From owner-svn-src-all@FreeBSD.ORG Fri Apr 24 09:54:46 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 92ACF106566C; Fri, 24 Apr 2009 09:54:46 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 66FE28FC0C; Fri, 24 Apr 2009 09:54:46 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n3O9skpu014518; Fri, 24 Apr 2009 09:54:46 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n3O9skr7014517; Fri, 24 Apr 2009 09:54:46 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <200904240954.n3O9skr7014517@svn.freebsd.org> From: Robert Watson Date: Fri, 24 Apr 2009 09:54:46 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r191456 - head/sys/netinet X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2009 09:54:47 -0000 Author: rwatson Date: Fri Apr 24 09:54:46 2009 New Revision: 191456 URL: http://svn.freebsd.org/changeset/base/191456 Log: Relocate permissions checking code in in_control() to before the body of the implementation of ioctls. This makes the mapping of ioctls to specific privileges more explicit, and also simplifies the implementation by reducing the use of FALLTHROUGH handling in switch. While this is not intended to be a functional change, it does mean that certain privilege checks are now performed earlier, so EPERM might be returned in preference to EADDRNOTAVAIL for management ioctls that could have failed for both reasons. MFC after: 3 weeks Modified: head/sys/netinet/in.c Modified: head/sys/netinet/in.c ============================================================================== --- head/sys/netinet/in.c Fri Apr 24 08:57:54 2009 (r191455) +++ head/sys/netinet/in.c Fri Apr 24 09:54:46 2009 (r191456) @@ -280,6 +280,31 @@ in_control(struct socket *so, u_long cmd return (EADDRNOTAVAIL); /* + * Security checks before we get involved in any work. + */ + switch (cmd) { + case SIOCAIFADDR: + case SIOCSIFADDR: + case SIOCSIFBRDADDR: + case SIOCSIFNETMASK: + case SIOCSIFDSTADDR: + if (td != NULL) { + error = priv_check(td, PRIV_NET_ADDIFADDR); + if (error) + return (error); + } + break; + + case SIOCDIFADDR: + if (td != NULL) { + error = priv_check(td, PRIV_NET_DELIFADDR); + if (error) + return (error); + } + break; + } + + /* * Find address for this interface, if it exists. * * If an alias address was specified, find that one instead of the @@ -334,13 +359,6 @@ in_control(struct socket *so, u_long cmd case SIOCSIFADDR: case SIOCSIFNETMASK: case SIOCSIFDSTADDR: - if (td != NULL) { - error = priv_check(td, (cmd == SIOCDIFADDR) ? - PRIV_NET_DELIFADDR : PRIV_NET_ADDIFADDR); - if (error) - return (error); - } - if (ia == NULL) { ia = (struct in_ifaddr *) malloc(sizeof *ia, M_IFADDR, M_WAITOK | M_ZERO); @@ -376,13 +394,6 @@ in_control(struct socket *so, u_long cmd break; case SIOCSIFBRDADDR: - if (td != NULL) { - error = priv_check(td, PRIV_NET_ADDIFADDR); - if (error) - return (error); - } - /* FALLTHROUGH */ - case SIOCGIFADDR: case SIOCGIFNETMASK: case SIOCGIFDSTADDR: