Date: Fri, 22 Mar 2002 10:03:13 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 8207 for review Message-ID: <200203221803.g2MI3D454676@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=8207 Change 8207 by rwatson@rwatson_curry on 2002/03/22 10:02:23 Move the network code from using cr_cansee() to check whether a socket is visible to a requesting credential to using a new function, cr_canseesocket(), which accepts a subject credential and object socket. Implement cr_canseesocket() so that it does a prison check, a uid check, and add a comment where shortly a MAC hook will go. This will allow MAC policies to seperately instrument the visibility of sockets from the visibility of processes. Once recent recent changes to the main tree are MFC'd, the uid-related checks can be centralized. Affected files ... ... //depot/projects/trustedbsd/mac/sys/kern/kern_prot.c#13 edit ... //depot/projects/trustedbsd/mac/sys/netinet/raw_ip.c#8 edit ... //depot/projects/trustedbsd/mac/sys/netinet/tcp_subr.c#10 edit ... //depot/projects/trustedbsd/mac/sys/netinet/udp_usrreq.c#7 edit ... //depot/projects/trustedbsd/mac/sys/sys/systm.h#7 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_prot.c#13 (text+ko) ==== @@ -61,6 +61,8 @@ #include <sys/jail.h> #include <sys/pioctl.h> #include <sys/resourcevar.h> +#include <sys/socket.h> +#include <sys/socketvar.h> #include <sys/sysctl.h> static MALLOC_DEFINE(M_CRED, "cred", "credentials"); @@ -1676,6 +1678,33 @@ return (0); } +/*- + * Determine whether the subject represented by cred can "see" the passed + * socket. + * Returns: 0 for permitted, ENOENT otherwise. + * Locks: Sufficient locks to protect various components of cred and so + * must be held. + * References: cred and so must be valid for the lifetime of the call + */ +int +cr_canseesocket(struct ucred *cred, struct socket *so) +{ + int error; + + error = prison_check(cred, so->so_cred); + if (error) + return (ENOENT); + + if (!see_other_uids && cred->cr_ruid != so->so_cred->cr_ruid) + return (ENOENT); + +#ifdef MAC + /* XXX: error = mac_cred_check_seesocket() here. */ +#endif + + return (0); +} + /* * Allocate a zeroed cred structure. */ ==== //depot/projects/trustedbsd/mac/sys/netinet/raw_ip.c#8 (text+ko) ==== @@ -653,8 +653,8 @@ for (inp = LIST_FIRST(ripcbinfo.listhead), i = 0; inp && i < n; inp = LIST_NEXT(inp, inp_list)) { if (inp->inp_gencnt <= gencnt) { - if (cr_cansee(req->td->td_ucred, - inp->inp_socket->so_cred)) + if (cr_canseesocket(req->td->td_ucred, + inp->inp_socket)) continue; inp_list[i++] = inp; } ==== //depot/projects/trustedbsd/mac/sys/netinet/tcp_subr.c#10 (text+ko) ==== @@ -866,8 +866,8 @@ for (inp = LIST_FIRST(tcbinfo.listhead), i = 0; inp && i < n; inp = LIST_NEXT(inp, inp_list)) { if (inp->inp_gencnt <= gencnt) { - if (cr_cansee(req->td->td_ucred, - inp->inp_socket->so_cred)) + if (cr_canseesocket(req->td->td_ucred, + inp->inp_socket)) continue; inp_list[i++] = inp; } @@ -937,7 +937,7 @@ error = ENOENT; goto out; } - error = cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred); + error = cr_canseesocket(req->td->td_ucred, inp->inp_socket); if (error) goto out; cru2x(inp->inp_socket->so_cred, &xuc); @@ -989,7 +989,7 @@ error = ENOENT; goto out; } - error = cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred); + error = cr_canseesocket(req->td->td_ucred, inp->inp_socket); if (error) goto out; cru2x(inp->inp_socket->so_cred, &xuc); ==== //depot/projects/trustedbsd/mac/sys/netinet/udp_usrreq.c#7 (text+ko) ==== @@ -609,8 +609,8 @@ for (inp = LIST_FIRST(udbinfo.listhead), i = 0; inp && i < n; inp = LIST_NEXT(inp, inp_list)) { if (inp->inp_gencnt <= gencnt) { - if (cr_cansee(req->td->td_ucred, - inp->inp_socket->so_cred)) + if (cr_canseesocket(req->td->td_ucred, + inp->inp_socket)) continue; inp_list[i++] = inp; } @@ -674,7 +674,7 @@ error = ENOENT; goto out; } - error = cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred); + error = cr_canseesocket(req->td->td_ucred, inp->inp_socket); if (error) goto out; cru2x(inp->inp_socket->so_cred, &xuc); ==== //depot/projects/trustedbsd/mac/sys/sys/systm.h#7 (text+ko) ==== @@ -101,6 +101,7 @@ struct mtx; struct proc; struct kse; +struct socket; struct thread; struct tty; struct ucred; @@ -197,6 +198,7 @@ int suser_xxx __P((struct ucred *cred, struct proc *proc, int flag)); int suser_xxx_td __P((struct ucred *cred, struct thread *thread, int flag)); int cr_cansee __P((struct ucred *u1, struct ucred *u2)); +int cr_canseesocket __P((struct ucred *u1, struct socket *so)); char *getenv __P((const char *name)); int getenv_int __P((const char *name, int *data)); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203221803.g2MI3D454676>