summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRoland McGrath <roland@gnu.org>1999-10-07 20:53:32 +0000
committerRoland McGrath <roland@gnu.org>1999-10-07 20:53:32 +0000
commitf597c00ec39178fd27cc016c09d9bc40fd36053a (patch)
treef91d7a286fe41a103c85ab7b0ee58d5bf59a641c
parent438c23ab1c64ea66fdad2400ca852404c4622860 (diff)
1999-10-07 Roland McGrath <roland@baalperazim.frob.com>
* start-translator-long.c (fshelp_start_translator_long): Take new argument OWNER_UID. Get child's proc port and do proc_setowner on it. * fshelp.h: Update decl. * start-translator.c (fshelp_start_translator): Pass new arg to fshelp_start_translator_long with value from geteuid (). * fetch-root.c (fshelp_fetch_root): Pass UID as new arg to fshelp_start_translator_long.
-rw-r--r--libfshelp/fetch-root.c129
-rw-r--r--libfshelp/fshelp.h3
-rw-r--r--libfshelp/start-translator-long.c20
-rw-r--r--libfshelp/start-translator.c11
4 files changed, 87 insertions, 76 deletions
diff --git a/libfshelp/fetch-root.c b/libfshelp/fetch-root.c
index f5971a6f..c712286f 100644
--- a/libfshelp/fetch-root.c
+++ b/libfshelp/fetch-root.c
@@ -1,4 +1,4 @@
-/*
+/*
Copyright (C) 1995, 1996, 1999 Free Software Foundation, Inc.
Written by Michael I. Bushnell.
@@ -31,14 +31,14 @@ fshelp_fetch_root (struct transbox *box, void *cookie,
int flags,
fshelp_fetch_root_callback1_t callback1,
fshelp_fetch_root_callback2_t callback2,
- retry_type *retry, char *retryname,
+ retry_type *retry, char *retryname,
file_t *root)
{
error_t err;
mach_port_t control;
int cancel;
int i;
-
+
start_over:
if (box->active != MACH_PORT_NULL)
@@ -53,36 +53,35 @@ fshelp_fetch_root (struct transbox *box, void *cookie,
int ints[INIT_INT_MAX];
mach_port_t fds[STDERR_FILENO + 1];
auth_t ourauth, newauth;
- int uidarray[2], gidarray[2];
-
- mach_port_t
- reauth (mach_port_t port, mach_msg_type_name_t port_type)
- {
- mach_port_t rend, ret;
- error_t err;
-
- if (port == MACH_PORT_NULL)
- return port;
-
- if (port_type == MACH_MSG_TYPE_MAKE_SEND)
- mach_port_insert_right (mach_task_self (), port, port,port_type);
-
- rend = mach_reply_port ();
-
- err = io_reauthenticate (port, rend,
- MACH_MSG_TYPE_MAKE_SEND);
- if (! err)
- err = auth_user_authenticate (newauth, rend,
- MACH_MSG_TYPE_MAKE_SEND, &ret);
- if (err)
- ret = MACH_PORT_NULL;
-
- mach_port_destroy (mach_task_self (), rend);
- if (!err && port_type != MACH_MSG_TYPE_COPY_SEND)
- mach_port_deallocate (mach_task_self (), port);
-
- return ret;
- }
+
+ mach_port_t reauth (mach_port_t port) /* Consumes PORT. */
+ {
+ mach_port_t rend, ret;
+ error_t err;
+
+ if (port == MACH_PORT_NULL)
+ return port;
+
+ if (ourauth == MACH_PORT_NULL)
+ /* We have no auth server, so we aren't doing reauthentications.
+ Just pass on our own ports directly. */
+ return port;
+
+ rend = mach_reply_port ();
+
+ err = io_reauthenticate (port, rend,
+ MACH_MSG_TYPE_MAKE_SEND);
+ mach_port_deallocate (mach_task_self (), port);
+ if (! err)
+ err = auth_user_authenticate (newauth, rend,
+ MACH_MSG_TYPE_MAKE_SEND, &ret);
+ if (err)
+ ret = MACH_PORT_NULL;
+
+ mach_port_destroy (mach_task_self (), rend);
+
+ return ret;
+ }
error_t fetch_underlying (int flags, mach_port_t *underlying,
mach_msg_type_name_t *underlying_type)
{
@@ -90,7 +89,7 @@ fshelp_fetch_root (struct transbox *box, void *cookie,
(*callback2) (box->cookie, cookie, flags,
underlying, underlying_type);
}
-
+
if (box->flags & TRANSBOX_STARTING)
{
box->flags |= TRANSBOX_WANTED;
@@ -101,38 +100,43 @@ fshelp_fetch_root (struct transbox *box, void *cookie,
}
box->flags |= TRANSBOX_STARTING;
mutex_unlock (box->lock);
-
+
err = (*callback1) (box->cookie, cookie, &uid, &gid, &argz, &argz_len);
if (err)
goto return_error;
-
+
ourauth = getauth ();
- uidarray[0] = uidarray[1] = uid;
- gidarray[0] = gidarray[1] = gid;
- err = auth_makeauth (ourauth, 0, MACH_MSG_TYPE_MAKE_SEND, 0,
- uidarray, 1, uidarray, 2,
- gidarray, 1, gidarray, 2, &newauth);
- if (err)
- goto return_error;
-
+ if (ourauth == MACH_PORT_NULL)
+ newauth = ourauth;
+ else
+ {
+ uid_t uidarray[2] = { uid, uid };
+ gid_t gidarray[2] = { gid, gid };
+ err = auth_makeauth (ourauth, 0, MACH_MSG_TYPE_MAKE_SEND, 0,
+ uidarray, 1, uidarray, 2,
+ gidarray, 1, gidarray, 2, &newauth);
+ if (err)
+ goto return_error;
+ }
+
bzero (ports, INIT_PORT_MAX * sizeof (mach_port_t));
bzero (fds, (STDERR_FILENO + 1) * sizeof (mach_port_t));
bzero (ints, INIT_INT_MAX * sizeof (int));
-
+
ports[INIT_PORT_CWDIR] = dotdot;
- ports[INIT_PORT_CRDIR] = reauth (getcrdir (), MACH_MSG_TYPE_MOVE_SEND);
+ ports[INIT_PORT_CRDIR] = reauth (getcrdir ());
ports[INIT_PORT_AUTH] = newauth;
-
- fds[STDERR_FILENO] =
- reauth (getdport (STDERR_FILENO), MACH_MSG_TYPE_MOVE_SEND);
-
+
+ fds[STDERR_FILENO] = reauth (getdport (STDERR_FILENO));
+
err = fshelp_start_translator_long (fetch_underlying,
argz, argz, argz_len,
fds, MACH_MSG_TYPE_COPY_SEND,
STDERR_FILENO + 1,
ports, MACH_MSG_TYPE_COPY_SEND,
- INIT_PORT_MAX,
+ INIT_PORT_MAX,
ints, INIT_INT_MAX,
+ uid,
0, &control);
for (i = 0; i <= STDERR_FILENO; i++)
mach_port_deallocate (mach_task_self (), fds[i]);
@@ -140,13 +144,13 @@ fshelp_fetch_root (struct transbox *box, void *cookie,
for (i = 0; i < INIT_PORT_MAX; i++)
if (i != INIT_PORT_CWDIR)
mach_port_deallocate (mach_task_self (), ports[i]);
-
+
mutex_lock (box->lock);
-
+
free (argz);
return_error:
-
+
box->flags &= ~TRANSBOX_STARTING;
if (box->flags & TRANSBOX_WANTED)
{
@@ -163,20 +167,20 @@ fshelp_fetch_root (struct transbox *box, void *cookie,
box->active = control;
}
-
+
control = box->active;
- mach_port_mod_refs (mach_task_self (), control,
+ mach_port_mod_refs (mach_task_self (), control,
MACH_PORT_RIGHT_SEND, 1);
mutex_unlock (box->lock);
-
+
/* Cancellation point XXX */
err = fsys_getroot (control, dotdot, MACH_MSG_TYPE_COPY_SEND,
- user->uids->ids, user->uids->num,
+ user->uids->ids, user->uids->num,
user->gids->ids, user->gids->num,
flags, retry, retryname, root);
-
+
mutex_lock (box->lock);
-
+
if ((err == MACH_SEND_INVALID_DEST || err == MIG_SERVER_DIED)
&& control == box->active)
fshelp_set_active (box, MACH_PORT_NULL, 0);
@@ -184,9 +188,6 @@ fshelp_fetch_root (struct transbox *box, void *cookie,
if (err == MACH_SEND_INVALID_DEST || err == MIG_SERVER_DIED)
goto start_over;
-
+
return err;
}
-
-
-
diff --git a/libfshelp/fshelp.h b/libfshelp/fshelp.h
index 9fe8fcfc..309f64b4 100644
--- a/libfshelp/fshelp.h
+++ b/libfshelp/fshelp.h
@@ -59,6 +59,7 @@ fshelp_start_translator_long (fshelp_open_fn_t underlying_open_fn,
mach_port_t *ports,
mach_msg_type_name_t ports_type, int ports_len,
int *ints, int ints_len,
+ uid_t owner_uid,
int timeout, fsys_t *control);
@@ -244,7 +245,7 @@ error_t fshelp_access (struct stat *st, int op, struct iouser *user);
existing file ST. (If there is no existing file, pass 0 for ST.)
If the access is permissable return 0; otherwise return an
appropriate error code. */
-error_t fshelp_checkdirmod (struct stat *dir, struct stat *st,
+error_t fshelp_checkdirmod (struct stat *dir, struct stat *st,
struct iouser *user);
diff --git a/libfshelp/start-translator-long.c b/libfshelp/start-translator-long.c
index 24b0306d..c11258c2 100644
--- a/libfshelp/start-translator-long.c
+++ b/libfshelp/start-translator-long.c
@@ -1,4 +1,4 @@
-/*
+/*
Copyright (C) 1995, 1996, 1999 Free Software Foundation, Inc.
Written by Miles Bader and Michael I. Bushnell.
@@ -172,18 +172,19 @@ service_fsys_startup (fshelp_open_fn_t underlying_open_fn,
error_t
fshelp_start_translator_long (fshelp_open_fn_t underlying_open_fn,
char *name, char *argz, int argz_len,
- mach_port_t *fds,
+ mach_port_t *fds,
mach_msg_type_name_t fds_type, int fds_len,
mach_port_t *ports,
mach_msg_type_name_t ports_type, int ports_len,
int *ints, int ints_len,
+ uid_t owner_uid,
int timeout, fsys_t *control)
{
error_t err;
file_t executable;
mach_port_t bootstrap = MACH_PORT_NULL;
mach_port_t task = MACH_PORT_NULL;
- mach_port_t prev_notify, proc, saveport;
+ mach_port_t prev_notify, proc, saveport, childproc;
int ports_moved = 0;
/* Find the translator itself. Since argz has zero-separated elements, we
@@ -191,7 +192,7 @@ fshelp_start_translator_long (fshelp_open_fn_t underlying_open_fn,
executable = file_name_lookup(name, O_EXEC, 0);
if (executable == MACH_PORT_NULL)
return errno;
-
+
/* Create a bootstrap port for the translator. */
err =
mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &bootstrap);
@@ -206,8 +207,15 @@ fshelp_start_translator_long (fshelp_open_fn_t underlying_open_fn,
/* Designate TASK as our child. */
proc = getproc ();
proc_child (proc, task);
+ err = proc_task2proc (proc, task, &childproc);
mach_port_deallocate (mach_task_self (), proc);
-
+ if (err)
+ goto lose;
+ err = proc_setowner (childproc, owner_uid, owner_uid == (uid_t) -1);
+ mach_port_deallocate (mach_task_self (), childproc);
+ if (err)
+ goto lose;
+
assert (ports_len > INIT_PORT_BOOTSTRAP);
switch (ports_type)
{
@@ -269,7 +277,7 @@ fshelp_start_translator_long (fshelp_open_fn_t underlying_open_fn,
if (!ports_moved)
{
int i;
-
+
if (fds_type == MACH_MSG_TYPE_MOVE_SEND)
for (i = 0; i < fds_len; i++)
mach_port_deallocate (mach_task_self (), fds[i]);
diff --git a/libfshelp/start-translator.c b/libfshelp/start-translator.c
index f5cc4072..5996ac74 100644
--- a/libfshelp/start-translator.c
+++ b/libfshelp/start-translator.c
@@ -1,5 +1,5 @@
-/*
- Copyright (C) 1995, 1996 Free Software Foundation, Inc.
+/*
+ Copyright (C) 1995, 1996, 1999 Free Software Foundation, Inc.
Written by Michael I. Bushnell.
This file is part of the GNU Hurd.
@@ -33,18 +33,18 @@ fshelp_start_translator (fshelp_open_fn_t underlying_open_fn,
int ints[INIT_INT_MAX];
int i;
error_t err;
-
+
for (i = 0; i < INIT_PORT_MAX; i++)
ports[i] = MACH_PORT_NULL;
for (i = 0; i < STDERR_FILENO + 1; i++)
fds[i] = MACH_PORT_NULL;
bzero (ints, INIT_INT_MAX * sizeof (int));
-
+
ports[INIT_PORT_CWDIR] = getcwdir ();
ports[INIT_PORT_CRDIR] = getcrdir ();
ports[INIT_PORT_AUTH] = getauth ();
fds[STDERR_FILENO] = getdport (STDERR_FILENO);
-
+
err = fshelp_start_translator_long (underlying_open_fn,
name, argz, argz_len,
fds, MACH_MSG_TYPE_COPY_SEND,
@@ -52,6 +52,7 @@ fshelp_start_translator (fshelp_open_fn_t underlying_open_fn,
ports, MACH_MSG_TYPE_COPY_SEND,
INIT_PORT_MAX,
ints, INIT_INT_MAX,
+ geteuid (),
timeout, control);
for (i = 0; i < INIT_PORT_MAX; i++)
mach_port_deallocate (mach_task_self (), ports[i]);