Syntax cleanup and also commit a missing piece of the jail_allow_raw_sockets
authorMatthew Dillon <dillon@dragonflybsd.org>
Sat, 17 May 2008 20:33:36 +0000 (20:33 +0000)
committerMatthew Dillon <dillon@dragonflybsd.org>
Sat, 17 May 2008 20:33:36 +0000 (20:33 +0000)
sysctl.

sys/netinet/raw_ip.c
sys/netinet6/raw_ip6.c

index 5d7d880..9363832 100644 (file)
@@ -32,7 +32,7 @@
  *
  *     @(#)raw_ip.c    8.7 (Berkeley) 5/15/95
  * $FreeBSD: src/sys/netinet/raw_ip.c,v 1.64.2.16 2003/08/24 08:24:38 hsu Exp $
- * $DragonFly: src/sys/netinet/raw_ip.c,v 1.28 2008/05/17 18:20:32 dillon Exp $
+ * $DragonFly: src/sys/netinet/raw_ip.c,v 1.29 2008/05/17 20:33:35 dillon Exp $
  */
 
 #include "opt_inet6.h"
@@ -509,10 +509,10 @@ rip_attach(struct socket *so, int proto, struct pru_attach_info *ai)
        int error;
        int flag;
 
-       flag = NULL_CRED_OKAY;
-
-       if( jailed(ai->p_ucred) && jail_allow_raw_sockets )
-               flag = flag | PRISON_ROOT;
+       if (jailed(ai->p_ucred) && jail_allow_raw_sockets)
+               flag = NULL_CRED_OKAY | PRISON_ROOT;
+       else
+               flag = NULL_CRED_OKAY;
 
        inp = so->so_pcb;
        if (inp)
index 96d1f26..0293864 100644 (file)
@@ -27,7 +27,7 @@
  * SUCH DAMAGE.
  *
  * $FreeBSD: src/sys/netinet6/raw_ip6.c,v 1.7.2.7 2003/01/24 05:11:35 sam Exp $
- * $DragonFly: src/sys/netinet6/raw_ip6.c,v 1.25 2007/04/22 01:13:14 dillon Exp $
+ * $DragonFly: src/sys/netinet6/raw_ip6.c,v 1.26 2008/05/17 20:33:36 dillon Exp $
  */
 
 /*
@@ -73,6 +73,7 @@
 #include <sys/proc.h>
 #include <sys/mbuf.h>
 #include <sys/socket.h>
+#include <sys/jail.h>
 #include <sys/protosw.h>
 #include <sys/socketvar.h>
 #include <sys/errno.h>
@@ -545,11 +546,17 @@ rip6_attach(struct socket *so, int proto, struct pru_attach_info *ai)
 {
        struct inpcb *inp;
        int error;
+       int flag;
+
+       if (jailed(ai->p_ucred) && jail_allow_raw_sockets)
+               flag = NULL_CRED_OKAY | PRISON_ROOT;
+       else
+               flag = NULL_CRED_OKAY;
 
        inp = so->so_pcb;
        if (inp)
                panic("rip6_attach");
-       if ((error = suser_cred(ai->p_ucred, NULL_CRED_OKAY)) != 0)
+       if ((error = suser_cred(ai->p_ucred, flag)) != 0)
                return error;
 
        error = soreserve(so, rip_sendspace, rip_recvspace, ai->sb_rlimit);