Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-3]: src/sys Pull up revision 1.8 (requested by elad in ticket #389):
details: https://anonhg.NetBSD.org/src/rev/16b9d7657243
branches: netbsd-3
changeset: 576132:16b9d7657243
user: tron <tron%NetBSD.org@localhost>
date: Fri Jun 10 15:10:10 2005 +0000
description:
Pull up revision 1.8 (requested by elad in ticket #389):
Some changes in veriexec.
New features:
- Add a veriexec_report() routine to make most reporting consistent and
remove some common code.
- Add 'strict' mode that controls how veriexec behaves.
- Add sysctl knobs:
o kern.veriexec.verbose controls verbosity levels. Value: 0, 1.
o kern.veriexec.strict controls strict level. Values: 0, 1, 2. See
documentation in sysctl(3) for details.
o kern.veriexec.algorithms returns a string with a space separated
list of supported hashing algorithms in veriexec.
- Updated documentation in man pages for sysctl(3) and sysctl(8).
Bug fixes:
- veriexec_removechk(): Code cleanup + handle FINGERPRINT_NOTEVAL
correctly.
- exec_script(): Don't pass 0 as flag when executing a script; use the
defined VERIEXEC_INDIRECT - which is 1. Makes indirect execution
enforcement work.
- Fix some printing formats and types..
diffstat:
sys/dev/verified_exec.c | 456 +++++++++++++++++++++++++++--------------------
sys/sys/verified_exec.h | 196 ++++++++++++++-----
2 files changed, 405 insertions(+), 247 deletions(-)
diffs (truncated from 771 to 300 lines):
diff -r e6196c1bd75a -r 16b9d7657243 sys/dev/verified_exec.c
--- a/sys/dev/verified_exec.c Fri Jun 10 15:10:03 2005 +0000
+++ b/sys/dev/verified_exec.c Fri Jun 10 15:10:10 2005 +0000
@@ -1,256 +1,330 @@
-/* $NetBSD: verified_exec.c,v 1.5.2.1 2005/06/10 14:37:56 tron Exp $ */
+/* $NetBSD: verified_exec.c,v 1.5.2.2 2005/06/10 15:10:10 tron Exp $ */
/*-
- * Copyright (c) 1998-1999 Brett Lymn
- * (blymn%baea.com.au@localhost, brett_lymn%yahoo.com.au@localhost)
- * All rights reserved.
+ * Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
+ * Copyright 2005 Brett Lymn <blymn%netbsd.org@localhost>
*
- * This code has been donated to The NetBSD Foundation by the Author.
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Brett Lymn and Elad Efrat
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- * 2. The name of the author may not be used to endorse or promote products
- * derived from this software withough specific prior written permission
+ * 2. Neither the name of The NetBSD Foundation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
*
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.5.2.1 2005/06/10 14:37:56 tron Exp $");
+#if defined(__NetBSD__)
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.5.2.2 2005/06/10 15:10:10 tron Exp $");
+#else
+__RCSID("$Id: verified_exec.c,v 1.5.2.2 2005/06/10 15:10:10 tron Exp $\n$NetBSD: verified_exec.c,v 1.5.2.2 2005/06/10 15:10:10 tron Exp $");
+#endif
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
#include <sys/errno.h>
-#include <sys/verified_exec.h>
#include <sys/buf.h>
#include <sys/malloc.h>
+
+#ifdef __FreeBSD__
+#include <sys/kernel.h>
+#include <sys/device_port.h>
+#include <sys/ioccom.h>
+#else
#include <sys/ioctl.h>
#include <sys/device.h>
+#define DEVPORT_DEVICE struct device
+#endif
+
#include <sys/conf.h>
#include <sys/lock.h>
#include <sys/queue.h>
#include <sys/vnode.h>
#include <sys/fcntl.h>
#include <sys/namei.h>
+#include <sys/verified_exec.h>
-struct verified_exec_softc {
- struct device veriexec_dev;
+/* count of number of times device is open (we really only allow one open) */
+static unsigned veriexec_dev_usage;
+
+struct veriexec_softc {
+ DEVPORT_DEVICE veriexec_dev;
};
-const struct cdevsw verifiedexec_cdevsw = {
- verifiedexecopen, verifiedexecclose, noread, nowrite,
- verifiedexecioctl, nostop, notty, nopoll, nommap, nokqfilter,
-};
+#if defined(__FreeBSD__)
+# define CDEV_MAJOR 216
+# define BDEV_MAJOR -1
+#endif
-/* internal structures */
-LIST_HEAD(veriexec_devhead, veriexec_dev_list) veriexec_dev_head;
-/*LIST_HEAD(veriexec_file_devhead, veriexec_dev_list) veriexec_file_dev_head;*/
-struct veriexec_devhead veriexec_file_dev_head;
+const struct cdevsw veriexec_cdevsw = {
+ veriexecopen,
+ veriexecclose,
+ noread,
+ nowrite,
+ veriexecioctl,
+#ifdef __NetBSD__
+ nostop,
+ notty,
+#endif
+ nopoll,
+ nommap,
+#if defined(__NetBSD__)
+ nokqfilter,
+#elif defined(__FreeBSD__)
+ nostrategy,
+ "veriexec",
+ CDEV_MAJOR,
+ nodump,
+ nopsize,
+ 0, /* flags */
+ BDEV_MAJOR
+#endif
+};
/* Autoconfiguration glue */
-void verifiedexecattach(struct device *parent, struct device *self,
- void *aux);
-int verifiedexecopen(dev_t dev, int flags, int fmt, struct proc *p);
-int verifiedexecclose(dev_t dev, int flags, int fmt, struct proc *p);
-int verifiedexecioctl(dev_t dev, u_long cmd, caddr_t data, int flags,
- struct proc *p);
-void add_veriexec_inode(struct veriexec_dev_list *list, unsigned long inode,
- unsigned char fingerprint[MAXFINGERPRINTLEN],
- unsigned char type, unsigned char fp_type);
-struct veriexec_dev_list *find_veriexec_dev(unsigned long dev,
- struct veriexec_devhead *head);
+void veriexecattach(DEVPORT_DEVICE *parent, DEVPORT_DEVICE *self,
+ void *aux);
+int veriexecopen(dev_t dev, int flags, int fmt, struct proc *p);
+int veriexecclose(dev_t dev, int flags, int fmt, struct proc *p);
+int veriexecioctl(dev_t dev, u_long cmd, caddr_t data, int flags,
+ struct proc *p);
-/*
- * Attach for autoconfig to find. Initialise the lists and return...
- */
void
-verifiedexecattach(struct device *parent, struct device *self, void *aux)
+veriexecattach(DEVPORT_DEVICE *parent, DEVPORT_DEVICE *self,
+ void *aux)
{
- LIST_INIT(&veriexec_dev_head);
- LIST_INIT(&veriexec_file_dev_head);
+ veriexec_dev_usage = 0;
+ veriexec_dprintf(("Veriexec: veriexecattach: Veriexec pseudo-device "
+ "attached.\n"));
}
int
-verifiedexecopen(dev_t dev, int flags, int fmt, struct proc *p)
+veriexecopen(dev_t dev __unused, int flags __unused,
+ int fmt __unused, struct proc *p __unused)
{
- return 0;
+#ifdef VERIFIED_EXEC_DEBUG_VERBOSE
+ printf("Veriexec: veriexecopen: Veriexec load device open attempt by "
+ "uid=%u, pid=%u. (dev=%d)\n", p->p_ucred->cr_uid,
+ p->p_pid, dev);
+#endif
+
+ if (veriexec_dev_usage > 0) {
+ veriexec_dprintf(("Veriexec: load device already in use\n"));
+ return(EBUSY);
+ }
+
+ veriexec_dev_usage++;
+ return (0);
+}
+
+int
+veriexecclose(dev_t dev __unused, int flags __unused,
+ int fmt __unused, struct proc *p __unused)
+{
+ if (veriexec_dev_usage > 0)
+ veriexec_dev_usage--;
+ return (0);
}
int
-verifiedexecclose(dev_t dev, int flags, int fmt, struct proc *p)
+veriexecioctl(dev_t dev __unused, u_long cmd, caddr_t data,
+ int flags __unused, struct proc *p)
{
-#ifdef VERIFIED_EXEC_DEBUG_VERBOSE
- struct veriexec_dev_list *lp;
- struct veriexec_inode_list *ip;
+ struct veriexec_hashtbl *tbl;
+ struct nameidata nid;
+ struct vattr va;
+ int error = 0;
+ u_long hashmask;
- printf("Loaded exec fingerprint list is:\n");
- for (lp = LIST_FIRST(&veriexec_dev_head); lp != NULL;
- lp = LIST_NEXT(lp, entries)) {
- for (ip = LIST_FIRST(&(lp->inode_head)); ip != NULL;
- ip = LIST_NEXT(ip, entries)) {
- printf("Got loaded fingerprint for dev %lu, inode %lu\n",
- lp->id, ip->inode);
- }
- }
+ /*
+ * Don't allow updates in multi-user mode, but we will allow
+ * queries of supported fingerprints.
+ *
+ */
+ if ((securelevel >= 1) && (cmd != VERIEXEC_FINGERPRINTS)) {
+ printf("Veriexec: veriexecioctl: Securelevel raised, loading"
+ "fingerprints is not permitted\n");
- printf("\n\nLoaded file fingerprint list is:\n");
- for (lp = LIST_FIRST(&veriexec_file_dev_head); lp != NULL;
- lp = LIST_NEXT(lp, entries)) {
- for (ip = LIST_FIRST(&(lp->inode_head)); ip != NULL;
- ip = LIST_NEXT(ip, entries)) {
- printf("Got loaded fingerprint for dev %lu, inode %lu\n",
- lp->id, ip->inode);
- }
+ return (EPERM);
}
-#endif
- return 0;
-}
+
+ switch (cmd) {
+ case VERIEXEC_TABLESIZE: {
+ struct veriexec_sizing_params *params =
+ (struct veriexec_sizing_params *) data;
-/*
- * Search the list of devices looking for the one given. If it is not
- * in the list then add it.
- */
-struct veriexec_dev_list *
-find_veriexec_dev(unsigned long dev, struct veriexec_devhead *head)
-{
- struct veriexec_dev_list *lp;
+ /* Allocate and initialize a Veriexec hash table. */
+ tbl = malloc(sizeof(struct veriexec_hashtbl), M_TEMP,
+ M_WAITOK);
+ tbl->hash_size = params->hash_size;
+ tbl->hash_dev = params->dev;
+ tbl->hash_tbl = hashinit(params->hash_size, HASH_LIST, M_TEMP,
+ M_WAITOK, &hashmask);
+
+ LIST_INSERT_HEAD(&veriexec_tables, tbl, hash_list);
- for (lp = LIST_FIRST(head); lp != NULL;
- lp = LIST_NEXT(lp, entries))
- if (lp->id == dev) break;
+ break;
+ }
- if (lp == NULL) {
- /* if pointer is null then entry not there, add a new one */
- MALLOC(lp, struct veriexec_dev_list *,
- sizeof(struct veriexec_dev_list), M_TEMP, M_WAITOK);
- LIST_INIT(&(lp->inode_head));
- lp->id = dev;
- LIST_INSERT_HEAD(head, lp, entries);
- }
-
- return lp;
-}
+ case VERIEXEC_LOAD: {
+ struct veriexec_params *params =
+ (struct veriexec_params *) data;
+ struct veriexec_hash_entry *hh;
+ struct veriexec_hash_entry *e;
-/*
- * Add a file's inode and fingerprint to the list of inodes attached
- * to the device id. Only add the entry if it is not already on the
- * list.
- */
-void
-add_veriexec_inode(struct veriexec_dev_list *list, unsigned long inode,
- unsigned char fingerprint[MAXFINGERPRINTLEN],
- unsigned char type, unsigned char fp_type)
Home |
Main Index |
Thread Index |
Old Index