[launchd-changes] [23697] trunk/launchd/src
source_changes at macosforge.org
source_changes at macosforge.org
Fri Aug 22 15:53:46 PDT 2008
Revision: 23697
http://trac.macosforge.org/projects/launchd/changeset/23697
Author: dsorresso at apple.com
Date: 2008-08-22 15:53:46 -0700 (Fri, 22 Aug 2008)
Log Message:
-----------
Merging in changes for rdar://problem/6112446
Modified Paths:
--------------
trunk/launchd/src/launchd_core_logic.c
trunk/launchd/src/libbootstrap.c
trunk/launchd/src/libbootstrap_private.h
trunk/launchd/src/protocol_job.defs
Modified: trunk/launchd/src/launchd_core_logic.c
===================================================================
--- trunk/launchd/src/launchd_core_logic.c 2008-08-22 22:48:58 UTC (rev 23696)
+++ trunk/launchd/src/launchd_core_logic.c 2008-08-22 22:53:46 UTC (rev 23697)
@@ -6507,6 +6507,7 @@
kr = BOOTSTRAP_SUCCESS;
} else if (!per_pid_lookup && (inherited_bootstrap_port != MACH_PORT_NULL)) {
job_log(j, LOG_DEBUG, "Mach service lookup forwarded: %s", servicename);
+ /* Clients potentially check the audit token of the reply to verify that the returned send right is trustworthy. */
job_assumes(j, vproc_mig_look_up2_forward(inherited_bootstrap_port, srp, servicename, 0, 0) == 0);
/* The previous routine moved the reply port, we're forced to return MIG_NO_REPLY now */
return MIG_NO_REPLY;
Modified: trunk/launchd/src/libbootstrap.c
===================================================================
--- trunk/launchd/src/libbootstrap.c 2008-08-22 22:48:58 UTC (rev 23696)
+++ trunk/launchd/src/libbootstrap.c 2008-08-22 22:53:46 UTC (rev 23697)
@@ -141,6 +141,7 @@
kern_return_t
bootstrap_look_up_per_user(mach_port_t bp, name_t service_name, uid_t target_user, mach_port_t *sp)
{
+ audit_token_t au_tok;
struct stat sb;
kern_return_t kr;
mach_port_t puc;
@@ -153,7 +154,7 @@
return kr;
}
- kr = vproc_mig_look_up2(puc, service_name, sp, 0, 0);
+ kr = vproc_mig_look_up2(puc, service_name, sp, &au_tok, 0, 0);
mach_port_deallocate(mach_task_self(), puc);
return kr;
@@ -173,6 +174,7 @@
static mach_port_t prev_bp;
static mach_port_t prev_sp;
static name_t prev_name;
+ audit_token_t au_tok;
bool per_pid_lookup = flags & BOOTSTRAP_PER_PID_SERVICE;
kern_return_t kr = 0;
mach_port_t puc;
@@ -195,7 +197,7 @@
}
skip_cache:
- if ((kr = vproc_mig_look_up2(bp, service_name, sp, target_pid, flags)) != VPROC_ERR_TRY_PER_USER) {
+ if ((kr = vproc_mig_look_up2(bp, service_name, sp, &au_tok, target_pid, flags)) != VPROC_ERR_TRY_PER_USER) {
goto out;
}
@@ -203,7 +205,7 @@
goto out;
}
- kr = vproc_mig_look_up2(puc, service_name, sp, target_pid, flags);
+ kr = vproc_mig_look_up2(puc, service_name, sp, &au_tok, target_pid, flags);
mach_port_deallocate(mach_task_self(), puc);
out:
@@ -217,6 +219,27 @@
pthread_mutex_unlock(&bslu2_lock);
+ if ((kr == 0) && (flags & BOOTSTRAP_PRIVILEGED_SERVER)) {
+ uid_t server_euid;
+
+ /*
+ * The audit token magic is dependent on the per-user launchd
+ * forwarding MIG requests to the root launchd when it cannot
+ * find the answer locally.
+ */
+
+ /* This API should be in Libsystem, but is not */
+ //audit_token_to_au32(au_tok, NULL, &server_euid, NULL, NULL, NULL, NULL, NULL, NULL);
+
+ server_euid = au_tok.val[1];
+
+ if (server_euid) {
+ mach_port_deallocate(mach_task_self(), *sp);
+ kr = BOOTSTRAP_NOT_PRIVILEGED;
+ }
+
+ }
+
return kr;
}
Modified: trunk/launchd/src/libbootstrap_private.h
===================================================================
--- trunk/launchd/src/libbootstrap_private.h 2008-08-22 22:48:58 UTC (rev 23696)
+++ trunk/launchd/src/libbootstrap_private.h 2008-08-22 22:53:46 UTC (rev 23697)
@@ -30,6 +30,7 @@
#define BOOTSTRAP_PER_PID_SERVICE 0x1
#define BOOTSTRAP_ALLOW_LOOKUP 0x2
#define BOOTSTRAP_DENY_JOB_CREATION 0x4
+#define BOOTSTRAP_PRIVILEGED_SERVER 0x8
kern_return_t bootstrap_register2(mach_port_t bp, name_t service_name, mach_port_t sp, uint64_t flags);
Modified: trunk/launchd/src/protocol_job.defs
===================================================================
--- trunk/launchd/src/protocol_job.defs 2008-08-22 22:48:58 UTC (rev 23696)
+++ trunk/launchd/src/protocol_job.defs 2008-08-22 22:53:46 UTC (rev 23697)
@@ -67,6 +67,7 @@
sreplyport __rport : mach_port_make_send_once_t;
__service_name : name_t;
out __service_port : mach_port_t;
+ UserAuditToken __server_cred: audit_token_t;
__target_pid : pid_t;
__flags : uint64_t);
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/launchd-changes/attachments/20080822/5723c6c2/attachment-0001.html
More information about the launchd-changes
mailing list