Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/net centralize the kauth ugliness.

details:   https://anonhg.NetBSD.org/src/rev/957bc6c1c5ba
branches:  trunk
changeset: 372929:957bc6c1c5ba
user:      christos <christos%NetBSD.org@localhost>
date:      Thu Jan 05 20:32:18 2023 +0000

description:
centralize the kauth ugliness.

diffstat:

 sys/net/if_wg.c |  30 ++++++++++++++++--------------
 1 files changed, 16 insertions(+), 14 deletions(-)

diffs (72 lines):

diff -r 0188f743060b -r 957bc6c1c5ba sys/net/if_wg.c
--- a/sys/net/if_wg.c   Thu Jan 05 18:48:13 2023 +0000
+++ b/sys/net/if_wg.c   Thu Jan 05 20:32:18 2023 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if_wg.c,v 1.73 2023/01/05 18:29:46 jakllsch Exp $      */
+/*     $NetBSD: if_wg.c,v 1.74 2023/01/05 20:32:18 christos Exp $      */
 
 /*
  * Copyright (C) Ryota Ozaki <ozaki.ryota%gmail.com@localhost>
@@ -41,7 +41,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.73 2023/01/05 18:29:46 jakllsch Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.74 2023/01/05 20:32:18 christos Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_altq_enabled.h"
@@ -4449,6 +4449,17 @@
        return error;
 }
 
+static bool
+wg_is_authorized(struct wg_softc *wg, u_long cmd)
+{
+       int au = cmd == SIOCGDRVSPEC ?
+           KAUTH_REQ_NETWORK_INTERFACE_WG_GETPRIV :
+           KAUTH_REQ_NETWORK_INTERFACE_WG_SETPRIV;
+       return kauth_authorize_network(kauth_cred_get(),
+           KAUTH_NETWORK_INTERFACE_WG, au, &wg->wg_if,
+           (void *)cmd, NULL) == 0;
+}
+
 static int
 wg_ioctl_get(struct wg_softc *wg, struct ifdrv *ifd)
 {
@@ -4463,10 +4474,7 @@
        if (prop_dict == NULL)
                goto error;
 
-       if (kauth_authorize_network(kauth_cred_get(),
-           KAUTH_NETWORK_INTERFACE_WG,
-           KAUTH_REQ_NETWORK_INTERFACE_WG_GETPRIV, &wg->wg_if,
-           (void *)SIOCGDRVSPEC, NULL) == 0) {
+       if (wg_is_authorized(wg, SIOCGDRVSPEC)) {
                if (!prop_dictionary_set_data(prop_dict, "private_key",
                        wg->wg_privkey, WG_STATIC_KEY_LEN))
                        goto error;
@@ -4512,10 +4520,7 @@
                uint8_t psk_zero[WG_PRESHARED_KEY_LEN] = {0};
                if (!consttime_memequal(wgp->wgp_psk, psk_zero,
                        sizeof(wgp->wgp_psk))) {
-                       if (kauth_authorize_network(kauth_cred_get(),
-                           KAUTH_NETWORK_INTERFACE_WG,
-                           KAUTH_REQ_NETWORK_INTERFACE_WG_GETPRIV, &wg->wg_if,
-                           (void *)SIOCGDRVSPEC, NULL) == 0) {
+                       if (wg_is_authorized(wg, SIOCGDRVSPEC)) {
                                if (!prop_dictionary_set_data(prop_peer,
                                        "preshared_key",
                                        wgp->wgp_psk, sizeof(wgp->wgp_psk)))
@@ -4659,10 +4664,7 @@
                }
                return error;
        case SIOCSDRVSPEC:
-               if (kauth_authorize_network(kauth_cred_get(),
-                   KAUTH_NETWORK_INTERFACE_WG,
-                   KAUTH_REQ_NETWORK_INTERFACE_WG_SETPRIV, &wg->wg_if,
-                   (void *)cmd, NULL) != 0) {
+               if (!wg_is_authorized(wg, cmd)) {
                        return EPERM;
                }
                switch (ifd->ifd_cmd) {
Home | Main Index | Thread Index | Old Index