diff options
author | bz <bz@FreeBSD.org> | 2008-01-24 08:25:59 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2008-01-24 08:25:59 +0000 |
commit | 1c376286e046dbe30549b705bd310d6218ffc824 (patch) | |
tree | 54dfe6089b6177f2bd726f05233e0c1a76433c3e /sys/netinet6/raw_ip6.c | |
parent | ca561e0217663df7e35502550d299ef5f818e4e8 (diff) | |
download | FreeBSD-src-1c376286e046dbe30549b705bd310d6218ffc824.zip FreeBSD-src-1c376286e046dbe30549b705bd310d6218ffc824.tar.gz |
Replace the last susers calls in netinet6/ with privilege checks.
Introduce a new privilege allowing to set certain IP header options
(hop-by-hop, routing headers).
Leave a few comments to be addressed later.
Reviewed by: rwatson (older version, before addressing his comments)
Diffstat (limited to 'sys/netinet6/raw_ip6.c')
-rw-r--r-- | sys/netinet6/raw_ip6.c | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index e8b5aa2..30fcbea 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -324,7 +324,6 @@ rip6_output(m, va_alist) struct ip6_pktopts opt, *optp; struct ifnet *oifp = NULL; int type = 0, code = 0; /* for ICMPv6 output statistics only */ - int priv = 0; int scope_ambiguous = 0; struct in6_addr *in6a; va_list ap; @@ -338,14 +337,11 @@ rip6_output(m, va_alist) in6p = sotoin6pcb(so); INP_LOCK(in6p); - priv = 0; - if (suser_cred(so->so_cred, 0) == 0) - priv = 1; dst = &dstsock->sin6_addr; if (control) { if ((error = ip6_setpktopts(control, &opt, - in6p->in6p_outputopts, priv, so->so_proto->pr_protocol)) - != 0) { + in6p->in6p_outputopts, so->so_cred, + so->so_proto->pr_protocol)) != 0) { goto bad; } optp = &opt; @@ -548,7 +544,8 @@ rip6_attach(struct socket *so, int proto, struct thread *td) inp = sotoinpcb(so); KASSERT(inp == NULL, ("rip6_attach: inp != NULL")); - if (td && (error = suser(td)) != 0) + error = priv_check(td, PRIV_NETINET_RAW); + if (error) return error; error = soreserve(so, rip_sendspace, rip_recvspace); if (error) |