Revision: 23697 http://trac.macosforge.org/projects/launchd/changeset/23697 Author: dsorresso@apple.com Date: 2008-08-22 15:53:46 -0700 (Fri, 22 Aug 2008) Log Message: ----------- Merging in changes for rdar://problem/6112446 Modified Paths: -------------- trunk/launchd/src/launchd_core_logic.c trunk/launchd/src/libbootstrap.c trunk/launchd/src/libbootstrap_private.h trunk/launchd/src/protocol_job.defs Modified: trunk/launchd/src/launchd_core_logic.c =================================================================== --- trunk/launchd/src/launchd_core_logic.c 2008-08-22 22:48:58 UTC (rev 23696) +++ trunk/launchd/src/launchd_core_logic.c 2008-08-22 22:53:46 UTC (rev 23697) @@ -6507,6 +6507,7 @@ kr = BOOTSTRAP_SUCCESS; } else if (!per_pid_lookup && (inherited_bootstrap_port != MACH_PORT_NULL)) { job_log(j, LOG_DEBUG, "Mach service lookup forwarded: %s", servicename); + /* Clients potentially check the audit token of the reply to verify that the returned send right is trustworthy. */ job_assumes(j, vproc_mig_look_up2_forward(inherited_bootstrap_port, srp, servicename, 0, 0) == 0); /* The previous routine moved the reply port, we're forced to return MIG_NO_REPLY now */ return MIG_NO_REPLY; Modified: trunk/launchd/src/libbootstrap.c =================================================================== --- trunk/launchd/src/libbootstrap.c 2008-08-22 22:48:58 UTC (rev 23696) +++ trunk/launchd/src/libbootstrap.c 2008-08-22 22:53:46 UTC (rev 23697) @@ -141,6 +141,7 @@ kern_return_t bootstrap_look_up_per_user(mach_port_t bp, name_t service_name, uid_t target_user, mach_port_t *sp) { + audit_token_t au_tok; struct stat sb; kern_return_t kr; mach_port_t puc; @@ -153,7 +154,7 @@ return kr; } - kr = vproc_mig_look_up2(puc, service_name, sp, 0, 0); + kr = vproc_mig_look_up2(puc, service_name, sp, &au_tok, 0, 0); mach_port_deallocate(mach_task_self(), puc); return kr; @@ -173,6 +174,7 @@ static mach_port_t prev_bp; static mach_port_t prev_sp; static name_t prev_name; + audit_token_t au_tok; bool per_pid_lookup = flags & BOOTSTRAP_PER_PID_SERVICE; kern_return_t kr = 0; mach_port_t puc; @@ -195,7 +197,7 @@ } skip_cache: - if ((kr = vproc_mig_look_up2(bp, service_name, sp, target_pid, flags)) != VPROC_ERR_TRY_PER_USER) { + if ((kr = vproc_mig_look_up2(bp, service_name, sp, &au_tok, target_pid, flags)) != VPROC_ERR_TRY_PER_USER) { goto out; } @@ -203,7 +205,7 @@ goto out; } - kr = vproc_mig_look_up2(puc, service_name, sp, target_pid, flags); + kr = vproc_mig_look_up2(puc, service_name, sp, &au_tok, target_pid, flags); mach_port_deallocate(mach_task_self(), puc); out: @@ -217,6 +219,27 @@ pthread_mutex_unlock(&bslu2_lock); + if ((kr == 0) && (flags & BOOTSTRAP_PRIVILEGED_SERVER)) { + uid_t server_euid; + + /* + * The audit token magic is dependent on the per-user launchd + * forwarding MIG requests to the root launchd when it cannot + * find the answer locally. + */ + + /* This API should be in Libsystem, but is not */ + //audit_token_to_au32(au_tok, NULL, &server_euid, NULL, NULL, NULL, NULL, NULL, NULL); + + server_euid = au_tok.val[1]; + + if (server_euid) { + mach_port_deallocate(mach_task_self(), *sp); + kr = BOOTSTRAP_NOT_PRIVILEGED; + } + + } + return kr; } Modified: trunk/launchd/src/libbootstrap_private.h =================================================================== --- trunk/launchd/src/libbootstrap_private.h 2008-08-22 22:48:58 UTC (rev 23696) +++ trunk/launchd/src/libbootstrap_private.h 2008-08-22 22:53:46 UTC (rev 23697) @@ -30,6 +30,7 @@ #define BOOTSTRAP_PER_PID_SERVICE 0x1 #define BOOTSTRAP_ALLOW_LOOKUP 0x2 #define BOOTSTRAP_DENY_JOB_CREATION 0x4 +#define BOOTSTRAP_PRIVILEGED_SERVER 0x8 kern_return_t bootstrap_register2(mach_port_t bp, name_t service_name, mach_port_t sp, uint64_t flags); Modified: trunk/launchd/src/protocol_job.defs =================================================================== --- trunk/launchd/src/protocol_job.defs 2008-08-22 22:48:58 UTC (rev 23696) +++ trunk/launchd/src/protocol_job.defs 2008-08-22 22:53:46 UTC (rev 23697) @@ -67,6 +67,7 @@ sreplyport __rport : mach_port_make_send_once_t; __service_name : name_t; out __service_port : mach_port_t; + UserAuditToken __server_cred: audit_token_t; __target_pid : pid_t; __flags : uint64_t);