diff options
Diffstat (limited to 'sys/kern/kern_prot.c')
| -rw-r--r-- | sys/kern/kern_prot.c | 55 |
1 files changed, 32 insertions, 23 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 0bb0244cd6e..08d997605bd 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_prot.c,v 1.24 2003/06/02 23:28:05 millert Exp $ */ +/* $OpenBSD: kern_prot.c,v 1.25 2003/08/15 20:32:18 tedu Exp $ */ /* $NetBSD: kern_prot.c,v 1.33 1996/02/09 18:59:42 christos Exp $ */ /* @@ -383,21 +383,21 @@ sys_setresuid(p, v, retval) ruid != pc->p_ruid && ruid != pc->pc_ucred->cr_uid && ruid != pc->p_svuid && - (error = suser(pc->pc_ucred, &p->p_acflag))) + (error = suser(p, 0))) return (error); if (euid != (uid_t)-1 && euid != pc->p_ruid && euid != pc->pc_ucred->cr_uid && euid != pc->p_svuid && - (error = suser(pc->pc_ucred, &p->p_acflag))) + (error = suser(p, 0))) return (error); if (suid != (uid_t)-1 && suid != pc->p_ruid && suid != pc->pc_ucred->cr_uid && suid != pc->p_svuid && - (error = suser(pc->pc_ucred, &p->p_acflag))) + (error = suser(p, 0))) return (error); /* @@ -489,21 +489,21 @@ sys_setresgid(p, v, retval) rgid != pc->p_rgid && rgid != pc->pc_ucred->cr_gid && rgid != pc->p_svgid && - (error = suser(pc->pc_ucred, &p->p_acflag))) + (error = suser(p, 0))) return (error); if (egid != (gid_t)-1 && egid != pc->p_rgid && egid != pc->pc_ucred->cr_gid && egid != pc->p_svgid && - (error = suser(pc->pc_ucred, &p->p_acflag))) + (error = suser(p, 0))) return (error); if (sgid != (gid_t)-1 && sgid != pc->p_rgid && sgid != pc->pc_ucred->cr_gid && sgid != pc->p_svgid && - (error = suser(pc->pc_ucred, &p->p_acflag))) + (error = suser(p, 0))) return (error); /* @@ -616,14 +616,14 @@ sys_setuid(p, v, retval) if (uid != pc->p_ruid && uid != pc->p_svuid && uid != pc->pc_ucred->cr_uid && - (error = suser(pc->pc_ucred, &p->p_acflag))) + (error = suser(p, 0))) return (error); /* * Everything's okay, do it. */ if (uid == pc->pc_ucred->cr_uid || - suser(pc->pc_ucred, &p->p_acflag) == 0) { + suser(p, 0) == 0) { /* * Transfer proc count to new user. */ @@ -664,7 +664,7 @@ sys_seteuid(p, v, retval) return (0); if (euid != pc->p_ruid && euid != pc->p_svuid && - (error = suser(pc->pc_ucred, &p->p_acflag))) + (error = suser(p, 0))) return (error); /* @@ -700,11 +700,11 @@ sys_setgid(p, v, retval) if (gid != pc->p_rgid && gid != pc->p_svgid && gid != pc->pc_ucred->cr_gid && - (error = suser(pc->pc_ucred, &p->p_acflag))) + (error = suser(p, 0))) return (error); if (gid == pc->pc_ucred->cr_gid || - suser(pc->pc_ucred, &p->p_acflag) == 0) { + suser(p, 0) == 0) { pc->p_rgid = gid; pc->p_svgid = gid; } @@ -738,7 +738,7 @@ sys_setegid(p, v, retval) return (0); if (egid != pc->p_rgid && egid != pc->p_svgid && - (error = suser(pc->pc_ucred, &p->p_acflag))) + (error = suser(p, 0))) return (error); /* @@ -765,7 +765,7 @@ sys_setgroups(p, v, retval) u_int ngrp; int error; - if ((error = suser(pc->pc_ucred, &p->p_acflag)) != 0) + if ((error = suser(p, 0)) != 0) return (error); ngrp = SCARG(uap, gidsetsize); if (ngrp > NGROUPS) @@ -799,25 +799,34 @@ groupmember(gid, cred) } /* - * Test whether the specified credentials imply "super-user" - * privilege; if so, and we have accounting info, set the flag - * indicating use of super-powers. + * Test whether this process has special user powers. * Returns 0 or error. */ int -suser(cred, acflag) - struct ucred *cred; - u_short *acflag; +suser(struct proc *p, u_int flags) { + struct ucred *cred = p->p_ucred; + if (cred->cr_uid == 0) { - if (acflag) - *acflag |= ASU; + if (!(flags & SUSER_NOACCT)) + p->p_acflag |= ASU; return (0); } return (EPERM); } /* + * replacement for old suser, for callers who don't have a process + */ +int +suser_ucred(struct ucred *cred) +{ + if (cred->cr_uid == 0) + return (0); + return (EPERM); +} + +/* * Allocate a zeroed cred structure. */ struct ucred * @@ -913,7 +922,7 @@ sys_setlogin(p, v, retval) } */ *uap = v; int error; - if ((error = suser(p->p_ucred, &p->p_acflag)) != 0) + if ((error = suser(p, 0)) != 0) return (error); error = copyinstr((caddr_t) SCARG(uap, namebuf), (caddr_t) p->p_pgrp->pg_session->s_login, |