Module Name: src
Committed By: elad
Date: Thu May 7 21:51:47 UTC 2009
Modified Files:
src/sys/netinet6: ip6_output.c ipsec.c
Log Message:
Remove some more "priv" variable usage in favor of kauth(9) calls.
To generate a diff of this commit:
cvs rdiff -u -r1.138 -r1.139 src/sys/netinet6/ip6_output.c
cvs rdiff -u -r1.141 -r1.142 src/sys/netinet6/ipsec.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet6/ip6_output.c
diff -u src/sys/netinet6/ip6_output.c:1.138 src/sys/netinet6/ip6_output.c:1.139
--- src/sys/netinet6/ip6_output.c:1.138 Wed May 6 21:41:59 2009
+++ src/sys/netinet6/ip6_output.c Thu May 7 21:51:47 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_output.c,v 1.138 2009/05/06 21:41:59 elad Exp $ */
+/* $NetBSD: ip6_output.c,v 1.139 2009/05/07 21:51:47 elad Exp $ */
/* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.138 2009/05/06 21:41:59 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.139 2009/05/07 21:51:47 elad Exp $");
#include "opt_inet.h"
#include "opt_inet6.h"
@@ -2844,10 +2844,7 @@
kauth_cred_t cred, int sticky, int cmsg, int uproto)
{
int minmtupolicy;
- int priv = 0;
-
- if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) == 0)
- priv = 1;
+ int error;
if (!sticky && !cmsg) {
#ifdef DIAGNOSTIC
@@ -3001,8 +2998,10 @@
case IPV6_2292NEXTHOP:
#endif
case IPV6_NEXTHOP:
- if (!priv)
- return (EPERM);
+ error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
+ NULL);
+ if (error)
+ return (error);
if (len == 0) { /* just remove the option */
ip6_clearpktopts(opt, IPV6_NEXTHOP);
@@ -3017,7 +3016,6 @@
case AF_INET6:
{
struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)buf;
- int error;
if (sa6->sin6_len != sizeof(struct sockaddr_in6))
return (EINVAL);
@@ -3058,8 +3056,10 @@
* options, since per-option restriction has too much
* overhead.
*/
- if (!priv)
- return (EPERM);
+ error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
+ NULL);
+ if (error)
+ return (error);
if (len == 0) {
ip6_clearpktopts(opt, IPV6_HOPOPTS);
@@ -3093,8 +3093,11 @@
struct ip6_dest *dest, **newdest = NULL;
int destlen;
- if (!priv) /* XXX: see the comment for IPV6_HOPOPTS */
- return (EPERM);
+ /* XXX: see the comment for IPV6_HOPOPTS */
+ error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
+ NULL);
+ if (error)
+ return (error);
if (len == 0) {
ip6_clearpktopts(opt, optname);
Index: src/sys/netinet6/ipsec.c
diff -u src/sys/netinet6/ipsec.c:1.141 src/sys/netinet6/ipsec.c:1.142
--- src/sys/netinet6/ipsec.c:1.141 Wed May 6 21:41:59 2009
+++ src/sys/netinet6/ipsec.c Thu May 7 21:51:47 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.141 2009/05/06 21:41:59 elad Exp $ */
+/* $NetBSD: ipsec.c,v 1.142 2009/05/07 21:51:47 elad Exp $ */
/* $KAME: ipsec.c,v 1.136 2002/05/19 00:36:39 itojun Exp $ */
/*
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.141 2009/05/06 21:41:59 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.142 2009/05/07 21:51:47 elad Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -1235,7 +1235,7 @@
}
memset(new, 0, sizeof(*new));
- if (so->so_uidinfo->ui_uid == 0) /* XXX */
+ if (so->so_uidinfo->ui_uid == 0) /* XXX-kauth */
new->priv = 1;
else
new->priv = 0;
@@ -1377,7 +1377,6 @@
struct sadb_x_policy *xpl;
struct secpolicy *newsp = NULL;
int error;
- int priv = 0;
/* sanity check. */
if (spp == NULL || *spp == NULL || request == NULL)
@@ -1396,12 +1395,13 @@
xpl->sadb_x_policy_type == IPSEC_POLICY_NONE)
return EINVAL;
- if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) == 0)
- priv = 1;
-
/* check privileged socket */
- if (priv == 0 && xpl->sadb_x_policy_type == IPSEC_POLICY_BYPASS)
- return EACCES;
+ if (xpl->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
+ error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
+ NULL);
+ if (error)
+ return (error);
+ }
/* allocation new SP entry */
if ((newsp = key_msg2sp(xpl, len, &error)) == NULL)
