PERFORCE change 79598 for review

Tue Jul 5 11:57:05 GMT 2005

http://perforce.freebsd.org/chv.cgi?CH=79598

Change 79598 by rwatson at rwatson_paprika on 2005/07/05 11:56:13

	Use CAP_NET_ADMIN instead of suser() for configuring 802.11, both
	in the net80211 code, and also in the older wireless drivers that
	implement parts of 802.11 themselves.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/dev/if_ndis/if_ndis.c#6 edit
.. //depot/projects/trustedbsd/sebsd/sys/dev/owi/if_owi.c#7 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/dev/if_ndis/if_ndis.c#6 (text+ko) ====

@@ -2458,7 +2458,7 @@
 	uint32_t		foo;
 	int			error, len;
 
-	error = suser(curthread);
+	error = cap_check(curthread, CAP_NET_ADMIN);
 	if (error)
 		return (error);
 
@@ -2916,7 +2916,7 @@
 		rt_ieee80211msg(ifp, RTM_IEEE80211_SCAN, NULL, 0);
 		break;
 	case IEEE80211_IOC_STATIONNAME:
-		error = suser(curthread);
+		error = cap_check(curthread, CAP_NET_ADMIN);
 		if (error)
 			break;
 		if (ireq->i_val != 0 ||

==== //depot/projects/trustedbsd/sebsd/sys/dev/owi/if_owi.c#7 (text+ko) ====

@@ -1391,7 +1391,8 @@
 			break;
 		}
 		/* Don't show WEP keys to non-root users. */
-		if (wreq.wi_type == WI_RID_DEFLT_CRYPT_KEYS && suser(td))
+		if (wreq.wi_type == WI_RID_DEFLT_CRYPT_KEYS &&
+		    cap_check(td, CAP_NET_ADMIN))
 			break;
 		if (wreq.wi_type == WI_RID_IFACE_STATS) {
 			bcopy((char *)&sc->wi_stats, (char *)&wreq.wi_val,
@@ -1403,7 +1404,7 @@
 		}
 #ifdef WICACHE
 		else if (wreq.wi_type == WI_RID_ZERO_CACHE) {
-			error = suser(td);
+			error = cap_check(td, CAP_NET_ADMIN);
 			if (error)
 				break;
 			sc->wi_sigitems = sc->wi_nextitem = 0;
@@ -1441,7 +1442,7 @@
 		error = copyout(&wreq, ifr->ifr_data, sizeof(wreq));
 		break;
 	case SIOCSWAVELAN:
-		if ((error = suser(td)))
+		if ((error = cap_check(td, CAP_NET_ADMIN)))
 			goto out;
 		error = copyin(ifr->ifr_data, &wreq, sizeof(wreq));
 		if (error)
@@ -1516,7 +1517,7 @@
 				break;
 			}
 			len = sc->wi_keys.wi_keys[ireq->i_val].wi_keylen;
-			if (suser(td))
+			if (cap_check(td, CAP_NET_ADMIN))
 				bcopy(sc->wi_keys.wi_keys[ireq->i_val].wi_keydat,
 				    tmpkey, len);
 			else
@@ -1569,7 +1570,7 @@
 		}
 		break;
 	case SIOCS80211:
-		if ((error = suser(td)))
+		if ((error = cap_check(td, CAP_NET_ADMIN)))
 			goto out;
 		switch(ireq->i_type) {
 		case IEEE80211_IOC_SSID:
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

