 @@ -1,14 +1,14 @@
-/* $NetBSD: secmodel_suser.c,v 1.20 2009/10/03 01:46:39 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.21 2009/10/03 01:52:14 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. The name of the author may not be used to endorse or promote products
 @@ -28,48 +28,48 @@
 /*
  * This file contains kauth(9) listeners needed to implement the traditional
  * NetBSD superuser access restrictions.
+ *
  * There are two main resources a request can be issued to: user-owned and
  * system owned. For the first, traditional Unix access checks are done, as
  * well as superuser checks. If needed, the request context is examined before
  * a decision is made. For the latter, usually only superuser checks are done
  * as normal users are not allowed to access system resources.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.20 2009/10/03 01:46:39 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.21 2009/10/03 01:52:14 elad Exp $");
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/kauth.h>
 #include <sys/mutex.h>
 #include <sys/mount.h>
 #include <sys/socketvar.h>
 #include <sys/sysctl.h>
 #include <sys/vnode.h>
 #include <sys/proc.h>
 #include <sys/uidinfo.h>
 #include <sys/module.h>
 #include <miscfs/procfs/procfs.h>
 #include <secmodel/suser/suser.h>
 MODULE(MODULE_CLASS_SECMODEL, suser, NULL);
-static int secmodel_bsd44_curtain;
+static int secmodel_suser_curtain;
 /* static */ int dovfsusermount;
 static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep,
     l_device, l_vnode;
 static struct sysctllog *suser_sysctl_log;
 void
 sysctl_security_suser_setup(struct sysctllog **clog)
+{
 	const struct sysctlnode *rnode;
 	sysctl_createv(clog, 0, NULL, &rnode,
 @@ -91,50 +91,50 @@ sysctl_security_suser_setup(struct sysct
 		       CTL_CREATE, CTL_EOL);
 	sysctl_createv(clog, 0, &rnode, NULL,
 		       CTLFLAG_PERMANENT,
 		       CTLTYPE_STRING, "name", NULL,
 		       NULL, 0, __UNCONST("Traditional NetBSD: Superuser"), 0,
 		       CTL_CREATE, CTL_EOL);
 	sysctl_createv(clog, 0, &rnode, NULL,
 		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 		       CTLTYPE_INT, "curtain",
 		       SYSCTL_DESCR("Curtain information about objects to "\
 		       		    "users not owning them."),
-		       NULL, 0, &secmodel_bsd44_curtain, 0,
+		       NULL, 0, &secmodel_suser_curtain, 0,
 		       CTL_CREATE, CTL_EOL);
 	sysctl_createv(clog, 0, &rnode, NULL,
 		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 		       CTLTYPE_INT, "usermount",
 		       SYSCTL_DESCR("Whether unprivileged users may mount "
 				    "filesystems"),
 		       NULL, 0, &dovfsusermount, 0,
 		       CTL_CREATE, CTL_EOL);
 	/* Compatibility: security.curtain */
 	sysctl_createv(clog, 0, NULL, &rnode,
 		       CTLFLAG_PERMANENT,
 		       CTLTYPE_NODE, "security", NULL,
 		       NULL, 0, NULL, 0,
 		       CTL_SECURITY, CTL_EOL);
 	sysctl_createv(clog, 0, &rnode, NULL,
 		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 		       CTLTYPE_INT, "curtain",
 		       SYSCTL_DESCR("Curtain information about objects to "\
 		       		    "users not owning them."),
-		       NULL, 0, &secmodel_bsd44_curtain, 0,
+		       NULL, 0, &secmodel_suser_curtain, 0,
 		       CTL_CREATE, CTL_EOL);
 	/* Compatibility: vfs.generic.usermount */
 	sysctl_createv(clog, 0, NULL, NULL,
 		       CTLFLAG_PERMANENT,
 		       CTLTYPE_NODE, "vfs", NULL,
 		       NULL, 0, NULL, 0,
 		       CTL_VFS, CTL_EOL);
 	sysctl_createv(clog, 0, NULL, NULL,
 		       CTLFLAG_PERMANENT,
 		       CTLTYPE_NODE, "generic",
 		       SYSCTL_DESCR("Non-specific vfs related information"),
 @@ -143,27 +143,27 @@ sysctl_security_suser_setup(struct sysct
 	sysctl_createv(clog, 0, NULL, NULL,
 		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 		       CTLTYPE_INT, "usermount",
 		       SYSCTL_DESCR("Whether unprivileged users may mount "
 				    "filesystems"),
 		       NULL, 0, &dovfsusermount, 0,
 		       CTL_VFS, VFS_GENERIC, VFS_USERMOUNT, CTL_EOL);
+}
 void
 secmodel_suser_init(void)
+{
-	secmodel_bsd44_curtain = 0;
+	secmodel_suser_curtain = 0;
 	dovfsusermount = 0;
+}
 void
 secmodel_suser_start(void)
+{
 	l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC,
 	    secmodel_suser_generic_cb, NULL);
 	l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
 	    secmodel_suser_system_cb, NULL);
 	l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
 	    secmodel_suser_process_cb, NULL);
 	l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
 @@ -231,27 +231,27 @@ secmodel_suser_generic_cb(kauth_cred_t c
 	bool isroot;
 	int result;
 	isroot = (kauth_cred_geteuid(cred) == 0);
 	result = KAUTH_RESULT_DEFER;
 	switch (action) {
 	case KAUTH_GENERIC_ISSUSER:
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_GENERIC_CANSEE:
-		if (!secmodel_bsd44_curtain)
+		if (!secmodel_suser_curtain)
 			result = KAUTH_RESULT_ALLOW;
 		else if (isroot || kauth_cred_uidmatch(cred, arg0))
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	default:
 		break;
+	}
 	return (result);
+}
 @@ -515,27 +515,27 @@ secmodel_suser_process_cb(kauth_cred_t c
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_PROCESS_CANSEE: {
 		unsigned long req;
 		req = (unsigned long)arg1;
 		switch (req) {
 		case KAUTH_REQ_PROCESS_CANSEE_ARGS:
 		case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
 		case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
-			if (!secmodel_bsd44_curtain)
+			if (!secmodel_suser_curtain)
 				result = KAUTH_RESULT_ALLOW;
 			else if (isroot || kauth_cred_uidmatch(cred, p->p_cred))
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		case KAUTH_REQ_PROCESS_CANSEE_ENV:
 			if (!isroot &&
 			    (kauth_cred_getuid(cred) !=
 			     kauth_cred_getuid(p->p_cred) ||
 			    kauth_cred_getuid(cred) !=
 			     kauth_cred_getsvuid(p->p_cred)))
 				break;
 			else
 @@ -806,27 +806,27 @@ secmodel_suser_network_cb(kauth_cred_t c
 		case KAUTH_REQ_NETWORK_SOCKET_OPEN:
 		case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK:
 		case KAUTH_REQ_NETWORK_SOCKET_SETPRIV:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		case KAUTH_REQ_NETWORK_SOCKET_CANSEE:
 			if (isroot) {
 				result = KAUTH_RESULT_ALLOW;
 				break;
+			}
-			if (secmodel_bsd44_curtain) {
+			if (secmodel_suser_curtain) {
 				struct socket *so;
 				uid_t so_uid;
 				so = (struct socket *)arg1;
 				so_uid = so->so_uidinfo->ui_uid;
 				if (kauth_cred_geteuid(cred) != so_uid)
 					result = KAUTH_RESULT_DENY;
+			}
 			break;
 		default:
 			break;