hurd: Use the new __proc_reauthenticate_complete protocol

2025-02-11 12:50:58 +08:00 · 2025-02-01 18:17:38 +01:00 · 2025-02-01 18:17:38 +01:00 · a7aad6e2b7
commit a7aad6e2b7
parent 96429bcc91
2 changed files with 66 additions and 23 deletions
--- a/hurd/hurdsig.c
+++ b/hurd/hurdsig.c
@ -1611,28 +1611,53 @@ _hurdsig_init (const int *intarray, size_t intarraysize)
 static void
 reauth_proc (mach_port_t new)
 {
-  mach_port_t ref, ignore;
+  error_t err;
+  mach_port_t ref, newproc;

  ref = __mach_reply_port ();
-  if (! HURD_PORT_USE (&_hurd_ports[INIT_PORT_PROC],
+  err = HURD_PORT_USE (&_hurd_ports[INIT_PORT_PROC],
 		       __proc_reauthenticate (port, ref,
-					      MACH_MSG_TYPE_MAKE_SEND)
-		       || __auth_user_authenticate (new, ref,
-						    MACH_MSG_TYPE_MAKE_SEND,
-						    &ignore))
-      && ignore != MACH_PORT_NULL)
-    __mach_port_deallocate (__mach_task_self (), ignore);
-  __mach_port_destroy (__mach_task_self (), ref);
+					      MACH_MSG_TYPE_MAKE_SEND));
+  if (err)
+    {
+      __mach_port_destroy (__mach_task_self (), ref);
+      return;
+    }

-  /* Set the owner of the process here too. */
-  __mutex_lock (&_hurd_id.lock);
-  if (!_hurd_check_ids ())
-    HURD_PORT_USE (&_hurd_ports[INIT_PORT_PROC],
-		   __proc_setowner (port,
-				    (_hurd_id.gen.nuids
-				     ? _hurd_id.gen.uids[0] : 0),
-				    !_hurd_id.gen.nuids));
-  __mutex_unlock (&_hurd_id.lock);
+  err = __auth_user_authenticate (new, ref,
+                                  MACH_MSG_TYPE_MAKE_SEND,
+                                  &newproc);
+  __mach_port_destroy (__mach_task_self (), ref);
+  if (err)
+    return;
+
+  if (newproc == MACH_PORT_NULL)
+    {
+      /* Old versions of the proc server did not recreate the process
+         port when reauthenticating, and passed MACH_PORT_NULL through
+         the auth server.  That must be what we're dealing with.  */
+
+      /* Set the owner of the process here too. */
+      __mutex_lock (&_hurd_id.lock);
+      if (!_hurd_check_ids ())
+	HURD_PORT_USE (&_hurd_ports[INIT_PORT_PROC],
+		       __proc_setowner (port,
+					(_hurd_id.gen.nuids
+					 ? _hurd_id.gen.uids[0] : 0),
+					!_hurd_id.gen.nuids));
+      __mutex_unlock (&_hurd_id.lock);
+
+      return;
+    }
+
+  err = __proc_reauthenticate_complete (newproc);
+  if (err)
+    {
+      __mach_port_deallocate (__mach_task_self (), newproc);
+      return;
+    }
+
+  _hurd_port_set (&_hurd_ports[INIT_PORT_PROC], newproc);

  (void) &reauth_proc;		/* Silence compiler warning.  */
 }
--- a/sysdeps/mach/hurd/spawni.c
+++ b/sysdeps/mach/hurd/spawni.c
@ -679,11 +679,29 @@ retry:
 					ref, MACH_MSG_TYPE_MAKE_SEND,
 					&newproc);
      __mach_port_destroy (__mach_task_self (), ref);
-      if (!err)
-	{
-	  __mach_port_deallocate (__mach_task_self (), proc);
-	  proc = newproc;
-	}
+      if (err)
+        goto out;
+      if (newproc == MACH_PORT_NULL)
+        {
+          /* Old versions of the proc server did not recreate the process
+             port when reauthenticating, and passed MACH_PORT_NULL through
+             the auth server.  That must be what we're dealing with.  Just
+             keep the existing proc port in this case.  */
+        }
+      else
+        {
+          err = __proc_reauthenticate_complete (newproc);
+          if (err)
+            {
+              __mach_port_deallocate (__mach_task_self (), newproc);
+              goto out;
+            }
+          else
+	    {
+	      __mach_port_deallocate (__mach_task_self (), proc);
+	      proc = newproc;
+	    }
+        }

      if (!err)
 	err = reauthenticate (INIT_PORT_CRDIR, &rcrdir);