--- uipc_socket.c	Sat Mar 28 11:24:06 1998
+++ /usr/src/sys/kern/uipc_socket.c	Thu Apr  2 21:39:16 1998
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)uipc_socket.c	8.3 (Berkeley) 4/15/94
- *	$Id: uipc_socket.c,v 1.39 1998/03/28 10:33:08 bde Exp $
+ *	$Id: uipc_socket.c,v 1.38 1998/03/01 19:39:17 guido Exp $
  */
 
 #include <sys/param.h>
@@ -49,7 +49,6 @@
 #include <sys/resourcevar.h>
 #include <sys/signalvar.h>
 #include <sys/sysctl.h>
-#include <sys/uio.h>
 
 #include <machine/limits.h>
 
@@ -61,6 +60,22 @@
 SYSCTL_INT(_kern_ipc, KIPC_SOMAXCONN, somaxconn, CTLFLAG_RW, &somaxconn,
 	   0, "");
 
+static int netinet_restrict = 0;
+
+static uid_t netinet_uid = 0;
+static gid_t netinet_gid = 0;
+static gid_t nonetinet_gid = 0;
+
+SYSCTL_INT(_kern_ipc, OID_AUTO, netinet_restrict, CTLFLAG_RW, 
+		&netinet_restrict, 0, "");
+SYSCTL_INT(_kern_ipc, OID_AUTO, netinet_uid, CTLFLAG_RW,
+		&netinet_uid, 0, "");
+SYSCTL_INT(_kern_ipc, OID_AUTO, netinet_gid, CTLFLAG_RW,
+		&netinet_gid, 0, "");
+SYSCTL_INT(_kern_ipc, OID_AUTO, nonetinet_gid, CTLFLAG_RW,
+		&nonetinet_gid, 0, "");
+
+
 /*
  * Socket operation routines.
  * These routines are called by the routines in
@@ -80,6 +95,25 @@
 	register struct protosw *prp;
 	register struct socket *so;
 	register int error;
+
+	/* IP socket, access control is enabled	*/
+
+	if(dom == AF_INET && netinet_restrict) {
+
+		/* explicitly deny anyone in nonetinet_gid */
+
+		if(nonetinet_gid 
+		&& groupmember(nonetinet_gid, p->p_ucred))
+			return(EPERM);
+
+		/* don't allow anyone who isn't either netinet_uid
+		 * or a member of netinet_gid
+		 */
+
+		if(netinet_uid != p->p_ucred->cr_uid 
+		&&!groupmember(netinet_gid, p->p_ucred))
+			return(EPERM);
+	}
 
 	if (proto)
 		prp = pffindproto(dom, proto, type);