1 files changed, 33 insertions, 13 deletions

diff --git a/libcap/libcap.h b/libcap/libcap.h
index 67fa0d0..f4a72fe 100644
--- a/libcap/libcap.h
+++ b/libcap/libcap.h
@@ -9,6 +9,7 @@
 #define LIBCAP_H
 
 #include <errno.h>
+#include <sched.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -113,6 +114,7 @@ struct _cap_vfs_cap_data {
 
 #define CAP_T_MAGIC 0xCA90D0
 struct _cap_struct {
+    __u8 mutex;
     struct __user_cap_header_struct head;
     union {
 	struct __user_cap_data_struct set;
@@ -121,6 +123,24 @@ struct _cap_struct {
     uid_t rootid;
 };
 
+/*
+ * Elementary exclusive locking primatives for situations where
+ * linking with pthreads needs it, but such linking is not common.
+ *
+ *  _cap_mu_blocked(x) attempts to lock x but if already locked, returns true
+ *  _cap_mu_lock(x)    attempts to lock and waits until the lock is granted
+ *  _cap_mu_unlock(x)  unconditionally unlocks the lock
+ *  _cap_mu_unlock_return(x, y) unlock lock x and return value y
+ */
+#define _cap_mu_blocked(x)          \
+    __atomic_test_and_set((void *)(x), __ATOMIC_SEQ_CST)
+#define _cap_mu_lock(x)             \
+    while (_cap_mu_blocked(x)) sched_yield()
+#define _cap_mu_unlock(x)           \
+    __atomic_clear((void *) (x), __ATOMIC_SEQ_CST)
+#define _cap_mu_unlock_return(x, y) \
+    do { _cap_mu_unlock(x); return (y); } while (0)
+
 /* the maximum bits supportable */
 #define __CAP_MAXBITS (__CAP_BLKS * 32)
 
@@ -128,10 +148,15 @@ struct _cap_struct {
 #define CAP_S_MAGIC 0xCA95D0
 
 /* iab set magic for cap_free */
-#define CAP_IAB_MAGIC 0xCA9AB
+#define CAP_IAB_MAGIC 0xCA91AB
 
 /* launcher magic for cap_free */
-#define CAP_LAUNCH_MAGIC 0xCA91A
+#define CAP_LAUNCH_MAGIC 0xCA91AC
+
+#define magic_of(x)           ((x) ? *(-2 + (const __u32 *) x) : 0)
+#define good_cap_t(x)         (CAP_T_MAGIC   == magic_of(x))
+#define good_cap_iab_t(x)     (CAP_IAB_MAGIC == magic_of(x))
+#define good_cap_launch_t(x)  (CAP_LAUNCH_MAGIC == magic_of(x))
 
 /*
  * kernel API cap set abstraction
@@ -142,16 +167,6 @@ struct _cap_struct {
 #define isset_cap(y, x, set) ((y)->u[(x) >> 5].flat[set] &   (1u << ((x)&31)))
 
 /*
- * Private definitions for internal use by the library.
- */
-
-#define __libcap_check_magic(c,magic) ((c) && *(-1+(__u32 *)(c)) == (magic))
-#define good_cap_t(c)        __libcap_check_magic(c, CAP_T_MAGIC)
-#define good_cap_string(c)   __libcap_check_magic(c, CAP_S_MAGIC)
-#define good_cap_iab_t(c)    __libcap_check_magic(c, CAP_IAB_MAGIC)
-#define good_cap_launch_t(c) __libcap_check_magic(c, CAP_LAUNCH_MAGIC)
-
-/*
  * These match CAP_DIFFERS() expectations
  */
 #define LIBCAP_EFF   (1 << CAP_EFFECTIVE)
@@ -187,6 +202,9 @@ struct _cap_struct {
 #endif /* DEBUG */
 
 extern char *_libcap_strdup(const char *text);
+extern void _libcap_initialize(void);
+
+#define EXECABLE_INITIALIZE _libcap_initialize()
 
 /*
  * These are semi-public prototypes, they will only be defined in
@@ -227,7 +245,7 @@ extern int capsetp(pid_t pid, cap_t cap_d);
 		min = mid + 1;					\
 	    }							\
 	}							\
-	val = min ? min : fallback;				\
+	val = min ? (min <= high ? min : fallback) : fallback;	\
     } while(0)
 
 /*
@@ -238,6 +256,7 @@ extern int capsetp(pid_t pid, cap_t cap_d);
  * applied.
  */
 struct cap_iab_s {
+    __u8 mutex;
     __u32 i[_LIBCAP_CAPABILITY_U32S];
     __u32 a[_LIBCAP_CAPABILITY_U32S];
     __u32 nb[_LIBCAP_CAPABILITY_U32S];
@@ -254,6 +273,7 @@ struct cap_iab_s {
  * multithreaded applications.
  */
 struct cap_launch_s {
+    __u8 mutex;
     /*
      * Once forked but before active privilege is changed, this
      * function (if non-NULL) is called.