Commit Graph

39 Commits

Author SHA1 Message Date
sommerfe
098b6f8e8a Disallow descriptor-passing of descriptors which are open on
directories which aren't under the recipient's root.

Clean up of many error conditions involving descriptor passing, to
eliminate infinite loops, panics, premature garbage collection of
sockets, and descriptor leaks:
 - Avoid letting unp_gc() see descriptors with a refcount of zero by
removing them from the socket's queue before releasing them.
 - Avoid socket leak in PRU_ABORT (this will also gc descriptors queued
on a not-yet accepted socket when the accepting socket goes away).
 - Put in block comment explaining how unp_gc() should work.
 - Correctly manage unp_defer count so we don't get stuck in an infinite
loop with nothing to do.
 - Don't tie MARK and DEFER bits so closely together.
 - Mark descriptors queued on not-yet-accepted sockets as well.
 - Don't call sorflush on non-socket, it doesn't work very well.
 - Deal with discard of NULL file pointer.
 - Hopefully cause GC to converge faster by only deferring sockets in
unp_mark().
1999-03-22 17:54:38 +00:00
thorpej
943f7cd0e7 In unp_internalize(), add a comment explaining why we must ALIGN() the
data after the cmsghdr when accessing internalized SCM_RIGHTS messages
(i.e. array of struct file *s).  The historic interface does not align
the externalized SCM_RIGHTS messages (i.e. array of ints).
1998-12-21 23:12:19 +00:00
thorpej
992f3b8ea7 Fix a fencepost error in unp_scan() which caused a bad pointer deref on
the SPARC platform only (ILP32 but ALIGNBYTES of 7), due to a missing
ALIGN().
1998-12-21 23:03:02 +00:00
perry
275d1554aa Abolition of bcopy, ovbcopy, bcmp, and bzero, phase one.
bcopy(x, y, z) ->  memcpy(y, x, z)
ovbcopy(x, y, z) -> memmove(y, x, z)
   bcmp(x, y, z) ->  memcmp(x, y, z)
  bzero(x, y)    ->  memset(x, 0, y)
1998-08-04 04:03:10 +00:00
perry
730baa7431 fix sizeofs so they comply with the KNF style guide. yes, it is pedantic. 1998-07-31 22:50:48 +00:00
lukem
786b86d71b use AF_LOCAL instead of AF_UNIX 1998-07-18 05:04:35 +00:00
thorpej
4c50a37133 Back out previous, I botched something. 1998-07-16 00:46:50 +00:00
thorpej
b20c7bf68c For SOCK_STREAM, provide the socket credentials to the accepter as soon as
the client connects.
1998-07-10 22:15:47 +00:00
fvdl
e5bc90f40c Merge with Lite2 + local changes 1998-03-01 02:20:01 +00:00
thorpej
cc22126721 Implement passing credentials as ancillary data on Unix domain sockets,
enabled with the LOCAL_CREDS socket option on the listener.  Semantics are
similar to BSD/OS's:
- Creds are available with first data on SOCK_STREAM, and with every datagram
  on SOCK_DGRAM.
- It is not possible to forge credentials.

Different in that:
- Different credential data structure (ours does not rely on the format
  of internal kernel data structures, and does not pass the login name).
- We can pass creds and file descriptors at the same time (this does not
  work in BSD/OS).

Luke Mewburn <lukem@netbsd.org> gets credit for inspiring me to implement
this.  :-)
1998-01-07 22:57:09 +00:00
thorpej
e918c058f1 Fix passing of multiple file descriptors (was broken when code was made
64-bit safe).
1998-01-07 04:03:38 +00:00
christos
3f60774556 PR/4280: Chris Jones: Sending more than one fd over AF_UNIX sockets causes
panic. Bug in the fd -> struct file * conversion...
1997-10-17 17:35:08 +00:00
thorpej
1351e629b3 Several small changes to eliminate kludginess in dealing with unix domain
socket names:
- In unp_setsockaddr() and unp_setpeeraddr(), if the socket name can't
  fit into a single mbuf, allocate enough external storage space to
  hold it.
- In unp_bind() and unp_connect(), perform a similar operation, but allocate
  one extra byte, and ensure that the pathname is nul-terminated.
Many thanks to enami tsugutomo <enami@cv.sony.co.jp> for the sanity
checking.
1997-06-26 06:06:40 +00:00
thorpej
a149ed59e4 Eliminate use of dtom() in the handing of UNIX domain sockets. Add an
"unp_addrlen" member to the unpcb, and use it when copying the socket
name.  This eliminates that last uses of dtom() in the system.
1997-06-24 19:12:53 +00:00
kleink
9827bd6dc6 When fstat(2)ing a file descriptor of a local communications domain socket,
fill the socket's creation time into the stat structure's st_[acm]time fields:
POSIX requires this behavior for pipe(2). N.B.: updating the st_[am]time fields
when reading/writing the pipe is neither required nor implemented, though.
1997-05-15 17:01:04 +00:00
cgd
319b64a8f7 Internalize and externalize file descriptors being passed via local domain
socket control messages correctly, without assuming that sizeof(int) ==
sizeof(pointer).  Fixes PR#3183.
1997-04-10 01:51:21 +00:00
mycroft
4c8302e0f4 Oops. Add missing label. 1996-05-23 17:07:03 +00:00
mycroft
8d0a82819c We can only get a control mbuf for PRU_SEND or PRU_SENDOOB. Add diagnostic
code to panic in this case.
1996-05-23 16:49:08 +00:00
mycroft
5288bfd58b Make sure the control and data mbufs are freed in all cases. 1996-05-23 16:41:49 +00:00
mycroft
03232fb1f2 Separate some code into separate functions.
Make unp_addr be a pointer to the sockaddr, not to the mbuf, as with raw
sockets.
Other minor cleanup.
1996-05-23 16:03:45 +00:00
mycroft
49d52c9b1c Pass a proc pointer down to the usrreq and pcbbind functions for PRU_ATTACH, PRU_BIND and
PRU_CONTROL.  The usrreq interface really needs to be split up, but this will have to wait.
Remove SS_PRIV completely.
1996-05-22 13:54:55 +00:00
christos
09afd77655 More proto fixes 1996-02-09 18:59:18 +00:00
pk
00acf2040e unp_detach() return type botch. 1996-02-04 20:32:15 +00:00
christos
e630447d8c First pass at prototyping 1996-02-04 02:17:43 +00:00
mycroft
873ed30f83 so_pcb should be a void *. 1995-08-17 02:57:20 +00:00
mycroft
0ecd5256ad Allocate PCBs with malloc(), more mgetclr(). Be more careful to free the
PCB after it's done with.
1995-08-16 00:29:50 +00:00
mycroft
bb85930bbe Add missing argument to closef(). 1995-04-05 21:26:40 +00:00
mycroft
a18ec3cb1b LEASE_CHECK -> VOP_LEASE 1994-12-13 21:52:35 +00:00
mycroft
2f710a54ee Convert process, file, and namei lists and hash tables to use queue.h. 1994-08-30 03:04:28 +00:00
cgd
cf92afd66e New RCS ID's, take two. they're more aesthecially pleasant, and use 'NetBSD' 1994-06-29 06:29:24 +00:00
mycroft
699bbb84b6 Update to 4.4-Lite fs code. 1994-06-08 11:28:29 +00:00
mycroft
511a02415f Fix panic when closing a file descriptor on which access rights have been sent
but not received.
1994-05-04 09:50:11 +00:00
mycroft
7f50bd1829 Canonicalize all #includes. 1993-12-18 04:21:37 +00:00
mycroft
40222e846f Fix from Noriyuki Soda <soda@sra.co.jp>:
recvmsg(2) always returns -1 with errno==EMSGSIZE, when trying
        to pass file descriptors through UNIX domain socket.
1993-09-14 03:35:08 +00:00
andrew
0e6cb953ea ANSIfications - removed all implicit function return types and argument
definitions.  Ensured that all files include "systm.h" to gain access to
general prototypes.  Casts where necessary.
1993-06-27 06:01:27 +00:00
andrew
d790308a20 Yuval Yarom's 'panic:closef: count < 0' fix to unp_discard(). 1993-06-12 14:01:23 +00:00
cgd
fe1802950b add include of select.h if necessary for protos, or delete if extraneous 1993-05-22 11:40:42 +00:00
cgd
8d6c77881c make kernel select interface be one-stop shopping & clean it all up. 1993-05-18 18:18:40 +00:00
cgd
61f282557f initial import of 386bsd-0.1 sources 1993-03-21 09:45:37 +00:00