Libinfo-222.4.11.tar.gz

author Apple <opensource@apple.com>

Mon, 8 Jan 2007 22:43:39 +0000 (22:43 +0000)

committer Apple <opensource@apple.com>

Mon, 8 Jan 2007 22:43:39 +0000 (22:43 +0000)
author Apple <opensource@apple.com>
Mon, 8 Jan 2007 22:43:39 +0000 (22:43 +0000)
committer Apple <opensource@apple.com>
Mon, 8 Jan 2007 22:43:39 +0000 (22:43 +0000)
diff --git a/lookup.subproj/lu_group.c b/lookup.subproj/lu_group.c

index ae183102da82038cade9e74b56c92ecb6a214cfb..844cd3c09c854e6fd72937717b7a669d48b960f9 100644 (file)
--- a/lookup.subproj/lu_group.c
+++ b/lookup.subproj/lu_group.c
@@ -64,7 +64,7 @@ static pthread_mutex_t _group_lock = PTHREAD_MUTEX_INITIALIZER;
  #define MEMBERD_NAME "com.apple.memberd"
  static mach_port_t mbr_port = MACH_PORT_NULL;
  typedef uint32_t GIDArray[16];
  #define MEMBERD_NAME "com.apple.memberd"
  static mach_port_t mbr_port = MACH_PORT_NULL;
  typedef uint32_t GIDArray[16];
-extern kern_return_t _mbr_GetGroups(mach_port_t server, uint32_t uid, uint32_t *numGroups, GIDArray gids);
+extern kern_return_t _mbr_GetGroups(mach_port_t server, uint32_t uid, uint32_t *numGroups, GIDArray gids, security_token_t *token);
  
  #define GR_GET_NAME 1
  #define GR_GET_GID 2
  
  #define GR_GET_NAME 1
  #define GR_GET_GID 2
@@ -104,7 +104,7 @@ free_lu_thread_info_group(void *x)
         if (x == NULL) return;
  
         tdata = (struct lu_thread_info *)x;
         if (x == NULL) return;
  
         tdata = (struct lu_thread_info *)x;
-       
+
         if (tdata->lu_entry != NULL)
         {
                 free_group((struct group *)tdata->lu_entry);
         if (tdata->lu_entry != NULL)
         {
                 free_group((struct group *)tdata->lu_entry);
@@ -290,7 +290,7 @@ copy_group_r(struct group *in, struct group *out, char *buffer, int buflen)
                         ap += hsize;
                 }
         }
                         ap += hsize;
                 }
         }
-       
+
         memset(bp, 0, sizeof(unsigned long));
         bp = ap;
  
         memset(bp, 0, sizeof(unsigned long));
         bp = ap;
  
@@ -458,7 +458,7 @@ lu_getgrgid(int gid)
         static int proc = -1;
         int count;
         char *lookup_buf;
         static int proc = -1;
         int count;
         char *lookup_buf;
-       
+
         if (proc < 0)
         {
                 if (_lookup_link(_lu_port, "getgrgid", &proc) != KERN_SUCCESS)
         if (proc < 0)
         {
                 if (_lookup_link(_lu_port, "getgrgid", &proc) != KERN_SUCCESS)
@@ -675,6 +675,7 @@ mbr_getgrouplist(const char *name, int basegid, int *groups, int *grpcnt, int du
         int pwstatus;
         GIDArray gids;
         int status, maxgroups;
         int pwstatus;
         GIDArray gids;
         int status, maxgroups;
+       security_token_t token;
  
         status = 0;
  
  
         status = 0;
  
@@ -699,9 +700,13 @@ mbr_getgrouplist(const char *name, int basegid, int *groups, int *grpcnt, int du
         if (pwstatus != 0) return status;
         if (res == NULL) return status;
  
         if (pwstatus != 0) return status;
         if (res == NULL) return status;
  
+       token.val[0] = -1;
+       token.val[1] = -1;
+
         count = 0;
         count = 0;
-       kstatus = _mbr_GetGroups(mbr_port, p.pw_uid, &count, gids);
+       kstatus = _mbr_GetGroups(mbr_port, p.pw_uid, &count, gids, &token);
         if (kstatus != KERN_SUCCESS) return status;
         if (kstatus != KERN_SUCCESS) return status;
+       if (token.val[0] != 0) return KERN_FAILURE;
  
         for (i = 0; (i < count) && (status == 0); i++) 
         {
  
         for (i = 0; (i < count) && (status == 0); i++) 
         {
@@ -729,7 +734,7 @@ lu_getgrouplist(const char *name, int basegid, int *groups, int *grpcnt, int dup
         if (name == NULL) return status;
         if (groups == NULL) return status;
         if (grpcnt == NULL) return status;
         if (name == NULL) return status;
         if (groups == NULL) return status;
         if (grpcnt == NULL) return status;
-       
+
         maxgroups = *grpcnt;
         *grpcnt = 0;
  
         maxgroups = *grpcnt;
         *grpcnt = 0;
  
@@ -792,12 +797,12 @@ getgrouplist_internal(const char *name, int basegid, int *groups, int *grpcnt, i
         {
                 return mbr_getgrouplist(name, basegid, groups, grpcnt, dupbase);
         }
         {
                 return mbr_getgrouplist(name, basegid, groups, grpcnt, dupbase);
         }
-       
+
         if (_lu_running())
         {
                 return lu_getgrouplist(name, basegid, groups, grpcnt, dupbase);
         }
         if (_lu_running())
         {
                 return lu_getgrouplist(name, basegid, groups, grpcnt, dupbase);
         }
-       
+
         return _old_getgrouplist(name, basegid, groups, grpcnt);
  }
  
         return _old_getgrouplist(name, basegid, groups, grpcnt);
  }
  
@@ -836,7 +841,7 @@ lu_getgrent()
                 tdata = (struct lu_thread_info *)calloc(1, sizeof(struct lu_thread_info));
                 _lu_data_set_key(_lu_data_key_group, tdata);
         }
                 tdata = (struct lu_thread_info *)calloc(1, sizeof(struct lu_thread_info));
                 _lu_data_set_key(_lu_data_key_group, tdata);
         }
-       
+
         if (tdata->lu_vm == NULL)
         {
                 if (proc < 0)
         if (tdata->lu_vm == NULL)
         {
                 if (proc < 0)
@@ -886,7 +891,7 @@ lu_getgrent()
         }
  
         tdata->lu_vm_cursor--;
         }
  
         tdata->lu_vm_cursor--;
-       
+
         return g;
  }
  
         return g;
  }
  
diff --git a/mdns.subproj/dnssd_ipc.h b/mdns.subproj/dnssd_ipc.h

index ccdcd25a0fa98d7d4785260852d210f922f8c243..cecfd463826dc36b6f4cb723a8568ee3ff886354 100644 (file)
--- a/mdns.subproj/dnssd_ipc.h
+++ b/mdns.subproj/dnssd_ipc.h
@@ -183,7 +183,7 @@ typedef union
      uint32_t ptr64[2];
      } client_context_t;
  
      uint32_t ptr64[2];
      } client_context_t;
  
-typedef struct ipc_msg_hdr_struct
+typedef struct __attribute__((__packed__)) ipc_msg_hdr_struct
      {
      uint32_t version;
      uint32_t datalen;
      {
      uint32_t version;
      uint32_t datalen;
diff --git a/membership.subproj/memberd.defs b/membership.subproj/memberd.defs

index 8067127fad3f29bb183c5210d42fbaffa6ce6cd9..34c65b3f6eaad425353c8ca46b0438901db81e87 100644 (file)
--- a/membership.subproj/memberd.defs
+++ b/membership.subproj/memberd.defs
@@ -1,5 +1,5 @@
  /*
  /*
- * Copyright (c) 2004-2005 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2004-2007 Apple Computer, Inc. All rights reserved.
   *
   * @APPLE_LICENSE_HEADER_START@
   *
   *
   * @APPLE_LICENSE_HEADER_START@
   *
@@ -26,6 +26,7 @@ subsystem memberd 8000;
  serverprefix Server;
  
  #include <mach/std_types.defs>
  serverprefix Server;
  
  #include <mach/std_types.defs>
+#include <mach/mach_types.defs>
  import "memberd_defines.h";
  
  type kauth_identity_extlookup = struct [200] of uint8_t;
  import "memberd_defines.h";
  
  type kauth_identity_extlookup = struct [200] of uint8_t;
@@ -37,30 +38,53 @@ type GIDArray = array [16] of uint32_t;
  
  type string = c_string[*:256];
  
  
  type string = c_string[*:256];
  
-routine _mbr_DoMembershipCall(
-                               server: mach_port_t;
-               inout   request: kauth_identity_extlookup);
+routine _mbr_DoMembershipCall
+(
+       server: mach_port_t;
+       inout request: kauth_identity_extlookup;
+       UserSecToken token : security_token_t
+);
  
  
-routine _mbr_GetStats(
-                               server: mach_port_t;
-               out             stats: StatBlock);
+routine _mbr_GetStats
+(
+       server: mach_port_t;
+       out stats: StatBlock;
+       UserSecToken token : security_token_t
+);
  
  
-routine _mbr_ClearStats( server: mach_port_t );
+routine _mbr_ClearStats
+(
+       server: mach_port_t;
+       UserSecToken token : security_token_t
+);
  
  
-routine _mbr_MapName(
-                               server:         mach_port_t;
-               in              isUser:         uint8_t;
-               in              name:           string;
-               out             guid:           guid_t );
+routine _mbr_MapName
+(
+       server: mach_port_t;
+       in isUser: uint8_t;
+       in name: string;
+       out guid: guid_t;
+       UserSecToken token : security_token_t
+);
  
  
-routine _mbr_GetGroups(
-                               server:         mach_port_t;
-               in              uid:            uint32_t;
-               out             numGroups:  uint32_t;
-               out             gids:           GIDArray );
-               
-routine _mbr_ClearCache( server: mach_port_t );
+routine _mbr_GetGroups
+(
+       server: mach_port_t;
+       in uid: uint32_t;
+       out numGroups: uint32_t;
+       out gids: GIDArray;
+       UserSecToken token : security_token_t
+);
+ 
+routine _mbr_ClearCache
+(
+       server: mach_port_t;
+       UserSecToken token : security_token_t
+);
  
  
-routine _mbr_DumpState(
-                               server:         mach_port_t;
-               in              logOnly:        uint8_t );
+routine _mbr_DumpState
+(
+       server: mach_port_t;
+       in logOnly: uint8_t;
+       UserSecToken token : security_token_t
+);
diff --git a/membership.subproj/membership.c b/membership.subproj/membership.c

index de0165352e09452776e41b62c7f57be717f66b52..30014af3ede7b5c8ffe7f4f4ecca81be956e3fad 100644 (file)
--- a/membership.subproj/membership.c
+++ b/membership.subproj/membership.c
@@ -1,5 +1,5 @@
  /*
  /*
- * Copyright (c) 2004 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2004-2007 Apple Computer, Inc. All rights reserved.
   *
   * @APPLE_LICENSE_HEADER_START@
   *
   *
   * @APPLE_LICENSE_HEADER_START@
   *
@@ -28,24 +28,18 @@
  #include <servers/bootstrap.h>
  #include <mach/mach.h>
  #include <stdlib.h>
  #include <servers/bootstrap.h>
  #include <mach/mach.h>
  #include <stdlib.h>
-#import <libkern/OSByteOrder.h>
+#include <libkern/OSByteOrder.h>
  
  static mach_port_t GetServerPort()
  {
         kern_return_t result;
  
  static mach_port_t GetServerPort()
  {
         kern_return_t result;
-       static mach_port_t              bsPort = 0;
-       static mach_port_t              fServerPort = 0;
-       
+       static mach_port_t bsPort = 0;
+       static mach_port_t fServerPort = 0;
+
         if (bsPort == 0)
         {
         if (bsPort == 0)
         {
-               result = task_get_bootstrap_port( mach_task_self(), &bsPort );
-               result = bootstrap_look_up( bsPort, "com.apple.memberd", &fServerPort );
-
-//             if the port lookup failed, the rpc will fail and we will return EIO
-//             if (result != MACH_MSG_SUCCESS)
-//             {
-//                     printf("Got error %d on lookup (is memberd running?)\n", result);
-//             }
+               result = task_get_bootstrap_port(mach_task_self(), &bsPort);
+               result = bootstrap_look_up(bsPort, "com.apple.memberd", &fServerPort);
         }
  
         return fServerPort;
         }
  
         return fServerPort;
@@ -54,15 +48,19 @@ static mach_port_t GetServerPort()
  int mbr_uid_to_uuid(uid_t id, uuid_t uu)
  {
         struct kauth_identity_extlookup request;
  int mbr_uid_to_uuid(uid_t id, uuid_t uu)
  {
         struct kauth_identity_extlookup request;
+       security_token_t token;
         int result = 0;
  
         int result = 0;
  
-       request.el_seqno = 1;  // used as byte order field
+       token.val[0] = -1;
+       token.val[1] = -1;
+
+       request.el_seqno = 1;  /* used as byte order field */
         request.el_flags = KAUTH_EXTLOOKUP_VALID_UID | KAUTH_EXTLOOKUP_WANT_UGUID;
         request.el_uid = id;
         request.el_flags = KAUTH_EXTLOOKUP_VALID_UID | KAUTH_EXTLOOKUP_WANT_UGUID;
         request.el_uid = id;
-       result = _mbr_DoMembershipCall(GetServerPort(), &request);
-       if (result != KERN_SUCCESS)
-               return EIO;
-               
+       result = _mbr_DoMembershipCall(GetServerPort(), &request, &token);
+       if (result != KERN_SUCCESS) return EIO;
+       if (token.val[0] != 0) return EAUTH;
+
         if ((request.el_flags & KAUTH_EXTLOOKUP_VALID_UGUID) != 0)
                 memcpy(uu, &request.el_uguid, sizeof(guid_t));
         else
         if ((request.el_flags & KAUTH_EXTLOOKUP_VALID_UGUID) != 0)
                 memcpy(uu, &request.el_uguid, sizeof(guid_t));
         else
@@ -74,39 +72,46 @@ int mbr_uid_to_uuid(uid_t id, uuid_t uu)
  int mbr_gid_to_uuid(gid_t id, uuid_t uu)
  {
         struct kauth_identity_extlookup request;
  int mbr_gid_to_uuid(gid_t id, uuid_t uu)
  {
         struct kauth_identity_extlookup request;
+       security_token_t token;
         kern_return_t result;
         int error = 0;
  
         kern_return_t result;
         int error = 0;
  
-       request.el_seqno = 1;  // used as byte order field
+       token.val[0] = -1;
+       token.val[1] = -1;
+
+       request.el_seqno = 1;  /* used as byte order field */
         request.el_flags = KAUTH_EXTLOOKUP_VALID_GID | KAUTH_EXTLOOKUP_WANT_GGUID;
         request.el_gid = id;
         request.el_flags = KAUTH_EXTLOOKUP_VALID_GID | KAUTH_EXTLOOKUP_WANT_GGUID;
         request.el_gid = id;
-       result = _mbr_DoMembershipCall(GetServerPort(), &request);
-       if (result != KERN_SUCCESS)
-               return EIO;
-               
+       result = _mbr_DoMembershipCall(GetServerPort(), &request, &token);
+       if (result != KERN_SUCCESS) return EIO;
+       if (token.val[0] != 0) return EAUTH;
+
         if ((request.el_flags & KAUTH_EXTLOOKUP_VALID_GGUID) != 0)
                 memcpy(uu, &request.el_gguid, sizeof(guid_t));
         else
                 error = ENOENT;
         if ((request.el_flags & KAUTH_EXTLOOKUP_VALID_GGUID) != 0)
                 memcpy(uu, &request.el_gguid, sizeof(guid_t));
         else
                 error = ENOENT;
-               
+
         return error;
  }
  
         return error;
  }
  
-int mbr_uuid_to_id( const uuid_t uu, uid_t* id, int* id_type)
+int mbr_uuid_to_id(const uuid_t uu, uid_t *id, int *id_type)
  {
         struct kauth_identity_extlookup request;
  {
         struct kauth_identity_extlookup request;
+       security_token_t token;
         kern_return_t result;
         int error = 0;
  
         kern_return_t result;
         int error = 0;
  
-       request.el_seqno = 1;  // used as byte order field
-       request.el_flags = KAUTH_EXTLOOKUP_VALID_UGUID | KAUTH_EXTLOOKUP_VALID_GGUID |
-                                               KAUTH_EXTLOOKUP_WANT_UID | KAUTH_EXTLOOKUP_WANT_GID;
+       token.val[0] = -1;
+       token.val[1] = -1;
+
+       request.el_seqno = 1;  /* used as byte order field */
+       request.el_flags = KAUTH_EXTLOOKUP_VALID_UGUID | KAUTH_EXTLOOKUP_VALID_GGUID | KAUTH_EXTLOOKUP_WANT_UID | KAUTH_EXTLOOKUP_WANT_GID;
         memcpy(&request.el_uguid, uu, sizeof(guid_t));
         memcpy(&request.el_gguid, uu, sizeof(guid_t));
         memcpy(&request.el_uguid, uu, sizeof(guid_t));
         memcpy(&request.el_gguid, uu, sizeof(guid_t));
-       result = _mbr_DoMembershipCall(GetServerPort(), &request);
-       if (result != KERN_SUCCESS)
-               return EIO;
-               
+       result = _mbr_DoMembershipCall(GetServerPort(), &request, &token);
+       if (result != KERN_SUCCESS) return EIO;
+       if (token.val[0] != 0) return EAUTH;
+
         if ((request.el_flags & KAUTH_EXTLOOKUP_VALID_UID) != 0)
         {
                 *id = request.el_uid;
         if ((request.el_flags & KAUTH_EXTLOOKUP_VALID_UID) != 0)
         {
                 *id = request.el_uid;
@@ -118,215 +123,247 @@ int mbr_uuid_to_id( const uuid_t uu, uid_t* id, int* id_type)
                 *id_type = ID_TYPE_GID;
         }
         else
                 *id_type = ID_TYPE_GID;
         }
         else
+       {
                 error = ENOENT;
                 error = ENOENT;
-               
+       }
+
         return error;
  }
  
         return error;
  }
  
-int mbr_sid_to_uuid(const nt_sid_t* sid, uuid_t uu)
+int mbr_sid_to_uuid(const nt_sid_t *sid, uuid_t uu)
  {
         struct kauth_identity_extlookup request;
  {
         struct kauth_identity_extlookup request;
+       security_token_t token;
         kern_return_t result;
         int error = 0;
  
         kern_return_t result;
         int error = 0;
  
-       request.el_seqno = 1;  // used as byte order field
+       token.val[0] = -1;
+       token.val[1] = -1;
+
+       request.el_seqno = 1;  /* used as byte order field */
         request.el_flags = KAUTH_EXTLOOKUP_VALID_GSID | KAUTH_EXTLOOKUP_WANT_GGUID;
         memset(&request.el_gsid, 0, sizeof(ntsid_t));
         memcpy(&request.el_gsid, sid, KAUTH_NTSID_SIZE(sid));
         request.el_flags = KAUTH_EXTLOOKUP_VALID_GSID | KAUTH_EXTLOOKUP_WANT_GGUID;
         memset(&request.el_gsid, 0, sizeof(ntsid_t));
         memcpy(&request.el_gsid, sid, KAUTH_NTSID_SIZE(sid));
-       result = _mbr_DoMembershipCall(GetServerPort(), &request);
-       if (result != KERN_SUCCESS)
-               return EIO;
-               
+       result = _mbr_DoMembershipCall(GetServerPort(), &request, &token);
+       if (result != KERN_SUCCESS) return EIO;
+       if (token.val[0] != 0) return EAUTH;
+
         if ((request.el_flags & KAUTH_EXTLOOKUP_VALID_GGUID) != 0)
                 memcpy(uu, &request.el_gguid, sizeof(guid_t));
         else
                 error = ENOENT;
         if ((request.el_flags & KAUTH_EXTLOOKUP_VALID_GGUID) != 0)
                 memcpy(uu, &request.el_gguid, sizeof(guid_t));
         else
                 error = ENOENT;
-               
+
         return error;
  }
  
         return error;
  }
  
-int mbr_uuid_to_sid(const uuid_t uu, nt_sid_t* sid)
+int mbr_uuid_to_sid(const uuid_t uu, nt_sid_t *sid)
  {
         struct kauth_identity_extlookup request;
  {
         struct kauth_identity_extlookup request;
+       security_token_t token;
         kern_return_t result;
         int error = 0;
  
         kern_return_t result;
         int error = 0;
  
-       request.el_seqno = 1;  // used as byte order field
+       token.val[0] = -1;
+       token.val[1] = -1;
+
+       request.el_seqno = 1;  /* used as byte order field */
         request.el_flags = KAUTH_EXTLOOKUP_VALID_GGUID | KAUTH_EXTLOOKUP_WANT_GSID;
         memcpy(&request.el_gguid, uu, sizeof(guid_t));
         request.el_flags = KAUTH_EXTLOOKUP_VALID_GGUID | KAUTH_EXTLOOKUP_WANT_GSID;
         memcpy(&request.el_gguid, uu, sizeof(guid_t));
-       result = _mbr_DoMembershipCall(GetServerPort(), &request);
-       if (result != KERN_SUCCESS)
-               return EIO;
-               
+       result = _mbr_DoMembershipCall(GetServerPort(), &request, &token);
+       if (result != KERN_SUCCESS) return EIO;
+       if (token.val[0] != 0) return EAUTH;
+
         if ((request.el_flags & KAUTH_EXTLOOKUP_VALID_GSID) != 0)
                 memcpy(sid, &request.el_gsid, sizeof(nt_sid_t));
         else
                 error = ENOENT;
         if ((request.el_flags & KAUTH_EXTLOOKUP_VALID_GSID) != 0)
                 memcpy(sid, &request.el_gsid, sizeof(nt_sid_t));
         else
                 error = ENOENT;
-               
+
         return error;
  }
  
         return error;
  }
  
-int mbr_check_membership(uuid_t user, uuid_t group, int* ismember)
+int mbr_check_membership(uuid_t user, uuid_t group, int *ismember)
  {
         struct kauth_identity_extlookup request;
  {
         struct kauth_identity_extlookup request;
+       security_token_t token;
         kern_return_t result;
         int error = 0;
  
         kern_return_t result;
         int error = 0;
  
-       request.el_seqno = 1;  // used as byte order field
-       request.el_flags = KAUTH_EXTLOOKUP_VALID_UGUID | KAUTH_EXTLOOKUP_VALID_GGUID |
-                                               KAUTH_EXTLOOKUP_WANT_MEMBERSHIP;
+       token.val[0] = -1;
+       token.val[1] = -1;
+
+       request.el_seqno = 1;  /* used as byte order field */
+       request.el_flags = KAUTH_EXTLOOKUP_VALID_UGUID | KAUTH_EXTLOOKUP_VALID_GGUID | KAUTH_EXTLOOKUP_WANT_MEMBERSHIP;
         memcpy(&request.el_uguid, user, sizeof(guid_t));
         memcpy(&request.el_gguid, group, sizeof(guid_t));
         memcpy(&request.el_uguid, user, sizeof(guid_t));
         memcpy(&request.el_gguid, group, sizeof(guid_t));
-       result = _mbr_DoMembershipCall(GetServerPort(), &request);
-       if (result != KERN_SUCCESS)
-               return EIO;
-               
+       result = _mbr_DoMembershipCall(GetServerPort(), &request, &token);
+       if (result != KERN_SUCCESS) return EIO;
+       if (token.val[0] != 0) return EAUTH;
+
         if ((request.el_flags & KAUTH_EXTLOOKUP_VALID_MEMBERSHIP) != 0)
         if ((request.el_flags & KAUTH_EXTLOOKUP_VALID_MEMBERSHIP) != 0)
-       {
                 *ismember = ((request.el_flags & KAUTH_EXTLOOKUP_ISMEMBER) != 0);
                 *ismember = ((request.el_flags & KAUTH_EXTLOOKUP_ISMEMBER) != 0);
-       }
         else
                 error = ENOENT;
         else
                 error = ENOENT;
-               
+
         return error;
  }
  
         return error;
  }
  
-int mbr_check_membership_refresh(uuid_t user, uuid_t group, int* ismember)
+int mbr_check_membership_refresh(uuid_t user, uuid_t group, int *ismember)
  {
         struct kauth_identity_extlookup request;
  {
         struct kauth_identity_extlookup request;
+       security_token_t token;
         kern_return_t result;
         int error = 0;
  
         kern_return_t result;
         int error = 0;
  
-       request.el_seqno = 1;  // used as byte order field
-       request.el_flags = KAUTH_EXTLOOKUP_VALID_UGUID | KAUTH_EXTLOOKUP_VALID_GGUID |
-                                               KAUTH_EXTLOOKUP_WANT_MEMBERSHIP | (1<<15);
+       token.val[0] = -1;
+       token.val[1] = -1;
+
+       request.el_seqno = 1;  /* used as byte order field */
+       request.el_flags = KAUTH_EXTLOOKUP_VALID_UGUID | KAUTH_EXTLOOKUP_VALID_GGUID | KAUTH_EXTLOOKUP_WANT_MEMBERSHIP | (1 << 15);
         memcpy(&request.el_uguid, user, sizeof(guid_t));
         memcpy(&request.el_gguid, group, sizeof(guid_t));
         memcpy(&request.el_uguid, user, sizeof(guid_t));
         memcpy(&request.el_gguid, group, sizeof(guid_t));
-       result = _mbr_DoMembershipCall(GetServerPort(), &request);
-       if (result != KERN_SUCCESS)
-               return EIO;
-               
+       result = _mbr_DoMembershipCall(GetServerPort(), &request, &token);
+       if (result != KERN_SUCCESS) return EIO;
+       if (token.val[0] != 0) return EAUTH;
+
         if ((request.el_flags & KAUTH_EXTLOOKUP_VALID_MEMBERSHIP) != 0)
         if ((request.el_flags & KAUTH_EXTLOOKUP_VALID_MEMBERSHIP) != 0)
-       {
                 *ismember = ((request.el_flags & KAUTH_EXTLOOKUP_ISMEMBER) != 0);
                 *ismember = ((request.el_flags & KAUTH_EXTLOOKUP_ISMEMBER) != 0);
-       }
         else
                 error = ENOENT;
         else
                 error = ENOENT;
-               
+
         return error;
  }
  
         return error;
  }
  
-int mbr_check_membership_by_id(uuid_t user, gid_t group, int* ismember)
+int mbr_check_membership_by_id(uuid_t user, gid_t group, int *ismember)
  {
         struct kauth_identity_extlookup request;
  {
         struct kauth_identity_extlookup request;
+       security_token_t token;
         kern_return_t result;
         int error = 0;
  
         kern_return_t result;
         int error = 0;
  
-       request.el_seqno = 1;  // used as byte order field
-       request.el_flags = KAUTH_EXTLOOKUP_VALID_UGUID | KAUTH_EXTLOOKUP_VALID_GID |
-                                               KAUTH_EXTLOOKUP_WANT_MEMBERSHIP;
+       token.val[0] = -1;
+       token.val[1] = -1;
+
+       request.el_seqno = 1;  /* used as byte order field */
+       request.el_flags = KAUTH_EXTLOOKUP_VALID_UGUID | KAUTH_EXTLOOKUP_VALID_GID | KAUTH_EXTLOOKUP_WANT_MEMBERSHIP;
         memcpy(&request.el_uguid, user, sizeof(guid_t));
         request.el_gid = group;
         memcpy(&request.el_uguid, user, sizeof(guid_t));
         request.el_gid = group;
-       result = _mbr_DoMembershipCall(GetServerPort(), &request);
-       if (result != KERN_SUCCESS)
-               return EIO;
-               
+       result = _mbr_DoMembershipCall(GetServerPort(), &request, &token);
+       if (result != KERN_SUCCESS) return EIO;
+       if (token.val[0] != 0) return EAUTH;
+
         if ((request.el_flags & KAUTH_EXTLOOKUP_VALID_MEMBERSHIP) != 0)
         if ((request.el_flags & KAUTH_EXTLOOKUP_VALID_MEMBERSHIP) != 0)
-       {
                 *ismember = ((request.el_flags & KAUTH_EXTLOOKUP_ISMEMBER) != 0);
                 *ismember = ((request.el_flags & KAUTH_EXTLOOKUP_ISMEMBER) != 0);
-       }
         else
                 error = ENOENT;
         else
                 error = ENOENT;
-               
+
         return error;
  }
  
  int mbr_reset_cache()
  {
         return error;
  }
  
  int mbr_reset_cache()
  {
+       security_token_t token;
         kern_return_t result;
         kern_return_t result;
-       result = _mbr_ClearCache(GetServerPort());
-       if (result != KERN_SUCCESS)
-               return EIO;
+
+       token.val[0] = -1;
+       token.val[1] = -1;
+
+       result = _mbr_ClearCache(GetServerPort(), &token);
+       if (result != KERN_SUCCESS) return EIO;
+       if (token.val[0] != 0) return EAUTH;
+
         return 0;
  }
  
         return 0;
  }
  
-int mbr_user_name_to_uuid(const char* name, uuid_t uu)
+int mbr_user_name_to_uuid(const char *name, uuid_t uu)
  {
  {
+       security_token_t token;
         kern_return_t result;
         kern_return_t result;
-       
-       if (strlen(name) > 255)
-               return EINVAL;
-       
-       result = _mbr_MapName(GetServerPort(), 1, (char*)name, (guid_t*)uu);
-       
-       if (result == KERN_FAILURE)
-               return ENOENT;
-       else if (result != KERN_SUCCESS)
-               return EIO;
-               
+
+       if (name == NULL) return EINVAL;
+       if (strlen(name) > 255) return EINVAL;
+
+       token.val[0] = -1;
+       token.val[1] = -1;
+
+       result = _mbr_MapName(GetServerPort(), 1, (char *)name, (guid_t *)uu, &token);
+       if (result == KERN_FAILURE) return ENOENT;
+       else if (result != KERN_SUCCESS) return EIO;
+
+       if (token.val[0] != 0) return EAUTH;
+
         return 0;
  }
  
         return 0;
  }
  
-int mbr_group_name_to_uuid(const char* name, uuid_t uu)
+int mbr_group_name_to_uuid(const char *name, uuid_t uu)
  {
  {
+       security_token_t token;
         kern_return_t result;
         kern_return_t result;
-       
-       if (strlen(name) > 255)
-               return EINVAL;
-       
-       result = _mbr_MapName(GetServerPort(), 0, (char*)name, (guid_t*)uu);
-       
-       if (result == KERN_FAILURE)
-               return ENOENT;
-       else if (result != KERN_SUCCESS)
-               return EIO;
-               
+
+       if (name == NULL) return EINVAL;
+       if (strlen(name) > 255) return EINVAL;
+
+       token.val[0] = -1;
+       token.val[1] = -1;
+
+       result = _mbr_MapName(GetServerPort(), 0, (char *)name, (guid_t *)uu, &token);
+       if (result == KERN_FAILURE) return ENOENT;
+       else if (result != KERN_SUCCESS) return EIO;
+
+       if (token.val[0] != 0) return EAUTH;
+
         return 0;
  }
  
         return 0;
  }
  
-int mbr_check_service_membership(const uuid_t user, const char* servicename, int* ismember)
+int mbr_check_service_membership(const uuid_t user, const char *servicename, int *ismember)
  {
  {
-       char* prefix = "com.apple.access_";
-       char* all_services = "com.apple.access_all_services";
+       char *prefix = "com.apple.access_";
+       char *all_services = "com.apple.access_all_services";
         char groupName[256];
         uuid_t group_uu;
         int result, dummy;
         char groupName[256];
         uuid_t group_uu;
         int result, dummy;
-       
-       if (strlen(servicename) > 255 - strlen(prefix))
-               return EINVAL;
-       
-       // start by checking "all services"
+
+       if (servicename == NULL) return EINVAL;
+       if (strlen(servicename) > (255 - strlen(prefix))) return EINVAL;
+
+       /* start by checking "all services" */
         result = mbr_group_name_to_uuid(all_services, group_uu);
         result = mbr_group_name_to_uuid(all_services, group_uu);
-       
+
+       if (result == EAUTH) return result;
+
         if (result == ENOENT)
         {
         if (result == ENOENT)
         {
-               // all_services group didn't exist, check individual group
+               /* all_services group didn't exist, check individual group */
                 memcpy(groupName, prefix, strlen(prefix));
                 strcpy(groupName + strlen(prefix), servicename);
                 result = mbr_group_name_to_uuid(groupName, group_uu);
         }
                 memcpy(groupName, prefix, strlen(prefix));
                 strcpy(groupName + strlen(prefix), servicename);
                 result = mbr_group_name_to_uuid(groupName, group_uu);
         }
-       
+
         if (result == 0)
         if (result == 0)
+       {
                 result = mbr_check_membership_refresh(user, group_uu, ismember);
                 result = mbr_check_membership_refresh(user, group_uu, ismember);
+       }
+       else if (result == EAUTH)
+       {
+               return result;
+       }
         else
         {
         else
         {
-               // just force cache update with bogus membership check
+               /* just force cache update with bogus membership check */
                 memset(group_uu, 0, sizeof(group_uu));
                 mbr_check_membership_refresh(user, group_uu, &dummy);
         }
                 memset(group_uu, 0, sizeof(group_uu));
                 mbr_check_membership_refresh(user, group_uu, &dummy);
         }
-               
+
         return result;
  }
  
         return result;
  }
  
-static char* ConvertBytesToDecimal(char* buffer, unsigned long long value)
+static char *ConvertBytesToDecimal(char *buffer, unsigned long long value)
  {
  {
-       char* temp;
+       char *temp;
         buffer[24] = '\0';
         buffer[23] = '0';
         buffer[24] = '\0';
         buffer[23] = '0';
-       
-       if (value == 0)
-               return &buffer[23];
-       
+
+       if (value == 0) return &buffer[23];
+
         temp = &buffer[24];
         while (value != 0)
         {
         temp = &buffer[24];
         while (value != 0)
         {
@@ -334,23 +371,22 @@ static char* ConvertBytesToDecimal(char* buffer, unsigned long long value)
                 *temp = '0' + (value % 10);
                 value /= 10;
         }
                 *temp = '0' + (value % 10);
                 value /= 10;
         }
-       
+
         return temp;
  }
  
         return temp;
  }
  
-int mbr_sid_to_string(const nt_sid_t* sid, char* string)
+int mbr_sid_to_string(const nt_sid_t *sid, char *string)
  {
  {
-       char* current = string;
+       char *current = string;
         long long temp = 0;
         int i;
         char tempBuffer[25];
         long long temp = 0;
         int i;
         char tempBuffer[25];
-       
-       if (sid->sid_authcount > NTSID_MAX_AUTHORITIES)
-               return EINVAL;
-       
+
+       if (sid->sid_authcount > NTSID_MAX_AUTHORITIES) return EINVAL;
+
         for (i = 0; i < 6; i++)
                 temp = (temp << 8) | sid->sid_authority[i];
         for (i = 0; i < 6; i++)
                 temp = (temp << 8) | sid->sid_authority[i];
-       
+
         current[0] = 'S';
         current[1] = '-';
         current += 2;
         current[0] = 'S';
         current[1] = '-';
         current += 2;
@@ -359,54 +395,54 @@ int mbr_sid_to_string(const nt_sid_t* sid, char* string)
         *current = '-';
         current++;
         strcpy(current, ConvertBytesToDecimal(tempBuffer, temp));
         *current = '-';
         current++;
         strcpy(current, ConvertBytesToDecimal(tempBuffer, temp));
-       
-       for(i=0; i < sid->sid_authcount; i++)
+
+       for (i = 0; i < sid->sid_authcount; i++)
         {
                 current = current + strlen(current);
                 *current = '-';
                 current++;
                 strcpy(current, ConvertBytesToDecimal(tempBuffer, sid->sid_authorities[i]));
         }
         {
                 current = current + strlen(current);
                 *current = '-';
                 current++;
                 strcpy(current, ConvertBytesToDecimal(tempBuffer, sid->sid_authorities[i]));
         }
-       
+
         return 0;
  }
  
         return 0;
  }
  
-int mbr_string_to_sid(const char* string, nt_sid_t* sid)
+int mbr_string_to_sid(const char *string, nt_sid_t *sid)
  {
  {
-       char* current = string+2;
+       char *current = string+2;
         int count = 0;
         long long temp;
  
         memset(sid, 0, sizeof(nt_sid_t));
         int count = 0;
         long long temp;
  
         memset(sid, 0, sizeof(nt_sid_t));
-       if (string[0] != 'S' || string[1] != '-') return EINVAL;
-       
+       if ((string[0] != 'S') || (string[1] != '-')) return EINVAL;
+
         sid->sid_kind = strtol(current, &current, 10);
         if (*current == '\0') return EINVAL;
         current++;
         temp = strtoll(current, &current, 10);
         sid->sid_kind = strtol(current, &current, 10);
         if (*current == '\0') return EINVAL;
         current++;
         temp = strtoll(current, &current, 10);
-       // convert to BigEndian before copying
+
+       /* convert to BigEndian before copying */
         temp = OSSwapHostToBigInt64(temp);
         memcpy(sid->sid_authority, ((char*)&temp)+2, 6);
         temp = OSSwapHostToBigInt64(temp);
         memcpy(sid->sid_authority, ((char*)&temp)+2, 6);
-       while (*current != '\0' && count < NTSID_MAX_AUTHORITIES)
+       while ((*current != '\0') && (count < NTSID_MAX_AUTHORITIES))
         {
                 current++;
                 sid->sid_authorities[count] = strtol(current, &current, 10);
                 count++;
         }
         {
                 current++;
                 sid->sid_authorities[count] = strtol(current, &current, 10);
                 count++;
         }
-       
-       if (*current != '\0')
-               return EINVAL;
-       
+
+       if (*current != '\0') return EINVAL;
+
         sid->sid_authcount = count;
         sid->sid_authcount = count;
-       
+
         return 0;
  }
  
         return 0;
  }
  
-static void ConvertBytesToHex(char** string, char** data, int numBytes)
+static void ConvertBytesToHex(char **string, char **data, int numBytes)
  {
         int i;
  {
         int i;
-       
-       for (i=0; i < numBytes; i++)
+
+       for (i = 0; i < numBytes; i++)
         {
                 unsigned char hi = ((**data) >> 4) & 0xf;
                 unsigned char low = (**data) & 0xf;
         {
                 unsigned char hi = ((**data) >> 4) & 0xf;
                 unsigned char low = (**data) & 0xf;
@@ -414,7 +450,7 @@ static void ConvertBytesToHex(char** string, char** data, int numBytes)
                         **string = '0' + hi;
                 else
                         **string = 'A' + hi - 10;
                         **string = '0' + hi;
                 else
                         **string = 'A' + hi - 10;
-                       
+
                 (*string)++;
  
                 if (low < 10)
                 (*string)++;
  
                 if (low < 10)
@@ -427,10 +463,10 @@ static void ConvertBytesToHex(char** string, char** data, int numBytes)
         }
  }
  
         }
  }
  
-int mbr_uuid_to_string(const uuid_t uu, char* string)
+int mbr_uuid_to_string(const uuid_t uu, char *string)
  {
  {
-       char* guid = (char*)uu;
-       char* strPtr = string;
+       char *guid = (char *)uu;
+       char *strPtr = string;
         ConvertBytesToHex(&strPtr, &guid, 4);
         *strPtr = '-'; strPtr++;
         ConvertBytesToHex(&strPtr, &guid, 2);
         ConvertBytesToHex(&strPtr, &guid, 4);
         *strPtr = '-'; strPtr++;
         ConvertBytesToHex(&strPtr, &guid, 2);
@@ -441,36 +477,41 @@ int mbr_uuid_to_string(const uuid_t uu, char* string)
         *strPtr = '-'; strPtr++;
         ConvertBytesToHex(&strPtr, &guid, 6);
         *strPtr = '\0';
         *strPtr = '-'; strPtr++;
         ConvertBytesToHex(&strPtr, &guid, 6);
         *strPtr = '\0';
-       
+
         return 0;
  }
  
         return 0;
  }
  
-int mbr_string_to_uuid(const char* string, uuid_t uu)
+int mbr_string_to_uuid(const char *string, uuid_t uu)
  {
         short dataIndex = 0;
         int isFirstNibble = 1;
  {
         short dataIndex = 0;
         int isFirstNibble = 1;
-       
+
         if (strlen(string) > MBR_UU_STRING_SIZE)
                 return EINVAL;
         if (strlen(string) > MBR_UU_STRING_SIZE)
                 return EINVAL;
-       
+
         while (*string != '\0' && dataIndex < 16)
         {
                 char nibble;
         while (*string != '\0' && dataIndex < 16)
         {
                 char nibble;
-               
-               if (*string >= '0' && *string <= '9')
+
+               if ((*string >= '0') && (*string <= '9'))
+               {
                         nibble = *string - '0';
                         nibble = *string - '0';
-               else if (*string >= 'A' && *string <= 'F')
+               }
+               else if ((*string >= 'A') && (*string <= 'F'))
+               {
                         nibble = *string - 'A' + 10;
                         nibble = *string - 'A' + 10;
-               else if (*string >= 'a' && *string <= 'f')
+               }
+               else if ((*string >= 'a') && (*string <= 'f'))
+               {
                         nibble = *string - 'a' + 10;
                         nibble = *string - 'a' + 10;
+               }
                 else
                 {
                 else
                 {
-                       if (*string != '-')
-                               return EINVAL;
+                       if (*string != '-') return EINVAL;
                         string++;
                         continue;
                 }
                         string++;
                         continue;
                 }
-               
+
                 if (isFirstNibble)
                 {
                         uu[dataIndex] = nibble << 4;
                 if (isFirstNibble)
                 {
                         uu[dataIndex] = nibble << 4;
@@ -482,13 +523,11 @@ int mbr_string_to_uuid(const char* string, uuid_t uu)
                         dataIndex++;
                         isFirstNibble = 1;
                 }
                         dataIndex++;
                         isFirstNibble = 1;
                 }
-               
+
                 string++;
         }
                 string++;
         }
-       
-       if (dataIndex != 16)
-               return EINVAL;
-               
+
+       if (dataIndex != 16) return EINVAL;
+
         return 0;
  }
         return 0;
  }
-
author	Apple <opensource@apple.com>
	Mon, 8 Jan 2007 22:43:39 +0000 (22:43 +0000)
committer	Apple <opensource@apple.com>
	Mon, 8 Jan 2007 22:43:39 +0000 (22:43 +0000)
lookup.subproj/lu_group.c		patch \| blob \| blame \| history
mdns.subproj/dnssd_ipc.h		patch \| blob \| blame \| history
membership.subproj/memberd.defs		patch \| blob \| blame \| history
membership.subproj/membership.c		patch \| blob \| blame \| history