[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[hurd] 18/70: libshouldbeinlibc: Add nullauth.{c,h}
From: |
Samuel Thibault |
Subject: |
[hurd] 18/70: libshouldbeinlibc: Add nullauth.{c,h} |
Date: |
Mon, 16 Sep 2013 07:41:37 +0000 |
This is an automated email from the git hooks/post-receive script.
sthibault pushed a commit to branch upstream
in repository hurd.
commit 4c28f07bf1fbfbcee9dcd47e8ee124567c40f5e5
Author: Justus Winter <address@hidden>
Date: Sat Jul 27 15:32:03 2013 +0200
libshouldbeinlibc: Add nullauth.{c,h}
setnullauth () obtains an empty authentication handle and uses it for
further authentication purposes. This effectively drops all Unix
privileges.
* libshouldbeinlibc/nullauth.c: New file.
* libshouldbeinlibc/nullauth.h: Likewise.
* libshouldbeinlibc/Makefile: Add nullauth.{c,h}.
---
libshouldbeinlibc/Makefile | 4 ++--
libshouldbeinlibc/nullauth.c | 47 ++++++++++++++++++++++++++++++++++++++++++
libshouldbeinlibc/nullauth.h | 31 ++++++++++++++++++++++++++++
3 files changed, 80 insertions(+), 2 deletions(-)
diff --git a/libshouldbeinlibc/Makefile b/libshouldbeinlibc/Makefile
index 31a940f..14a7939 100644
--- a/libshouldbeinlibc/Makefile
+++ b/libshouldbeinlibc/Makefile
@@ -27,9 +27,9 @@ SRCS = termsize.c timefmt.c exec-reauth.c maptime-funcs.c \
idvec-impgids.c idvec-verify.c idvec-rep.c \
ugids.c ugids-argp.c ugids-rep.c ugids-verify.c ugids-subtract.c \
ugids-auth.c ugids-xinl.c ugids-merge.c ugids-imply.c ugids-posix.c \
- ugids-verify-auth.c
+ ugids-verify-auth.c nullauth.c
installhdrs = idvec.h timefmt.h maptime.h \
- wire.h portinfo.h portxlate.h cacheq.h ugids.h
+ wire.h portinfo.h portxlate.h cacheq.h ugids.h nullauth.h
installhdrsubdir = .
OBJS = $(SRCS:.c=.o)
diff --git a/libshouldbeinlibc/nullauth.c b/libshouldbeinlibc/nullauth.c
new file mode 100644
index 0000000..4ba10a7
--- /dev/null
+++ b/libshouldbeinlibc/nullauth.c
@@ -0,0 +1,47 @@
+/* Drop all authentication credentials.
+
+ Copyright (C) 2013 Free Software Foundation, Inc.
+
+ Written by Justus Winter <address@hidden>
+
+ This file is part of the GNU Hurd.
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 2, or (at
+ your option) any later version.
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+#include <error.h>
+#include <errno.h>
+#include <hurd.h>
+
+/* Obtain an empty authentication handle and use it for further
+ authentication purposes. This effectively drops all Unix
+ privileges. */
+error_t
+setnullauth (void)
+{
+ error_t err;
+
+ auth_t nullauth;
+ err = auth_makeauth (getauth (),
+ NULL, MACH_MSG_TYPE_COPY_SEND, 0,
+ NULL, 0,
+ NULL, 0,
+ NULL, 0,
+ NULL, 0,
+ &nullauth);
+ if (err)
+ return err;
+
+ err = setauth (nullauth);
+ return err;
+}
diff --git a/libshouldbeinlibc/nullauth.h b/libshouldbeinlibc/nullauth.h
new file mode 100644
index 0000000..efdb5f3
--- /dev/null
+++ b/libshouldbeinlibc/nullauth.h
@@ -0,0 +1,31 @@
+/* Drop all authentication credentials.
+
+ Copyright (C) 2013 Free Software Foundation, Inc.
+
+ Written by Justus Winter <address@hidden>
+
+ This file is part of the GNU Hurd.
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 2, or (at
+ your option) any later version.
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+#ifndef __NULLAUTH_H__
+#define __NULLAUTH_H__
+
+/* Obtain an empty authentication handle and use it for further
+ authentication purposes. This effectively drops all Unix
+ privileges. */
+error_t
+setnullauth (void);
+
+#endif /* __NULLAUTH_H__ */
--
Alioth's /usr/local/bin/git-commit-notice on
/srv/git.debian.org/git/pkg-hurd/hurd.git
- [hurd] 53/70: libnetfs: track file name in struct peropen, (continued)
- [hurd] 53/70: libnetfs: track file name in struct peropen, Samuel Thibault, 2013/09/16
- [hurd] 48/70: exec: keep track of the range where executable segments are mapped, Samuel Thibault, 2013/09/16
- [hurd] 64/70: hurd: add fsys_get_source, Samuel Thibault, 2013/09/16
- [hurd] 59/70: hurd: add fsys_get_children, Samuel Thibault, 2013/09/16
- [hurd] 68/70: Handle notification on page eviction, Samuel Thibault, 2013/09/16
- [hurd] 65/70: trans: add mtab translator, Samuel Thibault, 2013/09/16
- [hurd] 49/70: proc: remove unused file exc-reply.defs, Samuel Thibault, 2013/09/16
- [hurd] 47/70: hurd: add proc_{get,set}_code, Samuel Thibault, 2013/09/16
- [hurd] 44/70: mount: handle -t auto, Samuel Thibault, 2013/09/16
- [hurd] 55/70: libdiskfs: add fsys_get_children, Samuel Thibault, 2013/09/16
- [hurd] 18/70: libshouldbeinlibc: Add nullauth.{c,h},
Samuel Thibault <=
- [hurd] 39/70: libnetfs: register libnetfs-based translators as important, Samuel Thibault, 2013/09/16
- [hurd] 51/70: libihash: add HURD_IHASH_ITERATE_ITEMS macro, Samuel Thibault, 2013/09/16
- [hurd] 15/70: Define and use symbolic names for important processes, Samuel Thibault, 2013/09/16
- [hurd] 52/70: libdiskfs: track file name in struct peropen, Samuel Thibault, 2013/09/16
- [hurd] 50/70: proc: Remove unused declaration of zombie_list, Samuel Thibault, 2013/09/16
- [hurd] 31/70: Merge branch 'master-merge2' into master-merge, Samuel Thibault, 2013/09/16
- [hurd] 12/70: umount: add a umount utility, Samuel Thibault, 2013/09/16
- [hurd] 10/70: sutils: allow multiple entries for the device "none", Samuel Thibault, 2013/09/16
- [hurd] 08/70: mount: implement -O, --test-opts, Samuel Thibault, 2013/09/16
- [hurd] 07/70: mount: add -f and --fake arguments, Samuel Thibault, 2013/09/16