Page MenuHomeFreeBSD
Files F112050277

D29659.id87194.diff
No OneTemporary
Actions

D29659.id87194.diff
View Options

Index: sys/kern/kern_jail.c
===================================================================
--- sys/kern/kern_jail.c
+++ sys/kern/kern_jail.c
@@ -2510,14 +2510,14 @@
* PR_IP4 and PR_IP6), or only the single bit is examined, without regard
* to any other prison data.
*/
-int
+bool
prison_flag(struct ucred *cred, unsigned flag)
{
return (cred->cr_prison->pr_flags & flag);
}
-int
+bool
prison_allow(struct ucred *cred, unsigned flag)
{
@@ -3141,16 +3141,16 @@
}
/*
- * Return 1 if p2 is a child of p1, otherwise 0.
+ * Return true if p2 is a child of p1, otherwise false.
*/
-int
+bool
prison_ischild(struct prison *pr1, struct prison *pr2)
{
for (pr2 = pr2->pr_parent; pr2 != NULL; pr2 = pr2->pr_parent)
if (pr1 == pr2)
- return (1);
- return (0);
+ return (true);
+ return (false);
}
/*
@@ -3185,21 +3185,21 @@
}
/*
- * Return 1 if the passed credential is in a jail and that jail does not
- * have its own virtual network stack, otherwise 0.
+ * Return true if the passed credential is in a jail and that jail does not
+ * have its own virtual network stack, otherwise false.
*/
-int
+bool
jailed_without_vnet(struct ucred *cred)
{
if (!jailed(cred))
- return (0);
+ return (false);
#ifdef VIMAGE
if (prison_owns_vnet(cred))
- return (0);
+ return (false);
#endif
- return (1);
+ return (true);
}
/*
@@ -3261,9 +3261,9 @@
* Determine whether the prison represented by cred owns
* its vnet rather than having it inherited.
*
- * Returns 1 in case the prison owns the vnet, 0 otherwise.
+ * Returns true in case the prison owns the vnet, false otherwise.
*/
-int
+bool
prison_owns_vnet(struct ucred *cred)
{
@@ -3271,7 +3271,7 @@
* vnets cannot be added/removed after jail creation,
* so no need to lock here.
*/
- return (cred->cr_prison->pr_flags & PR_VNET ? 1 : 0);
+ return ((cred->cr_prison->pr_flags & PR_VNET) != 0);
}
#endif
Index: sys/netinet/in_jail.c
===================================================================
--- sys/netinet/in_jail.c
+++ sys/netinet/in_jail.c
@@ -94,10 +94,11 @@
* Restrict a prison's IP address list with its parent's, possibly replacing
* it. Return true if the replacement buffer was used (or would have been).
*/
-int
+bool
prison_restrict_ip4(struct prison *pr, struct in_addr *newip4)
{
- int ii, ij, used;
+ int ii, ij;
+ bool used;
struct prison *ppr;
ppr = pr->pr_parent;
@@ -110,12 +111,12 @@
* (if it was passed). If there's no buffer, try to
* allocate one.
*/
- used = 1;
+ used = true;
if (newip4 == NULL) {
newip4 = malloc(ppr->pr_ip4s * sizeof(*newip4),
M_PRISON, M_NOWAIT);
if (newip4 != NULL)
- used = 0;
+ used = false;
}
if (newip4 != NULL) {
bcopy(ppr->pr_ip4, newip4,
@@ -171,7 +172,7 @@
pr->pr_ip4 = NULL;
}
}
- return (0);
+ return (false);
}
/*
@@ -210,49 +211,47 @@
}
/*
- * Return 1 if we should do proper source address selection or are not jailed.
- * We will return 0 if we should bypass source address selection in favour
+ * Return true if we should do proper source address selection or are not jailed.
+ * We will return false if we should bypass source address selection in favour
* of the primary jail IPv4 address. Only in this case *ia will be updated and
* returned in NBO.
- * Return EAFNOSUPPORT, in case this jail does not allow IPv4.
+ * Return true, even in case this jail does not allow IPv4.
*/
-int
+bool
prison_saddrsel_ip4(struct ucred *cred, struct in_addr *ia)
{
struct prison *pr;
struct in_addr lia;
- int error;
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
KASSERT(ia != NULL, ("%s: ia is NULL", __func__));
if (!jailed(cred))
- return (1);
+ return (true);
pr = cred->cr_prison;
if (pr->pr_flags & PR_IP4_SADDRSEL)
- return (1);
+ return (true);
lia.s_addr = INADDR_ANY;
- error = prison_get_ip4(cred, &lia);
- if (error)
- return (error);
+ if (prison_get_ip4(cred, &lia))
+ return (true);
if (lia.s_addr == INADDR_ANY)
- return (1);
+ return (true);
ia->s_addr = lia.s_addr;
- return (0);
+ return (false);
}
/*
* Return true if pr1 and pr2 have the same IPv4 address restrictions.
*/
-int
+bool
prison_equal_ip4(struct prison *pr1, struct prison *pr2)
{
if (pr1 == pr2)
- return (1);
+ return (true);
/*
* No need to lock since the PR_IP4_USER flag can't be altered for
Index: sys/netinet6/in6_jail.c
===================================================================
--- sys/netinet6/in6_jail.c
+++ sys/netinet6/in6_jail.c
@@ -84,10 +84,15 @@
return (rc);
}
-int
+/*
+ * Restrict a prison's IP address list with its parent's, possibly replacing
+ * it. Return true if the replacement buffer was used (or would have been).
+ */
+bool
prison_restrict_ip6(struct prison *pr, struct in6_addr *newip6)
{
- int ii, ij, used;
+ int ii, ij;
+ bool used;
struct prison *ppr;
ppr = pr->pr_parent;
@@ -100,12 +105,12 @@
* (if it was passed). If there's no buffer, try to
* allocate one.
*/
- used = 1;
+ used = true;
if (newip6 == NULL) {
newip6 = malloc(ppr->pr_ip6s * sizeof(*newip6),
M_PRISON, M_NOWAIT);
if (newip6 != NULL)
- used = 0;
+ used = false;
}
if (newip6 != NULL) {
bcopy(ppr->pr_ip6, newip6,
@@ -163,7 +168,7 @@
pr->pr_ip6 = NULL;
}
}
- return 0;
+ return (false);
}
/*
@@ -201,49 +206,47 @@
}
/*
- * Return 1 if we should do proper source address selection or are not jailed.
- * We will return 0 if we should bypass source address selection in favour
+ * Return true if we should do proper source address selection or are not jailed.
+ * We will return false if we should bypass source address selection in favour
* of the primary jail IPv6 address. Only in this case *ia will be updated and
* returned in NBO.
- * Return EAFNOSUPPORT, in case this jail does not allow IPv6.
+ * Return true, even in case this jail does not allow IPv6.
*/
-int
+bool
prison_saddrsel_ip6(struct ucred *cred, struct in6_addr *ia6)
{
struct prison *pr;
struct in6_addr lia6;
- int error;
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
if (!jailed(cred))
- return (1);
+ return (true);
pr = cred->cr_prison;
if (pr->pr_flags & PR_IP6_SADDRSEL)
- return (1);
+ return (true);
lia6 = in6addr_any;
- error = prison_get_ip6(cred, &lia6);
- if (error)
- return (error);
+ if (prison_get_ip6(cred, &lia6))
+ return (true);
if (IN6_IS_ADDR_UNSPECIFIED(&lia6))
- return (1);
+ return (true);
bcopy(&lia6, ia6, sizeof(struct in6_addr));
- return (0);
+ return (false);
}
/*
* Return true if pr1 and pr2 have the same IPv6 address restrictions.
*/
-int
+bool
prison_equal_ip6(struct prison *pr1, struct prison *pr2)
{
if (pr1 == pr2)
- return (1);
+ return (true);
while (pr1 != &prison0 &&
#ifdef VIMAGE
Index: sys/sys/jail.h
===================================================================
--- sys/sys/jail.h
+++ sys/sys/jail.h
@@ -404,23 +404,23 @@
*/
#define jailed(cred) (cred->cr_prison != &prison0)
-int jailed_without_vnet(struct ucred *);
+bool jailed_without_vnet(struct ucred *);
void getcredhostname(struct ucred *, char *, size_t);
void getcreddomainname(struct ucred *, char *, size_t);
void getcredhostuuid(struct ucred *, char *, size_t);
void getcredhostid(struct ucred *, unsigned long *);
void getjailname(struct ucred *cred, char *name, size_t len);
void prison0_init(void);
-int prison_allow(struct ucred *, unsigned);
+bool prison_allow(struct ucred *, unsigned);
int prison_check(struct ucred *cred1, struct ucred *cred2);
-int prison_owns_vnet(struct ucred *);
+bool prison_owns_vnet(struct ucred *);
int prison_canseemount(struct ucred *cred, struct mount *mp);
void prison_enforce_statfs(struct ucred *cred, struct mount *mp,
struct statfs *sp);
struct prison *prison_find(int prid);
struct prison *prison_find_child(struct prison *, int);
struct prison *prison_find_name(struct prison *, const char *);
-int prison_flag(struct ucred *, unsigned);
+bool prison_flag(struct ucred *, unsigned);
void prison_free(struct prison *pr);
void prison_free_locked(struct prison *pr);
void prison_hold(struct prison *pr);
@@ -428,27 +428,27 @@
void prison_proc_hold(struct prison *);
void prison_proc_free(struct prison *);
void prison_set_allow(struct ucred *cred, unsigned flag, int enable);
-int prison_ischild(struct prison *, struct prison *);
+bool prison_ischild(struct prison *, struct prison *);
bool prison_isalive(struct prison *);
bool prison_isvalid(struct prison *);
-int prison_equal_ip4(struct prison *, struct prison *);
+bool prison_equal_ip4(struct prison *, struct prison *);
int prison_get_ip4(struct ucred *cred, struct in_addr *ia);
int prison_local_ip4(struct ucred *cred, struct in_addr *ia);
int prison_remote_ip4(struct ucred *cred, struct in_addr *ia);
int prison_check_ip4(const struct ucred *, const struct in_addr *);
int prison_check_ip4_locked(const struct prison *, const struct in_addr *);
-int prison_saddrsel_ip4(struct ucred *, struct in_addr *);
-int prison_restrict_ip4(struct prison *, struct in_addr *);
+bool prison_saddrsel_ip4(struct ucred *, struct in_addr *);
+bool prison_restrict_ip4(struct prison *, struct in_addr *);
int prison_qcmp_v4(const void *, const void *);
#ifdef INET6
-int prison_equal_ip6(struct prison *, struct prison *);
+bool prison_equal_ip6(struct prison *, struct prison *);
int prison_get_ip6(struct ucred *, struct in6_addr *);
int prison_local_ip6(struct ucred *, struct in6_addr *, int);
int prison_remote_ip6(struct ucred *, struct in6_addr *);
int prison_check_ip6(const struct ucred *, const struct in6_addr *);
int prison_check_ip6_locked(const struct prison *, const struct in6_addr *);
-int prison_saddrsel_ip6(struct ucred *, struct in6_addr *);
-int prison_restrict_ip6(struct prison *, struct in6_addr *);
+bool prison_saddrsel_ip6(struct ucred *, struct in6_addr *);
+bool prison_restrict_ip6(struct prison *, struct in6_addr *);
int prison_qcmp_v6(const void *, const void *);
#endif
int prison_check_af(struct ucred *cred, int af);

File Metadata

Mime Type
text/plain
Expires
Thu, Mar 13, 3:03 AM (15 h, 36 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
17129175
Default Alt Text
D29659.id87194.diff (10 KB)

Event Timeline