diff options
| author | rwatson <rwatson@FreeBSD.org> | 2006-11-06 13:42:10 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2006-11-06 13:42:10 +0000 |
| commit | 10d0d9cf473dc5f0ce1bf263ead445ffe7819154 (patch) | |
| tree | b9dd284620eeaddbff089cef10e4b1afb7918279 /sys/net80211 | |
| parent | 7288104e2094825a9c98b9923f039817a76e2983 (diff) | |
| download | FreeBSD-src-10d0d9cf473dc5f0ce1bf263ead445ffe7819154.zip FreeBSD-src-10d0d9cf473dc5f0ce1bf263ead445ffe7819154.tar.gz | |
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges. These may
require some future tweaking.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
Diffstat (limited to 'sys/net80211')
| -rw-r--r-- | sys/net80211/ieee80211_ioctl.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/sys/net80211/ieee80211_ioctl.c b/sys/net80211/ieee80211_ioctl.c index e73648f..e5e6f42 100644 --- a/sys/net80211/ieee80211_ioctl.c +++ b/sys/net80211/ieee80211_ioctl.c @@ -45,6 +45,7 @@ __FBSDID("$FreeBSD$"); #include <sys/endian.h> #include <sys/param.h> #include <sys/kernel.h> +#include <sys/priv.h> #include <sys/socket.h> #include <sys/sockio.h> #include <sys/systm.h> @@ -344,7 +345,7 @@ ieee80211_cfgget(struct ieee80211com *ic, u_long cmd, caddr_t data) case WI_RID_DEFLT_CRYPT_KEYS: keys = (struct wi_ltv_keys *)&wreq; /* do not show keys to non-root user */ - error = suser(curthread); + error = priv_check(curthread, PRIV_NET80211_GETKEY); if (error) { memset(keys, 0, sizeof(*keys)); error = 0; @@ -861,7 +862,7 @@ ieee80211_ioctl_getkey(struct ieee80211com *ic, struct ieee80211req *ireq) ik.ik_flags = wk->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV); if (wk->wk_keyix == ic->ic_def_txkey) ik.ik_flags |= IEEE80211_KEY_DEFAULT; - if (suser(curthread) == 0) { + if (priv_check(curthread, PRIV_NET80211_GETKEY) == 0) { /* NB: only root can read key data */ ik.ik_keyrsc = wk->wk_keyrsc; ik.ik_keytsc = wk->wk_keytsc; @@ -1510,7 +1511,7 @@ ieee80211_ioctl_get80211(struct ieee80211com *ic, u_long cmd, struct ieee80211re return EINVAL; len = (u_int) ic->ic_nw_keys[kid].wk_keylen; /* NB: only root can read WEP keys */ - if (suser(curthread) == 0) { + if (priv_check(curthread, PRIV_NET80211_GETKEY) == 0) { bcopy(ic->ic_nw_keys[kid].wk_key, tmpkey, len); } else { bzero(tmpkey, len); @@ -2692,7 +2693,7 @@ ieee80211_ioctl(struct ieee80211com *ic, u_long cmd, caddr_t data) (struct ieee80211req *) data); break; case SIOCS80211: - error = suser(curthread); + error = priv_check(curthread, PRIV_NET80211_MANAGE); if (error == 0) error = ieee80211_ioctl_set80211(ic, cmd, (struct ieee80211req *) data); @@ -2701,7 +2702,7 @@ ieee80211_ioctl(struct ieee80211com *ic, u_long cmd, caddr_t data) error = ieee80211_cfgget(ic, cmd, data); break; case SIOCSIFGENERIC: - error = suser(curthread); + error = priv_check(curthread, PRIV_NET80211_MANAGE); if (error) break; error = ieee80211_cfgset(ic, cmd, data); |
