io-lx-public Cdiff usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt

Print this page

OS-2837 lx brand only works with shared IP stacks


*** 19,28 ****
--- 19,29 ----
   * CDDL HEADER END
   */
  
  /*
   * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+  * Copyright 2014, Joyent, Inc. All rights reserved.
   */
  
  /*
   * Main door handler functions used by ipmgmtd to process the different door
   * call requests, issued by the library libipadm.so.
*** 110,120 ****
                  ipmgmt_log(LOG_ERR, "Invalid door command specified");
                  err = EINVAL;
                  goto fail;
          }
  
!         /* check for solaris.network.interface.config authorization */
          if (infop->idi_set) {
                  uid_t           uid;
                  struct passwd   pwd;
                  char            buf[1024];
  
--- 111,123 ----
                  ipmgmt_log(LOG_ERR, "Invalid door command specified");
                  err = EINVAL;
                  goto fail;
          }
  
!         /*
!          * if not root, check for solaris.network.interface.config authorization
!          */
          if (infop->idi_set) {
                  uid_t           uid;
                  struct passwd   pwd;
                  char            buf[1024];
  
*** 122,150 ****
                          err = errno;
                          ipmgmt_log(LOG_ERR, "Could not get user credentials.");
                          goto fail;
                  }
                  uid = ucred_getruid(cred);
                  if ((int)uid < 0) {
                          err = errno;
                          ipmgmt_log(LOG_ERR, "Could not get user id.");
                          goto fail;
                  }
!                 if (getpwuid_r(uid, &pwd, buf, sizeof (buf)) ==
!                     NULL) {
                          err = errno;
!                         ipmgmt_log(LOG_ERR, "Could not get password entry.");
                          goto fail;
                  }
                  if (chkauthattr(NETWORK_INTERFACE_CONFIG_AUTH,
                      pwd.pw_name) != 1) {
                          err = EPERM;
!                         ipmgmt_log(LOG_ERR, "Not authorized for operation.");
                          goto fail;
                  }
-                 ucred_free(cred);
          }
  
          /* individual handlers take care of calling door_return */
          infop->idi_handler((void *)argp);
          return;
  fail:
--- 125,161 ----
                          err = errno;
                          ipmgmt_log(LOG_ERR, "Could not get user credentials.");
                          goto fail;
                  }
                  uid = ucred_getruid(cred);
+                 ucred_free(cred);
                  if ((int)uid < 0) {
                          err = errno;
                          ipmgmt_log(LOG_ERR, "Could not get user id.");
                          goto fail;
                  }
! 
!                 /*
!                  * Branded zones may have different auth, but root always
!                  * allowed.
!                  */
!                 if (uid != 0) {
!                         if (getpwuid_r(uid, &pwd, buf, sizeof (buf)) == NULL) {
                                  err = errno;
!                                 ipmgmt_log(LOG_ERR,
!                                     "Could not get password entry.");
                                  goto fail;
                          }
                          if (chkauthattr(NETWORK_INTERFACE_CONFIG_AUTH,
                              pwd.pw_name) != 1) {
                                  err = EPERM;
!                                 ipmgmt_log(LOG_ERR,
!                                     "Not authorized for operation.");
                                  goto fail;
                          }
                  }
+         }
  
          /* individual handlers take care of calling door_return */
          infop->idi_handler((void *)argp);
          return;
  fail: