net: Push capable(CAP_NET_ADMIN) into the rtnl methods

- In rtnetlink_rcv_msg convert the capable(CAP_NET_ADMIN) check
  to ns_capable(net->user-ns, CAP_NET_ADMIN).  Allowing unprivileged
  users to make netlink calls to modify their local network
  namespace.

- In the rtnetlink doit methods add capable(CAP_NET_ADMIN) so
  that calls that are not safe for unprivileged users are still
  protected.

Later patches will remove the extra capable calls from methods
that are safe for unprivilged users.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index 65429b99a2a30313c13eed856b565415f5b95333..49e14937019dacc745f25de0d9130867e2192422 100644 (file)
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -240,6 +240,9 @@ int br_setlink(struct net_device *dev, struct nlmsghdr *nlh)
        struct nlattr *tb[IFLA_BRPORT_MAX];
        int err;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        ifm = nlmsg_data(nlh);
 
        protinfo = nlmsg_find_attr(nlh, sizeof(*ifm), IFLA_PROTINFO);

diff --git a/net/can/gw.c b/net/can/gw.c
index 1f5c9785a262e02748b844e325f510f7a8c08dcc..574dda78eb0f0d747eeeb44fb9da74be9618068f 100644 (file)
--- a/net/can/gw.c
+++ b/net/can/gw.c
@@ -751,6 +751,9 @@ static int cgw_create_job(struct sk_buff *skb,  struct nlmsghdr *nlh,
        struct cgw_job *gwj;
        int err = 0;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        if (nlmsg_len(nlh) < sizeof(*r))
                return -EINVAL;
 
@@ -839,6 +842,9 @@ static int cgw_remove_job(struct sk_buff *skb,  struct nlmsghdr *nlh, void *arg)
        struct can_can_gw ccgw;
        int err = 0;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        if (nlmsg_len(nlh) < sizeof(*r))
                return -EINVAL;
 

diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c
index 58a4ba27dfe3117d439ada122000e1339a23f48f..bf5b5b8af56e19d9f49a31249cb3ee84c0a49396 100644 (file)
--- a/net/core/fib_rules.c
+++ b/net/core/fib_rules.c
@@ -275,6 +275,9 @@ static int fib_nl_newrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
        struct nlattr *tb[FRA_MAX+1];
        int err = -EINVAL, unresolved = 0;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*frh)))
                goto errout;
 
@@ -424,6 +427,9 @@ static int fib_nl_delrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
        struct nlattr *tb[FRA_MAX+1];
        int err = -EINVAL;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*frh)))
                goto errout;
 

diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index f1c0c2e9cad5fd860e367b5bc63716714b14df79..7adcdaf91c4ddd5f81f37457f789db3f6ba9df94 100644 (file)
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -1620,6 +1620,9 @@ static int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
        struct net_device *dev = NULL;
        int err = -EINVAL;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        ASSERT_RTNL();
        if (nlmsg_len(nlh) < sizeof(*ndm))
                goto out;
@@ -1684,6 +1687,9 @@ static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
        struct net_device *dev = NULL;
        int err;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        ASSERT_RTNL();
        err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX, NULL);
        if (err < 0)
@@ -1962,6 +1968,9 @@ static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
        struct nlattr *tb[NDTA_MAX+1];
        int err;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        err = nlmsg_parse(nlh, sizeof(*ndtmsg), tb, NDTA_MAX,
                          nl_neightbl_policy);
        if (err < 0)

diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index a810f6a61372f89d21aabc8f1c53118af244bc25..a40c10b96f474532c4cdee11816fe44bbe4b883b 100644 (file)
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -1547,6 +1547,9 @@ static int rtnl_setlink(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
        struct nlattr *tb[IFLA_MAX+1];
        char ifname[IFNAMSIZ];
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFLA_MAX, ifla_policy);
        if (err < 0)
                goto errout;
@@ -1590,6 +1593,9 @@ static int rtnl_dellink(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
        int err;
        LIST_HEAD(list_kill);
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFLA_MAX, ifla_policy);
        if (err < 0)
                return err;
@@ -1720,6 +1726,9 @@ static int rtnl_newlink(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
        struct nlattr *linkinfo[IFLA_INFO_MAX+1];
        int err;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
 #ifdef CONFIG_MODULES
 replay:
 #endif
@@ -2057,6 +2066,9 @@ static int rtnl_fdb_add(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
        u8 *addr;
        int err;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX, NULL);
        if (err < 0)
                return err;
@@ -2123,6 +2135,9 @@ static int rtnl_fdb_del(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
        int err = -EINVAL;
        __u8 *addr;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        if (nlmsg_len(nlh) < sizeof(*ndm))
                return -EINVAL;
 
@@ -2488,7 +2503,7 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        sz_idx = type>>2;
        kind = type&3;
 
-       if (kind != 2 && !capable(CAP_NET_ADMIN))
+       if (kind != 2 && !ns_capable(net->user_ns, CAP_NET_ADMIN))
                return -EPERM;
 
        if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) {

diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c
index 70989e672304938a39cdf7b7a0dfd87b7497d2a9..b07c75d37e91702f90d7c4ab2a39d15aacce3e48 100644 (file)
--- a/net/dcb/dcbnl.c
+++ b/net/dcb/dcbnl.c
@@ -1662,6 +1662,9 @@ static int dcb_doit(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
        struct nlmsghdr *reply_nlh = NULL;
        const struct reply_func *fn;
 
+       if ((nlh->nlmsg_type == RTM_SETDCB) && !capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        if (!net_eq(net, &init_net))
                return -EINVAL;
 

diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
index 7b7e561412d379380a54678b1505da796184c49c..e47ba9fc4a0e6ce47295d85108f1d573290a2aa7 100644 (file)
--- a/net/decnet/dn_dev.c
+++ b/net/decnet/dn_dev.c
@@ -573,6 +573,9 @@ static int dn_nl_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
        struct dn_ifaddr __rcu **ifap;
        int err = -EINVAL;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        if (!net_eq(net, &init_net))
                goto errout;
 
@@ -614,6 +617,9 @@ static int dn_nl_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
        struct dn_ifaddr *ifa;
        int err;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        if (!net_eq(net, &init_net))
                return -EINVAL;
 

diff --git a/net/decnet/dn_fib.c b/net/decnet/dn_fib.c
index 102d6106a942fc32a8dedb7832711cbe94b4822b..e36614eccc0476d8c9fd1a3ebfbcb59bf14ffe4f 100644 (file)
--- a/net/decnet/dn_fib.c
+++ b/net/decnet/dn_fib.c
@@ -520,6 +520,9 @@ static int dn_fib_rtm_delroute(struct sk_buff *skb, struct nlmsghdr *nlh, void *
        struct rtattr **rta = arg;
        struct rtmsg *r = NLMSG_DATA(nlh);
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        if (!net_eq(net, &init_net))
                return -EINVAL;
 
@@ -540,6 +543,9 @@ static int dn_fib_rtm_newroute(struct sk_buff *skb, struct nlmsghdr *nlh, void *
        struct rtattr **rta = arg;
        struct rtmsg *r = NLMSG_DATA(nlh);
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        if (!net_eq(net, &init_net))
                return -EINVAL;
 

diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 6e06e924ed99599344b231ce93a28e2cc0f045a8..41709353891699c7e370490b8b97dad63718b2ab 100644 (file)
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -539,6 +539,9 @@ static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg
 
        ASSERT_RTNL();
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv4_policy);
        if (err < 0)
                goto errout;
@@ -646,6 +649,9 @@ static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg
 
        ASSERT_RTNL();
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        ifa = rtm_to_ifaddr(net, nlh);
        if (IS_ERR(ifa))
                return PTR_ERR(ifa);

diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 825c608826de1c4b5dea08c46e6ff4255117c990..bce4541c67844be50387c5a3f731f8392051d634 100644 (file)
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -613,6 +613,9 @@ static int inet_rtm_delroute(struct sk_buff *skb, struct nlmsghdr *nlh, void *ar
        struct fib_table *tb;
        int err;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        err = rtm_to_fib_config(net, skb, nlh, &cfg);
        if (err < 0)
                goto errout;
@@ -635,6 +638,9 @@ static int inet_rtm_newroute(struct sk_buff *skb, struct nlmsghdr *nlh, void *ar
        struct fib_table *tb;
        int err;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        err = rtm_to_fib_config(net, skb, nlh, &cfg);
        if (err < 0)
                goto errout;

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index b24b4de5cd26352031258d385b0c315e2edfd53b..e21bdb92565d771315f24700e1d858496edda1e2 100644 (file)
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -3514,6 +3514,9 @@ inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
        struct in6_addr *pfx;
        int err;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy);
        if (err < 0)
                return err;
@@ -3584,6 +3587,9 @@ inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
        u8 ifa_flags;
        int err;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy);
        if (err < 0)
                return err;

diff --git a/net/ipv6/addrlabel.c b/net/ipv6/addrlabel.c
index ff76eecfd622ed80115fe691f9901739e7c7c0da..b106f80be0c53903c5306b7d3b1c7b635e7a13e6 100644 (file)
--- a/net/ipv6/addrlabel.c
+++ b/net/ipv6/addrlabel.c
@@ -425,6 +425,9 @@ static int ip6addrlbl_newdel(struct sk_buff *skb, struct nlmsghdr *nlh,
        u32 label;
        int err = 0;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy);
        if (err < 0)
                return err;

diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 021a48e8a5e2e7f9dec2ec03b6c8705373c635ef..c6215e2b9d7f97cca35ee511b00410ea36225444 100644 (file)
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2446,6 +2446,9 @@ static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *a
        struct fib6_config cfg;
        int err;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        err = rtm_to_fib6_config(skb, nlh, &cfg);
        if (err < 0)
                return err;
@@ -2461,6 +2464,9 @@ static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *a
        struct fib6_config cfg;
        int err;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        err = rtm_to_fib6_config(skb, nlh, &cfg);
        if (err < 0)
                return err;

diff --git a/net/phonet/pn_netlink.c b/net/phonet/pn_netlink.c
index 83a8389619aa7ccc0a490a8f8b664200bee53df9..0193630d306125a62f273db3165e98a306249fc0 100644 (file)
--- a/net/phonet/pn_netlink.c
+++ b/net/phonet/pn_netlink.c
@@ -70,6 +70,9 @@ static int addr_doit(struct sk_buff *skb, struct nlmsghdr *nlh, void *attr)
        int err;
        u8 pnaddr;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        if (!capable(CAP_SYS_ADMIN))
                return -EPERM;
 
@@ -230,6 +233,9 @@ static int route_doit(struct sk_buff *skb, struct nlmsghdr *nlh, void *attr)
        int err;
        u8 dst;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        if (!capable(CAP_SYS_ADMIN))
                return -EPERM;
 

diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index 102761d294cbe7b470de479be5f07b7c5d4d69ed..65d240cbf74b7513e7dc42effdc7f126bb4fff65 100644 (file)
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -987,6 +987,9 @@ static int tc_ctl_action(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
        u32 portid = skb ? NETLINK_CB(skb).portid : 0;
        int ret = 0, ovr = 0;
 
+       if ((n->nlmsg_type != RTM_GETACTION) && !capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        ret = nlmsg_parse(n, sizeof(struct tcamsg), tca, TCA_ACT_MAX, NULL);
        if (ret < 0)
                return ret;

diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index 7ae02892437c25bf1e925d6dc756ed23aabff1a3..ff55ed6c49b24115f4dc78b505da368a34e06b6b 100644 (file)
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -139,6 +139,8 @@ static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
        int err;
        int tp_created = 0;
 
+       if ((n->nlmsg_type != RTM_GETTFILTER) && !capable(CAP_NET_ADMIN))
+               return -EPERM;
 replay:
        t = nlmsg_data(n);
        protocol = TC_H_MIN(t->tcm_info);

diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index 13cc744a24981ea4ce8d9ebe2c7d321ed3e2ebfa..4799c4840c1a2e89fd22885a9e6212ae1682b819 100644 (file)
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -980,6 +980,9 @@ static int tc_get_qdisc(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
        struct Qdisc *p = NULL;
        int err;
 
+       if ((n->nlmsg_type != RTM_GETQDISC) && !capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        dev = __dev_get_by_index(net, tcm->tcm_ifindex);
        if (!dev)
                return -ENODEV;
@@ -1043,6 +1046,9 @@ static int tc_modify_qdisc(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
        struct Qdisc *q, *p;
        int err;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
 replay:
        /* Reinit, just in case something touches this. */
        tcm = nlmsg_data(n);
@@ -1379,6 +1385,9 @@ static int tc_ctl_tclass(struct sk_buff *skb, struct nlmsghdr *n, void *arg)
        u32 qid = TC_H_MAJ(clid);
        int err;
 
+       if ((n->nlmsg_type != RTM_GETTCLASS) && !capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        dev = __dev_get_by_index(net, tcm->tcm_ifindex);
        if (!dev)
                return -ENODEV;