PERFORCE change 167098 for review
Edward Tomasz Napierala
trasz at FreeBSD.org
Sat Aug 8 09:03:11 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=167098
Change 167098 by trasz at trasz_anger on 2009/08/08 09:02:56
Catch up with groups changes _somewhat_. This is ugly and should
be done in some other way - however, I hadn't yet figured out how.
Affected files ...
.. //depot/projects/soc2009/trasz_limits/sys/kern/init_main.c#9 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_prot.c#19 edit
.. //depot/projects/soc2009/trasz_limits/sys/sys/ucred.h#8 edit
Differences ...
==== //depot/projects/soc2009/trasz_limits/sys/kern/init_main.c#9 (text+ko) ====
@@ -452,7 +452,8 @@
/* Create credentials. */
p->p_ucred = crget();
p->p_ucred->cr_ngroups = 1; /* group 0 */
- p->p_ucred->cr_gidinfos[0] = gifind(0);
+ if (p->p_ucred->cr_gidinfos != NULL)
+ p->p_ucred->cr_gidinfos[0] = gifind(0);
p->p_ucred->cr_uidinfo = uifind(0);
p->p_ucred->cr_ruidinfo = uifind(0);
p->p_ucred->cr_prison = &prison0;
==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_prot.c#19 (text+ko) ====
@@ -824,10 +824,8 @@
{
struct proc *p = td->td_proc;
struct ucred *newcred, *oldcred;
-#if 0
- struct gidinfo *gidinfos[NGROUPS], *oldgidinfos[NGROUPS];
+ struct gidinfo **gidinfos, **oldgidinfos;
int i, oldngroups = 0;
-#endif
int error;
if (ngrp > NGROUPS)
@@ -835,10 +833,12 @@
AUDIT_ARG_GROUPSET(groups, ngrp);
newcred = crget();
crextend(newcred, ngrp);
-#if 0
- for (i = 0; i < ngrp; i++)
- gidinfos[i] = gifind(groups[i]);
-#endif
+ if (hrl_group_accounting) {
+ gidinfos = malloc(ngrp * sizeof(struct gidinfo *), M_CRED,
+ M_WAITOK | M_ZERO);
+ for (i = 0; i < ngrp; i++)
+ gidinfos[i] = gifind(groups[i]);
+ }
PROC_LOCK(p);
oldcred = crcopysafe(p, newcred);
@@ -859,52 +859,53 @@
* have the egid in the groups[0]). We risk security holes
* when running non-BSD software if we do not do the same.
*/
-#if 0
- oldngroups = newcred->cr_ngroups - 1;
- for (i = 0; i < oldngroups; i++)
- oldgidinfos[i] = newcred->cr_gidinfos[i + 1];
-#endif
+ if (hrl_group_accounting) {
+ oldngroups = newcred->cr_ngroups - 1;
+ for (i = 0; i < oldngroups; i++)
+ oldgidinfos[i] = newcred->cr_gidinfos[i + 1];
+ }
newcred->cr_ngroups = 1;
} else {
crsetgroups_locked(newcred, ngrp, groups);
-#if 0
- oldngroups = newcred->cr_ngroups;
- for (i = 0; i < oldngroups; i++)
- oldgidinfos[i] = newcred->cr_gidinfos[i];
- bcopy(groups, newcred->cr_groups, ngrp * sizeof(gid_t));
- newcred->cr_ngroups = ngrp;
- for (i = 0; i < newcred->cr_ngroups; i++)
- newcred->cr_gidinfos[i] = gidinfos[i];
-#endif
+ if (hrl_group_accounting) {
+ oldngroups = newcred->cr_ngroups;
+ for (i = 0; i < oldngroups; i++)
+ oldgidinfos[i] = newcred->cr_gidinfos[i];
+ newcred->cr_ngroups = ngrp;
+ for (i = 0; i < newcred->cr_ngroups; i++)
+ newcred->cr_gidinfos[i] = gidinfos[i];
+ }
}
setsugid(p);
change_cred(p, newcred);
PROC_UNLOCK(p);
-#if 0
- for (i = 0; i < oldngroups; i++)
- gifree(oldgidinfos[i]);
-#endif
+ if (hrl_group_accounting) {
+ for (i = 0; i < oldngroups; i++)
+ gifree(oldgidinfos[i]);
+ }
/* Don't free gidinfos[]. */
crfree(oldcred);
-#if 0
- for (i = 0; i < newcred->cr_ngroups; i++)
- KASSERT(newcred->cr_gidinfos[i]->gi_gid == newcred->cr_groups[i], ("Whoops."));
-#endif
+ if (hrl_group_accounting) {
+ for (i = 0; i < newcred->cr_ngroups; i++)
+ KASSERT(newcred->cr_gidinfos[i]->gi_gid == newcred->cr_groups[i], ("Whoops."));
+ }
return (0);
fail:
PROC_UNLOCK(p);
-#if 0
- for (i = 0; i < oldngroups; i++)
- gifree(oldgidinfos[i]);
- for (i = 0; i < ngrp; i++)
- gifree(gidinfos[i]);
-#endif
+ if (hrl_group_accounting) {
+ for (i = 0; i < oldngroups; i++)
+ gifree(oldgidinfos[i]);
+ free(oldgidinfos, M_CRED);
+ for (i = 0; i < ngrp; i++)
+ gifree(gidinfos[i]);
+ free(gidinfos, M_CRED);
+ }
crfree(newcred);
-#if 0
- for (i = 0; i < newcred->cr_ngroups; i++)
- KASSERT(newcred->cr_gidinfos[i]->gi_gid == newcred->cr_groups[i], ("Whoops."));
-#endif
+ if (hrl_group_accounting) {
+ for (i = 0; i < newcred->cr_ngroups; i++)
+ KASSERT(newcred->cr_gidinfos[i]->gi_gid == newcred->cr_groups[i], ("Whoops."));
+ }
return (error);
}
@@ -2049,10 +2050,16 @@
cnt = roundup2(n, PAGE_SIZE / sizeof(gid_t));
/* Free the old array. */
- if (cr->cr_groups)
+ if (cr->cr_groups) {
free(cr->cr_groups, M_CRED);
+ if (hrl_group_accounting)
+ free(cr->cr_gidinfos, M_CRED);
+ }
cr->cr_groups = malloc(cnt * sizeof(gid_t), M_CRED, M_WAITOK | M_ZERO);
+ if (hrl_group_accounting)
+ cr->cr_gidinfos = malloc(cnt * sizeof(struct gidinfo *), M_CRED,
+ M_WAITOK | M_ZERO);
cr->cr_agroups = cnt;
}
==== //depot/projects/soc2009/trasz_limits/sys/sys/ucred.h#8 (text+ko) ====
@@ -49,8 +49,6 @@
uid_t cr_ruid; /* real user id */
uid_t cr_svuid; /* saved user id */
int cr_ngroups; /* number of groups */
- /* XXX: Broken after Brooks' changes. */
- struct gidinfo *cr_gidinfos[NGROUPS]; /* group resource consumption */
gid_t cr_rgid; /* real group id */
gid_t cr_svgid; /* saved group id */
struct uidinfo *cr_uidinfo; /* per euid resource consumption */
@@ -63,6 +61,7 @@
struct label *cr_label; /* MAC label */
struct auditinfo_addr cr_audit; /* Audit properties. */
gid_t *cr_groups; /* groups */
+ struct gidinfo **cr_gidinfos; /* per group resource consumption */
int cr_agroups; /* Available groups */
};
#define NOCRED ((struct ucred *)0) /* no credential available */
More information about the p4-projects
mailing list