Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 11 Oct 2006 07:10:20 GMT
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 107659 for review
Message-ID:  <200610110710.k9B7AKPm029923@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=107659

Change 107659 by rwatson@rwatson_zoo on 2006/10/11 07:09:45

	More suser replacement in the network stack -- add/remove addresses.
	Handle broadcast/etc ioctls (obsolete) using similar checks, but we
	might want to move to explicit checks.

Affected files ...

.. //depot/projects/trustedbsd/priv/sys/netinet/in.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/sys/priv.h#6 edit

Differences ...

==== //depot/projects/trustedbsd/priv/sys/netinet/in.c#2 (text+ko) ====

@@ -37,6 +37,7 @@
 #include <sys/systm.h>
 #include <sys/sockio.h>
 #include <sys/malloc.h>
+#include <sys/priv.h>
 #include <sys/socket.h>
 #include <sys/kernel.h>
 #include <sys/sysctl.h>
@@ -232,10 +233,25 @@
 
 	switch (cmd) {
 	case SIOCALIFADDR:
+		if (td != NULL) {
+			error = priv_check(td, PRIV_NET_ADDIFADDR);
+			if (error)
+				return (error);
+		}
+		if (!ifp)
+			return EINVAL;
+		return in_lifaddr_ioctl(so, cmd, data, ifp, td);
+
 	case SIOCDLIFADDR:
-		if (td && (error = suser(td)) != 0)
-			return error;
-		/*fall through*/
+		if (td != NULL) {
+			error = priv_check(td, PRIV_NET_DELIFADDR);
+			if (error)
+				return (error);
+		}
+		if (!ifp)
+			return EINVAL;
+		return in_lifaddr_ioctl(so, cmd, data, ifp, td);
+
 	case SIOCGLIFADDR:
 		if (!ifp)
 			return EINVAL;
@@ -292,8 +308,11 @@
 	case SIOCSIFADDR:
 	case SIOCSIFNETMASK:
 	case SIOCSIFDSTADDR:
-		if (td && (error = suser(td)) != 0)
-			return error;
+		if (td != NULL) {
+			error = priv_check(td, PRIV_NET_ADDIFADDR);
+			if (error)
+				return (error);
+		}
 
 		if (ifp == 0)
 			return (EADDRNOTAVAIL);
@@ -330,8 +349,11 @@
 		break;
 
 	case SIOCSIFBRDADDR:
-		if (td && (error = suser(td)) != 0)
-			return error;
+		if (td != NULL) {
+			error = priv_check(td, PRIV_NET_ADDIFADDR);
+			if (error)
+				return (error);
+		}
 		/* FALLTHROUGH */
 
 	case SIOCGIFADDR:

==== //depot/projects/trustedbsd/priv/sys/sys/priv.h#6 (text+ko) ====

@@ -212,6 +212,8 @@
 	PRIV_NET_DELIFGROUP,	/* Delete interface group. */
 	PRIV_NET_IFCREATE,	/* Create cloned interface. */
 	PRIV_NET_IFDESTROY,	/* Destroy cloned interface. */
+	PRIV_NET_ADDIFADDR,	/* Add protocol address to interface. */
+	PRIV_NET_DELIFADDR,	/* Delete protocol address on interface. */
 	PRIV_NET80211_GETKEY,	/* Query 802.11 keys. */
 	PRIV_NET80211_MANAGE,	/* Administer 802.11. */
 	PRIV_NETATALK_RESERVEDPORT,	/* Bind low port number. */



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610110710.k9B7AKPm029923>