tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: splnet() surrounding in6_control1()

David Young wrote:


Do not make this change without sending a patch for review.  Provide at
least 72 hours for review before committing.


Sure, attached.

Thanks,

-e.

Index: in6.c
===================================================================
RCS file: /usr/cvs/src/sys/netinet6/in6.c,v
retrieving revision 1.150
diff -u -p -r1.150 in6.c
--- in6.c       18 Apr 2009 14:58:05 -0000      1.150
+++ in6.c       9 May 2009 07:55:53 -0000
@@ -349,7 +349,7 @@ in6_mask2len(struct in6_addr *mask, u_ch
 
 static int
 in6_control1(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
-    struct lwp *l, int privileged)
+    struct lwp *l)
 {
        struct  in6_ifreq *ifr = (struct in6_ifreq *)data;
        struct  in6_ifaddr *ia = NULL;
@@ -381,8 +381,7 @@ in6_control1(struct socket *so, u_long c
        case SIOCSDEFIFACE_IN6:
        case SIOCSIFINFO_FLAGS:
        case SIOCSIFINFO_IN6:
-               if (!privileged)
-                       return EPERM;
+               /* Privileged. */
                /* FALLTHROUGH */
        case OSIOCGIFINFO_IN6:
        case SIOCGIFINFO_IN6:
@@ -409,8 +408,7 @@ in6_control1(struct socket *so, u_long c
        switch (cmd) {
        case SIOCALIFADDR:
        case SIOCDLIFADDR:
-               if (!privileged)
-                       return EPERM;
+               /* Privileged. */
                /* FALLTHROUGH */
        case SIOCGLIFADDR:
                return in6_lifaddr_ioctl(so, cmd, data, ifp, l);
@@ -507,8 +505,7 @@ in6_control1(struct socket *so, u_long c
                if (ifra->ifra_addr.sin6_family != AF_INET6 ||
                    ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6))
                        return EAFNOSUPPORT;
-               if (!privileged)
-                       return EPERM;
+               /* Privileged. */
 
                break;
 
@@ -778,15 +775,32 @@ int
 in6_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
     struct lwp *l)
 {
-       int error, privileged, s;
+       int error, s;
+
+       switch (cmd) {
+       case SIOCSNDFLUSH_IN6:
+       case SIOCSPFXFLUSH_IN6:
+       case SIOCSRTRFLUSH_IN6:
+       case SIOCSDEFIFACE_IN6:
+       case SIOCSIFINFO_FLAGS:
+       case SIOCSIFINFO_IN6:
 
-       privileged = 0;
-       if (l && !kauth_authorize_generic(l->l_cred,
-           KAUTH_GENERIC_ISSUSER, NULL))
-               privileged++;
+       case SIOCALIFADDR:
+       case SIOCDLIFADDR:
+
+       case SIOCDIFADDR_IN6:
+#ifdef OSIOCAIFADDR_IN6
+       case OSIOCAIFADDR_IN6:
+#endif
+       case SIOCAIFADDR_IN6:
+               if (l == NULL && kauth_authorize_generic(l->l_cred,
+                   KAUTH_GENERIC_ISSUSER, NULL))
+                       return EPERM;
+               break;
+       }
 
        s = splnet();
-       error = in6_control1(so , cmd, data, ifp, l, privileged);
+       error = in6_control1(so , cmd, data, ifp, l);
        splx(s);
        return error;
 }
Home | Main Index | Thread Index | Old Index