diff --git a/sys/netiso/esis.c b/sys/netiso/esis.c index 6e59b493f194..7d8a80668b39 100644 --- a/sys/netiso/esis.c +++ b/sys/netiso/esis.c @@ -1,4 +1,4 @@ -/* $NetBSD: esis.c,v 1.39 2006/10/12 01:32:46 christos Exp $ */ +/* $NetBSD: esis.c,v 1.40 2006/10/25 23:40:57 elad Exp $ */ /*- * Copyright (c) 1991, 1993 @@ -59,7 +59,7 @@ SOFTWARE. */ #include -__KERNEL_RCSID(0, "$NetBSD: esis.c,v 1.39 2006/10/12 01:32:46 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: esis.c,v 1.40 2006/10/25 23:40:57 elad Exp $"); #include "opt_iso.h" #ifdef ISO @@ -196,11 +196,14 @@ esis_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam, error = EISCONN; break; } - if (l == 0 || (error = kauth_authorize_generic(l->l_cred, - KAUTH_GENERIC_ISSUSER, &l->l_acflag))) { + + if (l == NULL) { error = EACCES; break; } + + /* XXX: raw socket permission is checked in socreate() */ + if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) { error = soreserve(so, esis_sendspace, esis_recvspace); if (error) diff --git a/sys/netiso/iso.c b/sys/netiso/iso.c index 08cf3487fbc0..17328b058a39 100644 --- a/sys/netiso/iso.c +++ b/sys/netiso/iso.c @@ -1,4 +1,4 @@ -/* $NetBSD: iso.c,v 1.38 2006/07/23 22:06:14 ad Exp $ */ +/* $NetBSD: iso.c,v 1.39 2006/10/25 23:40:57 elad Exp $ */ /*- * Copyright (c) 1991, 1993 @@ -62,7 +62,7 @@ SOFTWARE. */ #include -__KERNEL_RCSID(0, "$NetBSD: iso.c,v 1.38 2006/07/23 22:06:14 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: iso.c,v 1.39 2006/10/25 23:40:57 elad Exp $"); #include #include @@ -475,8 +475,10 @@ iso_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp, case SIOCSIFNETMASK: case SIOCSIFDSTADDR: #endif - if (l == 0 || kauth_authorize_generic(l->l_cred, - KAUTH_GENERIC_ISSUSER, &l->l_acflag)) + if (l == 0 || kauth_authorize_network(l->l_cred, + KAUTH_NETWORK_INTERFACE, + KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, + NULL)) return (EPERM); if (ifp == 0)