diff options
| author | James Carlson <james.d.carlson@sun.com> | 2009-05-29 08:53:34 -0400 |
|---|---|---|
| committer | James Carlson <james.d.carlson@sun.com> | 2009-05-29 08:53:34 -0400 |
| commit | f53eecf557986dac6ededb388fedd6ca63be0350 (patch) | |
| tree | fc7a51aa1700243330df3d0b104adb4d5a5097a1 /usr/src/uts/common | |
| parent | 00ba712d889cedd6eb0c7de606f61b180572b600 (diff) | |
| download | illumos-joyent-f53eecf557986dac6ededb388fedd6ca63be0350.tar.gz | |
PSARC 2009/317 Solaris PPP/PPPoE Updates
4695172 3COM has its own incompatible dialect of PPPoE
4704518 security checks on chap peer name cause interoperability problems
4711045 pppd should not be discarding debug information on fatal signals
4711046 pppoec should provide a way to limit match against wildcard service
4714306 sppptun should not use M_ERROR to signal protocol problems
4743677 pppd can trigger latent access server bug
4750809 pppd needs lint cleanup
4947676 spppcomp_wput() allows an unprivileged process to "hang" the system.
5058886 PPPD misses first LCP configuration request
5060749 need a way to log demand-dial action at higher priority
5093264 PPPoE server can omit Service-Name tag in PADS response
6291911 ugly preremove script in SUNWpppdt causes messages on pkgrm from zone
6589814 pppd disavows bad echo-reply count
6636684 PPP should work in non-global exclusive-stack zones
6637245 sppp driver has half-baked _mi_driver_info function
6704096 SUNWpppdu and SUNWpppdr package dependency and content issues
6753945 sppptun doesn't honor clearview vanity naming feature.
Diffstat (limited to 'usr/src/uts/common')
| -rw-r--r-- | usr/src/uts/common/io/ppp/sppp/sppp.c | 60 | ||||
| -rw-r--r-- | usr/src/uts/common/io/ppp/sppp/sppp.h | 11 | ||||
| -rw-r--r-- | usr/src/uts/common/io/ppp/sppp/sppp_dlpi.c | 51 | ||||
| -rw-r--r-- | usr/src/uts/common/io/ppp/sppp/sppp_mod.c | 8 | ||||
| -rw-r--r-- | usr/src/uts/common/io/ppp/spppcomp/spppcomp.c | 148 | ||||
| -rw-r--r-- | usr/src/uts/common/io/ppp/sppptun/sppptun.c | 87 | ||||
| -rw-r--r-- | usr/src/uts/common/io/ppp/sppptun/sppptun_impl.h | 8 | ||||
| -rw-r--r-- | usr/src/uts/common/net/sppptun.h | 12 | ||||
| -rw-r--r-- | usr/src/uts/common/os/policy.c | 16 | ||||
| -rw-r--r-- | usr/src/uts/common/os/priv_defs | 10 | ||||
| -rw-r--r-- | usr/src/uts/common/sys/policy.h | 3 |
11 files changed, 218 insertions, 196 deletions
diff --git a/usr/src/uts/common/io/ppp/sppp/sppp.c b/usr/src/uts/common/io/ppp/sppp/sppp.c index 147cd04a20..c810a37dec 100644 --- a/usr/src/uts/common/io/ppp/sppp/sppp.c +++ b/usr/src/uts/common/io/ppp/sppp/sppp.c @@ -1,7 +1,7 @@ /* * sppp.c - Solaris STREAMS PPP multiplexing pseudo-driver * - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * Permission to use, copy, modify, and distribute this software and its @@ -65,6 +65,7 @@ #include <sys/strsun.h> #include <sys/ethernet.h> #include <sys/policy.h> +#include <sys/zone.h> #include <net/ppp_defs.h> #include <net/pppio.h> #include "sppp.h" @@ -182,6 +183,7 @@ sppp_open(queue_t *q, dev_t *devp, int oflag, int sflag, cred_t *credp) sps->sps_sap = -1; /* no sap bound to stream */ sps->sps_dlstate = DL_UNATTACHED; /* dlpi state is unattached */ sps->sps_npmode = NPMODE_DROP; /* drop all packets initially */ + sps->sps_zoneid = crgetzoneid(credp); q->q_ptr = WR(q)->q_ptr = (caddr_t)sps; /* * We explicitly disable the automatic queue scheduling for the @@ -229,7 +231,7 @@ sppp_free_ppa(sppa_t *ppa) * Create a new PPA. Caller must be exclusive on outer perimeter. */ sppa_t * -sppp_create_ppa(uint32_t ppa_id) +sppp_create_ppa(uint32_t ppa_id, zoneid_t zoneid) { sppa_t *ppa; sppa_t *curppa; @@ -267,6 +269,7 @@ sppp_create_ppa(uint32_t ppa_id) } ppa->ppa_kstats = ksp; /* chain kstat structure */ ppa->ppa_ppa_id = ppa_id; /* record ppa id */ + ppa->ppa_zoneid = zoneid; /* zone that owns this PPA */ ppa->ppa_mtu = PPP_MAXMTU; /* 65535-(PPP_HDRLEN+PPP_FCSLEN) */ ppa->ppa_mru = PPP_MAXMRU; /* 65000 */ @@ -779,7 +782,7 @@ sppp_uwput(queue_t *q, mblk_t *mp) break; /* 32 bit interface gone */ default: if (iop->ioc_cr == NULL || - secpolicy_net_config(iop->ioc_cr, B_FALSE) != 0) { + secpolicy_ppp_config(iop->ioc_cr) != 0) { error = EPERM; break; } else if ((ppa == NULL) || @@ -1051,6 +1054,11 @@ sppp_inner_ioctl(queue_t *q, mblk_t *mp) error = ENOENT; break; } + if (iop->ioc_cr == NULL || + ppa->ppa_zoneid != crgetzoneid(iop->ioc_cr)) { + error = EPERM; + break; + } /* * Preallocate the hangup message so that we're always * able to send this upstream in the event of a @@ -1084,7 +1092,7 @@ sppp_inner_ioctl(queue_t *q, mblk_t *mp) case PPPIO_BLOCKNP: case PPPIO_UNBLOCKNP: if (iop->ioc_cr == NULL || - secpolicy_net_config(iop->ioc_cr, B_FALSE) != 0) { + secpolicy_ppp_config(iop->ioc_cr) != 0) { error = EPERM; break; } @@ -1116,7 +1124,7 @@ sppp_inner_ioctl(queue_t *q, mblk_t *mp) break; case PPPIO_DEBUG: if (iop->ioc_cr == NULL || - secpolicy_net_config(iop->ioc_cr, B_FALSE) != 0) { + secpolicy_ppp_config(iop->ioc_cr) != 0) { error = EPERM; break; } else if (iop->ioc_count != sizeof (uint32_t)) { @@ -1293,7 +1301,7 @@ sppp_inner_ioctl(queue_t *q, mblk_t *mp) static void sppp_outer_ioctl(queue_t *q, mblk_t *mp) { - spppstr_t *sps; + spppstr_t *sps = q->q_ptr; spppstr_t *nextsib; queue_t *lwq; sppa_t *ppa; @@ -1302,9 +1310,7 @@ sppp_outer_ioctl(queue_t *q, mblk_t *mp) int count = 0; uint32_t ppa_id; mblk_t *nmp; - - ASSERT(q != NULL && q->q_ptr != NULL); - ASSERT(mp != NULL && mp->b_rptr != NULL); + zoneid_t zoneid; sps = (spppstr_t *)q->q_ptr; ppa = sps->sps_ppa; @@ -1340,6 +1346,14 @@ sppp_outer_ioctl(queue_t *q, mblk_t *mp) qenable(WR(nextsib->sps_rq)); } } + + /* + * Also unblock (run once) our lower read-side queue. This is + * where packets received while doing the I_LINK may be + * languishing; see sppp_lrsrv. + */ + qenable(RD(lwq)); + /* * Send useful information down to the modules which are now * linked below this driver (for this particular ppa). Only @@ -1412,7 +1426,7 @@ sppp_outer_ioctl(queue_t *q, mblk_t *mp) * a control stream. */ if (iop->ioc_cr == NULL || - secpolicy_net_config(iop->ioc_cr, B_FALSE) != 0) { + secpolicy_ppp_config(iop->ioc_cr) != 0) { error = EPERM; break; } else if (IS_SPS_CONTROL(sps) || IS_SPS_PIOATTACH(sps) || @@ -1440,9 +1454,11 @@ sppp_outer_ioctl(queue_t *q, mblk_t *mp) */ if (ppa_id == (uint32_t)-1) ppa_id = 0; + zoneid = crgetzoneid(iop->ioc_cr); for (ppa = ppa_list; ppa != NULL; ppa = ppa->ppa_nextppa) { if (ppa_id == (uint32_t)-2) { - if (ppa->ppa_ctl == NULL) + if (ppa->ppa_ctl == NULL && + ppa->ppa_zoneid == zoneid) break; } else { if (ppa_id < ppa->ppa_ppa_id) @@ -1459,7 +1475,7 @@ sppp_outer_ioctl(queue_t *q, mblk_t *mp) /* Clear timestamp and lastmod flags */ ppa->ppa_flags = 0; } else { - ppa = sppp_create_ppa(ppa_id); + ppa = sppp_create_ppa(ppa_id, zoneid); if (ppa == NULL) { error = ENOMEM; break; @@ -1804,6 +1820,26 @@ sppp_lrput(queue_t *q, mblk_t *mp) } /* + * sppp_lrsrv() + * + * MT-Perimeters: + * exclusive inner, shared outer. + * + * Description: + * Lower read-side service procedure. This is run once after the I_LINK + * occurs in order to clean up any packets that came in while we were + * transferring in the lower stream. Otherwise, it's not used. + */ +void +sppp_lrsrv(queue_t *q) +{ + mblk_t *mp; + + while ((mp = getq(q)) != NULL) + sppp_lrput(q, mp); +} + +/* * sppp_recv_nondata() * * MT-Perimeters: diff --git a/usr/src/uts/common/io/ppp/sppp/sppp.h b/usr/src/uts/common/io/ppp/sppp/sppp.h index 2daa8aceac..d3056a4fd2 100644 --- a/usr/src/uts/common/io/ppp/sppp/sppp.h +++ b/usr/src/uts/common/io/ppp/sppp/sppp.h @@ -1,7 +1,7 @@ /* * sppp.h - Solaris STREAMS PPP multiplexing pseudo-driver definitions * - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * Permission to use, copy, modify, and distribute this software and its @@ -82,7 +82,7 @@ extern "C" { */ struct sppp_dlpi_pinfo_t { int pi_minlen; /* minimum primitive length */ - uint_t pi_state; /* acceptable starting state */ + int pi_state; /* acceptable starting state */ int (*pi_funcp)(); /* function() to call */ }; @@ -204,6 +204,8 @@ typedef struct spppstr { */ t_uscalar_t sps_dlstate; /* current DLPI state */ mblk_t *sps_hangup; /* preallocated M_HANGUP message */ + + zoneid_t sps_zoneid; /* zone in which we were opened */ } spppstr_t; /* @@ -322,6 +324,8 @@ typedef struct sppa { kmutex_t ppa_npmutex; /* protects the 2 fields below */ uint32_t ppa_npflag; /* network protocols blocked */ uint32_t ppa_holdpkts[3]; /* # of packets blocked per np */ + + zoneid_t ppa_zoneid; /* zone where PPA is in use */ } sppa_t; /* bit position (in ppa_npflag) for each ppp_protocol that can be blocked */ @@ -360,6 +364,7 @@ extern mblk_t *sppp_dladdud(spppstr_t *, mblk_t *, t_scalar_t, boolean_t); extern void sppp_dlpi_pinfoinit(void); extern void sppp_dlprsendup(spppstr_t *, mblk_t *, t_scalar_t, boolean_t); extern void sppp_lrput(queue_t *, mblk_t *); +extern void sppp_lrsrv(queue_t *); extern void sppp_lwsrv(queue_t *); extern int sppp_mproto(queue_t *, mblk_t *, spppstr_t *); extern int sppp_open(queue_t *, dev_t *, int, int, cred_t *); @@ -367,7 +372,7 @@ extern void sppp_uwput(queue_t *, mblk_t *); extern void sppp_uwsrv(queue_t *); extern void sppp_remove_ppa(spppstr_t *sps); extern sppa_t *sppp_find_ppa(uint32_t ppa_id); -extern sppa_t *sppp_create_ppa(uint32_t ppa_id); +extern sppa_t *sppp_create_ppa(uint32_t ppa_id, zoneid_t zoneid); #ifdef __cplusplus } diff --git a/usr/src/uts/common/io/ppp/sppp/sppp_dlpi.c b/usr/src/uts/common/io/ppp/sppp/sppp_dlpi.c index 9acaa6323a..9905a5dbda 100644 --- a/usr/src/uts/common/io/ppp/sppp/sppp_dlpi.c +++ b/usr/src/uts/common/io/ppp/sppp/sppp_dlpi.c @@ -1,7 +1,7 @@ /* * sppp_dlpi.c - Solaris STREAMS PPP multiplexing pseudo-driver DLPI handlers * - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * Permission to use, copy, modify, and distribute this software and its @@ -45,7 +45,6 @@ * for improved performance and scalability. */ -#pragma ident "%Z%%M% %I% %E% SMI" #define RCSID "$Id: sppp_dlpi.c,v 1.0 2000/05/08 01:10:12 masputra Exp $" #include <sys/types.h> @@ -60,6 +59,7 @@ #include <sys/dlpi.h> #include <sys/ddi.h> #include <sys/kstat.h> +#include <sys/strsubr.h> #include <sys/strsun.h> #include <sys/ethernet.h> #include <net/ppp_defs.h> @@ -269,7 +269,7 @@ sppp_dlpi_pinfoinit(void) dl_pinfo[DL_UNBIND_REQ].pi_funcp = sppp_dlunbindreq; dl_pinfo[DL_INFO_REQ].pi_minlen = sizeof (dl_info_req_t); - dl_pinfo[DL_INFO_REQ].pi_state = 0; /* special handling */ + dl_pinfo[DL_INFO_REQ].pi_state = -1; /* special handling */ dl_pinfo[DL_INFO_REQ].pi_funcp = sppp_dlinforeq; dl_pinfo[DL_UNITDATA_REQ].pi_minlen = sizeof (dl_unitdata_req_t); @@ -277,15 +277,15 @@ sppp_dlpi_pinfoinit(void) dl_pinfo[DL_UNITDATA_REQ].pi_funcp = sppp_dlunitdatareq; dl_pinfo[DL_PROMISCON_REQ].pi_minlen = sizeof (dl_promiscon_req_t); - dl_pinfo[DL_PROMISCON_REQ].pi_state = 0; /* special handling */ + dl_pinfo[DL_PROMISCON_REQ].pi_state = -1; /* special handling */ dl_pinfo[DL_PROMISCON_REQ].pi_funcp = sppp_dlpromisconreq; dl_pinfo[DL_PROMISCOFF_REQ].pi_minlen = sizeof (dl_promiscoff_req_t); - dl_pinfo[DL_PROMISCOFF_REQ].pi_state = 0; /* special handling */ + dl_pinfo[DL_PROMISCOFF_REQ].pi_state = -1; /* special handling */ dl_pinfo[DL_PROMISCOFF_REQ].pi_funcp = sppp_dlpromiscoffreq; dl_pinfo[DL_PHYS_ADDR_REQ].pi_minlen = sizeof (dl_phys_addr_req_t); - dl_pinfo[DL_PHYS_ADDR_REQ].pi_state = 0; /* special handling */ + dl_pinfo[DL_PHYS_ADDR_REQ].pi_state = -1; /* special handling */ dl_pinfo[DL_PHYS_ADDR_REQ].pi_funcp = sppp_dlphyreq; } @@ -330,8 +330,8 @@ sppp_mproto(queue_t *q, mblk_t *mp, spppstr_t *sps) "bad mproto: primitive len %d < %d\n", len, dpi->pi_minlen)); error = DL_BADPRIM; - } else if ((dpi->pi_state != 0) && - (sps->sps_dlstate != dpi->pi_state)) { + } else if (dpi->pi_state != -1 && + sps->sps_dlstate != dpi->pi_state) { DBGERROR((CE_CONT, "bad state %d != %d for primitive %d\n", sps->sps_dlstate, dpi->pi_state, prim)); @@ -404,13 +404,13 @@ static void sppp_dl_attach_upper(queue_t *q, mblk_t *mp) { sppa_t *ppa; - spppstr_t *sps; + spppstr_t *sps = q->q_ptr; union DL_primitives *dlp; + int err = ENOMEM; + cred_t *cr; + zoneid_t zoneid; - ASSERT(q != NULL && q->q_ptr != NULL); - sps = (spppstr_t *)q->q_ptr; ASSERT(!IS_SPS_PIOATTACH(sps)); - ASSERT(mp != NULL && mp->b_rptr != NULL); dlp = (union DL_primitives *)mp->b_rptr; /* If there's something here, it's detached. */ @@ -418,20 +418,27 @@ sppp_dl_attach_upper(queue_t *q, mblk_t *mp) sppp_remove_ppa(sps); } + if ((cr = msg_getcred(mp, NULL)) == NULL) + zoneid = sps->sps_zoneid; + else + zoneid = crgetzoneid(cr); + ppa = sppp_find_ppa(dlp->attach_req.dl_ppa); - if (ppa == NULL) - ppa = sppp_create_ppa(dlp->attach_req.dl_ppa); + if (ppa == NULL) { + ppa = sppp_create_ppa(dlp->attach_req.dl_ppa, zoneid); + } else if (ppa->ppa_zoneid != zoneid) { + ppa = NULL; + err = EPERM; + } /* - * If we can't find it, then it's either because the requestor - * has supplied a wrong dl_ppa to be attached to, or because - * the control stream for the specified ppa has been closed - * before we get here. + * If we can't find or create it, then it's either because we're out of + * memory or because the requested PPA is owned by a different zone. */ if (ppa == NULL) { DBGERROR((CE_CONT, "DLPI attach: cannot create ppa %u\n", dlp->attach_req.dl_ppa)); - dlerrorack(q, mp, dlp->dl_primitive, DL_SYSERR, ENOMEM); + dlerrorack(q, mp, dlp->dl_primitive, DL_SYSERR, err); return; } /* @@ -548,7 +555,7 @@ sppp_dlbindreq(queue_t *q, mblk_t *mp, spppstr_t *sps) DBGERROR((CE_CONT, "DLPI bind: no attached ppa\n")); error = DL_OUTSTATE; } else if ((req_sap != ETHERTYPE_IP) && (req_sap != ETHERTYPE_IPV6) && - (req_sap != ETHERTYPE_ALLSAP)) { + (req_sap != ETHERTYPE_ALLSAP)) { DBGERROR((CE_CONT, "DLPI bind: unknown SAP %x\n", req_sap)); error = DL_BADADDR; } @@ -588,7 +595,7 @@ sppp_dl_bind(queue_t *q, mblk_t *mp) ASSERT(ppa != NULL); req_sap = dlp->bind_req.dl_sap; ASSERT((req_sap == ETHERTYPE_IP) || (req_sap == ETHERTYPE_IPV6) || - (req_sap == ETHERTYPE_ALLSAP)); + (req_sap == ETHERTYPE_ALLSAP)); if (req_sap == ETHERTYPE_IP) { sap = PPP_IP; @@ -701,7 +708,7 @@ sppp_dl_unbind(queue_t *q, mblk_t *mp) msg = NULL; saydown = (ppa->ppa_ctl != NULL && (sps->sps_npmode == NPMODE_PASS || - sps->sps_npmode == NPMODE_QUEUE)); + sps->sps_npmode == NPMODE_QUEUE)); if (sap == PPP_IP) { ppa->ppa_ip_cache = NULL; if (saydown) diff --git a/usr/src/uts/common/io/ppp/sppp/sppp_mod.c b/usr/src/uts/common/io/ppp/sppp/sppp_mod.c index e0c1ecc4f7..168cf17f49 100644 --- a/usr/src/uts/common/io/ppp/sppp/sppp_mod.c +++ b/usr/src/uts/common/io/ppp/sppp/sppp_mod.c @@ -1,7 +1,7 @@ /* * sppp_mod.c - modload support for PPP pseudo-device driver. * - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * Permission to use, copy, modify, and distribute this software and its @@ -104,7 +104,7 @@ static struct qinit sppp_uwinit = { static struct qinit sppp_lrinit = { (int (*)())sppp_lrput, /* qi_putp */ - NULL, /* qi_srvp */ + (int (*)())sppp_lrsrv, /* qi_srvp */ NULL, /* qi_qopen */ NULL, /* qi_qclose */ NULL, /* qi_qadmin */ @@ -209,6 +209,7 @@ _mi_driver_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) if (cmd != DDI_ATTACH) { return (DDI_FAILURE); } + _mi_dip = dip; if (ddi_create_minor_node(dip, PPP_DRV_NAME, S_IFCHR, 0, DDI_PSEUDO, CLONE_DEV) == DDI_FAILURE) { ddi_remove_minor_node(dip, NULL); @@ -231,6 +232,7 @@ _mi_driver_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) return (DDI_FAILURE); } ddi_remove_minor_node(dip, NULL); + _mi_dip = NULL; return (DDI_SUCCESS); } @@ -243,7 +245,7 @@ _mi_driver_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) /* ARGSUSED */ static int _mi_driver_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, - void **result) + void **result) { int rc; diff --git a/usr/src/uts/common/io/ppp/spppcomp/spppcomp.c b/usr/src/uts/common/io/ppp/spppcomp/spppcomp.c index c097f225bc..1179d817de 100644 --- a/usr/src/uts/common/io/ppp/spppcomp/spppcomp.c +++ b/usr/src/uts/common/io/ppp/spppcomp/spppcomp.c @@ -1,7 +1,7 @@ /* * spppcomp.c - STREAMS module for kernel-level compression and CCP support. * - * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * Permission to use, copy, modify, and distribute this software and its @@ -46,7 +46,6 @@ * performance and scalability. */ -#pragma ident "%Z%%M% %I% %E% SMI" #define RCSID "$Id: spppcomp.c,v 1.0 2000/05/08 01:10:12 masputra Exp $" #include <sys/types.h> @@ -102,10 +101,10 @@ static const char buildtime[] = "Built " __DATE__ " at " __TIME__ static int spppcomp_open(queue_t *, dev_t *, int, int, cred_t *); static int spppcomp_close(queue_t *, int, cred_t *); -static int spppcomp_rput(queue_t *, mblk_t *); -static int spppcomp_rsrv(queue_t *); -static int spppcomp_wput(queue_t *, mblk_t *); -static int spppcomp_wsrv(queue_t *); +static void spppcomp_rput(queue_t *, mblk_t *); +static void spppcomp_rsrv(queue_t *); +static void spppcomp_wput(queue_t *, mblk_t *); +static void spppcomp_wsrv(queue_t *); #define PPPCOMP_MI_MINPSZ (0) #define PPPCOMP_MI_MAXPSZ (INFPSZ) @@ -122,8 +121,8 @@ static struct module_info spppcomp_modinfo = { }; static struct qinit spppcomp_rinit = { - spppcomp_rput, /* qi_putp */ - spppcomp_rsrv, /* qi_srvp */ + (int (*)())spppcomp_rput, /* qi_putp */ + (int (*)())spppcomp_rsrv, /* qi_srvp */ spppcomp_open, /* qi_qopen */ spppcomp_close, /* qi_qclose */ NULL, /* qi_qadmin */ @@ -132,8 +131,8 @@ static struct qinit spppcomp_rinit = { }; static struct qinit spppcomp_winit = { - spppcomp_wput, /* qi_putp */ - spppcomp_wsrv, /* qi_srvp */ + (int (*)())spppcomp_wput, /* qi_putp */ + (int (*)())spppcomp_wsrv, /* qi_srvp */ NULL, /* qi_qopen */ NULL, /* qi_qclose */ NULL, /* qi_qadmin */ @@ -236,17 +235,13 @@ spppcomp_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp) { sppp_comp_t *cp; - ASSERT(q != NULL); - ASSERT(devp != NULL); - if (q->q_ptr != NULL) { return (0); } if (sflag != MODOPEN) { return (EINVAL); } - cp = (sppp_comp_t *)kmem_zalloc(sizeof (sppp_comp_t), KM_SLEEP); - ASSERT(cp != NULL); + cp = kmem_zalloc(sizeof (sppp_comp_t), KM_SLEEP); q->q_ptr = WR(q)->q_ptr = (caddr_t)cp; cp->cp_mru = PPP_MRU; @@ -274,11 +269,7 @@ spppcomp_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp) static int spppcomp_close(queue_t *q, int flag, cred_t *credp) { - sppp_comp_t *cp; - - ASSERT(q != NULL); - ASSERT(q->q_ptr != NULL); - cp = (sppp_comp_t *)q->q_ptr; + sppp_comp_t *cp = q->q_ptr; qprocsoff(q); @@ -321,17 +312,12 @@ spppcomp_close(queue_t *q, int flag, cred_t *credp) * most processing will be performed here in-line, and deferral * occurs only when necessary. */ -static int +static void spppcomp_wput(queue_t *q, mblk_t *mp) { - sppp_comp_t *cp; + sppp_comp_t *cp = q->q_ptr; int flag; - ASSERT(q != NULL); - ASSERT(q->q_ptr != NULL); - cp = (sppp_comp_t *)q->q_ptr; - ASSERT(mp != NULL && mp->b_rptr != NULL); - switch (MTYPE(mp)) { case M_DATA: if (q->q_first != NULL || !bcanputnext(q, mp->b_band) || @@ -340,14 +326,14 @@ spppcomp_wput(queue_t *q, mblk_t *mp) #ifdef SPC_DEBUG cp->cp_out_queued++; #endif - (void) putq(q, mp); + if (!putq(q, mp)) + freemsg(mp); } else { #ifdef SPC_DEBUG cp->cp_out_handled++; #endif - if ((mp = spppcomp_outpkt(q, mp)) != NULL) { + if ((mp = spppcomp_outpkt(q, mp)) != NULL) putnext(q, mp); - } } break; case M_IOCTL: @@ -382,10 +368,12 @@ spppcomp_wput(queue_t *q, mblk_t *mp) putnext(q, mp); break; default: - putnext(q, mp); + if (bcanputnext(q, mp->b_band)) + putnext(q, mp); + else if (!putq(q, mp)) + freemsg(mp); break; } - return (0); } /* @@ -397,17 +385,12 @@ spppcomp_wput(queue_t *q, mblk_t *mp) * Description: * Write-side service procedure. */ -static int +static void spppcomp_wsrv(queue_t *q) { mblk_t *mp; - ASSERT(q != NULL); - ASSERT(q->q_ptr != NULL); - while ((mp = getq(q)) != NULL) { - /* We should only place M_DATA on the service queue. */ - ASSERT(MTYPE(mp) == M_DATA); /* * If the module below us is flow-controlled, then put * this message back on the queue again. @@ -416,11 +399,10 @@ spppcomp_wsrv(queue_t *q) (void) putbq(q, mp); break; } - if ((mp = spppcomp_outpkt(q, mp)) != NULL) { + if (MTYPE(mp) != M_DATA || + (mp = spppcomp_outpkt(q, mp)) != NULL) putnext(q, mp); - } } - return (0); } /* @@ -440,12 +422,7 @@ spppcomp_outpkt(queue_t *q, mblk_t *mp) mblk_t *zmp; int len; ushort_t proto; - sppp_comp_t *cp; - - ASSERT(q != NULL); - ASSERT(mp != NULL); - cp = (sppp_comp_t *)q->q_ptr; - ASSERT(cp != NULL); + sppp_comp_t *cp = q->q_ptr; /* * If the entire data size of the mblk is less than the length of the @@ -716,7 +693,7 @@ msg_oerror: static int spppcomp_inner_ioctl(queue_t *q, mblk_t *mp) { - sppp_comp_t *cp; + sppp_comp_t *cp = q->q_ptr; int flags; int mask; int rc; @@ -732,12 +709,6 @@ spppcomp_inner_ioctl(queue_t *q, mblk_t *mp) struct iocblk *iop; void *xtemp; - ASSERT(q != NULL); - ASSERT(q->q_ptr != NULL); - cp = (sppp_comp_t *)q->q_ptr; - ASSERT(mp != NULL); - ASSERT(mp->b_rptr != NULL); - iop = (struct iocblk *)mp->b_rptr; rc = EINVAL; len = 0; @@ -966,10 +937,6 @@ spppcomp_getcstat(queue_t *q, mblk_t *mp, sppp_comp_t *cp) mblk_t *mpnext; struct ppp_comp_stats *csp; - ASSERT(q != NULL); - ASSERT(q->q_ptr != NULL); - ASSERT(mp != NULL); - ASSERT(mp->b_rptr != NULL); ASSERT(cp != NULL); mpnext = allocb(sizeof (struct ppp_comp_stats), BPRI_MED); @@ -1011,10 +978,6 @@ spppcomp_ioctl(queue_t *q, mblk_t *mp, sppp_comp_t *cp) struct iocblk *iop; int flag; - ASSERT(q != NULL); - ASSERT(q->q_ptr != NULL); - ASSERT(mp != NULL); - ASSERT(mp->b_rptr != NULL); ASSERT(cp != NULL); iop = (struct iocblk *)mp->b_rptr; @@ -1080,18 +1043,12 @@ spppcomp_ioctl(queue_t *q, mblk_t *mp, sppp_comp_t *cp) static int spppcomp_mctl(queue_t *q, mblk_t *mp) { - sppp_comp_t *cp; + sppp_comp_t *cp = q->q_ptr; kstat_t *ksp; char unit[32]; const char **cpp; kstat_named_t *knt; - ASSERT(q != NULL); - ASSERT(q->q_ptr != NULL); - cp = (sppp_comp_t *)q->q_ptr; - ASSERT(mp != NULL); - ASSERT(mp->b_rptr != NULL); - switch (*mp->b_rptr) { case PPPCTL_MTU: if (MBLKL(mp) < 4) { @@ -1187,20 +1144,15 @@ spppcomp_mctl(queue_t *q, mblk_t *mp) * more and we're in an interrupt context (on the theory that * we're hogging the CPU in this case). */ -static int +static void spppcomp_rput(queue_t *q, mblk_t *mp) { - sppp_comp_t *cp; + sppp_comp_t *cp = q->q_ptr; struct iocblk *iop; struct ppp_stats64 *psp; boolean_t inter; hrtime_t curtime; - ASSERT(q != NULL); - ASSERT(q->q_ptr != NULL); - cp = (sppp_comp_t *)q->q_ptr; - ASSERT(mp != NULL); - switch (MTYPE(mp)) { case M_DATA: inter = servicing_interrupt(); @@ -1239,12 +1191,12 @@ spppcomp_rput(queue_t *q, mblk_t *mp) #ifdef SPC_DEBUG cp->cp_in_queued++; #endif - (void) putq(q, mp); + if (!putq(q, mp)) + freemsg(mp); } break; case M_IOCACK: iop = (struct iocblk *)mp->b_rptr; - ASSERT(iop != NULL); /* * Bundled with pppstats; no need to handle PPPIO_GETSTAT * here since we'll never see it. @@ -1308,10 +1260,12 @@ spppcomp_rput(queue_t *q, mblk_t *mp) break; default: - putnext(q, mp); + if (bcanputnext(q, mp->b_band)) + putnext(q, mp); + else if (!putq(q, mp)) + freemsg(mp); break; } - return (0); } /* @@ -1329,17 +1283,12 @@ spppcomp_rput(queue_t *q, mblk_t *mp) * it will put the unprocessed data on the queue for later * handling. */ -static int +static void spppcomp_rsrv(queue_t *q) { mblk_t *mp; - ASSERT(q != NULL); - ASSERT(q->q_ptr != NULL); - while ((mp = getq(q)) != NULL) { - /* We should only place M_DATA on the service queue. */ - ASSERT(MTYPE(mp) == M_DATA); /* * If the module above us is flow-controlled, then put * this message back on the queue again. @@ -1348,10 +1297,10 @@ spppcomp_rsrv(queue_t *q) (void) putbq(q, mp); break; } - if ((mp = spppcomp_inpkt(q, mp)) != NULL) + if (MTYPE(mp) != M_DATA || + (mp = spppcomp_inpkt(q, mp)) != NULL) putnext(q, mp); } - return (0); } /* @@ -1373,12 +1322,7 @@ spppcomp_inpkt(queue_t *q, mblk_t *mp) uchar_t *dp; int len; int hlen; - sppp_comp_t *cp; - - ASSERT(q != NULL); - ASSERT(mp != NULL); - cp = (sppp_comp_t *)q->q_ptr; - ASSERT(cp != NULL); + sppp_comp_t *cp = q->q_ptr; len = msgsize(mp); @@ -1685,11 +1629,6 @@ comp_ccp(queue_t *q, mblk_t *mp, sppp_comp_t *cp, boolean_t rcvd) int clen; uchar_t *dp; - ASSERT(q != NULL); - ASSERT(q->q_ptr != NULL); - ASSERT(mp != NULL); - ASSERT(cp != NULL); - len = msgsize(mp); if (len < PPP_HDRLEN + CCP_HDRLEN) { return; @@ -1771,19 +1710,16 @@ comp_ccp(queue_t *q, mblk_t *mp, sppp_comp_t *cp, boolean_t rcvd) static int spppcomp_kstat_update(kstat_t *ksp, int rw) { - register sppp_comp_t *cp; - register spppcomp_kstats_t *cpkp; - register struct vjstat *sp; - register struct pppstat64 *psp; + sppp_comp_t *cp = ksp->ks_private; + spppcomp_kstats_t *cpkp; + struct vjstat *sp; + struct pppstat64 *psp; struct ppp_comp_stats csp; if (rw == KSTAT_WRITE) { return (EACCES); } - cp = (sppp_comp_t *)ksp->ks_private; - ASSERT(cp != NULL); - cpkp = (spppcomp_kstats_t *)ksp->ks_data; bzero((caddr_t)&csp, sizeof (struct ppp_comp_stats)); diff --git a/usr/src/uts/common/io/ppp/sppptun/sppptun.c b/usr/src/uts/common/io/ppp/sppptun/sppptun.c index 18e124c07b..18a729a1db 100644 --- a/usr/src/uts/common/io/ppp/sppptun/sppptun.c +++ b/usr/src/uts/common/io/ppp/sppptun/sppptun.c @@ -20,7 +20,7 @@ */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -448,7 +448,7 @@ sppptun_open(queue_t *q, dev_t *devp, int oflag, int sflag, cred_t *credp) char *cp; /* ordinary users have no need to push this module */ - if (secpolicy_net_config(credp, B_FALSE) != 0) + if (secpolicy_ppp_config(credp) != 0) return (EPERM); tll = kmem_zalloc(sizeof (tunll_t), KM_SLEEP); @@ -456,6 +456,7 @@ sppptun_open(queue_t *q, dev_t *devp, int oflag, int sflag, cred_t *credp) tll->tll_index = tunll_index++; tll->tll_wq = WR(q); + tll->tll_zoneid = crgetzoneid(credp); /* Insert at end of list */ insque(&tll->tll_next, tunll_list.q_back); @@ -514,6 +515,7 @@ sppptun_open(queue_t *q, dev_t *devp, int oflag, int sflag, cred_t *credp) return (ENOSR); tcl->tcl_rq = q; /* save read queue pointer */ tcl->tcl_flags |= TCLF_ISCLIENT; /* sanity check */ + tcl->tcl_zoneid = crgetzoneid(credp); q->q_ptr = WR(q)->q_ptr = (caddr_t)tcl; *devp = makedevice(getmajor(*devp), tcl->tcl_lsessid); @@ -539,17 +541,18 @@ make_control(tuncl_t *tclabout, tunll_t *tllabout, int action, tuncl_t *tclto) if (mp != NULL) { MTYPE(mp) = M_PROTO; ptc = (struct ppptun_control *)mp->b_wptr; + bzero(ptc, sizeof (*ptc)); mp->b_wptr += sizeof (*ptc); if (tclabout != NULL) { ptc->ptc_rsessid = tclabout->tcl_rsessid; ptc->ptc_address = tclabout->tcl_address; - } else { - bzero(ptc, sizeof (*ptc)); } ptc->ptc_discrim = tclto->tcl_ctlval; ptc->ptc_action = action; - (void) strncpy(ptc->ptc_name, tllabout->tll_name, - sizeof (ptc->ptc_name)); + if (tllabout != NULL) { + (void) strncpy(ptc->ptc_name, tllabout->tll_name, + sizeof (ptc->ptc_name)); + } } return (mp); } @@ -797,7 +800,8 @@ sppptun_outpkt(queue_t *q, mblk_t **mpp) *mpp = NULL; if (!(tcl->tcl_flags & TCLF_ISCLIENT)) { - merror(q, mp, EINVAL); + /* This should never happen on a lower layer stream */ + freemsg(mp); return (NULL); } @@ -815,7 +819,8 @@ sppptun_outpkt(queue_t *q, mblk_t **mpp) KCINCR(cks_octrl_drop); DTRACE_PROBE2(sppptun__bad__control, tuncl_t *, tcl, mblk_t *, mp); - merror(q, mp, EINVAL); + send_control(tcl, tcl->tcl_ctrl_tll, PTCA_BADCTRL, tcl); + freemsg(mp); return (NULL); } ptc = (struct ppptun_control *)mp->b_rptr; @@ -846,18 +851,22 @@ sppptun_outpkt(queue_t *q, mblk_t **mpp) } /* Don't allow empty control packets. */ + tll = tcl->tcl_ctrl_tll; if (mp->b_cont == NULL) { KCINCR(cks_octrl_drop); - merror(q, mp, EINVAL); + DTRACE_PROBE2(sppptun__bad__control, tuncl_t *, tcl, + mblk_t *, mp); + send_control(tcl, tll, PTCA_BADCTRL, tcl); + freemsg(mp); return (NULL); } - tll = tcl->tcl_ctrl_tll; } if (tll == NULL || (lowerq = tll->tll_wq) == NULL) { DTRACE_PROBE3(sppptun__cannot__send, tuncl_t *, tcl, tunll_t *, tll, mblk_t *, mp); - merror(q, mp, ENXIO); + send_control(tcl, tll, PTCA_UNPLUMB, tcl); + freemsg(mp); if (isdata) { tcl->tcl_stats.ppp_oerrors++; } else { @@ -919,7 +928,7 @@ sppptun_outpkt(queue_t *q, mblk_t **mpp) ether_copy(tcl->tcl_address.pta_pppoe.ptma_mac, edestp->addr); /* DLPI SAPs are in host byte order! */ - edestp->type = ETHERTYPE_PPPOES; + edestp->type = tll->tll_sap; /* Make sure the protocol field isn't compressed. */ len = (*mp->b_rptr & 1); @@ -969,7 +978,7 @@ sppptun_outpkt(queue_t *q, mblk_t **mpp) edestp = (ether_dest_t *)(dur + 1); /* DLPI SAPs are in host byte order! */ - edestp->type = ETHERTYPE_PPPOED; + edestp->type = tll->tll_sap; /* * If destination isn't set yet, then we have to @@ -1070,13 +1079,14 @@ save_for_close(tunll_t *tll, mblk_t *mp) * perimeters. */ static tunll_t * -tll_lookup_on_name(char *dname) +tll_lookup_on_name(const char *dname, zoneid_t zoneid) { tunll_t *tll; tll = TO_TLL(tunll_list.q_forw); for (; tll != TO_TLL(&tunll_list); tll = TO_TLL(tll->tll_next)) - if (strcmp(dname, tll->tll_name) == 0) + if (tll->tll_zoneid == zoneid && + strcmp(dname, tll->tll_name) == 0) return (tll); return (NULL); } @@ -1106,6 +1116,7 @@ sppptun_inner_ioctl(queue_t *q, mblk_t *mp) mblk_t *mptmp; ppptun_atype *pap; struct ppp_stats64 *psp; + zoneid_t zoneid; iop = (struct iocblk *)mp->b_rptr; tcl = NULL; @@ -1163,7 +1174,8 @@ sppptun_inner_ioctl(queue_t *q, mblk_t *mp) ptn = (union ppptun_name *)mp->b_cont->b_rptr; ptn->ptn_name[sizeof (ptn->ptn_name) - 1] = '\0'; - if ((tll = tll_lookup_on_name(ptn->ptn_name)) != NULL) { + tll = tll_lookup_on_name(ptn->ptn_name, tll->tll_zoneid); + if (tll != NULL) { rc = EEXIST; break; } @@ -1171,23 +1183,6 @@ sppptun_inner_ioctl(queue_t *q, mblk_t *mp) (void) strcpy(tll->tll_name, ptn->ptn_name); break; - case PPPTUN_GNAME: - /* This is done on the *module* (lower level) side. */ - if (tll == NULL) { - rc = EINVAL; - break; - } - if (mp->b_cont != NULL) - freemsg(mp->b_cont); - if ((mp->b_cont = allocb(sizeof (*ptn), BPRI_HI)) == NULL) { - rc = ENOSR; - break; - } - ptn = (union ppptun_name *)mp->b_cont->b_rptr; - bcopy(tll->tll_name, ptn->ptn_name, sizeof (ptn->ptn_name)); - len = sizeof (*ptn); - break; - case PPPTUN_SINFO: case PPPTUN_GINFO: /* Either side */ @@ -1197,7 +1192,8 @@ sppptun_inner_ioctl(queue_t *q, mblk_t *mp) } pti = (struct ppptun_info *)mp->b_cont->b_rptr; if (pti->pti_name[0] != '\0') - tll = tll_lookup_on_name(pti->pti_name); + tll = tll_lookup_on_name(pti->pti_name, + tcl == NULL ? tll->tll_zoneid : tcl->tcl_zoneid); if (tll == NULL) { /* Driver (client) side must have name */ if (tcl != NULL && pti->pti_name[0] == '\0') @@ -1246,11 +1242,15 @@ sppptun_inner_ioctl(queue_t *q, mblk_t *mp) rc = EINVAL; break; } + zoneid = tcl == NULL ? tll->tll_zoneid : tcl->tcl_zoneid; ptn = (union ppptun_name *)mp->b_cont->b_rptr; i = ptn->ptn_index; tll = TO_TLL(tunll_list.q_forw); - while (--i >= 0 && tll != TO_TLL(&tunll_list)) + while (tll != TO_TLL(&tunll_list)) { + if (tll->tll_zoneid == zoneid && --i < 0) + break; tll = TO_TLL(tll->tll_next); + } if (tll != TO_TLL(&tunll_list)) { bcopy(tll->tll_name, ptn->ptn_name, sizeof (ptn->ptn_name)); @@ -1384,7 +1384,7 @@ sppptun_inner_ioctl(queue_t *q, mblk_t *mp) } ptn = (union ppptun_name *)mp->b_cont->b_rptr; ptn->ptn_name[sizeof (ptn->ptn_name) - 1] = '\0'; - tll = tll_lookup_on_name(ptn->ptn_name); + tll = tll_lookup_on_name(ptn->ptn_name, tcl->tcl_zoneid); if (tll == NULL) { rc = ESRCH; break; @@ -1462,7 +1462,7 @@ sppptun_inner_ioctl(queue_t *q, mblk_t *mp) } ptn = (union ppptun_name *)mp->b_cont->b_rptr; ptn->ptn_name[sizeof (ptn->ptn_name) - 1] = '\0'; - tll = tll_lookup_on_name(ptn->ptn_name); + tll = tll_lookup_on_name(ptn->ptn_name, tcl->tcl_zoneid); if (tll == NULL || tll->tll_defcl != tcl) { rc = ESRCH; break; @@ -1470,6 +1470,17 @@ sppptun_inner_ioctl(queue_t *q, mblk_t *mp) tll->tll_defcl = NULL; break; + case PPPTUN_SSAP: + /* This is done on the *module* (lower level) side. */ + if (tll == NULL || mp->b_cont == NULL || + iop->ioc_count != sizeof (uint_t)) { + rc = EINVAL; + break; + } + + tll->tll_sap = *(uint_t *)mp->b_cont->b_rptr; + break; + default: /* Caller should already have checked command value */ ASSERT(0); @@ -1508,7 +1519,6 @@ sppptun_ioctl(queue_t *q, mblk_t *mp) case PPPIO_GETSTAT: case PPPIO_GETSTAT64: case PPPTUN_SNAME: - case PPPTUN_GNAME: case PPPTUN_SINFO: case PPPTUN_GINFO: case PPPTUN_GNNAME: @@ -1520,6 +1530,7 @@ sppptun_ioctl(queue_t *q, mblk_t *mp) case PPPTUN_SCTL: case PPPTUN_GCTL: case PPPTUN_DCTL: + case PPPTUN_SSAP: qwriter(q, mp, sppptun_inner_ioctl, PERIM_INNER); return; diff --git a/usr/src/uts/common/io/ppp/sppptun/sppptun_impl.h b/usr/src/uts/common/io/ppp/sppptun/sppptun_impl.h index 444d19e293..58480ae60c 100644 --- a/usr/src/uts/common/io/ppp/sppptun/sppptun_impl.h +++ b/usr/src/uts/common/io/ppp/sppptun/sppptun_impl.h @@ -20,7 +20,7 @@ */ /* - * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -107,6 +107,10 @@ struct tunll_s { tll_kstats_t tll_kstats; /* current statistics */ kstat_t *tll_ksp; /* pointer to kstats allocation */ + + uint_t tll_sap; /* SAP for PPPoE */ + + zoneid_t tll_zoneid; }; /* @@ -141,6 +145,8 @@ struct tuncl_s { struct pppstat64 tcl_stats; /* Standard PPP statistics */ tcl_kstats_t tcl_kstats; /* current statistics */ kstat_t *tcl_ksp; /* pointer to kstats allocation */ + + zoneid_t tcl_zoneid; }; #define TO_TLL(p) \ diff --git a/usr/src/uts/common/net/sppptun.h b/usr/src/uts/common/net/sppptun.h index 0ffeb1dd40..ae6e170c6f 100644 --- a/usr/src/uts/common/net/sppptun.h +++ b/usr/src/uts/common/net/sppptun.h @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -23,7 +22,7 @@ * sppptun.h - ioctl and other miscellaneous definitions for PPP * tunneling STREAMS module * - * Copyright 2000-2002 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * See also: @@ -36,8 +35,6 @@ #ifndef __SPPPTUN_H #define __SPPPTUN_H -#pragma ident "%Z%%M% %I% %E% SMI" - #include <sys/types.h> #include <sys/socket.h> #include <sys/ethernet.h> @@ -59,7 +56,6 @@ extern "C" { * of the PPP tunnel multiplexor. */ #define PPPTUN_SNAME _PPPTUN(1) /* set interface name (mod) */ -#define PPPTUN_GNAME _PPPTUN(2) /* get interface name (mod) */ #define PPPTUN_SINFO _PPPTUN(3) /* set multiplex ID/style */ #define PPPTUN_GINFO _PPPTUN(4) /* get multiplex ID/style */ #define PPPTUN_GNNAME _PPPTUN(5) /* get Nth interface name */ @@ -71,6 +67,7 @@ extern "C" { #define PPPTUN_SCTL _PPPTUN(11) /* set control channel by name */ #define PPPTUN_GCTL _PPPTUN(12) /* get control channel name */ #define PPPTUN_DCTL _PPPTUN(13) /* remove control channel */ +#define PPPTUN_SSAP _PPPTUN(14) /* set SAP value; uint_t */ /* Lower layer link name size */ #define PPPTUNNAMSIZ 32 @@ -160,6 +157,7 @@ struct ppptun_control { #define PTCA_CONTROL 2 /* Inbound control message */ #define PTCA_DISCONNECT 3 /* Client disconnected */ #define PTCA_UNPLUMB 4 /* Lower stream unplumbed (no addr) */ +#define PTCA_BADCTRL 5 /* Malformed control message */ #ifdef __cplusplus } diff --git a/usr/src/uts/common/os/policy.c b/usr/src/uts/common/os/policy.c index b71b956f8a..608bb4f338 100644 --- a/usr/src/uts/common/os/policy.c +++ b/usr/src/uts/common/os/policy.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -2288,3 +2288,17 @@ secpolicy_dld_ioctl(const cred_t *cr, const char *dld_priv, const char *msg) return (-rv); } + +/* + * secpolicy_ppp_config + * + * Determine if the subject has sufficient privileges to configure PPP and + * PPP-related devices. + */ +int +secpolicy_ppp_config(const cred_t *cr) +{ + if (PRIV_POLICY_ONLY(cr, PRIV_SYS_NET_CONFIG, B_FALSE)) + return (secpolicy_net_config(cr, B_FALSE)); + return (PRIV_POLICY(cr, PRIV_SYS_PPP_CONFIG, B_FALSE, EPERM, NULL)); +} diff --git a/usr/src/uts/common/os/priv_defs b/usr/src/uts/common/os/priv_defs index 430218de55..8875ddccab 100644 --- a/usr/src/uts/common/os/priv_defs +++ b/usr/src/uts/common/os/priv_defs @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * INSERT COMMENT @@ -390,7 +390,8 @@ privilege PRIV_SYS_IP_CONFIG privilege PRIV_SYS_NET_CONFIG - Allows all that PRIV_SYS_IP_CONFIG and PRIV_SYS_DL_CONFIG allow. + Allows all that PRIV_SYS_IP_CONFIG, PRIV_SYS_DL_CONFIG, and + PRIV_SYS_PPP_CONFIG allow. Allows a process to push the rpcmod STREAMs module. Allows a process to INSERT/REMOVE STREAMs modules on locations other than the top of the module stack. @@ -401,6 +402,11 @@ privilege PRIV_SYS_NFS Allows a process to bind to ports reserved by NFS: ports 2049 (nfs) and port 4045 (lockd). +privilege PRIV_SYS_PPP_CONFIG + + Allows a process to create and destroy PPP (sppp) interfaces. + Allows a process to configure PPP tunnels (sppptun). + privilege PRIV_SYS_RES_CONFIG Allows a process to create and delete processor sets, assign diff --git a/usr/src/uts/common/sys/policy.h b/usr/src/uts/common/sys/policy.h index 8d93c7780e..9d9baab3e1 100644 --- a/usr/src/uts/common/sys/policy.h +++ b/usr/src/uts/common/sys/policy.h @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -120,6 +120,7 @@ int secpolicy_pcfs_modify_bootpartition(const cred_t *); int secpolicy_ponline(const cred_t *); int secpolicy_pool(const cred_t *); int secpolicy_power_mgmt(const cred_t *); +int secpolicy_ppp_config(const cred_t *); int secpolicy_proc_access(const cred_t *); int secpolicy_proc_excl_open(const cred_t *); int secpolicy_proc_owner(const cred_t *, const cred_t *, int); |