Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Replace the remaining KAUTH_GENERIC_ISSUSER authorization ca...
details: https://anonhg.NetBSD.org/src/rev/6f22b19e7a4e
branches: trunk
changeset: 778033:6f22b19e7a4e
user: elad <elad%NetBSD.org@localhost>
date: Tue Mar 13 18:40:26 2012 +0000
description:
Replace the remaining KAUTH_GENERIC_ISSUSER authorization calls with
something meaningful. All relevant documentation has been updated or
written.
Most of these changes were brought up in the following messages:
http://mail-index.netbsd.org/tech-kern/2012/01/18/msg012490.html
http://mail-index.netbsd.org/tech-kern/2012/01/19/msg012502.html
http://mail-index.netbsd.org/tech-kern/2012/02/17/msg012728.html
Thanks to christos, manu, njoly, and jmmv for input.
Huge thanks to pgoyette for spinning these changes through some build
cycles and ATF.
diffstat:
distrib/sets/lists/comp/mi | 5 +-
share/man/man9/Makefile | 4 +-
share/man/man9/genfs.9 | 114 +++++
share/man/man9/kauth.9 | 462 +++++++++++++++++++++++-
sys/arch/amiga/dev/grf.c | 8 +-
sys/arch/macppc/dev/ofb.c | 8 +-
sys/arch/shark/ofw/vga_ofbus.c | 8 +-
sys/arch/sparc/dev/tctrl.c | 8 +-
sys/arch/sparc64/dev/gfb.c | 8 +-
sys/compat/common/vfs_syscalls_50.c | 9 +-
sys/dev/cons.c | 8 +-
sys/dev/dm/device-mapper.c | 6 +-
sys/dev/ic/ct65550.c | 8 +-
sys/dev/ic/midway.c | 9 +-
sys/dev/pci/genfb_pci.c | 8 +-
sys/dev/pci/if_lmc.h | 4 +-
sys/dev/pci/machfb.c | 8 +-
sys/dev/pci/pci_usrreq.c | 8 +-
sys/dev/pci/pm2fb.c | 8 +-
sys/dev/pci/r128fb.c | 8 +-
sys/dev/pci/radeonfb.c | 8 +-
sys/dev/pci/voodoofb.c | 8 +-
sys/dev/pci/voyager/voyagerfb.c | 8 +-
sys/dev/pci/wcfb.c | 8 +-
sys/dev/tc/pxg.c | 9 +-
sys/dev/verified_exec.c | 20 +-
sys/dev/wscons/wskbd.c | 15 +-
sys/fs/adosfs/advfsops.c | 7 +-
sys/fs/adosfs/advnops.c | 11 +-
sys/fs/cd9660/cd9660_vfsops.c | 7 +-
sys/fs/cd9660/cd9660_vnops.c | 10 +-
sys/fs/efs/efs_vfsops.c | 7 +-
sys/fs/efs/efs_vnops.c | 9 +-
sys/fs/filecorefs/filecore_vfsops.c | 7 +-
sys/fs/filecorefs/filecore_vnops.c | 10 +-
sys/fs/hfs/hfs_vfsops.c | 8 +-
sys/fs/hfs/hfs_vnops.c | 14 +-
sys/fs/msdosfs/msdosfs_vfsops.c | 16 +-
sys/fs/msdosfs/msdosfs_vnops.c | 29 +-
sys/fs/nilfs/nilfs_vfsops.c | 7 +-
sys/fs/nilfs/nilfs_vnops.c | 10 +-
sys/fs/ntfs/ntfs_vnops.c | 9 +-
sys/fs/ptyfs/ptyfs_vnops.c | 75 +--
sys/fs/smbfs/smbfs_vnops.c | 18 +-
sys/fs/sysvbfs/sysvbfs_vfsops.c | 10 +-
sys/fs/sysvbfs/sysvbfs_vnops.c | 34 +-
sys/fs/tmpfs/tmpfs_subr.c | 25 +-
sys/fs/tmpfs/tmpfs_vnops.c | 59 +-
sys/fs/udf/udf_vfsops.c | 7 +-
sys/fs/udf/udf_vnops.c | 19 +-
sys/fs/v7fs/v7fs_vfsops.c | 8 +-
sys/fs/v7fs/v7fs_vnops.c | 49 +-
sys/kern/kern_auth.c | 28 +-
sys/kern/kern_exec.c | 21 +-
sys/kern/kern_fork.c | 21 +-
sys/kern/kern_verifiedexec.c | 34 +-
sys/kern/sys_mqueue.c | 34 +-
sys/kern/sysv_ipc.c | 68 ++-
sys/kern/sysv_msg.c | 12 +-
sys/kern/sysv_sem.c | 6 +-
sys/kern/sysv_shm.c | 12 +-
sys/kern/uipc_sem.c | 43 +-
sys/kern/vfs_init.c | 19 +-
sys/kern/vfs_mount.c | 23 +-
sys/kern/vfs_subr.c | 8 +-
sys/kern/vfs_syscalls.c | 43 +-
sys/kern/vfs_xattr.c | 27 +-
sys/miscfs/genfs/genfs.h | 10 +-
sys/miscfs/genfs/genfs_vnops.c | 139 +++---
sys/miscfs/kernfs/kernfs_vnops.c | 30 +-
sys/miscfs/procfs/procfs_vnops.c | 30 +-
sys/miscfs/umapfs/umap_vfsops.c | 9 +-
sys/net/if_bridge.c | 12 +-
sys/net/npf/npf.c | 10 +-
sys/netinet6/in6.c | 10 +-
sys/netinet6/ip6_output.c | 37 +-
sys/netinet6/ipsec.c | 8 +-
sys/netipsec/ipsec.c | 8 +-
sys/netsmb/smb_conn.c | 175 ++++++--
sys/netsmb/smb_subr.h | 3 +-
sys/rump/librump/rumpvfs/rumpfs.c | 35 +-
sys/secmodel/extensions/secmodel_extensions.c | 32 +-
sys/secmodel/securelevel/secmodel_securelevel.c | 10 +-
sys/secmodel/suser/secmodel_suser.c | 171 ++++++++-
sys/sys/extattr.h | 5 +-
sys/sys/ipc.h | 4 +-
sys/sys/kauth.h | 77 +++-
sys/sys/vfs_syscalls.h | 4 +-
sys/ufs/chfs/chfs_subr.c | 46 +-
sys/ufs/chfs/chfs_vnode.c | 19 +-
sys/ufs/chfs/chfs_vnops.c | 33 +-
sys/ufs/ext2fs/ext2fs_lookup.c | 42 +-
sys/ufs/ext2fs/ext2fs_readwrite.c | 22 +-
sys/ufs/ext2fs/ext2fs_vfsops.c | 8 +-
sys/ufs/ext2fs/ext2fs_vnops.c | 111 +++--
sys/ufs/ffs/ffs_snapshot.c | 10 +-
sys/ufs/ffs/ffs_vfsops.c | 33 +-
sys/ufs/lfs/lfs_syscalls.c | 34 +-
sys/ufs/lfs/lfs_vfsops.c | 8 +-
sys/ufs/lfs/lfs_vnops.c | 22 +-
sys/ufs/ufs/ufs_extattr.c | 77 +++-
sys/ufs/ufs/ufs_lookup.c | 47 +-
sys/ufs/ufs/ufs_readwrite.c | 26 +-
sys/ufs/ufs/ufs_vnops.c | 103 ++--
sys/uvm/uvm_map.c | 10 +-
105 files changed, 2196 insertions(+), 923 deletions(-)
diffs (truncated from 6561 to 300 lines):
diff -r a3060f0740fd -r 6f22b19e7a4e distrib/sets/lists/comp/mi
--- a/distrib/sets/lists/comp/mi Tue Mar 13 18:36:49 2012 +0000
+++ b/distrib/sets/lists/comp/mi Tue Mar 13 18:40:26 2012 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.1746 2012/03/10 21:52:00 joerg Exp $
+# $NetBSD: mi,v 1.1747 2012/03/13 18:40:26 elad Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -10065,6 +10065,7 @@
./usr/share/man/cat9/getnanotime.0 comp-sys-catman .cat
./usr/share/man/cat9/getnanouptime.0 comp-sys-catman .cat
./usr/share/man/cat9/getnewvnode.0 comp-sys-catman .cat
+./usr/share/man/cat9/genfs.0 comp-sys-catman .cat
./usr/share/man/cat9/gsignal.0 comp-obsolete obsolete
./usr/share/man/cat9/hardclock.0 comp-sys-catman .cat
./usr/share/man/cat9/hash.0 comp-sys-catman .cat
@@ -16244,6 +16245,7 @@
./usr/share/man/html9/getnanotime.html comp-sys-htmlman html
./usr/share/man/html9/getnanouptime.html comp-sys-htmlman html
./usr/share/man/html9/getnewvnode.html comp-sys-htmlman html
+./usr/share/man/html9/genfs.html comp-sys-htmlman html
./usr/share/man/html9/gsignal.html comp-obsolete obsolete
./usr/share/man/html9/hardclock.html comp-sys-htmlman html
./usr/share/man/html9/hash.html comp-sys-htmlman html
@@ -22576,6 +22578,7 @@
./usr/share/man/man9/getnanotime.9 comp-sys-man .man
./usr/share/man/man9/getnanouptime.9 comp-sys-man .man
./usr/share/man/man9/getnewvnode.9 comp-sys-man .man
+./usr/share/man/man9/genfs.9 comp-sys-man .man
./usr/share/man/man9/gsignal.9 comp-obsolete obsolete
./usr/share/man/man9/hardclock.9 comp-sys-man .man
./usr/share/man/man9/hash.9 comp-sys-man .man
diff -r a3060f0740fd -r 6f22b19e7a4e share/man/man9/Makefile
--- a/share/man/man9/Makefile Tue Mar 13 18:36:49 2012 +0000
+++ b/share/man/man9/Makefile Tue Mar 13 18:40:26 2012 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.363 2012/02/17 09:44:14 plunky Exp $
+# $NetBSD: Makefile,v 1.364 2012/03/13 18:40:26 elad Exp $
# Makefile for section 9 (kernel function and variable) manual pages.
@@ -19,7 +19,7 @@
dopowerhooks.9 do_setresuid.9 doshutdownhooks.9 driver.9 \
edid.9 errno.9 ethersubr.9 evcnt.9 extattr.9 extent.9 \
fetch.9 file.9 fileassoc.9 filedesc.9 firmload.9 flash.9 \
- fork1.9 fsetown.9 fstrans.9 getiobuf.9 \
+ fork1.9 fsetown.9 fstrans.9 getiobuf.9 genfs.9 \
hash.9 hashinit.9 hardclock.9 humanize_number.9 hz.9 \
ieee80211.9 ieee80211_crypto.9 ieee80211_input.9 ieee80211_ioctl.9 \
ieee80211_node.9 ieee80211_output.9 ieee80211_proto.9 \
diff -r a3060f0740fd -r 6f22b19e7a4e share/man/man9/genfs.9
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/share/man/man9/genfs.9 Tue Mar 13 18:40:26 2012 +0000
@@ -0,0 +1,114 @@
+.\" $NetBSD: genfs.9,v 1.1 2012/03/13 18:40:27 elad Exp $
+.\"
+.\" Copyright 2012 Elad Efrat <elad%NetBSD.org@localhost>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote products
+.\" derived from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd March 1, 2012
+.Dt GENFS 9
+.Os
+.Sh NAME
+.Nm genfs
+.Nd genfs routines
+.Sh SYNOPSIS
+.In miscfs/genfs/genfs.h
+.Ft int
+.Fn genfs_can_access "enum vtype type" "mode_t file_mode" "uid_t uid" \
+"gid_t gid" "mode_t acc_mode" "kauth_cred_t cred"
+.Ft int
+.Fn genfs_can_chmod "enum vtype type" "kauth_cred_t cred" "uid_t cur_uid" \
+"gid_t cur_gid" "mode_t new_mode"
+.Ft int
+.Fn genfs_can_chown "kauth_cred_t cred" "uid_t cur_uid" "gid_t cur_gid" \
+"uid_t new_uid" "gid_t new_gid"
+.Ft int
+.Fn genfs_can_chtimes "vnode_t *vp" "u_int vaflags" "uid_t owner_uid" \
+"kauth_cred_t cred"
+.Ft int
+.Fn genfs_can_chflags "kauth_cred_t cred" "enum vtype type" "uid_t owner_uid" \
+"bool changing_sysflags"
+.Ft int
+.Fn genfs_can_sticky "kauth_cred_t cred" "uid_t dir_uid" "uid_t file_uid"
+.Ft int
+.Fn genfs_can_extattr "kauth_cred_t cred" "int access_mode" "vnode_t *vp" \
+"const char *attr"
+.Sh DESCRIPTION
+The functions documented here are general routines for internal use in
+file-systems to implement common policies for performing various operations.
+The developer must understand that these routines implement no system-wide
+policies and only take into account the object being accessed and the
+nominal values of the credentials accessing it.
+.Pp
+In other words, these functions are not meant to be called direcly.
+They are intended to be used in
+.Xr kauth 9
+vnode scope authorization calls, for providing the fall-back file-system
+decision.
+.Pp
+As a rule of thumb, code that looks like this is wrong:
+.Bd -literal -offset indent
+error = genfs_can_foo(...); /* WRONG */
+.Ed
+.Pp
+While code that looks like this is right:
+.Bd -literal -offset indent
+error = kauth_authorize_vnode(..., genfs_can_foo(...));
+.Ed
+.Sh FUNCTIONS
+.Bl -tag -width compact
+.It Fn genfs_can_access "enum vtype type" "mode_t file_mode" "uid_t uid" \
+"gid_t gid" "mode_t acc_mode" "kauth_cred_t cred"
+Implements file access checking based on traditional Unix permissions.
+.It Fn genfs_can_chmod "enum vtype type" "kauth_cred_t cred" "uid_t cur_uid" \
+"gid_t cur_gid" "mode_t new_mode"
+Implements
+.Xr chmod 2
+policy.
+.It Fn genfs_can_chown "kauth_cred_t cred" "uid_t cur_uid" "gid_t cur_gid" \
+"uid_t new_uid" "gid_t new_gid"
+Implements
+.Xr chown 2
+policy.
+.It Fn genfs_can_chtimes "vnode_t *vp" "u_int vaflags" "uid_t owner_uid" \
+"kauth_cred_t cred"
+Implements
+.Xr utimes 2
+policy.
+.It Fn genfs_can_chflags "kauth_cred_t cred" "enum vtype type" \
+"uid_t owner_uid" "bool changing_sysflags"
+Implements
+.Xr chflags 2
+policy.
+.It Fn genfs_can_sticky "kauth_cred_t cred" "uid_t dir_uid" "uid_t file_uid"
+Implements rename and delete policy from sticky directories.
+.It Fn genfs_can_extattr "kauth_cred_t cred" "int access_mode" "vnode_t *vp" \
+"const char *attr"
+Implements extended attributes access policy.
+.El
+.Sh SEE ALSO
+.Xr kauth 9
+.Sh AUTHORS
+.An Elad Efrat Aq elad%NetBSD.org@localhost
+wrote this manual page.
diff -r a3060f0740fd -r 6f22b19e7a4e share/man/man9/kauth.9
--- a/share/man/man9/kauth.9 Tue Mar 13 18:36:49 2012 +0000
+++ b/share/man/man9/kauth.9 Tue Mar 13 18:40:26 2012 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: kauth.9,v 1.97 2012/03/11 23:42:07 njoly Exp $
+.\" $NetBSD: kauth.9,v 1.98 2012/03/13 18:40:27 elad Exp $
.\"
.\" Copyright (c) 2005, 2006 Elad Efrat <elad%NetBSD.org@localhost>
.\" All rights reserved.
@@ -203,8 +203,29 @@
.Xr ipkdb 4
is allowed.
.El
+.It Dv KAUTH_SYSTEM_DEVMAPPER
+Check if operations on the device mapper
+.Xr dm 4
+device are allowed.
.It Dv KAUTH_SYSTEM_FILEHANDLE
Check if filehandle operations allowed.
+.It Dv KAUTH_SYSTEM_FS_EXTATTR
+Check if starting, stopping, enabling, or disabling extended attributes
+is allowed.
+.Ar arg1
+is a
+.Ft struct mount *
+of the mount-point on which the operation is performed.
+.It Dv KAUTH_SYSTEM_FS_SNAPSHOT
+Check if setting up a file-system snapshot is allowed.
+.Ar arg1
+is a
+.Ft struct mount *
+of the mount-point of which the snapshot is taken, and
+.Ar arg2
+is a
+.Ft struct vnode *
+of the vnode where the snapshot is expected to be.
.It Dv KAUTH_SYSTEM_FS_QUOTA
Check if file-system quota operations are allowed.
.Pp
@@ -236,6 +257,35 @@
.El
.It Dv KAUTH_SYSTEM_FS_RESERVEDSPACE
Check if using the file-system reserved space is allowed.
+.It Dv KAUTH_SYSTEM_LFS
+Check if LFS-related operations are allowed.
+.Ar req
+can be one of the following:
+.Bl -tag -width compact
+.It Dv KAUTH_REQ_SYSTEM_LFS_MARKV
+Check if calling
+.Xr lfs_markv 2
+is allowed.
+.It Dv KAUTH_REQ_SYSTEM_LFS_BMAPV
+Check if calling
+.Xr lfs_bmapv 2
+is allowed.
+.It Dv KAUTH_REQ_SYSTEM_LFS_SEGCLEAN
+Check if calling
+.Xr lfs_segclean 2
+is allowed.
+.It Dv KAUTH_REQ_SYSTEM_LFS_SEGWAIT
+Check if calling
+.Xr lfs_segwait 2
+is allowed.
+.It Dv KAUTH_REQ_SYSTEM_LFS_FCNTL
+Check if operations on LFS through
+.Xr fcntl 2
+are allowed.
+.El
+.It Dv KAUTH_SYSTEM_MAP_VA_ZERO
+Check if changing the status of memory mapping of virtual address zero
+is allowed.
.It Dv KAUTH_SYSTEM_MODULE
Check if a module request is allowed.
.Pp
@@ -249,6 +299,20 @@
.Ar req
can be any of the following:
.Bl -tag -width compact
+.It Dv KAUTH_REQ_SYSTEM_MOUNT_DEVICE
+Check if mounting a device is allowed.
+.Ar arg1
+is a
+.Ft vnode_t *
+of the device,
+.Ar arg2
+is a
+.Ft struct mount *
+with the mount-point, and
+.Ar arg3
+is a
+.Ft mode_t
+with the desired access mode.
.It Dv KAUTH_REQ_SYSTEM_MOUNT_GET
Check if retrieving information about a mount is allowed.
.Ar arg1
@@ -296,7 +360,17 @@
is a
.Ft void *
with file-system specific data, if any.
+.It Dv KAUTH_REQ_SYSTEM_MOUNT_UMAP
+Check if mounting the user and group id remapping file-system.
+See
+.Xr mount_umap 8 .
.El
+.It Dv KAUTH_SYSTEM_MQUEUE
+Check if bypassing permissions on a message queue object are allowed.
+.Ar arg1
+is a
+.Ft mqueue_t *
+describing the message queue.
.It Dv KAUTH_SYSTEM_PSET
Check processor-set manipulation.
.Pp
@@ -316,6 +390,12 @@
Check if rebooting is allowed.
.It Dv KAUTH_SYSTEM_SETIDCORE
Check if changing coredump settings for set-id processes is allowed.
+.It Dv KAUTH_SYSTEM_SEMAPHORE
+Check if access to a kernel semaphore is allowed.
+.Ar arg1
+is a
+.Ft ksem_t *
+describing the semaphore.
.It Dv KAUTH_SYSTEM_SWAPCTL
Check if privileged
.Xr swapctl 2
@@ -349,6 +429,36 @@
.Xr sysctl 9
nodes is allowed.
.El
Home |
Main Index |
Thread Index |
Old Index