suser() -> capable() for linux/net

Alexander Kjeldaas (astor@guardian.no)
Thu, 23 Apr 1998 18:36:25 +0200
Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stelian Pop: "Need a "virtual directory""
Previous message: Alexander Kjeldaas: "suser() -> capable() for linux/fs"
--uo+9/B/ebqu+fSQP
Content-Type: text/plain; charset=us-ascii
This patch changes suser() to capable() in linux/net. There are some I
deliberately left out in hope that someone else with better
understanding of the code would do it for me. Most of these probably
need to change suser() to capable(CAP_NET_ADMIN).
net/ax25/af_ax25.c
net/ax25/ax25_route.c
net/ax25/ax25_uid.c
net/core/dev.c
net/core/sock.c
net/ipv4/arp.c
net/ipv4/rarp.c
net/ipx/af_ipx.c
net/netrom/af_netrom.c
net/bridge/br.c
net/x25/af_x25.c
net/rose/af_rose.c
net/rose/af_rose.c
net/netlink/af_netlink.c
net/netlink/af_netlink.c
net/netlink/af_netlink.c
astor
-- 
 Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway
 http://www.guardian.no/

--uo+9/B/ebqu+fSQP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=cap_97_3_net

diff -urN /tmp/linux/net/appletalk/ddp.c lp97/net/appletalk/ddp.c
--- /tmp/linux/net/appletalk/ddp.c	Thu Mar 12 19:54:12 1998
+++ lp97/net/appletalk/ddp.c	Thu Apr 23 02:17:08 1998
@@ -719,7 +719,7 @@
 	switch(cmd)
 	{
 		case SIOCSIFADDR:
-			if(!suser())
+			if(!capable(CAP_NET_ADMIN))
 				return (-EPERM);
 			if(sa->sat_family != AF_APPLETALK)
 				return (-EINVAL);
@@ -830,7 +830,7 @@
 
 	        case SIOCATALKDIFADDR:
 	        case SIOCDIFADDR:
-			if(!suser())
+			if(!capable(CAP_NET_ADMIN))
 				return (-EPERM);
 			if(sa->sat_family != AF_APPLETALK)
 				return (-EINVAL);
@@ -1809,7 +1809,7 @@
 		 */
 		case SIOCADDRT:
 		case SIOCDELRT:
-			if(!suser())
+			if(!capable(CAP_NET_ADMIN))
 				return -EPERM;
 			return (atrtr_ioctl(cmd,(void *)arg));
 
diff -urN /tmp/linux/net/core/dev.c lp97/net/core/dev.c
--- /tmp/linux/net/core/dev.c	Sat Apr  4 03:48:11 1998
+++ lp97/net/core/dev.c	Thu Apr 23 02:24:14 1998
@@ -321,7 +321,7 @@
 
 void dev_load(const char *name)
 {
-	if(!dev_get(name) && suser())
+	if(!dev_get(name) && capable(CAP_SYS_MODULE))
 		request_module(name);
 }
 
@@ -1591,7 +1591,7 @@
 		case SIOCDELMULTI:
 		case SIOCSIFHWBROADCAST:
 		case SIOCSIFTXQLEN:
-			if (!suser())
+			if (!capable(CAP_NET_ADMIN))
 				return -EPERM;
 			dev_load(ifr.ifr_name);
 			rtnl_lock();
diff -urN /tmp/linux/net/core/sock.c lp97/net/core/sock.c
--- /tmp/linux/net/core/sock.c	Sun Apr 12 02:18:16 1998
+++ lp97/net/core/sock.c	Thu Apr 23 13:32:55 1998
@@ -185,7 +185,7 @@
   	switch(optname) 
   	{
 		case SO_DEBUG:	
-			if(val && !suser())
+			if(val && !capable(CAP_NET_ADMIN))
 			{
 				ret = -EACCES;
 			}
@@ -922,7 +922,7 @@
 			 */
 			if (current->pgrp != -arg &&
 				current->pid != arg &&
-				!suser()) return(-EPERM);
+				!capable(CAP_NET_ADMIN)) return(-EPERM);
 			sk->proc = arg;
 			return(0);
 		case F_GETOWN:
diff -urN /tmp/linux/net/ipv4/af_inet.c lp97/net/ipv4/af_inet.c
--- /tmp/linux/net/ipv4/af_inet.c	Sat Apr  4 03:48:11 1998
+++ lp97/net/ipv4/af_inet.c	Thu Apr 23 13:36:27 1998
@@ -374,7 +374,7 @@
 		sock->ops = &inet_dgram_ops;
 		break;
 	case SOCK_RAW:
-		if (!suser())
+		if (!capable(CAP_NET_RAW))
 			goto free_and_badperm;
 		if (!protocol)
 			goto free_and_noproto;
@@ -521,7 +521,7 @@
 #endif		 
 	if (snum == 0) 
 		snum = sk->prot->good_socknum();
-	if (snum < PROT_SOCK && !suser())
+	if (snum < PROT_SOCK && !capable(CAP_NET_BIND_SERVICE))
 		return(-EACCES);
 	
 	chk_addr_ret = inet_addr_type(addr->sin_addr.s_addr);
@@ -529,7 +529,7 @@
 	    chk_addr_ret != RTN_MULTICAST && chk_addr_ret != RTN_BROADCAST) {
 #ifdef CONFIG_IP_TRANSPARENT_PROXY
 		/* Superuser may bind to any address to allow transparent proxying. */
-		if(chk_addr_ret != RTN_UNICAST || !suser())
+		if(chk_addr_ret != RTN_UNICAST || !capable(CAP_NET_ADMIN))
 #endif
 			return -EADDRNOTAVAIL;	/* Source address MUST be ours! */
 	}
@@ -868,7 +868,8 @@
 			err = get_user(pid, (int *) arg);
 			if (err)
 				return err; 
-			if (current->pid != pid && current->pgrp != -pid && !suser())
+			if (current->pid != pid && current->pgrp != -pid && 
+			    !capable(CAP_NET_ADMIN))
 				return -EPERM;
 			sk->proc = pid;
 			return(0);
diff -urN /tmp/linux/net/ipv4/devinet.c lp97/net/ipv4/devinet.c
--- /tmp/linux/net/ipv4/devinet.c	Sat Mar 28 03:12:32 1998
+++ lp97/net/ipv4/devinet.c	Thu Apr 23 13:42:17 1998
@@ -435,7 +435,7 @@
 		break;
 
 	case SIOCSIFFLAGS:
-		if (!suser())
+		if (!capable(CAP_NET_ADMIN))
 			return -EACCES;
 		rtnl_lock();
 		exclusive = 1;
@@ -444,7 +444,7 @@
 	case SIOCSIFBRDADDR:	/* Set the broadcast address */
 	case SIOCSIFDSTADDR:	/* Set the destination address */
 	case SIOCSIFNETMASK: 	/* Set the netmask for the interface */
-		if (!suser())
+		if (!capable(CAP_NET_ADMIN))
 			return -EACCES;
 		if (sin->sin_family != AF_INET)
 			return -EINVAL;
diff -urN /tmp/linux/net/ipv4/fib_frontend.c lp97/net/ipv4/fib_frontend.c
--- /tmp/linux/net/ipv4/fib_frontend.c	Tue Mar 10 18:47:26 1998
+++ lp97/net/ipv4/fib_frontend.c	Thu Apr 23 13:46:11 1998
@@ -253,7 +253,7 @@
 	switch (cmd) {
 	case SIOCADDRT:		/* Add a route */
 	case SIOCDELRT:		/* Delete a route */
-		if (!suser())
+		if (!capable(CAP_NET_ADMIN))
 			return -EPERM;
 		if (copy_from_user(&r, arg, sizeof(struct rtentry)))
 			return -EFAULT;
diff -urN /tmp/linux/net/ipv4/ip_sockglue.c lp97/net/ipv4/ip_sockglue.c
--- /tmp/linux/net/ipv4/ip_sockglue.c	Tue Mar 10 18:47:27 1998
+++ lp97/net/ipv4/ip_sockglue.c	Thu Apr 23 13:45:50 1998
@@ -311,7 +311,8 @@
 			  /* Reject setting of unused bits */
 			if (val & ~(IPTOS_TOS_MASK|IPTOS_PREC_MASK))
 				return -EINVAL;
-			if (IPTOS_PREC(val) >= IPTOS_PREC_CRITIC_ECP && !suser())
+			if (IPTOS_PREC(val) >= IPTOS_PREC_CRITIC_ECP && 
+			    !capable(CAP_NET_ADMIN))
 				return -EPERM;
 			if (sk->ip_tos != val) {
 				sk->ip_tos=val;
@@ -453,7 +454,7 @@
 		case IP_FW_POLICY_OUT:
 		case IP_FW_POLICY_FWD:
 		case IP_FW_MASQ_TIMEOUTS:
-			if(!suser())
+			if(!capable(CAP_NET_ADMIN))
 				return -EACCES;
 			if(optlen>sizeof(tmp_fw) || optlen<1)
 				return -EINVAL;
@@ -467,7 +468,7 @@
 		case IP_FW_MASQ_ADD:
 		case IP_FW_MASQ_DEL:
 		case IP_FW_MASQ_FLUSH:
-			if(!suser())
+			if(!capable(CAP_NET_ADMIN))
 				return -EPERM;
 			if(optlen>sizeof(masq_ctl) || optlen<1)
 				return -EINVAL;
@@ -483,7 +484,7 @@
 		case IP_ACCT_DELETE:
 		case IP_ACCT_FLUSH:
 		case IP_ACCT_ZERO:
-			if(!suser())
+			if(!capable(CAP_NET_ADMIN))
 				return -EACCES;
 			if(optlen>sizeof(tmp_fw) || optlen<1)
 				return -EINVAL;
diff -urN /tmp/linux/net/ipv4/raw.c lp97/net/ipv4/raw.c
--- /tmp/linux/net/ipv4/raw.c	Tue Mar 10 18:47:27 1998
+++ lp97/net/ipv4/raw.c	Thu Apr 23 13:43:27 1998
@@ -398,7 +398,7 @@
 	   chk_addr_ret != RTN_MULTICAST && chk_addr_ret != RTN_BROADCAST) {
 #ifdef CONFIG_IP_TRANSPARENT_PROXY
 		/* Superuser may bind to any address to allow transparent proxying. */
-		if(chk_addr_ret != RTN_UNICAST || !suser())
+		if(chk_addr_ret != RTN_UNICAST || !capable(CAP_NET_ADMIN))
 #endif
 			return -EADDRNOTAVAIL;
 	}
diff -urN /tmp/linux/net/ipv4/udp.c lp97/net/ipv4/udp.c
--- /tmp/linux/net/ipv4/udp.c	Tue Mar 24 01:48:25 1998
+++ lp97/net/ipv4/udp.c	Thu Apr 23 13:42:56 1998
@@ -646,7 +646,7 @@
 #ifdef CONFIG_IP_TRANSPARENT_PROXY
 	if (msg->msg_flags&~(MSG_DONTROUTE|MSG_DONTWAIT|MSG_PROXY|MSG_NOSIGNAL))
 	  	return -EINVAL;
-	if ((msg->msg_flags&MSG_PROXY) && !suser() )
+	if ((msg->msg_flags&MSG_PROXY) && !capable(CAP_NET_ADMIN))
 	  	return -EPERM;
 #else
 	if (msg->msg_flags&~(MSG_DONTROUTE|MSG_DONTWAIT|MSG_NOSIGNAL))
diff -urN /tmp/linux/net/ipv6/addrconf.c lp97/net/ipv6/addrconf.c
--- /tmp/linux/net/ipv6/addrconf.c	Tue Mar 24 01:48:25 1998
+++ lp97/net/ipv6/addrconf.c	Thu Apr 23 13:48:20 1998
@@ -894,7 +894,7 @@
 	struct in6_ifreq ireq;
 	int err;
 	
-	if (!suser())
+	if (!capable(CAP_NET_ADMIN))
 		return -EPERM;
 	
 	if (copy_from_user(&ireq, arg, sizeof(struct in6_ifreq)))
@@ -911,7 +911,7 @@
 	struct in6_ifreq ireq;
 	int err;
 	
-	if (!suser())
+	if (!capable(CAP_NET_ADMIN))
 		return -EPERM;
 
 	if (copy_from_user(&ireq, arg, sizeof(struct in6_ifreq)))
diff -urN /tmp/linux/net/ipv6/af_inet6.c lp97/net/ipv6/af_inet6.c
--- /tmp/linux/net/ipv6/af_inet6.c	Sat Mar 28 03:12:32 1998
+++ lp97/net/ipv6/af_inet6.c	Thu Apr 23 13:49:19 1998
@@ -89,7 +89,7 @@
 		prot=&udpv6_prot;
 		sock->ops = &inet6_dgram_ops;
 	} else if(sock->type == SOCK_RAW) {
-		if (!suser()) 
+		if (!capable(CAP_NET_RAW))
 			goto free_and_badperm;
 		if (!protocol) 
 			goto free_and_noproto;
@@ -187,7 +187,7 @@
 	snum = ntohs(addr->sin6_port);
 	if (snum == 0) 
 		snum = sk->prot->good_socknum();
-	if (snum < PROT_SOCK && !suser()) 
+	if (snum < PROT_SOCK && !capable(CAP_NET_BIND_SERVICE))
 		return(-EACCES);
 	
 	addr_type = ipv6_addr_type(&addr->sin6_addr);
@@ -291,7 +291,8 @@
 			return err;
 
 		/* see sock_no_fcntl */
-		if (current->pid != pid && current->pgrp != -pid && !suser())
+		if (current->pid != pid && current->pgrp != -pid && 
+		    !capable(CAP_NET_ADMIN))
 			return -EPERM;
 		sk->proc = pid;
 		return(0);
diff -urN /tmp/linux/net/ipv6/route.c lp97/net/ipv6/route.c
--- /tmp/linux/net/ipv6/route.c	Tue Mar 24 01:48:25 1998
+++ lp97/net/ipv6/route.c	Thu Apr 23 13:49:33 1998
@@ -1375,7 +1375,7 @@
 	switch(cmd) {
 	case SIOCADDRT:		/* Add a route */
 	case SIOCDELRT:		/* Delete a route */
-		if (!suser())
+		if (!capable(CAP_NET_ADMIN))
 			return -EPERM;
 		err = copy_from_user(&rtmsg, arg,
 				     sizeof(struct in6_rtmsg));
diff -urN /tmp/linux/net/packet/af_packet.c lp97/net/packet/af_packet.c
--- /tmp/linux/net/packet/af_packet.c	Tue Mar 24 19:28:39 1998
+++ lp97/net/packet/af_packet.c	Thu Apr 23 13:51:21 1998
@@ -691,7 +691,7 @@
 	struct sock *sk;
 	int err;
 
-	if (!suser())
+	if (!capable(CAP_NET_RAW))
 		return -EPERM;
 	if (sock->type != SOCK_DGRAM && sock->type != SOCK_RAW
 #ifdef CONFIG_SOCK_PACKET
@@ -1089,7 +1089,8 @@
 			err = get_user(pid, (int *) arg);
 			if (err)
 				return err; 
-			if (current->pid != pid && current->pgrp != -pid && !suser())
+			if (current->pid != pid && current->pgrp != -pid && 
+			    !capable(CAP_NET_ADMIN))
 				return -EPERM;
 			sk->proc = pid;
 			return(0);
diff -urN /tmp/linux/net/rose/af_rose.c lp97/net/rose/af_rose.c
--- /tmp/linux/net/rose/af_rose.c	Sun Apr 12 02:18:16 1998
+++ lp97/net/rose/af_rose.c	Thu Apr 23 13:52:34 1998
@@ -1193,7 +1193,7 @@
 		case SIOCADDRT:
 		case SIOCDELRT:
 		case SIOCRSCLRRT:
-			if (!suser()) return -EPERM;
+			if (!capable(CAP_NET_ADMIN)) return -EPERM;
 			return rose_rt_ioctl(cmd, (void *)arg);
 
 		case SIOCRSGCAUSE: {
diff -urN /tmp/linux/net/wanrouter/wanmain.c lp97/net/wanrouter/wanmain.c
--- /tmp/linux/net/wanrouter/wanmain.c	Sat Feb 21 03:28:23 1998
+++ lp97/net/wanrouter/wanmain.c	Thu Apr 23 13:54:16 1998
@@ -366,7 +366,7 @@
 	struct proc_dir_entry* dent;
 	wan_device_t* wandev;
 
-	if (!suser())
+	if (!capable(CAP_NET_ADMIN))
 		return -EPERM;
 		
 	if ((cmd >> 8) != ROUTER_IOCTL)
diff -urN /tmp/linux/net/x25/af_x25.c lp97/net/x25/af_x25.c
--- /tmp/linux/net/x25/af_x25.c	Sun Apr 12 20:42:16 1998
+++ lp97/net/x25/af_x25.c	Thu Apr 23 13:53:34 1998
@@ -1096,7 +1096,7 @@
 
 		case SIOCADDRT:
 		case SIOCDELRT:
-			if (!suser()) return -EPERM;
+			if (!capable(CAP_NET_ADMIN)) return -EPERM;
 			return x25_route_ioctl(cmd, (void *)arg);
 
 		case SIOCX25GSUBSCRIP:

--uo+9/B/ebqu+fSQP--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Next message: Stelian Pop: "Need a "virtual directory""
Previous message: Alexander Kjeldaas: "suser() -> capable() for linux/fs"