PERFORCE change 107083 for review

Robert Watson rwatson at FreeBSD.org
Mon Oct 2 02:32:40 PDT 2006 

http://perforce.freebsd.org/chv.cgi?CH=107083

Change 107083 by rwatson at rwatson_peppercorn on 2006/10/02 09:32:02

	Resolve remaining merge conflicts for priv(9) API to 6.x kernel.
	Still need to catch a few more differing suser(9) calls.

Affected files ...

.. //depot/projects/trustedbsd/priv6/src/sys/net/if.c#4 edit
.. //depot/projects/trustedbsd/priv6/src/sys/netinet/ip_divert.c#3 edit
.. //depot/projects/trustedbsd/priv6/src/sys/netinet/raw_ip.c#3 edit
.. //depot/projects/trustedbsd/priv6/src/sys/netinet6/in6_pcb.c#4 edit
.. //depot/projects/trustedbsd/priv6/src/sys/netinet6/ipsec.c#4 edit
.. //depot/projects/trustedbsd/priv6/src/sys/netipsec/ipsec_osdep.h#3 edit
.. //depot/projects/trustedbsd/priv6/src/sys/security/mac_seeotheruids/mac_seeotheruids.c#3 edit
.. //depot/projects/trustedbsd/priv6/src/sys/sys/mac.h#4 edit
.. //depot/projects/trustedbsd/priv6/src/sys/sys/mac_policy.h#3 edit
.. //depot/projects/trustedbsd/priv6/src/sys/ufs/ufs/ufs_vnops.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/priv6/src/sys/net/if.c#4 (text+ko) ====

@@ -1507,7 +1507,7 @@
 		error = priv_check(td, PRIV_NET_IFCREATE);
 		if (error)
 			return (error);
-		return (if_clone_create(ifr->ifr_name, sizeof(ifr->ifr_name));
+		return (if_clone_create(ifr->ifr_name, sizeof(ifr->ifr_name)));
 
 	case SIOCIFDESTROY:
 		error = priv_check(td, PRIV_NET_IFDESTROY);

==== //depot/projects/trustedbsd/priv6/src/sys/netinet/ip_divert.c#3 (text+ko) ====

@@ -410,9 +410,12 @@
 		INP_INFO_WUNLOCK(&divcbinfo);
 		return EINVAL;
 	}
-	if (td && (error = suser(td)) != 0) {
-		INP_INFO_WUNLOCK(&divcbinfo);
-		return error;
+	if (td != NULL) {
+		error = priv_check(td, PRIV_NETINET_DIVERT);
+		if (error) {
+			INP_INFO_WUNLOCK(&divcbinfo);
+			return (error);
+		}
 	}
 	error = soreserve(so, div_sendspace, div_recvspace);
 	if (error) {

==== //depot/projects/trustedbsd/priv6/src/sys/netinet/raw_ip.c#3 (text+ko) ====

@@ -603,11 +603,16 @@
 		INP_INFO_WUNLOCK(&ripcbinfo);
 		return EINVAL;
 	}
+	/*
+	 * XXXRW: Centralize privilege decision in kern_jail.c.
+	 */
 	if (jailed(td->td_ucred) && !jail_allow_raw_sockets) {
 		INP_INFO_WUNLOCK(&ripcbinfo);
 		return (EPERM);
 	}
-	if ((error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL)) != 0) {
+	error = priv_check_cred(td->td_ucred, PRIV_NETINET_RAW,
+	    SUSER_ALLOWJAIL);
+	if (error) {
 		INP_INFO_WUNLOCK(&ripcbinfo);
 		return error;
 	}

==== //depot/projects/trustedbsd/priv6/src/sys/netinet6/in6_pcb.c#4 (text+ko) ====

@@ -191,8 +191,12 @@
 			/* GROSS */
 			if (ntohs(lport) <= ipport_reservedhigh &&
 			    ntohs(lport) >= ipport_reservedlow &&
-			    suser_cred(cred, SUSER_ALLOWJAIL))
+			    priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
+			    SUSER_ALLOWJAIL))
 				return (EACCES);
+			/*
+			 * XXXRW: What priv to use here?
+			 */
 			if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr) &&
 			    suser_cred(so->so_cred, SUSER_ALLOWJAIL) != 0) {
 				t = in6_pcblookup_local(pcbinfo,

==== //depot/projects/trustedbsd/priv6/src/sys/netinet6/ipsec.c#4 (text+ko) ====

@@ -1223,8 +1223,14 @@
 	}
 	bzero(new, sizeof(*new));
 
-	if (so->so_cred != NULL &&
-	    suser_cred(so->so_cred, SUSER_ALLOWJAIL) == 0)
+	/*
+	 * XXXRW: Can we avoid caching the privilege decision here, and
+	 * instead cache the credential?
+	 *
+	 * XXXRW: Why is suser_allowjail set here?
+	 */
+	if (so->so_cred != NULL && priv_check_cred(so->so_cred,
+	    PRIV_NETINET_IPSEC, 0) == 0)
 		new->priv = 1;
 	else
 		new->priv = 0;

==== //depot/projects/trustedbsd/priv6/src/sys/netipsec/ipsec_osdep.h#3 (text+ko) ====

@@ -215,11 +215,13 @@
  * NetBSD (1.6N) tests (so)->so_uid == 0).
  * This difference is wrapped inside  the IPSEC_PRIVILEGED_SO() macro.
  *
+ * XXXRW: Why was this suser_allowjail?
  */
 #ifdef __FreeBSD__ 
 #define IPSEC_IS_PRIVILEGED_SO(_so) \
 	((_so)->so_cred != NULL && \
-	 suser_cred((_so)->so_cred, SUSER_ALLOWJAIL) == 0)
+	 priv_check_cred((_so)->so_cred, PRIV_NETINET_IPSEC, 0) \
+	 == 0)
 #endif	/* __FreeBSD__ */
 
 #ifdef __NetBSD__

==== //depot/projects/trustedbsd/priv6/src/sys/security/mac_seeotheruids/mac_seeotheruids.c#3 (text+ko) ====

@@ -118,7 +118,7 @@
 	if (u1->cr_ruid == u2->cr_ruid)
 		return (0);
 
-	if (suser_cred(u1, 0) == 0)
+	if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, 0) == 0)
 		return (0);
 
 	return (ESRCH);

==== //depot/projects/trustedbsd/priv6/src/sys/sys/mac.h#4 (text+ko) ====

@@ -466,6 +466,8 @@
 	    struct label *label);
 void	mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred);
 void	mac_associate_nfsd_label(struct ucred *cred);
+int	mac_priv_check(struct ucred *cred, enum priv priv);
+int	mac_priv_grant(struct ucred *cred, enum priv priv);
 
 /*
  * Calls to help various file systems implement labeling functionality

==== //depot/projects/trustedbsd/priv6/src/sys/sys/mac_policy.h#3 (text+ko) ====

@@ -600,6 +600,8 @@
 	int	(*mpo_check_vnode_write)(struct ucred *active_cred,
 		    struct ucred *file_cred, struct vnode *vp,
 		    struct label *label);
+	int	(*mpo_priv_check)(struct ucred *cred, enum priv priv);
+	int	(*mpo_priv_grant)(struct ucred *cred, enum priv priv);
 };
 
 /*

==== //depot/projects/trustedbsd/priv6/src/sys/ufs/ufs/ufs_vnops.c#3 (text+ko) ====

@@ -53,6 +53,7 @@
 #include <sys/bio.h>
 #include <sys/buf.h>
 #include <sys/mount.h>
+#include <sys/priv.h>
 #include <sys/unistd.h>
 #include <sys/vnode.h>
 #include <sys/dirent.h>

More information about the trustedbsd-cvs mailing list