| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: uipc_socket.c,v 1.192 2009/10/03 01:41:39 elad Exp $ */ | | 1 | /* $NetBSD: uipc_socket.c,v 1.193 2009/10/03 03:59:39 elad Exp $ */ |
2 | | | 2 | |
3 | /*- | | 3 | /*- |
4 | * Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc. | | 4 | * Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc. |
5 | * All rights reserved. | | 5 | * All rights reserved. |
6 | * | | 6 | * |
7 | * This code is derived from software contributed to The NetBSD Foundation | | 7 | * This code is derived from software contributed to The NetBSD Foundation |
8 | * by Jason R. Thorpe of Wasabi Systems, Inc, and by Andrew Doran. | | 8 | * by Jason R. Thorpe of Wasabi Systems, Inc, and by Andrew Doran. |
9 | * | | 9 | * |
10 | * Redistribution and use in source and binary forms, with or without | | 10 | * Redistribution and use in source and binary forms, with or without |
11 | * modification, are permitted provided that the following conditions | | 11 | * modification, are permitted provided that the following conditions |
12 | * are met: | | 12 | * are met: |
13 | * 1. Redistributions of source code must retain the above copyright | | 13 | * 1. Redistributions of source code must retain the above copyright |
14 | * notice, this list of conditions and the following disclaimer. | | 14 | * notice, this list of conditions and the following disclaimer. |
| @@ -53,27 +53,27 @@ | | | @@ -53,27 +53,27 @@ |
53 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | | 53 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
54 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 54 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
55 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | | 55 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
56 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | | 56 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
57 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | 57 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
58 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 58 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
59 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 59 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
60 | * SUCH DAMAGE. | | 60 | * SUCH DAMAGE. |
61 | * | | 61 | * |
62 | * @(#)uipc_socket.c 8.6 (Berkeley) 5/2/95 | | 62 | * @(#)uipc_socket.c 8.6 (Berkeley) 5/2/95 |
63 | */ | | 63 | */ |
64 | | | 64 | |
65 | #include <sys/cdefs.h> | | 65 | #include <sys/cdefs.h> |
66 | __KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.192 2009/10/03 01:41:39 elad Exp $"); | | 66 | __KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.193 2009/10/03 03:59:39 elad Exp $"); |
67 | | | 67 | |
68 | #include "opt_compat_netbsd.h" | | 68 | #include "opt_compat_netbsd.h" |
69 | #include "opt_sock_counters.h" | | 69 | #include "opt_sock_counters.h" |
70 | #include "opt_sosend_loan.h" | | 70 | #include "opt_sosend_loan.h" |
71 | #include "opt_mbuftrace.h" | | 71 | #include "opt_mbuftrace.h" |
72 | #include "opt_somaxkva.h" | | 72 | #include "opt_somaxkva.h" |
73 | #include "opt_multiprocessor.h" /* XXX */ | | 73 | #include "opt_multiprocessor.h" /* XXX */ |
74 | | | 74 | |
75 | #include <sys/param.h> | | 75 | #include <sys/param.h> |
76 | #include <sys/systm.h> | | 76 | #include <sys/systm.h> |
77 | #include <sys/proc.h> | | 77 | #include <sys/proc.h> |
78 | #include <sys/file.h> | | 78 | #include <sys/file.h> |
79 | #include <sys/filedesc.h> | | 79 | #include <sys/filedesc.h> |
| @@ -430,30 +430,35 @@ getsombuf(struct socket *so, int type) | | | @@ -430,30 +430,35 @@ getsombuf(struct socket *so, int type) |
430 | return m; | | 430 | return m; |
431 | } | | 431 | } |
432 | | | 432 | |
433 | static int | | 433 | static int |
434 | socket_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, | | 434 | socket_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, |
435 | void *arg0, void *arg1, void *arg2, void *arg3) | | 435 | void *arg0, void *arg1, void *arg2, void *arg3) |
436 | { | | 436 | { |
437 | int result; | | 437 | int result; |
438 | enum kauth_network_req req; | | 438 | enum kauth_network_req req; |
439 | | | 439 | |
440 | result = KAUTH_RESULT_DEFER; | | 440 | result = KAUTH_RESULT_DEFER; |
441 | req = (enum kauth_network_req)arg0; | | 441 | req = (enum kauth_network_req)arg0; |
442 | | | 442 | |
443 | if (action != KAUTH_NETWORK_SOCKET) | | 443 | if ((action != KAUTH_NETWORK_SOCKET) && |
| | | 444 | (action != KAUTH_NETWORK_BIND)) |
444 | return result; | | 445 | return result; |
445 | | | 446 | |
446 | switch (req) { | | 447 | switch (req) { |
| | | 448 | case KAUTH_REQ_NETWORK_BIND_PORT: |
| | | 449 | result = KAUTH_RESULT_ALLOW; |
| | | 450 | break; |
| | | 451 | |
447 | case KAUTH_REQ_NETWORK_SOCKET_DROP: { | | 452 | case KAUTH_REQ_NETWORK_SOCKET_DROP: { |
448 | /* Normal users can only drop their own connections. */ | | 453 | /* Normal users can only drop their own connections. */ |
449 | struct socket *so = (struct socket *)arg1; | | 454 | struct socket *so = (struct socket *)arg1; |
450 | uid_t sockuid = so->so_uidinfo->ui_uid; | | 455 | uid_t sockuid = so->so_uidinfo->ui_uid; |
451 | | | 456 | |
452 | if (sockuid == kauth_cred_getuid(cred) || | | 457 | if (sockuid == kauth_cred_getuid(cred) || |
453 | sockuid == kauth_cred_geteuid(cred)) | | 458 | sockuid == kauth_cred_geteuid(cred)) |
454 | result = KAUTH_RESULT_ALLOW; | | 459 | result = KAUTH_RESULT_ALLOW; |
455 | | | 460 | |
456 | break; | | 461 | break; |
457 | } | | 462 | } |
458 | | | 463 | |
459 | case KAUTH_REQ_NETWORK_SOCKET_OPEN: | | 464 | case KAUTH_REQ_NETWORK_SOCKET_OPEN: |