Load entropy at system boot (only works at securelevel < 1); save at system shutdown. Disable with random_seed=NO in rc.conf if desired. Goes to some trouble to never load or save to network filesystems. Entropy should really be loaded by the boot loader but I am still sorting out how to pass it to the kernel.diff -r1.225 -r1.226 src/distrib/sets/lists/etc/mi
(tls)
--- src/distrib/sets/lists/etc/mi 2011/09/06 21:32:30 1.225
+++ src/distrib/sets/lists/etc/mi 2011/11/23 10:47:49 1.226
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | # $NetBSD: mi,v 1.225 2011/09/06 21:32:30 riz Exp $ | 1 | # $NetBSD: mi,v 1.226 2011/11/23 10:47:49 tls Exp $ | |
2 | # | 2 | # | |
3 | # Note: end-user configuration files that are moved to another location | 3 | # Note: end-user configuration files that are moved to another location | |
4 | # should not be marked "obsolete"; they should just be removed from | 4 | # should not be marked "obsolete"; they should just be removed from | |
5 | # the set list, a custom fix should be added to postinstall(8), and | 5 | # the set list, a custom fix should be added to postinstall(8), and | |
6 | # an item should be added to src/UPDATING for MKUPDATE=yes users. | 6 | # an item should be added to src/UPDATING for MKUPDATE=yes users. | |
7 | # This is an exception to the general rule that moved/removed files | 7 | # This is an exception to the general rule that moved/removed files | |
8 | # are marked as "obsolete", because we don't want to arbitrarily | 8 | # are marked as "obsolete", because we don't want to arbitrarily | |
9 | # remove end-user configuration files. | 9 | # remove end-user configuration files. | |
10 | # | 10 | # | |
11 | ./.cshrc etc-util-etc | 11 | ./.cshrc etc-util-etc | |
12 | ./.profile etc-util-etc | 12 | ./.profile etc-util-etc | |
13 | ./dev/MAKEDEV etc-sys-etc | 13 | ./dev/MAKEDEV etc-sys-etc | |
14 | ./dev/MAKEDEV.local etc-sys-etc | 14 | ./dev/MAKEDEV.local etc-sys-etc | |
@@ -244,26 +244,27 @@ | @@ -244,26 +244,27 @@ | |||
244 | ./etc/rc.d/perusertmp etc-sys-rc | 244 | ./etc/rc.d/perusertmp etc-sys-rc | |
245 | ./etc/rc.d/pf etc-net-rc | 245 | ./etc/rc.d/pf etc-net-rc | |
246 | ./etc/rc.d/pf_boot etc-net-rc | 246 | ./etc/rc.d/pf_boot etc-net-rc | |
247 | ./etc/rc.d/pflogd etc-net-rc | 247 | ./etc/rc.d/pflogd etc-net-rc | |
248 | ./etc/rc.d/poffd etc-obsolete obsolete | 248 | ./etc/rc.d/poffd etc-obsolete obsolete | |
249 | ./etc/rc.d/postfix etc-postfix-rc | 249 | ./etc/rc.d/postfix etc-postfix-rc | |
250 | ./etc/rc.d/powerd etc-sysutil-rc | 250 | ./etc/rc.d/powerd etc-sysutil-rc | |
251 | ./etc/rc.d/ppp etc-ppp-rc | 251 | ./etc/rc.d/ppp etc-ppp-rc | |
252 | ./etc/rc.d/pwcheck etc-sys-rc | 252 | ./etc/rc.d/pwcheck etc-sys-rc | |
253 | ./etc/rc.d/quota etc-sys-rc | 253 | ./etc/rc.d/quota etc-sys-rc | |
254 | ./etc/rc.d/racoon etc-net-rc | 254 | ./etc/rc.d/racoon etc-net-rc | |
255 | ./etc/rc.d/raidframe etc-sys-rc | 255 | ./etc/rc.d/raidframe etc-sys-rc | |
256 | ./etc/rc.d/raidframeparity etc-sys-rc | 256 | ./etc/rc.d/raidframeparity etc-sys-rc | |
257 | ./etc/rc.d/random_seed etc-sys-rc | |||
257 | ./etc/rc.d/rarpd etc-bootserver-rc | 258 | ./etc/rc.d/rarpd etc-bootserver-rc | |
258 | ./etc/rc.d/rbootd etc-bootserver-rc | 259 | ./etc/rc.d/rbootd etc-bootserver-rc | |
259 | ./etc/rc.d/rndctl etc-sys-rc | 260 | ./etc/rc.d/rndctl etc-sys-rc | |
260 | ./etc/rc.d/root etc-sys-rc | 261 | ./etc/rc.d/root etc-sys-rc | |
261 | ./etc/rc.d/route6d etc-router-rc | 262 | ./etc/rc.d/route6d etc-router-rc | |
262 | ./etc/rc.d/routed etc-router-rc | 263 | ./etc/rc.d/routed etc-router-rc | |
263 | ./etc/rc.d/rpcbind etc-rpcbind-rc | 264 | ./etc/rc.d/rpcbind etc-rpcbind-rc | |
264 | ./etc/rc.d/rtadvd etc-net-rc | 265 | ./etc/rc.d/rtadvd etc-net-rc | |
265 | ./etc/rc.d/rtclocaltime etc-sys-rc | 266 | ./etc/rc.d/rtclocaltime etc-sys-rc | |
266 | ./etc/rc.d/rtsold etc-net-rc | 267 | ./etc/rc.d/rtsold etc-net-rc | |
267 | ./etc/rc.d/rwho etc-net-rc | 268 | ./etc/rc.d/rwho etc-net-rc | |
268 | ./etc/rc.d/savecore etc-sys-rc | 269 | ./etc/rc.d/savecore etc-sys-rc | |
269 | ./etc/rc.d/screenblank etc-sys-rc | 270 | ./etc/rc.d/screenblank etc-sys-rc |
--- src/etc/defaults/rc.conf 2011/11/21 20:56:21 1.116
+++ src/etc/defaults/rc.conf 2011/11/23 10:47:48 1.117
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | # $NetBSD: rc.conf,v 1.116 2011/11/21 20:56:21 darcy Exp $ | 1 | # $NetBSD: rc.conf,v 1.117 2011/11/23 10:47:48 tls Exp $ | |
2 | # | 2 | # | |
3 | # /etc/defaults/rc.conf -- | 3 | # /etc/defaults/rc.conf -- | |
4 | # default configuration of /etc/rc.conf | 4 | # default configuration of /etc/rc.conf | |
5 | # | 5 | # | |
6 | # see rc.conf(5) for more information. | 6 | # see rc.conf(5) for more information. | |
7 | # | 7 | # | |
8 | # DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE. | 8 | # DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE. | |
9 | # EDIT /etc/rc.conf INSTEAD. | 9 | # EDIT /etc/rc.conf INSTEAD. | |
10 | # | 10 | # | |
11 | 11 | |||
12 | # | 12 | # | |
13 | # Use program=YES to enable program, NO to disable it. program_flags are | 13 | # Use program=YES to enable program, NO to disable it. program_flags are | |
14 | # passed to the program on the command line. | 14 | # passed to the program on the command line. | |
@@ -352,13 +352,16 @@ mixerctl=NO mixerctl_mixers="" # "mixer | @@ -352,13 +352,16 @@ mixerctl=NO mixerctl_mixers="" # "mixer | |||
352 | 352 | |||
353 | # Vi recovery notification. Vi(1)'s -r option can recover files which were | 353 | # Vi recovery notification. Vi(1)'s -r option can recover files which were | |
354 | # accidentally closed. See vi(1) for more details. | 354 | # accidentally closed. See vi(1) for more details. | |
355 | # | 355 | # | |
356 | virecover=YES | 356 | virecover=YES | |
357 | 357 | |||
358 | # Veriexec signature loading. | 358 | # Veriexec signature loading. | |
359 | # | 359 | # | |
360 | veriexec=NO | 360 | veriexec=NO | |
361 | veriexec_strict=0 | 361 | veriexec_strict=0 | |
362 | veriexec_verbose=0 | 362 | veriexec_verbose=0 | |
363 | veriexec_flags="-k" | 363 | veriexec_flags="-k" | |
364 | 364 | |||
365 | # Entropy load/save to/from /dev/random at startup/shutdown | |||
366 | # | |||
367 | random_seed=YES |
--- src/etc/rc.d/Makefile 2011/09/06 21:32:29 1.85
+++ src/etc/rc.d/Makefile 2011/11/23 10:47:48 1.86
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | # $NetBSD: Makefile,v 1.85 2011/09/06 21:32:29 riz Exp $ | 1 | # $NetBSD: Makefile,v 1.86 2011/11/23 10:47:48 tls Exp $ | |
2 | 2 | |||
3 | .include <bsd.own.mk> | 3 | .include <bsd.own.mk> | |
4 | 4 | |||
5 | # | 5 | # | |
6 | # NOTE: | 6 | # NOTE: | |
7 | # | 7 | # | |
8 | # If you're adding new scripts, don't forget to update following: | 8 | # If you're adding new scripts, don't forget to update following: | |
9 | # src/distrib/sets/lists/etc/mi | 9 | # src/distrib/sets/lists/etc/mi | |
10 | # src/etc/mtree/special | 10 | # src/etc/mtree/special | |
11 | # src/usr.sbin/postinstall/postinstall | 11 | # src/usr.sbin/postinstall/postinstall | |
12 | # | 12 | # | |
13 | # You can find a script to visualize the dependency graph in | 13 | # You can find a script to visualize the dependency graph in | |
14 | # src/sbin/rcorder. | 14 | # src/sbin/rcorder. | |
@@ -21,28 +21,29 @@ CONFIGFILES=\ | @@ -21,28 +21,29 @@ CONFIGFILES=\ | |||
21 | dhclient dhcpcd dhcpd dhcrelay dmesg downinterfaces envsys \ | 21 | dhclient dhcpcd dhcpd dhcrelay dmesg downinterfaces envsys \ | |
22 | fsck fsck_root ftp_proxy ftpd \ | 22 | fsck fsck_root ftp_proxy ftpd \ | |
23 | gpio \ | 23 | gpio \ | |
24 | hostapd httpd \ | 24 | hostapd httpd \ | |
25 | identd ifwatchd inetd ipfilter ipfs ipmon ipnat ipsec \ | 25 | identd ifwatchd inetd ipfilter ipfs ipmon ipnat ipsec \ | |
26 | irdaattach iscsi_target isdnd \ | 26 | irdaattach iscsi_target isdnd \ | |
27 | kdc \ | 27 | kdc \ | |
28 | ldconfig ldpd local lpd lvm \ | 28 | ldconfig ldpd local lpd lvm \ | |
29 | mdnsd mixerctl mopd motd mountall mountcritlocal \ | 29 | mdnsd mixerctl mopd motd mountall mountcritlocal \ | |
30 | mountcritremote mountd moused mrouted \ | 30 | mountcritremote mountd moused mrouted \ | |
31 | named ndbootd network newsyslog nfsd nfslocking npf ntpd ntpdate \ | 31 | named ndbootd network newsyslog nfsd nfslocking npf ntpd ntpdate \ | |
32 | perusertmp pf pf_boot pflogd postfix powerd ppp pwcheck \ | 32 | perusertmp pf pf_boot pflogd postfix powerd ppp pwcheck \ | |
33 | quota \ | 33 | quota \ | |
34 | racoon rpcbind raidframe raidframeparity rarpd rbootd rndctl \ | 34 | racoon rpcbind raidframe raidframeparity random_seed rarpd \ | |
35 | root route6d routed rtadvd rtclocaltime rtsold rwho \ | 35 | rbootd rndctl root route6d routed rtadvd rtclocaltime \ | |
36 | rtsold rwho \ | |||
36 | savecore screenblank securelevel sshd \ | 37 | savecore screenblank securelevel sshd \ | |
37 | staticroute swap1 swap2 sysctl sysdb syslogd \ | 38 | staticroute swap1 swap2 sysctl sysdb syslogd \ | |
38 | timed tpctl ttys \ | 39 | timed tpctl ttys \ | |
39 | veriexec virecover wdogctl wpa_supplicant wscons wsmoused \ | 40 | veriexec virecover wdogctl wpa_supplicant wscons wsmoused \ | |
40 | ypbind yppasswdd ypserv | 41 | ypbind yppasswdd ypserv | |
41 | FILESDIR= /etc/rc.d | 42 | FILESDIR= /etc/rc.d | |
42 | FILESMODE= ${BINMODE} | 43 | FILESMODE= ${BINMODE} | |
43 | 44 | |||
44 | .if ${MKX11} != "no" | 45 | .if ${MKX11} != "no" | |
45 | CONFIGFILES+= xdm xfs fccache | 46 | CONFIGFILES+= xdm xfs fccache | |
46 | FILESBUILD_xdm= yes | 47 | FILESBUILD_xdm= yes | |
47 | FILESBUILD_xfs= yes | 48 | FILESBUILD_xfs= yes | |
48 | FILESBUILD_fccache= yes | 49 | FILESBUILD_fccache= yes |
#!/bin/sh
#
# $NetBSD: random_seed,v 1.1 2011/11/23 10:47:48 tls Exp $
#
# PROVIDE: random_seed
# REQUIRE: mountcritlocal
# BEFORE: securelevel
# KEYWORD: shutdown
$_rc_subr_loaded . /etc/rc.subr
name="random_seed"
rcvar=$name
start_cmd="random_load"
stop_cmd="random_save"
random_file=${random_file:-/var/db/entropy-file}
fs_safe()
{
#
# Enforce that the file's on a local filesystem.
# Include only the types we can actually write.
#
fstype=$(df -G $1 | awk '$2 == "fstype" {print $1}')
case $fstype in
ffs)
return 0
;;
lfs)
return 0
;;
ext2fs)
return 0;
;;
msdosfs)
return 0;
;;
v7fs)
return 0;
;;
esac
return 1
}
random_load()
{
if [ -f $random_file ]; then
if ! fs_safe $(dirname ${random_file}); then
return 1
fi
eval $(stat -s ${random_file})
# The file must be owned by root,
if [ "$st_uid" != "0" ]; then
return 1
fi
# and root read/write only.
if [ "$(echo $st_mode | tail -c4)" != "600" ]; then
return 1
fi
if rndctl -L ${random_file}; then
echo "Loaded entropy from disk."
fi
fi
}
random_save()
{
oum=$(umask)
umask 077
rm -Pf ${random_file}
if ! fs_safe $(dirname ${random_file}); then
return 1
fi
if rndctl -S ${random_file}; then
echo "Saved entropy to disk."
fi
}
load_rc_config $name
run_rc_command "$1"
--- src/sbin/rndctl/rndctl.8 2011/10/01 02:55:00 1.18
+++ src/sbin/rndctl/rndctl.8 2011/11/23 10:47:49 1.19
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | .\" $NetBSD: rndctl.8,v 1.18 2011/10/01 02:55:00 pgoyette Exp $ | 1 | .\" $NetBSD: rndctl.8,v 1.19 2011/11/23 10:47:49 tls Exp $ | |
2 | .\" | 2 | .\" | |
3 | .\" Copyright (c) 1997 Michael Graff | 3 | .\" Copyright (c) 1997 Michael Graff | |
4 | .\" All rights reserved. | 4 | .\" All rights reserved. | |
5 | .\" | 5 | .\" | |
6 | .\" Redistribution and use in source and binary forms, with or without | 6 | .\" Redistribution and use in source and binary forms, with or without | |
7 | .\" modification, are permitted provided that the following conditions | 7 | .\" modification, are permitted provided that the following conditions | |
8 | .\" are met: | 8 | .\" are met: | |
9 | .\" 1. Redistributions of source code must retain the above copyright | 9 | .\" 1. Redistributions of source code must retain the above copyright | |
10 | .\" notice, this list of conditions and the following disclaimer. | 10 | .\" notice, this list of conditions and the following disclaimer. | |
11 | .\" 2. Redistributions in binary form must reproduce the above copyright | 11 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
12 | .\" notice, this list of conditions and the following disclaimer in the | 12 | .\" notice, this list of conditions and the following disclaimer in the | |
13 | .\" documentation and/or other materials provided with the distribution. | 13 | .\" documentation and/or other materials provided with the distribution. | |
14 | .\" 3. The name of the author may not be used to endorse or promote products | 14 | .\" 3. The name of the author may not be used to endorse or promote products | |
@@ -29,26 +29,30 @@ | @@ -29,26 +29,30 @@ | |||
29 | .Dd January 4, 2009 | 29 | .Dd January 4, 2009 | |
30 | .Dt RNDCTL 8 | 30 | .Dt RNDCTL 8 | |
31 | .Os | 31 | .Os | |
32 | .Sh NAME | 32 | .Sh NAME | |
33 | .Nm rndctl | 33 | .Nm rndctl | |
34 | .Nd in-kernel random number generator management tool | 34 | .Nd in-kernel random number generator management tool | |
35 | .Sh SYNOPSIS | 35 | .Sh SYNOPSIS | |
36 | .Nm | 36 | .Nm | |
37 | .Fl CcEe | 37 | .Fl CcEe | |
38 | .Op Fl d Ar devname | Fl t Ar devtype | 38 | .Op Fl d Ar devname | Fl t Ar devtype | |
39 | .Nm | 39 | .Nm | |
40 | .Fl ls | 40 | .Fl ls | |
41 | .Op Fl d Ar devname | Fl t Ar devtype | 41 | .Op Fl d Ar devname | Fl t Ar devtype | |
42 | .Nm | |||
43 | .Fl L Ar save-file | |||
44 | .Nm | |||
45 | .Fl S Ar save-file | |||
42 | .Sh DESCRIPTION | 46 | .Sh DESCRIPTION | |
43 | The | 47 | The | |
44 | .Nm | 48 | .Nm | |
45 | program displays statistics on the current state of the | 49 | program displays statistics on the current state of the | |
46 | .Xr rnd 4 | 50 | .Xr rnd 4 | |
47 | pseudo-driver, and allows the administrator to control which sources | 51 | pseudo-driver, and allows the administrator to control which sources | |
48 | are allowed to contribute to the randomness pool maintained by | 52 | are allowed to contribute to the randomness pool maintained by | |
49 | .Xr rnd 4 , | 53 | .Xr rnd 4 , | |
50 | as well as whether a given source counts as strongly random. | 54 | as well as whether a given source counts as strongly random. | |
51 | .Pp | 55 | .Pp | |
52 | The following options are available: | 56 | The following options are available: | |
53 | .Bl -tag -width 123456 | 57 | .Bl -tag -width 123456 | |
54 | .It Fl C | 58 | .It Fl C | |
@@ -94,26 +98,37 @@ This is mutually exclusive with | @@ -94,26 +98,37 @@ This is mutually exclusive with | |||
94 | The available types are: | 98 | The available types are: | |
95 | .Bl -tag -width "diskx" | 99 | .Bl -tag -width "diskx" | |
96 | .It Ic disk | 100 | .It Ic disk | |
97 | Physical hard drives. | 101 | Physical hard drives. | |
98 | .It Ic net | 102 | .It Ic net | |
99 | Network interfaces. | 103 | Network interfaces. | |
100 | .It Ic tape | 104 | .It Ic tape | |
101 | Tape devices. | 105 | Tape devices. | |
102 | .It Ic tty | 106 | .It Ic tty | |
103 | Terminal, mouse, or other user input devices. | 107 | Terminal, mouse, or other user input devices. | |
104 | .It Ic rng | 108 | .It Ic rng | |
105 | Random number generators. | 109 | Random number generators. | |
106 | .El | 110 | .El | |
111 | .It Fl L | |||
112 | Load saved entropy from file | |||
113 | .Ar save-file , | |||
114 | which will be overwritten and deleted before the entropy is loaded into | |||
115 | the kernel. | |||
116 | .It Fl S | |||
117 | Save entropy pool to file | |||
118 | .Ar save-file . | |||
119 | The file format is specific to | |||
120 | .Nm | |||
121 | and includes an estimate of the amount of saved entropy and a checksum. | |||
107 | .El | 122 | .El | |
108 | .Sh FILES | 123 | .Sh FILES | |
109 | .Bl -tag -width /dev/urandomx -compact | 124 | .Bl -tag -width /dev/urandomx -compact | |
110 | .It Pa /dev/random | 125 | .It Pa /dev/random | |
111 | Returns | 126 | Returns | |
112 | .Dq good | 127 | .Dq good | |
113 | values only. | 128 | values only. | |
114 | .It Pa /dev/urandom | 129 | .It Pa /dev/urandom | |
115 | Always returns data, degenerates to a pseudo-random generator. | 130 | Always returns data, degenerates to a pseudo-random generator. | |
116 | .El | 131 | .El | |
117 | .Sh SEE ALSO | 132 | .Sh SEE ALSO | |
118 | .Xr rnd 4 , | 133 | .Xr rnd 4 , | |
119 | .Xr rnd 9 | 134 | .Xr rnd 9 |
--- src/sbin/rndctl/rndctl.c 2011/08/27 18:48:59 1.20
+++ src/sbin/rndctl/rndctl.c 2011/11/23 10:47:49 1.21
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: rndctl.c,v 1.20 2011/08/27 18:48:59 joerg Exp $ */ | 1 | /* $NetBSD: rndctl.c,v 1.21 2011/11/23 10:47:49 tls Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 1997 Michael Graff. | 4 | * Copyright (c) 1997 Michael Graff. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -19,45 +19,54 @@ | @@ -19,45 +19,54 @@ | |||
19 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 19 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
20 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 20 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
21 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 21 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
22 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 22 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
23 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | 23 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | |
24 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | 24 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
25 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED | 25 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED | |
26 | * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | 26 | * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | |
27 | * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 27 | * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
28 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 28 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
29 | * SUCH DAMAGE. | 29 | * SUCH DAMAGE. | |
30 | */ | 30 | */ | |
31 | #include <sys/cdefs.h> | 31 | #include <sys/cdefs.h> | |
32 | #include <sys/types.h> | |||
33 | #include <sha1.h> | |||
32 | 34 | |||
33 | #ifndef lint | 35 | #ifndef lint | |
34 | __RCSID("$NetBSD: rndctl.c,v 1.20 2011/08/27 18:48:59 joerg Exp $"); | 36 | __RCSID("$NetBSD: rndctl.c,v 1.21 2011/11/23 10:47:49 tls Exp $"); | |
35 | #endif | 37 | #endif | |
36 | 38 | |||
37 | 39 | |||
38 | #include <sys/types.h> | 40 | #include <sys/types.h> | |
39 | #include <sys/ioctl.h> | 41 | #include <sys/ioctl.h> | |
42 | #include <sys/param.h> | |||
40 | #include <sys/rnd.h> | 43 | #include <sys/rnd.h> | |
41 | 44 | |||
42 | #include <stdio.h> | 45 | #include <stdio.h> | |
43 | #include <stdlib.h> | 46 | #include <stdlib.h> | |
44 | #include <unistd.h> | 47 | #include <unistd.h> | |
45 | #include <fcntl.h> | 48 | #include <fcntl.h> | |
46 | #include <errno.h> | 49 | #include <errno.h> | |
47 | #include <err.h> | 50 | #include <err.h> | |
48 | #include <string.h> | 51 | #include <string.h> | |
49 | 52 | |||
50 | typedef struct { | 53 | typedef struct { | |
54 | uint32_t entropy; | |||
55 | uint8_t data[RND_POOLWORDS * sizeof(uint32_t)]; | |||
56 | uint8_t digest[SHA1_DIGEST_LENGTH]; | |||
57 | } rndsave_t; | |||
58 | ||||
59 | typedef struct { | |||
51 | const char *a_name; | 60 | const char *a_name; | |
52 | u_int32_t a_type; | 61 | u_int32_t a_type; | |
53 | } arg_t; | 62 | } arg_t; | |
54 | 63 | |||
55 | static const arg_t source_types[] = { | 64 | static const arg_t source_types[] = { | |
56 | { "???", RND_TYPE_UNKNOWN }, | 65 | { "???", RND_TYPE_UNKNOWN }, | |
57 | { "disk", RND_TYPE_DISK }, | 66 | { "disk", RND_TYPE_DISK }, | |
58 | { "net", RND_TYPE_NET }, | 67 | { "net", RND_TYPE_NET }, | |
59 | { "tape", RND_TYPE_TAPE }, | 68 | { "tape", RND_TYPE_TAPE }, | |
60 | { "tty", RND_TYPE_TTY }, | 69 | { "tty", RND_TYPE_TTY }, | |
61 | { "rng", RND_TYPE_RNG }, | 70 | { "rng", RND_TYPE_RNG }, | |
62 | { NULL, 0 } | 71 | { NULL, 0 } | |
63 | }; | 72 | }; | |
@@ -68,26 +77,27 @@ static const char *find_name(u_int32_t); | @@ -68,26 +77,27 @@ static const char *find_name(u_int32_t); | |||
68 | static void do_ioctl(rndctl_t *); | 77 | static void do_ioctl(rndctl_t *); | |
69 | static char * strflags(u_int32_t); | 78 | static char * strflags(u_int32_t); | |
70 | static void do_list(int, u_int32_t, char *); | 79 | static void do_list(int, u_int32_t, char *); | |
71 | static void do_stats(void); | 80 | static void do_stats(void); | |
72 | 81 | |||
73 | static void | 82 | static void | |
74 | usage(void) | 83 | usage(void) | |
75 | { | 84 | { | |
76 | 85 | |||
77 | fprintf(stderr, "usage: %s -CEce [-d devname | -t devtype]\n", | 86 | fprintf(stderr, "usage: %s -CEce [-d devname | -t devtype]\n", | |
78 | getprogname()); | 87 | getprogname()); | |
79 | fprintf(stderr, " %s -ls [-d devname | -t devtype]\n", | 88 | fprintf(stderr, " %s -ls [-d devname | -t devtype]\n", | |
80 | getprogname()); | 89 | getprogname()); | |
90 | fprintf(stderr, " %s -[L|S] save-file\n", getprogname()); | |||
81 | exit(1); | 91 | exit(1); | |
82 | } | 92 | } | |
83 | 93 | |||
84 | static u_int32_t | 94 | static u_int32_t | |
85 | find_type(const char *name) | 95 | find_type(const char *name) | |
86 | { | 96 | { | |
87 | const arg_t *a; | 97 | const arg_t *a; | |
88 | 98 | |||
89 | a = source_types; | 99 | a = source_types; | |
90 | 100 | |||
91 | while (a->a_name != NULL) { | 101 | while (a->a_name != NULL) { | |
92 | if (strcmp(a->a_name, name) == 0) | 102 | if (strcmp(a->a_name, name) == 0) | |
93 | return (a->a_type); | 103 | return (a->a_type); | |
@@ -106,26 +116,134 @@ find_name(u_int32_t type) | @@ -106,26 +116,134 @@ find_name(u_int32_t type) | |||
106 | a = source_types; | 116 | a = source_types; | |
107 | 117 | |||
108 | while (a->a_name != NULL) { | 118 | while (a->a_name != NULL) { | |
109 | if (type == a->a_type) | 119 | if (type == a->a_type) | |
110 | return (a->a_name); | 120 | return (a->a_name); | |
111 | a++; | 121 | a++; | |
112 | } | 122 | } | |
113 | 123 | |||
114 | warnx("device type %u unknown", type); | 124 | warnx("device type %u unknown", type); | |
115 | return ("???"); | 125 | return ("???"); | |
116 | } | 126 | } | |
117 | 127 | |||
118 | static void | 128 | static void | |
129 | do_save(const char *const filename) | |||
130 | { | |||
131 | int est1, est2; | |||
132 | rndpoolstat_t rp; | |||
133 | rndsave_t rs; | |||
134 | SHA1_CTX s; | |||
135 | ||||
136 | int fd; | |||
137 | ||||
138 | fd = open("/dev/urandom", O_RDONLY, 0644); | |||
139 | if (fd < 0) { | |||
140 | err(1, "device open"); | |||
141 | } | |||
142 | ||||
143 | if (ioctl(fd, RNDGETPOOLSTAT, &rp) < 0) { | |||
144 | err(1, "ioctl(RNDGETPOOLSTAT)"); | |||
145 | } | |||
146 | ||||
147 | est1 = rp.curentropy; | |||
148 | ||||
149 | if (read(fd, rs.data, sizeof(rs.data)) != sizeof(rs.data)) { | |||
150 | err(1, "entropy read"); | |||
151 | } | |||
152 | ||||
153 | if (ioctl(fd, RNDGETPOOLSTAT, &rp) < 0) { | |||
154 | err(1, "ioctl(RNDGETPOOLSTAT)"); | |||
155 | } | |||
156 | ||||
157 | est2 = rp.curentropy; | |||
158 | ||||
159 | if (est1 - est2 < 0) { | |||
160 | rs.entropy = 0; | |||
161 | } else { | |||
162 | rs.entropy = est1 - est2; | |||
163 | } | |||
164 | ||||
165 | SHA1Init(&s); | |||
166 | SHA1Update(&s, (uint8_t *)&rs.entropy, sizeof(rs.entropy)); | |||
167 | SHA1Update(&s, rs.data, sizeof(rs.data)); | |||
168 | SHA1Final(rs.digest, &s); | |||
169 | ||||
170 | close(fd); | |||
171 | unlink(filename); | |||
172 | fd = open(filename, O_CREAT|O_EXCL|O_WRONLY, 0600); | |||
173 | if (fd < 0) { | |||
174 | err(1, "output open"); | |||
175 | } | |||
176 | ||||
177 | if (write(fd, &rs, sizeof(rs)) != sizeof(rs)) { | |||
178 | unlink(filename); | |||
179 | fsync_range(fd, FDATASYNC|FDISKSYNC, (off_t)0, (off_t)0); | |||
180 | err(1, "write"); | |||
181 | } | |||
182 | fsync_range(fd, FDATASYNC|FDISKSYNC, (off_t)0, (off_t)0); | |||
183 | close(fd); | |||
184 | } | |||
185 | ||||
186 | static void | |||
187 | do_load(const char *const filename) | |||
188 | { | |||
189 | int fd; | |||
190 | rndsave_t rs; | |||
191 | rnddata_t rd; | |||
192 | SHA1_CTX s; | |||
193 | uint8_t digest[SHA1_DIGEST_LENGTH]; | |||
194 | ||||
195 | fd = open(filename, O_RDWR, 0600); | |||
196 | if (fd < 0) { | |||
197 | err(1, "input open"); | |||
198 | } | |||
199 | ||||
200 | unlink(filename); | |||
201 | ||||
202 | if (read(fd, &rs, sizeof(rs)) != sizeof(rs)) { | |||
203 | err(1, "read"); | |||
204 | } | |||
205 | ||||
206 | if (write(fd, &rs, sizeof(rs) != sizeof(rs))) { | |||
207 | err(1, "overwrite"); | |||
208 | } | |||
209 | fsync_range(fd, FDATASYNC|FDISKSYNC, (off_t)0, (off_t)0); | |||
210 | close(fd); | |||
211 | ||||
212 | SHA1Init(&s); | |||
213 | SHA1Update(&s, (uint8_t *)&rs.entropy, sizeof(rs.entropy)); | |||
214 | SHA1Update(&s, rs.data, sizeof(rs.data)); | |||
215 | SHA1Final(digest, &s); | |||
216 | ||||
217 | if (memcmp(digest, rs.digest, sizeof(digest))) { | |||
218 | errx(1, "bad digest"); | |||
219 | } | |||
220 | ||||
221 | rd.len = MIN(sizeof(rd.data), sizeof(rs.data)); | |||
222 | rd.entropy = rs.entropy; | |||
223 | memcpy(rd.data, rs.data, MIN(sizeof(rd.data), sizeof(rs.data))); | |||
224 | ||||
225 | fd = open("/dev/urandom", O_RDWR, 0644); | |||
226 | if (fd < 0) { | |||
227 | err(1, "device open"); | |||
228 | } | |||
229 | ||||
230 | if (ioctl(fd, RNDADDDATA, &rd) < 0) { | |||
231 | err(1, "ioctl"); | |||
232 | } | |||
233 | close(fd); | |||
234 | } | |||
235 | ||||
236 | static void | |||
119 | do_ioctl(rndctl_t *rctl) | 237 | do_ioctl(rndctl_t *rctl) | |
120 | { | 238 | { | |
121 | int fd; | 239 | int fd; | |
122 | int res; | 240 | int res; | |
123 | 241 | |||
124 | fd = open("/dev/urandom", O_RDONLY, 0644); | 242 | fd = open("/dev/urandom", O_RDONLY, 0644); | |
125 | if (fd < 0) | 243 | if (fd < 0) | |
126 | err(1, "open"); | 244 | err(1, "open"); | |
127 | 245 | |||
128 | res = ioctl(fd, RNDCTL, rctl); | 246 | res = ioctl(fd, RNDCTL, rctl); | |
129 | if (res < 0) | 247 | if (res < 0) | |
130 | err(1, "ioctl(RNDCTL)"); | 248 | err(1, "ioctl(RNDCTL)"); | |
131 | 249 | |||
@@ -237,48 +355,61 @@ do_stats(void) | @@ -237,48 +355,61 @@ do_stats(void) | |||
237 | printf("\t%9u hard-random bits generated\n", rs.removed); | 355 | printf("\t%9u hard-random bits generated\n", rs.removed); | |
238 | printf("\t%9u pseudo-random bits generated\n", rs.generated); | 356 | printf("\t%9u pseudo-random bits generated\n", rs.generated); | |
239 | 357 | |||
240 | close(fd); | 358 | close(fd); | |
241 | } | 359 | } | |
242 | 360 | |||
243 | int | 361 | int | |
244 | main(int argc, char **argv) | 362 | main(int argc, char **argv) | |
245 | { | 363 | { | |
246 | rndctl_t rctl; | 364 | rndctl_t rctl; | |
247 | int ch, cmd, lflag, mflag, sflag; | 365 | int ch, cmd, lflag, mflag, sflag; | |
248 | u_int32_t type; | 366 | u_int32_t type; | |
249 | char name[16]; | 367 | char name[16]; | |
368 | const char *filename = NULL; | |||
250 | 369 | |||
251 | rctl.mask = 0; | 370 | rctl.mask = 0; | |
252 | rctl.flags = 0; | 371 | rctl.flags = 0; | |
253 | 372 | |||
254 | cmd = 0; | 373 | cmd = 0; | |
255 | lflag = 0; | 374 | lflag = 0; | |
256 | mflag = 0; | 375 | mflag = 0; | |
257 | sflag = 0; | 376 | sflag = 0; | |
258 | type = 0xff; | 377 | type = 0xff; | |
259 | 378 | |||
260 | while ((ch = getopt(argc, argv, "CEcelt:d:s")) != -1) { | 379 | while ((ch = getopt(argc, argv, "CES:L:celt:d:s")) != -1) { | |
261 | switch (ch) { | 380 | switch (ch) { | |
262 | case 'C': | 381 | case 'C': | |
263 | rctl.flags |= RND_FLAG_NO_COLLECT; | 382 | rctl.flags |= RND_FLAG_NO_COLLECT; | |
264 | rctl.mask |= RND_FLAG_NO_COLLECT; | 383 | rctl.mask |= RND_FLAG_NO_COLLECT; | |
265 | mflag++; | 384 | mflag++; | |
266 | break; | 385 | break; | |
267 | case 'E': | 386 | case 'E': | |
268 | rctl.flags |= RND_FLAG_NO_ESTIMATE; | 387 | rctl.flags |= RND_FLAG_NO_ESTIMATE; | |
269 | rctl.mask |= RND_FLAG_NO_ESTIMATE; | 388 | rctl.mask |= RND_FLAG_NO_ESTIMATE; | |
270 | mflag++; | 389 | mflag++; | |
271 | break; | 390 | break; | |
391 | case 'L': | |||
392 | if (cmd != 0) | |||
393 | usage(); | |||
394 | cmd = 'L'; | |||
395 | filename = optarg; | |||
396 | break; | |||
397 | case 'S': | |||
398 | if (cmd != 0) | |||
399 | usage(); | |||
400 | cmd = 'S'; | |||
401 | filename = optarg; | |||
402 | break; | |||
272 | case 'c': | 403 | case 'c': | |
273 | rctl.flags &= ~RND_FLAG_NO_COLLECT; | 404 | rctl.flags &= ~RND_FLAG_NO_COLLECT; | |
274 | rctl.mask |= RND_FLAG_NO_COLLECT; | 405 | rctl.mask |= RND_FLAG_NO_COLLECT; | |
275 | mflag++; | 406 | mflag++; | |
276 | break; | 407 | break; | |
277 | case 'e': | 408 | case 'e': | |
278 | rctl.flags &= ~RND_FLAG_NO_ESTIMATE; | 409 | rctl.flags &= ~RND_FLAG_NO_ESTIMATE; | |
279 | rctl.mask |= RND_FLAG_NO_ESTIMATE; | 410 | rctl.mask |= RND_FLAG_NO_ESTIMATE; | |
280 | mflag++; | 411 | mflag++; | |
281 | break; | 412 | break; | |
282 | case 'l': | 413 | case 'l': | |
283 | lflag++; | 414 | lflag++; | |
284 | break; | 415 | break; | |
@@ -305,26 +436,42 @@ main(int argc, char **argv) | @@ -305,26 +436,42 @@ main(int argc, char **argv) | |||
305 | usage(); | 436 | usage(); | |
306 | } | 437 | } | |
307 | } | 438 | } | |
308 | argc -= optind; | 439 | argc -= optind; | |
309 | argv += optind; | 440 | argv += optind; | |
310 | 441 | |||
311 | /* | 442 | /* | |
312 | * No leftover non-option arguments. | 443 | * No leftover non-option arguments. | |
313 | */ | 444 | */ | |
314 | if (argc > 0) | 445 | if (argc > 0) | |
315 | usage(); | 446 | usage(); | |
316 | 447 | |||
317 | /* | 448 | /* | |
449 | * Save. | |||
450 | */ | |||
451 | if (cmd == 'S') { | |||
452 | do_save(filename); | |||
453 | exit(0); | |||
454 | } | |||
455 | ||||
456 | /* | |||
457 | * Load. | |||
458 | */ | |||
459 | if (cmd == 'L') { | |||
460 | do_load(filename); | |||
461 | exit(0); | |||
462 | } | |||
463 | ||||
464 | /* | |||
318 | * Cannot list and modify at the same time. | 465 | * Cannot list and modify at the same time. | |
319 | */ | 466 | */ | |
320 | if ((lflag != 0 || sflag != 0) && mflag != 0) | 467 | if ((lflag != 0 || sflag != 0) && mflag != 0) | |
321 | usage(); | 468 | usage(); | |
322 | 469 | |||
323 | /* | 470 | /* | |
324 | * Bomb out on no-ops. | 471 | * Bomb out on no-ops. | |
325 | */ | 472 | */ | |
326 | if (lflag == 0 && mflag == 0 && sflag == 0) | 473 | if (lflag == 0 && mflag == 0 && sflag == 0) | |
327 | usage(); | 474 | usage(); | |
328 | 475 | |||
329 | /* | 476 | /* | |
330 | * If not listing, we need a device name or a type. | 477 | * If not listing, we need a device name or a type. |
--- src/sys/dev/Attic/rnd.c 2011/11/20 00:45:15 1.85
+++ src/sys/dev/Attic/rnd.c 2011/11/23 10:47:48 1.86
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: rnd.c,v 1.85 2011/11/20 00:45:15 tls Exp $ */ | 1 | /* $NetBSD: rnd.c,v 1.86 2011/11/23 10:47:48 tls Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 1997-2011 The NetBSD Foundation, Inc. | 4 | * Copyright (c) 1997-2011 The NetBSD Foundation, Inc. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * This code is derived from software contributed to The NetBSD Foundation | 7 | * This code is derived from software contributed to The NetBSD Foundation | |
8 | * by Michael Graff <explorer@flame.org> and Thor Lancelot Simon. | 8 | * by Michael Graff <explorer@flame.org> and Thor Lancelot Simon. | |
9 | * This code uses ideas and algorithms from the Linux driver written by | 9 | * This code uses ideas and algorithms from the Linux driver written by | |
10 | * Ted Ts'o. | 10 | * Ted Ts'o. | |
11 | * | 11 | * | |
12 | * Redistribution and use in source and binary forms, with or without | 12 | * Redistribution and use in source and binary forms, with or without | |
13 | * modification, are permitted provided that the following conditions | 13 | * modification, are permitted provided that the following conditions | |
14 | * are met: | 14 | * are met: | |
@@ -22,27 +22,27 @@ | @@ -22,27 +22,27 @@ | |||
22 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | 22 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | |
23 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | 23 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
24 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | 24 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | |
25 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | 25 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
26 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | 26 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
27 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | 27 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
28 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | 28 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
29 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 29 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
30 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | 30 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
31 | * POSSIBILITY OF SUCH DAMAGE. | 31 | * POSSIBILITY OF SUCH DAMAGE. | |
32 | */ | 32 | */ | |
33 | 33 | |||
34 | #include <sys/cdefs.h> | 34 | #include <sys/cdefs.h> | |
35 | __KERNEL_RCSID(0, "$NetBSD: rnd.c,v 1.85 2011/11/20 00:45:15 tls Exp $"); | 35 | __KERNEL_RCSID(0, "$NetBSD: rnd.c,v 1.86 2011/11/23 10:47:48 tls Exp $"); | |
36 | 36 | |||
37 | #include <sys/param.h> | 37 | #include <sys/param.h> | |
38 | #include <sys/ioctl.h> | 38 | #include <sys/ioctl.h> | |
39 | #include <sys/fcntl.h> | 39 | #include <sys/fcntl.h> | |
40 | #include <sys/select.h> | 40 | #include <sys/select.h> | |
41 | #include <sys/poll.h> | 41 | #include <sys/poll.h> | |
42 | #include <sys/kmem.h> | 42 | #include <sys/kmem.h> | |
43 | #include <sys/mutex.h> | 43 | #include <sys/mutex.h> | |
44 | #include <sys/proc.h> | 44 | #include <sys/proc.h> | |
45 | #include <sys/kernel.h> | 45 | #include <sys/kernel.h> | |
46 | #include <sys/conf.h> | 46 | #include <sys/conf.h> | |
47 | #include <sys/systm.h> | 47 | #include <sys/systm.h> | |
48 | #include <sys/callout.h> | 48 | #include <sys/callout.h> | |
@@ -499,78 +499,109 @@ rndread(dev_t dev, struct uio *uio, int | @@ -499,78 +499,109 @@ rndread(dev_t dev, struct uio *uio, int | |||
499 | if (ret != 0 || nread != n) | 499 | if (ret != 0 || nread != n) | |
500 | goto out; | 500 | goto out; | |
501 | } | 501 | } | |
502 | 502 | |||
503 | out: | 503 | out: | |
504 | kmem_free(bf, RND_TEMP_BUFFER_SIZE); | 504 | kmem_free(bf, RND_TEMP_BUFFER_SIZE); | |
505 | return (ret); | 505 | return (ret); | |
506 | } | 506 | } | |
507 | 507 | |||
508 | int | 508 | int | |
509 | rndwrite(dev_t dev, struct uio *uio, int ioflag) | 509 | rndwrite(dev_t dev, struct uio *uio, int ioflag) | |
510 | { | 510 | { | |
511 | u_int8_t *bf; | 511 | u_int8_t *bf; | |
512 | int n, ret; | 512 | int n, ret = 0, estimate_ok = 0, estimate = 0, added = 0; | |
513 | ||||
514 | ret = kauth_authorize_device(curlwp->l_cred, | |||
515 | KAUTH_DEVICE_RND_ADDDATA, NULL, NULL, NULL, NULL); | |||
516 | if (ret) { | |||
517 | return (ret); | |||
518 | } | |||
519 | estimate_ok = !kauth_authorize_device(curlwp->l_cred, | |||
520 | KAUTH_DEVICE_RND_ADDDATA_ESTIMATE, NULL, NULL, NULL, NULL); | |||
513 | 521 | |||
514 | DPRINTF(RND_DEBUG_WRITE, | 522 | DPRINTF(RND_DEBUG_WRITE, | |
515 | ("Random: Write of %zu requested\n", uio->uio_resid)); | 523 | ("Random: Write of %zu requested\n", uio->uio_resid)); | |
516 | 524 | |||
517 | if (uio->uio_resid == 0) | 525 | if (uio->uio_resid == 0) | |
518 | return (0); | 526 | return (0); | |
519 | ret = 0; | 527 | ret = 0; | |
520 | bf = kmem_alloc(RND_TEMP_BUFFER_SIZE, KM_SLEEP); | 528 | bf = kmem_alloc(RND_TEMP_BUFFER_SIZE, KM_SLEEP); | |
521 | while (uio->uio_resid > 0) { | 529 | while (uio->uio_resid > 0) { | |
530 | /* | |||
531 | * Don't flood the pool. | |||
532 | */ | |||
533 | if (added > RND_POOLWORDS * sizeof(int)) { | |||
534 | printf("rnd: added %d already, adding no more.\n", | |||
535 | added); | |||
536 | break; | |||
537 | } | |||
522 | n = min(RND_TEMP_BUFFER_SIZE, uio->uio_resid); | 538 | n = min(RND_TEMP_BUFFER_SIZE, uio->uio_resid); | |
523 | 539 | |||
524 | ret = uiomove((void *)bf, n, uio); | 540 | ret = uiomove((void *)bf, n, uio); | |
525 | if (ret != 0) | 541 | if (ret != 0) | |
526 | break; | 542 | break; | |
527 | 543 | |||
544 | if (estimate_ok) { | |||
545 | /* | |||
546 | * Don't cause samples to be discarded by taking | |||
547 | * the pool's entropy estimate to the max. | |||
548 | */ | |||
549 | if (added > RND_POOLWORDS / 2) | |||
550 | estimate = 0; | |||
551 | else | |||
552 | estimate = n * NBBY / 2; | |||
553 | printf("rnd: adding on write, %d bytes, estimate %d\n", | |||
554 | n, estimate); | |||
555 | } else { | |||
556 | printf("rnd: kauth says no entropy.\n"); | |||
557 | } | |||
558 | ||||
528 | /* | 559 | /* | |
529 | * Mix in the bytes. | 560 | * Mix in the bytes. | |
530 | */ | 561 | */ | |
531 | mutex_spin_enter(&rndpool_mtx); | 562 | mutex_spin_enter(&rndpool_mtx); | |
532 | rndpool_add_data(&rnd_pool, bf, n, 0); | 563 | rndpool_add_data(&rnd_pool, bf, n, estimate); | |
533 | mutex_spin_exit(&rndpool_mtx); | 564 | mutex_spin_exit(&rndpool_mtx); | |
534 | 565 | |||
566 | added += n; | |||
535 | DPRINTF(RND_DEBUG_WRITE, ("Random: Copied in %d bytes\n", n)); | 567 | DPRINTF(RND_DEBUG_WRITE, ("Random: Copied in %d bytes\n", n)); | |
536 | } | 568 | } | |
537 | kmem_free(bf, RND_TEMP_BUFFER_SIZE); | 569 | kmem_free(bf, RND_TEMP_BUFFER_SIZE); | |
538 | return (ret); | 570 | return (ret); | |
539 | } | 571 | } | |
540 | 572 | |||
541 | static void | 573 | static void | |
542 | krndsource_to_rndsource(krndsource_t *kr, rndsource_t *r) | 574 | krndsource_to_rndsource(krndsource_t *kr, rndsource_t *r) | |
543 | { | 575 | { | |
544 | memset(r, 0, sizeof(*r)); | 576 | memset(r, 0, sizeof(*r)); | |
545 | strlcpy(r->name, kr->name, sizeof(r->name)); | 577 | strlcpy(r->name, kr->name, sizeof(r->name)); | |
546 | r->total = kr->total; | 578 | r->total = kr->total; | |
547 | r->type = kr->type; | 579 | r->type = kr->type; | |
548 | r->flags = kr->flags; | 580 | r->flags = kr->flags; | |
549 | } | 581 | } | |
550 | 582 | |||
551 | int | 583 | int | |
552 | rndioctl(dev_t dev, u_long cmd, void *addr, int flag, | 584 | rndioctl(dev_t dev, u_long cmd, void *addr, int flag, | |
553 | struct lwp *l) | 585 | struct lwp *l) | |
554 | { | 586 | { | |
555 | krndsource_t *kr; | 587 | krndsource_t *kr; | |
556 | rndstat_t *rst; | 588 | rndstat_t *rst; | |
557 | rndstat_name_t *rstnm; | 589 | rndstat_name_t *rstnm; | |
558 | rndctl_t *rctl; | 590 | rndctl_t *rctl; | |
559 | rnddata_t *rnddata; | 591 | rnddata_t *rnddata; | |
560 | u_int32_t count, start; | 592 | u_int32_t count, start; | |
561 | int ret; | 593 | int ret = 0; | |
562 | 594 | int estimate_ok = 0, estimate = 0; | ||
563 | ret = 0; | |||
564 | 595 | |||
565 | switch (cmd) { | 596 | switch (cmd) { | |
566 | case FIONBIO: | 597 | case FIONBIO: | |
567 | case FIOASYNC: | 598 | case FIOASYNC: | |
568 | case RNDGETENTCNT: | 599 | case RNDGETENTCNT: | |
569 | break; | 600 | break; | |
570 | 601 | |||
571 | case RNDGETPOOLSTAT: | 602 | case RNDGETPOOLSTAT: | |
572 | case RNDGETSRCNUM: | 603 | case RNDGETSRCNUM: | |
573 | case RNDGETSRCNAME: | 604 | case RNDGETSRCNAME: | |
574 | ret = kauth_authorize_device(l->l_cred, | 605 | ret = kauth_authorize_device(l->l_cred, | |
575 | KAUTH_DEVICE_RND_GETPRIV, NULL, NULL, NULL, NULL); | 606 | KAUTH_DEVICE_RND_GETPRIV, NULL, NULL, NULL, NULL); | |
576 | if (ret) | 607 | if (ret) | |
@@ -579,26 +610,28 @@ rndioctl(dev_t dev, u_long cmd, void *ad | @@ -579,26 +610,28 @@ rndioctl(dev_t dev, u_long cmd, void *ad | |||
579 | 610 | |||
580 | case RNDCTL: | 611 | case RNDCTL: | |
581 | ret = kauth_authorize_device(l->l_cred, | 612 | ret = kauth_authorize_device(l->l_cred, | |
582 | KAUTH_DEVICE_RND_SETPRIV, NULL, NULL, NULL, NULL); | 613 | KAUTH_DEVICE_RND_SETPRIV, NULL, NULL, NULL, NULL); | |
583 | if (ret) | 614 | if (ret) | |
584 | return (ret); | 615 | return (ret); | |
585 | break; | 616 | break; | |
586 | 617 | |||
587 | case RNDADDDATA: | 618 | case RNDADDDATA: | |
588 | ret = kauth_authorize_device(l->l_cred, | 619 | ret = kauth_authorize_device(l->l_cred, | |
589 | KAUTH_DEVICE_RND_ADDDATA, NULL, NULL, NULL, NULL); | 620 | KAUTH_DEVICE_RND_ADDDATA, NULL, NULL, NULL, NULL); | |
590 | if (ret) | 621 | if (ret) | |
591 | return (ret); | 622 | return (ret); | |
623 | estimate_ok = !kauth_authorize_device(l->l_cred, | |||
624 | KAUTH_DEVICE_RND_ADDDATA_ESTIMATE, NULL, NULL, NULL, NULL); | |||
592 | break; | 625 | break; | |
593 | 626 | |||
594 | default: | 627 | default: | |
595 | return (EINVAL); | 628 | return (EINVAL); | |
596 | } | 629 | } | |
597 | 630 | |||
598 | switch (cmd) { | 631 | switch (cmd) { | |
599 | 632 | |||
600 | /* | 633 | /* | |
601 | * Handled in upper layer really, but we have to return zero | 634 | * Handled in upper layer really, but we have to return zero | |
602 | * for it to be accepted by the upper layer. | 635 | * for it to be accepted by the upper layer. | |
603 | */ | 636 | */ | |
604 | case FIONBIO: | 637 | case FIONBIO: | |
@@ -710,29 +743,43 @@ rndioctl(dev_t dev, u_long cmd, void *ad | @@ -710,29 +743,43 @@ rndioctl(dev_t dev, u_long cmd, void *ad | |||
710 | kr = kr->list.le_next; | 743 | kr = kr->list.le_next; | |
711 | } | 744 | } | |
712 | 745 | |||
713 | ret = ENOENT; /* name not found */ | 746 | ret = ENOENT; /* name not found */ | |
714 | 747 | |||
715 | break; | 748 | break; | |
716 | 749 | |||
717 | case RNDADDDATA: | 750 | case RNDADDDATA: | |
718 | rnddata = (rnddata_t *)addr; | 751 | rnddata = (rnddata_t *)addr; | |
719 | 752 | |||
720 | if (rnddata->len > sizeof(rnddata->data)) | 753 | if (rnddata->len > sizeof(rnddata->data)) | |
721 | return EINVAL; | 754 | return EINVAL; | |
722 | 755 | |||
756 | if (estimate_ok) { | |||
757 | /* | |||
758 | * Do not accept absurd entropy estimates, and | |||
759 | * do not flood the pool with entropy such that | |||
760 | * new samples are discarded henceforth. | |||
761 | */ | |||
762 | estimate = MIN((rnddata->len * NBBY) / 2, | |||
763 | MIN(rnddata->entropy, | |||
764 | RND_POOLWORDS * sizeof(int) * | |||
765 | NBBY / 2)); | |||
766 | } else { | |||
767 | estimate = 0; | |||
768 | } | |||
769 | ||||
723 | mutex_spin_enter(&rndpool_mtx); | 770 | mutex_spin_enter(&rndpool_mtx); | |
724 | rndpool_add_data(&rnd_pool, rnddata->data, rnddata->len, | 771 | rndpool_add_data(&rnd_pool, rnddata->data, rnddata->len, | |
725 | rnddata->entropy); | 772 | estimate); | |
726 | mutex_spin_exit(&rndpool_mtx); | 773 | mutex_spin_exit(&rndpool_mtx); | |
727 | 774 | |||
728 | rnd_wakeup_readers(); | 775 | rnd_wakeup_readers(); | |
729 | 776 | |||
730 | break; | 777 | break; | |
731 | 778 | |||
732 | default: | 779 | default: | |
733 | return (EINVAL); | 780 | return (EINVAL); | |
734 | } | 781 | } | |
735 | 782 | |||
736 | return (ret); | 783 | return (ret); | |
737 | } | 784 | } | |
738 | 785 |
--- src/sys/secmodel/securelevel/secmodel_securelevel.c 2009/10/07 01:06:57 1.20
+++ src/sys/secmodel/securelevel/secmodel_securelevel.c 2011/11/23 10:47:48 1.21
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: secmodel_securelevel.c,v 1.20 2009/10/07 01:06:57 elad Exp $ */ | 1 | /* $NetBSD: secmodel_securelevel.c,v 1.21 2011/11/23 10:47:48 tls Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | 3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | |
4 | * All rights reserved. | 4 | * All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * 3. The name of the author may not be used to endorse or promote products | 14 | * 3. The name of the author may not be used to endorse or promote products | |
@@ -25,27 +25,27 @@ | @@ -25,27 +25,27 @@ | |||
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
27 | */ | 27 | */ | |
28 | 28 | |||
29 | /* | 29 | /* | |
30 | * This file contains kauth(9) listeners needed to implement the traditional | 30 | * This file contains kauth(9) listeners needed to implement the traditional | |
31 | * NetBSD securelevel. | 31 | * NetBSD securelevel. | |
32 | * | 32 | * | |
33 | * The securelevel is a system-global indication on what operations are | 33 | * The securelevel is a system-global indication on what operations are | |
34 | * allowed or not. It affects all users, including root. | 34 | * allowed or not. It affects all users, including root. | |
35 | */ | 35 | */ | |
36 | 36 | |||
37 | #include <sys/cdefs.h> | 37 | #include <sys/cdefs.h> | |
38 | __KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.20 2009/10/07 01:06:57 elad Exp $"); | 38 | __KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.21 2011/11/23 10:47:48 tls Exp $"); | |
39 | 39 | |||
40 | #ifdef _KERNEL_OPT | 40 | #ifdef _KERNEL_OPT | |
41 | #include "opt_insecure.h" | 41 | #include "opt_insecure.h" | |
42 | #endif /* _KERNEL_OPT */ | 42 | #endif /* _KERNEL_OPT */ | |
43 | 43 | |||
44 | #include <sys/types.h> | 44 | #include <sys/types.h> | |
45 | #include <sys/param.h> | 45 | #include <sys/param.h> | |
46 | #include <sys/kauth.h> | 46 | #include <sys/kauth.h> | |
47 | 47 | |||
48 | #include <sys/conf.h> | 48 | #include <sys/conf.h> | |
49 | #include <sys/mount.h> | 49 | #include <sys/mount.h> | |
50 | #include <sys/sysctl.h> | 50 | #include <sys/sysctl.h> | |
51 | #include <sys/vnode.h> | 51 | #include <sys/vnode.h> | |
@@ -543,26 +543,31 @@ secmodel_securelevel_device_cb(kauth_cre | @@ -543,26 +543,31 @@ secmodel_securelevel_device_cb(kauth_cre | |||
543 | KASSERT((bits & ~KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL) == 0); | 543 | KASSERT((bits & ~KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL) == 0); | |
544 | 544 | |||
545 | if (bits & ~KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READCONF) | 545 | if (bits & ~KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READCONF) | |
546 | result = KAUTH_RESULT_DENY; | 546 | result = KAUTH_RESULT_DENY; | |
547 | } | 547 | } | |
548 | 548 | |||
549 | break; | 549 | break; | |
550 | 550 | |||
551 | case KAUTH_DEVICE_GPIO_PINSET: | 551 | case KAUTH_DEVICE_GPIO_PINSET: | |
552 | if (securelevel > 0) | 552 | if (securelevel > 0) | |
553 | result = KAUTH_RESULT_DENY; | 553 | result = KAUTH_RESULT_DENY; | |
554 | break; | 554 | break; | |
555 | 555 | |||
556 | case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE: | |||
557 | if (securelevel > 0) | |||
558 | result = KAUTH_RESULT_DENY; | |||
559 | break; | |||
560 | ||||
556 | default: | 561 | default: | |
557 | break; | 562 | break; | |
558 | } | 563 | } | |
559 | 564 | |||
560 | return (result); | 565 | return (result); | |
561 | } | 566 | } | |
562 | 567 | |||
563 | int | 568 | int | |
564 | secmodel_securelevel_vnode_cb(kauth_cred_t cred, kauth_action_t action, | 569 | secmodel_securelevel_vnode_cb(kauth_cred_t cred, kauth_action_t action, | |
565 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | 570 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | |
566 | { | 571 | { | |
567 | int result; | 572 | int result; | |
568 | 573 |
--- src/sys/secmodel/suser/secmodel_suser.c 2009/12/29 04:25:30 1.34
+++ src/sys/secmodel/suser/secmodel_suser.c 2011/11/23 10:47:49 1.35
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: secmodel_suser.c,v 1.34 2009/12/29 04:25:30 elad Exp $ */ | 1 | /* $NetBSD: secmodel_suser.c,v 1.35 2011/11/23 10:47:49 tls Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | 3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | |
4 | * All rights reserved. | 4 | * All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * 3. The name of the author may not be used to endorse or promote products | 14 | * 3. The name of the author may not be used to endorse or promote products | |
@@ -28,27 +28,27 @@ | @@ -28,27 +28,27 @@ | |||
28 | 28 | |||
29 | /* | 29 | /* | |
30 | * This file contains kauth(9) listeners needed to implement the traditional | 30 | * This file contains kauth(9) listeners needed to implement the traditional | |
31 | * NetBSD superuser access restrictions. | 31 | * NetBSD superuser access restrictions. | |
32 | * | 32 | * | |
33 | * There are two main resources a request can be issued to: user-owned and | 33 | * There are two main resources a request can be issued to: user-owned and | |
34 | * system owned. For the first, traditional Unix access checks are done, as | 34 | * system owned. For the first, traditional Unix access checks are done, as | |
35 | * well as superuser checks. If needed, the request context is examined before | 35 | * well as superuser checks. If needed, the request context is examined before | |
36 | * a decision is made. For the latter, usually only superuser checks are done | 36 | * a decision is made. For the latter, usually only superuser checks are done | |
37 | * as normal users are not allowed to access system resources. | 37 | * as normal users are not allowed to access system resources. | |
38 | */ | 38 | */ | |
39 | 39 | |||
40 | #include <sys/cdefs.h> | 40 | #include <sys/cdefs.h> | |
41 | __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.34 2009/12/29 04:25:30 elad Exp $"); | 41 | __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.35 2011/11/23 10:47:49 tls Exp $"); | |
42 | 42 | |||
43 | #include <sys/types.h> | 43 | #include <sys/types.h> | |
44 | #include <sys/param.h> | 44 | #include <sys/param.h> | |
45 | #include <sys/kauth.h> | 45 | #include <sys/kauth.h> | |
46 | 46 | |||
47 | #include <sys/mutex.h> | 47 | #include <sys/mutex.h> | |
48 | #include <sys/mount.h> | 48 | #include <sys/mount.h> | |
49 | #include <sys/socketvar.h> | 49 | #include <sys/socketvar.h> | |
50 | #include <sys/sysctl.h> | 50 | #include <sys/sysctl.h> | |
51 | #include <sys/vnode.h> | 51 | #include <sys/vnode.h> | |
52 | #include <sys/proc.h> | 52 | #include <sys/proc.h> | |
53 | #include <sys/module.h> | 53 | #include <sys/module.h> | |
54 | 54 | |||
@@ -828,26 +828,27 @@ secmodel_suser_device_cb(kauth_cred_t cr | @@ -828,26 +828,27 @@ secmodel_suser_device_cb(kauth_cred_t cr | |||
828 | int result; | 828 | int result; | |
829 | 829 | |||
830 | isroot = (kauth_cred_geteuid(cred) == 0); | 830 | isroot = (kauth_cred_geteuid(cred) == 0); | |
831 | result = KAUTH_RESULT_DEFER; | 831 | result = KAUTH_RESULT_DEFER; | |
832 | 832 | |||
833 | switch (action) { | 833 | switch (action) { | |
834 | case KAUTH_DEVICE_BLUETOOTH_SETPRIV: | 834 | case KAUTH_DEVICE_BLUETOOTH_SETPRIV: | |
835 | case KAUTH_DEVICE_BLUETOOTH_SEND: | 835 | case KAUTH_DEVICE_BLUETOOTH_SEND: | |
836 | case KAUTH_DEVICE_BLUETOOTH_RECV: | 836 | case KAUTH_DEVICE_BLUETOOTH_RECV: | |
837 | case KAUTH_DEVICE_TTY_OPEN: | 837 | case KAUTH_DEVICE_TTY_OPEN: | |
838 | case KAUTH_DEVICE_TTY_PRIVSET: | 838 | case KAUTH_DEVICE_TTY_PRIVSET: | |
839 | case KAUTH_DEVICE_TTY_STI: | 839 | case KAUTH_DEVICE_TTY_STI: | |
840 | case KAUTH_DEVICE_RND_ADDDATA: | 840 | case KAUTH_DEVICE_RND_ADDDATA: | |
841 | case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE: | |||
841 | case KAUTH_DEVICE_RND_GETPRIV: | 842 | case KAUTH_DEVICE_RND_GETPRIV: | |
842 | case KAUTH_DEVICE_RND_SETPRIV: | 843 | case KAUTH_DEVICE_RND_SETPRIV: | |
843 | if (isroot) | 844 | if (isroot) | |
844 | result = KAUTH_RESULT_ALLOW; | 845 | result = KAUTH_RESULT_ALLOW; | |
845 | break; | 846 | break; | |
846 | 847 | |||
847 | case KAUTH_DEVICE_BLUETOOTH_BCSP: | 848 | case KAUTH_DEVICE_BLUETOOTH_BCSP: | |
848 | case KAUTH_DEVICE_BLUETOOTH_BTUART: { | 849 | case KAUTH_DEVICE_BLUETOOTH_BTUART: { | |
849 | enum kauth_device_req req; | 850 | enum kauth_device_req req; | |
850 | 851 | |||
851 | req = (enum kauth_device_req)arg0; | 852 | req = (enum kauth_device_req)arg0; | |
852 | switch (req) { | 853 | switch (req) { | |
853 | case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD: | 854 | case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD: |
--- src/sys/sys/kauth.h 2009/12/24 19:02:07 1.64
+++ src/sys/sys/kauth.h 2011/11/23 10:47:49 1.65
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: kauth.h,v 1.64 2009/12/24 19:02:07 elad Exp $ */ | 1 | /* $NetBSD: kauth.h,v 1.65 2011/11/23 10:47:49 tls Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> | 4 | * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -245,26 +245,27 @@ enum { | @@ -245,26 +245,27 @@ enum { | |||
245 | }; | 245 | }; | |
246 | 246 | |||
247 | /* | 247 | /* | |
248 | * Device scope - actions. | 248 | * Device scope - actions. | |
249 | */ | 249 | */ | |
250 | enum { | 250 | enum { | |
251 | KAUTH_DEVICE_TTY_OPEN=1, | 251 | KAUTH_DEVICE_TTY_OPEN=1, | |
252 | KAUTH_DEVICE_TTY_PRIVSET, | 252 | KAUTH_DEVICE_TTY_PRIVSET, | |
253 | KAUTH_DEVICE_TTY_STI, | 253 | KAUTH_DEVICE_TTY_STI, | |
254 | KAUTH_DEVICE_RAWIO_SPEC, | 254 | KAUTH_DEVICE_RAWIO_SPEC, | |
255 | KAUTH_DEVICE_RAWIO_PASSTHRU, | 255 | KAUTH_DEVICE_RAWIO_PASSTHRU, | |
256 | KAUTH_DEVICE_BLUETOOTH_SETPRIV, | 256 | KAUTH_DEVICE_BLUETOOTH_SETPRIV, | |
257 | KAUTH_DEVICE_RND_ADDDATA, | 257 | KAUTH_DEVICE_RND_ADDDATA, | |
258 | KAUTH_DEVICE_RND_ADDDATA_ESTIMATE, | |||
258 | KAUTH_DEVICE_RND_GETPRIV, | 259 | KAUTH_DEVICE_RND_GETPRIV, | |
259 | KAUTH_DEVICE_RND_SETPRIV, | 260 | KAUTH_DEVICE_RND_SETPRIV, | |
260 | KAUTH_DEVICE_BLUETOOTH_BCSP, | 261 | KAUTH_DEVICE_BLUETOOTH_BCSP, | |
261 | KAUTH_DEVICE_BLUETOOTH_BTUART, | 262 | KAUTH_DEVICE_BLUETOOTH_BTUART, | |
262 | KAUTH_DEVICE_GPIO_PINSET, | 263 | KAUTH_DEVICE_GPIO_PINSET, | |
263 | KAUTH_DEVICE_BLUETOOTH_SEND, | 264 | KAUTH_DEVICE_BLUETOOTH_SEND, | |
264 | KAUTH_DEVICE_BLUETOOTH_RECV | 265 | KAUTH_DEVICE_BLUETOOTH_RECV | |
265 | }; | 266 | }; | |
266 | 267 | |||
267 | /* | 268 | /* | |
268 | * Device scope - sub-actions. | 269 | * Device scope - sub-actions. | |
269 | */ | 270 | */ | |
270 | enum kauth_device_req { | 271 | enum kauth_device_req { |
--- src/sys/sys/rnd.h 2011/11/19 22:51:31 1.22
+++ src/sys/sys/rnd.h 2011/11/23 10:47:49 1.23
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: rnd.h,v 1.22 2011/11/19 22:51:31 tls Exp $ */ | 1 | /* $NetBSD: rnd.h,v 1.23 2011/11/23 10:47:49 tls Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 1997 The NetBSD Foundation, Inc. | 4 | * Copyright (c) 1997 The NetBSD Foundation, Inc. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * This code is derived from software contributed to The NetBSD Foundation | 7 | * This code is derived from software contributed to The NetBSD Foundation | |
8 | * by Michael Graff <explorer@flame.org>. This code uses ideas and | 8 | * by Michael Graff <explorer@flame.org>. This code uses ideas and | |
9 | * algorithms from the Linux driver written by Ted Ts'o. | 9 | * algorithms from the Linux driver written by Ted Ts'o. | |
10 | * | 10 | * | |
11 | * Redistribution and use in source and binary forms, with or without | 11 | * Redistribution and use in source and binary forms, with or without | |
12 | * modification, are permitted provided that the following conditions | 12 | * modification, are permitted provided that the following conditions | |
13 | * are met: | 13 | * are met: | |
14 | * 1. Redistributions of source code must retain the above copyright | 14 | * 1. Redistributions of source code must retain the above copyright | |
@@ -199,24 +199,24 @@ typedef struct { | @@ -199,24 +199,24 @@ typedef struct { | |||
199 | * instead. Otherwise, the flags set/cleared apply to all devices of | 199 | * instead. Otherwise, the flags set/cleared apply to all devices of | |
200 | * the specified type, and the name is ignored. | 200 | * the specified type, and the name is ignored. | |
201 | */ | 201 | */ | |
202 | typedef struct { | 202 | typedef struct { | |
203 | char name[16]; /* the name we are adjusting */ | 203 | char name[16]; /* the name we are adjusting */ | |
204 | uint32_t type; /* the type of device we want */ | 204 | uint32_t type; /* the type of device we want */ | |
205 | uint32_t flags; /* flags to set or clear */ | 205 | uint32_t flags; /* flags to set or clear */ | |
206 | uint32_t mask; /* mask for the flags we are setting */ | 206 | uint32_t mask; /* mask for the flags we are setting */ | |
207 | } rndctl_t; | 207 | } rndctl_t; | |
208 | 208 | |||
209 | typedef struct { | 209 | typedef struct { | |
210 | uint32_t len; | 210 | uint32_t len; | |
211 | uint32_t entropy; | 211 | uint32_t entropy; | |
212 | u_char data[RND_POOLWORDS * 4]; | 212 | u_char data[RND_POOLWORDS * sizeof(uint32_t)]; | |
213 | } rnddata_t; | 213 | } rnddata_t; | |
214 | 214 | |||
215 | #define RNDGETENTCNT _IOR('R', 101, uint32_t) /* get entropy count */ | 215 | #define RNDGETENTCNT _IOR('R', 101, uint32_t) /* get entropy count */ | |
216 | #define RNDGETSRCNUM _IOWR('R', 102, rndstat_t) /* get rnd source info */ | 216 | #define RNDGETSRCNUM _IOWR('R', 102, rndstat_t) /* get rnd source info */ | |
217 | #define RNDGETSRCNAME _IOWR('R', 103, rndstat_name_t) /* get src by name */ | 217 | #define RNDGETSRCNAME _IOWR('R', 103, rndstat_name_t) /* get src by name */ | |
218 | #define RNDCTL _IOW('R', 104, rndctl_t) /* set/clear source flags */ | 218 | #define RNDCTL _IOW('R', 104, rndctl_t) /* set/clear source flags */ | |
219 | #define RNDADDDATA _IOW('R', 105, rnddata_t) /* add data to the pool */ | 219 | #define RNDADDDATA _IOW('R', 105, rnddata_t) /* add data to the pool */ | |
220 | #define RNDGETPOOLSTAT _IOR('R', 106, rndpoolstat_t) | 220 | #define RNDGETPOOLSTAT _IOR('R', 106, rndpoolstat_t) | |
221 | 221 | |||
222 | #endif /* !_SYS_RND_H_ */ | 222 | #endif /* !_SYS_RND_H_ */ |