D26541.diff
No OneTemporary
Actions

Size

4 KB

Referenced Files

None

Subscribers

None

D26541.diff
View Options

	Index: head/sys/net80211/ieee80211_freebsd.h
	===================================================================
	--- head/sys/net80211/ieee80211_freebsd.h
	+++ head/sys/net80211/ieee80211_freebsd.h
	@@ -43,6 +43,19 @@
	#include <net/debugnet.h>

	/*
	+ * priv(9) NET80211 checks.
	+ */
	+struct ieee80211vap;
	+int ieee80211_priv_check_vap_getkey(u_long, struct ieee80211vap *,
	+ struct ifnet *);
	+int ieee80211_priv_check_vap_manage(u_long, struct ieee80211vap *,
	+ struct ifnet *);
	+int ieee80211_priv_check_vap_setmac(u_long, struct ieee80211vap *,
	+ struct ifnet *);
	+int ieee80211_priv_check_create_vap(u_long, struct ieee80211vap *,
	+ struct ifnet *);
	+
	+/*
	* Common state locking definitions.
	*/
	typedef struct {
	Index: head/sys/net80211/ieee80211_freebsd.c
	===================================================================
	--- head/sys/net80211/ieee80211_freebsd.c
	+++ head/sys/net80211/ieee80211_freebsd.c
	@@ -75,6 +75,42 @@
	static const char wlanname[] = "wlan";
	static struct if_clone *wlan_cloner;

	+/*
	+ * priv(9) NET80211 checks.
	+ * Return 0 if operation is allowed, E* (usually EPERM) otherwise.
	+ */
	+int
	+ieee80211_priv_check_vap_getkey(u_long cmd __unused,
	+ struct ieee80211vap vap __unused, struct ifnet ifp __unused)
	+{
	+
	+ return (priv_check(curthread, PRIV_NET80211_VAP_GETKEY));
	+}
	+
	+int
	+ieee80211_priv_check_vap_manage(u_long cmd __unused,
	+ struct ieee80211vap vap __unused, struct ifnet ifp __unused)
	+{
	+
	+ return (priv_check(curthread, PRIV_NET80211_VAP_MANAGE));
	+}
	+
	+int
	+ieee80211_priv_check_vap_setmac(u_long cmd __unused,
	+ struct ieee80211vap vap __unused, struct ifnet ifp __unused)
	+{
	+
	+ return (priv_check(curthread, PRIV_NET80211_VAP_SETMAC));
	+}
	+
	+int
	+ieee80211_priv_check_create_vap(u_long cmd __unused,
	+ struct ieee80211vap vap __unused, struct ifnet ifp __unused)
	+{
	+
	+ return (priv_check(curthread, PRIV_NET80211_CREATE_VAP));
	+}
	+
	static int
	wlan_clone_create(struct if_clone *ifc, int unit, caddr_t params)
	{
	@@ -83,7 +119,7 @@
	struct ieee80211com *ic;
	int error;

	- error = priv_check(curthread, PRIV_NET80211_CREATE_VAP);
	+ error = ieee80211_priv_check_create_vap(0, NULL, NULL);
	if (error)
	return error;

	Index: head/sys/net80211/ieee80211_ioctl.c
	===================================================================
	--- head/sys/net80211/ieee80211_ioctl.c
	+++ head/sys/net80211/ieee80211_ioctl.c
	@@ -40,7 +40,6 @@
	#include <sys/param.h>
	#include <sys/kernel.h>
	#include <sys/malloc.h>
	-#include <sys/priv.h>
	#include <sys/socket.h>
	#include <sys/sockio.h>
	#include <sys/systm.h>
	@@ -72,7 +71,8 @@
	struct ieee80211_scan_req *);

	static int
	-ieee80211_ioctl_getkey(struct ieee80211vap vap, struct ieee80211req ireq)
	+ieee80211_ioctl_getkey(u_long cmd, struct ieee80211vap *vap,
	+ struct ieee80211req *ireq)
	{
	struct ieee80211com *ic = vap->iv_ic;
	struct ieee80211_node *ni;
	@@ -106,8 +106,7 @@
	ik.ik_flags = wk->wk_flags & (IEEE80211_KEY_XMIT \| IEEE80211_KEY_RECV);
	if (wk->wk_keyix == vap->iv_def_txkey)
	ik.ik_flags \|= IEEE80211_KEY_DEFAULT;
	- /* XXX TODO: move priv check to ieee80211_freebsd.c */
	- if (priv_check(curthread, PRIV_NET80211_VAP_GETKEY) == 0) {
	+ if (ieee80211_priv_check_vap_getkey(cmd, vap, NULL) == 0) {
	/* NB: only root can read key data */
	ik.ik_keyrsc = wk->wk_keyrsc[IEEE80211_NONQOS_TID];
	ik.ik_keytsc = wk->wk_keytsc;
	@@ -822,8 +821,7 @@
	return EINVAL;
	len = (u_int) vap->iv_nw_keys[kid].wk_keylen;
	/* NB: only root can read WEP keys */
	- /* XXX TODO: move priv check to ieee80211_freebsd.c */
	- if (priv_check(curthread, PRIV_NET80211_VAP_GETKEY) == 0) {
	+ if (ieee80211_priv_check_vap_getkey(cmd, vap, NULL) == 0) {
	bcopy(vap->iv_nw_keys[kid].wk_key, tmpkey, len);
	} else {
	bzero(tmpkey, len);
	@@ -916,7 +914,7 @@
	ireq->i_val = (vap->iv_flags & IEEE80211_F_NOBRIDGE) == 0;
	break;
	case IEEE80211_IOC_WPAKEY:
	- error = ieee80211_ioctl_getkey(vap, ireq);
	+ error = ieee80211_ioctl_getkey(cmd, vap, ireq);
	break;
	case IEEE80211_IOC_CHANINFO:
	error = ieee80211_ioctl_getchaninfo(vap, ireq);
	@@ -3630,8 +3628,7 @@
	(struct ieee80211req *) data);
	break;
	case SIOCS80211:
	- /* XXX TODO: move priv check to ieee80211_freebsd.c */
	- error = priv_check(curthread, PRIV_NET80211_VAP_MANAGE);
	+ error = ieee80211_priv_check_vap_manage(cmd, vap, ifp);
	if (error == 0)
	error = ieee80211_ioctl_set80211(vap, cmd,
	(struct ieee80211req *) data);
	@@ -3677,8 +3674,7 @@
	}
	break;
	case SIOCSIFLLADDR:
	- /* XXX TODO: move priv check to ieee80211_freebsd.c */
	- error = priv_check(curthread, PRIV_NET80211_VAP_SETMAC);
	+ error = ieee80211_priv_check_vap_setmac(cmd, vap, ifp);
	if (error == 0)
	break;
	/* Fallthrough */

File Metadata

Mime Type: text/plain
Expires: Wed, Mar 11, 9:28 AM (11 h, 51 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 29534644
Default Alt Text: D26541.diff (4 KB)

D26541.diffNo OneTemporaryActions

D26541.diffView Options

File Metadata

Event Timeline

D26541.diff
No OneTemporary
Actions

D26541.diff
View Options