From patchwork Wed Jan 20 15:43:36 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Florian Westphal <fw@strlen.de>
X-Patchwork-Id: 1429320
X-Patchwork-Delegate: matthieu.baerts@tessares.net
Return-Path: <mptcp-bounces@lists.01.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.01.org
 (client-ip=2001:19d0:306:5::1; helo=ml01.01.org;
 envelope-from=mptcp-bounces@lists.01.org; receiver=<UNKNOWN>)
Received: from ml01.01.org (ml01.01.org [IPv6:2001:19d0:306:5::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4DLWLY2Nxjz9s24
	for <incoming@patchwork.ozlabs.org>; Thu, 21 Jan 2021 03:33:56 +1100 (AEDT)
Received: from ml01.vlan13.01.org (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id B1B21100EB84E;
	Wed, 20 Jan 2021 08:33:54 -0800 (PST)
Received-SPF: Pass (mailfrom) identity=mailfrom;
 client-ip=2a0a:51c0:0:12e:520::1; helo=chamillionaire.breakpoint.cc;
 envelope-from=fw@breakpoint.cc; receiver=<UNKNOWN>
Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc
 [IPv6:2a0a:51c0:0:12e:520::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(No client certificate requested)
	by ml01.01.org (Postfix) with ESMTPS id 810E6100EB84E
	for <mptcp@lists.01.org>; Wed, 20 Jan 2021 07:44:05 -0800 (PST)
Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92)
	(envelope-from <fw@breakpoint.cc>)
	id 1l2FeO-0006aE-2p; Wed, 20 Jan 2021 16:44:04 +0100
From: Florian Westphal <fw@strlen.de>
To: <mptcp@lists.01.org>
Cc: Florian Westphal <fw@strlen.de>
Date: Wed, 20 Jan 2021 16:43:36 +0100
Message-Id: <20210120154337.27997-5-fw@strlen.de>
X-Mailer: git-send-email 2.26.2
In-Reply-To: <20210120154337.27997-1-fw@strlen.de>
References: <20210120154337.27997-1-fw@strlen.de>
MIME-Version: 1.0
X-MailFrom: fw@breakpoint.cc
X-Mailman-Rule-Hits: administrivia
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; implicit-dest;
 max-recipients; max-size; news-moderation; no-subject; suspicious-header
Message-ID-Hash: RQZZP6JFWLE2SPXWFGZRQDRWIEC735JF
X-Message-ID-Hash: RQZZP6JFWLE2SPXWFGZRQDRWIEC735JF
X-Mailman-Approved-At: Wed, 20 Jan 2021 16:33:53 -0800
X-Mailman-Version: 3.1.1
Precedence: list
Subject: [MPTCP] [PATCH v2 mptcp-next 4/5] genetlink: add CAP_NET_ADMIN test
 for multicast bind
List-Id: Discussions regarding MPTCP upstreaming <mptcp.lists.01.org>
Archived-At: 
 <https://lists.01.org/hyperkitty/list/mptcp@lists.01.org/message/RQZZP6JFWLE2SPXWFGZRQDRWIEC735JF/>
List-Archive: <https://lists.01.org/hyperkitty/list/mptcp@lists.01.org/>
List-Help: <mailto:mptcp-request@lists.01.org?subject=help>
List-Post: <mailto:mptcp@lists.01.org>
List-Subscribe: <mailto:mptcp-join@lists.01.org>
List-Unsubscribe: <mailto:mptcp-leave@lists.01.org>

genetlink sets NL_CFG_F_NONROOT_RECV for its netlink socket so anyone can
subscribe to multicast messages.

rtnetlink doesn't allow this unconditionally,  rtnetlink_bind() restricts
bind requests to CAP_NET_ADMIN for a few groups.

This allows to set GENL_UNS_ADMIN_PERM flag on genl mcast groups to
mandate CAP_NET_ADMIN.

This will be used by the upcoming mptcp netlink event facility which
exposes the token (mptcp connection identifier) to userspace.

Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
---
 include/net/genetlink.h |  1 +
 net/netlink/genetlink.c | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/include/net/genetlink.h b/include/net/genetlink.h
index e55ec1597ce7..7cb3fa8310ed 100644
--- a/include/net/genetlink.h
+++ b/include/net/genetlink.h
@@ -14,6 +14,7 @@
  */
 struct genl_multicast_group {
 	char			name[GENL_NAMSIZ];
+	u8			flags;
 };
 
 struct genl_ops;
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index c992424e4d63..2d6fdf40df66 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -1360,11 +1360,43 @@ static struct genl_family genl_ctrl __ro_after_init = {
 	.netnsok = true,
 };
 
+static int genl_bind(struct net *net, int group)
+{
+	const struct genl_family *family;
+	unsigned int id;
+	int ret = 0;
+
+	genl_lock_all();
+
+	idr_for_each_entry(&genl_fam_idr, family, id) {
+		const struct genl_multicast_group *grp;
+		int i;
+
+		if (family->n_mcgrps == 0)
+			continue;
+
+		i = group - family->mcgrp_offset;
+		if (i < 0 || i >= family->n_mcgrps)
+			continue;
+
+		grp = &family->mcgrps[i];
+		if ((grp->flags & GENL_UNS_ADMIN_PERM) &&
+		    !ns_capable(net->user_ns, CAP_NET_ADMIN))
+			ret = -EPERM;
+
+		break;
+	}
+
+	genl_unlock_all();
+	return ret;
+}
+
 static int __net_init genl_pernet_init(struct net *net)
 {
 	struct netlink_kernel_cfg cfg = {
 		.input		= genl_rcv,
 		.flags		= NL_CFG_F_NONROOT_RECV,
+		.bind		= genl_bind,
 	};
 
 	/* we'll bump the group number right afterwards */