Re: Socket credentials (take 2)

[Elad Efrat <elad%NetBSD.org@localhost>]

Attached is an updated diff, using l->l_cred. I'm currently using it and
it seems to work okay.

Note that I didn't remove so_egid or change anything that uses uidinfo
for authorization. I'll do so once so_cred is in.

Thanks,

-e.

Index: sys/sys/socketvar.h
===================================================================
RCS file: /usr/cvs/src/sys/sys/socketvar.h,v
retrieving revision 1.119
diff -u -p -r1.119 socketvar.h
--- sys/sys/socketvar.h 4 Apr 2009 10:12:52 -0000       1.119
+++ sys/sys/socketvar.h 25 Apr 2009 15:39:18 -0000
@@ -171,6 +171,7 @@ struct socket {
        struct mowner   *so_mowner;     /* who owns mbufs for this socket */
        struct uidinfo  *so_uidinfo;    /* who opened the socket */
        gid_t           so_egid;        /* creator effective gid */
+       kauth_cred_t    so_cred;        /* credentials */
        pid_t           so_cpid;        /* creator pid */
        struct so_accf {
                struct accept_filter    *so_accept_filter;
Index: sys/kern/uipc_socket.c
===================================================================
RCS file: /usr/cvs/src/sys/kern/uipc_socket.c,v
retrieving revision 1.188
diff -u -p -r1.188 uipc_socket.c
--- sys/kern/uipc_socket.c      4 Apr 2009 10:12:51 -0000       1.188
+++ sys/kern/uipc_socket.c      25 Apr 2009 15:40:51 -0000
@@ -502,6 +502,8 @@ socreate(int dom, struct socket **aso, i
        uid = kauth_cred_geteuid(l->l_cred);
        so->so_uidinfo = uid_find(uid);
        so->so_egid = kauth_cred_getegid(l->l_cred);
+       kauth_cred_hold(l->l_cred);
+       so->so_cred = l->l_cred;
        so->so_cpid = l->l_proc->p_pid;
        if (lockso != NULL) {
                /* Caller wants us to share a lock. */
@@ -798,6 +800,7 @@ sodisconnect(struct socket *so)
                error = (*so->so_proto->pr_usrreq)(so, PRU_DISCONNECT,
                    NULL, NULL, NULL, NULL);
        }
+       kauth_cred_free(so->so_cred);
        sodopendfree();
        return (error);
 }
Index: sys/kern/uipc_socket2.c
===================================================================
RCS file: /usr/cvs/src/sys/kern/uipc_socket2.c,v
retrieving revision 1.101
diff -u -p -r1.101 uipc_socket2.c
--- sys/kern/uipc_socket2.c     21 Jan 2009 06:59:29 -0000      1.101
+++ sys/kern/uipc_socket2.c     25 Apr 2009 15:41:31 -0000
@@ -271,6 +271,8 @@ sonewconn(struct socket *head, int conns
        so->so_receive = head->so_receive;
        so->so_uidinfo = head->so_uidinfo;
        so->so_egid = head->so_egid;
+       kauth_cred_hold(head->so_cred);
+       so->so_cred = head->so_cred;
        so->so_cpid = head->so_cpid;
 #ifdef MBUFTRACE
        so->so_mowner = head->so_mowner;