From fc5d29ef7d6767747043a78fa18554ccd4e4b045 Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Thu, 1 Nov 2001 20:56:57 +0000
Subject: [PATCH] o Move suser() calls in kern/ to using suser_xxx() with an
 explicit   credential selection, rather than reference via a thread or
 process   pointer.  This is part of a gradual migration to suser() accepting 
  a struct ucred instead of a struct proc, simplifying the reference   and
 locking semantics of suser().

Obtained from:	TrustedBSD Project
---
 sys/kern/kern_acct.c     | 2 +-
 sys/kern/kern_jail.c     | 2 +-
 sys/kern/kern_linker.c   | 4 ++--
 sys/kern/kern_resource.c | 5 +++--
 sys/kern/sysv_ipc.c      | 6 ++++--
 sys/kern/tty.c           | 8 ++++----
 sys/kern/tty_pty.c       | 2 +-
 7 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/sys/kern/kern_acct.c b/sys/kern/kern_acct.c
index 8c319f7a872..cd191d50e1c 100644
--- a/sys/kern/kern_acct.c
+++ b/sys/kern/kern_acct.c
@@ -123,7 +123,7 @@ acct(td, uap)
 	if (td != curthread)
 		panic("acct");		/* XXXKSE DIAGNOSTIC */
 	/* Make sure that the caller is root. */
-	error = suser(td->td_proc);
+	error = suser_xxx(td->td_proc->p_ucred, NULL, 0);
 	if (error)
 		goto done2;
 
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 2dd432c219c..fc692c85992 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -83,7 +83,7 @@ jail(td, uap)
 	pr->pr_ip = j.ip_number;
 	PROC_LOCK(p);
 	/* Implicitly fail if already in jail.  */
-	error = suser(p);
+	error = suser_xxx(p->p_ucred, NULL, 0);
 	if (error)
 		goto badcred;
 	oldcred = p->p_ucred;
diff --git a/sys/kern/kern_linker.c b/sys/kern/kern_linker.c
index 7c2b59d4b66..fd12eaa8ea4 100644
--- a/sys/kern/kern_linker.c
+++ b/sys/kern/kern_linker.c
@@ -697,7 +697,7 @@ kldload(struct thread* td, struct kldload_args* uap)
 
     mtx_lock(&Giant);
 
-    if ((error = suser_td(td)) != 0)
+    if ((error = suser_xxx(td->td_proc->p_ucred, NULL, 0)) != 0)
 	goto out;
 
     pathname = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
@@ -743,7 +743,7 @@ kldunload(struct thread* td, struct kldunload_args* uap)
 
     mtx_lock(&Giant);
 
-    if ((error = suser_td(td)) != 0)
+    if ((error = suser_xxx(td->td_proc->p_ucred, NULL, 0)) != 0)
 	goto out;
 
     lf = linker_find_file_by_id(SCARG(uap, fileid));
diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c
index cf630ac17e6..5de232544bf 100644
--- a/sys/kern/kern_resource.c
+++ b/sys/kern/kern_resource.c
@@ -235,7 +235,8 @@ donice(curp, chgp, n)
 		n = PRIO_MAX;
 	if (n < PRIO_MIN)
 		n = PRIO_MIN;
-	if (n < chgp->p_ksegrp.kg_nice /* XXXKSE */  && suser(curp))
+	if (n < chgp->p_ksegrp.kg_nice /* XXXKSE */  &&
+	    suser_xxx(curp->p_ucred, NULL, 0))
 		return (EACCES);
 	chgp->p_ksegrp.kg_nice /* XXXKSE */  = n;
 	(void)resetpriority(&chgp->p_ksegrp); /* XXXKSE */
@@ -297,7 +298,7 @@ rtprio(td, uap)
 		    (error = copyin(uap->rtp, &rtp, sizeof(struct rtprio))))
 			break;
 		/* disallow setting rtprio in most cases if not superuser */
-		if (suser(curp) != 0) {
+		if (suser_xxx(curp->p_ucred, NULL, 0) != 0) {
 			/* can't set someone else's */
 			if (uap->pid) {
 				error = EPERM;
diff --git a/sys/kern/sysv_ipc.c b/sys/kern/sysv_ipc.c
index 70e2f4b2ece..89ab7d2c085 100644
--- a/sys/kern/sysv_ipc.c
+++ b/sys/kern/sysv_ipc.c
@@ -94,7 +94,8 @@ ipcperm(td, perm, mode)
 	/* Check for user match. */
 	if (cred->cr_uid != perm->cuid && cred->cr_uid != perm->uid) {
 		if (mode & IPC_M)
-			return (suser(p) == 0 ? 0 : EPERM);
+			return (suser_xxx(p->p_ucred, NULL, 0) == 0 ? 0 :
+			    EPERM);
 		/* Check for group match. */
 		mode >>= 3;
 		if (!groupmember(perm->gid, cred) &&
@@ -105,5 +106,6 @@ ipcperm(td, perm, mode)
 
 	if (mode & IPC_M)
 		return (0);
-	return ((mode & perm->mode) == mode || suser(p) == 0 ? 0 : EACCES);
+	return ((mode & perm->mode) == mode ||
+	    suser_xxx(p->p_ucred, NULL, 0) == 0 ? 0 : EACCES);
 }
diff --git a/sys/kern/tty.c b/sys/kern/tty.c
index 13ab4f75942..efc76b8d593 100644
--- a/sys/kern/tty.c
+++ b/sys/kern/tty.c
@@ -822,7 +822,7 @@ ttioctl(tp, cmd, data, flag)
 			    ISSET(constty->t_state, TS_CONNECTED))
 				return (EBUSY);
 #ifndef	UCONSOLE
-			if ((error = suser(p)) != 0)
+			if ((error = suser_xxx(p->p_ucred, NULL, 0)) != 0)
 				return (error);
 #endif
 			constty = tp;
@@ -994,9 +994,9 @@ ttioctl(tp, cmd, data, flag)
 		splx(s);
 		break;
 	case TIOCSTI:			/* simulate terminal input */
-		if ((flag & FREAD) == 0 && suser(p))
+		if ((flag & FREAD) == 0 && suser_xxx(p->p_ucred, NULL, 0))
 			return (EPERM);
-		if (!isctty(p, tp) && suser(p))
+		if (!isctty(p, tp) && suser_xxx(p->p_ucred, NULL, 0))
 			return (EACCES);
 		s = spltty();
 		(*linesw[tp->t_line].l_rint)(*(u_char *)data, tp);
@@ -1044,7 +1044,7 @@ ttioctl(tp, cmd, data, flag)
 		}
 		break;
 	case TIOCSDRAINWAIT:
-		error = suser(p);
+		error = suser_xxx(p->p_ucred, NULL, 0);
 		if (error)
 			return (error);
 		tp->t_timeout = *(int *)data * hz;
diff --git a/sys/kern/tty_pty.c b/sys/kern/tty_pty.c
index a01d04e26cf..7e00ec4dda8 100644
--- a/sys/kern/tty_pty.c
+++ b/sys/kern/tty_pty.c
@@ -185,7 +185,7 @@ ptsopen(dev, flag, devtype, td)
 		tp->t_lflag = TTYDEF_LFLAG;
 		tp->t_cflag = TTYDEF_CFLAG;
 		tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
-	} else if (tp->t_state & TS_XCLUDE && suser(p)) {
+	} else if (tp->t_state & TS_XCLUDE && suser_xxx(p->p_ucred, NULL, 0)) {
 		return (EBUSY);
 	} else if (pti->pt_prison != p->p_ucred->cr_prison) {
 		return (EBUSY);