Date: Fri, 20 Oct 2006 00:07:55 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 108137 for review Message-ID: <200610200007.k9K07t52075405@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=108137 Change 108137 by rwatson@rwatson_zoo on 2006/10/20 00:06:58 Merge more changes from HEAD to priv6: More suser replacement in the network stack -- add/remove addresses. Handle broadcast/etc ioctls (obsolete) using similar checks, but we might want to move to explicit checks. Affected files ... .. //depot/projects/trustedbsd/priv6/src/sys/netinet/in.c#3 edit .. //depot/projects/trustedbsd/priv6/src/sys/sys/priv.h#4 edit Differences ... ==== //depot/projects/trustedbsd/priv6/src/sys/netinet/in.c#3 (text+ko) ==== @@ -37,6 +37,7 @@ #include <sys/systm.h> #include <sys/sockio.h> #include <sys/malloc.h> +#include <sys/priv.h> #include <sys/socket.h> #include <sys/kernel.h> #include <sys/sysctl.h> @@ -232,10 +233,25 @@ switch (cmd) { case SIOCALIFADDR: + if (td != NULL) { + error = priv_check(td, PRIV_NET_ADDIFADDR); + if (error) + return (error); + } + if (!ifp) + return EINVAL; + return in_lifaddr_ioctl(so, cmd, data, ifp, td); + case SIOCDLIFADDR: - if (td && (error = suser(td)) != 0) - return error; - /*fall through*/ + if (td != NULL) { + error = priv_check(td, PRIV_NET_DELIFADDR); + if (error) + return (error); + } + if (!ifp) + return EINVAL; + return in_lifaddr_ioctl(so, cmd, data, ifp, td); + case SIOCGLIFADDR: if (!ifp) return EINVAL; @@ -292,8 +308,11 @@ case SIOCSIFADDR: case SIOCSIFNETMASK: case SIOCSIFDSTADDR: - if (td && (error = suser(td)) != 0) - return error; + if (td != NULL) { + error = priv_check(td, PRIV_NET_ADDIFADDR); + if (error) + return (error); + } if (ifp == 0) return (EADDRNOTAVAIL); @@ -330,8 +349,11 @@ break; case SIOCSIFBRDADDR: - if (td && (error = suser(td)) != 0) - return error; + if (td != NULL) { + error = priv_check(td, PRIV_NET_ADDIFADDR); + if (error) + return (error); + } /* FALLTHROUGH */ case SIOCGIFADDR: ==== //depot/projects/trustedbsd/priv6/src/sys/sys/priv.h#4 (text+ko) ==== @@ -212,6 +212,8 @@ PRIV_NET_DELIFGROUP, /* Delete interface group. */ PRIV_NET_IFCREATE, /* Create cloned interface. */ PRIV_NET_IFDESTROY, /* Destroy cloned interface. */ + PRIV_NET_ADDIFADDR, /* Add protocol address to interface. */ + PRIV_NET_DELIFADDR, /* Delete protocol address on interface. */ PRIV_NET80211_GETKEY, /* Query 802.11 keys. */ PRIV_NET80211_MANAGE, /* Administer 802.11. */ PRIV_NETATALK_RESERVEDPORT, /* Bind low port number. */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610200007.k9K07t52075405>