tech-kern: adding creds to sockets

Subject: adding creds to sockets
To: None <tech-kern@NetBSD.org>
From: Elad Efrat <elad@NetBSD.org>
List: tech-kern
Date: 07/21/2006 01:41:01
This is a multi-part message in MIME format.

--Boundary_(ID_beQY3kjHUxFNZvM6seFvag)
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 7BIT

hi,

i'd like to commit attached patch. it adds so_cred to struct socket, so
the owner of the socket is not just a uid in uidinfo (ugh) but actual
credentials, from the process creating the socket.

comments?

-e.

-- 
Elad Efrat

--Boundary_(ID_beQY3kjHUxFNZvM6seFvag)
Content-type: text/plain; name=so_cred.diff
Content-transfer-encoding: 7BIT
Content-disposition: inline; filename=so_cred.diff

Index: sys/socketvar.h
===================================================================
RCS file: /usr/cvs/src/sys/sys/socketvar.h,v
retrieving revision 1.88
diff -u -p -r1.88 socketvar.h
--- sys/socketvar.h	21 Jun 2006 12:55:12 -0000	1.88
+++ sys/socketvar.h	1 Jul 2006 17:06:28 -0000
@@ -133,6 +133,8 @@ struct socket {
 					struct mbuf **, int *);
 	struct mowner	*so_mowner;	/* who owns mbufs for this socket */
 	struct uidinfo	*so_uidinfo;	/* who opened the socket */
+
+	kauth_cred_t	 so_cred;	/* credentials */
 };
 
 #define	SB_EMPTY_FIXUP(sb)						\
Index: kern/uipc_socket.c
===================================================================
RCS file: /usr/cvs/src/sys/kern/uipc_socket.c,v
retrieving revision 1.121
diff -u -p -r1.121 uipc_socket.c
--- kern/uipc_socket.c	21 Jun 2006 12:55:12 -0000	1.121
+++ kern/uipc_socket.c	19 Jul 2006 17:10:52 -0000
@@ -510,6 +510,8 @@ socreate(int dom, struct socket **aso, i
 		uid = 0;
 	}
 	so->so_uidinfo = uid_find(uid);
+	kauth_cred_hold(l->l_proc->p_cred);
+	so->so_cred = l->l_proc->p_cred;
 	error = (*prp->pr_usrreq)(so, PRU_ATTACH, (struct mbuf *)0,
 	    (struct mbuf *)(long)proto, (struct mbuf *)0, l);
 	if (error) {
@@ -727,6 +729,7 @@ sodisconnect(struct socket *so)
 		error = EALREADY;
 		goto bad;
 	}
+	kauth_cred_free(so->so_cred);
 	error = (*so->so_proto->pr_usrreq)(so, PRU_DISCONNECT,
 	    (struct mbuf *)0, (struct mbuf *)0, (struct mbuf *)0,
 	    (struct lwp *)0);
Index: kern/uipc_socket2.c
===================================================================
RCS file: /usr/cvs/src/sys/kern/uipc_socket2.c,v
retrieving revision 1.74
diff -u -p -r1.74 uipc_socket2.c
--- kern/uipc_socket2.c	3 Jul 2006 02:34:39 -0000	1.74
+++ kern/uipc_socket2.c	19 Jul 2006 17:10:57 -0000
@@ -182,6 +182,8 @@ sonewconn1(struct socket *head, int conn
 	so->so_rcv.sb_mowner = head->so_rcv.sb_mowner;
 	so->so_snd.sb_mowner = head->so_snd.sb_mowner;
 #endif
+	kauth_cred_hold(head->so_cred);
+	so->so_cred = head->so_cred;
 	(void) soreserve(so, head->so_snd.sb_hiwat, head->so_rcv.sb_hiwat);
 	soqinsque(head, so, soqueue);
 	if ((*so->so_proto->pr_usrreq)(so, PRU_ATTACH,

--Boundary_(ID_beQY3kjHUxFNZvM6seFvag)--