From owner-freebsd-current  Mon Feb 17 14:48: 8 2003
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BDF4737B401
	for <current@freebsd.org>; Mon, 17 Feb 2003 14:48:06 -0800 (PST)
Received: from mail.evip.pl (mail.evip.com.pl [212.244.157.179])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 941E743F3F
	for <current@freebsd.org>; Mon, 17 Feb 2003 14:48:03 -0800 (PST)
	(envelope-from w@evip.pl)
Received: from w by mail.evip.pl with local (Exim 4.10)
	id 18ku2u-0002AH-00
	for current@freebsd.org; Mon, 17 Feb 2003 23:47:32 +0100
Date: Mon, 17 Feb 2003 23:47:32 +0100
From: Wiktor Niesiobedzki <w@evip.pl>
To: current@freebsd.org
Subject: IPFW/socheckuid() patch
Message-ID: <20030217224732.GC2315@mail.evip.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.4i
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

Hi,

During my firewall configuration I noticed strange behaviour of ipfw option
uid.
ip_fw2.c:1513
#if __FreeBSD_version < 500034
#define socheckuid(a,b) ((a)->so_cred->cr_uid == (b))
#endif
                                if (cmd->opcode == O_UID) {
                                        match =
                                          socheckuid(pcb->inp_socket,
                                           (uid_t)((ipfw_insn_u32 *)cmd)->d[0]);
                                } else  {

Whereas the /sys/kern/uipc_socket.c:1844
int
socheckuid(struct socket *so, uid_t uid)
{

        if (so == NULL)
                return (EPERM);
        if (so->so_cred->cr_uid == uid)
                return (0);
        return (EPERM);
}


Definitions found in macro code and function are incompatible. Thus following
patch: 
===================================================================
RCS file: /sys/kern/uipc_socket.c,v
retrieving revision 1.144
diff -u -r1.1 uipc_socket.c
--- uipc_socket.c       2003/02/17 22:37:58     1.144
+++ uipc_socket.c       2003/02/17 22:44:33
@@ -1848,6 +1848,6 @@
        if (so == NULL)
                return (EPERM);
        if (so->so_cred->cr_uid == uid)
-               return (0);
+               return (1);
        return (EPERM);
 }


Cheers,

Wiktor Niesiobędzki

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message