205 static void	kauth_identity_register_and_free(struct kauth_identity *kip);
206 static void	kauth_identity_updatecache(struct kauth_identity_extlookup *elp, struct kauth_identity *kip, uint64_t extend_data);
208 static void	kauth_identity_lru(struct kauth_identity *kip);
209 static int	kauth_identity_guid_expired(struct kauth_identity *kip);
210 static int	kauth_identity_ntsid_expired(struct kauth_identity *kip);
1075 	struct kauth_identity *kip;
1078 	MALLOC(kip, struct kauth_identity *, sizeof(*kip), M_KAUTH, M_WAITOK | M_ZERO);
1079 	if (kip != NULL) {
1081 			kip->ki_gid = gid;
1082 			kip->ki_valid = KI_VALID_GID;
1085 			if (kip->ki_valid & KI_VALID_GID)
1087 			kip->ki_uid = uid;
1088 			kip->ki_valid = KI_VALID_UID;
1091 			kip->ki_guid = *guidp;
1092 			kip->ki_valid |= KI_VALID_GUID;
1094 		kip->ki_guid_expiry = guid_expiry;
1096 			kip->ki_ntsid = *ntsidp;
1097 			kip->ki_valid |= KI_VALID_NTSID;
1099 		kip->ki_ntsid_expiry = ntsid_expiry;
1101 			kip->ki_name = name;
1102 			kip->ki_valid |= nametype;
1105 	return(kip);
1113  *		'kip' is consumed by this function.
1115  * Parameters:	kip				Pointer to kauth_identity
1120  * Notes:	The memory pointer to by 'kip' is assumed to have been
1124 kauth_identity_register_and_free(struct kauth_identity *kip)
1134 	if (kip->ki_valid & KI_VALID_UID) {
1135 		if (kip->ki_valid & KI_VALID_GID)
1138 		    if ((ip->ki_valid & KI_VALID_UID) && (ip->ki_uid == kip->ki_uid))
1140 	} else if (kip->ki_valid & KI_VALID_GID) {
1142 		    if ((ip->ki_valid & KI_VALID_GID) && (ip->ki_gid == kip->ki_gid))
1150 		if (kip->ki_valid & KI_VALID_GUID) {
1151 			ip->ki_guid = kip->ki_guid;
1154 		ip->ki_guid_expiry = kip->ki_guid_expiry;
1155 		if (kip->ki_valid & KI_VALID_NTSID) {
1156 			ip->ki_ntsid = kip->ki_ntsid;
1159 		ip->ki_ntsid_expiry = kip->ki_ntsid_expiry;
1161 		if (kip->ki_valid & (KI_VALID_PWNAM | KI_VALID_GRNAM)) {
1166 			ip->ki_name = kip->ki_name;
1167 			kip->ki_name = oname;
1170 		ip = kip;
1176 		TAILQ_INSERT_HEAD(&kauth_identities, kip, ki_link);
1229 	struct kauth_identity *kip;
1248 		TAILQ_FOREACH(kip, &kauth_identities, ki_link) {
1250 			if ((kip->ki_valid & KI_VALID_UID) && (kip->ki_uid == elp->el_uid)) {
1252 					kip->ki_guid = elp->el_uguid;
1253 					kip->ki_valid |= KI_VALID_GUID;
1255 				kip->ki_guid_expiry = (elp->el_uguid_valid) ? tv.tv_sec + elp->el_uguid_valid : 0;
1257 					kip->ki_ntsid = elp->el_usid;
1258 					kip->ki_valid |= KI_VALID_NTSID;
1260 				kip->ki_ntsid_expiry = (elp->el_usid_valid) ? tv.tv_sec + elp->el_usid_valid : 0;
1262 					const char *oname = kip->ki_name;
1263 					kip->ki_name = speculative_name;
1265 					kip->ki_valid |= KI_VALID_PWNAM;
1274 				kauth_identity_lru(kip);
1276 					*rkip = *kip;
1277 				KAUTH_DEBUG("CACHE - refreshed %d is " K_UUID_FMT, kip->ki_uid, K_UUID_ARG(kip->ki_guid));
1283 		if (kip == NULL) {
1284 			kip = kauth_identity_alloc(elp->el_uid, KAUTH_GID_NONE,
1291 			if (kip != NULL) {
1293 					*rkip = *kip;
1296 				KAUTH_DEBUG("CACHE - learned %d is " K_UUID_FMT, kip->ki_uid, K_UUID_ARG(kip->ki_guid));
1297 				kauth_identity_register_and_free(kip);
1305 		TAILQ_FOREACH(kip, &kauth_identities, ki_link) {
1307 			if ((kip->ki_valid & KI_VALID_GID) && (kip->ki_gid == elp->el_gid)) {
1309 					kip->ki_guid = elp->el_gguid;
1310 					kip->ki_valid |= KI_VALID_GUID;
1312 				kip->ki_guid_expiry = (elp->el_gguid_valid) ? tv.tv_sec + elp->el_gguid_valid : 0;
1314 					kip->ki_ntsid = elp->el_gsid;
1315 					kip->ki_valid |= KI_VALID_NTSID;
1317 				kip->ki_ntsid_expiry = (elp->el_gsid_valid) ? tv.tv_sec + elp->el_gsid_valid : 0;
1319 					const char *oname = kip->ki_name;
1320 					kip->ki_name = speculative_name;
1322 					kip->ki_valid |= KI_VALID_GRNAM;
1331 				kauth_identity_lru(kip);
1333 					*rkip = *kip;
1334 				KAUTH_DEBUG("CACHE - refreshed %d is " K_UUID_FMT, kip->ki_uid, K_UUID_ARG(kip->ki_guid));
1340 		if (kip == NULL) {
1341 			kip = kauth_identity_alloc(KAUTH_UID_NONE, elp->el_gid,
1348 			if (kip != NULL) {
1350 					*rkip = *kip;
1353 				KAUTH_DEBUG("CACHE - learned %d is " K_UUID_FMT, kip->ki_uid, K_UUID_ARG(kip->ki_guid));
1354 				kauth_identity_register_and_free(kip);
1373 	struct kauth_identity 		*kip;
1378 		kip = TAILQ_LAST(&kauth_identities, kauth_identity_head);
1379 		TAILQ_REMOVE(&kauth_identities, kip, ki_link);
1381 		FREE(kip, M_KAUTH);
1391  * Parameters:	kip				kauth identity to move to the
1403 kauth_identity_lru(struct kauth_identity *kip)
1405 	if (kip != TAILQ_FIRST(&kauth_identities)) {
1406 		TAILQ_REMOVE(&kauth_identities, kip, ki_link);
1407 		TAILQ_INSERT_HEAD(&kauth_identities, kip, ki_link);
1417  * Parameters:	kip				kauth identity to check for
1424 kauth_identity_guid_expired(struct kauth_identity *kip)
1431 	if (kip->ki_guid_expiry == 0)
1435 	KAUTH_DEBUG("CACHE - GUID expires @ %d now %d", kip->ki_guid_expiry, tv.tv_sec);
1437 	return((kip->ki_guid_expiry <= tv.tv_sec) ? 1 : 0);
1446  * Parameters:	kip				kauth identity to check for
1453 kauth_identity_ntsid_expired(struct kauth_identity *kip)
1460 	if (kip->ki_ntsid_expiry == 0)
1464 	KAUTH_DEBUG("CACHE - NTSID expires @ %d now %d", kip->ki_ntsid_expiry, tv.tv_sec);
1466 	return((kip->ki_ntsid_expiry <= tv.tv_sec) ? 1 : 0);
1488 	struct kauth_identity *kip;
1491 	TAILQ_FOREACH(kip, &kauth_identities, ki_link) {
1492 		if ((kip->ki_valid & KI_VALID_UID) && (uid == kip->ki_uid)) {
1493 			kauth_identity_lru(kip);
1495 			*kir = *kip;
1497 			if (getname != NULL && (kip->ki_valid & (KI_VALID_PWNAM | KI_VALID_GRNAM)))
1498 				strlcpy(getname, kip->ki_name, MAXPATHLEN);
1503 	return((kip == NULL) ? ENOENT : 0);
1525 	struct kauth_identity *kip;
1528 	TAILQ_FOREACH(kip, &kauth_identities, ki_link) {
1529 		if ((kip->ki_valid & KI_VALID_GID) && (gid == kip->ki_gid)) {
1530 			kauth_identity_lru(kip);
1532 			*kir = *kip;
1534 			if (getname != NULL && (kip->ki_valid & (KI_VALID_PWNAM | KI_VALID_GRNAM)))
1535 				strlcpy(getname, kip->ki_name, MAXPATHLEN);
1540 	return((kip == NULL) ? ENOENT : 0);
1565 	struct kauth_identity *kip;
1568 	TAILQ_FOREACH(kip, &kauth_identities, ki_link) {
1569 		if ((kip->ki_valid & KI_VALID_GUID) && (kauth_guid_equal(guidp, &kip->ki_guid))) {
1570 			kauth_identity_lru(kip);
1572 			*kir = *kip;
1574 			if (getname != NULL && (kip->ki_valid & (KI_VALID_PWNAM | KI_VALID_GRNAM)))
1575 				strlcpy(getname, kip->ki_name, MAXPATHLEN);
1580 	return((kip == NULL) ? ENOENT : 0);
1601 	struct kauth_identity *kip;
1604 	TAILQ_FOREACH(kip, &kauth_identities, ki_link) {
1605 		if ((kip->ki_valid & valid) && !strcmp(name, kip->ki_name)) {
1606 			kauth_identity_lru(kip);
1608 			*kir = *kip;
1613 	return((kip == NULL) ? ENOENT : 0);
1638 	struct kauth_identity *kip;
1641 	TAILQ_FOREACH(kip, &kauth_identities, ki_link) {
1642 		if ((kip->ki_valid & KI_VALID_NTSID) && (kauth_ntsid_equal(ntsid, &kip->ki_ntsid))) {
1643 			kauth_identity_lru(kip);
1645 			*kir = *kip;
1647 			if (getname != NULL && (kip->ki_valid & (KI_VALID_PWNAM | KI_VALID_GRNAM)))
1648 				strlcpy(getname, kip->ki_name, MAXPATHLEN);
1653 	return((kip == NULL) ? ENOENT : 0);
2333 	int (* expired)(struct kauth_identity *kip);
2653  * Parameters:	kip				group membership entry to move

Indexes created Wed Sep 11 23:09:49 MDT 2024