X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/4452a7af2eac33dbad800bcc91f2399d62c18f53..6601e61aa18bf4f09af135ff61fc7f4771d23b06:/bsd/kern/kern_prot.c diff --git a/bsd/kern/kern_prot.c b/bsd/kern/kern_prot.c index 8ed96a390..c7721f14d 100644 --- a/bsd/kern/kern_prot.c +++ b/bsd/kern/kern_prot.c @@ -1,29 +1,23 @@ /* * Copyright (c) 2000-2003 Apple Computer, Inc. All rights reserved. * - * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * @APPLE_LICENSE_HEADER_START@ * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. The rights granted to you under the License - * may not be used to create, or enable the creation or redistribution of, - * unlawful or unlicensed copies of an Apple operating system, or to - * circumvent, violate, or enable the circumvention or violation of, any - * terms of an Apple operating system software license agreement. + * The contents of this file constitute Original Code as defined in and + * are subject to the Apple Public Source License Version 1.1 (the + * "License"). You may not use this file except in compliance with the + * License. Please obtain a copy of the License at + * http://www.apple.com/publicsource and read it before using this file. * - * Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * This Original Code and all software distributed under the License are + * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. + * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the + * License for the specific language governing rights and limitations + * under the License. * - * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + * @APPLE_LICENSE_HEADER_END@ */ /* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */ /* @@ -251,21 +245,21 @@ getgroups(__unused struct proc *p, struct getgroups_args *uap, register_t *retva if ((ngrp = uap->gidsetsize) == 0) { *retval = cred->cr_ngroups; - kauth_cred_unref(&cred); + kauth_cred_rele(cred); return (0); } if (ngrp < cred->cr_ngroups) { - kauth_cred_unref(&cred); + kauth_cred_rele(cred); return (EINVAL); } ngrp = cred->cr_ngroups; if ((error = copyout((caddr_t)cred->cr_groups, uap->gidset, ngrp * sizeof(gid_t)))) { - kauth_cred_unref(&cred); + kauth_cred_rele(cred); return (error); } - kauth_cred_unref(&cred); + kauth_cred_rele(cred); *retval = ngrp; return (0); } @@ -394,11 +388,8 @@ setuid(struct proc *p, struct setuid_args *uap, __unused register_t *retval) my_cred = kauth_cred_proc_ref(p); /* - * Set the credential with new info. If there is no change, - * we get back the same credential we passed in; if there is - * a change, we drop the reference on the credential we - * passed in. The subsequent compare is safe, because it is - * a pointer compare rather than a contents compare. + * set the credential with new info. If there is no change we get back + * the same credential we passed in. */ my_new_cred = kauth_cred_setuid(my_cred, uid); if (my_cred != my_new_cred) { @@ -409,7 +400,8 @@ setuid(struct proc *p, struct setuid_args *uap, __unused register_t *retval) */ if (p->p_ucred != my_cred) { proc_unlock(p); - kauth_cred_unref(&my_new_cred); + kauth_cred_rele(my_cred); + kauth_cred_rele(my_new_cred); /* try again */ continue; } @@ -417,8 +409,8 @@ setuid(struct proc *p, struct setuid_args *uap, __unused register_t *retval) p->p_flag |= P_SUGID; proc_unlock(p); } - /* drop old proc reference or our extra reference */ - kauth_cred_unref(&my_cred); + /* drop our extra reference */ + kauth_cred_rele(my_cred); break; } @@ -448,25 +440,21 @@ seteuid(struct proc *p, struct seteuid_args *uap, __unused register_t *retval) my_cred = kauth_cred_proc_ref(p); /* - * Set the credential with new info. If there is no change, - * we get back the same credential we passed in; if there is - * a change, we drop the reference on the credential we - * passed in. The subsequent compare is safe, because it is - * a pointer compare rather than a contents compare. + * set the credential with new info. If there is no change we get back + * the same credential we passed in. */ - my_new_cred = kauth_cred_seteuid(my_cred, euid); + my_new_cred = kauth_cred_seteuid(p->p_ucred, euid); if (my_cred != my_new_cred) { proc_lock(p); - /* - * We need to protect for a race where another thread - * also changed the credential after we took our - * reference. If p_ucred has changed then we should - * restart this again with the new cred. + /* need to protect for a race where another thread also changed + * the credential after we took our reference. If p_ucred has + * changed then we should restart this again with the new cred. */ if (p->p_ucred != my_cred) { proc_unlock(p); - kauth_cred_unref(&my_new_cred); + kauth_cred_rele(my_cred); + kauth_cred_rele(my_new_cred); /* try again */ continue; } @@ -474,8 +462,8 @@ seteuid(struct proc *p, struct seteuid_args *uap, __unused register_t *retval) p->p_flag |= P_SUGID; proc_unlock(p); } - /* drop old proc reference or our extra reference */ - kauth_cred_unref(&my_cred); + /* drop our extra reference */ + kauth_cred_rele(my_cred); break; } @@ -501,24 +489,20 @@ setgid(struct proc *p, struct setgid_args *uap, __unused register_t *retval) my_cred = kauth_cred_proc_ref(p); /* - * Set the credential with new info. If there is no change, - * we get back the same credential we passed in; if there is - * a change, we drop the reference on the credential we - * passed in. The subsequent compare is safe, because it is - * a pointer compare rather than a contents compare. + * set the credential with new info. If there is no change we get back + * the same credential we passed in. */ - my_new_cred = kauth_cred_setgid(my_cred, gid); + my_new_cred = kauth_cred_setgid(p->p_ucred, gid); if (my_cred != my_new_cred) { proc_lock(p); - /* - * We need to protect for a race where another thread - * also changed the credential after we took our - * reference. If p_ucred has changed then we should - * restart this again with the new cred. + /* need to protect for a race where another thread also changed + * the credential after we took our reference. If p_ucred has + * changed then we should restart this again with the new cred. */ if (p->p_ucred != my_cred) { proc_unlock(p); - kauth_cred_unref(&my_new_cred); + kauth_cred_rele(my_cred); + kauth_cred_rele(my_new_cred); /* try again */ continue; } @@ -526,8 +510,8 @@ setgid(struct proc *p, struct setgid_args *uap, __unused register_t *retval) p->p_flag |= P_SUGID; proc_unlock(p); } - /* drop old proc reference or our extra reference */ - kauth_cred_unref(&my_cred); + /* drop our extra reference */ + kauth_cred_rele(my_cred); break; } @@ -554,13 +538,10 @@ setegid(struct proc *p, struct setegid_args *uap, __unused register_t *retval) my_cred = kauth_cred_proc_ref(p); /* - * Set the credential with new info. If there is no change, - * we get back the same credential we passed in; if there is - * a change, we drop the reference on the credential we - * passed in. The subsequent compare is safe, because it is - * a pointer compare rather than a contents compare. + * set the credential with new info. If there is no change we get back + * the same credential we passed in. */ - my_new_cred = kauth_cred_setegid(my_cred, egid); + my_new_cred = kauth_cred_setegid(p->p_ucred, egid); if (my_cred != my_new_cred) { proc_lock(p); /* need to protect for a race where another thread also changed @@ -569,7 +550,8 @@ setegid(struct proc *p, struct setegid_args *uap, __unused register_t *retval) */ if (p->p_ucred != my_cred) { proc_unlock(p); - kauth_cred_unref(&my_new_cred); + kauth_cred_rele(my_cred); + kauth_cred_rele(my_new_cred); /* try again */ continue; } @@ -577,8 +559,8 @@ setegid(struct proc *p, struct setegid_args *uap, __unused register_t *retval) p->p_flag |= P_SUGID; proc_unlock(p); } - /* drop old proc reference or our extra reference */ - kauth_cred_unref(&my_cred); + /* drop our extra reference */ + kauth_cred_rele(my_cred); break; } @@ -618,7 +600,7 @@ settid(struct proc *p, struct settid_args *uap, __unused register_t *retval) /* revert to delayed binding of process credential */ uc = kauth_cred_proc_ref(p); - kauth_cred_unref(&uthread->uu_ucred); + kauth_cred_rele(uthread->uu_ucred); uthread->uu_ucred = uc; uthread->uu_flag &= ~UT_SETUID; } else { @@ -642,7 +624,7 @@ settid(struct proc *p, struct settid_args *uap, __unused register_t *retval) uthread->uu_flag |= UT_SETUID; /* drop our extra reference */ - kauth_cred_unref(&my_cred); + kauth_cred_rele(my_cred); } /* * XXX should potentially set per thread security token (there is @@ -711,8 +693,8 @@ settid_with_pid(struct proc *p, struct settid_with_pid_args *uap, __unused regis uthread->uu_flag |= UT_SETUID; /* drop our extra references */ - kauth_cred_unref(&my_cred); - kauth_cred_unref(&my_target_cred); + kauth_cred_rele(my_cred); + kauth_cred_rele(my_target_cred); return (0); } @@ -725,7 +707,7 @@ settid_with_pid(struct proc *p, struct settid_with_pid_args *uap, __unused regis /* revert to delayed binding of process credential */ my_new_cred = kauth_cred_proc_ref(p); - kauth_cred_unref(&uthread->uu_ucred); + kauth_cred_rele(uthread->uu_ucred); uthread->uu_ucred = my_new_cred; uthread->uu_flag &= ~UT_SETUID; @@ -785,12 +767,8 @@ setgroups1(struct proc *p, u_int gidsetsize, user_addr_t gidset, uid_t gmuid, __ my_cred = kauth_cred_proc_ref(p); /* - * Set the credential with new info. If there is no - * change, we get back the same credential we passed - * in; if there is a change, we drop the reference on - * the credential we passed in. The subsequent - * compare is safe, because it is a pointer compare - * rather than a contents compare. + * set the credential with new info. If there is no + * change we get back the same credential we passed in. */ my_new_cred = kauth_cred_setgroups(my_cred, &newgroups[0], ngrp, gmuid); if (my_cred != my_new_cred) { @@ -804,7 +782,8 @@ setgroups1(struct proc *p, u_int gidsetsize, user_addr_t gidset, uid_t gmuid, __ */ if (p->p_ucred != my_cred) { proc_unlock(p); - kauth_cred_unref(&my_new_cred); + kauth_cred_rele(my_cred); + kauth_cred_rele(my_new_cred); /* try again */ continue; } @@ -812,8 +791,8 @@ setgroups1(struct proc *p, u_int gidsetsize, user_addr_t gidset, uid_t gmuid, __ p->p_flag |= P_SUGID; proc_unlock(p); } - /* drop old proc reference or our extra reference */ - kauth_cred_unref(&my_cred); + /* drop our extra reference */ + kauth_cred_rele(my_cred); break; } @@ -883,7 +862,7 @@ int suser(kauth_cred_t cred, u_short *acflag) { #if DIAGNOSTIC - if (!IS_VALID_CRED(cred)) + if (cred == NOCRED || cred == FSCRED) panic("suser"); #endif if (kauth_cred_getuid(cred) == 0) { @@ -980,7 +959,7 @@ set_security_token(struct proc * p) } /* XXX mach_init doesn't have a p_ucred when it calls this function */ - if (IS_VALID_CRED(p->p_ucred)) { + if (p->p_ucred != NOCRED && p->p_ucred != FSCRED) { sec_token.val[0] = kauth_cred_getuid(p->p_ucred); sec_token.val[1] = p->p_ucred->cr_gid; } else {