[launchd-changes] [23697] trunk/launchd/src

source_changes at macosforge.org source_changes at macosforge.org
Fri Aug 22 15:53:46 PDT 2008


Revision: 23697
          http://trac.macosforge.org/projects/launchd/changeset/23697
Author:   dsorresso at apple.com
Date:     2008-08-22 15:53:46 -0700 (Fri, 22 Aug 2008)
Log Message:
-----------
Merging in changes for rdar://problem/6112446

Modified Paths:
--------------
    trunk/launchd/src/launchd_core_logic.c
    trunk/launchd/src/libbootstrap.c
    trunk/launchd/src/libbootstrap_private.h
    trunk/launchd/src/protocol_job.defs

Modified: trunk/launchd/src/launchd_core_logic.c
===================================================================
--- trunk/launchd/src/launchd_core_logic.c	2008-08-22 22:48:58 UTC (rev 23696)
+++ trunk/launchd/src/launchd_core_logic.c	2008-08-22 22:53:46 UTC (rev 23697)
@@ -6507,6 +6507,7 @@
 		kr = BOOTSTRAP_SUCCESS;
 	} else if (!per_pid_lookup && (inherited_bootstrap_port != MACH_PORT_NULL)) {
 		job_log(j, LOG_DEBUG, "Mach service lookup forwarded: %s", servicename);
+		/* Clients potentially check the audit token of the reply to verify that the returned send right is trustworthy. */
 		job_assumes(j, vproc_mig_look_up2_forward(inherited_bootstrap_port, srp, servicename, 0, 0) == 0);
 		/* The previous routine moved the reply port, we're forced to return MIG_NO_REPLY now */
 		return MIG_NO_REPLY;

Modified: trunk/launchd/src/libbootstrap.c
===================================================================
--- trunk/launchd/src/libbootstrap.c	2008-08-22 22:48:58 UTC (rev 23696)
+++ trunk/launchd/src/libbootstrap.c	2008-08-22 22:53:46 UTC (rev 23697)
@@ -141,6 +141,7 @@
 kern_return_t
 bootstrap_look_up_per_user(mach_port_t bp, name_t service_name, uid_t target_user, mach_port_t *sp)
 {
+	audit_token_t au_tok;
 	struct stat sb;
 	kern_return_t kr;
 	mach_port_t puc;
@@ -153,7 +154,7 @@
 		return kr;
 	}
 
-	kr = vproc_mig_look_up2(puc, service_name, sp, 0, 0);
+	kr = vproc_mig_look_up2(puc, service_name, sp, &au_tok, 0, 0);
 	mach_port_deallocate(mach_task_self(), puc);
 
 	return kr;
@@ -173,6 +174,7 @@
 	static mach_port_t prev_bp;
 	static mach_port_t prev_sp;
 	static name_t prev_name;
+	audit_token_t au_tok;
 	bool per_pid_lookup = flags & BOOTSTRAP_PER_PID_SERVICE;
 	kern_return_t kr = 0;
 	mach_port_t puc;
@@ -195,7 +197,7 @@
 	}
 
 skip_cache:
-	if ((kr = vproc_mig_look_up2(bp, service_name, sp, target_pid, flags)) != VPROC_ERR_TRY_PER_USER) {
+	if ((kr = vproc_mig_look_up2(bp, service_name, sp, &au_tok, target_pid, flags)) != VPROC_ERR_TRY_PER_USER) {
 		goto out;
 	}
 
@@ -203,7 +205,7 @@
 		goto out;
 	}
 
-	kr = vproc_mig_look_up2(puc, service_name, sp, target_pid, flags);
+	kr = vproc_mig_look_up2(puc, service_name, sp, &au_tok, target_pid, flags);
 	mach_port_deallocate(mach_task_self(), puc);
 
 out:
@@ -217,6 +219,27 @@
 
 	pthread_mutex_unlock(&bslu2_lock);
 
+	if ((kr == 0) && (flags & BOOTSTRAP_PRIVILEGED_SERVER)) {
+		uid_t server_euid;
+
+		/*
+		 * The audit token magic is dependent on the per-user launchd
+		 * forwarding MIG requests to the root launchd when it cannot
+		 * find the answer locally.
+		 */
+
+		/* This API should be in Libsystem, but is not */
+		//audit_token_to_au32(au_tok, NULL, &server_euid, NULL, NULL, NULL, NULL, NULL, NULL);
+		
+		server_euid = au_tok.val[1];
+
+		if (server_euid) {
+			mach_port_deallocate(mach_task_self(), *sp);
+			kr = BOOTSTRAP_NOT_PRIVILEGED;
+		}
+
+	}
+
 	return kr;
 }
 

Modified: trunk/launchd/src/libbootstrap_private.h
===================================================================
--- trunk/launchd/src/libbootstrap_private.h	2008-08-22 22:48:58 UTC (rev 23696)
+++ trunk/launchd/src/libbootstrap_private.h	2008-08-22 22:53:46 UTC (rev 23697)
@@ -30,6 +30,7 @@
 #define BOOTSTRAP_PER_PID_SERVICE	0x1
 #define BOOTSTRAP_ALLOW_LOOKUP		0x2
 #define BOOTSTRAP_DENY_JOB_CREATION	0x4
+#define BOOTSTRAP_PRIVILEGED_SERVER	0x8
 
 kern_return_t bootstrap_register2(mach_port_t bp, name_t service_name, mach_port_t sp, uint64_t flags);
 

Modified: trunk/launchd/src/protocol_job.defs
===================================================================
--- trunk/launchd/src/protocol_job.defs	2008-08-22 22:48:58 UTC (rev 23696)
+++ trunk/launchd/src/protocol_job.defs	2008-08-22 22:53:46 UTC (rev 23697)
@@ -67,6 +67,7 @@
 	sreplyport	__rport	: mach_port_make_send_once_t;
 		__service_name	: name_t;
 	out	__service_port	: mach_port_t;
+	UserAuditToken __server_cred:	audit_token_t;
 		__target_pid	: pid_t;
 		__flags		: uint64_t);
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/launchd-changes/attachments/20080822/5723c6c2/attachment-0001.html 


More information about the launchd-changes mailing list