diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-06-12 00:12:01 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-06-12 00:12:01 +0000 |
commit | 00b02345d424dac8a490ff28ff75fd9386196583 (patch) | |
tree | c439df85bebf079d07319c231d64ac481577b036 /sys/netinet/in_pcb.c | |
parent | e93b04c2868ee901613297bfbd90ff9990d8300e (diff) | |
download | FreeBSD-src-00b02345d424dac8a490ff28ff75fd9386196583.zip FreeBSD-src-00b02345d424dac8a490ff28ff75fd9386196583.tar.gz |
Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in
some cases, move to priv_check() if it was an operation on a thread and
no other flags were present.
Eliminate caller-side jail exception checking (also now-unused); jail
privilege exception code now goes solely in kern_jail.c.
We can't yet eliminate suser() due to some cases in the KAME code where
a privilege check is performed and then used in many different deferred
paths. Do, however, move those prototypes to priv.h.
Reviewed by: csjp
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/netinet/in_pcb.c')
-rw-r--r-- | sys/netinet/in_pcb.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index d7d8290..61f2894 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -340,13 +340,13 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp, if (ntohs(lport) <= ipport_reservedhigh && ntohs(lport) >= ipport_reservedlow && priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, - SUSER_ALLOWJAIL)) + 0)) return (EACCES); if (jailed(cred)) prison = 1; if (!IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) && priv_check_cred(so->so_cred, - PRIV_NETINET_REUSEPORT, SUSER_ALLOWJAIL) != 0) { + PRIV_NETINET_REUSEPORT, 0) != 0) { t = in_pcblookup_local(inp->inp_pcbinfo, sin->sin_addr, lport, prison ? 0 : INPLOOKUP_WILDCARD); @@ -411,7 +411,7 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp, lastport = &pcbinfo->ipi_lasthi; } else if (inp->inp_flags & INP_LOWPORT) { error = priv_check_cred(cred, - PRIV_NETINET_RESERVEDPORT, SUSER_ALLOWJAIL); + PRIV_NETINET_RESERVEDPORT, 0); if (error) return error; first = ipport_lowfirstauto; /* 1023 */ |