Module Name: src
Committed By: elad
Date: Thu Apr 16 21:37:17 UTC 2009
Modified Files:
src/sys/netatalk: ddp_usrreq.c
src/sys/netiso: iso_pcb.c iso_snpac.c
Log Message:
Remove three more trivial KAUTH_GENERIC_ISSUSER uses:
- Binding to privileged ports in netatalk and netiso
- Setting privileged socket options in netiso
To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 src/sys/netatalk/ddp_usrreq.c
cvs rdiff -u -r1.47 -r1.48 src/sys/netiso/iso_pcb.c
cvs rdiff -u -r1.52 -r1.53 src/sys/netiso/iso_snpac.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netatalk/ddp_usrreq.c
diff -u src/sys/netatalk/ddp_usrreq.c:1.38 src/sys/netatalk/ddp_usrreq.c:1.39
--- src/sys/netatalk/ddp_usrreq.c:1.38 Wed Mar 18 16:00:22 2009
+++ src/sys/netatalk/ddp_usrreq.c Thu Apr 16 21:37:17 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ddp_usrreq.c,v 1.38 2009/03/18 16:00:22 cegger Exp $ */
+/* $NetBSD: ddp_usrreq.c,v 1.39 2009/04/16 21:37:17 elad Exp $ */
/*
* Copyright (c) 1990,1991 Regents of The University of Michigan.
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ddp_usrreq.c,v 1.38 2009/03/18 16:00:22 cegger Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ddp_usrreq.c,v 1.39 2009/04/16 21:37:17 elad Exp $");
#include "opt_mbuftrace.h"
@@ -263,14 +263,17 @@
return (EADDRNOTAVAIL);
}
if (sat->sat_port != ATADDR_ANYPORT) {
+ int error;
+
if (sat->sat_port < ATPORT_FIRST ||
sat->sat_port >= ATPORT_LAST)
return (EINVAL);
if (sat->sat_port < ATPORT_RESERVED && l &&
- kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL))
- return (EACCES);
+ (error = kauth_authorize_network(l->l_cred,
+ KAUTH_NETWORK_BIND, KAUTH_REQ_NETWORK_BIND_PRIVPORT,
+ ddpcb->ddp_socket, sat, NULL)) != 0)
+ return (error);
}
} else {
memset((void *) & lsat, 0, sizeof(struct sockaddr_at));
Index: src/sys/netiso/iso_pcb.c
diff -u src/sys/netiso/iso_pcb.c:1.47 src/sys/netiso/iso_pcb.c:1.48
--- src/sys/netiso/iso_pcb.c:1.47 Wed Mar 18 17:06:52 2009
+++ src/sys/netiso/iso_pcb.c Thu Apr 16 21:37:17 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: iso_pcb.c,v 1.47 2009/03/18 17:06:52 cegger Exp $ */
+/* $NetBSD: iso_pcb.c,v 1.48 2009/04/16 21:37:17 elad Exp $ */
/*-
* Copyright (c) 1991, 1993
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: iso_pcb.c,v 1.47 2009/03/18 17:06:52 cegger Exp $");
+__KERNEL_RCSID(0, "$NetBSD: iso_pcb.c,v 1.48 2009/04/16 21:37:17 elad Exp $");
#include "opt_iso.h"
@@ -222,10 +222,20 @@
if (siso->siso_tlen <= 2) {
memcpy( suf.data, TSEL(siso), sizeof(suf.data));
suf.s = ntohs(suf.s);
- if (suf.s < ISO_PORT_RESERVED &&
- (l == NULL || kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL)))
- return EACCES;
+ if (suf.s < ISO_PORT_RESERVED) {
+ int error;
+
+ if (l == NULL)
+ error = EACCES;
+ else
+ error = kauth_authorize_network(l->l_cred,
+ KAUTH_NETWORK_BIND,
+ KAUTH_REQ_NETWORK_BIND_PRIVPORT,
+ isop->isop_socket, siso, NULL);
+
+ if (error)
+ return (error);
+ }
} else {
char *cp;
noname:
Index: src/sys/netiso/iso_snpac.c
diff -u src/sys/netiso/iso_snpac.c:1.52 src/sys/netiso/iso_snpac.c:1.53
--- src/sys/netiso/iso_snpac.c:1.52 Fri Nov 7 00:20:18 2008
+++ src/sys/netiso/iso_snpac.c Thu Apr 16 21:37:17 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: iso_snpac.c,v 1.52 2008/11/07 00:20:18 dyoung Exp $ */
+/* $NetBSD: iso_snpac.c,v 1.53 2009/04/16 21:37:17 elad Exp $ */
/*-
* Copyright (c) 1991, 1993
@@ -59,7 +59,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: iso_snpac.c,v 1.52 2008/11/07 00:20:18 dyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: iso_snpac.c,v 1.53 2009/04/16 21:37:17 elad Exp $");
#include "opt_iso.h"
#ifdef ISO
@@ -549,9 +549,18 @@
#endif
if (cmd == SIOCSSTYPE) {
- if (l == NULL || kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL))
- return (EPERM);
+ int error;
+
+ if (l == NULL)
+ error = EACCES;
+ else
+ error = kauth_authorize_network(l->l_cred,
+ KAUTH_NETWORK_SOCKET,
+ KAUTH_REQ_NETWORK_SOCKET_SETPRIV, so,
+ KAUTH_ARG(cmd), NULL);
+
+ if (error)
+ return (error);
if ((rq->sr_type & (SNPA_ES | SNPA_IS)) == (SNPA_ES | SNPA_IS))
return (EINVAL);
if (rq->sr_type & SNPA_ES) {
