diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-03-22 19:57:41 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-03-22 19:57:41 +0000 |
commit | afe2b1f92991d69496de967c18fdf1e31a33ffec (patch) | |
tree | 5449b1aa4d3f06beed5250e579b2085d9d721b0a /sys/netinet/tcp_timewait.c | |
parent | 2eea86bbd44c12d82f61ccb3693be0a522e05630 (diff) | |
download | FreeBSD-src-afe2b1f92991d69496de967c18fdf1e31a33ffec.zip FreeBSD-src-afe2b1f92991d69496de967c18fdf1e31a33ffec.tar.gz |
Merge from TrustedBSD MAC branch:
Move the network code from using cr_cansee() to check whether a
socket is visible to a requesting credential to using a new
function, cr_canseesocket(), which accepts a subject credential
and object socket. Implement cr_canseesocket() so that it does a
prison check, a uid check, and add a comment where shortly a MAC
hook will go. This will allow MAC policies to seperately
instrument the visibility of sockets from the visibility of
processes.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/netinet/tcp_timewait.c')
-rw-r--r-- | sys/netinet/tcp_timewait.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index fb71ac7..db910e0 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -849,8 +849,8 @@ tcp_pcblist(SYSCTL_HANDLER_ARGS) for (inp = LIST_FIRST(tcbinfo.listhead), i = 0; inp && i < n; inp = LIST_NEXT(inp, inp_list)) { if (inp->inp_gencnt <= gencnt) { - if (cr_cansee(req->td->td_ucred, - inp->inp_socket->so_cred)) + if (cr_canseesocket(req->td->td_ucred, + inp->inp_socket)) continue; inp_list[i++] = inp; } @@ -920,7 +920,7 @@ tcp_getcred(SYSCTL_HANDLER_ARGS) error = ENOENT; goto out; } - error = cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred); + error = cr_canseesocket(req->td->td_ucred, inp->inp_socket); if (error) goto out; cru2x(inp->inp_socket->so_cred, &xuc); @@ -972,7 +972,7 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS) error = ENOENT; goto out; } - error = cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred); + error = cr_canseesocket(req->td->td_ucred, inp->inp_socket); if (error) goto out; cru2x(inp->inp_socket->so_cred, &xuc); |