221 static void     kauth_identity_register_and_free(struct kauth_identity *kip);
222 …y_updatecache(struct kauth_identity_extlookup *elp, struct kauth_identity *kip, uint64_t extend_da…
224 static void     kauth_identity_lru(struct kauth_identity *kip);
225 static int      kauth_identity_guid_expired(struct kauth_identity *kip);
226 static int      kauth_identity_ntsid_expired(struct kauth_identity *kip);
1090 	struct kauth_identity *kip;  in kauth_identity_alloc()  local
1093 	kip = kalloc_type(struct kauth_identity, Z_WAITOK | Z_ZERO | Z_NOFAIL);  in kauth_identity_alloc()
1095 		kip->ki_gid = gid;  in kauth_identity_alloc()
1096 		kip->ki_valid = KI_VALID_GID;  in kauth_identity_alloc()
1099 		if (kip->ki_valid & KI_VALID_GID) {  in kauth_identity_alloc()
1102 		kip->ki_uid = uid;  in kauth_identity_alloc()
1103 		kip->ki_valid = KI_VALID_UID;  in kauth_identity_alloc()
1115 		if (kip->ki_valid & KI_VALID_GID) {  in kauth_identity_alloc()
1118 		kip->ki_supgrpcnt = (uint32_t)supgrpcnt;  in kauth_identity_alloc()
1119 		memcpy(kip->ki_supgrps, supgrps, sizeof(supgrps[0]) * supgrpcnt);  in kauth_identity_alloc()
1120 		kip->ki_valid |= KI_VALID_GROUPS;  in kauth_identity_alloc()
1122 	kip->ki_groups_expiry = groups_expiry;  in kauth_identity_alloc()
1124 		kip->ki_guid = *guidp;  in kauth_identity_alloc()
1125 		kip->ki_valid |= KI_VALID_GUID;  in kauth_identity_alloc()
1127 	kip->ki_guid_expiry = guid_expiry;  in kauth_identity_alloc()
1129 		kip->ki_ntsid = *ntsidp;  in kauth_identity_alloc()
1130 		kip->ki_valid |= KI_VALID_NTSID;  in kauth_identity_alloc()
1132 	kip->ki_ntsid_expiry = ntsid_expiry;  in kauth_identity_alloc()
1134 		kip->ki_name = name;  in kauth_identity_alloc()
1135 		kip->ki_valid |= nametype;  in kauth_identity_alloc()
1137 	return kip;  in kauth_identity_alloc()
1156 kauth_identity_register_and_free(struct kauth_identity *kip)  in kauth_identity_register_and_free()  argument
1166 	if (kip->ki_valid & KI_VALID_UID) {  in kauth_identity_register_and_free()
1167 		if (kip->ki_valid & KI_VALID_GID) {  in kauth_identity_register_and_free()
1171 		if ((ip->ki_valid & KI_VALID_UID) && (ip->ki_uid == kip->ki_uid)) {  in kauth_identity_register_and_free()
1174 	} else if (kip->ki_valid & KI_VALID_GID) {  in kauth_identity_register_and_free()
1176 		if ((ip->ki_valid & KI_VALID_GID) && (ip->ki_gid == kip->ki_gid)) {  in kauth_identity_register_and_free()
1185 		if (kip->ki_valid & KI_VALID_GUID) {  in kauth_identity_register_and_free()
1186 			ip->ki_guid = kip->ki_guid;  in kauth_identity_register_and_free()
1189 		ip->ki_guid_expiry = kip->ki_guid_expiry;  in kauth_identity_register_and_free()
1190 		if (kip->ki_valid & KI_VALID_NTSID) {  in kauth_identity_register_and_free()
1191 			ip->ki_ntsid = kip->ki_ntsid;  in kauth_identity_register_and_free()
1194 		ip->ki_ntsid_expiry = kip->ki_ntsid_expiry;  in kauth_identity_register_and_free()
1196 		if (kip->ki_valid & (KI_VALID_PWNAM | KI_VALID_GRNAM)) {  in kauth_identity_register_and_free()
1202 			ip->ki_name = kip->ki_name;  in kauth_identity_register_and_free()
1203 			kip->ki_name = oname;  in kauth_identity_register_and_free()
1206 		ip = kip;  in kauth_identity_register_and_free()
1212 		TAILQ_INSERT_HEAD(&kauth_identities, kip, ki_link);  in kauth_identity_register_and_free()
1266 	struct kauth_identity *kip;  in kauth_identity_updatecache()  local
1285 		TAILQ_FOREACH(kip, &kauth_identities, ki_link) {  in kauth_identity_updatecache()
1287 			if ((kip->ki_valid & KI_VALID_UID) && (kip->ki_uid == elp->el_uid)) {  in kauth_identity_updatecache()
1295 					kip->ki_supgrpcnt = elp->el_sup_grp_cnt;  in kauth_identity_updatecache()
1296 					memcpy(kip->ki_supgrps, elp->el_sup_groups, sizeof(elp->el_sup_groups[0]) * kip->ki_supgrpcnt);  in kauth_identity_updatecache()
1297 					kip->ki_valid |= KI_VALID_GROUPS;  in kauth_identity_updatecache()
1298 					kip->ki_groups_expiry = (elp->el_member_valid) ? tv.tv_sec + elp->el_member_valid : 0;  in kauth_identity_updatecache()
1301 					kip->ki_guid = elp->el_uguid;  in kauth_identity_updatecache()
1302 					kip->ki_valid |= KI_VALID_GUID;  in kauth_identity_updatecache()
1304 				kip->ki_guid_expiry = (elp->el_uguid_valid) ? tv.tv_sec + elp->el_uguid_valid : 0;  in kauth_identity_updatecache()
1306 					kip->ki_ntsid = elp->el_usid;  in kauth_identity_updatecache()
1307 					kip->ki_valid |= KI_VALID_NTSID;  in kauth_identity_updatecache()
1309 				kip->ki_ntsid_expiry = (elp->el_usid_valid) ? tv.tv_sec + elp->el_usid_valid : 0;  in kauth_identity_updatecache()
1311 					const char *oname = kip->ki_name;  in kauth_identity_updatecache()
1312 					kip->ki_name = speculative_name;  in kauth_identity_updatecache()
1314 					kip->ki_valid |= KI_VALID_PWNAM;  in kauth_identity_updatecache()
1323 				kauth_identity_lru(kip);  in kauth_identity_updatecache()
1325 					*rkip = *kip;  in kauth_identity_updatecache()
1327 				KAUTH_DEBUG("CACHE - refreshed %d is " K_UUID_FMT, kip->ki_uid, K_UUID_ARG(kip->ki_guid));  in kauth_identity_updatecache()
1333 		if (kip == NULL) {  in kauth_identity_updatecache()
1334 			kip = kauth_identity_alloc(elp->el_uid, KAUTH_GID_NONE,  in kauth_identity_updatecache()
1344 			if (kip != NULL) {  in kauth_identity_updatecache()
1346 					*rkip = *kip;  in kauth_identity_updatecache()
1351 				KAUTH_DEBUG("CACHE - learned %d is " K_UUID_FMT, kip->ki_uid, K_UUID_ARG(kip->ki_guid));  in kauth_identity_updatecache()
1352 				kauth_identity_register_and_free(kip);  in kauth_identity_updatecache()
1360 		TAILQ_FOREACH(kip, &kauth_identities, ki_link) {  in kauth_identity_updatecache()
1362 			if ((kip->ki_valid & KI_VALID_GID) && (kip->ki_gid == elp->el_gid)) {  in kauth_identity_updatecache()
1364 					kip->ki_guid = elp->el_gguid;  in kauth_identity_updatecache()
1365 					kip->ki_valid |= KI_VALID_GUID;  in kauth_identity_updatecache()
1367 				kip->ki_guid_expiry = (elp->el_gguid_valid) ? tv.tv_sec + elp->el_gguid_valid : 0;  in kauth_identity_updatecache()
1369 					kip->ki_ntsid = elp->el_gsid;  in kauth_identity_updatecache()
1370 					kip->ki_valid |= KI_VALID_NTSID;  in kauth_identity_updatecache()
1372 				kip->ki_ntsid_expiry = (elp->el_gsid_valid) ? tv.tv_sec + elp->el_gsid_valid : 0;  in kauth_identity_updatecache()
1374 					const char *oname = kip->ki_name;  in kauth_identity_updatecache()
1375 					kip->ki_name = speculative_name;  in kauth_identity_updatecache()
1377 					kip->ki_valid |= KI_VALID_GRNAM;  in kauth_identity_updatecache()
1386 				kauth_identity_lru(kip);  in kauth_identity_updatecache()
1388 					*rkip = *kip;  in kauth_identity_updatecache()
1390 				KAUTH_DEBUG("CACHE - refreshed %d is " K_UUID_FMT, kip->ki_uid, K_UUID_ARG(kip->ki_guid));  in kauth_identity_updatecache()
1396 		if (kip == NULL) {  in kauth_identity_updatecache()
1397 			kip = kauth_identity_alloc(KAUTH_UID_NONE, elp->el_gid,  in kauth_identity_updatecache()
1407 			if (kip != NULL) {  in kauth_identity_updatecache()
1409 					*rkip = *kip;  in kauth_identity_updatecache()
1414 				KAUTH_DEBUG("CACHE - learned %d is " K_UUID_FMT, kip->ki_uid, K_UUID_ARG(kip->ki_guid));  in kauth_identity_updatecache()
1415 				kauth_identity_register_and_free(kip);  in kauth_identity_updatecache()
1435 	struct kauth_identity           *kip;  in kauth_identity_trimcache()  local
1440 		kip = TAILQ_LAST(&kauth_identities, kauth_identity_head);  in kauth_identity_trimcache()
1441 		TAILQ_REMOVE(&kauth_identities, kip, ki_link);  in kauth_identity_trimcache()
1443 		kfree_type(struct kauth_identity, kip);  in kauth_identity_trimcache()
1465 kauth_identity_lru(struct kauth_identity *kip)  in kauth_identity_lru()  argument
1467 	if (kip != TAILQ_FIRST(&kauth_identities)) {  in kauth_identity_lru()
1468 		TAILQ_REMOVE(&kauth_identities, kip, ki_link);  in kauth_identity_lru()
1469 		TAILQ_INSERT_HEAD(&kauth_identities, kip, ki_link);  in kauth_identity_lru()
1486 kauth_identity_guid_expired(struct kauth_identity *kip)  in kauth_identity_guid_expired()  argument
1493 	if (kip->ki_guid_expiry == 0) {  in kauth_identity_guid_expired()
1498 	KAUTH_DEBUG("CACHE - GUID expires @ %ld now %ld", kip->ki_guid_expiry, tv.tv_sec);  in kauth_identity_guid_expired()
1500 	return (kip->ki_guid_expiry <= tv.tv_sec) ? 1 : 0;  in kauth_identity_guid_expired()
1516 kauth_identity_ntsid_expired(struct kauth_identity *kip)  in kauth_identity_ntsid_expired()  argument
1523 	if (kip->ki_ntsid_expiry == 0) {  in kauth_identity_ntsid_expired()
1528 	KAUTH_DEBUG("CACHE - NTSID expires @ %ld now %ld", kip->ki_ntsid_expiry, tv.tv_sec);  in kauth_identity_ntsid_expired()
1530 	return (kip->ki_ntsid_expiry <= tv.tv_sec) ? 1 : 0;  in kauth_identity_ntsid_expired()
1545 kauth_identity_groups_expired(struct kauth_identity *kip)  in kauth_identity_groups_expired()  argument
1552 	if (kip->ki_groups_expiry == 0) {  in kauth_identity_groups_expired()
1557 	KAUTH_DEBUG("CACHE - GROUPS expires @ %ld now %ld\n", kip->ki_groups_expiry, tv.tv_sec);  in kauth_identity_groups_expired()
1559 	return (kip->ki_groups_expiry <= tv.tv_sec) ? 1 : 0;  in kauth_identity_groups_expired()
1580 	struct kauth_identity *kip;  in kauth_identity_find_uid()  local
1583 	TAILQ_FOREACH(kip, &kauth_identities, ki_link) {  in kauth_identity_find_uid()
1584 		if ((kip->ki_valid & KI_VALID_UID) && (uid == kip->ki_uid)) {  in kauth_identity_find_uid()
1585 			kauth_identity_lru(kip);  in kauth_identity_find_uid()
1587 			*kir = *kip;  in kauth_identity_find_uid()
1589 			if (getname != NULL && (kip->ki_valid & (KI_VALID_PWNAM | KI_VALID_GRNAM))) {  in kauth_identity_find_uid()
1590 				strlcpy(getname, kip->ki_name, MAXPATHLEN);  in kauth_identity_find_uid()
1596 	return (kip == NULL) ? ENOENT : 0;  in kauth_identity_find_uid()
1618 	struct kauth_identity *kip;  in kauth_identity_find_gid()  local
1621 	TAILQ_FOREACH(kip, &kauth_identities, ki_link) {  in kauth_identity_find_gid()
1622 		if ((kip->ki_valid & KI_VALID_GID) && (gid == kip->ki_gid)) {  in kauth_identity_find_gid()
1623 			kauth_identity_lru(kip);  in kauth_identity_find_gid()
1625 			*kir = *kip;  in kauth_identity_find_gid()
1627 			if (getname != NULL && (kip->ki_valid & (KI_VALID_PWNAM | KI_VALID_GRNAM))) {  in kauth_identity_find_gid()
1628 				strlcpy(getname, kip->ki_name, MAXPATHLEN);  in kauth_identity_find_gid()
1634 	return (kip == NULL) ? ENOENT : 0;  in kauth_identity_find_gid()
1659 	struct kauth_identity *kip;  in kauth_identity_find_guid()  local
1662 	TAILQ_FOREACH(kip, &kauth_identities, ki_link) {  in kauth_identity_find_guid()
1663 		if ((kip->ki_valid & KI_VALID_GUID) && (kauth_guid_equal(guidp, &kip->ki_guid))) {  in kauth_identity_find_guid()
1664 			kauth_identity_lru(kip);  in kauth_identity_find_guid()
1666 			*kir = *kip;  in kauth_identity_find_guid()
1668 			if (getname != NULL && (kip->ki_valid & (KI_VALID_PWNAM | KI_VALID_GRNAM))) {  in kauth_identity_find_guid()
1669 				strlcpy(getname, kip->ki_name, MAXPATHLEN);  in kauth_identity_find_guid()
1675 	return (kip == NULL) ? ENOENT : 0;  in kauth_identity_find_guid()
1696 	struct kauth_identity *kip;  in kauth_identity_find_nam()  local
1699 	TAILQ_FOREACH(kip, &kauth_identities, ki_link) {  in kauth_identity_find_nam()
1700 		if ((kip->ki_valid & valid) && !strcmp(name, kip->ki_name)) {  in kauth_identity_find_nam()
1701 			kauth_identity_lru(kip);  in kauth_identity_find_nam()
1703 			*kir = *kip;  in kauth_identity_find_nam()
1708 	return (kip == NULL) ? ENOENT : 0;  in kauth_identity_find_nam()
1733 	struct kauth_identity *kip;  in kauth_identity_find_ntsid()  local
1736 	TAILQ_FOREACH(kip, &kauth_identities, ki_link) {  in kauth_identity_find_ntsid()
1737 		if ((kip->ki_valid & KI_VALID_NTSID) && (kauth_ntsid_equal(ntsid, &kip->ki_ntsid))) {  in kauth_identity_find_ntsid()
1738 			kauth_identity_lru(kip);  in kauth_identity_find_ntsid()
1740 			*kir = *kip;  in kauth_identity_find_ntsid()
1742 			if (getname != NULL && (kip->ki_valid & (KI_VALID_PWNAM | KI_VALID_GRNAM))) {  in kauth_identity_find_ntsid()
1743 				strlcpy(getname, kip->ki_name, MAXPATHLEN);  in kauth_identity_find_ntsid()
1749 	return (kip == NULL) ? ENOENT : 0;  in kauth_identity_find_ntsid()
2557 	int (* expired)(struct kauth_identity *kip);  in kauth_cred_cache_lookup()