View | Details | Raw Unified | Return to bug 64546
Collapse All | Expand All

(-)oidentd/files/patch-unprivileged_ipv6 (+392 lines)
Line 0 Link Here
1 
diff -ru src.old/kernel/freebsd.c src/kernel/freebsd.c
2 
--- src.old/kernel/freebsd.c	Sat Mar 20 20:36:51 2004
3 
+++ src/kernel/freebsd.c	Sat Mar 20 20:37:09 2004
4 
@@ -159,11 +159,11 @@
5
6 
 #ifdef _HAVE_OLD_INPCB
7
8 
-static struct socket *getlist4(	void *arg,
9 
+static struct socket *getlist(	void *arg,
10 
 								in_port_t lport,
11 
 								in_port_t fport,
12 
-								const struct in_addr *laddr,
13 
-								const struct in_addr *faddr)
14 
+								const struct sockaddr *laddr,
15 
+								const struct sockaddr *faddr)
16 
 {
17 
 	struct inpcb *pcbp = arg;
18 
 	struct inpcb *head;
19 
@@ -175,8 +175,8 @@
20
21 
 	do {
22 
 		if (opt_enabled(PROXY)) {
23 
-			if (faddr->s_addr == SIN4(&proxy)->sin_addr.s_addr &&
24 
-				laddr->s_addr != SIN4(&proxy)->sin_addr.s_addr &&
25 
+			if (SIN4(faddr)->sin_addr.s_addr == SIN4(&proxy)->sin_addr.s_addr &&
26 
+				SIN4(laddr)->sin_addr.s_addr != SIN4(&proxy)->sin_addr.s_addr &&
27 
 				pcbp->inp_fport == fport &&
28 
 				pcbp->inp_lport == lport)
29 
 			{
30 
@@ -184,8 +184,8 @@
31 
 			}
32 
 		}
33
34 
-		if (pcbp->inp_faddr.s_addr == faddr->s_addr &&
35 
-			pcbp->inp_laddr.s_addr == laddr->s_addr &&
36 
+		if (pcbp->inp_faddr.s_addr == SIN4(faddr)->sin_addr.s_addr &&
37 
+			pcbp->inp_laddr.s_addr == SIN4(laddr)->sin_addr.s_addr &&
38 
 			pcbp->inp_fport == fport &&
39 
 			pcbp->inp_lport == lport)
40 
 		{
41 
@@ -199,16 +199,33 @@
42
43 
 #else
44
45 
-static struct socket *getlist4(	void *arg,
46 
+static struct socket *getlist(	void *arg,
47 
 								in_port_t lport,
48 
 								in_port_t fport,
49 
-								const struct in_addr *laddr,
50 
-								const struct in_addr *faddr)
51 
+								const struct sockaddr *local,
52 
+								const struct sockaddr *remote)
53 
 {
54 
 	struct inpcb *head, pcbp;
55 
 	struct inpcbhead *pcbhead = arg;
56 
+	char *faddr, *laddr, *pfaddr, *pladdr;
57 
+	int alen;
58
59 
-	(void) laddr;
60 
+	if (remote->sa_family != local->sa_family)
61 
+		return (NULL);
62 
+	switch (remote->sa_family) {
63 
+	case AF_INET:
64 
+		faddr = (char *)&SIN4(remote)->sin_addr;
65 
+		laddr = (char *)&SIN4(local)->sin_addr;
66 
+		break;
67 
+#ifdef INP_IPV6
68 
+	case AF_INET6:
69 
+		faddr = (char *)&SIN6(remote)->sin6_addr;
70 
+		laddr = (char *)&SIN6(local)->sin6_addr;
71 
+		break;
72 
+#endif
73 
+	default:
74 
+		return (NULL);
75 
+	}
76
77 
 	head = pcbhead->lh_first;
78 
 	if (head == NULL)
79 
@@ -218,9 +235,9 @@
80 
 		if (getbuf((u_long) head, &pcbp, sizeof(struct inpcb)) == -1)
81 
 			break;
82
83 
-		if (opt_enabled(PROXY)) {
84 
-			if (faddr->s_addr == SIN4(&proxy)->sin_addr.s_addr &&
85 
-				laddr->s_addr != SIN4(&proxy)->sin_addr.s_addr &&
86 
+		if (opt_enabled(PROXY) && remote->sa_family == AF_INET) {
87 
+			if (SIN4(remote)->sin_addr.s_addr == SIN4(&proxy)->sin_addr.s_addr &&
88 
+				SIN4(local)->sin_addr.s_addr != SIN4(&proxy)->sin_addr.s_addr &&
89 
 				pcbp.inp_fport == fport &&
90 
 				pcbp.inp_lport == lport)
91 
 			{
92 
@@ -228,8 +245,32 @@
93 
 			}
94 
 		}
95
96 
-		if (pcbp.inp_faddr.s_addr == faddr->s_addr &&
97 
-			pcbp.inp_laddr.s_addr == laddr->s_addr &&
98 
+#ifdef INP_IPV6
99 
+		if (pcbp.inp_vflag & INP_IPV4)
100 
+		{
101 
+			if (remote->sa_family != AF_INET)
102 
+				continue;
103 
+			pfaddr = (char *)&pcbp.inp_faddr;
104 
+			pladdr = (char *)&pcbp.inp_laddr;
105 
+			alen = sizeof(struct in_addr);
106 
+		}
107 
+		else if (pcbp.inp_vflag & INP_IPV6)
108 
+		{
109 
+			if (remote->sa_family != AF_INET6)
110 
+				continue;
111 
+			pfaddr = (char *)&pcbp.in6p_faddr;
112 
+			pladdr = (char *)&pcbp.in6p_laddr;
113 
+			alen = sizeof(struct in6_addr);
114 
+		}
115 
+		else
116 
+			continue;
117 
+#else
118 
+		pfaddr = (char *)&pcbp.inp_faddr;
119 
+		pladdr = (char *)&pcbp.inp_laddr;
120 
+		alen = sizeof(struct in_addr);
121 
+#endif
122 
+		if (memcmp(pfaddr, faddr, alen) == 0 &&
123 
+			memcmp(pladdr, laddr, alen) == 0 &&
124 
 			pcbp.inp_fport == fport &&
125 
 			pcbp.inp_lport == lport)
126 
 		{
127 
@@ -248,7 +289,7 @@
128 
 ** Return the UID of the connection owner
129 
 */
130
131 
-int get_user4(	in_port_t lport,
132 
+static int get_user(	in_port_t lport,
133 
 				in_port_t fport,
134 
 				struct sockaddr_storage *laddr,
135 
 				struct sockaddr_storage *faddr)
136 
@@ -276,8 +317,9 @@
137 
 	tcb.inp_prev = (struct inpcb *) kinfo->nl[N_TCB].n_value;
138 
 #endif
139
140 
-	sockp = getlist4(&tcb, lport, fport,
141 
-				&SIN4(laddr)->sin_addr, &SIN4(faddr)->sin_addr);
142 
+	sockp = getlist(&tcb, lport, fport,
143 
+				(struct sockaddr *)laddr,
144 
+				(struct sockaddr *)faddr);
145
146 
 	if (sockp == NULL)
147 
 		return (-1);
148 
@@ -346,6 +388,14 @@
149 
 	return (-1);
150 
 }
151
152 
+int get_user4(	in_port_t lport,
153 
+				in_port_t fport,
154 
+				struct sockaddr_storage *laddr,
155 
+				struct sockaddr_storage *faddr)
156 
+{
157 
+	return (get_user(lport, fport, laddr, faddr));
158 
+}
159 
+
160 
 #ifdef MASQ_SUPPORT
161
162 
 /*
163 
@@ -456,36 +506,7 @@
164 
 				struct sockaddr_storage *laddr,
165 
 				struct sockaddr_storage *faddr)
166 
 {
167 
-	struct ucred ucred;
168 
-	struct sockaddr_in6 sin6[2];
169 
-	int len;
170 
-	int ret;
171 
-
172 
-	len = sizeof(struct ucred);
173 
-
174 
-	memset(sin6, 0, sizeof(sin6));
175 
-
176 
-	sin6[0].sin6_len = sizeof(struct sockaddr_in6);
177 
-	sin6[0].sin6_family = AF_INET6;
178 
-	sin6[0].sin6_port = lport;
179 
-	memcpy(&sin6[0].sin6_addr, &SIN6(laddr)->sin6_addr,
180 
-		sizeof(sin6[0].sin6_addr));
181 
-
182 
-	sin6[1].sin6_len = sizeof(struct sockaddr_in6);
183 
-	sin6[1].sin6_family = AF_INET6;
184 
-	sin6[1].sin6_port = fport;
185 
-	memcpy(&sin6[1].sin6_addr, &SIN6(faddr)->sin6_addr,
186 
-		sizeof(sin6[1].sin6_addr));
187 
-
188 
-	ret = sysctlbyname("net.inet6.tcp6.getcred",
189 
-			&ucred, &len, sin6, sizeof(sin6));
190 
-
191 
-	if (ret == -1) {
192 
-		debug("sysctlbyname: %s", strerror(errno));
193 
-		return (-1);
194 
-	}
195 
-
196 
-	return (ucred.cr_uid);
197 
+	return (get_user(lport, fport, laddr, faddr));
198 
 }
199
200 
 #endif
201 
diff -ru src.old/kernel/freebsd5.c src/kernel/freebsd5.c
202 
--- src.old/kernel/freebsd5.c	Sat Mar 20 20:36:51 2004
203 
+++ src/kernel/freebsd5.c	Sat Mar 20 20:37:13 2004
204 
@@ -160,11 +160,11 @@
205
206 
 #ifdef _HAVE_OLD_INPCB
207
208 
-static struct socket *getlist4(	void *arg,
209 
+static struct socket *getlist(	void *arg,
210 
 								in_port_t lport,
211 
 								in_port_t fport,
212 
-								const struct in_addr *laddr,
213 
-								const struct in_addr *faddr)
214 
+								const struct sockaddr *laddr,
215 
+								const struct sockaddr *faddr)
216 
 {
217 
 	struct inpcb *pcbp = arg;
218 
 	struct inpcb *head;
219 
@@ -176,8 +176,8 @@
220
221 
 	do {
222 
 		if (opt_enabled(PROXY)) {
223 
-			if (faddr->s_addr == SIN4(&proxy)->sin_addr.s_addr &&
224 
-				laddr->s_addr != SIN4(&proxy)->sin_addr.s_addr &&
225 
+			if (SIN4(faddr)->sin_addr.s_addr == SIN4(&proxy)->sin_addr.s_addr &&
226 
+				SIN4(laddr)->sin_addr.s_addr != SIN4(&proxy)->sin_addr.s_addr &&
227 
 				pcbp->inp_fport == fport &&
228 
 				pcbp->inp_lport == lport)
229 
 			{
230 
@@ -185,8 +185,8 @@
231 
 			}
232 
 		}
233
234 
-		if (pcbp->inp_faddr.s_addr == faddr->s_addr &&
235 
-			pcbp->inp_laddr.s_addr == laddr->s_addr &&
236 
+		if (pcbp->inp_faddr.s_addr == SIN4(faddr)->sin_addr.s_addr &&
237 
+			pcbp->inp_laddr.s_addr == SIN4(laddr)->sin_addr.s_addr &&
238 
 			pcbp->inp_fport == fport &&
239 
 			pcbp->inp_lport == lport)
240 
 		{
241 
@@ -200,16 +200,31 @@
242
243 
 #else
244
245 
-static struct socket *getlist4(	void *arg,
246 
+static struct socket *getlist(	void *arg,
247 
 								in_port_t lport,
248 
 								in_port_t fport,
249 
-								const struct in_addr *laddr,
250 
-								const struct in_addr *faddr)
251 
+								const struct sockaddr *local,
252 
+								const struct sockaddr *remote)
253 
 {
254 
 	struct inpcb *head, pcbp;
255 
 	struct inpcbhead *pcbhead = arg;
256 
+	char *faddr, *laddr, *pfaddr, *pladdr;
257 
+	int alen;
258
259 
-	(void) laddr;
260 
+	if (remote->sa_family != local->sa_family)
261 
+		return (NULL);
262 
+	switch (remote->sa_family) {
263 
+	case AF_INET:
264 
+		faddr = (char *)&SIN4(remote)->sin_addr;
265 
+		laddr = (char *)&SIN4(local)->sin_addr;
266 
+		break;
267 
+	case AF_INET6:
268 
+		faddr = (char *)&SIN6(remote)->sin6_addr;
269 
+		laddr = (char *)&SIN6(local)->sin6_addr;
270 
+		break;
271 
+	default:
272 
+		return (NULL);
273 
+	}
274
275 
 	head = pcbhead->lh_first;
276 
 	if (head == NULL)
277 
@@ -219,9 +234,9 @@
278 
 		if (getbuf((u_long) head, &pcbp, sizeof(struct inpcb)) == -1)
279 
 			break;
280
281 
-		if (opt_enabled(PROXY)) {
282 
-			if (faddr->s_addr == SIN4(&proxy)->sin_addr.s_addr &&
283 
-				laddr->s_addr != SIN4(&proxy)->sin_addr.s_addr &&
284 
+		if (opt_enabled(PROXY) && remote->sa_family == AF_INET) {
285 
+			if (SIN4(remote)->sin_addr.s_addr == SIN4(&proxy)->sin_addr.s_addr &&
286 
+				SIN4(local)->sin_addr.s_addr != SIN4(&proxy)->sin_addr.s_addr &&
287 
 				pcbp.inp_fport == fport &&
288 
 				pcbp.inp_lport == lport)
289 
 			{
290 
@@ -229,8 +244,26 @@
291 
 			}
292 
 		}
293
294 
-		if (pcbp.inp_faddr.s_addr == faddr->s_addr &&
295 
-			pcbp.inp_laddr.s_addr == laddr->s_addr &&
296 
+		if (pcbp.inp_vflag & INP_IPV4)
297 
+		{
298 
+			if (remote->sa_family != AF_INET)
299 
+				continue;
300 
+			pfaddr = (char *)&pcbp.inp_faddr;
301 
+			pladdr = (char *)&pcbp.inp_laddr;
302 
+			alen = sizeof(struct in_addr);
303 
+		}
304 
+		else if (pcbp.inp_vflag & INP_IPV6)
305 
+		{
306 
+			if (remote->sa_family != AF_INET6)
307 
+				continue;
308 
+			pfaddr = (char *)&pcbp.in6p_faddr;
309 
+			pladdr = (char *)&pcbp.in6p_laddr;
310 
+			alen = sizeof(struct in6_addr);
311 
+		}
312 
+		else
313 
+			continue;
314 
+		if (memcmp(pfaddr, faddr, alen) == 0 &&
315 
+			memcmp(pladdr, laddr, alen) == 0 &&
316 
 			pcbp.inp_fport == fport &&
317 
 			pcbp.inp_lport == lport)
318 
 		{
319 
@@ -249,7 +282,7 @@
320 
 ** Return the UID of the connection owner
321 
 */
322
323 
-int get_user4(	in_port_t lport,
324 
+static int get_user(	in_port_t lport,
325 
 				in_port_t fport,
326 
 				struct sockaddr_storage *laddr,
327 
 				struct sockaddr_storage *faddr)
328 
@@ -276,8 +309,9 @@
329 
 	tcb.inp_prev = (struct inpcb *) kinfo->nl[N_TCB].n_value;
330 
 #endif
331
332 
-	sockp = getlist4(&tcb, lport, fport,
333 
-				&SIN4(laddr)->sin_addr, &SIN4(faddr)->sin_addr);
334 
+	sockp = getlist(&tcb, lport, fport,
335 
+				(struct sockaddr *)laddr,
336 
+				(struct sockaddr *)faddr);
337
338 
 	if (sockp == NULL)
339 
 		return (-1);
340 
@@ -338,6 +372,14 @@
341 
 	return (-1);
342 
 }
343
344 
+int get_user4(	in_port_t lport,
345 
+				in_port_t fport,
346 
+				struct sockaddr_storage *laddr,
347 
+				struct sockaddr_storage *faddr)
348 
+{
349 
+	return (get_user(lport, fport, laddr, faddr));
350 
+}
351 
+
352 
 #ifdef MASQ_SUPPORT
353
354 
 /*
355 
@@ -448,36 +490,7 @@
356 
 				struct sockaddr_storage *laddr,
357 
 				struct sockaddr_storage *faddr)
358 
 {
359 
-	struct ucred ucred;
360 
-	struct sockaddr_in6 sin6[2];
361 
-	int len;
362 
-	int ret;
363 
-
364 
-	len = sizeof(struct ucred);
365 
-
366 
-	memset(sin6, 0, sizeof(sin6));
367 
-
368 
-	sin6[0].sin6_len = sizeof(struct sockaddr_in6);
369 
-	sin6[0].sin6_family = AF_INET6;
370 
-	sin6[0].sin6_port = lport;
371 
-	memcpy(&sin6[0].sin6_addr, &SIN6(laddr)->sin6_addr,
372 
-		sizeof(sin6[0].sin6_addr));
373 
-
374 
-	sin6[1].sin6_len = sizeof(struct sockaddr_in6);
375 
-	sin6[1].sin6_family = AF_INET6;
376 
-	sin6[1].sin6_port = fport;
377 
-	memcpy(&sin6[1].sin6_addr, &SIN6(faddr)->sin6_addr,
378 
-		sizeof(sin6[1].sin6_addr));
379 
-
380 
-	ret = sysctlbyname("net.inet6.tcp6.getcred",
381 
-			&ucred, &len, sin6, sizeof(sin6));
382 
-
383 
-	if (ret == -1) {
384 
-		debug("sysctlbyname: %s", strerror(errno));
385 
-		return (-1);
386 
-	}
387 
-
388 
-	return (ucred.cr_uid);
389 
+	return (get_user(lport, fport, laddr, faddr));
390 
 }
391
392 
 #endif

Return to bug 64546