Introduce kauth_proc_fork() to control credential inheritance.

2007-01-15 17:45:32 +00:00 · 2007-01-15 17:45:32 +00:00 · 6df6f0ea65
parent e52ee73ea8
commit 6df6f0ea65
4 changed files with 25 additions and 13 deletions
--- a/share/man/man9/kauth.9
+++ b/share/man/man9/kauth.9
@ -1,4 +1,4 @@
-.\" $NetBSD: kauth.9,v 1.46 2007/01/09 12:49:36 elad Exp $
+.\" $NetBSD: kauth.9,v 1.47 2007/01/15 17:45:32 elad Exp $
 .\"
 .\" Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
 .\" All rights reserved.
@ -25,7 +25,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd January 2, 2007
+.Dd January 15, 2007
 .Dt KAUTH 9
 .Os
 .Sh NAME
@ -852,10 +852,8 @@ One such case is during a
 .Xr fork 2
 where the child process and its LWPs inherit the credentials of the parent.
 .Pp
-To prevent freeing a
-.Ft kauth_cred_t
-while it is still referenced, the following routines are available to maintain
-its reference count:
+The following routines are available for managing credentials reference
+counting and inheritance:
 .Bl -tag
 .It Ft void Fn kauth_cred_hold "kauth_cred_t cred"
 Increases reference count to
@ -869,6 +867,10 @@ by one.
 If the reference count dropped to zero, the memory used by
 .Ar cred
 will be returned back to the memory pool.
+.It Ft void kauth_proc_fork "struct proc *parent" "struct proc *child"
+Called during a
+.Xr fork 2
+to perform credential inheritance.
 .El
 .Ss Credentials Memory Management
 Data-structures for credentials, listeners, and scopes are allocated from
--- a/sys/kern/kern_auth.c
+++ b/sys/kern/kern_auth.c
@ -1,4 +1,4 @@
-/* $NetBSD: kern_auth.c,v 1.37 2007/01/09 12:49:36 elad Exp $ */
+/* $NetBSD: kern_auth.c,v 1.38 2007/01/15 17:45:32 elad Exp $ */

 /*-
 * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
@ -28,7 +28,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.37 2007/01/09 12:49:36 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.38 2007/01/15 17:45:32 elad Exp $");

 #include <sys/types.h>
 #include <sys/param.h>
@ -199,6 +199,15 @@ kauth_cred_copy(kauth_cred_t cred)
 	return (new_cred);
 }

+void
+kauth_proc_fork(struct proc *parent, struct proc *child)
+{
+	/* mutex_enter(&parent->p_mutex); */
+	kauth_cred_hold(parent->p_cred);
+	child->p_cred = parent->p_cred;
+	/* mutex_exit(&parent->p_mutex); */
+}
+
 uid_t
 kauth_cred_getuid(kauth_cred_t cred)
 {
--- a/sys/kern/kern_fork.c
+++ b/sys/kern/kern_fork.c
@ -1,4 +1,4 @@
-/*	$NetBSD: kern_fork.c,v 1.128 2006/11/01 10:17:58 yamt Exp $	*/
+/*	$NetBSD: kern_fork.c,v 1.129 2007/01/15 17:45:33 elad Exp $	*/

 /*-
 * Copyright (c) 1999, 2001, 2004 The NetBSD Foundation, Inc.
@ -76,7 +76,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_fork.c,v 1.128 2006/11/01 10:17:58 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_fork.c,v 1.129 2007/01/15 17:45:33 elad Exp $");

 #include "opt_ktrace.h"
 #include "opt_systrace.h"
@ -305,8 +305,7 @@ fork1(struct lwp *l1, int flags, int exitsig, void *stack, size_t stacksize,
 	if (p1->p_flag & P_PROFIL)
 		startprofclock(p2);

-	kauth_cred_hold(p1->p_cred);
-	p2->p_cred = p1->p_cred;
+	kauth_proc_fork(p1, p2);

 	LIST_INIT(&p2->p_raslist);
 #if defined(__HAVE_RAS)
--- a/sys/sys/kauth.h
+++ b/sys/sys/kauth.h
@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.32 2007/01/09 12:49:37 elad Exp $ */
+/* $NetBSD: kauth.h,v 1.33 2007/01/15 17:45:32 elad Exp $ */

 /*-
 * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>  
@ -300,4 +300,6 @@ void kauth_cred_topcred(kauth_cred_t, struct pcred *);

 kauth_cred_t kauth_cred_get(void);

+void kauth_proc_fork(struct proc *, struct proc *);
+
 #endif	/* !_SYS_KAUTH_H_ */