Module Name: src
Committed By: elad
Date: Wed Apr 15 20:44:26 UTC 2009
Modified Files:
src/share/man/man9: kauth.9
src/sys/arch/i386/isa: cmos.c
src/sys/compat/ibcs2: ibcs2_misc.c
src/sys/compat/linux/arch/m68k: linux_machdep.c
src/sys/dev/ic: an.c midway.c rrunner.c wi.c
src/sys/dev/if_ndis: if_ndis.c
src/sys/dev/pcmcia: if_cnw.c
src/sys/kern: kern_sysctl.c
src/sys/net: if_ppp.c if_stf.c ppp_tty.c
src/sys/netinet: ip_input.c tcp_usrreq.c
src/sys/secmodel/bsd44: secmodel_bsd44_suser.c
src/sys/sys: kauth.h
Log Message:
Remove a few KAUTH_GENERIC_ISSUSER in favor of more descriptive
alternatives.
Discussed on tech-kern:
http://mail-index.netbsd.org/tech-kern/2009/04/11/msg004798.html
Input from ad@, christos@, dyoung@, tsut...@.
Okay a...@.
To generate a diff of this commit:
cvs rdiff -u -r1.73 -r1.74 src/share/man/man9/kauth.9
cvs rdiff -u -r1.6 -r1.7 src/sys/arch/i386/isa/cmos.c
cvs rdiff -u -r1.105 -r1.106 src/sys/compat/ibcs2/ibcs2_misc.c
cvs rdiff -u -r1.40 -r1.41 src/sys/compat/linux/arch/m68k/linux_machdep.c
cvs rdiff -u -r1.54 -r1.55 src/sys/dev/ic/an.c
cvs rdiff -u -r1.87 -r1.88 src/sys/dev/ic/midway.c
cvs rdiff -u -r1.70 -r1.71 src/sys/dev/ic/rrunner.c
cvs rdiff -u -r1.228 -r1.229 src/sys/dev/ic/wi.c
cvs rdiff -u -r1.25 -r1.26 src/sys/dev/if_ndis/if_ndis.c
cvs rdiff -u -r1.48 -r1.49 src/sys/dev/pcmcia/if_cnw.c
cvs rdiff -u -r1.221 -r1.222 src/sys/kern/kern_sysctl.c
cvs rdiff -u -r1.128 -r1.129 src/sys/net/if_ppp.c
cvs rdiff -u -r1.70 -r1.71 src/sys/net/if_stf.c
cvs rdiff -u -r1.53 -r1.54 src/sys/net/ppp_tty.c
cvs rdiff -u -r1.279 -r1.280 src/sys/netinet/ip_input.c
cvs rdiff -u -r1.152 -r1.153 src/sys/netinet/tcp_usrreq.c
cvs rdiff -u -r1.61 -r1.62 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
cvs rdiff -u -r1.53 -r1.54 src/sys/sys/kauth.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/man/man9/kauth.9
diff -u src/share/man/man9/kauth.9:1.73 src/share/man/man9/kauth.9:1.74
--- src/share/man/man9/kauth.9:1.73 Sun Mar 15 14:11:08 2009
+++ src/share/man/man9/kauth.9 Wed Apr 15 20:44:24 2009
@@ -1,4 +1,4 @@
-.\" $NetBSD: kauth.9,v 1.73 2009/03/15 14:11:08 joerg Exp $
+.\" $NetBSD: kauth.9,v 1.74 2009/04/15 20:44:24 elad Exp $
.\"
.\" Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org>
.\" All rights reserved.
@@ -25,7 +25,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd November 12, 2008
+.Dd April 15, 2009
.Dt KAUTH 9
.Os
.Sh NAME
@@ -305,6 +305,12 @@
Check if adding description to a
.Xr sysctl 9
node is allowed.
+.It Dv KAUTH_REQ_SYSTEM_SYSCTL_MODIFY
+Check if modifying a
+.Xr sysctl 9
+node variable that doesn't have a custom sysctl helper function is allowed.
+.Pp
+This request might be deprecated in the future.
.It Dv KAUTH_REQ_SYSTEM_SYSCTL_PRVT
Check if accessing private
.Xr sysctl 9
@@ -642,6 +648,24 @@
is a
.Ft struct socket *
describing the socket.
+.It Dv KAUTH_REQ_NETWORK_SOCKET_DROP
+Checks if a connection can be dropped.
+.Pp
+.Ar arg1
+is a
+.Ft struct socket *
+describing the socket.
+.It Dv KAUTH_REQ_NETWORK_SOCKET_SETPRIV
+Checks if setting privileged socket options is allowed.
+.Pp
+.Ar arg1
+is a
+.Ft struct socket *
+describing the socket,
+.Ar arg2
+is a
+.Ft u_long
+describing the socket option.
.El
.El
.Ss Machine-dependent Scope
@@ -659,6 +683,11 @@
Below is a list of available actions, along with which platforms are affected
by each.
.Bl -tag -width compact
+.It Dv KAUTH_MACHDEP_CACHEFLUSH
+Request to flush the whole CPU cache.
+Affects
+.Em m68k
+Linux emulation.
.It Dv KAUTH_MACHDEP_IOPERM_GET
Request to get the I/O permission level.
Affects
@@ -701,6 +730,10 @@
.Em amd64 ,
.Em i386 ,
.Em xen .
+.It Dv KAUTH_MACHDEP_NVRAM
+Request to access (read/write) the NVRAM.
+Affects
+.Em i386 .
.It Dv KAUTH_MACHDEP_UNMANAGEDMEM
Request to access unmanaged memory.
Affects
@@ -1343,7 +1376,7 @@
introduced and it is assumed other parts of the kernel may want to
interfere with its inner-workings.
When a subsystem that has the potential of impacting the security
-if the system is introduced, existing security modules must be updated
+of the system is introduced, existing security modules must be updated
to also handle actions on the newly added scope.
.Pp
New actions should be added when sets of operations not covered at all
Index: src/sys/arch/i386/isa/cmos.c
diff -u src/sys/arch/i386/isa/cmos.c:1.6 src/sys/arch/i386/isa/cmos.c:1.7
--- src/sys/arch/i386/isa/cmos.c:1.6 Sat Jun 28 15:09:49 2008
+++ src/sys/arch/i386/isa/cmos.c Wed Apr 15 20:44:26 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: cmos.c,v 1.6 2008/06/28 15:09:49 ad Exp $ */
+/* $NetBSD: cmos.c,v 1.7 2009/04/15 20:44:26 elad Exp $ */
/*
* Copyright (C) 2003 JONE System Co., Inc.
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cmos.c,v 1.6 2008/06/28 15:09:49 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cmos.c,v 1.7 2009/04/15 20:44:26 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -118,8 +118,8 @@
cmos_open(dev_t dev, int flags, int ifmt, struct lwp *l)
{
- return kauth_authorize_generic(kauth_cred_get(),
- KAUTH_GENERIC_ISSUSER, NULL);
+ return kauth_authorize_machdep(kauth_cred_get(),
+ KAUTH_MACHDEP_NVRAM, NULL, NULL, NULL, NULL);
}
static void
Index: src/sys/compat/ibcs2/ibcs2_misc.c
diff -u src/sys/compat/ibcs2/ibcs2_misc.c:1.105 src/sys/compat/ibcs2/ibcs2_misc.c:1.106
--- src/sys/compat/ibcs2/ibcs2_misc.c:1.105 Sun Jan 11 02:45:47 2009
+++ src/sys/compat/ibcs2/ibcs2_misc.c Wed Apr 15 20:44:26 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ibcs2_misc.c,v 1.105 2009/01/11 02:45:47 christos Exp $ */
+/* $NetBSD: ibcs2_misc.c,v 1.106 2009/04/15 20:44:26 elad Exp $ */
/*
* Copyright (c) 1992, 1993
@@ -95,7 +95,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ibcs2_misc.c,v 1.105 2009/01/11 02:45:47 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ibcs2_misc.c,v 1.106 2009/04/15 20:44:26 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -1075,6 +1075,8 @@
}
/*
+ * See http://docsrv.sco.com:507/en/man/html.S/plock.S.html
+ *
* XXX - need to check for nested calls
*/
@@ -1089,9 +1091,12 @@
#define IBCS2_TEXTLOCK 2
#define IBCS2_DATALOCK 4
- if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
- NULL) != 0)
- return EPERM;
+ /*
+ * NOTE: This is a privileged operation. Normally it would require root
+ * access. When implementing, please make sure to use an appropriate
+ * kauth(9) request. See the man-page for more information.
+ */
+
switch(SCARG(uap, cmd)) {
case IBCS2_UNLOCK:
case IBCS2_PROCLOCK:
@@ -1102,6 +1107,9 @@
return EINVAL;
}
+/*
+ * See http://docsrv.sco.com:507/en/man/html.S/uadmin.S.html
+ */
int
ibcs2_sys_uadmin(struct lwp *l, const struct ibcs2_sys_uadmin_args *uap, register_t *retval)
{
@@ -1153,11 +1161,12 @@
case SCO_A_CLOCK:
case SCO_A_SETCONFIG:
case SCO_A_GETDEV:
- /* XXX Use proper kauth(9) requests when updating this. */
- error = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL);
- if (error)
- return (error);
+ /*
+ * NOTE: These are all privileged operations, that otherwise
+ * would require root access or similar. When implementing,
+ * please use appropriate kauth(9) requests. See the man-page
+ * for more information.
+ */
if (SCARG(uap, cmd) != SCO_A_GETDEV)
return 0;
Index: src/sys/compat/linux/arch/m68k/linux_machdep.c
diff -u src/sys/compat/linux/arch/m68k/linux_machdep.c:1.40 src/sys/compat/linux/arch/m68k/linux_machdep.c:1.41
--- src/sys/compat/linux/arch/m68k/linux_machdep.c:1.40 Wed Mar 18 17:06:48 2009
+++ src/sys/compat/linux/arch/m68k/linux_machdep.c Wed Apr 15 20:44:26 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: linux_machdep.c,v 1.40 2009/03/18 17:06:48 cegger Exp $ */
+/* $NetBSD: linux_machdep.c,v 1.41 2009/04/15 20:44:26 elad Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: linux_machdep.c,v 1.40 2009/03/18 17:06:48 cegger Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_machdep.c,v 1.41 2009/04/15 20:44:26 elad Exp $");
#define COMPAT_LINUX 1
@@ -846,8 +846,8 @@
* LINUX_FLUSH_SCOPE_ALL (flush whole cache) is limited to super users.
*/
if (scope == LINUX_FLUSH_SCOPE_ALL) {
- if ((error = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL)) != 0)
+ if ((error = kauth_authorize_machdep(l->l_cred,
+ KAUTH_MACHDEP_CACHEFLUSH, NULL, NULL, NULL, NULL)) != 0)
return error;
#if defined(M68040) || defined(M68060)
/* entire cache */
Index: src/sys/dev/ic/an.c
diff -u src/sys/dev/ic/an.c:1.54 src/sys/dev/ic/an.c:1.55
--- src/sys/dev/ic/an.c:1.54 Wed Nov 12 12:36:11 2008
+++ src/sys/dev/ic/an.c Wed Apr 15 20:44:25 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: an.c,v 1.54 2008/11/12 12:36:11 ad Exp $ */
+/* $NetBSD: an.c,v 1.55 2009/04/15 20:44:25 elad Exp $ */
/*
* Copyright (c) 1997, 1998, 1999
* Bill Paul <wp...@ctr.columbia.edu>. All rights reserved.
@@ -77,7 +77,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: an.c,v 1.54 2008/11/12 12:36:11 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: an.c,v 1.55 2009/04/15 20:44:25 elad Exp $");
#include "bpfilter.h"
@@ -1265,8 +1265,11 @@
if (nwkey->i_key[i].i_keydat == NULL)
continue;
/* do not show any keys to non-root user */
- if ((error = kauth_authorize_generic(curlwp->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL)) != 0)
+ /* XXX-elad: why is this inside a loop? */
+ if ((error = kauth_authorize_network(curlwp->l_cred,
+ KAUTH_NETWORK_INTERFACE,
+ KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, sc->sc_ic.ic_ifp,
+ KAUTH_ARG(SIOCG80211NWKEY), NULL)) != 0)
break;
nwkey->i_key[i].i_keylen = sc->sc_wepkeys[i].an_wep_keylen;
if (nwkey->i_key[i].i_keylen < 0) {
Index: src/sys/dev/ic/midway.c
diff -u src/sys/dev/ic/midway.c:1.87 src/sys/dev/ic/midway.c:1.88
--- src/sys/dev/ic/midway.c:1.87 Sun Mar 15 15:52:12 2009
+++ src/sys/dev/ic/midway.c Wed Apr 15 20:44:25 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: midway.c,v 1.87 2009/03/15 15:52:12 cegger Exp $ */
+/* $NetBSD: midway.c,v 1.88 2009/04/15 20:44:25 elad Exp $ */
/* (sync'd to midway.c 1.68) */
/*
@@ -68,7 +68,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: midway.c,v 1.87 2009/03/15 15:52:12 cegger Exp $");
+__KERNEL_RCSID(0, "$NetBSD: midway.c,v 1.88 2009/04/15 20:44:25 elad Exp $");
#include "opt_natm.h"
@@ -1285,8 +1285,10 @@
break;
case SIOCSPVCTX:
- if ((error = kauth_authorize_generic(curlwp->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL)) == 0)
+ if ((error = kauth_authorize_network(curlwp->l_cred,
+ KAUTH_NETWORK_INTERFACE,
+ KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
+ NULL)) == 0)
error = en_pvctx(sc, (struct pvctxreq *)data);
break;
Index: src/sys/dev/ic/rrunner.c
diff -u src/sys/dev/ic/rrunner.c:1.70 src/sys/dev/ic/rrunner.c:1.71
--- src/sys/dev/ic/rrunner.c:1.70 Sat Mar 14 15:36:17 2009
+++ src/sys/dev/ic/rrunner.c Wed Apr 15 20:44:25 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: rrunner.c,v 1.70 2009/03/14 15:36:17 dsl Exp $ */
+/* $NetBSD: rrunner.c,v 1.71 2009/04/15 20:44:25 elad Exp $ */
/*
* Copyright (c) 1997, 1998 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: rrunner.c,v 1.70 2009/03/14 15:36:17 dsl Exp $");
+__KERNEL_RCSID(0, "$NetBSD: rrunner.c,v 1.71 2009/04/15 20:44:25 elad Exp $");
#include "opt_inet.h"
@@ -3033,8 +3033,10 @@
break;
default:
- error = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL);
+ error = kauth_authorize_network(l->l_cred,
+ KAUTH_NETWORK_INTERFACE,
+ KAUTH_REQ_NETWORK_INTERFACE_SETPRIV,
+ ifp, KAUTH_ARG(cmd), NULL);
if (error)
return (error);
}
Index: src/sys/dev/ic/wi.c
diff -u src/sys/dev/ic/wi.c:1.228 src/sys/dev/ic/wi.c:1.229
--- src/sys/dev/ic/wi.c:1.228 Wed Nov 12 12:36:11 2008
+++ src/sys/dev/ic/wi.c Wed Apr 15 20:44:25 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: wi.c,v 1.228 2008/11/12 12:36:11 ad Exp $ */
+/* $NetBSD: wi.c,v 1.229 2009/04/15 20:44:25 elad Exp $ */
/*-
* Copyright (c) 2004 The NetBSD Foundation, Inc.
@@ -99,7 +99,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: wi.c,v 1.228 2008/11/12 12:36:11 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: wi.c,v 1.229 2009/04/15 20:44:25 elad Exp $");
#define WI_HERMES_AUTOINC_WAR /* Work around data write autoinc bug. */
#define WI_HERMES_STATS_WAR /* Work around stats counter bug. */
@@ -1362,8 +1362,10 @@
error = wi_get_cfg(ifp, cmd, data);
break;
case SIOCSIFGENERIC:
- error = kauth_authorize_generic(curlwp->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL);
+ error = kauth_authorize_network(curlwp->l_cred,
+ KAUTH_NETWORK_INTERFACE,
+ KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
+ NULL);
if (error)
break;
error = wi_set_cfg(ifp, cmd, data);
Index: src/sys/dev/if_ndis/if_ndis.c
diff -u src/sys/dev/if_ndis/if_ndis.c:1.25 src/sys/dev/if_ndis/if_ndis.c:1.26
--- src/sys/dev/if_ndis/if_ndis.c:1.25 Thu Apr 2 00:39:37 2009
+++ src/sys/dev/if_ndis/if_ndis.c Wed Apr 15 20:44:25 2009
@@ -35,7 +35,7 @@
__FBSDID("$FreeBSD: src/sys/dev/if_ndis/if_ndis.c,v 1.69.2.6 2005/03/31 04:24:36 wpaul Exp $");
#endif
#ifdef __NetBSD__
-__KERNEL_RCSID(0, "$NetBSD: if_ndis.c,v 1.25 2009/04/02 00:39:37 dyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ndis.c,v 1.26 2009/04/15 20:44:25 elad Exp $");
#endif
@@ -2253,8 +2253,10 @@
struct ndis_softc *sc;
uint32_t foo;
int error, len;
- error = kauth_authorize_generic(curlwp->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL);
+
+ error = kauth_authorize_network(kauth_cred_get(),
+ KAUTH_NETWORK_INTERFACE, KAUTH_REQ_NETWORK_INTERFACE_SETPRIV,
+ ifp, KAUTH_ARG(command), NULL);
if (error)
return (error);
Index: src/sys/dev/pcmcia/if_cnw.c
diff -u src/sys/dev/pcmcia/if_cnw.c:1.48 src/sys/dev/pcmcia/if_cnw.c:1.49
--- src/sys/dev/pcmcia/if_cnw.c:1.48 Sat Mar 14 21:04:22 2009
+++ src/sys/dev/pcmcia/if_cnw.c Wed Apr 15 20:44:25 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: if_cnw.c,v 1.48 2009/03/14 21:04:22 dsl Exp $ */
+/* $NetBSD: if_cnw.c,v 1.49 2009/04/15 20:44:25 elad Exp $ */
/*-
* Copyright (c) 1998, 2004 The NetBSD Foundation, Inc.
@@ -105,7 +105,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_cnw.c,v 1.48 2009/03/14 21:04:22 dsl Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_cnw.c,v 1.49 2009/04/15 20:44:25 elad Exp $");
#include "opt_inet.h"
#include "bpfilter.h"
@@ -1017,9 +1017,18 @@
break;
case SIOCSCNWDOMAIN:
case SIOCSCNWKEY:
+ error = kauth_authorize_network(l->l_cred,
+ KAUTH_NETWORK_INTERFACE,
+ KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
+ NULL);
+ if (error)
+ return (error);
+ break;
case SIOCGCNWSTATUS:
- error = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL);
+ error = kauth_authorize_network(l->l_cred,
+ KAUTH_NETWORK_INTERFACE,
+ KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, KAUTH_ARG(cmd),
+ NULL);
if (error)
return (error);
break;
Index: src/sys/kern/kern_sysctl.c
diff -u src/sys/kern/kern_sysctl.c:1.221 src/sys/kern/kern_sysctl.c:1.222
--- src/sys/kern/kern_sysctl.c:1.221 Mon Dec 29 15:35:02 2008
+++ src/sys/kern/kern_sysctl.c Wed Apr 15 20:44:25 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_sysctl.c,v 1.221 2008/12/29 15:35:02 pooka Exp $ */
+/* $NetBSD: kern_sysctl.c,v 1.222 2009/04/15 20:44:25 elad Exp $ */
/*-
* Copyright (c) 2003, 2007, 2008 The NetBSD Foundation, Inc.
@@ -68,7 +68,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_sysctl.c,v 1.221 2008/12/29 15:35:02 pooka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_sysctl.c,v 1.222 2009/04/15 20:44:25 elad Exp $");
#include "opt_defcorename.h"
#include "ksyms.h"
@@ -1448,8 +1448,9 @@
*/
if (l != NULL && newp != NULL &&
!(rnode->sysctl_flags & CTLFLAG_ANYWRITE) &&
- (error = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL)) != 0)
+ (error = kauth_authorize_system(l->l_cred,
+ KAUTH_SYSTEM_SYSCTL, KAUTH_REQ_SYSTEM_SYSCTL_MODIFY, NULL, NULL,
+ NULL)) != 0)
return (error);
/*
Index: src/sys/net/if_ppp.c
diff -u src/sys/net/if_ppp.c:1.128 src/sys/net/if_ppp.c:1.129
--- src/sys/net/if_ppp.c:1.128 Mon Jan 19 15:16:34 2009
+++ src/sys/net/if_ppp.c Wed Apr 15 20:44:25 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: if_ppp.c,v 1.128 2009/01/19 15:16:34 yamt Exp $ */
+/* $NetBSD: if_ppp.c,v 1.129 2009/04/15 20:44:25 elad Exp $ */
/* Id: if_ppp.c,v 1.6 1997/03/04 03:33:00 paulus Exp */
/*
@@ -102,7 +102,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_ppp.c,v 1.128 2009/01/19 15:16:34 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ppp.c,v 1.129 2009/04/15 20:44:25 elad Exp $");
#include "ppp.h"
@@ -498,14 +498,14 @@
case PPPIOCSCOMPRESS:
case PPPIOCSNPMODE:
if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE,
- KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, &sc->sc_if, (void *)cmd,
+ KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, &sc->sc_if, KAUTH_ARG(cmd),
NULL) != 0)
return (EPERM);
break;
case PPPIOCXFERUNIT:
/* XXX: Why is this privileged?! */
if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE,
- KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, &sc->sc_if, (void *)cmd,
+ KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, &sc->sc_if, KAUTH_ARG(cmd),
NULL) != 0)
return (EPERM);
break;
Index: src/sys/net/if_stf.c
diff -u src/sys/net/if_stf.c:1.70 src/sys/net/if_stf.c:1.71
--- src/sys/net/if_stf.c:1.70 Wed Mar 18 17:06:51 2009
+++ src/sys/net/if_stf.c Wed Apr 15 20:44:25 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: if_stf.c,v 1.70 2009/03/18 17:06:51 cegger Exp $ */
+/* $NetBSD: if_stf.c,v 1.71 2009/04/15 20:44:25 elad Exp $ */
/* $KAME: if_stf.c,v 1.62 2001/06/07 22:32:16 itojun Exp $ */
/*
@@ -75,7 +75,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_stf.c,v 1.70 2009/03/18 17:06:51 cegger Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_stf.c,v 1.71 2009/04/15 20:44:25 elad Exp $");
#include "opt_inet.h"
@@ -708,8 +708,11 @@
break;
case SIOCSIFMTU:
- if ((error = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL)) != 0)
+ error = kauth_authorize_network(l->l_cred,
+ KAUTH_NETWORK_INTERFACE,
+ KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
+ NULL);
+ if (error)
break;
if (ifr->ifr_mtu < STF_MTU_MIN || ifr->ifr_mtu > STF_MTU_MAX)
return EINVAL;
Index: src/sys/net/ppp_tty.c
diff -u src/sys/net/ppp_tty.c:1.53 src/sys/net/ppp_tty.c:1.54
--- src/sys/net/ppp_tty.c:1.53 Sun May 25 19:22:21 2008
+++ src/sys/net/ppp_tty.c Wed Apr 15 20:44:25 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ppp_tty.c,v 1.53 2008/05/25 19:22:21 ad Exp $ */
+/* $NetBSD: ppp_tty.c,v 1.54 2009/04/15 20:44:25 elad Exp $ */
/* Id: ppp_tty.c,v 1.3 1996/07/01 01:04:11 paulus Exp */
/*
@@ -93,7 +93,7 @@
/* from NetBSD: if_ppp.c,v 1.15.2.2 1994/07/28 05:17:58 cgd Exp */
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ppp_tty.c,v 1.53 2008/05/25 19:22:21 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ppp_tty.c,v 1.54 2009/04/15 20:44:25 elad Exp $");
#include "ppp.h"
@@ -454,8 +454,8 @@
break;
case PPPIOCSASYNCMAP:
- if ((error = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL)) != 0)
+ if ((error = kauth_authorize_device_tty(l->l_cred,
+ KAUTH_DEVICE_TTY_PRIVSET, tp)) != 0)
break;
sc->sc_asyncmap[0] = *(u_int *)data;
break;
@@ -465,8 +465,8 @@
break;
case PPPIOCSRASYNCMAP:
- if ((error = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL)) != 0)
+ if ((error = kauth_authorize_device_tty(l->l_cred,
+ KAUTH_DEVICE_TTY_PRIVSET, tp)) != 0)
break;
sc->sc_rasyncmap = *(u_int *)data;
break;
@@ -476,8 +476,8 @@
break;
case PPPIOCSXASYNCMAP:
- if ((error = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL)) != 0)
+ if ((error = kauth_authorize_device_tty(l->l_cred,
+ KAUTH_DEVICE_TTY_PRIVSET, tp)) != 0)
break;
s = spltty();
bcopy(data, sc->sc_asyncmap, sizeof(sc->sc_asyncmap));
Index: src/sys/netinet/ip_input.c
diff -u src/sys/netinet/ip_input.c:1.279 src/sys/netinet/ip_input.c:1.280
--- src/sys/netinet/ip_input.c:1.279 Wed Mar 18 17:06:52 2009
+++ src/sys/netinet/ip_input.c Wed Apr 15 20:44:25 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_input.c,v 1.279 2009/03/18 17:06:52 cegger Exp $ */
+/* $NetBSD: ip_input.c,v 1.280 2009/04/15 20:44:25 elad Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.279 2009/03/18 17:06:52 cegger Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.280 2009/04/15 20:44:25 elad Exp $");
#include "opt_inet.h"
#include "opt_compat_netbsd.h"
@@ -2136,9 +2136,10 @@
if (error || newp == NULL)
return (error);
- if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_FORWSRCRT,
- 0, NULL, NULL, NULL))
- return (EPERM);
+ error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_FORWSRCRT,
+ 0, NULL, NULL, NULL);
+ if (error)
+ return (error);
ip_forwsrcrt = tmp;
Index: src/sys/netinet/tcp_usrreq.c
diff -u src/sys/netinet/tcp_usrreq.c:1.152 src/sys/netinet/tcp_usrreq.c:1.153
--- src/sys/netinet/tcp_usrreq.c:1.152 Wed Mar 11 05:55:22 2009
+++ src/sys/netinet/tcp_usrreq.c Wed Apr 15 20:44:25 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_usrreq.c,v 1.152 2009/03/11 05:55:22 mrg Exp $ */
+/* $NetBSD: tcp_usrreq.c,v 1.153 2009/04/15 20:44:25 elad Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -95,7 +95,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c,v 1.152 2009/03/11 05:55:22 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c,v 1.153 2009/04/15 20:44:25 elad Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -1154,23 +1154,6 @@
return (0);
}
-/*
- * The superuser can drop any connection. Normal users can only drop
- * their own connections.
- */
-static inline int
-check_sockuid(struct socket *sockp, kauth_cred_t cred)
-{
- uid_t sockuid;
-
- sockuid = sockp->so_uidinfo->ui_uid;
- if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) == 0 ||
- sockuid == kauth_cred_getuid(cred) ||
- sockuid == kauth_cred_geteuid(cred))
- return 0;
- return EACCES;
-}
-
static inline int
copyout_uid(struct socket *sockp, void *oldp, size_t *oldlenp)
{
@@ -1205,13 +1188,16 @@
if (dodrop) {
struct tcpcb *tp;
+ int error;
if (inp == NULL || (tp = intotcpcb(inp)) == NULL ||
(inp->inp_socket->so_options & SO_ACCEPTCONN) != 0)
return ESRCH;
-
- if (check_sockuid(inp->inp_socket, l->l_cred) != 0)
- return EACCES;
+
+ error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_SOCKET,
+ KAUTH_REQ_NETWORK_SOCKET_DROP, inp->inp_socket, tp, NULL);
+ if (error)
+ return (error);
(void)tcp_drop(tp, ECONNABORTED);
return 0;
@@ -1237,13 +1223,16 @@
if (dodrop) {
struct tcpcb *tp;
+ int error;
if (in6p == NULL || (tp = in6totcpcb(in6p)) == NULL ||
(in6p->in6p_socket->so_options & SO_ACCEPTCONN) != 0)
return ESRCH;
- if (check_sockuid(in6p->in6p_socket, l->l_cred) != 0)
- return EACCES;
+ error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_SOCKET,
+ KAUTH_REQ_NETWORK_SOCKET_DROP, in6p->in6p_socket, tp, NULL);
+ if (error)
+ return (error);
(void)tcp_drop(tp, ECONNABORTED);
return 0;
Index: src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
diff -u src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.61 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.62
--- src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.61 Wed Nov 12 13:50:52 2008
+++ src/sys/secmodel/bsd44/secmodel_bsd44_suser.c Wed Apr 15 20:44:24 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_bsd44_suser.c,v 1.61 2008/11/12 13:50:52 ad Exp $ */
+/* $NetBSD: secmodel_bsd44_suser.c,v 1.62 2009/04/15 20:44:24 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.61 2008/11/12 13:50:52 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.62 2009/04/15 20:44:24 elad Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -297,14 +297,8 @@
}
case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET:
- /*
- * Decisions here are root-agnostic.
- *
- * KAUTH_REQ_SYSTEM_TIME_RTCOFFSET - Should be used
- * only after the caller was determined as someone
- * who can modify sysctl. For us, this means root.
- */
- result = KAUTH_RESULT_ALLOW;
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
break;
default:
@@ -318,6 +312,7 @@
case KAUTH_REQ_SYSTEM_SYSCTL_ADD:
case KAUTH_REQ_SYSTEM_SYSCTL_DELETE:
case KAUTH_REQ_SYSTEM_SYSCTL_DESC:
+ case KAUTH_REQ_SYSTEM_SYSCTL_MODIFY:
case KAUTH_REQ_SYSTEM_SYSCTL_PRVT:
if (isroot)
result = KAUTH_RESULT_ALLOW;
@@ -351,19 +346,20 @@
break;
case KAUTH_SYSTEM_CHSYSFLAGS:
- case KAUTH_SYSTEM_SETIDCORE:
/*
- * Decisions here are root-agnostic.
- *
- * CHSYSFLAGS - Should be used only after the caller was
- * determined as root. Needs to be re-factored
- * anyway. Infects ufs, ext2fs, tmpfs, and rump.
- *
- * SETIDCORE - Should be used only after the caller was
- * determined as someone who can modify sysctl
- * data. For us, this means root.
+ * Needs to be checked in conjunction with the immutable and
+ * append-only flags (usually). Should be handled differently.
+ * Infects ufs, ext2fs, tmpfs, and rump.
*/
- result = KAUTH_RESULT_ALLOW;
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
+
+ break;
+
+ case KAUTH_SYSTEM_SETIDCORE:
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
+
break;
case KAUTH_SYSTEM_MODULE:
@@ -795,12 +791,16 @@
case KAUTH_NETWORK_BIND:
switch (req) {
+ case KAUTH_REQ_NETWORK_BIND_PORT:
+ result = KAUTH_RESULT_ALLOW;
+ break;
+
case KAUTH_REQ_NETWORK_BIND_PRIVPORT:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
+
default:
- result = KAUTH_RESULT_ALLOW;
break;
}
break;
@@ -825,13 +825,9 @@
break;
case KAUTH_NETWORK_FORWSRCRT:
- /*
- * Decision is root-agnostic.
- *
- * Can only be issued from sysctl context, in our case, only
- * root can get here.
- */
- result = KAUTH_RESULT_ALLOW;
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
+
break;
case KAUTH_NETWORK_INTERFACE:
@@ -883,6 +879,25 @@
case KAUTH_NETWORK_SOCKET:
switch (req) {
+ case KAUTH_REQ_NETWORK_SOCKET_DROP:
+ /*
+ * The superuser can drop any connection. Normal users
+ * can only drop their own connections.
+ */
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
+ else {
+ struct socket *so = (struct socket *)arg1;
+ uid_t sockuid = so->so_uidinfo->ui_uid;
+
+ if (sockuid == kauth_cred_getuid(cred) ||
+ sockuid == kauth_cred_geteuid(cred))
+ result = KAUTH_RESULT_ALLOW;
+ }
+
+
+ break;
+
case KAUTH_REQ_NETWORK_SOCKET_OPEN:
if ((u_long)arg1 == PF_ROUTE || (u_long)arg1 == PF_BLUETOOTH)
result = KAUTH_RESULT_ALLOW;
@@ -911,13 +926,18 @@
result = KAUTH_RESULT_ALLOW;
break;
+ case KAUTH_REQ_NETWORK_SOCKET_SETPRIV:
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
+ break;
+
default:
- result = KAUTH_RESULT_ALLOW;
break;
}
break;
+
default:
result = KAUTH_RESULT_DEFER;
break;
@@ -952,9 +972,11 @@
result = KAUTH_RESULT_ALLOW;
break;
+ case KAUTH_MACHDEP_CACHEFLUSH:
case KAUTH_MACHDEP_IOPERM_SET:
case KAUTH_MACHDEP_IOPL:
case KAUTH_MACHDEP_MTRR_SET:
+ case KAUTH_MACHDEP_NVRAM:
case KAUTH_MACHDEP_UNMANAGEDMEM:
if (isroot)
result = KAUTH_RESULT_ALLOW;
Index: src/sys/sys/kauth.h
diff -u src/sys/sys/kauth.h:1.53 src/sys/sys/kauth.h:1.54
--- src/sys/sys/kauth.h:1.53 Wed Nov 12 12:36:28 2008
+++ src/sys/sys/kauth.h Wed Apr 15 20:44:24 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.53 2008/11/12 12:36:28 ad Exp $ */
+/* $NetBSD: kauth.h,v 1.54 2009/04/15 20:44:24 elad Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org>
@@ -116,6 +116,7 @@
KAUTH_REQ_SYSTEM_SYSCTL_ADD,
KAUTH_REQ_SYSTEM_SYSCTL_DELETE,
KAUTH_REQ_SYSTEM_SYSCTL_DESC,
+ KAUTH_REQ_SYSTEM_SYSCTL_MODIFY,
KAUTH_REQ_SYSTEM_SYSCTL_PRVT,
KAUTH_REQ_SYSTEM_TIME_ADJTIME,
KAUTH_REQ_SYSTEM_TIME_NTPADJTIME,
@@ -207,20 +208,24 @@
KAUTH_REQ_NETWORK_NFS_SVC,
KAUTH_REQ_NETWORK_SOCKET_OPEN,
KAUTH_REQ_NETWORK_SOCKET_RAWSOCK,
- KAUTH_REQ_NETWORK_SOCKET_CANSEE
+ KAUTH_REQ_NETWORK_SOCKET_CANSEE,
+ KAUTH_REQ_NETWORK_SOCKET_DROP,
+ KAUTH_REQ_NETWORK_SOCKET_SETPRIV
};
/*
* Machdep scope - actions.
*/
enum {
- KAUTH_MACHDEP_IOPERM_GET=1,
+ KAUTH_MACHDEP_CACHEFLUSH=1,
+ KAUTH_MACHDEP_IOPERM_GET,
KAUTH_MACHDEP_IOPERM_SET,
KAUTH_MACHDEP_IOPL,
KAUTH_MACHDEP_LDT_GET,
KAUTH_MACHDEP_LDT_SET,
KAUTH_MACHDEP_MTRR_GET,
KAUTH_MACHDEP_MTRR_SET,
+ KAUTH_MACHDEP_NVRAM,
KAUTH_MACHDEP_UNMANAGEDMEM
};
