Module Name: src
Committed By: elad
Date: Tue May 12 23:01:26 UTC 2009
Modified Files:
src/sys/netinet6: in6.c
Log Message:
Remove "privileged" variable, perform the kauth(9) call before we go into
splnet() for the privileged commands. Privileged commands were marked as
such for clarity.
Mailing list reference:
http://mail-index.netbsd.org/tech-net/2009/05/08/msg001283.html
To generate a diff of this commit:
cvs rdiff -u -r1.150 -r1.151 src/sys/netinet6/in6.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet6/in6.c
diff -u src/sys/netinet6/in6.c:1.150 src/sys/netinet6/in6.c:1.151
--- src/sys/netinet6/in6.c:1.150 Sat Apr 18 14:58:05 2009
+++ src/sys/netinet6/in6.c Tue May 12 23:01:26 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: in6.c,v 1.150 2009/04/18 14:58:05 tsutsui Exp $ */
+/* $NetBSD: in6.c,v 1.151 2009/05/12 23:01:26 elad Exp $ */
/* $KAME: in6.c,v 1.198 2001/07/18 09:12:38 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.150 2009/04/18 14:58:05 tsutsui Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.151 2009/05/12 23:01:26 elad Exp $");
#include "opt_inet.h"
#include "opt_pfil_hooks.h"
@@ -349,7 +349,7 @@
static int
in6_control1(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
- struct lwp *l, int privileged)
+ struct lwp *l)
{
struct in6_ifreq *ifr = (struct in6_ifreq *)data;
struct in6_ifaddr *ia = NULL;
@@ -381,8 +381,7 @@
case SIOCSDEFIFACE_IN6:
case SIOCSIFINFO_FLAGS:
case SIOCSIFINFO_IN6:
- if (!privileged)
- return EPERM;
+ /* Privileged. */
/* FALLTHROUGH */
case OSIOCGIFINFO_IN6:
case SIOCGIFINFO_IN6:
@@ -409,8 +408,7 @@
switch (cmd) {
case SIOCALIFADDR:
case SIOCDLIFADDR:
- if (!privileged)
- return EPERM;
+ /* Privileged. */
/* FALLTHROUGH */
case SIOCGLIFADDR:
return in6_lifaddr_ioctl(so, cmd, data, ifp, l);
@@ -507,8 +505,7 @@
if (ifra->ifra_addr.sin6_family != AF_INET6 ||
ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6))
return EAFNOSUPPORT;
- if (!privileged)
- return EPERM;
+ /* Privileged. */
break;
@@ -778,15 +775,32 @@
in6_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
struct lwp *l)
{
- int error, privileged, s;
+ int error, s;
+
+ switch (cmd) {
+ case SIOCSNDFLUSH_IN6:
+ case SIOCSPFXFLUSH_IN6:
+ case SIOCSRTRFLUSH_IN6:
+ case SIOCSDEFIFACE_IN6:
+ case SIOCSIFINFO_FLAGS:
+ case SIOCSIFINFO_IN6:
- privileged = 0;
- if (l && !kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL))
- privileged++;
+ case SIOCALIFADDR:
+ case SIOCDLIFADDR:
+
+ case SIOCDIFADDR_IN6:
+#ifdef OSIOCAIFADDR_IN6
+ case OSIOCAIFADDR_IN6:
+#endif
+ case SIOCAIFADDR_IN6:
+ if (l == NULL || kauth_authorize_generic(l->l_cred,
+ KAUTH_GENERIC_ISSUSER, NULL))
+ return EPERM;
+ break;
+ }
s = splnet();
- error = in6_control1(so , cmd, data, ifp, l, privileged);
+ error = in6_control1(so , cmd, data, ifp, l);
splx(s);
return error;
}
