svn commit: r193534 - in projects/ngroups/sys: contrib/pf/net
fs/nfs fs/nfsclient fs/nfsserver gnu/fs/xfs
gnu/fs/xfs/FreeBSD kern netncp netsmb nfsclient nfsserver rpc
rpc/rpcsec_gss security/audit...
Brooks Davis
brooks at FreeBSD.org
Fri Jun 5 20:23:24 UTC 2009
Author: brooks
Date: Fri Jun 5 20:23:22 2009
New Revision: 193534
URL: http://svn.freebsd.org/changeset/base/193534
Log:
Introduce a new crsetgroups() function and use it when copying groups
into ucred structures.
Consistently use the cr_gid macro to reference cr_groups[0].
Increase cr_ngroups and cr_agroups from short to int.
Modified:
projects/ngroups/sys/contrib/pf/net/pf.c
projects/ngroups/sys/fs/nfs/nfs_commonport.c
projects/ngroups/sys/fs/nfsclient/nfs_clport.c
projects/ngroups/sys/fs/nfsserver/nfs_nfsdport.c
projects/ngroups/sys/gnu/fs/xfs/FreeBSD/xfs_compat.h
projects/ngroups/sys/gnu/fs/xfs/xfs_inode.c
projects/ngroups/sys/gnu/fs/xfs/xfs_vnodeops.c
projects/ngroups/sys/kern/kern_prot.c
projects/ngroups/sys/kern/vfs_export.c
projects/ngroups/sys/kern/vfs_syscalls.c
projects/ngroups/sys/netncp/ncp_conn.c
projects/ngroups/sys/netsmb/smb_conn.c
projects/ngroups/sys/nfsclient/nfs_subs.c
projects/ngroups/sys/nfsserver/nfs_srvsock.c
projects/ngroups/sys/nfsserver/nfs_srvsubs.c
projects/ngroups/sys/rpc/authunix_prot.c
projects/ngroups/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
projects/ngroups/sys/rpc/svc_auth.c
projects/ngroups/sys/rpc/svc_auth_unix.c
projects/ngroups/sys/security/audit/audit.c
projects/ngroups/sys/security/audit/audit_arg.c
projects/ngroups/sys/sys/ucred.h
projects/ngroups/sys/ufs/ufs/ufs_vnops.c
Modified: projects/ngroups/sys/contrib/pf/net/pf.c
==============================================================================
--- projects/ngroups/sys/contrib/pf/net/pf.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/contrib/pf/net/pf.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -2946,7 +2946,7 @@ pf_socket_lookup(int direction, struct p
if (inp_arg != NULL) {
INP_LOCK_ASSERT(inp_arg);
pd->lookup.uid = inp_arg->inp_cred->cr_uid;
- pd->lookup.gid = inp_arg->inp_cred->cr_groups[0];
+ pd->lookup.gid = inp_arg->inp_cred->cr_gid;
return (1);
}
#endif
@@ -3044,7 +3044,7 @@ pf_socket_lookup(int direction, struct p
}
#ifdef __FreeBSD__
pd->lookup.uid = inp->inp_cred->cr_uid;
- pd->lookup.gid = inp->inp_cred->cr_groups[0];
+ pd->lookup.gid = inp->inp_cred->cr_gid;
INP_INFO_RUNLOCK(pi);
#else
pd->lookup.uid = inp->inp_socket->so_euid;
Modified: projects/ngroups/sys/fs/nfs/nfs_commonport.c
==============================================================================
--- projects/ngroups/sys/fs/nfs/nfs_commonport.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/fs/nfs/nfs_commonport.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -220,14 +220,9 @@ nfsrv_lookupfilename(struct nameidata *n
void
newnfs_copycred(struct nfscred *nfscr, struct ucred *cr)
{
- int ngroups, i;
cr->cr_uid = nfscr->nfsc_uid;
- ngroups = (nfscr->nfsc_ngroups < NGROUPS) ?
- nfscr->nfsc_ngroups : NGROUPS;
- for (i = 0; i < ngroups; i++)
- cr->cr_groups[i] = nfscr->nfsc_groups[i];
- cr->cr_ngroups = ngroups;
+ crsetgroups(cr, nfscr->nfsc_ngroups, nfscr->nfsc_groups);
}
/*
@@ -295,15 +290,13 @@ nfsrv_atroot(struct vnode *vp, long *ret
/*
* Set the credentials to refer to root.
- * If only the various BSDen could agree on whether cr_gid is a separate
- * field or cr_groups[0]...
*/
void
newnfs_setroot(struct ucred *cred)
{
cred->cr_uid = 0;
- cred->cr_groups[0] = 0;
+ cred->cr_gid = 0;
cred->cr_ngroups = 1;
}
Modified: projects/ngroups/sys/fs/nfsclient/nfs_clport.c
==============================================================================
--- projects/ngroups/sys/fs/nfsclient/nfs_clport.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/fs/nfsclient/nfs_clport.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -976,14 +976,12 @@ nfscl_getmyip(struct nfsmount *nmp, int
void
newnfs_copyincred(struct ucred *cr, struct nfscred *nfscr)
{
- int ngroups, i;
+ int i;
nfscr->nfsc_uid = cr->cr_uid;
- ngroups = (cr->cr_ngroups > XU_NGROUPS) ? XU_NGROUPS :
- cr->cr_ngroups;
- for (i = 0; i < ngroups; i++)
+ nfscr->nfsc_ngroups = MIN(cr->cr_ngroups, XU_NGROUPS);
+ for (i = 0; i < nfscr->nfsc_ngroups; i++)
nfscr->nfsc_groups[i] = cr->cr_groups[i];
- nfscr->nfsc_ngroups = ngroups;
}
Modified: projects/ngroups/sys/fs/nfsserver/nfs_nfsdport.c
==============================================================================
--- projects/ngroups/sys/fs/nfsserver/nfs_nfsdport.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/fs/nfsserver/nfs_nfsdport.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -2360,7 +2360,6 @@ int
nfsd_excred(struct nfsrv_descript *nd, struct nfsexstuff *exp,
struct ucred *credanon)
{
- int i;
int error = 0;
/*
@@ -2403,9 +2402,8 @@ nfsd_excred(struct nfsrv_descript *nd, s
(nd->nd_flag & ND_AUTHNONE))) {
nd->nd_cred->cr_uid = credanon->cr_uid;
nd->nd_cred->cr_gid = credanon->cr_gid;
- for (i = 0; i < credanon->cr_ngroups && i < NGROUPS; i++)
- nd->nd_cred->cr_groups[i] = credanon->cr_groups[i];
- nd->nd_cred->cr_ngroups = i;
+ crsetgroups(nd->nd_cred, credanon->cr_ngroups,
+ credanon->cr_groups);
}
return (0);
}
Modified: projects/ngroups/sys/gnu/fs/xfs/FreeBSD/xfs_compat.h
==============================================================================
--- projects/ngroups/sys/gnu/fs/xfs/FreeBSD/xfs_compat.h Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/gnu/fs/xfs/FreeBSD/xfs_compat.h Fri Jun 5 20:23:22 2009 (r193534)
@@ -163,7 +163,7 @@ typedef struct mtx xfs_mutex_t;
* Cedentials manipulation.
*/
#define current_fsuid(credp) (credp)->cr_uid
-#define current_fsgid(credp) (credp)->cr_groups[0]
+#define current_fsgid(credp) (credp)->cr_gid
#define PAGE_CACHE_SIZE PAGE_SIZE
Modified: projects/ngroups/sys/gnu/fs/xfs/xfs_inode.c
==============================================================================
--- projects/ngroups/sys/gnu/fs/xfs/xfs_inode.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/gnu/fs/xfs/xfs_inode.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -1124,7 +1124,7 @@ xfs_ialloc(
ip->i_d.di_nlink = nlink;
ASSERT(ip->i_d.di_nlink == nlink);
ip->i_d.di_uid = curthread->td_ucred->cr_uid;
- ip->i_d.di_gid = curthread->td_ucred->cr_groups[0];
+ ip->i_d.di_gid = curthread->td_ucred->cr_gid;
ip->i_d.di_projid = prid;
memset(&(ip->i_d.di_pad[0]), 0, sizeof(ip->i_d.di_pad));
Modified: projects/ngroups/sys/gnu/fs/xfs/xfs_vnodeops.c
==============================================================================
--- projects/ngroups/sys/gnu/fs/xfs/xfs_vnodeops.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/gnu/fs/xfs/xfs_vnodeops.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -3379,7 +3379,7 @@ xfs_symlink(
*/
error = XFS_QM_DQVOPALLOC(mp, dp,
current->td_ucred->cr_uid,
- current->td_ucred->cr_groups[0],
+ current->td_ucred->cr_gid,
prid,
XFS_QMOPT_QUOTALL | XFS_QMOPT_INHERIT, &udqp, &gdqp);
if (error)
Modified: projects/ngroups/sys/kern/kern_prot.c
==============================================================================
--- projects/ngroups/sys/kern/kern_prot.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/kern/kern_prot.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -83,6 +83,9 @@ static MALLOC_DEFINE(M_CRED, "cred", "cr
SYSCTL_NODE(_security, OID_AUTO, bsd, CTLFLAG_RW, 0, "BSD security policy");
+static __inline void crsetgroups_locked(struct ucred *cr, int ngrp,
+ gid_t *groups);
+
#ifndef _SYS_SYSPROTO_H_
struct getpid_args {
int dummy;
@@ -244,16 +247,11 @@ getgid(struct thread *td, struct getgid_
td->td_retval[0] = td->td_ucred->cr_rgid;
#if defined(COMPAT_43)
- td->td_retval[1] = td->td_ucred->cr_groups[0];
+ td->td_retval[1] = td->td_ucred->cr_gid;
#endif
return (0);
}
-/*
- * Get effective group ID. The "egid" is groups[0], and could be obtained
- * via getgroups. This syscall exists because it is somewhat painful to do
- * correctly in a library function.
- */
#ifndef _SYS_SYSPROTO_H_
struct getegid_args {
int dummy;
@@ -264,7 +262,7 @@ int
getegid(struct thread *td, struct getegid_args *uap)
{
- td->td_retval[0] = td->td_ucred->cr_groups[0];
+ td->td_retval[0] = td->td_ucred->cr_gid;
return (0);
}
@@ -680,7 +678,7 @@ setgid(struct thread *td, struct setgid_
gid != oldcred->cr_svgid && /* allow setgid(saved gid) */
#endif
#ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */
- gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */
+ gid != oldcred->cr_gid && /* allow setgid(getegid()) */
#endif
(error = priv_check_cred(oldcred, PRIV_CRED_SETGID, 0)) != 0)
goto fail;
@@ -692,7 +690,7 @@ setgid(struct thread *td, struct setgid_
*/
if (
#ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */
- gid == oldcred->cr_groups[0] ||
+ gid == oldcred->cr_gid ||
#endif
/* We are using privs. */
priv_check_cred(oldcred, PRIV_CRED_SETGID, 0) == 0)
@@ -721,7 +719,7 @@ setgid(struct thread *td, struct setgid_
* In all cases permitted cases, we are changing the egid.
* Copy credentials so other references do not see our changes.
*/
- if (oldcred->cr_groups[0] != gid) {
+ if (oldcred->cr_gid != gid) {
change_egid(newcred, gid);
setsugid(p);
}
@@ -767,7 +765,7 @@ setegid(struct thread *td, struct setegi
(error = priv_check_cred(oldcred, PRIV_CRED_SETEGID, 0)) != 0)
goto fail;
- if (oldcred->cr_groups[0] != egid) {
+ if (oldcred->cr_gid != egid) {
change_egid(newcred, egid);
setsugid(p);
}
@@ -841,8 +839,7 @@ kern_setgroups(struct thread *td, u_int
*/
newcred->cr_ngroups = 1;
} else {
- bcopy(groups, newcred->cr_groups, ngrp * sizeof(gid_t));
- newcred->cr_ngroups = ngrp;
+ crsetgroups_locked(newcred, ngrp, groups);
}
setsugid(p);
p->p_ucred = newcred;
@@ -954,12 +951,12 @@ setregid(register struct thread *td, str
if (((rgid != (gid_t)-1 && rgid != oldcred->cr_rgid &&
rgid != oldcred->cr_svgid) ||
- (egid != (gid_t)-1 && egid != oldcred->cr_groups[0] &&
+ (egid != (gid_t)-1 && egid != oldcred->cr_gid &&
egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) &&
(error = priv_check_cred(oldcred, PRIV_CRED_SETREGID, 0)) != 0)
goto fail;
- if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) {
+ if (egid != (gid_t)-1 && oldcred->cr_gid != egid) {
change_egid(newcred, egid);
setsugid(p);
}
@@ -967,9 +964,9 @@ setregid(register struct thread *td, str
change_rgid(newcred, rgid);
setsugid(p);
}
- if ((rgid != (gid_t)-1 || newcred->cr_groups[0] != newcred->cr_rgid) &&
- newcred->cr_svgid != newcred->cr_groups[0]) {
- change_svgid(newcred, newcred->cr_groups[0]);
+ if ((rgid != (gid_t)-1 || newcred->cr_gid != newcred->cr_rgid) &&
+ newcred->cr_svgid != newcred->cr_gid) {
+ change_svgid(newcred, newcred->cr_gid);
setsugid(p);
}
p->p_ucred = newcred;
@@ -1100,17 +1097,17 @@ setresgid(register struct thread *td, st
if (((rgid != (gid_t)-1 && rgid != oldcred->cr_rgid &&
rgid != oldcred->cr_svgid &&
- rgid != oldcred->cr_groups[0]) ||
+ rgid != oldcred->cr_gid) ||
(egid != (gid_t)-1 && egid != oldcred->cr_rgid &&
egid != oldcred->cr_svgid &&
- egid != oldcred->cr_groups[0]) ||
+ egid != oldcred->cr_gid) ||
(sgid != (gid_t)-1 && sgid != oldcred->cr_rgid &&
sgid != oldcred->cr_svgid &&
- sgid != oldcred->cr_groups[0])) &&
+ sgid != oldcred->cr_gid)) &&
(error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID, 0)) != 0)
goto fail;
- if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) {
+ if (egid != (gid_t)-1 && oldcred->cr_gid != egid) {
change_egid(newcred, egid);
setsugid(p);
}
@@ -1179,8 +1176,8 @@ getresgid(register struct thread *td, st
error1 = copyout(&cred->cr_rgid,
uap->rgid, sizeof(cred->cr_rgid));
if (uap->egid)
- error2 = copyout(&cred->cr_groups[0],
- uap->egid, sizeof(cred->cr_groups[0]));
+ error2 = copyout(&cred->cr_gid,
+ uap->egid, sizeof(cred->cr_gid));
if (uap->sgid)
error3 = copyout(&cred->cr_svgid,
uap->sgid, sizeof(cred->cr_svgid));
@@ -1899,7 +1896,7 @@ cru2x(struct ucred *cr, struct xucred *x
ngroups = min(cr->cr_ngroups, XU_NGROUPS);
xcr->cr_ngroups = ngroups;
bcopy(cr->cr_groups, xcr->cr_groups,
- ngroups * sizeof(cr->cr_groups[0]));
+ ngroups * sizeof(*cr->cr_groups));
}
/*
@@ -1957,6 +1954,8 @@ crextend(struct ucred *cr, int n)
/*
* We extend by 2 each time since we're using a power of two
* allocator.
+ * XXX: it probably makes more sense to right-size the
+ * allocation if we need more than a page.
*/
if (cr->cr_agroups)
cnt = cr->cr_agroups * 2;
@@ -1975,6 +1974,36 @@ crextend(struct ucred *cr, int n)
}
/*
+ * Copy groups in to a credential, preserving any necessicary invariants
+ * (i.e. sorting in the future). crextend() must have been called
+ * before hand to ensure sufficient space is available. If
+ */
+static inline void
+crsetgroups_locked(struct ucred *cr, int ngrp, gid_t *groups)
+{
+
+ KASSERT(cr->cr_agroups >= ngrp, ("cr_ngroups is too small"));
+
+ bcopy(groups, cr->cr_groups, ngrp * sizeof(gid_t));
+ cr->cr_ngroups = ngrp;
+}
+
+/*
+ * Copy groups in to a credential after expanding it if required.
+ * Truncate the list to NGROUPS if it is too large.
+ */
+void
+crsetgroups(struct ucred *cr, int ngrp, gid_t *groups)
+{
+
+ if (ngrp > NGROUPS)
+ ngrp = NGROUPS;
+
+ crextend(cr, ngrp);
+ crsetgroups_locked(cr, ngrp, groups);
+}
+
+/*
* Get login name, if available.
*/
#ifndef _SYS_SYSPROTO_H_
@@ -2071,7 +2100,7 @@ void
change_egid(struct ucred *newcred, gid_t egid)
{
- newcred->cr_groups[0] = egid;
+ newcred->cr_gid = egid;
}
/*-
Modified: projects/ngroups/sys/kern/vfs_export.c
==============================================================================
--- projects/ngroups/sys/kern/vfs_export.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/kern/vfs_export.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -120,9 +120,8 @@ vfs_hang_addrlist(struct mount *mp, stru
np->netc_exflags = argp->ex_flags;
np->netc_anon = crget();
np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
- np->netc_anon->cr_ngroups = argp->ex_anon.cr_ngroups;
- bcopy(argp->ex_anon.cr_groups, np->netc_anon->cr_groups,
- sizeof(np->netc_anon->cr_groups));
+ crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
+ argp->ex_anon.cr_groups);
np->netc_numsecflavors = argp->ex_numsecflavors;
bcopy(argp->ex_secflavors, np->netc_secflavors,
sizeof(np->netc_secflavors));
@@ -205,9 +204,8 @@ vfs_hang_addrlist(struct mount *mp, stru
np->netc_exflags = argp->ex_flags;
np->netc_anon = crget();
np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
- np->netc_anon->cr_ngroups = argp->ex_anon.cr_ngroups;
- bcopy(argp->ex_anon.cr_groups, np->netc_anon->cr_groups,
- sizeof(np->netc_anon->cr_groups));
+ crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
+ np->netc_anon->cr_groups);
np->netc_numsecflavors = argp->ex_numsecflavors;
bcopy(argp->ex_secflavors, np->netc_secflavors,
sizeof(np->netc_secflavors));
Modified: projects/ngroups/sys/kern/vfs_syscalls.c
==============================================================================
--- projects/ngroups/sys/kern/vfs_syscalls.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/kern/vfs_syscalls.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -2129,7 +2129,7 @@ kern_accessat(struct thread *td, int fd,
cred = td->td_ucred;
tmpcred = crdup(cred);
tmpcred->cr_uid = cred->cr_ruid;
- tmpcred->cr_groups[0] = cred->cr_rgid;
+ tmpcred->cr_gid = cred->cr_rgid;
td->td_ucred = tmpcred;
} else
cred = tmpcred = td->td_ucred;
Modified: projects/ngroups/sys/netncp/ncp_conn.c
==============================================================================
--- projects/ngroups/sys/netncp/ncp_conn.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/netncp/ncp_conn.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -249,7 +249,7 @@ ncp_conn_alloc(struct ncp_conn_args *cap
ncp->connid = 0xFFFF;
ncp->li = *cap;
ncp->nc_group = (cap->group != NCP_DEFAULT_GROUP) ?
- cap->group : cred->cr_groups[0];
+ cap->group : cred->cr_gid;
if (cap->retry_count == 0)
ncp->li.retry_count = NCP_RETRY_COUNT;
Modified: projects/ngroups/sys/netsmb/smb_conn.c
==============================================================================
--- projects/ngroups/sys/netsmb/smb_conn.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/netsmb/smb_conn.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -416,7 +416,7 @@ smb_vc_create(struct smb_vcspec *vcspec,
if (uid == SMBM_ANY_OWNER)
uid = realuid;
if (gid == SMBM_ANY_GROUP)
- gid = cred->cr_groups[0];
+ gid = cred->cr_gid;
vcp->vc_uid = uid;
vcp->vc_grp = gid;
@@ -714,7 +714,7 @@ smb_share_create(struct smb_vc *vcp, str
if (uid == SMBM_ANY_OWNER)
uid = realuid;
if (gid == SMBM_ANY_GROUP)
- gid = cred->cr_groups[0];
+ gid = cred->cr_gid;
ssp = smb_zmalloc(sizeof(*ssp), M_SMBCONN, M_WAITOK);
smb_co_init(SSTOCP(ssp), SMBL_SHARE, "smbss ilock", "smbss");
ssp->obj.co_free = smb_share_free;
Modified: projects/ngroups/sys/nfsclient/nfs_subs.c
==============================================================================
--- projects/ngroups/sys/nfsclient/nfs_subs.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/nfsclient/nfs_subs.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -253,7 +253,7 @@ nfsm_rpchead(struct ucred *cr, int nmfla
*tl++ = 0; /* stamp ?? */
*tl++ = 0; /* NULL hostname */
*tl++ = txdr_unsigned(cr->cr_uid);
- *tl++ = txdr_unsigned(cr->cr_groups[0]);
+ *tl++ = txdr_unsigned(cr->cr_gid);
grpsiz = (auth_len >> 2) - 5;
*tl++ = txdr_unsigned(grpsiz);
for (i = 1; i <= grpsiz; i++)
Modified: projects/ngroups/sys/nfsserver/nfs_srvsock.c
==============================================================================
--- projects/ngroups/sys/nfsserver/nfs_srvsock.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/nfsserver/nfs_srvsock.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -360,7 +360,7 @@ nfs_getreq(struct nfsrv_descript *nd, st
tl = nfsm_dissect_nonblock(u_int32_t *, 3 * NFSX_UNSIGNED);
nd->nd_cr->cr_uid = nd->nd_cr->cr_ruid =
nd->nd_cr->cr_svuid = fxdr_unsigned(uid_t, *tl++);
- nd->nd_cr->cr_groups[0] = nd->nd_cr->cr_rgid =
+ nd->nd_cr->cr_gid = nd->nd_cr->cr_rgid =
nd->nd_cr->cr_svgid = fxdr_unsigned(gid_t, *tl++);
#ifdef MAC
mac_cred_associate_nfsd(nd->nd_cr);
@@ -376,7 +376,7 @@ nfs_getreq(struct nfsrv_descript *nd, st
nd->nd_cr->cr_groups[i] = fxdr_unsigned(gid_t, *tl++);
else
tl++;
- nd->nd_cr->cr_ngroups = (len >= XU_NGROUPS) ? XU_NGROUPS : (len + 1);
+ nd->nd_cr->cr_ngroups = MIN(XU_NGROUPS, len + 1);
if (nd->nd_cr->cr_ngroups > 1)
nfsrvw_sort(nd->nd_cr->cr_groups, nd->nd_cr->cr_ngroups);
len = fxdr_unsigned(int, *++tl);
Modified: projects/ngroups/sys/nfsserver/nfs_srvsubs.c
==============================================================================
--- projects/ngroups/sys/nfsserver/nfs_srvsubs.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/nfsserver/nfs_srvsubs.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -1181,9 +1181,7 @@ nfsrv_fhtovp(fhandle_t *fhp, int lockfla
cred = nfsd->nd_cr;
if (cred->cr_uid == 0 || (exflags & MNT_EXPORTANON)) {
cred->cr_uid = credanon->cr_uid;
- for (i = 0; i < credanon->cr_ngroups && i < NGROUPS; i++)
- cred->cr_groups[i] = credanon->cr_groups[i];
- cred->cr_ngroups = i;
+ crsetgroups(cred, credanon->cr_ngroups, credanon->cr_groups);
}
if (exflags & MNT_EXRDONLY)
*rdonlyp = 1;
Modified: projects/ngroups/sys/rpc/authunix_prot.c
==============================================================================
--- projects/ngroups/sys/rpc/authunix_prot.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/rpc/authunix_prot.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -101,7 +101,7 @@ xdr_authunix_parms(XDR *xdrs, uint32_t *
if (!xdr_uint32_t(xdrs, &cred->cr_uid))
return (FALSE);
- if (!xdr_uint32_t(xdrs, &cred->cr_groups[0]))
+ if (!xdr_uint32_t(xdrs, &cred->cr_gid))
return (FALSE);
if (xdrs->x_op == XDR_ENCODE) {
Modified: projects/ngroups/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
==============================================================================
--- projects/ngroups/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -447,11 +447,7 @@ rpc_gss_svc_getcred(struct svc_req *req,
cr = client->cl_cred = crget();
cr->cr_uid = cr->cr_ruid = cr->cr_svuid = uc->uid;
cr->cr_rgid = cr->cr_svgid = uc->gid;
- cr->cr_ngroups = uc->gidlen;
- if (cr->cr_ngroups > NGROUPS)
- cr->cr_ngroups = NGROUPS;
- for (i = 0; i < cr->cr_ngroups; i++)
- cr->cr_groups[i] = uc->gidlist[i];
+ crsetgroups(cr, uc->gidlen, uc->gidlist);
*crp = crhold(cr);
return (TRUE);
Modified: projects/ngroups/sys/rpc/svc_auth.c
==============================================================================
--- projects/ngroups/sys/rpc/svc_auth.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/rpc/svc_auth.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -165,7 +165,7 @@ int
svc_getcred(struct svc_req *rqst, struct ucred **crp, int *flavorp)
{
struct ucred *cr = NULL;
- int flavor, i;
+ int flavor;
struct xucred *xcr;
flavor = rqst->rq_cred.oa_flavor;
@@ -177,10 +177,8 @@ svc_getcred(struct svc_req *rqst, struct
xcr = (struct xucred *) rqst->rq_clntcred;
cr = crget();
cr->cr_uid = cr->cr_ruid = cr->cr_svuid = xcr->cr_uid;
- cr->cr_ngroups = xcr->cr_ngroups;
- for (i = 0; i < xcr->cr_ngroups; i++)
- cr->cr_groups[i] = xcr->cr_groups[i];
- cr->cr_rgid = cr->cr_svgid = cr->cr_groups[0];
+ crsetgroups(cr, xcr->cr_ngroups, xcr->cr_groups);
+ cr->cr_rgid = cr->cr_svgid = cr->cr_gid;
*crp = cr;
return (TRUE);
Modified: projects/ngroups/sys/rpc/svc_auth_unix.c
==============================================================================
--- projects/ngroups/sys/rpc/svc_auth_unix.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/rpc/svc_auth_unix.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -88,20 +88,20 @@ _svcauth_unix(struct svc_req *rqst, stru
str_len = RNDUP(str_len);
buf += str_len / sizeof (int32_t);
xcr->cr_uid = IXDR_GET_UINT32(buf);
- xcr->cr_groups[0] = IXDR_GET_UINT32(buf);
+ xcr->cr_gid = IXDR_GET_UINT32(buf);
gid_len = (size_t)IXDR_GET_UINT32(buf);
if (gid_len > NGRPS) {
stat = AUTH_BADCRED;
goto done;
}
for (i = 0; i < gid_len; i++) {
- if (i + 1 < NGROUPS)
+ if (i + 1 < XU_NGROUPS)
xcr->cr_groups[i + 1] = IXDR_GET_INT32(buf);
else
buf++;
}
- if (gid_len + 1 > NGROUPS)
- xcr->cr_ngroups = NGROUPS;
+ if (gid_len + 1 > XU_NGROUPS)
+ xcr->cr_ngroups = XU_NGROUPS;
else
xcr->cr_ngroups = gid_len + 1;
Modified: projects/ngroups/sys/security/audit/audit.c
==============================================================================
--- projects/ngroups/sys/security/audit/audit.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/security/audit/audit.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -224,7 +224,7 @@ audit_record_ctor(void *mem, int size, v
cru2x(cred, &ar->k_ar.ar_subj_cred);
ar->k_ar.ar_subj_ruid = cred->cr_ruid;
ar->k_ar.ar_subj_rgid = cred->cr_rgid;
- ar->k_ar.ar_subj_egid = cred->cr_groups[0];
+ ar->k_ar.ar_subj_egid = cred->cr_gid;
ar->k_ar.ar_subj_auid = cred->cr_audit.ai_auid;
ar->k_ar.ar_subj_asid = cred->cr_audit.ai_asid;
ar->k_ar.ar_subj_pid = td->td_proc->p_pid;
Modified: projects/ngroups/sys/security/audit/audit_arg.c
==============================================================================
--- projects/ngroups/sys/security/audit/audit_arg.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/security/audit/audit_arg.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -369,7 +369,7 @@ audit_arg_process(struct proc *p)
cred = p->p_ucred;
ar->k_ar.ar_arg_auid = cred->cr_audit.ai_auid;
ar->k_ar.ar_arg_euid = cred->cr_uid;
- ar->k_ar.ar_arg_egid = cred->cr_groups[0];
+ ar->k_ar.ar_arg_egid = cred->cr_gid;
ar->k_ar.ar_arg_ruid = cred->cr_ruid;
ar->k_ar.ar_arg_rgid = cred->cr_rgid;
ar->k_ar.ar_arg_asid = cred->cr_audit.ai_asid;
Modified: projects/ngroups/sys/sys/ucred.h
==============================================================================
--- projects/ngroups/sys/sys/ucred.h Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/sys/ucred.h Fri Jun 5 20:23:22 2009 (r193534)
@@ -48,7 +48,7 @@ struct ucred {
uid_t cr_uid; /* effective user id */
uid_t cr_ruid; /* real user id */
uid_t cr_svuid; /* saved user id */
- short cr_ngroups; /* number of groups */
+ int cr_ngroups; /* number of groups */
gid_t cr_rgid; /* real group id */
gid_t cr_svgid; /* saved group id */
struct uidinfo *cr_uidinfo; /* per euid resource consumption */
@@ -60,7 +60,7 @@ struct ucred {
struct label *cr_label; /* MAC label */
struct auditinfo_addr cr_audit; /* Audit properties. */
gid_t *cr_groups; /* groups */
- short cr_agroups; /* Available groups */
+ int cr_agroups; /* Available groups */
};
#define NOCRED ((struct ucred *)0) /* no credential available */
#define FSCRED ((struct ucred *)-1) /* filesystem credential */
@@ -94,7 +94,7 @@ void change_ruid(struct ucred *newcred,
void change_svgid(struct ucred *newcred, gid_t svgid);
void change_svuid(struct ucred *newcred, uid_t svuid);
void crcopy(struct ucred *dest, struct ucred *src);
-struct ucred *crcopysafe(struct proc *, struct ucred *);
+struct ucred *crcopysafe(struct proc *p, struct ucred *cr);
struct ucred *crdup(struct ucred *cr);
void cred_update_thread(struct thread *td);
void crfree(struct ucred *cr);
@@ -103,6 +103,7 @@ struct ucred *crhold(struct ucred *cr);
int crshared(struct ucred *cr);
void cru2x(struct ucred *cr, struct xucred *xcr);
void crextend(struct ucred *cr, int n);
+void crsetgroups(struct ucred *cr, int n, gid_t *groups);
int groupmember(gid_t gid, struct ucred *cred);
#endif /* _KERNEL */
Modified: projects/ngroups/sys/ufs/ufs/ufs_vnops.c
==============================================================================
--- projects/ngroups/sys/ufs/ufs/ufs_vnops.c Fri Jun 5 19:52:03 2009 (r193533)
+++ projects/ngroups/sys/ufs/ufs/ufs_vnops.c Fri Jun 5 20:23:22 2009 (r193534)
@@ -1476,7 +1476,7 @@ ufs_mkdir(ap)
refcount_init(&ucred.cr_ref, 1);
ucred.cr_uid = ip->i_uid;
ucred.cr_ngroups = 1;
- ucred.cr_groups[0] = dp->i_gid;
+ ucred.cr_gid = dp->i_gid;
ucp = &ucred;
}
#endif
@@ -2267,6 +2267,7 @@ ufs_makeinode(mode, dvp, vpp, cnp)
{
#ifdef QUOTA
struct ucred ucred, *ucp;
+ gid_t ucred_group;
ucp = cnp->cn_cred;
#endif
/*
@@ -2293,7 +2294,8 @@ ufs_makeinode(mode, dvp, vpp, cnp)
refcount_init(&ucred.cr_ref, 1);
ucred.cr_uid = ip->i_uid;
ucred.cr_ngroups = 1;
- ucred.cr_groups[0] = pdir->i_gid;
+ ucred.cr_groups = &ucred_group;
+ ucred.cr_gid = pdir->i_gid;
ucp = &ucred;
#endif
} else {
More information about the svn-src-projects
mailing list