From owner-p4-projects@FreeBSD.ORG Wed Oct 11 07:10:22 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 38B7116A415; Wed, 11 Oct 2006 07:10:22 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A807C16A412 for ; Wed, 11 Oct 2006 07:10:21 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53BFE43D55 for ; Wed, 11 Oct 2006 07:10:21 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k9B7ALBj029945 for ; Wed, 11 Oct 2006 07:10:21 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k9B7AKPm029923 for perforce@freebsd.org; Wed, 11 Oct 2006 07:10:20 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Wed, 11 Oct 2006 07:10:20 GMT Message-Id: <200610110710.k9B7AKPm029923@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 107659 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Oct 2006 07:10:22 -0000 http://perforce.freebsd.org/chv.cgi?CH=107659 Change 107659 by rwatson@rwatson_zoo on 2006/10/11 07:09:45 More suser replacement in the network stack -- add/remove addresses. Handle broadcast/etc ioctls (obsolete) using similar checks, but we might want to move to explicit checks. Affected files ... .. //depot/projects/trustedbsd/priv/sys/netinet/in.c#2 edit .. //depot/projects/trustedbsd/priv/sys/sys/priv.h#6 edit Differences ... ==== //depot/projects/trustedbsd/priv/sys/netinet/in.c#2 (text+ko) ==== @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -232,10 +233,25 @@ switch (cmd) { case SIOCALIFADDR: + if (td != NULL) { + error = priv_check(td, PRIV_NET_ADDIFADDR); + if (error) + return (error); + } + if (!ifp) + return EINVAL; + return in_lifaddr_ioctl(so, cmd, data, ifp, td); + case SIOCDLIFADDR: - if (td && (error = suser(td)) != 0) - return error; - /*fall through*/ + if (td != NULL) { + error = priv_check(td, PRIV_NET_DELIFADDR); + if (error) + return (error); + } + if (!ifp) + return EINVAL; + return in_lifaddr_ioctl(so, cmd, data, ifp, td); + case SIOCGLIFADDR: if (!ifp) return EINVAL; @@ -292,8 +308,11 @@ case SIOCSIFADDR: case SIOCSIFNETMASK: case SIOCSIFDSTADDR: - if (td && (error = suser(td)) != 0) - return error; + if (td != NULL) { + error = priv_check(td, PRIV_NET_ADDIFADDR); + if (error) + return (error); + } if (ifp == 0) return (EADDRNOTAVAIL); @@ -330,8 +349,11 @@ break; case SIOCSIFBRDADDR: - if (td && (error = suser(td)) != 0) - return error; + if (td != NULL) { + error = priv_check(td, PRIV_NET_ADDIFADDR); + if (error) + return (error); + } /* FALLTHROUGH */ case SIOCGIFADDR: ==== //depot/projects/trustedbsd/priv/sys/sys/priv.h#6 (text+ko) ==== @@ -212,6 +212,8 @@ PRIV_NET_DELIFGROUP, /* Delete interface group. */ PRIV_NET_IFCREATE, /* Create cloned interface. */ PRIV_NET_IFDESTROY, /* Destroy cloned interface. */ + PRIV_NET_ADDIFADDR, /* Add protocol address to interface. */ + PRIV_NET_DELIFADDR, /* Delete protocol address on interface. */ PRIV_NET80211_GETKEY, /* Query 802.11 keys. */ PRIV_NET80211_MANAGE, /* Administer 802.11. */ PRIV_NETATALK_RESERVEDPORT, /* Bind low port number. */