diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2006-11-06 13:42:10 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2006-11-06 13:42:10 +0000 |
commit | acd3428b7d3e94cef0e1881c868cb4b131d4ff41 (patch) | |
tree | b9dd284620eeaddbff089cef10e4b1afb7918279 /sys/netatm | |
parent | 800c94083290dc4b38138b28cfc03ee77de4ff79 (diff) | |
download | src-acd3428b7d3e94cef0e1881c868cb4b131d4ff41.tar.gz src-acd3428b7d3e94cef0e1881c868cb4b131d4ff41.zip |
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges. These may
require some future tweaking.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
Notes
Notes:
svn path=/head/; revision=164033
Diffstat (limited to 'sys/netatm')
-rw-r--r-- | sys/netatm/atm_usrreq.c | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/sys/netatm/atm_usrreq.c b/sys/netatm/atm_usrreq.c index ad14e84a366f..6f40a4651227 100644 --- a/sys/netatm/atm_usrreq.c +++ b/sys/netatm/atm_usrreq.c @@ -36,6 +36,7 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> #include <sys/systm.h> #include <sys/sockio.h> +#include <sys/priv.h> #include <sys/protosw.h> #include <sys/socket.h> #include <net/if.h> @@ -181,8 +182,11 @@ atm_dgram_control(so, cmd, data, ifp, td) struct atmcfgreq *acp = (struct atmcfgreq *)data; struct atm_pif *pip; - if (td && (suser(td) != 0)) - ATM_RETERR(EPERM); + if (td != NULL) { + err = priv_check(td, PRIV_NETATM_CFG); + if (err) + ATM_RETERR(err); + } switch (acp->acr_opcode) { @@ -214,8 +218,11 @@ atm_dgram_control(so, cmd, data, ifp, td) struct atmaddreq *aap = (struct atmaddreq *)data; Atm_endpoint *epp; - if (td && (suser(td) != 0)) - ATM_RETERR(EPERM); + if (td != NULL) { + err = priv_check(td, PRIV_NETATM_ADD); + if (err) + ATM_RETERR(err); + } switch (aap->aar_opcode) { @@ -264,8 +271,11 @@ atm_dgram_control(so, cmd, data, ifp, td) struct sigmgr *smp; Atm_endpoint *epp; - if (td && (suser(td) != 0)) - ATM_RETERR(EPERM); + if (td != NULL) { + err = priv_check(td, PRIV_NETATM_DEL); + if (err) + ATM_RETERR(err); + } switch (adp->adr_opcode) { @@ -317,8 +327,11 @@ atm_dgram_control(so, cmd, data, ifp, td) struct sigmgr *smp; struct ifnet *ifp2; - if (td && (suser(td) != 0)) - ATM_RETERR(EPERM); + if (td != NULL) { + err = priv_check(td, PRIV_NETATM_SET); + if (err) + ATM_RETERR(err); + } switch (asp->asr_opcode) { |