From owner-trustedbsd-cvs@FreeBSD.ORG Mon Oct 2 09:32:40 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C45E416A40F for ; Mon, 2 Oct 2006 09:32:40 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id C27A643D55 for ; Mon, 2 Oct 2006 09:32:36 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id F3EB646CBF for ; Mon, 2 Oct 2006 05:32:35 -0400 (EDT) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 6C54556280; Mon, 2 Oct 2006 09:32:25 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 6242516A416; Mon, 2 Oct 2006 09:32:25 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 040E616A40F for ; Mon, 2 Oct 2006 09:32:25 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE5C543D45 for ; Mon, 2 Oct 2006 09:32:23 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k929WNWC040080 for ; Mon, 2 Oct 2006 09:32:23 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k929WNlD040077 for perforce@freebsd.org; Mon, 2 Oct 2006 09:32:23 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 2 Oct 2006 09:32:23 GMT Message-Id: <200610020932.k929WNlD040077@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 107083 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2006 09:32:40 -0000 http://perforce.freebsd.org/chv.cgi?CH=107083 Change 107083 by rwatson@rwatson_peppercorn on 2006/10/02 09:32:02 Resolve remaining merge conflicts for priv(9) API to 6.x kernel. Still need to catch a few more differing suser(9) calls. Affected files ... .. //depot/projects/trustedbsd/priv6/src/sys/net/if.c#4 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet/ip_divert.c#3 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet/raw_ip.c#3 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet6/in6_pcb.c#4 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet6/ipsec.c#4 edit .. //depot/projects/trustedbsd/priv6/src/sys/netipsec/ipsec_osdep.h#3 edit .. //depot/projects/trustedbsd/priv6/src/sys/security/mac_seeotheruids/mac_seeotheruids.c#3 edit .. //depot/projects/trustedbsd/priv6/src/sys/sys/mac.h#4 edit .. //depot/projects/trustedbsd/priv6/src/sys/sys/mac_policy.h#3 edit .. //depot/projects/trustedbsd/priv6/src/sys/ufs/ufs/ufs_vnops.c#3 edit Differences ... ==== //depot/projects/trustedbsd/priv6/src/sys/net/if.c#4 (text+ko) ==== @@ -1507,7 +1507,7 @@ error = priv_check(td, PRIV_NET_IFCREATE); if (error) return (error); - return (if_clone_create(ifr->ifr_name, sizeof(ifr->ifr_name)); + return (if_clone_create(ifr->ifr_name, sizeof(ifr->ifr_name))); case SIOCIFDESTROY: error = priv_check(td, PRIV_NET_IFDESTROY); ==== //depot/projects/trustedbsd/priv6/src/sys/netinet/ip_divert.c#3 (text+ko) ==== @@ -410,9 +410,12 @@ INP_INFO_WUNLOCK(&divcbinfo); return EINVAL; } - if (td && (error = suser(td)) != 0) { - INP_INFO_WUNLOCK(&divcbinfo); - return error; + if (td != NULL) { + error = priv_check(td, PRIV_NETINET_DIVERT); + if (error) { + INP_INFO_WUNLOCK(&divcbinfo); + return (error); + } } error = soreserve(so, div_sendspace, div_recvspace); if (error) { ==== //depot/projects/trustedbsd/priv6/src/sys/netinet/raw_ip.c#3 (text+ko) ==== @@ -603,11 +603,16 @@ INP_INFO_WUNLOCK(&ripcbinfo); return EINVAL; } + /* + * XXXRW: Centralize privilege decision in kern_jail.c. + */ if (jailed(td->td_ucred) && !jail_allow_raw_sockets) { INP_INFO_WUNLOCK(&ripcbinfo); return (EPERM); } - if ((error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL)) != 0) { + error = priv_check_cred(td->td_ucred, PRIV_NETINET_RAW, + SUSER_ALLOWJAIL); + if (error) { INP_INFO_WUNLOCK(&ripcbinfo); return error; } ==== //depot/projects/trustedbsd/priv6/src/sys/netinet6/in6_pcb.c#4 (text+ko) ==== @@ -191,8 +191,12 @@ /* GROSS */ if (ntohs(lport) <= ipport_reservedhigh && ntohs(lport) >= ipport_reservedlow && - suser_cred(cred, SUSER_ALLOWJAIL)) + priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, + SUSER_ALLOWJAIL)) return (EACCES); + /* + * XXXRW: What priv to use here? + */ if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr) && suser_cred(so->so_cred, SUSER_ALLOWJAIL) != 0) { t = in6_pcblookup_local(pcbinfo, ==== //depot/projects/trustedbsd/priv6/src/sys/netinet6/ipsec.c#4 (text+ko) ==== @@ -1223,8 +1223,14 @@ } bzero(new, sizeof(*new)); - if (so->so_cred != NULL && - suser_cred(so->so_cred, SUSER_ALLOWJAIL) == 0) + /* + * XXXRW: Can we avoid caching the privilege decision here, and + * instead cache the credential? + * + * XXXRW: Why is suser_allowjail set here? + */ + if (so->so_cred != NULL && priv_check_cred(so->so_cred, + PRIV_NETINET_IPSEC, 0) == 0) new->priv = 1; else new->priv = 0; ==== //depot/projects/trustedbsd/priv6/src/sys/netipsec/ipsec_osdep.h#3 (text+ko) ==== @@ -215,11 +215,13 @@ * NetBSD (1.6N) tests (so)->so_uid == 0). * This difference is wrapped inside the IPSEC_PRIVILEGED_SO() macro. * + * XXXRW: Why was this suser_allowjail? */ #ifdef __FreeBSD__ #define IPSEC_IS_PRIVILEGED_SO(_so) \ ((_so)->so_cred != NULL && \ - suser_cred((_so)->so_cred, SUSER_ALLOWJAIL) == 0) + priv_check_cred((_so)->so_cred, PRIV_NETINET_IPSEC, 0) \ + == 0) #endif /* __FreeBSD__ */ #ifdef __NetBSD__ ==== //depot/projects/trustedbsd/priv6/src/sys/security/mac_seeotheruids/mac_seeotheruids.c#3 (text+ko) ==== @@ -118,7 +118,7 @@ if (u1->cr_ruid == u2->cr_ruid) return (0); - if (suser_cred(u1, 0) == 0) + if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, 0) == 0) return (0); return (ESRCH); ==== //depot/projects/trustedbsd/priv6/src/sys/sys/mac.h#4 (text+ko) ==== @@ -466,6 +466,8 @@ struct label *label); void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred); void mac_associate_nfsd_label(struct ucred *cred); +int mac_priv_check(struct ucred *cred, enum priv priv); +int mac_priv_grant(struct ucred *cred, enum priv priv); /* * Calls to help various file systems implement labeling functionality ==== //depot/projects/trustedbsd/priv6/src/sys/sys/mac_policy.h#3 (text+ko) ==== @@ -600,6 +600,8 @@ int (*mpo_check_vnode_write)(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *label); + int (*mpo_priv_check)(struct ucred *cred, enum priv priv); + int (*mpo_priv_grant)(struct ucred *cred, enum priv priv); }; /* ==== //depot/projects/trustedbsd/priv6/src/sys/ufs/ufs/ufs_vnops.c#3 (text+ko) ==== @@ -53,6 +53,7 @@ #include #include #include +#include #include #include #include