tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Adding KAUTH_DEVICE_TTY_ATTACH_<TYPE>
Iain Hibbert wrote:
On Wed, 6 May 2009, Elad Efrat wrote:
I'm not entirely happy with it as we call kauth twice for bcsp, btuart,
and ppp. Do you see a reason to separate ADD and ENABLE and not just
treat both as the same? is there a situation where you'd want to a user
or a program only one of the two?
I think it should just be ADD for those at least.
The other two I'm not sure about but in the future if somebody did the
work to switch strip(4) and slip(4) to auto-cloning devices, the ENABLE
for those could be dropped..
I dropped the ENABLEs, made them all ADD, and will document the
exception ("for sl(4) and strip(4) this enables the device").
Maybe for ppp, btuart, and bcsp, we should combine ADD and ENABLE as
the code only supports doing both together?
Why provide a scope for each pseudo-device type in network (ppp, slip,
strip) but not in bluetooth (bcsp, btuart)? (I can't summon an objection
to either method or the difference, just questioning the consistency :)
You're right, I've added BCSP and BTUART for BLUETOOTH and the
aforementioned ADDs for them. :)
See attached diff -- I'll go ahead and commit if there are no
objections.
Thanks,
-e.
Index: sys/sys/kauth.h
===================================================================
RCS file: /cvsroot/src/sys/sys/kauth.h,v
retrieving revision 1.56
diff -u -p -r1.56 kauth.h
--- sys/sys/kauth.h 5 May 2009 21:03:28 -0000 1.56
+++ sys/sys/kauth.h 6 May 2009 18:20:28 -0000
@@ -177,7 +177,10 @@ enum {
KAUTH_NETWORK_FORWSRCRT,
KAUTH_NETWORK_NFS,
KAUTH_NETWORK_ROUTE,
- KAUTH_NETWORK_SOCKET
+ KAUTH_NETWORK_SOCKET,
+ KAUTH_NETWORK_INTERFACE_PPP,
+ KAUTH_NETWORK_INTERFACE_SLIP,
+ KAUTH_NETWORK_INTERFACE_STRIP,
};
/*
@@ -210,7 +213,10 @@ enum kauth_network_req {
KAUTH_REQ_NETWORK_SOCKET_RAWSOCK,
KAUTH_REQ_NETWORK_SOCKET_CANSEE,
KAUTH_REQ_NETWORK_SOCKET_DROP,
- KAUTH_REQ_NETWORK_SOCKET_SETPRIV
+ KAUTH_REQ_NETWORK_SOCKET_SETPRIV,
+ KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD,
+ KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD,
+ KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD,
};
/*
@@ -242,6 +248,8 @@ enum {
KAUTH_DEVICE_RND_ADDDATA,
KAUTH_DEVICE_RND_GETPRIV,
KAUTH_DEVICE_RND_SETPRIV,
+ KAUTH_DEVICE_BLUETOOTH_BCSP,
+ KAUTH_DEVICE_BLUETOOTH_BTUART,
};
/*
@@ -251,6 +259,8 @@ enum kauth_device_req {
KAUTH_REQ_DEVICE_RAWIO_SPEC_READ=1,
KAUTH_REQ_DEVICE_RAWIO_SPEC_WRITE,
KAUTH_REQ_DEVICE_RAWIO_SPEC_RW,
+ KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD,
+ KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD,
};
/*
Index: sys/secmodel/bsd44/secmodel_bsd44_suser.c
===================================================================
RCS file: /cvsroot/src/sys/secmodel/bsd44/secmodel_bsd44_suser.c,v
retrieving revision 1.64
diff -u -p -r1.64 secmodel_bsd44_suser.c
--- sys/secmodel/bsd44/secmodel_bsd44_suser.c 5 May 2009 21:03:28 -0000
1.64
+++ sys/secmodel/bsd44/secmodel_bsd44_suser.c 6 May 2009 18:20:29 -0000
@@ -849,6 +849,42 @@ secmodel_bsd44_suser_network_cb(kauth_cr
}
break;
+ case KAUTH_NETWORK_INTERFACE_PPP:
+ switch (req) {
+ case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD:
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
+ break;
+ default:
+ break;
+ }
+
+ break;
+
+ case KAUTH_NETWORK_INTERFACE_SLIP:
+ switch (req) {
+ case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD:
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
+ break;
+ default:
+ break;
+ }
+
+ break;
+
+ case KAUTH_NETWORK_INTERFACE_STRIP:
+ switch (req) {
+ case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD:
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
+ break;
+ default:
+ break;
+ }
+
+ break;
+
case KAUTH_NETWORK_NFS:
switch (req) {
case KAUTH_REQ_NETWORK_NFS_EXPORT:
@@ -1015,6 +1051,25 @@ secmodel_bsd44_suser_device_cb(kauth_cre
result = KAUTH_RESULT_ALLOW;
break;
+ case KAUTH_DEVICE_BLUETOOTH_BCSP:
+ case KAUTH_DEVICE_BLUETOOTH_BTUART: {
+ enum kauth_device_req req;
+
+ req = (enum kauth_device_req)arg0;
+ switch (req) {
+ case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD:
+ case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD:
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
+ break;
+
+ default:
+ break;
+ }
+
+ break;
+ }
+
case KAUTH_DEVICE_RAWIO_SPEC:
case KAUTH_DEVICE_RAWIO_PASSTHRU:
/*
Index: sys/net/ppp_tty.c
===================================================================
RCS file: /cvsroot/src/sys/net/ppp_tty.c,v
retrieving revision 1.54
diff -u -p -r1.54 ppp_tty.c
--- sys/net/ppp_tty.c 15 Apr 2009 20:44:25 -0000 1.54
+++ sys/net/ppp_tty.c 6 May 2009 18:20:30 -0000
@@ -208,8 +208,9 @@ pppopen(dev_t dev, struct tty *tp)
struct ppp_softc *sc;
int error, s;
- if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
- NULL)) != 0)
+ error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE_PPP,
+ KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD, NULL, NULL, NULL);
+ if (error)
return (error);
s = spltty();
Index: sys/net/if_sl.c
===================================================================
RCS file: /cvsroot/src/sys/net/if_sl.c,v
retrieving revision 1.114
diff -u -p -r1.114 if_sl.c
--- sys/net/if_sl.c 17 Dec 2008 20:51:36 -0000 1.114
+++ sys/net/if_sl.c 6 May 2009 18:20:30 -0000
@@ -303,8 +303,9 @@ slopen(dev_t dev, struct tty *tp)
struct sl_softc *sc;
int error;
- if ((error = kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
- NULL)) != 0)
+ error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE_SLIP,
+ KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD, NULL, NULL, NULL);
+ if (error)
return error;
if (tp->t_linesw == &slip_disc)
Index: sys/net/if_strip.c
===================================================================
RCS file: /cvsroot/src/sys/net/if_strip.c,v
retrieving revision 1.92
diff -u -p -r1.92 if_strip.c
--- sys/net/if_strip.c 18 Apr 2009 14:58:05 -0000 1.92
+++ sys/net/if_strip.c 6 May 2009 18:20:32 -0000
@@ -475,8 +475,10 @@ stripopen(dev_t dev, struct tty *tp)
struct strip_softc *sc;
int error;
- if ((error = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL)) != 0)
+ error = kauth_authorize_network(l->l_cred,
+ KAUTH_NETWORK_INTERFACE_STRIP,
+ KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD, NULL, NULL, NULL);
+ if (error)
return (error);
if (tp->t_linesw == &strip_disc)
Index: sys/dev/bluetooth/btuart.c
===================================================================
RCS file: /cvsroot/src/sys/dev/bluetooth/btuart.c,v
retrieving revision 1.21
diff -u -p -r1.21 btuart.c
--- sys/dev/bluetooth/btuart.c 26 Apr 2009 07:53:43 -0000 1.21
+++ sys/dev/bluetooth/btuart.c 6 May 2009 18:20:32 -0000
@@ -226,9 +226,10 @@ btuartopen(dev_t devno __unused, struct
struct lwp *l = curlwp; /* XXX */
int error, unit, s;
- if ((error = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL)) != 0)
- return error;
+ error = kauth_authorize_device(l->l_cred, KAUTH_DEVICE_BLUETOOTH_BTUART,
+ KAUTH_ARG(KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD), NULL, NULL, NULL);
+ if (error)
+ return (error);
s = spltty();
Index: sys/dev/bluetooth/bcsp.c
===================================================================
RCS file: /cvsroot/src/sys/dev/bluetooth/bcsp.c,v
retrieving revision 1.16
diff -u -p -r1.16 bcsp.c
--- sys/dev/bluetooth/bcsp.c 26 Apr 2009 07:53:43 -0000 1.16
+++ sys/dev/bluetooth/bcsp.c 6 May 2009 18:20:34 -0000
@@ -378,9 +378,10 @@ bcspopen(dev_t device __unused, struct t
int error, unit, s;
static char name[] = "bcsp";
- if ((error = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL)) != 0)
- return error;
+ error = kauth_authorize_device(l->l_cred, KAUTH_DEVICE_BLUETOOTH_BCSP,
+ KAUTH_ARG(KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD), NULL, NULL, NULL);
+ if (error)
+ return (error);
s = spltty();
Home |
Main Index |
Thread Index |
Old Index