Date: Mon, 30 Oct 2006 15:17:16 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 108753 for review Message-ID: <200610301517.k9UFHGLj051771@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=108753 Change 108753 by rwatson@rwatson_zoo on 2006/10/30 15:17:04 Move from enum priv priv to int priv. This reduces name space pollution and allows mac_framework.h not to have a nested include of priv.h. It also makes it easier to avoid ABI disruption by hard-coding privilege numbers and leaving gaps so sort order isn't disrupted. Affected files ... .. //depot/projects/trustedbsd/priv/sys/kern/kern_jail.c#11 edit .. //depot/projects/trustedbsd/priv/sys/kern/kern_priv.c#3 edit .. //depot/projects/trustedbsd/priv/sys/security/mac/mac_framework.h#4 edit .. //depot/projects/trustedbsd/priv/sys/security/mac/mac_priv.c#2 edit .. //depot/projects/trustedbsd/priv/sys/security/mac_privs/mac_privs.c#2 edit .. //depot/projects/trustedbsd/priv/sys/security/mac_privs/mac_privs.h#2 edit .. //depot/projects/trustedbsd/priv/sys/sys/jail.h#3 edit .. //depot/projects/trustedbsd/priv/sys/sys/mac_policy.h#5 edit .. //depot/projects/trustedbsd/priv/sys/sys/priv.h#8 edit Differences ... ==== //depot/projects/trustedbsd/priv/sys/kern/kern_jail.c#11 (text+ko) ==== @@ -529,7 +529,7 @@ * have a specific list of accepted privileges; the rest are denied. */ int -prison_priv_check(struct ucred *cred, enum priv priv) +prison_priv_check(struct ucred *cred, int priv) { if (!(jailed(cred))) ==== //depot/projects/trustedbsd/priv/sys/kern/kern_priv.c#3 (text+ko) ==== @@ -34,12 +34,13 @@ #include <sys/param.h> #include <sys/jail.h> #include <sys/kernel.h> -#include <sys/mac.h> #include <sys/priv.h> #include <sys/proc.h> #include <sys/sysctl.h> #include <sys/systm.h> +#include <security/mac/mac_framework.h> + /* * `suser_enabled' (which can be set by the security.bsd.suser_enabled * sysctl) determines whether the system 'super-user' policy is in effect. @@ -62,7 +63,7 @@ * only a few to grant it. */ int -priv_check_cred(struct ucred *cred, enum priv priv, int flags) +priv_check_cred(struct ucred *cred, int priv, int flags) { int error; @@ -123,7 +124,7 @@ } int -priv_check(struct thread *td, enum priv priv) +priv_check(struct thread *td, int priv) { KASSERT(td == curthread, ("priv_check: td != curthread")); ==== //depot/projects/trustedbsd/priv/sys/security/mac/mac_framework.h#4 (text+ko) ==== @@ -51,7 +51,6 @@ #endif #include <sys/_label.h> -#include <sys/priv.h> /* XXXRW: Until name space issues resolved. */ struct bpf_d; struct cdev; @@ -408,8 +407,8 @@ struct label *label); void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred); void mac_associate_nfsd_label(struct ucred *cred); -int mac_priv_check(struct ucred *cred, enum priv priv); -int mac_priv_grant(struct ucred *cred, enum priv priv); +int mac_priv_check(struct ucred *cred, int priv); +int mac_priv_grant(struct ucred *cred, int priv); /* * Calls to help various file systems implement labeling functionality ==== //depot/projects/trustedbsd/priv/sys/security/mac/mac_priv.c#2 (text+ko) ==== @@ -38,13 +38,13 @@ #include <sys/param.h> #include <sys/priv.h> #include <sys/module.h> -#include <sys/mac.h> #include <sys/mac_policy.h> +#include <security/mac/mac_framework.h> #include <security/mac/mac_internal.h> int -mac_priv_check(struct ucred *cred, enum priv priv) +mac_priv_check(struct ucred *cred, int priv) { int error; @@ -54,7 +54,7 @@ } int -mac_priv_grant(struct ucred *cred, enum priv priv) +mac_priv_grant(struct ucred *cred, int priv) { int error; ==== //depot/projects/trustedbsd/priv/sys/security/mac_privs/mac_privs.c#2 (text+ko) ==== @@ -60,7 +60,7 @@ */ struct rule { uid_t r_uid; - enum priv r_priv; + int r_priv; TAILQ_ENTRY(rule) r_list; }; @@ -127,7 +127,7 @@ * Add a rule matching the uid and privilege. */ static int -mac_privs_rule_add(uid_t uid, enum priv priv) +mac_privs_rule_add(uid_t uid, int priv) { struct rule *new_rule, *rule; @@ -163,7 +163,7 @@ * Delete a rule matching the uid and privilege. */ static int -mac_privs_rule_delete(uid_t uid, enum priv priv) +mac_privs_rule_delete(uid_t uid, int priv) { struct rule *rule; @@ -252,7 +252,7 @@ * match a specific or wildcard rule (privilege of -1 in the rule). */ static int -mac_privs_priv_grant(struct ucred *cred, enum priv priv) +mac_privs_priv_grant(struct ucred *cred, int priv) { struct rule *rule; int error; ==== //depot/projects/trustedbsd/priv/sys/security/mac_privs/mac_privs.h#2 (text+ko) ==== @@ -48,8 +48,8 @@ */ #define MAC_PRIVS_ADD 1 struct mac_privs_add_args { - uid_t uid; - enum priv priv; + uid_t uid; + int priv; }; /* @@ -57,8 +57,8 @@ */ #define MAC_PRIVS_DELETE 2 struct mac_privs_delete_args { - uid_t uid; - enum priv priv; + uid_t uid; + int priv; }; /* @@ -80,8 +80,8 @@ */ #define MAC_PRIVS_LIST 4 struct mac_privs_list_entry { - uid_t uid; - enum priv priv; + uid_t uid; + int priv; }; struct mac_privs_list_args { ==== //depot/projects/trustedbsd/priv/sys/sys/jail.h#3 (text+ko) ==== @@ -111,7 +111,7 @@ void prison_hold(struct prison *pr); int prison_if(struct ucred *cred, struct sockaddr *sa); int prison_ip(struct ucred *cred, int flag, u_int32_t *ip); -int prison_priv_check(struct ucred *cred, enum priv priv); +int prison_priv_check(struct ucred *cred, int priv); void prison_remote_ip(struct ucred *cred, int flags, u_int32_t *ip); #endif /* _KERNEL */ ==== //depot/projects/trustedbsd/priv/sys/sys/mac_policy.h#5 (text+ko) ==== @@ -55,10 +55,12 @@ * Operations are sorted first by general class of operation, then * alphabetically. */ +#include <sys/_label.h> #include <sys/acl.h> /* XXX acl_type_t */ struct acl; struct bpf_d; +struct cdev; struct componentname; struct devfs_dirent; struct ifnet; @@ -595,8 +597,8 @@ struct ucred *file_cred, struct vnode *vp, struct label *label); typedef void (*mpo_associate_nfsd_label_t)(struct ucred *cred); -typedef int (*mpo_priv_check_t)(struct ucred *cred, enum priv priv); -typedef int (*mpo_priv_grant_t)(struct ucred *cred, enum priv priv); +typedef int (*mpo_priv_check_t)(struct ucred *cred, int priv); +typedef int (*mpo_priv_grant_t)(struct ucred *cred, int priv); struct mac_policy_ops { /* ==== //depot/projects/trustedbsd/priv/sys/sys/priv.h#8 (text+ko) ==== @@ -48,251 +48,387 @@ * When adding a new privilege, remember to determine if it's appropriate for * use in jail, and update the privilege switch in kern_jail.c as necessary. */ -enum priv { - /* Track beginning of privilege list. */ - _PRIV_LOWEST, +/* Track beginning of privilege list. */ +#define _PRIV_LOWEST 0 + +/* + * PRIV_ROOT is a catch-all for as yet unnamed privileges. No new + * references to this privilege should be added. + */ +#define PRIV_ROOT 1 /* Catch-all during development. */ + +/* + * The remaining privileges typically correspond to one or a small + * number of specific privilege checks, and have (relatively) precise + * meanings. They are loosely sorted into a set of base system + * privileges, such as the ability to reboot, and then loosely by + * subsystem, indicated by a subsystem name. + */ +#define PRIV_ACCT 2 /* Manage process accounting. */ +#define PRIV_MAXFILES 3 /* Exceed system open files limit. */ +#define PRIV_MAXPROC 4 /* Exceed system processes limit. */ +#define PRIV_KTRACE 5 /* Set/clear KTRFAC_ROOT on ktrace. */ +#define PRIV_SETDUMPER 6 /* Configure dump device. */ +#define PRIV_NFSD 7 /* Can become NFS daemon. */ +#define PRIV_REBOOT 8 /* Can reboot system. */ +#define PRIV_SWAPON 9 /* Can swapon(). */ +#define PRIV_SWAPOFF 10 /* Can swapoff(). */ +#define PRIV_MSGBUF 11 /* Can read kernel message buffer. */ +#define PRIV_WITNESS 12 /* Can configure WITNESS. */ +#define PRIV_IO 13 /* Can perform low-level I/O. */ +#define PRIV_KEYBOARD 14 /* Reprogram keyboard. */ +#define PRIV_DRIVER 15 /* Low-level driver privilege. */ +#define PRIV_ADJTIME 16 /* Set time adjustment. */ +#define PRIV_NTP_ADJTIME 17 /* Set NTP time adjustment. */ +#define PRIV_CLOCK_SETTIME 18 /* Can call clock_settime. */ +#define PRIV_SETTIMEOFDAY 19 /* Can call settimeofday. */ +#define PRIV_SETHOSTID 20 /* Can call sethostid. */ +#define PRIV_SETDOMAINNAME 21 /* Can call setdomainname. */ + +/* + * Audit subsystem privileges. + */ +#define PRIV_AUDIT_CONTROL 40 /* Can configure audit. */ +#define PRIV_AUDIT_FAILSTOP 41 /* Can run during audit fail stop. */ +#define PRIV_AUDIT_GETAUDIT 42 /* Can get proc audit properties. */ +#define PRIV_AUDIT_SETAUDIT 43 /* Can set proc audit properties. */ +#define PRIV_AUDIT_SUBMIT 44 /* Can submit an audit record. */ + +/* + * Credential management privileges. + */ +#define PRIV_CRED_SETUID 50 /* setuid. */ +#define PRIV_CRED_SETEUID 51 /* seteuid to !ruid and !svuid. */ +#define PRIV_CRED_SETGID 52 /* setgid. */ +#define PRIV_CRED_SETEGID 53 /* setgid to !rgid and !svgid. */ +#define PRIV_CRED_SETGROUPS 54 /* Set process additional groups. */ +#define PRIV_CRED_SETREUID 55 /* setreuid. */ +#define PRIV_CRED_SETREGID 56 /* setregid. */ +#define PRIV_CRED_SETRESUID 57 /* setresuid. */ +#define PRIV_CRED_SETRESGID 58 /* setresgid. */ +#define PRIV_SEEOTHERGIDS 59 /* Exempt bsd.seeothergids. */ +#define PRIV_SEEOTHERUIDS 60 /* Exempt bsd.seeotheruids. */ + +/* + * Debugging privileges. + */ +#define PRIV_DEBUG_DIFFCRED 80 /* Exempt debugging other users. */ +#define PRIV_DEBUG_SUGID 81 /* Exempt debugging setuid proc. */ +#define PRIV_DEBUG_UNPRIV 82 /* Exempt unprivileged debug limit. */ + +/* + * Dtrace privileges. + */ +#define PRIV_DTRACE_KERNEL 90 /* Allow use of DTrace on the kernel. */ +#define PRIV_DTRACE_PROC 91 /* Allow attaching DTrace to process. */ +#define PRIV_DTRACE_USER 92 /* Process may submit DTrace events. */ + +/* + * Firmware privilegs. + */ +#define PRIV_FIRMWARE_LOAD 100 /* Can load firmware. */ + +/* + * Jail privileges. + */ +#define PRIV_JAIL_ATTACH 110 /* Attach to a jail. */ + +/* + * Kernel environment priveleges. + */ +#define PRIV_KENV_SET 120 /* Set kernel env. variables. */ +#define PRIV_KENV_UNSET 121 /* Unset kernel env. variables. */ + +/* + * Loadable kernel module privileges. + */ +#define PRIV_KLD_LOAD 130 /* Load a kernel module. */ +#define PRIV_KLD_UNLOAD 131 /* Unload a kernel module. */ + +/* + * Privileges associated with the MAC Framework and specific MAC policy + * modules. + */ +#define PRIV_MAC_PARTITION 140 /* Privilege in mac_partition policy. */ +#define PRIV_MAC_PRIVS 141 /* Privilege in the mac_privs policy. */ + +/* + * Process-related privileges. + */ +#define PRIV_PROC_LIMIT 160 /* Exceed user process limit. */ +#define PRIV_PROC_SETLOGIN 161 /* Can call setlogin. */ +#define PRIV_PROC_SETRLIMIT 162 /* Can raise resources limits. */ + +/* System V IPC privileges. + */ +#define PRIV_IPC_READ 170 /* Can override IPC read perm. */ +#define PRIV_IPC_WRITE 171 /* Can override IPC write perm. */ +#define PRIV_IPC_EXEC 172 /* Can override IPC exec perm. */ +#define PRIV_IPC_ADMIN 173 /* Can override IPC owner-only perm. */ +#define PRIV_IPC_MSGSIZE 174 /* Exempt IPC message queue limit. */ + +/* + * POSIX message queue privileges. + */ +#define PRIV_MQ_ADMIN 180 /* Can override msgq owner-only perm. */ + +/* + * Performance monitoring counter privileges. + */ +#define PRIV_PMC_MANAGE 190 /* Can administer PMC. */ +#define PRIV_PMC_SYSTEM 191 /* Can allocate a system-wide PMC. */ + +/* + * Scheduling privileges. + */ +#define PRIV_SCHED_DIFFCRED 200 /* Exempt scheduling other users. */ +#define PRIV_SCHED_SETPRIORITY 201 /* Can set lower nice value for proc. */ +#define PRIV_SCHED_RTPRIO 202 /* Can set real time scheduling. */ +#define PRIV_SCHED_SETPOLICY 203 /* Can set scheduler policy. */ +#define PRIV_SCHED_SET 204 /* Can set thread scheduler. */ +#define PRIV_SCHED_SETPARAM 205 /* Can set thread scheduler params. */ + +/* + * POSIX semaphore privileges. + */ +#define PRIV_SEM_WRITE 220 /* Can override sem write perm. */ + +/* + * Signal privileges. + */ +#define PRIV_SIGNAL_DIFFCRED 230 /* Exempt signalling other users. */ +#define PRIV_SIGNAL_SUGID 231 /* Non-conserv signal setuid proc. */ + +/* + * Sysctl privileges. + */ +#define PRIV_SYSCTL_DEBUG 240 /* Can invoke sysctl.debug. */ +#define PRIV_SYSCTL_WRITE 241 /* Can write sysctls. */ +#define PRIV_SYSCTL_WRITEJAIL 242 /* Can write sysctls, jail permitted. */ + +/* + * TTY privileges. + */ +#define PRIV_TTY_CONSOLE 250 /* Set console to tty. */ +#define PRIV_TTY_DRAINWAIT 251 /* Set tty drain wait time. */ +#define PRIV_TTY_DTRWAIT 252 /* Set DTR wait on tty. */ +#define PRIV_TTY_EXCLUSIVE 253 /* Override tty exclusive flag. */ +#define PRIV_TTY_PRISON 254 /* Can open pts across jails. */ +#define PRIV_TTY_STI 255 /* Simulate input on another tty. */ +#define PRIV_TTY_SETA 256 /* Set tty termios structure. */ + +/* + * UFS-specific privileges. + */ +#define PRIV_UFS_EXTATTRCTL 270 /* Can configure EAs on UFS1. */ +#define PRIV_UFS_GETQUOTA 271 /* getquota(). */ +#define PRIV_UFS_QUOTAOFF 272 /* quotaoff(). */ +#define PRIV_UFS_QUOTAON 273 /* quotaon(). */ +#define PRIV_UFS_SETQUOTA 274 /* setquota(). */ +#define PRIV_UFS_SETUSE 275 /* setuse(). */ +#define PRIV_UFS_EXCEEDQUOTA 276 /* Exempt from quota restrictions. */ + +/* + * VFS privileges. + */ +#define PRIV_VFS_READ 310 /* Override vnode DAC read perm. */ +#define PRIV_VFS_WRITE 311 /* Override vnode DAC write perm. */ +#define PRIV_VFS_ADMIN 312 /* Override vnode DAC admin perm. */ +#define PRIV_VFS_EXEC 313 /* Override vnode DAC exec perm. */ +#define PRIV_VFS_LOOKUP 314 /* Override vnode DAC lookup perm. */ +#define PRIV_VFS_BLOCKRESERVE 315 /* Can use free block reserve. */ +#define PRIV_VFS_CHFLAGS_DEV 316 /* Can chflags() a device node. */ +#define PRIV_VFS_CHOWN 317 /* Can set user; group to non-member. */ +#define PRIV_VFS_CHROOT 318 /* chroot(). */ +#define PRIV_VFS_CLEARSUGID 319 /* Don't clear sugid on change. */ +#define PRIV_VFS_EXTATTR_SYSTEM 320 /* Operate on system EA namespace. */ +#define PRIV_VFS_FCHROOT 321 /* fchroot(). */ +#define PRIV_VFS_FHOPEN 322 /* Can fhopen(). */ +#define PRIV_VFS_FHSTAT 323 /* Can fhstat(). */ +#define PRIV_VFS_FHSTATFS 324 /* Can fhstatfs(). */ +#define PRIV_VFS_GENERATION 325 /* stat() returns generation number. */ +#define PRIV_VFS_GETFH 326 /* Can retrieve file handles. */ +#define PRIV_VFS_LINK 327 /* bsd.hardlink_check_uid */ +#define PRIV_VFS_MKNOD_BAD 328 /* Can mknod() to mark bad inodes. */ +#define PRIV_VFS_MKNOD_DEV 329 /* Can mknod() to create dev nodes. */ +#define PRIV_VFS_MKNOD_WHT 330 /* Can mknod() to create whiteout. */ +#define PRIV_VFS_MOUNT 331 /* Can mount(). */ +#define PRIV_VFS_MOUNT_OWNER 332 /* Override owner on user mounts. */ +#define PRIV_VFS_MOUNT_EXPORTED 333 /* Can set MNT_EXPORTED on mount. */ +#define PRIV_VFS_MOUNT_PERM 334 /* Override dev node perms at mount. */ +#define PRIV_VFS_MOUNT_SUIDDIR 335 /* Can set MNT_SUIDDIR on mount. */ +#define PRIV_VFS_MOUNT_NONUSER 336 /* Can perform a non-user mount. */ +#define PRIV_VFS_SETGID 337 /* Can setgid if not in group. */ +#define PRIV_VFS_STICKYFILE 338 /* Can set sticky bit on file. */ +#define PRIV_VFS_SYSFLAGS 339 /* Can modify system flags. */ +#define PRIV_VFS_UNMOUNT 340 /* Can unmount(). */ + +/* + * Virtual memory privileges. + */ +#define PRIV_VM_MADV_PROTECT 360 /* Can set MADV_PROTECT. */ +#define PRIV_VM_MLOCK 361 /* Can mlock(), mlockall(). */ +#define PRIV_VM_MUNLOCK 362 /* Can munlock(), munlockall(). */ + +/* + * Device file system privileges. + */ +#define PRIV_DEVFS_RULE 370 /* Can manage devfs rules. */ +#define PRIV_DEVFS_SYMLINK 371 /* Can create symlinks in devfs. */ + +/* + * Random number generator privileges. + */ +#define PRIV_RANDOM_RESEED 380 /* Closing /dev/random reseeds. */ + +/* + * Network stack privileges. + */ +#define PRIV_NET_BRIDGE 390 /* Administer bridge. */ +#define PRIV_NET_GRE 391 /* Administer GRE. */ +#define PRIV_NET_PPP 392 /* Administer PPP. */ +#define PRIV_NET_SLIP 393 /* Administer SLIP. */ +#define PRIV_NET_BPF 394 /* Monitor BPF. */ +#define PRIV_NET_RAW 395 /* Open raw socket. */ +#define PRIV_NET_ROUTE 396 /* Administer routing. */ +#define PRIV_NET_TAP 397 /* Can open tap device. */ +#define PRIV_NET_SETIFMTU 398 /* Set interface MTU. */ +#define PRIV_NET_SETIFFLAGS 399 /* Set interface flags. */ +#define PRIV_NET_SETIFCAP 400 /* Set interface capabilities. */ +#define PRIV_NET_SETIFNAME 401 /* Set interface name. */ +#define PRIV_NET_SETIFMETRIC 402 /* Set interface metrics. */ +#define PRIV_NET_SETIFPHYS 403 /* Set interface physical layer prop. */ +#define PRIV_NET_SETIFMAC 404 /* Set interface MAC label. */ +#define PRIV_NET_ADDMULTI 405 /* Add multicast addr. to ifnet. */ +#define PRIV_NET_DELMULTI 406 /* Delete multicast addr. from ifnet. */ +#define PRIV_NET_HWIOCTL 507 /* Issue hardware ioctl on ifnet. */ +#define PRIV_NET_SETLLADDR 508 +#define PRIV_NET_ADDIFGROUP 509 /* Add new interface group. */ +#define PRIV_NET_DELIFGROUP 510 /* Delete interface group. */ +#define PRIV_NET_IFCREATE 511 /* Create cloned interface. */ +#define PRIV_NET_IFDESTROY 512 /* Destroy cloned interface. */ +#define PRIV_NET_ADDIFADDR 513 /* Add protocol addr to interface. */ +#define PRIV_NET_DELIFADDR 514 /* Delete protocol addr on interface. */ + +/* + * 802.11-related privileges. + */ +#define PRIV_NET80211_GETKEY 540 /* Query 802.11 keys. */ +#define PRIV_NET80211_MANAGE 541 /* Administer 802.11. */ + +/* + * AppleTalk privileges. + */ +#define PRIV_NETATALK_RESERVEDPORT 550 /* Bind low port number. */ + +/* + * ATM privileges. + */ +#define PRIV_NETATM_CFG 560 +#define PRIV_NETATM_ADD 561 +#define PRIV_NETATM_DEL 562 +#define PRIV_NETATM_SET 563 + +/* + * Bluetooth privileges. + */ +#define PRIV_NETBLUETOOTH_RAW 570 /* Open raw bluetooth socket. */ + +/* + * Netgraph and netgraph module privileges. + */ +#define PRIV_NETGRAPH_CONTROL 580 /* Open netgraph control socket. */ +#define PRIV_NETGRAPH_TTY 581 /* Configure tty for netgraph. */ + +/* + * IPv4 and IPv6 privileges. + */ +#define PRIV_NETINET_RESERVEDPORT 590 /* Bind low port number. */ +#define PRIV_NETINET_IPFW 591 /* Administer IPFW firewall. */ +#define PRIV_NETINET_DIVERT 592 /* Open IP divert socket. */ +#define PRIV_NETINET_PF 593 /* Administer pf firewall. */ +#define PRIV_NETINET_DUMMYNET 594 /* Administer DUMMYNET. */ +#define PRIV_NETINET_CARP 595 /* Administer CARP. */ +#define PRIV_NETINET_MROUTE 596 /* Administer multicast routing. */ +#define PRIV_NETINET_RAW 597 /* Open netinet raw socket. */ +#define PRIV_NETINET_GETCRED 598 /* Query netinet pcb credentials. */ +#define PRIV_NETINET_ADDRCTRL6 599 /* Administer IPv6 address scopes. */ +#define PRIV_NETINET_ND6 600 /* Administer IPv6 neighbor disc. */ +#define PRIV_NETINET_SCOPE6 601 /* Administer IPv6 address scopes. */ +#define PRIV_NETINET_ALIFETIME6 602 /* Administer IPv6 address lifetimes. */ +#define PRIV_NETINET_IPSEC 603 /* Administer IPSEC. */ + +/* + * IPX/SPX privileges. + */ +#define PRIV_NETIPX_RESERVEDPORT 620 /* Bind low port number. */ +#define PRIV_NETIPX_RAW 621 /* Open netipx raw socket. */ + +/* + * NCP privileges. + */ +#define PRIV_NETNCP 630 /* Use another user's connection. */ - /* - * PRIV_ROOT is a catch-all for as yet unnamed privileges. No new - * references to this privilege should be added. - */ - PRIV_ROOT, /* Catch-all during development. */ +/* + * SMB privileges. + */ +#define PRIV_NETSMB 640 /* Use another user's connection. */ - /* - * The remaining privileges typically correspond to one or a small - * number of specific privilege checks, and have (relatively) precise - * meanings. They are loosely sorted into a set of base system - * privileges, such as the ability to reboot, and then loosely by - * subsystem, indicated by a subsystem name. - */ - PRIV_ACCT, /* Manage process accounting. */ - PRIV_MAXFILES, /* Exceed system open files limit. */ - PRIV_MAXPROC, /* Exceed system processes limit. */ - PRIV_KTRACE, /* Set/accept KTRFAC_ROOT on ktrace. */ - PRIV_SETDUMPER, /* Configure dump device (XXX: needs work). */ - PRIV_NFSD, /* Can become NFS daemon. */ - PRIV_REBOOT, /* Can reboot system. */ - PRIV_SWAPON, /* Can swapon(). */ - PRIV_SWAPOFF, /* Can swapoff(). */ - PRIV_MSGBUF, /* Can read kernel message buffer. */ - PRIV_WITNESS, /* Can configure WITNESS. */ - PRIV_IO, /* Can perform low-level I/O. */ - PRIV_KEYBOARD, /* Reprogram keyboard. */ - PRIV_DRIVER, /* Low-level driver privilege. */ - PRIV_ADJTIME, /* Set time adjustment. */ - PRIV_NTP_ADJTIME, /* Set NTP time adjustment. */ - PRIV_CLOCK_SETTIME, /* Can call clock_settime. */ - PRIV_SETTIMEOFDAY, /* Can call settimeofday. */ - PRIV_SETHOSTID, /* Can call sethostid. */ - PRIV_SETDOMAINNAME, /* Can call setdomainname. */ - PRIV_AUDIT_CONTROL, /* Can configure audit. */ - PRIV_AUDIT_FAILSTOP, /* Can run during audit fail stop. */ - PRIV_AUDIT_GETAUDIT, /* Can get proc audit properties. */ - PRIV_AUDIT_SETAUDIT, /* Can set proc audit properties. */ - PRIV_AUDIT_SUBMIT, /* Can submit an audit record. */ - PRIV_CRED_SETUID, /* setuid. */ - PRIV_CRED_SETEUID, /* seteuid to !ruid and !svuid. */ - PRIV_CRED_SETGID, /* setgid. */ - PRIV_CRED_SETEGID, /* setgid to !rgid and !svgid. */ - PRIV_CRED_SETGROUPS, /* Set process additional groups. */ - PRIV_CRED_SETREUID, /* setreuid. */ - PRIV_CRED_SETREGID, /* setregid. */ - PRIV_CRED_SETRESUID, /* setresuid. */ - PRIV_CRED_SETRESGID, /* setresgid. */ - PRIV_SEEOTHERGIDS, /* Exempt bsd.seeothergids. */ - PRIV_SEEOTHERUIDS, /* Exempt bsd.seeotheruids. */ - PRIV_DEBUG_DIFFCRED, /* Exempt debugging other users. */ - PRIV_DEBUG_SUGID, /* Exempt debugging setuid proc. */ - PRIV_DEBUG_UNPRIV, /* Exempt unprivileged debug limit. */ - PRIV_DTRACE_KERNEL, /* Allow use of DTrace on the kernel. */ - PRIV_DTRACE_PROC, /* Allow attaching DTrace to process. */ - PRIV_DTRACE_USER, /* Allow process to submit DTrace events. */ - PRIV_FIRMWARE_LOAD, /* Can load firmware. */ - PRIV_JAIL_ATTACH, /* Attach to a jail. */ - PRIV_KENV_SET, /* Set kernel env. variables. */ - PRIV_KENV_UNSET, /* Unset kernel env. variables. */ - PRIV_KLD_LOAD, /* Load a kernel module. */ - PRIV_KLD_UNLOAD, /* Unload a kernel module. */ - PRIV_MAC_PARTITION, /* Privilege in mac_partition policy. */ - PRIV_MAC_PRIVS, /* Privilege in the mac_privs policy. */ - PRIV_PROC_LIMIT, /* Exceed user process limit. */ - PRIV_PROC_SETLOGIN, /* Can call setlogin. */ - PRIV_PROC_SETRLIMIT, /* Can raise resources limits. */ - PRIV_IPC_READ, /* Can override IPC read perm. */ - PRIV_IPC_WRITE, /* Can override IPC write perm. */ - PRIV_IPC_EXEC, /* Can override IPC exec perm. */ - PRIV_IPC_ADMIN, /* Can override IPC owner-only perm. */ - PRIV_IPC_MSGSIZE, /* Exempt IPC message queue limit. */ - PRIV_MQ_ADMIN, /* Can override msgq owner-only perm. */ - PRIV_PMC_MANAGE, /* Can administer PMC. */ - PRIV_PMC_SYSTEM, /* Can allocate a system-wide PMC. */ - PRIV_SCHED_DIFFCRED, /* Exempt scheduling other users. */ - PRIV_SCHED_SETPRIORITY, /* Can set lower nice value for proc. */ - PRIV_SCHED_RTPRIO, /* Can set real time scheduling. */ - PRIV_SCHED_SETPOLICY, /* Can set scheduler policy. */ - PRIV_SCHED_SET, /* Can set thread scheduler. */ - PRIV_SCHED_SETPARAM, /* Can set thread scheduler params. */ - PRIV_SEM_WRITE, /* Can override sem write perm. */ - PRIV_SIGNAL_DIFFCRED, /* Exempt signalling other users. */ - PRIV_SIGNAL_SUGID, /* Non-conserv signal setuid proc. */ - PRIV_SYSCTL_DEBUG, /* Can invoke sysctl.debug. */ - PRIV_SYSCTL_WRITE, /* Can write sysctls. */ - PRIV_SYSCTL_WRITEJAIL, /* Can write sysctls, jail permitted. */ - PRIV_TTY_CONSOLE, /* Set console to tty. */ - PRIV_TTY_DRAINWAIT, /* Set tty drain wait time. */ - PRIV_TTY_DTRWAIT, /* Set DTR wait on tty. */ - PRIV_TTY_EXCLUSIVE, /* Override tty exclusive flag. */ - PRIV_TTY_PRISON, /* Can open pts across jails. */ - PRIV_TTY_STI, /* Simulate input on another tty. */ - PRIV_TTY_SETA, /* Set tty termios structure. */ - PRIV_UFS_EXTATTRCTL, /* Can configure EAs on UFS1. */ - PRIV_UFS_GETQUOTA, /* getquota(). */ - PRIV_UFS_QUOTAOFF, /* quotaoff(). */ - PRIV_UFS_QUOTAON, /* quotaon(). */ - PRIV_UFS_SETQUOTA, /* setquota(). */ - PRIV_UFS_SETUSE, /* setuse(). */ - PRIV_UFS_EXCEEDQUOTA, /* Exempt from quota restrictions. */ - PRIV_VFS_READ, /* Override vnode DAC read perm. */ - PRIV_VFS_WRITE, /* Override vnode DAC write perm. */ - PRIV_VFS_ADMIN, /* Override vnode DAC admin perm. */ - PRIV_VFS_EXEC, /* Override vnode DAC exec perm. */ - PRIV_VFS_LOOKUP, /* Override vnode DAC lookup perm. */ - PRIV_VFS_BLOCKRESERVE, /* Can use free block reserve. */ - PRIV_VFS_CHFLAGS_DEV, /* Can chflags() a device node. */ - PRIV_VFS_CHOWN, /* Can set user; group to non-member. */ - PRIV_VFS_CHROOT, /* chroot(). */ - PRIV_VFS_CLEARSUGID, /* Don't clear sugid on change. */ - PRIV_VFS_EXTATTR_SYSTEM, /* Operate on system EA namespace. */ - PRIV_VFS_FCHROOT, /* fchroot(). */ - PRIV_VFS_FHOPEN, /* Can fhopen(). */ - PRIV_VFS_FHSTAT, /* Can fhstat(). */ - PRIV_VFS_FHSTATFS, /* Can fhstatfs(). */ - PRIV_VFS_GENERATION, /* stat() returns generation number. */ - PRIV_VFS_GETFH, /* Can retrieve file handles. */ - PRIV_VFS_LINK, /* bsd.hardlink_check_uid */ - PRIV_VFS_MKNOD_BAD, /* Can use mknod() to mark bad inodes. */ - PRIV_VFS_MKNOD_DEV, /* Can use mknod() to create device nodes. */ - PRIV_VFS_MKNOD_WHT, /* Can use mknod() to create whiteout. */ - PRIV_VFS_MOUNT, /* Can mount(). */ - PRIV_VFS_MOUNT_OWNER, /* Override owner on user mounts. */ - PRIV_VFS_MOUNT_EXPORTED, /* Can set MNT_EXPORTED on mount. */ - PRIV_VFS_MOUNT_PERM, /* Override device node perms at mount. */ - PRIV_VFS_MOUNT_SUIDDIR, /* Can set MNT_SUIDDIR on mount. */ - PRIV_VFS_MOUNT_NONUSER, /* Can perform a non-user mount. */ - PRIV_VFS_SETGID, /* Can setgid if not in group. */ - PRIV_VFS_STICKYFILE, /* Can set sticky bit on file. */ - PRIV_VFS_SYSFLAGS, /* Can modify system flags. */ - PRIV_VFS_UNMOUNT, /* Can unmount(). */ - PRIV_VM_MADV_PROTECT, /* Can set MADV_PROTECT. */ - PRIV_VM_MLOCK, /* Can mlock(), mlockall(). */ - PRIV_VM_MUNLOCK, /* Can munlock(), munlockall(). */ - PRIV_DEVFS_RULE, /* Can manage devfs rules. */ - PRIV_DEVFS_SYMLINK, /* Can create symlinks in devfs. */ - PRIV_RANDOM_RESEED, /* Closing /dev/random reseeds. */ - PRIV_NET_BRIDGE, /* Administer bridge. */ - PRIV_NET_GRE, /* Administer GRE. */ - PRIV_NET_PPP, /* Administer PPP. */ - PRIV_NET_SLIP, /* Administer SLIP. */ - PRIV_NET_BPF, /* Monitor BPF. */ - PRIV_NET_RAW, /* Open raw socket. */ - PRIV_NET_ROUTE, /* Administer routing. */ - PRIV_NET_TAP, /* Can open tap device. */ - PRIV_NET_SETIFMTU, /* Set interface MTU. */ - PRIV_NET_SETIFFLAGS, /* Set interface flags. */ - PRIV_NET_SETIFCAP, /* Set interface capabilities. */ - PRIV_NET_SETIFNAME, /* Set interface name. */ - PRIV_NET_SETIFMETRIC, /* Set interface metrics. */ - PRIV_NET_SETIFPHYS, /* Set interface physical layer prop. */ - PRIV_NET_SETIFMAC, /* Set interface MAC label. */ - PRIV_NET_ADDMULTI, /* Add multicast addr. to ifnet. */ - PRIV_NET_DELMULTI, /* Delete multicast addr. from ifnet. */ - PRIV_NET_HWIOCTL, /* Issue hardware ioctl on ifnet. */ - PRIV_NET_SETLLADDR, - PRIV_NET_ADDIFGROUP, /* Add new interface group. */ - PRIV_NET_DELIFGROUP, /* Delete interface group. */ - PRIV_NET_IFCREATE, /* Create cloned interface. */ - PRIV_NET_IFDESTROY, /* Destroy cloned interface. */ - PRIV_NET_ADDIFADDR, /* Add protocol address to interface. */ - PRIV_NET_DELIFADDR, /* Delete protocol address on interface. */ - PRIV_NET80211_GETKEY, /* Query 802.11 keys. */ - PRIV_NET80211_MANAGE, /* Administer 802.11. */ - PRIV_NETATALK_RESERVEDPORT, /* Bind low port number. */ - PRIV_NETATM_CFG, - PRIV_NETATM_ADD, - PRIV_NETATM_DEL, - PRIV_NETATM_SET, - PRIV_NETBLUETOOTH_RAW, /* Open raw bluetooth socket. */ - PRIV_NETGRAPH_CONTROL, /* Open netgraph control socket. */ - PRIV_NETGRAPH_TTY, /* Configure tty for netgraph. */ - PRIV_NETINET_RESERVEDPORT, /* Bind low port number. */ - PRIV_NETINET_IPFW, /* Administer IPFW firewall. */ - PRIV_NETINET_DIVERT, /* Open IP divert socket. */ - PRIV_NETINET_PF, /* Administer pf firewall. */ - PRIV_NETINET_DUMMYNET, /* Administer DUMMYNET. */ - PRIV_NETINET_CARP, /* Administer CARP. */ - PRIV_NETINET_MROUTE, /* Administer multicast routing. */ - PRIV_NETINET_RAW, /* Open netinet raw socket. */ - PRIV_NETINET_GETCRED, /* Query netinet pcb credentials. */ - PRIV_NETINET_ADDRCTRL6, /* Administer IPv6 address scopes. */ - PRIV_NETINET_ND6, /* Administer IPv6 neighbor disc. */ - PRIV_NETINET_SCOPE6, /* Administer IPv6 address scopes. */ - PRIV_NETINET_ALIFETIME6, /* Administer IPv6 address lifetimes. */ - PRIV_NETINET_IPSEC, /* Administer IPSEC. */ - PRIV_NETIPX_RESERVEDPORT, /* Bind low port number. */ - PRIV_NETIPX_RAW, /* Open netipx raw socket. */ - PRIV_NETNCP, /* Allow use of connection owned by another user. */ - PRIV_NETSMB, /* Allow use of connection owned by another user. */ - PRIV_VM86_INTCALL, /* Allow invoking vm86 int handlers. */ +/* + * VM86 privileges. + */ +#define PRIV_VM86_INTCALL 650/* Allow invoking vm86 int handlers. */ - /* - * Set of reserved privilege values, which will be allocated to code - * as needed, in order to avoid renumbering later privileges due to - * insertion. - */ - _PRIV_RESERVED0, - _PRIV_RESERVED1, - _PRIV_RESERVED2, - _PRIV_RESERVED3, - _PRIV_RESERVED4, - _PRIV_RESERVED5, - _PRIV_RESERVED6, - _PRIV_RESERVED7, - _PRIV_RESERVED8, - _PRIV_RESERVED9, - _PRIV_RESERVED10, - _PRIV_RESERVED11, - _PRIV_RESERVED12, - _PRIV_RESERVED13, - _PRIV_RESERVED14, - _PRIV_RESERVED15, +/* + * Set of reserved privilege values, which will be allocated to code + * as needed, in order to avoid renumbering later privileges due to + * insertion. + */ +#define _PRIV_RESERVED0 660 +#define _PRIV_RESERVED1 661 +#define _PRIV_RESERVED2 662 +#define _PRIV_RESERVED3 663 +#define _PRIV_RESERVED4 664 +#define _PRIV_RESERVED5 665 +#define _PRIV_RESERVED6 666 +#define _PRIV_RESERVED7 667 +#define _PRIV_RESERVED8 668 +#define _PRIV_RESERVED9 669 +#define _PRIV_RESERVED10 670 +#define _PRIV_RESERVED11 671 +#define _PRIV_RESERVED12 672 +#define _PRIV_RESERVED13 673 +#define _PRIV_RESERVED14 674 +#define _PRIV_RESERVED15 675 - /* - * Define a set of valid privilege numbers that can be used by - * loadable modules that don't yet have privilege reservations. - * Ideally, these should not be used, since their meaning is opaque - * to any policies that are aware of specific privileges, such as - * jail, and as such may be arbitrarily denied. - */ - PRIV_MODULE0, - PRIV_MODULE1, - PRIV_MODULE2, - PRIV_MODULE3, - PRIV_MODULE4, - PRIV_MODULE5, - PRIV_MODULE6, - PRIV_MODULE7, - PRIV_MODULE8, - PRIV_MODULE9, - PRIV_MODULE10, - PRIV_MODULE11, - PRIV_MODULE12, - PRIV_MODULE13, - PRIV_MODULE14, - PRIV_MODULE15, +/* + * Define a set of valid privilege numbers that can be used by + * loadable modules that don't yet have privilege reservations. + * Ideally, these should not be used, since their meaning is opaque + * to any policies that are aware of specific privileges, such as + * jail, and as such may be arbitrarily denied. + */ +#define PRIV_MODULE0 700 +#define PRIV_MODULE1 701 +#define PRIV_MODULE2 702 +#define PRIV_MODULE3 703 +#define PRIV_MODULE4 704 +#define PRIV_MODULE5 705 +#define PRIV_MODULE6 706 +#define PRIV_MODULE7 707 +#define PRIV_MODULE8 708 +#define PRIV_MODULE9 709 +#define PRIV_MODULE10 710 +#define PRIV_MODULE11 711 +#define PRIV_MODULE12 712 +#define PRIV_MODULE13 713 +#define PRIV_MODULE14 714 +#define PRIV_MODULE15 715 - /* Track end of privilege list. */ - _PRIV_HIGHEST -}; +/* + * Track end of privilege list. + */ +#define _PRIV_HIGHEST 716 /* * Validate that a named privilege is known by the privilege system. Invalid @@ -311,8 +447,8 @@ */ struct thread; struct ucred; -int priv_check(struct thread *td, enum priv priv); -int priv_check_cred(struct ucred *cred, enum priv priv, int flags); +int priv_check(struct thread *td, int priv); +int priv_check_cred(struct ucred *cred, int priv, int flags); #endif #endif /* !_SYS_PRIV_H_ */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610301517.k9UFHGLj051771>