From owner-p4-projects@FreeBSD.ORG Fri Oct 20 00:08:08 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id E5E5316A47C; Fri, 20 Oct 2006 00:08:07 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A905616A417 for ; Fri, 20 Oct 2006 00:08:07 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id DDCDE43D80 for ; Fri, 20 Oct 2006 00:07:56 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k9K07ukB075408 for ; Fri, 20 Oct 2006 00:07:56 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k9K07t52075405 for perforce@freebsd.org; Fri, 20 Oct 2006 00:07:55 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Fri, 20 Oct 2006 00:07:55 GMT Message-Id: <200610200007.k9K07t52075405@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 108137 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Oct 2006 00:08:08 -0000 http://perforce.freebsd.org/chv.cgi?CH=108137 Change 108137 by rwatson@rwatson_zoo on 2006/10/20 00:06:58 Merge more changes from HEAD to priv6: More suser replacement in the network stack -- add/remove addresses. Handle broadcast/etc ioctls (obsolete) using similar checks, but we might want to move to explicit checks. Affected files ... .. //depot/projects/trustedbsd/priv6/src/sys/netinet/in.c#3 edit .. //depot/projects/trustedbsd/priv6/src/sys/sys/priv.h#4 edit Differences ... ==== //depot/projects/trustedbsd/priv6/src/sys/netinet/in.c#3 (text+ko) ==== @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -232,10 +233,25 @@ switch (cmd) { case SIOCALIFADDR: + if (td != NULL) { + error = priv_check(td, PRIV_NET_ADDIFADDR); + if (error) + return (error); + } + if (!ifp) + return EINVAL; + return in_lifaddr_ioctl(so, cmd, data, ifp, td); + case SIOCDLIFADDR: - if (td && (error = suser(td)) != 0) - return error; - /*fall through*/ + if (td != NULL) { + error = priv_check(td, PRIV_NET_DELIFADDR); + if (error) + return (error); + } + if (!ifp) + return EINVAL; + return in_lifaddr_ioctl(so, cmd, data, ifp, td); + case SIOCGLIFADDR: if (!ifp) return EINVAL; @@ -292,8 +308,11 @@ case SIOCSIFADDR: case SIOCSIFNETMASK: case SIOCSIFDSTADDR: - if (td && (error = suser(td)) != 0) - return error; + if (td != NULL) { + error = priv_check(td, PRIV_NET_ADDIFADDR); + if (error) + return (error); + } if (ifp == 0) return (EADDRNOTAVAIL); @@ -330,8 +349,11 @@ break; case SIOCSIFBRDADDR: - if (td && (error = suser(td)) != 0) - return error; + if (td != NULL) { + error = priv_check(td, PRIV_NET_ADDIFADDR); + if (error) + return (error); + } /* FALLTHROUGH */ case SIOCGIFADDR: ==== //depot/projects/trustedbsd/priv6/src/sys/sys/priv.h#4 (text+ko) ==== @@ -212,6 +212,8 @@ PRIV_NET_DELIFGROUP, /* Delete interface group. */ PRIV_NET_IFCREATE, /* Create cloned interface. */ PRIV_NET_IFDESTROY, /* Destroy cloned interface. */ + PRIV_NET_ADDIFADDR, /* Add protocol address to interface. */ + PRIV_NET_DELIFADDR, /* Delete protocol address on interface. */ PRIV_NET80211_GETKEY, /* Query 802.11 keys. */ PRIV_NET80211_MANAGE, /* Administer 802.11. */ PRIV_NETATALK_RESERVEDPORT, /* Bind low port number. */