred, PRISON_ROOT)) != 0)
if ((error = priv_check_cred(oldcred, PRIV_ROOT, PRISON_ROOT)) != 0)
return (error);
if (ngrp >= NGROUPS)
sys/kern/imgact_resident.c
#include <sys/imgact_aout.h>
#include <sys/mman.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/resourcevar.h>
#include <sys/sysent.h>
#include <sys/systm.h>
......
/* only super-user should call this sysctl */
td = req->td;
if ((suser(td)) != 0)
if ((priv_check(td, PRIV_ROOT)) != 0)
return EPERM;
error = count = 0;
......
int error;
p = curproc;
if ((error = suser_cred(p->p_ucred, 0)) != 0)
if ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, 0)) != 0)
return(error);
if ((vp = p->p_textvp) == NULL)
return(ENOENT);
......
int count;
p = curproc;
if ((error = suser_cred(p->p_ucred, 0)) != 0)
if ((error = priv_check_cred(p->p_ucred, PRIV_ROOT, 0)) != 0)
return(error);
/*
sys/kern/kern_acct.c
#include <sys/systm.h>
#include <sys/sysproto.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/mount.h>
#include <sys/vnode.h>
#include <sys/fcntl.h>
......
int error;
/* Make sure that the caller is root. */
error = suser(td);
error = priv_check(td, PRIV_ROOT);
if (error)
return (error);
sys/kern/kern_exec.c
#include <sys/wait.h>
#include <sys/malloc.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/ktrace.h>
#include <sys/signalvar.h>
#include <sys/pioctl.h>
......
* we do not regain any tracing during a possible block.
*/
setsugid();
if (p->p_tracenode && suser(td) != 0) {
if (p->p_tracenode && priv_check(td, PRIV_ROOT) != 0) {
ktrdestroy(&p->p_tracenode);
p->p_traceflag = 0;
}
sys/kern/kern_fp.c
#include <sys/sysctl.h>
#include <sys/vnode.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/nlookup.h>
#include <sys/file.h>
#include <sys/stat.h>
......
if (securelevel >= 1)
disablexworkaround = 1;
else
disablexworkaround = suser(td);
disablexworkaround = priv_check(td, PRIV_ROOT);
if (vp->v_type == VCHR && disablexworkaround &&
(flags & (MAP_PRIVATE|MAP_COPY))) {
error = EINVAL;
sys/kern/kern_jail.c
#include <sys/nlookup.h>
#include <sys/namecache.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/jail.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
......
struct jail_ip_storage *jip;
/* Multiip */
error = suser(td);
error = priv_check(td, PRIV_ROOT);
... This diff was truncated because it exceeds the maximum size that can be displayed.
    (1-1/1)