Date: Mon, 2 Oct 2006 09:32:23 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 107083 for review Message-ID: <200610020932.k929WNlD040077@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=107083 Change 107083 by rwatson@rwatson_peppercorn on 2006/10/02 09:32:02 Resolve remaining merge conflicts for priv(9) API to 6.x kernel. Still need to catch a few more differing suser(9) calls. Affected files ... .. //depot/projects/trustedbsd/priv6/src/sys/net/if.c#4 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet/ip_divert.c#3 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet/raw_ip.c#3 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet6/in6_pcb.c#4 edit .. //depot/projects/trustedbsd/priv6/src/sys/netinet6/ipsec.c#4 edit .. //depot/projects/trustedbsd/priv6/src/sys/netipsec/ipsec_osdep.h#3 edit .. //depot/projects/trustedbsd/priv6/src/sys/security/mac_seeotheruids/mac_seeotheruids.c#3 edit .. //depot/projects/trustedbsd/priv6/src/sys/sys/mac.h#4 edit .. //depot/projects/trustedbsd/priv6/src/sys/sys/mac_policy.h#3 edit .. //depot/projects/trustedbsd/priv6/src/sys/ufs/ufs/ufs_vnops.c#3 edit Differences ... ==== //depot/projects/trustedbsd/priv6/src/sys/net/if.c#4 (text+ko) ==== @@ -1507,7 +1507,7 @@ error = priv_check(td, PRIV_NET_IFCREATE); if (error) return (error); - return (if_clone_create(ifr->ifr_name, sizeof(ifr->ifr_name)); + return (if_clone_create(ifr->ifr_name, sizeof(ifr->ifr_name))); case SIOCIFDESTROY: error = priv_check(td, PRIV_NET_IFDESTROY); ==== //depot/projects/trustedbsd/priv6/src/sys/netinet/ip_divert.c#3 (text+ko) ==== @@ -410,9 +410,12 @@ INP_INFO_WUNLOCK(&divcbinfo); return EINVAL; } - if (td && (error = suser(td)) != 0) { - INP_INFO_WUNLOCK(&divcbinfo); - return error; + if (td != NULL) { + error = priv_check(td, PRIV_NETINET_DIVERT); + if (error) { + INP_INFO_WUNLOCK(&divcbinfo); + return (error); + } } error = soreserve(so, div_sendspace, div_recvspace); if (error) { ==== //depot/projects/trustedbsd/priv6/src/sys/netinet/raw_ip.c#3 (text+ko) ==== @@ -603,11 +603,16 @@ INP_INFO_WUNLOCK(&ripcbinfo); return EINVAL; } + /* + * XXXRW: Centralize privilege decision in kern_jail.c. + */ if (jailed(td->td_ucred) && !jail_allow_raw_sockets) { INP_INFO_WUNLOCK(&ripcbinfo); return (EPERM); } - if ((error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL)) != 0) { + error = priv_check_cred(td->td_ucred, PRIV_NETINET_RAW, + SUSER_ALLOWJAIL); + if (error) { INP_INFO_WUNLOCK(&ripcbinfo); return error; } ==== //depot/projects/trustedbsd/priv6/src/sys/netinet6/in6_pcb.c#4 (text+ko) ==== @@ -191,8 +191,12 @@ /* GROSS */ if (ntohs(lport) <= ipport_reservedhigh && ntohs(lport) >= ipport_reservedlow && - suser_cred(cred, SUSER_ALLOWJAIL)) + priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, + SUSER_ALLOWJAIL)) return (EACCES); + /* + * XXXRW: What priv to use here? + */ if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr) && suser_cred(so->so_cred, SUSER_ALLOWJAIL) != 0) { t = in6_pcblookup_local(pcbinfo, ==== //depot/projects/trustedbsd/priv6/src/sys/netinet6/ipsec.c#4 (text+ko) ==== @@ -1223,8 +1223,14 @@ } bzero(new, sizeof(*new)); - if (so->so_cred != NULL && - suser_cred(so->so_cred, SUSER_ALLOWJAIL) == 0) + /* + * XXXRW: Can we avoid caching the privilege decision here, and + * instead cache the credential? + * + * XXXRW: Why is suser_allowjail set here? + */ + if (so->so_cred != NULL && priv_check_cred(so->so_cred, + PRIV_NETINET_IPSEC, 0) == 0) new->priv = 1; else new->priv = 0; ==== //depot/projects/trustedbsd/priv6/src/sys/netipsec/ipsec_osdep.h#3 (text+ko) ==== @@ -215,11 +215,13 @@ * NetBSD (1.6N) tests (so)->so_uid == 0). * This difference is wrapped inside the IPSEC_PRIVILEGED_SO() macro. * + * XXXRW: Why was this suser_allowjail? */ #ifdef __FreeBSD__ #define IPSEC_IS_PRIVILEGED_SO(_so) \ ((_so)->so_cred != NULL && \ - suser_cred((_so)->so_cred, SUSER_ALLOWJAIL) == 0) + priv_check_cred((_so)->so_cred, PRIV_NETINET_IPSEC, 0) \ + == 0) #endif /* __FreeBSD__ */ #ifdef __NetBSD__ ==== //depot/projects/trustedbsd/priv6/src/sys/security/mac_seeotheruids/mac_seeotheruids.c#3 (text+ko) ==== @@ -118,7 +118,7 @@ if (u1->cr_ruid == u2->cr_ruid) return (0); - if (suser_cred(u1, 0) == 0) + if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, 0) == 0) return (0); return (ESRCH); ==== //depot/projects/trustedbsd/priv6/src/sys/sys/mac.h#4 (text+ko) ==== @@ -466,6 +466,8 @@ struct label *label); void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred); void mac_associate_nfsd_label(struct ucred *cred); +int mac_priv_check(struct ucred *cred, enum priv priv); +int mac_priv_grant(struct ucred *cred, enum priv priv); /* * Calls to help various file systems implement labeling functionality ==== //depot/projects/trustedbsd/priv6/src/sys/sys/mac_policy.h#3 (text+ko) ==== @@ -600,6 +600,8 @@ int (*mpo_check_vnode_write)(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *label); + int (*mpo_priv_check)(struct ucred *cred, enum priv priv); + int (*mpo_priv_grant)(struct ucred *cred, enum priv priv); }; /* ==== //depot/projects/trustedbsd/priv6/src/sys/ufs/ufs/ufs_vnops.c#3 (text+ko) ==== @@ -53,6 +53,7 @@ #include <sys/bio.h> #include <sys/buf.h> #include <sys/mount.h> +#include <sys/priv.h> #include <sys/unistd.h> #include <sys/vnode.h> #include <sys/dirent.h>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610020932.k929WNlD040077>