/*
* Copyright (c) 2000-2003 Apple Computer, Inc. All rights reserved.
*
- * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
+ * @APPLE_LICENSE_HEADER_START@
*
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. The rights granted to you under the License
- * may not be used to create, or enable the creation or redistribution of,
- * unlawful or unlicensed copies of an Apple operating system, or to
- * circumvent, violate, or enable the circumvention or violation of, any
- * terms of an Apple operating system software license agreement.
+ * The contents of this file constitute Original Code as defined in and
+ * are subject to the Apple Public Source License Version 1.1 (the
+ * "License"). You may not use this file except in compliance with the
+ * License. Please obtain a copy of the License at
+ * http://www.apple.com/publicsource and read it before using this file.
*
- * Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * This Original Code and all software distributed under the License are
+ * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
+ * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
+ * License for the specific language governing rights and limitations
+ * under the License.
*
- * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
+ * @APPLE_LICENSE_HEADER_END@
*/
/* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */
/*
if ((ngrp = uap->gidsetsize) == 0) {
*retval = cred->cr_ngroups;
- kauth_cred_unref(&cred);
+ kauth_cred_rele(cred);
return (0);
}
if (ngrp < cred->cr_ngroups) {
- kauth_cred_unref(&cred);
+ kauth_cred_rele(cred);
return (EINVAL);
}
ngrp = cred->cr_ngroups;
if ((error = copyout((caddr_t)cred->cr_groups,
uap->gidset,
ngrp * sizeof(gid_t)))) {
- kauth_cred_unref(&cred);
+ kauth_cred_rele(cred);
return (error);
}
- kauth_cred_unref(&cred);
+ kauth_cred_rele(cred);
*retval = ngrp;
return (0);
}
my_cred = kauth_cred_proc_ref(p);
/*
- * Set the credential with new info. If there is no change,
- * we get back the same credential we passed in; if there is
- * a change, we drop the reference on the credential we
- * passed in. The subsequent compare is safe, because it is
- * a pointer compare rather than a contents compare.
+ * set the credential with new info. If there is no change we get back
+ * the same credential we passed in.
*/
my_new_cred = kauth_cred_setuid(my_cred, uid);
if (my_cred != my_new_cred) {
*/
if (p->p_ucred != my_cred) {
proc_unlock(p);
- kauth_cred_unref(&my_new_cred);
+ kauth_cred_rele(my_cred);
+ kauth_cred_rele(my_new_cred);
/* try again */
continue;
}
p->p_flag |= P_SUGID;
proc_unlock(p);
}
- /* drop old proc reference or our extra reference */
- kauth_cred_unref(&my_cred);
+ /* drop our extra reference */
+ kauth_cred_rele(my_cred);
break;
}
my_cred = kauth_cred_proc_ref(p);
/*
- * Set the credential with new info. If there is no change,
- * we get back the same credential we passed in; if there is
- * a change, we drop the reference on the credential we
- * passed in. The subsequent compare is safe, because it is
- * a pointer compare rather than a contents compare.
+ * set the credential with new info. If there is no change we get back
+ * the same credential we passed in.
*/
- my_new_cred = kauth_cred_seteuid(my_cred, euid);
+ my_new_cred = kauth_cred_seteuid(p->p_ucred, euid);
if (my_cred != my_new_cred) {
proc_lock(p);
- /*
- * We need to protect for a race where another thread
- * also changed the credential after we took our
- * reference. If p_ucred has changed then we should
- * restart this again with the new cred.
+ /* need to protect for a race where another thread also changed
+ * the credential after we took our reference. If p_ucred has
+ * changed then we should restart this again with the new cred.
*/
if (p->p_ucred != my_cred) {
proc_unlock(p);
- kauth_cred_unref(&my_new_cred);
+ kauth_cred_rele(my_cred);
+ kauth_cred_rele(my_new_cred);
/* try again */
continue;
}
p->p_flag |= P_SUGID;
proc_unlock(p);
}
- /* drop old proc reference or our extra reference */
- kauth_cred_unref(&my_cred);
+ /* drop our extra reference */
+ kauth_cred_rele(my_cred);
break;
}
my_cred = kauth_cred_proc_ref(p);
/*
- * Set the credential with new info. If there is no change,
- * we get back the same credential we passed in; if there is
- * a change, we drop the reference on the credential we
- * passed in. The subsequent compare is safe, because it is
- * a pointer compare rather than a contents compare.
+ * set the credential with new info. If there is no change we get back
+ * the same credential we passed in.
*/
- my_new_cred = kauth_cred_setgid(my_cred, gid);
+ my_new_cred = kauth_cred_setgid(p->p_ucred, gid);
if (my_cred != my_new_cred) {
proc_lock(p);
- /*
- * We need to protect for a race where another thread
- * also changed the credential after we took our
- * reference. If p_ucred has changed then we should
- * restart this again with the new cred.
+ /* need to protect for a race where another thread also changed
+ * the credential after we took our reference. If p_ucred has
+ * changed then we should restart this again with the new cred.
*/
if (p->p_ucred != my_cred) {
proc_unlock(p);
- kauth_cred_unref(&my_new_cred);
+ kauth_cred_rele(my_cred);
+ kauth_cred_rele(my_new_cred);
/* try again */
continue;
}
p->p_flag |= P_SUGID;
proc_unlock(p);
}
- /* drop old proc reference or our extra reference */
- kauth_cred_unref(&my_cred);
+ /* drop our extra reference */
+ kauth_cred_rele(my_cred);
break;
}
my_cred = kauth_cred_proc_ref(p);
/*
- * Set the credential with new info. If there is no change,
- * we get back the same credential we passed in; if there is
- * a change, we drop the reference on the credential we
- * passed in. The subsequent compare is safe, because it is
- * a pointer compare rather than a contents compare.
+ * set the credential with new info. If there is no change we get back
+ * the same credential we passed in.
*/
- my_new_cred = kauth_cred_setegid(my_cred, egid);
+ my_new_cred = kauth_cred_setegid(p->p_ucred, egid);
if (my_cred != my_new_cred) {
proc_lock(p);
/* need to protect for a race where another thread also changed
*/
if (p->p_ucred != my_cred) {
proc_unlock(p);
- kauth_cred_unref(&my_new_cred);
+ kauth_cred_rele(my_cred);
+ kauth_cred_rele(my_new_cred);
/* try again */
continue;
}
p->p_flag |= P_SUGID;
proc_unlock(p);
}
- /* drop old proc reference or our extra reference */
- kauth_cred_unref(&my_cred);
+ /* drop our extra reference */
+ kauth_cred_rele(my_cred);
break;
}
/* revert to delayed binding of process credential */
uc = kauth_cred_proc_ref(p);
- kauth_cred_unref(&uthread->uu_ucred);
+ kauth_cred_rele(uthread->uu_ucred);
uthread->uu_ucred = uc;
uthread->uu_flag &= ~UT_SETUID;
} else {
uthread->uu_flag |= UT_SETUID;
/* drop our extra reference */
- kauth_cred_unref(&my_cred);
+ kauth_cred_rele(my_cred);
}
/*
* XXX should potentially set per thread security token (there is
uthread->uu_flag |= UT_SETUID;
/* drop our extra references */
- kauth_cred_unref(&my_cred);
- kauth_cred_unref(&my_target_cred);
+ kauth_cred_rele(my_cred);
+ kauth_cred_rele(my_target_cred);
return (0);
}
/* revert to delayed binding of process credential */
my_new_cred = kauth_cred_proc_ref(p);
- kauth_cred_unref(&uthread->uu_ucred);
+ kauth_cred_rele(uthread->uu_ucred);
uthread->uu_ucred = my_new_cred;
uthread->uu_flag &= ~UT_SETUID;
my_cred = kauth_cred_proc_ref(p);
/*
- * Set the credential with new info. If there is no
- * change, we get back the same credential we passed
- * in; if there is a change, we drop the reference on
- * the credential we passed in. The subsequent
- * compare is safe, because it is a pointer compare
- * rather than a contents compare.
+ * set the credential with new info. If there is no
+ * change we get back the same credential we passed in.
*/
my_new_cred = kauth_cred_setgroups(my_cred, &newgroups[0], ngrp, gmuid);
if (my_cred != my_new_cred) {
*/
if (p->p_ucred != my_cred) {
proc_unlock(p);
- kauth_cred_unref(&my_new_cred);
+ kauth_cred_rele(my_cred);
+ kauth_cred_rele(my_new_cred);
/* try again */
continue;
}
p->p_flag |= P_SUGID;
proc_unlock(p);
}
- /* drop old proc reference or our extra reference */
- kauth_cred_unref(&my_cred);
+ /* drop our extra reference */
+ kauth_cred_rele(my_cred);
break;
}
suser(kauth_cred_t cred, u_short *acflag)
{
#if DIAGNOSTIC
- if (!IS_VALID_CRED(cred))
+ if (cred == NOCRED || cred == FSCRED)
panic("suser");
#endif
if (kauth_cred_getuid(cred) == 0) {
}
/* XXX mach_init doesn't have a p_ucred when it calls this function */
- if (IS_VALID_CRED(p->p_ucred)) {
+ if (p->p_ucred != NOCRED && p->p_ucred != FSCRED) {
sec_token.val[0] = kauth_cred_getuid(p->p_ucred);
sec_token.val[1] = p->p_ucred->cr_gid;
} else {
projects / apple / xnu.git / blobdiff