-
Josh Kunz authored
Previously, the cn_node_new would put the rp0 in the node's actual c-space, and the reset operation would put it in the node's secret c-space. Which meant that if the rp0 was fetched *after* the node was reset, it wouldn't function properly (since the capability would not be valid in the node's real principal). This commit fixes the implementation of rp0 to always put the rp0 in the secret c-space. This is probably a good idea to ensure that CapNet can always safely revoke the rp0 when the node is reset, but I believe the previous implementation was still safe. So now, when the node calls the `rp0` rpc, the node is explicitly granted its own rp0 from its secret principal. This commit also fixes an improper-free bug after a principal is cleared. When the principal is cleared its refcount would be set to zero (due to a cal to _obj_init) instead of keeping the same refcount it had before the clear operation.
19b3c971