Created attachment 218030 [details] abstract priv_check() for iee80211 and add more arguments to allow a NetBSD kauth based implementation The kernel authorization system in NetBSD is (optionally) quite fine grained and needs a bit more data to take decisions. This creates an ifdef mess in my adaption of the FreeBSD wifi stack, but it could be easily avoided with a minor change similar to the attached patch. The definitions for the macro should move to the OS specific header (so only the FreeBSD definition in ieee80211_freebsd.h), I left them all together so the reason for the change is more obvious.
Hi! I think we should put the priv checks in as a method in ieee80211_freebsd.c, so your ieee80211_netbsd.c can implement it as well. (same with the dfbsd and haiku users when they update.) What do you think instead of creating some stub priv check functions rather than using system defines, and we'll then have to define them in our ieee80211_{os}.c file? Thanks! We're also super open to adding whatever else makes portability easier, so if you find freebsd specific things that you're #ifdef'ing do let us know and let's figure out a better way to abstract it.
Hi Martin, if adrian's suggestion would work for you I'll go and implement that? /bz
Sure, that works fine for me - thanks!
Hi, I have uploaded a diff for review: https://reviews.freebsd.org/D26541 Drop me a private email if you have an account. I am not sure if that will work for you current code (given vap != ic) but based on your diff, you also have a "vap" so should be fine.
A commit references this bug: Author: bz Date: Sun Oct 18 21:34:05 UTC 2020 New revision: 366817 URL: https://svnweb.freebsd.org/changeset/base/366817 Log: net80211: factor out the priv(9) checks into OS specifc code. Factor out the priv(9) checks into OS specifc code so other OSes can equally implement them. This sorts out those XXX in the net80211 code. We provide 3 arguments (cmd, vap, ifp) where available to the functions, in order to allow other OSes to use that data but also in case we'd add auditing to these check to have the information available. For now the arguments are marked __unused. PR: 249403 Reported by: martin(NetBSD) Reviewed by: adrian, martin(NetBSD) MFC after: 10 days Sponsored by: Rubicon Communications, LLC (d/b/a "Netgate") Differential Revision: https://reviews.freebsd.org/D26541 Changes: head/sys/net80211/ieee80211_freebsd.c head/sys/net80211/ieee80211_freebsd.h head/sys/net80211/ieee80211_ioctl.c
A commit references this bug: Author: bz Date: Thu Nov 5 12:17:51 UTC 2020 New revision: 367378 URL: https://svnweb.freebsd.org/changeset/base/367378 Log: MFC r366817: net80211: factor out the priv(9) checks into OS specifc code. Factor out the priv(9) checks into OS specifc code so other OSes can equally implement them. This sorts out those XXX in the net80211 code. We provide 3 arguments (cmd, vap, ifp) where available to the functions, in order to allow other OSes to use that data but also in case we'd add auditing to these check to have the information available. For now the arguments are marked __unused. PR: 249403 Changes: _U stable/12/ stable/12/sys/net80211/ieee80211_freebsd.c stable/12/sys/net80211/ieee80211_freebsd.h stable/12/sys/net80211/ieee80211_ioctl.c
Thanks for bringing this up!