CVS commit: src/sys

[Elad Efrat]

Module Name:    src
Committed By:   elad
Date:           Fri Oct  2 22:05:52 UTC 2009

Modified Files:
        src/sys/ipkdb: ipkdb_ipkdb.c
        src/sys/secmodel/suser: secmodel_suser.c

Log Message:
Let the ipkdb subsystem allow operations related to it rather than wrongly
doing so in the suser secmodel.


To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 src/sys/ipkdb/ipkdb_ipkdb.c
cvs rdiff -u -r1.3 -r1.4 src/sys/secmodel/suser/secmodel_suser.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/ipkdb/ipkdb_ipkdb.c
diff -u src/sys/ipkdb/ipkdb_ipkdb.c:1.26 src/sys/ipkdb/ipkdb_ipkdb.c:1.27
--- src/sys/ipkdb/ipkdb_ipkdb.c:1.26	Sun Apr 12 22:37:50 2009
+++ src/sys/ipkdb/ipkdb_ipkdb.c	Fri Oct  2 22:05:52 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipkdb_ipkdb.c,v 1.26 2009/04/12 22:37:50 elad Exp $	*/
+/*	$NetBSD: ipkdb_ipkdb.c,v 1.27 2009/10/02 22:05:52 elad Exp $	*/
 
 /*
  * Copyright (C) 1993-2000 Wolfgang Solfrank.
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipkdb_ipkdb.c,v 1.26 2009/04/12 22:37:50 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipkdb_ipkdb.c,v 1.27 2009/10/02 22:05:52 elad Exp $");
 
 #include "opt_ipkdb.h"
 
@@ -70,6 +70,8 @@
 
 static struct ipkdb_if ipkdb_if;
 
+static kauth_listener_t ipkdb_listener;
+
 static u_char *ipkdbaddr(u_char *, int *, void **);
 static void peekmem(struct ipkdb_if *, u_char *, void *, long);
 static void pokemem(struct ipkdb_if *, u_char *, void *, long);
@@ -89,6 +91,25 @@
 static int connectipkdb(struct ipkdb_if *, char *, int);
 static int hmac_init(void);
 
+static int
+ipkdb_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+    void *arg0, void *arg1, void *arg2, void *arg3)
+{
+	enum kauth_system_req req;
+	int result;
+
+	req = (enum kauth_system_req)arg0;
+	result = KAUTH_RESULT_DEFER;
+
+	if ((action != KAUTH_SYSTEM_DEBUG) ||
+	    (req != KAUTH_REQ_SYSTEM_DEBUG_IPKDB))
+		return result;
+
+	result = KAUTH_RESULT_ALLOW;
+
+	return result;
+}
+
 void
 ipkdb_init(void)
 {
@@ -100,6 +121,9 @@
 		printf("IPKDB: No interface found!\n");
 		boothowto &= ~RB_KDB;
 	}
+
+	ipkdb_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
+	    ipkdb_listener_cb, NULL);
 }
 
 void

Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.3 src/sys/secmodel/suser/secmodel_suser.c:1.4
--- src/sys/secmodel/suser/secmodel_suser.c:1.3	Fri Oct  2 21:56:28 2009
+++ src/sys/secmodel/suser/secmodel_suser.c	Fri Oct  2 22:05:52 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.3 2009/10/02 21:56:28 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.4 2009/10/02 22:05:52 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
  * All rights reserved.
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.3 2009/10/02 21:56:28 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.4 2009/10/02 22:05:52 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -471,17 +471,6 @@
 			result = KAUTH_RESULT_ALLOW;
 		break;
 
-	case KAUTH_SYSTEM_DEBUG:
-		switch (req) {
-		case KAUTH_REQ_SYSTEM_DEBUG_IPKDB:
-		default:
-			/* Decisions are root-agnostic. */
-			result = KAUTH_RESULT_ALLOW;
-			break;
-		}
-
-		break;
-
 	case KAUTH_SYSTEM_CHSYSFLAGS:
 		/*
 		 * Needs to be checked in conjunction with the immutable and