Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Kill some KAUTH_GENERIC_ISSUSER.

This commit is contained in:
elad 2006-10-25 23:27:29 +00:00
parent f808f29d05
commit 783aeba060
1 changed files with 24 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
sys/net80211/ieee80211_ioctl.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ieee80211_ioctl.c,v 1.40 2006/10/12 01:32:30 christos Exp $ */
/* $NetBSD: ieee80211_ioctl.c,v 1.41 2006/10/25 23:27:29 elad Exp $ */
/*-
* Copyright (c) 2001 Atsushi Onoe
* Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
@ -36,7 +36,7 @@
__FBSDID("$FreeBSD: src/sys/net80211/ieee80211_ioctl.c,v 1.35 2005/08/30 14:27:47 avatar Exp $");
#endif
#ifdef __NetBSD__
__KERNEL_RCSID(0, "$NetBSD: ieee80211_ioctl.c,v 1.40 2006/10/12 01:32:30 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: ieee80211_ioctl.c,v 1.41 2006/10/25 23:27:29 elad Exp $");
#endif
/*
@ -360,8 +360,10 @@ ieee80211_cfgget(struct ieee80211com *ic, u_long cmd __unused, caddr_t data)
case WI_RID_DEFLT_CRYPT_KEYS:
keys = (struct wi_ltv_keys *)wreq;
/* do not show keys to non-root user */
error = kauth_authorize_generic(curlwp->l_cred,
KAUTH_GENERIC_ISSUSER, &curlwp->l_acflag);
error = kauth_authorize_network(curlwp->l_cred,
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp,
NULL, NULL);
if (error) {
memset(keys, 0, sizeof(*keys));
error = 0;
@ -895,8 +897,8 @@ ieee80211_ioctl_getkey(struct ieee80211com *ic, struct ieee80211req *ireq)
ik.ik_flags = wk->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV);
if (wk->wk_keyix == ic->ic_def_txkey)
ik.ik_flags |= IEEE80211_KEY_DEFAULT;
if (kauth_authorize_generic(curlwp->l_cred, KAUTH_GENERIC_ISSUSER,
&curlwp->l_acflag) == 0) {
if (kauth_authorize_network(curlwp->l_cred, KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ic->ic_ifp, NULL, NULL) == 0) {
/* NB: only root can read key data */
ik.ik_keyrsc = wk->wk_keyrsc;
ik.ik_keytsc = wk->wk_keytsc;
@ -1371,8 +1373,10 @@ ieee80211_ioctl_get80211(struct ieee80211com *ic, u_long cmd __unused,
return EINVAL;
len = (u_int) ic->ic_nw_keys[kid].wk_keylen;
/* NB: only root can read WEP keys */
if (kauth_authorize_generic(curlwp->l_cred, KAUTH_GENERIC_ISSUSER,
&curlwp->l_acflag) == 0) {
if (kauth_authorize_network(curlwp->l_cred,
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, ireq->i_type,
NULL) == 0) {
bcopy(ic->ic_nw_keys[kid].wk_key, tmpkey, len);
} else {
bzero(tmpkey, len);
@ -2628,8 +2632,10 @@ ieee80211_ioctl(struct ieee80211com *ic, u_long cmd, caddr_t data)
(struct ieee80211req *) data);
break;
case SIOCS80211:
if ((error = kauth_authorize_generic(curlwp->l_cred,
KAUTH_GENERIC_ISSUSER, &curlwp->l_acflag)) != 0)
if ((error = kauth_authorize_network(curlwp->l_cred,
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
NULL) != 0))
break;
error = ieee80211_ioctl_set80211(ic, cmd,
(struct ieee80211req *) data);
@ -2766,8 +2772,10 @@ ieee80211_ioctl(struct ieee80211com *ic, u_long cmd, caddr_t data)
if (nwkey->i_key[i].i_keydat == NULL)
continue;
/* do not show any keys to non-root user */
if ((error = kauth_authorize_generic(curlwp->l_cred,
KAUTH_GENERIC_ISSUSER, &curlwp->l_acflag)) != 0)
if ((error = kauth_authorize_network(curlwp->l_cred,
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp,
(void *)cmd, NULL)) != 0)
break;
nwkey->i_key[i].i_keylen = ic->ic_nw_keys[i].wk_keylen;
if ((error = copyout(ic->ic_nw_keys[i].wk_key,
@ -2875,8 +2883,10 @@ ieee80211_ioctl(struct ieee80211com *ic, u_long cmd, caddr_t data)
error = ieee80211_cfgget(ic, cmd, data);
break;
case SIOCSIFGENERIC:
error = kauth_authorize_generic(curlwp->l_cred,
KAUTH_GENERIC_ISSUSER, &curlwp->l_acflag);
error = kauth_authorize_network(curlwp->l_cred,
KAUTH_NETWORK_INTERFACE,
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
NULL);
if (error)
break;
error = ieee80211_cfgset(ic, cmd, data);