git: bb06a80cf60b - main - netinet[6]: make in[6]_control use ucred instead of td.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 01 Jul 2023 07:03:54 UTC
The branch main has been updated by melifaro: URL: https://cgit.FreeBSD.org/src/commit/?id=bb06a80cf60b3afba459b72b2b2842898938fecf commit bb06a80cf60b3afba459b72b2b2842898938fecf Author: Alexander V. Chernikov <melifaro@FreeBSD.org> AuthorDate: 2023-06-29 07:02:46 +0000 Commit: Alexander V. Chernikov <melifaro@FreeBSD.org> CommitDate: 2023-07-01 06:52:24 +0000 netinet[6]: make in[6]_control use ucred instead of td. Reviewed by: markj, zlei Differential Revision: https://reviews.freebsd.org/D40793 MFC after: 2 weeks --- sys/netinet/in.c | 13 +++++++++---- sys/netinet/in_var.h | 3 +++ sys/netinet6/in6.c | 29 ++++++++++++++++++----------- sys/netinet6/in6_var.h | 2 ++ sys/netlink/route/iface.c | 8 ++++---- 5 files changed, 36 insertions(+), 19 deletions(-) diff --git a/sys/netinet/in.c b/sys/netinet/in.c index 6a5e3cb4ee6f..fa0d311bb563 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -325,8 +325,8 @@ in_socktrim(struct sockaddr_in *ap) * Generic internet control operations (ioctl's). */ int -in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, - struct thread *td) +in_control_ioctl(u_long cmd, void *data, struct ifnet *ifp, + struct ucred *cred) { struct ifreq *ifr = (struct ifreq *)data; struct sockaddr_in *addr = (struct sockaddr_in *)&ifr->ifr_addr; @@ -338,8 +338,6 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, if (ifp == NULL) return (EADDRNOTAVAIL); - struct ucred *cred = (td != NULL) ? td->td_ucred : NULL; - /* * Filter out 4 ioctls we implement directly. Forward the rest * to specific functions and ifp->if_ioctl(). @@ -441,6 +439,13 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, return (error); } +int +in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, + struct thread *td) +{ + return (in_control_ioctl(cmd, data, ifp, td ? td->td_ucred : NULL)); +} + static int in_aifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct ucred *cred) { diff --git a/sys/netinet/in_var.h b/sys/netinet/in_var.h index 40955e26bd81..ded314bcfbc0 100644 --- a/sys/netinet/in_var.h +++ b/sys/netinet/in_var.h @@ -437,6 +437,7 @@ inm_rele_locked(struct in_multi_head *inmh, struct in_multi *inm) struct rib_head; struct ip_moptions; +struct ucred; struct in_multi *inm_lookup_locked(struct ifnet *, const struct in_addr); struct in_multi *inm_lookup(struct ifnet *, const struct in_addr); @@ -458,6 +459,8 @@ int in_leavegroup_locked(struct in_multi *, /*const*/ struct in_mfilter *); int in_control(struct socket *, u_long, void *, struct ifnet *, struct thread *); +int in_control_ioctl(u_long, void *, struct ifnet *, + struct ucred *); int in_addprefix(struct in_ifaddr *); int in_scrubprefix(struct in_ifaddr *, u_int); void in_ifscrub_all(void); diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index 0ef640c5c4bf..24a2c20b0cca 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -249,8 +249,8 @@ struct in6_ndifreq32 { #endif int -in6_control(struct socket *so, u_long cmd, void *data, - struct ifnet *ifp, struct thread *td) +in6_control_ioctl(u_long cmd, void *data, + struct ifnet *ifp, struct ucred *cred) { struct in6_ifreq *ifr = (struct in6_ifreq *)data; struct in6_ifaddr *ia = NULL; @@ -281,8 +281,8 @@ in6_control(struct socket *so, u_long cmd, void *data, switch (cmd) { case SIOCAADDRCTL_POLICY: case SIOCDADDRCTL_POLICY: - if (td != NULL) { - error = priv_check(td, PRIV_NETINET_ADDRCTRL6); + if (cred != NULL) { + error = priv_check_cred(cred, PRIV_NETINET_ADDRCTRL6); if (error) return (error); } @@ -299,8 +299,8 @@ in6_control(struct socket *so, u_long cmd, void *data, case SIOCSDEFIFACE_IN6: case SIOCSIFINFO_FLAGS: case SIOCSIFINFO_IN6: - if (td != NULL) { - error = priv_check(td, PRIV_NETINET_ND6); + if (cred != NULL) { + error = priv_check_cred(cred, PRIV_NETINET_ND6); if (error) return (error); } @@ -343,8 +343,8 @@ in6_control(struct socket *so, u_long cmd, void *data, switch (cmd) { case SIOCSSCOPE6: - if (td != NULL) { - error = priv_check(td, PRIV_NETINET_SCOPE6); + if (cred != NULL) { + error = priv_check_cred(cred, PRIV_NETINET_SCOPE6); if (error) return (error); } @@ -412,7 +412,7 @@ in6_control(struct socket *so, u_long cmd, void *data, error = in6_setscope(&sa6->sin6_addr, ifp, NULL); if (error != 0) return (error); - if (td != NULL && (error = prison_check_ip6(td->td_ucred, + if (cred != NULL && (error = prison_check_ip6(cred, &sa6->sin6_addr)) != 0) return (error); sx_xlock(&in6_control_sx); @@ -457,8 +457,8 @@ in6_control(struct socket *so, u_long cmd, void *data, goto out; } - if (td != NULL) { - error = priv_check(td, (cmd == SIOCDIFADDR_IN6) ? + if (cred != NULL) { + error = priv_check_cred(cred, (cmd == SIOCDIFADDR_IN6) ? PRIV_NET_DELIFADDR : PRIV_NET_ADDIFADDR); if (error) goto out; @@ -596,6 +596,13 @@ out: return (error); } +int +in6_control(struct socket *so, u_long cmd, void *data, + struct ifnet *ifp, struct thread *td) +{ + return (in6_control_ioctl(cmd, data, ifp, td ? td->td_ucred : NULL)); +} + static struct in6_multi_mship * in6_joingroup_legacy(struct ifnet *ifp, const struct in6_addr *mcaddr, int *errorp, int delay) diff --git a/sys/netinet6/in6_var.h b/sys/netinet6/in6_var.h index 63dadf6b5207..f80fd80d98fe 100644 --- a/sys/netinet6/in6_var.h +++ b/sys/netinet6/in6_var.h @@ -838,6 +838,7 @@ struct ip6_moptions; struct sockopt; struct inpcbinfo; struct rib_head; +struct ucred; /* Multicast KPIs. */ int im6o_mc_filter(const struct ip6_moptions *, const struct ifnet *, @@ -862,6 +863,7 @@ int ip6_setmoptions(struct inpcb *, struct sockopt *); int in6_mask2len(struct in6_addr *, u_char *); int in6_control(struct socket *, u_long, void *, struct ifnet *, struct thread *); +int in6_control_ioctl(u_long, void *, struct ifnet *, struct ucred *); int in6_update_ifa(struct ifnet *, struct in6_aliasreq *, struct in6_ifaddr *, int); void in6_prepare_ifra(struct in6_aliasreq *, const struct in6_addr *, diff --git a/sys/netlink/route/iface.c b/sys/netlink/route/iface.c index 0874b73a5c98..c32c22af23f6 100644 --- a/sys/netlink/route/iface.c +++ b/sys/netlink/route/iface.c @@ -1185,7 +1185,7 @@ handle_newaddr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs, if (dst != NULL) req.ifra_dstaddr = *dst; - return (in_control(NULL, SIOCAIFADDR, &req, ifp, curthread)); + return (in_control_ioctl(SIOCAIFADDR, &req, ifp, nlp_get_cred(nlp))); } static int @@ -1204,7 +1204,7 @@ handle_deladdr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs, struct in_aliasreq req = { .ifra_addr = *addr }; - return (in_control(NULL, SIOCDIFADDR, &req, ifp, curthread)); + return (in_control_ioctl(SIOCDIFADDR, &req, ifp, nlp_get_cred(nlp))); } #endif @@ -1269,7 +1269,7 @@ handle_newaddr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs, if (dst != NULL) req.ifra_dstaddr = *dst; - return (in6_control(NULL, SIOCAIFADDR_IN6, &req, ifp, curthread)); + return (in6_control_ioctl(SIOCAIFADDR_IN6, &req, ifp, nlp_get_cred(nlp))); } static int @@ -1288,7 +1288,7 @@ handle_deladdr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs, struct in6_aliasreq req = { .ifra_addr = *addr }; - return (in6_control(NULL, SIOCDIFADDR_IN6, &req, ifp, curthread)); + return (in6_control_ioctl(SIOCDIFADDR_IN6, &req, ifp, nlp_get_cred(nlp))); } #endif