PR/40603: Christoph Badura: unprivileged users can add and delete interface

link addresses. Fixed by centralizing the test as suggested. Will pull up
to 5.0 once submitter tests the fix.

sys/net/if.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: if.c,v 1.232 2009/01/11 02:45:54 christos Exp $	*/
+/*	$NetBSD: if.c,v 1.233 2009/02/12 19:05:36 christos Exp $	*/
 
 /*-
  * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc.
@@ -90,7 +90,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.232 2009/01/11 02:45:54 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.233 2009/02/12 19:05:36 christos Exp $");
 
 #include "opt_inet.h"
 
@@ -1633,6 +1633,9 @@ ifioctl(struct socket *so, u_long cmd, void *data, struct lwp *l)
 		return ENXIO;
 
 	switch (cmd) {
+	case SIOCALIFADDR:
+	case SIOCDLIFADDR:
+	case SIOCSIFADDRPREF:
 	case SIOCSIFFLAGS:
 	case SIOCSIFCAP:
 	case SIOCSIFMETRIC:

sys/netinet/in.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: in.c,v 1.130 2008/12/21 19:07:35 roy Exp $	*/
+/*	$NetBSD: in.c,v 1.131 2009/02/12 19:05:36 christos Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in.c,v 1.130 2008/12/21 19:07:35 roy Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in.c,v 1.131 2009/02/12 19:05:36 christos Exp $");
 
 #include "opt_inet.h"
 #include "opt_inet_conf.h"
@@ -322,13 +322,6 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
 	case SIOCALIFADDR:
 	case SIOCDLIFADDR:
 	case SIOCSIFADDRPREF:
-		if (l == NULL)
-			return (EPERM);
-		if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE,
-		    KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
-		    NULL) != 0)
-			return (EPERM);
-		/*FALLTHROUGH*/
 	case SIOCGIFADDRPREF:
 	case SIOCGLIFADDR:
 		if (ifp == NULL)