PERFORCE change 156116 for review

Tue Jan 13 13:59:54 PST 2009

http://perforce.freebsd.org/chv.cgi?CH=156116

Change 156116 by rwatson at rwatson_freebsd_capabilities on 2009/01/13 21:59:41

	Add CAP_SOCK_ALL, a mask of all capabilities that may be used with
	sockets, and use it when a socket gets used by the NFS server.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/sys/nfsserver/nfs_srvkrpc.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/nfsserver/nfs_syscalls.c#6 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#18 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/sys/nfsserver/nfs_srvkrpc.c#2 (text+ko) ====

@@ -39,6 +39,7 @@
 #include "opt_kgssapi.h"
 
 #include <sys/param.h>
+#include <sys/capability.h>
 #include <sys/systm.h>
 #include <sys/sysproto.h>
 #include <sys/kernel.h>
@@ -187,7 +188,8 @@
 		    sizeof(addsockarg));
 		if (error)
 			return (error);
-		if ((error = fget(td, addsockarg.sock, &fp)) != 0)
+		if ((error = fget(td, addsockarg.sock, CAP_SOCK_ALL, &fp))
+		    != 0)
 			return (error);
 		if (fp->f_type != DTYPE_SOCKET) {
 			fdrop(fp, td);

==== //depot/projects/trustedbsd/capabilities/src/sys/nfsserver/nfs_syscalls.c#6 (text+ko) ====

@@ -152,12 +152,7 @@
 		error = copyin(uap->argp, (caddr_t)&nfsdarg, sizeof(nfsdarg));
 		if (error)
 			return (error);
-		/*
-		 * XXXRW: Really want CAP_SOCK_ALL?
-		 */
-		if ((error = fget(td, nfsdarg.sock, CAP_READ | CAP_WRITE |
-		    CAP_GETSOCKNAME | CAP_BIND | CAP_CONNECT | CAP_EVENT,
-		    &fp)) != 0)
+		if ((error = fget(td, nfsdarg.sock, CAP_SOCK_ALL, &fp)) != 0)
 			return (error);
 		if (fp->f_type != DTYPE_SOCKET) {
 			fdrop(fp, td);

==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#18 (text+ko) ====

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2008 Robert N. M. Watson
+ * Copyright (c) 2008-2009 Robert N. M. Watson
  * All rights reserved.
  *
  * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#17 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#18 $
  */
 
 /*
@@ -116,6 +116,18 @@
  * Socket checks don't generally pass CAP_SEEK but perhaps should?
  */
 
+/*
+ * A mask of multiple capabilities useful for situation where a socket will
+ * be used in a general-purpose way by the kernel, such as a socket used by
+ * the NFS server.
+ */
+#define	CAP_SOCK_ALL	(CAP_READ | CAP_WRITE | CAP_SEEK | CAP_GETPEERNAME | \
+			    CAP_GETSOCKNAME | CAP_IOCTL | CAP_FSTAT | \
+			    CAP_FCNTL | CAP_EVENT | CAP_ACCEPT | \
+			    CAP_CONNECT | CAP_BIND | CAP_GETSOCKOPT | \
+			    CAP_SETSOCKOPT | CAP_LISTEN | CAP_SHUTDOWN | \
+			    CAP_PEELOFF)
+
 #ifdef _KERNEL
 struct file;
 
