[launchd-changes] [23489] trunk/launchd/src

Fri Jan 18 16:53:25 PST 2008

Revision: 23489
          http://trac.macosforge.org/projects/launchd/changeset/23489
Author:   zarzycki at apple.com
Date:     2008-01-18 16:53:23 -0800 (Fri, 18 Jan 2008)

Log Message:
-----------
Misc changes.

Modified Paths:
--------------
    trunk/launchd/src/launchd_core_logic.c
    trunk/launchd/src/launchd_runtime.c
    trunk/launchd/src/launchd_runtime.h
    trunk/launchd/src/libbootstrap_private.h

Modified: trunk/launchd/src/launchd_core_logic.c
===================================================================

--- trunk/launchd/src/launchd_core_logic.c	2008-01-18 21:27:01 UTC (rev 23488)
+++ trunk/launchd/src/launchd_core_logic.c	2008-01-19 00:53:23 UTC (rev 23489)
@@ -414,7 +414,6 @@
 static job_t job_new(jobmgr_t jm, const char *label, const char *prog, const char *const *argv) __attribute__((malloc, nonnull(1,2), warn_unused_result));
 static job_t job_new_via_mach_init(job_t j, const char *cmd, uid_t uid, bool ond) __attribute__((malloc, nonnull, warn_unused_result));
 static const char *job_prog(job_t j);
-static jobmgr_t job_get_bs(job_t j);
 static void job_kill(job_t j);
 static void job_uncork_fork(job_t j);
 static void job_log_stdouterr(job_t j);
@@ -1991,23 +1990,22 @@
 INTERNAL_ABI job_t 
 job_mig_intran(mach_port_t p)
 {
-	struct ldcred ldc;
+	struct ldcred *ldc = runtime_get_caller_creds();
 	job_t jr;
 
-	runtime_get_caller_creds(&ldc);
 
-	jr = job_mig_intran2(root_jobmgr, p, ldc.pid);
+	jr = job_mig_intran2(root_jobmgr, p, ldc->pid);
 
 	if (!jobmgr_assumes(root_jobmgr, jr != NULL)) {
 		int mib[] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, 0 };
 		struct kinfo_proc kp;
 		size_t len = sizeof(kp);
 
-		mib[3] = ldc.pid;
+		mib[3] = ldc->pid;
 
 		if (jobmgr_assumes(root_jobmgr, sysctl(mib, 4, &kp, &len, NULL, 0) != -1)
 				&& jobmgr_assumes(root_jobmgr, len == sizeof(kp))) {
-			jobmgr_log(root_jobmgr, LOG_ERR, "%s() was confused by PID %u UID %u EUID %u Mach Port 0x%x: %s", __func__, ldc.pid, ldc.uid, ldc.euid, p, kp.kp_proc.p_comm);
+			jobmgr_log(root_jobmgr, LOG_ERR, "%s() was confused by PID %u UID %u EUID %u Mach Port 0x%x: %s", __func__, ldc->pid, ldc->uid, ldc->euid, p, kp.kp_proc.p_comm);
 		}
 	}
 
@@ -4869,16 +4867,6 @@
 	job_dispatch(j, false);
 }
 
-jobmgr_t 
-job_get_bs(job_t j)
-{
-	if (job_assumes(j, j->mgr != NULL)) {
-		return j->mgr;
-	}
-
-	return NULL;
-}
-
 void
 job_force_sampletool(job_t j)
 {
@@ -5289,7 +5277,7 @@
 kern_return_t
 job_mig_create_server(job_t j, cmd_t server_cmd, uid_t server_uid, boolean_t on_demand, mach_port_t *server_portp)
 {
-	struct ldcred ldc;
+	struct ldcred *ldc = runtime_get_caller_creds();
 	job_t js;
 
 	if (!launchd_assumes(j != NULL)) {
@@ -5300,18 +5288,16 @@
 		return BOOTSTRAP_NOT_PRIVILEGED;
 	}
 
-	runtime_get_caller_creds(&ldc);
-
 	job_log(j, LOG_DEBUG, "Server create attempt: %s", server_cmd);
 
 #define LET_MERE_MORTALS_ADD_SERVERS_TO_PID1
 	/* XXX - This code should go away once the per session launchd is integrated with the rest of the system */
 #ifdef LET_MERE_MORTALS_ADD_SERVERS_TO_PID1
 	if (pid1_magic) {
-		if (unlikely(ldc.euid && server_uid && (ldc.euid != server_uid))) {
+		if (unlikely(ldc->euid && server_uid && (ldc->euid != server_uid))) {
 			job_log(j, LOG_WARNING, "Server create: \"%s\": Will run as UID %d, not UID %d as they told us to",
-					server_cmd, ldc.euid, server_uid);
-			server_uid = ldc.euid;
+					server_cmd, ldc->euid, server_uid);
+			server_uid = ldc->euid;
 		}
 	} else
 #endif
@@ -5336,16 +5322,14 @@
 kern_return_t
 job_mig_send_signal(job_t j, mach_port_t srp, name_t targetlabel, int sig)
 {
-	struct ldcred ldc;
+	struct ldcred *ldc = runtime_get_caller_creds();
 	job_t otherj;
 
 	if (!launchd_assumes(j != NULL)) {
 		return BOOTSTRAP_NO_MEMORY;
 	}
 
-	runtime_get_caller_creds(&ldc);
-
-	if (unlikely(ldc.euid != 0 && ldc.euid != getuid())) {
+	if (unlikely(ldc->euid != 0 && ldc->euid != getuid())) {
 		return BOOTSTRAP_NOT_PRIVILEGED;
 	}
 
@@ -5380,7 +5364,7 @@
 kern_return_t
 job_mig_log_forward(job_t j, vm_offset_t inval, mach_msg_type_number_t invalCnt)
 {
-	struct ldcred ldc;
+	struct ldcred *ldc = runtime_get_caller_creds();
 
 	if (!launchd_assumes(j != NULL)) {
 		return BOOTSTRAP_NO_MEMORY;
@@ -5390,23 +5374,19 @@
 		return BOOTSTRAP_NOT_PRIVILEGED;
 	}
 
-	runtime_get_caller_creds(&ldc);
-
-	return runtime_log_forward(ldc.euid, ldc.egid, inval, invalCnt);
+	return runtime_log_forward(ldc->euid, ldc->egid, inval, invalCnt);
 }
 
 kern_return_t
 job_mig_log_drain(job_t j, mach_port_t srp, vm_offset_t *outval, mach_msg_type_number_t *outvalCnt)
 {
-	struct ldcred ldc;
+	struct ldcred *ldc = runtime_get_caller_creds();
 
 	if (!launchd_assumes(j != NULL)) {
 		return BOOTSTRAP_NO_MEMORY;
 	}
 
-	runtime_get_caller_creds(&ldc);
-
-	if (unlikely(ldc.euid)) {
+	if (unlikely(ldc->euid)) {
 		return BOOTSTRAP_NOT_PRIVILEGED;
 	}
 
@@ -5422,15 +5402,13 @@
 	launch_data_t input_obj, output_obj;
 	size_t data_offset = 0;
 	size_t packed_size;
-	struct ldcred ldc;
+	struct ldcred *ldc = runtime_get_caller_creds();
 
-	runtime_get_caller_creds(&ldc);
-
 	if (!launchd_assumes(j != NULL)) {
 		return BOOTSTRAP_NO_MEMORY;
 	}
 
-	if (unlikely(inkey && ldc.euid && ldc.euid != getuid())) {
+	if (unlikely(inkey && ldc->euid && ldc->euid != getuid())) {
 		return BOOTSTRAP_NOT_PRIVILEGED;
 	}
 
@@ -5515,16 +5493,14 @@
 {
 	const char *action;
 	kern_return_t kr = 0;
-	struct ldcred ldc;
+	struct ldcred *ldc = runtime_get_caller_creds();
 	int oldmask;
 
-	runtime_get_caller_creds(&ldc);
-
 	if (!launchd_assumes(j != NULL)) {
 		return BOOTSTRAP_NO_MEMORY;
 	}
 
-	if (unlikely(inkey && ldc.euid && ldc.euid != getuid())) {
+	if (unlikely(inkey && ldc->euid && ldc->euid != getuid())) {
 		return BOOTSTRAP_NOT_PRIVILEGED;
 	}
 
@@ -5686,7 +5662,7 @@
 {
 	char who_started_the_reboot[2048] = "";
 	struct kinfo_proc kp;
-	struct ldcred ldc;
+	struct ldcred *ldc = runtime_get_caller_creds();
 	pid_t pid_to_log;
 
 	if (!launchd_assumes(j != NULL)) {
@@ -5697,13 +5673,11 @@
 		return BOOTSTRAP_NOT_PRIVILEGED;
 	}
 
-	runtime_get_caller_creds(&ldc);
-
-	if (unlikely(ldc.euid)) {
+	if (unlikely(ldc->euid)) {
 		return BOOTSTRAP_NOT_PRIVILEGED;
 	}
 
-	for (pid_to_log = ldc.pid; pid_to_log; pid_to_log = kp.kp_eproc.e_ppid) {
+	for (pid_to_log = ldc->pid; pid_to_log; pid_to_log = kp.kp_eproc.e_ppid) {
 		int mib[] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, pid_to_log };
 		size_t who_offset, len = sizeof(kp);
 
@@ -5777,7 +5751,7 @@
 kern_return_t
 job_mig_lookup_per_user_context(job_t j, uid_t which_user, mach_port_t *up_cont)
 {
-	struct ldcred ldc;
+	struct ldcred *ldc = runtime_get_caller_creds();
 	job_t ji;
 
 	if (!launchd_assumes(j != NULL)) {
@@ -5786,15 +5760,13 @@
 
 	job_log(j, LOG_DEBUG, "Looking up per user launchd for UID: %u", which_user);
 
-	runtime_get_caller_creds(&ldc);
-
 	if (unlikely(!pid1_magic)) {
 		job_log(j, LOG_ERR, "Only PID 1 supports per user launchd lookups.");
 		return BOOTSTRAP_NOT_PRIVILEGED;
 	}
 
-	if (ldc.euid || ldc.uid) {
-		which_user = ldc.euid ? ldc.euid : ldc.uid;
+	if (ldc->euid || ldc->uid) {
+		which_user = ldc->euid ?: ldc->uid;
 	}
 
 	*up_cont = MACH_PORT_NULL;
@@ -5864,15 +5836,13 @@
 job_mig_check_in(job_t j, name_t servicename, mach_port_t *serviceportp)
 {
 	struct machservice *ms;
-	struct ldcred ldc;
+	struct ldcred *ldc = runtime_get_caller_creds();
 	job_t jo;
 
 	if (!launchd_assumes(j != NULL)) {
 		return BOOTSTRAP_NO_MEMORY;
 	}
 
-	runtime_get_caller_creds(&ldc);
-
 	ms = jobmgr_lookup_service(j->mgr, servicename, true, 0);
 
 	if (unlikely(ms == NULL)) {
@@ -5883,9 +5853,9 @@
 	if (unlikely((jo = machservice_job(ms)) != j)) {
 		static pid_t last_warned_pid;
 
-		if (last_warned_pid != ldc.pid) {
+		if (last_warned_pid != ldc->pid) {
 			job_log(j, LOG_NOTICE, "Check-in of Mach service failed. The service \"%s\" is owned by: %s", servicename, jo->label);
-			last_warned_pid = ldc.pid;
+			last_warned_pid = ldc->pid;
 		}
 
 		return BOOTSTRAP_NOT_PRIVILEGED;
@@ -5907,14 +5877,12 @@
 job_mig_register2(job_t j, name_t servicename, mach_port_t serviceport, uint64_t flags)
 {
 	struct machservice *ms;
-	struct ldcred ldc;
+	struct ldcred *ldc = runtime_get_caller_creds();
 
 	if (!launchd_assumes(j != NULL)) {
 		return BOOTSTRAP_NO_MEMORY;
 	}
 
-	runtime_get_caller_creds(&ldc);
-
 	if (!(flags & BOOTSTRAP_PER_PID_SERVICE) && !j->legacy_LS_job) {
 		job_log(j, LOG_APPLEONLY, "Performance: bootstrap_register() is deprecated. Service: %s", servicename);
 	}
@@ -5926,7 +5894,7 @@
 	 * 92) is a rogue application (not our UID, not root and not a child of
 	 * us). We'll have to reconcile this design friction at a later date.
 	 */
-	if (unlikely(j->anonymous && job_get_bs(j)->parentmgr == NULL && ldc.uid != 0 && ldc.uid != getuid() && ldc.uid != 92)) {
+	if (unlikely(j->anonymous && j->mgr->parentmgr == NULL && ldc->uid != 0 && ldc->uid != getuid() && ldc->uid != 92)) {
 		if (pid1_magic) {
 			return VPROC_ERR_TRY_PER_USER;
 		} else {
@@ -5934,7 +5902,7 @@
 		}
 	}
 	
-	ms = jobmgr_lookup_service(j->mgr, servicename, false, flags & BOOTSTRAP_PER_PID_SERVICE ? ldc.pid : 0);
+	ms = jobmgr_lookup_service(j->mgr, servicename, false, flags & BOOTSTRAP_PER_PID_SERVICE ? ldc->pid : 0);
 
 	if (unlikely(ms)) {
 		if (machservice_job(ms) != j) {
@@ -5963,16 +5931,14 @@
 job_mig_look_up2(job_t j, mach_port_t srp, name_t servicename, mach_port_t *serviceportp, pid_t target_pid, uint64_t flags)
 {
 	struct machservice *ms;
-	struct ldcred ldc;
+	struct ldcred *ldc = runtime_get_caller_creds();
 	kern_return_t kr;
 
 	if (!launchd_assumes(j != NULL)) {
 		return BOOTSTRAP_NO_MEMORY;
 	}
 
-	runtime_get_caller_creds(&ldc);
-
-	if (unlikely(pid1_magic && j->anonymous && job_get_bs(j)->parentmgr == NULL && ldc.uid != 0 && ldc.euid != 0)) {
+	if (unlikely(pid1_magic && j->anonymous && j->mgr->parentmgr == NULL && ldc->uid != 0 && ldc->euid != 0)) {
 		return VPROC_ERR_TRY_PER_USER;
 	}
 
@@ -6014,7 +5980,7 @@
 		job_assumes(j, vproc_mig_look_up2_forward(inherited_bootstrap_port, srp, servicename, 0, 0) == 0);
 		/* The previous routine moved the reply port, we're forced to return MIG_NO_REPLY now */
 		return MIG_NO_REPLY;
-	} else if (pid1_magic && j->anonymous && ldc.euid >= 500 && strcasecmp(job_get_bs(j)->name, VPROCMGR_SESSION_LOGINWINDOW) == 0) {
+	} else if (pid1_magic && j->anonymous && ldc->euid >= 500 && strcasecmp(j->mgr->name, VPROCMGR_SESSION_LOGINWINDOW) == 0) {
 		/*
 		 * 5240036 Should start background session when a lookup of CCacheServer occurs
 		 *
@@ -6182,20 +6148,18 @@
 	mach_port_t reqport, rcvright;
 	kern_return_t kr = 1;
 	launch_data_t out_obj_array = NULL;
-	struct ldcred ldc;
+	struct ldcred *ldc = runtime_get_caller_creds();
 	jobmgr_t jmr = NULL;
 
 	if (!launchd_assumes(j != NULL)) {
 		return BOOTSTRAP_NO_MEMORY;
 	}
 
-	runtime_get_caller_creds(&ldc);
-
 	if (target_subset == MACH_PORT_NULL) {
 		job_t j2;
 
 		if (j->mgr->session_initialized) {
-			if (ldc.uid == 0 && pid1_magic) {
+			if (ldc->uid == 0 && pid1_magic) {
 				if (strcmp(j->mgr->name, VPROCMGR_SESSION_LOGINWINDOW) == 0) {
 					job_t ji, jn;
 
@@ -6233,7 +6197,7 @@
 				kr = BOOTSTRAP_NOT_PRIVILEGED;
 				goto out;
 			}
-		} else if (ldc.uid == 0 && pid1_magic && strcmp(session_type, VPROCMGR_SESSION_STANDARDIO) == 0) {
+		} else if (ldc->uid == 0 && pid1_magic && strcmp(session_type, VPROCMGR_SESSION_STANDARDIO) == 0) {
 			ensure_root_bkgd_setup();
 
 			SLIST_REMOVE(&j->mgr->parentmgr->submgrs, j->mgr, jobmgr_s, sle);
@@ -6275,7 +6239,7 @@
 
 		kr = 0;
 		goto out;
-	} else if (job_mig_intran2(root_jobmgr, target_subset, ldc.pid)) {
+	} else if (job_mig_intran2(root_jobmgr, target_subset, ldc->pid)) {
 		job_log(j, LOG_ERR, "Moving a session to ourself is bogus.");
 
 		kr = BOOTSTRAP_NOT_PRIVILEGED;
@@ -6578,7 +6542,7 @@
 kern_return_t
 job_mig_embedded_kickstart(job_t j, name_t targetlabel, pid_t *out_pid, mach_port_t *out_name_port)
 {
-	struct ldcred ldc;
+	struct ldcred *ldc = runtime_get_caller_creds();
 	kern_return_t kr;
 	job_t otherj;
 
@@ -6590,9 +6554,7 @@
 		return BOOTSTRAP_UNKNOWN_SERVICE;
 	}
 
-	runtime_get_caller_creds(&ldc);
-
-	if (ldc.euid != 0 && ldc.euid != geteuid()
+	if (ldc->euid != 0 && ldc->euid != geteuid()
 #if TARGET_OS_EMBEDDED
 			&& j->username && otherj->username
 			&& strcmp(j->username, otherj->username) != 0
@@ -6624,8 +6586,7 @@
 		return BOOTSTRAP_NO_MEMORY;
 	}
 #if 0
-	struct ldcred ldc;
-	runtime_get_caller_creds(&ldc);
+	struct ldcred *ldc = runtime_get_caller_creds();
 #endif
 	return job_handle_mpm_wait(j, srp, waitstatus);
 }
@@ -6661,7 +6622,6 @@
 		return BOOTSTRAP_NOT_PRIVILEGED;
 	}
 
-
 	target_j = jobmgr_find_by_pid(j->mgr, target_pid, true);
 
 	if (unlikely(target_j == NULL)) {
@@ -6680,6 +6640,7 @@
 		}
 	} else {
 		target_j->deny_unknown_mslookups = !(flags & BOOTSTRAP_ALLOW_LOOKUP);
+		target_j->deny_job_creation = (bool)(flags & BOOTSTRAP_DENY_JOB_CREATION);
 	}
 
 	return 0;
@@ -6690,11 +6651,9 @@
 {
 	launch_data_t input_obj = NULL;
 	size_t data_offset = 0;
-	struct ldcred ldc;
+	struct ldcred *ldc = runtime_get_caller_creds();
 	job_t jr;
 
-	runtime_get_caller_creds(&ldc);
-
 	if (!launchd_assumes(j != NULL)) {
 		return BOOTSTRAP_NO_MEMORY;
 	}
@@ -6703,7 +6662,7 @@
 		return BOOTSTRAP_NOT_PRIVILEGED;
 	}
 
-	if (unlikely(pid1_magic && ldc.euid && ldc.uid)) {
+	if (unlikely(pid1_magic && ldc->euid && ldc->uid)) {
 		job_log(j, LOG_DEBUG, "Punting spawn to per-user-context");
 		return VPROC_ERR_TRY_PER_USER;
 	}
@@ -6730,7 +6689,7 @@
 	job_reparent_hack(jr, NULL);
 
 	if (pid1_magic) {
-		jr->mach_uid = ldc.uid;
+		jr->mach_uid = ldc->uid;
 	}
 
 	jr->legacy_LS_job = true;

Modified: trunk/launchd/src/launchd_runtime.c
===================================================================
--- trunk/launchd/src/launchd_runtime.c	2008-01-18 21:27:01 UTC (rev 23488)
+++ trunk/launchd/src/launchd_runtime.c	2008-01-19 00:53:23 UTC (rev 23489)
@@ -96,7 +96,7 @@
 static size_t mig_cb_table_sz;
 static timeout_callback runtime_idle_callback;
 static mach_msg_timeout_t runtime_idle_timeout;
-static audit_token_t *au_tok;
+static struct ldcred ldc;
 static size_t runtime_busy_cnt;
 
 
@@ -960,26 +960,18 @@
 
 	trailer_size = tp->msgh_trailer_size - (mach_msg_size_t)(sizeof(mach_msg_trailer_type_t) - sizeof(mach_msg_trailer_size_t));
 
-	if (unlikely(trailer_size < (mach_msg_size_t)sizeof(audit_token_t))) {
-		au_tok = NULL;
-		return;
+	if (launchd_assumes(trailer_size >= (mach_msg_size_t)sizeof(audit_token_t))) {
+		audit_token_to_au32(tp->msgh_audit, /* audit UID */ NULL, &ldc.euid,
+				&ldc.egid, &ldc.uid, &ldc.gid, &ldc.pid,
+				/* au_asid_t */ NULL, /* au_tid_t */ NULL);
 	}
 
-	au_tok = &tp->msgh_audit;
 }
 
-INTERNAL_ABI bool
-runtime_get_caller_creds(struct ldcred *ldc)
+INTERNAL_ABI struct ldcred *
+runtime_get_caller_creds(void)
 {
-	if (unlikely(!au_tok)) {
-		return false;
-	}
-
-	audit_token_to_au32(*au_tok, /* audit UID */ NULL, &ldc->euid,
-			&ldc->egid, &ldc->uid, &ldc->gid, &ldc->pid,
-			/* au_asid_t */ NULL, /* au_tid_t */ NULL);
-
-	return true;
+	return &ldc;
 }
 
 void

Modified: trunk/launchd/src/launchd_runtime.h
===================================================================
--- trunk/launchd/src/launchd_runtime.h	2008-01-18 21:27:01 UTC (rev 23488)
+++ trunk/launchd/src/launchd_runtime.h	2008-01-19 00:53:23 UTC (rev 23489)
@@ -125,7 +125,7 @@
 INTERNAL_ABI void runtime_set_timeout(timeout_callback to_cb, unsigned int sec);
 INTERNAL_ABI kern_return_t runtime_add_mport(mach_port_t name, mig_callback demux, mach_msg_size_t msg_size);
 INTERNAL_ABI kern_return_t runtime_remove_mport(mach_port_t name);
-INTERNAL_ABI bool runtime_get_caller_creds(struct ldcred *ldc);
+INTERNAL_ABI struct ldcred *runtime_get_caller_creds(void);
 
 INTERNAL_ABI const char *signal_to_C_name(unsigned int sig);
 INTERNAL_ABI const char *reboot_flags_to_C_names(unsigned int flags);

Modified: trunk/launchd/src/libbootstrap_private.h
===================================================================
--- trunk/launchd/src/libbootstrap_private.h	2008-01-18 21:27:01 UTC (rev 23488)
+++ trunk/launchd/src/libbootstrap_private.h	2008-01-19 00:53:23 UTC (rev 23489)
@@ -29,6 +29,7 @@
 
 #define BOOTSTRAP_PER_PID_SERVICE	0x1
 #define BOOTSTRAP_ALLOW_LOOKUP		0x2
+#define BOOTSTRAP_DENY_JOB_CREATION	0x4
 
 kern_return_t bootstrap_register2(mach_port_t bp, name_t service_name, mach_port_t sp, uint64_t flags);
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/launchd-changes/attachments/20080118/0c25d949/attachment-0001.html
