/* Copyright (C) 1991-2013 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. The GNU C Library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with the GNU C Library; if not, see <http://www.gnu.org/licenses/>. */ #include <hurd.h> #include <hurd/msg_server.h> #include <hurd/id.h> #include <string.h> int _hurd_refport_secure_p (mach_port_t ref) { if (ref == __mach_task_self ()) return 1; if (__USEPORT (AUTH, ref == port)) return 1; return 0; } kern_return_t _S_msg_add_auth (mach_port_t me, auth_t addauth) { error_t err; auth_t newauth; uid_t *genuids, *gengids, *auxuids, *auxgids; mach_msg_type_number_t ngenuids, ngengids, nauxuids, nauxgids; uid_t *newgenuids, *newgengids, *newauxuids, *newauxgids; mach_msg_type_number_t nnewgenuids, nnewgengids, nnewauxuids, nnewauxgids; /* Create a list of ids and store it in NEWLISTP, length NEWLISTLEN. Keep all the ids in EXIST (len NEXIST), adding in those from NEW (len NNEW) which are not already there. */ error_t make_list (uid_t **newlistp, mach_msg_type_number_t *newlistlen, uid_t *exist, mach_msg_type_number_t nexist, uid_t *new, mach_msg_type_number_t nnew) { error_t urp; int i, j, k; vm_size_t offset; urp = vm_allocate (mach_task_self (), (vm_address_t *) newlistp, nexist + nnew * sizeof (uid_t), 1); if (urp) return urp; j = 0; for (i = 0; i < nexist; i++) (*newlistp)[j++] = exist[i]; for (i = 0; i < nnew; i++) { for (k = 0; k < nexist; k++) if (exist[k] == new[i]) break; if (k < nexist) continue; (*newlistp)[j++] = new[i]; } offset = (round_page (nexist + nnew * sizeof (uid_t)) - round_page (j * sizeof (uid_t))); if (offset) vm_deallocate (mach_task_self (), (vm_address_t) (*newlistp + (nexist + nnew * sizeof (uid_t))), offset); *newlistlen = j; return 0; } /* Find out what ids ADDAUTH refers to */ genuids = gengids = auxuids = auxgids = 0; ngenuids = ngengids = nauxuids = nauxgids = 0; err = __auth_getids (addauth, &genuids, &ngenuids, &auxuids, &nauxuids, &gengids, &ngengids, &auxgids, &nauxgids); if (err) return err; /* OR in these ids to what we already have, creating a new list. */ HURD_CRITICAL_BEGIN; __mutex_lock (&_hurd_id.lock); _hurd_check_ids (); #define MAKE(genaux,uidgid) \ make_list (&new ## genaux ## uidgid ## s, \ &nnew ## genaux ## uidgid ## s, \ _hurd_id.genaux.uidgid ## s, \ _hurd_id.genaux.n ## uidgid ## s, \ genaux ## uidgid ## s, \ n ## genaux ## uidgid ## s) err = MAKE (gen, uid); if (!err) MAKE (aux, uid); if (!err) MAKE (gen, gid); if (!err) MAKE (aux, gid); #undef MAKE __mutex_unlock (&_hurd_id.lock); HURD_CRITICAL_END; /* Create the new auth port */ if (!err) err = __USEPORT (AUTH, __auth_makeauth (port, &addauth, MACH_MSG_TYPE_MOVE_SEND, 1, newgenuids, nnewgenuids, newauxuids, nnewauxuids, newgengids, nnewgengids, newauxgids, nnewauxgids, &newauth)); #define freeup(array, len) \ if (array) \ vm_deallocate (mach_task_self (), (vm_address_t) array, \ len * sizeof (uid_t)); freeup (genuids, ngenuids); freeup (auxuids, nauxuids); freeup (gengids, ngengids); freeup (auxgids, nauxgids); freeup (newgenuids, nnewgenuids); freeup (newauxuids, nnewauxuids); freeup (newgengids, nnewgengids); freeup (newauxgids, nnewauxgids); #undef freeup if (err) return err; /* And install it. */ err = __setauth (newauth); __mach_port_deallocate (__mach_task_self (), newauth); if (err) return errno; return 0; } kern_return_t _S_msg_del_auth (mach_port_t me, task_t task, intarray_t uids, mach_msg_type_number_t nuids, intarray_t gids, mach_msg_type_number_t ngids) { error_t err; auth_t newauth; if (!_hurd_refport_secure_p (task)) return EPERM; HURD_CRITICAL_BEGIN; __mutex_lock (&_hurd_id.lock); err = _hurd_check_ids (); if (!err) { size_t i, j; size_t nu = _hurd_id.gen.nuids, ng = _hurd_id.gen.ngids; uid_t newu[nu]; gid_t newg[ng]; memcpy (newu, _hurd_id.gen.uids, nu * sizeof (uid_t)); memcpy (newg, _hurd_id.gen.gids, ng * sizeof (gid_t)); for (j = 0; j < nuids; ++j) { const uid_t uid = uids[j]; for (i = 0; i < nu; ++i) if (newu[i] == uid) /* Move the last uid into this slot, and decrease the number of uids so the last slot is no longer used. */ newu[i] = newu[--nu]; } __vm_deallocate (__mach_task_self (), (vm_address_t) uids, nuids * sizeof (uid_t)); for (j = 0; j < ngids; ++j) { const gid_t gid = gids[j]; for (i = 0; i < nu; ++i) if (newu[i] == gid) /* Move the last gid into this slot, and decrease the number of gids so the last slot is no longer used. */ newu[i] = newu[--nu]; } __vm_deallocate (__mach_task_self (), (vm_address_t) gids, ngids * sizeof (gid_t)); err = __USEPORT (AUTH, __auth_makeauth (port, NULL, MACH_MSG_TYPE_COPY_SEND, 0, newu, nu, _hurd_id.aux.uids, _hurd_id.aux.nuids, newg, ng, _hurd_id.aux.uids, _hurd_id.aux.ngids, &newauth)); } __mutex_unlock (&_hurd_id.lock); HURD_CRITICAL_END; if (err) return err; err = __setauth (newauth); __mach_port_deallocate (__mach_task_self (), newauth); if (err) return errno; return 0; }