[BRIDGE]: Allow non-root to inspect the status of a bridge.

0c2b1878 · Stephen Hemminger · a4b18f43 · 0c2b1878 · 0c2b1878 · 0c2b1878
Commit 0c2b1878 authored Mar 31, 2004 by Stephen Hemminger
Hide whitespace changes
Inline Side-by-side

Showing with 38 additions and 31 deletions

net/bridge/br_device.c net/bridge/br_device.c +1 -1

net/bridge/br_ioctl.c net/bridge/br_ioctl.c +32 -25

net/bridge/br_private.h net/bridge/br_private.h +5 -5

No files found.
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -32,7 +32,7 @@ static int br_dev_do_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
 	if (copy_from_user(args, data, 4*sizeof(unsigned long)))
 		return -EFAULT;

-	return br_ioctl(dev->priv, args[0], args[1], args[2], args[3]);
+	return br_ioctl_device(dev->priv, args[0], args[1], args[2], args[3]);
 }

 static struct net_device_stats *br_dev_get_stats(struct net_device *dev)

--- a/net/bridge/br_ioctl.c
+++ b/net/bridge/br_ioctl.c
@@ -38,11 +38,8 @@ static unsigned long timer_residue(const struct timer_list *timer)
 			     ? (timer->expires - jiffies) : 0);
 }

-static int br_ioctl_device(struct net_bridge *br,
-			   unsigned int cmd,
-			   unsigned long arg0,
-			   unsigned long arg1,
-			   unsigned long arg2)
+int br_ioctl_device(struct net_bridge *br, unsigned int cmd,
+		   unsigned long arg0, unsigned long arg1, unsigned long arg2)
 {
 	if (br == NULL)
 		return -EINVAL;
@@ -55,6 +52,9 @@ static int br_ioctl_device(struct net_bridge *br,
 		struct net_device *dev;
 		int ret;

+		if (!capable(CAP_NET_ADMIN))
+			return -EPERM;
+
 		dev = dev_get_by_index(arg0);
 		if (dev == NULL)
 			return -EINVAL;
@@ -121,6 +121,9 @@ static int br_ioctl_device(struct net_bridge *br,
 	}

 	case BRCTL_SET_BRIDGE_FORWARD_DELAY:
+		if (!capable(CAP_NET_ADMIN))
+			return -EPERM;
+
 		spin_lock_bh(&br->lock);
 		br->bridge_forward_delay = user_to_ticks(arg0);
 		if (br_is_root_bridge(br))
@@ -129,6 +132,9 @@ static int br_ioctl_device(struct net_bridge *br,
 		return 0;

 	case BRCTL_SET_BRIDGE_HELLO_TIME:
+		if (!capable(CAP_NET_ADMIN))
+			return -EPERM;
+
 		spin_lock_bh(&br->lock);
 		br->bridge_hello_time = user_to_ticks(arg0);
 		if (br_is_root_bridge(br))
@@ -137,6 +143,9 @@ static int br_ioctl_device(struct net_bridge *br,
 		return 0;

 	case BRCTL_SET_BRIDGE_MAX_AGE:
+		if (!capable(CAP_NET_ADMIN))
+			return -EPERM;
+
 		spin_lock_bh(&br->lock);
 		br->bridge_max_age = user_to_ticks(arg0);
 		if (br_is_root_bridge(br))
@@ -145,10 +154,10 @@ static int br_ioctl_device(struct net_bridge *br,
 		return 0;

 	case BRCTL_SET_AGEING_TIME:
-		br->ageing_time = user_to_ticks(arg0);
-		return 0;
+		if (!capable(CAP_NET_ADMIN))
+			return -EPERM;

-	case BRCTL_SET_GC_INTERVAL:	 /* no longer used */
+		br->ageing_time = user_to_ticks(arg0);
 		return 0;

 	case BRCTL_GET_PORT_INFO:
@@ -185,10 +194,16 @@ static int br_ioctl_device(struct net_bridge *br,
 	}

 	case BRCTL_SET_BRIDGE_STP_STATE:
+		if (!capable(CAP_NET_ADMIN))
+			return -EPERM;
+
 		br->stp_enabled = arg0?1:0;
 		return 0;

 	case BRCTL_SET_BRIDGE_PRIORITY:
+		if (!capable(CAP_NET_ADMIN))
+			return -EPERM;
+
 		spin_lock_bh(&br->lock);
 		br_stp_set_bridge_priority(br, arg0);
 		spin_unlock_bh(&br->lock);
@@ -199,6 +214,9 @@ static int br_ioctl_device(struct net_bridge *br,
 		struct net_bridge_port *p;
 		int ret = 0;

+		if (!capable(CAP_NET_ADMIN))
+			return -EPERM;
+
 		spin_lock_bh(&br->lock);
 		if ((p = br_get_port(br, arg0)) == NULL) 
 			ret = -EINVAL;
@@ -213,6 +231,9 @@ static int br_ioctl_device(struct net_bridge *br,
 		struct net_bridge_port *p;
 		int ret = 0;

+		if (!capable(CAP_NET_ADMIN))
+			return -EPERM;
+
 		spin_lock_bh(&br->lock);
 		if ((p = br_get_port(br, arg0)) == NULL)
 			ret = -EINVAL;
@@ -265,6 +286,9 @@ static int br_ioctl_deviceless(unsigned int cmd,
 	{
 		char buf[IFNAMSIZ];

+		if (!capable(CAP_NET_ADMIN))
+			return -EPERM;
+
 		if (copy_from_user(buf, (void *)arg0, IFNAMSIZ))
 			return -EFAULT;

@@ -285,25 +309,8 @@ int br_ioctl_deviceless_stub(unsigned long arg)
 {
 	unsigned long i[3];

-	if (!capable(CAP_NET_ADMIN))
-		return -EPERM;
-
 	if (copy_from_user(i, (void *)arg, 3*sizeof(unsigned long)))
 		return -EFAULT;

 	return br_ioctl_deviceless(i[0], i[1], i[2]);
 }
-
-int br_ioctl(struct net_bridge *br, unsigned int cmd, unsigned long arg0, unsigned long arg1, unsigned long arg2)
-{
-	int err;
-
-	if (!capable(CAP_NET_ADMIN))
-		return -EPERM;
-
-	err = br_ioctl_deviceless(cmd, arg0, arg1);
-	if (err == -EOPNOTSUPP)
-		err = br_ioctl_device(br, cmd, arg0, arg1, arg2);
-
-	return err;
-}
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -174,11 +174,11 @@ extern int br_handle_frame_finish(struct sk_buff *skb);
 extern int br_handle_frame(struct sk_buff *skb);

 /* br_ioctl.c */
-extern int br_ioctl(struct net_bridge *br,
-	     unsigned int cmd,
-	     unsigned long arg0,
-	     unsigned long arg1,
-	     unsigned long arg2);
+extern int br_ioctl_device(struct net_bridge *br,
+			   unsigned int cmd,
+			   unsigned long arg0,
+			   unsigned long arg1,
+			   unsigned long arg2);
 extern int br_ioctl_deviceless_stub(unsigned long arg);

 /* br_netfilter.c */