From robert@fledge.watson.org  Sat Sep  5 11:34:21 1998
Received: from fledge.watson.org (COPLAND.CODA.CS.CMU.EDU [128.2.222.48])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA28873
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 5 Sep 1998 11:34:20 -0700 (PDT)
          (envelope-from robert@fledge.watson.org)
Received: (from robert@localhost)
	by fledge.watson.org (8.8.8/8.8.8) id OAA02133;
	Sat, 5 Sep 1998 14:33:08 -0400 (EDT)
Message-Id: <199809051833.OAA02133@fledge.watson.org>
Date: Sat, 5 Sep 1998 14:33:08 -0400 (EDT)
From: robert@fledge.watson.org
Reply-To: robert+freebsd@cyrus.watson.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: patches to add a p_auth extension pointer to the proc structure
X-Send-Pr-Version: 3.2

>Number:         7837
>Category:       kern
>Synopsis:       patches to add a p_auth extension pointer to the proc structure
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    rwatson
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep  5 11:40:01 PDT 1998
>Closed-Date:    Wed Nov 28 08:23:03 PST 2001
>Last-Modified:  Wed Nov 28 08:23:45 PST 2001
>Originator:     Robert Watson
>Release:        FreeBSD 3.0-CURRENT
>Organization:
>Environment:

3.0-CURRENT

>Description:

This patch adds an extra pointer to the proc structure (p_authext).  This
pointer is zero'd for each new process at creation time.

The intent of this patch is to allow lkm's and kernel modifications to hook
additional authenticatoin and authorization data into the proc structure
as needed.  Example uses include:
	
	FreeBSD Kernel Tokens (http://www.freebsd.org/fbsd-hardening/tokens/)
	POSIX Capabilities (http://www.computer.org/)
	Sandboxing support
	process auditing information

The authext information would most likely be set in an at_fork() lkm hook,
or by hooking the exec code.

>How-To-Repeat:
>Fix:
	
Patch:


diff -ur /usr/src/sys/kern/init_main.c sys/kern/init_main.c
--- /usr/src/sys/kern/init_main.c	Thu Jun 25 08:31:39 1998
+++ sys/kern/init_main.c	Fri Jul  3 15:01:37 1998
@@ -355,6 +355,8 @@
 	p->p_ucred = crget();
 	p->p_ucred->cr_ngroups = 1;	/* group 0 */
 
+	p->p_authext = 0;
+
 	/* Create the file descriptor table. */
 	fdp = &filedesc0;
 	p->p_fd = &fdp->fd_fd;
diff -ur /usr/src/sys/sys/proc.h sys/sys/proc.h
--- /usr/src/sys/sys/proc.h	Thu Jun 25 08:32:19 1998
+++ sys/sys/proc.h	Fri Jul  3 15:17:55 1998
@@ -121,6 +121,7 @@
 
 	pid_t	p_oppid;	 /* Save parent pid during ptrace. XXX */
 	int	p_dupfd;	 /* Sideways return value from fdopen. XXX */
+	void	*p_authext;	 /* authentication extensions */
 
 	struct	vmspace *p_vmspace;	/* Address space. */
 
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->rwatson 
Responsible-Changed-By: dd 
Responsible-Changed-When: Sat Jun 9 16:19:20 PDT 2001 
Responsible-Changed-Why:  
Over to originator, who can decide whether this is still desirable. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=7837 
State-Changed-From-To: open->closed 
State-Changed-By: rwatson 
State-Changed-When: Wed Nov 28 08:23:03 PST 2001 
State-Changed-Why:  
Hey, I have a commit bit of my very own, now :-). 

I have bigger and better things in the pipeline to solve this problem 
in a more flexible/scalable way; as such, I'm closing this PR. 


http://www.FreeBSD.org/cgi/query-pr.cgi?pr=7837 
>Unformatted:
