| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: uipc_socket.c,v 1.209.2.2.2.1 2013/08/02 20:18:48 martin Exp $ */ | | 1 | /* $NetBSD: uipc_socket.c,v 1.209.2.2.2.2 2013/11/25 08:27:06 bouyer Exp $ */ |
2 | | | 2 | |
3 | /*- | | 3 | /*- |
4 | * Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc. | | 4 | * Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc. |
5 | * All rights reserved. | | 5 | * All rights reserved. |
6 | * | | 6 | * |
7 | * This code is derived from software contributed to The NetBSD Foundation | | 7 | * This code is derived from software contributed to The NetBSD Foundation |
8 | * by Jason R. Thorpe of Wasabi Systems, Inc, and by Andrew Doran. | | 8 | * by Jason R. Thorpe of Wasabi Systems, Inc, and by Andrew Doran. |
9 | * | | 9 | * |
10 | * Redistribution and use in source and binary forms, with or without | | 10 | * Redistribution and use in source and binary forms, with or without |
11 | * modification, are permitted provided that the following conditions | | 11 | * modification, are permitted provided that the following conditions |
12 | * are met: | | 12 | * are met: |
13 | * 1. Redistributions of source code must retain the above copyright | | 13 | * 1. Redistributions of source code must retain the above copyright |
14 | * notice, this list of conditions and the following disclaimer. | | 14 | * notice, this list of conditions and the following disclaimer. |
| @@ -53,27 +53,27 @@ | | | @@ -53,27 +53,27 @@ |
53 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | | 53 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
54 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 54 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
55 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | | 55 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
56 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | | 56 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
57 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | 57 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
58 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 58 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
59 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 59 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
60 | * SUCH DAMAGE. | | 60 | * SUCH DAMAGE. |
61 | * | | 61 | * |
62 | * @(#)uipc_socket.c 8.6 (Berkeley) 5/2/95 | | 62 | * @(#)uipc_socket.c 8.6 (Berkeley) 5/2/95 |
63 | */ | | 63 | */ |
64 | | | 64 | |
65 | #include <sys/cdefs.h> | | 65 | #include <sys/cdefs.h> |
66 | __KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.209.2.2.2.1 2013/08/02 20:18:48 martin Exp $"); | | 66 | __KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.209.2.2.2.2 2013/11/25 08:27:06 bouyer Exp $"); |
67 | | | 67 | |
68 | #include "opt_compat_netbsd.h" | | 68 | #include "opt_compat_netbsd.h" |
69 | #include "opt_sock_counters.h" | | 69 | #include "opt_sock_counters.h" |
70 | #include "opt_sosend_loan.h" | | 70 | #include "opt_sosend_loan.h" |
71 | #include "opt_mbuftrace.h" | | 71 | #include "opt_mbuftrace.h" |
72 | #include "opt_somaxkva.h" | | 72 | #include "opt_somaxkva.h" |
73 | #include "opt_multiprocessor.h" /* XXX */ | | 73 | #include "opt_multiprocessor.h" /* XXX */ |
74 | | | 74 | |
75 | #include <sys/param.h> | | 75 | #include <sys/param.h> |
76 | #include <sys/systm.h> | | 76 | #include <sys/systm.h> |
77 | #include <sys/proc.h> | | 77 | #include <sys/proc.h> |
78 | #include <sys/file.h> | | 78 | #include <sys/file.h> |
79 | #include <sys/filedesc.h> | | 79 | #include <sys/filedesc.h> |
| @@ -406,27 +406,27 @@ socket_listener_cb(kauth_cred_t cred, ka | | | @@ -406,27 +406,27 @@ socket_listener_cb(kauth_cred_t cred, ka |
406 | if ((action != KAUTH_NETWORK_SOCKET) && | | 406 | if ((action != KAUTH_NETWORK_SOCKET) && |
407 | (action != KAUTH_NETWORK_BIND)) | | 407 | (action != KAUTH_NETWORK_BIND)) |
408 | return result; | | 408 | return result; |
409 | | | 409 | |
410 | switch (req) { | | 410 | switch (req) { |
411 | case KAUTH_REQ_NETWORK_BIND_PORT: | | 411 | case KAUTH_REQ_NETWORK_BIND_PORT: |
412 | result = KAUTH_RESULT_ALLOW; | | 412 | result = KAUTH_RESULT_ALLOW; |
413 | break; | | 413 | break; |
414 | | | 414 | |
415 | case KAUTH_REQ_NETWORK_SOCKET_DROP: { | | 415 | case KAUTH_REQ_NETWORK_SOCKET_DROP: { |
416 | /* Normal users can only drop their own connections. */ | | 416 | /* Normal users can only drop their own connections. */ |
417 | struct socket *so = (struct socket *)arg1; | | 417 | struct socket *so = (struct socket *)arg1; |
418 | | | 418 | |
419 | if (proc_uidmatch(cred, so->so_cred) == 0) | | 419 | if (so->so_cred && proc_uidmatch(cred, so->so_cred) == 0) |
420 | result = KAUTH_RESULT_ALLOW; | | 420 | result = KAUTH_RESULT_ALLOW; |
421 | | | 421 | |
422 | break; | | 422 | break; |
423 | } | | 423 | } |
424 | | | 424 | |
425 | case KAUTH_REQ_NETWORK_SOCKET_OPEN: | | 425 | case KAUTH_REQ_NETWORK_SOCKET_OPEN: |
426 | /* We allow "raw" routing/bluetooth sockets to anyone. */ | | 426 | /* We allow "raw" routing/bluetooth sockets to anyone. */ |
427 | if ((u_long)arg1 == PF_ROUTE || (u_long)arg1 == PF_OROUTE | | 427 | if ((u_long)arg1 == PF_ROUTE || (u_long)arg1 == PF_OROUTE |
428 | || (u_long)arg1 == PF_BLUETOOTH) { | | 428 | || (u_long)arg1 == PF_BLUETOOTH) { |
429 | result = KAUTH_RESULT_ALLOW; | | 429 | result = KAUTH_RESULT_ALLOW; |
430 | } else { | | 430 | } else { |
431 | /* Privileged, let secmodel handle this. */ | | 431 | /* Privileged, let secmodel handle this. */ |
432 | if ((u_long)arg2 == SOCK_RAW) | | 432 | if ((u_long)arg2 == SOCK_RAW) |