Index: altq/altq_afmap.c
===================================================================
RCS file: /cvsroot/src/sys/altq/altq_afmap.c,v
retrieving revision 1.20
diff -u -p -u -r1.20 altq_afmap.c
--- altq/altq_afmap.c 20 Mar 2014 20:51:54 -0000 1.20
+++ altq/altq_afmap.c 18 Sep 2021 21:46:05 -0000
@@ -357,12 +357,9 @@ afmioctl(dev_t dev, ioctlcmd_t cmd, void
case AFM_GETFMAP:
break;
default:
-#if (__FreeBSD_version > 400000)
- error = suser(p);
-#else
- error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_ALTQ,
- KAUTH_REQ_NETWORK_ALTQ_AFMAP, NULL, NULL, NULL);
-#endif
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_ALTQ, KAUTH_REQ_NETWORK_ALTQ_AFMAP, NULL,
+ NULL, NULL);
if (error)
return (error);
break;
Index: altq/altq_blue.c
===================================================================
RCS file: /cvsroot/src/sys/altq/altq_blue.c,v
retrieving revision 1.25
diff -u -p -u -r1.25 altq_blue.c
--- altq/altq_blue.c 26 Dec 2019 04:53:11 -0000 1.25
+++ altq/altq_blue.c 18 Sep 2021 21:46:05 -0000
@@ -163,15 +163,10 @@ blueioctl(dev_t dev, ioctlcmd_t cmd, voi
case BLUE_GETSTATS:
break;
default:
-#if (__FreeBSD_version > 400000)
- if ((error = suser(p)) != 0)
- return (error);
-#else
- if ((error = kauth_authorize_network(l->l_cred,
+ if ((error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_ALTQ, KAUTH_REQ_NETWORK_ALTQ_BLUE, NULL,
NULL, NULL)) != 0)
return (error);
-#endif
break;
}
Index: altq/altq_cbq.c
===================================================================
RCS file: /cvsroot/src/sys/altq/altq_cbq.c,v
retrieving revision 1.37
diff -u -p -u -r1.37 altq_cbq.c
--- altq/altq_cbq.c 17 Aug 2021 22:00:26 -0000 1.37
+++ altq/altq_cbq.c 18 Sep 2021 21:46:05 -0000
@@ -1011,12 +1011,9 @@ cbqioctl(dev_t dev, ioctlcmd_t cmd, void
/* currently only command that an ordinary user can call */
break;
default:
-#if (__FreeBSD_version > 400000)
- error = suser(p);
-#else
- error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_ALTQ,
- KAUTH_REQ_NETWORK_ALTQ_CBQ, NULL, NULL, NULL);
-#endif
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_ALTQ, KAUTH_REQ_NETWORK_ALTQ_CBQ, NULL, NULL,
+ NULL);
if (error)
return (error);
break;
Index: altq/altq_cdnr.c
===================================================================
RCS file: /cvsroot/src/sys/altq/altq_cdnr.c,v
retrieving revision 1.21
diff -u -p -u -r1.21 altq_cdnr.c
--- altq/altq_cdnr.c 10 Jun 2016 13:31:43 -0000 1.21
+++ altq/altq_cdnr.c 18 Sep 2021 21:46:05 -0000
@@ -1189,13 +1189,9 @@ cdnrioctl(dev_t dev, ioctlcmd_t cmd, voi
case CDNR_GETSTATS:
break;
default:
-#if (__FreeBSD_version > 400000)
- if ((error = suser(p)) != 0)
-#else
- if ((error = kauth_authorize_network(l->l_cred,
+ if ((error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_ALTQ, KAUTH_REQ_NETWORK_ALTQ_CDNR, NULL,
NULL, NULL)) != 0)
-#endif
return (error);
break;
}
Index: altq/altq_conf.c
===================================================================
RCS file: /cvsroot/src/sys/altq/altq_conf.c,v
retrieving revision 1.21
diff -u -p -u -r1.21 altq_conf.c
--- altq/altq_conf.c 25 Jul 2014 08:10:31 -0000 1.21
+++ altq/altq_conf.c 18 Sep 2021 21:46:05 -0000
@@ -224,15 +224,11 @@ altqioctl(dev_t dev, ioctlcmd_t cmd, voi
case ALTQTBRGET:
break;
default:
-#if (__FreeBSD_version > 400000)
- if ((error = suser(p)) != 0)
+ if ((error = kauth_authorize_network(l->l_proc,
+ l->l_cred, KAUTH_NETWORK_ALTQ,
+ KAUTH_REQ_NETWORK_ALTQ_CONF, NULL, NULL,
+ NULL)) != 0)
return (error);
-#else
- if ((error = kauth_authorize_network(l->l_cred,
- KAUTH_NETWORK_ALTQ, KAUTH_REQ_NETWORK_ALTQ_CONF,
- NULL, NULL, NULL)) != 0)
- return (error);
-#endif
break;
}
Index: altq/altq_fifoq.c
===================================================================
RCS file: /cvsroot/src/sys/altq/altq_fifoq.c,v
retrieving revision 1.17
diff -u -p -u -r1.17 altq_fifoq.c
--- altq/altq_fifoq.c 20 Apr 2016 08:58:48 -0000 1.17
+++ altq/altq_fifoq.c 18 Sep 2021 21:46:05 -0000
@@ -131,15 +131,10 @@ fifoqioctl(dev_t dev, ioctlcmd_t cmd, vo
case FIFOQ_GETSTATS:
break;
default:
-#if (__FreeBSD_version > 400000)
- if ((error = suser(p)) != 0)
- return (error);
-#else
- if ((error = kauth_authorize_network(l->l_cred,
+ if ((error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_ALTQ, KAUTH_REQ_NETWORK_ALTQ_FIFOQ, NULL,
NULL, NULL)) != 0)
return (error);
-#endif
break;
}
Index: altq/altq_hfsc.c
===================================================================
RCS file: /cvsroot/src/sys/altq/altq_hfsc.c,v
retrieving revision 1.29
diff -u -p -u -r1.29 altq_hfsc.c
--- altq/altq_hfsc.c 30 Aug 2021 08:40:31 -0000 1.29
+++ altq/altq_hfsc.c 18 Sep 2021 21:46:05 -0000
@@ -1916,15 +1916,10 @@ hfscioctl(dev_t dev, ioctlcmd_t cmd, voi
case HFSC_GETSTATS:
break;
default:
-#if (__FreeBSD_version > 400000)
- if ((error = suser(p)) != 0)
- return (error);
-#else
- if ((error = kauth_authorize_network(l->l_cred,
+ if ((error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_ALTQ, KAUTH_REQ_NETWORK_ALTQ_HFSC, NULL,
NULL, NULL)) != 0)
return (error);
-#endif
break;
}
Index: altq/altq_jobs.c
===================================================================
RCS file: /cvsroot/src/sys/altq/altq_jobs.c,v
retrieving revision 1.11
diff -u -p -u -r1.11 altq_jobs.c
--- altq/altq_jobs.c 28 Jul 2017 13:53:17 -0000 1.11
+++ altq/altq_jobs.c 18 Sep 2021 21:46:05 -0000
@@ -1858,7 +1858,6 @@ jobsioctl(dev_t dev, ioctlcmd_t cmd, voi
{
struct jobs_if *jif;
struct jobs_interface *ifacep;
- struct proc *p = l->l_proc;
int error = 0;
/* check super-user privilege */
@@ -1866,15 +1865,10 @@ jobsioctl(dev_t dev, ioctlcmd_t cmd, voi
case JOBS_GETSTATS:
break;
default:
-#if (__FreeBSD_version > 400000)
- if ((error = suser(p)) != 0)
- return (error);
-#else
- if ((error = kauth_authorize_network(p->p_cred,
+ if ((error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_ALTQ, KAUTH_REQ_NETWORK_ALTQ_JOBS, NULL,
NULL, NULL)) != 0)
return (error);
-#endif
break;
}
Index: altq/altq_priq.c
===================================================================
RCS file: /cvsroot/src/sys/altq/altq_priq.c,v
retrieving revision 1.27
diff -u -p -u -r1.27 altq_priq.c
--- altq/altq_priq.c 30 Aug 2021 08:40:31 -0000 1.27
+++ altq/altq_priq.c 18 Sep 2021 21:46:05 -0000
@@ -711,15 +711,10 @@ priqioctl(dev_t dev, ioctlcmd_t cmd, voi
case PRIQ_GETSTATS:
break;
default:
-#if (__FreeBSD_version > 400000)
- if ((error = suser(p)) != 0)
- return (error);
-#else
- if ((error = kauth_authorize_network(l->l_cred,
+ if ((error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_ALTQ, KAUTH_REQ_NETWORK_ALTQ_PRIQ, NULL,
NULL, NULL)) != 0)
return (error);
-#endif
break;
}
Index: altq/altq_red.c
===================================================================
RCS file: /cvsroot/src/sys/altq/altq_red.c,v
retrieving revision 1.33
diff -u -p -u -r1.33 altq_red.c
--- altq/altq_red.c 3 Sep 2021 21:54:59 -0000 1.33
+++ altq/altq_red.c 18 Sep 2021 21:46:05 -0000
@@ -759,7 +759,6 @@ redioctl(dev_t dev, ioctlcmd_t cmd, void
red_queue_t *rqp;
struct red_interface *ifacep;
struct ifnet *ifp;
- struct proc *p = l->l_proc;
int error = 0;
/* check super-user privilege */
@@ -767,13 +766,9 @@ redioctl(dev_t dev, ioctlcmd_t cmd, void
case RED_GETSTATS:
break;
default:
-#if (__FreeBSD_version > 400000)
- if ((error = suser(p)) != 0)
-#else
- if ((error = kauth_authorize_network(p->p_cred,
+ if ((error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_ALTQ, KAUTH_REQ_NETWORK_ALTQ_RED, NULL,
NULL, NULL)) != 0)
-#endif
return (error);
break;
}
Index: altq/altq_rio.c
===================================================================
RCS file: /cvsroot/src/sys/altq/altq_rio.c,v
retrieving revision 1.24
diff -u -p -u -r1.24 altq_rio.c
--- altq/altq_rio.c 26 Dec 2019 04:53:11 -0000 1.24
+++ altq/altq_rio.c 18 Sep 2021 21:46:05 -0000
@@ -500,15 +500,10 @@ rioioctl(dev_t dev, ioctlcmd_t cmd, void
case RIO_GETSTATS:
break;
default:
-#if (__FreeBSD_version > 400000)
- if ((error = suser(p)) != 0)
- return (error);
-#else
- if ((error = kauth_authorize_network(l->l_cred,
+ if ((error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_ALTQ, KAUTH_REQ_NETWORK_ALTQ_RIO, NULL,
NULL, NULL)) != 0)
return (error);
-#endif
break;
}
Index: altq/altq_wfq.c
===================================================================
RCS file: /cvsroot/src/sys/altq/altq_wfq.c,v
retrieving revision 1.22
diff -u -p -u -r1.22 altq_wfq.c
--- altq/altq_wfq.c 28 Jul 2017 13:58:47 -0000 1.22
+++ altq/altq_wfq.c 18 Sep 2021 21:46:06 -0000
@@ -679,13 +679,9 @@ wfqioctl(dev_t dev, ioctlcmd_t cmd, void
case WFQ_GET_STATS:
break;
default:
-#if (__FreeBSD_version > 400000)
- if ((error = suser(p)) != 0)
-#else
- if ((error = kauth_authorize_network(l->l_cred,
+ if ((error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_ALTQ, KAUTH_REQ_NETWORK_ALTQ_WFQ, NULL,
NULL, NULL)) != 0)
-#endif
return (error);
break;
}
Index: arch/aarch64/aarch64/aarch64_machdep.c
===================================================================
RCS file: /cvsroot/src/sys/arch/aarch64/aarch64/aarch64_machdep.c,v
retrieving revision 1.61
diff -u -p -u -r1.61 aarch64_machdep.c
--- arch/aarch64/aarch64/aarch64_machdep.c 3 Jun 2021 07:02:59 -0000 1.61
+++ arch/aarch64/aarch64/aarch64_machdep.c 18 Sep 2021 21:46:06 -0000
@@ -608,7 +608,7 @@ mm_md_physacc(paddr_t pa, vm_prot_t prot
if (in_dram_p(pa, 0))
return 0;
- return kauth_authorize_machdep(kauth_cred_get(),
+ return kauth_authorize_machdep(curproc, kauth_cred_get(),
KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL);
}
Index: arch/alpha/alpha/promcons.c
===================================================================
RCS file: /cvsroot/src/sys/arch/alpha/alpha/promcons.c,v
retrieving revision 1.41
diff -u -p -u -r1.41 promcons.c
--- arch/alpha/alpha/promcons.c 3 Sep 2020 02:09:09 -0000 1.41
+++ arch/alpha/alpha/promcons.c 18 Sep 2021 21:46:06 -0000
@@ -121,7 +121,8 @@ promopen(dev_t dev, int flag, int mode,
tp->t_param = promparam;
tp->t_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp)) {
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp)) {
splx(s);
return (EBUSY);
}
Index: arch/amd64/amd64/netbsd32_machdep.c
===================================================================
RCS file: /cvsroot/src/sys/arch/amd64/amd64/netbsd32_machdep.c,v
retrieving revision 1.137
diff -u -p -u -r1.137 netbsd32_machdep.c
--- arch/amd64/amd64/netbsd32_machdep.c 20 Nov 2020 17:44:56 -0000 1.137
+++ arch/amd64/amd64/netbsd32_machdep.c 18 Sep 2021 21:46:06 -0000
@@ -692,8 +692,8 @@ x86_64_get_mtrr32(struct lwp *l, void *a
if (mtrr_funcs == NULL)
return ENOSYS;
- error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_MTRR_GET,
- NULL, NULL, NULL, NULL);
+ error = kauth_authorize_machdep(l->l_proc, l->l_cred,
+ KAUTH_MACHDEP_MTRR_GET, NULL, NULL, NULL, NULL);
if (error)
return error;
@@ -756,8 +756,8 @@ x86_64_set_mtrr32(struct lwp *l, void *a
if (mtrr_funcs == NULL)
return ENOSYS;
- error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_MTRR_SET,
- NULL, NULL, NULL, NULL);
+ error = kauth_authorize_machdep(l->l_proc, l->l_cred,
+ KAUTH_MACHDEP_MTRR_SET, NULL, NULL, NULL, NULL);
if (error)
return error;
Index: arch/amiga/dev/grf.c
===================================================================
RCS file: /cvsroot/src/sys/arch/amiga/dev/grf.c,v
retrieving revision 1.67
diff -u -p -u -r1.67 grf.c
--- arch/amiga/dev/grf.c 7 Aug 2021 16:18:41 -0000 1.67
+++ arch/amiga/dev/grf.c 18 Sep 2021 21:46:06 -0000
@@ -620,8 +620,8 @@ grf_wsmmap(void *v, void *vs, off_t off,
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
- if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
- NULL, NULL, NULL, NULL) != 0) {
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
+ KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0) {
aprint_normal("%s: permission to mmap denied.\n",
device_xname(gp->g_device));
return -1;
Index: arch/amiga/dev/ite.c
===================================================================
RCS file: /cvsroot/src/sys/arch/amiga/dev/ite.c,v
retrieving revision 1.99
diff -u -p -u -r1.99 ite.c
--- arch/amiga/dev/ite.c 3 Sep 2018 16:29:22 -0000 1.99
+++ arch/amiga/dev/ite.c 18 Sep 2021 21:46:06 -0000
@@ -436,7 +436,8 @@ iteopen(dev_t dev, int mode, int devtype
} else
tp = ip->tp;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
if ((ip->flags & ITE_ACTIVE) == 0) {
Index: arch/amiga/dev/mfc.c
===================================================================
RCS file: /cvsroot/src/sys/arch/amiga/dev/mfc.c,v
retrieving revision 1.59
diff -u -p -u -r1.59 mfc.c
--- arch/amiga/dev/mfc.c 7 Aug 2021 16:18:41 -0000 1.59
+++ arch/amiga/dev/mfc.c 18 Sep 2021 21:46:06 -0000
@@ -513,7 +513,8 @@ mfcsopen(dev_t dev, int flag, int mode,
tp->t_dev = dev;
tp->t_hwiflow = mfcshwiflow;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
mutex_spin_enter(&tty_lock);
@@ -719,7 +720,7 @@ mfcsioctl(dev_t dev, u_long cmd, void *d
*(int *)data = SWFLAGS(dev);
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error != 0)
return(EPERM);
Index: arch/amiga/dev/msc.c
===================================================================
RCS file: /cvsroot/src/sys/arch/amiga/dev/msc.c,v
retrieving revision 1.47
diff -u -p -u -r1.47 msc.c
--- arch/amiga/dev/msc.c 25 Jul 2014 08:10:31 -0000 1.47
+++ arch/amiga/dev/msc.c 18 Sep 2021 21:46:06 -0000
@@ -387,7 +387,8 @@ mscopen(dev_t dev, int flag, int mode, s
}
splx(s);
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
mutex_spin_enter(&tty_lock);
@@ -869,7 +870,7 @@ mscioctl(dev_t dev, u_long cmd, void *da
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error != 0)
return(EPERM);
Index: arch/amiga/dev/ser.c
===================================================================
RCS file: /cvsroot/src/sys/arch/amiga/dev/ser.c,v
retrieving revision 1.83
diff -u -p -u -r1.83 ser.c
--- arch/amiga/dev/ser.c 25 Jul 2014 08:10:31 -0000 1.83
+++ arch/amiga/dev/ser.c 18 Sep 2021 21:46:06 -0000
@@ -300,7 +300,8 @@ seropen(dev_t dev, int flag, int mode, s
tp = sc->ser_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -745,7 +746,7 @@ serioctl(dev_t dev, u_long cmd, void *da
*(int *)data = serswflags;
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error != 0)
return(EPERM);
Index: arch/arc/dev/pccons.c
===================================================================
RCS file: /cvsroot/src/sys/arch/arc/dev/pccons.c,v
retrieving revision 1.62
diff -u -p -u -r1.62 pccons.c
--- arch/arc/dev/pccons.c 18 Oct 2014 08:33:24 -0000 1.62
+++ arch/arc/dev/pccons.c 18 Sep 2021 21:46:06 -0000
@@ -620,7 +620,8 @@ pcopen(dev_t dev, int flag, int mode, st
tp->t_param = pcparam;
tp->t_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
if ((tp->t_state & TS_ISOPEN) == 0) {
Index: arch/arm/amlogic/meson_uart.c
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/amlogic/meson_uart.c,v
retrieving revision 1.6
diff -u -p -u -r1.6 meson_uart.c
--- arch/arm/amlogic/meson_uart.c 12 Feb 2021 21:39:55 -0000 1.6
+++ arch/arm/amlogic/meson_uart.c 18 Sep 2021 21:46:06 -0000
@@ -306,7 +308,7 @@ meson_uart_open(dev_t dev, int flag, int
struct tty *tp = sc->sc_tty;
uint32_t control;
- if (kauth_authorize_device_tty(l->l_cred,
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_OPEN, tp) != 0) {
return EBUSY;
}
Index: arch/arm/arm32/arm32_machdep.c
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/arm32/arm32_machdep.c,v
retrieving revision 1.139
diff -u -p -u -r1.139 arm32_machdep.c
--- arch/arm/arm32/arm32_machdep.c 1 Dec 2020 02:43:14 -0000 1.139
+++ arch/arm/arm32/arm32_machdep.c 18 Sep 2021 21:46:06 -0000
@@ -706,7 +706,7 @@ mm_md_physacc(paddr_t pa, vm_prot_t prot
if (pa >= physical_start && pa < physical_end)
return 0;
- return kauth_authorize_machdep(kauth_cred_get(),
+ return kauth_authorize_machdep(curproc, kauth_cred_get(),
KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL);
}
Index: arch/arm/at91/at91dbgu.c
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/at91/at91dbgu.c,v
retrieving revision 1.18
diff -u -p -u -r1.18 at91dbgu.c
--- arch/arm/at91/at91dbgu.c 20 Nov 2020 18:03:52 -0000 1.18
+++ arch/arm/at91/at91dbgu.c 18 Sep 2021 21:46:06 -0000
@@ -483,7 +483,8 @@ at91dbgu_open(dev_t dev, int flag, int m
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -705,7 +706,7 @@ at91dbgu_ioctl(dev_t dev, u_long cmd, vo
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error)
break;
Index: arch/arm/at91/at91usart.c
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/at91/at91usart.c,v
retrieving revision 1.13
diff -u -p -u -r1.13 at91usart.c
--- arch/arm/at91/at91usart.c 13 Apr 2015 21:18:40 -0000 1.13
+++ arch/arm/at91/at91usart.c 18 Sep 2021 21:46:06 -0000
@@ -583,7 +583,8 @@ at91usart_open(dev_t dev, int flag, int
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -796,7 +797,7 @@ at91usart_ioctl(dev_t dev, u_long cmd, v
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error)
break;
Index: arch/arm/clps711x/clpscom.c
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/clps711x/clpscom.c,v
retrieving revision 1.9
diff -u -p -u -r1.9 clpscom.c
--- arch/arm/clps711x/clpscom.c 20 Nov 2020 18:03:52 -0000 1.9
+++ arch/arm/clps711x/clpscom.c 18 Sep 2021 21:46:06 -0000
@@ -587,7 +587,8 @@ clpscomopen(dev_t dev, int flag, int mod
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return EBUSY;
s = spltty();
@@ -753,7 +754,7 @@ clpscomioctl(dev_t dev, u_long cmd, void
switch (cmd) {
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
break;
default:
Index: arch/arm/ep93xx/epcom.c
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/ep93xx/epcom.c,v
retrieving revision 1.32
diff -u -p -u -r1.32 epcom.c
--- arch/arm/ep93xx/epcom.c 20 Nov 2020 18:03:52 -0000 1.32
+++ arch/arm/ep93xx/epcom.c 18 Sep 2021 21:46:06 -0000
@@ -455,7 +455,8 @@ epcomopen(dev_t dev, int flag, int mode,
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -677,7 +678,7 @@ epcomioctl(dev_t dev, u_long cmd, void *
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error)
break;
Index: arch/arm/footbridge/footbridge_com.c
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/footbridge/footbridge_com.c,v
retrieving revision 1.40
diff -u -p -u -r1.40 footbridge_com.c
--- arch/arm/footbridge/footbridge_com.c 13 Aug 2021 11:40:43 -0000 1.40
+++ arch/arm/footbridge/footbridge_com.c 18 Sep 2021 21:46:06 -0000
@@ -252,7 +252,8 @@ fcomopen(dev_t dev, int flag, int mode,
tp->t_param = fcomparam;
tp->t_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
if (!(tp->t_state & TS_ISOPEN && tp->t_wopen == 0)) {
@@ -349,7 +350,7 @@ fcomioctl(dev_t dev, u_long cmd, void *d
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error)
return (error);
Index: arch/arm/imx/imxuart.c
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/imx/imxuart.c,v
retrieving revision 1.27
diff -u -p -u -r1.27 imxuart.c
--- arch/arm/imx/imxuart.c 8 Mar 2021 06:23:31 -0000 1.27
+++ arch/arm/imx/imxuart.c 18 Sep 2021 21:46:06 -0000
@@ -665,7 +665,8 @@ imxuopen(dev_t dev, int flag, int mode,
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -895,7 +896,7 @@ imxuioctl(dev_t dev, u_long cmd, void *d
error = 0;
switch (cmd) {
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
break;
default:
Index: arch/arm/ixp12x0/ixp12x0_com.c
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/ixp12x0/ixp12x0_com.c,v
retrieving revision 1.49
diff -u -p -u -r1.49 ixp12x0_com.c
--- arch/arm/ixp12x0/ixp12x0_com.c 20 Nov 2020 18:26:26 -0000 1.49
+++ arch/arm/ixp12x0/ixp12x0_com.c 18 Sep 2021 21:46:06 -0000
@@ -486,7 +486,8 @@ ixpcomopen(dev_t dev, int flag, int mode
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -714,7 +715,7 @@ ixpcomioctl(dev_t dev, u_long cmd, void
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error)
break;
Index: arch/arm/s3c2xx0/sscom.c
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/s3c2xx0/sscom.c,v
retrieving revision 1.49
diff -u -p -u -r1.49 sscom.c
--- arch/arm/s3c2xx0/sscom.c 20 Nov 2020 18:34:45 -0000 1.49
+++ arch/arm/s3c2xx0/sscom.c 18 Sep 2021 21:46:06 -0000
@@ -623,7 +623,8 @@ sscomopen(dev_t dev, int flag, int mode,
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -850,7 +851,7 @@ sscomioctl(dev_t dev, u_long cmd, void *
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error)
break;
Index: arch/arm/sa11x0/sa11x0_com.c
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/sa11x0/sa11x0_com.c,v
retrieving revision 1.58
diff -u -p -u -r1.58 sa11x0_com.c
--- arch/arm/sa11x0/sa11x0_com.c 20 Nov 2020 18:37:30 -0000 1.58
+++ arch/arm/sa11x0/sa11x0_com.c 18 Sep 2021 21:46:06 -0000
@@ -502,7 +502,8 @@ sacomopen(dev_t dev, int flag, int mode,
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -743,7 +744,7 @@ sacomioctl(dev_t dev, u_long cmd, void *
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error)
break;
Index: arch/arm/samsung/exynos_uart.c
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/samsung/exynos_uart.c,v
retrieving revision 1.6
diff -u -p -u -r1.6 exynos_uart.c
--- arch/arm/samsung/exynos_uart.c 13 Sep 2021 23:31:23 -0000 1.6
+++ arch/arm/samsung/exynos_uart.c 18 Sep 2021 21:46:06 -0000
@@ -371,7 +371,7 @@ exynos_uart_open(dev_t dev, int flag, in
struct tty *tp = sc->sc_tty;
uint32_t ucon;
- if (kauth_authorize_device_tty(l->l_cred,
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_OPEN, tp) != 0) {
return EBUSY;
}
Index: arch/arm/xilinx/zynq_uart.c
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/xilinx/zynq_uart.c,v
retrieving revision 1.3
diff -u -p -u -r1.3 zynq_uart.c
--- arch/arm/xilinx/zynq_uart.c 20 Nov 2020 18:49:44 -0000 1.3
+++ arch/arm/xilinx/zynq_uart.c 18 Sep 2021 21:46:06 -0000
@@ -661,7 +661,8 @@ zynquartopen(dev_t dev, int flag, int mo
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -891,7 +892,7 @@ zynquartioctl(dev_t dev, u_long cmd, voi
error = 0;
switch (cmd) {
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
break;
default:
Index: arch/arm/zynq/zynq_uart.c
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/zynq/zynq_uart.c,v
retrieving revision 1.4
diff -u -p -u -r1.4 zynq_uart.c
--- arch/arm/zynq/zynq_uart.c 20 Nov 2020 18:51:31 -0000 1.4
+++ arch/arm/zynq/zynq_uart.c 18 Sep 2021 21:46:06 -0000
@@ -676,7 +676,8 @@ zynquartopen(dev_t dev, int flag, int mo
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -906,7 +907,7 @@ zynquartioctl(dev_t dev, u_long cmd, voi
error = 0;
switch (cmd) {
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
break;
default:
Index: arch/atari/dev/ite.c
===================================================================
RCS file: /cvsroot/src/sys/arch/atari/dev/ite.c,v
retrieving revision 1.80
diff -u -p -u -r1.80 ite.c
--- arch/atari/dev/ite.c 3 Jan 2021 17:42:10 -0000 1.80
+++ arch/atari/dev/ite.c 18 Sep 2021 21:46:06 -0000
@@ -403,7 +403,8 @@ iteopen(dev_t dev, int mode, int devtype
else
tp = sc->tp;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
if ((sc->flags & ITE_ACTIVE) == 0) {
Index: arch/atari/dev/ser.c
===================================================================
RCS file: /cvsroot/src/sys/arch/atari/dev/ser.c,v
retrieving revision 1.56
diff -u -p -u -r1.56 ser.c
--- arch/atari/dev/ser.c 15 Nov 2014 19:20:01 -0000 1.56
+++ arch/atari/dev/ser.c 18 Sep 2021 21:46:06 -0000
@@ -390,7 +390,8 @@ seropen(dev_t dev, int flag, int mode, s
} else
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return EBUSY;
s = spltty();
@@ -589,7 +590,7 @@ serioctl(dev_t dev, u_long cmd, void *da
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error)
return error;
Index: arch/atari/dev/zs.c
===================================================================
RCS file: /cvsroot/src/sys/arch/atari/dev/zs.c,v
retrieving revision 1.79
diff -u -p -u -r1.79 zs.c
--- arch/atari/dev/zs.c 3 Jan 2021 17:42:10 -0000 1.79
+++ arch/atari/dev/zs.c 18 Sep 2021 21:46:06 -0000
@@ -422,7 +422,8 @@ zsopen(dev_t dev, int flags, int mode, s
tp->t_param = zsparam;
}
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return EBUSY;
s = spltty();
@@ -901,7 +902,7 @@ zsioctl(dev_t dev, u_long cmd, void * da
case TIOCSFLAGS: {
int userbits = 0;
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error != 0)
return EPERM;
Index: arch/emips/ebus/dz_ebus.c
===================================================================
RCS file: /cvsroot/src/sys/arch/emips/ebus/dz_ebus.c,v
retrieving revision 1.10
diff -u -p -u -r1.10 dz_ebus.c
--- arch/emips/ebus/dz_ebus.c 27 Dec 2019 06:52:43 -0000 1.10
+++ arch/emips/ebus/dz_ebus.c 18 Sep 2021 21:46:06 -0000
@@ -149,7 +149,8 @@ dzopen(dev_t dev, int flag, int mode, st
tp->t_param = dzparam;
tp->t_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
if ((tp->t_state & TS_ISOPEN) == 0) {
Index: arch/epoc32/windermere/wmcom.c
===================================================================
RCS file: /cvsroot/src/sys/arch/epoc32/windermere/wmcom.c,v
retrieving revision 1.8
diff -u -p -u -r1.8 wmcom.c
--- arch/epoc32/windermere/wmcom.c 10 Nov 2019 21:16:25 -0000 1.8
+++ arch/epoc32/windermere/wmcom.c 18 Sep 2021 21:46:06 -0000
@@ -474,7 +474,8 @@ wmcomopen(dev_t dev, int flag, int mode,
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return EBUSY;
s = spltty();
@@ -635,7 +636,7 @@ wmcomioctl(dev_t dev, u_long cmd, void *
switch (cmd) {
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
break;
default:
Index: arch/evbarm/conf/GENERIC
===================================================================
RCS file: /cvsroot/src/sys/arch/evbarm/conf/GENERIC,v
retrieving revision 1.100
diff -u -p -u -r1.100 GENERIC
--- arch/evbarm/conf/GENERIC 26 Aug 2021 17:08:34 -0000 1.100
+++ arch/evbarm/conf/GENERIC 18 Sep 2021 21:46:06 -0000
@@ -34,9 +34,9 @@ options MULTIPROCESSOR
pseudo-device openfirm # /dev/openfirm
-#options DIAGNOSTIC # internal consistency checks
-#options DEBUG
-#options LOCKDEBUG
+options DIAGNOSTIC # internal consistency checks
+options DEBUG
+options LOCKDEBUG
#options UVMHIST # kernhist for uvm/pmap subsystems
#options PCI_CONFIG_DUMP # verbosely dump PCI config space
Index: arch/evbarm/dev/plcom.c
===================================================================
RCS file: /cvsroot/src/sys/arch/evbarm/dev/plcom.c,v
retrieving revision 1.62
diff -u -p -u -r1.62 plcom.c
--- arch/evbarm/dev/plcom.c 19 Oct 2020 17:00:02 -0000 1.62
+++ arch/evbarm/dev/plcom.c 18 Sep 2021 21:46:06 -0000
@@ -763,7 +763,8 @@ plcomopen(dev_t dev, int flag, int mode,
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -1001,7 +1002,7 @@ plcomioctl(dev_t dev, u_long cmd, void *
error = 0;
switch (cmd) {
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
break;
default:
Index: arch/evbppc/virtex/dev/xlcom.c
===================================================================
RCS file: /cvsroot/src/sys/arch/evbppc/virtex/dev/xlcom.c,v
retrieving revision 1.12
diff -u -p -u -r1.12 xlcom.c
--- arch/evbppc/virtex/dev/xlcom.c 20 Aug 2021 20:25:27 -0000 1.12
+++ arch/evbppc/virtex/dev/xlcom.c 18 Sep 2021 21:46:06 -0000
@@ -414,8 +414,8 @@ xlcom_open(dev_t dev, int flags, int mod
s = spltty(); /* { */
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN,
- tp) != 0) {
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp) != 0) {
error = EBUSY;
goto fail;
}
Index: arch/hp300/dev/dcm.c
===================================================================
RCS file: /cvsroot/src/sys/arch/hp300/dev/dcm.c,v
retrieving revision 1.89
diff -u -p -u -r1.89 dcm.c
--- arch/hp300/dev/dcm.c 29 Dec 2020 16:02:01 -0000 1.89
+++ arch/hp300/dev/dcm.c 18 Sep 2021 21:46:06 -0000
@@ -512,7 +512,8 @@ dcmopen(dev_t dev, int flag, int mode, s
tp->t_param = dcmparam;
tp->t_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -1050,7 +1051,7 @@ dcmioctl(dev_t dev, u_long cmd, void *da
case TIOCSFLAGS: {
int userbits;
- if (kauth_authorize_device_tty(l->l_cred,
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp))
return (EPERM);
Index: arch/hpcmips/tx/txcom.c
===================================================================
RCS file: /cvsroot/src/sys/arch/hpcmips/tx/txcom.c,v
retrieving revision 1.52
diff -u -p -u -r1.52 txcom.c
--- arch/hpcmips/tx/txcom.c 7 Aug 2021 16:18:54 -0000 1.52
+++ arch/hpcmips/tx/txcom.c 18 Sep 2021 21:46:06 -0000
@@ -791,7 +791,8 @@ txcomopen(dev_t dev, int flag, int mode,
chip = sc->sc_chip;
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -981,7 +982,7 @@ txcomioctl(dev_t dev, u_long cmd, void *
break;
case TIOCSFLAGS:
- err = kauth_authorize_device_tty(l->l_cred,
+ err = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (err) {
break;
Index: arch/hppa/dev/pdc.c
===================================================================
RCS file: /cvsroot/src/sys/arch/hppa/dev/pdc.c,v
retrieving revision 1.4
diff -u -p -u -r1.4 pdc.c
--- arch/hppa/dev/pdc.c 15 Apr 2019 20:40:37 -0000 1.4
+++ arch/hppa/dev/pdc.c 18 Sep 2021 21:46:06 -0000
@@ -282,7 +282,8 @@ pdcopen(dev_t dev, int flag, int mode, s
tp->t_param = pdcparam;
tp->t_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp)) {
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp)) {
splx(s);
return (EBUSY);
}
Index: arch/i386/i386/machdep.c
===================================================================
RCS file: /cvsroot/src/sys/arch/i386/i386/machdep.c,v
retrieving revision 1.831
diff -u -p -u -r1.831 machdep.c
--- arch/i386/i386/machdep.c 14 Jul 2020 00:45:52 -0000 1.831
+++ arch/i386/i386/machdep.c 18 Sep 2021 21:46:07 -0000
@@ -1663,7 +1663,7 @@ mm_md_open(dev_t dev, int flag, int mode
struct trapframe *fp;
int error;
- error = kauth_authorize_machdep(l->l_cred,
+ error = kauth_authorize_machdep(l->l_proc, l->l_cred,
KAUTH_MACHDEP_IOPL, NULL, NULL, NULL, NULL);
if (error)
return (error);
Index: arch/i386/isa/cmos.c
===================================================================
RCS file: /cvsroot/src/sys/arch/i386/isa/cmos.c,v
retrieving revision 1.12
diff -u -p -u -r1.12 cmos.c
--- arch/i386/isa/cmos.c 20 Aug 2015 14:40:16 -0000 1.12
+++ arch/i386/isa/cmos.c 18 Sep 2021 21:46:07 -0000
@@ -124,7 +124,7 @@ int
cmos_open(dev_t dev, int flags, int ifmt, struct lwp *l)
{
- return kauth_authorize_machdep(kauth_cred_get(),
+ return kauth_authorize_machdep(l->l_proc, l->l_cred,
KAUTH_MACHDEP_NVRAM, NULL, NULL, NULL, NULL);
}
Index: arch/luna68k/dev/siotty.c
===================================================================
RCS file: /cvsroot/src/sys/arch/luna68k/dev/siotty.c,v
retrieving revision 1.50
diff -u -p -u -r1.50 siotty.c
--- arch/luna68k/dev/siotty.c 4 Sep 2021 12:54:19 -0000 1.50
+++ arch/luna68k/dev/siotty.c 18 Sep 2021 21:46:07 -0000
@@ -507,7 +507,8 @@ sioopen(dev_t dev, int flag, int mode, s
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return EBUSY;
if ((tp->t_state & TS_ISOPEN) == 0 && tp->t_wopen == 0) {
Index: arch/macppc/dev/ofb.c
===================================================================
RCS file: /cvsroot/src/sys/arch/macppc/dev/ofb.c,v
retrieving revision 1.72
diff -u -p -u -r1.72 ofb.c
--- arch/macppc/dev/ofb.c 7 Aug 2021 16:18:57 -0000 1.72
+++ arch/macppc/dev/ofb.c 18 Sep 2021 21:46:07 -0000
@@ -336,8 +336,8 @@ ofb_mmap(void *v, void *vs, off_t offset
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
- if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
- NULL, NULL, NULL, NULL) != 0) {
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
+ KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0) {
printf("%s: mmap() rejected.\n", device_xname(sc->sc_dev));
return -1;
}
Index: arch/mips/adm5120/dev/uart.c
===================================================================
RCS file: /cvsroot/src/sys/arch/mips/adm5120/dev/uart.c,v
retrieving revision 1.12
diff -u -p -u -r1.12 uart.c
--- arch/mips/adm5120/dev/uart.c 25 Jul 2014 08:10:34 -0000 1.12
+++ arch/mips/adm5120/dev/uart.c 18 Sep 2021 21:46:07 -0000
@@ -215,8 +215,8 @@ uart_open(dev_t dev, int flag, int mode,
tp->t_lflag = TTYDEF_LFLAG;
tp->t_ispeed = tp->t_ospeed = 115200;
ttsetwater(tp);
- } else if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN,
- tp) != 0) {
+ } else if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp) != 0) {
splx(s);
return (EBUSY);
}
Index: arch/mips/sibyte/dev/sbjcn.c
===================================================================
RCS file: /cvsroot/src/sys/arch/mips/sibyte/dev/sbjcn.c,v
retrieving revision 1.32
diff -u -p -u -r1.32 sbjcn.c
--- arch/mips/sibyte/dev/sbjcn.c 4 Jan 2021 18:19:53 -0000 1.32
+++ arch/mips/sibyte/dev/sbjcn.c 18 Sep 2021 21:46:07 -0000
@@ -520,7 +520,8 @@ sbjcnopen(dev_t dev, int flag, int mode,
tp = ch->ch_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -719,7 +720,7 @@ sbjcnioctl(dev_t dev, u_long cmd, void *
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error)
break;
Index: arch/mips/sibyte/dev/sbscn.c
===================================================================
RCS file: /cvsroot/src/sys/arch/mips/sibyte/dev/sbscn.c,v
retrieving revision 1.45
diff -u -p -u -r1.45 sbscn.c
--- arch/mips/sibyte/dev/sbscn.c 4 Jan 2021 18:19:53 -0000 1.45
+++ arch/mips/sibyte/dev/sbscn.c 18 Sep 2021 21:46:07 -0000
@@ -571,7 +571,8 @@ sbscnopen(dev_t dev, int flag, int mode,
tp = ch->ch_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -785,7 +786,7 @@ sbscnioctl(dev_t dev, u_long cmd, void *
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error)
break;
Index: arch/news68k/news68k/romcons.c
===================================================================
RCS file: /cvsroot/src/sys/arch/news68k/news68k/romcons.c,v
retrieving revision 1.3
diff -u -p -u -r1.3 romcons.c
--- arch/news68k/news68k/romcons.c 25 Jul 2014 08:10:34 -0000 1.3
+++ arch/news68k/news68k/romcons.c 18 Sep 2021 21:46:07 -0000
@@ -149,7 +149,8 @@ romcons_open(dev_t dev, int flag, int mo
tp->t_oproc = romcons_start;
tp->t_param = romcons_param;
tp->t_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return EBUSY;
if ((tp->t_state & TS_ISOPEN) == 0) {
ttychars(tp);
Index: arch/sgimips/dev/scn.c
===================================================================
RCS file: /cvsroot/src/sys/arch/sgimips/dev/scn.c,v
retrieving revision 1.8
diff -u -p -u -r1.8 scn.c
--- arch/sgimips/dev/scn.c 4 Apr 2015 14:12:40 -0000 1.8
+++ arch/sgimips/dev/scn.c 18 Sep 2021 21:46:07 -0000
@@ -1097,7 +1097,8 @@ scnopen(dev_t dev, int flags, int mode,
tp->t_hwiflow = scnhwiflow;
tp->t_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
mutex_spin_enter(&tty_lock);
@@ -1712,7 +1713,7 @@ scnioctl(dev_t dev, u_long cmd, void *da
case TIOCSFLAGS:{
int userbits, driverbits = 0;
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error != 0)
return (EPERM);
Index: arch/sh3/dev/sci.c
===================================================================
RCS file: /cvsroot/src/sys/arch/sh3/dev/sci.c,v
retrieving revision 1.63
diff -u -p -u -r1.63 sci.c
--- arch/sh3/dev/sci.c 21 Nov 2020 17:25:52 -0000 1.63
+++ arch/sh3/dev/sci.c 18 Sep 2021 21:46:07 -0000
@@ -633,7 +633,8 @@ sciopen(dev_t dev, int flag, int mode, s
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -809,7 +810,7 @@ sciioctl(dev_t dev, u_long cmd, void *da
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error)
break;
Index: arch/sh3/dev/scif.c
===================================================================
RCS file: /cvsroot/src/sys/arch/sh3/dev/scif.c,v
retrieving revision 1.68
diff -u -p -u -r1.68 scif.c
--- arch/sh3/dev/scif.c 21 Nov 2020 17:25:52 -0000 1.68
+++ arch/sh3/dev/scif.c 18 Sep 2021 21:46:07 -0000
@@ -738,7 +738,8 @@ scifopen(dev_t dev, int flag, int mode,
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -931,7 +932,7 @@ scifioctl(dev_t dev, u_long cmd, void *d
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error)
break;
Index: arch/shark/ofw/vga_ofbus.c
===================================================================
RCS file: /cvsroot/src/sys/arch/shark/ofw/vga_ofbus.c,v
retrieving revision 1.17
diff -u -p -u -r1.17 vga_ofbus.c
--- arch/shark/ofw/vga_ofbus.c 27 Jan 2021 03:10:21 -0000 1.17
+++ arch/shark/ofw/vga_ofbus.c 18 Sep 2021 21:46:07 -0000
@@ -184,7 +184,7 @@ vga_ofbus_mmap(void *cookie, off_t offse
/* only the superuser may mmap IO and aperture */
if (curlwp != NULL) {
- if (kauth_authorize_machdep(kauth_cred_get(),
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0) {
return -1;
}
Index: arch/sparc/dev/kd.c
===================================================================
RCS file: /cvsroot/src/sys/arch/sparc/dev/kd.c,v
retrieving revision 1.54
diff -u -p -u -r1.54 kd.c
--- arch/sparc/dev/kd.c 25 Jul 2014 08:10:34 -0000 1.54
+++ arch/sparc/dev/kd.c 18 Sep 2021 21:46:07 -0000
@@ -212,7 +212,8 @@ static int firstopen = 1;
tp = kd->kd_tty;
/* It's simpler to do this up here. */
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
Index: arch/sparc/dev/tctrl.c
===================================================================
RCS file: /cvsroot/src/sys/arch/sparc/dev/tctrl.c,v
retrieving revision 1.63
diff -u -p -u -r1.63 tctrl.c
--- arch/sparc/dev/tctrl.c 4 Jan 2021 15:29:34 -0000 1.63
+++ arch/sparc/dev/tctrl.c 18 Sep 2021 21:46:07 -0000
@@ -1159,7 +1159,7 @@ tctrlioctl(dev_t dev, u_long cmd, void *
/* this ioctl assumes the caller knows exactly what he is doing */
case TCTRL_CMD_REQ:
reqn = (struct tctrl_req *)data;
- if ((i = kauth_authorize_device_passthru(l->l_cred,
+ if ((i = kauth_authorize_device_passthru(l->l_proc, l->l_cred,
dev, KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data)) != 0 &&
(reqn->cmdbuf[0] == TS102_OP_CTL_BITPORT ||
(reqn->cmdbuf[0] >= TS102_OP_CTL_WATCHDOG &&
Index: arch/sparc64/dev/gfb.c
===================================================================
RCS file: /cvsroot/src/sys/arch/sparc64/dev/gfb.c,v
retrieving revision 1.11
diff -u -p -u -r1.11 gfb.c
--- arch/sparc64/dev/gfb.c 7 Aug 2021 16:19:05 -0000 1.11
+++ arch/sparc64/dev/gfb.c 18 Sep 2021 21:46:07 -0000
@@ -336,8 +336,8 @@ gfb_mmap(void *v, void *vs, off_t offset
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
- if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
- NULL, NULL, NULL, NULL) != 0) {
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
+ KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0) {
aprint_normal("%s: mmap() rejected.\n",
device_xname(sc->sc_dev));
return -1;
Index: arch/sparc64/dev/kd.c
===================================================================
RCS file: /cvsroot/src/sys/arch/sparc64/dev/kd.c,v
retrieving revision 1.53
diff -u -p -u -r1.53 kd.c
--- arch/sparc64/dev/kd.c 25 Jul 2014 08:10:35 -0000 1.53
+++ arch/sparc64/dev/kd.c 18 Sep 2021 21:46:07 -0000
@@ -182,7 +182,8 @@ static int firstopen = 1;
tp = kd->kd_tty;
/* It's simpler to do this up here. */
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
Index: arch/sparc64/dev/pcons.c
===================================================================
RCS file: /cvsroot/src/sys/arch/sparc64/dev/pcons.c,v
retrieving revision 1.34
diff -u -p -u -r1.34 pcons.c
--- arch/sparc64/dev/pcons.c 25 Jul 2014 08:10:35 -0000 1.34
+++ arch/sparc64/dev/pcons.c 18 Sep 2021 21:46:07 -0000
@@ -143,7 +143,8 @@ pconsopen(dev_t dev, int flag, int mode,
tp->t_param = pconsparam;
tp->t_dev = dev;
cn_tab->cn_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
if (!(tp->t_state & TS_ISOPEN)) {
ttychars(tp);
Index: arch/sparc64/dev/sab.c
===================================================================
RCS file: /cvsroot/src/sys/arch/sparc64/dev/sab.c,v
retrieving revision 1.57
diff -u -p -u -r1.57 sab.c
--- arch/sparc64/dev/sab.c 7 Aug 2021 16:19:05 -0000 1.57
+++ arch/sparc64/dev/sab.c 18 Sep 2021 21:46:07 -0000
@@ -690,7 +690,8 @@ sabopen(dev_t dev, int flags, int mode,
if (ISSET(tp->t_state, TS_KERN_ONLY))
return (EBUSY);
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
mutex_spin_enter(&tty_lock);
@@ -880,7 +881,7 @@ sabioctl(dev_t dev, u_long cmd, void *da
*((int *)data) = sc->sc_openflags;
break;
case TIOCSFLAGS:
- if (kauth_authorize_device_tty(l->l_cred,
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp))
error = EPERM;
else
Index: arch/sun2/dev/kd.c
===================================================================
RCS file: /cvsroot/src/sys/arch/sun2/dev/kd.c,v
retrieving revision 1.25
diff -u -p -u -r1.25 kd.c
--- arch/sun2/dev/kd.c 25 Jul 2014 08:10:35 -0000 1.25
+++ arch/sun2/dev/kd.c 18 Sep 2021 21:46:07 -0000
@@ -225,7 +225,8 @@ static int firstopen = 1;
tp = kd->kd_tty;
/* It's simpler to do this up here. */
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
Index: arch/sun2/dev/pcons.c
===================================================================
RCS file: /cvsroot/src/sys/arch/sun2/dev/pcons.c,v
retrieving revision 1.22
diff -u -p -u -r1.22 pcons.c
--- arch/sun2/dev/pcons.c 25 Jul 2014 08:10:35 -0000 1.22
+++ arch/sun2/dev/pcons.c 18 Sep 2021 21:46:07 -0000
@@ -141,7 +141,8 @@ pconsopen(dev_t dev, int flag, int mode,
tp->t_param = pconsparam;
tp->t_dev = dev;
cn_tab->cn_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
if ((tp->t_state & TS_ISOPEN) == 0) {
ttychars(tp);
Index: arch/sun3/dev/kd.c
===================================================================
RCS file: /cvsroot/src/sys/arch/sun3/dev/kd.c,v
retrieving revision 1.59
diff -u -p -u -r1.59 kd.c
--- arch/sun3/dev/kd.c 25 Jul 2014 08:10:35 -0000 1.59
+++ arch/sun3/dev/kd.c 18 Sep 2021 21:46:07 -0000
@@ -158,7 +158,8 @@ static int firstopen = 1;
tp = kd->kd_tty;
/* It's simpler to do this up here. */
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
Index: arch/sun3/dev/xd.c
===================================================================
RCS file: /cvsroot/src/sys/arch/sun3/dev/xd.c,v
retrieving revision 1.77
diff -u -p -u -r1.77 xd.c
--- arch/sun3/dev/xd.c 7 Aug 2021 16:19:06 -0000 1.77
+++ arch/sun3/dev/xd.c 18 Sep 2021 21:46:07 -0000
@@ -927,8 +927,8 @@ xdioctl(dev_t dev, u_long cmd, void *add
xio = (struct xd_iocmd *)addr;
req = xd_getkauthreq(xio->cmd);
- if ((error = kauth_authorize_device_passthru(l->l_cred,
- dev, req, xio)) != 0)
+ if ((error = kauth_authorize_device_passthru(l->l_proc,
+ l->l_cred, dev, req, xio)) != 0)
return error;
return xdc_ioctlcmd(xd, dev, xio);
}
Index: arch/sun3/dev/xy.c
===================================================================
RCS file: /cvsroot/src/sys/arch/sun3/dev/xy.c,v
retrieving revision 1.82
diff -u -p -u -r1.82 xy.c
--- arch/sun3/dev/xy.c 7 Aug 2021 16:19:06 -0000 1.82
+++ arch/sun3/dev/xy.c 18 Sep 2021 21:46:07 -0000
@@ -880,8 +880,8 @@ xyioctl(dev_t dev, u_long cmd, void *add
xio = (struct xd_iocmd *)addr;
req = xy_getkauthreq(xio->cmd);
- if ((error = kauth_authorize_device_passthru(l->l_cred,
- dev, req, xio)) != 0)
+ if ((error = kauth_authorize_device_passthru(l->l_proc,
+ l->l_cred, dev, req, xio)) != 0)
return error;
return xyc_ioctlcmd(xy, dev, xio);
}
Index: arch/usermode/dev/ttycons.c
===================================================================
RCS file: /cvsroot/src/sys/arch/usermode/dev/ttycons.c,v
retrieving revision 1.20
diff -u -p -u -r1.20 ttycons.c
--- arch/usermode/dev/ttycons.c 25 Jul 2014 08:10:35 -0000 1.20
+++ arch/usermode/dev/ttycons.c 18 Sep 2021 21:46:07 -0000
@@ -206,7 +206,8 @@ ttycons_open(dev_t dev, int flag, int mo
return ENXIO;
t = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, t))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, t))
return EBUSY;
if ((t->t_state & TS_ISOPEN) == 0 && t->t_wopen == 0) {
Index: arch/vax/uba/qvaux.c
===================================================================
RCS file: /cvsroot/src/sys/arch/vax/uba/qvaux.c,v
retrieving revision 1.4
diff -u -p -u -r1.4 qvaux.c
--- arch/vax/uba/qvaux.c 7 Aug 2021 16:19:07 -0000 1.4
+++ arch/vax/uba/qvaux.c 18 Sep 2021 21:46:07 -0000
@@ -529,7 +529,8 @@ qvauxopen(dev_t dev, int flag, int mode,
tp->t_param = qvauxparam;
tp->t_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
if ((tp->t_state & TS_ISOPEN) == 0) {
Index: arch/vax/vax/gencons.c
===================================================================
RCS file: /cvsroot/src/sys/arch/vax/vax/gencons.c,v
retrieving revision 1.56
diff -u -p -u -r1.56 gencons.c
--- arch/vax/vax/gencons.c 22 May 2017 16:46:15 -0000 1.56
+++ arch/vax/vax/gencons.c 18 Sep 2021 21:46:07 -0000
@@ -119,7 +119,8 @@ gencnopen(dev_t dev, int flag, int mode,
tp->t_param = gencnparam;
tp->t_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
if ((tp->t_state & TS_ISOPEN) == 0) {
Index: arch/x68k/dev/ite.c
===================================================================
RCS file: /cvsroot/src/sys/arch/x68k/dev/ite.c,v
retrieving revision 1.64
diff -u -p -u -r1.64 ite.c
--- arch/x68k/dev/ite.c 3 Sep 2018 16:29:28 -0000 1.64
+++ arch/x68k/dev/ite.c 18 Sep 2021 21:46:07 -0000
@@ -369,7 +369,8 @@ iteopen(dev_t dev, int mode, int devtype
tty_attach(tp);
} else
tp = ite_tty[unit];
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
if ((ip->flags & ITE_ACTIVE) == 0) {
error = iteon(dev, 0);
Index: arch/x68k/x68k/machdep.c
===================================================================
RCS file: /cvsroot/src/sys/arch/x68k/x68k/machdep.c,v
retrieving revision 1.206
diff -u -p -u -r1.206 machdep.c
--- arch/x68k/x68k/machdep.c 6 Aug 2021 04:21:56 -0000 1.206
+++ arch/x68k/x68k/machdep.c 18 Sep 2021 21:46:07 -0000
@@ -1271,7 +1271,7 @@ mm_md_physacc(paddr_t pa, vm_prot_t prot
/* I/O space */
if (INTIOBASE <= pa && pa < INTIOTOP) {
- return kauth_authorize_machdep(kauth_cred_get(),
+ return kauth_authorize_machdep(curproc, kauth_cred_get(),
KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL);
}
Index: arch/x86/x86/sys_machdep.c
===================================================================
RCS file: /cvsroot/src/sys/arch/x86/x86/sys_machdep.c,v
retrieving revision 1.56
diff -u -p -u -r1.56 sys_machdep.c
--- arch/x86/x86/sys_machdep.c 19 Jun 2020 16:20:22 -0000 1.56
+++ arch/x86/x86/sys_machdep.c 18 Sep 2021 21:46:07 -0000
@@ -132,8 +132,8 @@ x86_get_ldt1(struct lwp *l, struct x86_g
const size_t min_ldt_size = NLDT * sizeof(union descriptor);
#endif
- error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_LDT_GET,
- NULL, NULL, NULL, NULL);
+ error = kauth_authorize_machdep(l->l_proc, l->l_cred,
+ KAUTH_MACHDEP_LDT_GET, NULL, NULL, NULL, NULL);
if (error)
return error;
@@ -222,8 +222,8 @@ x86_set_ldt1(struct lwp *l, struct x86_s
const size_t min_ldt_size = NLDT * sizeof(union descriptor);
#endif
- error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_LDT_SET,
- NULL, NULL, NULL, NULL);
+ error = kauth_authorize_machdep(l->l_proc, l->l_cred,
+ KAUTH_MACHDEP_LDT_SET, NULL, NULL, NULL, NULL);
if (error)
return error;
@@ -350,8 +350,8 @@ x86_iopl(struct lwp *l, void *args, regi
struct trapframe *tf = l->l_md.md_regs;
#endif
- error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPL,
- NULL, NULL, NULL, NULL);
+ error = kauth_authorize_machdep(l->l_proc, l->l_cred,
+ KAUTH_MACHDEP_IOPL, NULL, NULL, NULL, NULL);
if (error)
return error;
@@ -400,8 +400,8 @@ x86_get_ioperm(struct lwp *l, void *args
void *dummymap = NULL;
void *iomap;
- error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPERM_GET,
- NULL, NULL, NULL, NULL);
+ error = kauth_authorize_machdep(l->l_proc, l->l_cred,
+ KAUTH_MACHDEP_IOPERM_GET, NULL, NULL, NULL, NULL);
if (error)
return error;
@@ -434,8 +434,8 @@ x86_set_ioperm(struct lwp *l, void *args
void *new;
void *old;
- error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPERM_SET,
- NULL, NULL, NULL, NULL);
+ error = kauth_authorize_machdep(l->l_proc, l->l_cred,
+ KAUTH_MACHDEP_IOPERM_SET, NULL, NULL, NULL, NULL);
if (error)
return error;
@@ -479,8 +479,8 @@ x86_get_mtrr(struct lwp *l, void *args,
if (mtrr_funcs == NULL)
return ENOSYS;
- error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_MTRR_GET,
- NULL, NULL, NULL, NULL);
+ error = kauth_authorize_machdep(l->l_proc, l->l_cred,
+ KAUTH_MACHDEP_MTRR_GET, NULL, NULL, NULL, NULL);
if (error)
return error;
@@ -514,8 +514,8 @@ x86_set_mtrr(struct lwp *l, void *args,
if (mtrr_funcs == NULL)
return ENOSYS;
- error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_MTRR_SET,
- NULL, NULL, NULL, NULL);
+ error = kauth_authorize_machdep(l->l_proc, l->l_cred,
+ KAUTH_MACHDEP_MTRR_SET, NULL, NULL, NULL, NULL);
if (error)
return error;
Index: arch/x86/x86/x86_machdep.c
===================================================================
RCS file: /cvsroot/src/sys/arch/x86/x86/x86_machdep.c,v
retrieving revision 1.148
diff -u -p -u -r1.148 x86_machdep.c
--- arch/x86/x86/x86_machdep.c 19 Feb 2021 03:28:53 -0000 1.148
+++ arch/x86/x86/x86_machdep.c 18 Sep 2021 21:46:07 -0000
@@ -208,7 +208,7 @@ mm_md_physacc(paddr_t pa, vm_prot_t prot
return 0;
}
}
- return kauth_authorize_machdep(kauth_cred_get(),
+ return kauth_authorize_machdep(curproc, kauth_cred_get(),
KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL);
}
Index: arch/xen/xen/xencons.c
===================================================================
RCS file: /cvsroot/src/sys/arch/xen/xen/xencons.c,v
retrieving revision 1.50
diff -u -p -u -r1.50 xencons.c
--- arch/xen/xen/xencons.c 7 May 2020 19:25:57 -0000 1.50
+++ arch/xen/xen/xencons.c 18 Sep 2021 21:46:07 -0000
@@ -266,7 +266,8 @@ xencons_open(dev_t dev, int flag, int mo
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
if ((tp->t_state & TS_ISOPEN) == 0 && tp->t_wopen == 0) {
Index: compat/common/kern_cpu_60.c
===================================================================
RCS file: /cvsroot/src/sys/compat/common/kern_cpu_60.c,v
retrieving revision 1.4
diff -u -p -u -r1.4 kern_cpu_60.c
--- compat/common/kern_cpu_60.c 27 Jan 2019 02:08:39 -0000 1.4
+++ compat/common/kern_cpu_60.c 18 Sep 2021 21:46:07 -0000
@@ -65,7 +65,7 @@ compat6_cpuctl_ioctl(struct lwp *l, u_lo
{
int error;
- error = kauth_authorize_machdep(l->l_cred,
+ error = kauth_authorize_machdep(l->l_proc, l->l_cred,
KAUTH_MACHDEP_CPU_UCODE_APPLY, NULL, NULL, NULL, NULL);
if (error)
return error;
Index: compat/common/kern_mod_80.c
===================================================================
RCS file: /cvsroot/src/sys/compat/common/kern_mod_80.c,v
retrieving revision 1.6
diff -u -p -u -r1.6 kern_mod_80.c
--- compat/common/kern_mod_80.c 12 Dec 2019 02:15:42 -0000 1.6
+++ compat/common/kern_mod_80.c 18 Sep 2021 21:46:07 -0000
@@ -78,8 +78,8 @@ compat_80_modstat(int cmd, struct iovec
}
/* If not privileged, don't expose kernel addresses. */
- error = kauth_authorize_system(kauth_cred_get(), KAUTH_SYSTEM_MODULE,
- 0, (void *)(uintptr_t)MODCTL_STAT, NULL, NULL);
+ error = kauth_authorize_system(curproc, kauth_cred_get(),
+ KAUTH_SYSTEM_MODULE, 0, KAUTH_ARG(MODCTL_STAT), NULL, NULL);
stataddr = (error == 0);
kernconfig_lock();
Index: compat/common/kern_time_50.c
===================================================================
RCS file: /cvsroot/src/sys/compat/common/kern_time_50.c,v
retrieving revision 1.37
diff -u -p -u -r1.37 kern_time_50.c
--- compat/common/kern_time_50.c 7 Sep 2021 11:43:02 -0000 1.37
+++ compat/common/kern_time_50.c 18 Sep 2021 21:46:07 -0000
@@ -265,8 +265,9 @@ compat_50_sys_adjtime(struct lwp *l,
struct timeval50 delta50, olddelta50;
struct timeval delta, olddelta;
- if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_TIME,
- KAUTH_REQ_SYSTEM_TIME_ADJTIME, NULL, NULL, NULL)) != 0)
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_TIME, KAUTH_REQ_SYSTEM_TIME_ADJTIME,
+ NULL, NULL, NULL)) != 0)
return error;
if (SCARG(uap, delta)) {
Index: compat/common/kern_xxx_12.c
===================================================================
RCS file: /cvsroot/src/sys/compat/common/kern_xxx_12.c,v
retrieving revision 1.18
diff -u -p -u -r1.18 kern_xxx_12.c
--- compat/common/kern_xxx_12.c 23 Feb 2020 15:57:09 -0000 1.18
+++ compat/common/kern_xxx_12.c 18 Sep 2021 21:46:07 -0000
@@ -65,7 +65,7 @@ compat_12_sys_reboot(struct lwp *l,
} */
int error;
- if ((error = kauth_authorize_system(l->l_cred,
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
KAUTH_SYSTEM_REBOOT, 0, NULL, NULL, NULL)) != 0)
return (error);
kern_reboot(SCARG(uap, opt), NULL);
Index: compat/common/uipc_syscalls_50.c
===================================================================
RCS file: /cvsroot/src/sys/compat/common/uipc_syscalls_50.c,v
retrieving revision 1.11
diff -u -p -u -r1.11 uipc_syscalls_50.c
--- compat/common/uipc_syscalls_50.c 29 Jan 2020 05:48:22 -0000 1.11
+++ compat/common/uipc_syscalls_50.c 18 Sep 2021 21:46:07 -0000
@@ -85,7 +85,7 @@ compat_ifdatareq(struct lwp *l, u_long c
case OSIOCZIFDATA:
if (l != NULL) {
- error = kauth_authorize_network(l->l_cred,
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp,
(void *)cmd, NULL);
Index: compat/common/vfs_syscalls_20.c
===================================================================
RCS file: /cvsroot/src/sys/compat/common/vfs_syscalls_20.c,v
retrieving revision 1.46
diff -u -p -u -r1.46 vfs_syscalls_20.c
--- compat/common/vfs_syscalls_20.c 28 Jun 2020 14:37:53 -0000 1.46
+++ compat/common/vfs_syscalls_20.c 18 Sep 2021 21:46:07 -0000
@@ -172,7 +172,7 @@ compat_20_sys_fhstatfs(struct lwp *l, co
/*
* Must be super user
*/
- if ((error = kauth_authorize_system(l->l_cred,
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
KAUTH_SYSTEM_FILEHANDLE, 0, NULL, NULL, NULL)))
return (error);
Index: compat/common/vfs_syscalls_30.c
===================================================================
RCS file: /cvsroot/src/sys/compat/common/vfs_syscalls_30.c,v
retrieving revision 1.43
diff -u -p -u -r1.43 vfs_syscalls_30.c
--- compat/common/vfs_syscalls_30.c 7 Sep 2021 11:43:02 -0000 1.43
+++ compat/common/vfs_syscalls_30.c 18 Sep 2021 21:46:07 -0000
@@ -349,8 +349,8 @@ compat_30_sys_getfh(struct lwp *l, const
/*
* Must be super user
*/
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FILEHANDLE,
- 0, NULL, NULL, NULL);
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FILEHANDLE, 0, NULL, NULL, NULL);
if (error)
return (error);
Index: compat/common/vfs_syscalls_50.c
===================================================================
RCS file: /cvsroot/src/sys/compat/common/vfs_syscalls_50.c,v
retrieving revision 1.26
diff -u -p -u -r1.26 vfs_syscalls_50.c
--- compat/common/vfs_syscalls_50.c 15 Aug 2021 07:57:46 -0000 1.26
+++ compat/common/vfs_syscalls_50.c 18 Sep 2021 21:46:07 -0000
@@ -291,7 +291,7 @@ compat_50_sys_lfs_segwait(struct lwp *l,
int error;
/* XXX need we be su to segwait? */
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_LFS,
KAUTH_REQ_SYSTEM_LFS_SEGWAIT, NULL, NULL, NULL);
if (error)
return (error);
Index: compat/linux/arch/i386/linux_machdep.c
===================================================================
RCS file: /cvsroot/src/sys/compat/linux/arch/i386/linux_machdep.c,v
retrieving revision 1.168
diff -u -p -u -r1.168 linux_machdep.c
--- compat/linux/arch/i386/linux_machdep.c 7 Sep 2021 11:43:04 -0000 1.168
+++ compat/linux/arch/i386/linux_machdep.c 18 Sep 2021 21:46:07 -0000
@@ -998,7 +998,7 @@ linux_sys_iopl(struct lwp *l, const stru
} */
struct trapframe *fp = l->l_md.md_regs;
- if (kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPL,
+ if (kauth_authorize_machdep(l->l_proc, l->l_cred, KAUTH_MACHDEP_IOPL,
NULL, NULL, NULL, NULL) != 0)
return EPERM;
fp->tf_eflags |= PSL_IOPL;
@@ -1020,7 +1020,7 @@ linux_sys_ioperm(struct lwp *l, const st
} */
struct trapframe *fp = l->l_md.md_regs;
- if (kauth_authorize_machdep(l->l_cred, SCARG(uap, val) ?
+ if (kauth_authorize_machdep(l->l_proc, l->l_cred, SCARG(uap, val) ?
KAUTH_MACHDEP_IOPERM_SET : KAUTH_MACHDEP_IOPERM_GET, NULL, NULL,
NULL, NULL) != 0)
return EPERM;
Index: compat/linux/arch/m68k/linux_machdep.c
===================================================================
RCS file: /cvsroot/src/sys/compat/linux/arch/m68k/linux_machdep.c,v
retrieving revision 1.43
diff -u -p -u -r1.43 linux_machdep.c
--- compat/linux/arch/m68k/linux_machdep.c 7 Sep 2021 11:43:04 -0000 1.43
+++ compat/linux/arch/m68k/linux_machdep.c 18 Sep 2021 21:46:07 -0000
@@ -850,7 +850,7 @@ linux_sys_cacheflush(struct lwp *l, cons
* LINUX_FLUSH_SCOPE_ALL (flush whole cache) is limited to super users.
*/
if (scope == LINUX_FLUSH_SCOPE_ALL) {
- if ((error = kauth_authorize_machdep(l->l_cred,
+ if ((error = kauth_authorize_machdep(l->l_proc, l->l_cred,
KAUTH_MACHDEP_CACHEFLUSH, NULL, NULL, NULL, NULL)) != 0)
return error;
#if defined(M68040) || defined(M68060)
Index: compat/linux/common/linux_misc.c
===================================================================
RCS file: /cvsroot/src/sys/compat/linux/common/linux_misc.c,v
retrieving revision 1.252
diff -u -p -u -r1.252 linux_misc.c
--- compat/linux/common/linux_misc.c 7 Sep 2021 11:43:04 -0000 1.252
+++ compat/linux/common/linux_misc.c 18 Sep 2021 21:46:07 -0000
@@ -1248,7 +1248,7 @@ linux_sys_reboot(struct lwp *l, const st
} */ sra;
int error;
- if ((error = kauth_authorize_system(l->l_cred,
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
KAUTH_SYSTEM_REBOOT, 0, NULL, NULL, NULL)) != 0)
return(error);
Index: compat/linux/common/linux_sched.c
===================================================================
RCS file: /cvsroot/src/sys/compat/linux/common/linux_sched.c,v
retrieving revision 1.79
diff -u -p -u -r1.79 linux_sched.c
--- compat/linux/common/linux_sched.c 7 Sep 2021 11:43:04 -0000 1.79
+++ compat/linux/common/linux_sched.c 18 Sep 2021 21:46:07 -0000
@@ -635,7 +635,7 @@ linux_sys_sched_getaffinity(struct lwp *
}
/* Check the permission */
- if (kauth_authorize_process(l->l_cred,
+ if (kauth_authorize_process(l->l_proc, l->l_cred,
KAUTH_PROCESS_SCHEDULER_GETAFFINITY, p, NULL, NULL, NULL)) {
mutex_exit(p->p_lock);
return EPERM;
Index: compat/linux/common/linux_signal.c
===================================================================
RCS file: /cvsroot/src/sys/compat/linux/common/linux_signal.c,v
retrieving revision 1.84
diff -u -p -u -r1.84 linux_signal.c
--- compat/linux/common/linux_signal.c 7 Sep 2021 11:43:04 -0000 1.84
+++ compat/linux/common/linux_signal.c 18 Sep 2021 21:46:07 -0000
@@ -774,7 +774,7 @@ linux_do_tkill(struct lwp *l, int tgid,
return ESRCH;
}
mutex_enter(p->p_lock);
- error = kauth_authorize_process(l->l_cred,
+ error = kauth_authorize_process(l->l_proc, l->l_cred,
KAUTH_PROCESS_SIGNAL, p, KAUTH_ARG(signum), NULL, NULL);
if ((t = lwp_find(p, ksi.ksi_lid)) == NULL)
error = ESRCH;
Index: compat/linux/common/linux_time.c
===================================================================
RCS file: /cvsroot/src/sys/compat/linux/common/linux_time.c,v
retrieving revision 1.40
diff -u -p -u -r1.40 linux_time.c
--- compat/linux/common/linux_time.c 7 Sep 2021 11:43:04 -0000 1.40
+++ compat/linux/common/linux_time.c 18 Sep 2021 21:46:07 -0000
@@ -103,7 +103,7 @@ linux_sys_settimeofday(struct lwp *l, co
}
if (SCARG(uap, tzp)) {
- if (kauth_authorize_generic(kauth_cred_get(),
+ if (kauth_authorize_generic(curproc, kauth_cred_get(),
KAUTH_GENERIC_ISSUSER, NULL) != 0)
return (EPERM);
error = copyin(SCARG(uap, tzp), &linux_sys_tz, sizeof(linux_sys_tz));
Index: compat/netbsd32/netbsd32_compat_30.c
===================================================================
RCS file: /cvsroot/src/sys/compat/netbsd32/netbsd32_compat_30.c,v
retrieving revision 1.36
diff -u -p -u -r1.36 netbsd32_compat_30.c
--- compat/netbsd32/netbsd32_compat_30.c 19 Jan 2021 03:20:13 -0000 1.36
+++ compat/netbsd32/netbsd32_compat_30.c 18 Sep 2021 21:46:07 -0000
@@ -181,7 +181,7 @@ compat_30_netbsd32_fhstat(struct lwp *l,
/*
* Must be super user
*/
- if ((error = kauth_authorize_system(l->l_cred,
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
KAUTH_SYSTEM_FILEHANDLE, 0, NULL, NULL, NULL)))
return error;
Index: compat/netbsd32/netbsd32_compat_50.c
===================================================================
RCS file: /cvsroot/src/sys/compat/netbsd32/netbsd32_compat_50.c,v
retrieving revision 1.52
diff -u -p -u -r1.52 netbsd32_compat_50.c
--- compat/netbsd32/netbsd32_compat_50.c 7 Sep 2021 11:43:05 -0000 1.52
+++ compat/netbsd32/netbsd32_compat_50.c 18 Sep 2021 21:46:07 -0000
@@ -250,9 +250,9 @@ compat_50_netbsd32_adjtime(struct lwp *l
extern int time_adjusted; /* in kern_ntptime.c */
extern int64_t time_adjtime; /* in kern_ntptime.c */
- if ((error = kauth_authorize_system(l->l_cred,
- KAUTH_SYSTEM_TIME, KAUTH_REQ_SYSTEM_TIME_ADJTIME, NULL, NULL,
- NULL)) != 0)
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_TIME, KAUTH_REQ_SYSTEM_TIME_ADJTIME, NULL,
+ NULL, NULL)) != 0)
return error;
if (SCARG_P32(uap, olddelta)) {
Index: compat/netbsd32/netbsd32_compat_80.c
===================================================================
RCS file: /cvsroot/src/sys/compat/netbsd32/netbsd32_compat_80.c,v
retrieving revision 1.6
diff -u -p -u -r1.6 netbsd32_compat_80.c
--- compat/netbsd32/netbsd32_compat_80.c 12 Dec 2019 02:15:42 -0000 1.6
+++ compat/netbsd32/netbsd32_compat_80.c 18 Sep 2021 21:46:07 -0000
@@ -68,8 +68,8 @@ modctl32_handle_ostat(int cmd, struct ne
return EINVAL;
/* If not privileged, don't expose kernel addresses. */
- error = kauth_authorize_system(kauth_cred_get(), KAUTH_SYSTEM_MODULE,
- 0, (void *)(uintptr_t)MODCTL_STAT, NULL, NULL);
+ error = kauth_authorize_system(curproc, kauth_cred_get(),
+ KAUTH_SYSTEM_MODULE, 0, KAUTH_ARG(MODCTL_STAT), NULL, NULL);
stataddr = (error == 0);
kernconfig_lock();
Index: compat/netbsd32/netbsd32_fd.c
===================================================================
RCS file: /cvsroot/src/sys/compat/netbsd32/netbsd32_fd.c,v
retrieving revision 1.1
diff -u -p -u -r1.1 netbsd32_fd.c
--- compat/netbsd32/netbsd32_fd.c 24 Dec 2018 21:27:05 -0000 1.1
+++ compat/netbsd32/netbsd32_fd.c 18 Sep 2021 21:46:07 -0000
@@ -64,8 +64,8 @@ netbsd32___getfh30(struct lwp *l, const
/*
* Must be super user
*/
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FILEHANDLE,
- 0, NULL, NULL, NULL);
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FILEHANDLE, 0, NULL, NULL, NULL);
if (error)
return error;
Index: compat/netbsd32/netbsd32_module.c
===================================================================
RCS file: /cvsroot/src/sys/compat/netbsd32/netbsd32_module.c,v
retrieving revision 1.10
diff -u -p -u -r1.10 netbsd32_module.c
--- compat/netbsd32/netbsd32_module.c 1 Mar 2019 11:06:56 -0000 1.10
+++ compat/netbsd32/netbsd32_module.c 18 Sep 2021 21:46:07 -0000
@@ -63,8 +63,8 @@ modctl32_handle_stat(struct netbsd32_iov
bool stataddr;
/* If not privileged, don't expose kernel addresses. */
- error = kauth_authorize_system(kauth_cred_get(), KAUTH_SYSTEM_MODULE,
- 0, (void *)(uintptr_t)MODCTL_STAT, NULL, NULL);
+ error = kauth_authorize_system(curproc, kauth_cred_get(),
+ KAUTH_SYSTEM_MODULE, 0, KAUTH_ARG(MODCTL_STAT), NULL, NULL);
stataddr = (error == 0);
kernconfig_lock();
@@ -253,10 +253,9 @@ netbsd32_modctl(struct lwp *lwp, const s
switch (loadtype) { /* 0 = modload, 1 = autoload */
case 0: /* FALLTHROUGH */
case 1:
- error = kauth_authorize_system(kauth_cred_get(),
- KAUTH_SYSTEM_MODULE, 0,
- (void *)(uintptr_t)MODCTL_LOAD,
- (void *)loadtype, NULL);
+ error = kauth_authorize_system(curproc,
+ kauth_cred_get(), KAUTH_SYSTEM_MODULE, 0,
+ KAUTH_ARG(MODCTL_LOAD), KAUTH_ARG(loadtype), NULL);
break;
default:
Index: compat/netbsd32/netbsd32_time.c
===================================================================
RCS file: /cvsroot/src/sys/compat/netbsd32/netbsd32_time.c,v
retrieving revision 1.56
diff -u -p -u -r1.56 netbsd32_time.c
--- compat/netbsd32/netbsd32_time.c 7 Sep 2021 11:43:05 -0000 1.56
+++ compat/netbsd32/netbsd32_time.c 18 Sep 2021 21:46:07 -0000
@@ -111,9 +111,9 @@ netbsd32_ntp_adjtime(struct lwp *l, cons
* the assumption the superuser should know what it is doing.
*/
modes = ntv.modes;
- if (modes != 0 && (error = kauth_authorize_system(l->l_cred,
- KAUTH_SYSTEM_TIME, KAUTH_REQ_SYSTEM_TIME_NTPADJTIME, NULL, NULL,
- NULL)))
+ if (modes != 0 && (error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_TIME, KAUTH_REQ_SYSTEM_TIME_NTPADJTIME,
+ NULL, NULL, NULL)))
return error;
(*vec_ntp_adjtime1)(&ntv);
@@ -263,9 +263,9 @@ netbsd32___adjtime50(struct lwp *l, cons
extern int time_adjusted; /* in kern_ntptime.c */
extern int64_t time_adjtime; /* in kern_ntptime.c */
- if ((error = kauth_authorize_system(l->l_cred,
- KAUTH_SYSTEM_TIME, KAUTH_REQ_SYSTEM_TIME_ADJTIME, NULL, NULL,
- NULL)) != 0)
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_TIME, KAUTH_REQ_SYSTEM_TIME_ADJTIME, NULL,
+ NULL, NULL)) != 0)
return error;
if (SCARG_P32(uap, olddelta)) {
Index: compat/sunos/sunos_misc.c
===================================================================
RCS file: /cvsroot/src/sys/compat/sunos/sunos_misc.c,v
retrieving revision 1.177
diff -u -p -u -r1.177 sunos_misc.c
--- compat/sunos/sunos_misc.c 7 Sep 2021 11:43:05 -0000 1.177
+++ compat/sunos/sunos_misc.c 18 Sep 2021 21:46:07 -0000
@@ -1020,8 +1020,8 @@ sunos_sys_reboot(struct lwp *l, const st
char *bootstr;
char bs[128];
- if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_REBOOT,
- 0, NULL, NULL, NULL)) != 0)
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_REBOOT, 0, NULL, NULL, NULL)) != 0)
return (error);
/*
Index: compat/sunos32/sunos32_misc.c
===================================================================
RCS file: /cvsroot/src/sys/compat/sunos32/sunos32_misc.c,v
retrieving revision 1.85
diff -u -p -u -r1.85 sunos32_misc.c
--- compat/sunos32/sunos32_misc.c 7 Sep 2021 11:43:05 -0000 1.85
+++ compat/sunos32/sunos32_misc.c 18 Sep 2021 21:46:07 -0000
@@ -1262,7 +1262,7 @@ sunos32_sys_reboot(struct lwp *l, const
int error, bsd_howto, sun_howto;
char *bootstr;
- if ((error = kauth_authorize_system(l->l_cred,
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
KAUTH_SYSTEM_REBOOT, 0, NULL, NULL, NULL)) != 0)
return (error);
Index: dev/bio.c
===================================================================
RCS file: /cvsroot/src/sys/dev/bio.c,v
retrieving revision 1.17
diff -u -p -u -r1.17 bio.c
--- dev/bio.c 19 Dec 2020 01:12:21 -0000 1.17
+++ dev/bio.c 18 Sep 2021 21:46:08 -0000
@@ -130,16 +130,16 @@ bioioctl(dev_t dev, u_long cmd, void *ad
case BIOCVOL:
case OBIOCDISK:
case OBIOCVOL:
- error = kauth_authorize_device_passthru(l->l_cred, dev,
- KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READCONF, addr);
+ error = kauth_authorize_device_passthru(l->l_proc, l->l_cred,
+ dev, KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READCONF, addr);
if (error)
return error;
break;
case BIOCBLINK:
case BIOCSETSTATE:
case BIOCVOLOPS:
- error = kauth_authorize_device_passthru(l->l_cred, dev,
- KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_WRITECONF, addr);
+ error = kauth_authorize_device_passthru(l->l_proc, l->l_cred,
+ dev, KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_WRITECONF, addr);
if (error)
return error;
break;
@@ -150,13 +150,15 @@ bioioctl(dev_t dev, u_long cmd, void *ad
case BIOC_SAENABLE:
case BIOC_SASILENCE:
case BIOC_SATEST:
- error = kauth_authorize_device_passthru(l->l_cred, dev,
+ error = kauth_authorize_device_passthru(l->l_proc,
+ l->l_cred, dev,
KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_WRITECONF, addr);
if (error)
return error;
break;
case BIOC_GASTATUS:
- error = kauth_authorize_device_passthru(l->l_cred, dev,
+ error = kauth_authorize_device_passthru(l->l_proc,
+ l->l_cred, dev,
KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READCONF, addr);
if (error)
return error;
Index: dev/cons.c
===================================================================
RCS file: /cvsroot/src/sys/dev/cons.c,v
retrieving revision 1.77
diff -u -p -u -r1.77 cons.c
--- dev/cons.c 6 Dec 2019 04:15:38 -0000 1.77
+++ dev/cons.c 18 Sep 2021 21:46:08 -0000
@@ -203,7 +203,7 @@ cnioctl(dev_t dev, u_long cmd, void *dat
* output from the "virtual" console.
*/
if (cmd == TIOCCONS && constty != NULL) {
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_VIRTUAL, constty);
if (!error)
constty = NULL;
Index: dev/random.c
===================================================================
RCS file: /cvsroot/src/sys/dev/random.c,v
retrieving revision 1.9
diff -u -p -u -r1.9 random.c
--- dev/random.c 13 Jan 2021 23:54:21 -0000 1.9
+++ dev/random.c 18 Sep 2021 21:46:08 -0000
@@ -253,7 +253,7 @@ random_write(dev_t dev, struct uio *uio,
int error = 0;
/* Verify user's authorization to affect the entropy pool. */
- error = kauth_authorize_device(cred, KAUTH_DEVICE_RND_ADDDATA,
+ error = kauth_authorize_device(curproc, cred, KAUTH_DEVICE_RND_ADDDATA,
NULL, NULL, NULL, NULL);
if (error)
return error;
@@ -264,8 +264,8 @@ random_write(dev_t dev, struct uio *uio,
* assume it has zero entropy when we do accounting. If you
* want to specify less entropy, use ioctl(RNDADDDATA).
*/
- if (kauth_authorize_device(cred, KAUTH_DEVICE_RND_ADDDATA_ESTIMATE,
- NULL, NULL, NULL, NULL) == 0)
+ if (kauth_authorize_device(curproc, cred,
+ KAUTH_DEVICE_RND_ADDDATA_ESTIMATE, NULL, NULL, NULL, NULL) == 0)
privileged = true;
/* Get a buffer for transfers. */
Index: dev/veriexec.c
===================================================================
RCS file: /cvsroot/src/sys/dev/veriexec.c,v
retrieving revision 1.2
diff -u -p -u -r1.2 veriexec.c
--- dev/veriexec.c 21 Jun 2021 03:11:05 -0000 1.2
+++ dev/veriexec.c 18 Sep 2021 21:46:08 -0000
@@ -84,7 +84,7 @@ veriexecattach(DEVPORT_DEVICE *parent, D
static int
veriexecopen(dev_t dev, int flags, int fmt, struct lwp *l)
{
- if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_VERIEXEC,
+ if (kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_VERIEXEC,
KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS, NULL, NULL, NULL))
return (EPERM);
@@ -164,9 +164,9 @@ veriexecioctl(dev_t dev, u_long cmd, voi
if (!(flags & FWRITE))
return (EPERM);
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_VERIEXEC,
- KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY, KAUTH_ARG(cmd), NULL,
- NULL);
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_VERIEXEC, KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY,
+ KAUTH_ARG(cmd), NULL, NULL);
if (error)
return error;
Index: dev/arcbios/arcbios_tty.c
===================================================================
RCS file: /cvsroot/src/sys/dev/arcbios/arcbios_tty.c,v
retrieving revision 1.25
diff -u -p -u -r1.25 arcbios_tty.c
--- dev/arcbios/arcbios_tty.c 25 Jul 2014 08:10:36 -0000 1.25
+++ dev/arcbios/arcbios_tty.c 18 Sep 2021 21:46:08 -0000
@@ -105,7 +105,8 @@ arcbios_ttyopen(dev_t dev, int flag, int
tp->t_param = arcbios_tty_param;
tp->t_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp)) {
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp)) {
splx(s);
return (EBUSY);
}
Index: dev/bluetooth/bcsp.c
===================================================================
RCS file: /cvsroot/src/sys/dev/bluetooth/bcsp.c,v
retrieving revision 1.31
diff -u -p -u -r1.31 bcsp.c
--- dev/bluetooth/bcsp.c 24 Jan 2019 09:33:03 -0000 1.31
+++ dev/bluetooth/bcsp.c 18 Sep 2021 21:46:08 -0000
@@ -372,7 +372,8 @@ bcspopen(dev_t device __unused, struct t
int error, unit, s;
static char name[] = "bcsp";
- error = kauth_authorize_device(l->l_cred, KAUTH_DEVICE_BLUETOOTH_BCSP,
+ error = kauth_authorize_device(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_BLUETOOTH_BCSP,
KAUTH_ARG(KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD), NULL, NULL, NULL);
if (error)
return (error);
Index: dev/bluetooth/bth5.c
===================================================================
RCS file: /cvsroot/src/sys/dev/bluetooth/bth5.c,v
retrieving revision 1.6
diff -u -p -u -r1.6 bth5.c
--- dev/bluetooth/bth5.c 16 Nov 2019 22:06:49 -0000 1.6
+++ dev/bluetooth/bth5.c 18 Sep 2021 21:46:08 -0000
@@ -377,7 +377,8 @@ bth5open(dev_t device __unused, struct t
int error, unit, s;
static char name[] = "bthfive";
- error = kauth_authorize_device(l->l_cred, KAUTH_DEVICE_BLUETOOTH_BCSP,
+ error = kauth_authorize_device(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_BLUETOOTH_BCSP,
KAUTH_ARG(KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD), NULL, NULL, NULL);
if (error)
return (error);
Index: dev/bluetooth/btuart.c
===================================================================
RCS file: /cvsroot/src/sys/dev/bluetooth/btuart.c,v
retrieving revision 1.29
diff -u -p -u -r1.29 btuart.c
--- dev/bluetooth/btuart.c 24 Jan 2019 09:33:03 -0000 1.29
+++ dev/bluetooth/btuart.c 18 Sep 2021 21:46:08 -0000
@@ -225,7 +225,8 @@ btuartopen(dev_t devno __unused, struct
struct lwp *l = curlwp; /* XXX */
int error, unit, s;
- error = kauth_authorize_device(l->l_cred, KAUTH_DEVICE_BLUETOOTH_BTUART,
+ error = kauth_authorize_device(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_BLUETOOTH_BTUART,
KAUTH_ARG(KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD), NULL, NULL, NULL);
if (error)
return (error);
Index: dev/dec/dz.c
===================================================================
RCS file: /cvsroot/src/sys/dev/dec/dz.c,v
retrieving revision 1.42
diff -u -p -u -r1.42 dz.c
--- dev/dec/dz.c 25 Jul 2014 08:10:36 -0000 1.42
+++ dev/dec/dz.c 18 Sep 2021 21:46:08 -0000
@@ -388,7 +388,8 @@ dzopen(dev_t dev, int flag, int mode, st
tp->t_param = dzparam;
tp->t_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
if ((tp->t_state & TS_ISOPEN) == 0) {
Index: dev/dm/device-mapper.c
===================================================================
RCS file: /cvsroot/src/sys/dev/dm/device-mapper.c,v
retrieving revision 1.62
diff -u -p -u -r1.62 device-mapper.c
--- dev/dm/device-mapper.c 7 May 2021 09:54:43 -0000 1.62
+++ dev/dm/device-mapper.c 18 Sep 2021 21:46:08 -0000
@@ -453,7 +453,7 @@ dm_cmd_to_fun(prop_dictionary_t dm_dict)
break;
if (!cmd_fn[i].allowed &&
- (r = kauth_authorize_system(kauth_cred_get(),
+ (r = kauth_authorize_system(curproc, kauth_cred_get(),
KAUTH_SYSTEM_DEVMAPPER, 0, NULL, NULL, NULL)) != 0)
return r;
Index: dev/gpio/gpio.c
===================================================================
RCS file: /cvsroot/src/sys/dev/gpio/gpio.c,v
retrieving revision 1.67
diff -u -p -u -r1.67 gpio.c
--- dev/gpio/gpio.c 9 Aug 2021 20:49:09 -0000 1.67
+++ dev/gpio/gpio.c 18 Sep 2021 21:46:08 -0000
@@ -88,7 +88,7 @@ static int gpio_ioctl(struct gpio_softc
#ifdef COMPAT_50
/* Old API */
static int gpio_ioctl_oapi(struct gpio_softc *, u_long, void *, int,
- kauth_cred_t);
+ struct lwp *);
#endif
CFATTACH_DECL3_NEW(gpio, sizeof(struct gpio_softc),
@@ -690,7 +690,6 @@ gpio_ioctl(struct gpio_softc *sc, u_long
#endif
device_t dv;
cfdata_t cf;
- kauth_cred_t cred;
int locs[GPIOCF_NLOCS];
int error, pin, value, flags, npins;
@@ -703,13 +702,11 @@ gpio_ioctl(struct gpio_softc *sc, u_long
return EBUSY;
}
- cred = kauth_cred_get();
-
switch (cmd) {
case GPIOINFO:
info = data;
- if (!kauth_authorize_device(cred, KAUTH_DEVICE_GPIO_PINSET,
- NULL, NULL, NULL, NULL))
+ if (!kauth_authorize_device(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_GPIO_PINSET, NULL, NULL, NULL, NULL))
info->gpio_npins = sc->sc_npins;
else {
for (pin = npins = 0; pin < sc->sc_npins; pin++)
@@ -729,8 +726,8 @@ gpio_ioctl(struct gpio_softc *sc, u_long
return EINVAL;
if (!(sc->sc_pins[pin].pin_flags & GPIO_PIN_SET) &&
- kauth_authorize_device(cred, KAUTH_DEVICE_GPIO_PINSET,
- NULL, NULL, NULL, NULL))
+ kauth_authorize_device(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_GPIO_PINSET, NULL, NULL, NULL, NULL))
return EPERM;
/* return read value */
@@ -759,8 +756,8 @@ gpio_ioctl(struct gpio_softc *sc, u_long
return EBUSY;
if (!(sc->sc_pins[pin].pin_flags & GPIO_PIN_SET) &&
- kauth_authorize_device(cred, KAUTH_DEVICE_GPIO_PINSET,
- NULL, NULL, NULL, NULL))
+ kauth_authorize_device(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_GPIO_PINSET, NULL, NULL, NULL, NULL))
return EPERM;
value = req->gp_value;
@@ -791,8 +788,8 @@ gpio_ioctl(struct gpio_softc *sc, u_long
return EBUSY;
if (!(sc->sc_pins[pin].pin_flags & GPIO_PIN_SET) &&
- kauth_authorize_device(cred, KAUTH_DEVICE_GPIO_PINSET,
- NULL, NULL, NULL, NULL))
+ kauth_authorize_device(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_GPIO_PINSET, NULL, NULL, NULL, NULL))
return EPERM;
value = (sc->sc_pins[pin].pin_state == GPIO_PIN_LOW ?
@@ -818,8 +815,8 @@ gpio_ioctl(struct gpio_softc *sc, u_long
*/
attach = data;
#endif
- if (kauth_authorize_device(cred, KAUTH_DEVICE_GPIO_PINSET,
- NULL, NULL, NULL, NULL))
+ if (kauth_authorize_device(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_GPIO_PINSET, NULL, NULL, NULL, NULL))
return EPERM;
/* do not try to attach if the pins are already mapped */
@@ -878,8 +875,8 @@ gpio_ioctl(struct gpio_softc *sc, u_long
mutex_exit(&sc->sc_mtx);
return error;
case GPIOSET:
- if (kauth_authorize_device(cred, KAUTH_DEVICE_GPIO_PINSET,
- NULL, NULL, NULL, NULL))
+ if (kauth_authorize_device(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_GPIO_PINSET, NULL, NULL, NULL, NULL))
return EPERM;
set = data;
@@ -935,8 +932,8 @@ gpio_ioctl(struct gpio_softc *sc, u_long
}
break;
case GPIOUNSET:
- if (kauth_authorize_device(cred, KAUTH_DEVICE_GPIO_PINSET,
- NULL, NULL, NULL, NULL))
+ if (kauth_authorize_device(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_GPIO_PINSET, NULL, NULL, NULL, NULL))
return EPERM;
set = data;
@@ -965,7 +962,7 @@ gpio_ioctl(struct gpio_softc *sc, u_long
#ifdef COMPAT_50
/* Try the old API */
DPRINTF(("%s: trying the old API\n", device_xname(sc->sc_dev)));
- return gpio_ioctl_oapi(sc, cmd, data, flag, cred);
+ return gpio_ioctl_oapi(sc, cmd, data, flag, l);
#else
return ENOTTY;
#endif
@@ -976,7 +973,7 @@ gpio_ioctl(struct gpio_softc *sc, u_long
#ifdef COMPAT_50
static int
gpio_ioctl_oapi(struct gpio_softc *sc, u_long cmd, void *data, int flag,
- kauth_cred_t cred)
+ struct lwp *l)
{
gpio_chipset_tag_t gc;
struct gpio_pin_op *op;
@@ -998,8 +995,8 @@ gpio_ioctl_oapi(struct gpio_softc *sc, u
return EINVAL;
if (!(sc->sc_pins[pin].pin_flags & GPIO_PIN_SET) &&
- kauth_authorize_device(cred, KAUTH_DEVICE_GPIO_PINSET,
- NULL, NULL, NULL, NULL))
+ kauth_authorize_device(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_GPIO_PINSET, NULL, NULL, NULL, NULL))
return EPERM;
/* return read value */
@@ -1020,8 +1017,8 @@ gpio_ioctl_oapi(struct gpio_softc *sc, u
return EBUSY;
if (!(sc->sc_pins[pin].pin_flags & GPIO_PIN_SET) &&
- kauth_authorize_device(cred, KAUTH_DEVICE_GPIO_PINSET,
- NULL, NULL, NULL, NULL))
+ kauth_authorize_device(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_GPIO_PINSET, NULL, NULL, NULL, NULL))
return EPERM;
value = op->gp_value;
@@ -1049,8 +1046,8 @@ gpio_ioctl_oapi(struct gpio_softc *sc, u
return EBUSY;
if (!(sc->sc_pins[pin].pin_flags & GPIO_PIN_SET) &&
- kauth_authorize_device(cred, KAUTH_DEVICE_GPIO_PINSET,
- NULL, NULL, NULL, NULL))
+ kauth_authorize_device(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_GPIO_PINSET, NULL, NULL, NULL, NULL))
return EPERM;
value = (sc->sc_pins[pin].pin_state == GPIO_PIN_LOW ?
@@ -1064,8 +1061,8 @@ gpio_ioctl_oapi(struct gpio_softc *sc, u
case GPIOPINCTL:
ctl = data;
- if (kauth_authorize_device(cred, KAUTH_DEVICE_GPIO_PINSET,
- NULL, NULL, NULL, NULL))
+ if (kauth_authorize_device(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_GPIO_PINSET, NULL, NULL, NULL, NULL))
return EPERM;
pin = ctl->gp_pin;
@@ -1092,8 +1089,8 @@ gpio_ioctl_oapi(struct gpio_softc *sc, u
case GPIODETACH50:
/* FALLTHOUGH */
case GPIODETACH:
- if (kauth_authorize_device(cred, KAUTH_DEVICE_GPIO_PINSET,
- NULL, NULL, NULL, NULL))
+ if (kauth_authorize_device(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_GPIO_PINSET, NULL, NULL, NULL, NULL))
return EPERM;
error = 0;
Index: dev/hpc/biconsdev.c
===================================================================
RCS file: /cvsroot/src/sys/dev/hpc/biconsdev.c,v
retrieving revision 1.23
diff -u -p -u -r1.23 biconsdev.c
--- dev/hpc/biconsdev.c 20 Aug 2015 14:40:18 -0000 1.23
+++ dev/hpc/biconsdev.c 18 Sep 2021 21:46:08 -0000
@@ -173,7 +173,8 @@ biconsdevopen(dev_t dev, int flag, int m
struct tty *tp = &biconsdev_tty[0];
int status;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
if ((tp->t_state & TS_ISOPEN) == 0) {
Index: dev/hpc/hpf1275a_tty.c
===================================================================
RCS file: /cvsroot/src/sys/dev/hpc/hpf1275a_tty.c,v
retrieving revision 1.31
diff -u -p -u -r1.31 hpf1275a_tty.c
--- dev/hpc/hpf1275a_tty.c 7 Aug 2021 16:19:11 -0000 1.31
+++ dev/hpc/hpf1275a_tty.c 18 Sep 2021 21:46:08 -0000
@@ -310,7 +310,7 @@ hpf1275a_open(dev_t dev, struct tty *tp)
device_t self;
int error, s;
- if ((error = kauth_authorize_device_tty(l->l_cred,
+ if ((error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_OPEN, tp)))
return (error);
Index: dev/i2o/dpti.c
===================================================================
RCS file: /cvsroot/src/sys/dev/i2o/dpti.c,v
retrieving revision 1.50
diff -u -p -u -r1.50 dpti.c
--- dev/i2o/dpti.c 3 Sep 2018 16:29:31 -0000 1.50
+++ dev/i2o/dpti.c 18 Sep 2021 21:46:08 -0000
@@ -278,7 +278,7 @@ dptiioctl(dev_t dev, u_long cmd, void *d
break;
case DPT_I2OUSRCMD:
- rv = kauth_authorize_device_passthru(l->l_cred, dev,
+ rv = kauth_authorize_device_passthru(l->l_proc, l->l_cred, dev,
KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
if (rv)
break;
Index: dev/i2o/iop.c
===================================================================
RCS file: /cvsroot/src/sys/dev/i2o/iop.c,v
retrieving revision 1.92
diff -u -p -u -r1.92 iop.c
--- dev/i2o/iop.c 7 Aug 2021 16:19:11 -0000 1.92
+++ dev/i2o/iop.c 18 Sep 2021 21:46:08 -0000
@@ -2474,7 +2474,7 @@ iopioctl(dev_t dev, u_long cmd, void *da
switch (cmd) {
case IOPIOCPT:
- rv = kauth_authorize_device_passthru(l->l_cred, dev,
+ rv = kauth_authorize_device_passthru(l->l_proc, l->l_cred, dev,
KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
if (rv)
return (rv);
Index: dev/ic/an.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/an.c,v
retrieving revision 1.75
diff -u -p -u -r1.75 an.c
--- dev/ic/an.c 16 Jun 2021 00:21:18 -0000 1.75
+++ dev/ic/an.c 18 Sep 2021 21:46:08 -0000
@@ -1287,7 +1287,7 @@ an_get_nwkey(struct an_softc *sc, struct
continue;
/* do not show any keys to non-root user */
/* XXX-elad: why is this inside a loop? */
- if ((error = kauth_authorize_network(curlwp->l_cred,
+ if ((error = kauth_authorize_network(curproc, kauth_cred_get(),
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, sc->sc_ic.ic_ifp,
KAUTH_ARG(SIOCG80211NWKEY), NULL)) != 0)
Index: dev/ic/ath.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/ath.c,v
retrieving revision 1.136
diff -u -p -u -r1.136 ath.c
--- dev/ic/ath.c 9 Aug 2021 20:49:10 -0000 1.136
+++ dev/ic/ath.c 18 Sep 2021 21:46:08 -0000
@@ -5426,7 +5426,7 @@ ath_ioctl(struct ifnet *ifp, u_long cmd,
}
case SIOCGATHDIAG:
- error = kauth_authorize_network(curlwp->l_cred,
+ error = kauth_authorize_network(curproc, kauth_cred_get(),
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
NULL);
Index: dev/ic/atw.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/atw.c,v
retrieving revision 1.171
diff -u -p -u -r1.171 atw.c
--- dev/ic/atw.c 16 Jun 2021 00:21:18 -0000 1.171
+++ dev/ic/atw.c 18 Sep 2021 21:46:08 -0000
@@ -3946,8 +3946,8 @@ atw_ioctl(struct ifnet *ifp, u_long cmd,
case SIOCS80211:
ireq = data;
if (ireq->i_type == IEEE80211_IOC_FRAGTHRESHOLD) {
- if ((error = kauth_authorize_network(curlwp->l_cred,
- KAUTH_NETWORK_INTERFACE,
+ if ((error = kauth_authorize_network(curproc,
+ kauth_cred_get(), KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp,
(void *)cmd, NULL)) != 0)
break;
Index: dev/ic/cd18xx.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/cd18xx.c,v
retrieving revision 1.31
diff -u -p -u -r1.31 cd18xx.c
--- dev/ic/cd18xx.c 25 Jul 2014 08:10:37 -0000 1.31
+++ dev/ic/cd18xx.c 18 Sep 2021 21:46:08 -0000
@@ -415,7 +415,8 @@ cdttyopen(dev_t dev, int flag, int mode,
tp = port->p_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -617,7 +618,7 @@ cdttyioctl(dev_t dev, u_long cmd, void *
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error)
return (error);
Index: dev/ic/clmpcc.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/clmpcc.c,v
retrieving revision 1.54
diff -u -p -u -r1.54 clmpcc.c
--- dev/ic/clmpcc.c 10 Nov 2019 21:16:35 -0000 1.54
+++ dev/ic/clmpcc.c 18 Sep 2021 21:46:08 -0000
@@ -484,7 +484,8 @@ clmpccopen(dev_t dev, int flag, int mode
tp = ch->ch_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return EBUSY;
/*
@@ -693,7 +694,7 @@ clmpccioctl(dev_t dev, u_long cmd, void
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if ( error )
break;
Index: dev/ic/com.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/com.c,v
retrieving revision 1.365
diff -u -p -u -r1.365 com.c
--- dev/ic/com.c 31 Jul 2021 10:04:12 -0000 1.365
+++ dev/ic/com.c 18 Sep 2021 21:46:08 -0000
@@ -957,7 +957,8 @@ comopen(dev_t dev, int flag, int mode, s
if (ISSET(tp->t_state, TS_KERN_ONLY))
return (EBUSY);
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -1195,7 +1196,7 @@ comioctl(dev_t dev, u_long cmd, void *da
error = 0;
switch (cmd) {
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
break;
default:
Index: dev/ic/ct65550.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/ct65550.c,v
retrieving revision 1.15
diff -u -p -u -r1.15 ct65550.c
--- dev/ic/ct65550.c 7 Aug 2021 16:19:12 -0000 1.15
+++ dev/ic/ct65550.c 18 Sep 2021 21:46:08 -0000
@@ -38,6 +38,7 @@ __KERNEL_RCSID(0, "$NetBSD: ct65550.c,v
#include <sys/device.h>
#include <sys/kauth.h>
#include <sys/bus.h>
+#include <sys/lwp.h>
#include <dev/videomode/videomode.h>
#include <dev/ic/ct65550reg.h>
@@ -920,8 +921,8 @@ chipsfb_mmap(void *v, void *vs, off_t of
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
- if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
- NULL, NULL, NULL, NULL) != 0) {
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
+ KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0) {
aprint_normal_dev(sc->sc_dev, "mmap() rejected.\n");
return -1;
}
Index: dev/ic/cy.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/cy.c,v
retrieving revision 1.62
diff -u -p -u -r1.62 cy.c
--- dev/ic/cy.c 10 Nov 2019 21:16:35 -0000 1.62
+++ dev/ic/cy.c 18 Sep 2021 21:46:08 -0000
@@ -307,7 +307,8 @@ cyopen(dev_t dev, int flag, int mode, st
tp->t_param = cyparam;
tp->t_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
if (!ISSET(tp->t_state, TS_ISOPEN) && tp->t_wopen == 0) {
@@ -559,7 +560,7 @@ cyioctl(dev_t dev, u_long cmd, void *dat
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error != 0)
return EPERM;
Index: dev/ic/dpt.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/dpt.c,v
retrieving revision 1.77
diff -u -p -u -r1.77 dpt.c
--- dev/ic/dpt.c 7 Aug 2021 16:19:12 -0000 1.77
+++ dev/ic/dpt.c 18 Sep 2021 21:46:08 -0000
@@ -1155,7 +1155,7 @@ dptioctl(dev_t dev, u_long cmd, void *da
break;
case DPT_EATAUSRCMD:
- rv = kauth_authorize_device_passthru(l->l_cred, dev,
+ rv = kauth_authorize_device_passthru(l->l_proc, l->l_cred, dev,
KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
if (rv)
return (rv);
Index: dev/ic/icp_ioctl.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/icp_ioctl.c,v
retrieving revision 1.22
diff -u -p -u -r1.22 icp_ioctl.c
--- dev/ic/icp_ioctl.c 28 Oct 2017 04:53:55 -0000 1.22
+++ dev/ic/icp_ioctl.c 18 Sep 2021 21:46:08 -0000
@@ -135,8 +135,8 @@ icpioctl(dev_t dev, u_long cmd, void *da
struct icp_softc *icp;
gdt_ucmd_t *ucmd = (void *) data;
- error = kauth_authorize_device_passthru(l->l_cred, dev,
- KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
+ error = kauth_authorize_device_passthru(l->l_proc, l->l_cred,
+ dev, KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
if (error)
break;
Index: dev/ic/mfi.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/mfi.c,v
retrieving revision 1.65
diff -u -p -u -r1.65 mfi.c
--- dev/ic/mfi.c 7 Aug 2021 16:19:12 -0000 1.65
+++ dev/ic/mfi.c 18 Sep 2021 21:46:08 -0000
@@ -3507,8 +3507,8 @@ mfifioctl(dev_t dev, u_long cmd, void *d
switch(cmd) {
case MFI_CMD:
- error = kauth_authorize_device_passthru(l->l_cred, dev,
- KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
+ error = kauth_authorize_device_passthru(l->l_proc, l->l_cred,
+ dev, KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
if (error)
return error;
if (ioc->mfi_sge_count > MAX_IOCTL_SGE)
Index: dev/ic/mlx.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/mlx.c,v
retrieving revision 1.70
diff -u -p -u -r1.70 mlx.c
--- dev/ic/mlx.c 7 Aug 2021 16:19:12 -0000 1.70
+++ dev/ic/mlx.c 18 Sep 2021 21:46:08 -0000
@@ -801,7 +801,7 @@ mlxioctl(dev_t dev, u_long cmd, void *da
return (0);
case MLX_COMMAND:
- rv = kauth_authorize_device_passthru(l->l_cred, dev,
+ rv = kauth_authorize_device_passthru(l->l_proc, l->l_cred, dev,
KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
if (rv)
return (rv);
Index: dev/ic/wi.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/wi.c,v
retrieving revision 1.256
diff -u -p -u -r1.256 wi.c
--- dev/ic/wi.c 16 Jun 2021 00:21:18 -0000 1.256
+++ dev/ic/wi.c 18 Sep 2021 21:46:08 -0000
@@ -1459,7 +1459,7 @@ wi_ioctl(struct ifnet *ifp, u_long cmd,
error = wi_get_cfg(ifp, cmd, data);
break;
case SIOCSIFGENERIC:
- error = kauth_authorize_network(curlwp->l_cred,
+ error = kauth_authorize_network(curproc, kauth_cred_get(),
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
NULL);
Index: dev/ic/z8530tty.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/z8530tty.c,v
retrieving revision 1.134
diff -u -p -u -r1.134 z8530tty.c
--- dev/ic/z8530tty.c 10 Nov 2019 21:16:35 -0000 1.134
+++ dev/ic/z8530tty.c 18 Sep 2021 21:46:08 -0000
@@ -562,7 +562,8 @@ zsopen(dev_t dev, int flags, int mode, s
if (ISSET(tp->t_state, TS_KERN_ONLY))
return (EBUSY);
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
mutex_spin_enter(&tty_lock);
@@ -803,7 +804,7 @@ zsioctl(dev_t dev, u_long cmd, void *dat
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error)
break;
Index: dev/ir/irframe_tty.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ir/irframe_tty.c,v
retrieving revision 1.64
diff -u -p -u -r1.64 irframe_tty.c
--- dev/ir/irframe_tty.c 19 Dec 2020 01:18:59 -0000 1.64
+++ dev/ir/irframe_tty.c 18 Sep 2021 21:46:08 -0000
@@ -275,7 +275,7 @@ irframetopen(dev_t dev, struct tty *tp)
DPRINTF(("%s\n", __func__));
- if ((error = kauth_authorize_device_tty(l->l_cred,
+ if ((error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_OPEN, tp)))
return (error);
Index: dev/marvell/gtmpsc.c
===================================================================
RCS file: /cvsroot/src/sys/dev/marvell/gtmpsc.c,v
retrieving revision 1.47
diff -u -p -u -r1.47 gtmpsc.c
--- dev/marvell/gtmpsc.c 3 Sep 2018 16:29:31 -0000 1.47
+++ dev/marvell/gtmpsc.c 18 Sep 2021 21:46:08 -0000
@@ -534,7 +534,8 @@ gtmpscopen(dev_t dev, int flag, int mode
return EBUSY;
#endif
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return EBUSY;
s = spltty();
@@ -681,7 +682,7 @@ gtmpscioctl(dev_t dev, u_long cmd, void
error = 0;
switch (cmd) {
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error)
return error;
Index: dev/ofw/ofcons.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ofw/ofcons.c,v
retrieving revision 1.45
diff -u -p -u -r1.45 ofcons.c
--- dev/ofw/ofcons.c 25 Jul 2014 08:10:37 -0000 1.45
+++ dev/ofw/ofcons.c 18 Sep 2021 21:46:08 -0000
@@ -135,7 +135,8 @@ ofcons_open(dev_t dev, int flag, int mod
tp->t_oproc = ofcons_start;
tp->t_param = ofcons_param;
tp->t_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
if (!(tp->t_state & TS_ISOPEN)) {
ttychars(tp);
Index: dev/pci/amr.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/amr.c,v
retrieving revision 1.67
diff -u -p -u -r1.67 amr.c
--- dev/pci/amr.c 7 Aug 2021 16:19:14 -0000 1.67
+++ dev/pci/amr.c 18 Sep 2021 21:46:08 -0000
@@ -1493,8 +1493,8 @@ amrioctl(dev_t dev, u_long cmd, void *da
*(int *)data = AMR_IO_VERSION_NUMBER;
return 0;
case AMR_IO_COMMAND:
- error = kauth_authorize_device_passthru(l->l_cred, dev,
- KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
+ error = kauth_authorize_device_passthru(l->l_proc, l->l_cred,
+ dev, KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
if (error)
return (error);
Index: dev/pci/cz.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/cz.c,v
retrieving revision 1.64
diff -u -p -u -r1.64 cz.c
--- dev/pci/cz.c 9 Dec 2018 11:14:02 -0000 1.64
+++ dev/pci/cz.c 18 Sep 2021 21:46:09 -0000
@@ -957,7 +957,8 @@ czttyopen(dev_t dev, int flags, int mode
cz = CZTTY_CZ(sc);
tp = sc->sc_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -1163,7 +1164,7 @@ czttyioctl(dev_t dev, u_long cmd, void *
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error)
break;
Index: dev/pci/genfb_pci.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/genfb_pci.c,v
retrieving revision 1.40
diff -u -p -u -r1.40 genfb_pci.c
--- dev/pci/genfb_pci.c 7 Aug 2021 16:19:14 -0000 1.40
+++ dev/pci/genfb_pci.c 18 Sep 2021 21:46:09 -0000
@@ -273,8 +273,8 @@ pci_genfb_mmap(void *v, void *vs, off_t
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
- if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
- NULL, NULL, NULL, NULL) != 0) {
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
+ KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0) {
aprint_normal_dev(sc->sc_gen.sc_dev, "mmap() rejected.\n");
return -1;
}
Index: dev/pci/gffb.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/gffb.c,v
retrieving revision 1.17
diff -u -p -u -r1.17 gffb.c
--- dev/pci/gffb.c 7 Aug 2021 16:19:14 -0000 1.17
+++ dev/pci/gffb.c 18 Sep 2021 21:46:09 -0000
@@ -504,9 +504,8 @@ gffb_mmap(void *v, void *vs, off_t offse
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
- if (kauth_authorize_machdep(kauth_cred_get(),
- KAUTH_MACHDEP_UNMANAGEDMEM,
- NULL, NULL, NULL, NULL) != 0) {
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
+ KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0) {
aprint_normal("%s: mmap() rejected.\n",
device_xname(sc->sc_dev));
return -1;
Index: dev/pci/lynxfb.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/lynxfb.c,v
retrieving revision 1.7
diff -u -p -u -r1.7 lynxfb.c
--- dev/pci/lynxfb.c 7 Aug 2021 16:19:14 -0000 1.7
+++ dev/pci/lynxfb.c 18 Sep 2021 21:46:09 -0000
@@ -478,7 +478,7 @@ lynxfb_mmap(void *v, void *vs, off_t off
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
- if (kauth_authorize_machdep(kauth_cred_get(),
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0) {
aprint_normal_dev(sc->sc_dev, "mmap() rejected.\n");
return (-1);
Index: dev/pci/machfb.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/machfb.c,v
retrieving revision 1.106
diff -u -p -u -r1.106 machfb.c
--- dev/pci/machfb.c 7 Aug 2021 16:19:14 -0000 1.106
+++ dev/pci/machfb.c 18 Sep 2021 21:46:09 -0000
@@ -2050,7 +2050,7 @@ mach64_mmap(void *v, void *vs, off_t off
* restrict all other mappings to processes with superuser
* privileges
*/
- if (kauth_authorize_machdep(kauth_cred_get(),
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
KAUTH_MACHDEP_UNMANAGEDMEM,
NULL, NULL, NULL, NULL) != 0) {
return -1;
Index: dev/pci/mly.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/mly.c,v
retrieving revision 1.56
diff -u -p -u -r1.56 mly.c
--- dev/pci/mly.c 3 Sep 2021 22:33:17 -0000 1.56
+++ dev/pci/mly.c 18 Sep 2021 21:46:09 -0000
@@ -2294,7 +2294,7 @@ mlyioctl(dev_t dev, u_long cmd, void *da
switch (cmd) {
case MLYIO_COMMAND:
- rv = kauth_authorize_device_passthru(l->l_cred, dev,
+ rv = kauth_authorize_device_passthru(l->l_proc, l->l_cred, dev,
KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
if (rv)
break;
Index: dev/pci/pci_usrreq.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/pci_usrreq.c,v
retrieving revision 1.31
diff -u -p -u -r1.31 pci_usrreq.c
--- dev/pci/pci_usrreq.c 5 Sep 2021 03:47:24 -0000 1.31
+++ dev/pci/pci_usrreq.c 18 Sep 2021 21:46:09 -0000
@@ -160,8 +160,8 @@ pcimmap(dev_t dev, off_t offset, int pro
int flags = 0;
int device, range;
- if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
- NULL, NULL, NULL, NULL) != 0) {
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
+ KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0) {
return -1;
}
/*
Index: dev/pci/pm2fb.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/pm2fb.c,v
retrieving revision 1.33
diff -u -p -u -r1.33 pm2fb.c
--- dev/pci/pm2fb.c 7 Aug 2021 16:19:14 -0000 1.33
+++ dev/pci/pm2fb.c 18 Sep 2021 21:46:09 -0000
@@ -581,7 +581,7 @@ pm2fb_mmap(void *v, void *vs, off_t offs
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
- if (kauth_authorize_machdep(kauth_cred_get(),
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
KAUTH_MACHDEP_UNMANAGEDMEM,
NULL, NULL, NULL, NULL) != 0) {
aprint_normal("%s: mmap() rejected.\n",
Index: dev/pci/pm3fb.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/pm3fb.c,v
retrieving revision 1.8
diff -u -p -u -r1.8 pm3fb.c
--- dev/pci/pm3fb.c 25 Aug 2021 21:50:29 -0000 1.8
+++ dev/pci/pm3fb.c 18 Sep 2021 21:46:09 -0000
@@ -438,7 +438,7 @@ pm3fb_mmap(void *v, void *vs, off_t offs
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
- if (kauth_authorize_machdep(kauth_cred_get(),
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
KAUTH_MACHDEP_UNMANAGEDMEM,
NULL, NULL, NULL, NULL) != 0) {
aprint_normal("%s: mmap() rejected.\n",
Index: dev/pci/r128fb.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/r128fb.c,v
retrieving revision 1.44
diff -u -p -u -r1.44 r128fb.c
--- dev/pci/r128fb.c 7 Aug 2021 16:19:14 -0000 1.44
+++ dev/pci/r128fb.c 18 Sep 2021 21:46:09 -0000
@@ -488,8 +488,8 @@ r128fb_mmap(void *v, void *vs, off_t off
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
- if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
- NULL, NULL, NULL, NULL) != 0) {
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
+ KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0) {
aprint_normal("%s: mmap() rejected.\n",
device_xname(sc->sc_dev));
return -1;
Index: dev/pci/radeonfb.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/radeonfb.c,v
retrieving revision 1.117
diff -u -p -u -r1.117 radeonfb.c
--- dev/pci/radeonfb.c 8 Aug 2021 12:17:37 -0000 1.117
+++ dev/pci/radeonfb.c 18 Sep 2021 21:46:09 -0000
@@ -1340,8 +1340,8 @@ radeonfb_mmap(void *v, void *vs, off_t o
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
- if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
- NULL, NULL, NULL, NULL) != 0) {
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
+ KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0) {
aprint_error_dev(sc->sc_dev, "mmap() rejected.\n");
return -1;
}
Index: dev/pci/sisfb.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/sisfb.c,v
retrieving revision 1.7
diff -u -p -u -r1.7 sisfb.c
--- dev/pci/sisfb.c 7 Aug 2021 16:19:14 -0000 1.7
+++ dev/pci/sisfb.c 18 Sep 2021 21:46:09 -0000
@@ -472,10 +472,13 @@ sisfb_mmap(void *v, void *vs, off_t offs
}
return -1;
}
- if (kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER,
- NULL) != 0) {
+
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
+ KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0) {
+ aprint_error_dev(sc->sc_dev, "mmap() rejected.\n");
return -1;
- }
+ }
+
if (offset >= (fb->fbbase & ~PAGE_MASK) &&
offset <= ((fb->fbbase + fb->fbsize + PAGE_SIZE - 1) & ~PAGE_MASK)) {
pa = bus_space_mmap(fb->fbt, fb->fbbase, offset - fb->fbbase,
Index: dev/pci/twe.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/twe.c,v
retrieving revision 1.110
diff -u -p -u -r1.110 twe.c
--- dev/pci/twe.c 7 Aug 2021 16:19:14 -0000 1.110
+++ dev/pci/twe.c 18 Sep 2021 21:46:09 -0000
@@ -1759,8 +1759,8 @@ tweioctl(dev_t dev, u_long cmd, void *da
/* This is intended to be compatible with the FreeBSD interface. */
switch (cmd) {
case TWEIO_COMMAND:
- error = kauth_authorize_device_passthru(l->l_cred, dev,
- KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
+ error = kauth_authorize_device_passthru(l->l_proc, l->l_cred,
+ dev, KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
if (error)
return (error);
Index: dev/pci/voodoofb.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/voodoofb.c,v
retrieving revision 1.55
diff -u -p -u -r1.55 voodoofb.c
--- dev/pci/voodoofb.c 7 Aug 2021 16:19:14 -0000 1.55
+++ dev/pci/voodoofb.c 18 Sep 2021 21:46:09 -0000
@@ -41,6 +41,7 @@ __KERNEL_RCSID(0, "$NetBSD: voodoofb.c,v
#include <sys/malloc.h>
#include <sys/callout.h>
#include <sys/kauth.h>
+#include <sys/lwp.h>
#include <dev/pci/pcivar.h>
#include <dev/pci/pcireg.h>
@@ -1239,7 +1240,7 @@ voodoofb_mmap(void *v, void *vs, off_t o
}
} else if (sc->sc_mode == WSDISPLAYIO_MODE_MAPPED) {
- if (kauth_authorize_machdep(kauth_cred_get(),
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0) {
aprint_error_dev(sc->sc_dev, "mmap() rejected.\n");
return -1;
Index: dev/pci/wcfb.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/wcfb.c,v
retrieving revision 1.20
diff -u -p -u -r1.20 wcfb.c
--- dev/pci/wcfb.c 7 Aug 2021 16:19:14 -0000 1.20
+++ dev/pci/wcfb.c 18 Sep 2021 21:46:09 -0000
@@ -479,9 +479,8 @@ wcfb_mmap(void *v, void *vs, off_t offse
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
- if (kauth_authorize_machdep(kauth_cred_get(),
- KAUTH_MACHDEP_UNMANAGEDMEM,
- NULL, NULL, NULL, NULL) != 0) {
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
+ KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0) {
aprint_normal_dev(sc->sc_dev, "mmap() rejected.\n");
return -1;
}
Index: dev/pci/xmm7360.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/xmm7360.c,v
retrieving revision 1.9
diff -u -p -u -r1.9 xmm7360.c
--- dev/pci/xmm7360.c 7 Aug 2021 16:19:14 -0000 1.9
+++ dev/pci/xmm7360.c 18 Sep 2021 21:46:09 -0000
@@ -233,7 +233,7 @@ typedef struct kmutex spinlock_t;
#define pci_intr_establish(pc, ih, lvl, func, arg, name) \
pci_intr_establish_xname(pc, ih, lvl, func, arg, name)
#define suser(l) \
- kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp)
+ kauth_authorize_device_tty(l->l_proc, l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp)
#define kthread_create(func, arg, lwpp, name) \
kthread_create(0, 0, NULL, func, arg, lwpp, "%s", name)
#define MUTEX_ASSERT_LOCKED(lock) KASSERT(mutex_owned(lock))
Index: dev/pci/voyager/voyagerfb.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/voyager/voyagerfb.c,v
retrieving revision 1.33
diff -u -p -u -r1.33 voyagerfb.c
--- dev/pci/voyager/voyagerfb.c 7 Aug 2021 16:19:14 -0000 1.33
+++ dev/pci/voyager/voyagerfb.c 18 Sep 2021 21:46:09 -0000
@@ -547,7 +547,7 @@ voyagerfb_mmap(void *v, void *vs, off_t
/*
* restrict all other mappings to processes with privileges
*/
- if (kauth_authorize_machdep(kauth_cred_get(),
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0) {
aprint_normal("%s: mmap() rejected.\n",
device_xname(sc->sc_dev));
Index: dev/pcmcia/if_cnw.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pcmcia/if_cnw.c,v
retrieving revision 1.68
diff -u -p -u -r1.68 if_cnw.c
--- dev/pcmcia/if_cnw.c 29 Jan 2020 13:54:41 -0000 1.68
+++ dev/pcmcia/if_cnw.c 18 Sep 2021 21:46:09 -0000
@@ -998,7 +998,7 @@ cnw_ioctl(struct ifnet *ifp, u_long cmd,
break;
case SIOCSCNWDOMAIN:
case SIOCSCNWKEY:
- error = kauth_authorize_network(l->l_cred,
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
NULL);
@@ -1006,7 +1006,7 @@ cnw_ioctl(struct ifnet *ifp, u_long cmd,
return (error);
break;
case SIOCGCNWSTATUS:
- error = kauth_authorize_network(l->l_cred,
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, KAUTH_ARG(cmd),
NULL);
Index: dev/qbus/dhu.c
===================================================================
RCS file: /cvsroot/src/sys/dev/qbus/dhu.c,v
retrieving revision 1.57
diff -u -p -u -r1.57 dhu.c
--- dev/qbus/dhu.c 25 Jul 2014 08:10:38 -0000 1.57
+++ dev/qbus/dhu.c 18 Sep 2021 21:46:09 -0000
@@ -451,7 +451,8 @@ dhuopen(dev_t dev, int flag, int mode, s
tp = sc->sc_dhu[line].dhu_tty;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
tp->t_oproc = dhustart;
Index: dev/qbus/dl.c
===================================================================
RCS file: /cvsroot/src/sys/dev/qbus/dl.c,v
retrieving revision 1.49
diff -u -p -u -r1.49 dl.c
--- dev/qbus/dl.c 25 Jul 2014 08:10:38 -0000 1.49
+++ dev/qbus/dl.c 18 Sep 2021 21:46:09 -0000
@@ -347,7 +347,8 @@ dlopen(dev_t dev, int flag, int mode, st
tp->t_param = dlparam;
tp->t_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
if (!(tp->t_state & TS_ISOPEN)) {
Index: dev/sbus/magma.c
===================================================================
RCS file: /cvsroot/src/sys/dev/sbus/magma.c,v
retrieving revision 1.64
diff -u -p -u -r1.64 magma.c
--- dev/sbus/magma.c 7 Aug 2021 16:19:15 -0000 1.64
+++ dev/sbus/magma.c 18 Sep 2021 21:46:09 -0000
@@ -906,7 +906,8 @@ mttyopen(dev_t dev, int flags, int mode,
tp = mp->mp_tty;
tp->t_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
s = spltty();
@@ -1131,7 +1132,7 @@ mttyioctl(dev_t dev, u_long cmd, void *d
break;
case TIOCSFLAGS:
- if (kauth_authorize_device_tty(l->l_cred,
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp))
error = EPERM;
else
Index: dev/sbus/mgx.c
===================================================================
RCS file: /cvsroot/src/sys/dev/sbus/mgx.c,v
retrieving revision 1.16
diff -u -p -u -r1.16 mgx.c
--- dev/sbus/mgx.c 7 Aug 2021 16:19:15 -0000 1.16
+++ dev/sbus/mgx.c 18 Sep 2021 21:46:09 -0000
@@ -1123,9 +1123,8 @@ mgx_mmap(void *v, void *vs, off_t offset
* Restrict to root, even though I'm fairly sure the DMA engine lives
* elsewhere ( and isn't documented anyway )
*/
- if (kauth_authorize_machdep(kauth_cred_get(),
- KAUTH_MACHDEP_UNMANAGEDMEM,
- NULL, NULL, NULL, NULL) != 0) {
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
+ KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0) {
aprint_normal("%s: mmap() rejected.\n",
device_xname(sc->sc_dev));
return -1;
@@ -1273,9 +1272,8 @@ mgxmmap(dev_t dev, off_t offset, int pro
* Restrict to root, even though I'm fairly sure the DMA engine lives
* elsewhere ( and isn't documented anyway )
*/
- if (kauth_authorize_machdep(kauth_cred_get(),
- KAUTH_MACHDEP_UNMANAGEDMEM,
- NULL, NULL, NULL, NULL) != 0) {
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
+ KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0) {
aprint_normal("%s: mmap() rejected.\n",
device_xname(sc->sc_dev));
return -1;
Index: dev/sbus/spif.c
===================================================================
RCS file: /cvsroot/src/sys/dev/sbus/spif.c,v
retrieving revision 1.34
diff -u -p -u -r1.34 spif.c
--- dev/sbus/spif.c 7 Aug 2021 16:19:15 -0000 1.34
+++ dev/sbus/spif.c 18 Sep 2021 21:46:09 -0000
@@ -351,7 +351,8 @@ stty_open(dev_t dev, int flags, int mode
tp = sp->sp_tty;
tp->t_dev = dev;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
mutex_spin_enter(&tty_lock);
@@ -483,7 +484,7 @@ stty_ioctl(dev_t dev, u_long cmd, void *
*((int *)data) = sp->sp_openflags;
break;
case TIOCSFLAGS:
- if (kauth_authorize_device_tty(l->l_cred,
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp))
error = EPERM;
else
Index: dev/tc/pxg.c
===================================================================
RCS file: /cvsroot/src/sys/dev/tc/pxg.c,v
retrieving revision 1.36
diff -u -p -u -r1.36 pxg.c
--- dev/tc/pxg.c 10 Nov 2019 21:16:37 -0000 1.36
+++ dev/tc/pxg.c 18 Sep 2021 21:46:09 -0000
@@ -360,7 +360,7 @@ pxg_ioctl(struct stic_info *si, u_long c
switch (cmd) {
case STICIO_START860:
case STICIO_RESET860:
- if ((rv = kauth_authorize_machdep(l->l_cred,
+ if ((rv = kauth_authorize_machdep(l->l_proc, l->l_cred,
KAUTH_MACHDEP_PXG, KAUTH_ARG(cmd == STICIO_START860 ? 1 : 0),
NULL, NULL, NULL)) != 0)
return (rv);
Index: dev/tc/stic.c
===================================================================
RCS file: /cvsroot/src/sys/dev/tc/stic.c,v
retrieving revision 1.57
diff -u -p -u -r1.57 stic.c
--- dev/tc/stic.c 17 Aug 2021 22:00:32 -0000 1.57
+++ dev/tc/stic.c 18 Sep 2021 21:46:09 -0000
@@ -1432,7 +1432,7 @@ sticopen(dev_t dev, int flag, int mode,
struct stic_info *si;
int s, error;
- error = kauth_authorize_device_passthru(l->l_cred, dev,
+ error = kauth_authorize_device_passthru(l->l_proc, l->l_cred, dev,
KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, NULL);
if (error)
return (error);
Index: dev/usb/if_umb.c
===================================================================
RCS file: /cvsroot/src/sys/dev/usb/if_umb.c,v
retrieving revision 1.20
diff -u -p -u -r1.20 if_umb.c
--- dev/usb/if_umb.c 16 Jun 2021 00:21:19 -0000 1.20
+++ dev/usb/if_umb.c 18 Sep 2021 21:46:09 -0000
@@ -773,7 +773,7 @@ umb_ioctl(struct ifnet *ifp, u_long cmd,
usb_add_task(sc->sc_udev, &sc->sc_umb_task, USB_TASKQ_DRIVER);
break;
case SIOCGUMBINFO:
- error = kauth_authorize_network(curlwp->l_cred,
+ error = kauth_authorize_network(curproc, kauth_cred_get(),
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
NULL);
@@ -783,7 +783,7 @@ umb_ioctl(struct ifnet *ifp, u_long cmd,
sizeof(sc->sc_info));
break;
case SIOCSUMBPARAM:
- error = kauth_authorize_network(curlwp->l_cred,
+ error = kauth_authorize_network(curproc, kauth_cred_get(),
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
NULL);
Index: dev/usb/ucom.c
===================================================================
RCS file: /cvsroot/src/sys/dev/usb/ucom.c,v
retrieving revision 1.129
diff -u -p -u -r1.129 ucom.c
--- dev/usb/ucom.c 24 Jun 2021 08:20:42 -0000 1.129
+++ dev/usb/ucom.c 18 Sep 2021 21:46:09 -0000
@@ -542,7 +542,8 @@ ucomopen(dev_t dev, int flag, int mode,
DPRINTF("unit=%jd, tp=%#jx", unit, (uintptr_t)tp, 0, 0);
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp)) {
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp)) {
mutex_exit(&sc->sc_lock);
return EBUSY;
}
@@ -958,7 +959,7 @@ ucom_do_ioctl(struct ucom_softc *sc, u_l
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error)
break;
Index: dev/usb/ucycom.c
===================================================================
RCS file: /cvsroot/src/sys/dev/usb/ucycom.c,v
retrieving revision 1.51
diff -u -p -u -r1.51 ucycom.c
--- dev/usb/ucycom.c 14 Mar 2020 02:35:33 -0000 1.51
+++ dev/usb/ucycom.c 18 Sep 2021 21:46:09 -0000
@@ -356,7 +356,8 @@ ucycomopen(dev_t dev, int flag, int mode
DPRINTF(("ucycomopen: tp=%p\n", tp));
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return EBUSY;
s = spltty();
@@ -838,7 +839,7 @@ ucycomioctl(dev_t dev, u_long cmd, void
break;
case TIOCSFLAGS:
- err = kauth_authorize_device_tty(l->l_cred,
+ err = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (err)
break;
Index: dev/usb/uhso.c
===================================================================
RCS file: /cvsroot/src/sys/dev/usb/uhso.c,v
retrieving revision 1.35
diff -u -p -u -r1.35 uhso.c
--- dev/usb/uhso.c 13 Jun 2021 09:27:20 -0000 1.35
+++ dev/usb/uhso.c 18 Sep 2021 21:46:09 -0000
@@ -1497,7 +1497,8 @@ uhso_tty_open(dev_t dev, int flag, int m
return ENXIO;
tp = hp->hp_tp;
- if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return EBUSY;
error = 0;
@@ -1730,7 +1731,7 @@ uhso_tty_do_ioctl(struct uhso_port *hp,
break;
case TIOCSFLAGS:
- error = kauth_authorize_device_tty(l->l_cred,
+ error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp);
if (error)
Index: dev/vme/xd.c
===================================================================
RCS file: /cvsroot/src/sys/dev/vme/xd.c,v
retrieving revision 1.98
diff -u -p -u -r1.98 xd.c
--- dev/vme/xd.c 7 Aug 2021 16:19:17 -0000 1.98
+++ dev/vme/xd.c 18 Sep 2021 21:46:09 -0000
@@ -1115,8 +1115,8 @@ xdioctl(dev_t dev, u_long command, void
xio = (struct xd_iocmd *) addr;
req = xd_getkauthreq(xio->cmd);
- if ((error = kauth_authorize_device_passthru(l->l_cred,
- dev, req, xio)) != 0)
+ if ((error = kauth_authorize_device_passthru(l->l_proc,
+ l->l_cred, dev, req, xio)) != 0)
return (error);
return (xdc_ioctlcmd(xd, dev, xio));
}
Index: dev/vme/xy.c
===================================================================
RCS file: /cvsroot/src/sys/dev/vme/xy.c,v
retrieving revision 1.102
diff -u -p -u -r1.102 xy.c
--- dev/vme/xy.c 7 Aug 2021 16:19:17 -0000 1.102
+++ dev/vme/xy.c 18 Sep 2021 21:46:09 -0000
@@ -1033,8 +1033,8 @@ xyioctl(dev_t dev, u_long command, void
xio = (struct xd_iocmd *) addr;
req = xy_getkauthreq(xio->cmd);
- if ((error = kauth_authorize_device_passthru(l->l_cred,
- dev, req, xio)) != 0)
+ if ((error = kauth_authorize_device_passthru(l->l_proc,
+ l->l_cred, dev, req, xio)) != 0)
return (error);
return (xyc_ioctlcmd(xy, dev, xio));
}
Index: dev/wscons/wsbell.c
===================================================================
RCS file: /cvsroot/src/sys/dev/wscons/wsbell.c,v
retrieving revision 1.13
diff -u -p -u -r1.13 wsbell.c
--- dev/wscons/wsbell.c 27 Dec 2020 16:09:33 -0000 1.13
+++ dev/wscons/wsbell.c 18 Sep 2021 21:46:09 -0000
@@ -369,7 +369,7 @@ getbell:
return (0);
case WSKBDIO_SETDEFAULTBELL:
- if ((error = kauth_authorize_device(l->l_cred,
+ if ((error = kauth_authorize_device(l->l_proc, l->l_cred,
KAUTH_DEVICE_WSCONS_KEYBOARD_BELL, NULL, NULL,
NULL, NULL)) != 0)
return (error);
Index: dev/wscons/wsdisplay.c
===================================================================
RCS file: /cvsroot/src/sys/dev/wscons/wsdisplay.c,v
retrieving revision 1.162
diff -u -p -u -r1.162 wsdisplay.c
--- dev/wscons/wsdisplay.c 27 Dec 2020 16:09:33 -0000 1.162
+++ dev/wscons/wsdisplay.c 18 Sep 2021 21:46:09 -0000
@@ -1026,8 +1026,8 @@ wsdisplayopen(dev_t dev, int flag, int m
tp->t_dev = dev;
newopen = (tp->t_state & TS_ISOPEN) == 0;
- if (kauth_authorize_device_tty(l->l_cred,
- KAUTH_DEVICE_TTY_OPEN, tp))
+ if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp))
return (EBUSY);
if (newopen) {
Index: dev/wscons/wsdisplay_compat_usl.c
===================================================================
RCS file: /cvsroot/src/sys/dev/wscons/wsdisplay_compat_usl.c,v
retrieving revision 1.54
diff -u -p -u -r1.54 wsdisplay_compat_usl.c
--- dev/wscons/wsdisplay_compat_usl.c 1 Jun 2021 23:28:07 -0000 1.54
+++ dev/wscons/wsdisplay_compat_usl.c 18 Sep 2021 21:46:09 -0000
@@ -429,8 +429,8 @@ wsdisplay_usl_ioctl2(struct wsdisplay_so
case KDENABIO:
#if defined(__i386__) && (defined(COMPAT_11) || defined(COMPAT_FREEBSD))
- if (kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPL,
- NULL, NULL, NULL, NULL) != 0)
+ if (kauth_authorize_machdep(l->l_proc, l->l_cred,
+ KAUTH_MACHDEP_IOPL, NULL, NULL, NULL, NULL) != 0)
return EPERM;
#endif
/* FALLTHRU */
Index: dev/wscons/wskbd.c
===================================================================
RCS file: /cvsroot/src/sys/dev/wscons/wskbd.c,v
retrieving revision 1.144
diff -u -p -u -r1.144 wskbd.c
--- dev/wscons/wskbd.c 27 Dec 2020 16:09:33 -0000 1.144
+++ dev/wscons/wskbd.c 18 Sep 2021 21:46:10 -0000
@@ -1089,7 +1089,7 @@ getbell:
return (0);
case WSKBDIO_SETDEFAULTBELL:
- if ((error = kauth_authorize_device(l->l_cred,
+ if ((error = kauth_authorize_device(l->l_proc, l->l_cred,
KAUTH_DEVICE_WSCONS_KEYBOARD_BELL, NULL, NULL,
NULL, NULL)) != 0)
return (error);
@@ -1129,7 +1129,7 @@ getkeyrepeat:
return (0);
case WSKBDIO_SETDEFAULTKEYREPEAT:
- if ((error = kauth_authorize_device(l->l_cred,
+ if ((error = kauth_authorize_device(l->l_proc, l->l_cred,
KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT, NULL, NULL,
NULL, NULL)) != 0)
return (error);
Index: dist/pf/net/if_pfsync.c
===================================================================
RCS file: /cvsroot/src/sys/dist/pf/net/if_pfsync.c,v
retrieving revision 1.22
diff -u -p -u -r1.22 if_pfsync.c
--- dist/pf/net/if_pfsync.c 10 Mar 2021 22:18:17 -0000 1.22
+++ dist/pf/net/if_pfsync.c 18 Sep 2021 21:46:10 -0000
@@ -896,7 +896,7 @@ pfsyncioctl(struct ifnet *ifp, u_long cm
splx(s);
break;
case SIOCGETPFSYNC:
- if ((error = kauth_authorize_network(l->l_cred,
+ if ((error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, (void *)cmd,
NULL)) != 0)
@@ -911,7 +911,7 @@ pfsyncioctl(struct ifnet *ifp, u_long cm
return (error);
break;
case SIOCSETPFSYNC:
- if ((error = kauth_authorize_network(l->l_cred,
+ if ((error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
NULL)) != 0)
Index: dist/pf/net/pf_ioctl.c
===================================================================
RCS file: /cvsroot/src/sys/dist/pf/net/pf_ioctl.c,v
retrieving revision 1.57
diff -u -p -u -r1.57 pf_ioctl.c
--- dist/pf/net/pf_ioctl.c 21 Feb 2020 00:26:22 -0000 1.57
+++ dist/pf/net/pf_ioctl.c 18 Sep 2021 21:46:10 -0000
@@ -1258,7 +1258,8 @@ pfioctl(dev_t dev, u_long cmd, void *add
int error = 0;
/* XXX keep in sync with switch() below */
- if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_FIREWALL,
+ if (kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_FIREWALL,
KAUTH_REQ_NETWORK_FIREWALL_FW, NULL, NULL, NULL))
switch (cmd) {
case DIOCGETRULES:
Index: external/bsd/drm2/drm/drmfb.c
===================================================================
RCS file: /cvsroot/src/sys/external/bsd/drm2/drm/drmfb.c,v
retrieving revision 1.8
diff -u -p -u -r1.8 drmfb.c
--- external/bsd/drm2/drm/drmfb.c 27 Jun 2020 13:41:44 -0000 1.8
+++ external/bsd/drm2/drm/drmfb.c 18 Sep 2021 21:46:10 -0000
@@ -257,7 +257,7 @@ drmfb_genfb_mmap(void *v, void *vs, off_
return -1;
return (*sc->sc_da.da_params->dp_mmapfb)(sc, offset, prot);
} else {
- if (kauth_authorize_machdep(kauth_cred_get(),
+ if (kauth_authorize_machdep(curproc, kauth_cred_get(),
KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL)
!= 0)
return -1;
Index: external/bsd/drm2/include/linux/capability.h
===================================================================
RCS file: /cvsroot/src/sys/external/bsd/drm2/include/linux/capability.h,v
retrieving revision 1.2
diff -u -p -u -r1.2 capability.h
--- external/bsd/drm2/include/linux/capability.h 14 Feb 2020 16:02:41 -0000 1.2
+++ external/bsd/drm2/include/linux/capability.h 18 Sep 2021 21:46:10 -0000
@@ -30,6 +30,7 @@
#define _LINUX_CAPABILITY_H_
#include <sys/kauth.h>
+#include <sys/lwp.h>
enum linux_capability {
LINUX_CAP_SYS_ADMIN,
@@ -41,8 +42,8 @@ capable(enum linux_capability cap)
{
KASSERT(cap == CAP_SYS_ADMIN);
- return kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER,
- NULL) == 0;
+ return kauth_authorize_generic(curproc, kauth_cred_get(),
+ KAUTH_GENERIC_ISSUSER, NULL) == 0;
}
#endif /* _LINUX_CAPABILITY_H_ */
Index: external/bsd/ipf/netinet/ip_fil_netbsd.c
===================================================================
RCS file: /cvsroot/src/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c,v
retrieving revision 1.36
diff -u -p -u -r1.36 ip_fil_netbsd.c
--- external/bsd/ipf/netinet/ip_fil_netbsd.c 8 Mar 2021 23:34:58 -0000 1.36
+++ external/bsd/ipf/netinet/ip_fil_netbsd.c 18 Sep 2021 21:46:10 -0000
@@ -675,10 +675,9 @@ ipfioctl(dev_t dev, u_long cmd,
SPL_INT(s);
#if (__NetBSD_Version__ >= 399002000)
- if ((mode & FWRITE) &&
- kauth_authorize_network(p->l_cred, KAUTH_NETWORK_FIREWALL,
- KAUTH_REQ_NETWORK_FIREWALL_FW, NULL,
- NULL, NULL)) {
+ if ((mode & FWRITE) && kauth_authorize_network(p->l_proc, p->l_cred,
+ KAUTH_NETWORK_FIREWALL, KAUTH_REQ_NETWORK_FIREWALL_FW, NULL,
+ NULL, NULL)) {
ipfmain.ipf_interror = 130005;
return EPERM;
}
Index: external/bsd/ipf/netinet/ip_nat.c
===================================================================
RCS file: /cvsroot/src/sys/external/bsd/ipf/netinet/ip_nat.c,v
retrieving revision 1.24
diff -u -p -u -r1.24 ip_nat.c
--- external/bsd/ipf/netinet/ip_nat.c 26 May 2021 14:48:02 -0000 1.24
+++ external/bsd/ipf/netinet/ip_nat.c 18 Sep 2021 21:46:10 -0000
@@ -988,10 +988,9 @@ ipf_nat_ioctl(ipf_main_softc_t *softc, v
#if BSD_GE_YEAR(199306) && defined(_KERNEL)
# if NETBSD_GE_REV(399002000)
- if ((mode & FWRITE) &&
- kauth_authorize_network(curlwp->l_cred, KAUTH_NETWORK_FIREWALL,
- KAUTH_REQ_NETWORK_FIREWALL_FW,
- NULL, NULL, NULL))
+ if ((mode & FWRITE) && kauth_authorize_network(curproc,
+ kauth_cred_get(), KAUTH_NETWORK_FIREWALL,
+ KAUTH_REQ_NETWORK_FIREWALL_FW, NULL, NULL, NULL))
# else
# if defined(__FreeBSD_version) && (__FreeBSD_version >= 500034)
if (securelevel_ge(curthread->td_ucred, 3) && (mode & FWRITE))
Index: external/isc/atheros_hal/ic/ah_osdep.c
===================================================================
RCS file: /cvsroot/src/sys/external/isc/atheros_hal/ic/ah_osdep.c,v
retrieving revision 1.6
diff -u -p -u -r1.6 ah_osdep.c
--- external/isc/atheros_hal/ic/ah_osdep.c 11 Apr 2012 13:48:11 -0000 1.6
+++ external/isc/atheros_hal/ic/ah_osdep.c 18 Sep 2021 21:46:10 -0000
@@ -211,7 +211,7 @@ ath_hal_setlogging(int enable)
int error;
if (enable) {
- error = kauth_authorize_network(curlwp->l_cred,
+ error = kauth_authorize_network(curproc, kauth_cred_get(),
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, NULL, NULL, NULL);
if (error == 0) {
Index: fs/adosfs/advfsops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/adosfs/advfsops.c,v
retrieving revision 1.79
diff -u -p -u -r1.79 advfsops.c
--- fs/adosfs/advfsops.c 16 Mar 2020 21:20:09 -0000 1.79
+++ fs/adosfs/advfsops.c 18 Sep 2021 21:46:10 -0000
@@ -136,8 +136,9 @@ adosfs_mount(struct mount *mp, const cha
if ((mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
- KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp, KAUTH_ARG(accessmode));
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_MOUNT, KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp,
+ KAUTH_ARG(accessmode));
VOP_UNLOCK(devvp);
if (error) {
vrele(devvp);
Index: fs/adosfs/advnops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/adosfs/advnops.c,v
retrieving revision 1.57
diff -u -p -u -r1.57 advnops.c
--- fs/adosfs/advnops.c 18 Jul 2021 23:57:13 -0000 1.57
+++ fs/adosfs/advnops.c 18 Sep 2021 21:46:10 -0000
@@ -758,7 +758,7 @@ adosfs_check_permitted(struct vnode *vp,
{
mode_t file_mode = adunixprot(ap->adprot) & ap->amp->mask;
- return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(accmode,
+ return kauth_authorize_vnode(curproc, cred, KAUTH_ACCESS_ACTION(accmode,
vp->v_type, file_mode), vp, NULL, genfs_can_access(vp,
cred, ap->uid, ap->gid, file_mode, NULL, accmode));
}
Index: fs/cd9660/cd9660_vfsops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/cd9660/cd9660_vfsops.c,v
retrieving revision 1.96
diff -u -p -u -r1.96 cd9660_vfsops.c
--- fs/cd9660/cd9660_vfsops.c 4 Apr 2020 20:49:30 -0000 1.96
+++ fs/cd9660/cd9660_vfsops.c 18 Sep 2021 21:46:10 -0000
@@ -259,7 +259,7 @@ cd9660_mount(struct mount *mp, const cha
* permissions on the device.
*/
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp, KAUTH_ARG(VREAD));
if (error) {
goto fail;
Index: fs/cd9660/cd9660_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/cd9660/cd9660_vnops.c,v
retrieving revision 1.61
diff -u -p -u -r1.61 cd9660_vnops.c
--- fs/cd9660/cd9660_vnops.c 19 Jul 2021 01:30:24 -0000 1.61
+++ fs/cd9660/cd9660_vnops.c 18 Sep 2021 21:46:10 -0000
@@ -117,7 +117,7 @@ cd9660_check_permitted(struct vnode *vp,
kauth_cred_t cred)
{
- return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(accmode,
+ return kauth_authorize_vnode(curproc, cred, KAUTH_ACCESS_ACTION(accmode,
vp->v_type, ip->inode.iso_mode & ALLPERMS), vp, NULL,
genfs_can_access(vp, cred, ip->inode.iso_uid, ip->inode.iso_gid,
ip->inode.iso_mode & ALLPERMS, NULL, accmode));
Index: fs/efs/efs_vfsops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/efs/efs_vfsops.c,v
retrieving revision 1.29
diff -u -p -u -r1.29 efs_vfsops.c
--- fs/efs/efs_vfsops.c 17 Jan 2020 20:08:07 -0000 1.29
+++ fs/efs/efs_vfsops.c 18 Sep 2021 21:46:10 -0000
@@ -222,7 +222,7 @@ efs_mount(struct mount *mp, const char *
* If mount by non-root, then verify that user has necessary
* permissions on the device.
*/
- err = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
+ err = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp, KAUTH_ARG(VREAD));
if (err) {
vput(devvp);
Index: fs/efs/efs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/efs/efs_vnops.c,v
retrieving revision 1.43
diff -u -p -u -r1.43 efs_vnops.c
--- fs/efs/efs_vnops.c 18 Jul 2021 23:56:13 -0000 1.43
+++ fs/efs/efs_vnops.c 18 Sep 2021 21:46:10 -0000
@@ -135,7 +135,7 @@ efs_check_permitted(struct vnode *vp, st
kauth_cred_t cred)
{
- return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(accmode,
+ return kauth_authorize_vnode(curproc, cred, KAUTH_ACCESS_ACTION(accmode,
vp->v_type, eip->ei_mode), vp, NULL, genfs_can_access(vp,
cred, eip->ei_uid, eip->ei_gid, eip->ei_mode, NULL, accmode));
}
Index: fs/filecorefs/filecore_vfsops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/filecorefs/filecore_vfsops.c,v
retrieving revision 1.83
diff -u -p -u -r1.83 filecore_vfsops.c
--- fs/filecorefs/filecore_vfsops.c 16 Mar 2020 21:20:10 -0000 1.83
+++ fs/filecorefs/filecore_vfsops.c 18 Sep 2021 21:46:10 -0000
@@ -273,7 +273,7 @@ filecore_mount(struct mount *mp, const c
* permissions on the device.
*/
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp, KAUTH_ARG(VREAD));
VOP_UNLOCK(devvp);
if (error) {
Index: fs/filecorefs/filecore_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/filecorefs/filecore_vnops.c,v
retrieving revision 1.49
diff -u -p -u -r1.49 filecore_vnops.c
--- fs/filecorefs/filecore_vnops.c 18 Jul 2021 23:57:14 -0000 1.49
+++ fs/filecorefs/filecore_vnops.c 18 Sep 2021 21:46:10 -0000
@@ -126,7 +126,7 @@ filecore_check_permitted(struct vnode *v
{
struct filecore_mnt *fcmp = ip->i_mnt;
- return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(accmode,
+ return kauth_authorize_vnode(curproc, cred, KAUTH_ACCESS_ACTION(accmode,
vp->v_type, filecore_mode(ip)), vp, NULL,
genfs_can_access(vp, cred, fcmp->fc_uid, fcmp->fc_gid,
filecore_mode(ip), NULL, accmode));
Index: fs/hfs/hfs_vfsops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/hfs/hfs_vfsops.c,v
retrieving revision 1.37
diff -u -p -u -r1.37 hfs_vfsops.c
--- fs/hfs/hfs_vfsops.c 28 Feb 2020 11:27:38 -0000 1.37
+++ fs/hfs/hfs_vfsops.c 18 Sep 2021 21:46:10 -0000
@@ -279,9 +279,9 @@ hfs_mount(struct mount *mp, const char *
(mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
- KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp,
- KAUTH_ARG(accessmode));
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_MOUNT, KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp,
+ devvp, KAUTH_ARG(accessmode));
VOP_UNLOCK(devvp);
}
Index: fs/hfs/hfs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/hfs/hfs_vnops.c,v
retrieving revision 1.39
diff -u -p -u -r1.39 hfs_vnops.c
--- fs/hfs/hfs_vnops.c 18 Jul 2021 23:56:13 -0000 1.39
+++ fs/hfs/hfs_vnops.c 18 Sep 2021 21:46:10 -0000
@@ -542,7 +542,7 @@ hfs_check_permitted(vnode_t *vp, struct
kauth_cred_t cred)
{
- return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(accmode,
+ return kauth_authorize_vnode(curproc, cred, KAUTH_ACCESS_ACTION(accmode,
va->va_type, va->va_mode), vp, NULL, genfs_can_access(vp, cred,
va->va_uid, va->va_gid, va->va_mode, NULL, accmode));
}
Index: fs/msdosfs/msdosfs_vfsops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/msdosfs/msdosfs_vfsops.c,v
retrieving revision 1.136
diff -u -p -u -r1.136 msdosfs_vfsops.c
--- fs/msdosfs/msdosfs_vfsops.c 11 Feb 2021 00:15:55 -0000 1.136
+++ fs/msdosfs/msdosfs_vfsops.c 18 Sep 2021 21:46:10 -0000
@@ -354,7 +354,7 @@ msdosfs_mount(struct mount *mp, const ch
*/
devvp = pmp->pm_devvp;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
- error = kauth_authorize_system(l->l_cred,
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
KAUTH_SYSTEM_MOUNT, KAUTH_REQ_SYSTEM_MOUNT_DEVICE,
mp, devvp, KAUTH_ARG(VREAD | VWRITE));
VOP_UNLOCK(devvp);
@@ -398,7 +398,7 @@ msdosfs_mount(struct mount *mp, const ch
if ((mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp, KAUTH_ARG(accessmode));
VOP_UNLOCK(devvp);
if (error) {
Index: fs/msdosfs/msdosfs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/msdosfs/msdosfs_vnops.c,v
retrieving revision 1.106
diff -u -p -u -r1.106 msdosfs_vnops.c
--- fs/msdosfs/msdosfs_vnops.c 18 Jul 2021 23:57:14 -0000 1.106
+++ fs/msdosfs/msdosfs_vnops.c 18 Sep 2021 21:46:10 -0000
@@ -217,7 +217,7 @@ msdosfs_check_permitted(struct vnode *vp
file_mode &= (vp->v_type == VDIR ? pmp->pm_dirmask : pmp->pm_mask);
- return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(accmode,
+ return kauth_authorize_vnode(curproc, cred, KAUTH_ACCESS_ACTION(accmode,
vp->v_type, file_mode), vp, NULL, genfs_can_access(vp, cred,
pmp->pm_uid, pmp->pm_gid, file_mode, NULL, accmode));
}
@@ -370,9 +370,10 @@ msdosfs_setattr(void *v)
error = EROFS;
goto bad;
}
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES,
- ap->a_vp, NULL, genfs_can_chtimes(ap->a_vp, cred,
- pmp->pm_uid, vap->va_vaflags));
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_WRITE_TIMES, ap->a_vp, NULL,
+ genfs_can_chtimes(ap->a_vp, cred,
+ pmp->pm_uid, vap->va_vaflags));
if (error)
goto bad;
if ((pmp->pm_flags & MSDOSFSMNT_NOWIN95) == 0 &&
@@ -394,8 +395,9 @@ msdosfs_setattr(void *v)
error = EROFS;
goto bad;
}
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_FLAGS, vp,
- NULL, genfs_can_chflags(vp, cred, pmp->pm_uid, false));
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_WRITE_FLAGS, vp, NULL,
+ genfs_can_chflags(vp, cred, pmp->pm_uid, false));
if (error)
goto bad;
/* We ignore the read and execute bits. */
@@ -414,7 +416,8 @@ msdosfs_setattr(void *v)
error = EROFS;
goto bad;
}
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_FLAGS, vp,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_WRITE_FLAGS, vp,
NULL, genfs_can_chflags(vp, cred, pmp->pm_uid, false));
if (error)
goto bad;
Index: fs/nilfs/nilfs_vfsops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/nilfs/nilfs_vfsops.c,v
retrieving revision 1.27
diff -u -p -u -r1.27 nilfs_vfsops.c
--- fs/nilfs/nilfs_vfsops.c 16 Sep 2021 22:19:11 -0000 1.27
+++ fs/nilfs/nilfs_vfsops.c 18 Sep 2021 21:46:10 -0000
@@ -645,7 +645,7 @@ nilfs_mount_device(struct vnode *devvp,
if ((mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp, KAUTH_ARG(accessmode));
VOP_UNLOCK(devvp);
if (error) {
Index: fs/nilfs/nilfs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/nilfs/nilfs_vnops.c,v
retrieving revision 1.44
diff -u -p -u -r1.44 nilfs_vnops.c
--- fs/nilfs/nilfs_vnops.c 24 Jul 2021 21:31:38 -0000 1.44
+++ fs/nilfs/nilfs_vnops.c 18 Sep 2021 21:46:11 -0000
@@ -1032,7 +1032,7 @@ nilfs_check_permitted(struct vnode *vp,
{
/* ask the generic genfs_can_access to advice on security */
- return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(accmode,
+ return kauth_authorize_vnode(curproc, cred, KAUTH_ACCESS_ACTION(accmode,
vp->v_type, vap->va_mode), vp, NULL, genfs_can_access(vp, cred,
vap->va_uid, vap->va_gid, vap->va_mode, NULL, accmode));
}
Index: fs/ntfs/ntfs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/ntfs/ntfs_vnops.c,v
retrieving revision 1.66
diff -u -p -u -r1.66 ntfs_vnops.c
--- fs/ntfs/ntfs_vnops.c 29 Jun 2021 22:34:07 -0000 1.66
+++ fs/ntfs/ntfs_vnops.c 18 Sep 2021 21:46:11 -0000
@@ -429,7 +429,7 @@ ntfs_check_permitted(struct vnode *vp, s
file_mode = ip->i_mp->ntm_mode | (S_IXUSR|S_IXGRP|S_IXOTH);
- return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(accmode,
+ return kauth_authorize_vnode(curproc, cred, KAUTH_ACCESS_ACTION(accmode,
vp->v_type, file_mode), vp, NULL, genfs_can_access(vp, cred,
ip->i_mp->ntm_uid, ip->i_mp->ntm_gid, file_mode, NULL, accmode));
}
Index: fs/ptyfs/ptyfs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/ptyfs/ptyfs_vnops.c,v
retrieving revision 1.66
diff -u -p -u -r1.66 ptyfs_vnops.c
--- fs/ptyfs/ptyfs_vnops.c 18 Jul 2021 23:57:34 -0000 1.66
+++ fs/ptyfs/ptyfs_vnops.c 18 Sep 2021 21:46:11 -0000
@@ -414,7 +414,7 @@ ptyfs_setattr(void *v)
action |= KAUTH_VNODE_WRITE_SYSFLAGS;
}
- error = kauth_authorize_vnode(cred, action, vp, NULL,
+ error = kauth_authorize_vnode(curproc, cred, action, vp, NULL,
genfs_can_chflags(vp, cred, ptyfs->ptyfs_uid,
changing_sysflags));
if (error)
@@ -446,7 +446,8 @@ ptyfs_setattr(void *v)
return EROFS;
if ((ptyfs->ptyfs_flags & SF_SNAPSHOT) != 0)
return EPERM;
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_WRITE_TIMES, vp,
NULL, genfs_can_chtimes(vp, cred, ptyfs->ptyfs_uid,
vap->va_vaflags));
if (error)
@@ -491,7 +492,8 @@ ptyfs_chmod(struct vnode *vp, mode_t mod
struct ptyfsnode *ptyfs = VTOPTYFS(vp);
int error;
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY, vp,
+ error = kauth_authorize_vnode(l->l_proc, cred,
+ KAUTH_VNODE_WRITE_SECURITY, vp,
NULL, genfs_can_chmod(vp, cred, ptyfs->ptyfs_uid, ptyfs->ptyfs_gid,
mode));
if (error)
@@ -518,9 +520,10 @@ ptyfs_chown(struct vnode *vp, uid_t uid,
if (gid == (gid_t)VNOVAL)
gid = ptyfs->ptyfs_gid;
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_CHANGE_OWNERSHIP, vp,
- NULL, genfs_can_chown(vp, cred, ptyfs->ptyfs_uid, ptyfs->ptyfs_gid,
- uid, gid));
+ error = kauth_authorize_vnode(l->l_proc, cred,
+ KAUTH_VNODE_CHANGE_OWNERSHIP,
+ vp, NULL, genfs_can_chown(vp, cred, ptyfs->ptyfs_uid,
+ ptyfs->ptyfs_gid, uid, gid));
if (error)
return (error);
@@ -552,7 +555,7 @@ ptyfs_access(void *v)
if ((error = VOP_GETATTR(ap->a_vp, &va, ap->a_cred)) != 0)
return error;
- return kauth_authorize_vnode(ap->a_cred,
+ return kauth_authorize_vnode(curproc, ap->a_cred,
KAUTH_ACCESS_ACTION(ap->a_accmode, ap->a_vp->v_type, va.va_mode),
ap->a_vp, NULL, genfs_can_access(ap->a_vp, ap->a_cred, va.va_uid,
va.va_gid, va.va_mode, NULL, ap->a_accmode));
Index: fs/sysvbfs/sysvbfs_vfsops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/sysvbfs/sysvbfs_vfsops.c,v
retrieving revision 1.47
diff -u -p -u -r1.47 sysvbfs_vfsops.c
--- fs/sysvbfs/sysvbfs_vfsops.c 17 Jan 2020 20:08:08 -0000 1.47
+++ fs/sysvbfs/sysvbfs_vfsops.c 18 Sep 2021 21:46:11 -0000
@@ -139,9 +139,9 @@ sysvbfs_mount(struct mount *mp, const ch
(mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
- KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp,
- KAUTH_ARG(accessmode));
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_MOUNT, KAUTH_REQ_SYSTEM_MOUNT_DEVICE,
+ mp, devvp, KAUTH_ARG(accessmode));
}
if (error) {
Index: fs/sysvbfs/sysvbfs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/sysvbfs/sysvbfs_vnops.c,v
retrieving revision 1.67
diff -u -p -u -r1.67 sysvbfs_vnops.c
--- fs/sysvbfs/sysvbfs_vnops.c 27 Jun 2020 17:29:18 -0000 1.67
+++ fs/sysvbfs/sysvbfs_vnops.c 18 Sep 2021 21:46:11 -0000
@@ -253,7 +253,7 @@ sysvbfs_check_permitted(struct vnode *vp
{
struct bfs_fileattr *attr = &bnode->inode->attr;
- return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(accmode,
+ return kauth_authorize_vnode(curproc, cred, KAUTH_ACCESS_ACTION(accmode,
vp->v_type, attr->mode), vp, NULL, genfs_can_access(vp, cred,
attr->uid, attr->gid, attr->mode, NULL, accmode));
}
@@ -357,7 +357,7 @@ sysvbfs_setattr(void *arg)
(vap->va_uid != (uid_t)VNOVAL) ? vap->va_uid : attr->uid;
gid_t gid =
(vap->va_gid != (gid_t)VNOVAL) ? vap->va_gid : attr->gid;
- error = kauth_authorize_vnode(cred,
+ error = kauth_authorize_vnode(curproc, cred,
KAUTH_VNODE_CHANGE_OWNERSHIP, vp, NULL,
genfs_can_chown(vp, cred, attr->uid, attr->gid, uid, gid));
if (error)
@@ -385,7 +385,8 @@ sysvbfs_setattr(void *arg)
if (vap->va_mode != (mode_t)VNOVAL) {
mode_t mode = vap->va_mode;
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_WRITE_SECURITY,
vp, NULL, genfs_can_chmod(vp, cred, attr->uid,
attr->gid, mode));
if (error)
@@ -396,9 +397,10 @@ sysvbfs_setattr(void *arg)
if ((vap->va_atime.tv_sec != VNOVAL) ||
(vap->va_mtime.tv_sec != VNOVAL) ||
(vap->va_ctime.tv_sec != VNOVAL)) {
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_WRITE_TIMES, vp,
NULL, genfs_can_chtimes(vp, cred, attr->uid,
- vap->va_vaflags));
+ vap->va_vaflags));
if (error)
return error;
Index: fs/tmpfs/tmpfs_subr.c
===================================================================
RCS file: /cvsroot/src/sys/fs/tmpfs/tmpfs_subr.c,v
retrieving revision 1.113
diff -u -p -u -r1.113 tmpfs_subr.c
--- fs/tmpfs/tmpfs_subr.c 5 Sep 2020 16:30:12 -0000 1.113
+++ fs/tmpfs/tmpfs_subr.c 18 Sep 2021 21:46:11 -0000
@@ -992,7 +992,7 @@ tmpfs_chflags(vnode_t *vp, int flags, ka
action |= KAUTH_VNODE_HAS_SYSFLAGS;
}
- error = kauth_authorize_vnode(cred, action, vp, NULL,
+ error = kauth_authorize_vnode(l->l_proc, cred, action, vp, NULL,
genfs_can_chflags(vp, cred, node->tn_uid, changing_sysflags));
if (error)
return error;
@@ -1037,7 +1037,8 @@ tmpfs_chmod(vnode_t *vp, mode_t mode, ka
if (node->tn_flags & (IMMUTABLE | APPEND))
return EPERM;
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY, vp,
+ error = kauth_authorize_vnode(l->l_proc, cred,
+ KAUTH_VNODE_WRITE_SECURITY, vp,
NULL, genfs_can_chmod(vp, cred, node->tn_uid, node->tn_gid, mode));
if (error) {
return error;
@@ -1080,7 +1081,8 @@ tmpfs_chown(vnode_t *vp, uid_t uid, gid_
if (node->tn_flags & (IMMUTABLE | APPEND))
return EPERM;
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_CHANGE_OWNERSHIP, vp,
+ error = kauth_authorize_vnode(l->l_proc, cred,
+ KAUTH_VNODE_CHANGE_OWNERSHIP, vp,
NULL, genfs_can_chown(vp, cred, node->tn_uid, node->tn_gid, uid,
gid));
if (error) {
@@ -1167,7 +1169,8 @@ tmpfs_chtimes(vnode_t *vp, const struct
if (node->tn_flags & (IMMUTABLE | APPEND))
return EPERM;
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp, NULL,
+ error = kauth_authorize_vnode(l->l_proc, cred,
+ KAUTH_VNODE_WRITE_TIMES, vp, NULL,
genfs_can_chtimes(vp, cred, node->tn_uid, vaflags));
if (error)
return error;
Index: fs/tmpfs/tmpfs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/tmpfs/tmpfs_vnops.c,v
retrieving revision 1.147
diff -u -p -u -r1.147 tmpfs_vnops.c
--- fs/tmpfs/tmpfs_vnops.c 18 Jul 2021 23:57:14 -0000 1.147
+++ fs/tmpfs/tmpfs_vnops.c 18 Sep 2021 21:46:11 -0000
@@ -269,7 +269,7 @@ tmpfs_lookup(void *v)
goto out;
if ((dnode->tn_mode & S_ISTXT) != 0) {
- error = kauth_authorize_vnode(cnp->cn_cred,
+ error = kauth_authorize_vnode(curproc, cnp->cn_cred,
KAUTH_VNODE_DELETE, tnode->tn_vnode,
dnode->tn_vnode, genfs_can_sticky(dvp, cnp->cn_cred,
dnode->tn_uid, tnode->tn_uid));
@@ -411,7 +411,7 @@ tmpfs_access(void *v)
return EPERM;
}
- return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(accmode,
+ return kauth_authorize_vnode(curproc, cred, KAUTH_ACCESS_ACTION(accmode,
vp->v_type, node->tn_mode), vp, NULL, genfs_can_access(vp, cred,
node->tn_uid, node->tn_gid, node->tn_mode, NULL, accmode));
}
Index: fs/udf/udf_vfsops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/udf/udf_vfsops.c,v
retrieving revision 1.82
diff -u -p -u -r1.82 udf_vfsops.c
--- fs/udf/udf_vfsops.c 16 Sep 2021 22:19:11 -0000 1.82
+++ fs/udf/udf_vfsops.c 18 Sep 2021 21:46:11 -0000
@@ -369,7 +369,7 @@ udf_mount(struct mount *mp, const char *
if ((mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp, KAUTH_ARG(accessmode));
VOP_UNLOCK(devvp);
if (error) {
Index: fs/udf/udf_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/udf/udf_vnops.c,v
retrieving revision 1.116
diff -u -p -u -r1.116 udf_vnops.c
--- fs/udf/udf_vnops.c 24 Jul 2021 21:31:38 -0000 1.116
+++ fs/udf/udf_vnops.c 18 Sep 2021 21:46:11 -0000
@@ -824,7 +824,7 @@ udf_lookup(void *v)
mode = udf_getaccessmode(dir_node);
if ((mode & S_ISTXT) != 0) {
udf_getownership(dir_node, &d_uid, &d_gid);
- error = kauth_authorize_vnode(cnp->cn_cred,
+ error = kauth_authorize_vnode(curproc, cnp->cn_cred,
KAUTH_VNODE_DELETE, res_node->vnode,
dir_node->vnode, genfs_can_sticky(dvp, cnp->cn_cred,
d_uid, d_uid));
@@ -1040,7 +1040,8 @@ udf_chown(struct vnode *vp, uid_t new_ui
return EINVAL;
/* check permissions */
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_CHANGE_OWNERSHIP,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_CHANGE_OWNERSHIP,
vp, NULL, genfs_can_chown(vp, cred, uid, gid, new_uid, new_gid));
if (error)
return (error);
@@ -1077,7 +1078,7 @@ udf_chmod(struct vnode *vp, mode_t mode,
udf_getownership(udf_node, &uid, &gid);
/* check permissions */
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY, vp,
+ error = kauth_authorize_vnode(curproc, cred, KAUTH_VNODE_WRITE_SECURITY, vp,
NULL, genfs_can_chmod(vp, cred, uid, gid, mode));
if (error)
return (error);
@@ -1186,8 +1187,8 @@ udf_chtimes(struct vnode *vp,
udf_getownership(udf_node, &uid, &gid);
/* check permissions */
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp,
- NULL, genfs_can_chtimes(vp, cred, uid, setattrflags));
+ error = kauth_authorize_vnode(curproc, cred, KAUTH_VNODE_WRITE_TIMES,
+ vp, NULL, genfs_can_chtimes(vp, cred, uid, setattrflags));
if (error)
return (error);
@@ -1441,7 +1442,7 @@ udf_check_permitted(struct vnode *vp, st
kauth_cred_t cred)
{
/* ask the generic genfs_can_access to advice on security */
- return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(accmode,
+ return kauth_authorize_vnode(curproc, cred, KAUTH_ACCESS_ACTION(accmode,
vp->v_type, vap->va_mode), vp, NULL, genfs_can_access(vp, cred,
vap->va_uid, vap->va_gid, vap->va_mode, NULL, accmode));
}
Index: fs/v7fs/v7fs_vfsops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/v7fs/v7fs_vfsops.c,v
retrieving revision 1.17
diff -u -p -u -r1.17 v7fs_vfsops.c
--- fs/v7fs/v7fs_vfsops.c 17 Jan 2020 20:08:09 -0000 1.17
+++ fs/v7fs/v7fs_vfsops.c 18 Sep 2021 21:46:11 -0000
@@ -157,9 +157,9 @@ v7fs_mount(struct mount *mp, const char
(mp->mnt_iflag & IMNT_WANTRDWR) != 0 :
(mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
- KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp,
- KAUTH_ARG(accessmode));
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_MOUNT, KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp,
+ devvp, KAUTH_ARG(accessmode));
}
if (error) {
Index: fs/v7fs/v7fs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/fs/v7fs/v7fs_vnops.c,v
retrieving revision 1.31
diff -u -p -u -r1.31 v7fs_vnops.c
--- fs/v7fs/v7fs_vnops.c 27 Jun 2020 17:29:18 -0000 1.31
+++ fs/v7fs/v7fs_vnops.c 18 Sep 2021 21:46:11 -0000
@@ -377,7 +377,7 @@ v7fs_check_permitted(struct vnode *vp, s
struct v7fs_inode *inode = &v7node->inode;
- return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(accmode,
+ return kauth_authorize_vnode(curproc, cred, KAUTH_ACCESS_ACTION(accmode,
vp->v_type, inode->mode), vp, NULL, genfs_can_access(vp, cred,
inode->uid, inode->gid, inode->mode, NULL, accmode));
}
@@ -491,7 +491,8 @@ v7fs_setattr(void *v)
}
/* File pointer mode. */
if (vap->va_flags != VNOVAL) {
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_FLAGS,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_WRITE_FLAGS,
vp, NULL, genfs_can_chflags(vp, cred, inode->uid,
false));
if (error)
@@ -513,7 +514,7 @@ v7fs_setattr(void *v)
if (vap->va_uid != (uid_t)VNOVAL) {
uid = vap->va_uid;
- error = kauth_authorize_vnode(cred,
+ error = kauth_authorize_vnode(curproc, cred,
KAUTH_VNODE_CHANGE_OWNERSHIP, vp, NULL,
genfs_can_chown(vp, cred, inode->uid, inode->gid, uid,
gid));
@@ -523,7 +524,7 @@ v7fs_setattr(void *v)
}
if (vap->va_gid != (uid_t)VNOVAL) {
gid = vap->va_gid;
- error = kauth_authorize_vnode(cred,
+ error = kauth_authorize_vnode(curproc, cred,
KAUTH_VNODE_CHANGE_OWNERSHIP, vp, NULL,
genfs_can_chown(vp, cred, inode->uid, inode->gid, uid,
gid));
@@ -533,7 +534,8 @@ v7fs_setattr(void *v)
}
if (vap->va_mode != (mode_t)VNOVAL) {
mode_t mode = vap->va_mode;
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_WRITE_SECURITY,
vp, NULL, genfs_can_chmod(vp, cred, inode->uid, inode->gid,
mode));
if (error) {
@@ -544,7 +546,8 @@ v7fs_setattr(void *v)
if ((vap->va_atime.tv_sec != VNOVAL) ||
(vap->va_mtime.tv_sec != VNOVAL) ||
(vap->va_ctime.tv_sec != VNOVAL)) {
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_WRITE_TIMES, vp,
NULL, genfs_can_chtimes(vp, cred, inode->uid,
vap->va_vaflags));
if (error)
Index: kern/init_sysctl.c
===================================================================
RCS file: /cvsroot/src/sys/kern/init_sysctl.c,v
retrieving revision 1.227
diff -u -p -u -r1.227 init_sysctl.c
--- kern/init_sysctl.c 20 Sep 2020 12:51:57 -0000 1.227
+++ kern/init_sysctl.c 18 Sep 2021 21:46:11 -0000
@@ -833,7 +833,7 @@ sysctl_kern_rtc_offset(SYSCTLFN_ARGS)
if (error || newp == NULL)
return (error);
- if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_TIME,
+ if (kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_TIME,
KAUTH_REQ_SYSTEM_TIME_RTCOFFSET,
KAUTH_ARG(new_rtc_offset), NULL, NULL))
return (EPERM);
@@ -1319,7 +1319,7 @@ sysctl_security_setidcore(SYSCTLFN_ARGS)
if (error || newp == NULL)
return error;
- if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_SETIDCORE,
+ if (kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_SETIDCORE,
0, NULL, NULL, NULL))
return (EPERM);
@@ -1343,7 +1343,7 @@ sysctl_security_setidcorename(SYSCTLFN_A
if (error || newp == NULL) {
goto out;
}
- if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_SETIDCORE,
+ if (kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_SETIDCORE,
0, NULL, NULL, NULL)) {
error = EPERM;
goto out;
Index: kern/kern_acct.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_acct.c,v
retrieving revision 1.98
diff -u -p -u -r1.98 kern_acct.c
--- kern/kern_acct.c 29 Jun 2021 22:40:53 -0000 1.98
+++ kern/kern_acct.c 18 Sep 2021 21:46:11 -0000
@@ -301,8 +301,8 @@ sys_acct(struct lwp *l, const struct sys
int error;
/* Make sure that the caller is root. */
- if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_ACCOUNTING,
- 0, NULL, NULL, NULL)))
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_ACCOUNTING, 0, NULL, NULL, NULL)))
return (error);
/*
Index: kern/kern_auth.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_auth.c,v
retrieving revision 1.78
diff -u -p -u -r1.78 kern_auth.c
--- kern/kern_auth.c 16 May 2020 18:31:50 -0000 1.78
+++ kern/kern_auth.c 18 Sep 2021 21:46:11 -0000
@@ -44,6 +44,7 @@ __KERNEL_RCSID(0, "$NetBSD: kern_auth.c,
#include <sys/atomic.h>
#include <sys/specificdata.h>
#include <sys/vnode.h>
+#include <sys/acct.h>
#include <secmodel/secmodel.h>
@@ -474,7 +475,7 @@ kauth_proc_setgroups(struct lwp *l, kaut
kauth_cred_clone1(cred, ncred, false);
- error = kauth_authorize_process(cred, KAUTH_PROCESS_SETID,
+ error = kauth_authorize_process(l->l_proc, cred, KAUTH_PROCESS_SETID,
l->l_proc, NULL, NULL, NULL);
if (error != 0) {
proc_crmod_leave(cred, ncred, false);
@@ -934,6 +935,7 @@ kauth_unlisten_scope(kauth_listener_t li
*
* scope - the scope of the request as defined by KAUTH_SCOPE_* or as
* returned from kauth_register_scope().
+ * process - process associated with request
* credential - credentials of the user ("actor") making the request.
* action - request identifier.
* arg[0-3] - passed unmodified to listener(s).
@@ -945,8 +947,9 @@ kauth_unlisten_scope(kauth_listener_t li
* - KAUTH_RESULT_DEFER if there is nothing but KAUTH_RESULT_DEFER
*/
static int
-kauth_authorize_action_internal(kauth_scope_t scope, kauth_cred_t cred,
- kauth_action_t action, void *arg0, void *arg1, void *arg2, void *arg3)
+kauth_authorize_action_internal(kauth_scope_t scope, struct proc *p,
+ kauth_cred_t cred, kauth_action_t action, void *arg0, void *arg1,
+ void *arg2, void *arg3)
{
kauth_listener_t listener;
int error, allow, fail;
@@ -978,19 +981,23 @@ kauth_authorize_action_internal(kauth_sc
if (fail)
return (KAUTH_RESULT_DENY);
- if (allow)
+ if (allow) {
+ if (p)
+ p->p_acflag |= ASU;
return (KAUTH_RESULT_ALLOW);
+ }
return (KAUTH_RESULT_DEFER);
};
int
-kauth_authorize_action(kauth_scope_t scope, kauth_cred_t cred,
- kauth_action_t action, void *arg0, void *arg1, void *arg2, void *arg3)
+kauth_authorize_action(kauth_scope_t scope, struct proc *p, kauth_cred_t cred,
+ kauth_action_t action, void *arg0, void *arg1, void *arg2,
+ void *arg3)
{
int r;
- r = kauth_authorize_action_internal(scope, cred, action, arg0, arg1,
+ r = kauth_authorize_action_internal(scope, p, cred, action, arg0, arg1,
arg2, arg3);
if (r == KAUTH_RESULT_DENY)
@@ -1009,84 +1016,88 @@ kauth_authorize_action(kauth_scope_t sco
* Generic scope authorization wrapper.
*/
int
-kauth_authorize_generic(kauth_cred_t cred, kauth_action_t action, void *arg0)
+kauth_authorize_generic(struct proc *p, kauth_cred_t cred,
+ kauth_action_t action, void *arg0)
{
- return (kauth_authorize_action(kauth_builtin_scope_generic, cred,
- action, arg0, NULL, NULL, NULL));
+ return kauth_authorize_action(kauth_builtin_scope_generic, p, cred,
+ action, arg0, NULL, NULL, NULL);
}
/*
* System scope authorization wrapper.
*/
int
-kauth_authorize_system(kauth_cred_t cred, kauth_action_t action,
- enum kauth_system_req req, void *arg1, void *arg2, void *arg3)
+kauth_authorize_system(struct proc *p, kauth_cred_t cred, kauth_action_t action,
+ enum kauth_system_req req, void *arg1, void *arg2,
+ void *arg3)
{
- return (kauth_authorize_action(kauth_builtin_scope_system, cred,
- action, (void *)req, arg1, arg2, arg3));
+ return kauth_authorize_action(kauth_builtin_scope_system, p, cred,
+ action, KAUTH_ARG(req), arg1, arg2, arg3);
}
/*
* Process scope authorization wrapper.
*/
int
-kauth_authorize_process(kauth_cred_t cred, kauth_action_t action,
- struct proc *p, void *arg1, void *arg2, void *arg3)
+kauth_authorize_process(struct proc *p, kauth_cred_t cred,
+ kauth_action_t action, struct proc *pp, void *arg1, void *arg2,
+ void *arg3)
{
- return (kauth_authorize_action(kauth_builtin_scope_process, cred,
- action, p, arg1, arg2, arg3));
+ return kauth_authorize_action(kauth_builtin_scope_process, p, cred,
+ action, pp, arg1, arg2, arg3);
}
/*
* Network scope authorization wrapper.
*/
int
-kauth_authorize_network(kauth_cred_t cred, kauth_action_t action,
- enum kauth_network_req req, void *arg1, void *arg2, void *arg3)
+kauth_authorize_network(struct proc *p, kauth_cred_t cred,
+ kauth_action_t action, enum kauth_network_req req,
+ void *arg1, void *arg2, void *arg3)
{
- return (kauth_authorize_action(kauth_builtin_scope_network, cred,
- action, (void *)req, arg1, arg2, arg3));
+ return kauth_authorize_action(kauth_builtin_scope_network, p, cred,
+ action, KAUTH_ARG(req), arg1, arg2, arg3);
}
int
-kauth_authorize_machdep(kauth_cred_t cred, kauth_action_t action,
- void *arg0, void *arg1, void *arg2, void *arg3)
+kauth_authorize_machdep(struct proc *p, kauth_cred_t cred,
+ kauth_action_t action, void *arg0, void *arg1, void *arg2, void *arg3)
{
- return (kauth_authorize_action(kauth_builtin_scope_machdep, cred,
- action, arg0, arg1, arg2, arg3));
+ return kauth_authorize_action(kauth_builtin_scope_machdep, p, cred,
+ action, arg0, arg1, arg2, arg3);
}
int
-kauth_authorize_device(kauth_cred_t cred, kauth_action_t action,
+kauth_authorize_device(struct proc *p, kauth_cred_t cred, kauth_action_t action,
void *arg0, void *arg1, void *arg2, void *arg3)
{
- return (kauth_authorize_action(kauth_builtin_scope_device, cred,
- action, arg0, arg1, arg2, arg3));
+ return kauth_authorize_action(kauth_builtin_scope_device, p, cred,
+ action, arg0, arg1, arg2, arg3);
}
int
-kauth_authorize_device_tty(kauth_cred_t cred, kauth_action_t action,
- struct tty *tty)
+kauth_authorize_device_tty(struct proc *p, kauth_cred_t cred,
+ kauth_action_t action, struct tty *tty)
{
- return (kauth_authorize_action(kauth_builtin_scope_device, cred,
- action, tty, NULL, NULL, NULL));
+ return kauth_authorize_action(kauth_builtin_scope_device, p, cred,
+ action, tty, NULL, NULL, NULL);
}
int
-kauth_authorize_device_spec(kauth_cred_t cred, enum kauth_device_req req,
- struct vnode *vp)
+kauth_authorize_device_spec(struct proc *p, kauth_cred_t cred,
+ enum kauth_device_req req, struct vnode *vp)
{
- return (kauth_authorize_action(kauth_builtin_scope_device, cred,
- KAUTH_DEVICE_RAWIO_SPEC, (void *)req, vp, NULL, NULL));
+ return kauth_authorize_action(kauth_builtin_scope_device, p, cred,
+ KAUTH_DEVICE_RAWIO_SPEC, KAUTH_ARG(req), vp, NULL, NULL);
}
int
-kauth_authorize_device_passthru(kauth_cred_t cred, dev_t dev, u_long bits,
- void *data)
+kauth_authorize_device_passthru(struct proc *p, kauth_cred_t cred, dev_t dev,
+ u_long bits, void *data)
{
- return (kauth_authorize_action(kauth_builtin_scope_device, cred,
- KAUTH_DEVICE_RAWIO_PASSTHRU, (void *)bits, (void *)(u_long)dev,
- data, NULL));
+ return kauth_authorize_action(kauth_builtin_scope_device, p, cred,
+ KAUTH_DEVICE_RAWIO_PASSTHRU, KAUTH_ARG(bits), KAUTH_ARG(dev),
+ data, NULL);
}
kauth_action_t
@@ -1119,13 +1130,13 @@ kauth_extattr_action(mode_t access_mode)
}
int
-kauth_authorize_vnode(kauth_cred_t cred, kauth_action_t action,
+kauth_authorize_vnode(struct proc *p, kauth_cred_t cred, kauth_action_t action,
struct vnode *vp, struct vnode *dvp, int fs_decision)
{
int error;
- error = kauth_authorize_action_internal(kauth_builtin_scope_vnode, cred,
- action, vp, dvp, NULL, NULL);
+ error = kauth_authorize_action_internal(kauth_builtin_scope_vnode, p,
+ cred, action, vp, dvp, NULL, NULL);
if (error == KAUTH_RESULT_DENY)
return (EACCES);
@@ -1151,7 +1162,7 @@ kauth_cred_hook(kauth_cred_t cred, kauth
{
int r;
- r = kauth_authorize_action(kauth_builtin_scope_cred, cred, action,
+ r = kauth_authorize_action(kauth_builtin_scope_cred, NULL, cred, action,
arg0, arg1, NULL, NULL);
#ifdef DIAGNOSTIC
Index: kern/kern_cpu.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_cpu.c,v
retrieving revision 1.93
diff -u -p -u -r1.93 kern_cpu.c
--- kern/kern_cpu.c 8 Oct 2020 09:16:13 -0000 1.93
+++ kern/kern_cpu.c 18 Sep 2021 21:46:11 -0000
@@ -202,9 +202,9 @@ cpuctl_ioctl(dev_t dev, u_long cmd, void
switch (cmd) {
case IOC_CPU_SETSTATE:
cs = data;
- error = kauth_authorize_system(l->l_cred,
- KAUTH_SYSTEM_CPU, KAUTH_REQ_SYSTEM_CPU_SETSTATE, cs, NULL,
- NULL);
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_CPU, KAUTH_REQ_SYSTEM_CPU_SETSTATE,
+ cs, NULL, NULL);
if (error != 0)
break;
if (cs->cs_id >= maxcpus ||
@@ -263,7 +263,7 @@ cpuctl_ioctl(dev_t dev, u_long cmd, void
break;
case IOC_CPU_UCODE_APPLY:
- error = kauth_authorize_machdep(l->l_cred,
+ error = kauth_authorize_machdep(l->l_proc, l->l_cred,
KAUTH_MACHDEP_CPU_UCODE_APPLY,
NULL, NULL, NULL, NULL);
if (error != 0)
Index: kern/kern_descrip.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_descrip.c,v
retrieving revision 1.251
diff -u -p -u -r1.251 kern_descrip.c
--- kern/kern_descrip.c 29 Jun 2021 22:40:53 -0000 1.251
+++ kern/kern_descrip.c 18 Sep 2021 21:46:11 -0000
@@ -2067,7 +2067,7 @@ sysctl_kern_file(SYSCTLFN_ARGS)
continue;
}
mutex_enter(p->p_lock);
- error = kauth_authorize_process(l->l_cred,
+ error = kauth_authorize_process(l->l_proc, l->l_cred,
KAUTH_PROCESS_CANSEE, p,
KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_OPENFILES),
NULL, NULL);
@@ -2224,7 +2224,7 @@ sysctl_kern_file2(SYSCTLFN_ARGS)
continue;
}
mutex_enter(p->p_lock);
- error = kauth_authorize_process(l->l_cred,
+ error = kauth_authorize_process(l->l_proc, l->l_cred,
KAUTH_PROCESS_CANSEE, p,
KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_OPENFILES),
NULL, NULL);
Index: kern/kern_entropy.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_entropy.c,v
retrieving revision 1.30
diff -u -p -u -r1.30 kern_entropy.c
--- kern/kern_entropy.c 12 Feb 2021 19:48:26 -0000 1.30
+++ kern/kern_entropy.c 18 Sep 2021 21:46:11 -0000
@@ -2070,18 +2070,18 @@ entropy_ioctl(unsigned long cmd, void *d
case RNDGETSRCNAME:
case RNDGETESTNUM:
case RNDGETESTNAME:
- error = kauth_authorize_device(curlwp->l_cred,
+ error = kauth_authorize_device(curproc, kauth_cred_get(),
KAUTH_DEVICE_RND_GETPRIV, NULL, NULL, NULL, NULL);
break;
case RNDCTL:
- error = kauth_authorize_device(curlwp->l_cred,
+ error = kauth_authorize_device(curproc, kauth_cred_get(),
KAUTH_DEVICE_RND_SETPRIV, NULL, NULL, NULL, NULL);
break;
case RNDADDDATA:
- error = kauth_authorize_device(curlwp->l_cred,
+ error = kauth_authorize_device(curproc, kauth_cred_get(),
KAUTH_DEVICE_RND_ADDDATA, NULL, NULL, NULL, NULL);
/* Ascertain whether the user's inputs should be counted. */
- if (kauth_authorize_device(curlwp->l_cred,
+ if (kauth_authorize_device(curproc, kauth_cred_get(),
KAUTH_DEVICE_RND_ADDDATA_ESTIMATE,
NULL, NULL, NULL, NULL) == 0)
privileged = true;
Index: kern/kern_event.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_event.c,v
retrieving revision 1.118
diff -u -p -u -r1.118 kern_event.c
--- kern/kern_event.c 2 May 2021 19:13:43 -0000 1.118
+++ kern/kern_event.c 18 Sep 2021 21:46:11 -0000
@@ -546,8 +546,8 @@ filt_procattach(struct knote *kn)
*/
mutex_enter(p->p_lock);
mutex_exit(&proc_lock);
- if (kauth_authorize_process(curl->l_cred, KAUTH_PROCESS_KEVENT_FILTER,
- p, NULL, NULL, NULL) != 0) {
+ if (kauth_authorize_process(curl->l_proc, curl->l_cred,
+ KAUTH_PROCESS_KEVENT_FILTER, p, NULL, NULL, NULL) != 0) {
mutex_exit(p->p_lock);
return EACCES;
}
Index: kern/kern_exec.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_exec.c,v
retrieving revision 1.506
diff -u -p -u -r1.506 kern_exec.c
--- kern/kern_exec.c 11 Jun 2021 12:54:22 -0000 1.506
+++ kern/kern_exec.c 18 Sep 2021 21:46:11 -0000
@@ -778,12 +778,13 @@ execve_loadvm(struct lwp *l, bool has_pa
*/
retry:
if (p->p_flag & PK_SUGID) {
- if (kauth_authorize_process(l->l_cred, KAUTH_PROCESS_RLIMIT,
- p, KAUTH_ARG(KAUTH_REQ_PROCESS_RLIMIT_BYPASS),
- &p->p_rlimit[RLIMIT_NPROC],
- KAUTH_ARG(RLIMIT_NPROC)) != 0 &&
+ if (kauth_authorize_process(l->l_proc, l->l_cred,
+ KAUTH_PROCESS_RLIMIT,
+ p, KAUTH_ARG(KAUTH_REQ_PROCESS_RLIMIT_BYPASS),
+ &p->p_rlimit[RLIMIT_NPROC],
+ KAUTH_ARG(RLIMIT_NPROC)) != 0 &&
chgproccnt(kauth_cred_getuid(l->l_cred), 0) >
- p->p_rlimit[RLIMIT_NPROC].rlim_cur)
+ p->p_rlimit[RLIMIT_NPROC].rlim_cur)
return EAGAIN;
}
@@ -2425,7 +2426,7 @@ check_posix_spawn(struct lwp *l1)
if (__predict_false(tnprocs >= maxproc))
error = -1;
else
- error = kauth_authorize_process(l1->l_cred,
+ error = kauth_authorize_process(l1->l_proc, l1->l_cred,
KAUTH_PROCESS_FORK, p1, KAUTH_ARG(tnprocs), NULL, NULL);
if (error) {
@@ -2437,9 +2438,10 @@ check_posix_spawn(struct lwp *l1)
* Enforce limits.
*/
count = chgproccnt(uid, 1);
- if (kauth_authorize_process(l1->l_cred, KAUTH_PROCESS_RLIMIT,
- p1, KAUTH_ARG(KAUTH_REQ_PROCESS_RLIMIT_BYPASS),
- &p1->p_rlimit[RLIMIT_NPROC], KAUTH_ARG(RLIMIT_NPROC)) != 0 &&
+ if (kauth_authorize_process(l1->l_proc, l1->l_cred,
+ KAUTH_PROCESS_RLIMIT,
+ p1, KAUTH_ARG(KAUTH_REQ_PROCESS_RLIMIT_BYPASS),
+ &p1->p_rlimit[RLIMIT_NPROC], KAUTH_ARG(RLIMIT_NPROC)) != 0 &&
__predict_false(count > p1->p_rlimit[RLIMIT_NPROC].rlim_cur)) {
(void)chgproccnt(uid, -1);
atomic_dec_uint(&nprocs);
Index: kern/kern_fork.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_fork.c,v
retrieving revision 1.226
diff -u -p -u -r1.226 kern_fork.c
--- kern/kern_fork.c 23 May 2020 23:42:43 -0000 1.226
+++ kern/kern_fork.c 18 Sep 2021 21:46:11 -0000
@@ -264,7 +264,7 @@ fork1(struct lwp *l1, int flags, int exi
if (__predict_false(tnprocs >= maxproc))
error = -1;
else
- error = kauth_authorize_process(l1->l_cred,
+ error = kauth_authorize_process(l1->l_proc, l1->l_cred,
KAUTH_PROCESS_FORK, p1, KAUTH_ARG(tnprocs), NULL, NULL);
if (error) {
@@ -282,7 +282,8 @@ fork1(struct lwp *l1, int flags, int exi
*/
count = chgproccnt(uid, 1);
if (__predict_false(count > p1->p_rlimit[RLIMIT_NPROC].rlim_cur)) {
- if (kauth_authorize_process(l1->l_cred, KAUTH_PROCESS_RLIMIT,
+ if (kauth_authorize_process(l1->l_proc, l1->l_cred,
+ KAUTH_PROCESS_RLIMIT,
p1, KAUTH_ARG(KAUTH_REQ_PROCESS_RLIMIT_BYPASS),
&p1->p_rlimit[RLIMIT_NPROC], KAUTH_ARG(RLIMIT_NPROC)) != 0) {
(void)chgproccnt(uid, -1);
Index: kern/kern_ktrace.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_ktrace.c,v
retrieving revision 1.178
diff -u -p -u -r1.178 kern_ktrace.c
--- kern/kern_ktrace.c 27 Feb 2021 13:02:42 -0000 1.178
+++ kern/kern_ktrace.c 18 Sep 2021 21:46:11 -0000
@@ -1198,7 +1198,8 @@ ktrops(lwp_t *curl, struct proc *p, int
ktradref(p);
}
p->p_traceflag |= facs;
- if (kauth_authorize_process(curl->l_cred, KAUTH_PROCESS_KTRACE,
+ if (kauth_authorize_process(curl->l_proc, curl->l_cred,
+ KAUTH_PROCESS_KTRACE,
p, KAUTH_ARG(KAUTH_REQ_PROCESS_KTRACE_PERSISTENT), NULL,
NULL) == 0)
p->p_traceflag |= KTRFAC_PERSISTENT;
@@ -1433,8 +1434,8 @@ ktrcanset(lwp_t *calll, struct proc *tar
KASSERT(mutex_owned(targetp->p_lock));
KASSERT(mutex_owned(&ktrace_lock));
- if (kauth_authorize_process(calll->l_cred, KAUTH_PROCESS_KTRACE,
- targetp, NULL, NULL, NULL) == 0)
+ if (kauth_authorize_process(calll->l_proc, calll->l_cred,
+ KAUTH_PROCESS_KTRACE, targetp, NULL, NULL, NULL) == 0)
return (1);
return (0);
Index: kern/kern_lwp.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_lwp.c,v
retrieving revision 1.243
diff -u -p -u -r1.243 kern_lwp.c
--- kern/kern_lwp.c 13 Jan 2021 07:36:56 -0000 1.243
+++ kern/kern_lwp.c 18 Sep 2021 21:46:11 -0000
@@ -780,7 +780,7 @@ lwp_create(lwp_t *l1, proc_t *p2, vaddr_
int count = chglwpcnt(uid, 1);
if (__predict_false(count >
p2->p_rlimit[RLIMIT_NTHR].rlim_cur)) {
- if (kauth_authorize_process(l1->l_cred,
+ if (kauth_authorize_process(l1->l_proc, l1->l_cred,
KAUTH_PROCESS_RLIMIT, p2,
KAUTH_ARG(KAUTH_REQ_PROCESS_RLIMIT_BYPASS),
&p2->p_rlimit[RLIMIT_NTHR], KAUTH_ARG(RLIMIT_NTHR))
Index: kern/kern_module.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_module.c,v
retrieving revision 1.153
diff -u -p -u -r1.153 kern_module.c
--- kern/kern_module.c 16 Sep 2021 21:29:42 -0000 1.153
+++ kern/kern_module.c 18 Sep 2021 21:46:11 -0000
@@ -276,9 +276,9 @@ module_builtin_add(modinfo_t *const *mip
int rv = 0, i, mipskip;
if (init) {
- rv = kauth_authorize_system(kauth_cred_get(),
- KAUTH_SYSTEM_MODULE, 0, (void *)(uintptr_t)MODCTL_LOAD,
- (void *)(uintptr_t)1, NULL);
+ rv = kauth_authorize_system(curproc, kauth_cred_get(),
+ KAUTH_SYSTEM_MODULE, 0, KAUTH_ARG(MODCTL_LOAD),
+ KAUTH_ARG(1), NULL);
if (rv) {
return rv;
}
@@ -366,8 +366,8 @@ module_builtin_remove(modinfo_t *mi, boo
int rv = 0;
if (fini) {
- rv = kauth_authorize_system(kauth_cred_get(),
- KAUTH_SYSTEM_MODULE, 0, (void *)(uintptr_t)MODCTL_UNLOAD,
+ rv = kauth_authorize_system(curproc, kauth_cred_get(),
+ KAUTH_SYSTEM_MODULE, 0, KAUTH_ARG(MODCTL_UNLOAD),
NULL, NULL);
if (rv)
return rv;
@@ -670,8 +670,8 @@ module_load(const char *filename, int fl
}
/* Authorize. */
- error = kauth_authorize_system(kauth_cred_get(), KAUTH_SYSTEM_MODULE,
- 0, (void *)(uintptr_t)MODCTL_LOAD, NULL, NULL);
+ error = kauth_authorize_system(curproc, kauth_cred_get(),
+ KAUTH_SYSTEM_MODULE, 0, KAUTH_ARG(MODCTL_LOAD), NULL, NULL);
if (error != 0)
goto out;
@@ -710,8 +710,8 @@ module_autoload(const char *filename, mo
}
/* Authorize. */
- error = kauth_authorize_system(kauth_cred_get(), KAUTH_SYSTEM_MODULE,
- 0, (void *)(uintptr_t)MODCTL_LOAD, (void *)(uintptr_t)1, NULL);
+ error = kauth_authorize_system(curproc, kauth_cred_get(),
+ KAUTH_SYSTEM_MODULE, 0, KAUTH_ARG(MODCTL_LOAD), KAUTH_ARG(1), NULL);
if (error == 0)
error = module_do_load(filename, false, 0, NULL, NULL, modclass,
@@ -734,8 +734,8 @@ module_unload(const char *name)
int error;
/* Authorize. */
- error = kauth_authorize_system(kauth_cred_get(), KAUTH_SYSTEM_MODULE,
- 0, (void *)(uintptr_t)MODCTL_UNLOAD, NULL, NULL);
+ error = kauth_authorize_system(curproc, kauth_cred_get(),
+ KAUTH_SYSTEM_MODULE, 0, KAUTH_ARG(MODCTL_UNLOAD), NULL, NULL);
if (error != 0) {
return error;
}
Index: kern/kern_ntptime.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_ntptime.c,v
retrieving revision 1.60
diff -u -p -u -r1.60 kern_ntptime.c
--- kern/kern_ntptime.c 29 Oct 2018 22:02:25 -0000 1.60
+++ kern/kern_ntptime.c 18 Sep 2021 21:46:11 -0000
@@ -267,9 +267,9 @@ sys_ntp_adjtime(struct lwp *l, const str
if (error != 0)
return (error);
- if (ntv.modes != 0 && (error = kauth_authorize_system(l->l_cred,
- KAUTH_SYSTEM_TIME, KAUTH_REQ_SYSTEM_TIME_NTPADJTIME, NULL,
- NULL, NULL)) != 0)
+ if (ntv.modes != 0 && (error = kauth_authorize_system(l->l_proc,
+ l->l_cred, KAUTH_SYSTEM_TIME, KAUTH_REQ_SYSTEM_TIME_NTPADJTIME,
+ NULL, NULL, NULL)) != 0)
return (error);
ntp_adjtime1(&ntv);
Index: kern/kern_proc.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_proc.c,v
retrieving revision 1.262
diff -u -p -u -r1.262 kern_proc.c
--- kern/kern_proc.c 24 Dec 2020 12:14:50 -0000 1.262
+++ kern/kern_proc.c 18 Sep 2021 21:46:11 -0000
@@ -2109,7 +2109,7 @@ sysctl_doeproc(SYSCTLFN_ARGS)
continue;
mutex_enter(p->p_lock);
- error = kauth_authorize_process(l->l_cred,
+ error = kauth_authorize_process(l->l_proc, l->l_cred,
KAUTH_PROCESS_CANSEE, p,
KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_EPROC), NULL, NULL);
if (error != 0) {
@@ -2356,10 +2356,12 @@ sysctl_kern_proc_args(SYSCTLFN_ARGS)
/* Check permission. */
if (type == KERN_PROC_ARGV || type == KERN_PROC_NARGV)
- error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE,
+ error = kauth_authorize_process(l->l_proc, l->l_cred,
+ KAUTH_PROCESS_CANSEE,
p, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ARGS), NULL, NULL);
else if (type == KERN_PROC_ENV || type == KERN_PROC_NENV)
- error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE,
+ error = kauth_authorize_process(l->l_proc, l->l_cred,
+ KAUTH_PROCESS_CANSEE,
p, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENV), NULL, NULL);
else
error = EINVAL; /* XXXGCC */
@@ -2925,7 +2927,7 @@ proc_find_locked(struct lwp *l, struct p
mutex_enter((*p)->p_lock);
mutex_exit(&proc_lock);
- error = kauth_authorize_process(l->l_cred,
+ error = kauth_authorize_process(l->l_proc, l->l_cred,
KAUTH_PROCESS_CANSEE, *p,
KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL);
if (error) {
@@ -3058,7 +3060,7 @@ sysctl_security_expose_address(SYSCTLFN_
if (error || newp == NULL)
return error;
- if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_KERNADDR,
+ if (kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_KERNADDR,
0, NULL, NULL, NULL))
return EPERM;
@@ -3080,6 +3082,7 @@ bool
get_expose_address(struct proc *p)
{
/* allow only if sysctl variable is set or privileged */
- return kauth_authorize_process(kauth_cred_get(), KAUTH_PROCESS_CANSEE,
+ return kauth_authorize_process(curproc, kauth_cred_get(),
+ KAUTH_PROCESS_CANSEE,
p, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL) == 0;
}
Index: kern/kern_prot.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_prot.c,v
retrieving revision 1.122
diff -u -p -u -r1.122 kern_prot.c
--- kern/kern_prot.c 23 May 2020 23:42:43 -0000 1.122
+++ kern/kern_prot.c 18 Sep 2021 21:46:11 -0000
@@ -326,7 +326,7 @@ do_setresuid(struct lwp *l, uid_t r, uid
&& !((flags & ID_S_EQ_S) && sv == kauth_cred_getsvuid(cred)))) {
int error;
- error = kauth_authorize_process(cred, KAUTH_PROCESS_SETID,
+ error = kauth_authorize_process(p, cred, KAUTH_PROCESS_SETID,
p, NULL, NULL, NULL);
if (error != 0) {
proc_crmod_leave(cred, ncred, false);
@@ -407,7 +407,7 @@ do_setresgid(struct lwp *l, gid_t r, gid
&& !((flags & ID_S_EQ_S) && sv == kauth_cred_getsvgid(cred)))) {
int error;
- error = kauth_authorize_process(cred, KAUTH_PROCESS_SETID,
+ error = kauth_authorize_process(p, cred, KAUTH_PROCESS_SETID,
p, NULL, NULL, NULL);
if (error != 0) {
proc_crmod_leave(cred, ncred, false);
@@ -617,7 +617,7 @@ sys___setlogin(struct lwp *l, const stru
char newname[sizeof sp->s_login + 1];
int error;
- if ((error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_SETID,
+ if ((error = kauth_authorize_process(p, l->l_cred, KAUTH_PROCESS_SETID,
p, NULL, NULL, NULL)) != 0)
return (error);
error = copyinstr(SCARG(uap, namebuf), newname, sizeof newname, NULL);
Index: kern/kern_reboot.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_reboot.c,v
retrieving revision 1.4
diff -u -p -u -r1.4 kern_reboot.c
--- kern/kern_reboot.c 23 Feb 2020 22:56:41 -0000 1.4
+++ kern/kern_reboot.c 18 Sep 2021 21:46:11 -0000
@@ -84,8 +84,8 @@ sys_reboot(struct lwp *l, const struct s
int error;
char *bootstr, bs[128];
- if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_REBOOT,
- 0, NULL, NULL, NULL)) != 0)
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_REBOOT, 0, NULL, NULL, NULL)) != 0)
return (error);
/*
Index: kern/kern_resource.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_resource.c,v
retrieving revision 1.187
diff -u -p -u -r1.187 kern_resource.c
--- kern/kern_resource.c 23 May 2020 23:42:43 -0000 1.187
+++ kern/kern_resource.c 18 Sep 2021 21:46:11 -0000
@@ -308,7 +308,7 @@ donice(struct lwp *l, struct proc *chgp,
}
n += NZERO;
- if (kauth_authorize_process(cred, KAUTH_PROCESS_NICE, chgp,
+ if (kauth_authorize_process(l->l_proc, cred, KAUTH_PROCESS_NICE, chgp,
KAUTH_ARG(n), NULL, NULL)) {
return EACCES;
}
@@ -358,7 +358,8 @@ dosetrlimit(struct lwp *l, struct proc *
limp->rlim_max == alimp->rlim_max)
return 0;
- error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_RLIMIT,
+ error = kauth_authorize_process(l->l_proc, l->l_cred,
+ KAUTH_PROCESS_RLIMIT,
p, KAUTH_ARG(KAUTH_REQ_PROCESS_RLIMIT_SET), limp, KAUTH_ARG(which));
if (error)
return error;
@@ -880,7 +881,8 @@ sysctl_proc_paxflags(SYSCTLFN_ARGS)
return error;
/* XXX-elad */
- error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, p,
+ error = kauth_authorize_process(l->l_proc, l->l_cred,
+ KAUTH_PROCESS_CANSEE, p,
KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL);
if (error) {
rw_exit(&p->p_reflock);
@@ -926,7 +928,8 @@ sysctl_proc_corename(SYSCTLFN_ARGS)
return error;
/* XXX-elad */
- error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, p,
+ error = kauth_authorize_process(l->l_proc, l->l_cred,
+ KAUTH_PROCESS_CANSEE, p,
KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL);
if (error) {
rw_exit(&p->p_reflock);
@@ -937,7 +940,7 @@ sysctl_proc_corename(SYSCTLFN_ARGS)
if (oldp) {
/* Get case: copy the core name into the buffer. */
- error = kauth_authorize_process(l->l_cred,
+ error = kauth_authorize_process(l->l_proc, l->l_cred,
KAUTH_PROCESS_CORENAME, p,
KAUTH_ARG(KAUTH_REQ_PROCESS_CORENAME_GET), NULL, NULL);
if (error) {
@@ -962,7 +965,8 @@ sysctl_proc_corename(SYSCTLFN_ARGS)
* Set case. Check permission and then validate new core name.
* It must be either "core", "/core", or end in ".core".
*/
- error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CORENAME,
+ error = kauth_authorize_process(l->l_proc, l->l_cred,
+ KAUTH_PROCESS_CORENAME,
p, KAUTH_ARG(KAUTH_REQ_PROCESS_CORENAME_SET), cnbuf, NULL);
if (error) {
goto done;
@@ -1007,7 +1011,8 @@ sysctl_proc_stop(SYSCTLFN_ARGS)
return error;
/* XXX-elad */
- error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, p,
+ error = kauth_authorize_process(l->l_proc, l->l_cred,
+ KAUTH_PROCESS_CANSEE, p,
KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL);
if (error) {
goto out;
@@ -1039,7 +1044,8 @@ sysctl_proc_stop(SYSCTLFN_ARGS)
}
/* Check if caller can set the flags. */
- error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_STOPFLAG,
+ error = kauth_authorize_process(l->l_proc, l->l_cred,
+ KAUTH_PROCESS_STOPFLAG,
p, KAUTH_ARG(flag), NULL, NULL);
if (error) {
goto out;
@@ -1089,14 +1095,16 @@ sysctl_proc_plimit(SYSCTLFN_ARGS)
return error;
/* XXX-elad */
- error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, p,
+ error = kauth_authorize_process(l->l_proc, l->l_cred,
+ KAUTH_PROCESS_CANSEE, p,
KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL);
if (error)
goto out;
/* Check if caller can retrieve the limits. */
if (newp == NULL) {
- error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_RLIMIT,
+ error = kauth_authorize_process(l->l_proc, l->l_cred,
+ KAUTH_PROCESS_RLIMIT,
p, KAUTH_ARG(KAUTH_REQ_PROCESS_RLIMIT_GET), &alim,
KAUTH_ARG(which));
if (error)
Index: kern/kern_sig.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_sig.c,v
retrieving revision 1.397
diff -u -p -u -r1.397 kern_sig.c
--- kern/kern_sig.c 3 Apr 2021 11:19:11 -0000 1.397
+++ kern/kern_sig.c 18 Sep 2021 21:46:11 -0000
@@ -831,7 +831,7 @@ killpg1(struct lwp *l, ksiginfo_t *ksi,
(p->p_flag & PK_SYSTEM) != 0)
continue;
mutex_enter(p->p_lock);
- if (kauth_authorize_process(pc,
+ if (kauth_authorize_process(l->l_proc, pc,
KAUTH_PROCESS_SIGNAL, p, KAUTH_ARG(signo), NULL,
NULL) == 0) {
nfound++;
@@ -853,7 +853,8 @@ killpg1(struct lwp *l, ksiginfo_t *ksi,
if (p->p_pid <= 1 || p->p_flag & PK_SYSTEM)
continue;
mutex_enter(p->p_lock);
- if (kauth_authorize_process(pc, KAUTH_PROCESS_SIGNAL,
+ if (kauth_authorize_process(l->l_proc, pc,
+ KAUTH_PROCESS_SIGNAL,
p, KAUTH_ARG(signo), NULL, NULL) == 0) {
nfound++;
if (signo && P_ZOMBIE(p) == 0)
Index: kern/kern_sysctl.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_sysctl.c,v
retrieving revision 1.266
diff -u -p -u -r1.266 kern_sysctl.c
--- kern/kern_sysctl.c 27 Aug 2020 14:11:57 -0000 1.266
+++ kern/kern_sysctl.c 18 Sep 2021 21:46:11 -0000
@@ -545,7 +545,7 @@ sysctl_locate(struct lwp *l, const int *
* can anyone traverse this node or only root?
*/
if (l != NULL && (pnode->sysctl_flags & CTLFLAG_PRIVATE) &&
- (error = kauth_authorize_system(l->l_cred,
+ (error = kauth_authorize_system(l->l_proc, l->l_cred,
KAUTH_SYSTEM_SYSCTL, KAUTH_REQ_SYSTEM_SYSCTL_PRVT,
NULL, NULL, NULL)) != 0)
return (error);
@@ -740,8 +740,9 @@ sysctl_create(SYSCTLFN_ARGS)
*/
if (l != NULL) {
#ifndef SYSCTL_DISALLOW_CREATE
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_SYSCTL,
- KAUTH_REQ_SYSTEM_SYSCTL_ADD, NULL, NULL, NULL);
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_SYSCTL, KAUTH_REQ_SYSTEM_SYSCTL_ADD,
+ NULL, NULL, NULL);
if (error)
return (error);
if (!(rnode->sysctl_flags & CTLFLAG_READWRITE))
@@ -1285,8 +1286,9 @@ sysctl_destroy(SYSCTLFN_ARGS)
*/
if (l != NULL) {
#ifndef SYSCTL_DISALLOW_CREATE
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_SYSCTL,
- KAUTH_REQ_SYSTEM_SYSCTL_DELETE, NULL, NULL, NULL);
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_SYSCTL, KAUTH_REQ_SYSTEM_SYSCTL_DELETE,
+ NULL, NULL, NULL);
if (error)
return (error);
if (!(rnode->sysctl_flags & CTLFLAG_READWRITE))
@@ -1459,8 +1461,9 @@ sysctl_lookup(SYSCTLFN_ARGS)
* some nodes are private, so only root can look into them.
*/
if (l != NULL && (rnode->sysctl_flags & CTLFLAG_PRIVATE) &&
- (error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_SYSCTL,
- KAUTH_REQ_SYSTEM_SYSCTL_PRVT, NULL, NULL, NULL)) != 0) {
+ (error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_SYSCTL, KAUTH_REQ_SYSTEM_SYSCTL_PRVT,
+ NULL, NULL, NULL)) != 0) {
DPRINTF(("%s: private node\n", __func__));
return error;
}
@@ -1473,9 +1476,9 @@ sysctl_lookup(SYSCTLFN_ARGS)
*/
if (l != NULL && newp != NULL &&
!(rnode->sysctl_flags & CTLFLAG_ANYWRITE) &&
- (error = kauth_authorize_system(l->l_cred,
- KAUTH_SYSTEM_SYSCTL, KAUTH_REQ_SYSTEM_SYSCTL_MODIFY, NULL, NULL,
- NULL)) != 0) {
+ (error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_SYSCTL, KAUTH_REQ_SYSTEM_SYSCTL_MODIFY,
+ NULL, NULL, NULL)) != 0) {
DPRINTF(("%s: can't modify\n", __func__));
return error;
}
@@ -1739,10 +1742,10 @@ sysctl_describe(SYSCTLFN_ARGS)
*/
if (l != NULL) {
#ifndef SYSCTL_DISALLOW_CREATE
- error = kauth_authorize_system(l->l_cred,
- KAUTH_SYSTEM_SYSCTL,
- KAUTH_REQ_SYSTEM_SYSCTL_DESC, NULL,
- NULL, NULL);
+ error = kauth_authorize_system(l->l_proc,
+ l->l_cred, KAUTH_SYSTEM_SYSCTL,
+ KAUTH_REQ_SYSTEM_SYSCTL_DESC,
+ NULL, NULL, NULL);
if (error)
goto out;
#else /* SYSCTL_DISALLOW_CREATE */
@@ -1869,8 +1872,9 @@ sysctl_describe(SYSCTLFN_ARGS)
* don't describe "private" nodes to non-suser users
*/
if ((node[i].sysctl_flags & CTLFLAG_PRIVATE) && (l != NULL) &&
- !(kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_SYSCTL,
- KAUTH_REQ_SYSTEM_SYSCTL_PRVT, NULL, NULL, NULL)))
+ !kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_SYSCTL, KAUTH_REQ_SYSTEM_SYSCTL_PRVT,
+ NULL, NULL, NULL))
continue;
/*
Index: kern/kern_tc.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_tc.c,v
retrieving revision 1.62
diff -u -p -u -r1.62 kern_tc.c
--- kern/kern_tc.c 2 Jun 2021 21:34:58 -0000 1.62
+++ kern/kern_tc.c 18 Sep 2021 21:46:11 -0000
@@ -169,9 +169,9 @@ sysctl_kern_timecounter_hardware(SYSCTLF
strncmp(newname, tc->tc_name, sizeof(newname)) == 0)
return error;
- if (l != NULL && (error = kauth_authorize_system(l->l_cred,
- KAUTH_SYSTEM_TIME, KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS, newname,
- NULL, NULL)) != 0)
+ if (l != NULL && (error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_TIME, KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS,
+ newname, NULL, NULL)) != 0)
return error;
if (!cold)
Index: kern/kern_time.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_time.c,v
retrieving revision 1.211
diff -u -p -u -r1.211 kern_time.c
--- kern/kern_time.c 3 Apr 2021 12:57:21 -0000 1.211
+++ kern/kern_time.c 18 Sep 2021 21:46:11 -0000
@@ -197,9 +197,10 @@ settime1(struct proc *p, const struct ti
nanotime(&now);
timespecsub(ts, &now, &delta);
- if (check_kauth && kauth_authorize_system(kauth_cred_get(),
- KAUTH_SYSTEM_TIME, KAUTH_REQ_SYSTEM_TIME_SYSTEM, __UNCONST(ts),
- &delta, KAUTH_ARG(check_kauth ? false : true)) != 0) {
+ if (check_kauth && kauth_authorize_system(curproc, kauth_cred_get(),
+ KAUTH_SYSTEM_TIME, KAUTH_REQ_SYSTEM_TIME_SYSTEM,
+ __UNCONST(ts), &delta, KAUTH_ARG(check_kauth ? false : true)) != 0)
+ {
return (EPERM);
}
@@ -576,8 +577,9 @@ sys___adjtime50(struct lwp *l, const str
int error;
struct timeval atv, oldatv;
- if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_TIME,
- KAUTH_REQ_SYSTEM_TIME_ADJTIME, NULL, NULL, NULL)) != 0)
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_TIME, KAUTH_REQ_SYSTEM_TIME_ADJTIME,
+ NULL, NULL, NULL)) != 0)
return error;
if (SCARG(uap, delta)) {
Index: kern/subr_interrupt.c
===================================================================
RCS file: /cvsroot/src/sys/kern/subr_interrupt.c,v
retrieving revision 1.4
diff -u -p -u -r1.4 subr_interrupt.c
--- kern/subr_interrupt.c 28 Jan 2018 22:24:58 -0000 1.4
+++ kern/subr_interrupt.c 18 Sep 2021 21:46:11 -0000
@@ -334,7 +334,7 @@ interrupt_set_affinity_sysctl(SYSCTLFN_A
kcpuset_t *kcpuset;
int error;
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_INTR,
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_INTR,
KAUTH_REQ_SYSTEM_INTR_AFFINITY, NULL, NULL, NULL);
if (error)
return EPERM;
@@ -376,7 +376,7 @@ interrupt_intr_sysctl(SYSCTLFN_ARGS)
int error;
u_int cpu_idx;
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_CPU,
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_CPU,
KAUTH_REQ_SYSTEM_CPU_SETSTATE, NULL, NULL, NULL);
if (error)
return EPERM;
@@ -422,7 +422,7 @@ interrupt_nointr_sysctl(SYSCTLFN_ARGS)
int error;
u_int cpu_idx;
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_CPU,
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_CPU,
KAUTH_REQ_SYSTEM_CPU_SETSTATE, NULL, NULL, NULL);
if (error)
return EPERM;
Index: kern/subr_time.c
===================================================================
RCS file: /cvsroot/src/sys/kern/subr_time.c,v
retrieving revision 1.30
diff -u -p -u -r1.30 subr_time.c
--- kern/subr_time.c 18 Mar 2021 14:05:37 -0000 1.30
+++ kern/subr_time.c 18 Sep 2021 21:46:11 -0000
@@ -278,7 +278,7 @@ clock_gettime1(clockid_t clock_id, struc
mutex_exit(&proc_lock);
// XXX: Perhaps create a special kauth type
- error = kauth_authorize_process(curlwp->l_cred,
+ error = kauth_authorize_process(curproc, kauth_cred_get(),
KAUTH_PROCESS_PTRACE, p,
KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL);
if (error)
Index: kern/sys_module.c
===================================================================
RCS file: /cvsroot/src/sys/kern/sys_module.c,v
retrieving revision 1.29
diff -u -p -u -r1.29 sys_module.c
--- kern/sys_module.c 1 Mar 2019 11:06:57 -0000 1.29
+++ kern/sys_module.c 18 Sep 2021 21:46:11 -0000
@@ -132,7 +132,8 @@ handle_modctl_stat(struct iovec *iov, vo
bool stataddr;
/* If not privileged, don't expose kernel addresses. */
- error = kauth_authorize_process(kauth_cred_get(), KAUTH_PROCESS_CANSEE,
+ error = kauth_authorize_process(curproc, kauth_cred_get(),
+ KAUTH_PROCESS_CANSEE,
curproc, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_KPTR), NULL, NULL);
stataddr = (error == 0);
@@ -309,10 +310,9 @@ sys_modctl(struct lwp *l, const struct s
switch (loadtype) { /* 0 = modload, 1 = autoload */
case 0: /* FALLTHROUGH */
case 1:
- error = kauth_authorize_system(kauth_cred_get(),
- KAUTH_SYSTEM_MODULE, 0,
- (void *)(uintptr_t)MODCTL_LOAD,
- (void *)loadtype, NULL);
+ error = kauth_authorize_system(curproc,
+ kauth_cred_get(), KAUTH_SYSTEM_MODULE, 0,
+ KAUTH_ARG(MODCTL_LOAD), KAUTH_ARG(loadtype), NULL);
break;
default:
error = EINVAL;
Index: kern/sys_mqueue.c
===================================================================
RCS file: /cvsroot/src/sys/kern/sys_mqueue.c,v
retrieving revision 1.48
diff -u -p -u -r1.48 sys_mqueue.c
--- kern/sys_mqueue.c 23 May 2020 23:42:43 -0000 1.48
+++ kern/sys_mqueue.c 18 Sep 2021 21:46:11 -0000
@@ -1095,8 +1095,8 @@ sys_mq_unlink(struct lwp *l, const struc
KASSERT(mutex_owned(&mq->mq_mtx));
/* Verify permissions. */
- if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MQUEUE, 0, mq,
- NULL, NULL)) {
+ if (kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_MQUEUE, 0,
+ mq, NULL, NULL)) {
mutex_exit(&mq->mq_mtx);
error = EACCES;
goto err;
Index: kern/sys_pset.c
===================================================================
RCS file: /cvsroot/src/sys/kern/sys_pset.c,v
retrieving revision 1.24
diff -u -p -u -r1.24 sys_pset.c
--- kern/sys_pset.c 23 May 2020 23:42:43 -0000 1.24
+++ kern/sys_pset.c 18 Sep 2021 21:46:11 -0000
@@ -261,7 +261,7 @@ sys_pset_create(struct lwp *l, const str
int error;
/* Available only for super-user */
- if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_PSET,
+ if (kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_PSET,
KAUTH_REQ_SYSTEM_PSET_CREATE, NULL, NULL, NULL))
return EPERM;
@@ -285,7 +285,7 @@ sys_pset_destroy(struct lwp *l, const st
} */
/* Available only for super-user */
- if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_PSET,
+ if (kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_PSET,
KAUTH_REQ_SYSTEM_PSET_DESTROY,
KAUTH_ARG(SCARG(uap, psid)), NULL, NULL))
return EPERM;
@@ -310,9 +310,9 @@ sys_pset_assign(struct lwp *l, const str
int error = 0, nnone = 0;
/* Available only for super-user, except the case of PS_QUERY */
- if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_PSET,
- KAUTH_REQ_SYSTEM_PSET_ASSIGN, KAUTH_ARG(SCARG(uap, psid)), NULL,
- NULL))
+ if (kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_PSET,
+ KAUTH_REQ_SYSTEM_PSET_ASSIGN,
+ KAUTH_ARG(SCARG(uap, psid)), NULL, NULL))
return EPERM;
/* Find the target CPU */
@@ -431,9 +431,9 @@ sys__pset_bind(struct lwp *l, const stru
psid = SCARG(uap, psid);
/* Available only for super-user, except the case of PS_QUERY */
- if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_PSET,
- KAUTH_REQ_SYSTEM_PSET_BIND, KAUTH_ARG(SCARG(uap, psid)), NULL,
- NULL))
+ if (kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_PSET,
+ KAUTH_REQ_SYSTEM_PSET_BIND, KAUTH_ARG(SCARG(uap, psid)),
+ NULL, NULL))
return EPERM;
mutex_enter(&cpu_lock);
Index: kern/sys_ptrace_common.c
===================================================================
RCS file: /cvsroot/src/sys/kern/sys_ptrace_common.c,v
retrieving revision 1.92
diff -u -p -u -r1.92 sys_ptrace_common.c
--- kern/sys_ptrace_common.c 9 Aug 2021 20:49:10 -0000 1.92
+++ kern/sys_ptrace_common.c 18 Sep 2021 21:46:11 -0000
@@ -311,7 +311,8 @@ ptrace_find(struct lwp *l, int req, pid_
/* XXX-elad */
mutex_enter(t->p_lock);
- int error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE,
+ int error = kauth_authorize_process(l->l_proc, l->l_cred,
+ KAUTH_PROCESS_CANSEE,
t, KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL);
if (error) {
mutex_exit(t->p_lock);
@@ -1105,7 +1106,7 @@ do_ptrace(struct ptrace_methods *ptm, st
if ((error = ptrace_allowed(l, req, t, p, &locked)) != 0)
goto out;
- if ((error = kauth_authorize_process(l->l_cred,
+ if ((error = kauth_authorize_process(l->l_proc, l->l_cred,
KAUTH_PROCESS_PTRACE, t, KAUTH_ARG(req), NULL, NULL)) != 0)
goto out;
Index: kern/sys_sched.c
===================================================================
RCS file: /cvsroot/src/sys/kern/sys_sched.c,v
retrieving revision 1.49
diff -u -p -u -r1.49 sys_sched.c
--- kern/sys_sched.c 23 May 2020 23:42:43 -0000 1.49
+++ kern/sys_sched.c 18 Sep 2021 21:46:11 -0000
@@ -174,7 +174,7 @@ do_sched_setparam(pid_t pid, lwpid_t lid
kpri = convert_pri(t, lpolicy, pri);
/* Check the permission */
- error = kauth_authorize_process(kauth_cred_get(),
+ error = kauth_authorize_process(curproc, kauth_cred_get(),
KAUTH_PROCESS_SCHEDULER_SETPARAM, p, t, KAUTH_ARG(lpolicy),
KAUTH_ARG(kpri));
if (error) {
@@ -239,7 +239,7 @@ do_sched_getparam(pid_t pid, lwpid_t lid
return ESRCH;
/* Check the permission */
- error = kauth_authorize_process(kauth_cred_get(),
+ error = kauth_authorize_process(curproc, kauth_cred_get(),
KAUTH_PROCESS_SCHEDULER_GETPARAM, t->l_proc, NULL, NULL, NULL);
if (error != 0) {
mutex_exit(t->l_proc->p_lock);
@@ -425,7 +425,7 @@ sys__sched_setaffinity(struct lwp *l,
/*
* Check the permission.
*/
- error = kauth_authorize_process(l->l_cred,
+ error = kauth_authorize_process(curproc, l->l_cred,
KAUTH_PROCESS_SCHEDULER_SETAFFINITY, p, NULL, NULL, NULL);
if (error != 0) {
mutex_exit(p->p_lock);
@@ -515,7 +515,7 @@ sys__sched_getaffinity(struct lwp *l,
goto out;
}
/* Check the permission */
- if (kauth_authorize_process(l->l_cred,
+ if (kauth_authorize_process(l->l_proc, l->l_cred,
KAUTH_PROCESS_SCHEDULER_GETAFFINITY, t->l_proc, NULL, NULL, NULL)) {
mutex_exit(t->l_proc->p_lock);
error = EPERM;
Index: kern/sys_sig.c
===================================================================
RCS file: /cvsroot/src/sys/kern/sys_sig.c,v
retrieving revision 1.51
diff -u -p -u -r1.51 sys_sig.c
--- kern/sys_sig.c 23 May 2020 23:42:43 -0000 1.51
+++ kern/sys_sig.c 18 Sep 2021 21:46:11 -0000
@@ -255,7 +255,7 @@ kill1(struct lwp *l, pid_t pid, ksiginfo
return p ? 0 : ESRCH;
}
mutex_enter(p->p_lock);
- error = kauth_authorize_process(l->l_cred,
+ error = kauth_authorize_process(l->l_proc, l->l_cred,
KAUTH_PROCESS_SIGNAL, p, KAUTH_ARG(ksi->ksi_signo),
NULL, NULL);
if (!error && ksi->ksi_signo) {
Index: kern/sysv_ipc.c
===================================================================
RCS file: /cvsroot/src/sys/kern/sysv_ipc.c,v
retrieving revision 1.41
diff -u -p -u -r1.41 sysv_ipc.c
--- kern/sysv_ipc.c 21 Feb 2020 00:26:22 -0000 1.41
+++ kern/sysv_ipc.c 18 Sep 2021 21:46:11 -0000
@@ -317,8 +317,9 @@ ipcperm(kauth_cred_t cred, struct ipc_pe
{
int error;
- error = kauth_authorize_system(cred, KAUTH_SYSTEM_SYSVIPC,
- KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS, perm, KAUTH_ARG(mode), NULL);
+ error = kauth_authorize_system(curproc, cred, KAUTH_SYSTEM_SYSVIPC,
+ KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS, perm, KAUTH_ARG(mode),
+ NULL);
if (error == 0)
return (0);
Index: kern/sysv_msg.c
===================================================================
RCS file: /cvsroot/src/sys/kern/sysv_msg.c,v
retrieving revision 1.76
diff -u -p -u -r1.76 sysv_msg.c
--- kern/sysv_msg.c 4 Oct 2019 23:20:22 -0000 1.76
+++ kern/sysv_msg.c 18 Sep 2021 21:46:11 -0000
@@ -536,7 +536,8 @@ msgctl1(struct lwp *l, int msqid, int cm
if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_M)))
break;
if (msqbuf->msg_qbytes > msqptr->msg_qbytes &&
- kauth_authorize_system(cred, KAUTH_SYSTEM_SYSVIPC,
+ kauth_authorize_system(l->l_proc, cred,
+ KAUTH_SYSTEM_SYSVIPC,
KAUTH_REQ_SYSTEM_SYSVIPC_MSGQ_OVERSIZE,
KAUTH_ARG(msqbuf->msg_qbytes),
KAUTH_ARG(msqptr->msg_qbytes), NULL) != 0) {
Index: kern/sysv_shm.c
===================================================================
RCS file: /cvsroot/src/sys/kern/sysv_shm.c,v
retrieving revision 1.141
diff -u -p -u -r1.141 sysv_shm.c
--- kern/sysv_shm.c 9 Oct 2019 17:47:13 -0000 1.141
+++ kern/sysv_shm.c 18 Sep 2021 21:46:11 -0000
@@ -565,10 +565,11 @@ shmctl1(struct lwp *l, int shmid, int cm
break;
case SHM_LOCK:
case SHM_UNLOCK:
- if ((error = kauth_authorize_system(cred,
+ if ((error = kauth_authorize_system(l->l_proc, cred,
KAUTH_SYSTEM_SYSVIPC,
(cmd == SHM_LOCK) ? KAUTH_REQ_SYSTEM_SYSVIPC_SHM_LOCK :
- KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK, NULL, NULL, NULL)) != 0)
+ KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK,
+ NULL, NULL, NULL)) != 0)
break;
error = shm_memlock(shmseg, shmid, cmd);
break;
Index: kern/tty.c
===================================================================
RCS file: /cvsroot/src/sys/kern/tty.c,v
retrieving revision 1.295
diff -u -p -u -r1.295 tty.c
--- kern/tty.c 11 Dec 2020 03:00:09 -0000 1.295
+++ kern/tty.c 18 Sep 2021 21:46:11 -0000
@@ -1241,7 +1241,7 @@ ttioctl(struct tty *tp, u_long cmd, void
mutex_spin_exit(&tty_lock);
break;
case TIOCSTI: /* simulate terminal input */
- if ((error = kauth_authorize_device_tty(l->l_cred,
+ if ((error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_STI, tp)) != 0) {
if (!ISSET(flag, FREAD))
return EPERM;
Index: kern/tty_pty.c
===================================================================
RCS file: /cvsroot/src/sys/kern/tty_pty.c,v
retrieving revision 1.146
diff -u -p -u -r1.146 tty_pty.c
--- kern/tty_pty.c 11 Dec 2020 03:00:09 -0000 1.146
+++ kern/tty_pty.c 18 Sep 2021 21:46:12 -0000
@@ -389,8 +389,8 @@ ptsopen(dev_t dev, int flag, int devtype
tp->t_cflag = TTYDEF_CFLAG;
tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
ttsetwater(tp); /* would be done in xxparam() */
- } else if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN,
- tp) != 0) {
+ } else if (kauth_authorize_device_tty(l->l_proc, l->l_cred,
+ KAUTH_DEVICE_TTY_OPEN, tp) != 0) {
mutex_spin_exit(&tty_lock);
return EBUSY;
}
Index: kern/uipc_domain.c
===================================================================
RCS file: /cvsroot/src/sys/kern/uipc_domain.c,v
retrieving revision 1.108
diff -u -p -u -r1.108 uipc_domain.c
--- kern/uipc_domain.c 6 Nov 2020 14:50:13 -0000 1.108
+++ kern/uipc_domain.c 18 Sep 2021 21:46:12 -0000
@@ -599,7 +599,8 @@ sysctl_unpcblist(SYSCTLFN_ARGS)
continue;
if (so->so_proto->pr_domain->dom_family != pf)
continue;
- if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_SOCKET,
+ if (kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_SOCKET,
KAUTH_REQ_NETWORK_SOCKET_CANSEE, so, NULL, NULL) != 0)
continue;
if (len >= elem_size && elem_count > 0) {
Index: kern/uipc_sem.c
===================================================================
RCS file: /cvsroot/src/sys/kern/uipc_sem.c,v
retrieving revision 1.60
diff -u -p -u -r1.60 uipc_sem.c
--- kern/uipc_sem.c 14 Dec 2020 23:12:12 -0000 1.60
+++ kern/uipc_sem.c 18 Sep 2021 21:46:12 -0000
@@ -306,7 +306,8 @@ ksem_perm(lwp_t *l, ksem_t *ks)
KASSERT(mutex_owned(&ks->ks_lock));
- if (kauth_authorize_system(uc, KAUTH_SYSTEM_SEMAPHORE, 0, ks, NULL, NULL) != 0)
+ if (kauth_authorize_system(l->l_proc, uc, KAUTH_SYSTEM_SEMAPHORE, 0,
+ ks, NULL, NULL) != 0)
return EACCES;
return 0;
Index: kern/uipc_socket.c
===================================================================
RCS file: /cvsroot/src/sys/kern/uipc_socket.c,v
retrieving revision 1.295
diff -u -p -u -r1.295 uipc_socket.c
--- kern/uipc_socket.c 3 Aug 2021 20:27:08 -0000 1.295
+++ kern/uipc_socket.c 18 Sep 2021 21:46:12 -0000
@@ -494,7 +494,8 @@ socreate(int dom, struct socket **aso, i
int error;
kmutex_t *lock;
- error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_SOCKET,
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_SOCKET,
KAUTH_REQ_NETWORK_SOCKET_OPEN, KAUTH_ARG(dom), KAUTH_ARG(type),
KAUTH_ARG(proto));
if (error != 0)
Index: kern/vfs_cache.c
===================================================================
RCS file: /cvsroot/src/sys/kern/vfs_cache.c,v
retrieving revision 1.150
diff -u -p -u -r1.150 vfs_cache.c
--- kern/vfs_cache.c 21 Jul 2021 06:35:45 -0000 1.150
+++ kern/vfs_cache.c 18 Sep 2021 21:46:12 -0000
@@ -701,7 +701,8 @@ cache_lookup_linked(struct vnode *dvp, c
return false;
}
KASSERT(dvi->vi_nc_uid != VNOVAL && dvi->vi_nc_gid != VNOVAL);
- error = kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(VEXEC,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_ACCESS_ACTION(VEXEC,
dvp->v_type, dvi->vi_nc_mode & ALLPERMS), dvp, NULL,
genfs_can_access(dvp, cred, dvi->vi_nc_uid, dvi->vi_nc_gid,
dvi->vi_nc_mode & ALLPERMS, NULL, VEXEC));
@@ -796,7 +797,7 @@ cache_revlookup(struct vnode *vp, struct
return -1;
}
KASSERT(vi->vi_nc_uid != VNOVAL && vi->vi_nc_gid != VNOVAL);
- error = kauth_authorize_vnode(curlwp->l_cred,
+ error = kauth_authorize_vnode(curproc, kauth_cred_get(),
KAUTH_ACCESS_ACTION(VEXEC, vp->v_type, vi->vi_nc_mode &
ALLPERMS), vp, NULL, genfs_can_access(vp, curlwp->l_cred,
vi->vi_nc_uid, vi->vi_nc_gid, vi->vi_nc_mode & ALLPERMS,
Index: kern/vfs_mount.c
===================================================================
RCS file: /cvsroot/src/sys/kern/vfs_mount.c,v
retrieving revision 1.86
diff -u -p -u -r1.86 vfs_mount.c
--- kern/vfs_mount.c 16 Feb 2021 09:56:32 -0000 1.86
+++ kern/vfs_mount.c 18 Sep 2021 21:46:12 -0000
@@ -734,7 +734,7 @@ mount_domount(struct lwp *l, vnode_t **v
struct nameidata nd;
int error, error2;
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_NEW, vp, KAUTH_ARG(flags), data);
if (error) {
vfs_delref(vfsops);
Index: kern/vfs_syscalls.c
===================================================================
RCS file: /cvsroot/src/sys/kern/vfs_syscalls.c,v
retrieving revision 1.552
diff -u -p -u -r1.552 vfs_syscalls.c
--- kern/vfs_syscalls.c 11 Sep 2021 10:08:55 -0000 1.552
+++ kern/vfs_syscalls.c 18 Sep 2021 21:46:12 -0000
@@ -287,8 +287,9 @@ mount_update(struct lwp *l, struct vnode
goto out;
}
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
- KAUTH_REQ_SYSTEM_MOUNT_UPDATE, mp, KAUTH_ARG(flags), data);
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_MOUNT,
+ KAUTH_REQ_SYSTEM_MOUNT_UPDATE, mp, KAUTH_ARG(flags),
+ data);
if (error)
goto out;
@@ -434,7 +435,7 @@ mount_getargs(struct lwp *l, struct vnod
mp = vp->v_mount;
/* XXX: probably some notion of "can see" here if we want isolation. */
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_GET, mp, data, NULL);
if (error)
return error;
@@ -604,7 +605,7 @@ sys_unmount(struct lwp *l, const struct
vfs_ref(mp);
VOP_UNLOCK(vp);
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT, mp, NULL, NULL);
if (error) {
vrele(vp);
@@ -1470,7 +1471,8 @@ sys_fchroot(struct lwp *l, const struct
file_t *fp;
int error, fd = SCARG(uap, fd);
- if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_CHROOT,
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_CHROOT,
KAUTH_REQ_SYSTEM_CHROOT_FCHROOT, NULL, NULL, NULL)) != 0)
return error;
/* fd_getvnode() will use the descriptor for us */
@@ -1532,7 +1534,8 @@ sys_chroot(struct lwp *l, const struct s
int error;
struct vnode *vp;
- if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_CHROOT,
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_CHROOT,
KAUTH_REQ_SYSTEM_CHROOT_CHROOT, NULL, NULL, NULL)) != 0)
return (error);
@@ -1979,8 +1982,8 @@ sys___getfh30(struct lwp *l, const struc
/*
* Must be super user
*/
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FILEHANDLE,
- 0, NULL, NULL, NULL);
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FILEHANDLE, 0, NULL, NULL, NULL);
if (error)
return (error);
@@ -2047,8 +2050,8 @@ dofhopen(struct lwp *l, const void *ufhp
/*
* Must be super user
*/
- if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FILEHANDLE,
- 0, NULL, NULL, NULL)))
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FILEHANDLE, 0, NULL, NULL, NULL)))
return (error);
if (oflags & O_SEARCH) {
@@ -2142,8 +2145,8 @@ do_fhstat(struct lwp *l, const void *ufh
/*
* Must be super user
*/
- if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FILEHANDLE,
- 0, NULL, NULL, NULL)))
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FILEHANDLE, 0, NULL, NULL, NULL)))
return (error);
error = vfs_copyinfh_alloc(ufhp, fhsize, &fh);
@@ -2191,8 +2194,8 @@ do_fhstatvfs(struct lwp *l, const void *
/*
* Must be super user
*/
- if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FILEHANDLE,
- 0, NULL, NULL, NULL)))
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FILEHANDLE, 0, NULL, NULL, NULL)))
return error;
error = vfs_copyinfh_alloc(ufhp, fhsize, &fh);
@@ -2302,8 +2305,8 @@ do_sys_mknodat(struct lwp *l, int fdat,
struct nameidata nd;
const char *pathstring;
- if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MKNOD,
- 0, NULL, NULL, NULL)) != 0)
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_MKNOD, 0, NULL, NULL, NULL)) != 0)
return (error);
optype = VOP_MKNOD_DESCOFFSET;
@@ -3744,12 +3747,12 @@ change_owner(struct vnode *vp, uid_t uid
* group-id settings intact in that case.
*/
if (vattr.va_mode & S_ISUID) {
- if (kauth_authorize_vnode(l->l_cred,
+ if (kauth_authorize_vnode(l->l_proc, l->l_cred,
KAUTH_VNODE_RETAIN_SUID, vp, NULL, EPERM) != 0)
newmode &= ~S_ISUID;
}
if (vattr.va_mode & S_ISGID) {
- if (kauth_authorize_vnode(l->l_cred,
+ if (kauth_authorize_vnode(l->l_proc, l->l_cred,
KAUTH_VNODE_RETAIN_SGID, vp, NULL, EPERM) != 0)
newmode &= ~S_ISGID;
}
@@ -4761,8 +4764,8 @@ dorevoke(struct vnode *vp, kauth_cred_t
if (error != 0)
return error;
fs_decision = (kauth_cred_geteuid(cred) == vattr.va_uid) ? 0 : EPERM;
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_REVOKE, vp, NULL,
- fs_decision);
+ error = kauth_authorize_vnode(curproc, cred, KAUTH_VNODE_REVOKE, vp,
+ NULL, fs_decision);
if (!error)
VOP_REVOKE(vp, REVOKEALL);
return (error);
Index: kern/vfs_xattr.c
===================================================================
RCS file: /cvsroot/src/sys/kern/vfs_xattr.c,v
retrieving revision 1.36
diff -u -p -u -r1.36 vfs_xattr.c
--- kern/vfs_xattr.c 27 Jun 2021 09:13:08 -0000 1.36
+++ kern/vfs_xattr.c 18 Sep 2021 21:46:12 -0000
@@ -115,7 +115,8 @@ extattr_check_cred(struct vnode *vp, int
if (cred == NOCRED)
return (0);
- return kauth_authorize_vnode(cred, kauth_extattr_action(access), vp,
+ return kauth_authorize_vnode(curproc, cred,
+ kauth_extattr_action(access), vp,
NULL, genfs_can_extattr(vp, cred, access, attrspace));
}
Index: miscfs/genfs/genfs_rename.c
===================================================================
RCS file: /cvsroot/src/sys/miscfs/genfs/genfs_rename.c,v
retrieving revision 1.5
diff -u -p -u -r1.5 genfs_rename.c
--- miscfs/genfs/genfs_rename.c 5 Sep 2020 02:47:03 -0000 1.5
+++ miscfs/genfs/genfs_rename.c 18 Sep 2021 21:46:12 -0000
@@ -351,10 +351,10 @@ genfs_sane_rename(const struct genfs_ren
if (error)
goto out;
error = ops->gro_rename_check_permitted(mp, cred, fdvp, fvp, tdvp, tvp);
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_DELETE, fvp, fdvp,
- error);
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_RENAME, tvp, tdvp,
- error);
+ error = kauth_authorize_vnode(curproc, cred, KAUTH_VNODE_DELETE, fvp,
+ fdvp, error);
+ error = kauth_authorize_vnode(curproc, cred, KAUTH_VNODE_RENAME, tvp,
+ tdvp, error);
if (error)
goto out;
@@ -1024,8 +1024,8 @@ genfs_rename_remove(const struct genfs_r
return error;
error = ops->gro_remove_check_permitted(mp, cred, dvp, vp);
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_DELETE, vp, dvp,
- error);
+ error = kauth_authorize_vnode(curproc, cred, KAUTH_VNODE_DELETE, vp,
+ dvp, error);
if (error)
return error;
Index: miscfs/genfs/genfs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/miscfs/genfs/genfs_vnops.c,v
retrieving revision 1.211
diff -u -p -u -r1.211 genfs_vnops.c
--- miscfs/genfs/genfs_vnops.c 29 Jun 2021 22:34:08 -0000 1.211
+++ miscfs/genfs/genfs_vnops.c 18 Sep 2021 21:46:12 -0000
@@ -1430,8 +1430,8 @@ genfs_can_extattr(vnode_t *vp, kauth_cre
switch (attrnamespace) {
case EXTATTR_NAMESPACE_SYSTEM:
- return kauth_authorize_system(cred, KAUTH_SYSTEM_FS_EXTATTR,
- 0, vp->v_mount, NULL, NULL);
+ return kauth_authorize_system(curproc, cred,
+ KAUTH_SYSTEM_FS_EXTATTR, 0, vp->v_mount, NULL, NULL);
case EXTATTR_NAMESPACE_USER:
return VOP_ACCESS(vp, accmode, cred);
default:
Index: miscfs/kernfs/kernfs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/miscfs/kernfs/kernfs_vnops.c,v
retrieving revision 1.172
diff -u -p -u -r1.172 kernfs_vnops.c
--- miscfs/kernfs/kernfs_vnops.c 19 Jul 2021 01:33:53 -0000 1.172
+++ miscfs/kernfs/kernfs_vnops.c 18 Sep 2021 21:46:12 -0000
@@ -608,7 +608,7 @@ kernfs_access(void *v)
if ((error = VOP_GETATTR(ap->a_vp, &va, ap->a_cred)) != 0)
return (error);
- return kauth_authorize_vnode(ap->a_cred,
+ return kauth_authorize_vnode(curproc, ap->a_cred,
KAUTH_ACCESS_ACTION(ap->a_accmode, ap->a_vp->v_type, va.va_mode),
ap->a_vp, NULL, genfs_can_access(ap->a_vp, ap->a_cred,
va.va_uid, va.va_gid, va.va_mode, NULL, ap->a_accmode));
Index: miscfs/procfs/procfs_subr.c
===================================================================
RCS file: /cvsroot/src/sys/miscfs/procfs/procfs_subr.c,v
retrieving revision 1.116
diff -u -p -u -r1.116 procfs_subr.c
--- miscfs/procfs/procfs_subr.c 23 May 2020 23:42:43 -0000 1.116
+++ miscfs/procfs/procfs_subr.c 18 Sep 2021 21:46:12 -0000
@@ -165,8 +165,8 @@ procfs_rw(void *v)
#define M2K(m) ((m) == UIO_READ ? KAUTH_REQ_PROCESS_PROCFS_READ : \
KAUTH_REQ_PROCESS_PROCFS_WRITE)
mutex_enter(p->p_lock);
- error = kauth_authorize_process(curl->l_cred, KAUTH_PROCESS_PROCFS,
- p, pfs, KAUTH_ARG(M2K(uio->uio_rw)), NULL);
+ error = kauth_authorize_process(curl->l_proc, curl->l_cred,
+ KAUTH_PROCESS_PROCFS, p, pfs, KAUTH_ARG(M2K(uio->uio_rw)), NULL);
mutex_exit(p->p_lock);
if (error) {
procfs_proc_unlock(p);
Index: miscfs/procfs/procfs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/miscfs/procfs/procfs_vnops.c,v
retrieving revision 1.218
diff -u -p -u -r1.218 procfs_vnops.c
--- miscfs/procfs/procfs_vnops.c 18 Jul 2021 23:57:14 -0000 1.218
+++ miscfs/procfs/procfs_vnops.c 18 Sep 2021 21:46:12 -0000
@@ -314,7 +314,8 @@ procfs_open(void *v)
KAUTH_REQ_PROCESS_PROCFS_READ)
mutex_enter(p2->p_lock);
- error = kauth_authorize_process(l1->l_cred, KAUTH_PROCESS_PROCFS,
+ error = kauth_authorize_process(l1->l_proc, l1->l_cred,
+ KAUTH_PROCESS_PROCFS,
p2, pfs, KAUTH_ARG(M2K(ap->a_mode)), NULL);
mutex_exit(p2->p_lock);
if (error) {
@@ -664,7 +665,7 @@ procfs_getattr(void *v)
if (procp != NULL) {
mutex_enter(procp->p_lock);
- error = kauth_authorize_process(kauth_cred_get(),
+ error = kauth_authorize_process(curproc, kauth_cred_get(),
KAUTH_PROCESS_CANSEE, procp,
KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL);
mutex_exit(procp->p_lock);
@@ -956,7 +957,7 @@ procfs_access(void *v)
if ((error = VOP_GETATTR(ap->a_vp, &va, ap->a_cred)) != 0)
return (error);
- return kauth_authorize_vnode(ap->a_cred,
+ return kauth_authorize_vnode(curproc, ap->a_cred,
KAUTH_ACCESS_ACTION(ap->a_accmode, ap->a_vp->v_type, va.va_mode),
ap->a_vp, NULL, genfs_can_access(ap->a_vp, ap->a_cred,
va.va_uid, va.va_gid, va.va_mode, NULL, ap->a_accmode));
@@ -1226,7 +1227,7 @@ procfs_root_readdir_callback(struct proc
return 0;
}
- if (kauth_authorize_process(kauth_cred_get(),
+ if (kauth_authorize_process(curproc, kauth_cred_get(),
KAUTH_PROCESS_CANSEE, p,
KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL) != 0)
return 0;
@@ -1363,7 +1364,7 @@ procfs_readdir(void *v)
return error;
/* XXX Should this be by file as well? */
- if (kauth_authorize_process(kauth_cred_get(),
+ if (kauth_authorize_process(curproc, kauth_cred_get(),
KAUTH_PROCESS_CANSEE, p,
KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_OPENFILES), NULL,
NULL) != 0) {
Index: miscfs/specfs/spec_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/miscfs/specfs/spec_vnops.c,v
retrieving revision 1.183
diff -u -p -u -r1.183 spec_vnops.c
--- miscfs/specfs/spec_vnops.c 18 Jul 2021 23:57:14 -0000 1.183
+++ miscfs/specfs/spec_vnops.c 18 Sep 2021 21:46:12 -0000
@@ -538,7 +538,8 @@ spec_open(void *v)
switch (vp->v_type) {
case VCHR:
- error = kauth_authorize_device_spec(ap->a_cred, req, vp);
+ error = kauth_authorize_device_spec(curproc,
+ ap->a_cred, req, vp);
if (error != 0)
return (error);
@@ -584,7 +585,8 @@ spec_open(void *v)
break;
case VBLK:
- error = kauth_authorize_device_spec(ap->a_cred, req, vp);
+ error = kauth_authorize_device_spec(curproc,
+ ap->a_cred, req, vp);
if (error != 0)
return (error);
Index: miscfs/umapfs/umap_vfsops.c
===================================================================
RCS file: /cvsroot/src/sys/miscfs/umapfs/umap_vfsops.c,v
retrieving revision 1.103
diff -u -p -u -r1.103 umap_vfsops.c
--- miscfs/umapfs/umap_vfsops.c 13 Apr 2020 19:23:19 -0000 1.103
+++ miscfs/umapfs/umap_vfsops.c 18 Sep 2021 21:46:12 -0000
@@ -102,7 +102,7 @@ umapfs_mount(struct mount *mp, const cha
}
/* only for root */
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_UMAP, NULL, NULL, NULL);
if (error)
return error;
Index: net/bpf.c
===================================================================
RCS file: /cvsroot/src/sys/net/bpf.c,v
retrieving revision 1.242
diff -u -p -u -r1.242 bpf.c
--- net/bpf.c 16 Sep 2021 22:19:11 -0000 1.242
+++ net/bpf.c 18 Sep 2021 21:46:12 -0000
@@ -2408,7 +2408,8 @@ sysctl_net_bpf_peers(SYSCTLFN_ARGS)
return (EINVAL);
/* BPF peers is privileged information. */
- error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE,
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, NULL, NULL, NULL);
if (error)
return (EPERM);
Index: net/if.c
===================================================================
RCS file: /cvsroot/src/sys/net/if.c,v
retrieving revision 1.488
diff -u -p -u -r1.488 if.c
--- net/if.c 16 Sep 2021 20:17:47 -0000 1.488
+++ net/if.c 18 Sep 2021 21:46:12 -0000
@@ -3163,7 +3163,7 @@ ifioctl_common(struct ifnet *ifp, u_long
ifp->if_mtu = ifr->ifr_mtu;
return ENETRESET;
case SIOCSIFDESCR:
- error = kauth_authorize_network(curlwp->l_cred,
+ error = kauth_authorize_network(curproc, kauth_cred_get(),
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
NULL);
@@ -3232,7 +3232,7 @@ ifaddrpref_ioctl(struct socket *so, u_lo
switch (cmd) {
case SIOCSIFADDRPREF:
- error = kauth_authorize_network(curlwp->l_cred,
+ error = kauth_authorize_network(curproc, kauth_cred_get(),
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
NULL);
@@ -3346,7 +3346,7 @@ doifioctl(struct socket *so, u_long cmd,
bound = curlwp_bind();
if (l != NULL) {
ifp = if_get(ifr->ifr_name, &psref);
- error = kauth_authorize_network(l->l_cred,
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp,
KAUTH_ARG(cmd), NULL);
@@ -3411,7 +3411,7 @@ doifioctl(struct socket *so, u_long cmd,
case SIOCS80211CHANNEL:
case SIOCSLINKSTR:
if (l != NULL) {
- error = kauth_authorize_network(l->l_cred,
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp,
KAUTH_ARG(cmd), NULL);
Index: net/if_bridge.c
===================================================================
RCS file: /cvsroot/src/sys/net/if_bridge.c,v
retrieving revision 1.181
diff -u -p -u -r1.181 if_bridge.c
--- net/if_bridge.c 2 Jul 2021 03:30:46 -0000 1.181
+++ net/if_bridge.c 18 Sep 2021 21:46:12 -0000
@@ -541,7 +541,7 @@ bridge_ioctl(struct ifnet *ifp, u_long c
if ((bc->bc_flags & BC_F_SUSER) == 0)
break;
- error = kauth_authorize_network(l->l_cred,
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_INTERFACE_BRIDGE,
cmd == SIOCGDRVSPEC ?
KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV :
Index: net/if_gre.c
===================================================================
RCS file: /cvsroot/src/sys/net/if_gre.c,v
retrieving revision 1.180
diff -u -p -u -r1.180 if_gre.c
--- net/if_gre.c 14 Feb 2021 19:33:29 -0000 1.180
+++ net/if_gre.c 18 Sep 2021 21:46:12 -0000
@@ -1195,7 +1195,7 @@ gre_ioctl(struct ifnet *ifp, const u_lon
case GRESADDRS:
case GRESSOCK:
case GREDSOCK:
- if (kauth_authorize_network(curlwp->l_cred,
+ if (kauth_authorize_network(curproc, kauth_cred_get(),
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
NULL) != 0)
Index: net/if_ppp.c
===================================================================
RCS file: /cvsroot/src/sys/net/if_ppp.c,v
retrieving revision 1.167
diff -u -p -u -r1.167 if_ppp.c
--- net/if_ppp.c 29 Jan 2020 04:28:27 -0000 1.167
+++ net/if_ppp.c 18 Sep 2021 21:46:12 -0000
@@ -511,16 +511,18 @@ pppioctl(struct ppp_softc *sc, u_long cm
case PPPIOCSMAXCID:
case PPPIOCSCOMPRESS:
case PPPIOCSNPMODE:
- if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE,
- KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, &sc->sc_if,
- KAUTH_ARG(cmd), NULL) != 0)
+ if (kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_INTERFACE,
+ KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, &sc->sc_if,
+ KAUTH_ARG(cmd), NULL) != 0)
return (EPERM);
break;
case PPPIOCXFERUNIT:
/* XXX: Why is this privileged?! */
- if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE,
- KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, &sc->sc_if,
- KAUTH_ARG(cmd), NULL) != 0)
+ if (kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_INTERFACE,
+ KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, &sc->sc_if,
+ KAUTH_ARG(cmd), NULL) != 0)
return (EPERM);
break;
default:
Index: net/if_pppoe.c
===================================================================
RCS file: /cvsroot/src/sys/net/if_pppoe.c,v
retrieving revision 1.177
diff -u -p -u -r1.177 if_pppoe.c
--- net/if_pppoe.c 16 Jun 2021 00:21:19 -0000 1.177
+++ net/if_pppoe.c 18 Sep 2021 21:46:12 -0000
@@ -1306,7 +1306,8 @@ pppoe_ioctl(struct ifnet *ifp, unsigned
case PPPOESETPARMS:
{
struct pppoediscparms *parms = (struct pppoediscparms*)data;
- if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE,
+ if (kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
NULL) != 0)
return EPERM;
Index: net/if_sl.c
===================================================================
RCS file: /cvsroot/src/sys/net/if_sl.c,v
retrieving revision 1.132
diff -u -p -u -r1.132 if_sl.c
--- net/if_sl.c 29 Jan 2020 04:28:27 -0000 1.132
+++ net/if_sl.c 18 Sep 2021 21:46:12 -0000
@@ -327,7 +327,8 @@ slopen(dev_t dev, struct tty *tp)
struct sl_softc *sc;
int error;
- error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE_SLIP,
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_INTERFACE_SLIP,
KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD, NULL, NULL, NULL);
if (error)
return error;
Index: net/if_spppsubr.c
===================================================================
RCS file: /cvsroot/src/sys/net/if_spppsubr.c,v
retrieving revision 1.258
diff -u -p -u -r1.258 if_spppsubr.c
--- net/if_spppsubr.c 2 Jun 2021 00:47:59 -0000 1.258
+++ net/if_spppsubr.c 18 Sep 2021 21:46:12 -0000
@@ -1335,7 +1335,7 @@ sppp_ioctl(struct ifnet *ifp, u_long cmd
case __SPPPSETIDLETO50:
case __SPPPSETKEEPALIVE50:
#endif /* COMPAT_50 || MODULAR */
- error = kauth_authorize_network(l->l_cred,
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
NULL);
@@ -1348,7 +1348,7 @@ sppp_ioctl(struct ifnet *ifp, u_long cmd
case SPPPGETLCPCFG:
case SPPPGETNCPCFG:
case SPPPGETAUTHFAILURES:
- error = kauth_authorize_network(l->l_cred,
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, (void *)cmd,
NULL);
Index: net/if_tun.c
===================================================================
RCS file: /cvsroot/src/sys/net/if_tun.c,v
retrieving revision 1.162
diff -u -p -u -r1.162 if_tun.c
--- net/if_tun.c 18 Dec 2020 01:31:49 -0000 1.162
+++ net/if_tun.c 18 Sep 2021 21:46:12 -0000
@@ -324,7 +324,8 @@ tunopen(dev_t dev, int flag, int mode, s
struct tun_softc *tp;
int error;
- error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE_TUN,
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_INTERFACE_TUN,
KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD, NULL, NULL, NULL);
if (error)
return error;
Index: net/if_vlan.c
===================================================================
RCS file: /cvsroot/src/sys/net/if_vlan.c,v
retrieving revision 1.161
diff -u -p -u -r1.161 if_vlan.c
--- net/if_vlan.c 17 Jul 2021 15:37:04 -0000 1.161
+++ net/if_vlan.c 18 Sep 2021 21:46:12 -0000
@@ -992,7 +992,7 @@ vlan_ioctl(struct ifnet *ifp, u_long cmd
break;
case SIOCSETVLAN:
- if ((error = kauth_authorize_network(l->l_cred,
+ if ((error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
NULL)) != 0)
Index: net/ppp_tty.c
===================================================================
RCS file: /cvsroot/src/sys/net/ppp_tty.c,v
retrieving revision 1.67
diff -u -p -u -r1.67 ppp_tty.c
--- net/ppp_tty.c 29 Jan 2020 04:28:27 -0000 1.67
+++ net/ppp_tty.c 18 Sep 2021 21:46:12 -0000
@@ -193,7 +193,8 @@ pppopen(dev_t dev, struct tty *tp)
struct ppp_softc *sc;
int error, s;
- error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE_PPP,
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_INTERFACE_PPP,
KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD, NULL, NULL, NULL);
if (error)
return (error);
@@ -443,7 +444,7 @@ ppptioctl(struct tty *tp, u_long cmd, vo
break;
case PPPIOCSASYNCMAP:
- if ((error = kauth_authorize_device_tty(l->l_cred,
+ if ((error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp)) != 0)
break;
sc->sc_asyncmap[0] = *(u_int *)data;
@@ -454,7 +455,7 @@ ppptioctl(struct tty *tp, u_long cmd, vo
break;
case PPPIOCSRASYNCMAP:
- if ((error = kauth_authorize_device_tty(l->l_cred,
+ if ((error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp)) != 0)
break;
sc->sc_rasyncmap = *(u_int *)data;
@@ -465,7 +466,7 @@ ppptioctl(struct tty *tp, u_long cmd, vo
break;
case PPPIOCSXASYNCMAP:
- if ((error = kauth_authorize_device_tty(l->l_cred,
+ if ((error = kauth_authorize_device_tty(l->l_proc, l->l_cred,
KAUTH_DEVICE_TTY_PRIVSET, tp)) != 0)
break;
s = spltty();
Index: net/rtsock_shared.c
===================================================================
RCS file: /cvsroot/src/sys/net/rtsock_shared.c,v
retrieving revision 1.19
diff -u -p -u -r1.19 rtsock_shared.c
--- net/rtsock_shared.c 26 Jun 2020 15:53:59 -0000 1.19
+++ net/rtsock_shared.c 18 Sep 2021 21:46:12 -0000
@@ -711,7 +711,7 @@ COMPATNAME(route_output)(struct mbuf *m,
* Verify that the socket has the appropriate privilege; RTM_GET
* is the only operation the non-superuser is allowed.
*/
- if (kauth_authorize_network(so->so_cred, KAUTH_NETWORK_ROUTE,
+ if (kauth_authorize_network(curproc, so->so_cred, KAUTH_NETWORK_ROUTE,
0, rtm, NULL, NULL) != 0)
senderr(EACCES);
Index: net/agr/if_agr.c
===================================================================
RCS file: /cvsroot/src/sys/net/agr/if_agr.c,v
retrieving revision 1.52
diff -u -p -u -r1.52 if_agr.c
--- net/agr/if_agr.c 2 Aug 2021 12:56:25 -0000 1.52
+++ net/agr/if_agr.c 18 Sep 2021 21:46:12 -0000
@@ -1061,7 +1061,7 @@ agr_ioctl(struct ifnet *ifp, const u_lon
case SIOCSETAGR:
splx(s);
- error = kauth_authorize_network(kauth_cred_get(),
+ error = kauth_authorize_network(curproc, kauth_cred_get(),
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
NULL);
Index: net/npf/npf_os.c
===================================================================
RCS file: /cvsroot/src/sys/net/npf/npf_os.c,v
retrieving revision 1.21
diff -u -p -u -r1.21 npf_os.c
--- net/npf/npf_os.c 27 Jan 2021 17:39:13 -0000 1.21
+++ net/npf/npf_os.c 18 Sep 2021 21:46:12 -0000
@@ -205,7 +205,8 @@ static int
npf_dev_open(dev_t dev, int flag, int mode, lwp_t *l)
{
/* Available only for super-user. */
- if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_FIREWALL,
+ if (kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_FIREWALL,
KAUTH_REQ_NETWORK_FIREWALL_FW, NULL, NULL, NULL)) {
return EPERM;
}
@@ -259,7 +260,8 @@ npf_dev_ioctl(dev_t dev, u_long cmd, voi
int error;
/* Available only for super-user. */
- if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_FIREWALL,
+ if (kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_FIREWALL,
KAUTH_REQ_NETWORK_FIREWALL_FW, NULL, NULL, NULL)) {
return EPERM;
}
Index: net80211/ieee80211_ioctl.c
===================================================================
RCS file: /cvsroot/src/sys/net80211/ieee80211_ioctl.c,v
retrieving revision 1.68
diff -u -p -u -r1.68 ieee80211_ioctl.c
--- net80211/ieee80211_ioctl.c 24 Jul 2021 21:31:38 -0000 1.68
+++ net80211/ieee80211_ioctl.c 18 Sep 2021 21:46:12 -0000
@@ -367,7 +367,7 @@ ieee80211_cfgget(struct ieee80211com *ic
case WI_RID_DEFLT_CRYPT_KEYS:
keys = (struct wi_ltv_keys *)wreq;
/* do not show keys to non-root user */
- error = kauth_authorize_network(curlwp->l_cred,
+ error = kauth_authorize_network(curproc, kauth_cred_get(),
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp,
NULL, NULL);
@@ -904,7 +904,8 @@ ieee80211_ioctl_getkey(struct ieee80211c
ik.ik_flags = wk->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV);
if (wk->wk_keyix == ic->ic_def_txkey)
ik.ik_flags |= IEEE80211_KEY_DEFAULT;
- if (kauth_authorize_network(curlwp->l_cred, KAUTH_NETWORK_INTERFACE,
+ if (kauth_authorize_network(curproc, kauth_cred_get(),
+ KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ic->ic_ifp, NULL, NULL) == 0) {
/* NB: only root can read key data */
ik.ik_keyrsc = wk->wk_keyrsc;
@@ -1357,7 +1358,7 @@ ieee80211_ioctl_get80211_fbsd(struct iee
return EINVAL;
len = (u_int) ic->ic_nw_keys[kid].wk_keylen;
/* NB: only root can read WEP keys */
- if (kauth_authorize_network(curlwp->l_cred,
+ if (kauth_authorize_network(curproc, kauth_cred_get(),
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, NULL,
NULL) == 0) {
@@ -2582,7 +2583,7 @@ ieee80211_ioctl(struct ieee80211com *ic,
(struct ieee80211req *) data);
break;
case SIOCS80211:
- if ((error = kauth_authorize_network(curlwp->l_cred,
+ if ((error = kauth_authorize_network(curproc, kauth_cred_get(),
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
NULL)) != 0)
@@ -2722,7 +2723,8 @@ ieee80211_ioctl(struct ieee80211com *ic,
if (nwkey->i_key[i].i_keydat == NULL)
continue;
/* do not show any keys to non-root user */
- if ((error = kauth_authorize_network(curlwp->l_cred,
+ if ((error = kauth_authorize_network(curproc,
+ kauth_cred_get(),
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp,
(void *)cmd, NULL)) != 0)
@@ -2836,7 +2838,7 @@ ieee80211_ioctl(struct ieee80211com *ic,
error = ieee80211_cfgget(ic, cmd, data);
break;
case SIOCSIFGENERIC:
- error = kauth_authorize_network(curlwp->l_cred,
+ error = kauth_authorize_network(curproc, kauth_cred_get(),
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
NULL);
Index: netatalk/at_control.c
===================================================================
RCS file: /cvsroot/src/sys/netatalk/at_control.c,v
retrieving revision 1.41
diff -u -p -u -r1.41 at_control.c
--- netatalk/at_control.c 2 Aug 2021 12:56:25 -0000 1.41
+++ netatalk/at_control.c 18 Sep 2021 21:46:13 -0000
@@ -127,7 +127,7 @@ at_control(u_long cmd, void *data, struc
* If we are not superuser, then we don't get to do these
* ops.
*/
- if (kauth_authorize_network(curlwp->l_cred,
+ if (kauth_authorize_network(curproc, kauth_cred_get(),
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
NULL) != 0)
Index: netatalk/ddp_usrreq.c
===================================================================
RCS file: /cvsroot/src/sys/netatalk/ddp_usrreq.c,v
retrieving revision 1.74
diff -u -p -u -r1.74 ddp_usrreq.c
--- netatalk/ddp_usrreq.c 29 Nov 2019 17:40:16 -0000 1.74
+++ netatalk/ddp_usrreq.c 18 Sep 2021 21:46:13 -0000
@@ -120,7 +120,8 @@ at_pcbsetaddr(struct ddpcb *ddp, struct
return (EINVAL);
if (sat->sat_port < ATPORT_RESERVED &&
- (error = kauth_authorize_network(curlwp->l_cred,
+ (error = kauth_authorize_network(curproc,
+ kauth_cred_get(),
KAUTH_NETWORK_BIND, KAUTH_REQ_NETWORK_BIND_PRIVPORT,
ddpcb->ddp_socket, sat, NULL)) != 0)
return (error);
Index: netbt/hci_ioctl.c
===================================================================
RCS file: /cvsroot/src/sys/netbt/hci_ioctl.c,v
retrieving revision 1.14
diff -u -p -u -r1.14 hci_ioctl.c
--- netbt/hci_ioctl.c 3 Feb 2019 03:19:28 -0000 1.14
+++ netbt/hci_ioctl.c 18 Sep 2021 21:46:13 -0000
@@ -227,7 +227,7 @@ hci_ioctl_pcb(unsigned long cmd, void *d
break;
case SIOCSBTFLAGS: /* set unit flags (privileged) */
- err = kauth_authorize_device(curlwp->l_cred,
+ err = kauth_authorize_device(curproc, kauth_cred_get(),
KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd),
btr, NULL);
if (err)
@@ -255,7 +255,7 @@ hci_ioctl_pcb(unsigned long cmd, void *d
break;
case SIOCSBTPOLICY: /* set unit link policy (privileged) */
- err = kauth_authorize_device(curlwp->l_cred,
+ err = kauth_authorize_device(curproc, kauth_cred_get(),
KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd),
btr, NULL);
if (err)
@@ -267,7 +267,7 @@ hci_ioctl_pcb(unsigned long cmd, void *d
break;
case SIOCSBTPTYPE: /* set unit packet types (privileged) */
- err = kauth_authorize_device(curlwp->l_cred,
+ err = kauth_authorize_device(curproc, kauth_cred_get(),
KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd),
btr, NULL);
if (err)
@@ -283,7 +283,7 @@ hci_ioctl_pcb(unsigned long cmd, void *d
break;
case SIOCZBTSTATS: /* get & reset unit statistics */
- err = kauth_authorize_device(curlwp->l_cred,
+ err = kauth_authorize_device(curproc, kauth_cred_get(),
KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd),
btr, NULL);
if (err)
@@ -299,7 +299,7 @@ hci_ioctl_pcb(unsigned long cmd, void *d
* sent to USB bluetooth controllers that are not an
* integer number of frame sizes, the USB bus locks up.
*/
- err = kauth_authorize_device(curlwp->l_cred,
+ err = kauth_authorize_device(curproc, kauth_cred_get(),
KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd),
btr, NULL);
if (err)
Index: netbt/hci_socket.c
===================================================================
RCS file: /cvsroot/src/sys/netbt/hci_socket.c,v
retrieving revision 1.47
diff -u -p -u -r1.47 hci_socket.c
--- netbt/hci_socket.c 28 Sep 2019 07:10:55 -0000 1.47
+++ netbt/hci_socket.c 18 Sep 2021 21:46:13 -0000
@@ -651,7 +651,7 @@ hci_send(struct socket *so, struct mbuf
/* security checks for unprivileged users */
if (pcb->hp_cred != NULL
- && kauth_authorize_device(pcb->hp_cred,
+ && kauth_authorize_device(l->l_proc, pcb->hp_cred,
KAUTH_DEVICE_BLUETOOTH_SEND,
unit, &hdr, NULL, NULL) != 0) {
err = EPERM;
@@ -865,7 +865,7 @@ hci_mtap(struct mbuf *m, struct hci_unit
}
if (pcb->hp_cred != NULL
- && kauth_authorize_device(pcb->hp_cred,
+ && kauth_authorize_device(curproc, pcb->hp_cred,
KAUTH_DEVICE_BLUETOOTH_RECV,
KAUTH_ARG(type), KAUTH_ARG(arg1), NULL, NULL) != 0)
continue;
Index: netcan/can.c
===================================================================
RCS file: /cvsroot/src/sys/netcan/can.c,v
retrieving revision 1.9
diff -u -p -u -r1.9 can.c
--- netcan/can.c 29 Jan 2020 05:20:26 -0000 1.9
+++ netcan/can.c 18 Sep 2021 21:46:13 -0000
@@ -132,7 +132,7 @@ can_set_netlink(struct ifnet *ifp, struc
if (ifp->if_dlt != DLT_CAN_SOCKETCAN || csc == NULL)
return EOPNOTSUPP;
- error = kauth_authorize_network(curlwp->l_cred,
+ error = kauth_authorize_network(curproc, kauth_cred_get(),
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp,
(void *)SIOCSDRVSPEC, NULL);
Index: netinet/in.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/in.c,v
retrieving revision 1.241
diff -u -p -u -r1.241 in.c
--- netinet/in.c 29 Sep 2020 19:33:36 -0000 1.241
+++ netinet/in.c 18 Sep 2021 21:46:13 -0000
@@ -521,7 +521,8 @@ in_control0(struct socket *so, u_long cm
goto out;
}
- if (kauth_authorize_network(curlwp->l_cred, KAUTH_NETWORK_INTERFACE,
+ if (kauth_authorize_network(curproc, kauth_cred_get(),
+ KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
NULL) != 0) {
error = EPERM;
@@ -565,7 +566,8 @@ in_control0(struct socket *so, u_long cm
break;
case SIOCSIFBRDADDR:
- if (kauth_authorize_network(curlwp->l_cred, KAUTH_NETWORK_INTERFACE,
+ if (kauth_authorize_network(curproc, kauth_cred_get(),
+ KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
NULL) != 0) {
error = EPERM;
Index: netinet/in_pcb.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/in_pcb.c,v
retrieving revision 1.185
diff -u -p -u -r1.185 in_pcb.c
--- netinet/in_pcb.c 8 Sep 2020 14:12:57 -0000 1.185
+++ netinet/in_pcb.c 18 Sep 2021 21:46:13 -0000
@@ -252,8 +252,8 @@ in_pcbsetport(struct sockaddr_in *sin, s
}
/* XXX-kauth: KAUTH_REQ_NETWORK_BIND_AUTOASSIGN_{,PRIV}PORT */
- error = kauth_authorize_network(cred, KAUTH_NETWORK_BIND, req, so, sin,
- NULL);
+ error = kauth_authorize_network(curproc, cred, KAUTH_NETWORK_BIND,
+ req, so, sin, NULL);
if (error)
return (EACCES);
@@ -366,8 +366,8 @@ in_pcbbind_port(struct inpcb *inp, struc
#endif /* !IPNOPRIVPORTS */
req = KAUTH_REQ_NETWORK_BIND_PORT;
- error = kauth_authorize_network(cred, KAUTH_NETWORK_BIND, req,
- so, sin, NULL);
+ error = kauth_authorize_network(curproc, cred,
+ KAUTH_NETWORK_BIND, req, so, sin, NULL);
if (error)
return (EACCES);
Index: netinet/ip_carp.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/ip_carp.c,v
retrieving revision 1.115
diff -u -p -u -r1.115 ip_carp.c
--- netinet/ip_carp.c 16 Jun 2021 00:21:19 -0000 1.115
+++ netinet/ip_carp.c 18 Sep 2021 21:46:13 -0000
@@ -2067,7 +2067,7 @@ carp_ioctl(struct ifnet *ifp, u_long cmd
case SIOCSVH:
if (l == NULL)
break;
- if ((error = kauth_authorize_network(l->l_cred,
+ if ((error = kauth_authorize_network(l->l_proc, l->l_cred,
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
NULL)) != 0)
@@ -2145,8 +2145,8 @@ carp_ioctl(struct ifnet *ifp, u_long cmd
carpr.carpr_advbase = sc->sc_advbase;
carpr.carpr_advskew = sc->sc_advskew;
- if ((l != NULL) && (error = kauth_authorize_network(l->l_cred,
- KAUTH_NETWORK_INTERFACE,
+ if ((l != NULL) && (error = kauth_authorize_network(l->l_proc,
+ l->l_cred, KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
NULL)) == 0)
memcpy(carpr.carpr_key, sc->sc_key,
Index: netinet/ip_input.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/ip_input.c,v
retrieving revision 1.401
diff -u -p -u -r1.401 ip_input.c
--- netinet/ip_input.c 8 Mar 2021 18:03:25 -0000 1.401
+++ netinet/ip_input.c 18 Sep 2021 21:46:13 -0000
@@ -1565,8 +1565,8 @@ sysctl_net_inet_ip_forwsrcrt(SYSCTLFN_AR
if (error || newp == NULL)
return (error);
- error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_FORWSRCRT,
- 0, NULL, NULL, NULL);
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_FORWSRCRT, 0, NULL, NULL, NULL);
if (error)
return (error);
Index: netinet/ip_output.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/ip_output.c,v
retrieving revision 1.320
diff -u -p -u -r1.320 ip_output.c
--- netinet/ip_output.c 8 Sep 2020 14:12:57 -0000 1.320
+++ netinet/ip_output.c 18 Sep 2021 21:46:13 -0000
@@ -1171,7 +1171,7 @@ ip_ctloutput(int op, struct socket *so,
break;
case IP_BINDANY:
- error = kauth_authorize_network(
+ error = kauth_authorize_network(curproc,
kauth_cred_get(), KAUTH_NETWORK_BIND,
KAUTH_REQ_NETWORK_BIND_ANYADDR, so,
NULL, NULL);
Index: netinet/portalgo.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/portalgo.c,v
retrieving revision 1.11
diff -u -p -u -r1.11 portalgo.c
--- netinet/portalgo.c 11 Jan 2017 13:08:29 -0000 1.11
+++ netinet/portalgo.c 18 Sep 2021 21:46:13 -0000
@@ -287,7 +287,7 @@ check_suitable_port(uint16_t port, struc
req = KAUTH_REQ_NETWORK_BIND_PORT;
sin.sin_port = port;
- error = kauth_authorize_network(cred,
+ error = kauth_authorize_network(curproc, cred,
KAUTH_NETWORK_BIND,
req, inp->inp_socket, &sin, NULL);
DPRINTF("%s kauth_authorize_network returned %d\n",
@@ -355,7 +355,7 @@ check_suitable_port(uint16_t port, struc
}
sin6.sin6_port = port;
- error = kauth_authorize_network(cred,
+ error = kauth_authorize_network(curproc, cred,
KAUTH_NETWORK_BIND, req, so, &sin6, NULL);
if (error) {
/* Secmodel says no. Keep looking. */
@@ -900,9 +900,9 @@ sysctl_portalgo_selected(SYSCTLFN_ARGS,
return error;
#ifdef KAUTH_NETWORK_SOCKET_PORT_RANDOMIZE
- if (l != NULL && (error = kauth_authorize_system(l->l_cred,
- KAUTH_NETWORK_SOCKET, KAUTH_NETWORK_SOCKET_PORT_RANDOMIZE, newname,
- NULL, NULL)) != 0)
+ if (l != NULL && (error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_SOCKET, KAUTH_NETWORK_SOCKET_PORT_RANDOMIZE,
+ l->l_proc, newname, NULL, NULL)) != 0)
return error;
#endif
@@ -930,9 +930,9 @@ sysctl_portalgo_reserve(SYSCTLFN_ARGS, b
return error;
#ifdef KAUTH_NETWORK_SOCKET_PORT_RESERVE
- if (l != NULL && (error = kauth_authorize_system(l->l_cred,
- KAUTH_NETWORK_SOCKET, KAUTH_NETWORK_SOCKET_PORT_RESERVE, bt,
- NULL, NULL)) != 0)
+ if (l != NULL && (error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_SOCKET, KAUTH_NETWORK_SOCKET_PORT_RESERVE,
+ l->l_proc, bt, NULL, NULL)) != 0)
return error;
#endif
return error;
Index: netinet/sctp_pcb.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/sctp_pcb.c,v
retrieving revision 1.21
diff -u -p -u -r1.21 sctp_pcb.c
--- netinet/sctp_pcb.c 30 Apr 2020 03:30:10 -0000 1.21
+++ netinet/sctp_pcb.c 18 Sep 2021 21:46:13 -0000
@@ -1716,8 +1716,8 @@ sctp_inpcb_bind(struct socket *so, struc
else
req = KAUTH_REQ_NETWORK_BIND_PORT;
- error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_BIND,
- req, so, addr, NULL);
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_BIND, req, so, addr, NULL);
if (error) {
SCTP_INP_DECR_REF(inp);
SCTP_INP_WUNLOCK(inp);
Index: netinet/tcp_usrreq.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/tcp_usrreq.c,v
retrieving revision 1.230
diff -u -p -u -r1.230 tcp_usrreq.c
--- netinet/tcp_usrreq.c 4 Aug 2021 08:47:10 -0000 1.230
+++ netinet/tcp_usrreq.c 18 Sep 2021 21:46:13 -0000
@@ -1546,7 +1546,8 @@ inet4_ident_core(struct in_addr raddr, u
(inp->inp_socket->so_options & SO_ACCEPTCONN) != 0)
return ESRCH;
- error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_SOCKET,
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_SOCKET,
KAUTH_REQ_NETWORK_SOCKET_DROP, inp->inp_socket, tp, NULL);
if (error)
return error;
@@ -1581,7 +1582,8 @@ inet6_ident_core(struct in6_addr *raddr,
(in6p->in6p_socket->so_options & SO_ACCEPTCONN) != 0)
return ESRCH;
- error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_SOCKET,
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_SOCKET,
KAUTH_REQ_NETWORK_SOCKET_DROP, in6p->in6p_socket, tp, NULL);
if (error)
return error;
@@ -1778,7 +1780,8 @@ sysctl_inpcblist(SYSCTLFN_ARGS)
if (inph->inph_af != pf)
continue;
- if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_SOCKET,
+ if (kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_SOCKET,
KAUTH_REQ_NETWORK_SOCKET_CANSEE, inph->inph_socket, NULL,
NULL) != 0)
continue;
Index: netinet6/in6.c
===================================================================
RCS file: /cvsroot/src/sys/netinet6/in6.c,v
retrieving revision 1.282
diff -u -p -u -r1.282 in6.c
--- netinet6/in6.c 29 Sep 2020 19:33:36 -0000 1.282
+++ netinet6/in6.c 18 Sep 2021 21:46:13 -0000
@@ -757,7 +757,7 @@ in6_control(struct socket *so, u_long cm
case SIOCAADDRCTL_POLICY:
case SIOCDADDRCTL_POLICY:
- if (kauth_authorize_network(curlwp->l_cred,
+ if (kauth_authorize_network(curproc, kauth_cred_get(),
KAUTH_NETWORK_SOCKET,
KAUTH_REQ_NETWORK_SOCKET_SETPRIV,
so, NULL, NULL))
Index: netinet6/in6_pcb.c
===================================================================
RCS file: /cvsroot/src/sys/netinet6/in6_pcb.c,v
retrieving revision 1.167
diff -u -p -u -r1.167 in6_pcb.c
--- netinet6/in6_pcb.c 8 Sep 2020 14:12:57 -0000 1.167
+++ netinet6/in6_pcb.c 18 Sep 2021 21:46:13 -0000
@@ -309,8 +309,8 @@ in6_pcbbind_port(struct in6pcb *in6p, st
#endif /* IPNOPRIVPORTS */
req = KAUTH_REQ_NETWORK_BIND_PORT;
- error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_BIND,
- req, so, sin6, NULL);
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_BIND, req, so, sin6, NULL);
if (error)
return (EACCES);
}
Index: netinet6/in6_src.c
===================================================================
RCS file: /cvsroot/src/sys/netinet6/in6_src.c,v
retrieving revision 1.88
diff -u -p -u -r1.88 in6_src.c
--- netinet6/in6_src.c 10 Aug 2021 06:29:56 -0000 1.88
+++ netinet6/in6_src.c 18 Sep 2021 21:46:13 -0000
@@ -862,8 +862,8 @@ in6_pcbsetport(struct sockaddr_in6 *sin6
}
/* XXX-kauth: KAUTH_REQ_NETWORK_BIND_AUTOASSIGN_{,PRIV}PORT */
- error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_BIND, req, so,
- sin6, NULL);
+ error = kauth_authorize_network(l->l_proc, l->l_cred,
+ KAUTH_NETWORK_BIND, req, so, sin6, NULL);
if (error)
return (EACCES);
Index: netinet6/ip6_output.c
===================================================================
RCS file: /cvsroot/src/sys/netinet6/ip6_output.c,v
retrieving revision 1.228
diff -u -p -u -r1.228 ip6_output.c
--- netinet6/ip6_output.c 17 Aug 2021 22:00:32 -0000 1.228
+++ netinet6/ip6_output.c 18 Sep 2021 21:46:13 -0000
@@ -1361,7 +1361,8 @@ ip6_ctloutput(int op, struct socket *so,
case IPV6_RECVHOPOPTS:
case IPV6_RECVDSTOPTS:
case IPV6_RECVRTHDRDSTOPTS:
- error = kauth_authorize_network(kauth_cred_get(),
+ error = kauth_authorize_network(curproc,
+ kauth_cred_get(),
KAUTH_NETWORK_IPV6, KAUTH_REQ_NETWORK_IPV6_HOPBYHOP,
NULL, NULL, NULL);
if (error)
@@ -1543,7 +1544,7 @@ else \
break;
case IPV6_BINDANY:
- error = kauth_authorize_network(
+ error = kauth_authorize_network(curproc,
kauth_cred_get(), KAUTH_NETWORK_BIND,
KAUTH_REQ_NETWORK_BIND_ANYADDR, so, NULL,
NULL);
@@ -1612,8 +1613,8 @@ else \
* Check super-user privilege.
* See comments for IPV6_RECVHOPOPTS.
*/
- error =
- kauth_authorize_network(kauth_cred_get(),
+ error = kauth_authorize_network(
+ curproc, kauth_cred_get(),
KAUTH_NETWORK_IPV6,
KAUTH_REQ_NETWORK_IPV6_HOPBYHOP, NULL,
NULL, NULL);
@@ -1622,8 +1623,8 @@ else \
OPTSET2292(IN6P_HOPOPTS);
break;
case IPV6_2292DSTOPTS:
- error =
- kauth_authorize_network(kauth_cred_get(),
+ error = kauth_authorize_network(
+ curproc, kauth_cred_get(),
KAUTH_NETWORK_IPV6,
KAUTH_REQ_NETWORK_IPV6_HOPBYHOP, NULL,
NULL, NULL);
@@ -2358,7 +2359,8 @@ ip6_get_membership(const struct sockopt
* all multicast addresses. Only super user is allowed
* to do this.
*/
- if (kauth_authorize_network(curlwp->l_cred, KAUTH_NETWORK_IPV6,
+ if (kauth_authorize_network(curproc, kauth_cred_get(),
+ KAUTH_NETWORK_IPV6,
KAUTH_REQ_NETWORK_IPV6_JOIN_MULTICAST, NULL, NULL, NULL))
return EACCES;
} else if (IN6_IS_ADDR_V4MAPPED(ia)) {
@@ -2973,7 +2975,8 @@ ip6_setpktopt(int optname, u_char *buf,
case IPV6_2292NEXTHOP:
#endif
case IPV6_NEXTHOP:
- error = kauth_authorize_network(cred, KAUTH_NETWORK_IPV6,
+ error = kauth_authorize_network(curproc, cred,
+ KAUTH_NETWORK_IPV6,
KAUTH_REQ_NETWORK_IPV6_HOPBYHOP, NULL, NULL, NULL);
if (error)
return (error);
@@ -3031,7 +3034,8 @@ ip6_setpktopt(int optname, u_char *buf,
* options, since per-option restriction has too much
* overhead.
*/
- error = kauth_authorize_network(cred, KAUTH_NETWORK_IPV6,
+ error = kauth_authorize_network(curproc, cred,
+ KAUTH_NETWORK_IPV6,
KAUTH_REQ_NETWORK_IPV6_HOPBYHOP, NULL, NULL, NULL);
if (error)
return (error);
@@ -3069,7 +3073,8 @@ ip6_setpktopt(int optname, u_char *buf,
int destlen;
/* XXX: see the comment for IPV6_HOPOPTS */
- error = kauth_authorize_network(cred, KAUTH_NETWORK_IPV6,
+ error = kauth_authorize_network(curproc, cred,
+ KAUTH_NETWORK_IPV6,
KAUTH_REQ_NETWORK_IPV6_HOPBYHOP, NULL, NULL, NULL);
if (error)
return (error);
Index: netinet6/raw_ip6.c
===================================================================
RCS file: /cvsroot/src/sys/netinet6/raw_ip6.c,v
retrieving revision 1.175
diff -u -p -u -r1.175 raw_ip6.c
--- netinet6/raw_ip6.c 25 Feb 2019 06:49:44 -0000 1.175
+++ netinet6/raw_ip6.c 18 Sep 2021 21:46:13 -0000
@@ -586,7 +586,7 @@ rip6_attach(struct socket *so, int proto
KASSERT(sotoin6pcb(so) == NULL);
sosetlock(so);
- error = kauth_authorize_network(curlwp->l_cred,
+ error = kauth_authorize_network(curproc, kauth_cred_get(),
KAUTH_NETWORK_SOCKET, KAUTH_REQ_NETWORK_SOCKET_RAWSOCK,
KAUTH_ARG(AF_INET6),
KAUTH_ARG(SOCK_RAW),
Index: netipsec/ipsec.c
===================================================================
RCS file: /cvsroot/src/sys/netipsec/ipsec.c,v
retrieving revision 1.172
diff -u -p -u -r1.172 ipsec.c
--- netipsec/ipsec.c 28 Aug 2020 06:20:44 -0000 1.172
+++ netipsec/ipsec.c 18 Sep 2021 21:46:13 -0000
@@ -1194,7 +1194,8 @@ ipsec_set_policy(void *inp, const void *
/* check privileged socket */
if (xpl->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
- error = kauth_authorize_network(cred, KAUTH_NETWORK_IPSEC,
+ error = kauth_authorize_network(curproc, cred,
+ KAUTH_NETWORK_IPSEC,
KAUTH_REQ_NETWORK_IPSEC_BYPASS, NULL, NULL, NULL);
if (error)
return error;
Index: nfs/nfs_clntsubs.c
===================================================================
RCS file: /cvsroot/src/sys/nfs/nfs_clntsubs.c,v
retrieving revision 1.4
diff -u -p -u -r1.4 nfs_clntsubs.c
--- nfs/nfs_clntsubs.c 23 Feb 2020 15:46:41 -0000 1.4
+++ nfs/nfs_clntsubs.c 18 Sep 2021 21:46:13 -0000
@@ -360,9 +360,20 @@ nfs_delayedtruncate(struct vnode *vp)
np->n_flag &= ~NTRUNCDELAYED;
genfs_node_wrlock(vp);
rw_enter(vp->v_uobj.vmobjlock, RW_WRITER);
+
+ /*
+ * This is disgusting but we can be called from VOP_UNLOCK
+ * where the interlock is sometimes held, and we want to
+ * make sure that it is unlocked when we call VOP_PUTPAGES
+ * and uvm_vnp_setsize.
+ */
+ int got = mutex_tryenter(vp->v_interlock);
+ mutex_exit(vp->v_interlock);
(void)VOP_PUTPAGES(vp, 0,
0, PGO_SYNCIO | PGO_CLEANIT | PGO_FREE | PGO_ALLPAGES);
uvm_vnp_setsize(vp, np->n_size);
+ if (!got)
+ mutex_enter(vp->v_interlock);
genfs_node_unlock(vp);
}
}
Index: nfs/nfs_export.c
===================================================================
RCS file: /cvsroot/src/sys/nfs/nfs_export.c,v
retrieving revision 1.63
diff -u -p -u -r1.63 nfs_export.c
--- nfs/nfs_export.c 4 Jun 2021 10:44:58 -0000 1.63
+++ nfs/nfs_export.c 18 Sep 2021 21:46:13 -0000
@@ -248,7 +248,7 @@ mountd_set_exports_list(const struct mou
struct vnode *vp;
size_t fid_size;
- if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_NFS,
+ if (kauth_authorize_network(l->l_proc, l->l_cred, KAUTH_NETWORK_NFS,
KAUTH_REQ_NETWORK_NFS_EXPORT, NULL, NULL, NULL) != 0)
return EPERM;
Index: nfs/nfs_serv.c
===================================================================
RCS file: /cvsroot/src/sys/nfs/nfs_serv.c,v
retrieving revision 1.182
diff -u -p -u -r1.182 nfs_serv.c
--- nfs/nfs_serv.c 16 Sep 2021 20:17:47 -0000 1.182
+++ nfs/nfs_serv.c 18 Sep 2021 21:46:13 -0000
@@ -1536,7 +1536,7 @@ nfsrv_create(struct nfsrv_descript *nfsd
if (va.va_type == VCHR && rdev == 0xffffffff)
va.va_type = VFIFO;
if (va.va_type != VFIFO &&
- (error = kauth_authorize_system(cred,
+ (error = kauth_authorize_system(NULL, cred,
KAUTH_SYSTEM_MKNOD, 0, NULL, NULL, NULL))) {
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
vput(nd.ni_dvp);
@@ -1748,7 +1748,7 @@ abort:
error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &va);
} else {
if (va.va_type != VFIFO &&
- (error = kauth_authorize_system(cred,
+ (error = kauth_authorize_system(NULL, cred,
KAUTH_SYSTEM_MKNOD, 0, NULL, NULL, NULL))) {
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
vput(nd.ni_dvp);
Index: nfs/nfs_syscalls.c
===================================================================
RCS file: /cvsroot/src/sys/nfs/nfs_syscalls.c,v
retrieving revision 1.163
diff -u -p -u -r1.163 nfs_syscalls.c
--- nfs/nfs_syscalls.c 4 Jun 2021 10:44:58 -0000 1.163
+++ nfs/nfs_syscalls.c 18 Sep 2021 21:46:13 -0000
@@ -298,7 +298,7 @@ do_nfssvc(struct nfssvc_copy_ops *ops, s
struct nfssvc_sock *slp;
struct nfsuid *nuidp;
- error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_NFS,
+ error = kauth_authorize_network(l->l_proc, l->l_cred, KAUTH_NETWORK_NFS,
KAUTH_REQ_NETWORK_NFS_SVC, NULL, NULL, NULL);
if (error)
return (error);
Index: nfs/nfs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/nfs/nfs_vnops.c,v
retrieving revision 1.320
diff -u -p -u -r1.320 nfs_vnops.c
--- nfs/nfs_vnops.c 18 Jul 2021 23:57:15 -0000 1.320
+++ nfs/nfs_vnops.c 18 Sep 2021 21:46:13 -0000
@@ -3331,7 +3331,7 @@ nfsspec_access(void *v)
}
}
- return kauth_authorize_vnode(ap->a_cred, KAUTH_ACCESS_ACTION(
+ return kauth_authorize_vnode(curproc, ap->a_cred, KAUTH_ACCESS_ACTION(
ap->a_accmode, va.va_type, va.va_mode), vp, NULL, genfs_can_access(
vp, ap->a_cred, va.va_uid, va.va_gid, va.va_mode, NULL,
ap->a_accmode));
Index: rump/librump/rumpvfs/rumpfs.c
===================================================================
RCS file: /cvsroot/src/sys/rump/librump/rumpvfs/rumpfs.c,v
retrieving revision 1.165
diff -u -p -u -r1.165 rumpfs.c
--- rump/librump/rumpvfs/rumpfs.c 18 Jul 2021 23:56:14 -0000 1.165
+++ rump/librump/rumpvfs/rumpfs.c 18 Sep 2021 21:46:13 -0000
@@ -847,7 +847,7 @@ rump_check_permitted(struct vnode *vp, s
{
struct vattr *attr = &rnode->rn_va;
- return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(accmode,
+ return kauth_authorize_vnode(curproc, cred, KAUTH_ACCESS_ACTION(accmode,
vp->v_type, attr->va_mode), vp, NULL, genfs_can_access(vp, cred,
attr->va_uid, attr->va_gid, attr->va_mode, NULL, accmode));
}
@@ -917,7 +917,8 @@ rump_vop_setattr(void *v)
CHANGED(va_ctime.tv_nsec, long) ||
CHANGED(va_mtime.tv_nsec, long) ||
CHANGED(va_birthtime.tv_nsec, long)) {
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_WRITE_TIMES, vp,
NULL, genfs_can_chtimes(vp, cred, attr->va_uid,
vap->va_vaflags));
if (error)
@@ -946,7 +947,8 @@ rump_vop_setattr(void *v)
if (CHANGED(va_flags, u_long)) {
/* XXX Can we handle system flags here...? */
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_FLAGS, vp,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_WRITE_FLAGS, vp,
NULL, genfs_can_chflags(vp, cred, attr->va_uid, false));
if (error)
return error;
@@ -961,7 +963,7 @@ rump_vop_setattr(void *v)
(vap->va_uid != (uid_t)VNOVAL) ? vap->va_uid : attr->va_uid;
gid_t gid =
(vap->va_gid != (gid_t)VNOVAL) ? vap->va_gid : attr->va_gid;
- error = kauth_authorize_vnode(cred,
+ error = kauth_authorize_vnode(curproc, cred,
KAUTH_VNODE_CHANGE_OWNERSHIP, vp, NULL,
genfs_can_chown(vp, cred, attr->va_uid, attr->va_gid, uid,
gid));
@@ -973,7 +975,8 @@ rump_vop_setattr(void *v)
if (vap->va_mode != (mode_t)VNOVAL) {
mode_t mode = vap->va_mode;
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_WRITE_SECURITY,
vp, NULL, genfs_can_chmod(vp, cred, attr->va_uid,
attr->va_gid, mode));
if (error)
Index: secmodel/overlay/secmodel_overlay.c
===================================================================
RCS file: /cvsroot/src/sys/secmodel/overlay/secmodel_overlay.c,v
retrieving revision 1.14
diff -u -p -u -r1.14 secmodel_overlay.c
--- secmodel/overlay/secmodel_overlay.c 16 Mar 2020 21:20:12 -0000 1.14
+++ secmodel/overlay/secmodel_overlay.c 18 Sep 2021 21:46:13 -0000
@@ -247,7 +247,7 @@ secmodel_overlay_generic_cb(kauth_cred_t
if (result == KAUTH_RESULT_DEFER) {
result = kauth_authorize_action(
- secmodel_overlay_iscope_generic, cred, action,
+ secmodel_overlay_iscope_generic, curproc, cred, action,
arg0, arg1, arg2, arg3);
}
@@ -273,7 +273,7 @@ secmodel_overlay_system_cb(kauth_cred_t
if (result == KAUTH_RESULT_DEFER) {
result = kauth_authorize_action(
- secmodel_overlay_iscope_system, cred, action,
+ secmodel_overlay_iscope_system, curproc, cred, action,
arg0, arg1, arg2, arg3);
}
@@ -299,7 +299,7 @@ secmodel_overlay_process_cb(kauth_cred_t
if (result == KAUTH_RESULT_DEFER) {
result = kauth_authorize_action(
- secmodel_overlay_iscope_process, cred, action,
+ secmodel_overlay_iscope_process, curproc, cred, action,
arg0, arg1, arg2, arg3);
}
@@ -325,7 +325,7 @@ secmodel_overlay_network_cb(kauth_cred_t
if (result == KAUTH_RESULT_DEFER) {
result = kauth_authorize_action(
- secmodel_overlay_iscope_network, cred, action,
+ secmodel_overlay_iscope_network, curproc, cred, action,
arg0, arg1, arg2, arg3);
}
@@ -351,7 +351,7 @@ secmodel_overlay_machdep_cb(kauth_cred_t
if (result == KAUTH_RESULT_DEFER) {
result = kauth_authorize_action(
- secmodel_overlay_iscope_machdep, cred, action,
+ secmodel_overlay_iscope_machdep, curproc, cred, action,
arg0, arg1, arg2, arg3);
}
@@ -377,7 +377,7 @@ secmodel_overlay_device_cb(kauth_cred_t
if (result == KAUTH_RESULT_DEFER) {
result = kauth_authorize_action(
- secmodel_overlay_iscope_device, cred, action,
+ secmodel_overlay_iscope_device, curproc, cred, action,
arg0, arg1, arg2, arg3);
}
@@ -403,7 +403,7 @@ secmodel_overlay_vnode_cb(kauth_cred_t c
if (result == KAUTH_RESULT_DEFER) {
result = kauth_authorize_action(
- secmodel_overlay_iscope_vnode, cred, action,
+ secmodel_overlay_iscope_vnode, curproc, cred, action,
arg0, arg1, arg2, arg3);
}
Index: sys/kauth.h
===================================================================
RCS file: /cvsroot/src/sys/sys/kauth.h,v
retrieving revision 1.86
diff -u -p -u -r1.86 kauth.h
--- sys/kauth.h 8 Sep 2020 14:12:57 -0000 1.86
+++ sys/kauth.h 18 Sep 2021 21:46:13 -0000
@@ -458,27 +458,30 @@ kauth_scope_t kauth_register_scope(const
void kauth_deregister_scope(kauth_scope_t);
kauth_listener_t kauth_listen_scope(const char *, kauth_scope_callback_t, void *);
void kauth_unlisten_scope(kauth_listener_t);
-int kauth_authorize_action(kauth_scope_t, kauth_cred_t, kauth_action_t, void *,
- void *, void *, void *);
+int kauth_authorize_action(kauth_scope_t, struct proc *, kauth_cred_t,
+ kauth_action_t, void *, void *, void *, void *);
/* Authorization wrappers. */
-int kauth_authorize_generic(kauth_cred_t, kauth_action_t, void *);
-int kauth_authorize_system(kauth_cred_t, kauth_action_t, enum kauth_system_req,
- void *, void *, void *);
-int kauth_authorize_process(kauth_cred_t, kauth_action_t, struct proc *,
- void *, void *, void *);
-int kauth_authorize_network(kauth_cred_t, kauth_action_t,
+int kauth_authorize_generic(struct proc *, kauth_cred_t, kauth_action_t,
+ void *);
+int kauth_authorize_system(struct proc *, kauth_cred_t, kauth_action_t,
+ enum kauth_system_req, void *, void *, void *);
+int kauth_authorize_process(struct proc *, kauth_cred_t, kauth_action_t,
+ struct proc *, void *, void *, void *);
+int kauth_authorize_network(struct proc *, kauth_cred_t, kauth_action_t,
enum kauth_network_req, void *, void *, void *);
-int kauth_authorize_machdep(kauth_cred_t, kauth_action_t,
+int kauth_authorize_machdep(struct proc *, kauth_cred_t, kauth_action_t,
void *, void *, void *, void *);
-int kauth_authorize_device(kauth_cred_t, kauth_action_t,
+int kauth_authorize_device(struct proc *, kauth_cred_t, kauth_action_t,
void *, void *, void *, void *);
-int kauth_authorize_device_tty(kauth_cred_t, kauth_action_t, struct tty *);
-int kauth_authorize_device_spec(kauth_cred_t, enum kauth_device_req,
- struct vnode *);
-int kauth_authorize_device_passthru(kauth_cred_t, dev_t, u_long, void *);
-int kauth_authorize_vnode(kauth_cred_t, kauth_action_t, struct vnode *,
- struct vnode *, int);
+int kauth_authorize_device_tty(struct proc *, kauth_cred_t, kauth_action_t,
+ struct tty *);
+int kauth_authorize_device_spec(struct proc *, kauth_cred_t,
+ enum kauth_device_req, struct vnode *);
+int kauth_authorize_device_passthru(struct proc *, kauth_cred_t, dev_t, u_long,
+ void *);
+int kauth_authorize_vnode(struct proc *, kauth_cred_t, kauth_action_t,
+ struct vnode *, struct vnode *, int);
/* Kauth credentials management routines. */
kauth_cred_t kauth_cred_alloc(void);
Index: sys/param.h
===================================================================
RCS file: /cvsroot/src/sys/sys/param.h,v
retrieving revision 1.701
diff -u -p -u -r1.701 param.h
--- sys/param.h 7 Aug 2021 19:44:39 -0000 1.701
+++ sys/param.h 18 Sep 2021 21:46:13 -0000
@@ -67,7 +67,7 @@
* 2.99.9 (299000900)
*/
-#define __NetBSD_Version__ 999008800 /* NetBSD 9.99.88 */
+#define __NetBSD_Version__ 999008900 /* NetBSD 9.99.89 */
#define __NetBSD_Prereq__(M,m,p) (((((M) * 100000000) + \
(m) * 1000000) + (p) * 100) <= __NetBSD_Version__)
Index: ufs/chfs/chfs_subr.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/chfs/chfs_subr.c,v
retrieving revision 1.15
diff -u -p -u -r1.15 chfs_subr.c
--- ufs/chfs/chfs_subr.c 5 Sep 2020 16:30:12 -0000 1.15
+++ ufs/chfs/chfs_subr.c 18 Sep 2021 21:46:13 -0000
@@ -278,7 +278,7 @@ chfs_chflags(struct vnode *vp, int flags
action |= KAUTH_VNODE_HAS_SYSFLAGS;
}
- error = kauth_authorize_vnode(cred, action, vp, NULL,
+ error = kauth_authorize_vnode(curproc, cred, action, vp, NULL,
genfs_can_chflags(vp, cred, ip->uid, changing_sysflags));
if (error)
return error;
Index: ufs/chfs/chfs_vnode.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/chfs/chfs_vnode.c,v
retrieving revision 1.19
diff -u -p -u -r1.19 chfs_vnode.c
--- ufs/chfs/chfs_vnode.c 16 May 2020 18:31:53 -0000 1.19
+++ ufs/chfs/chfs_vnode.c 18 Sep 2021 21:46:13 -0000
@@ -251,7 +251,7 @@ chfs_makeinode(int mode, struct vnode *d
/* authorize setting SGID if needed */
if (ip->mode & ISGID) {
- error = kauth_authorize_vnode(cnp->cn_cred,
+ error = kauth_authorize_vnode(curproc, cnp->cn_cred,
KAUTH_VNODE_WRITE_SECURITY, vp, NULL, genfs_can_chmod(vp,
cnp->cn_cred, ip->uid, ip->gid, mode));
if (error)
Index: ufs/chfs/chfs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/chfs/chfs_vnops.c,v
retrieving revision 1.45
diff -u -p -u -r1.45 chfs_vnops.c
--- ufs/chfs/chfs_vnops.c 18 Jul 2021 23:56:14 -0000 1.45
+++ ufs/chfs/chfs_vnops.c 18 Sep 2021 21:46:13 -0000
@@ -398,7 +398,7 @@ chfs_access(void *v)
if (accmode & VWRITE && ip->flags & IMMUTABLE)
return (EPERM);
- return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(accmode,
+ return kauth_authorize_vnode(curproc, cred, KAUTH_ACCESS_ACTION(accmode,
vp->v_type, ip->mode & ALLPERMS), vp, NULL, genfs_can_access(vp,
cred, ip->uid, ip->gid, ip->mode & ALLPERMS, NULL, accmode));
}
@@ -509,7 +509,8 @@ chfs_setattr(void *v)
/* set time */
if (vap->va_atime.tv_sec != VNOVAL || vap->va_mtime.tv_sec != VNOVAL) {
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_WRITE_TIMES, vp,
NULL, genfs_can_chtimes(vp, cred, ip->uid,
vap->va_vaflags));
if (error)
@@ -539,7 +540,8 @@ chfs_chmod(struct vnode *vp, int mode, k
int error;
dbg("chmod\n");
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY, vp,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_WRITE_SECURITY, vp,
NULL, genfs_can_chmod(vp, cred, ip->uid, ip->gid, mode));
if (error)
return error;
@@ -566,7 +568,8 @@ chfs_chown(struct vnode *vp, uid_t uid,
if (gid == (gid_t)VNOVAL)
gid = ip->gid;
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_CHANGE_OWNERSHIP, vp,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_CHANGE_OWNERSHIP, vp,
NULL, genfs_can_chown(vp, cred, ip->uid, ip->gid, uid, gid));
if (error)
return error;
@@ -977,13 +980,13 @@ out:
ip->iflag |= IN_CHANGE | IN_UPDATE;
if (resid > uio->uio_resid && ap->a_cred) {
if (ip->mode & ISUID) {
- if (kauth_authorize_vnode(ap->a_cred,
+ if (kauth_authorize_vnode(curproc, ap->a_cred,
KAUTH_VNODE_RETAIN_SUID, vp, NULL, EPERM) != 0)
ip->mode &= ~ISUID;
}
if (ip->mode & ISGID) {
- if (kauth_authorize_vnode(ap->a_cred,
+ if (kauth_authorize_vnode(curproc, ap->a_cred,
KAUTH_VNODE_RETAIN_SGID, vp, NULL, EPERM) != 0)
ip->mode &= ~ISGID;
}
Index: ufs/ext2fs/ext2fs_alloc.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ext2fs/ext2fs_alloc.c,v
retrieving revision 1.52
diff -u -p -u -r1.52 ext2fs_alloc.c
--- ufs/ext2fs/ext2fs_alloc.c 28 May 2017 16:38:55 -0000 1.52
+++ ufs/ext2fs/ext2fs_alloc.c 18 Sep 2021 21:46:13 -0000
@@ -127,8 +127,8 @@ ext2fs_alloc(struct inode *ip, daddr_t l
#endif /* DIAGNOSTIC */
if (fs->e2fs.e2fs_fbcount == 0)
goto nospace;
- if (kauth_authorize_system(cred, KAUTH_SYSTEM_FS_RESERVEDSPACE, 0, NULL,
- NULL, NULL) != 0 &&
+ if (kauth_authorize_system(curproc, cred,
+ KAUTH_SYSTEM_FS_RESERVEDSPACE, 0, NULL, NULL, NULL) != 0 &&
freespace(fs) <= 0)
goto nospace;
if (bpref >= fs->e2fs.e2fs_bcount)
Index: ufs/ext2fs/ext2fs_lookup.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ext2fs/ext2fs_lookup.c,v
retrieving revision 1.91
diff -u -p -u -r1.91 ext2fs_lookup.c
--- ufs/ext2fs/ext2fs_lookup.c 16 May 2020 18:31:53 -0000 1.91
+++ ufs/ext2fs/ext2fs_lookup.c 18 Sep 2021 21:46:13 -0000
@@ -660,7 +660,8 @@ found:
* implements append-only directories.
*/
if (dp->i_e2fs_mode & ISVTX) {
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_DELETE,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_DELETE,
tdp, vdp, genfs_can_sticky(vdp, cred, dp->i_uid,
VTOI(tdp)->i_uid));
if (error) {
Index: ufs/ext2fs/ext2fs_readwrite.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ext2fs/ext2fs_readwrite.c,v
retrieving revision 1.77
diff -u -p -u -r1.77 ext2fs_readwrite.c
--- ufs/ext2fs/ext2fs_readwrite.c 23 Apr 2020 21:47:08 -0000 1.77
+++ ufs/ext2fs/ext2fs_readwrite.c 18 Sep 2021 21:46:13 -0000
@@ -455,13 +455,13 @@ ext2fs_post_write_update(struct vnode *v
*/
if (resid > uio->uio_resid && cred) {
if (ip->i_e2fs_mode & ISUID) {
- if (kauth_authorize_vnode(cred,
+ if (kauth_authorize_vnode(curproc, cred,
KAUTH_VNODE_RETAIN_SUID, vp, NULL, EPERM) != 0)
ip->i_e2fs_mode &= ISUID;
}
if (ip->i_e2fs_mode & ISGID) {
- if (kauth_authorize_vnode(cred,
+ if (kauth_authorize_vnode(curproc, cred,
KAUTH_VNODE_RETAIN_SGID, vp, NULL, EPERM) != 0)
ip->i_e2fs_mode &= ~ISGID;
}
Index: ufs/ext2fs/ext2fs_vfsops.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ext2fs/ext2fs_vfsops.c,v
retrieving revision 1.219
diff -u -p -u -r1.219 ext2fs_vfsops.c
--- ufs/ext2fs/ext2fs_vfsops.c 16 May 2020 18:31:53 -0000 1.219
+++ ufs/ext2fs/ext2fs_vfsops.c 18 Sep 2021 21:46:13 -0000
@@ -389,7 +389,8 @@ ext2fs_mount(struct mount *mp, const cha
(mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp,
KAUTH_ARG(accessmode));
VOP_UNLOCK(devvp);
@@ -1147,7 +1148,8 @@ ext2fs_newvnode(struct mount *mp, struct
/* Authorize setting SGID if needed. */
if (ip->i_e2fs_mode & ISGID) {
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_WRITE_SECURITY,
vp, NULL, genfs_can_chmod(vp, cred, ip->i_uid, ip->i_gid,
mode));
if (error)
Index: ufs/ext2fs/ext2fs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ext2fs/ext2fs_vnops.c,v
retrieving revision 1.135
diff -u -p -u -r1.135 ext2fs_vnops.c
--- ufs/ext2fs/ext2fs_vnops.c 18 Jul 2021 23:57:15 -0000 1.135
+++ ufs/ext2fs/ext2fs_vnops.c 18 Sep 2021 21:46:13 -0000
@@ -230,7 +230,7 @@ ext2fs_check_permitted(struct vnode *vp,
kauth_cred_t cred)
{
- return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(accmode,
+ return kauth_authorize_vnode(curproc, cred, KAUTH_ACCESS_ACTION(accmode,
vp->v_type, ip->i_e2fs_mode & ALLPERMS), vp, NULL,
genfs_can_access(vp, cred, ip->i_uid, ip->i_gid,
ip->i_e2fs_mode & ALLPERMS, NULL, accmode));
@@ -367,7 +367,7 @@ ext2fs_setattr(void *v)
}
#endif /* EXT2FS_SYSTEM_FLAGS */
- error = kauth_authorize_vnode(cred, action, vp, NULL,
+ error = kauth_authorize_vnode(curproc, cred, action, vp, NULL,
genfs_can_chflags(vp, cred, ip->i_uid, changing_sysflags));
if (error)
return error;
@@ -424,7 +424,8 @@ ext2fs_setattr(void *v)
if (vap->va_atime.tv_sec != VNOVAL || vap->va_mtime.tv_sec != VNOVAL || vap->va_birthtime.tv_sec != VNOVAL) {
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return EROFS;
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_WRITE_TIMES, vp,
NULL, genfs_can_chtimes(vp, cred, ip->i_uid,
vap->va_vaflags));
if (error)
@@ -467,7 +468,8 @@ ext2fs_chmod(struct vnode *vp, int mode,
struct inode *ip = VTOI(vp);
int error;
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY, vp,
+ error = kauth_authorize_vnode(l->l_proc, cred,
+ KAUTH_VNODE_WRITE_SECURITY, vp,
NULL, genfs_can_chmod(vp, cred, ip->i_uid, ip->i_gid, mode));
if (error)
return error;
@@ -496,7 +498,8 @@ ext2fs_chown(struct vnode *vp, uid_t uid
if (gid == (gid_t)VNOVAL)
gid = ip->i_gid;
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_CHANGE_OWNERSHIP, vp,
+ error = kauth_authorize_vnode(l->l_proc, cred,
+ KAUTH_VNODE_CHANGE_OWNERSHIP, vp,
NULL, genfs_can_chown(vp, cred, ip->i_uid, ip->i_gid, uid, gid));
if (error)
return error;
@@ -518,11 +521,11 @@ ext2fs_chown(struct vnode *vp, uid_t uid
ip->i_flag |= IN_CHANGE;
}
if (ouid != uid && (ip->i_e2fs_mode & ISUID) &&
- kauth_authorize_vnode(cred, KAUTH_VNODE_RETAIN_SUID,
+ kauth_authorize_vnode(l->l_proc, cred, KAUTH_VNODE_RETAIN_SUID,
vp, NULL, EPERM) != 0)
ip->i_e2fs_mode &= ~ISUID;
if (ogid != gid && (ip->i_e2fs_mode & ISGID) &&
- kauth_authorize_vnode(cred, KAUTH_VNODE_RETAIN_SGID,
+ kauth_authorize_vnode(l->l_proc, cred, KAUTH_VNODE_RETAIN_SGID,
vp, NULL, EPERM) != 0)
ip->i_e2fs_mode &= ~ISGID;
return 0;
Index: ufs/ffs/ffs_alloc.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ffs/ffs_alloc.c,v
retrieving revision 1.170
diff -u -p -u -r1.170 ffs_alloc.c
--- ufs/ffs/ffs_alloc.c 3 Sep 2021 21:55:01 -0000 1.170
+++ ufs/ffs/ffs_alloc.c 18 Sep 2021 21:46:14 -0000
@@ -239,8 +239,8 @@ ffs_alloc(struct inode *ip, daddr_t lbn,
if (size == fs->fs_bsize && fs->fs_cstotal.cs_nbfree == 0)
goto nospace;
if (freespace(fs, fs->fs_minfree) <= 0 &&
- kauth_authorize_system(cred, KAUTH_SYSTEM_FS_RESERVEDSPACE, 0, NULL,
- NULL, NULL) != 0)
+ kauth_authorize_system(curproc, cred,
+ KAUTH_SYSTEM_FS_RESERVEDSPACE, 0, NULL, NULL, NULL) != 0)
goto nospace;
#if defined(QUOTA) || defined(QUOTA2)
mutex_exit(&ump->um_lock);
@@ -368,8 +368,8 @@ ffs_realloccg(struct inode *ip, daddr_t
fs->fs_fsmnt);
if (freespace(fs, fs->fs_minfree) <= 0 &&
- kauth_authorize_system(cred, KAUTH_SYSTEM_FS_RESERVEDSPACE, 0, NULL,
- NULL, NULL) != 0) {
+ kauth_authorize_system(curproc, cred,
+ KAUTH_SYSTEM_FS_RESERVEDSPACE, 0, NULL, NULL, NULL) != 0) {
mutex_exit(&ump->um_lock);
goto nospace;
}
Index: ufs/ffs/ffs_snapshot.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ffs/ffs_snapshot.c,v
retrieving revision 1.152
diff -u -p -u -r1.152 ffs_snapshot.c
--- ufs/ffs/ffs_snapshot.c 18 Apr 2020 19:18:34 -0000 1.152
+++ ufs/ffs/ffs_snapshot.c 18 Sep 2021 21:46:14 -0000
@@ -438,8 +438,8 @@ snapshot_setup(struct mount *mp, struct
return EXDEV;
if (vp->v_writecount != 0)
return EBUSY;
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_SNAPSHOT,
- 0, mp, vp, NULL);
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_SNAPSHOT, 0, mp, vp, NULL);
if (error)
return EACCES;
Index: ufs/ffs/ffs_vfsops.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ffs/ffs_vfsops.c,v
retrieving revision 1.373
diff -u -p -u -r1.373 ffs_vfsops.c
--- ufs/ffs/ffs_vfsops.c 18 Sep 2021 03:05:20 -0000 1.373
+++ ufs/ffs/ffs_vfsops.c 18 Sep 2021 21:46:14 -0000
@@ -550,7 +550,7 @@ ffs_mount(struct mount *mp, const char *
(mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp, KAUTH_ARG(accessmode));
VOP_UNLOCK(devvp);
if (error) {
Index: ufs/lfs/lfs_syscalls.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/lfs/lfs_syscalls.c,v
retrieving revision 1.176
diff -u -p -u -r1.176 lfs_syscalls.c
--- ufs/lfs/lfs_syscalls.c 18 Feb 2020 20:23:17 -0000 1.176
+++ ufs/lfs/lfs_syscalls.c 18 Sep 2021 21:46:14 -0000
@@ -234,7 +234,7 @@ lfs_markv(struct lwp *l, fsid_t *fsidp,
/* number of blocks/inodes that we have already bwrite'ed */
int nblkwritten, ninowritten;
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_LFS,
KAUTH_REQ_SYSTEM_LFS_MARKV, NULL, NULL, NULL);
if (error)
return (error);
@@ -643,7 +643,7 @@ lfs_bmapv(struct lwp *l, fsid_t *fsidp,
int cnt, error;
int numrefed = 0;
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_LFS,
KAUTH_REQ_SYSTEM_LFS_BMAPV, NULL, NULL, NULL);
if (error)
return (error);
@@ -791,7 +791,7 @@ sys_lfs_segclean(struct lwp *l, const st
int error;
unsigned long segnum;
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_LFS,
KAUTH_REQ_SYSTEM_LFS_SEGCLEAN, NULL, NULL, NULL);
if (error)
return (error);
@@ -936,7 +936,7 @@ sys___lfs_segwait50(struct lwp *l, const
int error;
/* XXX need we be su to segwait? */
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
+ error = kauth_authorize_system(l->l_proc, l->l_cred, KAUTH_SYSTEM_LFS,
KAUTH_REQ_SYSTEM_LFS_SEGWAIT, NULL, NULL, NULL);
if (error)
return (error);
Index: ufs/lfs/lfs_vfsops.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/lfs/lfs_vfsops.c,v
retrieving revision 1.381
diff -u -p -u -r1.381 lfs_vfsops.c
--- ufs/lfs/lfs_vfsops.c 31 Jul 2021 20:29:37 -0000 1.381
+++ ufs/lfs/lfs_vfsops.c 18 Sep 2021 21:46:14 -0000
@@ -708,9 +708,9 @@ lfs_mount(struct mount *mp, const char *
(mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
- KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp,
- KAUTH_ARG(accessmode));
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_MOUNT, KAUTH_REQ_SYSTEM_MOUNT_DEVICE,
+ mp, devvp, KAUTH_ARG(accessmode));
VOP_UNLOCK(devvp);
}
Index: ufs/lfs/lfs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/lfs/lfs_vnops.c,v
retrieving revision 1.339
diff -u -p -u -r1.339 lfs_vnops.c
--- ufs/lfs/lfs_vnops.c 18 Jul 2021 23:57:15 -0000 1.339
+++ ufs/lfs/lfs_vnops.c 18 Sep 2021 21:46:14 -0000
@@ -332,7 +332,7 @@ lfs_makeinode(struct vattr *vap, struct
/* Authorize setting SGID if needed. */
if (ip->i_mode & ISGID) {
- error = kauth_authorize_vnode(cnp->cn_cred,
+ error = kauth_authorize_vnode(curproc, cnp->cn_cred,
KAUTH_VNODE_WRITE_SECURITY,
tvp, NULL, genfs_can_chmod(tvp, cnp->cn_cred, ip->i_uid,
ip->i_gid, MAKEIMODE(vap->va_type, vap->va_mode)));
@@ -1884,8 +1884,9 @@ lfs_fcntl(void *v)
/* LFS control and monitoring fcntls are available only to root */
l = curlwp;
if (((ap->a_command & 0xff00) >> 8) == 'L' &&
- (error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
- KAUTH_REQ_SYSTEM_LFS_FCNTL, NULL, NULL, NULL)) != 0)
+ (error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_LFS,
+ KAUTH_REQ_SYSTEM_LFS_FCNTL, NULL, NULL, NULL)) != 0)
return (error);
fs = VTOI(ap->a_vp)->i_lfs;
@@ -2033,7 +2034,7 @@ segwait_common:
case LFCNIFILEFH_COMPAT:
/* Return the filehandle of the Ifile */
- if ((error = kauth_authorize_system(l->l_cred,
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
KAUTH_SYSTEM_FILEHANDLE, 0, NULL, NULL, NULL)) != 0)
return (error);
fhp = (struct fhandle *)ap->a_data;
Index: ufs/lfs/ulfs_extattr.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/lfs/ulfs_extattr.c,v
retrieving revision 1.17
diff -u -p -u -r1.17 ulfs_extattr.c
--- ufs/lfs/ulfs_extattr.c 29 Jun 2021 22:40:54 -0000 1.17
+++ ufs/lfs/ulfs_extattr.c 18 Sep 2021 21:46:14 -0000
@@ -886,8 +886,8 @@ ulfs_extattrctl(struct mount *mp, int cm
/*
* Only privileged processes can configure extended attributes.
*/
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_EXTATTR,
- 0, mp, NULL, NULL);
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_EXTATTR, 0, mp, NULL, NULL);
if (error) {
if (filename_vp != NULL)
VOP_UNLOCK(filename_vp);
Index: ufs/lfs/ulfs_lookup.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/lfs/ulfs_lookup.c,v
retrieving revision 1.46
diff -u -p -u -r1.46 ulfs_lookup.c
--- ufs/lfs/ulfs_lookup.c 5 Sep 2020 02:55:38 -0000 1.46
+++ ufs/lfs/ulfs_lookup.c 18 Sep 2021 21:46:14 -0000
@@ -573,7 +573,8 @@ found:
* implements append-only directories.
*/
if (dp->i_mode & ISVTX) {
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_DELETE,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_DELETE,
tdp, vdp, genfs_can_sticky(vdp, cred, dp->i_uid,
VTOI(tdp)->i_uid));
if (error) {
Index: ufs/lfs/ulfs_quota.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/lfs/ulfs_quota.c,v
retrieving revision 1.13
diff -u -p -u -r1.13 ulfs_quota.c
--- ufs/lfs/ulfs_quota.c 19 Jun 2016 23:06:09 -0000 1.13
+++ ufs/lfs/ulfs_quota.c 18 Sep 2021 21:46:14 -0000
@@ -341,7 +341,8 @@ quota_get_auth(struct mount *mp, struct
/* The user can always query about his own quota. */
if (id == kauth_cred_geteuid(l->l_cred))
return 0;
- return kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
+ return kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
KAUTH_REQ_SYSTEM_FS_QUOTA_GET, mp, KAUTH_ARG(id), NULL);
}
@@ -404,9 +405,9 @@ quota_handle_cmd_put(struct mount *mp, s
kauth_id = 0;
}
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
- KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE, mp, KAUTH_ARG(kauth_id),
- NULL);
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
+ KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE, mp, KAUTH_ARG(kauth_id), NULL);
if (error != 0) {
return error;
}
@@ -453,23 +454,20 @@ quota_handle_cmd_del(struct mount *mp, s
if ((fs->um_flags & ULFS_QUOTA2) == 0)
return EOPNOTSUPP;
- /* avoid whitespace changes */
- {
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
- KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE, mp, KAUTH_ARG(kauth_id),
- NULL);
- if (error != 0)
- goto err;
-#ifdef LFS_QUOTA2
- if (fs->um_flags & ULFS_QUOTA2) {
- error = lfsquota2_handle_cmd_del(ump, qk);
- } else
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
+ KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE, mp, KAUTH_ARG(kauth_id), NULL);
+ if (error != 0)
+ goto err;
+#ifdef LFS_QUOTA2
+ if (fs->um_flags & ULFS_QUOTA2) {
+ error = lfsquota2_handle_cmd_del(ump, qk);
+ } else
#endif
- panic("quota_handle_cmd_get: no support ?");
+ panic("quota_handle_cmd_get: no support ?");
- if (error && error != ENOENT)
- goto err;
- }
+ if (error && error != ENOENT)
+ goto err;
return 0;
err:
@@ -489,8 +487,9 @@ quota_handle_cmd_cursorget(struct mount
if ((fs->um_flags & ULFS_QUOTA2) == 0)
return EOPNOTSUPP;
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
- KAUTH_REQ_SYSTEM_FS_QUOTA_GET, mp, NULL, NULL);
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA, KAUTH_REQ_SYSTEM_FS_QUOTA_GET, mp,
+ NULL, NULL);
if (error)
return error;
@@ -524,7 +523,8 @@ quota_handle_cmd_cursoropen(struct mount
KASSERT(args->qc_op == QUOTACTL_CURSOROPEN);
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
KAUTH_REQ_SYSTEM_FS_QUOTA_GET, mp, NULL, NULL);
if (error)
return error;
@@ -552,7 +552,8 @@ quota_handle_cmd_cursorclose(struct moun
KASSERT(args->qc_op == QUOTACTL_CURSORCLOSE);
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
KAUTH_REQ_SYSTEM_FS_QUOTA_GET, mp, NULL, NULL);
if (error)
return error;
@@ -652,7 +653,8 @@ quota_handle_cmd_quotaon(struct mount *m
if ((fs->um_flags & ULFS_QUOTA2) != 0)
return EBUSY;
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF, mp, NULL, NULL);
if (error != 0) {
return error;
@@ -681,7 +683,8 @@ quota_handle_cmd_quotaoff(struct mount *
if ((fs->um_flags & ULFS_QUOTA2) != 0)
return EOPNOTSUPP;
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF, mp, NULL, NULL);
if (error != 0) {
return error;
Index: ufs/lfs/ulfs_quota1.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/lfs/ulfs_quota1.c,v
retrieving revision 1.12
diff -u -p -u -r1.12 ulfs_quota1.c
--- ufs/lfs/ulfs_quota1.c 29 Jun 2021 22:40:54 -0000 1.12
+++ ufs/lfs/ulfs_quota1.c 18 Sep 2021 21:46:14 -0000
@@ -91,7 +91,8 @@ lfs_chkdq1(struct inode *ip, int64_t cha
if ((dq = ip->i_dquot[i]) == NODQUOT)
continue;
if ((flags & FORCE) == 0 &&
- kauth_authorize_system(cred, KAUTH_SYSTEM_FS_QUOTA,
+ kauth_authorize_system(curproc, cred,
+ KAUTH_SYSTEM_FS_QUOTA,
KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT, KAUTH_ARG(i),
KAUTH_ARG(QL_BLOCK), NULL) != 0) {
mutex_enter(&dq->dq_interlock);
@@ -198,8 +199,9 @@ lfs_chkiq1(struct inode *ip, int32_t cha
for (i = 0; i < ULFS_MAXQUOTAS; i++) {
if ((dq = ip->i_dquot[i]) == NODQUOT)
continue;
- if ((flags & FORCE) == 0 && kauth_authorize_system(cred,
- KAUTH_SYSTEM_FS_QUOTA, KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT,
+ if ((flags & FORCE) == 0 && kauth_authorize_system(curproc,
+ cred, KAUTH_SYSTEM_FS_QUOTA,
+ KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT,
KAUTH_ARG(i), KAUTH_ARG(QL_FILE), NULL) != 0) {
mutex_enter(&dq->dq_interlock);
error = chkiqchg(ip, change, cred, i);
Index: ufs/lfs/ulfs_quota2.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/lfs/ulfs_quota2.c,v
retrieving revision 1.33
diff -u -p -u -r1.33 ulfs_quota2.c
--- ufs/lfs/ulfs_quota2.c 5 Dec 2020 17:40:00 -0000 1.33
+++ ufs/lfs/ulfs_quota2.c 18 Sep 2021 21:46:14 -0000
@@ -496,7 +496,7 @@ quota2_check(struct inode *ip, int vtype
ql_stat = lfsquota2_check_limit(&q2v, change, time_second);
if ((flags & FORCE) == 0 &&
- kauth_authorize_system(cred, KAUTH_SYSTEM_FS_QUOTA,
+ kauth_authorize_system(curproc, cred, KAUTH_SYSTEM_FS_QUOTA,
KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT,
KAUTH_ARG(i), KAUTH_ARG(vtype), NULL) != 0) {
/* enforce this limit */
Index: ufs/lfs/ulfs_readwrite.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/lfs/ulfs_readwrite.c,v
retrieving revision 1.27
diff -u -p -u -r1.27 ulfs_readwrite.c
--- ufs/lfs/ulfs_readwrite.c 23 Apr 2020 21:47:09 -0000 1.27
+++ ufs/lfs/ulfs_readwrite.c 18 Sep 2021 21:46:14 -0000
@@ -536,7 +536,7 @@ ulfs_post_write_update(struct vnode *vp,
*/
if (resid > uio->uio_resid && cred) {
if (ip->i_mode & ISUID) {
- if (kauth_authorize_vnode(cred,
+ if (kauth_authorize_vnode(curproc, cred,
KAUTH_VNODE_RETAIN_SUID, vp, NULL, EPERM) != 0) {
ip->i_mode &= ~ISUID;
DIP_ASSIGN(ip, mode, ip->i_mode);
@@ -544,7 +544,7 @@ ulfs_post_write_update(struct vnode *vp,
}
if (ip->i_mode & ISGID) {
- if (kauth_authorize_vnode(cred,
+ if (kauth_authorize_vnode(curproc, cred,
KAUTH_VNODE_RETAIN_SGID, vp, NULL, EPERM) != 0) {
ip->i_mode &= ~ISGID;
DIP_ASSIGN(ip, mode, ip->i_mode);
Index: ufs/lfs/ulfs_vfsops.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/lfs/ulfs_vfsops.c,v
retrieving revision 1.16
diff -u -p -u -r1.16 ulfs_vfsops.c
--- ufs/lfs/ulfs_vfsops.c 17 Jan 2020 20:08:10 -0000 1.16
+++ ufs/lfs/ulfs_vfsops.c 18 Sep 2021 21:46:14 -0000
@@ -136,22 +136,27 @@ ulfs_quotactl(struct mount *mp, struct q
if (uid == kauth_cred_getuid(l->l_cred))
break;
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
- KAUTH_REQ_SYSTEM_FS_QUOTA_GET, mp, KAUTH_ARG(uid), NULL);
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
+ KAUTH_REQ_SYSTEM_FS_QUOTA_GET, mp,
+ KAUTH_ARG(uid), NULL);
break;
case Q_QUOTAON:
case Q_QUOTAOFF:
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF, mp, NULL, NULL);
break;
case Q_SETQUOTA:
case Q_SETUSE:
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
- KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE, mp, KAUTH_ARG(uid), NULL);
+ error = kauth_authorize_system(l->l_proc l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
+ KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE, mp,
+ KAUTH_ARG(uid), NULL);
break;
Index: ufs/lfs/ulfs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/lfs/ulfs_vnops.c,v
retrieving revision 1.54
diff -u -p -u -r1.54 ulfs_vnops.c
--- ufs/lfs/ulfs_vnops.c 5 Sep 2020 16:30:13 -0000 1.54
+++ ufs/lfs/ulfs_vnops.c 18 Sep 2021 21:46:14 -0000
@@ -195,7 +195,7 @@ ulfs_check_permitted(struct vnode *vp, s
kauth_cred_t cred)
{
- return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(accmode,
+ return kauth_authorize_vnode(curproc, cred, KAUTH_ACCESS_ACTION(accmode,
vp->v_type, ip->i_mode & ALLPERMS), vp, NULL, genfs_can_access(
vp, cred, ip->i_uid, ip->i_gid, ip->i_mode & ALLPERMS,
NULL, accmode));
@@ -296,7 +296,7 @@ ulfs_setattr(void *v)
changing_sysflags = true;
}
- error = kauth_authorize_vnode(cred, action, vp, NULL,
+ error = kauth_authorize_vnode(curproc, cred, action, vp, NULL,
genfs_can_chflags(vp, cred, ip->i_uid,
changing_sysflags));
if (error)
@@ -375,7 +375,8 @@ ulfs_setattr(void *v)
error = EPERM;
goto out;
}
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_WRITE_TIMES, vp,
NULL, genfs_can_chtimes(vp, cred, ip->i_uid,
vap->va_vaflags));
if (error)
@@ -429,7 +430,8 @@ ulfs_chmod(struct vnode *vp, int mode, k
ip = VTOI(vp);
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY, vp,
+ error = kauth_authorize_vnode(l->l_proc, cred,
+ KAUTH_VNODE_WRITE_SECURITY, vp,
NULL, genfs_can_chmod(vp, cred, ip->i_uid, ip->i_gid, mode));
if (error)
return (error);
@@ -467,7 +469,8 @@ ulfs_chown(struct vnode *vp, uid_t uid,
if (gid == (gid_t)VNOVAL)
gid = ip->i_gid;
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_CHANGE_OWNERSHIP, vp,
+ error = kauth_authorize_vnode(l->l_proc, cred,
+ KAUTH_VNODE_CHANGE_OWNERSHIP, vp,
NULL, genfs_can_chown(vp, cred, ip->i_uid, ip->i_gid, uid, gid));
if (error)
return (error);
Index: ufs/ufs/ufs_extattr.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ufs/ufs_extattr.c,v
retrieving revision 1.53
diff -u -p -u -r1.53 ufs_extattr.c
--- ufs/ufs/ufs_extattr.c 29 Jun 2021 22:40:54 -0000 1.53
+++ ufs/ufs/ufs_extattr.c 18 Sep 2021 21:46:14 -0000
@@ -888,8 +888,8 @@ ufs_extattrctl(struct mount *mp, int cmd
/*
* Only privileged processes can configure extended attributes.
*/
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_EXTATTR,
- 0, mp, NULL, NULL);
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_EXTATTR, 0, mp, NULL, NULL);
if (error) {
if (filename_vp != NULL)
VOP_UNLOCK(filename_vp);
Index: ufs/ufs/ufs_lookup.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ufs/ufs_lookup.c,v
retrieving revision 1.155
diff -u -p -u -r1.155 ufs_lookup.c
--- ufs/ufs/ufs_lookup.c 5 Sep 2020 02:55:39 -0000 1.155
+++ ufs/ufs/ufs_lookup.c 18 Sep 2021 21:46:14 -0000
@@ -259,8 +259,8 @@ ufs_can_delete(struct vnode *tdp, struct
* may not delete it (unless she's root). This
* implements append-only directories.
*/
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_DELETE, tdp, vdp,
- genfs_can_sticky(vdp, cred, ip->i_uid, VTOI(tdp)->i_uid));
+ error = kauth_authorize_vnode(curproc, cred, KAUTH_VNODE_DELETE, tdp,
+ vdp, genfs_can_sticky(vdp, cred, ip->i_uid, VTOI(tdp)->i_uid));
if (error) {
error = EPERM; // Why override?
goto out;
Index: ufs/ufs/ufs_quota.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ufs/ufs_quota.c,v
retrieving revision 1.117
diff -u -p -u -r1.117 ufs_quota.c
--- ufs/ufs/ufs_quota.c 28 Jun 2014 22:27:51 -0000 1.117
+++ ufs/ufs/ufs_quota.c 18 Sep 2021 21:46:14 -0000
@@ -337,7 +337,8 @@ quota_get_auth(struct mount *mp, struct
/* The user can always query about his own quota. */
if (id == kauth_cred_geteuid(l->l_cred))
return 0;
- return kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
+ return kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
KAUTH_REQ_SYSTEM_FS_QUOTA_GET, mp, KAUTH_ARG(id), NULL);
}
@@ -400,9 +401,10 @@ quota_handle_cmd_put(struct mount *mp, s
kauth_id = 0;
}
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
- KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE, mp, KAUTH_ARG(kauth_id),
- NULL);
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
+ KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE, mp,
+ KAUTH_ARG(kauth_id), NULL);
if (error != 0) {
return error;
}
@@ -448,9 +450,10 @@ quota_handle_cmd_del(struct mount *mp, s
/* avoid whitespace changes */
{
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
- KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE, mp, KAUTH_ARG(kauth_id),
- NULL);
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
+ KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE, mp,
+ KAUTH_ARG(kauth_id), NULL);
if (error != 0)
goto err;
#ifdef QUOTA2
@@ -481,7 +484,8 @@ quota_handle_cmd_cursorget(struct mount
if ((ump->um_flags & UFS_QUOTA2) == 0)
return EOPNOTSUPP;
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
KAUTH_REQ_SYSTEM_FS_QUOTA_GET, mp, NULL, NULL);
if (error)
return error;
@@ -515,7 +519,8 @@ quota_handle_cmd_cursoropen(struct mount
KASSERT(args->qc_op == QUOTACTL_CURSOROPEN);
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
KAUTH_REQ_SYSTEM_FS_QUOTA_GET, mp, NULL, NULL);
if (error)
return error;
@@ -542,7 +547,8 @@ quota_handle_cmd_cursorclose(struct moun
KASSERT(args->qc_op == QUOTACTL_CURSORCLOSE);
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
KAUTH_REQ_SYSTEM_FS_QUOTA_GET, mp, NULL, NULL);
if (error)
return error;
@@ -637,7 +643,8 @@ quota_handle_cmd_quotaon(struct mount *m
if ((ump->um_flags & UFS_QUOTA2) != 0)
return EBUSY;
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF, mp, NULL, NULL);
if (error != 0) {
return error;
@@ -665,7 +672,8 @@ quota_handle_cmd_quotaoff(struct mount *
if ((ump->um_flags & UFS_QUOTA2) != 0)
return EOPNOTSUPP;
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF, mp, NULL, NULL);
if (error != 0) {
return error;
Index: ufs/ufs/ufs_quota1.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ufs/ufs_quota1.c,v
retrieving revision 1.24
diff -u -p -u -r1.24 ufs_quota1.c
--- ufs/ufs/ufs_quota1.c 29 Jun 2021 22:40:54 -0000 1.24
+++ ufs/ufs/ufs_quota1.c 18 Sep 2021 21:46:14 -0000
@@ -90,7 +90,7 @@ chkdq1(struct inode *ip, int64_t change,
if ((dq = ip->i_dquot[i]) == NODQUOT)
continue;
if ((flags & FORCE) == 0 &&
- kauth_authorize_system(cred, KAUTH_SYSTEM_FS_QUOTA,
+ kauth_authorize_system(curproc, cred, KAUTH_SYSTEM_FS_QUOTA,
KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT, KAUTH_ARG(i),
KAUTH_ARG(QL_BLOCK), NULL) != 0) {
mutex_enter(&dq->dq_interlock);
@@ -197,7 +197,8 @@ chkiq1(struct inode *ip, int32_t change,
for (i = 0; i < MAXQUOTAS; i++) {
if ((dq = ip->i_dquot[i]) == NODQUOT)
continue;
- if ((flags & FORCE) == 0 && kauth_authorize_system(cred,
+ if ((flags & FORCE) == 0 && kauth_authorize_system(curproc,
+ cred,
KAUTH_SYSTEM_FS_QUOTA, KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT,
KAUTH_ARG(i), KAUTH_ARG(QL_FILE), NULL) != 0) {
mutex_enter(&dq->dq_interlock);
Index: ufs/ufs/ufs_quota2.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ufs/ufs_quota2.c,v
retrieving revision 1.43
diff -u -p -u -r1.43 ufs_quota2.c
--- ufs/ufs/ufs_quota2.c 5 Dec 2020 17:33:54 -0000 1.43
+++ ufs/ufs/ufs_quota2.c 18 Sep 2021 21:46:14 -0000
@@ -491,7 +491,7 @@ quota2_check(struct inode *ip, int vtype
ql_stat = quota2_check_limit(&q2v, change, time_second);
if ((flags & FORCE) == 0 &&
- kauth_authorize_system(cred, KAUTH_SYSTEM_FS_QUOTA,
+ kauth_authorize_system(curproc, cred, KAUTH_SYSTEM_FS_QUOTA,
KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT,
KAUTH_ARG(i), KAUTH_ARG(vtype), NULL) != 0) {
/* enforce this limit */
Index: ufs/ufs/ufs_readwrite.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ufs/ufs_readwrite.c,v
retrieving revision 1.126
diff -u -p -u -r1.126 ufs_readwrite.c
--- ufs/ufs/ufs_readwrite.c 23 Apr 2020 21:47:09 -0000 1.126
+++ ufs/ufs/ufs_readwrite.c 18 Sep 2021 21:46:14 -0000
@@ -572,7 +572,7 @@ ufs_post_write_update(struct vnode *vp,
*/
if (resid > uio->uio_resid && cred) {
if (ip->i_mode & ISUID) {
- if (kauth_authorize_vnode(cred,
+ if (kauth_authorize_vnode(curproc, cred,
KAUTH_VNODE_RETAIN_SUID, vp, NULL, EPERM) != 0) {
ip->i_mode &= ~ISUID;
DIP_ASSIGN(ip, mode, ip->i_mode);
@@ -580,7 +580,7 @@ ufs_post_write_update(struct vnode *vp,
}
if (ip->i_mode & ISGID) {
- if (kauth_authorize_vnode(cred,
+ if (kauth_authorize_vnode(curproc, cred,
KAUTH_VNODE_RETAIN_SGID, vp, NULL, EPERM) != 0) {
ip->i_mode &= ~ISGID;
DIP_ASSIGN(ip, mode, ip->i_mode);
Index: ufs/ufs/ufs_vfsops.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ufs/ufs_vfsops.c,v
retrieving revision 1.60
diff -u -p -u -r1.60 ufs_vfsops.c
--- ufs/ufs/ufs_vfsops.c 1 May 2020 08:43:37 -0000 1.60
+++ ufs/ufs/ufs_vfsops.c 18 Sep 2021 21:46:14 -0000
@@ -157,22 +157,27 @@ ufs_quotactl(struct mount *mp, struct qu
if (uid == kauth_cred_getuid(l->l_cred))
break;
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
- KAUTH_REQ_SYSTEM_FS_QUOTA_GET, mp, KAUTH_ARG(uid), NULL);
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
+ KAUTH_REQ_SYSTEM_FS_QUOTA_GET, mp,
+ KAUTH_ARG(uid), NULL);
break;
case Q_QUOTAON:
case Q_QUOTAOFF:
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF, mp, NULL, NULL);
break;
case Q_SETQUOTA:
case Q_SETUSE:
- error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
- KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE, mp, KAUTH_ARG(uid), NULL);
+ error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_FS_QUOTA,
+ KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE, mp,
+ KAUTH_ARG(uid), NULL);
break;
Index: ufs/ufs/ufs_vnops.c
===================================================================
RCS file: /cvsroot/src/sys/ufs/ufs/ufs_vnops.c,v
retrieving revision 1.259
diff -u -p -u -r1.259 ufs_vnops.c
--- ufs/ufs/ufs_vnops.c 5 Sep 2020 16:30:13 -0000 1.259
+++ ufs/ufs/ufs_vnops.c 18 Sep 2021 21:46:14 -0000
@@ -320,7 +320,7 @@ ufs_check_permitted(struct vnode *vp, st
struct acl *, accmode_t))
{
- return kauth_authorize_vnode(cred, KAUTH_ACCESS_ACTION(accmode,
+ return kauth_authorize_vnode(curproc, cred, KAUTH_ACCESS_ACTION(accmode,
vp->v_type, ip->i_mode & ALLPERMS), vp, NULL, (*func)(vp, cred,
ip->i_uid, ip->i_gid, ip->i_mode & ALLPERMS, acl, accmode));
}
@@ -538,7 +538,7 @@ ufs_setattr(void *v)
changing_sysflags = true;
}
- error = kauth_authorize_vnode(cred, action, vp, NULL,
+ error = kauth_authorize_vnode(curproc, cred, action, vp, NULL,
genfs_can_chflags(vp, cred, ip->i_uid, changing_sysflags));
if (error)
goto out;
@@ -628,7 +628,8 @@ ufs_setattr(void *v)
error = EPERM;
goto out;
}
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp,
+ error = kauth_authorize_vnode(curproc, cred,
+ KAUTH_VNODE_WRITE_TIMES, vp,
NULL, genfs_can_chtimes(vp, cred, ip->i_uid,
vap->va_vaflags));
if (error)
@@ -727,7 +728,8 @@ ufs_chmod(struct vnode *vp, int mode, ka
return error;
#endif
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY, vp,
+ error = kauth_authorize_vnode(l->l_proc, cred,
+ KAUTH_VNODE_WRITE_SECURITY, vp,
NULL, genfs_can_chmod(vp, cred, ip->i_uid, ip->i_gid, mode));
if (error)
return (error);
@@ -781,7 +783,8 @@ ufs_chown(struct vnode *vp, uid_t uid, g
return error;
#endif
- error = kauth_authorize_vnode(cred, KAUTH_VNODE_CHANGE_OWNERSHIP, vp,
+ error = kauth_authorize_vnode(l->l_proc, cred,
+ KAUTH_VNODE_CHANGE_OWNERSHIP, vp,
NULL, genfs_can_chown(vp, cred, ip->i_uid, ip->i_gid, uid, gid));
if (error)
return (error);
@@ -2252,7 +2255,7 @@ ufs_makeinode(struct vattr *vap, struct
/* Authorize setting SGID if needed. */
if (ip->i_mode & ISGID) {
- error = kauth_authorize_vnode(cnp->cn_cred,
+ error = kauth_authorize_vnode(curproc, cnp->cn_cred,
KAUTH_VNODE_WRITE_SECURITY,
tvp, NULL, genfs_can_chmod(tvp, cnp->cn_cred, ip->i_uid,
ip->i_gid, MAKEIMODE(vap->va_type, vap->va_mode)));
Index: uvm/uvm_map.c
===================================================================
RCS file: /cvsroot/src/sys/uvm/uvm_map.c,v
retrieving revision 1.390
diff -u -p -u -r1.390 uvm_map.c
--- uvm/uvm_map.c 1 Jul 2021 15:06:01 -0000 1.390
+++ uvm/uvm_map.c 18 Sep 2021 21:46:14 -0000
@@ -5126,8 +5126,8 @@ sysctl_user_va0_disable(SYSCTLFN_ARGS)
return (error);
if (!t && user_va0_disable &&
- kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MAP_VA_ZERO, 0,
- NULL, NULL, NULL))
+ kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_MAP_VA_ZERO, 0, NULL, NULL, NULL))
return EPERM;
user_va0_disable = !!t;
Index: uvm/uvm_swap.c
===================================================================
RCS file: /cvsroot/src/sys/uvm/uvm_swap.c,v
retrieving revision 1.206
diff -u -p -u -r1.206 uvm_swap.c
--- uvm/uvm_swap.c 23 Aug 2021 13:08:18 -0000 1.206
+++ uvm/uvm_swap.c 18 Sep 2021 21:46:14 -0000
@@ -573,8 +573,8 @@ sys_swapctl(struct lwp *l, const struct
/*
* all other requests require superuser privs. verify.
*/
- if ((error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_SWAPCTL,
- 0, NULL, NULL, NULL)))
+ if ((error = kauth_authorize_system(l->l_proc, l->l_cred,
+ KAUTH_SYSTEM_SWAPCTL, 0, NULL, NULL, NULL)))
goto out;
if (SCARG(uap, cmd) == SWAP_DUMPOFF) {