diff options
author | Roland McGrath <roland@gnu.org> | 1999-10-07 20:53:32 +0000 |
---|---|---|
committer | Roland McGrath <roland@gnu.org> | 1999-10-07 20:53:32 +0000 |
commit | f597c00ec39178fd27cc016c09d9bc40fd36053a (patch) | |
tree | f91d7a286fe41a103c85ab7b0ee58d5bf59a641c | |
parent | 438c23ab1c64ea66fdad2400ca852404c4622860 (diff) |
1999-10-07 Roland McGrath <roland@baalperazim.frob.com>
* start-translator-long.c (fshelp_start_translator_long): Take new
argument OWNER_UID. Get child's proc port and do proc_setowner on it.
* fshelp.h: Update decl.
* start-translator.c (fshelp_start_translator): Pass new arg to
fshelp_start_translator_long with value from geteuid ().
* fetch-root.c (fshelp_fetch_root): Pass UID as new arg to
fshelp_start_translator_long.
-rw-r--r-- | libfshelp/fetch-root.c | 129 | ||||
-rw-r--r-- | libfshelp/fshelp.h | 3 | ||||
-rw-r--r-- | libfshelp/start-translator-long.c | 20 | ||||
-rw-r--r-- | libfshelp/start-translator.c | 11 |
4 files changed, 87 insertions, 76 deletions
diff --git a/libfshelp/fetch-root.c b/libfshelp/fetch-root.c index f5971a6f..c712286f 100644 --- a/libfshelp/fetch-root.c +++ b/libfshelp/fetch-root.c @@ -1,4 +1,4 @@ -/* +/* Copyright (C) 1995, 1996, 1999 Free Software Foundation, Inc. Written by Michael I. Bushnell. @@ -31,14 +31,14 @@ fshelp_fetch_root (struct transbox *box, void *cookie, int flags, fshelp_fetch_root_callback1_t callback1, fshelp_fetch_root_callback2_t callback2, - retry_type *retry, char *retryname, + retry_type *retry, char *retryname, file_t *root) { error_t err; mach_port_t control; int cancel; int i; - + start_over: if (box->active != MACH_PORT_NULL) @@ -53,36 +53,35 @@ fshelp_fetch_root (struct transbox *box, void *cookie, int ints[INIT_INT_MAX]; mach_port_t fds[STDERR_FILENO + 1]; auth_t ourauth, newauth; - int uidarray[2], gidarray[2]; - - mach_port_t - reauth (mach_port_t port, mach_msg_type_name_t port_type) - { - mach_port_t rend, ret; - error_t err; - - if (port == MACH_PORT_NULL) - return port; - - if (port_type == MACH_MSG_TYPE_MAKE_SEND) - mach_port_insert_right (mach_task_self (), port, port,port_type); - - rend = mach_reply_port (); - - err = io_reauthenticate (port, rend, - MACH_MSG_TYPE_MAKE_SEND); - if (! err) - err = auth_user_authenticate (newauth, rend, - MACH_MSG_TYPE_MAKE_SEND, &ret); - if (err) - ret = MACH_PORT_NULL; - - mach_port_destroy (mach_task_self (), rend); - if (!err && port_type != MACH_MSG_TYPE_COPY_SEND) - mach_port_deallocate (mach_task_self (), port); - - return ret; - } + + mach_port_t reauth (mach_port_t port) /* Consumes PORT. */ + { + mach_port_t rend, ret; + error_t err; + + if (port == MACH_PORT_NULL) + return port; + + if (ourauth == MACH_PORT_NULL) + /* We have no auth server, so we aren't doing reauthentications. + Just pass on our own ports directly. */ + return port; + + rend = mach_reply_port (); + + err = io_reauthenticate (port, rend, + MACH_MSG_TYPE_MAKE_SEND); + mach_port_deallocate (mach_task_self (), port); + if (! err) + err = auth_user_authenticate (newauth, rend, + MACH_MSG_TYPE_MAKE_SEND, &ret); + if (err) + ret = MACH_PORT_NULL; + + mach_port_destroy (mach_task_self (), rend); + + return ret; + } error_t fetch_underlying (int flags, mach_port_t *underlying, mach_msg_type_name_t *underlying_type) { @@ -90,7 +89,7 @@ fshelp_fetch_root (struct transbox *box, void *cookie, (*callback2) (box->cookie, cookie, flags, underlying, underlying_type); } - + if (box->flags & TRANSBOX_STARTING) { box->flags |= TRANSBOX_WANTED; @@ -101,38 +100,43 @@ fshelp_fetch_root (struct transbox *box, void *cookie, } box->flags |= TRANSBOX_STARTING; mutex_unlock (box->lock); - + err = (*callback1) (box->cookie, cookie, &uid, &gid, &argz, &argz_len); if (err) goto return_error; - + ourauth = getauth (); - uidarray[0] = uidarray[1] = uid; - gidarray[0] = gidarray[1] = gid; - err = auth_makeauth (ourauth, 0, MACH_MSG_TYPE_MAKE_SEND, 0, - uidarray, 1, uidarray, 2, - gidarray, 1, gidarray, 2, &newauth); - if (err) - goto return_error; - + if (ourauth == MACH_PORT_NULL) + newauth = ourauth; + else + { + uid_t uidarray[2] = { uid, uid }; + gid_t gidarray[2] = { gid, gid }; + err = auth_makeauth (ourauth, 0, MACH_MSG_TYPE_MAKE_SEND, 0, + uidarray, 1, uidarray, 2, + gidarray, 1, gidarray, 2, &newauth); + if (err) + goto return_error; + } + bzero (ports, INIT_PORT_MAX * sizeof (mach_port_t)); bzero (fds, (STDERR_FILENO + 1) * sizeof (mach_port_t)); bzero (ints, INIT_INT_MAX * sizeof (int)); - + ports[INIT_PORT_CWDIR] = dotdot; - ports[INIT_PORT_CRDIR] = reauth (getcrdir (), MACH_MSG_TYPE_MOVE_SEND); + ports[INIT_PORT_CRDIR] = reauth (getcrdir ()); ports[INIT_PORT_AUTH] = newauth; - - fds[STDERR_FILENO] = - reauth (getdport (STDERR_FILENO), MACH_MSG_TYPE_MOVE_SEND); - + + fds[STDERR_FILENO] = reauth (getdport (STDERR_FILENO)); + err = fshelp_start_translator_long (fetch_underlying, argz, argz, argz_len, fds, MACH_MSG_TYPE_COPY_SEND, STDERR_FILENO + 1, ports, MACH_MSG_TYPE_COPY_SEND, - INIT_PORT_MAX, + INIT_PORT_MAX, ints, INIT_INT_MAX, + uid, 0, &control); for (i = 0; i <= STDERR_FILENO; i++) mach_port_deallocate (mach_task_self (), fds[i]); @@ -140,13 +144,13 @@ fshelp_fetch_root (struct transbox *box, void *cookie, for (i = 0; i < INIT_PORT_MAX; i++) if (i != INIT_PORT_CWDIR) mach_port_deallocate (mach_task_self (), ports[i]); - + mutex_lock (box->lock); - + free (argz); return_error: - + box->flags &= ~TRANSBOX_STARTING; if (box->flags & TRANSBOX_WANTED) { @@ -163,20 +167,20 @@ fshelp_fetch_root (struct transbox *box, void *cookie, box->active = control; } - + control = box->active; - mach_port_mod_refs (mach_task_self (), control, + mach_port_mod_refs (mach_task_self (), control, MACH_PORT_RIGHT_SEND, 1); mutex_unlock (box->lock); - + /* Cancellation point XXX */ err = fsys_getroot (control, dotdot, MACH_MSG_TYPE_COPY_SEND, - user->uids->ids, user->uids->num, + user->uids->ids, user->uids->num, user->gids->ids, user->gids->num, flags, retry, retryname, root); - + mutex_lock (box->lock); - + if ((err == MACH_SEND_INVALID_DEST || err == MIG_SERVER_DIED) && control == box->active) fshelp_set_active (box, MACH_PORT_NULL, 0); @@ -184,9 +188,6 @@ fshelp_fetch_root (struct transbox *box, void *cookie, if (err == MACH_SEND_INVALID_DEST || err == MIG_SERVER_DIED) goto start_over; - + return err; } - - - diff --git a/libfshelp/fshelp.h b/libfshelp/fshelp.h index 9fe8fcfc..309f64b4 100644 --- a/libfshelp/fshelp.h +++ b/libfshelp/fshelp.h @@ -59,6 +59,7 @@ fshelp_start_translator_long (fshelp_open_fn_t underlying_open_fn, mach_port_t *ports, mach_msg_type_name_t ports_type, int ports_len, int *ints, int ints_len, + uid_t owner_uid, int timeout, fsys_t *control); @@ -244,7 +245,7 @@ error_t fshelp_access (struct stat *st, int op, struct iouser *user); existing file ST. (If there is no existing file, pass 0 for ST.) If the access is permissable return 0; otherwise return an appropriate error code. */ -error_t fshelp_checkdirmod (struct stat *dir, struct stat *st, +error_t fshelp_checkdirmod (struct stat *dir, struct stat *st, struct iouser *user); diff --git a/libfshelp/start-translator-long.c b/libfshelp/start-translator-long.c index 24b0306d..c11258c2 100644 --- a/libfshelp/start-translator-long.c +++ b/libfshelp/start-translator-long.c @@ -1,4 +1,4 @@ -/* +/* Copyright (C) 1995, 1996, 1999 Free Software Foundation, Inc. Written by Miles Bader and Michael I. Bushnell. @@ -172,18 +172,19 @@ service_fsys_startup (fshelp_open_fn_t underlying_open_fn, error_t fshelp_start_translator_long (fshelp_open_fn_t underlying_open_fn, char *name, char *argz, int argz_len, - mach_port_t *fds, + mach_port_t *fds, mach_msg_type_name_t fds_type, int fds_len, mach_port_t *ports, mach_msg_type_name_t ports_type, int ports_len, int *ints, int ints_len, + uid_t owner_uid, int timeout, fsys_t *control) { error_t err; file_t executable; mach_port_t bootstrap = MACH_PORT_NULL; mach_port_t task = MACH_PORT_NULL; - mach_port_t prev_notify, proc, saveport; + mach_port_t prev_notify, proc, saveport, childproc; int ports_moved = 0; /* Find the translator itself. Since argz has zero-separated elements, we @@ -191,7 +192,7 @@ fshelp_start_translator_long (fshelp_open_fn_t underlying_open_fn, executable = file_name_lookup(name, O_EXEC, 0); if (executable == MACH_PORT_NULL) return errno; - + /* Create a bootstrap port for the translator. */ err = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &bootstrap); @@ -206,8 +207,15 @@ fshelp_start_translator_long (fshelp_open_fn_t underlying_open_fn, /* Designate TASK as our child. */ proc = getproc (); proc_child (proc, task); + err = proc_task2proc (proc, task, &childproc); mach_port_deallocate (mach_task_self (), proc); - + if (err) + goto lose; + err = proc_setowner (childproc, owner_uid, owner_uid == (uid_t) -1); + mach_port_deallocate (mach_task_self (), childproc); + if (err) + goto lose; + assert (ports_len > INIT_PORT_BOOTSTRAP); switch (ports_type) { @@ -269,7 +277,7 @@ fshelp_start_translator_long (fshelp_open_fn_t underlying_open_fn, if (!ports_moved) { int i; - + if (fds_type == MACH_MSG_TYPE_MOVE_SEND) for (i = 0; i < fds_len; i++) mach_port_deallocate (mach_task_self (), fds[i]); diff --git a/libfshelp/start-translator.c b/libfshelp/start-translator.c index f5cc4072..5996ac74 100644 --- a/libfshelp/start-translator.c +++ b/libfshelp/start-translator.c @@ -1,5 +1,5 @@ -/* - Copyright (C) 1995, 1996 Free Software Foundation, Inc. +/* + Copyright (C) 1995, 1996, 1999 Free Software Foundation, Inc. Written by Michael I. Bushnell. This file is part of the GNU Hurd. @@ -33,18 +33,18 @@ fshelp_start_translator (fshelp_open_fn_t underlying_open_fn, int ints[INIT_INT_MAX]; int i; error_t err; - + for (i = 0; i < INIT_PORT_MAX; i++) ports[i] = MACH_PORT_NULL; for (i = 0; i < STDERR_FILENO + 1; i++) fds[i] = MACH_PORT_NULL; bzero (ints, INIT_INT_MAX * sizeof (int)); - + ports[INIT_PORT_CWDIR] = getcwdir (); ports[INIT_PORT_CRDIR] = getcrdir (); ports[INIT_PORT_AUTH] = getauth (); fds[STDERR_FILENO] = getdport (STDERR_FILENO); - + err = fshelp_start_translator_long (underlying_open_fn, name, argz, argz_len, fds, MACH_MSG_TYPE_COPY_SEND, @@ -52,6 +52,7 @@ fshelp_start_translator (fshelp_open_fn_t underlying_open_fn, ports, MACH_MSG_TYPE_COPY_SEND, INIT_PORT_MAX, ints, INIT_INT_MAX, + geteuid (), timeout, control); for (i = 0; i < INIT_PORT_MAX; i++) mach_port_deallocate (mach_task_self (), ports[i]); |