Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Replace the remaining KAUTH_GENERIC_ISSUSER authorization calls with

Browse Source 
something meaningful. All relevant documentation has been updated or
written.

Most of these changes were brought up in the following messages:

    http://mail-index.netbsd.org/tech-kern/2012/01/18/msg012490.html
    http://mail-index.netbsd.org/tech-kern/2012/01/19/msg012502.html
    http://mail-index.netbsd.org/tech-kern/2012/02/17/msg012728.html

Thanks to christos, manu, njoly, and jmmv for input.

Huge thanks to pgoyette for spinning these changes through some build
cycles and ATF.
This commit is contained in:
elad 2012-03-13 18:40:26 +00:00
parent f6ea09d026
commit 0c9d8d15c9
105 changed files with 2196 additions and 923 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
distrib/sets/lists/comp/mi
View File

@ -1,4 +1,4 @@
# $NetBSD: mi,v 1.1746 2012/03/10 21:52:00 joerg Exp $
# $NetBSD: mi,v 1.1747 2012/03/13 18:40:26 elad Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@ -10065,6 +10065,7 @@
./usr/share/man/cat9/getnanotime.0 comp-sys-catman .cat
./usr/share/man/cat9/getnanouptime.0 comp-sys-catman .cat
./usr/share/man/cat9/getnewvnode.0 comp-sys-catman .cat
./usr/share/man/cat9/genfs.0 comp-sys-catman .cat
./usr/share/man/cat9/gsignal.0 comp-obsolete obsolete
./usr/share/man/cat9/hardclock.0 comp-sys-catman .cat
./usr/share/man/cat9/hash.0 comp-sys-catman .cat
@ -16244,6 +16245,7 @@
./usr/share/man/html9/getnanotime.html comp-sys-htmlman html
./usr/share/man/html9/getnanouptime.html comp-sys-htmlman html
./usr/share/man/html9/getnewvnode.html comp-sys-htmlman html
./usr/share/man/html9/genfs.html comp-sys-htmlman html
./usr/share/man/html9/gsignal.html comp-obsolete obsolete
./usr/share/man/html9/hardclock.html comp-sys-htmlman html
./usr/share/man/html9/hash.html comp-sys-htmlman html
@ -22576,6 +22578,7 @@
./usr/share/man/man9/getnanotime.9 comp-sys-man .man
./usr/share/man/man9/getnanouptime.9 comp-sys-man .man
./usr/share/man/man9/getnewvnode.9 comp-sys-man .man
./usr/share/man/man9/genfs.9 comp-sys-man .man
./usr/share/man/man9/gsignal.9 comp-obsolete obsolete
./usr/share/man/man9/hardclock.9 comp-sys-man .man
./usr/share/man/man9/hash.9 comp-sys-man .man

4
share/man/man9/Makefile
View File

@ -1,4 +1,4 @@
# $NetBSD: Makefile,v 1.363 2012/02/17 09:44:14 plunky Exp $
# $NetBSD: Makefile,v 1.364 2012/03/13 18:40:26 elad Exp $
# Makefile for section 9 (kernel function and variable) manual pages.
@ -19,7 +19,7 @@ MAN= accept_filter.9 accf_data.9 accf_http.9 \
dopowerhooks.9 do_setresuid.9 doshutdownhooks.9 driver.9 \
edid.9 errno.9 ethersubr.9 evcnt.9 extattr.9 extent.9 \
fetch.9 file.9 fileassoc.9 filedesc.9 firmload.9 flash.9 \
fork1.9 fsetown.9 fstrans.9 getiobuf.9 \
fork1.9 fsetown.9 fstrans.9 getiobuf.9 genfs.9 \
hash.9 hashinit.9 hardclock.9 humanize_number.9 hz.9 \
ieee80211.9 ieee80211_crypto.9 ieee80211_input.9 ieee80211_ioctl.9 \
ieee80211_node.9 ieee80211_output.9 ieee80211_proto.9 \

114
share/man/man9/genfs.9 Normal file
View File

@ -0,0 +1,114 @@
.\" $NetBSD: genfs.9,v 1.1 2012/03/13 18:40:27 elad Exp $
.\"
.\" Copyright 2012 Elad Efrat <elad@NetBSD.org>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote products
.\" derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd March 1, 2012
.Dt GENFS 9
.Os
.Sh NAME
.Nm genfs
.Nd genfs routines
.Sh SYNOPSIS
.In miscfs/genfs/genfs.h
.Ft int
.Fn genfs_can_access "enum vtype type" "mode_t file_mode" "uid_t uid" \
"gid_t gid" "mode_t acc_mode" "kauth_cred_t cred"
.Ft int
.Fn genfs_can_chmod "enum vtype type" "kauth_cred_t cred" "uid_t cur_uid" \
"gid_t cur_gid" "mode_t new_mode"
.Ft int
.Fn genfs_can_chown "kauth_cred_t cred" "uid_t cur_uid" "gid_t cur_gid" \
"uid_t new_uid" "gid_t new_gid"
.Ft int
.Fn genfs_can_chtimes "vnode_t *vp" "u_int vaflags" "uid_t owner_uid" \
"kauth_cred_t cred"
.Ft int
.Fn genfs_can_chflags "kauth_cred_t cred" "enum vtype type" "uid_t owner_uid" \
"bool changing_sysflags"
.Ft int
.Fn genfs_can_sticky "kauth_cred_t cred" "uid_t dir_uid" "uid_t file_uid"
.Ft int
.Fn genfs_can_extattr "kauth_cred_t cred" "int access_mode" "vnode_t *vp" \
"const char *attr"
.Sh DESCRIPTION
The functions documented here are general routines for internal use in
file-systems to implement common policies for performing various operations.
The developer must understand that these routines implement no system-wide
policies and only take into account the object being accessed and the
nominal values of the credentials accessing it.
.Pp
In other words, these functions are not meant to be called direcly.
They are intended to be used in
.Xr kauth 9
vnode scope authorization calls, for providing the fall-back file-system
decision.
.Pp
As a rule of thumb, code that looks like this is wrong:
.Bd -literal -offset indent
error = genfs_can_foo(...); /* WRONG */
.Ed
.Pp
While code that looks like this is right:
.Bd -literal -offset indent
error = kauth_authorize_vnode(..., genfs_can_foo(...));
.Ed
.Sh FUNCTIONS
.Bl -tag -width compact
.It Fn genfs_can_access "enum vtype type" "mode_t file_mode" "uid_t uid" \
"gid_t gid" "mode_t acc_mode" "kauth_cred_t cred"
Implements file access checking based on traditional Unix permissions.
.It Fn genfs_can_chmod "enum vtype type" "kauth_cred_t cred" "uid_t cur_uid" \
"gid_t cur_gid" "mode_t new_mode"
Implements
.Xr chmod 2
policy.
.It Fn genfs_can_chown "kauth_cred_t cred" "uid_t cur_uid" "gid_t cur_gid" \
"uid_t new_uid" "gid_t new_gid"
Implements
.Xr chown 2
policy.
.It Fn genfs_can_chtimes "vnode_t *vp" "u_int vaflags" "uid_t owner_uid" \
"kauth_cred_t cred"
Implements
.Xr utimes 2
policy.
.It Fn genfs_can_chflags "kauth_cred_t cred" "enum vtype type" \
"uid_t owner_uid" "bool changing_sysflags"
Implements
.Xr chflags 2
policy.
.It Fn genfs_can_sticky "kauth_cred_t cred" "uid_t dir_uid" "uid_t file_uid"
Implements rename and delete policy from sticky directories.
.It Fn genfs_can_extattr "kauth_cred_t cred" "int access_mode" "vnode_t *vp" \
"const char *attr"
Implements extended attributes access policy.
.El
.Sh SEE ALSO
.Xr kauth 9
.Sh AUTHORS
.An Elad Efrat Aq elad@NetBSD.org
wrote this manual page.

462
share/man/man9/kauth.9
View File

@ -1,4 +1,4 @@
.\" $NetBSD: kauth.9,v 1.97 2012/03/11 23:42:07 njoly Exp $
.\" $NetBSD: kauth.9,v 1.98 2012/03/13 18:40:27 elad Exp $
.\"
.\" Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
.\" All rights reserved.
@ -203,8 +203,29 @@ Check if using
.Xr ipkdb 4
is allowed.
.El
.It Dv KAUTH_SYSTEM_DEVMAPPER
Check if operations on the device mapper
.Xr dm 4
device are allowed.
.It Dv KAUTH_SYSTEM_FILEHANDLE
Check if filehandle operations allowed.
.It Dv KAUTH_SYSTEM_FS_EXTATTR
Check if starting, stopping, enabling, or disabling extended attributes
is allowed.
.Ar arg1
is a
.Ft struct mount *
of the mount-point on which the operation is performed.
.It Dv KAUTH_SYSTEM_FS_SNAPSHOT
Check if setting up a file-system snapshot is allowed.
.Ar arg1
is a
.Ft struct mount *
of the mount-point of which the snapshot is taken, and
.Ar arg2
is a
.Ft struct vnode *
of the vnode where the snapshot is expected to be.
.It Dv KAUTH_SYSTEM_FS_QUOTA
Check if file-system quota operations are allowed.
.Pp
@ -236,6 +257,35 @@ Check if bypassing the quota (not enforcing it) is allowed.
.El
.It Dv KAUTH_SYSTEM_FS_RESERVEDSPACE
Check if using the file-system reserved space is allowed.
.It Dv KAUTH_SYSTEM_LFS
Check if LFS-related operations are allowed.
.Ar req
can be one of the following:
.Bl -tag -width compact
.It Dv KAUTH_REQ_SYSTEM_LFS_MARKV
Check if calling
.Xr lfs_markv 2
is allowed.
.It Dv KAUTH_REQ_SYSTEM_LFS_BMAPV
Check if calling
.Xr lfs_bmapv 2
is allowed.
.It Dv KAUTH_REQ_SYSTEM_LFS_SEGCLEAN
Check if calling
.Xr lfs_segclean 2
is allowed.
.It Dv KAUTH_REQ_SYSTEM_LFS_SEGWAIT
Check if calling
.Xr lfs_segwait 2
is allowed.
.It Dv KAUTH_REQ_SYSTEM_LFS_FCNTL
Check if operations on LFS through
.Xr fcntl 2
are allowed.
.El
.It Dv KAUTH_SYSTEM_MAP_VA_ZERO
Check if changing the status of memory mapping of virtual address zero
is allowed.
.It Dv KAUTH_SYSTEM_MODULE
Check if a module request is allowed.
.Pp
@ -249,6 +299,20 @@ Check if mount-related operations are allowed.
.Ar req
can be any of the following:
.Bl -tag -width compact
.It Dv KAUTH_REQ_SYSTEM_MOUNT_DEVICE
Check if mounting a device is allowed.
.Ar arg1
is a
.Ft vnode_t *
of the device,
.Ar arg2
is a
.Ft struct mount *
with the mount-point, and
.Ar arg3
is a
.Ft mode_t
with the desired access mode.
.It Dv KAUTH_REQ_SYSTEM_MOUNT_GET
Check if retrieving information about a mount is allowed.
.Ar arg1
@ -296,7 +360,17 @@ with the new mount flags, and
is a
.Ft void *
with file-system specific data, if any.
.It Dv KAUTH_REQ_SYSTEM_MOUNT_UMAP
Check if mounting the user and group id remapping file-system.
See
.Xr mount_umap 8 .
.El
.It Dv KAUTH_SYSTEM_MQUEUE
Check if bypassing permissions on a message queue object are allowed.
.Ar arg1
is a
.Ft mqueue_t *
describing the message queue.
.It Dv KAUTH_SYSTEM_PSET
Check processor-set manipulation.
.Pp
@ -316,6 +390,12 @@ Destroy a processor-set.
Check if rebooting is allowed.
.It Dv KAUTH_SYSTEM_SETIDCORE
Check if changing coredump settings for set-id processes is allowed.
.It Dv KAUTH_SYSTEM_SEMAPHORE
Check if access to a kernel semaphore is allowed.
.Ar arg1
is a
.Ft ksem_t *
describing the semaphore.
.It Dv KAUTH_SYSTEM_SWAPCTL
Check if privileged
.Xr swapctl 2
@ -349,6 +429,36 @@ Check if accessing private
.Xr sysctl 9
nodes is allowed.
.El
.It Dv KAUTH_SYSTEM_SYSVIPC
Check SysV IPC related operations.
.Ar req
indicates the specific request and can be one of the following:
.Bl -tag -width compact
.It Dv KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS
Check if bypassing a SysV IPC object's permissions is allowed.
.Ar arg1
is a
.Ft struct ipc_perm *
with the object's permissions and
.Ar arg2
is a
.Ft mode_t
indicating the requested access mode.
.It Dv KAUTH_REQ_SYSTEM_SYSVIPC_SHM_LOCK
Check if shared memory locking is allowed.
.It Dv KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK
Check if shared memory unlocking is allowed.
.It Dv KAUTH_REQ_SYSTEM_SYSVIPC_MSGQ_OVERSIZE
Check if oversizing a message queue is allowed.
.Ar arg1
is a
.Ft msglen_t
indicating the size of the message buffer, and
.Ar arg2
is a
.Ft msglen_t
indicating the size of the message queue.
.El
.It Dv KAUTH_SYSTEM_TIME
This request groups time-related operations.
.Ar req
@ -386,6 +496,22 @@ Check if changing the RTC offset is allowed.
.It Dv KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS
Check if manipulating timecounters is allowed.
.El
.It Dv KAUTH_SYSTEM_VERIEXEC
Check if operations on the
.Xr veriexec 8
subsystem are allowed.
.Ar req
can be one of the following:
.Bl -tag -width compact
.It Dv KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS
Check if access to the
.Xr veriexec 8
subsystem is allowed.
.It Dv KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY
Check if modifications to the state of
.Xr veriexec 8
are allowed.
.El
.El
.Ss Process Scope
The process scope,
@ -516,7 +642,9 @@ can be
.Dv KAUTH_REQ_PROCESS_RLIMIT_GET
or
.Dv KAUTH_REQ_PROCESS_RLIMIT_SET ,
indicating access to read or write the process' resource limits, respectively.
indicating access to read or write the process' resource limits, respectively, or
.Dv KAUTH_REQ_PROCESS_RLIMIT_BYPASS
to check if the limit enforcement can be bypassed.
.Pp
When modifying resource limits,
.Ar arg2
@ -625,6 +753,8 @@ Check if retrieving privileged information from the device is allowed.
Check if setting parameters on the device is allowed.
.It Dv KAUTH_REQ_NETWORK_INTERFACE_SETPRIV
Check if setting privileged parameters on the device is allowed.
.it Dv KAUTH_REQ_NETWORK_INTERFACE_FIRMWARE
Check if manipulating the firmware on a network interface device is allowed.
.El
.Pp
Note that unless the
@ -634,6 +764,19 @@ for the interface was passed in
there's no way to tell what structure
.Ar arg3
is.
.It Dv KAUTH_NETWORK_INTERFACE_BRIDGE
Check if operations performed on the
.Xr bridge 4
network interface are allowed.
.Pp
.Ar req
can be one of the following:
.Bl -tag -width compact
.It Dv KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV
Check if getting privileges parameters is allowed.
.It Dv KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_SETPRIV
Check if setting privileges paramteres is allowed.
.El
.It Dv KAUTH_NETWORK_INTERFACE_PPP
Checks if operations performed on the
.Xr ppp 4
@ -647,6 +790,16 @@ Checks if adding and enabling a
.Xr ppp 4
interface to the system is allowed.
.El
.It Dv KAUTH_NETWORK_INTERFACE_PVC
Check if operations performed on a PVC device (e.g.
.Xr midway 4 )
are allowed.
.Ar req
can be one of the following:
.Bl -tag -width compact
.It Dv KAUTH_REQ_NETWORK_INTERFACE_PVC_ADD
Check if adding a PVC device is allowed.
.El
.It Dv KAUTH_NETWORK_INTERFACE_SLIP
Checks if operations performed on the
.Xr sl 4
@ -686,6 +839,28 @@ Checks if adding and enabling a
.Xr tun 4
interface to the system is allowed.
.El
.It Dv KAUTH_NETWORK_IPSEC
Check if operations related to
.Xr ipsec 4
connections are allowed.
.Ar req
can be one of the following:
.Bl -tag -width compact
.It Dv KAUTH_REQ_NETWORK_IPSEC_BYPASS
Check if bypassing
.Xr ipsec 4
policy is allowed.
.El
.It Dv KAUTH_NETWORK_IPV6
Check if IPv6-specific operations are allowed.
.Ar req
can be one of the following:
.Bl -tag -width compact
.It Dv KAUTH_REQ_NETWORK_IPV6_HOPBYHOP
Check if setting hop-by-hop packet options is allowed.
.It Dv KAUTH_REQ_NETWORK_IPV6_JOIN_MULTICAST
Check if joining a multicast network is allowed.
.El
.It Dv KAUTH_NETWORK_FORWSRCRT
Checks whether status of forwarding of source-routed packets can be modified
or not.
@ -709,6 +884,49 @@ Checks if a routing-related request is allowed.
is the
.Ft struct rt_msghdr *
for the request.
.It Dv KAUTH_NETWORK_SMB
Check if operations related to SMB are allowed.
.Pp
.Ar req
can be one of the following:
.Bl -tag -width compact
.It Dv KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS
Check if accessing an SMB share is allowed.
.Pp
.Ar arg1
is a
.Ft struct smb_share *
describing the SMB share, and
.Ar arg2
is a
.Ft mode_t
with the desired access mode.
.It Dv KAUTH_REQ_NETWORK_SMB_SHARE_CREATE
Check if creating an SMB share is allowed.
.Pp
.Ar arg1
is a
.Ft struct smb_sharespec *
describing the share to be created.
.It Dv KAUTH_REQ_NETWORK_SMB_VC_ACCESS
Check if accessing an SMB VC is allowed.
.Pp
.Ar arg1
is a
.Ft struct smb_vc *
describing the SMB VC, and
.Ar arg2
is a
.Ft mode_t
with the desired access mode.
.It Dv KAUTH_REQ_NETWORK_SMB_VC_CREATE
Check if creating an SMB VC is allowed.
.Pp
.Ar arg1
is a
.Ft struct smb_vcspec *
describing the VC to be created.
.El
.It Dv KAUTH_NETWORK_SOCKET
Checks if a socket related operation is allowed.
.Pp
@ -770,17 +988,21 @@ platforms.
Below is a list of available actions, along with which platforms are affected
by each.
.Bl -tag -width compact
.It Dv KAUTH_MACHDEP_CPU_UCODE_APPLY
Request to apply a CPU microcode to a CPU.
This is related to the
.Em CPU_UCODE
kernel config
.Xr options 4 .
.It Dv KAUTH_MACHDEP_CACHEFLUSH
Request to flush the whole CPU cache.
Affects
.Em m68k
Linux emulation.
.It Dv KAUTH_MACHDEP_CPU_UCODE_APPLY
Request to apply a CPU microcode to a CPU.
This is related to
.Em CPU_UCODE ,
see
.Xr options 4 .
Affects
.Em i386
and
.Em xen .
.It Dv KAUTH_MACHDEP_IOPERM_GET
Request to get the I/O permission level.
Affects
@ -827,6 +1049,18 @@ Affects
Request to access (read/write) the NVRAM.
Affects
.Em i386 .
.It Dv KAUTH_MACHDEP_PXG
Request to start or stop the
.Xr pxg 4
CPU.
.Ar arg0
is
.Ft true
or
.Ft false ,
respectively.
Affects
.Em pmax .
.It Dv KAUTH_MACHDEP_UNMANAGEDMEM
Request to access unmanaged memory.
Affects
@ -884,6 +1118,11 @@ device
.Xr ioctl 2 ,
allowing to inject characters into the terminal buffer, simulating terminal
input.
.It Dv KAUTH_DEVICE_TTY_VIRTUAL
Control the virtual console.
.Ar tty
is the current console
.Xr tty 4 .
.El
.Pp
.Ft int Fn kauth_authorize_device_spec "kauth_cred_t cred" \
@ -1046,6 +1285,207 @@ Check if privileged settings and information can be retrieved.
.It KAUTH_DEVICE_RND_SETPRIV
Check if privileged settings can be changed.
.El
.Ss Wscons devices
Authorization actions relevant to
.Xr wscons 4
are done using the standard authorization wrapper, with the following actions:
.Pp
.Bl -tag -width compact
.It KAUTH_DEVICE_WSCONS_KEYBOARD_BELL
Check if setting the default bell is allowed.
.It KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT
Check if setting the default key-repeat is allowed.
.El
.Ss Vnode Scope
The vnode scope,
.Dq org.netbsd.kauth.vnode ,
authorizes operations made on vnodes representing files-system objects.
.Pp
The authorization wrapper for this scope is declared as
.Pp
.Ft int Fn kauth_authorize_vnode "kauth_cred_t cred" "kauth_action_t action" \
"vnode_t *vp" "vnode_t *dvp" "int fs_decision"
.Pp
This scope is heavily used in file-system code and can potentially affect
system-wide performance.
Therefore, there are several things developers should know when using it.
.Pp
First, the
.Ar action
parameter is a bit-mask and multiple actions can be binary-OR'd and authorized
in a single call.
Two helper functions help generate the
.Ar action
value for a couple of common cases: translating file-system access to a
.Xr kauth 9
action and checking access to a vnode.
.Pp
The first,
.Fn kauth_mode_to_action "mode_t access_mode" ,
and returns a
.Ft kauth_action_t
representing the desired access modes.
Another function,
.Fn kauth_access_action "mode_t access_mode" "enum vtype v_type" \
"mode_t file_mode" ,
returns a
.Ft kauth_action_t
suitable for use in many file-system
.Xr access 2
implementations.
It calls the aforementioned
.Fn kauth_mode_to_action ,
but before returning also adds the
.Dv KAUTH_VNODE_IS_EXEC
flag if needed.
See below for the meaning of this flag and how its necessity is
determined.
.Pp
Second, it is recommended to be very careful with adding listeners on this
scope.
A special parameter,
.Ar fs_decision ,
allows different file-systems to instrument different policies without adding
their own listener.
This parameter is special because it also serves as a fall-back decision when
no
.Xr secmodel 9
is present to prevent a fail-open scenario.
It can take either an
.Xr errno 2
value or
.Dq KAUTH_VNODE_REMOTEFS ,
indicating that the file-system on which the authorization is made is remote
and cannot provide us with a fall-back decision.
In this case,
.Xr kauth 9
can only short-circuit the request but the file-system will have the last
word if there is no definitive allow or deny decision.
.Pp
The value of
.Ar fs_decision
can be hard-coded or determined by calling an internal function implementing a
policy.
For the latter case,
.Xr genfs 9
provides a set of helper functions that implement common policies that
file-systems can use.
The calling convention is as follows:
.Bd -literal -offset indent
int error;
error = kauth_authorize_vnode(..., genfs_can_foo(...));
.Ed
.Pp
Actions on the vnode scope are of two types: operations and flags.
An operation is similar in concept to actions on other scopes in the sense
that it represents an operation desired by the caller.
A flag is an indicator of additional information about the vnode that
a file-system can set in order to allow the listener to make a more
informed decision.
.Pp
Actions include the following:
.Bl -tag -width compact -offset indent
.It KAUTH_VNODE_READ_DATA
Read file data.
.It KAUTH_VNODE_LIST_DIRECTORY
Read directory listing.
Identical to the above.
.It KAUTH_VNODE_WRITE_DATA
Write file data.
.It KAUTH_VNODE_ADD_FILE
Add a file to a directory.
Identical to the above.
.It KAUTH_VNODE_EXECUTE
Execute a file.
.It KAUTH_VNODE_SEARCH
Search (enter) a directory.
Identical to the above.
.It KAUTH_VNODE_DELETE
Delete a file.
.It KAUTH_VNODE_APPEND_DATA
Append data to a file.
.It KAUTH_VNODE_ADD_SUBDIRECTORY
Add a subdirectory to a directory.
Identical to the above.
.It KAUTH_VNODE_READ_TIMES
Read the created, last accessed, and last modified times of a file.
.It KAUTH_VNODE_WRITE_TIMES
Modify the created, last accessed, or last modified times of a file.
.It KAUTH_VNODE_READ_FLAGS
Read file flags.
.It KAUTH_VNODE_WRITE_FLAGS
Modify file flags.
.It KAUTH_VNODE_READ_SYSFLAGS
Read file system flags.
.It KAUTH_VNODE_WRITE_SYSFLAGS
Modify file system flags.
.It KAUTH_VNODE_RENAME
Rename a file.
.It KAUTH_VNODE_CHANGE_OWNERSHIP
Change ownership of a file.
.It KAUTH_VNODE_READ_SECURITY
Read the permissions of a file.
.It KAUTH_VNODE_WRITE_SECURITY
Change the permissions of a file, for example by using
.Xr chmod 2 .
.It KAUTH_VNODE_READ_ATTRIBUTES
Read attributes of a file.
.It KAUTH_VNODE_WRITE_ATTRIBUTES
Modify attributes of a file.
.It KAUTH_VNODE_READ_EXTATTRIBUTES
Read extended attributes of a file.
.It KAUTH_VNODE_WRITE_EXTATTRIBUTES
Modify extended attributes of a file.
.It KAUTH_VNODE_RETAIN_SUID
Check if retaining the set-user-id bit on files after
.Xr chown 2
is allowed.
.It KAUTH_VNODE_RETAIN_SGID
Check if retaining the set-group-id bit on files after
.Xr chown 2
is allowed.
.It KAUTH_VNODE_REVOKE
Revoke a file.
.El
.Pp
Flags include the following:
.Bl -tag -width compact -offset indent
.It KAUTH_VNODE_IS_EXEC
The vnode is executable.
.Pp
The macro
.Fn FS_OBJECT_CAN_EXEC
can be used to help determine if this flag should be set.
This macro determines a file-system object to be executable if it is a
directory (in which case we say it is searchable) or if it has at least one
executable bit set in its mode.
.Pp
Setting this flag helps a listener know that a vnode is executable and is used
in implementing privileged access to files and directories while maintaining
semantics that prevent execution until a file is marked as an executable.
An example for using this in listener code is:
.Bd -literal -offset indent
if (privileged) {
/* Always allow read/write; execute only if executable. */
if ((action & KAUTH_VNODE_EXECUTE) == 0 ||
(action & KAUTH_VNODE_IS_EXEC))
result = KAUTH_RESULT_ALLOW;
}
.Ed
.Pp
Finally, the vnode scope authorization wrapper returns
.Er EACCES
in case of an error, to maintain file-system semantics.
File-systems can override this value if needed.
.It KAUTH_VNODE_HAS_SYSFLAGS
The file-system object represented by the vnode has system flags set.
.It KAUTH_VNODE_ACCESS
The authorization is advisory only and no actual operation is to be
performed.
This is not implemented.
.El
.Pp
.Ss Credentials Scope
The credentials scope,
.Dq org.netbsd.kauth.cred ,
@ -1608,9 +2048,3 @@ implemented the kernel authorization framework in
.Pp
.An Jason R. Thorpe Aq thorpej@NetBSD.org
provided guidance and answered questions about the Darwin implementation.
.Sh ONE MORE THING
The
.Nm
framework is dedicated to Brian Mitchell, one of the most talented people
I know.
Thanks for everything.

8
sys/arch/amiga/dev/grf.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: grf.c,v 1.57 2011/12/15 14:25:13 phx Exp $ */
/* $NetBSD: grf.c,v 1.58 2012/03/13 18:40:27 elad Exp $ */
/*
* Copyright (c) 1988 University of Utah.
@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: grf.c,v 1.57 2011/12/15 14:25:13 phx Exp $");
__KERNEL_RCSID(0, "$NetBSD: grf.c,v 1.58 2012/03/13 18:40:27 elad Exp $");
/*
* Graphics display driver for the Amiga
@ -540,8 +540,8 @@ grf_wsmmap(void *v, void *vs, off_t off, int prot)
if (off < gi->gd_fbsize)
return grf_wsmmap_md(((bus_addr_t)gp->g_fbkva) + off);
if (kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER,
NULL) != 0) {
if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
NULL, NULL, NULL, NULL) != 0) {
aprint_normal("%s: permission to mmap denied.\n",
device_xname(&gp->g_device));
return -1;

8
sys/arch/macppc/dev/ofb.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ofb.c,v 1.67 2011/07/01 18:41:52 dyoung Exp $ */
/* $NetBSD: ofb.c,v 1.68 2012/03/13 18:40:27 elad Exp $ */
/*
* Copyright (c) 1995, 1996 Carnegie-Mellon University.
@ -28,7 +28,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ofb.c,v 1.67 2011/07/01 18:41:52 dyoung Exp $");
__KERNEL_RCSID(0, "$NetBSD: ofb.c,v 1.68 2012/03/13 18:40:27 elad Exp $");
#include <sys/param.h>
#include <sys/buf.h>
@ -335,8 +335,8 @@ ofb_mmap(void *v, void *vs, off_t offset, int prot)
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
if (kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER,
NULL) != 0) {
if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
NULL, NULL, NULL, NULL) != 0) {
printf("%s: mmap() rejected.\n", sc->sc_dev.dv_xname);
return -1;
}

8
sys/arch/shark/ofw/vga_ofbus.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: vga_ofbus.c,v 1.15 2008/10/11 20:36:40 tsutsui Exp $ */
/* $NetBSD: vga_ofbus.c,v 1.16 2012/03/13 18:40:28 elad Exp $ */
/*
* Copyright (c) 1995, 1996 Carnegie-Mellon University.
@ -28,7 +28,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: vga_ofbus.c,v 1.15 2008/10/11 20:36:40 tsutsui Exp $");
__KERNEL_RCSID(0, "$NetBSD: vga_ofbus.c,v 1.16 2012/03/13 18:40:28 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -181,8 +181,8 @@ vga_ofbus_mmap(void *cookie, off_t offset, int prot)
/* only the superuser may mmap IO and aperture */
if (curlwp != NULL) {
if (kauth_authorize_generic(kauth_cred_get(),
KAUTH_GENERIC_ISSUSER, NULL) != 0) {
if (kauth_authorize_machdep(kauth_cred_get(),
KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0) {
return -1;
}
}

8
sys/arch/sparc/dev/tctrl.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: tctrl.c,v 1.53 2011/07/18 00:31:13 mrg Exp $ */
/* $NetBSD: tctrl.c,v 1.54 2012/03/13 18:40:28 elad Exp $ */
/*-
* Copyright (c) 1998, 2005, 2006 The NetBSD Foundation, Inc.
@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: tctrl.c,v 1.53 2011/07/18 00:31:13 mrg Exp $");
__KERNEL_RCSID(0, "$NetBSD: tctrl.c,v 1.54 2012/03/13 18:40:28 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -1149,8 +1149,8 @@ tctrlioctl(dev_t dev, u_long cmd, void *data, int flags, struct lwp *l)
/* this ioctl assumes the caller knows exactly what he is doing */
case TCTRL_CMD_REQ:
reqn = (struct tctrl_req *)data;
if ((i = kauth_authorize_generic(l->l_cred,
KAUTH_GENERIC_ISSUSER, NULL)) != 0 &&
if ((i = kauth_authorize_device_passthru(l->l_cred,
dev, KAUTH_REQ_DEVICE_PASSTHRU_ALL, data)) != 0 &&
(reqn->cmdbuf[0] == TS102_OP_CTL_BITPORT ||
(reqn->cmdbuf[0] >= TS102_OP_CTL_WATCHDOG &&
reqn->cmdbuf[0] <= TS102_OP_CTL_SECURITY_KEY) ||

8
sys/arch/sparc64/dev/gfb.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: gfb.c,v 1.5 2012/01/11 15:53:32 macallan Exp $ */
/* $NetBSD: gfb.c,v 1.6 2012/03/13 18:40:29 elad Exp $ */
/*
* Copyright (c) 2009 Michael Lorenz
@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: gfb.c,v 1.5 2012/01/11 15:53:32 macallan Exp $");
__KERNEL_RCSID(0, "$NetBSD: gfb.c,v 1.6 2012/03/13 18:40:29 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -325,8 +325,8 @@ gfb_mmap(void *v, void *vs, off_t offset, int prot)
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
if (kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER,
NULL) != 0) {
if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
NULL, NULL, NULL, NULL) != 0) {
aprint_normal("%s: mmap() rejected.\n",
device_xname(sc->sc_dev));
return -1;

9
sys/compat/common/vfs_syscalls_50.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: vfs_syscalls_50.c,v 1.16 2012/02/01 05:34:41 dholland Exp $ */
/* $NetBSD: vfs_syscalls_50.c,v 1.17 2012/03/13 18:40:29 elad Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@ -36,7 +36,7 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_50.c,v 1.16 2012/02/01 05:34:41 dholland Exp $");
__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_50.c,v 1.17 2012/03/13 18:40:29 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -282,8 +282,9 @@ compat_50_sys_lfs_segwait(struct lwp *l,
int error;
/* XXX need we be su to segwait? */
if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
NULL)) != 0)
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
KAUTH_REQ_SYSTEM_LFS_SEGWAIT, NULL, NULL, NULL);
if (error)
return (error);
if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
return (error);

8
sys/dev/cons.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: cons.c,v 1.68 2011/02/08 20:20:26 rmind Exp $ */
/* $NetBSD: cons.c,v 1.69 2012/03/13 18:40:29 elad Exp $ */
/*
* Copyright (c) 1988 University of Utah.
@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: cons.c,v 1.68 2011/02/08 20:20:26 rmind Exp $");
__KERNEL_RCSID(0, "$NetBSD: cons.c,v 1.69 2012/03/13 18:40:29 elad Exp $");
#include <sys/param.h>
#include <sys/proc.h>
@ -184,8 +184,8 @@ cnioctl(dev_t dev, u_long cmd, void *data, int flag, struct lwp *l)
* output from the "virtual" console.
*/
if (cmd == TIOCCONS && constty != NULL) {
error = kauth_authorize_generic(l->l_cred,
KAUTH_GENERIC_ISSUSER, NULL);
error = kauth_authorize_device_tty(l->l_cred,
KAUTH_DEVICE_TTY_VIRTUAL, constty);
if (!error)
constty = NULL;
return (error);

6
sys/dev/dm/device-mapper.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: device-mapper.c,v 1.28 2010/12/23 20:07:13 christos Exp $ */
/* $NetBSD: device-mapper.c,v 1.29 2012/03/13 18:40:30 elad Exp $ */
/*
* Copyright (c) 2010 The NetBSD Foundation, Inc.
@ -397,8 +397,8 @@ dm_cmd_to_fun(prop_dictionary_t dm_dict) {
break;
if (!cmd_fn[i].allowed &&
(r = kauth_authorize_generic(kauth_cred_get(),
KAUTH_GENERIC_ISSUSER, NULL)) != 0)
(r = kauth_authorize_system(kauth_cred_get(),
KAUTH_SYSTEM_DEVMAPPER, 0, NULL, NULL, NULL)) != 0)
return r;
if (cmd_fn[i].cmd == NULL)

8
sys/dev/ic/ct65550.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ct65550.c,v 1.3 2012/01/11 16:12:38 macallan Exp $ */
/* $NetBSD: ct65550.c,v 1.4 2012/03/13 18:40:31 elad Exp $ */
/*
* Copyright (c) 2006 Michael Lorenz
@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ct65550.c,v 1.3 2012/01/11 16:12:38 macallan Exp $");
__KERNEL_RCSID(0, "$NetBSD: ct65550.c,v 1.4 2012/03/13 18:40:31 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -774,8 +774,8 @@ chipsfb_mmap(void *v, void *vs, off_t offset, int prot)
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
if (kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER,
NULL) != 0) {
if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
NULL, NULL, NULL, NULL) != 0) {
aprint_normal_dev(sc->sc_dev, "mmap() rejected.\n");
return -1;
}

9
sys/dev/ic/midway.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: midway.c,v 1.93 2011/07/18 00:58:51 mrg Exp $ */
/* $NetBSD: midway.c,v 1.94 2012/03/13 18:40:31 elad Exp $ */
/* (sync'd to midway.c 1.68) */
/*
@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: midway.c,v 1.93 2011/07/18 00:58:51 mrg Exp $");
__KERNEL_RCSID(0, "$NetBSD: midway.c,v 1.94 2012/03/13 18:40:31 elad Exp $");
#include "opt_natm.h"
@ -1237,8 +1237,9 @@ STATIC int en_ioctl(struct ifnet *ifp, EN_IOCTL_CMDT cmd, void *data)
if (ifp == &sc->enif) {
struct ifnet *sifp;
if ((error = kauth_authorize_generic(curlwp->l_cred,
KAUTH_GENERIC_ISSUSER, NULL)) != 0)
if ((error = kauth_authorize_network(curlwp->l_cred,
KAUTH_NETWORK_INTERFACE_PVC, KAUTH_REQ_NETWORK_INTERFACE_PVC_ADD,
NULL, NULL, NULL)) != 0)
break;
if ((sifp = en_pvcattach(ifp)) != NULL) {

8
sys/dev/pci/genfb_pci.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: genfb_pci.c,v 1.33 2012/01/30 19:41:19 drochner Exp $ */
/* $NetBSD: genfb_pci.c,v 1.34 2012/03/13 18:40:31 elad Exp $ */
/*-
* Copyright (c) 2007 Michael Lorenz
@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: genfb_pci.c,v 1.33 2012/01/30 19:41:19 drochner Exp $");
__KERNEL_RCSID(0, "$NetBSD: genfb_pci.c,v 1.34 2012/03/13 18:40:31 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -268,8 +268,8 @@ pci_genfb_mmap(void *v, void *vs, off_t offset, int prot)
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
if (kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER,
NULL) != 0) {
if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
NULL, NULL, NULL, NULL) != 0) {
aprint_normal_dev(sc->sc_gen.sc_dev, "mmap() rejected.\n");
return -1;
}

4
sys/dev/pci/if_lmc.h
View File

@ -1,5 +1,5 @@
/*-
* $NetBSD: if_lmc.h,v 1.19 2010/04/05 07:20:26 joerg Exp $
* $NetBSD: if_lmc.h,v 1.20 2012/03/13 18:40:32 elad Exp $
*
* Copyright (c) 2002-2006 David Boggs. (boggs@boggs.palo-alto.ca.us)
* All rights reserved.
@ -971,7 +971,7 @@ typedef int intr_return_t;
# define TOP_UNLOCK(sc) mutex_spin_exit(&(sc)->top_lock)
# define BOTTOM_TRYLOCK(sc) __cpu_simple_lock_try(&(sc)->bottom_lock)
# define BOTTOM_UNLOCK(sc) __cpu_simple_unlock (&(sc)->bottom_lock)
# define CHECK_CAP kauth_authorize_generic(curlwp->l_cred, KAUTH_GENERIC_ISSUSER, NULL)
# define CHECK_CAP kauth_authorize_network(curlwp->l_cred, KAUTH_NETWORK_INTERFACE, KAUTH_REQ_NETWORK_INTERFACE_FIRMWARE, sc->ifp, NULL, NULL)
# define DISABLE_INTR int spl = splnet()
# define ENABLE_INTR splx(spl)
# define IRQ_NONE 0

8
sys/dev/pci/machfb.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: machfb.c,v 1.73 2012/01/30 19:41:22 drochner Exp $ */
/* $NetBSD: machfb.c,v 1.74 2012/03/13 18:40:32 elad Exp $ */
/*
* Copyright (c) 2002 Bang Jun-Young
@ -34,7 +34,7 @@
#include <sys/cdefs.h>
__KERNEL_RCSID(0,
"$NetBSD: machfb.c,v 1.73 2012/01/30 19:41:22 drochner Exp $");
"$NetBSD: machfb.c,v 1.74 2012/03/13 18:40:32 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -1795,8 +1795,8 @@ mach64_mmap(void *v, void *vs, off_t offset, int prot)
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
if (kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER,
NULL) != 0) {
if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
NULL, NULL, NULL, NULL) != 0) {
return -1;
}

8
sys/dev/pci/pci_usrreq.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: pci_usrreq.c,v 1.23 2011/02/10 12:37:58 jmcneill Exp $ */
/* $NetBSD: pci_usrreq.c,v 1.24 2012/03/13 18:40:32 elad Exp $ */
/*
* Copyright 2001 Wasabi Systems, Inc.
@ -40,7 +40,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: pci_usrreq.c,v 1.23 2011/02/10 12:37:58 jmcneill Exp $");
__KERNEL_RCSID(0, "$NetBSD: pci_usrreq.c,v 1.24 2012/03/13 18:40:32 elad Exp $");
#include <sys/param.h>
#include <sys/conf.h>
@ -119,8 +119,8 @@ pcimmap(dev_t dev, off_t offset, int prot)
int flags = 0;
int device, range;
if (kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER,
NULL) != 0) {
if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
NULL, NULL, NULL, NULL) != 0) {
return -1;
}
/*

8
sys/dev/pci/pm2fb.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: pm2fb.c,v 1.12 2012/01/30 19:41:22 drochner Exp $ */
/* $NetBSD: pm2fb.c,v 1.13 2012/03/13 18:40:33 elad Exp $ */
/*
* Copyright (c) 2009 Michael Lorenz
@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: pm2fb.c,v 1.12 2012/01/30 19:41:22 drochner Exp $");
__KERNEL_RCSID(0, "$NetBSD: pm2fb.c,v 1.13 2012/03/13 18:40:33 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -428,8 +428,8 @@ pm2fb_mmap(void *v, void *vs, off_t offset, int prot)
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
if (kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER,
NULL) != 0) {
if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
NULL, NULL, NULL, NULL) != 0) {
aprint_normal("%s: mmap() rejected.\n",
device_xname(sc->sc_dev));
return -1;

8
sys/dev/pci/r128fb.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: r128fb.c,v 1.31 2012/03/08 05:42:44 macallan Exp $ */
/* $NetBSD: r128fb.c,v 1.32 2012/03/13 18:40:33 elad Exp $ */
/*
* Copyright (c) 2007 Michael Lorenz
@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: r128fb.c,v 1.31 2012/03/08 05:42:44 macallan Exp $");
__KERNEL_RCSID(0, "$NetBSD: r128fb.c,v 1.32 2012/03/13 18:40:33 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -495,8 +495,8 @@ r128fb_mmap(void *v, void *vs, off_t offset, int prot)
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
if (kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER,
NULL) != 0) {
if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
NULL, NULL, NULL, NULL) != 0) {
aprint_normal("%s: mmap() rejected.\n",
device_xname(sc->sc_dev));
return -1;

8
sys/dev/pci/radeonfb.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: radeonfb.c,v 1.57 2012/02/28 21:22:20 macallan Exp $ */
/* $NetBSD: radeonfb.c,v 1.58 2012/03/13 18:40:33 elad Exp $ */
/*-
* Copyright (c) 2006 Itronix Inc.
@ -70,7 +70,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: radeonfb.c,v 1.57 2012/02/28 21:22:20 macallan Exp $");
__KERNEL_RCSID(0, "$NetBSD: radeonfb.c,v 1.58 2012/03/13 18:40:33 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -1149,8 +1149,8 @@ radeonfb_mmap(void *v, void *vs, off_t offset, int prot)
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
if (kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER,
NULL) != 0) {
if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
NULL, NULL, NULL, NULL) != 0) {
aprint_error_dev(sc->sc_dev, "mmap() rejected.\n");
return -1;
}

8
sys/dev/pci/voodoofb.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: voodoofb.c,v 1.38 2012/01/30 19:41:23 drochner Exp $ */
/* $NetBSD: voodoofb.c,v 1.39 2012/03/13 18:40:33 elad Exp $ */
/*
* Copyright (c) 2005, 2006 Michael Lorenz
@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: voodoofb.c,v 1.38 2012/01/30 19:41:23 drochner Exp $");
__KERNEL_RCSID(0, "$NetBSD: voodoofb.c,v 1.39 2012/03/13 18:40:33 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -1195,8 +1195,8 @@ voodoofb_mmap(void *v, void *vs, off_t offset, int prot)
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
if (kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER,
NULL) != 0) {
if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
NULL, NULL, NULL, NULL) != 0) {
aprint_error_dev(sc->sc_dev, "mmap() rejected.\n");
return -1;
}

8
sys/dev/pci/voyager/voyagerfb.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: voyagerfb.c,v 1.17 2012/02/21 15:26:20 macallan Exp $ */
/* $NetBSD: voyagerfb.c,v 1.18 2012/03/13 18:40:34 elad Exp $ */
/*
* Copyright (c) 2009, 2011 Michael Lorenz
@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: voyagerfb.c,v 1.17 2012/02/21 15:26:20 macallan Exp $");
__KERNEL_RCSID(0, "$NetBSD: voyagerfb.c,v 1.18 2012/03/13 18:40:34 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -507,8 +507,8 @@ voyagerfb_mmap(void *v, void *vs, off_t offset, int prot)
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
if (kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER,
NULL) != 0) {
if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
NULL, NULL, NULL, NULL) != 0) {
aprint_normal("%s: mmap() rejected.\n",
device_xname(sc->sc_dev));
return -1;

8
sys/dev/pci/wcfb.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: wcfb.c,v 1.10 2012/01/30 19:41:23 drochner Exp $ */
/* $NetBSD: wcfb.c,v 1.11 2012/03/13 18:40:34 elad Exp $ */
/*-
* Copyright (c) 2010 Michael Lorenz
@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: wcfb.c,v 1.10 2012/01/30 19:41:23 drochner Exp $");
__KERNEL_RCSID(0, "$NetBSD: wcfb.c,v 1.11 2012/03/13 18:40:34 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -340,8 +340,8 @@ wcfb_mmap(void *v, void *vs, off_t offset, int prot)
* restrict all other mappings to processes with superuser privileges
* or the kernel itself
*/
if (kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER,
NULL) != 0) {
if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_UNMANAGEDMEM,
NULL, NULL, NULL, NULL) != 0) {
aprint_normal_dev(sc->sc_dev, "mmap() rejected.\n");
return -1;
}

9
sys/dev/tc/pxg.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: pxg.c,v 1.33 2009/08/22 17:38:06 tsutsui Exp $ */
/* $NetBSD: pxg.c,v 1.34 2012/03/13 18:40:34 elad Exp $ */
/*-
* Copyright (c) 1999, 2000, 2001 The NetBSD Foundation, Inc.
@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: pxg.c,v 1.33 2009/08/22 17:38:06 tsutsui Exp $");
__KERNEL_RCSID(0, "$NetBSD: pxg.c,v 1.34 2012/03/13 18:40:34 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -359,8 +359,9 @@ pxg_ioctl(struct stic_info *si, u_long cmd, void *data, int flag,
switch (cmd) {
case STICIO_START860:
case STICIO_RESET860:
if ((rv = kauth_authorize_generic(l->l_cred,
KAUTH_GENERIC_ISSUSER, NULL)) != 0)
if ((rv = kauth_authorize_machdep(l->l_cred,
KAUTH_MACHDEP_PXG, KAUTH_ARG(cmd == STICIO_START860 ? 1 : 0),
NULL, NULL, NULL)) != 0)
return (rv);
if (si->si_dispmode != WSDISPLAYIO_MODE_MAPPED)
return (EBUSY);

20
sys/dev/verified_exec.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: verified_exec.c,v 1.66 2009/06/29 05:08:17 dholland Exp $ */
/* $NetBSD: verified_exec.c,v 1.67 2012/03/13 18:40:30 elad Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.66 2009/06/29 05:08:17 dholland Exp $");
__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.67 2012/03/13 18:40:30 elad Exp $");
#include <sys/param.h>
#include <sys/errno.h>
@ -106,7 +106,8 @@ veriexecattach(DEVPORT_DEVICE *parent, DEVPORT_DEVICE *self, void *aux)
static int
veriexecopen(dev_t dev, int flags, int fmt, struct lwp *l)
{
if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, NULL))
if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_VERIEXEC,
KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS, NULL, NULL, NULL))
return (EPERM);
if (veriexec_dev_usage > 0)
@ -173,12 +174,10 @@ veriexec_query(prop_dictionary_t dict, prop_dictionary_t rdict, struct lwp *l)
int
veriexecioctl(dev_t dev, u_long cmd, void *data, int flags, struct lwp *l)
{
extern int veriexec_strict;
struct plistref *plistref;
prop_dictionary_t dict;
int error = 0;
/* XXX This should be replaced with a kauth(9) request. */
switch (cmd) {
case VERIEXEC_TABLESIZE:
case VERIEXEC_LOAD:
@ -187,12 +186,11 @@ veriexecioctl(dev_t dev, u_long cmd, void *data, int flags, struct lwp *l)
if (!(flags & FWRITE))
return (EPERM);
if (veriexec_strict > VERIEXEC_LEARNING) {
log(LOG_WARNING, "Veriexec: Strict mode, modifying "
"tables not permitted.\n");
return (EPERM);
}
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_VERIEXEC,
KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY, KAUTH_ARG(cmd), NULL,
NULL);
if (error)
return error;
break;

15
sys/dev/wscons/wskbd.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: wskbd.c,v 1.130 2010/10/26 05:12:34 jruoho Exp $ */
/* $NetBSD: wskbd.c,v 1.131 2012/03/13 18:40:34 elad Exp $ */
/*
* Copyright (c) 1996, 1997 Christopher G. Demetriou. All rights reserved.
@ -105,7 +105,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: wskbd.c,v 1.130 2010/10/26 05:12:34 jruoho Exp $");
__KERNEL_RCSID(0, "$NetBSD: wskbd.c,v 1.131 2012/03/13 18:40:34 elad Exp $");
#include "opt_ddb.h"
#include "opt_kgdb.h"
@ -1042,7 +1042,6 @@ wskbd_displayioctl(device_t dev, u_long cmd, void *data, int flag,
struct wskbd_keyrepeat_data *ukdp, *kkdp;
struct wskbd_map_data *umdp;
struct wskbd_mapdata md;
struct proc *p = l ? l->l_proc : NULL;
kbd_t enc;
void *tbuf;
int len, error;
@ -1090,8 +1089,9 @@ getbell:
return (0);
case WSKBDIO_SETDEFAULTBELL:
if (p && (error = kauth_authorize_generic(l->l_cred,
KAUTH_GENERIC_ISSUSER, NULL)) != 0)
if ((error = kauth_authorize_device(l->l_cred,
KAUTH_DEVICE_WSCONS_KEYBOARD_BELL, NULL, NULL,
NULL, NULL)) != 0)
return (error);
kbdp = &wskbd_default_bell_data;
goto setbell;
@ -1129,8 +1129,9 @@ getkeyrepeat:
return (0);
case WSKBDIO_SETDEFAULTKEYREPEAT:
if ((error = kauth_authorize_generic(l->l_cred,
KAUTH_GENERIC_ISSUSER, NULL)) != 0)
if ((error = kauth_authorize_device(l->l_cred,
KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT, NULL, NULL,
NULL, NULL)) != 0)
return (error);
kkdp = &wskbd_default_keyrepeat_data;
goto setkeyrepeat;

7
sys/fs/adosfs/advfsops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: advfsops.c,v 1.63 2011/11/14 18:35:12 hannken Exp $ */
/* $NetBSD: advfsops.c,v 1.64 2012/03/13 18:40:35 elad Exp $ */
/*
* Copyright (c) 1994 Christian E. Hopps
@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: advfsops.c,v 1.63 2011/11/14 18:35:12 hannken Exp $");
__KERNEL_RCSID(0, "$NetBSD: advfsops.c,v 1.64 2012/03/13 18:40:35 elad Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@ -137,7 +137,8 @@ adosfs_mount(struct mount *mp, const char *path, void *data, size_t *data_len)
if ((mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
error = genfs_can_mount(devvp, accessmode, l->l_cred);
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp, KAUTH_ARG(accessmode));
VOP_UNLOCK(devvp);
if (error) {
vrele(devvp);

11
sys/fs/adosfs/advnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: advnops.c,v 1.38 2011/05/19 03:11:55 rmind Exp $ */
/* $NetBSD: advnops.c,v 1.39 2012/03/13 18:40:35 elad Exp $ */
/*
* Copyright (c) 1994 Christian E. Hopps
@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: advnops.c,v 1.38 2011/05/19 03:11:55 rmind Exp $");
__KERNEL_RCSID(0, "$NetBSD: advnops.c,v 1.39 2012/03/13 18:40:35 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -776,10 +776,11 @@ static int
adosfs_check_permitted(struct vnode *vp, struct anode *ap, mode_t mode,
kauth_cred_t cred)
{
mode_t file_mode = adunixprot(ap->adprot) & ap->amp->mask;
return genfs_can_access(vp->v_type,
adunixprot(ap->adprot) & ap->amp->mask, ap->uid, ap->gid, mode,
cred);
return kauth_authorize_vnode(cred, kauth_access_action(mode,
vp->v_type, file_mode), vp, NULL, genfs_can_access(vp->v_type,
file_mode, ap->uid, ap->gid, mode, cred));
}
int

7
sys/fs/cd9660/cd9660_vfsops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: cd9660_vfsops.c,v 1.74 2011/11/14 18:35:12 hannken Exp $ */
/* $NetBSD: cd9660_vfsops.c,v 1.75 2012/03/13 18:40:35 elad Exp $ */
/*-
* Copyright (c) 1994
@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: cd9660_vfsops.c,v 1.74 2011/11/14 18:35:12 hannken Exp $");
__KERNEL_RCSID(0, "$NetBSD: cd9660_vfsops.c,v 1.75 2012/03/13 18:40:35 elad Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@ -264,7 +264,8 @@ cd9660_mount(struct mount *mp, const char *path, void *data, size_t *data_len)
* permissions on the device.
*/
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
error = genfs_can_mount(devvp, VREAD, l->l_cred);
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp, KAUTH_ARG(VREAD));
VOP_UNLOCK(devvp);
if (error) {
vrele(devvp);

10
sys/fs/cd9660/cd9660_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: cd9660_vnops.c,v 1.40 2011/09/27 01:27:44 christos Exp $ */
/* $NetBSD: cd9660_vnops.c,v 1.41 2012/03/13 18:40:36 elad Exp $ */
/*-
* Copyright (c) 1994
@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: cd9660_vnops.c,v 1.40 2011/09/27 01:27:44 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: cd9660_vnops.c,v 1.41 2012/03/13 18:40:36 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -117,8 +117,10 @@ cd9660_check_permitted(struct vnode *vp, struct iso_node *ip, mode_t mode,
kauth_cred_t cred)
{
return genfs_can_access(vp->v_type, ip->inode.iso_mode & ALLPERMS,
ip->inode.iso_uid, ip->inode.iso_gid, mode, cred);
return kauth_authorize_vnode(cred, kauth_access_action(mode,
vp->v_type, ip->inode.iso_mode & ALLPERMS), vp, NULL,
genfs_can_access(vp->v_type, ip->inode.iso_mode & ALLPERMS,
ip->inode.iso_uid, ip->inode.iso_gid, mode, cred));
}
int

7
sys/fs/efs/efs_vfsops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: efs_vfsops.c,v 1.22 2011/06/12 03:35:52 rmind Exp $ */
/* $NetBSD: efs_vfsops.c,v 1.23 2012/03/13 18:40:36 elad Exp $ */
/*
* Copyright (c) 2006 Stephen M. Rumble <rumble@ephemeral.org>
@ -17,7 +17,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: efs_vfsops.c,v 1.22 2011/06/12 03:35:52 rmind Exp $");
__KERNEL_RCSID(0, "$NetBSD: efs_vfsops.c,v 1.23 2012/03/13 18:40:36 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -223,7 +223,8 @@ efs_mount(struct mount *mp, const char *path, void *data, size_t *data_len)
* If mount by non-root, then verify that user has necessary
* permissions on the device.
*/
err = genfs_can_mount(devvp, VREAD, l->l_cred);
err = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp, KAUTH_ARG(VREAD));
if (err) {
vput(devvp);
return (err);

9
sys/fs/efs/efs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: efs_vnops.c,v 1.24 2011/05/19 03:11:56 rmind Exp $ */
/* $NetBSD: efs_vnops.c,v 1.25 2012/03/13 18:40:36 elad Exp $ */
/*
* Copyright (c) 2006 Stephen M. Rumble <rumble@ephemeral.org>
@ -17,7 +17,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: efs_vnops.c,v 1.24 2011/05/19 03:11:56 rmind Exp $");
__KERNEL_RCSID(0, "$NetBSD: efs_vnops.c,v 1.25 2012/03/13 18:40:36 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -148,8 +148,9 @@ efs_check_permitted(struct vnode *vp, struct efs_inode *eip, mode_t mode,
kauth_cred_t cred)
{
return genfs_can_access(vp->v_type, eip->ei_mode, eip->ei_uid,
eip->ei_gid, mode, cred);
return kauth_authorize_vnode(cred, kauth_access_action(mode,
vp->v_type, eip->ei_mode), vp, NULL, genfs_can_access(vp->v_type,
eip->ei_mode, eip->ei_uid, eip->ei_gid, mode, cred));
}
static int

7
sys/fs/filecorefs/filecore_vfsops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: filecore_vfsops.c,v 1.68 2011/11/14 18:35:13 hannken Exp $ */
/* $NetBSD: filecore_vfsops.c,v 1.69 2012/03/13 18:40:36 elad Exp $ */
/*-
* Copyright (c) 1994 The Regents of the University of California.
@ -66,7 +66,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: filecore_vfsops.c,v 1.68 2011/11/14 18:35:13 hannken Exp $");
__KERNEL_RCSID(0, "$NetBSD: filecore_vfsops.c,v 1.69 2012/03/13 18:40:36 elad Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@ -282,7 +282,8 @@ filecore_mount(struct mount *mp, const char *path, void *data, size_t *data_len)
* permissions on the device.
*/
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
error = genfs_can_mount(devvp, VREAD, l->l_cred);
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp, KAUTH_ARG(VREAD));
VOP_UNLOCK(devvp);
if (error) {
vrele(devvp);

10
sys/fs/filecorefs/filecore_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: filecore_vnops.c,v 1.33 2011/05/23 22:00:31 rmind Exp $ */
/* $NetBSD: filecore_vnops.c,v 1.34 2012/03/13 18:40:37 elad Exp $ */
/*-
* Copyright (c) 1994 The Regents of the University of California.
@ -66,7 +66,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: filecore_vnops.c,v 1.33 2011/05/23 22:00:31 rmind Exp $");
__KERNEL_RCSID(0, "$NetBSD: filecore_vnops.c,v 1.34 2012/03/13 18:40:37 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -126,8 +126,10 @@ filecore_check_permitted(struct vnode *vp, struct filecore_node *ip,
{
struct filecore_mnt *fcmp = ip->i_mnt;
return genfs_can_access(vp->v_type, filecore_mode(ip),
fcmp->fc_uid, fcmp->fc_gid, mode, cred);
return kauth_authorize_vnode(cred, kauth_access_action(mode,
vp->v_type, filecore_mode(ip)), vp, NULL,
genfs_can_access(vp->v_type, filecore_mode(ip), fcmp->fc_uid,
fcmp->fc_gid, mode, cred));
}
int

8
sys/fs/hfs/hfs_vfsops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: hfs_vfsops.c,v 1.27 2011/06/12 03:35:53 rmind Exp $ */
/* $NetBSD: hfs_vfsops.c,v 1.28 2012/03/13 18:40:37 elad Exp $ */
/*-
* Copyright (c) 2005, 2007 The NetBSD Foundation, Inc.
@ -99,7 +99,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: hfs_vfsops.c,v 1.27 2011/06/12 03:35:53 rmind Exp $");
__KERNEL_RCSID(0, "$NetBSD: hfs_vfsops.c,v 1.28 2012/03/13 18:40:37 elad Exp $");
#ifdef _KERNEL_OPT
#include "opt_compat_netbsd.h"
@ -286,7 +286,9 @@ hfs_mount(struct mount *mp, const char *path, void *data, size_t *data_len)
(mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
error = genfs_can_mount(devvp, accessmode, l->l_cred);
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp,
KAUTH_ARG(accessmode));
VOP_UNLOCK(devvp);
}

14
sys/fs/hfs/hfs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: hfs_vnops.c,v 1.24 2011/09/27 01:14:47 christos Exp $ */
/* $NetBSD: hfs_vnops.c,v 1.25 2012/03/13 18:40:37 elad Exp $ */
/*-
* Copyright (c) 2005, 2007 The NetBSD Foundation, Inc.
@ -101,7 +101,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: hfs_vnops.c,v 1.24 2011/09/27 01:14:47 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: hfs_vnops.c,v 1.25 2012/03/13 18:40:37 elad Exp $");
#ifdef _KERNEL_OPT
#include "opt_ipsec.h"
@ -553,11 +553,13 @@ hfs_check_possible(struct vnode *vp, mode_t mode)
}
static int
hfs_check_permitted(struct vattr *va, mode_t mode, kauth_cred_t cred)
hfs_check_permitted(vnode_t *vp, struct vattr *va, mode_t mode,
kauth_cred_t cred)
{
return genfs_can_access(va->va_type, va->va_mode, va->va_uid,
va->va_gid, mode, cred);
return kauth_authorize_vnode(cred, kauth_access_action(mode,
va->va_type, va->va_mode), vp, NULL, genfs_can_access(va->va_type,
va->va_mode, va->va_uid, va->va_gid, mode, cred));
}
int
@ -580,7 +582,7 @@ hfs_vop_access(void *v)
if ((error = VOP_GETATTR(ap->a_vp, &va, ap->a_cred)) != 0)
return error;
error = hfs_check_permitted(&va, ap->a_mode, ap->a_cred);
error = hfs_check_permitted(ap->a_vp, &va, ap->a_mode, ap->a_cred);
return error;
}

16
sys/fs/msdosfs/msdosfs_vfsops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: msdosfs_vfsops.c,v 1.93 2011/11/14 18:35:13 hannken Exp $ */
/* $NetBSD: msdosfs_vfsops.c,v 1.94 2012/03/13 18:40:37 elad Exp $ */
/*-
* Copyright (C) 1994, 1995, 1997 Wolfgang Solfrank.
@ -48,7 +48,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: msdosfs_vfsops.c,v 1.93 2011/11/14 18:35:13 hannken Exp $");
__KERNEL_RCSID(0, "$NetBSD: msdosfs_vfsops.c,v 1.94 2012/03/13 18:40:37 elad Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@ -361,10 +361,11 @@ msdosfs_mount(struct mount *mp, const char *path, void *data, size_t *data_len)
*/
devvp = pmp->pm_devvp;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
error = genfs_can_mount(devvp, VREAD | VWRITE,
l->l_cred);
error = kauth_authorize_system(l->l_cred,
KAUTH_SYSTEM_MOUNT, KAUTH_REQ_SYSTEM_MOUNT_DEVICE,
mp, devvp, KAUTH_ARG(VREAD | VWRITE));
VOP_UNLOCK(devvp);
DPRINTF(("genfs_can_mount %d\n", error));
DPRINTF(("KAUTH_REQ_SYSTEM_MOUNT_DEVICE %d\n", error));
if (error)
return (error);
@ -404,10 +405,11 @@ msdosfs_mount(struct mount *mp, const char *path, void *data, size_t *data_len)
if ((mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
error = genfs_can_mount(devvp, accessmode, l->l_cred);
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp, KAUTH_ARG(accessmode));
VOP_UNLOCK(devvp);
if (error) {
DPRINTF(("genfs_can_mount %d\n", error));
DPRINTF(("KAUTH_REQ_SYSTEM_MOUNT_DEVICE %d\n", error));
vrele(devvp);
return (error);
}

29
sys/fs/msdosfs/msdosfs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: msdosfs_vnops.c,v 1.79 2011/11/21 10:46:56 hannken Exp $ */
/* $NetBSD: msdosfs_vnops.c,v 1.80 2012/03/13 18:40:38 elad Exp $ */
/*-
* Copyright (C) 1994, 1995, 1997 Wolfgang Solfrank.
@ -48,7 +48,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: msdosfs_vnops.c,v 1.79 2011/11/21 10:46:56 hannken Exp $");
__KERNEL_RCSID(0, "$NetBSD: msdosfs_vnops.c,v 1.80 2012/03/13 18:40:38 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -221,9 +221,11 @@ msdosfs_check_permitted(struct vnode *vp, struct denode *dep, mode_t mode,
else
file_mode = S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH;
return genfs_can_access(vp->v_type,
file_mode & (vp->v_type == VDIR ? pmp->pm_dirmask : pmp->pm_mask),
pmp->pm_uid, pmp->pm_gid, mode, cred);
file_mode &= (vp->v_type == VDIR ? pmp->pm_dirmask : pmp->pm_mask);
return kauth_authorize_vnode(cred, kauth_access_action(mode,
vp->v_type, file_mode), vp, NULL, genfs_can_access(vp->v_type,
file_mode, pmp->pm_uid, pmp->pm_gid, mode, cred));
}
int
@ -375,8 +377,9 @@ msdosfs_setattr(void *v)
error = EROFS;
goto bad;
}
error = genfs_can_chtimes(ap->a_vp, vap->va_vaflags,
pmp->pm_uid, cred);
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES,
ap->a_vp, NULL, genfs_can_chtimes(ap->a_vp, vap->va_vaflags,
pmp->pm_uid, cred));
if (error)
goto bad;
if ((pmp->pm_flags & MSDOSFSMNT_NOWIN95) == 0 &&
@ -398,9 +401,9 @@ msdosfs_setattr(void *v)
error = EROFS;
goto bad;
}
if (kauth_cred_geteuid(cred) != pmp->pm_uid &&
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
NULL)))
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_FLAGS, vp,
NULL, genfs_can_chflags(cred, vp->v_type, pmp->pm_uid, false));
if (error)
goto bad;
/* We ignore the read and execute bits. */
if (vap->va_mode & S_IWUSR)
@ -418,9 +421,9 @@ msdosfs_setattr(void *v)
error = EROFS;
goto bad;
}
if (kauth_cred_geteuid(cred) != pmp->pm_uid &&
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
NULL)))
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_FLAGS, vp,
NULL, genfs_can_chflags(cred, vp->v_type, pmp->pm_uid, false));
if (error)
goto bad;
if (vap->va_flags & SF_ARCHIVED)
dep->de_Attributes &= ~ATTR_ARCHIVE;

7
sys/fs/nilfs/nilfs_vfsops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: nilfs_vfsops.c,v 1.8 2011/11/14 18:35:13 hannken Exp $ */
/* $NetBSD: nilfs_vfsops.c,v 1.9 2012/03/13 18:40:38 elad Exp $ */
/*
* Copyright (c) 2008, 2009 Reinoud Zandijk
@ -28,7 +28,7 @@
#include <sys/cdefs.h>
#ifndef lint
__KERNEL_RCSID(0, "$NetBSD: nilfs_vfsops.c,v 1.8 2011/11/14 18:35:13 hannken Exp $");
__KERNEL_RCSID(0, "$NetBSD: nilfs_vfsops.c,v 1.9 2012/03/13 18:40:38 elad Exp $");
#endif /* not lint */
@ -607,7 +607,8 @@ nilfs_mount_device(struct vnode *devvp, struct mount *mp, struct nilfs_args *arg
if ((mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
error = genfs_can_mount(devvp, accessmode, l->l_cred);
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp, KAUTH_ARG(accessmode));
VOP_UNLOCK(devvp);
if (error) {
vrele(devvp);

10
sys/fs/nilfs/nilfs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: nilfs_vnops.c,v 1.16 2011/11/18 21:18:50 christos Exp $ */
/* $NetBSD: nilfs_vnops.c,v 1.17 2012/03/13 18:40:38 elad Exp $ */
/*
* Copyright (c) 2008, 2009 Reinoud Zandijk
@ -28,7 +28,7 @@
#include <sys/cdefs.h>
#ifndef lint
__KERNEL_RCSID(0, "$NetBSD: nilfs_vnops.c,v 1.16 2011/11/18 21:18:50 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: nilfs_vnops.c,v 1.17 2012/03/13 18:40:38 elad Exp $");
#endif /* not lint */
@ -1036,9 +1036,9 @@ nilfs_check_permitted(struct vnode *vp, struct vattr *vap, mode_t mode,
{
/* ask the generic genfs_can_access to advice on security */
return genfs_can_access(vp->v_type,
vap->va_mode, vap->va_uid, vap->va_gid,
mode, cred);
return kauth_authorize_vnode(cred, kauth_access_action(mode,
vp->v_type, vap->va_mode), vp, NULL, genfs_can_access(vp->v_type,
vap->va_mode, vap->va_uid, vap->va_gid, mode, cred));
}
int

9
sys/fs/ntfs/ntfs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ntfs_vnops.c,v 1.49 2011/05/19 03:11:57 rmind Exp $ */
/* $NetBSD: ntfs_vnops.c,v 1.50 2012/03/13 18:40:49 elad Exp $ */
/*
* Copyright (c) 1992, 1993
@ -36,7 +36,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ntfs_vnops.c,v 1.49 2011/05/19 03:11:57 rmind Exp $");
__KERNEL_RCSID(0, "$NetBSD: ntfs_vnops.c,v 1.50 2012/03/13 18:40:49 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -424,8 +424,9 @@ ntfs_check_permitted(struct vnode *vp, struct ntnode *ip, mode_t mode,
file_mode = ip->i_mp->ntm_mode | (S_IXUSR|S_IXGRP|S_IXOTH);
return genfs_can_access(vp->v_type, file_mode, ip->i_mp->ntm_uid,
ip->i_mp->ntm_gid, mode, cred);
return kauth_authorize_vnode(cred, kauth_access_action(mode, vp->v_type,
file_mode), vp, NULL, genfs_can_access(vp->v_type, file_mode,
ip->i_mp->ntm_uid, ip->i_mp->ntm_gid, mode, cred));
}
int

75
sys/fs/ptyfs/ptyfs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ptyfs_vnops.c,v 1.38 2011/12/12 19:11:21 njoly Exp $ */
/* $NetBSD: ptyfs_vnops.c,v 1.39 2012/03/13 18:40:49 elad Exp $ */
/*
* Copyright (c) 1993, 1995
@ -76,7 +76,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ptyfs_vnops.c,v 1.38 2011/12/12 19:11:21 njoly Exp $");
__KERNEL_RCSID(0, "$NetBSD: ptyfs_vnops.c,v 1.39 2012/03/13 18:40:49 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -361,6 +361,8 @@ ptyfs_setattr(void *v)
kauth_cred_t cred = ap->a_cred;
struct lwp *l = curlwp;
int error;
kauth_action_t action = KAUTH_VNODE_WRITE_FLAGS;
bool changing_sysflags = false;
if (vap->va_size != VNOVAL) {
switch (ptyfs->ptyfs_type) {
@ -377,23 +379,29 @@ ptyfs_setattr(void *v)
if (vap->va_flags != VNOVAL) {
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return EROFS;
if (kauth_cred_geteuid(cred) != ptyfs->ptyfs_uid &&
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
NULL)) != 0)
return error;
/* Immutable and append-only flags are not supported on ptyfs. */
if (vap->va_flags & (IMMUTABLE | APPEND))
return EINVAL;
if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) == 0) {
/* Snapshot flag cannot be set or cleared */
if ((vap->va_flags & SF_SNAPSHOT) !=
(ptyfs->ptyfs_flags & SF_SNAPSHOT))
return EPERM;
/* Snapshot flag cannot be set or cleared */
if ((vap->va_flags & SF_SNAPSHOT) != (ptyfs->ptyfs_flags & SF_SNAPSHOT))
return EPERM;
if ((ptyfs->ptyfs_flags & SF_SETTABLE) != (vap->va_flags & SF_SETTABLE)) {
changing_sysflags = true;
action |= KAUTH_VNODE_WRITE_SYSFLAGS;
}
error = kauth_authorize_vnode(cred, action, vp, NULL,
genfs_can_chflags(cred, vp->v_type, ptyfs->ptyfs_uid,
changing_sysflags));
if (error)
return error;
if (changing_sysflags) {
ptyfs->ptyfs_flags = vap->va_flags;
} else {
if ((ptyfs->ptyfs_flags & SF_SETTABLE) !=
(vap->va_flags & SF_SETTABLE))
return EPERM;
ptyfs->ptyfs_flags &= SF_SETTABLE;
ptyfs->ptyfs_flags |= (vap->va_flags & UF_SETTABLE);
}
@ -419,8 +427,9 @@ ptyfs_setattr(void *v)
return EROFS;
if ((ptyfs->ptyfs_flags & SF_SNAPSHOT) != 0)
return EPERM;
error = genfs_can_chtimes(vp, vap->va_vaflags, ptyfs->ptyfs_uid,
cred);
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp,
NULL, genfs_can_chtimes(vp, vap->va_vaflags,
ptyfs->ptyfs_uid, cred));
if (error)
return (error);
if (vap->va_atime.tv_sec != VNOVAL)
@ -465,8 +474,9 @@ ptyfs_chmod(struct vnode *vp, mode_t mode, kauth_cred_t cred, struct lwp *l)
struct ptyfsnode *ptyfs = VTOPTYFS(vp);
int error;
error = genfs_can_chmod(vp, cred, ptyfs->ptyfs_uid,
ptyfs->ptyfs_gid, mode);
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY, vp,
NULL, genfs_can_chmod(vp->v_type, cred, ptyfs->ptyfs_uid,
ptyfs->ptyfs_gid, mode));
if (error)
return (error);
@ -491,8 +501,9 @@ ptyfs_chown(struct vnode *vp, uid_t uid, gid_t gid, kauth_cred_t cred,
if (gid == (gid_t)VNOVAL)
gid = ptyfs->ptyfs_gid;
error = genfs_can_chown(vp, cred, ptyfs->ptyfs_uid,
ptyfs->ptyfs_gid, uid, gid);
error = kauth_authorize_vnode(cred, KAUTH_VNODE_CHANGE_OWNERSHIP, vp,
NULL, genfs_can_chown(cred, ptyfs->ptyfs_uid, ptyfs->ptyfs_gid,
uid, gid));
if (error)
return (error);
@ -501,21 +512,6 @@ ptyfs_chown(struct vnode *vp, uid_t uid, gid_t gid, kauth_cred_t cred,
return 0;
}
static int
ptyfs_check_possible(struct vnode *vp, mode_t mode)
{
return 0;
}
static int
ptyfs_check_permitted(struct vattr *va, mode_t mode, kauth_cred_t cred)
{
return genfs_can_access(va->va_type, va->va_mode,
va->va_uid, va->va_gid, mode, cred);
}
/*
* implement access checking.
*
@ -539,11 +535,10 @@ ptyfs_access(void *v)
if ((error = VOP_GETATTR(ap->a_vp, &va, ap->a_cred)) != 0)
return error;
error = ptyfs_check_possible(ap->a_vp, ap->a_mode);
if (error)
return error;
error = ptyfs_check_permitted(&va, ap->a_mode, ap->a_cred);
return kauth_authorize_vnode(ap->a_cred,
kauth_access_action(ap->a_mode, ap->a_vp->v_type, va.va_mode),
ap->a_vp, NULL, genfs_can_access(va.va_type, va.va_mode, va.va_uid,
va.va_gid, ap->a_mode, ap->a_cred));
return error;
}

18
sys/fs/smbfs/smbfs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: smbfs_vnops.c,v 1.78 2012/01/27 19:48:40 para Exp $ */
/* $NetBSD: smbfs_vnops.c,v 1.79 2012/03/13 18:40:49 elad Exp $ */
/*-
* Copyright (c) 2003 The NetBSD Foundation, Inc.
@ -64,7 +64,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: smbfs_vnops.c,v 1.78 2012/01/27 19:48:40 para Exp $");
__KERNEL_RCSID(0, "$NetBSD: smbfs_vnops.c,v 1.79 2012/03/13 18:40:49 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -190,10 +190,12 @@ smbfs_check_permitted(struct vnode *vp, struct smbnode *np, mode_t mode,
kauth_cred_t cred)
{
struct smbmount *smp = VTOSMBFS(vp);
mode_t file_mode = (vp->v_type == VDIR) ? smp->sm_args.dir_mode :
smp->sm_args.file_mode;
return genfs_can_access(vp->v_type,
(vp->v_type == VDIR) ? smp->sm_args.dir_mode : smp->sm_args.file_mode,
smp->sm_args.uid, smp->sm_args.gid, mode, cred);
return kauth_authorize_vnode(cred, kauth_access_action(mode,
vp->v_type, file_mode), vp, NULL, genfs_can_access(vp->v_type,
file_mode, smp->sm_args.uid, smp->sm_args.gid, mode, cred));
}
int
@ -457,8 +459,10 @@ smbfs_setattr(void *v)
if (vap->va_atime.tv_sec != VNOVAL)
atime = &vap->va_atime;
if (mtime != atime) {
error = genfs_can_chtimes(ap->a_vp, vap->va_vaflags,
VTOSMBFS(vp)->sm_args.uid, ap->a_cred);
error = kauth_authorize_vnode(ap->a_cred,
KAUTH_VNODE_WRITE_TIMES, ap->a_vp, NULL,
genfs_can_chtimes(ap->a_vp, vap->va_vaflags,
VTOSMBFS(vp)->sm_args.uid, ap->a_cred));
if (error)
return (error);

10
sys/fs/sysvbfs/sysvbfs_vfsops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: sysvbfs_vfsops.c,v 1.38 2011/11/13 23:07:11 christos Exp $ */
/* $NetBSD: sysvbfs_vfsops.c,v 1.39 2012/03/13 18:40:50 elad Exp $ */
/*-
* Copyright (c) 2004 The NetBSD Foundation, Inc.
@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: sysvbfs_vfsops.c,v 1.38 2011/11/13 23:07:11 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: sysvbfs_vfsops.c,v 1.39 2012/03/13 18:40:50 elad Exp $");
#include <sys/types.h>
#include <sys/param.h>
@ -135,8 +135,10 @@ sysvbfs_mount(struct mount *mp, const char *path, void *data, size_t *data_len)
(mp->mnt_iflag & IMNT_WANTRDWR) != 0 :
(mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
error = genfs_can_mount(devvp, accessmode, l->l_cred);
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp,
KAUTH_ARG(accessmode));
}
if (error) {

34
sys/fs/sysvbfs/sysvbfs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: sysvbfs_vnops.c,v 1.40 2012/01/27 21:46:42 njoly Exp $ */
/* $NetBSD: sysvbfs_vnops.c,v 1.41 2012/03/13 18:40:50 elad Exp $ */
/*-
* Copyright (c) 2004 The NetBSD Foundation, Inc.
@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: sysvbfs_vnops.c,v 1.40 2012/01/27 21:46:42 njoly Exp $");
__KERNEL_RCSID(0, "$NetBSD: sysvbfs_vnops.c,v 1.41 2012/03/13 18:40:50 elad Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@ -249,8 +249,9 @@ sysvbfs_check_permitted(struct vnode *vp, struct sysvbfs_node *bnode,
{
struct bfs_fileattr *attr = &bnode->inode->attr;
return genfs_can_access(vp->v_type, attr->mode, attr->uid, attr->gid,
mode, cred);
return kauth_authorize_vnode(cred, kauth_access_action(mode,
vp->v_type, attr->mode), vp, NULL, genfs_can_access(vp->v_type,
attr->mode, attr->uid, attr->gid, mode, cred));
}
int
@ -351,7 +352,7 @@ sysvbfs_setattr(void *arg)
(vap->va_gid != (gid_t)VNOVAL) ? vap->va_gid : attr->gid;
error = kauth_authorize_vnode(cred,
KAUTH_VNODE_CHANGE_OWNERSHIP, vp, NULL,
genfs_can_chown(vp, cred, attr->uid, attr->gid, uid, gid));
genfs_can_chown(cred, attr->uid, attr->gid, uid, gid));
if (error)
return error;
attr->uid = uid;
@ -361,19 +362,28 @@ sysvbfs_setattr(void *arg)
if (vap->va_mode != (mode_t)VNOVAL) {
mode_t mode = vap->va_mode;
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY,
vp, NULL, genfs_can_chmod(vp, cred, attr->uid, attr->gid,
vp, NULL, genfs_can_chmod(vp->v_type, cred, attr->uid, attr->gid,
mode));
if (error)
return error;
attr->mode = mode;
}
if (vap->va_atime.tv_sec != VNOVAL)
attr->atime = vap->va_atime.tv_sec;
if (vap->va_mtime.tv_sec != VNOVAL)
attr->mtime = vap->va_mtime.tv_sec;
if (vap->va_ctime.tv_sec != VNOVAL)
attr->ctime = vap->va_ctime.tv_sec;
if ((vap->va_atime.tv_sec != VNOVAL) ||
(vap->va_mtime.tv_sec != VNOVAL) ||
(vap->va_ctime.tv_sec != VNOVAL)) {
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp,
NULL, genfs_can_chtimes(vp, vap->va_vaflags, attr->uid, cred));
if (error)
return error;
if (vap->va_atime.tv_sec != VNOVAL)
attr->atime = vap->va_atime.tv_sec;
if (vap->va_mtime.tv_sec != VNOVAL)
attr->mtime = vap->va_mtime.tv_sec;
if (vap->va_ctime.tv_sec != VNOVAL)
attr->ctime = vap->va_ctime.tv_sec;
}
bfs_inode_set_attr(bfs, inode, attr);

25
sys/fs/tmpfs/tmpfs_subr.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: tmpfs_subr.c,v 1.78 2011/11/19 22:51:24 tls Exp $ */
/* $NetBSD: tmpfs_subr.c,v 1.79 2012/03/13 18:40:50 elad Exp $ */
/*
* Copyright (c) 2005-2011 The NetBSD Foundation, Inc.
@ -74,7 +74,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.78 2011/11/19 22:51:24 tls Exp $");
__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.79 2012/03/13 18:40:50 elad Exp $");
#include <sys/param.h>
#include <sys/dirent.h>
@ -871,7 +871,8 @@ tmpfs_chflags(vnode_t *vp, int flags, kauth_cred_t cred, lwp_t *l)
{
tmpfs_node_t *node = VP_TO_TMPFS_NODE(vp);
kauth_action_t action = KAUTH_VNODE_WRITE_FLAGS;
int error, fs_decision = 0;
int error;
bool changing_sysflags = false;
KASSERT(VOP_ISLOCKED(vp));
@ -879,19 +880,13 @@ tmpfs_chflags(vnode_t *vp, int flags, kauth_cred_t cred, lwp_t *l)
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return EROFS;
if (kauth_cred_geteuid(cred) != node->tn_uid) {
fs_decision = EACCES;
}
/*
* If the new flags have non-user flags that are different than
* those on the node, we need special permission to change them.
*/
if ((flags & SF_SETTABLE) != (node->tn_flags & SF_SETTABLE)) {
action |= KAUTH_VNODE_WRITE_SYSFLAGS;
if (!fs_decision) {
fs_decision = EPERM;
}
changing_sysflags = true;
}
/*
@ -902,7 +897,9 @@ tmpfs_chflags(vnode_t *vp, int flags, kauth_cred_t cred, lwp_t *l)
action |= KAUTH_VNODE_HAS_SYSFLAGS;
}
error = kauth_authorize_vnode(cred, action, vp, NULL, fs_decision);
error = kauth_authorize_vnode(cred, action, vp, NULL,
genfs_can_chflags(cred, vp->v_type, node->tn_uid,
changing_sysflags));
if (error)
return error;
@ -915,7 +912,7 @@ tmpfs_chflags(vnode_t *vp, int flags, kauth_cred_t cred, lwp_t *l)
* proper permissions, and if we're here it means it's okay to
* change them...
*/
if ((action & KAUTH_VNODE_WRITE_SYSFLAGS) == 0) {
if (!changing_sysflags) {
/* Clear all user-settable flags and re-set them. */
node->tn_flags &= SF_SETTABLE;
node->tn_flags |= (flags & UF_SETTABLE);
@ -949,7 +946,7 @@ tmpfs_chmod(vnode_t *vp, mode_t mode, kauth_cred_t cred, lwp_t *l)
return EPERM;
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY, vp,
NULL, genfs_can_chmod(vp, cred, node->tn_uid, node->tn_gid, mode));
NULL, genfs_can_chmod(vp->v_type, cred, node->tn_uid, node->tn_gid, mode));
if (error) {
return error;
}
@ -992,7 +989,7 @@ tmpfs_chown(vnode_t *vp, uid_t uid, gid_t gid, kauth_cred_t cred, lwp_t *l)
return EPERM;
error = kauth_authorize_vnode(cred, KAUTH_VNODE_CHANGE_OWNERSHIP, vp,
NULL, genfs_can_chown(vp, cred, node->tn_uid, node->tn_gid, uid,
NULL, genfs_can_chown(cred, node->tn_uid, node->tn_gid, uid,
gid));
if (error) {
return error;

59
sys/fs/tmpfs/tmpfs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: tmpfs_vnops.c,v 1.95 2012/02/27 16:10:56 chs Exp $ */
/* $NetBSD: tmpfs_vnops.c,v 1.96 2012/03/13 18:40:50 elad Exp $ */
/*
* Copyright (c) 2005, 2006, 2007 The NetBSD Foundation, Inc.
@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: tmpfs_vnops.c,v 1.95 2012/02/27 16:10:56 chs Exp $");
__KERNEL_RCSID(0, "$NetBSD: tmpfs_vnops.c,v 1.96 2012/03/13 18:40:50 elad Exp $");
#include <sys/param.h>
#include <sys/dirent.h>
@ -253,27 +253,19 @@ tmpfs_lookup(void *v)
/* Check the permissions. */
if (lastcn && (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) {
kauth_action_t action = 0;
/* This is the file-system's decision. */
if ((dnode->tn_mode & S_ISTXT) != 0 &&
kauth_cred_geteuid(cnp->cn_cred) != dnode->tn_uid &&
kauth_cred_geteuid(cnp->cn_cred) != tnode->tn_uid) {
error = EPERM;
} else {
error = VOP_ACCESS(dvp, VWRITE, cnp->cn_cred);
}
if (cnp->cn_nameiop == DELETE) {
action |= KAUTH_VNODE_DELETE;
} else {
KASSERT(cnp->cn_nameiop == RENAME);
action |= KAUTH_VNODE_RENAME;
}
error = kauth_authorize_vnode(cnp->cn_cred,
action, *vpp, dvp, error);
if (error) {
error = VOP_ACCESS(dvp, VWRITE, cnp->cn_cred);
if (error)
goto out;
if ((dnode->tn_mode & S_ISTXT) != 0) {
error = kauth_authorize_vnode(cnp->cn_cred,
KAUTH_VNODE_DELETE, tnode->tn_vnode,
dnode->tn_vnode, genfs_can_sticky(cnp->cn_cred,
dnode->tn_uid, tnode->tn_uid));
if (error) {
error = EPERM;
goto out;
}
}
}
@ -395,7 +387,6 @@ tmpfs_access(void *v)
kauth_cred_t cred = ap->a_cred;
tmpfs_node_t *node = VP_TO_TMPFS_NODE(vp);
const bool writing = (mode & VWRITE) != 0;
int error;
KASSERT(VOP_ISLOCKED(vp));
@ -420,12 +411,9 @@ tmpfs_access(void *v)
return EPERM;
}
/* Permitted? */
error = genfs_can_access(vp->v_type, node->tn_mode, node->tn_uid,
node->tn_gid, mode, cred);
return kauth_authorize_vnode(cred, kauth_mode_to_action(mode), vp,
NULL, error);
return kauth_authorize_vnode(cred, kauth_access_action(mode,
vp->v_type, node->tn_mode), vp, NULL, genfs_can_access(vp->v_type,
node->tn_mode, node->tn_uid, node->tn_gid, mode, cred));
}
int
@ -2042,13 +2030,14 @@ tmpfs_check_sticky(kauth_cred_t cred,
KASSERT((node == NULL) ||
(VOP_ISLOCKED(dnode->tn_vnode) == LK_EXCLUSIVE));
if (node == NULL)
return 0;
if (dnode->tn_mode & S_ISTXT) {
uid_t euid = kauth_cred_geteuid(cred);
if (euid == dnode->tn_uid)
return 0;
if ((node == NULL) || (euid == node->tn_uid))
return 0;
return EPERM;
if (kauth_authorize_vnode(cred, KAUTH_VNODE_DELETE,
node->tn_vnode, dnode->tn_vnode, genfs_can_sticky(cred,
dnode->tn_uid, node->tn_uid)) != 0)
return EPERM;
}
return 0;

7
sys/fs/udf/udf_vfsops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: udf_vfsops.c,v 1.62 2011/11/14 18:35:14 hannken Exp $ */
/* $NetBSD: udf_vfsops.c,v 1.63 2012/03/13 18:40:51 elad Exp $ */
/*
* Copyright (c) 2006, 2008 Reinoud Zandijk
@ -28,7 +28,7 @@
#include <sys/cdefs.h>
#ifndef lint
__KERNEL_RCSID(0, "$NetBSD: udf_vfsops.c,v 1.62 2011/11/14 18:35:14 hannken Exp $");
__KERNEL_RCSID(0, "$NetBSD: udf_vfsops.c,v 1.63 2012/03/13 18:40:51 elad Exp $");
#endif /* not lint */
@ -380,7 +380,8 @@ udf_mount(struct mount *mp, const char *path,
if ((mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
error = genfs_can_mount(devvp, accessmode, l->l_cred);
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp, KAUTH_ARG(accessmode));
VOP_UNLOCK(devvp);
if (error) {
vrele(devvp);

19
sys/fs/udf/udf_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: udf_vnops.c,v 1.69 2011/11/18 21:18:51 christos Exp $ */
/* $NetBSD: udf_vnops.c,v 1.70 2012/03/13 18:40:51 elad Exp $ */
/*
* Copyright (c) 2006, 2008 Reinoud Zandijk
@ -32,7 +32,7 @@
#include <sys/cdefs.h>
#ifndef lint
__KERNEL_RCSID(0, "$NetBSD: udf_vnops.c,v 1.69 2011/11/18 21:18:51 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: udf_vnops.c,v 1.70 2012/03/13 18:40:51 elad Exp $");
#endif /* not lint */
@ -970,7 +970,8 @@ udf_chown(struct vnode *vp, uid_t new_uid, gid_t new_gid,
return EINVAL;
/* check permissions */
error = genfs_can_chown(vp, cred, uid, gid, new_uid, new_gid);
error = kauth_authorize_vnode(cred, KAUTH_VNODE_CHANGE_OWNERSHIP,
vp, NULL, genfs_can_chown(cred, uid, gid, new_uid, new_gid));
if (error)
return (error);
@ -1008,7 +1009,8 @@ udf_chmod(struct vnode *vp, mode_t mode, kauth_cred_t cred)
udf_getownership(udf_node, &uid, &gid);
/* check permissions */
error = genfs_can_chmod(vp, cred, uid, gid, mode);
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY, vp,
NULL, genfs_can_chmod(vp->v_type, cred, uid, gid, mode));
if (error)
return (error);
@ -1116,7 +1118,8 @@ udf_chtimes(struct vnode *vp,
udf_getownership(udf_node, &uid, &gid);
/* check permissions */
error = genfs_can_chtimes(vp, setattrflags, uid, cred);
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp,
NULL, genfs_can_chtimes(vp, setattrflags, uid, cred));
if (error)
return (error);
@ -1371,9 +1374,9 @@ udf_check_permitted(struct vnode *vp, struct vattr *vap, mode_t mode,
{
/* ask the generic genfs_can_access to advice on security */
return genfs_can_access(vp->v_type,
vap->va_mode, vap->va_uid, vap->va_gid,
mode, cred);
return kauth_authorize_vnode(cred, kauth_access_action(mode,
vp->v_type, vap->va_mode), vp, NULL, genfs_can_access(vp->v_type,
vap->va_mode, vap->va_uid, vap->va_gid, mode, cred));
}
int

8
sys/fs/v7fs/v7fs_vfsops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: v7fs_vfsops.c,v 1.5 2011/11/13 23:09:58 christos Exp $ */
/* $NetBSD: v7fs_vfsops.c,v 1.6 2012/03/13 18:40:51 elad Exp $ */
/*-
* Copyright (c) 2004, 2011 The NetBSD Foundation, Inc.
@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: v7fs_vfsops.c,v 1.5 2011/11/13 23:09:58 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: v7fs_vfsops.c,v 1.6 2012/03/13 18:40:51 elad Exp $");
#if defined _KERNEL_OPT
#include "opt_v7fs.h"
#endif
@ -158,7 +158,9 @@ v7fs_mount(struct mount *mp, const char *path, void *data, size_t *data_len)
(mp->mnt_iflag & IMNT_WANTRDWR) != 0 :
(mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
error = genfs_can_mount(devvp, accessmode, l->l_cred);
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp,
KAUTH_ARG(accessmode));
}
if (error) {

49
sys/fs/v7fs/v7fs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: v7fs_vnops.c,v 1.7 2012/01/27 12:22:02 njoly Exp $ */
/* $NetBSD: v7fs_vnops.c,v 1.8 2012/03/13 18:40:51 elad Exp $ */
/*-
* Copyright (c) 2004, 2011 The NetBSD Foundation, Inc.
@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: v7fs_vnops.c,v 1.7 2012/01/27 12:22:02 njoly Exp $");
__KERNEL_RCSID(0, "$NetBSD: v7fs_vnops.c,v 1.8 2012/03/13 18:40:51 elad Exp $");
#if defined _KERNEL_OPT
#include "opt_v7fs.h"
#endif
@ -374,8 +374,9 @@ v7fs_check_permitted(struct vnode *vp, struct v7fs_node *v7node,
struct v7fs_inode *inode = &v7node->inode;
return genfs_can_access(vp->v_type, inode->mode, inode->uid, inode->gid,
mode, cred);
return kauth_authorize_vnode(cred, kauth_access_action(mode,
vp->v_type, inode->mode), vp, NULL, genfs_can_access(vp->v_type,
inode->mode, inode->uid, inode->gid, mode, cred));
}
int
@ -482,6 +483,12 @@ v7fs_setattr(void *v)
}
/* File pointer mode. */
if ((vap->va_flags != VNOVAL) && (vap->va_flags & SF_APPEND)) {
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_FLAGS,
vp, NULL, genfs_can_chflags(cred, vp->v_type, inode->uid,
false));
if (error)
return error;
DPRINTF("Set append-mode.\n");
inode->append_mode = true;
}
@ -499,7 +506,7 @@ v7fs_setattr(void *v)
uid = vap->va_uid;
error = kauth_authorize_vnode(cred,
KAUTH_VNODE_CHANGE_OWNERSHIP, vp, NULL,
genfs_can_chown(vp, cred, inode->uid, inode->gid, uid,
genfs_can_chown(cred, inode->uid, inode->gid, uid,
gid));
if (error)
return error;
@ -509,7 +516,7 @@ v7fs_setattr(void *v)
gid = vap->va_gid;
error = kauth_authorize_vnode(cred,
KAUTH_VNODE_CHANGE_OWNERSHIP, vp, NULL,
genfs_can_chown(vp, cred, inode->uid, inode->gid, uid,
genfs_can_chown(cred, inode->uid, inode->gid, uid,
gid));
if (error)
return error;
@ -518,22 +525,32 @@ v7fs_setattr(void *v)
if (vap->va_mode != (mode_t)VNOVAL) {
mode_t mode = vap->va_mode;
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY,
vp, NULL, genfs_can_chmod(vp, cred, inode->uid, inode->gid,
vp, NULL, genfs_can_chmod(vp->v_type, cred, inode->uid, inode->gid,
mode));
if (error) {
return error;
}
v7fs_inode_chmod(inode, mode);
}
if (vap->va_atime.tv_sec != VNOVAL) {
acc = &vap->va_atime;
}
if (vap->va_mtime.tv_sec != VNOVAL) {
mod = &vap->va_mtime;
v7node->update_mtime = true;
}
if (vap->va_ctime.tv_sec != VNOVAL) {
v7node->update_ctime = true;
if ((vap->va_atime.tv_sec != VNOVAL) ||
(vap->va_mtime.tv_sec != VNOVAL) ||
(vap->va_ctime.tv_sec != VNOVAL)) {
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp,
NULL, genfs_can_chtimes(vp, vap->va_flags, inode->uid,
cred));
if (error)
return error;
if (vap->va_atime.tv_sec != VNOVAL) {
acc = &vap->va_atime;
}
if (vap->va_mtime.tv_sec != VNOVAL) {
mod = &vap->va_mtime;
v7node->update_mtime = true;
}
if (vap->va_ctime.tv_sec != VNOVAL) {
v7node->update_ctime = true;
}
}
v7node->update_atime = true;

28
sys/kern/kern_auth.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: kern_auth.c,v 1.67 2012/03/13 18:36:49 elad Exp $ */
/* $NetBSD: kern_auth.c,v 1.68 2012/03/13 18:40:52 elad Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
@ -28,7 +28,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.67 2012/03/13 18:36:49 elad Exp $");
__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.68 2012/03/13 18:40:52 elad Exp $");
#include <sys/types.h>
#include <sys/param.h>
@ -1072,6 +1072,30 @@ kauth_mode_to_action(mode_t mode)
return action;
}
kauth_action_t
kauth_access_action(mode_t access_mode, enum vtype vn_type, mode_t file_mode)
{
kauth_action_t action = kauth_mode_to_action(access_mode);
if (FS_OBJECT_CAN_EXEC(vn_type, file_mode))
action |= KAUTH_VNODE_IS_EXEC;
return action;
}
kauth_action_t
kauth_extattr_action(mode_t access_mode)
{
kauth_action_t action = 0;
if (access_mode & VREAD)
action |= KAUTH_VNODE_READ_EXTATTRIBUTES;
if (access_mode & VWRITE)
action |= KAUTH_VNODE_WRITE_EXTATTRIBUTES;
return action;
}
int
kauth_authorize_vnode(kauth_cred_t cred, kauth_action_t action,
struct vnode *vp, struct vnode *dvp, int fs_decision)

21
sys/kern/kern_exec.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: kern_exec.c,v 1.346 2012/03/10 14:35:05 martin Exp $ */
/* $NetBSD: kern_exec.c,v 1.347 2012/03/13 18:40:52 elad Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@ -59,7 +59,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.346 2012/03/10 14:35:05 martin Exp $");
__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.347 2012/03/13 18:40:52 elad Exp $");
#include "opt_exec.h"
#include "opt_ktrace.h"
@ -599,10 +599,15 @@ execve_loadvm(struct lwp *l, const char *path, char * const *args,
* to call exec in order to do something useful.
*/
retry:
if ((p->p_flag & PK_SUGID) && kauth_authorize_generic(l->l_cred,
KAUTH_GENERIC_ISSUSER, NULL) != 0 && chgproccnt(kauth_cred_getuid(
l->l_cred), 0) > p->p_rlimit[RLIMIT_NPROC].rlim_cur)
if (p->p_flag & PK_SUGID) {
if (kauth_authorize_process(l->l_cred, KAUTH_PROCESS_RLIMIT,
p, KAUTH_ARG(KAUTH_REQ_PROCESS_RLIMIT_BYPASS),
&p->p_rlimit[RLIMIT_NPROC],
KAUTH_ARG(RLIMIT_NPROC)) != 0 &&
chgproccnt(kauth_cred_getuid(l->l_cred), 0) >
p->p_rlimit[RLIMIT_NPROC].rlim_cur)
return EAGAIN;
}
/*
* Drain existing references and forbid new ones. The process
@ -2033,8 +2038,10 @@ sys_posix_spawn(struct lwp *l1, const struct sys_posix_spawn_args *uap,
* Enforce limits.
*/
count = chgproccnt(uid, 1);
if (kauth_authorize_generic(l1->l_cred, KAUTH_GENERIC_ISSUSER, NULL) !=
0 && __predict_false(count > p1->p_rlimit[RLIMIT_NPROC].rlim_cur)) {
if (kauth_authorize_process(l1->l_cred, KAUTH_PROCESS_RLIMIT,
p1, KAUTH_ARG(KAUTH_REQ_PROCESS_RLIMIT_BYPASS),
&p1->p_rlimit[RLIMIT_NPROC], KAUTH_ARG(RLIMIT_NPROC)) != 0 &&
__predict_false(count > p1->p_rlimit[RLIMIT_NPROC].rlim_cur)) {
error = EAGAIN;
goto error_exit;
}

21
sys/kern/kern_fork.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: kern_fork.c,v 1.188 2012/03/02 21:23:05 rmind Exp $ */
/* $NetBSD: kern_fork.c,v 1.189 2012/03/13 18:40:52 elad Exp $ */
/*-
* Copyright (c) 1999, 2001, 2004, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@ -67,7 +67,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: kern_fork.c,v 1.188 2012/03/02 21:23:05 rmind Exp $");
__KERNEL_RCSID(0, "$NetBSD: kern_fork.c,v 1.189 2012/03/13 18:40:52 elad Exp $");
#include "opt_ktrace.h"
@ -249,13 +249,16 @@ fork1(struct lwp *l1, int flags, int exitsig, void *stack, size_t stacksize,
* Enforce limits.
*/
count = chgproccnt(uid, 1);
if (kauth_authorize_generic(l1->l_cred, KAUTH_GENERIC_ISSUSER, NULL) !=
0 && __predict_false(count > p1->p_rlimit[RLIMIT_NPROC].rlim_cur)) {
(void)chgproccnt(uid, -1);
atomic_dec_uint(&nprocs);
if (forkfsleep)
kpause("forkulim", false, forkfsleep, NULL);
return EAGAIN;
if (__predict_false(count > p1->p_rlimit[RLIMIT_NPROC].rlim_cur)) {
if (kauth_authorize_process(l1->l_cred, KAUTH_PROCESS_RLIMIT,
p1, KAUTH_ARG(KAUTH_REQ_PROCESS_RLIMIT_BYPASS),
&p1->p_rlimit[RLIMIT_NPROC], KAUTH_ARG(RLIMIT_NPROC)) != 0) {
(void)chgproccnt(uid, -1);
atomic_dec_uint(&nprocs);
if (forkfsleep)
kpause("forkulim", false, forkfsleep, NULL);
return EAGAIN;
}
}
/*

34
sys/kern/kern_verifiedexec.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: kern_verifiedexec.c,v 1.128 2011/11/20 10:32:33 hannken Exp $ */
/* $NetBSD: kern_verifiedexec.c,v 1.129 2012/03/13 18:40:52 elad Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.128 2011/11/20 10:32:33 hannken Exp $");
__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.129 2012/03/13 18:40:52 elad Exp $");
#include "opt_veriexec.h"
@ -113,7 +113,7 @@ struct veriexec_table_entry {
};
static int veriexec_verbose;
int veriexec_strict;
static int veriexec_strict;
static int veriexec_bypass = 1;
static char *veriexec_fp_names = NULL;
@ -315,6 +315,30 @@ veriexec_mountspecific_dtor(void *v)
kmem_free(vte, sizeof(*vte));
}
static int
veriexec_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
void *arg0, void *arg1, void *arg2, void *arg3)
{
int result;
enum kauth_system_req req;
if (action != KAUTH_SYSTEM_VERIEXEC)
return KAUTH_RESULT_DEFER;
result = KAUTH_RESULT_DEFER;
req = (enum kauth_system_req)arg0;
if (req == KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY &&
veriexec_strict > VERIEXEC_LEARNING) {
log(LOG_WARNING, "Veriexec: Strict mode, modifying "
"tables not permitted.\n");
result = KAUTH_RESULT_DENY;
}
return result;
}
/*
* Initialise Veriexec.
*/
@ -339,6 +363,10 @@ veriexec_init(void)
if (error)
panic("Veriexec: Can't create mountspecific key");
if (kauth_listen_scope(KAUTH_SCOPE_SYSTEM, veriexec_listener_cb,
NULL) == NULL)
panic("Veriexec: Can't listen on system scope");
rw_init(&veriexec_op_lock);
#define FPOPS_ADD(a, b, c, d, e, f) \

34
sys/kern/sys_mqueue.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: sys_mqueue.c,v 1.33 2011/04/25 11:39:42 martin Exp $ */
/* $NetBSD: sys_mqueue.c,v 1.34 2012/03/13 18:40:53 elad Exp $ */
/*
* Copyright (c) 2007-2011 Mindaugas Rasiukevicius <rmind at NetBSD org>
@ -43,7 +43,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: sys_mqueue.c,v 1.33 2011/04/25 11:39:42 martin Exp $");
__KERNEL_RCSID(0, "$NetBSD: sys_mqueue.c,v 1.34 2012/03/13 18:40:53 elad Exp $");
#include <sys/param.h>
#include <sys/types.h>
@ -81,6 +81,8 @@ static kmutex_t mqlist_lock __cacheline_aligned;
static LIST_HEAD(, mqueue) mqueue_head __cacheline_aligned;
static struct sysctllog * mqsysctl_log;
static kauth_listener_t mq_listener;
static int mqueue_sysinit(void);
static int mqueue_sysfini(bool);
static int mqueue_sysctl_init(void);
@ -114,6 +116,26 @@ static const struct syscall_package mqueue_syscalls[] = {
{ 0, 0, NULL }
};
static int
mq_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
void *arg0, void *arg1, void *arg2, void *arg3)
{
mqueue_t *mq;
int result;
if (action != KAUTH_SYSTEM_MQUEUE)
return KAUTH_RESULT_DEFER;
result = KAUTH_RESULT_DEFER;
mq = arg1;
if (kauth_cred_geteuid(cred) == mq->mq_euid)
result = KAUTH_RESULT_ALLOW;
return result;
}
/*
* Initialisation and unloading of POSIX message queue subsystem.
*/
@ -137,6 +159,8 @@ mqueue_sysinit(void)
if (error) {
(void)mqueue_sysfini(false);
}
mq_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
mq_listener_cb, NULL);
return error;
}
@ -166,6 +190,8 @@ mqueue_sysfini(bool interface)
if (mqsysctl_log != NULL)
sysctl_teardown(&mqsysctl_log);
kauth_unlisten_scope(mq_listener);
mutex_destroy(&mqlist_lock);
pool_cache_destroy(mqmsg_cache);
return 0;
@ -1062,8 +1088,8 @@ sys_mq_unlink(struct lwp *l, const struct sys_mq_unlink_args *uap,
KASSERT(mutex_owned(&mq->mq_mtx));
/* Verify permissions. */
if (kauth_cred_geteuid(l->l_cred) != mq->mq_euid &&
kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, NULL)) {
if (kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MQUEUE, 0, mq,
NULL, NULL)) {
mutex_exit(&mq->mq_mtx);
error = EACCES;
goto err;

68
sys/kern/sysv_ipc.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: sysv_ipc.c,v 1.23 2009/04/16 14:55:44 rmind Exp $ */
/* $NetBSD: sysv_ipc.c,v 1.24 2012/03/13 18:40:53 elad Exp $ */
/*-
* Copyright (c) 1998, 2007 The NetBSD Foundation, Inc.
@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: sysv_ipc.c,v 1.23 2009/04/16 14:55:44 rmind Exp $");
__KERNEL_RCSID(0, "$NetBSD: sysv_ipc.c,v 1.24 2012/03/13 18:40:53 elad Exp $");
#include "opt_sysv.h"
#include "opt_compat_netbsd.h"
@ -59,24 +59,32 @@ __KERNEL_RCSID(0, "$NetBSD: sysv_ipc.c,v 1.23 2009/04/16 14:55:44 rmind Exp $");
#include <compat/sys/ipc.h>
#endif
/*
* Check for ipc permission
*/
static kauth_listener_t sysvipc_listener = NULL;
int
ipcperm(kauth_cred_t cred, struct ipc_perm *perm, int mode)
static int
sysvipc_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
void *arg0, void *arg1, void *arg2, void *arg3)
{
mode_t mask;
int ismember = 0;
struct ipc_perm *perm;
int mode;
enum kauth_system_req req;
if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) == 0)
return (0);
req = (enum kauth_system_req)arg0;
if (!(action == KAUTH_SYSTEM_SYSVIPC &&
req == KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS))
return KAUTH_RESULT_DEFER;
perm = arg1;
mode = (int)(uintptr_t)arg2;
if (mode == IPC_M) {
if (kauth_cred_geteuid(cred) == perm->uid ||
kauth_cred_geteuid(cred) == perm->cuid)
return (0);
return (EPERM);
return (KAUTH_RESULT_ALLOW);
return (KAUTH_RESULT_DEFER); /* EPERM */
}
mask = 0;
@ -87,7 +95,7 @@ ipcperm(kauth_cred_t cred, struct ipc_perm *perm, int mode)
mask |= S_IRUSR;
if (mode & IPC_W)
mask |= S_IWUSR;
return ((perm->mode & mask) == mask ? 0 : EACCES);
return ((perm->mode & mask) == mask ? KAUTH_RESULT_ALLOW : KAUTH_RESULT_DEFER /* EACCES */);
}
if (kauth_cred_getegid(cred) == perm->gid ||
@ -98,14 +106,46 @@ ipcperm(kauth_cred_t cred, struct ipc_perm *perm, int mode)
mask |= S_IRGRP;
if (mode & IPC_W)
mask |= S_IWGRP;
return ((perm->mode & mask) == mask ? 0 : EACCES);
return ((perm->mode & mask) == mask ? KAUTH_RESULT_ALLOW : KAUTH_RESULT_DEFER /* EACCES */);
}
if (mode & IPC_R)
mask |= S_IROTH;
if (mode & IPC_W)
mask |= S_IWOTH;
return ((perm->mode & mask) == mask ? 0 : EACCES);
return ((perm->mode & mask) == mask ? KAUTH_RESULT_ALLOW : KAUTH_RESULT_DEFER /* EACCES */);
}
/*
* Check for ipc permission
*/
int
ipcperm(kauth_cred_t cred, struct ipc_perm *perm, int mode)
{
int error;
error = kauth_authorize_system(cred, KAUTH_SYSTEM_SYSVIPC,
KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS, perm, KAUTH_ARG(mode), NULL);
if (error == 0)
return (0);
/* Adjust EPERM and EACCES errors until there's a better way to do this. */
if (mode != IPC_M)
error = EACCES;
return error;
}
void
sysvipcinit(void)
{
if (sysvipc_listener != NULL)
return;
sysvipc_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
sysvipc_listener_cb, NULL);
}
static int

12
sys/kern/sysv_msg.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: sysv_msg.c,v 1.62 2011/07/30 06:19:02 uebayasi Exp $ */
/* $NetBSD: sysv_msg.c,v 1.63 2012/03/13 18:40:54 elad Exp $ */
/*-
* Copyright (c) 1999, 2006, 2007 The NetBSD Foundation, Inc.
@ -50,7 +50,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: sysv_msg.c,v 1.62 2011/07/30 06:19:02 uebayasi Exp $");
__KERNEL_RCSID(0, "$NetBSD: sysv_msg.c,v 1.63 2012/03/13 18:40:54 elad Exp $");
#define SYSVMSG
@ -154,6 +154,8 @@ msginit(void)
mutex_init(&msgmutex, MUTEX_DEFAULT, IPL_NONE);
cv_init(&msg_realloc_cv, "msgrealc");
msg_realloc_state = false;
sysvipcinit();
}
static int
@ -487,8 +489,10 @@ msgctl1(struct lwp *l, int msqid, int cmd, struct msqid_ds *msqbuf)
if ((error = ipcperm(cred, &msqptr->msg_perm, IPC_M)))
break;
if (msqbuf->msg_qbytes > msqptr->msg_qbytes &&
kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
NULL) != 0) {
kauth_authorize_system(cred, KAUTH_SYSTEM_SYSVIPC,
KAUTH_REQ_SYSTEM_SYSVIPC_MSGQ_OVERSIZE,
KAUTH_ARG(msqbuf->msg_qbytes),
KAUTH_ARG(msqptr->msg_qbytes), NULL) != 0) {
error = EPERM;
break;
}

6
sys/kern/sysv_sem.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: sysv_sem.c,v 1.88 2011/07/30 06:19:02 uebayasi Exp $ */
/* $NetBSD: sysv_sem.c,v 1.89 2012/03/13 18:40:54 elad Exp $ */
/*-
* Copyright (c) 1999, 2007 The NetBSD Foundation, Inc.
@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: sysv_sem.c,v 1.88 2011/07/30 06:19:02 uebayasi Exp $");
__KERNEL_RCSID(0, "$NetBSD: sysv_sem.c,v 1.89 2012/03/13 18:40:54 elad Exp $");
#define SYSVSEM
@ -129,6 +129,8 @@ seminit(void)
}
semu_list = NULL;
exithook_establish(semexit, NULL);
sysvipcinit();
}
static int

12
sys/kern/sysv_shm.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: sysv_shm.c,v 1.122 2011/08/27 09:11:52 christos Exp $ */
/* $NetBSD: sysv_shm.c,v 1.123 2012/03/13 18:40:54 elad Exp $ */
/*-
* Copyright (c) 1999, 2007 The NetBSD Foundation, Inc.
@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: sysv_shm.c,v 1.122 2011/08/27 09:11:52 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: sysv_shm.c,v 1.123 2012/03/13 18:40:54 elad Exp $");
#define SYSVSHM
@ -574,8 +574,10 @@ shmctl1(struct lwp *l, int shmid, int cmd, struct shmid_ds *shmbuf)
break;
case SHM_LOCK:
case SHM_UNLOCK:
if ((error = kauth_authorize_generic(cred,
KAUTH_GENERIC_ISSUSER, NULL)) != 0)
if ((error = kauth_authorize_system(cred,
KAUTH_SYSTEM_SYSVIPC,
(cmd == SHM_LOCK) ? KAUTH_REQ_SYSTEM_SYSVIPC_SHM_LOCK :
KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK, NULL, NULL, NULL)) != 0)
break;
error = shm_memlock(l, shmseg, shmid, cmd);
break;
@ -979,6 +981,8 @@ shminit(void)
shm_committed = 0;
shm_realloc_disable = 0;
shm_realloc_state = false;
sysvipcinit();
}
static int

43
sys/kern/uipc_sem.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: uipc_sem.c,v 1.37 2012/03/09 21:03:46 joerg Exp $ */
/* $NetBSD: uipc_sem.c,v 1.38 2012/03/13 18:40:55 elad Exp $ */
/*-
* Copyright (c) 2011 The NetBSD Foundation, Inc.
@ -60,7 +60,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: uipc_sem.c,v 1.37 2012/03/09 21:03:46 joerg Exp $");
__KERNEL_RCSID(0, "$NetBSD: uipc_sem.c,v 1.38 2012/03/13 18:40:55 elad Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@ -108,6 +108,8 @@ static LIST_HEAD(,ksem) ksem_head __cacheline_aligned;
static u_int nsems_total __cacheline_aligned;
static u_int nsems __cacheline_aligned;
static kauth_listener_t ksem_listener;
static int ksem_sysinit(void);
static int ksem_sysfini(bool);
static int ksem_modcmd(modcmd_t, void *);
@ -139,6 +141,27 @@ static const struct syscall_package ksem_syscalls[] = {
{ 0, 0, NULL },
};
static int
ksem_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
void *arg0, void *arg1, void *arg2, void *arg3)
{
ksem_t *ks;
mode_t mode;
if (action != KAUTH_SYSTEM_SEMAPHORE)
return KAUTH_RESULT_DEFER;
ks = arg1;
mode = ks->ks_mode;
if ((kauth_cred_geteuid(cred) == ks->ks_uid && (mode & S_IWUSR) != 0) ||
(kauth_cred_getegid(cred) == ks->ks_gid && (mode & S_IWGRP) != 0) ||
(mode & S_IWOTH) != 0)
return KAUTH_RESULT_ALLOW;
return KAUTH_RESULT_DEFER;
}
static int
ksem_sysinit(void)
{
@ -153,6 +176,10 @@ ksem_sysinit(void)
if (error) {
(void)ksem_sysfini(false);
}
ksem_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
ksem_listener_cb, NULL);
return error;
}
@ -176,6 +203,7 @@ ksem_sysfini(bool interface)
return EBUSY;
}
}
kauth_unlisten_scope(ksem_listener);
mutex_destroy(&ksem_lock);
return 0;
}
@ -216,16 +244,13 @@ static int
ksem_perm(lwp_t *l, ksem_t *ks)
{
kauth_cred_t uc = l->l_cred;
mode_t mode = ks->ks_mode;
KASSERT(mutex_owned(&ks->ks_lock));
if ((kauth_cred_geteuid(uc) == ks->ks_uid && (mode & S_IWUSR) != 0) ||
(kauth_cred_getegid(uc) == ks->ks_gid && (mode & S_IWGRP) != 0) ||
(mode & S_IWOTH) != 0 ||
kauth_authorize_generic(uc, KAUTH_GENERIC_ISSUSER, NULL) == 0)
return 0;
return EACCES;
if (kauth_authorize_system(uc, KAUTH_SYSTEM_SEMAPHORE, 0, ks, NULL, NULL) != 0)
return EACCES;
return 0;
}
/*

19
sys/kern/vfs_init.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: vfs_init.c,v 1.45 2009/10/05 04:20:13 elad Exp $ */
/* $NetBSD: vfs_init.c,v 1.46 2012/03/13 18:40:55 elad Exp $ */
/*-
* Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc.
@ -67,7 +67,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: vfs_init.c,v 1.45 2009/10/05 04:20:13 elad Exp $");
__KERNEL_RCSID(0, "$NetBSD: vfs_init.c,v 1.46 2012/03/13 18:40:55 elad Exp $");
#include <sys/param.h>
#include <sys/mount.h>
@ -375,11 +375,20 @@ mount_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
result = KAUTH_RESULT_DEFER;
req = (enum kauth_system_req)arg0;
if ((action != KAUTH_SYSTEM_MOUNT) ||
(req != KAUTH_REQ_SYSTEM_MOUNT_GET))
if (action != KAUTH_SYSTEM_MOUNT)
return result;
result = KAUTH_RESULT_ALLOW;
if (req == KAUTH_REQ_SYSTEM_MOUNT_GET)
result = KAUTH_RESULT_ALLOW;
else if (req == KAUTH_REQ_SYSTEM_MOUNT_DEVICE) {
vnode_t *devvp = arg2;
mode_t access_mode = (mode_t)(unsigned long)arg3;
int error;
error = VOP_ACCESS(devvp, access_mode, cred);
if (!error)
result = KAUTH_RESULT_ALLOW;
}
return result;
}

23
sys/kern/vfs_mount.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: vfs_mount.c,v 1.12 2011/11/18 21:17:45 christos Exp $ */
/* $NetBSD: vfs_mount.c,v 1.13 2012/03/13 18:40:55 elad Exp $ */
/*-
* Copyright (c) 1997-2011 The NetBSD Foundation, Inc.
@ -67,7 +67,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: vfs_mount.c,v 1.12 2011/11/18 21:17:45 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: vfs_mount.c,v 1.13 2012/03/13 18:40:55 elad Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@ -642,7 +642,6 @@ mount_domount(struct lwp *l, vnode_t **vpp, struct vfsops *vfsops,
{
vnode_t *vp = *vpp;
struct mount *mp;
struct vattr va;
struct pathbuf *pb;
struct nameidata nd;
int error;
@ -660,24 +659,6 @@ mount_domount(struct lwp *l, vnode_t **vpp, struct vfsops *vfsops,
return ENOTDIR;
}
/*
* If the user is not root, ensure that they own the directory
* onto which we are attempting to mount.
*/
vn_lock(vp, LK_SHARED | LK_RETRY);
error = VOP_GETATTR(vp, &va, l->l_cred);
VOP_UNLOCK(vp);
if (error != 0) {
vfs_delref(vfsops);
return error;
}
if ((va.va_uid != kauth_cred_geteuid(l->l_cred) &&
(error = kauth_authorize_generic(l->l_cred,
KAUTH_GENERIC_ISSUSER, NULL)) != 0)) {
vfs_delref(vfsops);
return error;
}
if (flags & MNT_EXPORTED) {
vfs_delref(vfsops);
return EINVAL;

8
sys/kern/vfs_subr.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: vfs_subr.c,v 1.432 2012/02/01 05:34:41 dholland Exp $ */
/* $NetBSD: vfs_subr.c,v 1.433 2012/03/13 18:40:55 elad Exp $ */
/*-
* Copyright (c) 1997, 1998, 2004, 2005, 2007, 2008 The NetBSD Foundation, Inc.
@ -67,7 +67,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: vfs_subr.c,v 1.432 2012/02/01 05:34:41 dholland Exp $");
__KERNEL_RCSID(0, "$NetBSD: vfs_subr.c,v 1.433 2012/03/13 18:40:55 elad Exp $");
#include "opt_ddb.h"
#include "opt_compat_netbsd.h"
@ -796,7 +796,9 @@ vaccess(enum vtype type, mode_t file_mode, uid_t uid, gid_t gid,
printf("vaccess: deprecated interface used.\n");
#endif /* DIAGNOSTIC */
return genfs_can_access(type, file_mode, uid, gid, acc_mode, cred);
return kauth_authorize_vnode(cred, kauth_access_action(acc_mode,
type, file_mode), NULL /* This may panic. */, NULL,
genfs_can_access(type, file_mode, uid, gid, acc_mode, cred));
}
/*

43
sys/kern/vfs_syscalls.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: vfs_syscalls.c,v 1.449 2012/02/12 13:12:45 martin Exp $ */
/* $NetBSD: vfs_syscalls.c,v 1.450 2012/03/13 18:40:56 elad Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@ -70,7 +70,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.449 2012/02/12 13:12:45 martin Exp $");
__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.450 2012/03/13 18:40:56 elad Exp $");
#ifdef _KERNEL_OPT
#include "opt_fileassoc.h"
@ -3054,22 +3054,11 @@ change_flags(struct vnode *vp, u_long flags, struct lwp *l)
int error;
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
/*
* Non-superusers cannot change the flags on devices, even if they
* own them.
*/
if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, NULL)) {
if ((error = VOP_GETATTR(vp, &vattr, l->l_cred)) != 0)
goto out;
if (vattr.va_type == VCHR || vattr.va_type == VBLK) {
error = EINVAL;
goto out;
}
}
vattr_null(&vattr);
vattr.va_flags = flags;
error = VOP_SETATTR(vp, &vattr, l->l_cred);
out:
return (error);
}
@ -3370,9 +3359,18 @@ change_owner(struct vnode *vp, uid_t uid, gid_t gid, struct lwp *l,
* implementation-defined; we leave the set-user-id and set-
* group-id settings intact in that case.
*/
if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
NULL) != 0)
newmode &= ~(S_ISUID | S_ISGID);
if (vattr.va_mode & S_ISUID) {
error = kauth_authorize_vnode(l->l_cred,
KAUTH_VNODE_RETAIN_SUID, vp, NULL, EPERM);
if (error)
newmode &= ~S_ISUID;
}
if (vattr.va_mode & S_ISGID) {
error = kauth_authorize_vnode(l->l_cred,
KAUTH_VNODE_RETAIN_SGID, vp, NULL, EPERM);
if (error)
newmode &= ~S_ISGID;
}
} else {
/*
* NetBSD semantics: when changing owner and/or group,
@ -4235,16 +4233,17 @@ int
dorevoke(struct vnode *vp, kauth_cred_t cred)
{
struct vattr vattr;
int error;
int error, fs_decision;
vn_lock(vp, LK_SHARED | LK_RETRY);
error = VOP_GETATTR(vp, &vattr, cred);
VOP_UNLOCK(vp);
if (error != 0)
return error;
if (kauth_cred_geteuid(cred) == vattr.va_uid ||
(error = kauth_authorize_generic(cred,
KAUTH_GENERIC_ISSUSER, NULL)) == 0)
fs_decision = (kauth_cred_geteuid(cred) == vattr.va_uid) ? 0 : EPERM;
error = kauth_authorize_vnode(cred, KAUTH_VNODE_REVOKE, vp, NULL,
fs_decision);
if (!error)
VOP_REVOKE(vp, REVOKEALL);
return (error);
}

27
sys/kern/vfs_xattr.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: vfs_xattr.c,v 1.29 2011/11/09 18:29:28 drochner Exp $ */
/* $NetBSD: vfs_xattr.c,v 1.30 2012/03/13 18:40:57 elad Exp $ */
/*-
* Copyright (c) 2005, 2008 The NetBSD Foundation, Inc.
@ -68,7 +68,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: vfs_xattr.c,v 1.29 2011/11/09 18:29:28 drochner Exp $");
__KERNEL_RCSID(0, "$NetBSD: vfs_xattr.c,v 1.30 2012/03/13 18:40:57 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -87,6 +87,8 @@ __KERNEL_RCSID(0, "$NetBSD: vfs_xattr.c,v 1.29 2011/11/09 18:29:28 drochner Exp
#include <sys/kauth.h>
#include <sys/ktrace.h>
#include <miscfs/genfs/genfs.h>
/*
* Credential check based on process requesting service, and per-attribute
* permissions.
@ -94,28 +96,15 @@ __KERNEL_RCSID(0, "$NetBSD: vfs_xattr.c,v 1.29 2011/11/09 18:29:28 drochner Exp
* NOTE: Vnode must be locked.
*/
int
extattr_check_cred(struct vnode *vp, int attrnamespace,
kauth_cred_t cred, struct lwp *l, int access)
extattr_check_cred(struct vnode *vp, const char *attr, kauth_cred_t cred,
int access)
{
if (cred == NOCRED)
return (0);
switch (attrnamespace) {
case EXTATTR_NAMESPACE_SYSTEM:
/*
* Do we really want to allow this, or just require that
* these requests come from kernel code (NOCRED case above)?
*/
return (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
NULL));
case EXTATTR_NAMESPACE_USER:
return (VOP_ACCESS(vp, access, cred));
default:
return (EPERM);
}
return kauth_authorize_vnode(cred, kauth_extattr_action(access), vp,
NULL, genfs_can_extattr(cred, access, vp, attr));
}
/*

10
sys/miscfs/genfs/genfs.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: genfs.h,v 1.28 2009/11/30 10:59:20 pooka Exp $ */
/* $NetBSD: genfs.h,v 1.29 2012/03/13 18:40:57 elad Exp $ */
#ifndef _MISCFS_GENFS_GENFS_H_
#define _MISCFS_GENFS_GENFS_H_
@ -40,9 +40,11 @@ void genfs_renamelock_exit(struct mount *);
int genfs_can_access(enum vtype, mode_t, uid_t, gid_t, mode_t,
kauth_cred_t);
int genfs_can_chmod(vnode_t *, kauth_cred_t, uid_t, gid_t, mode_t);
int genfs_can_chown(vnode_t *, kauth_cred_t, uid_t, gid_t, uid_t, gid_t);
int genfs_can_mount(vnode_t *, mode_t, kauth_cred_t);
int genfs_can_chmod(enum vtype, kauth_cred_t, uid_t, gid_t, mode_t);
int genfs_can_chown(kauth_cred_t, uid_t, gid_t, uid_t, gid_t);
int genfs_can_chtimes(vnode_t *, u_int, uid_t, kauth_cred_t);
int genfs_can_chflags(kauth_cred_t, enum vtype, uid_t, bool);
int genfs_can_sticky(kauth_cred_t, uid_t, uid_t);
int genfs_can_extattr(kauth_cred_t, int, vnode_t *, const char *);
#endif /* !_MISCFS_GENFS_GENFS_H_ */

139
sys/miscfs/genfs/genfs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: genfs_vnops.c,v 1.187 2011/06/12 03:35:58 rmind Exp $ */
/* $NetBSD: genfs_vnops.c,v 1.188 2012/03/13 18:40:57 elad Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@ -57,7 +57,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: genfs_vnops.c,v 1.187 2011/06/12 03:35:58 rmind Exp $");
__KERNEL_RCSID(0, "$NetBSD: genfs_vnops.c,v 1.188 2012/03/13 18:40:57 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -580,17 +580,6 @@ genfs_can_access(enum vtype type, mode_t file_mode, uid_t uid, gid_t gid,
mode_t mask;
int error, ismember;
/*
* Super-user always gets read/write access, but execute access depends
* on at least one execute bit being set.
*/
if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) == 0) {
if ((acc_mode & VEXEC) && type != VDIR &&
(file_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) == 0)
return (EACCES);
return (0);
}
mask = 0;
/* Otherwise, check the owner. */
@ -632,7 +621,6 @@ genfs_can_access(enum vtype type, mode_t file_mode, uid_t uid, gid_t gid,
* Common routine to check if chmod() is allowed.
*
* Policy:
* - You must be root, or
* - You must own the file, and
* - You must not set the "sticky" bit (meaningless, see chmod(2))
* - You must be a member of the group if you're trying to set the
@ -646,25 +634,19 @@ genfs_can_access(enum vtype type, mode_t file_mode, uid_t uid, gid_t gid,
* Returns 0 if the change is allowed, or an error value otherwise.
*/
int
genfs_can_chmod(vnode_t *vp, kauth_cred_t cred, uid_t cur_uid,
genfs_can_chmod(enum vtype type, kauth_cred_t cred, uid_t cur_uid,
gid_t cur_gid, mode_t new_mode)
{
int error;
/* Superuser can always change mode. */
error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
NULL);
if (!error)
return (0);
/* Otherwise, user must own the file. */
/* The user must own the file. */
if (kauth_cred_geteuid(cred) != cur_uid)
return (EPERM);
/*
* Non-root users can't set the sticky bit on files.
* Unprivileged users can't set the sticky bit on files.
*/
if ((vp->v_type != VDIR) && (new_mode & S_ISTXT))
if ((type != VDIR) && (new_mode & S_ISTXT))
return (EFTYPE);
/*
@ -687,7 +669,6 @@ genfs_can_chmod(vnode_t *vp, kauth_cred_t cred, uid_t cur_uid,
* Common routine to check if chown() is allowed.
*
* Policy:
* - You must be root, or
* - You must own the file, and
* - You must not try to change ownership, and
* - You must be member of the new group
@ -699,21 +680,13 @@ genfs_can_chmod(vnode_t *vp, kauth_cred_t cred, uid_t cur_uid,
* Returns 0 if the change is allowed, or an error value otherwise.
*/
int
genfs_can_chown(vnode_t *vp, kauth_cred_t cred, uid_t cur_uid,
genfs_can_chown(kauth_cred_t cred, uid_t cur_uid,
gid_t cur_gid, uid_t new_uid, gid_t new_gid)
{
int error, ismember;
/*
* You can only change ownership of a file if:
* You are the superuser, or...
*/
error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
NULL);
if (!error)
return (0);
/*
* You own the file and...
*/
if (kauth_cred_geteuid(cred) == cur_uid) {
@ -748,42 +721,13 @@ genfs_can_chown(vnode_t *vp, kauth_cred_t cred, uid_t cur_uid,
return (EPERM);
}
/*
* Common routine to check if the device can be mounted.
*
* devvp - the locked vnode of the device
* cred - credentials of the invoker
* accessmode - the accessmode (VREAD, VWRITE)
*
* Returns 0 if the mount is allowed, or an error value otherwise.
*/
int
genfs_can_mount(vnode_t *devvp, mode_t accessmode, kauth_cred_t cred)
{
int error;
/* Always allow for root. */
error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL);
if (!error)
return (0);
error = VOP_ACCESS(devvp, accessmode, cred);
return (error);
}
int
genfs_can_chtimes(vnode_t *vp, u_int vaflags, uid_t owner_uid,
kauth_cred_t cred)
{
int error;
/* Must be root, or... */
error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL);
if (!error)
return (0);
/* must be owner, or... */
/* Must be owner, or... */
if (kauth_cred_geteuid(cred) == owner_uid)
return (0);
@ -799,3 +743,70 @@ genfs_can_chtimes(vnode_t *vp, u_int vaflags, uid_t owner_uid,
return (0);
}
/*
* Common routine to check if chflags() is allowed.
*
* Policy:
* - You must own the file, and
* - You must not change system flags, and
* - You must not change flags on character/block devices.
*
* cred - credentials of the invoker
* owner_uid - uid of the file-system object
* changing_sysflags - true if the invoker wants to change system flags
*/
int
genfs_can_chflags(kauth_cred_t cred, enum vtype type, uid_t owner_uid,
bool changing_sysflags)
{
/* The user must own the file. */
if (kauth_cred_geteuid(cred) != owner_uid) {
return EACCES;
}
if (changing_sysflags) {
return EPERM;
}
/*
* Unprivileged users cannot change the flags on devices, even if they
* own them.
*/
if (type == VCHR || type == VBLK) {
return EPERM;
}
return 0;
}
/*
* Common "sticky" policy.
*
* When a directory is "sticky" (as determined by the caller), this
* function may help implementing the following policy:
* - Renaming a file in it is only possible if the user owns the directory
* or the file being renamed.
* - Deleting a file from it is only possible if the user owns the
* directory or the file being deleted.
*/
int
genfs_can_sticky(kauth_cred_t cred, uid_t dir_uid, uid_t file_uid)
{
if (kauth_cred_geteuid(cred) != dir_uid &&
kauth_cred_geteuid(cred) != file_uid)
return EPERM;
return 0;
}
int
genfs_can_extattr(kauth_cred_t cred, int access_mode, vnode_t *vp,
const char *attr)
{
/* We can't allow privileged namespaces. */
if (strncasecmp(attr, "system", 6) == 0)
return EPERM;
return VOP_ACCESS(vp, access_mode, cred);
}

30
sys/miscfs/kernfs/kernfs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: kernfs_vnops.c,v 1.144 2011/12/12 19:11:22 njoly Exp $ */
/* $NetBSD: kernfs_vnops.c,v 1.145 2012/03/13 18:40:57 elad Exp $ */
/*
* Copyright (c) 1992, 1993
@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: kernfs_vnops.c,v 1.144 2011/12/12 19:11:22 njoly Exp $");
__KERNEL_RCSID(0, "$NetBSD: kernfs_vnops.c,v 1.145 2012/03/13 18:40:57 elad Exp $");
#ifdef _KERNEL_OPT
#include "opt_ipsec.h"
@ -762,21 +762,6 @@ kernfs_close(void *v)
return (0);
}
static int
kernfs_check_possible(struct vnode *vp, mode_t mode)
{
return 0;
}
static int
kernfs_check_permitted(struct vattr *va, mode_t mode, kauth_cred_t cred)
{
return genfs_can_access(va->va_type, va->va_mode, va->va_uid, va->va_gid,
mode, cred);
}
int
kernfs_access(void *v)
{
@ -791,13 +776,10 @@ kernfs_access(void *v)
if ((error = VOP_GETATTR(ap->a_vp, &va, ap->a_cred)) != 0)
return (error);
error = kernfs_check_possible(ap->a_vp, ap->a_mode);
if (error)
return error;
error = kernfs_check_permitted(&va, ap->a_mode, ap->a_cred);
return error;
return kauth_authorize_vnode(ap->a_cred,
kauth_access_action(ap->a_mode, ap->a_vp->v_type, va.va_mode),
ap->a_vp, NULL, genfs_can_access(va.va_type, va.va_mode,
va.va_uid, va.va_gid, ap->a_mode, ap->a_cred));
}
static int

30
sys/miscfs/procfs/procfs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: procfs_vnops.c,v 1.182 2011/09/04 17:32:10 jmcneill Exp $ */
/* $NetBSD: procfs_vnops.c,v 1.183 2012/03/13 18:40:58 elad Exp $ */
/*-
* Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc.
@ -105,7 +105,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: procfs_vnops.c,v 1.182 2011/09/04 17:32:10 jmcneill Exp $");
__KERNEL_RCSID(0, "$NetBSD: procfs_vnops.c,v 1.183 2012/03/13 18:40:58 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -914,21 +914,6 @@ procfs_setattr(void *v)
return (0);
}
static int
procfs_check_possible(struct vnode *vp, mode_t mode)
{
return 0;
}
static int
procfs_check_permitted(struct vattr *va, mode_t mode, kauth_cred_t cred)
{
return genfs_can_access(va->va_type, va->va_mode,
va->va_uid, va->va_gid, mode, cred);
}
/*
* implement access checking.
*
@ -952,13 +937,10 @@ procfs_access(void *v)
if ((error = VOP_GETATTR(ap->a_vp, &va, ap->a_cred)) != 0)
return (error);
error = procfs_check_possible(ap->a_vp, ap->a_mode);
if (error)
return error;
error = procfs_check_permitted(&va, ap->a_mode, ap->a_cred);
return error;
return kauth_authorize_vnode(ap->a_cred,
kauth_access_action(ap->a_mode, ap->a_vp->v_type, va.va_mode),
ap->a_vp, NULL, genfs_can_access(va.va_type, va.va_mode,
va.va_uid, va.va_gid, ap->a_mode, ap->a_cred));
}
/*

9
sys/miscfs/umapfs/umap_vfsops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: umap_vfsops.c,v 1.86 2010/11/19 06:44:46 dholland Exp $ */
/* $NetBSD: umap_vfsops.c,v 1.87 2012/03/13 18:40:58 elad Exp $ */
/*
* Copyright (c) 1992, 1993
@ -41,7 +41,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: umap_vfsops.c,v 1.86 2010/11/19 06:44:46 dholland Exp $");
__KERNEL_RCSID(0, "$NetBSD: umap_vfsops.c,v 1.87 2012/03/13 18:40:58 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -96,8 +96,9 @@ umapfs_mount(struct mount *mp, const char *path, void *data, size_t *data_len)
}
/* only for root */
if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
NULL)) != 0)
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_UMAP, NULL, NULL, NULL);
if (error)
return error;
#ifdef UMAPFS_DIAGNOSTIC

12
sys/net/if_bridge.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: if_bridge.c,v 1.74 2011/11/19 22:51:25 tls Exp $ */
/* $NetBSD: if_bridge.c,v 1.75 2012/03/13 18:40:58 elad Exp $ */
/*
* Copyright 2001 Wasabi Systems, Inc.
@ -80,7 +80,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.74 2011/11/19 22:51:25 tls Exp $");
__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.75 2012/03/13 18:40:58 elad Exp $");
#ifdef _KERNEL_OPT
#include "opt_bridge_ipf.h"
@ -463,8 +463,12 @@ bridge_ioctl(struct ifnet *ifp, u_long cmd, void *data)
if ((bc->bc_flags & BC_F_SUSER) == 0)
break;
error = kauth_authorize_generic(l->l_cred,
KAUTH_GENERIC_ISSUSER, NULL);
error = kauth_authorize_network(l->l_cred,
KAUTH_NETWORK_INTERFACE_BRIDGE,
cmd == SIOCGDRVSPEC ?
KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV :
KAUTH_REQ_NETWORK_INTERFACE_SETPRIV,
ifd, NULL, NULL);
if (error)
return (error);

10
sys/net/npf/npf.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: npf.c,v 1.9 2012/03/11 18:27:59 rmind Exp $ */
/* $NetBSD: npf.c,v 1.10 2012/03/13 18:40:59 elad Exp $ */
/*-
* Copyright (c) 2009-2010 The NetBSD Foundation, Inc.
@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.9 2012/03/11 18:27:59 rmind Exp $");
__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.10 2012/03/13 18:40:59 elad Exp $");
#include <sys/param.h>
#include <sys/types.h>
@ -180,7 +180,8 @@ npf_dev_open(dev_t dev, int flag, int mode, lwp_t *l)
{
/* Available only for super-user. */
if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, NULL)) {
if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_FIREWALL,
KAUTH_REQ_NETWORK_FIREWALL_FW, NULL, NULL, NULL)) {
return EPERM;
}
return 0;
@ -199,7 +200,8 @@ npf_dev_ioctl(dev_t dev, u_long cmd, void *data, int flag, lwp_t *l)
int error;
/* Available only for super-user. */
if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER, NULL)) {
if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_FIREWALL,
KAUTH_REQ_NETWORK_FIREWALL_FW, NULL, NULL, NULL)) {
return EPERM;
}

10
sys/netinet6/in6.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: in6.c,v 1.159 2011/11/19 22:51:26 tls Exp $ */
/* $NetBSD: in6.c,v 1.160 2012/03/13 18:40:59 elad Exp $ */
/* $KAME: in6.c,v 1.198 2001/07/18 09:12:38 itojun Exp $ */
/*
@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.159 2011/11/19 22:51:26 tls Exp $");
__KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.160 2012/03/13 18:40:59 elad Exp $");
#include "opt_inet.h"
#include "opt_pfil_hooks.h"
@ -800,8 +800,10 @@ in6_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
case OSIOCAIFADDR_IN6:
#endif
case SIOCAIFADDR_IN6:
if (l == NULL || kauth_authorize_generic(l->l_cred,
KAUTH_GENERIC_ISSUSER, NULL))
if (kauth_authorize_network(l->l_cred,
KAUTH_NETWORK_SOCKET,
KAUTH_REQ_NETWORK_SOCKET_SETPRIV,
so, NULL, NULL))
return EPERM;
break;
}

37
sys/netinet6/ip6_output.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip6_output.c,v 1.145 2012/02/05 00:41:15 rmind Exp $ */
/* $NetBSD: ip6_output.c,v 1.146 2012/03/13 18:40:59 elad Exp $ */
/* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */
/*
@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.145 2012/02/05 00:41:15 rmind Exp $");
__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.146 2012/03/13 18:40:59 elad Exp $");
#include "opt_inet.h"
#include "opt_inet6.h"
@ -1492,8 +1492,9 @@ ip6_ctloutput(int op, struct socket *so, struct sockopt *sopt)
case IPV6_RECVHOPOPTS:
case IPV6_RECVDSTOPTS:
case IPV6_RECVRTHDRDSTOPTS:
error = kauth_authorize_generic(kauth_cred_get(),
KAUTH_GENERIC_ISSUSER, NULL);
error = kauth_authorize_network(kauth_cred_get(),
KAUTH_NETWORK_IPV6, KAUTH_REQ_NETWORK_IPV6_HOPBYHOP,
NULL, NULL, NULL);
if (error)
break;
/* FALLTHROUGH */
@ -1731,16 +1732,20 @@ else \
* See comments for IPV6_RECVHOPOPTS.
*/
error =
kauth_authorize_generic(kauth_cred_get(),
KAUTH_GENERIC_ISSUSER, NULL);
kauth_authorize_network(kauth_cred_get(),
KAUTH_NETWORK_IPV6,
KAUTH_REQ_NETWORK_IPV6_HOPBYHOP, NULL,
NULL, NULL);
if (error)
return (error);
OPTSET2292(IN6P_HOPOPTS);
break;
case IPV6_2292DSTOPTS:
error =
kauth_authorize_generic(kauth_cred_get(),
KAUTH_GENERIC_ISSUSER, NULL);
kauth_authorize_network(kauth_cred_get(),
KAUTH_NETWORK_IPV6,
KAUTH_REQ_NETWORK_IPV6_HOPBYHOP, NULL,
NULL, NULL);
if (error)
return (error);
OPTSET2292(IN6P_DSTOPTS|IN6P_RTHDRDSTOPTS); /* XXX */
@ -2507,8 +2512,8 @@ ip6_setmoptions(const struct sockopt *sopt, struct ip6_moptions **im6op)
* all multicast addresses. Only super user is allowed
* to do this.
*/
if (kauth_authorize_generic(l->l_cred,
KAUTH_GENERIC_ISSUSER, NULL))
if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_IPV6,
KAUTH_REQ_NETWORK_IPV6_JOIN_MULTICAST, NULL, NULL, NULL))
{
error = EACCES;
break;
@ -2982,8 +2987,8 @@ ip6_setpktopt(int optname, u_char *buf, int len, struct ip6_pktopts *opt,
case IPV6_2292NEXTHOP:
#endif
case IPV6_NEXTHOP:
error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
NULL);
error = kauth_authorize_network(cred, KAUTH_NETWORK_IPV6,
KAUTH_REQ_NETWORK_IPV6_HOPBYHOP, NULL, NULL, NULL);
if (error)
return (error);
@ -3040,8 +3045,8 @@ ip6_setpktopt(int optname, u_char *buf, int len, struct ip6_pktopts *opt,
* options, since per-option restriction has too much
* overhead.
*/
error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
NULL);
error = kauth_authorize_network(cred, KAUTH_NETWORK_IPV6,
KAUTH_REQ_NETWORK_IPV6_HOPBYHOP, NULL, NULL, NULL);
if (error)
return (error);
@ -3078,8 +3083,8 @@ ip6_setpktopt(int optname, u_char *buf, int len, struct ip6_pktopts *opt,
int destlen;
/* XXX: see the comment for IPV6_HOPOPTS */
error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
NULL);
error = kauth_authorize_network(cred, KAUTH_NETWORK_IPV6,
KAUTH_REQ_NETWORK_IPV6_HOPBYHOP, NULL, NULL, NULL);
if (error)
return (error);

8
sys/netinet6/ipsec.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ipsec.c,v 1.144 2011/12/19 11:59:58 drochner Exp $ */
/* $NetBSD: ipsec.c,v 1.145 2012/03/13 18:41:00 elad Exp $ */
/* $KAME: ipsec.c,v 1.136 2002/05/19 00:36:39 itojun Exp $ */
/*
@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.144 2011/12/19 11:59:58 drochner Exp $");
__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.145 2012/03/13 18:41:00 elad Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@ -1392,8 +1392,8 @@ ipsec_set_policy(struct secpolicy **spp, int optname, void *request,
/* check privileged socket */
if (xpl->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
NULL);
error = kauth_authorize_network(cred, KAUTH_NETWORK_IPSEC,
KAUTH_REQ_NETWORK_IPSEC_BYPASS, NULL, NULL, NULL);
if (error)
return (error);
}

8
sys/netipsec/ipsec.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ipsec.c,v 1.55 2011/06/09 19:54:18 drochner Exp $ */
/* $NetBSD: ipsec.c,v 1.56 2012/03/13 18:41:00 elad Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.55 2011/06/09 19:54:18 drochner Exp $");
__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.56 2012/03/13 18:41:00 elad Exp $");
/*
* IPsec controller part.
@ -1308,8 +1308,8 @@ ipsec_set_policy(
/* check privileged socket */
if (xpl->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
NULL);
error = kauth_authorize_network(cred, KAUTH_NETWORK_IPSEC,
KAUTH_REQ_NETWORK_IPSEC_BYPASS, NULL, NULL, NULL);
if (error)
return (error);
}

175
sys/netsmb/smb_conn.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: smb_conn.c,v 1.27 2010/12/17 13:05:29 pooka Exp $ */
/* $NetBSD: smb_conn.c,v 1.28 2012/03/13 18:41:01 elad Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: smb_conn.c,v 1.27 2010/12/17 13:05:29 pooka Exp $");
__KERNEL_RCSID(0, "$NetBSD: smb_conn.c,v 1.28 2012/03/13 18:41:01 elad Exp $");
/*
* Connection engine.
@ -87,7 +87,7 @@ __KERNEL_RCSID(0, "$NetBSD: smb_conn.c,v 1.27 2010/12/17 13:05:29 pooka Exp $");
static struct smb_connobj smb_vclist;
static int smb_vcnext = 1; /* next unique id for VC */
static kauth_listener_t smb_listener;
MALLOC_DEFINE(M_SMBCONN, "SMB conn", "SMB connection");
@ -100,6 +100,106 @@ static void smb_vc_gone(struct smb_connobj *cp, struct smb_cred *scred);
static smb_co_free_t smb_share_free;
static smb_co_gone_t smb_share_gone;
static int
smb_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
void *arg0, void *arg1, void *arg2, void *arg3)
{
int result, ismember = 0;
enum kauth_network_req req;
if (action != KAUTH_NETWORK_SMB)
return KAUTH_RESULT_DEFER;
result = KAUTH_RESULT_DEFER;
req = (enum kauth_network_req)arg0;
switch (req) {
case KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS: {
struct smb_share *ssp = arg1;
mode_t mode = (mode_t)(uintptr_t)arg2;
/* Owner can access. */
if (kauth_cred_geteuid(cred) == ssp->ss_uid) {
result = KAUTH_RESULT_ALLOW;
break;
}
/* Try group permissions if member or other if not. */
mode >>= 3;
if (kauth_cred_ismember_gid(cred, ssp->ss_grp, &ismember) != 0 ||
!ismember)
mode >>= 3;
if ((ssp->ss_mode & mode) == mode)
result = KAUTH_RESULT_ALLOW;
break;
}
case KAUTH_REQ_NETWORK_SMB_SHARE_CREATE: {
struct smb_sharespec *shspec = arg1;
/*
* Only superuser can create shares with different uid and gid
*/
if (shspec->owner != SMBM_ANY_OWNER &&
shspec->owner != kauth_cred_geteuid(cred))
break;
if (shspec->group != SMBM_ANY_GROUP &&
(kauth_cred_ismember_gid(cred, shspec->group, &ismember) != 0 || !ismember))
break;
result = KAUTH_RESULT_ALLOW;
break;
}
case KAUTH_REQ_NETWORK_SMB_VC_ACCESS: {
struct smb_vc *vcp = arg1;
mode_t mode = (mode_t)(uintptr_t)arg2;
/* Owner can access. */
if (kauth_cred_geteuid(cred) == vcp->vc_uid) {
result = KAUTH_RESULT_ALLOW;
break;
}
/* Try group permissions if member or other if not. */
mode >>= 3;
if (kauth_cred_ismember_gid(cred, vcp->vc_grp, &ismember) != 0 ||
!ismember)
mode >>= 3;
if ((vcp->vc_mode & mode) == mode)
result = KAUTH_RESULT_ALLOW;
break;
}
case KAUTH_REQ_NETWORK_SMB_VC_CREATE: {
struct smb_vcspec *vcspec = arg1;
/*
* Only superuser can create VCs with different uid and gid
*/
if (vcspec->owner != SMBM_ANY_OWNER &&
vcspec->owner != kauth_cred_geteuid(cred))
break;
if (vcspec->group != SMBM_ANY_GROUP &&
(kauth_cred_ismember_gid(cred, vcspec->group, &ismember) != 0 || !ismember))
break;
result = KAUTH_RESULT_ALLOW;
break;
}
default:
break;
}
return result;
}
int
smb_sm_init(void)
@ -109,6 +209,8 @@ smb_sm_init(void)
mutex_enter(&smb_vclist.co_interlock);
smb_co_unlock(&smb_vclist);
mutex_exit(&smb_vclist.co_interlock);
smb_listener = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
smb_listener_cb, NULL);
return 0;
}
@ -122,6 +224,7 @@ smb_sm_done(void)
panic("%d connections still active", smb_vclist.co_usecount - 1);
#endif
smb_co_done(&smb_vclist);
kauth_unlisten_scope(smb_listener);
return 0;
}
@ -418,20 +521,14 @@ smb_vc_create(struct smb_vcspec *vcspec,
gid_t gid = vcspec->group;
uid_t realuid;
char *domain = vcspec->domain;
int error, isroot, ismember = 0;
int error;
error = kauth_authorize_network(cred, KAUTH_NETWORK_SMB,
KAUTH_REQ_NETWORK_SMB_VC_CREATE, vcspec, NULL, NULL);
if (error)
return EPERM;
realuid = kauth_cred_geteuid(cred);
isroot = (smb_suser(cred) == 0);
/*
* Only superuser can create VCs with different uid and gid
*/
if (uid != SMBM_ANY_OWNER && uid != realuid && !isroot)
return EPERM;
if (gid != SMBM_ANY_GROUP &&
(kauth_cred_ismember_gid(cred, gid, &ismember) != 0 || !ismember) &&
!isroot)
return EPERM;
vcp = smb_zmalloc(sizeof(*vcp), M_SMBCONN, M_WAITOK);
smb_co_init(VCTOCP(vcp), SMBL_VC, "smb_vc");
@ -599,15 +696,14 @@ int
smb_vc_access(struct smb_vc *vcp, struct smb_cred *scred, mode_t mode)
{
kauth_cred_t cred = scred->scr_cred;
int ismember = 0;
int error;
if (smb_suser(cred) == 0 || kauth_cred_geteuid(cred) == vcp->vc_uid)
return 0;
mode >>= 3;
if (kauth_cred_ismember_gid(cred, vcp->vc_grp, &ismember) != 0 ||
!ismember)
mode >>= 3;
return (vcp->vc_mode & mode) == mode ? 0 : EACCES;
error = kauth_authorize_network(cred, KAUTH_NETWORK_SMB,
KAUTH_REQ_NETWORK_SMB_VC_ACCESS, vcp, KAUTH_ARG(mode), NULL);
if (error)
return EACCES;
return 0;
}
static int
@ -728,19 +824,15 @@ smb_share_create(struct smb_vc *vcp, struct smb_sharespec *shspec,
uid_t realuid;
uid_t uid = shspec->owner;
gid_t gid = shspec->group;
int error, isroot, ismember = 0;
int error;
error = kauth_authorize_network(cred, KAUTH_NETWORK_SMB,
KAUTH_REQ_NETWORK_SMB_SHARE_CREATE, shspec, NULL, NULL);
if (error)
return EPERM;
realuid = kauth_cred_geteuid(cred);
isroot = smb_suser(cred) == 0;
/*
* Only superuser can create shares with different uid and gid
*/
if (uid != SMBM_ANY_OWNER && uid != realuid && !isroot)
return EPERM;
if (gid != SMBM_ANY_GROUP &&
(kauth_cred_ismember_gid(cred, gid, &ismember) != 0 || !ismember) &&
!isroot)
return EPERM;
error = smb_vc_lookupshare(vcp, shspec, scred, &ssp);
if (!error) {
smb_share_put(ssp, scred);
@ -846,15 +938,14 @@ int
smb_share_access(struct smb_share *ssp, struct smb_cred *scred, mode_t mode)
{
kauth_cred_t cred = scred->scr_cred;
int ismember = 0;
int error;
if (smb_suser(cred) == 0 || kauth_cred_geteuid(cred) == ssp->ss_uid)
return 0;
mode >>= 3;
if (kauth_cred_ismember_gid(cred, ssp->ss_grp, &ismember) != 0 ||
!ismember)
mode >>= 3;
return (ssp->ss_mode & mode) == mode ? 0 : EACCES;
error = kauth_authorize_network(cred, KAUTH_NETWORK_SMB,
KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS, ssp, KAUTH_ARG(mode), NULL);
if (error)
return EACCES;
return 0;
}
int

3
sys/netsmb/smb_subr.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: smb_subr.h,v 1.20 2010/12/17 13:05:29 pooka Exp $ */
/* $NetBSD: smb_subr.h,v 1.21 2012/03/13 18:41:01 elad Exp $ */
/*
* Copyright (c) 2000-2001, Boris Popov
@ -71,6 +71,7 @@ void m_dumpm(struct mbuf *m);
SIGISMEMBER(set, SIGHUP) || SIGISMEMBER(set, SIGKILL) || \
SIGISMEMBER(set, SIGQUIT))
/* smb_suser() is not used in NetBSD. */
#define smb_suser(cred) kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL)
/*

35
sys/rump/librump/rumpvfs/rumpfs.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: rumpfs.c,v 1.106 2012/01/31 19:00:03 njoly Exp $ */
/* $NetBSD: rumpfs.c,v 1.107 2012/03/13 18:41:01 elad Exp $ */
/*
* Copyright (c) 2009, 2010, 2011 Antti Kantee. All Rights Reserved.
@ -26,7 +26,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: rumpfs.c,v 1.106 2012/01/31 19:00:03 njoly Exp $");
__KERNEL_RCSID(0, "$NetBSD: rumpfs.c,v 1.107 2012/03/13 18:41:01 elad Exp $");
#include <sys/param.h>
#include <sys/atomic.h>
@ -899,7 +899,23 @@ rump_vop_setattr(void *v)
kauth_cred_t cred = ap->a_cred;
int error;
#define SETIFVAL(a,t) if (vap->a != (t)VNOVAL) rn->rn_va.a = vap->a
#define CHANGED(a, t) (vap->a != (t)VNOVAL)
#define SETIFVAL(a,t) if (CHANGED(a, t)) rn->rn_va.a = vap->a
if (CHANGED(va_atime.tv_sec, time_t) ||
CHANGED(va_ctime.tv_sec, time_t) ||
CHANGED(va_mtime.tv_sec, time_t) ||
CHANGED(va_birthtime.tv_sec, time_t) ||
CHANGED(va_atime.tv_nsec, long) ||
CHANGED(va_ctime.tv_nsec, long) ||
CHANGED(va_mtime.tv_nsec, long) ||
CHANGED(va_birthtime.tv_nsec, long)) {
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp,
NULL, genfs_can_chtimes(vp, attr->va_vaflags, attr->va_uid,
cred));
if (error)
return error;
}
SETIFVAL(va_atime.tv_sec, time_t);
SETIFVAL(va_ctime.tv_sec, time_t);
SETIFVAL(va_mtime.tv_sec, time_t);
@ -908,8 +924,17 @@ rump_vop_setattr(void *v)
SETIFVAL(va_ctime.tv_nsec, long);
SETIFVAL(va_mtime.tv_nsec, long);
SETIFVAL(va_birthtime.tv_nsec, long);
if (CHANGED(va_flags, u_long)) {
/* XXX Can we handle system flags here...? */
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_FLAGS, vp,
NULL, genfs_can_chflags(cred, vp->v_type, attr->va_uid,
false));
}
SETIFVAL(va_flags, u_long);
#undef SETIFVAL
#undef CHANGED
if (vap->va_uid != (uid_t)VNOVAL || vap->va_gid != (uid_t)VNOVAL) {
uid_t uid =
@ -918,7 +943,7 @@ rump_vop_setattr(void *v)
(vap->va_gid != (gid_t)VNOVAL) ? vap->va_gid : attr->va_gid;
error = kauth_authorize_vnode(cred,
KAUTH_VNODE_CHANGE_OWNERSHIP, vp, NULL,
genfs_can_chown(vp, cred, attr->va_uid, attr->va_gid, uid,
genfs_can_chown(cred, attr->va_uid, attr->va_gid, uid,
gid));
if (error)
return error;
@ -929,7 +954,7 @@ rump_vop_setattr(void *v)
if (vap->va_mode != (mode_t)VNOVAL) {
mode_t mode = vap->va_mode;
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY,
vp, NULL, genfs_can_chmod(vp, cred, attr->va_uid,
vp, NULL, genfs_can_chmod(vp->v_type, cred, attr->va_uid,
attr->va_gid, mode));
if (error)
return error;

32
sys/secmodel/extensions/secmodel_extensions.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: secmodel_extensions.c,v 1.2 2011/12/04 21:04:51 jym Exp $ */
/* $NetBSD: secmodel_extensions.c,v 1.3 2012/03/13 18:41:01 elad Exp $ */
/*-
* Copyright (c) 2011 Elad Efrat <elad@NetBSD.org>
* All rights reserved.
@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.2 2011/12/04 21:04:51 jym Exp $");
__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.3 2012/03/13 18:41:01 elad Exp $");
#include <sys/types.h>
#include <sys/param.h>
@ -45,7 +45,7 @@ __KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.2 2011/12/04 21:04:51 jym
MODULE(MODULE_CLASS_SECMODEL, extensions, NULL);
/* static */ int dovfsusermount;
static int dovfsusermount;
static int curtain;
static int user_set_cpu_affinity;
@ -320,10 +320,13 @@ static int
secmodel_extensions_system_cb(kauth_cred_t cred, kauth_action_t action,
void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
vnode_t *vp;
struct vattr va;
struct mount *mp;
u_long flags;
int result;
enum kauth_system_req req;
int error;
req = (enum kauth_system_req)arg0;
result = KAUTH_RESULT_DEFER;
@ -333,11 +336,28 @@ secmodel_extensions_system_cb(kauth_cred_t cred, kauth_action_t action,
switch (req) {
case KAUTH_REQ_SYSTEM_MOUNT_NEW:
mp = ((struct vnode *)arg1)->v_mount;
vp = (vnode_t *)arg1;
mp = vp->v_mount;
flags = (u_long)arg2;
if (usermount_common_policy(mp, flags) == 0)
result = KAUTH_RESULT_ALLOW;
/*
* Ensure that the user owns the directory onto which the
* mount is attempted.
*/
vn_lock(vp, LK_SHARED | LK_RETRY);
error = VOP_GETATTR(vp, &va, cred);
VOP_UNLOCK(vp);
if (error)
break;
if (va.va_uid != kauth_cred_geteuid(cred))
break;
error = usermount_common_policy(mp, flags);
if (error)
break;
result = KAUTH_RESULT_ALLOW;
break;

10
sys/secmodel/securelevel/secmodel_securelevel.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: secmodel_securelevel.c,v 1.26 2012/01/17 10:47:27 cegger Exp $ */
/* $NetBSD: secmodel_securelevel.c,v 1.27 2012/03/13 18:41:02 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
* All rights reserved.
@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.26 2012/01/17 10:47:27 cegger Exp $");
__KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.27 2012/03/13 18:41:02 elad Exp $");
#ifdef _KERNEL_OPT
#include "opt_insecure.h"
@ -259,6 +259,7 @@ secmodel_securelevel_system_cb(kauth_cred_t cred, kauth_action_t action,
switch (action) {
case KAUTH_SYSTEM_CHSYSFLAGS:
/* Deprecated. */
if (securelevel > 0)
result = KAUTH_RESULT_DENY;
break;
@ -285,6 +286,11 @@ secmodel_securelevel_system_cb(kauth_cred_t cred, kauth_action_t action,
}
break;
case KAUTH_SYSTEM_MAP_VA_ZERO:
if (securelevel > 0)
result = KAUTH_RESULT_DENY;
break;
case KAUTH_SYSTEM_MODULE:
if (securelevel > 0)
result = KAUTH_RESULT_DENY;

171
sys/secmodel/suser/secmodel_suser.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: secmodel_suser.c,v 1.38 2012/01/17 10:47:28 cegger Exp $ */
/* $NetBSD: secmodel_suser.c,v 1.39 2012/03/13 18:41:02 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
* All rights reserved.
@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.38 2012/01/17 10:47:28 cegger Exp $");
__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.39 2012/03/13 18:41:02 elad Exp $");
#include <sys/types.h>
#include <sys/param.h>
@ -259,6 +259,12 @@ secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action,
break;
case KAUTH_SYSTEM_DEVMAPPER:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
case KAUTH_SYSTEM_FS_QUOTA:
switch (req) {
case KAUTH_REQ_SYSTEM_FS_QUOTA_GET:
@ -275,19 +281,31 @@ secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action,
break;
case KAUTH_SYSTEM_MOUNT:
case KAUTH_SYSTEM_SYSVIPC:
switch (req) {
case KAUTH_REQ_SYSTEM_MOUNT_GET:
if (isroot) {
case KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS:
case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_LOCK:
case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK:
case KAUTH_REQ_SYSTEM_SYSVIPC_MSGQ_OVERSIZE:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
}
break;
default:
break;
}
break;
case KAUTH_SYSTEM_MOUNT:
switch (req) {
case KAUTH_REQ_SYSTEM_MOUNT_DEVICE:
case KAUTH_REQ_SYSTEM_MOUNT_GET:
case KAUTH_REQ_SYSTEM_MOUNT_NEW:
case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT:
case KAUTH_REQ_SYSTEM_MOUNT_UPDATE:
case KAUTH_REQ_SYSTEM_MOUNT_UMAP:
if (isroot) {
result = KAUTH_RESULT_ALLOW;
break;
@ -301,6 +319,12 @@ secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action,
break;
case KAUTH_SYSTEM_MQUEUE:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
case KAUTH_SYSTEM_PSET:
switch (req) {
case KAUTH_REQ_SYSTEM_PSET_ASSIGN:
@ -334,6 +358,12 @@ secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action,
}
break;
case KAUTH_SYSTEM_SEMAPHORE:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
case KAUTH_SYSTEM_SYSCTL:
switch (req) {
case KAUTH_REQ_SYSTEM_SYSCTL_ADD:
@ -360,6 +390,9 @@ secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action,
case KAUTH_SYSTEM_SETIDCORE:
case KAUTH_SYSTEM_MODULE:
case KAUTH_SYSTEM_FS_RESERVEDSPACE:
case KAUTH_SYSTEM_MAP_VA_ZERO:
case KAUTH_SYSTEM_FS_EXTATTR:
case KAUTH_SYSTEM_FS_SNAPSHOT:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
@ -379,16 +412,43 @@ secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action,
break;
case KAUTH_SYSTEM_CHSYSFLAGS:
/*
* Needs to be checked in conjunction with the immutable and
* append-only flags (usually). Should be handled differently.
* Infects ufs, ext2fs, tmpfs, and rump.
*/
/* Deprecated. */
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
case KAUTH_SYSTEM_VERIEXEC:
switch (req) {
case KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS:
case KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
default:
break;
}
break;
case KAUTH_SYSTEM_LFS:
switch (req) {
case KAUTH_REQ_SYSTEM_LFS_MARKV:
case KAUTH_REQ_SYSTEM_LFS_BMAPV:
case KAUTH_REQ_SYSTEM_LFS_SEGCLEAN:
case KAUTH_REQ_SYSTEM_LFS_SEGWAIT:
case KAUTH_REQ_SYSTEM_LFS_FCNTL:
if (isroot)
result = KAUTH_RESULT_ALLOW;
default:
break;
}
break;
default:
break;
}
@ -472,6 +532,7 @@ secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action,
switch (req) {
case KAUTH_REQ_PROCESS_RLIMIT_SET:
case KAUTH_REQ_PROCESS_RLIMIT_GET:
case KAUTH_REQ_PROCESS_RLIMIT_BYPASS:
if (isroot)
result = KAUTH_RESULT_ALLOW;
@ -575,6 +636,7 @@ secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action,
case KAUTH_REQ_NETWORK_INTERFACE_SET:
case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV:
case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV:
case KAUTH_REQ_NETWORK_INTERFACE_FIRMWARE:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
@ -584,6 +646,20 @@ secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action,
}
break;
case KAUTH_NETWORK_INTERFACE_BRIDGE:
switch (req) {
case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV:
case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_SETPRIV:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
default:
break;
}
break;
case KAUTH_NETWORK_INTERFACE_PPP:
switch (req) {
case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD:
@ -597,6 +673,20 @@ secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action,
break;
case KAUTH_NETWORK_INTERFACE_PVC:
switch (req) {
case KAUTH_REQ_NETWORK_INTERFACE_PVC_ADD:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
default:
break;
}
break;
case KAUTH_NETWORK_INTERFACE_SLIP:
switch (req) {
case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD:
@ -636,6 +726,21 @@ secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action,
break;
case KAUTH_NETWORK_IPV6:
switch (req) {
case KAUTH_REQ_NETWORK_IPV6_HOPBYHOP:
case KAUTH_REQ_NETWORK_IPV6_JOIN_MULTICAST:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
default:
break;
}
break;
case KAUTH_NETWORK_NFS:
switch (req) {
case KAUTH_REQ_NETWORK_NFS_EXPORT:
@ -650,6 +755,23 @@ secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action,
}
break;
case KAUTH_NETWORK_SMB:
switch (req) {
case KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS:
case KAUTH_REQ_NETWORK_SMB_SHARE_CREATE:
case KAUTH_REQ_NETWORK_SMB_VC_ACCESS:
case KAUTH_REQ_NETWORK_SMB_VC_CREATE:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
default:
break;
}
break;
case KAUTH_NETWORK_SOCKET:
switch (req) {
case KAUTH_REQ_NETWORK_SOCKET_DROP:
@ -674,6 +796,19 @@ secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action,
break;
case KAUTH_NETWORK_IPSEC:
switch (req) {
case KAUTH_REQ_NETWORK_IPSEC_BYPASS:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
default:
break;
}
break;
default:
break;
@ -711,6 +846,7 @@ secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action,
case KAUTH_MACHDEP_MTRR_SET:
case KAUTH_MACHDEP_NVRAM:
case KAUTH_MACHDEP_UNMANAGEDMEM:
case KAUTH_MACHDEP_PXG:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
@ -746,10 +882,13 @@ secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action,
case KAUTH_DEVICE_TTY_OPEN:
case KAUTH_DEVICE_TTY_PRIVSET:
case KAUTH_DEVICE_TTY_STI:
case KAUTH_DEVICE_TTY_VIRTUAL:
case KAUTH_DEVICE_RND_ADDDATA:
case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE:
case KAUTH_DEVICE_RND_GETPRIV:
case KAUTH_DEVICE_RND_SETPRIV:
case KAUTH_DEVICE_WSCONS_KEYBOARD_BELL:
case KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
@ -799,8 +938,12 @@ secmodel_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action,
isroot = suser_isroot(cred);
result = KAUTH_RESULT_DEFER;
if (isroot)
result = KAUTH_RESULT_ALLOW;
if (isroot) {
/* Superuser can execute only if the file's executable. */
if ((action & KAUTH_VNODE_EXECUTE) == 0 ||
(action & KAUTH_VNODE_IS_EXEC))
result = KAUTH_RESULT_ALLOW;
}
return (result);
}

5
sys/sys/extattr.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: extattr.h,v 1.8 2011/09/27 01:40:32 christos Exp $ */
/* $NetBSD: extattr.h,v 1.9 2012/03/13 18:41:02 elad Exp $ */
/*-
* Copyright (c) 1999-2001 Robert N. M. Watson
@ -60,8 +60,7 @@
#define EXTATTR_MAXNAMELEN KERNEL_NAME_MAX
struct lwp;
struct vnode;
int extattr_check_cred(struct vnode *, int, kauth_cred_t,
struct lwp *, int);
int extattr_check_cred(struct vnode *, const char *, kauth_cred_t, int);
#else

4
sys/sys/ipc.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: ipc.h,v 1.32 2011/02/08 20:20:27 rmind Exp $ */
/* $NetBSD: ipc.h,v 1.33 2012/03/13 18:41:02 elad Exp $ */
/*
* Copyright (c) 1988 University of Utah.
@ -113,6 +113,8 @@ struct ipc_perm_sysctl {
struct kauth_cred;
int ipcperm(struct kauth_cred *, struct ipc_perm *, int);
void sysvipcinit(void);
/*
* sysctl helper routine for kern.ipc.sysvipc_info subtree.
*/

77
sys/sys/kauth.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: kauth.h,v 1.68 2012/01/17 10:47:26 cegger Exp $ */
/* $NetBSD: kauth.h,v 1.69 2012/03/13 18:41:02 elad Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
@ -36,6 +36,7 @@
#define _SYS_KAUTH_H_
#include <secmodel/secmodel.h> /* for secmodel_t type */
#include <sys/stat.h> /* for modes */
struct uucred;
struct ki_ucred;
@ -43,6 +44,7 @@ struct ki_pcred;
struct proc;
struct tty;
struct vnode;
enum vtype;
/* Types. */
typedef struct kauth_scope *kauth_scope_t;
@ -100,6 +102,15 @@ enum {
KAUTH_SYSTEM_MODULE,
KAUTH_SYSTEM_FS_RESERVEDSPACE,
KAUTH_SYSTEM_FS_QUOTA,
KAUTH_SYSTEM_SEMAPHORE,
KAUTH_SYSTEM_SYSVIPC,
KAUTH_SYSTEM_MQUEUE,
KAUTH_SYSTEM_VERIEXEC,
KAUTH_SYSTEM_DEVMAPPER,
KAUTH_SYSTEM_MAP_VA_ZERO,
KAUTH_SYSTEM_LFS,
KAUTH_SYSTEM_FS_EXTATTR,
KAUTH_SYSTEM_FS_SNAPSHOT,
};
/*
@ -132,7 +143,20 @@ enum kauth_system_req {
KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE,
KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT,
KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF,
};
KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS,
KAUTH_REQ_SYSTEM_SYSVIPC_SHM_LOCK,
KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK,
KAUTH_REQ_SYSTEM_SYSVIPC_MSGQ_OVERSIZE,
KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS,
KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY,
KAUTH_REQ_SYSTEM_LFS_MARKV,
KAUTH_REQ_SYSTEM_LFS_BMAPV,
KAUTH_REQ_SYSTEM_LFS_SEGCLEAN,
KAUTH_REQ_SYSTEM_LFS_SEGWAIT,
KAUTH_REQ_SYSTEM_LFS_FCNTL,
KAUTH_REQ_SYSTEM_MOUNT_UMAP,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE,
};
/*
* Process scope - actions.
@ -172,7 +196,8 @@ enum kauth_process_req {
KAUTH_REQ_PROCESS_PROCFS_RW,
KAUTH_REQ_PROCESS_PROCFS_WRITE,
KAUTH_REQ_PROCESS_RLIMIT_GET,
KAUTH_REQ_PROCESS_RLIMIT_SET
KAUTH_REQ_PROCESS_RLIMIT_SET,
KAUTH_REQ_PROCESS_RLIMIT_BYPASS,
};
/*
@ -191,6 +216,11 @@ enum {
KAUTH_NETWORK_INTERFACE_SLIP,
KAUTH_NETWORK_INTERFACE_STRIP,
KAUTH_NETWORK_INTERFACE_TUN,
KAUTH_NETWORK_INTERFACE_BRIDGE,
KAUTH_NETWORK_IPSEC,
KAUTH_NETWORK_INTERFACE_PVC,
KAUTH_NETWORK_IPV6,
KAUTH_NETWORK_SMB,
};
/*
@ -228,6 +258,17 @@ enum kauth_network_req {
KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD,
KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD,
KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD,
KAUTH_REQ_NETWORK_IPV6_HOPBYHOP,
KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV,
KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_SETPRIV,
KAUTH_REQ_NETWORK_IPSEC_BYPASS,
KAUTH_REQ_NETWORK_IPV6_JOIN_MULTICAST,
KAUTH_REQ_NETWORK_INTERFACE_PVC_ADD,
KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS,
KAUTH_REQ_NETWORK_SMB_SHARE_CREATE,
KAUTH_REQ_NETWORK_SMB_VC_ACCESS,
KAUTH_REQ_NETWORK_SMB_VC_CREATE,
KAUTH_REQ_NETWORK_INTERFACE_FIRMWARE,
};
/*
@ -244,7 +285,8 @@ enum {
KAUTH_MACHDEP_MTRR_GET,
KAUTH_MACHDEP_MTRR_SET,
KAUTH_MACHDEP_NVRAM,
KAUTH_MACHDEP_UNMANAGEDMEM
KAUTH_MACHDEP_UNMANAGEDMEM,
KAUTH_MACHDEP_PXG,
};
/*
@ -265,7 +307,10 @@ enum {
KAUTH_DEVICE_BLUETOOTH_BTUART,
KAUTH_DEVICE_GPIO_PINSET,
KAUTH_DEVICE_BLUETOOTH_SEND,
KAUTH_DEVICE_BLUETOOTH_RECV
KAUTH_DEVICE_BLUETOOTH_RECV,
KAUTH_DEVICE_TTY_VIRTUAL,
KAUTH_DEVICE_WSCONS_KEYBOARD_BELL,
KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT,
};
/*
@ -315,7 +360,11 @@ enum {
#define KAUTH_VNODE_WRITE_ATTRIBUTES (1U << 16)
#define KAUTH_VNODE_READ_EXTATTRIBUTES (1U << 17)
#define KAUTH_VNODE_WRITE_EXTATTRIBUTES (1U << 18)
#define KAUTH_VNODE_RETAIN_SUID (1U << 19)
#define KAUTH_VNODE_RETAIN_SGID (1U << 20)
#define KAUTH_VNODE_REVOKE (1U << 21)
#define KAUTH_VNODE_IS_EXEC (1U << 29)
#define KAUTH_VNODE_HAS_SYSFLAGS (1U << 30)
#define KAUTH_VNODE_ACCESS (1U << 31)
@ -341,6 +390,20 @@ enum {
/* Macro to help passing arguments to authorization wrappers. */
#define KAUTH_ARG(arg) ((void *)(unsigned long)(arg))
/*
* A file-system object is determined to be able to execute if it's a
* directory or if the execute bit is present in any of the
* owner/group/other modes.
*
* This helper macro is intended to be used in order to implement a
* policy that maintains the semantics of "a privileged user can enter
* directory, and can execute any file, but only if the file is actually
* executable."
*/
#define FS_OBJECT_CAN_EXEC(vtype, mode) (((vtype) == VDIR) || \
((mode) & \
(S_IXUSR|S_IXGRP|S_IXOTH)))
/*
* Prototypes.
*/
@ -417,7 +480,9 @@ int kauth_cred_uucmp(kauth_cred_t, const struct uucred *);
void kauth_cred_toucred(kauth_cred_t, struct ki_ucred *);
void kauth_cred_topcred(kauth_cred_t, struct ki_pcred *);
kauth_action_t kauth_mode_to_action(mode_t mode);
kauth_action_t kauth_mode_to_action(mode_t);
kauth_action_t kauth_access_action(mode_t, enum vtype, mode_t);
kauth_action_t kauth_extattr_action(mode_t);
kauth_cred_t kauth_cred_get(void);

4
sys/sys/vfs_syscalls.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: vfs_syscalls.h,v 1.17 2012/02/01 05:39:28 dholland Exp $ */
/* $NetBSD: vfs_syscalls.h,v 1.18 2012/03/13 18:41:02 elad Exp $ */
/*
* Copyright (c) 2007, 2008, 2009 The NetBSD Foundation, Inc.
@ -36,8 +36,6 @@ struct stat;
struct statvfs;
struct quotactl_args;
extern int dovfsusermount;
/*
* syscall helpers for compat code.
*/

46
sys/ufs/chfs/chfs_subr.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: chfs_subr.c,v 1.2 2011/11/24 21:09:37 agc Exp $ */
/* $NetBSD: chfs_subr.c,v 1.3 2012/03/13 18:41:03 elad Exp $ */
/*-
* Copyright (c) 2010 Department of Software Engineering,
@ -56,6 +56,7 @@
#include <uvm/uvm.h>
#include <miscfs/specfs/specdev.h>
#include <miscfs/genfs/genfs.h>
#include "chfs.h"
//#include <fs/chfs/chfs_vnops.h>
//#include </root/xipffs/netbsd.chfs/chfs.h>
@ -396,6 +397,8 @@ chfs_chflags(struct vnode *vp, int flags, kauth_cred_t cred)
struct chfs_mount *chmp;
struct chfs_inode *ip;
int error = 0;
kauth_action_t action = KAUTH_VNODE_WRITE_FLAGS;
bool changing_sysflags = false;
ip = VTOI(vp);
chmp = ip->chmp;
@ -403,32 +406,29 @@ chfs_chflags(struct vnode *vp, int flags, kauth_cred_t cred)
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return EROFS;
if (kauth_cred_geteuid(cred) != ip->uid &&
(error = kauth_authorize_generic(cred,
KAUTH_GENERIC_ISSUSER, NULL)))
if ((flags & SF_SNAPSHOT) != (ip->flags & SF_SNAPSHOT))
return EPERM;
/* Indicate we're changing system flags if we are. */
if ((ip->flags & SF_SETTABLE) != (flags & SF_SETTABLE) ||
(flags & UF_SETTABLE) != flags) {
action |= KAUTH_VNODE_WRITE_SYSFLAGS;
changing_sysflags = true;
}
/* Indicate the node has system flags if it does. */
if (ip->flags & (SF_IMMUTABLE | SF_APPEND)) {
action |= KAUTH_VNODE_HAS_SYSFLAGS;
}
error = kauth_authorize_vnode(cred, action, vp, NULL,
genfs_can_chflags(cred, vp->v_type, ip->uid, changing_sysflags));
if (error)
return error;
if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
NULL) == 0) {
if ((ip->flags & (SF_IMMUTABLE | SF_APPEND)) &&
kauth_authorize_system(curlwp->l_cred,
KAUTH_SYSTEM_CHSYSFLAGS, 0, NULL, NULL, NULL))
return EPERM;
if ((flags & SF_SNAPSHOT) !=
(ip->flags & SF_SNAPSHOT))
return EPERM;
if (changing_sysflags) {
ip->flags = flags;
} else {
if ((ip->flags & (SF_IMMUTABLE | SF_APPEND)) ||
(flags & UF_SETTABLE) != flags)
return EPERM;
if ((ip->flags & SF_SETTABLE) !=
(flags & SF_SETTABLE))
return EPERM;
ip->flags &= SF_SETTABLE;
ip->flags |= (flags & UF_SETTABLE);
}

19
sys/ufs/chfs/chfs_vnode.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: chfs_vnode.c,v 1.2 2011/11/24 21:09:37 agc Exp $ */
/* $NetBSD: chfs_vnode.c,v 1.3 2012/03/13 18:41:03 elad Exp $ */
/*-
* Copyright (c) 2010 Department of Software Engineering,
@ -40,6 +40,8 @@
#include <sys/uio.h>
#include <sys/buf.h>
#include <miscfs/genfs/genfs.h>
struct vnode *
chfs_vnode_lookup(struct chfs_mount *chmp, ino_t vno)
{
@ -191,7 +193,7 @@ chfs_makeinode(int mode, struct vnode *dvp, struct vnode **vpp,
struct ufsmount* ump = VFSTOUFS(dvp->v_mount);
struct chfs_mount* chmp = ump->um_chfs;
struct chfs_vnode_cache* chvc;
int error, ismember = 0;
int error;
ino_t vno;
struct chfs_dirent *nfd;//, *fd;
@ -239,10 +241,15 @@ chfs_makeinode(int mode, struct vnode *dvp, struct vnode **vpp,
ip->mode = mode;
vp->v_type = type; /* Rest init'd in getnewvnode(). */
if ((ip->mode & ISGID) && (kauth_cred_ismember_gid(cnp->cn_cred,
ip->gid, &ismember) != 0 || !ismember) &&
kauth_authorize_generic(cnp->cn_cred, KAUTH_GENERIC_ISSUSER, NULL))
ip->mode &= ~ISGID;
/* Authorize setting SGID if needed. */
if (ip->mode & ISGID) {
error = kauth_authorize_vnode(cnp->cn_cred, KAUTH_VNODE_WRITE_SECURITY,
vp, NULL, genfs_can_chmod(vp->v_type, cnp->cn_cred, ip->uid,
ip->gid, mode));
if (error)
ip->mode &= ~ISGID;
}
chfs_update(vp, NULL, NULL, UPDATE_WAIT);

33
sys/ufs/chfs/chfs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: chfs_vnops.c,v 1.2 2011/11/24 21:09:37 agc Exp $ */
/* $NetBSD: chfs_vnops.c,v 1.3 2012/03/13 18:41:03 elad Exp $ */
/*-
* Copyright (c) 2010 Department of Software Engineering,
@ -390,8 +390,9 @@ chfs_access(void *v)
if (mode & VWRITE && ip->flags & IMMUTABLE)
return (EPERM);
return genfs_can_access(vp->v_type, ip->mode & ALLPERMS,
ip->uid, ip->gid, mode, cred);
return kauth_authorize_vnode(cred, kauth_access_action(mode, vp->v_type,
ip->mode & ALLPERMS), vp, NULL, genfs_can_access(vp->v_type,
ip->mode & ALLPERMS, ip->uid, ip->gid, mode, cred));
}
/* --------------------------------------------------------------------- */
@ -485,7 +486,8 @@ chfs_setattr(void *v)
#endif
if (vap->va_atime.tv_sec != VNOVAL || vap->va_mtime.tv_sec != VNOVAL) {
error = genfs_can_chtimes(vp, vap->va_vaflags, ip->uid, cred);
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp,
NULL, genfs_can_chtimes(vp, vap->va_vaflags, ip->uid, cred));
if (error)
return error;
if (vap->va_atime.tv_sec != VNOVAL)
@ -512,7 +514,8 @@ chfs_chmod(struct vnode *vp, int mode, kauth_cred_t cred)
int error;
dbg("chmod\n");
error = genfs_can_chmod(vp, cred, ip->uid, ip->gid, mode);
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY, vp,
NULL, genfs_can_chmod(vp->v_type, cred, ip->uid, ip->gid, mode));
if (error)
return error;
ip->mode &= ~ALLPERMS;
@ -538,7 +541,8 @@ chfs_chown(struct vnode *vp, uid_t uid, gid_t gid, kauth_cred_t cred)
if (gid == (gid_t)VNOVAL)
gid = ip->gid;
error = genfs_can_chown(vp, cred, ip->uid, ip->gid, uid, gid);
error = kauth_authorize_vnode(cred, KAUTH_VNODE_CHANGE_OWNERSHIP, vp,
NULL, genfs_can_chown(cred, ip->uid, ip->gid, uid, gid));
if (error)
return error;
@ -963,9 +967,20 @@ out:
PGO_CLEANIT | PGO_SYNCIO | PGO_JOURNALLOCKED);
}
ip->iflag |= IN_CHANGE | IN_UPDATE;
if (resid > uio->uio_resid && ap->a_cred &&
kauth_authorize_generic(ap->a_cred, KAUTH_GENERIC_ISSUSER, NULL)) {
ip->mode &= ~(ISUID | ISGID);
if (resid > uio->uio_resid && ap->a_cred) {
if (ip->mode & ISUID) {
error = kauth_authorize_vnode(ap->a_cred, KAUTH_VNODE_RETAIN_SUID, vp,
NULL, EPERM);
if (error)
ip->mode &= ~ISUID;
}
if (ip->mode & ISGID) {
error = kauth_authorize_vnode(ap->a_cred, KAUTH_VNODE_RETAIN_SGID, vp,
NULL, EPERM);
if (error)
ip->mode &= ~ISGID;
}
}
if (resid > uio->uio_resid)
VN_KNOTE(vp, NOTE_WRITE | (extended ? NOTE_EXTEND : 0));

42
sys/ufs/ext2fs/ext2fs_lookup.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ext2fs_lookup.c,v 1.67 2012/01/27 19:22:48 para Exp $ */
/* $NetBSD: ext2fs_lookup.c,v 1.68 2012/03/13 18:41:03 elad Exp $ */
/*
* Modified for NetBSD 1.2E
@ -48,7 +48,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ext2fs_lookup.c,v 1.67 2012/01/27 19:22:48 para Exp $");
__KERNEL_RCSID(0, "$NetBSD: ext2fs_lookup.c,v 1.68 2012/03/13 18:41:03 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -71,6 +71,8 @@ __KERNEL_RCSID(0, "$NetBSD: ext2fs_lookup.c,v 1.67 2012/01/27 19:22:48 para Exp
#include <ufs/ext2fs/ext2fs_dir.h>
#include <ufs/ext2fs/ext2fs.h>
#include <miscfs/genfs/genfs.h>
extern int dirchk;
static void ext2fs_dirconv2ffs(struct ext2fs_direct *e2dir,
@ -574,11 +576,6 @@ found:
* Lock the inode, being careful with ".".
*/
if (nameiop == DELETE && (flags & ISLASTCN)) {
/*
* Write access to directory required to delete files.
*/
if ((error = VOP_ACCESS(vdp, VWRITE, cred)) != 0)
return (error);
/*
* Return pointer to current entry in results->ulr_offset,
* and distance past previous entry (if there
@ -589,11 +586,6 @@ found:
results->ulr_count = 0;
else
results->ulr_count = results->ulr_offset - prevoff;
if (dp->i_number == foundino) {
vref(vdp);
*vpp = vdp;
return (0);
}
if (flags & ISDOTDOT)
VOP_UNLOCK(vdp); /* race to get the inode */
error = VFS_VGET(vdp->v_mount, foundino, &tdp);
@ -601,18 +593,32 @@ found:
vn_lock(vdp, LK_EXCLUSIVE | LK_RETRY);
if (error)
return (error);
/*
* Write access to directory required to delete files.
*/
if ((error = VOP_ACCESS(vdp, VWRITE, cred)) != 0) {
vput(tdp);
return (error);
}
/*
* If directory is "sticky", then user must own
* the directory, or the file in it, else she
* may not delete it (unless she's root). This
* implements append-only directories.
*/
if ((dp->i_e2fs_mode & ISVTX) &&
kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) &&
kauth_cred_geteuid(cred) != dp->i_uid &&
VTOI(tdp)->i_uid != kauth_cred_geteuid(cred)) {
vput(tdp);
return (EPERM);
if (dp->i_e2fs_mode & ISVTX) {
error = kauth_authorize_vnode(cred, KAUTH_VNODE_DELETE,
tdp, vdp, genfs_can_sticky(cred, dp->i_uid,
VTOI(tdp)->i_uid));
if (error) {
vput(tdp);
return (EPERM);
}
}
if (dp->i_number == foundino) {
vref(vdp);
*vpp = vdp;
return (0);
}
*vpp = tdp;
return (0);

22
sys/ufs/ext2fs/ext2fs_readwrite.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ext2fs_readwrite.c,v 1.58 2011/11/18 21:18:51 christos Exp $ */
/* $NetBSD: ext2fs_readwrite.c,v 1.59 2012/03/13 18:41:03 elad Exp $ */
/*-
* Copyright (c) 1993
@ -60,7 +60,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ext2fs_readwrite.c,v 1.58 2011/11/18 21:18:51 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: ext2fs_readwrite.c,v 1.59 2012/03/13 18:41:03 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -376,9 +376,21 @@ out:
ip->i_flag |= IN_CHANGE | IN_UPDATE;
if (vp->v_mount->mnt_flag & MNT_RELATIME)
ip->i_flag |= IN_ACCESS;
if (resid > uio->uio_resid && ap->a_cred &&
kauth_authorize_generic(ap->a_cred, KAUTH_GENERIC_ISSUSER, NULL))
ip->i_e2fs_mode &= ~(ISUID | ISGID);
if (resid > uio->uio_resid && ap->a_cred) {
if (ip->i_e2fs_mode & ISUID) {
error = kauth_authorize_vnode(ap->a_cred, KAUTH_VNODE_RETAIN_SUID, vp,
NULL, EPERM);
if (error)
ip->i_e2fs_mode &= ISUID;
}
if (ip->i_e2fs_mode & ISGID) {
error = kauth_authorize_vnode(ap->a_cred, KAUTH_VNODE_RETAIN_SGID, vp,
NULL, EPERM);
if (error)
ip->i_e2fs_mode &= ~ISGID;
}
}
if (resid > uio->uio_resid)
VN_KNOTE(vp, NOTE_WRITE | (extended ? NOTE_EXTEND : 0));
if (error) {

8
sys/ufs/ext2fs/ext2fs_vfsops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ext2fs_vfsops.c,v 1.162 2011/11/14 18:35:14 hannken Exp $ */
/* $NetBSD: ext2fs_vfsops.c,v 1.163 2012/03/13 18:41:04 elad Exp $ */
/*
* Copyright (c) 1989, 1991, 1993, 1994
@ -60,7 +60,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ext2fs_vfsops.c,v 1.162 2011/11/14 18:35:14 hannken Exp $");
__KERNEL_RCSID(0, "$NetBSD: ext2fs_vfsops.c,v 1.163 2012/03/13 18:41:04 elad Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@ -390,7 +390,9 @@ ext2fs_mount(struct mount *mp, const char *path, void *data, size_t *data_len)
(mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
error = genfs_can_mount(devvp, accessmode, l->l_cred);
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp,
KAUTH_ARG(accessmode));
VOP_UNLOCK(devvp);
}

111
sys/ufs/ext2fs/ext2fs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ext2fs_vnops.c,v 1.101 2011/11/18 21:18:51 christos Exp $ */
/* $NetBSD: ext2fs_vnops.c,v 1.102 2012/03/13 18:41:04 elad Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1993
@ -65,7 +65,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.101 2011/11/18 21:18:51 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.102 2012/03/13 18:41:04 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -253,8 +253,9 @@ ext2fs_check_permitted(struct vnode *vp, struct inode *ip, mode_t mode,
kauth_cred_t cred)
{
return genfs_can_access(vp->v_type, ip->i_e2fs_mode & ALLPERMS,
ip->i_uid, ip->i_gid, mode, cred);
return kauth_authorize_vnode(cred, kauth_access_action(mode, vp->v_type,
ip->i_e2fs_mode & ALLPERMS), vp, NULL, genfs_can_access(vp->v_type,
ip->i_e2fs_mode & ALLPERMS, ip->i_uid, ip->i_gid, mode, cred));
}
int
@ -348,6 +349,8 @@ ext2fs_setattr(void *v)
kauth_cred_t cred = ap->a_cred;
struct lwp *l = curlwp;
int error;
kauth_action_t action = KAUTH_VNODE_WRITE_FLAGS;
bool changing_sysflags = false;
/*
* Check for unsettable attributes.
@ -361,24 +364,38 @@ ext2fs_setattr(void *v)
if (vap->va_flags != VNOVAL) {
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
if (kauth_cred_geteuid(cred) != ip->i_uid &&
(error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
NULL)))
return (error);
/*
* Check if we're allowed to change the flags.
* If EXT2FS_SYSTEM_FLAGS is set, then the flags are treated
* as system flags, otherwise they're considered to be user
* flags.
*/
#ifdef EXT2FS_SYSTEM_FLAGS
if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
NULL) == 0) {
if ((ip->i_e2fs_flags &
(EXT2_APPEND | EXT2_IMMUTABLE)) &&
kauth_authorize_system(l->l_cred,
KAUTH_SYSTEM_CHSYSFLAGS, 0, NULL, NULL, NULL))
return (EPERM);
ip->i_e2fs_flags &= ~(EXT2_APPEND | EXT2_IMMUTABLE);
ip->i_e2fs_flags |=
(vap->va_flags & SF_APPEND) ? EXT2_APPEND : 0 |
(vap->va_flags & SF_IMMUTABLE) ? EXT2_IMMUTABLE : 0;
} else
return (EPERM);
/* Indicate we're changing system flags if we are. */
if ((vap->va_flags & SF_APPEND) ||
(vap->va_flags & SF_IMMUTABLE)) {
action |= KAUTH_VNODE_WRITE_SYSFLAGS;
changing_sysflags = true;
}
/* Indicate the node has system flags if it does. */
if (ip->i_e2fs_flags & (EXT2_APPEND | EXT2_IMMUTABLE)) {
action |= KAUTH_VNODE_HAS_SYSFLAGS;
}
#endif /* EXT2FS_SYSTEM_FLAGS */
error = kauth_authorize_vnode(cred, action, vp, NULL,
genfs_can_chflags(cred, vp->v_type, ip->i_uid,
changing_sysflags));
if (error)
return (error);
#ifdef EXT2FS_SYSTEM_FLAGS
ip->i_e2fs_flags &= ~(EXT2_APPEND | EXT2_IMMUTABLE);
ip->i_e2fs_flags |=
(vap->va_flags & SF_APPEND) ? EXT2_APPEND : 0 |
(vap->va_flags & SF_IMMUTABLE) ? EXT2_IMMUTABLE : 0;
#else
ip->i_e2fs_flags &= ~(EXT2_APPEND | EXT2_IMMUTABLE);
ip->i_e2fs_flags |=
@ -425,7 +442,9 @@ ext2fs_setattr(void *v)
if (vap->va_atime.tv_sec != VNOVAL || vap->va_mtime.tv_sec != VNOVAL) {
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return (EROFS);
error = genfs_can_chtimes(vp, vap->va_vaflags, ip->i_uid, cred);
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp,
NULL, genfs_can_chtimes(vp, vap->va_vaflags, ip->i_uid,
cred));
if (error)
return (error);
if (vap->va_atime.tv_sec != VNOVAL)
@ -461,7 +480,9 @@ ext2fs_chmod(struct vnode *vp, int mode, kauth_cred_t cred, struct lwp *l)
struct inode *ip = VTOI(vp);
int error;
error = genfs_can_chmod(vp, cred, ip->i_uid, ip->i_gid, mode);
error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY, vp,
NULL, genfs_can_chmod(vp->v_type, cred, ip->i_uid, ip->i_gid,
mode));
if (error)
return (error);
@ -489,7 +510,8 @@ ext2fs_chown(struct vnode *vp, uid_t uid, gid_t gid, kauth_cred_t cred,
if (gid == (gid_t)VNOVAL)
gid = ip->i_gid;
error = genfs_can_chown(vp, cred, ip->i_uid, ip->i_gid, uid, gid);
error = kauth_authorize_vnode(cred, KAUTH_VNODE_CHANGE_OWNERSHIP, vp,
NULL, genfs_can_chown(cred, ip->i_uid, ip->i_gid, uid, gid));
if (error)
return (error);
@ -509,11 +531,13 @@ ext2fs_chown(struct vnode *vp, uid_t uid, gid_t gid, kauth_cred_t cred,
ext2fs_set_inode_guid(ip);
ip->i_flag |= IN_CHANGE;
}
if (ouid != uid && kauth_authorize_generic(cred,
KAUTH_GENERIC_ISSUSER, NULL) != 0)
if (ouid != uid && (ip->i_e2fs_mode & ISUID) &&
kauth_authorize_vnode(cred, KAUTH_VNODE_RETAIN_SUID,
vp, NULL, EPERM) != 0)
ip->i_e2fs_mode &= ~ISUID;
if (ogid != gid && kauth_authorize_generic(cred,
KAUTH_GENERIC_ISSUSER, NULL) != 0)
if (ogid != gid && (ip->i_e2fs_mode & ISGID) &&
kauth_authorize_vnode(cred, KAUTH_VNODE_RETAIN_SGID,
vp, NULL, EPERM) != 0)
ip->i_e2fs_mode &= ~ISGID;
return (0);
}
@ -868,13 +892,15 @@ abortit:
* otherwise the destination may not be changed (except by
* root). This implements append-only directories.
*/
if ((dp->i_e2fs_mode & S_ISTXT) &&
kauth_authorize_generic(tcnp->cn_cred,
KAUTH_GENERIC_ISSUSER, NULL) != 0 &&
kauth_cred_geteuid(tcnp->cn_cred) != dp->i_uid &&
xp->i_uid != kauth_cred_geteuid(tcnp->cn_cred)) {
error = EPERM;
goto bad;
if (dp->i_e2fs_mode & S_ISTXT) {
error = kauth_authorize_vnode(tcnp->cn_cred,
KAUTH_VNODE_DELETE, tvp, tdvp,
genfs_can_sticky(tcnp->cn_cred, dp->i_uid,
xp->i_uid));
if (error) {
error = EPERM;
goto bad;
}
}
/*
* Target must be empty if a directory and have no links
@ -1426,7 +1452,7 @@ ext2fs_makeinode(int mode, struct vnode *dvp, struct vnode **vpp,
{
struct inode *ip, *pdir;
struct vnode *tvp;
int error, ismember = 0;
int error;
struct ufs_lookup_results *ulr;
pdir = VTOI(dvp);
@ -1459,10 +1485,15 @@ ext2fs_makeinode(int mode, struct vnode *dvp, struct vnode **vpp,
ip->i_e2fs_mode = mode;
tvp->v_type = IFTOVT(mode); /* Rest init'd in getnewvnode(). */
ip->i_e2fs_nlink = 1;
if ((ip->i_e2fs_mode & ISGID) && (kauth_cred_ismember_gid(cnp->cn_cred,
ip->i_gid, &ismember) != 0 || !ismember) &&
kauth_authorize_generic(cnp->cn_cred, KAUTH_GENERIC_ISSUSER, NULL))
ip->i_e2fs_mode &= ~ISGID;
/* Authorize setting SGID if needed. */
if (ip->i_e2fs_mode & ISGID) {
error = kauth_authorize_vnode(cnp->cn_cred, KAUTH_VNODE_WRITE_SECURITY,
tvp, NULL, genfs_can_chmod(tvp->v_type, cnp->cn_cred, ip->i_uid,
ip->i_gid, mode));
if (error)
ip->i_e2fs_mode &= ~ISGID;
}
/*
* Make sure inode goes to disk before directory entry.

10
sys/ufs/ffs/ffs_snapshot.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ffs_snapshot.c,v 1.118 2011/10/07 09:35:06 hannken Exp $ */
/* $NetBSD: ffs_snapshot.c,v 1.119 2012/03/13 18:41:13 elad Exp $ */
/*
* Copyright 2000 Marshall Kirk McKusick. All Rights Reserved.
@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ffs_snapshot.c,v 1.118 2011/10/07 09:35:06 hannken Exp $");
__KERNEL_RCSID(0, "$NetBSD: ffs_snapshot.c,v 1.119 2012/03/13 18:41:13 elad Exp $");
#if defined(_KERNEL_OPT)
#include "opt_ffs.h"
@ -424,9 +424,9 @@ snapshot_setup(struct mount *mp, struct vnode *vp)
return EXDEV;
if (vp->v_usecount != 1 || vp->v_writecount != 0)
return EBUSY;
if (kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
NULL) != 0 &&
VTOI(vp)->i_uid != kauth_cred_geteuid(l->l_cred))
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_SNAPSHOT,
0, mp, vp, NULL);
if (error)
return EACCES;
if (vp->v_size != 0) {

33
sys/ufs/ffs/ffs_vfsops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ffs_vfsops.c,v 1.275 2012/01/29 00:58:14 nonaka Exp $ */
/* $NetBSD: ffs_vfsops.c,v 1.276 2012/03/13 18:41:13 elad Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ffs_vfsops.c,v 1.275 2012/01/29 00:58:14 nonaka Exp $");
__KERNEL_RCSID(0, "$NetBSD: ffs_vfsops.c,v 1.276 2012/03/13 18:41:13 elad Exp $");
#if defined(_KERNEL_OPT)
#include "opt_ffs.h"
@ -115,6 +115,8 @@ static int ffs_vfs_fsync(vnode_t *, int);
static struct sysctllog *ffs_sysctl_log;
static kauth_listener_t ffs_snapshot_listener;
/* how many times ffs_init() was called */
int ffs_initcount = 0;
@ -174,6 +176,22 @@ static const struct ufs_ops ffs_ufsops = {
.uo_unmark_vnode = (void (*)(vnode_t *))nullop,
};
static int
ffs_snapshot_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
void *arg0, void *arg1, void *arg2, void *arg3)
{
vnode_t *vp = arg2;
int result = KAUTH_RESULT_DEFER;;
if (action != KAUTH_SYSTEM_FS_SNAPSHOT)
return result;
if (VTOI(vp)->i_uid == kauth_cred_geteuid(cred))
result = KAUTH_RESULT_ALLOW;
return result;
}
static int
ffs_modcmd(modcmd_t cmd, void *arg)
{
@ -247,12 +265,19 @@ ffs_modcmd(modcmd_t cmd, void *arg)
#endif /* UFS_EXTATTR */
ffs_snapshot_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
ffs_snapshot_cb, NULL);
if (ffs_snapshot_listener == NULL)
printf("ffs_modcmd: can't listen on system scope.\n");
break;
case MODULE_CMD_FINI:
error = vfs_detach(&ffs_vfsops);
if (error != 0)
break;
sysctl_teardown(&ffs_sysctl_log);
if (ffs_snapshot_listener != NULL)
kauth_unlisten_scope(ffs_snapshot_listener);
break;
default:
error = ENOTTY;
@ -404,7 +429,9 @@ ffs_mount(struct mount *mp, const char *path, void *data, size_t *data_len)
(mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
error = genfs_can_mount(devvp, accessmode, l->l_cred);
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp,
KAUTH_ARG(accessmode));
VOP_UNLOCK(devvp);
}

34
sys/ufs/lfs/lfs_syscalls.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: lfs_syscalls.c,v 1.141 2012/01/15 04:42:04 perseant Exp $ */
/* $NetBSD: lfs_syscalls.c,v 1.142 2012/03/13 18:41:13 elad Exp $ */
/*-
* Copyright (c) 1999, 2000, 2001, 2002, 2003, 2007, 2007, 2008
@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: lfs_syscalls.c,v 1.141 2012/01/15 04:42:04 perseant Exp $");
__KERNEL_RCSID(0, "$NetBSD: lfs_syscalls.c,v 1.142 2012/03/13 18:41:13 elad Exp $");
#ifndef LFS
# define LFS /* for prototypes in syscallargs.h */
@ -117,8 +117,9 @@ sys_lfs_markv(struct lwp *l, const struct sys_lfs_markv_args *uap, register_t *r
struct lfs *fs;
struct mount *mntp;
if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
NULL)) != 0)
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
KAUTH_REQ_SYSTEM_LFS_MARKV, NULL, NULL, NULL);
if (error)
return (error);
if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
@ -162,8 +163,9 @@ sys_lfs_markv(struct lwp *l, const struct sys_lfs_markv_args *uap, register_t *r
struct lfs *fs;
struct mount *mntp;
if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
NULL)) != 0)
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
KAUTH_REQ_SYSTEM_LFS_MARKV, NULL, NULL, NULL);
if (error)
return (error);
if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
@ -564,8 +566,9 @@ sys_lfs_bmapv(struct lwp *l, const struct sys_lfs_bmapv_args *uap, register_t *r
struct lfs *fs;
struct mount *mntp;
if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
NULL)) != 0)
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
KAUTH_REQ_SYSTEM_LFS_BMAPV, NULL, NULL, NULL);
if (error)
return (error);
if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
@ -608,8 +611,9 @@ sys_lfs_bmapv(struct lwp *l, const struct sys_lfs_bmapv_args *uap, register_t *r
struct lfs *fs;
struct mount *mntp;
if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
NULL)) != 0)
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
KAUTH_REQ_SYSTEM_LFS_BMAPV, NULL, NULL, NULL);
if (error)
return (error);
if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
@ -854,8 +858,9 @@ sys_lfs_segclean(struct lwp *l, const struct sys_lfs_segclean_args *uap, registe
int error;
unsigned long segnum;
if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
NULL)) != 0)
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
KAUTH_REQ_SYSTEM_LFS_SEGCLEAN, NULL, NULL, NULL);
if (error)
return (error);
if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
@ -998,8 +1003,9 @@ sys___lfs_segwait50(struct lwp *l, const struct sys___lfs_segwait50_args *uap,
int error;
/* XXX need we be su to segwait? */
if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
NULL)) != 0)
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
KAUTH_REQ_SYSTEM_LFS_SEGWAIT, NULL, NULL, NULL);
if (error)
return (error);
if ((error = copyin(SCARG(uap, fsidp), &fsid, sizeof(fsid_t))) != 0)
return (error);

8
sys/ufs/lfs/lfs_vfsops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: lfs_vfsops.c,v 1.294 2012/02/16 02:47:55 perseant Exp $ */
/* $NetBSD: lfs_vfsops.c,v 1.295 2012/03/13 18:41:13 elad Exp $ */
/*-
* Copyright (c) 1999, 2000, 2001, 2002, 2003, 2007, 2007
@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: lfs_vfsops.c,v 1.294 2012/02/16 02:47:55 perseant Exp $");
__KERNEL_RCSID(0, "$NetBSD: lfs_vfsops.c,v 1.295 2012/03/13 18:41:13 elad Exp $");
#if defined(_KERNEL_OPT)
#include "opt_lfs.h"
@ -722,7 +722,9 @@ lfs_mount(struct mount *mp, const char *path, void *data, size_t *data_len)
(mp->mnt_flag & MNT_RDONLY) == 0)
accessmode |= VWRITE;
vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY);
error = genfs_can_mount(devvp, accessmode, l->l_cred);
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_MOUNT,
KAUTH_REQ_SYSTEM_MOUNT_DEVICE, mp, devvp,
KAUTH_ARG(accessmode));
VOP_UNLOCK(devvp);
}

22
sys/ufs/lfs/lfs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: lfs_vnops.c,v 1.240 2012/02/16 02:47:55 perseant Exp $ */
/* $NetBSD: lfs_vnops.c,v 1.241 2012/03/13 18:41:14 elad Exp $ */
/*-
* Copyright (c) 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc.
@ -60,7 +60,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: lfs_vnops.c,v 1.240 2012/02/16 02:47:55 perseant Exp $");
__KERNEL_RCSID(0, "$NetBSD: lfs_vnops.c,v 1.241 2012/03/13 18:41:14 elad Exp $");
#ifdef _KERNEL_OPT
#include "opt_compat_netbsd.h"
@ -1396,13 +1396,13 @@ lfs_rename(void *v)
* otherwise the destination may not be changed (except by
* root). This implements append-only directories.
*/
if ((tdp->i_mode & S_ISTXT) &&
kauth_authorize_generic(tcnp->cn_cred,
KAUTH_GENERIC_ISSUSER, NULL) != 0 &&
kauth_cred_geteuid(tcnp->cn_cred) != tdp->i_uid &&
txp->i_uid != kauth_cred_geteuid(tcnp->cn_cred)) {
error = EPERM;
goto bad;
if (tdp->i_mode & S_ISTXT) {
error = kauth_authorize_vnode(tcnp->cn_cred,
KAUTH_VNODE_DELETE, tvp, tdvp,
genfs_can_sticky(tcnp->cn_cred, tdp->i_uid,
txp->i_uid));
if (error)
goto bad;
}
/*
* Target must be empty if a directory and have no links
@ -2294,8 +2294,8 @@ lfs_fcntl(void *v)
/* LFS control and monitoring fcntls are available only to root */
l = curlwp;
if (((ap->a_command & 0xff00) >> 8) == 'L' &&
(error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
NULL)) != 0)
(error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_LFS,
KAUTH_REQ_SYSTEM_LFS_FCNTL, NULL, NULL, NULL)) != 0)
return (error);
fs = VTOI(ap->a_vp)->i_lfs;

Some files were not shown because too many files have changed in this diff Show More