PERFORCE change 108137 for review

Thu Oct 19 17:09:05 PDT 2006

http://perforce.freebsd.org/chv.cgi?CH=108137

Change 108137 by rwatson at rwatson_zoo on 2006/10/20 00:06:58

	Merge more changes from HEAD to priv6:
	
	More suser replacement in the network stack -- add/remove addresses.
	Handle broadcast/etc ioctls (obsolete) using similar checks, but we
	might want to move to explicit checks.

Affected files ...

.. //depot/projects/trustedbsd/priv6/src/sys/netinet/in.c#3 edit
.. //depot/projects/trustedbsd/priv6/src/sys/sys/priv.h#4 edit

Differences ...

==== //depot/projects/trustedbsd/priv6/src/sys/netinet/in.c#3 (text+ko) ====

@@ -37,6 +37,7 @@
 #include <sys/systm.h>
 #include <sys/sockio.h>
 #include <sys/malloc.h>
+#include <sys/priv.h>
 #include <sys/socket.h>
 #include <sys/kernel.h>
 #include <sys/sysctl.h>
@@ -232,10 +233,25 @@
 
 	switch (cmd) {
 	case SIOCALIFADDR:
+		if (td != NULL) {
+			error = priv_check(td, PRIV_NET_ADDIFADDR);
+			if (error)
+				return (error);
+		}
+		if (!ifp)
+			return EINVAL;
+		return in_lifaddr_ioctl(so, cmd, data, ifp, td);
+
 	case SIOCDLIFADDR:
-		if (td && (error = suser(td)) != 0)
-			return error;
-		/*fall through*/
+		if (td != NULL) {
+			error = priv_check(td, PRIV_NET_DELIFADDR);
+			if (error)
+				return (error);
+		}
+		if (!ifp)
+			return EINVAL;
+		return in_lifaddr_ioctl(so, cmd, data, ifp, td);
+
 	case SIOCGLIFADDR:
 		if (!ifp)
 			return EINVAL;
@@ -292,8 +308,11 @@
 	case SIOCSIFADDR:
 	case SIOCSIFNETMASK:
 	case SIOCSIFDSTADDR:
-		if (td && (error = suser(td)) != 0)
-			return error;
+		if (td != NULL) {
+			error = priv_check(td, PRIV_NET_ADDIFADDR);
+			if (error)
+				return (error);
+		}
 
 		if (ifp == 0)
 			return (EADDRNOTAVAIL);
@@ -330,8 +349,11 @@
 		break;
 
 	case SIOCSIFBRDADDR:
-		if (td && (error = suser(td)) != 0)
-			return error;
+		if (td != NULL) {
+			error = priv_check(td, PRIV_NET_ADDIFADDR);
+			if (error)
+				return (error);
+		}
 		/* FALLTHROUGH */
 
 	case SIOCGIFADDR:

==== //depot/projects/trustedbsd/priv6/src/sys/sys/priv.h#4 (text+ko) ====

@@ -212,6 +212,8 @@
 	PRIV_NET_DELIFGROUP,	/* Delete interface group. */
 	PRIV_NET_IFCREATE,	/* Create cloned interface. */
 	PRIV_NET_IFDESTROY,	/* Destroy cloned interface. */
+	PRIV_NET_ADDIFADDR,	/* Add protocol address to interface. */
+	PRIV_NET_DELIFADDR,	/* Delete protocol address on interface. */
 	PRIV_NET80211_GETKEY,	/* Query 802.11 keys. */
 	PRIV_NET80211_MANAGE,	/* Administer 802.11. */
 	PRIV_NETATALK_RESERVEDPORT,	/* Bind low port number. */
