netinet[6]: make in[6]_control use ucred instead of td.
Reviewed by: markj, zlei Differential Revision: https://reviews.freebsd.org/D40793 MFC after: 2 weeks
This commit is contained in:
+9
-4
@@ -325,8 +325,8 @@ in_socktrim(struct sockaddr_in *ap)
|
||||
* Generic internet control operations (ioctl's).
|
||||
*/
|
||||
int
|
||||
in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
|
||||
struct thread *td)
|
||||
in_control_ioctl(u_long cmd, void *data, struct ifnet *ifp,
|
||||
struct ucred *cred)
|
||||
{
|
||||
struct ifreq *ifr = (struct ifreq *)data;
|
||||
struct sockaddr_in *addr = (struct sockaddr_in *)&ifr->ifr_addr;
|
||||
@@ -338,8 +338,6 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
|
||||
if (ifp == NULL)
|
||||
return (EADDRNOTAVAIL);
|
||||
|
||||
struct ucred *cred = (td != NULL) ? td->td_ucred : NULL;
|
||||
|
||||
/*
|
||||
* Filter out 4 ioctls we implement directly. Forward the rest
|
||||
* to specific functions and ifp->if_ioctl().
|
||||
@@ -441,6 +439,13 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
|
||||
return (error);
|
||||
}
|
||||
|
||||
int
|
||||
in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
|
||||
struct thread *td)
|
||||
{
|
||||
return (in_control_ioctl(cmd, data, ifp, td ? td->td_ucred : NULL));
|
||||
}
|
||||
|
||||
static int
|
||||
in_aifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct ucred *cred)
|
||||
{
|
||||
|
||||
@@ -437,6 +437,7 @@ inm_rele_locked(struct in_multi_head *inmh, struct in_multi *inm)
|
||||
|
||||
struct rib_head;
|
||||
struct ip_moptions;
|
||||
struct ucred;
|
||||
|
||||
struct in_multi *inm_lookup_locked(struct ifnet *, const struct in_addr);
|
||||
struct in_multi *inm_lookup(struct ifnet *, const struct in_addr);
|
||||
@@ -458,6 +459,8 @@ int in_leavegroup_locked(struct in_multi *,
|
||||
/*const*/ struct in_mfilter *);
|
||||
int in_control(struct socket *, u_long, void *, struct ifnet *,
|
||||
struct thread *);
|
||||
int in_control_ioctl(u_long, void *, struct ifnet *,
|
||||
struct ucred *);
|
||||
int in_addprefix(struct in_ifaddr *);
|
||||
int in_scrubprefix(struct in_ifaddr *, u_int);
|
||||
void in_ifscrub_all(void);
|
||||
|
||||
+18
-11
@@ -249,8 +249,8 @@ struct in6_ndifreq32 {
|
||||
#endif
|
||||
|
||||
int
|
||||
in6_control(struct socket *so, u_long cmd, void *data,
|
||||
struct ifnet *ifp, struct thread *td)
|
||||
in6_control_ioctl(u_long cmd, void *data,
|
||||
struct ifnet *ifp, struct ucred *cred)
|
||||
{
|
||||
struct in6_ifreq *ifr = (struct in6_ifreq *)data;
|
||||
struct in6_ifaddr *ia = NULL;
|
||||
@@ -281,8 +281,8 @@ in6_control(struct socket *so, u_long cmd, void *data,
|
||||
switch (cmd) {
|
||||
case SIOCAADDRCTL_POLICY:
|
||||
case SIOCDADDRCTL_POLICY:
|
||||
if (td != NULL) {
|
||||
error = priv_check(td, PRIV_NETINET_ADDRCTRL6);
|
||||
if (cred != NULL) {
|
||||
error = priv_check_cred(cred, PRIV_NETINET_ADDRCTRL6);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
@@ -299,8 +299,8 @@ in6_control(struct socket *so, u_long cmd, void *data,
|
||||
case SIOCSDEFIFACE_IN6:
|
||||
case SIOCSIFINFO_FLAGS:
|
||||
case SIOCSIFINFO_IN6:
|
||||
if (td != NULL) {
|
||||
error = priv_check(td, PRIV_NETINET_ND6);
|
||||
if (cred != NULL) {
|
||||
error = priv_check_cred(cred, PRIV_NETINET_ND6);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
@@ -343,8 +343,8 @@ in6_control(struct socket *so, u_long cmd, void *data,
|
||||
|
||||
switch (cmd) {
|
||||
case SIOCSSCOPE6:
|
||||
if (td != NULL) {
|
||||
error = priv_check(td, PRIV_NETINET_SCOPE6);
|
||||
if (cred != NULL) {
|
||||
error = priv_check_cred(cred, PRIV_NETINET_SCOPE6);
|
||||
if (error)
|
||||
return (error);
|
||||
}
|
||||
@@ -412,7 +412,7 @@ in6_control(struct socket *so, u_long cmd, void *data,
|
||||
error = in6_setscope(&sa6->sin6_addr, ifp, NULL);
|
||||
if (error != 0)
|
||||
return (error);
|
||||
if (td != NULL && (error = prison_check_ip6(td->td_ucred,
|
||||
if (cred != NULL && (error = prison_check_ip6(cred,
|
||||
&sa6->sin6_addr)) != 0)
|
||||
return (error);
|
||||
sx_xlock(&in6_control_sx);
|
||||
@@ -457,8 +457,8 @@ in6_control(struct socket *so, u_long cmd, void *data,
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (td != NULL) {
|
||||
error = priv_check(td, (cmd == SIOCDIFADDR_IN6) ?
|
||||
if (cred != NULL) {
|
||||
error = priv_check_cred(cred, (cmd == SIOCDIFADDR_IN6) ?
|
||||
PRIV_NET_DELIFADDR : PRIV_NET_ADDIFADDR);
|
||||
if (error)
|
||||
goto out;
|
||||
@@ -596,6 +596,13 @@ in6_control(struct socket *so, u_long cmd, void *data,
|
||||
return (error);
|
||||
}
|
||||
|
||||
int
|
||||
in6_control(struct socket *so, u_long cmd, void *data,
|
||||
struct ifnet *ifp, struct thread *td)
|
||||
{
|
||||
return (in6_control_ioctl(cmd, data, ifp, td ? td->td_ucred : NULL));
|
||||
}
|
||||
|
||||
static struct in6_multi_mship *
|
||||
in6_joingroup_legacy(struct ifnet *ifp, const struct in6_addr *mcaddr,
|
||||
int *errorp, int delay)
|
||||
|
||||
@@ -838,6 +838,7 @@ struct ip6_moptions;
|
||||
struct sockopt;
|
||||
struct inpcbinfo;
|
||||
struct rib_head;
|
||||
struct ucred;
|
||||
|
||||
/* Multicast KPIs. */
|
||||
int im6o_mc_filter(const struct ip6_moptions *, const struct ifnet *,
|
||||
@@ -862,6 +863,7 @@ int ip6_setmoptions(struct inpcb *, struct sockopt *);
|
||||
int in6_mask2len(struct in6_addr *, u_char *);
|
||||
int in6_control(struct socket *, u_long, void *, struct ifnet *,
|
||||
struct thread *);
|
||||
int in6_control_ioctl(u_long, void *, struct ifnet *, struct ucred *);
|
||||
int in6_update_ifa(struct ifnet *, struct in6_aliasreq *,
|
||||
struct in6_ifaddr *, int);
|
||||
void in6_prepare_ifra(struct in6_aliasreq *, const struct in6_addr *,
|
||||
|
||||
@@ -1185,7 +1185,7 @@ handle_newaddr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
|
||||
if (dst != NULL)
|
||||
req.ifra_dstaddr = *dst;
|
||||
|
||||
return (in_control(NULL, SIOCAIFADDR, &req, ifp, curthread));
|
||||
return (in_control_ioctl(SIOCAIFADDR, &req, ifp, nlp_get_cred(nlp)));
|
||||
}
|
||||
|
||||
static int
|
||||
@@ -1204,7 +1204,7 @@ handle_deladdr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
|
||||
|
||||
struct in_aliasreq req = { .ifra_addr = *addr };
|
||||
|
||||
return (in_control(NULL, SIOCDIFADDR, &req, ifp, curthread));
|
||||
return (in_control_ioctl(SIOCDIFADDR, &req, ifp, nlp_get_cred(nlp)));
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -1269,7 +1269,7 @@ handle_newaddr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
|
||||
if (dst != NULL)
|
||||
req.ifra_dstaddr = *dst;
|
||||
|
||||
return (in6_control(NULL, SIOCAIFADDR_IN6, &req, ifp, curthread));
|
||||
return (in6_control_ioctl(SIOCAIFADDR_IN6, &req, ifp, nlp_get_cred(nlp)));
|
||||
}
|
||||
|
||||
static int
|
||||
@@ -1288,7 +1288,7 @@ handle_deladdr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
|
||||
|
||||
struct in6_aliasreq req = { .ifra_addr = *addr };
|
||||
|
||||
return (in6_control(NULL, SIOCDIFADDR_IN6, &req, ifp, curthread));
|
||||
return (in6_control_ioctl(SIOCDIFADDR_IN6, &req, ifp, nlp_get_cred(nlp)));
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
Reference in New Issue
Block a user