version 1.189, 2009/04/30 20:41:33 |
version 1.191, 2009/10/02 23:50:16 |
Line 151 int somaxkva = SOMAXKVA; |
|
Line 151 int somaxkva = SOMAXKVA; |
|
static int socurkva; |
static int socurkva; |
static kcondvar_t socurkva_cv; |
static kcondvar_t socurkva_cv; |
|
|
|
static kauth_listener_t socket_listener; |
|
|
#define SOCK_LOAN_CHUNK 65536 |
#define SOCK_LOAN_CHUNK 65536 |
|
|
static size_t sodopendfree(void); |
static size_t sodopendfree(void); |
Line 428 getsombuf(struct socket *so, int type) |
|
Line 430 getsombuf(struct socket *so, int type) |
|
return m; |
return m; |
} |
} |
|
|
|
static int |
|
socket_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, |
|
void *arg0, void *arg1, void *arg2, void *arg3) |
|
{ |
|
int result; |
|
enum kauth_network_req req; |
|
|
|
result = KAUTH_RESULT_DEFER; |
|
req = (enum kauth_network_req)arg0; |
|
|
|
if (action != KAUTH_NETWORK_SOCKET) |
|
return result; |
|
|
|
switch (req) { |
|
case KAUTH_REQ_NETWORK_SOCKET_DROP: { |
|
/* Normal users can only drop their own connections. */ |
|
struct socket *so = (struct socket *)arg1; |
|
uid_t sockuid = so->so_uidinfo->ui_uid; |
|
|
|
if (sockuid == kauth_cred_getuid(cred) || |
|
sockuid == kauth_cred_geteuid(cred)) |
|
result = KAUTH_RESULT_ALLOW; |
|
|
|
break; |
|
} |
|
|
|
case KAUTH_REQ_NETWORK_SOCKET_OPEN: |
|
/* We allow "raw" routing/bluetooth sockets to anyone. */ |
|
if ((u_long)arg1 == PF_ROUTE || (u_long)arg1 == PF_BLUETOOTH) |
|
result = KAUTH_RESULT_ALLOW; |
|
else { |
|
/* Privileged, let secmodel handle this. */ |
|
if ((u_long)arg2 == SOCK_RAW) |
|
break; |
|
} |
|
|
|
result = KAUTH_RESULT_ALLOW; |
|
|
|
break; |
|
|
|
default: |
|
break; |
|
} |
|
|
|
return result; |
|
} |
|
|
void |
void |
soinit(void) |
soinit(void) |
{ |
{ |
|
|
|
|
callback_register(&vm_map_to_kernel(kernel_map)->vmk_reclaim_callback, |
callback_register(&vm_map_to_kernel(kernel_map)->vmk_reclaim_callback, |
&sokva_reclaimerentry, NULL, sokva_reclaim_callback); |
&sokva_reclaimerentry, NULL, sokva_reclaim_callback); |
|
|
|
socket_listener = kauth_listen_scope(KAUTH_SCOPE_NETWORK, |
|
socket_listener_cb, NULL); |
} |
} |
|
|
/* |
/* |
Line 499 socreate(int dom, struct socket **aso, i |
|
Line 551 socreate(int dom, struct socket **aso, i |
|
so->so_snd.sb_mowner = &prp->pr_domain->dom_mowner; |
so->so_snd.sb_mowner = &prp->pr_domain->dom_mowner; |
so->so_mowner = &prp->pr_domain->dom_mowner; |
so->so_mowner = &prp->pr_domain->dom_mowner; |
#endif |
#endif |
|
/* so->so_cred = kauth_cred_dup(l->l_cred); */ |
uid = kauth_cred_geteuid(l->l_cred); |
uid = kauth_cred_geteuid(l->l_cred); |
so->so_uidinfo = uid_find(uid); |
so->so_uidinfo = uid_find(uid); |
so->so_egid = kauth_cred_getegid(l->l_cred); |
so->so_egid = kauth_cred_getegid(l->l_cred); |
Line 555 fsocreate(int domain, struct socket **so |
|
Line 608 fsocreate(int domain, struct socket **so |
|
} |
} |
|
|
int |
int |
|
sofamily(const struct socket *so) |
|
{ |
|
const struct protosw *pr; |
|
const struct domain *dom; |
|
|
|
if ((pr = so->so_proto) == NULL) |
|
return AF_UNSPEC; |
|
if ((dom = pr->pr_domain) == NULL) |
|
return AF_UNSPEC; |
|
return dom->dom_family; |
|
} |
|
|
|
int |
sobind(struct socket *so, struct mbuf *nam, struct lwp *l) |
sobind(struct socket *so, struct mbuf *nam, struct lwp *l) |
{ |
{ |
int error; |
int error; |
Line 628 sofree(struct socket *so) |
|
Line 694 sofree(struct socket *so) |
|
/* Remove acccept filter if one is present. */ |
/* Remove acccept filter if one is present. */ |
if (so->so_accf != NULL) |
if (so->so_accf != NULL) |
(void)accept_filt_clear(so); |
(void)accept_filt_clear(so); |
|
/* kauth_cred_free(so->so_cred); */ |
sounlock(so); |
sounlock(so); |
if (refs == 0) /* XXX */ |
if (refs == 0) /* XXX */ |
soput(so); |
soput(so); |