PERFORCE change 108135 for review

Thu Oct 19 17:07:45 PDT 2006

http://perforce.freebsd.org/chv.cgi?CH=108135

Change 108135 by rwatson at rwatson_zoo on 2006/10/20 00:03:11

	Merge from HEAD version of priv(9):
	
	Keep comments about layering, but switch to priv(9).

Affected files ...

.. //depot/projects/trustedbsd/priv6/src/sys/net/if_gre.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/priv6/src/sys/net/if_gre.c#3 (text+ko) ====

@@ -463,7 +463,7 @@
 		 * XXXRW: Isn't this suser() redundant to the ifnet layer
 		 * check?
 		 */
-		if ((error = suser(curthread)) != 0)
+		if ((error = priv_check(curthread, PRIV_NET_SETIFFLAGS)) != 0)
 			break;
 		if ((ifr->ifr_flags & IFF_LINK0) != 0)
 			sc->g_proto = IPPROTO_GRE;
@@ -479,7 +479,7 @@
 		 * XXXRW: Isn't this suser() redundant to the ifnet layer
 		 * check?
 		 */
-		if ((error = suser(curthread)) != 0)
+		if ((error = priv_check(curthread, PRIV_NET_SETIFMTU)) != 0)
 			break;
 		if (ifr->ifr_mtu < 576) {
 			error = EINVAL;
@@ -491,12 +491,36 @@
 		ifr->ifr_mtu = GRE2IFP(sc)->if_mtu;
 		break;
 	case SIOCADDMULTI:
+		/*
+		 * XXXRW: Isn't this suser() redundant to the ifnet layer
+		 * check?
+		 */
+		if ((error = priv_check(curthread, PRIV_NET_ADDMULTI)) != 0)
+			break;
+		if (ifr == 0) {
+			error = EAFNOSUPPORT;
+			break;
+		}
+		switch (ifr->ifr_addr.sa_family) {
+#ifdef INET
+		case AF_INET:
+			break;
+#endif
+#ifdef INET6
+		case AF_INET6:
+			break;
+#endif
+		default:
+			error = EAFNOSUPPORT;
+			break;
+		}
+		break;
 	case SIOCDELMULTI:
 		/*
 		 * XXXRW: Isn't this suser() redundant to the ifnet layer
 		 * check?
 		 */
-		if ((error = suser(curthread)) != 0)
+		if ((error = priv_check(curthread, PRIV_NET_DELIFGROUP)) != 0)
 			break;
 		if (ifr == 0) {
 			error = EAFNOSUPPORT;
@@ -521,7 +545,7 @@
 		 * XXXRW: Isn't this suser() redundant to the ifnet layer
 		 * check?
 		 */
-		if ((error = suser(curthread)) != 0)
+		if ((error = priv_check(curthread, PRIV_NET_GRE)) != 0)
 			break;
 		sc->g_proto = ifr->ifr_flags;
 		switch (sc->g_proto) {
@@ -612,7 +636,7 @@
 		 * XXXRW: Isn't this suser() redundant to the ifnet layer
 		 * check?
 		 */
-		if ((error = suser(curthread)) != 0)
+		if ((error = priv_check(curthread, PRIV_NET_SETIFPHYS)) != 0)
 			break;
 		if (aifr->ifra_addr.sin_family != AF_INET ||
 		    aifr->ifra_dstaddr.sin_family != AF_INET) {
@@ -632,7 +656,7 @@
 		 * XXXRW: Isn't this suser() redundant to the ifnet layer
 		 * check?
 		 */
-		if ((error = suser(curthread)) != 0)
+		if ((error = priv_check(curthread, PRIV_NET_SETIFPHYS)) != 0)
 			break;
 		if (lifr->addr.ss_family != AF_INET ||
 		    lifr->dstaddr.ss_family != AF_INET) {
@@ -653,7 +677,7 @@
 		 * XXXRW: Isn't this suser() redundant to the ifnet layer
 		 * check?
 		 */
-		if ((error = suser(curthread)) != 0)
+		if ((error = priv_check(curthread, PRIV_NET_SETIFPHYS)) != 0)
 			break;
 		sc->g_src.s_addr = INADDR_ANY;
 		sc->g_dst.s_addr = INADDR_ANY;
