Page MenuHomeFreeBSD
Files F109952325

D29659.diff
No OneTemporary
Actions

D29659.diff
View Options

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -2794,14 +2794,19 @@
* PR_IP4 and PR_IP6), or only the single bit is examined, without regard
* to any other prison data.
*/
-int
+bool
prison_flag(struct ucred *cred, unsigned flag)
{
- return (cred->cr_prison->pr_flags & flag);
+ return ((cred->cr_prison->pr_flags & flag) != 0);
}
-int
+/*
+ * See if a prison has the specific allow flag set.
+ * The prison *should* be locked, or only a single bit is examined, without
+ * regard to any other prison data.
+ */
+bool
prison_allow(struct ucred *cred, unsigned flag)
{
@@ -3529,16 +3534,16 @@
}
/*
- * Return 1 if p2 is a child of p1, otherwise 0.
+ * Return true if p2 is a child of p1, otherwise false.
*/
-int
+bool
prison_ischild(struct prison *pr1, struct prison *pr2)
{
for (pr2 = pr2->pr_parent; pr2 != NULL; pr2 = pr2->pr_parent)
if (pr1 == pr2)
- return (1);
- return (0);
+ return (true);
+ return (false);
}
/*
@@ -3573,21 +3578,21 @@
}
/*
- * Return 1 if the passed credential is in a jail and that jail does not
- * have its own virtual network stack, otherwise 0.
+ * Return true if the passed credential is in a jail and that jail does not
+ * have its own virtual network stack, otherwise false.
*/
-int
+bool
jailed_without_vnet(struct ucred *cred)
{
if (!jailed(cred))
- return (0);
+ return (false);
#ifdef VIMAGE
if (prison_owns_vnet(cred))
- return (0);
+ return (false);
#endif
- return (1);
+ return (true);
}
/*
@@ -3649,9 +3654,9 @@
* Determine whether the prison represented by cred owns
* its vnet rather than having it inherited.
*
- * Returns 1 in case the prison owns the vnet, 0 otherwise.
+ * Returns true in case the prison owns the vnet, false otherwise.
*/
-int
+bool
prison_owns_vnet(struct ucred *cred)
{
@@ -3659,7 +3664,7 @@
* vnets cannot be added/removed after jail creation,
* so no need to lock here.
*/
- return (cred->cr_prison->pr_flags & PR_VNET ? 1 : 0);
+ return ((cred->cr_prison->pr_flags & PR_VNET) != 0);
}
#endif
diff --git a/sys/netinet/in_jail.c b/sys/netinet/in_jail.c
--- a/sys/netinet/in_jail.c
+++ b/sys/netinet/in_jail.c
@@ -144,49 +144,47 @@
}
/*
- * Return 1 if we should do proper source address selection or are not jailed.
- * We will return 0 if we should bypass source address selection in favour
+ * Return true if we should do proper source address selection or are not jailed.
+ * We will return false if we should bypass source address selection in favour
* of the primary jail IPv4 address. Only in this case *ia will be updated and
* returned in NBO.
- * Return EAFNOSUPPORT, in case this jail does not allow IPv4.
+ * Return true, even in case this jail does not allow IPv4.
*/
-int
+bool
prison_saddrsel_ip4(struct ucred *cred, struct in_addr *ia)
{
struct prison *pr;
struct in_addr lia;
- int error;
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
KASSERT(ia != NULL, ("%s: ia is NULL", __func__));
if (!jailed(cred))
- return (1);
+ return (true);
pr = cred->cr_prison;
if (pr->pr_flags & PR_IP4_SADDRSEL)
- return (1);
+ return (true);
lia.s_addr = INADDR_ANY;
- error = prison_get_ip4(cred, &lia);
- if (error)
- return (error);
+ if (prison_get_ip4(cred, &lia) != 0)
+ return (true);
if (lia.s_addr == INADDR_ANY)
- return (1);
+ return (true);
ia->s_addr = lia.s_addr;
- return (0);
+ return (false);
}
/*
* Return true if pr1 and pr2 have the same IPv4 address restrictions.
*/
-int
+bool
prison_equal_ip4(struct prison *pr1, struct prison *pr2)
{
if (pr1 == pr2)
- return (1);
+ return (true);
/*
* No need to lock since the PR_IP4_USER flag can't be altered for
diff --git a/sys/netinet6/in6_jail.c b/sys/netinet6/in6_jail.c
--- a/sys/netinet6/in6_jail.c
+++ b/sys/netinet6/in6_jail.c
@@ -133,49 +133,47 @@
}
/*
- * Return 1 if we should do proper source address selection or are not jailed.
- * We will return 0 if we should bypass source address selection in favour
+ * Return true if we should do proper source address selection or are not jailed.
+ * We will return false if we should bypass source address selection in favour
* of the primary jail IPv6 address. Only in this case *ia will be updated and
* returned in NBO.
- * Return EAFNOSUPPORT, in case this jail does not allow IPv6.
+ * Return true, even in case this jail does not allow IPv6.
*/
-int
+bool
prison_saddrsel_ip6(struct ucred *cred, struct in6_addr *ia6)
{
struct prison *pr;
struct in6_addr lia6;
- int error;
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
if (!jailed(cred))
- return (1);
+ return (true);
pr = cred->cr_prison;
if (pr->pr_flags & PR_IP6_SADDRSEL)
- return (1);
+ return (true);
lia6 = in6addr_any;
- error = prison_get_ip6(cred, &lia6);
- if (error)
- return (error);
+ if (prison_get_ip6(cred, &lia6) != 0)
+ return (true);
if (IN6_IS_ADDR_UNSPECIFIED(&lia6))
- return (1);
+ return (true);
bcopy(&lia6, ia6, sizeof(struct in6_addr));
- return (0);
+ return (false);
}
/*
* Return true if pr1 and pr2 have the same IPv6 address restrictions.
*/
-int
+bool
prison_equal_ip6(struct prison *pr1, struct prison *pr2)
{
if (pr1 == pr2)
- return (1);
+ return (true);
while (pr1 != &prison0 &&
#ifdef VIMAGE
diff --git a/sys/sys/jail.h b/sys/sys/jail.h
--- a/sys/sys/jail.h
+++ b/sys/sys/jail.h
@@ -413,24 +413,24 @@
*/
#define jailed(cred) (cred->cr_prison != &prison0)
-int jailed_without_vnet(struct ucred *);
+bool jailed_without_vnet(struct ucred *);
void getcredhostname(struct ucred *, char *, size_t);
void getcreddomainname(struct ucred *, char *, size_t);
void getcredhostuuid(struct ucred *, char *, size_t);
void getcredhostid(struct ucred *, unsigned long *);
void getjailname(struct ucred *cred, char *name, size_t len);
void prison0_init(void);
-int prison_allow(struct ucred *, unsigned);
+bool prison_allow(struct ucred *, unsigned);
int prison_check(struct ucred *cred1, struct ucred *cred2);
bool prison_check_nfsd(struct ucred *cred);
-int prison_owns_vnet(struct ucred *);
+bool prison_owns_vnet(struct ucred *);
int prison_canseemount(struct ucred *cred, struct mount *mp);
void prison_enforce_statfs(struct ucred *cred, struct mount *mp,
struct statfs *sp);
struct prison *prison_find(int prid);
struct prison *prison_find_child(struct prison *, int);
struct prison *prison_find_name(struct prison *, const char *);
-int prison_flag(struct ucred *, unsigned);
+bool prison_flag(struct ucred *, unsigned);
void prison_free(struct prison *pr);
void prison_free_locked(struct prison *pr);
void prison_hold(struct prison *pr);
@@ -441,7 +441,7 @@
void prison_proc_unlink(struct prison *, struct proc *);
void prison_proc_iterate(struct prison *, void (*)(struct proc *, void *), void *);
void prison_set_allow(struct ucred *cred, unsigned flag, int enable);
-int prison_ischild(struct prison *, struct prison *);
+bool prison_ischild(struct prison *, struct prison *);
bool prison_isalive(const struct prison *);
bool prison_isvalid(struct prison *);
#if defined(INET) || defined(INET6)
@@ -450,24 +450,24 @@
u_int prison_ip_cnt(const struct prison *, const pr_family_t);
#endif
#ifdef INET
-int prison_equal_ip4(struct prison *, struct prison *);
+bool prison_equal_ip4(struct prison *, struct prison *);
int prison_get_ip4(struct ucred *cred, struct in_addr *ia);
int prison_local_ip4(struct ucred *cred, struct in_addr *ia);
int prison_remote_ip4(struct ucred *cred, struct in_addr *ia);
int prison_check_ip4(const struct ucred *, const struct in_addr *);
int prison_check_ip4_locked(const struct prison *, const struct in_addr *);
-int prison_saddrsel_ip4(struct ucred *, struct in_addr *);
+bool prison_saddrsel_ip4(struct ucred *, struct in_addr *);
int prison_qcmp_v4(const void *, const void *);
bool prison_valid_v4(const void *);
#endif
#ifdef INET6
-int prison_equal_ip6(struct prison *, struct prison *);
+bool prison_equal_ip6(struct prison *, struct prison *);
int prison_get_ip6(struct ucred *, struct in6_addr *);
int prison_local_ip6(struct ucred *, struct in6_addr *, int);
int prison_remote_ip6(struct ucred *, struct in6_addr *);
int prison_check_ip6(const struct ucred *, const struct in6_addr *);
int prison_check_ip6_locked(const struct prison *, const struct in6_addr *);
-int prison_saddrsel_ip6(struct ucred *, struct in6_addr *);
+bool prison_saddrsel_ip6(struct ucred *, struct in6_addr *);
int prison_qcmp_v6(const void *, const void *);
bool prison_valid_v6(const void *);
#endif

File Metadata

Mime Type
text/plain
Expires
Wed, Feb 12, 4:00 PM (19 h, 59 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
16612664
Default Alt Text
D29659.diff (8 KB)

Event Timeline