- Only acquire cr_lock when changing cr_refcnt.
- When freeing, test the value of cr_refcnt from inside the lock perimiter. - Change some uint16_t/uint32_t types to u_int. - KASSERT(cr_refcnt > 0) in appropriate places. - KASSERT(cr_refcnt == 1) when changing the credential.
This commit is contained in:
ad
parent
7c79d661fa
commit
55a5faa1ef
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: kern_auth.c,v 1.10 2006/07/16 20:10:11 elad Exp $ */
|
||||
/* $NetBSD: kern_auth.c,v 1.11 2006/07/17 14:37:20 ad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
|
||||
|
|
@ -50,15 +50,15 @@
|
|||
* Credentials.
|
||||
*/
|
||||
struct kauth_cred {
|
||||
struct simplelock cr_lock; /* lock */
|
||||
uint32_t cr_refcnt; /* reference count */
|
||||
struct simplelock cr_lock; /* lock on cr_refcnt */
|
||||
u_int cr_refcnt; /* reference count */
|
||||
uid_t cr_uid; /* user id */
|
||||
uid_t cr_euid; /* effective user id */
|
||||
uid_t cr_svuid; /* saved effective user id */
|
||||
gid_t cr_gid; /* group id */
|
||||
gid_t cr_egid; /* effective group id */
|
||||
gid_t cr_svgid; /* saved effective group id */
|
||||
uint16_t cr_ngroups; /* number of groups */
|
||||
u_int cr_ngroups; /* number of groups */
|
||||
gid_t cr_groups[NGROUPS]; /* group memberships */
|
||||
};
|
||||
|
||||
|
|
@ -68,7 +68,7 @@ struct kauth_cred {
|
|||
struct kauth_listener {
|
||||
kauth_scope_callback_t func; /* callback */
|
||||
kauth_scope_t scope; /* scope backpointer */
|
||||
uint32_t refcnt; /* reference count */
|
||||
u_int refcnt; /* reference count */
|
||||
SIMPLEQ_ENTRY(kauth_listener) listener_next; /* listener list */
|
||||
};
|
||||
|
||||
|
|
@ -78,7 +78,7 @@ struct kauth_listener {
|
|||
struct kauth_scope {
|
||||
const char *id; /* scope name */
|
||||
void *cookie; /* user cookie */
|
||||
uint32_t nlisteners; /* # of listeners */
|
||||
u_int nlisteners; /* # of listeners */
|
||||
SIMPLEQ_HEAD(, kauth_listener) listenq; /* listener list */
|
||||
SIMPLEQ_ENTRY(kauth_scope) next_scope; /* scope list */
|
||||
};
|
||||
|
|
@ -117,6 +117,7 @@ void
|
|||
kauth_cred_hold(kauth_cred_t cred)
|
||||
{
|
||||
KASSERT(cred != NULL);
|
||||
KASSERT(cred->cr_refcnt > 0);
|
||||
|
||||
simple_lock(&cred->cr_lock);
|
||||
cred->cr_refcnt++;
|
||||
|
|
@ -127,13 +128,16 @@ kauth_cred_hold(kauth_cred_t cred)
|
|||
void
|
||||
kauth_cred_free(kauth_cred_t cred)
|
||||
{
|
||||
u_int refcnt;
|
||||
|
||||
KASSERT(cred != NULL);
|
||||
KASSERT(cred->cr_refcnt > 0);
|
||||
|
||||
simple_lock(&cred->cr_lock);
|
||||
cred->cr_refcnt--;
|
||||
refcnt = --cred->cr_refcnt;
|
||||
simple_unlock(&cred->cr_lock);
|
||||
|
||||
if (cred->cr_refcnt == 0)
|
||||
if (refcnt == 0)
|
||||
pool_put(&kauth_cred_pool, cred);
|
||||
}
|
||||
|
||||
|
|
@ -142,6 +146,7 @@ kauth_cred_clone(kauth_cred_t from, kauth_cred_t to)
|
|||
{
|
||||
KASSERT(from != NULL);
|
||||
KASSERT(to != NULL);
|
||||
KASSERT(from->cr_refcnt > 0);
|
||||
|
||||
to->cr_uid = from->cr_uid;
|
||||
to->cr_euid = from->cr_euid;
|
||||
|
|
@ -150,8 +155,7 @@ kauth_cred_clone(kauth_cred_t from, kauth_cred_t to)
|
|||
to->cr_egid = from->cr_egid;
|
||||
to->cr_svgid = from->cr_svgid;
|
||||
to->cr_ngroups = from->cr_ngroups;
|
||||
memcpy(to->cr_groups, from->cr_groups,
|
||||
sizeof(to->cr_groups));
|
||||
memcpy(to->cr_groups, from->cr_groups, sizeof(to->cr_groups));
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -163,6 +167,7 @@ kauth_cred_dup(kauth_cred_t cred)
|
|||
kauth_cred_t new_cred;
|
||||
|
||||
KASSERT(cred != NULL);
|
||||
KASSERT(cred->cr_refcnt > 0);
|
||||
|
||||
new_cred = kauth_cred_alloc();
|
||||
|
||||
|
|
@ -181,6 +186,7 @@ kauth_cred_copy(kauth_cred_t cred)
|
|||
kauth_cred_t new_cred;
|
||||
|
||||
KASSERT(cred != NULL);
|
||||
KASSERT(cred->cr_refcnt > 0);
|
||||
|
||||
/* If the provided credentials already have one reference, use them. */
|
||||
if (cred->cr_refcnt == 1)
|
||||
|
|
@ -247,6 +253,7 @@ void
|
|||
kauth_cred_setuid(kauth_cred_t cred, uid_t uid)
|
||||
{
|
||||
KASSERT(cred != NULL);
|
||||
KASSERT(cred->cr_refcnt == 1);
|
||||
|
||||
cred->cr_uid = uid;
|
||||
}
|
||||
|
|
@ -255,6 +262,7 @@ void
|
|||
kauth_cred_seteuid(kauth_cred_t cred, uid_t uid)
|
||||
{
|
||||
KASSERT(cred != NULL);
|
||||
KASSERT(cred->cr_refcnt == 1);
|
||||
|
||||
cred->cr_euid = uid;
|
||||
}
|
||||
|
|
@ -263,6 +271,7 @@ void
|
|||
kauth_cred_setsvuid(kauth_cred_t cred, uid_t uid)
|
||||
{
|
||||
KASSERT(cred != NULL);
|
||||
KASSERT(cred->cr_refcnt == 1);
|
||||
|
||||
cred->cr_svuid = uid;
|
||||
}
|
||||
|
|
@ -271,6 +280,7 @@ void
|
|||
kauth_cred_setgid(kauth_cred_t cred, gid_t gid)
|
||||
{
|
||||
KASSERT(cred != NULL);
|
||||
KASSERT(cred->cr_refcnt == 1);
|
||||
|
||||
cred->cr_gid = gid;
|
||||
}
|
||||
|
|
@ -279,6 +289,7 @@ void
|
|||
kauth_cred_setegid(kauth_cred_t cred, gid_t gid)
|
||||
{
|
||||
KASSERT(cred != NULL);
|
||||
KASSERT(cred->cr_refcnt == 1);
|
||||
|
||||
cred->cr_egid = gid;
|
||||
}
|
||||
|
|
@ -287,6 +298,7 @@ void
|
|||
kauth_cred_setsvgid(kauth_cred_t cred, gid_t gid)
|
||||
{
|
||||
KASSERT(cred != NULL);
|
||||
KASSERT(cred->cr_refcnt == 1);
|
||||
|
||||
cred->cr_svgid = gid;
|
||||
}
|
||||
|
|
@ -311,7 +323,7 @@ kauth_cred_ismember_gid(kauth_cred_t cred, gid_t gid, int *resultp)
|
|||
return (0);
|
||||
}
|
||||
|
||||
uint16_t
|
||||
u_int
|
||||
kauth_cred_ngroups(kauth_cred_t cred)
|
||||
{
|
||||
KASSERT(cred != NULL);
|
||||
|
|
@ -323,7 +335,7 @@ kauth_cred_ngroups(kauth_cred_t cred)
|
|||
* Return the group at index idx from the groups in cred.
|
||||
*/
|
||||
gid_t
|
||||
kauth_cred_group(kauth_cred_t cred, uint16_t idx)
|
||||
kauth_cred_group(kauth_cred_t cred, u_int idx)
|
||||
{
|
||||
KASSERT(cred != NULL);
|
||||
KASSERT(idx < cred->cr_ngroups);
|
||||
|
|
@ -336,10 +348,9 @@ int
|
|||
kauth_cred_setgroups(kauth_cred_t cred, gid_t *grbuf, size_t len, uid_t gmuid)
|
||||
{
|
||||
KASSERT(cred != NULL);
|
||||
KASSERT(cred->cr_refcnt == 1);
|
||||
KASSERT(len <= sizeof(cred->cr_groups) / sizeof(cred->cr_groups[0]));
|
||||
|
||||
simple_lock(&cred->cr_lock);
|
||||
|
||||
if (len)
|
||||
memcpy(cred->cr_groups, grbuf, len * sizeof(cred->cr_groups[0]));
|
||||
memset(cred->cr_groups + len, 0xff,
|
||||
|
|
@ -347,8 +358,6 @@ kauth_cred_setgroups(kauth_cred_t cred, gid_t *grbuf, size_t len, uid_t gmuid)
|
|||
|
||||
cred->cr_ngroups = len;
|
||||
|
||||
simple_unlock(&cred->cr_lock);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
|
@ -359,9 +368,7 @@ kauth_cred_getgroups(kauth_cred_t cred, gid_t *grbuf, size_t len)
|
|||
KASSERT(len <= cred->cr_ngroups);
|
||||
|
||||
memset(grbuf, 0xff, sizeof(*grbuf) * len);
|
||||
simple_lock(&cred->cr_lock);
|
||||
memcpy(grbuf, cred->cr_groups, sizeof(*grbuf) * len);
|
||||
simple_unlock(&cred->cr_lock);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
|
@ -390,7 +397,7 @@ kauth_cred_uidmatch(kauth_cred_t cred1, kauth_cred_t cred2)
|
|||
return (0);
|
||||
}
|
||||
|
||||
uint32_t
|
||||
u_int
|
||||
kauth_cred_getrefcnt(kauth_cred_t cred)
|
||||
{
|
||||
KASSERT(cred != NULL);
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: kauth.h,v 1.4 2006/07/16 20:10:12 elad Exp $ */
|
||||
/* $NetBSD: kauth.h,v 1.5 2006/07/17 14:37:20 ad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
|
||||
|
|
@ -115,8 +115,8 @@ gid_t kauth_cred_getgid(kauth_cred_t);
|
|||
gid_t kauth_cred_getegid(kauth_cred_t);
|
||||
gid_t kauth_cred_getsvgid(kauth_cred_t);
|
||||
int kauth_cred_ismember_gid(kauth_cred_t, gid_t, int *);
|
||||
uint16_t kauth_cred_ngroups(kauth_cred_t);
|
||||
gid_t kauth_cred_group(kauth_cred_t, uint16_t);
|
||||
u_int kauth_cred_ngroups(kauth_cred_t);
|
||||
gid_t kauth_cred_group(kauth_cred_t, u_int);
|
||||
|
||||
void kauth_cred_setuid(kauth_cred_t, uid_t);
|
||||
void kauth_cred_seteuid(kauth_cred_t, uid_t);
|
||||
|
|
@ -126,7 +126,7 @@ void kauth_cred_setegid(kauth_cred_t, gid_t);
|
|||
void kauth_cred_setsvgid(kauth_cred_t, gid_t);
|
||||
|
||||
void kauth_cred_hold(kauth_cred_t);
|
||||
uint32_t kauth_cred_getrefcnt(kauth_cred_t);
|
||||
u_int kauth_cred_getrefcnt(kauth_cred_t);
|
||||
|
||||
int kauth_cred_setgroups(kauth_cred_t, gid_t *, size_t, uid_t);
|
||||
int kauth_cred_getgroups(kauth_cred_t, gid_t *, size_t);
|
||||
|
|
|
|||
Loading…
Reference in New Issue