diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2007-06-12 00:12:01 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2007-06-12 00:12:01 +0000 |
commit | 32f9753cfbfe844fa6c02c88c7ca96617e903d8e (patch) | |
tree | c439df85bebf079d07319c231d64ac481577b036 /sys/ufs/ffs | |
parent | efe641b939baf83c13aa60cadaa44ad5a501e824 (diff) | |
download | src-32f9753cfbfe844fa6c02c88c7ca96617e903d8e.tar.gz src-32f9753cfbfe844fa6c02c88c7ca96617e903d8e.zip |
Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in
some cases, move to priv_check() if it was an operation on a thread and
no other flags were present.
Eliminate caller-side jail exception checking (also now-unused); jail
privilege exception code now goes solely in kern_jail.c.
We can't yet eliminate suser() due to some cases in the KAME code where
a privilege check is performed and then used in many different deferred
paths. Do, however, move those prototypes to priv.h.
Reviewed by: csjp
Obtained from: TrustedBSD Project
Notes
Notes:
svn path=/head/; revision=170587
Diffstat (limited to 'sys/ufs/ffs')
-rw-r--r-- | sys/ufs/ffs/ffs_alloc.c | 4 | ||||
-rw-r--r-- | sys/ufs/ffs/ffs_vnops.c | 6 |
2 files changed, 4 insertions, 6 deletions
diff --git a/sys/ufs/ffs/ffs_alloc.c b/sys/ufs/ffs/ffs_alloc.c index 67c8fc3bdd03..00e0fbdf6201 100644 --- a/sys/ufs/ffs/ffs_alloc.c +++ b/sys/ufs/ffs/ffs_alloc.c @@ -173,7 +173,7 @@ retry: #endif if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0) goto nospace; - if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, SUSER_ALLOWJAIL) && + if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0) && freespace(fs, fs->fs_minfree) - numfrags(fs, size) < 0) goto nospace; if (bpref >= fs->fs_size) @@ -268,7 +268,7 @@ ffs_realloccg(ip, lbprev, bprev, bpref, osize, nsize, cred, bpp) #endif /* DIAGNOSTIC */ reclaimed = 0; retry: - if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, SUSER_ALLOWJAIL) && + if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0) && freespace(fs, fs->fs_minfree) - numfrags(fs, nsize - osize) < 0) { goto nospace; } diff --git a/sys/ufs/ffs/ffs_vnops.c b/sys/ufs/ffs/ffs_vnops.c index 80892f39320a..b187ad70a1fa 100644 --- a/sys/ufs/ffs/ffs_vnops.c +++ b/sys/ufs/ffs/ffs_vnops.c @@ -790,8 +790,7 @@ ffs_write(ap) */ if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && ap->a_cred) { - if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID, - SUSER_ALLOWJAIL)) { + if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID, 0)) { ip->i_mode &= ~(ISUID | ISGID); DIP_SET(ip, i_mode, ip->i_mode); } @@ -1121,8 +1120,7 @@ ffs_extwrite(struct vnode *vp, struct uio *uio, int ioflag, struct ucred *ucred) * tampering. */ if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid && ucred) { - if (priv_check_cred(ucred, PRIV_VFS_RETAINSUGID, - SUSER_ALLOWJAIL)) { + if (priv_check_cred(ucred, PRIV_VFS_RETAINSUGID, 0)) { ip->i_mode &= ~(ISUID | ISGID); dp->di_mode = ip->i_mode; } |