Author: mjg
Date: Tue Dec 11 19:32:16 2018
New Revision: 341827
URL: https://svnweb.freebsd.org/changeset/base/341827
Log:
Remove unused argument to priv_check_cred.
Patch mostly generated with cocinnelle:
@@
expression E1,E2;
@@
- priv_check_cred(E1,E2,0)
+ priv_check_cred(E1,E2)
Sponsored by: The FreeBSD Foundation
Modified:
head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c
head/sys/cddl/compat/opensolaris/kern/opensolaris_zone.c
head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
head/sys/compat/linux/linux_misc.c
head/sys/compat/linux/linux_uid16.c
head/sys/dev/filemon/filemon_wrapper.c
head/sys/fs/ext2fs/ext2_vnops.c
head/sys/fs/fuse/fuse_internal.c
head/sys/fs/fuse/fuse_vnops.c
head/sys/fs/msdosfs/msdosfs_vnops.c
head/sys/fs/nandfs/nandfs_vnops.c
head/sys/fs/nfs/nfs_commonsubs.c
head/sys/fs/nfsserver/nfs_nfsdport.c
head/sys/fs/tmpfs/tmpfs_subr.c
head/sys/fs/tmpfs/tmpfs_vnops.c
head/sys/kern/kern_exec.c
head/sys/kern/kern_fork.c
head/sys/kern/kern_priv.c
head/sys/kern/kern_prot.c
head/sys/kern/subr_acl_nfs4.c
head/sys/kern/subr_acl_posix1e.c
head/sys/kern/uipc_mqueue.c
head/sys/kern/uipc_sem.c
head/sys/kern/uipc_shm.c
head/sys/kern/vfs_mount.c
head/sys/kern/vfs_subr.c
head/sys/kern/vfs_syscalls.c
head/sys/net/if_tap.c
head/sys/net/if_tun.c
head/sys/netinet/in_pcb.c
head/sys/netinet6/in6_pcb.c
head/sys/netinet6/ip6_output.c
head/sys/netipsec/ipsec_pcb.c
head/sys/netsmb/smb_subr.h
head/sys/security/audit/audit_syscalls.c
head/sys/security/mac/mac_net.c
head/sys/security/mac_bsdextended/mac_bsdextended.c
head/sys/security/mac_lomac/mac_lomac.c
head/sys/security/mac_partition/mac_partition.c
head/sys/security/mac_portacl/mac_portacl.c
head/sys/security/mac_seeotheruids/mac_seeotheruids.c
head/sys/sys/priv.h
head/sys/ufs/ffs/ffs_alloc.c
head/sys/ufs/ffs/ffs_softdep.c
head/sys/ufs/ffs/ffs_vnops.c
head/sys/ufs/ufs/ufs_quota.c
head/sys/ufs/ufs/ufs_vnops.c
head/sys/vm/vm_mmap.c
Modified: head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c
==============================================================================
--- head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c Tue Dec 11
19:12:44 2018 (r341826)
+++ head/sys/cddl/compat/opensolaris/kern/opensolaris_policy.c Tue Dec 11
19:32:16 2018 (r341827)
@@ -41,35 +41,35 @@ int
secpolicy_nfs(cred_t *cr)
{
- return (priv_check_cred(cr, PRIV_NFS_DAEMON, 0));
+ return (priv_check_cred(cr, PRIV_NFS_DAEMON));
}
int
secpolicy_zfs(cred_t *cr)
{
- return (priv_check_cred(cr, PRIV_VFS_MOUNT, 0));
+ return (priv_check_cred(cr, PRIV_VFS_MOUNT));
}
int
secpolicy_sys_config(cred_t *cr, int checkonly __unused)
{
- return (priv_check_cred(cr, PRIV_ZFS_POOL_CONFIG, 0));
+ return (priv_check_cred(cr, PRIV_ZFS_POOL_CONFIG));
}
int
secpolicy_zinject(cred_t *cr)
{
- return (priv_check_cred(cr, PRIV_ZFS_INJECT, 0));
+ return (priv_check_cred(cr, PRIV_ZFS_INJECT));
}
int
secpolicy_fs_unmount(cred_t *cr, struct mount *vfsp __unused)
{
- return (priv_check_cred(cr, PRIV_VFS_UNMOUNT, 0));
+ return (priv_check_cred(cr, PRIV_VFS_UNMOUNT));
}
int
@@ -97,7 +97,7 @@ secpolicy_basic_link(vnode_t *vp, cred_t *cr)
return (0);
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
return (0);
- return (priv_check_cred(cr, PRIV_VFS_LINK, 0));
+ return (priv_check_cred(cr, PRIV_VFS_LINK));
}
int
@@ -113,7 +113,7 @@ secpolicy_vnode_remove(vnode_t *vp, cred_t *cr)
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
return (0);
- return (priv_check_cred(cr, PRIV_VFS_ADMIN, 0));
+ return (priv_check_cred(cr, PRIV_VFS_ADMIN));
}
int
@@ -123,18 +123,18 @@ secpolicy_vnode_access(cred_t *cr, vnode_t *vp, uid_t
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
return (0);
- if ((accmode & VREAD) && priv_check_cred(cr, PRIV_VFS_READ, 0) != 0)
+ if ((accmode & VREAD) && priv_check_cred(cr, PRIV_VFS_READ) != 0)
return (EACCES);
if ((accmode & VWRITE) &&
- priv_check_cred(cr, PRIV_VFS_WRITE, 0) != 0) {
+ priv_check_cred(cr, PRIV_VFS_WRITE) != 0) {
return (EACCES);
}
if (accmode & VEXEC) {
if (vp->v_type == VDIR) {
- if (priv_check_cred(cr, PRIV_VFS_LOOKUP, 0) != 0)
+ if (priv_check_cred(cr, PRIV_VFS_LOOKUP) != 0)
return (EACCES);
} else {
- if (priv_check_cred(cr, PRIV_VFS_EXEC, 0) != 0)
+ if (priv_check_cred(cr, PRIV_VFS_EXEC) != 0)
return (EACCES);
}
}
@@ -192,7 +192,7 @@ secpolicy_vnode_any_access(cred_t *cr, vnode_t *vp, ui
continue;
break;
}
- if (priv_check_cred(cr, priv, 0) == 0)
+ if (priv_check_cred(cr, priv) == 0)
return (0);
}
return (EPERM);
@@ -206,7 +206,7 @@ secpolicy_vnode_setdac(vnode_t *vp, cred_t *cr, uid_t
return (0);
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
return (0);
- return (priv_check_cred(cr, PRIV_VFS_ADMIN, 0));
+ return (priv_check_cred(cr, PRIV_VFS_ADMIN));
}
int
@@ -256,7 +256,7 @@ secpolicy_vnode_setattr(cred_t *cr, vnode_t *vp, struc
((mask & AT_GID) && vap->va_gid != ovap->va_gid &&
!groupmember(vap->va_gid, cr))) {
if (secpolicy_fs_owner(vp->v_mount, cr) != 0) {
- error = priv_check_cred(cr, PRIV_VFS_CHOWN, 0);
+ error = priv_check_cred(cr, PRIV_VFS_CHOWN);
if (error)
return (error);
}
@@ -300,7 +300,7 @@ secpolicy_vnode_setids_setgids(vnode_t *vp, cred_t *cr
return (0);
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
return (0);
- return (priv_check_cred(cr, PRIV_VFS_SETGID, 0));
+ return (priv_check_cred(cr, PRIV_VFS_SETGID));
}
int
@@ -310,7 +310,7 @@ secpolicy_vnode_setid_retain(vnode_t *vp, cred_t *cr,
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
return (0);
- return (priv_check_cred(cr, PRIV_VFS_RETAINSUGID, 0));
+ return (priv_check_cred(cr, PRIV_VFS_RETAINSUGID));
}
void
@@ -321,7 +321,7 @@ secpolicy_setid_clear(struct vattr *vap, vnode_t *vp,
return;
if ((vap->va_mode & (S_ISUID | S_ISGID)) != 0) {
- if (priv_check_cred(cr, PRIV_VFS_RETAINSUGID, 0)) {
+ if (priv_check_cred(cr, PRIV_VFS_RETAINSUGID)) {
vap->va_mask |= AT_MODE;
vap->va_mode &= ~(S_ISUID|S_ISGID);
}
@@ -343,7 +343,7 @@ secpolicy_setid_setsticky_clear(vnode_t *vp, struct va
* is not a member of. Both of these are allowed in jail(8).
*/
if (vp->v_type != VDIR && (vap->va_mode & S_ISTXT)) {
- if (priv_check_cred(cr, PRIV_VFS_STICKYFILE, 0))
+ if (priv_check_cred(cr, PRIV_VFS_STICKYFILE))
return (EFTYPE);
}
/*
@@ -359,7 +359,7 @@ secpolicy_setid_setsticky_clear(vnode_t *vp, struct va
* Deny setting setuid if we are not the file owner.
*/
if ((vap->va_mode & S_ISUID) && ovap->va_uid != cr->cr_uid) {
- error = priv_check_cred(cr, PRIV_VFS_ADMIN, 0);
+ error = priv_check_cred(cr, PRIV_VFS_ADMIN);
if (error)
return (error);
}
@@ -370,7 +370,7 @@ int
secpolicy_fs_mount(cred_t *cr, vnode_t *mvp, struct mount *vfsp)
{
- return (priv_check_cred(cr, PRIV_VFS_MOUNT, 0));
+ return (priv_check_cred(cr, PRIV_VFS_MOUNT));
}
int
@@ -383,7 +383,7 @@ secpolicy_vnode_owner(vnode_t *vp, cred_t *cr, uid_t o
return (0);
/* XXX: vfs_suser()? */
- return (priv_check_cred(cr, PRIV_VFS_MOUNT_OWNER, 0));
+ return (priv_check_cred(cr, PRIV_VFS_MOUNT_OWNER));
}
int
@@ -392,14 +392,14 @@ secpolicy_vnode_chown(vnode_t *vp, cred_t *cr, uid_t o
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
return (0);
- return (priv_check_cred(cr, PRIV_VFS_CHOWN, 0));
+ return (priv_check_cred(cr, PRIV_VFS_CHOWN));
}
void
secpolicy_fs_mount_clearopts(cred_t *cr, struct mount *vfsp)
{
- if (priv_check_cred(cr, PRIV_VFS_MOUNT_NONUSER, 0) != 0) {
+ if (priv_check_cred(cr, PRIV_VFS_MOUNT_NONUSER) != 0) {
MNT_ILOCK(vfsp);
vfsp->vfs_flag |= VFS_NOSETUID | MNT_USER;
vfs_clearmntopt(vfsp, MNTOPT_SETUID);
@@ -418,12 +418,12 @@ secpolicy_xvattr(vnode_t *vp, xvattr_t *xvap, uid_t ow
if (secpolicy_fs_owner(vp->v_mount, cr) == 0)
return (0);
- return (priv_check_cred(cr, PRIV_VFS_SYSFLAGS, 0));
+ return (priv_check_cred(cr, PRIV_VFS_SYSFLAGS));
}
int
secpolicy_smb(cred_t *cr)
{
- return (priv_check_cred(cr, PRIV_NETSMB, 0));
+ return (priv_check_cred(cr, PRIV_NETSMB));
}
Modified: head/sys/cddl/compat/opensolaris/kern/opensolaris_zone.c
==============================================================================
--- head/sys/cddl/compat/opensolaris/kern/opensolaris_zone.c Tue Dec 11
19:12:44 2018 (r341826)
+++ head/sys/cddl/compat/opensolaris/kern/opensolaris_zone.c Tue Dec 11
19:32:16 2018 (r341827)
@@ -63,7 +63,7 @@ zone_dataset_attach(struct ucred *cred, const char *da
struct prison *pr;
int dofree, error;
- if ((error = priv_check_cred(cred, PRIV_ZFS_JAIL, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ZFS_JAIL)) != 0)
return (error);
/* Allocate memory before we grab prison's mutex. */
@@ -115,7 +115,7 @@ zone_dataset_detach(struct ucred *cred, const char *da
struct prison *pr;
int error;
- if ((error = priv_check_cred(cred, PRIV_ZFS_JAIL, 0)) != 0)
+ if ((error = priv_check_cred(cred, PRIV_ZFS_JAIL)) != 0)
return (error);
sx_slock(&allprison_lock);
Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
==============================================================================
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c Tue Dec
11 19:12:44 2018 (r341826)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c Tue Dec
11 19:32:16 2018 (r341827)
@@ -5205,7 +5205,7 @@ zfs_freebsd_setattr(ap)
* otherwise, they behave like unprivileged processes.
*/
if (secpolicy_fs_owner(vp->v_mount, cred) == 0 ||
- priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0) == 0) {
+ priv_check_cred(cred, PRIV_VFS_SYSFLAGS) == 0) {
if (zflags &
(ZFS_IMMUTABLE | ZFS_APPENDONLY | ZFS_NOUNLINK)) {
error = securelevel_gt(cred, 0);
Modified: head/sys/compat/linux/linux_misc.c
==============================================================================
--- head/sys/compat/linux/linux_misc.c Tue Dec 11 19:12:44 2018
(r341826)
+++ head/sys/compat/linux/linux_misc.c Tue Dec 11 19:32:16 2018
(r341827)
@@ -1336,7 +1336,7 @@ linux_setgroups(struct thread *td, struct linux_setgro
* Keep cr_groups[0] unchanged to prevent that.
*/
- if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0)) != 0) {
+ if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS)) != 0) {
PROC_UNLOCK(p);
crfree(newcred);
goto out;
Modified: head/sys/compat/linux/linux_uid16.c
==============================================================================
--- head/sys/compat/linux/linux_uid16.c Tue Dec 11 19:12:44 2018
(r341826)
+++ head/sys/compat/linux/linux_uid16.c Tue Dec 11 19:32:16 2018
(r341827)
@@ -192,7 +192,7 @@ linux_setgroups16(struct thread *td, struct linux_setg
* Keep cr_groups[0] unchanged to prevent that.
*/
- if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0)) != 0) {
+ if ((error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS)) != 0) {
PROC_UNLOCK(p);
crfree(newcred);
Modified: head/sys/dev/filemon/filemon_wrapper.c
==============================================================================
--- head/sys/dev/filemon/filemon_wrapper.c Tue Dec 11 19:12:44 2018
(r341826)
+++ head/sys/dev/filemon/filemon_wrapper.c Tue Dec 11 19:32:16 2018
(r341827)
@@ -129,8 +129,7 @@ filemon_event_process_exec(void *arg __unused, struct
/* If the credentials changed then cease tracing. */
if (imgp->newcred != NULL &&
imgp->credential_setid &&
- priv_check_cred(filemon->cred,
- PRIV_DEBUG_DIFFCRED, 0) != 0) {
+ priv_check_cred(filemon->cred, PRIV_DEBUG_DIFFCRED) != 0) {
/*
* It may have changed to NULL already, but
* will not be re-attached by anything else.
Modified: head/sys/fs/ext2fs/ext2_vnops.c
==============================================================================
--- head/sys/fs/ext2fs/ext2_vnops.c Tue Dec 11 19:12:44 2018
(r341826)
+++ head/sys/fs/ext2fs/ext2_vnops.c Tue Dec 11 19:32:16 2018
(r341827)
@@ -420,7 +420,7 @@ ext2_setattr(struct vop_setattr_args *ap)
* Privileged non-jail processes may not modify system flags
* if securelevel > 0 and any existing system flags are set.
*/
- if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) {
+ if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) {
if (ip->i_flags & (SF_IMMUTABLE | SF_APPEND)) {
error = securelevel_gt(cred, 0);
if (error)
@@ -531,12 +531,12 @@ ext2_chmod(struct vnode *vp, int mode, struct ucred *c
* process is not a member of.
*/
if (vp->v_type != VDIR && (mode & S_ISTXT)) {
- error = priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0);
+ error = priv_check_cred(cred, PRIV_VFS_STICKYFILE);
if (error)
return (EFTYPE);
}
if (!groupmember(ip->i_gid, cred) && (mode & ISGID)) {
- error = priv_check_cred(cred, PRIV_VFS_SETGID, 0);
+ error = priv_check_cred(cred, PRIV_VFS_SETGID);
if (error)
return (error);
}
@@ -576,7 +576,7 @@ ext2_chown(struct vnode *vp, uid_t uid, gid_t gid, str
*/
if (uid != ip->i_uid || (gid != ip->i_gid &&
!groupmember(gid, cred))) {
- error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
+ error = priv_check_cred(cred, PRIV_VFS_CHOWN);
if (error)
return (error);
}
@@ -586,7 +586,7 @@ ext2_chown(struct vnode *vp, uid_t uid, gid_t gid, str
ip->i_uid = uid;
ip->i_flag |= IN_CHANGE;
if ((ip->i_mode & (ISUID | ISGID)) && (ouid != uid || ogid != gid)) {
- if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0) != 0)
+ if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID) != 0)
ip->i_mode &= ~(ISUID | ISGID);
}
return (0);
@@ -1983,7 +1983,7 @@ ext2_makeinode(int mode, struct vnode *dvp, struct vno
tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
ip->i_nlink = 1;
if ((ip->i_mode & ISGID) && !groupmember(ip->i_gid, cnp->cn_cred)) {
- if (priv_check_cred(cnp->cn_cred, PRIV_VFS_RETAINSUGID, 0))
+ if (priv_check_cred(cnp->cn_cred, PRIV_VFS_RETAINSUGID))
ip->i_mode &= ~ISGID;
}
@@ -2311,7 +2311,7 @@ ext2_write(struct vop_write_args *ap)
*/
if ((ip->i_mode & (ISUID | ISGID)) && resid > uio->uio_resid &&
ap->a_cred) {
- if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID, 0))
+ if (priv_check_cred(ap->a_cred, PRIV_VFS_RETAINSUGID))
ip->i_mode &= ~(ISUID | ISGID);
}
if (error) {
Modified: head/sys/fs/fuse/fuse_internal.c
==============================================================================
--- head/sys/fs/fuse/fuse_internal.c Tue Dec 11 19:12:44 2018
(r341826)
+++ head/sys/fs/fuse/fuse_internal.c Tue Dec 11 19:32:16 2018
(r341827)
@@ -171,7 +171,7 @@ fuse_internal_access(struct vnode *vp,
return 0;
}
if ((mode & VADMIN) != 0) {
- err = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
+ err = priv_check_cred(cred, PRIV_VFS_ADMIN);
if (err) {
return err;
}
Modified: head/sys/fs/fuse/fuse_vnops.c
==============================================================================
--- head/sys/fs/fuse/fuse_vnops.c Tue Dec 11 19:12:44 2018
(r341826)
+++ head/sys/fs/fuse/fuse_vnops.c Tue Dec 11 19:32:16 2018
(r341827)
@@ -242,7 +242,7 @@ fuse_vnop_access(struct vop_access_args *ap)
}
if (!(data->dataflags & FSESS_INITED)) {
if (vnode_isvroot(vp)) {
- if (priv_check_cred(cred, PRIV_VFS_ADMIN, 0) ||
+ if (priv_check_cred(cred, PRIV_VFS_ADMIN) ||
(fuse_match_cred(data->daemoncred, cred) == 0)) {
return 0;
}
Modified: head/sys/fs/msdosfs/msdosfs_vnops.c
==============================================================================
--- head/sys/fs/msdosfs/msdosfs_vnops.c Tue Dec 11 19:12:44 2018
(r341826)
+++ head/sys/fs/msdosfs/msdosfs_vnops.c Tue Dec 11 19:32:16 2018
(r341827)
@@ -378,7 +378,7 @@ msdosfs_setattr(struct vop_setattr_args *ap)
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != pmp->pm_uid) {
- error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
+ error = priv_check_cred(cred, PRIV_VFS_ADMIN);
if (error)
return (error);
}
@@ -427,7 +427,7 @@ msdosfs_setattr(struct vop_setattr_args *ap)
gid = pmp->pm_gid;
if (cred->cr_uid != pmp->pm_uid || uid != pmp->pm_uid ||
(gid != pmp->pm_gid && !groupmember(gid, cred))) {
- error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0);
+ error = priv_check_cred(cred, PRIV_VFS_CHOWN);
if (error)
return (error);
}
@@ -498,7 +498,7 @@ msdosfs_setattr(struct vop_setattr_args *ap)
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (cred->cr_uid != pmp->pm_uid) {
- error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
+ error = priv_check_cred(cred, PRIV_VFS_ADMIN);
if (error)
return (error);
}
Modified: head/sys/fs/nandfs/nandfs_vnops.c
==============================================================================
--- head/sys/fs/nandfs/nandfs_vnops.c Tue Dec 11 19:12:44 2018
(r341826)
+++ head/sys/fs/nandfs/nandfs_vnops.c Tue Dec 11 19:32:16 2018
(r341827)
@@ -721,11 +721,11 @@ nandfs_chmod(struct vnode *vp, int mode, struct ucred
* jail(8).
*/
if (vp->v_type != VDIR && (mode & S_ISTXT)) {
- if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0))
+ if (priv_check_cred(cred, PRIV_VFS_STICKYFILE))
return (EFTYPE);
}
if (!groupmember(inode->i_gid, cred) && (mode & ISGID)) {
- error = priv_check_cred(cred, PRIV_VFS_SETGID, 0);
+ error = priv_check_cred(cred, PRIV_VFS_SETGID);
if (error)
return (error);
}
@@ -734,7 +734,7 @@ nandfs_chmod(struct vnode *vp, int mode, struct ucred
* Deny setting setuid if we are not the file owner.
*/
if ((mode & ISUID) && inode->i_uid != cred->cr_uid) {
- error = priv_check_cred(cred, PRIV_VFS_ADMIN, 0);
+ error = priv_check_cred(cred, PRIV_VFS_ADMIN);
if (error)
return (error);
}
@@ -777,7 +777,7 @@ nandfs_chown(struct vnode *vp, uid_t uid, gid_t gid, s
*/
if (((uid != inode->i_uid && uid != cred->cr_uid) ||
(gid != inode->i_gid && !groupmember(gid, cred))) &&
- (error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0)))
+ (error = priv_check_cred(cred, PRIV_VFS_CHOWN)))
return (error);
ogid = inode->i_gid;
ouid = inode->i_uid;
@@ -788,7 +788,7 @@ nandfs_chown(struct vnode *vp, uid_t uid, gid_t gid, s
node->nn_flags |= IN_CHANGE;
if ((inode->i_mode & (ISUID | ISGID)) &&
(ouid != uid || ogid != gid)) {
- if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0))
+ if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID))
inode->i_mode &= ~(ISUID | ISGID);
}
DPRINTF(VNCALL, ("%s: vp %p, cred %p, td %p - ret OK\n", __func__, vp,
@@ -839,7 +839,7 @@ nandfs_setattr(struct vop_setattr_args *ap)
*/
flags = inode->i_flags;
- if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) {
+ if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) {
if (flags & (SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
error = securelevel_gt(cred, 0);
if (error)
Modified: head/sys/fs/nfs/nfs_commonsubs.c
==============================================================================
--- head/sys/fs/nfs/nfs_commonsubs.c Tue Dec 11 19:12:44 2018
(r341826)
+++ head/sys/fs/nfs/nfs_commonsubs.c Tue Dec 11 19:32:16 2018
(r341827)
@@ -1869,7 +1869,7 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp,
case NFSATTRBIT_QUOTAHARD:
NFSM_DISSECT(tl, u_int32_t *, NFSX_HYPER);
if (sbp != NULL) {
- if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0))
+ if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA))
freenum = sbp->f_bfree;
else
freenum = sbp->f_bavail;
@@ -1898,7 +1898,7 @@ nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp,
case NFSATTRBIT_QUOTASOFT:
NFSM_DISSECT(tl, u_int32_t *, NFSX_HYPER);
if (sbp != NULL) {
- if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0))
+ if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA))
freenum = sbp->f_bfree;
else
freenum = sbp->f_bavail;
@@ -2756,7 +2756,7 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount
free(cp, M_NFSSTRING);
break;
case NFSATTRBIT_QUOTAHARD:
- if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0))
+ if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA))
freenum = fs->f_bfree;
else
freenum = fs->f_bavail;
@@ -2780,7 +2780,7 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount
retnum += NFSX_HYPER;
break;
case NFSATTRBIT_QUOTASOFT:
- if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0))
+ if (priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA))
freenum = fs->f_bfree;
else
freenum = fs->f_bavail;
@@ -2832,7 +2832,7 @@ nfsv4_fillattr(struct nfsrv_descript *nd, struct mount
break;
case NFSATTRBIT_SPACEAVAIL:
NFSM_BUILD(tl, u_int32_t *, NFSX_HYPER);
- if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE, 0)) {
+ if (priv_check_cred(cred, PRIV_VFS_BLOCKRESERVE)) {
if (pnfssf != NULL)
uquad = (u_int64_t)pnfssf->f_bfree;
else
Modified: head/sys/fs/nfsserver/nfs_nfsdport.c
==============================================================================
--- head/sys/fs/nfsserver/nfs_nfsdport.c Tue Dec 11 19:12:44 2018
(r341826)
+++ head/sys/fs/nfsserver/nfs_nfsdport.c Tue Dec 11 19:32:16 2018
(r341827)
@@ -996,8 +996,7 @@ nfsvno_createsub(struct nfsrv_descript *nd, struct nam
if (nvap->na_type == VCHR && rdev == 0xffffffff)
nvap->na_type = VFIFO;
if (nvap->na_type != VFIFO &&
- (error = priv_check_cred(nd->nd_cred,
- PRIV_VFS_MKNOD_DEV, 0))) {
+ (error = priv_check_cred(nd->nd_cred,
PRIV_VFS_MKNOD_DEV))) {
vrele(ndp->ni_startdir);
nfsvno_relpathbuf(ndp);
vput(ndp->ni_dvp);
@@ -1091,7 +1090,7 @@ nfsvno_mknod(struct nameidata *ndp, struct nfsvattr *n
nfsvno_relpathbuf(ndp);
} else {
if (nvap->na_type != VFIFO &&
- (error = priv_check_cred(cred, PRIV_VFS_MKNOD_DEV, 0))) {
+ (error = priv_check_cred(cred, PRIV_VFS_MKNOD_DEV))) {
vrele(ndp->ni_startdir);
nfsvno_relpathbuf(ndp);
vput(ndp->ni_dvp);
Modified: head/sys/fs/tmpfs/tmpfs_subr.c
==============================================================================
--- head/sys/fs/tmpfs/tmpfs_subr.c Tue Dec 11 19:12:44 2018
(r341826)
+++ head/sys/fs/tmpfs/tmpfs_subr.c Tue Dec 11 19:32:16 2018
(r341827)
@@ -1522,7 +1522,7 @@ tmpfs_chflags(struct vnode *vp, u_long flags, struct u
* Unprivileged processes are not permitted to unset system
* flags, or modify flags if any system flags are set.
*/
- if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) {
+ if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS)) {
if (node->tn_flags &
(SF_NOUNLINK | SF_IMMUTABLE | SF_APPEND)) {
error = securelevel_gt(cred, 0);
@@ -1579,11 +1579,11 @@ tmpfs_chmod(struct vnode *vp, mode_t mode, struct ucre
* process is not a member of.
*/
if (vp->v_type != VDIR && (mode & S_ISTXT)) {
- if (priv_check_cred(cred, PRIV_VFS_STICKYFILE, 0))
+ if (priv_check_cred(cred, PRIV_VFS_STICKYFILE))
return (EFTYPE);
}
if (!groupmember(node->tn_gid, cred) && (mode & S_ISGID)) {
- error = priv_check_cred(cred, PRIV_VFS_SETGID, 0);
+ error = priv_check_cred(cred, PRIV_VFS_SETGID);
if (error)
return (error);
}
@@ -1649,7 +1649,7 @@ tmpfs_chown(struct vnode *vp, uid_t uid, gid_t gid, st
*/
if ((uid != node->tn_uid ||
(gid != node->tn_gid && !groupmember(gid, cred))) &&
- (error = priv_check_cred(cred, PRIV_VFS_CHOWN, 0)))
+ (error = priv_check_cred(cred, PRIV_VFS_CHOWN)))
return (error);
ogid = node->tn_gid;
@@ -1661,7 +1661,7 @@ tmpfs_chown(struct vnode *vp, uid_t uid, gid_t gid, st
node->tn_status |= TMPFS_NODE_CHANGED;
if ((node->tn_mode & (S_ISUID | S_ISGID)) && (ouid != uid || ogid !=
gid)) {
- if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID, 0))
+ if (priv_check_cred(cred, PRIV_VFS_RETAINSUGID))
node->tn_mode &= ~(S_ISUID | S_ISGID);
}
Modified: head/sys/fs/tmpfs/tmpfs_vnops.c
==============================================================================
--- head/sys/fs/tmpfs/tmpfs_vnops.c Tue Dec 11 19:12:44 2018
(r341826)
+++ head/sys/fs/tmpfs/tmpfs_vnops.c Tue Dec 11 19:32:16 2018
(r341827)
@@ -523,7 +523,7 @@ tmpfs_write(struct vop_write_args *v)
node->tn_status |= TMPFS_NODE_ACCESSED | TMPFS_NODE_MODIFIED |
TMPFS_NODE_CHANGED;
if (node->tn_mode & (S_ISUID | S_ISGID)) {
- if (priv_check_cred(v->a_cred, PRIV_VFS_RETAINSUGID, 0))
+ if (priv_check_cred(v->a_cred, PRIV_VFS_RETAINSUGID))
node->tn_mode &= ~(S_ISUID | S_ISGID);
}
if (error != 0)
Modified: head/sys/kern/kern_exec.c
==============================================================================
--- head/sys/kern/kern_exec.c Tue Dec 11 19:12:44 2018 (r341826)
+++ head/sys/kern/kern_exec.c Tue Dec 11 19:32:16 2018 (r341827)
@@ -786,7 +786,7 @@ interpret:
#ifdef KTRACE
if (p->p_tracecred != NULL &&
- priv_check_cred(p->p_tracecred, PRIV_DEBUG_DIFFCRED, 0))
+ priv_check_cred(p->p_tracecred, PRIV_DEBUG_DIFFCRED))
ktrprocexec(p, &tracecred, &tracevp);
#endif
/*
Modified: head/sys/kern/kern_fork.c
==============================================================================
--- head/sys/kern/kern_fork.c Tue Dec 11 19:12:44 2018 (r341826)
+++ head/sys/kern/kern_fork.c Tue Dec 11 19:32:16 2018 (r341827)
@@ -838,8 +838,7 @@ fork1(struct thread *td, struct fork_req *fr)
* processes; don't let root exceed the limit.
*/
nprocs_new = atomic_fetchadd_int(&nprocs, 1) + 1;
- if ((nprocs_new >= maxproc - 10 && priv_check_cred(td->td_ucred,
- PRIV_MAXPROC, 0) != 0) || nprocs_new >= maxproc) {
+ if ((nprocs_new >= maxproc - 10 && priv_check_cred(td->td_ucred,
PRIV_MAXPROC) != 0) || nprocs_new >= maxproc) {
error = EAGAIN;
sx_xlock(&allproc_lock);
if (ppsratecheck(&lastfail, &curfail, 1)) {
@@ -936,7 +935,7 @@ fork1(struct thread *td, struct fork_req *fr)
*
* XXXRW: Can we avoid privilege here if it's not needed?
*/
- error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT, 0);
+ error = priv_check_cred(td->td_ucred, PRIV_PROC_LIMIT);
if (error == 0)
ok = chgproccnt(td->td_ucred->cr_ruidinfo, 1, 0);
else {
Modified: head/sys/kern/kern_priv.c
==============================================================================
--- head/sys/kern/kern_priv.c Tue Dec 11 19:12:44 2018 (r341826)
+++ head/sys/kern/kern_priv.c Tue Dec 11 19:32:16 2018 (r341827)
@@ -76,7 +76,7 @@ SDT_PROBE_DEFINE1(priv, kernel, priv_check, priv__err,
* only a few to grant it.
*/
int
-priv_check_cred(struct ucred *cred, int priv, int flags)
+priv_check_cred(struct ucred *cred, int priv)
{
int error;
@@ -207,5 +207,5 @@ priv_check(struct thread *td, int priv)
KASSERT(td == curthread, ("priv_check: td != curthread"));
- return (priv_check_cred(td->td_ucred, priv, 0));
+ return (priv_check_cred(td->td_ucred, priv));
}
Modified: head/sys/kern/kern_prot.c
==============================================================================
--- head/sys/kern/kern_prot.c Tue Dec 11 19:12:44 2018 (r341826)
+++ head/sys/kern/kern_prot.c Tue Dec 11 19:32:16 2018 (r341827)
@@ -518,7 +518,7 @@ sys_setuid(struct thread *td, struct setuid_args *uap)
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
uid != oldcred->cr_uid && /* allow setuid(geteuid()) */
#endif
- (error = priv_check_cred(oldcred, PRIV_CRED_SETUID, 0)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETUID)) != 0)
goto fail;
#ifdef _POSIX_SAVED_IDS
@@ -531,7 +531,7 @@ sys_setuid(struct thread *td, struct setuid_args *uap)
uid == oldcred->cr_uid ||
#endif
/* We are using privs. */
- priv_check_cred(oldcred, PRIV_CRED_SETUID, 0) == 0)
+ priv_check_cred(oldcred, PRIV_CRED_SETUID) == 0)
#endif
{
/*
@@ -615,7 +615,7 @@ sys_seteuid(struct thread *td, struct seteuid_args *ua
if (euid != oldcred->cr_ruid && /* allow seteuid(getuid()) */
euid != oldcred->cr_svuid && /* allow seteuid(saved uid) */
- (error = priv_check_cred(oldcred, PRIV_CRED_SETEUID, 0)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETEUID)) != 0)
goto fail;
/*
@@ -682,7 +682,7 @@ sys_setgid(struct thread *td, struct setgid_args *uap)
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */
#endif
- (error = priv_check_cred(oldcred, PRIV_CRED_SETGID, 0)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETGID)) != 0)
goto fail;
#ifdef _POSIX_SAVED_IDS
@@ -695,7 +695,7 @@ sys_setgid(struct thread *td, struct setgid_args *uap)
gid == oldcred->cr_groups[0] ||
#endif
/* We are using privs. */
- priv_check_cred(oldcred, PRIV_CRED_SETGID, 0) == 0)
+ priv_check_cred(oldcred, PRIV_CRED_SETGID) == 0)
#endif
{
/*
@@ -764,7 +764,7 @@ sys_setegid(struct thread *td, struct setegid_args *ua
if (egid != oldcred->cr_rgid && /* allow setegid(getgid()) */
egid != oldcred->cr_svgid && /* allow setegid(saved gid) */
- (error = priv_check_cred(oldcred, PRIV_CRED_SETEGID, 0)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETEGID)) != 0)
goto fail;
if (oldcred->cr_groups[0] != egid) {
@@ -835,7 +835,7 @@ kern_setgroups(struct thread *td, u_int ngrp, gid_t *g
goto fail;
#endif
- error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS, 0);
+ error = priv_check_cred(oldcred, PRIV_CRED_SETGROUPS);
if (error)
goto fail;
@@ -898,7 +898,7 @@ sys_setreuid(struct thread *td, struct setreuid_args *
ruid != oldcred->cr_svuid) ||
(euid != (uid_t)-1 && euid != oldcred->cr_uid &&
euid != oldcred->cr_ruid && euid != oldcred->cr_svuid)) &&
- (error = priv_check_cred(oldcred, PRIV_CRED_SETREUID, 0)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETREUID)) != 0)
goto fail;
if (euid != (uid_t)-1 && oldcred->cr_uid != euid) {
@@ -970,7 +970,7 @@ sys_setregid(struct thread *td, struct setregid_args *
rgid != oldcred->cr_svgid) ||
(egid != (gid_t)-1 && egid != oldcred->cr_groups[0] &&
egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) &&
- (error = priv_check_cred(oldcred, PRIV_CRED_SETREGID, 0)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETREGID)) != 0)
goto fail;
if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) {
@@ -1045,7 +1045,7 @@ sys_setresuid(struct thread *td, struct setresuid_args
(suid != (uid_t)-1 && suid != oldcred->cr_ruid &&
suid != oldcred->cr_svuid &&
suid != oldcred->cr_uid)) &&
- (error = priv_check_cred(oldcred, PRIV_CRED_SETRESUID, 0)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETRESUID)) != 0)
goto fail;
if (euid != (uid_t)-1 && oldcred->cr_uid != euid) {
@@ -1129,7 +1129,7 @@ sys_setresgid(struct thread *td, struct setresgid_args
(sgid != (gid_t)-1 && sgid != oldcred->cr_rgid &&
sgid != oldcred->cr_svgid &&
sgid != oldcred->cr_groups[0])) &&
- (error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID, 0)) != 0)
+ (error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID)) != 0)
goto fail;
if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) {
@@ -1343,7 +1343,7 @@ cr_canseeotheruids(struct ucred *u1, struct ucred *u2)
{
if (!see_other_uids && u1->cr_ruid != u2->cr_ruid) {
- if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, 0) != 0)
+ if (priv_check_cred(u1, PRIV_SEEOTHERUIDS) != 0)
return (ESRCH);
}
return (0);
@@ -1382,7 +1382,7 @@ cr_canseeothergids(struct ucred *u1, struct ucred *u2)
break;
}
if (!match) {
- if (priv_check_cred(u1, PRIV_SEEOTHERGIDS, 0) != 0)
+ if (priv_check_cred(u1, PRIV_SEEOTHERGIDS) != 0)
return (ESRCH);
}
}
@@ -1530,7 +1530,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, in
break;
default:
/* Not permitted without privilege. */
- error = priv_check_cred(cred, PRIV_SIGNAL_SUGID, 0);
+ error = priv_check_cred(cred, PRIV_SIGNAL_SUGID);
if (error)
return (error);
}
@@ -1544,7 +1544,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, in
cred->cr_ruid != proc->p_ucred->cr_svuid &&
cred->cr_uid != proc->p_ucred->cr_ruid &&
cred->cr_uid != proc->p_ucred->cr_svuid) {
- error = priv_check_cred(cred, PRIV_SIGNAL_DIFFCRED, 0);
+ error = priv_check_cred(cred, PRIV_SIGNAL_DIFFCRED);
if (error)
return (error);
}
Modified: head/sys/kern/subr_acl_nfs4.c
==============================================================================
--- head/sys/kern/subr_acl_nfs4.c Tue Dec 11 19:12:44 2018
(r341826)
+++ head/sys/kern/subr_acl_nfs4.c Tue Dec 11 19:32:16 2018
(r341827)
@@ -259,8 +259,7 @@ vaccess_acl_nfs4(enum vtype type, uid_t file_uid, gid_
* No match. Try to use privileges, if there are any.
*/
if (is_directory) {
- if ((accmode & VEXEC) && !priv_check_cred(cred,
- PRIV_VFS_LOOKUP, 0))
+ if ((accmode & VEXEC) && !priv_check_cred(cred,
PRIV_VFS_LOOKUP))
priv_granted |= VEXEC;
} else {
/*
@@ -270,23 +269,23 @@ vaccess_acl_nfs4(enum vtype type, uid_t file_uid, gid_
*/
if ((accmode & VEXEC) && (file_mode &
(S_IXUSR | S_IXGRP | S_IXOTH)) != 0 &&
- !priv_check_cred(cred, PRIV_VFS_EXEC, 0))
+ !priv_check_cred(cred, PRIV_VFS_EXEC))
priv_granted |= VEXEC;
}
- if ((accmode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ, 0))
+ if ((accmode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ))
priv_granted |= VREAD;
if ((accmode & (VWRITE | VAPPEND | VDELETE_CHILD)) &&
- !priv_check_cred(cred, PRIV_VFS_WRITE, 0))
+ !priv_check_cred(cred, PRIV_VFS_WRITE))
priv_granted |= (VWRITE | VAPPEND | VDELETE_CHILD);
if ((accmode & VADMIN_PERMS) &&
- !priv_check_cred(cred, PRIV_VFS_ADMIN, 0))
+ !priv_check_cred(cred, PRIV_VFS_ADMIN))
priv_granted |= VADMIN_PERMS;
if ((accmode & VSTAT_PERMS) &&
- !priv_check_cred(cred, PRIV_VFS_STAT, 0))
+ !priv_check_cred(cred, PRIV_VFS_STAT))
priv_granted |= VSTAT_PERMS;
if ((accmode & priv_granted) == accmode) {
Modified: head/sys/kern/subr_acl_posix1e.c
==============================================================================
--- head/sys/kern/subr_acl_posix1e.c Tue Dec 11 19:12:44 2018
(r341826)
+++ head/sys/kern/subr_acl_posix1e.c Tue Dec 11 19:32:16 2018
(r341827)
@@ -90,8 +90,7 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, g
priv_granted = 0;
if (type == VDIR) {
- if ((accmode & VEXEC) && !priv_check_cred(cred,
- PRIV_VFS_LOOKUP, 0))
+ if ((accmode & VEXEC) && !priv_check_cred(cred,
PRIV_VFS_LOOKUP))
priv_granted |= VEXEC;
} else {
/*
@@ -101,18 +100,18 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, g
*/
if ((accmode & VEXEC) && (acl_posix1e_acl_to_mode(acl) &
(S_IXUSR | S_IXGRP | S_IXOTH)) != 0 &&
- !priv_check_cred(cred, PRIV_VFS_EXEC, 0))
+ !priv_check_cred(cred, PRIV_VFS_EXEC))
priv_granted |= VEXEC;
}
- if ((accmode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ, 0))
+ if ((accmode & VREAD) && !priv_check_cred(cred, PRIV_VFS_READ))
priv_granted |= VREAD;
if (((accmode & VWRITE) || (accmode & VAPPEND)) &&
- !priv_check_cred(cred, PRIV_VFS_WRITE, 0))
+ !priv_check_cred(cred, PRIV_VFS_WRITE))
priv_granted |= (VWRITE | VAPPEND);
- if ((accmode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN, 0))
+ if ((accmode & VADMIN) && !priv_check_cred(cred, PRIV_VFS_ADMIN))
priv_granted |= VADMIN;
/*
Modified: head/sys/kern/uipc_mqueue.c
==============================================================================
--- head/sys/kern/uipc_mqueue.c Tue Dec 11 19:12:44 2018 (r341826)
+++ head/sys/kern/uipc_mqueue.c Tue Dec 11 19:32:16 2018 (r341827)
@@ -1032,7 +1032,7 @@ int do_unlink(struct mqfs_node *pn, struct ucred *ucre
sx_assert(&pn->mn_info->mi_lock, SX_LOCKED);
if (ucred->cr_uid != pn->mn_uid &&
- (error = priv_check_cred(ucred, PRIV_MQ_ADMIN, 0)) != 0)
+ (error = priv_check_cred(ucred, PRIV_MQ_ADMIN)) != 0)
error = EACCES;
else if (!pn->mn_deleted) {
parent = pn->mn_parent;
@@ -2581,7 +2581,7 @@ mqf_chown(struct file *fp, uid_t uid, gid_t gid, struc
gid = pn->mn_gid;
if (((uid != pn->mn_uid && uid != active_cred->cr_uid) ||
(gid != pn->mn_gid && !groupmember(gid, active_cred))) &&
- (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN, 0)))
+ (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN)))
goto out;
pn->mn_uid = uid;
pn->mn_gid = gid;
Modified: head/sys/kern/uipc_sem.c
==============================================================================
--- head/sys/kern/uipc_sem.c Tue Dec 11 19:12:44 2018 (r341826)
+++ head/sys/kern/uipc_sem.c Tue Dec 11 19:32:16 2018 (r341827)
@@ -242,7 +242,7 @@ ksem_chown(struct file *fp, uid_t uid, gid_t gid, stru
gid = ks->ks_gid;
if (((uid != ks->ks_uid && uid != active_cred->cr_uid) ||
(gid != ks->ks_gid && !groupmember(gid, active_cred))) &&
- (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN, 0)))
+ (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN)))
goto out;
ks->ks_uid = uid;
ks->ks_gid = gid;
@@ -364,7 +364,7 @@ ksem_access(struct ksem *ks, struct ucred *ucred)
error = vaccess(VREG, ks->ks_mode, ks->ks_uid, ks->ks_gid,
VREAD | VWRITE, ucred, NULL);
if (error)
- error = priv_check_cred(ucred, PRIV_SEM_WRITE, 0);
+ error = priv_check_cred(ucred, PRIV_SEM_WRITE);
return (error);
}
Modified: head/sys/kern/uipc_shm.c
==============================================================================
--- head/sys/kern/uipc_shm.c Tue Dec 11 19:12:44 2018 (r341826)
+++ head/sys/kern/uipc_shm.c Tue Dec 11 19:32:16 2018 (r341827)
@@ -968,7 +968,7 @@ shm_chown(struct file *fp, uid_t uid, gid_t gid, struc
gid = shmfd->shm_gid;
if (((uid != shmfd->shm_uid && uid != active_cred->cr_uid) ||
(gid != shmfd->shm_gid && !groupmember(gid, active_cred))) &&
- (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN, 0)))
+ (error = priv_check_cred(active_cred, PRIV_VFS_CHOWN)))
goto out;
shmfd->shm_uid = uid;
shmfd->shm_gid = gid;
Modified: head/sys/kern/vfs_mount.c
==============================================================================
--- head/sys/kern/vfs_mount.c Tue Dec 11 19:12:44 2018 (r341826)
+++ head/sys/kern/vfs_mount.c Tue Dec 11 19:32:16 2018 (r341827)
@@ -862,7 +862,7 @@ vfs_domount_first(
*/
error = VOP_GETATTR(vp, &va, td->td_ucred);
if (error == 0 && va.va_uid != td->td_ucred->cr_uid)
- error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN, 0);
+ error = priv_check_cred(td->td_ucred, PRIV_VFS_ADMIN);
if (error == 0)
error = vinvalbuf(vp, V_SAVE, 0, 0);
if (error == 0 && vp->v_type != VDIR)
Modified: head/sys/kern/vfs_subr.c
==============================================================================
--- head/sys/kern/vfs_subr.c Tue Dec 11 19:12:44 2018 (r341826)
+++ head/sys/kern/vfs_subr.c Tue Dec 11 19:32:16 2018 (r341827)
@@ -4469,7 +4469,7 @@ privcheck:
* requests, instead of PRIV_VFS_EXEC.
*/
if ((accmode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
- !priv_check_cred(cred, PRIV_VFS_LOOKUP, 0))
+ !priv_check_cred(cred, PRIV_VFS_LOOKUP))
priv_granted |= VEXEC;
} else {
/*
@@ -4479,20 +4479,20 @@ privcheck:
*/
if ((accmode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
(file_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) != 0 &&
- !priv_check_cred(cred, PRIV_VFS_EXEC, 0))
+ !priv_check_cred(cred, PRIV_VFS_EXEC))
priv_granted |= VEXEC;
}
if ((accmode & VREAD) && ((dac_granted & VREAD) == 0) &&
- !priv_check_cred(cred, PRIV_VFS_READ, 0))
+ !priv_check_cred(cred, PRIV_VFS_READ))
priv_granted |= VREAD;
if ((accmode & VWRITE) && ((dac_granted & VWRITE) == 0) &&
- !priv_check_cred(cred, PRIV_VFS_WRITE, 0))
+ !priv_check_cred(cred, PRIV_VFS_WRITE))
priv_granted |= (VWRITE | VAPPEND);
if ((accmode & VADMIN) && ((dac_granted & VADMIN) == 0) &&
- !priv_check_cred(cred, PRIV_VFS_ADMIN, 0))
+ !priv_check_cred(cred, PRIV_VFS_ADMIN))
priv_granted |= VADMIN;
if ((accmode & (priv_granted | dac_granted)) == accmode) {
@@ -4527,7 +4527,7 @@ extattr_check_cred(struct vnode *vp, int attrnamespace
switch (attrnamespace) {
case EXTATTR_NAMESPACE_SYSTEM:
/* Potentially should be: return (EPERM); */
- return (priv_check_cred(cred, PRIV_VFS_EXTATTR_SYSTEM, 0));
+ return (priv_check_cred(cred, PRIV_VFS_EXTATTR_SYSTEM));
case EXTATTR_NAMESPACE_USER:
return (VOP_ACCESS(vp, accmode, cred, td));
default:
Modified: head/sys/kern/vfs_syscalls.c
==============================================================================
--- head/sys/kern/vfs_syscalls.c Tue Dec 11 19:12:44 2018
(r341826)
+++ head/sys/kern/vfs_syscalls.c Tue Dec 11 19:32:16 2018
(r341827)
@@ -1484,13 +1484,13 @@ can_hardlink(struct vnode *vp, struct ucred *cred)
return (error);
if (hardlink_check_uid && cred->cr_uid != va.va_uid) {
- error = priv_check_cred(cred, PRIV_VFS_LINK, 0);
+ error = priv_check_cred(cred, PRIV_VFS_LINK);
if (error != 0)
return (error);
}
if (hardlink_check_gid && !groupmember(va.va_gid, cred)) {
- error = priv_check_cred(cred, PRIV_VFS_LINK, 0);
+ error = priv_check_cred(cred, PRIV_VFS_LINK);
if (error != 0)
return (error);
}
Modified: head/sys/net/if_tap.c
==============================================================================
--- head/sys/net/if_tap.c Tue Dec 11 19:12:44 2018 (r341826)
+++ head/sys/net/if_tap.c Tue Dec 11 19:32:16 2018 (r341827)
@@ -346,7 +346,7 @@ tapclone(void *arg, struct ucred *cred, char *name, in
return;
if (!tapdclone ||
- (!tapuopen && priv_check_cred(cred, PRIV_NET_IFCREATE, 0) != 0))
+ (!tapuopen && priv_check_cred(cred, PRIV_NET_IFCREATE) != 0))
return;
unit = 0;
Modified: head/sys/net/if_tun.c
==============================================================================
--- head/sys/net/if_tun.c Tue Dec 11 19:12:44 2018 (r341826)
+++ head/sys/net/if_tun.c Tue Dec 11 19:32:16 2018 (r341827)
@@ -204,7 +204,7 @@ tunclone(void *arg, struct ucred *cred, char *name, in
* If tun cloning is enabled, only the superuser can create an
* interface.
*/
- if (!tundclone || priv_check_cred(cred, PRIV_NET_IFCREATE, 0) != 0)
+ if (!tundclone || priv_check_cred(cred, PRIV_NET_IFCREATE) != 0)
return;
if (strcmp(name, tunname) == 0) {
Modified: head/sys/netinet/in_pcb.c
==============================================================================
--- head/sys/netinet/in_pcb.c Tue Dec 11 19:12:44 2018 (r341826)
+++ head/sys/netinet/in_pcb.c Tue Dec 11 19:32:16 2018 (r341827)
@@ -622,7 +622,7 @@ in_pcb_lport(struct inpcb *inp, struct in_addr *laddrp
last = V_ipport_hilastauto;
lastport = &pcbinfo->ipi_lasthi;
} else if (inp->inp_flags & INP_LOWPORT) {
- error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0);
+ error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT);
if (error)
return (error);
first = V_ipport_lowfirstauto; /* 1023 */
@@ -866,12 +866,10 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr *n
/* GROSS */
if (ntohs(lport) <= V_ipport_reservedhigh &&
ntohs(lport) >= V_ipport_reservedlow &&
- priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
- 0))
+ priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT))
return (EACCES);
if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) &&
- priv_check_cred(inp->inp_cred,
- PRIV_NETINET_REUSEPORT, 0) != 0) {
+ priv_check_cred(inp->inp_cred,
PRIV_NETINET_REUSEPORT) != 0) {
t = in_pcblookup_local(pcbinfo, sin->sin_addr,
lport, INPLOOKUP_WILDCARD, cred);
/*
Modified: head/sys/netinet6/in6_pcb.c
==============================================================================
--- head/sys/netinet6/in6_pcb.c Tue Dec 11 19:12:44 2018 (r341826)
+++ head/sys/netinet6/in6_pcb.c Tue Dec 11 19:32:16 2018 (r341827)
@@ -212,12 +212,10 @@ in6_pcbbind(struct inpcb *inp, struct sockaddr *nam,
/* GROSS */
if (ntohs(lport) <= V_ipport_reservedhigh &&
ntohs(lport) >= V_ipport_reservedlow &&
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
