Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/fs/tmpfs/tmpfs_subr.c,v
rcsdiff: /ftp/cvs/cvsroot/src/sys/fs/tmpfs/tmpfs_subr.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.18
retrieving revision 1.18.2.4
diff -u -p -r1.18 -r1.18.2.4
--- src/sys/fs/tmpfs/tmpfs_subr.c	2006/02/16 14:57:50	1.18
+++ src/sys/fs/tmpfs/tmpfs_subr.c	2006/09/03 15:25:13	1.18.2.4
@@ -1,4 +1,4 @@
-/*	$NetBSD: tmpfs_subr.c,v 1.18 2006/02/16 14:57:50 jmmv Exp $	*/
+/*	$NetBSD: tmpfs_subr.c,v 1.18.2.4 2006/09/03 15:25:13 yamt Exp $	*/
 
 /*
  * Copyright (c) 2005, 2006 The NetBSD Foundation, Inc.
@@ -42,7 +42,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.18 2006/02/16 14:57:50 jmmv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.18.2.4 2006/09/03 15:25:13 yamt Exp $");
 
 #include <sys/param.h>
 #include <sys/dirent.h>
@@ -55,6 +55,7 @@ __KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c
 #include <sys/systm.h>
 #include <sys/swap.h>
 #include <sys/vnode.h>
+#include <sys/kauth.h>
 
 #include <uvm/uvm.h>
 
@@ -130,7 +131,7 @@ tmpfs_alloc_node(struct tmpfs_mount *tmp
 	nnode->tn_status = 0;
 	nnode->tn_flags = 0;
 	nnode->tn_links = 0;
-	(void)nanotime(&nnode->tn_atime);
+	getnanotime(&nnode->tn_atime);
 	nnode->tn_birthtime = nnode->tn_ctime = nnode->tn_mtime =
 	    nnode->tn_atime;
 	nnode->tn_uid = uid;
@@ -495,7 +496,7 @@ tmpfs_alloc_file(struct vnode *dvp, stru
 		parent = NULL;
 
 	/* Allocate a node that represents the new file. */
-	error = tmpfs_alloc_node(tmp, vap->va_type, cnp->cn_cred->cr_uid,
+	error = tmpfs_alloc_node(tmp, vap->va_type, kauth_cred_geteuid(cnp->cn_cred),
 	    dnode->tn_gid, vap->va_mode, parent, target, vap->va_rdev,
 	    cnp->cn_lwp->l_proc, &node);
 	if (error != 0)
@@ -954,7 +955,7 @@ tmpfs_mem_info(boolean_t total)
  * The vnode must be locked on entry and remain locked on exit.
  */
 int
-tmpfs_chflags(struct vnode *vp, int flags, struct ucred *cred, struct proc *p)
+tmpfs_chflags(struct vnode *vp, int flags, kauth_cred_t cred, struct lwp *l)
 {
 	int error;
 	struct tmpfs_node *node;
@@ -970,10 +971,11 @@ tmpfs_chflags(struct vnode *vp, int flag
 	/* XXX: The following comes from UFS code, and can be found in
 	 * several other file systems.  Shouldn't this be centralized
 	 * somewhere? */
-	if (cred->cr_uid != node->tn_uid &&
-	    (error = suser(cred, &p->p_acflag)))
+	if (kauth_cred_geteuid(cred) != node->tn_uid &&
+	    (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
+	    &l->l_acflag)))
 		return error;
-	if (cred->cr_uid == 0) {
+	if (kauth_cred_geteuid(cred) == 0) {
 		/* The super-user is only allowed to change flags if the file
 		 * wasn't protected before and the securelevel is zero. */
 		if ((node->tn_flags & (SF_IMMUTABLE | SF_APPEND)) &&
@@ -1009,9 +1011,9 @@ tmpfs_chflags(struct vnode *vp, int flag
  * The vnode must be locked on entry and remain locked on exit.
  */
 int
-tmpfs_chmod(struct vnode *vp, mode_t mode, struct ucred *cred, struct proc *p)
+tmpfs_chmod(struct vnode *vp, mode_t mode, kauth_cred_t cred, struct lwp *l)
 {
-	int error;
+	int error, ismember = 0;
 	struct tmpfs_node *node;
 
 	KASSERT(VOP_ISLOCKED(vp));
@@ -1029,14 +1031,16 @@ tmpfs_chmod(struct vnode *vp, mode_t mod
 	/* XXX: The following comes from UFS code, and can be found in
 	 * several other file systems.  Shouldn't this be centralized
 	 * somewhere? */
-	if (cred->cr_uid != node->tn_uid &&
-	    (error = suser(cred, &p->p_acflag)))
+	if (kauth_cred_geteuid(cred) != node->tn_uid &&
+	    (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
+	    &l->l_acflag)))
 		return error;
-	if (cred->cr_uid != 0) {
+	if (kauth_cred_geteuid(cred) != 0) {
 		if (vp->v_type != VDIR && (mode & S_ISTXT))
 			return EFTYPE;
 
-		if (!groupmember(node->tn_gid, cred) && (mode & S_ISGID))
+		if ((kauth_cred_ismember_gid(cred, node->tn_gid,
+		    &ismember) != 0 || !ismember) && (mode & S_ISGID))
 			return EPERM;
 	}
 
@@ -1060,10 +1064,10 @@ tmpfs_chmod(struct vnode *vp, mode_t mod
  * The vnode must be locked on entry and remain locked on exit.
  */
 int
-tmpfs_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred,
-    struct proc *p)
+tmpfs_chown(struct vnode *vp, uid_t uid, gid_t gid, kauth_cred_t cred,
+    struct lwp *l)
 {
-	int error;
+	int error, ismember = 0;
 	struct tmpfs_node *node;
 
 	KASSERT(VOP_ISLOCKED(vp));
@@ -1089,10 +1093,11 @@ tmpfs_chown(struct vnode *vp, uid_t uid,
 	/* XXX: The following comes from UFS code, and can be found in
 	 * several other file systems.  Shouldn't this be centralized
 	 * somewhere? */
-	if ((cred->cr_uid != node->tn_uid || uid != node->tn_uid ||
-	    (gid != node->tn_gid && !(cred->cr_gid == node->tn_gid ||
-	     groupmember(gid, cred)))) &&
-	    ((error = suser(cred, &p->p_acflag)) != 0))
+	if ((kauth_cred_geteuid(cred) != node->tn_uid || uid != node->tn_uid ||
+	    (gid != node->tn_gid && !(kauth_cred_getegid(cred) == node->tn_gid ||
+	    (kauth_cred_ismember_gid(cred, gid, &ismember) == 0 && ismember)))) &&
+	    ((error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
+	    &l->l_acflag)) != 0))
 		return error;
 
 	node->tn_uid = uid;
@@ -1114,8 +1119,8 @@ tmpfs_chown(struct vnode *vp, uid_t uid,
  * The vnode must be locked on entry and remain locked on exit.
  */
 int
-tmpfs_chsize(struct vnode *vp, u_quad_t size, struct ucred *cred,
-    struct proc *p)
+tmpfs_chsize(struct vnode *vp, u_quad_t size, kauth_cred_t cred,
+    struct lwp *l)
 {
 	int error;
 	struct tmpfs_node *node;
@@ -1172,7 +1177,7 @@ tmpfs_chsize(struct vnode *vp, u_quad_t 
  */
 int
 tmpfs_chtimes(struct vnode *vp, struct timespec *atime, struct timespec *mtime,
-    int vaflags, struct ucred *cred, struct lwp *l)
+    int vaflags, kauth_cred_t cred, struct lwp *l)
 {
 	int error;
 	struct tmpfs_node *node;
@@ -1192,9 +1197,9 @@ tmpfs_chtimes(struct vnode *vp, struct t
 	/* XXX: The following comes from UFS code, and can be found in
 	 * several other file systems.  Shouldn't this be centralized
 	 * somewhere? */
-	if (cred->cr_uid != node->tn_uid &&
-	    (error = suser(cred, &l->l_proc->p_acflag)) &&
-	    ((vaflags & VA_UTIMES_NULL) == 0 ||
+	if (kauth_cred_geteuid(cred) != node->tn_uid &&
+	    (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
+	    &l->l_acflag)) && ((vaflags & VA_UTIMES_NULL) == 0 ||
 	    (error = VOP_ACCESS(vp, VWRITE, cred, l))))
 		return error;
 
@@ -1218,9 +1223,8 @@ void
 tmpfs_itimes(struct vnode *vp, const struct timespec *acc,
     const struct timespec *mod)
 {
+	struct timespec now;
 	struct tmpfs_node *node;
-	const struct timespec *ts = NULL;
-	struct timespec tsb;
 
 	node = VP_TO_TMPFS_NODE(vp);
 
@@ -1228,21 +1232,20 @@ tmpfs_itimes(struct vnode *vp, const str
 	    TMPFS_NODE_CHANGED)) == 0)
 		return;
 
+	getnanotime(&now);
 	if (node->tn_status & TMPFS_NODE_ACCESSED) {
 		if (acc == NULL)
-			acc = ts == NULL ? (ts = nanotime(&tsb)) : ts;
+			acc = &now;
 		node->tn_atime = *acc;
 	}
 	if (node->tn_status & TMPFS_NODE_MODIFIED) {
 		if (mod == NULL)
-			mod = ts == NULL ? (ts = nanotime(&tsb)) : ts;
+			mod = &now;
 		node->tn_mtime = *mod;
 	}
-	if (node->tn_status & TMPFS_NODE_CHANGED) {
-		if (ts == NULL)
-			ts = nanotime(&tsb);
-		node->tn_ctime = *ts;
-	}
+	if (node->tn_status & TMPFS_NODE_CHANGED)
+		node->tn_ctime = now;
+
 	node->tn_status &=
 	    ~(TMPFS_NODE_ACCESSED | TMPFS_NODE_MODIFIED | TMPFS_NODE_CHANGED);
 }
@@ -1260,8 +1263,10 @@ tmpfs_update(struct vnode *vp, const str
 
 	node = VP_TO_TMPFS_NODE(vp);
 
+#if 0
 	if (flags & UPDATE_CLOSE)
 		; /* XXX Need to do anything special? */
+#endif
 
 	tmpfs_itimes(vp, acc, mod);