提交 0af36ec5 编写于 作者: O openharmony_ci 提交者: Gitee

!17 默认不应用CAP_NET_BROADCAST权限校验,保持与linux行为兼容

Merge pull request !17 from Caoruihong/xx
...@@ -221,5 +221,6 @@ ...@@ -221,5 +221,6 @@
#define LWIP_TFTP LOSCFG_NET_LWIP_SACK_TFTP #define LWIP_TFTP LOSCFG_NET_LWIP_SACK_TFTP
#define LWIP_DHCPS 1 #define LWIP_DHCPS 1
#define LWIP_ENABLE_NET_CAPABILITY 1 #define LWIP_ENABLE_NET_CAPABILITY 1
#define LWIP_ENABLE_CAP_NET_BROADCAST 0
#endif /* _LWIP_PORTING_LWIPOPTS_H_ */ #endif /* _LWIP_PORTING_LWIPOPTS_H_ */
...@@ -142,12 +142,14 @@ static int lwip_setsockopt_wrap(int s, int level, int optname, const void *optva ...@@ -142,12 +142,14 @@ static int lwip_setsockopt_wrap(int s, int level, int optname, const void *optva
#if LWIP_ENABLE_NET_CAPABILITY #if LWIP_ENABLE_NET_CAPABILITY
if (level == SOL_SOCKET) { if (level == SOL_SOCKET) {
switch (optname) { switch (optname) {
#if LWIP_ENABLE_CAP_NET_BROADCAST
case SO_BROADCAST: case SO_BROADCAST:
if (!IsCapPermit(CAP_NET_BROADCAST)) { if (!IsCapPermit(CAP_NET_BROADCAST)) {
set_errno(EPERM); set_errno(EPERM);
return -1; return -1;
} }
break; break;
#endif
case SO_DEBUG: case SO_DEBUG:
case SO_MARK: case SO_MARK:
case SO_PRIORITY: case SO_PRIORITY:
...@@ -166,7 +168,7 @@ static int lwip_setsockopt_wrap(int s, int level, int optname, const void *optva ...@@ -166,7 +168,7 @@ static int lwip_setsockopt_wrap(int s, int level, int optname, const void *optva
return lwip_setsockopt2(s, level, optname, optval, optlen); return lwip_setsockopt2(s, level, optname, optval, optlen);
} }
#if LWIP_ENABLE_NET_CAPABILITY #if LWIP_ENABLE_NET_CAPABILITY && LWIP_ENABLE_CAP_NET_BROADCAST
static int ip_addr_isbroadcast_bysock(const ip_addr_t *ipaddr, int s) static int ip_addr_isbroadcast_bysock(const ip_addr_t *ipaddr, int s)
{ {
struct sockaddr sa; struct sockaddr sa;
...@@ -215,10 +217,12 @@ static int lwip_bind_wrap(int s, const struct sockaddr *name, socklen_t namelen) ...@@ -215,10 +217,12 @@ static int lwip_bind_wrap(int s, const struct sockaddr *name, socklen_t namelen)
LWIP_ERROR("permission deny: NET_BIND_SERVICE\n", IsCapPermit(CAP_NET_BIND_SERVICE), LWIP_ERROR("permission deny: NET_BIND_SERVICE\n", IsCapPermit(CAP_NET_BIND_SERVICE),
set_errno(EPERM); return -1); set_errno(EPERM); return -1);
} }
#if LWIP_ENABLE_CAP_NET_BROADCAST
if (ip_addr_ismulticast(&ipaddr) || ip_addr_isbroadcast_bysock(&ipaddr, s)) { if (ip_addr_ismulticast(&ipaddr) || ip_addr_isbroadcast_bysock(&ipaddr, s)) {
LWIP_ERROR("permission deny: NET_BROADCAST\n", IsCapPermit(CAP_NET_BROADCAST), LWIP_ERROR("permission deny: NET_BROADCAST\n", IsCapPermit(CAP_NET_BROADCAST),
set_errno(EPERM); return -1); set_errno(EPERM); return -1);
} }
#endif
} }
#endif #endif
...@@ -236,11 +240,12 @@ static ssize_t lwip_sendto_wrap(int s, const void *dataptr, size_t size, int fla ...@@ -236,11 +240,12 @@ static ssize_t lwip_sendto_wrap(int s, const void *dataptr, size_t size, int fla
u16_t port; u16_t port;
SOCKADDR_TO_IPADDR_PORT(to, &ipaddr, port); SOCKADDR_TO_IPADDR_PORT(to, &ipaddr, port);
#if LWIP_ENABLE_CAP_NET_BROADCAST
if (ip_addr_ismulticast(&ipaddr) || ip_addr_isbroadcast_bysock(&ipaddr, s)) { if (ip_addr_ismulticast(&ipaddr) || ip_addr_isbroadcast_bysock(&ipaddr, s)) {
LWIP_ERROR("permission deny: NET_BROADCAST\n", IsCapPermit(CAP_NET_BROADCAST), LWIP_ERROR("permission deny: NET_BROADCAST\n", IsCapPermit(CAP_NET_BROADCAST),
set_errno(EPERM); return -1); set_errno(EPERM); return -1);
} }
#endif
} }
#endif #endif
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册