Page MenuHomeFreeBSD
Files F155091532

D25630.id74342.diff
No OneTemporary
Actions

D25630.id74342.diff
View Options

Index: sys/kern/kern_jail.c
===================================================================
--- sys/kern/kern_jail.c
+++ sys/kern/kern_jail.c
@@ -3066,11 +3066,14 @@
/*
* 802.11-related privileges.
+ *
+ * Note PRIV_NET80211_VAP_SETMAC and PRIV_NET80211_CREATE_VAP
+ * are not available in the jail. (So things that require
+ * cloning new interfaces like DWDS STA/AP won't work in
+ * jails.)
*/
- case PRIV_NET80211_GETKEY:
-#ifdef notyet
- case PRIV_NET80211_MANAGE: /* XXX-BZ discuss with sam@ */
-#endif
+ case PRIV_NET80211_VAP_GETKEY:
+ case PRIV_NET80211_VAP_MANAGE:
#ifdef notyet
/*
Index: sys/net80211/ieee80211_freebsd.c
===================================================================
--- sys/net80211/ieee80211_freebsd.c
+++ sys/net80211/ieee80211_freebsd.c
@@ -41,6 +41,7 @@
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/module.h>
+#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/sysctl.h>
@@ -81,6 +82,10 @@
struct ieee80211vap *vap;
struct ieee80211com *ic;
int error;
+
+ error = priv_check(curthread, PRIV_NET80211_CREATE_VAP);
+ if (error)
+ return error;
error = copyin(params, &cp, sizeof(cp));
if (error)
Index: sys/net80211/ieee80211_ioctl.c
===================================================================
--- sys/net80211/ieee80211_ioctl.c
+++ sys/net80211/ieee80211_ioctl.c
@@ -106,7 +106,8 @@
ik.ik_flags = wk->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV);
if (wk->wk_keyix == vap->iv_def_txkey)
ik.ik_flags |= IEEE80211_KEY_DEFAULT;
- if (priv_check(curthread, PRIV_NET80211_GETKEY) == 0) {
+ /* XXX TODO: move priv check to ieee80211_freebsd.c */
+ if (priv_check(curthread, PRIV_NET80211_VAP_GETKEY) == 0) {
/* NB: only root can read key data */
ik.ik_keyrsc = wk->wk_keyrsc[IEEE80211_NONQOS_TID];
ik.ik_keytsc = wk->wk_keytsc;
@@ -247,6 +248,8 @@
* NB: ie's can be no more than 255 bytes and the max 802.11
* packet is <3Kbytes so we are sure this doesn't overflow
* 16-bits; if this is a concern we can drop the ie's.
+ *
+ * XXX TODO: should really double check this!
*/
len = sizeof(struct ieee80211req_scan_result) + se->se_ssid[1] +
se->se_meshid[1] + *ielen;
@@ -815,7 +818,8 @@
return EINVAL;
len = (u_int) vap->iv_nw_keys[kid].wk_keylen;
/* NB: only root can read WEP keys */
- if (priv_check(curthread, PRIV_NET80211_GETKEY) == 0) {
+ /* XXX TODO: move priv check to ieee80211_freebsd.c */
+ if (priv_check(curthread, PRIV_NET80211_VAP_GETKEY) == 0) {
bcopy(vap->iv_nw_keys[kid].wk_key, tmpkey, len);
} else {
bzero(tmpkey, len);
@@ -3636,7 +3640,8 @@
(struct ieee80211req *) data);
break;
case SIOCS80211:
- error = priv_check(curthread, PRIV_NET80211_MANAGE);
+ /* XXX TODO: move priv check to ieee80211_freebsd.c */
+ error = priv_check(curthread, PRIV_NET80211_VAP_MANAGE);
if (error == 0)
error = ieee80211_ioctl_set80211(vap, cmd,
(struct ieee80211req *) data);
@@ -3681,6 +3686,12 @@
break;
}
break;
+ case SIOCSIFLLADDR:
+ /* XXX TODO: move priv check to ieee80211_freebsd.c */
+ error = priv_check(curthread, PRIV_NET80211_VAP_SETMAC);
+ if (error == 0)
+ break;
+ /* Fallthrough */
default:
/*
* Pass unknown ioctls first to the driver, and if it
Index: sys/sys/priv.h
===================================================================
--- sys/sys/priv.h
+++ sys/sys/priv.h
@@ -350,8 +350,10 @@
/*
* 802.11-related privileges.
*/
-#define PRIV_NET80211_GETKEY 440 /* Query 802.11 keys. */
-#define PRIV_NET80211_MANAGE 441 /* Administer 802.11. */
+#define PRIV_NET80211_VAP_GETKEY 440 /* Query VAP 802.11 keys. */
+#define PRIV_NET80211_VAP_MANAGE 441 /* Administer 802.11 VAP */
+#define PRIV_NET80211_VAP_SETMAC 442 /* Set VAP MAC address */
+#define PRIV_NET80211_CREATE_VAP 443 /* Create a new VAP */
/*
* Placeholder for AppleTalk privileges, not supported anymore.

File Metadata

Mime Type
text/plain
Expires
Sat, May 2, 7:50 AM (20 h, 10 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
32610770
Default Alt Text
D25630.id74342.diff (3 KB)

Event Timeline