| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | .\" $NetBSD: kauth.9,v 1.72 2008/11/12 12:35:54 ad Exp $ | | 1 | .\" $NetBSD: kauth.9,v 1.73 2009/03/15 14:11:08 joerg Exp $ |
2 | .\" | | 2 | .\" |
3 | .\" Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> | | 3 | .\" Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> |
4 | .\" All rights reserved. | | 4 | .\" All rights reserved. |
5 | .\" | | 5 | .\" |
6 | .\" Redistribution and use in source and binary forms, with or without | | 6 | .\" Redistribution and use in source and binary forms, with or without |
7 | .\" modification, are permitted provided that the following conditions | | 7 | .\" modification, are permitted provided that the following conditions |
8 | .\" are met: | | 8 | .\" are met: |
9 | .\" 1. Redistributions of source code must retain the above copyright | | 9 | .\" 1. Redistributions of source code must retain the above copyright |
10 | .\" notice, this list of conditions and the following disclaimer. | | 10 | .\" notice, this list of conditions and the following disclaimer. |
11 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 11 | .\" 2. Redistributions in binary form must reproduce the above copyright |
12 | .\" notice, this list of conditions and the following disclaimer in the | | 12 | .\" notice, this list of conditions and the following disclaimer in the |
13 | .\" documentation and/or other materials provided with the distribution. | | 13 | .\" documentation and/or other materials provided with the distribution. |
14 | .\" 3. The name of the author may not be used to endorse or promote products | | 14 | .\" 3. The name of the author may not be used to endorse or promote products |
| @@ -42,27 +42,27 @@ to implement a system-wide security poli | | | @@ -42,27 +42,27 @@ to implement a system-wide security poli |
42 | It allows external modules to plug-in the authorization process. | | 42 | It allows external modules to plug-in the authorization process. |
43 | .Pp | | 43 | .Pp |
44 | .Nm | | 44 | .Nm |
45 | introduces some new concepts, namely | | 45 | introduces some new concepts, namely |
46 | .Dq scopes | | 46 | .Dq scopes |
47 | and | | 47 | and |
48 | .Dq listeners , | | 48 | .Dq listeners , |
49 | which will be detailed together with other useful information for kernel | | 49 | which will be detailed together with other useful information for kernel |
50 | developers in this document. | | 50 | developers in this document. |
51 | .Ss Types | | 51 | .Ss Types |
52 | Some | | 52 | Some |
53 | .Nm | | 53 | .Nm |
54 | types include the following: | | 54 | types include the following: |
55 | .Bl -tag | | 55 | .Bl -tag -width kauth_listener_t |
56 | .It kauth_cred_t | | 56 | .It kauth_cred_t |
57 | Representing credentials that can be associated with an object. | | 57 | Representing credentials that can be associated with an object. |
58 | Includes user- and group-ids (real, effective, and save) as well as group | | 58 | Includes user- and group-ids (real, effective, and save) as well as group |
59 | membership information. | | 59 | membership information. |
60 | .It kauth_scope_t | | 60 | .It kauth_scope_t |
61 | Describes a scope. | | 61 | Describes a scope. |
62 | .It kauth_listener_t | | 62 | .It kauth_listener_t |
63 | Describes a listener. | | 63 | Describes a listener. |
64 | .El | | 64 | .El |
65 | .Ss Terminology | | 65 | .Ss Terminology |
66 | .Nm | | 66 | .Nm |
67 | operates in various | | 67 | operates in various |
68 | .Dq scopes , | | 68 | .Dq scopes , |
| @@ -125,27 +125,27 @@ or | | | @@ -125,27 +125,27 @@ or |
125 | or when there was no definitive decision from any of the listeners (i.e., it | | 125 | or when there was no definitive decision from any of the listeners (i.e., it |
126 | was not explicitly allowed or denied) and no security model was loaded. | | 126 | was not explicitly allowed or denied) and no security model was loaded. |
127 | .Ss Generic Scope | | 127 | .Ss Generic Scope |
128 | The generic scope, | | 128 | The generic scope, |
129 | .Dq org.netbsd.kauth.generic , | | 129 | .Dq org.netbsd.kauth.generic , |
130 | manages generic authorization requests in the kernel. | | 130 | manages generic authorization requests in the kernel. |
131 | .Pp | | 131 | .Pp |
132 | The authorization wrapper for this scope is declared as | | 132 | The authorization wrapper for this scope is declared as |
133 | .Pp | | 133 | .Pp |
134 | .Ft int Fn kauth_authorize_generic "kauth_cred_t cred" "kauth_action_t op" \ | | 134 | .Ft int Fn kauth_authorize_generic "kauth_cred_t cred" "kauth_action_t op" \ |
135 | "void *arg0" | | 135 | "void *arg0" |
136 | .Pp | | 136 | .Pp |
137 | The following operations are available for this scope: | | 137 | The following operations are available for this scope: |
138 | .Bl -tag | | 138 | .Bl -tag -width compact |
139 | .It Dv KAUTH_GENERIC_ISSUSER | | 139 | .It Dv KAUTH_GENERIC_ISSUSER |
140 | Checks whether the credentials belong to the super-user. | | 140 | Checks whether the credentials belong to the super-user. |
141 | .Pp | | 141 | .Pp |
142 | Using this request is strongly discouraged and should only be done as a | | 142 | Using this request is strongly discouraged and should only be done as a |
143 | temporary place-holder, as it is breaking the separation between the | | 143 | temporary place-holder, as it is breaking the separation between the |
144 | interface for authorization requests from the back-end implementation. | | 144 | interface for authorization requests from the back-end implementation. |
145 | .It Dv KAUTH_GENERIC_CANSEE | | 145 | .It Dv KAUTH_GENERIC_CANSEE |
146 | Checks whether an object with one set of credentials can access | | 146 | Checks whether an object with one set of credentials can access |
147 | information about another object, possibly with a different set of | | 147 | information about another object, possibly with a different set of |
148 | credentials. | | 148 | credentials. |
149 | .Pp | | 149 | .Pp |
150 | .Ar arg0 | | 150 | .Ar arg0 |
151 | contains the credentials of the object looked at. | | 151 | contains the credentials of the object looked at. |
| @@ -156,76 +156,76 @@ routines. | | | @@ -156,76 +156,76 @@ routines. |
156 | .El | | 156 | .El |
157 | .Ss System Scope | | 157 | .Ss System Scope |
158 | The system scope, | | 158 | The system scope, |
159 | .Dq org.netbsd.kauth.system , | | 159 | .Dq org.netbsd.kauth.system , |
160 | manages authorization requests affecting the entire system. | | 160 | manages authorization requests affecting the entire system. |
161 | .Pp | | 161 | .Pp |
162 | The authorization wrapper for this scope is declared as | | 162 | The authorization wrapper for this scope is declared as |
163 | .Pp | | 163 | .Pp |
164 | .Ft int Fn kauth_authorize_system "kauth_cred_t cred" \ | | 164 | .Ft int Fn kauth_authorize_system "kauth_cred_t cred" \ |
165 | "kauth_action_t op" "enum kauth_system_req req" "void *arg1" "void *arg2" \ | | 165 | "kauth_action_t op" "enum kauth_system_req req" "void *arg1" "void *arg2" \ |
166 | "void *arg3" | | 166 | "void *arg3" |
167 | .Pp | | 167 | .Pp |
168 | The following requests are available for this scope: | | 168 | The following requests are available for this scope: |
169 | .Bl -tag | | 169 | .Bl -tag -width compact |
170 | .It Dv KAUTH_SYSTEM_ACCOUNTING | | 170 | .It Dv KAUTH_SYSTEM_ACCOUNTING |
171 | Check if enabling/disabling accounting allowed. | | 171 | Check if enabling/disabling accounting allowed. |
172 | .It Dv KAUTH_SYSTEM_CHROOT | | 172 | .It Dv KAUTH_SYSTEM_CHROOT |
173 | .Ar req | | 173 | .Ar req |
174 | can be any of the following: | | 174 | can be any of the following: |
175 | .Bl -tag | | 175 | .Bl -tag -width compact |
176 | .It Dv KAUTH_REQ_SYSTEM_CHROOT_CHROOT | | 176 | .It Dv KAUTH_REQ_SYSTEM_CHROOT_CHROOT |
177 | Check if calling | | 177 | Check if calling |
178 | .Xr chroot 2 | | 178 | .Xr chroot 2 |
179 | is allowed. | | 179 | is allowed. |
180 | .It Dv KAUTH_REQ_SYSTEM_CHROOT_FCHROOT | | 180 | .It Dv KAUTH_REQ_SYSTEM_CHROOT_FCHROOT |
181 | Check if calling | | 181 | Check if calling |
182 | .Xr fchroot 2 | | 182 | .Xr fchroot 2 |
183 | is allowed. | | 183 | is allowed. |
184 | .El | | 184 | .El |
185 | .It Dv KAUTH_SYSTEM_CPU | | 185 | .It Dv KAUTH_SYSTEM_CPU |
186 | Check CPU-manipulation access. | | 186 | Check CPU-manipulation access. |
187 | .Pp | | 187 | .Pp |
188 | .Ar req | | 188 | .Ar req |
189 | can be any of the following: | | 189 | can be any of the following: |
190 | .Bl -tag | | 190 | .Bl -tag -width compact |
191 | .It Dv KAUTH_REQ_SYSTEM_CPU_SETSTATE | | 191 | .It Dv KAUTH_REQ_SYSTEM_CPU_SETSTATE |
192 | Set CPU state, including setting it online or offline. | | 192 | Set CPU state, including setting it online or offline. |
193 | .El | | 193 | .El |
194 | .It Dv KAUTH_SYSTEM_DEBUG | | 194 | .It Dv KAUTH_SYSTEM_DEBUG |
195 | This request concentrates several debugging-related operations. | | 195 | This request concentrates several debugging-related operations. |
196 | .Ar req | | 196 | .Ar req |
197 | can be any of the following: | | 197 | can be any of the following: |
198 | .Bl -tag | | 198 | .Bl -tag -width compact |
199 | .It Dv KAUTH_REQ_SYSTEM_DEBUG_IPKDB | | 199 | .It Dv KAUTH_REQ_SYSTEM_DEBUG_IPKDB |
200 | Check if using | | 200 | Check if using |
201 | .Xr ipkdb 4 | | 201 | .Xr ipkdb 4 |
202 | is allowed. | | 202 | is allowed. |
203 | .El | | 203 | .El |
204 | .It Dv KAUTH_SYSTEM_FILEHANDLE | | 204 | .It Dv KAUTH_SYSTEM_FILEHANDLE |
205 | Check if filehandle operations allowed. | | 205 | Check if filehandle operations allowed. |
206 | .It Dv KAUTH_SYSTEM_MODULE | | 206 | .It Dv KAUTH_SYSTEM_MODULE |
207 | Check if a module request is allowed. | | 207 | Check if a module request is allowed. |
208 | .Pp | | 208 | .Pp |
209 | .Ar arg1 | | 209 | .Ar arg1 |
210 | is the command. | | 210 | is the command. |
211 | .It Dv KAUTH_SYSTEM_MKNOD | | 211 | .It Dv KAUTH_SYSTEM_MKNOD |
212 | Check if creating devices is allowed. | | 212 | Check if creating devices is allowed. |
213 | .It Dv KAUTH_SYSTEM_MOUNT | | 213 | .It Dv KAUTH_SYSTEM_MOUNT |
214 | Check if mount-related operations are allowed. | | 214 | Check if mount-related operations are allowed. |
215 | .Pp | | 215 | .Pp |
216 | .Ar req | | 216 | .Ar req |
217 | can be any of the following: | | 217 | can be any of the following: |
218 | .Bl -tag | | 218 | .Bl -tag -width compact |
219 | .It Dv KAUTH_REQ_SYSTEM_MOUNT_GET | | 219 | .It Dv KAUTH_REQ_SYSTEM_MOUNT_GET |
220 | Check if retrieving information about a mount is allowed. | | 220 | Check if retrieving information about a mount is allowed. |
221 | .Ar arg1 | | 221 | .Ar arg1 |
222 | is a | | 222 | is a |
223 | .Ft struct mount * | | 223 | .Ft struct mount * |
224 | with the mount structure in question, | | 224 | with the mount structure in question, |
225 | .Ar arg2 | | 225 | .Ar arg2 |
226 | is a | | 226 | is a |
227 | .Ft void * | | 227 | .Ft void * |
228 | with file-system specific data, if any. | | 228 | with file-system specific data, if any. |
229 | .It Dv KAUTH_REQ_SYSTEM_MOUNT_NEW | | 229 | .It Dv KAUTH_REQ_SYSTEM_MOUNT_NEW |
230 | Check if mounting a new file-system is allowed. | | 230 | Check if mounting a new file-system is allowed. |
231 | .Pp | | 231 | .Pp |
| @@ -259,72 +259,72 @@ of the existing mount, | | | @@ -259,72 +259,72 @@ of the existing mount, |
259 | is an | | 259 | is an |
260 | .Ft int | | 260 | .Ft int |
261 | with the new mount flags, and | | 261 | with the new mount flags, and |
262 | .Ar arg3 | | 262 | .Ar arg3 |
263 | is a | | 263 | is a |
264 | .Ft void * | | 264 | .Ft void * |
265 | with file-system specific data, if any. | | 265 | with file-system specific data, if any. |
266 | .El | | 266 | .El |
267 | .It Dv KAUTH_SYSTEM_PSET | | 267 | .It Dv KAUTH_SYSTEM_PSET |
268 | Check processor-set manipulation. | | 268 | Check processor-set manipulation. |
269 | .Pp | | 269 | .Pp |
270 | .Ar req | | 270 | .Ar req |
271 | can be any of the following: | | 271 | can be any of the following: |
272 | .Bl -tag | | 272 | .Bl -tag -width compact |
273 | .It Dv KAUTH_REQ_SYSTEM_PSET_ASSIGN | | 273 | .It Dv KAUTH_REQ_SYSTEM_PSET_ASSIGN |
274 | Change processor-set processor assignment. | | 274 | Change processor-set processor assignment. |
275 | .It Dv KAUTH_REQ_SYSTEM_PSET_BIND | | 275 | .It Dv KAUTH_REQ_SYSTEM_PSET_BIND |
276 | Bind an LWP to a processor-set. | | 276 | Bind an LWP to a processor-set. |
277 | .It Dv KAUTH_REQ_SYSTEM_PSET_CREATE | | 277 | .It Dv KAUTH_REQ_SYSTEM_PSET_CREATE |
278 | Create a processor-set. | | 278 | Create a processor-set. |
279 | .It Dv KAUTH_REQ_SYSTEM_PSET_DESTROY | | 279 | .It Dv KAUTH_REQ_SYSTEM_PSET_DESTROY |
280 | Destroy a processor-set. | | 280 | Destroy a processor-set. |
281 | .El | | 281 | .El |
282 | .It Dv KAUTH_SYSTEM_REBOOT | | 282 | .It Dv KAUTH_SYSTEM_REBOOT |
283 | Check if rebooting is allowed. | | 283 | Check if rebooting is allowed. |
284 | .It Dv KAUTH_SYSTEM_SETIDCORE | | 284 | .It Dv KAUTH_SYSTEM_SETIDCORE |
285 | Check if changing coredump settings for set-id processes is allowed. | | 285 | Check if changing coredump settings for set-id processes is allowed. |
286 | .It Dv KAUTH_SYSTEM_SWAPCTL | | 286 | .It Dv KAUTH_SYSTEM_SWAPCTL |
287 | Check if privileged | | 287 | Check if privileged |
288 | .Xr swapctl 2 | | 288 | .Xr swapctl 2 |
289 | requests are allowed. | | 289 | requests are allowed. |
290 | .It Dv KAUTH_SYSTEM_SYSCTL | | 290 | .It Dv KAUTH_SYSTEM_SYSCTL |
291 | This requests operations related to | | 291 | This requests operations related to |
292 | .Xr sysctl 9 . | | 292 | .Xr sysctl 9 . |
293 | .Ar req | | 293 | .Ar req |
294 | indicates the specific request and can be one of the following: | | 294 | indicates the specific request and can be one of the following: |
295 | .Bl -tag | | 295 | .Bl -tag -width compact |
296 | .It Dv KAUTH_REQ_SYSTEM_SYSCTL_ADD | | 296 | .It Dv KAUTH_REQ_SYSTEM_SYSCTL_ADD |
297 | Check if adding a | | 297 | Check if adding a |
298 | .Xr sysctl 9 | | 298 | .Xr sysctl 9 |
299 | node is allowed. | | 299 | node is allowed. |
300 | .It Dv KAUTH_REQ_SYSTEM_SYSCTL_DELETE | | 300 | .It Dv KAUTH_REQ_SYSTEM_SYSCTL_DELETE |
301 | Check if deleting a | | 301 | Check if deleting a |
302 | .Xr sysctl 9 | | 302 | .Xr sysctl 9 |
303 | node is allowed. | | 303 | node is allowed. |
304 | .It Dv KAUTH_REQ_SYSTEM_SYSCTL_DESC | | 304 | .It Dv KAUTH_REQ_SYSTEM_SYSCTL_DESC |
305 | Check if adding description to a | | 305 | Check if adding description to a |
306 | .Xr sysctl 9 | | 306 | .Xr sysctl 9 |
307 | node is allowed. | | 307 | node is allowed. |
308 | .It Dv KAUTH_REQ_SYSTEM_SYSCTL_PRVT | | 308 | .It Dv KAUTH_REQ_SYSTEM_SYSCTL_PRVT |
309 | Check if accessing private | | 309 | Check if accessing private |
310 | .Xr sysctl 9 | | 310 | .Xr sysctl 9 |
311 | nodes is allowed. | | 311 | nodes is allowed. |
312 | .El | | 312 | .El |
313 | .It Dv KAUTH_SYSTEM_TIME | | 313 | .It Dv KAUTH_SYSTEM_TIME |
314 | This request groups time-related operations. | | 314 | This request groups time-related operations. |
315 | .Ar req | | 315 | .Ar req |
316 | can be any of the following: | | 316 | can be any of the following: |
317 | .Bl -tag | | 317 | .Bl -tag -width compact |
318 | .It Dv KAUTH_REQ_SYSTEM_TIME_ADJTIME | | 318 | .It Dv KAUTH_REQ_SYSTEM_TIME_ADJTIME |
319 | Check if changing the time using | | 319 | Check if changing the time using |
320 | .Xr adjtime 2 | | 320 | .Xr adjtime 2 |
321 | is allowed. | | 321 | is allowed. |
322 | .It Dv KAUTH_REQ_SYSTEM_TIME_NTPADJTIME | | 322 | .It Dv KAUTH_REQ_SYSTEM_TIME_NTPADJTIME |
323 | Check if setting the time using | | 323 | Check if setting the time using |
324 | .Xr ntp_adjtime 2 | | 324 | .Xr ntp_adjtime 2 |
325 | is allowed. | | 325 | is allowed. |
326 | .It Dv KAUTH_REQ_SYSTEM_TIME_SYSTEM | | 326 | .It Dv KAUTH_REQ_SYSTEM_TIME_SYSTEM |
327 | Check if changing the time (usually via | | 327 | Check if changing the time (usually via |
328 | .Xr settimeofday 2 ) | | 328 | .Xr settimeofday 2 ) |
329 | is allowed. | | 329 | is allowed. |
330 | .Pp | | 330 | .Pp |
| @@ -350,27 +350,27 @@ Check if manipulating timecounters is al | | | @@ -350,27 +350,27 @@ Check if manipulating timecounters is al |
350 | .El | | 350 | .El |
351 | .Ss Process Scope | | 351 | .Ss Process Scope |
352 | The process scope, | | 352 | The process scope, |
353 | .Dq org.netbsd.kauth.process , | | 353 | .Dq org.netbsd.kauth.process , |
354 | manages authorization requests related to processes in the system. | | 354 | manages authorization requests related to processes in the system. |
355 | .Pp | | 355 | .Pp |
356 | The authorization wrapper for this scope is declared as | | 356 | The authorization wrapper for this scope is declared as |
357 | .Pp | | 357 | .Pp |
358 | .Ft int Fn kauth_authorize_process "kauth_cred_t cred" \ | | 358 | .Ft int Fn kauth_authorize_process "kauth_cred_t cred" \ |
359 | "kauth_action_t op" "struct proc *p" "void *arg1" "void *arg2" \ | | 359 | "kauth_action_t op" "struct proc *p" "void *arg1" "void *arg2" \ |
360 | "void *arg3" | | 360 | "void *arg3" |
361 | .Pp | | 361 | .Pp |
362 | The following operations are available for this scope: | | 362 | The following operations are available for this scope: |
363 | .Bl -tag | | 363 | .Bl -tag -width compact |
364 | .It Dv KAUTH_PROCESS_KTRACE | | 364 | .It Dv KAUTH_PROCESS_KTRACE |
365 | Checks whether an object with one set of credentials can | | 365 | Checks whether an object with one set of credentials can |
366 | .Xr ktrace 1 | | 366 | .Xr ktrace 1 |
367 | another process | | 367 | another process |
368 | .Ar p , | | 368 | .Ar p , |
369 | possibly with a different set of credentials. | | 369 | possibly with a different set of credentials. |
370 | .Pp | | 370 | .Pp |
371 | If | | 371 | If |
372 | .Ar arg1 | | 372 | .Ar arg1 |
373 | is | | 373 | is |
374 | .Dv KAUTH_REQ_PROCESS_KTRACE_PERSISTENT , | | 374 | .Dv KAUTH_REQ_PROCESS_KTRACE_PERSISTENT , |
375 | this checks if persistent tracing can be done. | | 375 | this checks if persistent tracing can be done. |
376 | Persistent tracing maintains the trace across a set-user-id/set-group-id | | 376 | Persistent tracing maintains the trace across a set-user-id/set-group-id |
| @@ -505,135 +505,135 @@ or | | | @@ -505,135 +505,135 @@ or |
505 | respectively. | | 505 | respectively. |
506 | .El | | 506 | .El |
507 | .Ss Network Scope | | 507 | .Ss Network Scope |
508 | The network scope, | | 508 | The network scope, |
509 | .Dq org.netbsd.kauth.network , | | 509 | .Dq org.netbsd.kauth.network , |
510 | manages networking-related authorization requests in the kernel. | | 510 | manages networking-related authorization requests in the kernel. |
511 | .Pp | | 511 | .Pp |
512 | The authorization wrapper for this scope is declared as | | 512 | The authorization wrapper for this scope is declared as |
513 | .Pp | | 513 | .Pp |
514 | .Ft int Fn kauth_authorize_network "kauth_cred_t cred" "kauth_action_t op" \ | | 514 | .Ft int Fn kauth_authorize_network "kauth_cred_t cred" "kauth_action_t op" \ |
515 | "enum kauth_network_req req" "void *arg1" "void *arg2" "void *arg3" | | 515 | "enum kauth_network_req req" "void *arg1" "void *arg2" "void *arg3" |
516 | .Pp | | 516 | .Pp |
517 | The following operations are available for this scope: | | 517 | The following operations are available for this scope: |
518 | .Bl -tag | | 518 | .Bl -tag -width compact |
519 | .It Dv KAUTH_NETWORK_ALTQ | | 519 | .It Dv KAUTH_NETWORK_ALTQ |
520 | Checks if an ALTQ operation is allowed. | | 520 | Checks if an ALTQ operation is allowed. |
521 | .Pp | | 521 | .Pp |
522 | .Ar req | | 522 | .Ar req |
523 | indicates the ALTQ subsystem in question, and can be one of the following: | | 523 | indicates the ALTQ subsystem in question, and can be one of the following: |
524 | .Pp | | 524 | .Pp |
525 | .Bl -tag -compact | | 525 | .Bl -tag -compact -width compact |
526 | .It Dv KAUTH_REQ_NETWORK_ALTQ_AFMAP | | 526 | .It Dv KAUTH_REQ_NETWORK_ALTQ_AFMAP |
527 | .It Dv KAUTH_REQ_NETWORK_ALTQ_BLUE | | 527 | .It Dv KAUTH_REQ_NETWORK_ALTQ_BLUE |
528 | .It Dv KAUTH_REQ_NETWORK_ALTQ_CBQ | | 528 | .It Dv KAUTH_REQ_NETWORK_ALTQ_CBQ |
529 | .It Dv KAUTH_REQ_NETWORK_ALTQ_CDNR | | 529 | .It Dv KAUTH_REQ_NETWORK_ALTQ_CDNR |
530 | .It Dv KAUTH_REQ_NETWORK_ALTQ_CONF | | 530 | .It Dv KAUTH_REQ_NETWORK_ALTQ_CONF |
531 | .It Dv KAUTH_REQ_NETWORK_ALTQ_FIFOQ | | 531 | .It Dv KAUTH_REQ_NETWORK_ALTQ_FIFOQ |
532 | .It Dv KAUTH_REQ_NETWORK_ALTQ_HFSC | | 532 | .It Dv KAUTH_REQ_NETWORK_ALTQ_HFSC |
533 | .It Dv KAUTH_REQ_NETWORK_ALTQ_JOBS | | 533 | .It Dv KAUTH_REQ_NETWORK_ALTQ_JOBS |
534 | .It Dv KAUTH_REQ_NETWORK_ALTQ_PRIQ | | 534 | .It Dv KAUTH_REQ_NETWORK_ALTQ_PRIQ |
535 | .It Dv KAUTH_REQ_NETWORK_ALTQ_RED | | 535 | .It Dv KAUTH_REQ_NETWORK_ALTQ_RED |
536 | .It Dv KAUTH_REQ_NETWORK_ALTQ_RIO | | 536 | .It Dv KAUTH_REQ_NETWORK_ALTQ_RIO |
537 | .It Dv KAUTH_REQ_NETWORK_ALTQ_WFQ | | 537 | .It Dv KAUTH_REQ_NETWORK_ALTQ_WFQ |
538 | .El | | 538 | .El |
539 | .It Dv KAUTH_NETWORK_BIND | | 539 | .It Dv KAUTH_NETWORK_BIND |
540 | Checks if a | | 540 | Checks if a |
541 | .Xr bind 2 | | 541 | .Xr bind 2 |
542 | request is allowed. | | 542 | request is allowed. |
543 | .Pp | | 543 | .Pp |
544 | .Ar req | | 544 | .Ar req |
545 | allows to indicate the type of the request to structure listeners and callers | | 545 | allows to indicate the type of the request to structure listeners and callers |
546 | easier. | | 546 | easier. |
547 | Supported request types: | | 547 | Supported request types: |
548 | .Bl -tag | | 548 | .Bl -tag -width compact |
549 | .It Dv KAUTH_REQ_NETWORK_BIND_PRIVPORT | | 549 | .It Dv KAUTH_REQ_NETWORK_BIND_PRIVPORT |
550 | Checks if binding to a privileged/reserved port is allowed. | | 550 | Checks if binding to a privileged/reserved port is allowed. |
551 | .El | | 551 | .El |
552 | .It Dv KAUTH_NETWORK_FIREWALL | | 552 | .It Dv KAUTH_NETWORK_FIREWALL |
553 | Checks if firewall-related operations are allowed. | | 553 | Checks if firewall-related operations are allowed. |
554 | .Pp | | 554 | .Pp |
555 | .Ar req | | 555 | .Ar req |
556 | indicates the sub-action, and can be one of the following: | | 556 | indicates the sub-action, and can be one of the following: |
557 | .Bl -tag | | 557 | .Bl -tag -width compact |
558 | .It Dv KAUTH_REQ_NETWORK_FIREWALL_FW | | 558 | .It Dv KAUTH_REQ_NETWORK_FIREWALL_FW |
559 | Modification of packet filtering rules. | | 559 | Modification of packet filtering rules. |
560 | .It Dv KAUTH_REQ_NETWORK_FIREWALL_NAT | | 560 | .It Dv KAUTH_REQ_NETWORK_FIREWALL_NAT |
561 | Modification of NAT rules. | | 561 | Modification of NAT rules. |
562 | .El | | 562 | .El |
563 | .It Dv KAUTH_NETWORK_INTERFACE | | 563 | .It Dv KAUTH_NETWORK_INTERFACE |
564 | Checks if network interface-related operations are allowed. | | 564 | Checks if network interface-related operations are allowed. |
565 | .Pp | | 565 | .Pp |
566 | .Ar arg1 | | 566 | .Ar arg1 |
567 | is (optionally) the | | 567 | is (optionally) the |
568 | .Ft struct ifnet * | | 568 | .Ft struct ifnet * |
569 | associated with the interface. | | 569 | associated with the interface. |
570 | .Ar arg2 | | 570 | .Ar arg2 |
571 | is (optionally) an | | 571 | is (optionally) an |
572 | .Ft int | | 572 | .Ft int |
573 | describing the interface-specific operation. | | 573 | describing the interface-specific operation. |
574 | .Ar arg3 | | 574 | .Ar arg3 |
575 | is (optionally) a pointer to the interface-specific request structure. | | 575 | is (optionally) a pointer to the interface-specific request structure. |
576 | .Ar req | | 576 | .Ar req |
577 | indicates the sub-action, and can be one of the following: | | 577 | indicates the sub-action, and can be one of the following: |
578 | .Bl -tag | | 578 | .Bl -tag -width compact |
579 | .It Dv KAUTH_REQ_NETWORK_INTERFACE_GET | | 579 | .It Dv KAUTH_REQ_NETWORK_INTERFACE_GET |
580 | Check if retrieving information from the device is allowed. | | 580 | Check if retrieving information from the device is allowed. |
581 | .It Dv KAUTH_REQ_NETWORK_INTERFACE_GETPRIV | | 581 | .It Dv KAUTH_REQ_NETWORK_INTERFACE_GETPRIV |
582 | Check if retrieving privileged information from the device is allowed. | | 582 | Check if retrieving privileged information from the device is allowed. |
583 | .It Dv KAUTH_REQ_NETWORK_INTERFACE_SET | | 583 | .It Dv KAUTH_REQ_NETWORK_INTERFACE_SET |
584 | Check if setting parameters on the device is allowed. | | 584 | Check if setting parameters on the device is allowed. |
585 | .It Dv KAUTH_REQ_NETWORK_INTERFACE_SETPRIV | | 585 | .It Dv KAUTH_REQ_NETWORK_INTERFACE_SETPRIV |
586 | Check if setting privileged parameters on the device is allowed. | | 586 | Check if setting privileged parameters on the device is allowed. |
587 | .El | | 587 | .El |
588 | .Pp | | 588 | .Pp |
589 | Note that unless the | | 589 | Note that unless the |
590 | .Ft struct ifnet * | | 590 | .Ft struct ifnet * |
591 | for the interface was passed in | | 591 | for the interface was passed in |
592 | .Ar arg1 , | | 592 | .Ar arg1 , |
593 | there's no way to tell what structure | | 593 | there's no way to tell what structure |
594 | .Ar arg3 | | 594 | .Ar arg3 |
595 | is. | | 595 | is. |
596 | .It Dv KAUTH_NETWORK_FORWSRCRT | | 596 | .It Dv KAUTH_NETWORK_FORWSRCRT |
597 | Checks whether status of forwarding of source-routed packets can be modified | | 597 | Checks whether status of forwarding of source-routed packets can be modified |
598 | or not. | | 598 | or not. |
599 | .It Dv KAUTH_NETWORK_NFS | | 599 | .It Dv KAUTH_NETWORK_NFS |
600 | Check is an NFS related operation is allowed. | | 600 | Check is an NFS related operation is allowed. |
601 | .Pp | | 601 | .Pp |
602 | .Ar req | | 602 | .Ar req |
603 | can be any of the following: | | 603 | can be any of the following: |
604 | .Bl -tag | | 604 | .Bl -tag -width compact |
605 | .It Dv KAUTH_REQ_NETWORK_NFS_EXPORT | | 605 | .It Dv KAUTH_REQ_NETWORK_NFS_EXPORT |
606 | Check if modifying the NFS export table is allowed. | | 606 | Check if modifying the NFS export table is allowed. |
607 | .It Dv KAUTH_REQ_NETWORK_NFS_SVC | | 607 | .It Dv KAUTH_REQ_NETWORK_NFS_SVC |
608 | Check if access to the NFS | | 608 | Check if access to the NFS |
609 | .Xr nfssvc 2 | | 609 | .Xr nfssvc 2 |
610 | syscall is allowed. | | 610 | syscall is allowed. |
611 | .El | | 611 | .El |
612 | .It Dv KAUTH_NETWORK_ROUTE | | 612 | .It Dv KAUTH_NETWORK_ROUTE |
613 | Checks if a routing-related request is allowed. | | 613 | Checks if a routing-related request is allowed. |
614 | .Pp | | 614 | .Pp |
615 | .Ar arg1 | | 615 | .Ar arg1 |
616 | is the | | 616 | is the |
617 | .Ft struct rt_msghdr * | | 617 | .Ft struct rt_msghdr * |
618 | for the request. | | 618 | for the request. |
619 | .It Dv KAUTH_NETWORK_SOCKET | | 619 | .It Dv KAUTH_NETWORK_SOCKET |
620 | Checks if a socket related operation is allowed. | | 620 | Checks if a socket related operation is allowed. |
621 | .Pp | | 621 | .Pp |
622 | .Ar req | | 622 | .Ar req |
623 | allows to indicate the type of the request to structure listeners and callers | | 623 | allows to indicate the type of the request to structure listeners and callers |
624 | easier. | | 624 | easier. |
625 | Supported request types: | | 625 | Supported request types: |
626 | .Bl -tag | | 626 | .Bl -tag -width compact |
627 | .It Dv KAUTH_REQ_NETWORK_SOCKET_RAWSOCK | | 627 | .It Dv KAUTH_REQ_NETWORK_SOCKET_RAWSOCK |
628 | Checks if opening a raw socket is allowed. | | 628 | Checks if opening a raw socket is allowed. |
629 | .It Dv KAUTH_REQ_NETWORK_SOCKET_OPEN | | 629 | .It Dv KAUTH_REQ_NETWORK_SOCKET_OPEN |
630 | Checks if opening a socket is allowed. | | 630 | Checks if opening a socket is allowed. |
631 | .Ar arg1 , arg2 , | | 631 | .Ar arg1 , arg2 , |
632 | and | | 632 | and |
633 | .Ar arg3 | | 633 | .Ar arg3 |
634 | are all | | 634 | are all |
635 | .Ft int | | 635 | .Ft int |
636 | parameters describing the domain, socket type, and protocol, | | 636 | parameters describing the domain, socket type, and protocol, |
637 | respectively. | | 637 | respectively. |
638 | .It Dv KAUTH_REQ_NETWORK_SOCKET_CANSEE | | 638 | .It Dv KAUTH_REQ_NETWORK_SOCKET_CANSEE |
639 | Checks if looking at the socket passed is allowed. | | 639 | Checks if looking at the socket passed is allowed. |
| @@ -648,27 +648,27 @@ describing the socket. | | | @@ -648,27 +648,27 @@ describing the socket. |
648 | The machine-dependent (machdep) scope, | | 648 | The machine-dependent (machdep) scope, |
649 | .Dq org.netbsd.kauth.machdep , | | 649 | .Dq org.netbsd.kauth.machdep , |
650 | manages machine-dependent authorization requests in the kernel. | | 650 | manages machine-dependent authorization requests in the kernel. |
651 | .Pp | | 651 | .Pp |
652 | The authorization wrapper for this scope is declared as | | 652 | The authorization wrapper for this scope is declared as |
653 | .Pp | | 653 | .Pp |
654 | .Ft int Fn kauth_authorize_machdep "kauth_cred_t cred" "kauth_action_t op" \ | | 654 | .Ft int Fn kauth_authorize_machdep "kauth_cred_t cred" "kauth_action_t op" \ |
655 | "void *arg0" "void *arg1" "void *arg2" "void *arg3" | | 655 | "void *arg0" "void *arg1" "void *arg2" "void *arg3" |
656 | .Pp | | 656 | .Pp |
657 | The actions on this scope provide a set that may or may not affect all | | 657 | The actions on this scope provide a set that may or may not affect all |
658 | platforms. | | 658 | platforms. |
659 | Below is a list of available actions, along with which platforms are affected | | 659 | Below is a list of available actions, along with which platforms are affected |
660 | by each. | | 660 | by each. |
661 | .Bl -tag | | 661 | .Bl -tag -width compact |
662 | .It Dv KAUTH_MACHDEP_IOPERM_GET | | 662 | .It Dv KAUTH_MACHDEP_IOPERM_GET |
663 | Request to get the I/O permission level. | | 663 | Request to get the I/O permission level. |
664 | Affects | | 664 | Affects |
665 | .Em amd64 , | | 665 | .Em amd64 , |
666 | .Em i386 , | | 666 | .Em i386 , |
667 | .Em xen . | | 667 | .Em xen . |
668 | .It Dv KAUTH_MACHDEP_IOPERM_SET | | 668 | .It Dv KAUTH_MACHDEP_IOPERM_SET |
669 | Request to set the I/O permission level. | | 669 | Request to set the I/O permission level. |
670 | Affects | | 670 | Affects |
671 | .Em amd64 , | | 671 | .Em amd64 , |
672 | .Em i386 , | | 672 | .Em i386 , |
673 | .Em xen . | | 673 | .Em xen . |
674 | .It Dv KAUTH_MACHDEP_IOPL | | 674 | .It Dv KAUTH_MACHDEP_IOPL |
| @@ -733,27 +733,27 @@ this scope provides authorization wrappe | | | @@ -733,27 +733,27 @@ this scope provides authorization wrappe |
733 | "struct tty *tty" | | 733 | "struct tty *tty" |
734 | .Pp | | 734 | .Pp |
735 | Authorizes requests for | | 735 | Authorizes requests for |
736 | .Em terminal devices | | 736 | .Em terminal devices |
737 | on the system. | | 737 | on the system. |
738 | The third argument, | | 738 | The third argument, |
739 | .Ar tty , | | 739 | .Ar tty , |
740 | is the terminal device in question. | | 740 | is the terminal device in question. |
741 | It is passed to the listener as | | 741 | It is passed to the listener as |
742 | .Ar arg0 . | | 742 | .Ar arg0 . |
743 | The second argument, | | 743 | The second argument, |
744 | .Ar op , | | 744 | .Ar op , |
745 | is the action and can be one of the following: | | 745 | is the action and can be one of the following: |
746 | .Bl -tag | | 746 | .Bl -tag -width compact |
747 | .It Dv KAUTH_DEVICE_TTY_OPEN | | 747 | .It Dv KAUTH_DEVICE_TTY_OPEN |
748 | Open the terminal device pointed to by | | 748 | Open the terminal device pointed to by |
749 | .Ar tty . | | 749 | .Ar tty . |
750 | .It Dv KAUTH_DEVICE_TTY_PRIVSET | | 750 | .It Dv KAUTH_DEVICE_TTY_PRIVSET |
751 | Set privileged settings on the terminal device pointed to by | | 751 | Set privileged settings on the terminal device pointed to by |
752 | .Ar tty . | | 752 | .Ar tty . |
753 | .It Dv KAUTH_DEVICE_TTY_STI | | 753 | .It Dv KAUTH_DEVICE_TTY_STI |
754 | Use the | | 754 | Use the |
755 | .Dq TIOCSTI | | 755 | .Dq TIOCSTI |
756 | device | | 756 | device |
757 | .Xr ioctl 2 , | | 757 | .Xr ioctl 2 , |
758 | allowing to inject characters into the terminal buffer, simulating terminal | | 758 | allowing to inject characters into the terminal buffer, simulating terminal |
759 | input. | | 759 | input. |
| @@ -802,27 +802,27 @@ These have the potential of resulting in | | | @@ -802,27 +802,27 @@ These have the potential of resulting in |
802 | It passes | | 802 | It passes |
803 | .Dv KAUTH_DEVICE_RAWIO_PASSTHRU | | 803 | .Dv KAUTH_DEVICE_RAWIO_PASSTHRU |
804 | as the action to the listener, and accepts three arguments. | | 804 | as the action to the listener, and accepts three arguments. |
805 | .Ar dev , | | 805 | .Ar dev , |
806 | passed as | | 806 | passed as |
807 | .Ar arg1 | | 807 | .Ar arg1 |
808 | to the listener, is the device for which the request is made. | | 808 | to the listener, is the device for which the request is made. |
809 | .Ar mode , | | 809 | .Ar mode , |
810 | passed as | | 810 | passed as |
811 | .Ar arg0 | | 811 | .Ar arg0 |
812 | to the listener, is a generic representation of the access mode requested. | | 812 | to the listener, is a generic representation of the access mode requested. |
813 | It can be one or more (binary-OR'd) of the following: | | 813 | It can be one or more (binary-OR'd) of the following: |
814 | .Pp | | 814 | .Pp |
815 | .Bl -tag -offset indent -compact | | 815 | .Bl -tag -width compact -offset indent -compact |
816 | .It KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READ | | 816 | .It KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READ |
817 | .It KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READCONF | | 817 | .It KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READCONF |
818 | .It KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_WRITE | | 818 | .It KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_WRITE |
819 | .It KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_WRITECONF | | 819 | .It KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_WRITECONF |
820 | .El | | 820 | .El |
821 | .Pp | | 821 | .Pp |
822 | .Ar data , | | 822 | .Ar data , |
823 | passed as | | 823 | passed as |
824 | .Ar arg2 | | 824 | .Ar arg2 |
825 | to the listener, is device-specific data that may be associated with the | | 825 | to the listener, is device-specific data that may be associated with the |
826 | request. | | 826 | request. |
827 | .Ss Credentials Scope | | 827 | .Ss Credentials Scope |
828 | The credentials scope, | | 828 | The credentials scope, |
| @@ -836,27 +836,27 @@ It is a | | | @@ -836,27 +836,27 @@ It is a |
836 | scope, allowing hooking operations such as initialization of new credentials, | | 836 | scope, allowing hooking operations such as initialization of new credentials, |
837 | credential inheritance during a fork, and copying and freeing of credentials. | | 837 | credential inheritance during a fork, and copying and freeing of credentials. |
838 | The main purpose for this scope is to give a security model a way to control | | 838 | The main purpose for this scope is to give a security model a way to control |
839 | the aforementioned operations, especially in cases where the credentials | | 839 | the aforementioned operations, especially in cases where the credentials |
840 | hold security model-private data. | | 840 | hold security model-private data. |
841 | .Pp | | 841 | .Pp |
842 | Notifications are made using the following function, which is internal to | | 842 | Notifications are made using the following function, which is internal to |
843 | .Nm : | | 843 | .Nm : |
844 | .Pp | | 844 | .Pp |
845 | .Ft int Fn kauth_cred_hook "kauth_cred_t cred" "kauth_action_t action" \ | | 845 | .Ft int Fn kauth_cred_hook "kauth_cred_t cred" "kauth_action_t action" \ |
846 | "void *arg0" "void *arg1" | | 846 | "void *arg0" "void *arg1" |
847 | .Pp | | 847 | .Pp |
848 | With the following actions: | | 848 | With the following actions: |
849 | .Bl -tag | | 849 | .Bl -tag -width compact |
850 | .It Dv KAUTH_CRED_COPY | | 850 | .It Dv KAUTH_CRED_COPY |
851 | The credentials are being copied. | | 851 | The credentials are being copied. |
852 | .Ar cred | | 852 | .Ar cred |
853 | are the credentials of the lwp context doing the copy, and | | 853 | are the credentials of the lwp context doing the copy, and |
854 | .Ar arg0 | | 854 | .Ar arg0 |
855 | and | | 855 | and |
856 | .Ar arg1 | | 856 | .Ar arg1 |
857 | are both | | 857 | are both |
858 | .Ft kauth_cred_t | | 858 | .Ft kauth_cred_t |
859 | representing the | | 859 | representing the |
860 | .Dq from | | 860 | .Dq from |
861 | and | | 861 | and |
862 | .Dq to | | 862 | .Dq to |
| @@ -884,27 +884,27 @@ are being initialized. | | | @@ -884,27 +884,27 @@ are being initialized. |
884 | .El | | 884 | .El |
885 | .Pp | | 885 | .Pp |
886 | Since this is a notify-only scope, all listeners are required to return | | 886 | Since this is a notify-only scope, all listeners are required to return |
887 | .Dv KAUTH_RESULT_ALLOW . | | 887 | .Dv KAUTH_RESULT_ALLOW . |
888 | .Ss Credentials Accessors and Mutators | | 888 | .Ss Credentials Accessors and Mutators |
889 | .Nm | | 889 | .Nm |
890 | has a variety of accessor and mutator routines to handle | | 890 | has a variety of accessor and mutator routines to handle |
891 | .Ft kauth_cred_t | | 891 | .Ft kauth_cred_t |
892 | objects. | | 892 | objects. |
893 | .Pp | | 893 | .Pp |
894 | The following routines can be used to access and modify the user- and | | 894 | The following routines can be used to access and modify the user- and |
895 | group-ids in a | | 895 | group-ids in a |
896 | .Ft kauth_cred_t : | | 896 | .Ft kauth_cred_t : |
897 | .Bl -tag | | 897 | .Bl -tag -width compact |
898 | .It Ft uid_t Fn kauth_cred_getuid "kauth_cred_t cred" | | 898 | .It Ft uid_t Fn kauth_cred_getuid "kauth_cred_t cred" |
899 | Returns the real user-id from | | 899 | Returns the real user-id from |
900 | .Ar cred . | | 900 | .Ar cred . |
901 | .It Ft uid_t Fn kauth_cred_geteuid "kauth_cred_t cred" | | 901 | .It Ft uid_t Fn kauth_cred_geteuid "kauth_cred_t cred" |
902 | Returns the effective user-id from | | 902 | Returns the effective user-id from |
903 | .Ar cred . | | 903 | .Ar cred . |
904 | .It Ft uid_t Fn kauth_cred_getsvuid "kauth_cred_t cred" | | 904 | .It Ft uid_t Fn kauth_cred_getsvuid "kauth_cred_t cred" |
905 | Returns the saved user-id from | | 905 | Returns the saved user-id from |
906 | .Ar cred . | | 906 | .Ar cred . |
907 | .It Ft void Fn kauth_cred_setuid "kauth_cred_t cred" "uid_t uid" | | 907 | .It Ft void Fn kauth_cred_setuid "kauth_cred_t cred" "uid_t uid" |
908 | Sets the real user-id in | | 908 | Sets the real user-id in |
909 | .Ar cred | | 909 | .Ar cred |
910 | to | | 910 | to |
| @@ -941,27 +941,27 @@ to | | | @@ -941,27 +941,27 @@ to |
941 | .It Ft void Fn kauth_cred_setsvgid "kauth_cred_t cred" "gid_t gid" | | 941 | .It Ft void Fn kauth_cred_setsvgid "kauth_cred_t cred" "gid_t gid" |
942 | Sets the saved group-id in | | 942 | Sets the saved group-id in |
943 | .Ar cred | | 943 | .Ar cred |
944 | to | | 944 | to |
945 | .Ar gid . | | 945 | .Ar gid . |
946 | .It Ft u_int Fn kauth_cred_getrefcnt "kauth_cred_t cred" | | 946 | .It Ft u_int Fn kauth_cred_getrefcnt "kauth_cred_t cred" |
947 | Return the reference count for | | 947 | Return the reference count for |
948 | .Ar cred . | | 948 | .Ar cred . |
949 | .El | | 949 | .El |
950 | .Pp | | 950 | .Pp |
951 | The following routines can be used to access and modify the group | | 951 | The following routines can be used to access and modify the group |
952 | list in a | | 952 | list in a |
953 | .Ft kauth_cred_t : | | 953 | .Ft kauth_cred_t : |
954 | .Bl -tag | | 954 | .Bl -tag -width compact |
955 | .It Ft int Fn kauth_cred_ismember_gid "kauth_cred_t cred" "gid_t gid" \ | | 955 | .It Ft int Fn kauth_cred_ismember_gid "kauth_cred_t cred" "gid_t gid" \ |
956 | "int *resultp" | | 956 | "int *resultp" |
957 | Checks if the group-id | | 957 | Checks if the group-id |
958 | .Ar gid | | 958 | .Ar gid |
959 | is a member in the group list of | | 959 | is a member in the group list of |
960 | .Ar cred . | | 960 | .Ar cred . |
961 | .Pp | | 961 | .Pp |
962 | If it is, | | 962 | If it is, |
963 | .Ar resultp | | 963 | .Ar resultp |
964 | will be set to one, otherwise, to zero. | | 964 | will be set to one, otherwise, to zero. |
965 | .Pp | | 965 | .Pp |
966 | The return value is an error code, or zero for success. | | 966 | The return value is an error code, or zero for success. |
967 | .It Ft u_int Fn kauth_cred_ngroups "kauth_cred_t cred" | | 967 | .It Ft u_int Fn kauth_cred_ngroups "kauth_cred_t cred" |
| @@ -1024,44 +1024,44 @@ provides an interface to allow attaching | | | @@ -1024,44 +1024,44 @@ provides an interface to allow attaching |
1024 | credentials. | | 1024 | credentials. |
1025 | .Pp | | 1025 | .Pp |
1026 | The use of this interface has two parts that can be divided to direct and | | 1026 | The use of this interface has two parts that can be divided to direct and |
1027 | indirect control of the private-data. | | 1027 | indirect control of the private-data. |
1028 | Directly controlling the private data is done by using the below routines, | | 1028 | Directly controlling the private data is done by using the below routines, |
1029 | while the indirect control is often dictated by events such as process | | 1029 | while the indirect control is often dictated by events such as process |
1030 | fork, and is handled by listening on the credentials scope (see above). | | 1030 | fork, and is handled by listening on the credentials scope (see above). |
1031 | .Pp | | 1031 | .Pp |
1032 | Attaching private data to credentials works by registering a key to serve | | 1032 | Attaching private data to credentials works by registering a key to serve |
1033 | as a unique identifier, distinguishing various sets of private data that | | 1033 | as a unique identifier, distinguishing various sets of private data that |
1034 | may be associated with the credentials. | | 1034 | may be associated with the credentials. |
1035 | Registering, and deregistering, a key is done by using these routines: | | 1035 | Registering, and deregistering, a key is done by using these routines: |
1036 | .Pp | | 1036 | .Pp |
1037 | .Bl -tag | | 1037 | .Bl -tag -width compact |
1038 | .It Ft int Fn kauth_register_key "const char *name" "kauth_key_t *keyp" | | 1038 | .It Ft int Fn kauth_register_key "const char *name" "kauth_key_t *keyp" |
1039 | Register new key for private data for | | 1039 | Register new key for private data for |
1040 | .Ar name | | 1040 | .Ar name |
1041 | (usually, the security model name). | | 1041 | (usually, the security model name). |
1042 | .Ar keyp | | 1042 | .Ar keyp |
1043 | will be used to return the key to be used in further calls. | | 1043 | will be used to return the key to be used in further calls. |
1044 | .Pp | | 1044 | .Pp |
1045 | The function returns 0 on success and an error code (see | | 1045 | The function returns 0 on success and an error code (see |
1046 | .Xr errno 2 ) | | 1046 | .Xr errno 2 ) |
1047 | on failure. | | 1047 | on failure. |
1048 | .It Ft int Fn kauth_deregister_key "kauth_key_t key" | | 1048 | .It Ft int Fn kauth_deregister_key "kauth_key_t key" |
1049 | Deregister private data key | | 1049 | Deregister private data key |
1050 | .Ar key . | | 1050 | .Ar key . |
1051 | .El | | 1051 | .El |
1052 | .Pp | | 1052 | .Pp |
1053 | Once registered, private data may be manipulated by the following routines: | | 1053 | Once registered, private data may be manipulated by the following routines: |
1054 | .Bl -tag | | 1054 | .Bl -tag -width compact |
1055 | .It Ft void Fn kauth_cred_setdata "kauth_cred_t cred" "kauth_key_t key" \ | | 1055 | .It Ft void Fn kauth_cred_setdata "kauth_cred_t cred" "kauth_key_t key" \ |
1056 | "void *data" | | 1056 | "void *data" |
1057 | Set private data for | | 1057 | Set private data for |
1058 | .Ar key | | 1058 | .Ar key |
1059 | in | | 1059 | in |
1060 | .Ar cred | | 1060 | .Ar cred |
1061 | to be | | 1061 | to be |
1062 | .Ar data . | | 1062 | .Ar data . |
1063 | .It Ft void * Fn kauth_cred_getdata "kauth_cred_t cred" "kauth_key_t key" | | 1063 | .It Ft void * Fn kauth_cred_getdata "kauth_cred_t cred" "kauth_key_t key" |
1064 | Retrieve private data for | | 1064 | Retrieve private data for |
1065 | .Ar key | | 1065 | .Ar key |
1066 | in | | 1066 | in |
1067 | .Ar cred . | | 1067 | .Ar cred . |
| @@ -1077,27 +1077,27 @@ with the | | | @@ -1077,27 +1077,27 @@ with the |
1077 | private data. | | 1077 | private data. |
1078 | .Ss Credential Inheritance and Reference Counting | | 1078 | .Ss Credential Inheritance and Reference Counting |
1079 | .Nm | | 1079 | .Nm |
1080 | provides an interface for handling shared credentials. | | 1080 | provides an interface for handling shared credentials. |
1081 | .Pp | | 1081 | .Pp |
1082 | When a | | 1082 | When a |
1083 | .Ft kauth_cred_t | | 1083 | .Ft kauth_cred_t |
1084 | is first allocated, its reference count is set to 1. | | 1084 | is first allocated, its reference count is set to 1. |
1085 | However, with time, its reference count can grow as more objects (processes, | | 1085 | However, with time, its reference count can grow as more objects (processes, |
1086 | LWPs, files, etc.) reference it. | | 1086 | LWPs, files, etc.) reference it. |
1087 | .Pp | | 1087 | .Pp |
1088 | The following routines are available for managing credentials reference | | 1088 | The following routines are available for managing credentials reference |
1089 | counting: | | 1089 | counting: |
1090 | .Bl -tag | | 1090 | .Bl -tag -width compact |
1091 | .It Ft void Fn kauth_cred_hold "kauth_cred_t cred" | | 1091 | .It Ft void Fn kauth_cred_hold "kauth_cred_t cred" |
1092 | Increases reference count to | | 1092 | Increases reference count to |
1093 | .Ar cred | | 1093 | .Ar cred |
1094 | by one. | | 1094 | by one. |
1095 | .It Ft void Fn kauth_cred_free "kauth_cred_t cred" | | 1095 | .It Ft void Fn kauth_cred_free "kauth_cred_t cred" |
1096 | Decreases the reference count to | | 1096 | Decreases the reference count to |
1097 | .Ar cred | | 1097 | .Ar cred |
1098 | by one. | | 1098 | by one. |
1099 | .Pp | | 1099 | .Pp |
1100 | If the reference count dropped to zero, the memory used by | | 1100 | If the reference count dropped to zero, the memory used by |
1101 | .Ar cred | | 1101 | .Ar cred |
1102 | will be freed. | | 1102 | will be freed. |
1103 | .El | | 1103 | .El |
| @@ -1112,41 +1112,41 @@ When called, it references the parent's | | | @@ -1112,41 +1112,41 @@ When called, it references the parent's |
1112 | and calls the credentials scope's hook with the | | 1112 | and calls the credentials scope's hook with the |
1113 | .Dv KAUTH_CRED_FORK | | 1113 | .Dv KAUTH_CRED_FORK |
1114 | action to allow security model-specific handling of the inheritance | | 1114 | action to allow security model-specific handling of the inheritance |
1115 | to take place. | | 1115 | to take place. |
1116 | .Ss Credentials Memory Management | | 1116 | .Ss Credentials Memory Management |
1117 | Data-structures for credentials, listeners, and scopes are allocated from | | 1117 | Data-structures for credentials, listeners, and scopes are allocated from |
1118 | memory pools managed by the | | 1118 | memory pools managed by the |
1119 | .Xr pool 9 | | 1119 | .Xr pool 9 |
1120 | subsystem. | | 1120 | subsystem. |
1121 | .Pp | | 1121 | .Pp |
1122 | The | | 1122 | The |
1123 | .Ft kauth_cred_t | | 1123 | .Ft kauth_cred_t |
1124 | objects have their own memory management routines: | | 1124 | objects have their own memory management routines: |
1125 | .Bl -tag | | 1125 | .Bl -tag -width compact |
1126 | .It Ft kauth_cred_t Fn kauth_cred_alloc "void" | | 1126 | .It Ft kauth_cred_t Fn kauth_cred_alloc "void" |
1127 | Allocates a new | | 1127 | Allocates a new |
1128 | .Ft kauth_cred_t , | | 1128 | .Ft kauth_cred_t , |
1129 | initializes its lock, and sets its reference count to one. | | 1129 | initializes its lock, and sets its reference count to one. |
1130 | .El | | 1130 | .El |
1131 | .Ss Conversion Routines | | 1131 | .Ss Conversion Routines |
1132 | Sometimes it might be necessary to convert a | | 1132 | Sometimes it might be necessary to convert a |
1133 | .Ft kauth_cred_t | | 1133 | .Ft kauth_cred_t |
1134 | to userland's view of credentials, a | | 1134 | to userland's view of credentials, a |
1135 | .Ft struct uucred , | | 1135 | .Ft struct uucred , |
1136 | or vice versa. | | 1136 | or vice versa. |
1137 | .Pp | | 1137 | .Pp |
1138 | The following routines are available for these cases: | | 1138 | The following routines are available for these cases: |
1139 | .Bl -tag | | 1139 | .Bl -tag -width compact |
1140 | .It Ft void Fn kauth_uucred_to_cred "kauth_cred_t cred" "const struct uucred *uucred" | | 1140 | .It Ft void Fn kauth_uucred_to_cred "kauth_cred_t cred" "const struct uucred *uucred" |
1141 | Convert userland's view of credentials to a | | 1141 | Convert userland's view of credentials to a |
1142 | .Ft kauth_cred_t . | | 1142 | .Ft kauth_cred_t . |
1143 | .Pp | | 1143 | .Pp |
1144 | This includes effective user- and group-ids, a number of groups, and a group | | 1144 | This includes effective user- and group-ids, a number of groups, and a group |
1145 | list. | | 1145 | list. |
1146 | The reference count is set to one. | | 1146 | The reference count is set to one. |
1147 | .Pp | | 1147 | .Pp |
1148 | Note that | | 1148 | Note that |
1149 | .Nm | | 1149 | .Nm |
1150 | will try to copy as many groups as can be held inside a | | 1150 | will try to copy as many groups as can be held inside a |
1151 | .Ft kauth_cred_t . | | 1151 | .Ft kauth_cred_t . |
1152 | .It Ft void Fn kauth_cred_to_uucred "struct uucred *uucred" "const kauth_cred_t cred" | | 1152 | .It Ft void Fn kauth_cred_to_uucred "struct uucred *uucred" "const kauth_cred_t cred" |
| @@ -1164,27 +1164,27 @@ will try to copy as many groups as can b | | | @@ -1164,27 +1164,27 @@ will try to copy as many groups as can b |
1164 | .It Ft int Fn kauth_cred_uucmp "kauth_cred_t cred" "struct uucred *uucred" | | 1164 | .It Ft int Fn kauth_cred_uucmp "kauth_cred_t cred" "struct uucred *uucred" |
1165 | Compares | | 1165 | Compares |
1166 | .Ar cred | | 1166 | .Ar cred |
1167 | with the userland credentials in | | 1167 | with the userland credentials in |
1168 | .Ar uucred . | | 1168 | .Ar uucred . |
1169 | .Pp | | 1169 | .Pp |
1170 | Common values that will be compared are effective user- and group-ids, and | | 1170 | Common values that will be compared are effective user- and group-ids, and |
1171 | the group list. | | 1171 | the group list. |
1172 | .El | | 1172 | .El |
1173 | .Ss Miscellaneous Routines | | 1173 | .Ss Miscellaneous Routines |
1174 | Other routines provided by | | 1174 | Other routines provided by |
1175 | .Nm | | 1175 | .Nm |
1176 | are: | | 1176 | are: |
1177 | .Bl -tag | | 1177 | .Bl -tag -width compact |
1178 | .It Ft void Fn kauth_cred_clone "kauth_cred_t cred1" "kauth_cred_t cred2" | | 1178 | .It Ft void Fn kauth_cred_clone "kauth_cred_t cred1" "kauth_cred_t cred2" |
1179 | Clone credentials from | | 1179 | Clone credentials from |
1180 | .Ar cred1 | | 1180 | .Ar cred1 |
1181 | to | | 1181 | to |
1182 | .Ar cred2 , | | 1182 | .Ar cred2 , |
1183 | except for the lock and reference count. | | 1183 | except for the lock and reference count. |
1184 | .Pp | | 1184 | .Pp |
1185 | .It Ft kauth_cred_t Fn kauth_cred_dup "kauth_cred_t cred" | | 1185 | .It Ft kauth_cred_t Fn kauth_cred_dup "kauth_cred_t cred" |
1186 | Duplicate | | 1186 | Duplicate |
1187 | .Ar cred . | | 1187 | .Ar cred . |
1188 | .Pp | | 1188 | .Pp |
1189 | What this routine does is call | | 1189 | What this routine does is call |
1190 | .Fn kauth_cred_alloc | | 1190 | .Fn kauth_cred_alloc |
| @@ -1211,27 +1211,27 @@ will be done. | | | @@ -1211,27 +1211,27 @@ will be done. |
1211 | .It Ft kauth_cred_t Fn kauth_cred_get "void" | | 1211 | .It Ft kauth_cred_t Fn kauth_cred_get "void" |
1212 | Return the credentials associated with the current LWP. | | 1212 | Return the credentials associated with the current LWP. |
1213 | .El | | 1213 | .El |
1214 | .Ss Scope Management | | 1214 | .Ss Scope Management |
1215 | .Nm | | 1215 | .Nm |
1216 | provides routines to manage the creation and deletion of scopes on the | | 1216 | provides routines to manage the creation and deletion of scopes on the |
1217 | system. | | 1217 | system. |
1218 | .Pp | | 1218 | .Pp |
1219 | Note that the built-in scopes, the | | 1219 | Note that the built-in scopes, the |
1220 | .Dq generic | | 1220 | .Dq generic |
1221 | scope and the | | 1221 | scope and the |
1222 | .Dq process | | 1222 | .Dq process |
1223 | scope, can't be deleted. | | 1223 | scope, can't be deleted. |
1224 | .Bl -tag | | 1224 | .Bl -tag -width compact |
1225 | .It Ft kauth_scope_t Fn kauth_register_scope "const char *id" \ | | 1225 | .It Ft kauth_scope_t Fn kauth_register_scope "const char *id" \ |
1226 | "kauth_scope_callback_t cb" "void *cookie" | | 1226 | "kauth_scope_callback_t cb" "void *cookie" |
1227 | Register a new scope on the system. | | 1227 | Register a new scope on the system. |
1228 | .Ar id | | 1228 | .Ar id |
1229 | is the name of the scope, usually in reverse DNS-like notation. | | 1229 | is the name of the scope, usually in reverse DNS-like notation. |
1230 | For example, | | 1230 | For example, |
1231 | .Dq org.netbsd.kauth.myscope . | | 1231 | .Dq org.netbsd.kauth.myscope . |
1232 | .Ar cb | | 1232 | .Ar cb |
1233 | is the default listener, to which authorization requests for this scope | | 1233 | is the default listener, to which authorization requests for this scope |
1234 | will be dispatched to. | | 1234 | will be dispatched to. |
1235 | .Ar cookie | | 1235 | .Ar cookie |
1236 | is optional user-data that will be passed to all listeners | | 1236 | is optional user-data that will be passed to all listeners |
1237 | during authorization on the scope. | | 1237 | during authorization on the scope. |
| @@ -1250,27 +1250,27 @@ are authorization callbacks that are cal | | | @@ -1250,27 +1250,27 @@ are authorization callbacks that are cal |
1250 | request in the scope which they belong to. | | 1250 | request in the scope which they belong to. |
1251 | .Pp | | 1251 | .Pp |
1252 | When an authorization request is made, all listeners associated with | | 1252 | When an authorization request is made, all listeners associated with |
1253 | a scope are called to allow, deny, or defer the request. | | 1253 | a scope are called to allow, deny, or defer the request. |
1254 | .Pp | | 1254 | .Pp |
1255 | It is enough for one listener to deny the request in order for the | | 1255 | It is enough for one listener to deny the request in order for the |
1256 | request to be denied; but all listeners are called during an authorization | | 1256 | request to be denied; but all listeners are called during an authorization |
1257 | process none-the-less. | | 1257 | process none-the-less. |
1258 | All listeners are required to allow the request for it to be granted, | | 1258 | All listeners are required to allow the request for it to be granted, |
1259 | and in a case where all listeners defer the request -- leaving the decision | | 1259 | and in a case where all listeners defer the request -- leaving the decision |
1260 | for other listeners -- the request is denied. | | 1260 | for other listeners -- the request is denied. |
1261 | .Pp | | 1261 | .Pp |
1262 | The following KPI is provided for the management of listeners: | | 1262 | The following KPI is provided for the management of listeners: |
1263 | .Bl -tag | | 1263 | .Bl -tag -width compact |
1264 | .It Ft kauth_listener_t Fn kauth_listen_scope "const char *id" \ | | 1264 | .It Ft kauth_listener_t Fn kauth_listen_scope "const char *id" \ |
1265 | "kauth_scope_callback_t cb" "void *cookie" | | 1265 | "kauth_scope_callback_t cb" "void *cookie" |
1266 | Create a new listener on the scope with the id | | 1266 | Create a new listener on the scope with the id |
1267 | .Ar id , | | 1267 | .Ar id , |
1268 | setting the default listener to | | 1268 | setting the default listener to |
1269 | .Ar cb . | | 1269 | .Ar cb . |
1270 | .Ar cookie | | 1270 | .Ar cookie |
1271 | is optional user-data that will be passed to the listener when called | | 1271 | is optional user-data that will be passed to the listener when called |
1272 | during an authorization request. | | 1272 | during an authorization request. |
1273 | .It Ft void Fn kauth_unlisten_scope "kauth_listener_t listener" | | 1273 | .It Ft void Fn kauth_unlisten_scope "kauth_listener_t listener" |
1274 | Removes | | 1274 | Removes |
1275 | .Ar listener | | 1275 | .Ar listener |
1276 | from the scope which it belongs to, ensuring it won't be called again, | | 1276 | from the scope which it belongs to, ensuring it won't be called again, |