CVS commit: src

Elad Efrat Fri, 08 May 2009 04:09:50 -0700

Module Name:    src
Committed By:   elad
Date:           Fri May  8 11:09:44 UTC 2009


Modified Files:
        src/share/man/man9: kauth.9
        src/sys/net: if_tun.c
        src/sys/secmodel/bsd44: secmodel_bsd44_suser.c
        src/sys/sys: kauth.h

Log Message:
Add and use a network scope action/request for tun(4), similar to ppp(4),
sl(4), and strip(4).


To generate a diff of this commit:
cvs rdiff -u -r1.83 -r1.84 src/share/man/man9/kauth.9
cvs rdiff -u -r1.110 -r1.111 src/sys/net/if_tun.c
cvs rdiff -u -r1.66 -r1.67 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
cvs rdiff -u -r1.58 -r1.59 src/sys/sys/kauth.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/share/man/man9/kauth.9
diff -u src/share/man/man9/kauth.9:1.83 src/share/man/man9/kauth.9:1.84
--- src/share/man/man9/kauth.9:1.83	Thu May  7 19:26:08 2009
+++ src/share/man/man9/kauth.9	Fri May  8 11:09:43 2009
@@ -1,4 +1,4 @@
-.\" $NetBSD: kauth.9,v 1.83 2009/05/07 19:26:08 elad Exp $
+.\" $NetBSD: kauth.9,v 1.84 2009/05/08 11:09:43 elad Exp $
 .\"
 .\" Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org>
 .\" All rights reserved.
@@ -633,7 +633,7 @@
 .Ar arg3
 is.
 .It Dv KAUTH_NETWORK_INTERFACE_PPP
-Checks operations performed on the
+Checks if operations performed on the
 .Xr ppp 4
 network interface are allowed.
 .Pp
@@ -646,7 +646,7 @@
 interface to the system is allowed.
 .El
 .It Dv KAUTH_NETWORK_INTERFACE_SLIP
-Checks operations performed on the
+Checks if operations performed on the
 .Xr sl 4
 network interface are allowed.
 .Pp
@@ -659,7 +659,7 @@
 interface to the system is allowed.
 .El
 .It Dv KAUTH_NETWORK_INTERFACE_STRIP
-Checks operations performed on the
+Checks if operations performed on the
 .Xr strip 4
 network interface are allowed.
 .Pp
@@ -671,6 +671,19 @@
 .Xr strip 4
 interface to the system is allowed.
 .El
+.It Dv KAUTH_NETWORK_INTERFACE_TUN
+Checks if operations performed on the
+.Xr tun 4
+network interface are allowed.
+.Pp
+.Ar req
+can be one of the following:
+.Bl -tag -width compact
+.It Dv KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD
+Checks if adding and enabling a
+.Xr tun 4
+interface to the system is allowed.
+.El
 .It Dv KAUTH_NETWORK_FORWSRCRT
 Checks whether status of forwarding of source-routed packets can be modified
 or not.

Index: src/sys/net/if_tun.c
diff -u src/sys/net/if_tun.c:1.110 src/sys/net/if_tun.c:1.111
--- src/sys/net/if_tun.c:1.110	Thu Nov 20 21:55:15 2008
+++ src/sys/net/if_tun.c	Fri May  8 11:09:44 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: if_tun.c,v 1.110 2008/11/20 21:55:15 dyoung Exp $	*/
+/*	$NetBSD: if_tun.c,v 1.111 2009/05/08 11:09:44 elad Exp $	*/
 
 /*
  * Copyright (c) 1988, Julian Onions <j...@cs.nott.ac.uk>
@@ -15,7 +15,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.110 2008/11/20 21:55:15 dyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.111 2009/05/08 11:09:44 elad Exp $");
 
 #include "opt_inet.h"
 
@@ -283,8 +283,9 @@
 	struct tun_softc *tp;
 	int	s, error;
 
-	if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
-	    NULL)) != 0)
+	error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE_TUN,
+	    KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD, NULL, NULL, NULL);
+	if (error)
 		return (error);
 
 	s = splnet();

Index: src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
diff -u src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.66 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.67
--- src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.66	Thu May  7 19:26:09 2009
+++ src/sys/secmodel/bsd44/secmodel_bsd44_suser.c	Fri May  8 11:09:43 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_bsd44_suser.c,v 1.66 2009/05/07 19:26:09 elad Exp $ */
+/* $NetBSD: secmodel_bsd44_suser.c,v 1.67 2009/05/08 11:09:43 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
  * All rights reserved.
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.66 2009/05/07 19:26:09 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.67 2009/05/08 11:09:43 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -876,6 +876,7 @@
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
+
 		default:
 			break;
 		}
@@ -888,6 +889,7 @@
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
+
 		default:
 			break;
 		}
@@ -900,6 +902,20 @@
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
+
+		default:
+			break;
+		}
+
+		break;
+
+	case KAUTH_NETWORK_INTERFACE_TUN:
+		switch (req) {
+		case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD:
+			if (isroot)
+				result = KAUTH_RESULT_ALLOW;
+			break;
+
 		default:
 			break;
 		}

Index: src/sys/sys/kauth.h
diff -u src/sys/sys/kauth.h:1.58 src/sys/sys/kauth.h:1.59
--- src/sys/sys/kauth.h:1.58	Thu May  7 19:26:08 2009
+++ src/sys/sys/kauth.h	Fri May  8 11:09:43 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.58 2009/05/07 19:26:08 elad Exp $ */
+/* $NetBSD: kauth.h,v 1.59 2009/05/08 11:09:43 elad Exp $ */
 
 /*-
  * Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org>  
@@ -187,6 +187,7 @@
 	KAUTH_NETWORK_INTERFACE_PPP,
 	KAUTH_NETWORK_INTERFACE_SLIP,
 	KAUTH_NETWORK_INTERFACE_STRIP,
+	KAUTH_NETWORK_INTERFACE_TUN,
 };
 
 /*
@@ -223,6 +224,7 @@
 	KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD,
 	KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD,
 	KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD,
+	KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD,
 };
 
 /*

CVS commit: src

Reply via email to