本文整理汇总了C++中priv_check_cred函数的典型用法代码示例。如果您正苦于以下问题:C++ priv_check_cred函数的具体用法?C++ priv_check_cred怎么用?C++ priv_check_cred使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了priv_check_cred函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: random_ioctl
static int
random_ioctl(cdev_t dev, u_long cmd, caddr_t data, int flags, struct ucred *cred)
{
int error;
int intr;
/*
* Even inspecting the state is privileged, since it gives a hint
* about how easily the randomness might be guessed.
*/
error = 0;
switch (cmd) {
/* Really handled in upper layer */
case FIOASYNC:
break;
case MEM_SETIRQ:
intr = *(int16_t *)data;
if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
break;
if (intr < 0 || intr >= MAX_INTS)
return (EINVAL);
register_randintr(intr);
break;
case MEM_CLEARIRQ:
intr = *(int16_t *)data;
if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
break;
if (intr < 0 || intr >= MAX_INTS)
return (EINVAL);
unregister_randintr(intr);
break;
case MEM_RETURNIRQ:
error = ENOTSUP;
break;
case MEM_FINDIRQ:
intr = *(int16_t *)data;
if ((error = priv_check_cred(cred, PRIV_ROOT, 0)) != 0)
break;
if (intr < 0 || intr >= MAX_INTS)
return (EINVAL);
intr = next_registered_randintr(intr);
if (intr == MAX_INTS)
return (ENOENT);
*(u_int16_t *)data = intr;
break;
default:
error = ENOTSUP;
break;
}
return (error);
}示例2: mmopen
static int
mmopen(struct dev_open_args *ap)
{
cdev_t dev = ap->a_head.a_dev;
int error;
switch (minor(dev)) {
case 0:
case 1:
if (ap->a_oflags & FWRITE) {
if (securelevel > 0 || kernel_mem_readonly)
return (EPERM);
}
error = 0;
break;
case 14:
error = priv_check_cred(ap->a_cred, PRIV_ROOT, 0);
if (error != 0)
break;
if (securelevel > 0 || kernel_mem_readonly) {
error = EPERM;
break;
}
error = cpu_set_iopl();
break;
default:
error = 0;
break;
}
return (error);
}示例3: system_override
/* system call implementation */
int
system_override(__unused struct proc *p, struct system_override_args * uap, __unused int32_t *retval)
{
uint64_t timeout = uap->timeout;
uint64_t flags = uap->flags;
int error = 0;
/* Check credentials for caller. Only entitled processes are allowed to make this call. */
if ((error = priv_check_cred(kauth_cred_get(), PRIV_SYSTEM_OVERRIDE, 0))) {
goto out;
}
/* Check to see if some flags are specified. Zero flags are invalid. */
if ((flags == 0) || ((flags & ~SYS_OVERRIDE_FLAGS_MASK) != 0)) {
error = EINVAL;
goto out;
}
lck_mtx_lock(&sys_override_lock);
enable_system_override(flags);
PROCESS_OVERRIDING_SYSTEM_DEFAULTS(timeout);
disable_system_override(flags);
lck_mtx_unlock(&sys_override_lock);
out:
return error;
}示例4: sys_mlockall
/*
* mlockall(int how)
*
* No requirements
*/
int
sys_mlockall(struct mlockall_args *uap)
{
struct thread *td = curthread;
struct proc *p = td->td_proc;
vm_map_t map = &p->p_vmspace->vm_map;
vm_map_entry_t entry;
int how = uap->how;
int rc = KERN_SUCCESS;
if (((how & MCL_CURRENT) == 0) && ((how & MCL_FUTURE) == 0))
return (EINVAL);
rc = priv_check_cred(td->td_ucred, PRIV_ROOT, 0);
if (rc)
return (rc);
vm_map_lock(map);
do {
if (how & MCL_CURRENT) {
for(entry = map->header.next;
entry != &map->header;
entry = entry->next);
rc = ENOSYS;
break;
}
if (how & MCL_FUTURE)
map->flags |= MAP_WIREFUTURE;
} while(0);
vm_map_unlock(map);
return (rc);
}示例5: zone_dataset_attach
int
zone_dataset_attach(struct ucred *cred, const char *dataset, int jailid)
{
struct zone_dataset_head *head;
zone_dataset_t *zd, *zd2;
struct prison *pr;
int dofree, error;
if ((error = priv_check_cred(cred, PRIV_ZFS_JAIL, 0)) != 0)
return (error);
/* Allocate memory before we grab prison's mutex. */
zd = malloc(sizeof(*zd) + strlen(dataset) + 1, M_ZONES, M_WAITOK);
sx_slock(&allprison_lock);
pr = prison_find(jailid); /* Locks &pr->pr_mtx. */
sx_sunlock(&allprison_lock);
if (pr == NULL) {
free(zd, M_ZONES);
return (ENOENT);
}
head = osd_jail_get(pr, zone_slot);
if (head != NULL) {
dofree = 0;
LIST_FOREACH(zd2, head, zd_next) {
if (strcmp(dataset, zd2->zd_dataset) == 0) {
free(zd, M_ZONES);
error = EEXIST;
goto end;
}
}
} else {示例6: sys_osethostname
int
sys_osethostname(struct sethostname_args *uap)
{
struct thread *td = curthread;
size_t len;
char *hostname;
int name[2];
int error;
name[0] = CTL_KERN;
name[1] = KERN_HOSTNAME;
error = priv_check_cred(td->td_ucred, PRIV_SETHOSTNAME, 0);
if (error)
return (error);
len = MIN(uap->len, MAXHOSTNAMELEN);
hostname = kmalloc(MAXHOSTNAMELEN, M_TEMP, M_WAITOK);
error = copyin(uap->hostname, hostname, len);
if (error) {
kfree(hostname, M_TEMP);
return (error);
}
error = kernel_sysctl(name, 2, NULL, 0, hostname, len, NULL);
kfree(hostname, M_TEMP);
return (error);
}示例7: sys_setegid
int
sys_setegid(struct setegid_args *uap)
{
struct proc *p = curproc;
struct ucred *cr;
gid_t egid;
int error;
lwkt_gettoken(&proc_token);
cr = p->p_ucred;
egid = uap->egid;
if (egid != cr->cr_rgid && /* allow setegid(getgid()) */
egid != cr->cr_svgid && /* allow setegid(saved gid) */
(error = priv_check_cred(cr, PRIV_CRED_SETEGID, 0))) {
goto done;
}
if (cr->cr_groups[0] != egid) {
cr = cratom(&p->p_ucred);
cr->cr_groups[0] = egid;
setsugid();
}
error = 0;
done:
lwkt_reltoken(&proc_token);
return (error);
}示例8: sys_seteuid
int
sys_seteuid(struct seteuid_args *uap)
{
struct proc *p = curproc;
struct ucred *cr;
uid_t euid;
int error;
lwkt_gettoken(&proc_token);
cr = p->p_ucred;
euid = uap->euid;
if (euid != cr->cr_ruid && /* allow seteuid(getuid()) */
euid != cr->cr_svuid && /* allow seteuid(saved uid) */
(error = priv_check_cred(cr, PRIV_CRED_SETEUID, 0))) {
lwkt_reltoken(&proc_token);
return (error);
}
/*
* Everything's okay, do it. Copy credentials so other references do
* not see our changes.
*/
if (cr->cr_uid != euid) {
change_euid(euid);
setsugid();
}
lwkt_reltoken(&proc_token);
return (0);
}示例9: ksem_chown
static int
ksem_chown(struct file *fp, uid_t uid, gid_t gid, struct ucred *active_cred,
struct thread *td)
{
struct ksem *ks;
int error;
error = 0;
ks = fp->f_data;
mtx_lock(&sem_lock);
#ifdef MAC
error = mac_posixsem_check_setowner(active_cred, ks, uid, gid);
if (error != 0)
goto out;
#endif
if (uid == (uid_t)-1)
uid = ks->ks_uid;
if (gid == (gid_t)-1)
gid = ks->ks_gid;
if (((uid != ks->ks_uid && uid != active_cred->cr_uid) ||
(gid != ks->ks_gid && !groupmember(gid, active_cred))) &&
(error = priv_check_cred(active_cred, PRIV_VFS_CHOWN, 0)))
goto out;
ks->ks_uid = uid;
ks->ks_gid = gid;
out:
mtx_unlock(&sem_lock);
return (error);
}示例10: seeotheruids_check
static int
seeotheruids_check(struct ucred *cr1, struct ucred *cr2)
{
if (!seeotheruids_enabled)
return (0);
if (primarygroup_enabled) {
if (cr1->cr_rgid == cr2->cr_rgid)
return (0);
}
if (specificgid_enabled) {
if (cr1->cr_rgid == specificgid ||
groupmember(specificgid, cr1))
return (0);
}
if (cr1->cr_ruid == cr2->cr_ruid)
return (0);
if (suser_privileged) {
if (priv_check_cred(cr1, PRIV_SEEOTHERUIDS, 0) == 0)
return (0);
}
return (ESRCH);
}示例11: partition_cred_check_relabel
/*
* Object-specific entry points are sorted alphabetically by object type name
* and then by operation.
*/
static int
partition_cred_check_relabel(struct ucred *cred, struct label *newlabel)
{
int error;
error = 0;
/*
* Treat "0" as a no-op request because it reflects an unset
* partition label. If we ever want to support switching back to an
* unpartitioned state for a process, we'll need to differentiate the
* "not in a partition" and "no partition defined during internalize"
* conditions.
*/
if (SLOT(newlabel) != 0) {
/*
* Require BSD privilege in order to change the partition.
* Originally we also required that the process not be in a
* partition in the first place, but this didn't interact
* well with sendmail.
*/
error = priv_check_cred(cred, PRIV_MAC_PARTITION, 0);
}
return (error);
}示例12: shm_chown
static int
shm_chown(struct file *fp, uid_t uid, gid_t gid, struct ucred *active_cred,
struct thread *td)
{
struct shmfd *shmfd;
int error;
error = 0;
shmfd = fp->f_data;
mtx_lock(&shm_timestamp_lock);
#ifdef MAC
error = mac_posixshm_check_setowner(active_cred, shmfd, uid, gid);
if (error != 0)
goto out;
#endif
if (uid == (uid_t)-1)
uid = shmfd->shm_uid;
if (gid == (gid_t)-1)
gid = shmfd->shm_gid;
if (((uid != shmfd->shm_uid && uid != active_cred->cr_uid) ||
(gid != shmfd->shm_gid && !groupmember(gid, active_cred))) &&
(error = priv_check_cred(active_cred, PRIV_VFS_CHOWN, 0)))
goto out;
shmfd->shm_uid = uid;
shmfd->shm_gid = gid;
out:
mtx_unlock(&shm_timestamp_lock);
return (error);
}示例13: priv_check
/*
* Test whether the specified credentials have the privilege
* in question.
*
* A kernel thread without a process context is assumed to have
* the privilege in question. In situations where the caller always
* expect a cred to exist, the cred should be passed separately and
* priv_check_cred() should be used instead of priv_check().
*
* Returns 0 or error.
*
* MPSAFE
*/
int
priv_check(struct thread *td, int priv)
{
if (td->td_lwp != NULL)
return priv_check_cred(td->td_ucred, priv, 0);
return (0);
}示例14: sys_setlogin
/*
* Set login name.
*/
int
sys_setlogin(struct setlogin_args *uap)
{
struct thread *td = curthread;
struct proc *p;
struct ucred *cred;
char buf[MAXLOGNAME];
int error;
cred = td->td_ucred;
p = td->td_proc;
if ((error = priv_check_cred(cred, PRIV_PROC_SETLOGIN, 0)))
return (error);
bzero(buf, sizeof(buf));
error = copyinstr(uap->namebuf, buf, sizeof(buf), NULL);
if (error == ENAMETOOLONG)
error = EINVAL;
if (error == 0) {
lwkt_gettoken(&proc_token);
memcpy(p->p_pgrp->pg_session->s_login, buf, sizeof(buf));
lwkt_reltoken(&proc_token);
}
return (error);
}示例15: priv_check
int
priv_check(struct thread *td, int priv)
{
KASSERT(td == curthread, ("priv_check: td != curthread"));
return (priv_check_cred(td->td_ucred, priv, 0));
}