Index: sys/kern/kern_priv.c =================================================================== --- sys/kern/kern_priv.c (revision 183103) +++ sys/kern/kern_priv.c (working copy) @@ -133,24 +133,3 @@ return (priv_check_cred(td->td_ucred, priv, 0)); } - -/* - * Historical suser() wrapper functions, which now simply request PRIV_ROOT. - * These will be removed in the near future, and exist solely because - * the kernel and modules are not yet fully adapted to the new model. - */ -int -suser_cred(struct ucred *cred, int flags) -{ - - return (priv_check_cred(cred, PRIV_ROOT, flags)); -} - -int -suser(struct thread *td) -{ - - KASSERT(td == curthread, ("suser: td != curthread")); - - return (suser_cred(td->td_ucred, 0)); -} Index: sys/netipx/ipx.c =================================================================== --- sys/netipx/ipx.c (revision 183103) +++ sys/netipx/ipx.c (working copy) @@ -99,7 +99,7 @@ struct ifaddr *ifa; struct ipx_ifaddr *oia; int dstIsNew, hostIsNew; - int error = 0; + int error = 0, priv; /* * Find address for this interface, if it exists. @@ -135,12 +135,13 @@ return (0); } - if (td && (error = suser(td)) != 0) - return (error); - switch (cmd) { case SIOCAIFADDR: case SIOCDIFADDR: + priv = (cmd == SIOCAIFADDR) ? PRIV_NET_ADDIFADDR : + PRIV_NET_DELIFADDR; + if (td && (error = priv_check(td, priv)) != 0) + return (error); if (ifra->ifra_addr.sipx_family == AF_IPX) for (oia = ia; ia != NULL; ia = ia->ia_next) { if (ia->ia_ifp == ifp && @@ -154,6 +155,8 @@ case SIOCSIFADDR: case SIOCSIFDSTADDR: + if (td && (error = priv_check(td, PRIV_NET_SETLLADDR)) != 0) + return (error); if (ia == NULL) { oia = (struct ipx_ifaddr *) malloc(sizeof(*ia), M_IFADDR, @@ -183,6 +186,10 @@ ia->ia_broadaddr.sipx_addr.x_host = ipx_broadhost; } } + break; + default: + if (td && (error = priv_check(td, PRIV_NET_HWIOCTL)) != 0) + return (error); } switch (cmd) { Index: sys/nfsserver/nfs_serv.c =================================================================== --- sys/nfsserver/nfs_serv.c (revision 183103) +++ sys/nfsserver/nfs_serv.c (working copy) @@ -1802,7 +1802,8 @@ if (vap->va_type == VCHR && rdev == 0xffffffff) vap->va_type = VFIFO; if (vap->va_type != VFIFO && - (error = suser_cred(cred, 0))) { + (error = priv_check_cred(cred, PRIV_VFS_MKNOD_DEV, + 0))) { goto ereply; } vap->va_rdev = rdev; @@ -2024,7 +2025,8 @@ if (error) NDFREE(&nd, NDF_ONLY_PNBUF); } else { - if (vtyp != VFIFO && (error = suser_cred(cred, 0))) + if (vtyp != VFIFO && (error = priv_check_cred(cred, + PRIV_VFS_MKNOD_DEV, 0))) goto out; error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap); if (error) { Index: sys/dev/cxgb/ulp/tom/cxgb_cpl_io.c =================================================================== --- sys/dev/cxgb/ulp/tom/cxgb_cpl_io.c (revision 183103) +++ sys/dev/cxgb/ulp/tom/cxgb_cpl_io.c (working copy) @@ -1663,8 +1663,8 @@ if (error) return (error); - if (optval > IPTOS_PREC_CRITIC_ECP && !suser(curthread)) - return (EPERM); + if (optval > IPTOS_PREC_CRITIC_ECP) + return (EINVAL); inp = so_sotoinpcb(so); inp_wlock(inp); Index: sys/security/mac_bsdextended/mac_bsdextended.c =================================================================== --- sys/security/mac_bsdextended/mac_bsdextended.c (revision 183103) +++ sys/security/mac_bsdextended/mac_bsdextended.c (working copy) @@ -221,7 +221,7 @@ ugidfw_rulecheck(struct mac_bsdextended_rule *rule, struct ucred *cred, struct vnode *vp, struct vattr *vap, int acc_mode) { - int match; + int mac_granted, match, priv_granted; int i; /* @@ -372,9 +372,31 @@ } /* + * MBI_APPEND should not be here as it should get converted to + * MBI_WRITE. + */ + priv_granted = 0; + mac_granted = rule->mbr_mode; + if ((acc_mode & MBI_ADMIN) && (mac_granted & MBI_ADMIN) == 0 && + priv_check_cred(cred, PRIV_VFS_ADMIN, 0) == 0) + priv_granted |= MBI_ADMIN; + if ((acc_mode & MBI_EXEC) && (mac_granted & MBI_EXEC) == 0 && + priv_check_cred(cred, (vap->va_type == VDIR) ? PRIV_VFS_LOOKUP : + PRIV_VFS_EXEC, 0) == 0) + priv_granted |= MBI_EXEC; + if ((acc_mode & MBI_READ) && (mac_granted & MBI_READ) == 0 && + priv_check_cred(cred, PRIV_VFS_READ, 0) == 0) + priv_granted |= MBI_READ; + if ((acc_mode & MBI_STAT) && (mac_granted & MBI_STAT) == 0 && + priv_check_cred(cred, PRIV_VFS_STAT, 0) == 0) + priv_granted |= MBI_STAT; + if ((acc_mode & MBI_WRITE) && (mac_granted & MBI_WRITE) == 0 && + priv_check_cred(cred, PRIV_VFS_WRITE, 0) == 0) + priv_granted |= MBI_WRITE; + /* * Is the access permitted? */ - if ((rule->mbr_mode & acc_mode) != acc_mode) { + if (((mac_granted | priv_granted) & acc_mode) != acc_mode) { if (ugidfw_logging) log(LOG_AUTHPRIV, "mac_bsdextended: %d:%d request %d" " on %d:%d failed. \n", cred->cr_ruid, @@ -400,12 +422,6 @@ int error, i; /* - * XXXRW: More specific privilege selection needed. - */ - if (suser_cred(cred, 0) == 0) - return (0); - - /* * Since we do not separately handle append, map append to write. */ if (acc_mode & MBI_APPEND) { Index: sys/sys/priv.h =================================================================== --- sys/sys/priv.h (revision 183103) +++ sys/sys/priv.h (working copy) @@ -485,12 +485,6 @@ struct ucred; int priv_check(struct thread *td, int priv); int priv_check_cred(struct ucred *cred, int priv, int flags); - -/* - * Continue to support external modules that rely on suser(9) -- for now. - */ -int suser(struct thread *td); -int suser_cred(struct ucred *cred, int flags); #endif #endif /* !_SYS_PRIV_H_ */