Module Name: src
Committed By: elad
Date: Thu May 7 18:01:57 UTC 2009
Modified Files:
src/share/man/man9: kauth.9
src/sys/dev/bluetooth: bcsp.c btuart.c
src/sys/net: if_sl.c if_strip.c ppp_tty.c
src/sys/secmodel/bsd44: secmodel_bsd44_suser.c
src/sys/sys: kauth.h
Log Message:
Introduce actions/requests to handle authorization for ppp(4), sl(4),
strip(4), btuart(4) and bcsp(4) network interfaces and devices.
Mailing list reference:
http://mail-index.netbsd.org/tech-kern/2009/04/27/msg004955.html
To generate a diff of this commit:
cvs rdiff -u -r1.81 -r1.82 src/share/man/man9/kauth.9
cvs rdiff -u -r1.16 -r1.17 src/sys/dev/bluetooth/bcsp.c
cvs rdiff -u -r1.21 -r1.22 src/sys/dev/bluetooth/btuart.c
cvs rdiff -u -r1.114 -r1.115 src/sys/net/if_sl.c
cvs rdiff -u -r1.92 -r1.93 src/sys/net/if_strip.c
cvs rdiff -u -r1.54 -r1.55 src/sys/net/ppp_tty.c
cvs rdiff -u -r1.64 -r1.65 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
cvs rdiff -u -r1.56 -r1.57 src/sys/sys/kauth.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/man/man9/kauth.9
diff -u src/share/man/man9/kauth.9:1.81 src/share/man/man9/kauth.9:1.82
--- src/share/man/man9/kauth.9:1.81 Thu May 7 11:54:41 2009
+++ src/share/man/man9/kauth.9 Thu May 7 18:01:56 2009
@@ -1,4 +1,4 @@
-.\" $NetBSD: kauth.9,v 1.81 2009/05/07 11:54:41 wiz Exp $
+.\" $NetBSD: kauth.9,v 1.82 2009/05/07 18:01:56 elad Exp $
.\"
.\" Copyright (c) 2005, 2006 Elad Efrat <[email protected]>
.\" All rights reserved.
@@ -25,7 +25,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd May 5, 2009
+.Dd May 7, 2009
.Dt KAUTH 9
.Os
.Sh NAME
@@ -601,6 +601,45 @@
there's no way to tell what structure
.Ar arg3
is.
+.It Dv KAUTH_NETWORK_INTERFACE_PPP
+Checks operations performed on the
+.Xr ppp 4
+network interface are allowed.
+.Pp
+.Ar req
+can be one of the following:
+.Bl -tag -width compact
+.It Dv KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD
+Checks if adding and enabling a
+.Xr ppp 4
+interface to the system is allowed.
+.El
+.It Dv KAUTH_NETWORK_INTERFACE_SLIP
+Checks operations performed on the
+.Xr sl 4
+network interface are allowed.
+.Pp
+.Ar req
+can be one of the following:
+.Bl -tag -width compact
+.It Dv KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD
+Checks if adding and enabling a
+.Xr sl 4
+interface to the system is allowed.
+.El
+.It Dv KAUTH_NETWORK_INTERFACE_STRIP
+Checks operations performed on the
+.Xr strip 4
+network interface are allowed.
+.Pp
+.Ar req
+can be one of the following:
+.Bl -tag -width compact
+.It Dv KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD
+Check if adding and enabling a
+.Xr strip 4
+interface to the system is allowed.
+.El
.It Dv KAUTH_NETWORK_FORWSRCRT
Checks whether status of forwarding of source-routed packets can be modified
or not.
@@ -865,6 +904,36 @@
authorization wrapper, with the following actions:
.Pp
.Bl -tag -width compact
+.It KAUTH_DEVICE_BLUETOOTH_BCSP
+Check if operations on a
+.Xr bcsp 4
+device are allowed.
+.Pp
+.Ar arg0
+is an
+.Ft enum kauth_device_req
+with one of the following values:
+.Bl -tag -width compact
+.It Dv KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD
+Check if adding and enabling a
+.Xr bcsp 4
+device is allowed.
+.El
+.It KAUTH_DEVICE_BLUETOOTH_BTUART
+Check if operations on a
+.Xr btuart 4
+device are allowed.
+.Pp
+.Ar arg0
+is an
+.Ft enum kauth_device_req
+with one of the following values:
+.Bl -tag -width compact
+.It Dv KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD
+Check if adding and enabling a
+.Xr btuart 4
+device is allowed.
+.El
.It KAUTH_DEVICE_BLUETOOTH_SETPRIV
Check if privileged settings can be changed.
.Pp
Index: src/sys/dev/bluetooth/bcsp.c
diff -u src/sys/dev/bluetooth/bcsp.c:1.16 src/sys/dev/bluetooth/bcsp.c:1.17
--- src/sys/dev/bluetooth/bcsp.c:1.16 Sun Apr 26 07:53:43 2009
+++ src/sys/dev/bluetooth/bcsp.c Thu May 7 18:01:57 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: bcsp.c,v 1.16 2009/04/26 07:53:43 elad Exp $ */
+/* $NetBSD: bcsp.c,v 1.17 2009/05/07 18:01:57 elad Exp $ */
/*
* Copyright (c) 2007 KIYOHARA Takashi
* All rights reserved.
@@ -26,7 +26,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: bcsp.c,v 1.16 2009/04/26 07:53:43 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bcsp.c,v 1.17 2009/05/07 18:01:57 elad Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -378,9 +378,10 @@
int error, unit, s;
static char name[] = "bcsp";
- if ((error = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL)) != 0)
- return error;
+ error = kauth_authorize_device(l->l_cred, KAUTH_DEVICE_BLUETOOTH_BCSP,
+ KAUTH_ARG(KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD), NULL, NULL, NULL);
+ if (error)
+ return (error);
s = spltty();
Index: src/sys/dev/bluetooth/btuart.c
diff -u src/sys/dev/bluetooth/btuart.c:1.21 src/sys/dev/bluetooth/btuart.c:1.22
--- src/sys/dev/bluetooth/btuart.c:1.21 Sun Apr 26 07:53:43 2009
+++ src/sys/dev/bluetooth/btuart.c Thu May 7 18:01:57 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: btuart.c,v 1.21 2009/04/26 07:53:43 elad Exp $ */
+/* $NetBSD: btuart.c,v 1.22 2009/05/07 18:01:57 elad Exp $ */
/*-
* Copyright (c) 2006, 2007 KIYOHARA Takashi
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: btuart.c,v 1.21 2009/04/26 07:53:43 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: btuart.c,v 1.22 2009/05/07 18:01:57 elad Exp $");
#include <sys/param.h>
#include <sys/conf.h>
@@ -226,9 +226,10 @@
struct lwp *l = curlwp; /* XXX */
int error, unit, s;
- if ((error = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL)) != 0)
- return error;
+ error = kauth_authorize_device(l->l_cred, KAUTH_DEVICE_BLUETOOTH_BTUART,
+ KAUTH_ARG(KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD), NULL, NULL, NULL);
+ if (error)
+ return (error);
s = spltty();
Index: src/sys/net/if_sl.c
diff -u src/sys/net/if_sl.c:1.114 src/sys/net/if_sl.c:1.115
--- src/sys/net/if_sl.c:1.114 Wed Dec 17 20:51:36 2008
+++ src/sys/net/if_sl.c Thu May 7 18:01:57 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: if_sl.c,v 1.114 2008/12/17 20:51:36 cegger Exp $ */
+/* $NetBSD: if_sl.c,v 1.115 2009/05/07 18:01:57 elad Exp $ */
/*
* Copyright (c) 1987, 1989, 1992, 1993
@@ -60,7 +60,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_sl.c,v 1.114 2008/12/17 20:51:36 cegger Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_sl.c,v 1.115 2009/05/07 18:01:57 elad Exp $");
#include "opt_inet.h"
#include "bpfilter.h"
@@ -303,8 +303,9 @@
struct sl_softc *sc;
int error;
- if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
- NULL)) != 0)
+ error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE_SLIP,
+ KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD, NULL, NULL, NULL);
+ if (error)
return error;
if (tp->t_linesw == &slip_disc)
Index: src/sys/net/if_strip.c
diff -u src/sys/net/if_strip.c:1.92 src/sys/net/if_strip.c:1.93
--- src/sys/net/if_strip.c:1.92 Sat Apr 18 14:58:05 2009
+++ src/sys/net/if_strip.c Thu May 7 18:01:57 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: if_strip.c,v 1.92 2009/04/18 14:58:05 tsutsui Exp $ */
+/* $NetBSD: if_strip.c,v 1.93 2009/05/07 18:01:57 elad Exp $ */
/* from: NetBSD: if_sl.c,v 1.38 1996/02/13 22:00:23 christos Exp $ */
/*
@@ -87,7 +87,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_strip.c,v 1.92 2009/04/18 14:58:05 tsutsui Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_strip.c,v 1.93 2009/05/07 18:01:57 elad Exp $");
#include "opt_inet.h"
#include "bpfilter.h"
@@ -475,8 +475,10 @@
struct strip_softc *sc;
int error;
- if ((error = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL)) != 0)
+ error = kauth_authorize_network(l->l_cred,
+ KAUTH_NETWORK_INTERFACE_STRIP,
+ KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD, NULL, NULL, NULL);
+ if (error)
return (error);
if (tp->t_linesw == &strip_disc)
Index: src/sys/net/ppp_tty.c
diff -u src/sys/net/ppp_tty.c:1.54 src/sys/net/ppp_tty.c:1.55
--- src/sys/net/ppp_tty.c:1.54 Wed Apr 15 20:44:25 2009
+++ src/sys/net/ppp_tty.c Thu May 7 18:01:57 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: ppp_tty.c,v 1.54 2009/04/15 20:44:25 elad Exp $ */
+/* $NetBSD: ppp_tty.c,v 1.55 2009/05/07 18:01:57 elad Exp $ */
/* Id: ppp_tty.c,v 1.3 1996/07/01 01:04:11 paulus Exp */
/*
@@ -93,7 +93,7 @@
/* from NetBSD: if_ppp.c,v 1.15.2.2 1994/07/28 05:17:58 cgd Exp */
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ppp_tty.c,v 1.54 2009/04/15 20:44:25 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ppp_tty.c,v 1.55 2009/05/07 18:01:57 elad Exp $");
#include "ppp.h"
@@ -208,8 +208,9 @@
struct ppp_softc *sc;
int error, s;
- if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
- NULL)) != 0)
+ error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE_PPP,
+ KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD, NULL, NULL, NULL);
+ if (error)
return (error);
s = spltty();
Index: src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
diff -u src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.64 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.65
--- src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.64 Tue May 5 21:03:28 2009
+++ src/sys/secmodel/bsd44/secmodel_bsd44_suser.c Thu May 7 18:01:56 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_bsd44_suser.c,v 1.64 2009/05/05 21:03:28 elad Exp $ */
+/* $NetBSD: secmodel_bsd44_suser.c,v 1.65 2009/05/07 18:01:56 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <[email protected]>
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.64 2009/05/05 21:03:28 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.65 2009/05/07 18:01:56 elad Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -849,6 +849,42 @@
}
break;
+ case KAUTH_NETWORK_INTERFACE_PPP:
+ switch (req) {
+ case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD:
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
+ break;
+ default:
+ break;
+ }
+
+ break;
+
+ case KAUTH_NETWORK_INTERFACE_SLIP:
+ switch (req) {
+ case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD:
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
+ break;
+ default:
+ break;
+ }
+
+ break;
+
+ case KAUTH_NETWORK_INTERFACE_STRIP:
+ switch (req) {
+ case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD:
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
+ break;
+ default:
+ break;
+ }
+
+ break;
+
case KAUTH_NETWORK_NFS:
switch (req) {
case KAUTH_REQ_NETWORK_NFS_EXPORT:
@@ -1015,6 +1051,25 @@
result = KAUTH_RESULT_ALLOW;
break;
+ case KAUTH_DEVICE_BLUETOOTH_BCSP:
+ case KAUTH_DEVICE_BLUETOOTH_BTUART: {
+ enum kauth_device_req req;
+
+ req = (enum kauth_device_req)arg0;
+ switch (req) {
+ case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD:
+ case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD:
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
+ break;
+
+ default:
+ break;
+ }
+
+ break;
+ }
+
case KAUTH_DEVICE_RAWIO_SPEC:
case KAUTH_DEVICE_RAWIO_PASSTHRU:
/*
Index: src/sys/sys/kauth.h
diff -u src/sys/sys/kauth.h:1.56 src/sys/sys/kauth.h:1.57
--- src/sys/sys/kauth.h:1.56 Tue May 5 21:03:28 2009
+++ src/sys/sys/kauth.h Thu May 7 18:01:56 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.56 2009/05/05 21:03:28 elad Exp $ */
+/* $NetBSD: kauth.h,v 1.57 2009/05/07 18:01:56 elad Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <[email protected]>
@@ -177,7 +177,10 @@
KAUTH_NETWORK_FORWSRCRT,
KAUTH_NETWORK_NFS,
KAUTH_NETWORK_ROUTE,
- KAUTH_NETWORK_SOCKET
+ KAUTH_NETWORK_SOCKET,
+ KAUTH_NETWORK_INTERFACE_PPP,
+ KAUTH_NETWORK_INTERFACE_SLIP,
+ KAUTH_NETWORK_INTERFACE_STRIP,
};
/*
@@ -210,7 +213,10 @@
KAUTH_REQ_NETWORK_SOCKET_RAWSOCK,
KAUTH_REQ_NETWORK_SOCKET_CANSEE,
KAUTH_REQ_NETWORK_SOCKET_DROP,
- KAUTH_REQ_NETWORK_SOCKET_SETPRIV
+ KAUTH_REQ_NETWORK_SOCKET_SETPRIV,
+ KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD,
+ KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD,
+ KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD,
};
/*
@@ -242,6 +248,8 @@
KAUTH_DEVICE_RND_ADDDATA,
KAUTH_DEVICE_RND_GETPRIV,
KAUTH_DEVICE_RND_SETPRIV,
+ KAUTH_DEVICE_BLUETOOTH_BCSP,
+ KAUTH_DEVICE_BLUETOOTH_BTUART,
};
/*
@@ -251,6 +259,8 @@
KAUTH_REQ_DEVICE_RAWIO_SPEC_READ=1,
KAUTH_REQ_DEVICE_RAWIO_SPEC_WRITE,
KAUTH_REQ_DEVICE_RAWIO_SPEC_RW,
+ KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD,
+ KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD,
};
/*
