From 29dc1288b06cd48016d47a4b2b909daa7eb2a1f9 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Fri, 22 Mar 2002 19:57:41 +0000 Subject: [PATCH] Merge from TrustedBSD MAC branch: Move the network code from using cr_cansee() to check whether a socket is visible to a requesting credential to using a new function, cr_canseesocket(), which accepts a subject credential and object socket. Implement cr_canseesocket() so that it does a prison check, a uid check, and add a comment where shortly a MAC hook will go. This will allow MAC policies to seperately instrument the visibility of sockets from the visibility of processes. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs --- sys/kern/kern_prot.c | 23 +++++++++++++++++++++++ sys/netinet/raw_ip.c | 4 ++-- sys/netinet/tcp_subr.c | 8 ++++---- sys/netinet/tcp_timewait.c | 8 ++++---- sys/netinet/udp_usrreq.c | 6 +++--- sys/sys/systm.h | 2 ++ 6 files changed, 38 insertions(+), 13 deletions(-) diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 562e835fd2a9..f02aab4c39cb 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -59,6 +59,8 @@ #include #include #include +#include +#include #include static MALLOC_DEFINE(M_CRED, "cred", "credentials"); @@ -1676,6 +1678,27 @@ p_candebug(struct proc *p1, struct proc *p2) return (0); } +/*- + * Determine whether the subject represented by cred can "see" a socket. + * Returns: 0 for permitted, ENOENT otherwise. + */ +int +cr_canseesocket(struct ucred *cred, struct socket *so) +{ + int error; + + error = prison_check(cred, so->so_cred); + if (error) + return (ENOENT); + if (cr_seeotheruids(cred, so->so_cred)) + return (ENOENT); +#ifdef MAC + /* XXX: error = mac_cred_check_seesocket() here. */ +#endif + + return (0); +} + /* * Allocate a zeroed cred structure. */ diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 1f533e184d65..60d3988bb007 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -629,8 +629,8 @@ rip_pcblist(SYSCTL_HANDLER_ARGS) for (inp = LIST_FIRST(ripcbinfo.listhead), i = 0; inp && i < n; inp = LIST_NEXT(inp, inp_list)) { if (inp->inp_gencnt <= gencnt) { - if (cr_cansee(req->td->td_ucred, - inp->inp_socket->so_cred)) + if (cr_canseesocket(req->td->td_ucred, + inp->inp_socket)) continue; inp_list[i++] = inp; } diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index fb71ac777890..db910e00a32c 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -849,8 +849,8 @@ tcp_pcblist(SYSCTL_HANDLER_ARGS) for (inp = LIST_FIRST(tcbinfo.listhead), i = 0; inp && i < n; inp = LIST_NEXT(inp, inp_list)) { if (inp->inp_gencnt <= gencnt) { - if (cr_cansee(req->td->td_ucred, - inp->inp_socket->so_cred)) + if (cr_canseesocket(req->td->td_ucred, + inp->inp_socket)) continue; inp_list[i++] = inp; } @@ -920,7 +920,7 @@ tcp_getcred(SYSCTL_HANDLER_ARGS) error = ENOENT; goto out; } - error = cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred); + error = cr_canseesocket(req->td->td_ucred, inp->inp_socket); if (error) goto out; cru2x(inp->inp_socket->so_cred, &xuc); @@ -972,7 +972,7 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS) error = ENOENT; goto out; } - error = cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred); + error = cr_canseesocket(req->td->td_ucred, inp->inp_socket); if (error) goto out; cru2x(inp->inp_socket->so_cred, &xuc); diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index fb71ac777890..db910e00a32c 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -849,8 +849,8 @@ tcp_pcblist(SYSCTL_HANDLER_ARGS) for (inp = LIST_FIRST(tcbinfo.listhead), i = 0; inp && i < n; inp = LIST_NEXT(inp, inp_list)) { if (inp->inp_gencnt <= gencnt) { - if (cr_cansee(req->td->td_ucred, - inp->inp_socket->so_cred)) + if (cr_canseesocket(req->td->td_ucred, + inp->inp_socket)) continue; inp_list[i++] = inp; } @@ -920,7 +920,7 @@ tcp_getcred(SYSCTL_HANDLER_ARGS) error = ENOENT; goto out; } - error = cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred); + error = cr_canseesocket(req->td->td_ucred, inp->inp_socket); if (error) goto out; cru2x(inp->inp_socket->so_cred, &xuc); @@ -972,7 +972,7 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS) error = ENOENT; goto out; } - error = cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred); + error = cr_canseesocket(req->td->td_ucred, inp->inp_socket); if (error) goto out; cru2x(inp->inp_socket->so_cred, &xuc); diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 4426aa9433eb..6a09dcd9cba0 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -584,8 +584,8 @@ udp_pcblist(SYSCTL_HANDLER_ARGS) for (inp = LIST_FIRST(udbinfo.listhead), i = 0; inp && i < n; inp = LIST_NEXT(inp, inp_list)) { if (inp->inp_gencnt <= gencnt) { - if (cr_cansee(req->td->td_ucred, - inp->inp_socket->so_cred)) + if (cr_canseesocket(req->td->td_ucred, + inp->inp_socket)) continue; inp_list[i++] = inp; } @@ -649,7 +649,7 @@ udp_getcred(SYSCTL_HANDLER_ARGS) error = ENOENT; goto out; } - error = cr_cansee(req->td->td_ucred, inp->inp_socket->so_cred); + error = cr_canseesocket(req->td->td_ucred, inp->inp_socket); if (error) goto out; cru2x(inp->inp_socket->so_cred, &xuc); diff --git a/sys/sys/systm.h b/sys/sys/systm.h index cf03dbae2767..76606afe0a8d 100644 --- a/sys/sys/systm.h +++ b/sys/sys/systm.h @@ -103,6 +103,7 @@ struct malloc_type; struct mtx; struct proc; struct kse; +struct socket; struct thread; struct tty; struct ucred; @@ -199,6 +200,7 @@ int suser_td(struct thread *); int suser_xxx(struct ucred *cred, struct proc *proc, int flag); int suser_xxx_td(struct ucred *cred, struct thread *thread, int flag); int cr_cansee(struct ucred *u1, struct ucred *u2); +int cr_canseesocket(struct ucred *cred, struct socket *so); char *getenv(const char *name); int getenv_int(const char *name, int *data);