Date: Fri, 5 Jun 2009 20:23:23 +0000 (UTC) From: Brooks Davis <brooks@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r193534 - in projects/ngroups/sys: contrib/pf/net fs/nfs fs/nfsclient fs/nfsserver gnu/fs/xfs gnu/fs/xfs/FreeBSD kern netncp netsmb nfsclient nfsserver rpc rpc/rpcsec_gss security/audit... Message-ID: <200906052023.n55KNNUM037101@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brooks Date: Fri Jun 5 20:23:22 2009 New Revision: 193534 URL: http://svn.freebsd.org/changeset/base/193534 Log: Introduce a new crsetgroups() function and use it when copying groups into ucred structures. Consistently use the cr_gid macro to reference cr_groups[0]. Increase cr_ngroups and cr_agroups from short to int. Modified: projects/ngroups/sys/contrib/pf/net/pf.c projects/ngroups/sys/fs/nfs/nfs_commonport.c projects/ngroups/sys/fs/nfsclient/nfs_clport.c projects/ngroups/sys/fs/nfsserver/nfs_nfsdport.c projects/ngroups/sys/gnu/fs/xfs/FreeBSD/xfs_compat.h projects/ngroups/sys/gnu/fs/xfs/xfs_inode.c projects/ngroups/sys/gnu/fs/xfs/xfs_vnodeops.c projects/ngroups/sys/kern/kern_prot.c projects/ngroups/sys/kern/vfs_export.c projects/ngroups/sys/kern/vfs_syscalls.c projects/ngroups/sys/netncp/ncp_conn.c projects/ngroups/sys/netsmb/smb_conn.c projects/ngroups/sys/nfsclient/nfs_subs.c projects/ngroups/sys/nfsserver/nfs_srvsock.c projects/ngroups/sys/nfsserver/nfs_srvsubs.c projects/ngroups/sys/rpc/authunix_prot.c projects/ngroups/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c projects/ngroups/sys/rpc/svc_auth.c projects/ngroups/sys/rpc/svc_auth_unix.c projects/ngroups/sys/security/audit/audit.c projects/ngroups/sys/security/audit/audit_arg.c projects/ngroups/sys/sys/ucred.h projects/ngroups/sys/ufs/ufs/ufs_vnops.c Modified: projects/ngroups/sys/contrib/pf/net/pf.c ============================================================================== --- projects/ngroups/sys/contrib/pf/net/pf.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/contrib/pf/net/pf.c Fri Jun 5 20:23:22 2009 (r193534) @@ -2946,7 +2946,7 @@ pf_socket_lookup(int direction, struct p if (inp_arg != NULL) { INP_LOCK_ASSERT(inp_arg); pd->lookup.uid = inp_arg->inp_cred->cr_uid; - pd->lookup.gid = inp_arg->inp_cred->cr_groups[0]; + pd->lookup.gid = inp_arg->inp_cred->cr_gid; return (1); } #endif @@ -3044,7 +3044,7 @@ pf_socket_lookup(int direction, struct p } #ifdef __FreeBSD__ pd->lookup.uid = inp->inp_cred->cr_uid; - pd->lookup.gid = inp->inp_cred->cr_groups[0]; + pd->lookup.gid = inp->inp_cred->cr_gid; INP_INFO_RUNLOCK(pi); #else pd->lookup.uid = inp->inp_socket->so_euid; Modified: projects/ngroups/sys/fs/nfs/nfs_commonport.c ============================================================================== --- projects/ngroups/sys/fs/nfs/nfs_commonport.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/fs/nfs/nfs_commonport.c Fri Jun 5 20:23:22 2009 (r193534) @@ -220,14 +220,9 @@ nfsrv_lookupfilename(struct nameidata *n void newnfs_copycred(struct nfscred *nfscr, struct ucred *cr) { - int ngroups, i; cr->cr_uid = nfscr->nfsc_uid; - ngroups = (nfscr->nfsc_ngroups < NGROUPS) ? - nfscr->nfsc_ngroups : NGROUPS; - for (i = 0; i < ngroups; i++) - cr->cr_groups[i] = nfscr->nfsc_groups[i]; - cr->cr_ngroups = ngroups; + crsetgroups(cr, nfscr->nfsc_ngroups, nfscr->nfsc_groups); } /* @@ -295,15 +290,13 @@ nfsrv_atroot(struct vnode *vp, long *ret /* * Set the credentials to refer to root. - * If only the various BSDen could agree on whether cr_gid is a separate - * field or cr_groups[0]... */ void newnfs_setroot(struct ucred *cred) { cred->cr_uid = 0; - cred->cr_groups[0] = 0; + cred->cr_gid = 0; cred->cr_ngroups = 1; } Modified: projects/ngroups/sys/fs/nfsclient/nfs_clport.c ============================================================================== --- projects/ngroups/sys/fs/nfsclient/nfs_clport.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/fs/nfsclient/nfs_clport.c Fri Jun 5 20:23:22 2009 (r193534) @@ -976,14 +976,12 @@ nfscl_getmyip(struct nfsmount *nmp, int void newnfs_copyincred(struct ucred *cr, struct nfscred *nfscr) { - int ngroups, i; + int i; nfscr->nfsc_uid = cr->cr_uid; - ngroups = (cr->cr_ngroups > XU_NGROUPS) ? XU_NGROUPS : - cr->cr_ngroups; - for (i = 0; i < ngroups; i++) + nfscr->nfsc_ngroups = MIN(cr->cr_ngroups, XU_NGROUPS); + for (i = 0; i < nfscr->nfsc_ngroups; i++) nfscr->nfsc_groups[i] = cr->cr_groups[i]; - nfscr->nfsc_ngroups = ngroups; } Modified: projects/ngroups/sys/fs/nfsserver/nfs_nfsdport.c ============================================================================== --- projects/ngroups/sys/fs/nfsserver/nfs_nfsdport.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/fs/nfsserver/nfs_nfsdport.c Fri Jun 5 20:23:22 2009 (r193534) @@ -2360,7 +2360,6 @@ int nfsd_excred(struct nfsrv_descript *nd, struct nfsexstuff *exp, struct ucred *credanon) { - int i; int error = 0; /* @@ -2403,9 +2402,8 @@ nfsd_excred(struct nfsrv_descript *nd, s (nd->nd_flag & ND_AUTHNONE))) { nd->nd_cred->cr_uid = credanon->cr_uid; nd->nd_cred->cr_gid = credanon->cr_gid; - for (i = 0; i < credanon->cr_ngroups && i < NGROUPS; i++) - nd->nd_cred->cr_groups[i] = credanon->cr_groups[i]; - nd->nd_cred->cr_ngroups = i; + crsetgroups(nd->nd_cred, credanon->cr_ngroups, + credanon->cr_groups); } return (0); } Modified: projects/ngroups/sys/gnu/fs/xfs/FreeBSD/xfs_compat.h ============================================================================== --- projects/ngroups/sys/gnu/fs/xfs/FreeBSD/xfs_compat.h Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/gnu/fs/xfs/FreeBSD/xfs_compat.h Fri Jun 5 20:23:22 2009 (r193534) @@ -163,7 +163,7 @@ typedef struct mtx xfs_mutex_t; * Cedentials manipulation. */ #define current_fsuid(credp) (credp)->cr_uid -#define current_fsgid(credp) (credp)->cr_groups[0] +#define current_fsgid(credp) (credp)->cr_gid #define PAGE_CACHE_SIZE PAGE_SIZE Modified: projects/ngroups/sys/gnu/fs/xfs/xfs_inode.c ============================================================================== --- projects/ngroups/sys/gnu/fs/xfs/xfs_inode.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/gnu/fs/xfs/xfs_inode.c Fri Jun 5 20:23:22 2009 (r193534) @@ -1124,7 +1124,7 @@ xfs_ialloc( ip->i_d.di_nlink = nlink; ASSERT(ip->i_d.di_nlink == nlink); ip->i_d.di_uid = curthread->td_ucred->cr_uid; - ip->i_d.di_gid = curthread->td_ucred->cr_groups[0]; + ip->i_d.di_gid = curthread->td_ucred->cr_gid; ip->i_d.di_projid = prid; memset(&(ip->i_d.di_pad[0]), 0, sizeof(ip->i_d.di_pad)); Modified: projects/ngroups/sys/gnu/fs/xfs/xfs_vnodeops.c ============================================================================== --- projects/ngroups/sys/gnu/fs/xfs/xfs_vnodeops.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/gnu/fs/xfs/xfs_vnodeops.c Fri Jun 5 20:23:22 2009 (r193534) @@ -3379,7 +3379,7 @@ xfs_symlink( */ error = XFS_QM_DQVOPALLOC(mp, dp, current->td_ucred->cr_uid, - current->td_ucred->cr_groups[0], + current->td_ucred->cr_gid, prid, XFS_QMOPT_QUOTALL | XFS_QMOPT_INHERIT, &udqp, &gdqp); if (error) Modified: projects/ngroups/sys/kern/kern_prot.c ============================================================================== --- projects/ngroups/sys/kern/kern_prot.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/kern/kern_prot.c Fri Jun 5 20:23:22 2009 (r193534) @@ -83,6 +83,9 @@ static MALLOC_DEFINE(M_CRED, "cred", "cr SYSCTL_NODE(_security, OID_AUTO, bsd, CTLFLAG_RW, 0, "BSD security policy"); +static __inline void crsetgroups_locked(struct ucred *cr, int ngrp, + gid_t *groups); + #ifndef _SYS_SYSPROTO_H_ struct getpid_args { int dummy; @@ -244,16 +247,11 @@ getgid(struct thread *td, struct getgid_ td->td_retval[0] = td->td_ucred->cr_rgid; #if defined(COMPAT_43) - td->td_retval[1] = td->td_ucred->cr_groups[0]; + td->td_retval[1] = td->td_ucred->cr_gid; #endif return (0); } -/* - * Get effective group ID. The "egid" is groups[0], and could be obtained - * via getgroups. This syscall exists because it is somewhat painful to do - * correctly in a library function. - */ #ifndef _SYS_SYSPROTO_H_ struct getegid_args { int dummy; @@ -264,7 +262,7 @@ int getegid(struct thread *td, struct getegid_args *uap) { - td->td_retval[0] = td->td_ucred->cr_groups[0]; + td->td_retval[0] = td->td_ucred->cr_gid; return (0); } @@ -680,7 +678,7 @@ setgid(struct thread *td, struct setgid_ gid != oldcred->cr_svgid && /* allow setgid(saved gid) */ #endif #ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ - gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */ + gid != oldcred->cr_gid && /* allow setgid(getegid()) */ #endif (error = priv_check_cred(oldcred, PRIV_CRED_SETGID, 0)) != 0) goto fail; @@ -692,7 +690,7 @@ setgid(struct thread *td, struct setgid_ */ if ( #ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */ - gid == oldcred->cr_groups[0] || + gid == oldcred->cr_gid || #endif /* We are using privs. */ priv_check_cred(oldcred, PRIV_CRED_SETGID, 0) == 0) @@ -721,7 +719,7 @@ setgid(struct thread *td, struct setgid_ * In all cases permitted cases, we are changing the egid. * Copy credentials so other references do not see our changes. */ - if (oldcred->cr_groups[0] != gid) { + if (oldcred->cr_gid != gid) { change_egid(newcred, gid); setsugid(p); } @@ -767,7 +765,7 @@ setegid(struct thread *td, struct setegi (error = priv_check_cred(oldcred, PRIV_CRED_SETEGID, 0)) != 0) goto fail; - if (oldcred->cr_groups[0] != egid) { + if (oldcred->cr_gid != egid) { change_egid(newcred, egid); setsugid(p); } @@ -841,8 +839,7 @@ kern_setgroups(struct thread *td, u_int */ newcred->cr_ngroups = 1; } else { - bcopy(groups, newcred->cr_groups, ngrp * sizeof(gid_t)); - newcred->cr_ngroups = ngrp; + crsetgroups_locked(newcred, ngrp, groups); } setsugid(p); p->p_ucred = newcred; @@ -954,12 +951,12 @@ setregid(register struct thread *td, str if (((rgid != (gid_t)-1 && rgid != oldcred->cr_rgid && rgid != oldcred->cr_svgid) || - (egid != (gid_t)-1 && egid != oldcred->cr_groups[0] && + (egid != (gid_t)-1 && egid != oldcred->cr_gid && egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) && (error = priv_check_cred(oldcred, PRIV_CRED_SETREGID, 0)) != 0) goto fail; - if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) { + if (egid != (gid_t)-1 && oldcred->cr_gid != egid) { change_egid(newcred, egid); setsugid(p); } @@ -967,9 +964,9 @@ setregid(register struct thread *td, str change_rgid(newcred, rgid); setsugid(p); } - if ((rgid != (gid_t)-1 || newcred->cr_groups[0] != newcred->cr_rgid) && - newcred->cr_svgid != newcred->cr_groups[0]) { - change_svgid(newcred, newcred->cr_groups[0]); + if ((rgid != (gid_t)-1 || newcred->cr_gid != newcred->cr_rgid) && + newcred->cr_svgid != newcred->cr_gid) { + change_svgid(newcred, newcred->cr_gid); setsugid(p); } p->p_ucred = newcred; @@ -1100,17 +1097,17 @@ setresgid(register struct thread *td, st if (((rgid != (gid_t)-1 && rgid != oldcred->cr_rgid && rgid != oldcred->cr_svgid && - rgid != oldcred->cr_groups[0]) || + rgid != oldcred->cr_gid) || (egid != (gid_t)-1 && egid != oldcred->cr_rgid && egid != oldcred->cr_svgid && - egid != oldcred->cr_groups[0]) || + egid != oldcred->cr_gid) || (sgid != (gid_t)-1 && sgid != oldcred->cr_rgid && sgid != oldcred->cr_svgid && - sgid != oldcred->cr_groups[0])) && + sgid != oldcred->cr_gid)) && (error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID, 0)) != 0) goto fail; - if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) { + if (egid != (gid_t)-1 && oldcred->cr_gid != egid) { change_egid(newcred, egid); setsugid(p); } @@ -1179,8 +1176,8 @@ getresgid(register struct thread *td, st error1 = copyout(&cred->cr_rgid, uap->rgid, sizeof(cred->cr_rgid)); if (uap->egid) - error2 = copyout(&cred->cr_groups[0], - uap->egid, sizeof(cred->cr_groups[0])); + error2 = copyout(&cred->cr_gid, + uap->egid, sizeof(cred->cr_gid)); if (uap->sgid) error3 = copyout(&cred->cr_svgid, uap->sgid, sizeof(cred->cr_svgid)); @@ -1899,7 +1896,7 @@ cru2x(struct ucred *cr, struct xucred *x ngroups = min(cr->cr_ngroups, XU_NGROUPS); xcr->cr_ngroups = ngroups; bcopy(cr->cr_groups, xcr->cr_groups, - ngroups * sizeof(cr->cr_groups[0])); + ngroups * sizeof(*cr->cr_groups)); } /* @@ -1957,6 +1954,8 @@ crextend(struct ucred *cr, int n) /* * We extend by 2 each time since we're using a power of two * allocator. + * XXX: it probably makes more sense to right-size the + * allocation if we need more than a page. */ if (cr->cr_agroups) cnt = cr->cr_agroups * 2; @@ -1975,6 +1974,36 @@ crextend(struct ucred *cr, int n) } /* + * Copy groups in to a credential, preserving any necessicary invariants + * (i.e. sorting in the future). crextend() must have been called + * before hand to ensure sufficient space is available. If + */ +static inline void +crsetgroups_locked(struct ucred *cr, int ngrp, gid_t *groups) +{ + + KASSERT(cr->cr_agroups >= ngrp, ("cr_ngroups is too small")); + + bcopy(groups, cr->cr_groups, ngrp * sizeof(gid_t)); + cr->cr_ngroups = ngrp; +} + +/* + * Copy groups in to a credential after expanding it if required. + * Truncate the list to NGROUPS if it is too large. + */ +void +crsetgroups(struct ucred *cr, int ngrp, gid_t *groups) +{ + + if (ngrp > NGROUPS) + ngrp = NGROUPS; + + crextend(cr, ngrp); + crsetgroups_locked(cr, ngrp, groups); +} + +/* * Get login name, if available. */ #ifndef _SYS_SYSPROTO_H_ @@ -2071,7 +2100,7 @@ void change_egid(struct ucred *newcred, gid_t egid) { - newcred->cr_groups[0] = egid; + newcred->cr_gid = egid; } /*- Modified: projects/ngroups/sys/kern/vfs_export.c ============================================================================== --- projects/ngroups/sys/kern/vfs_export.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/kern/vfs_export.c Fri Jun 5 20:23:22 2009 (r193534) @@ -120,9 +120,8 @@ vfs_hang_addrlist(struct mount *mp, stru np->netc_exflags = argp->ex_flags; np->netc_anon = crget(); np->netc_anon->cr_uid = argp->ex_anon.cr_uid; - np->netc_anon->cr_ngroups = argp->ex_anon.cr_ngroups; - bcopy(argp->ex_anon.cr_groups, np->netc_anon->cr_groups, - sizeof(np->netc_anon->cr_groups)); + crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups, + argp->ex_anon.cr_groups); np->netc_numsecflavors = argp->ex_numsecflavors; bcopy(argp->ex_secflavors, np->netc_secflavors, sizeof(np->netc_secflavors)); @@ -205,9 +204,8 @@ vfs_hang_addrlist(struct mount *mp, stru np->netc_exflags = argp->ex_flags; np->netc_anon = crget(); np->netc_anon->cr_uid = argp->ex_anon.cr_uid; - np->netc_anon->cr_ngroups = argp->ex_anon.cr_ngroups; - bcopy(argp->ex_anon.cr_groups, np->netc_anon->cr_groups, - sizeof(np->netc_anon->cr_groups)); + crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups, + np->netc_anon->cr_groups); np->netc_numsecflavors = argp->ex_numsecflavors; bcopy(argp->ex_secflavors, np->netc_secflavors, sizeof(np->netc_secflavors)); Modified: projects/ngroups/sys/kern/vfs_syscalls.c ============================================================================== --- projects/ngroups/sys/kern/vfs_syscalls.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/kern/vfs_syscalls.c Fri Jun 5 20:23:22 2009 (r193534) @@ -2129,7 +2129,7 @@ kern_accessat(struct thread *td, int fd, cred = td->td_ucred; tmpcred = crdup(cred); tmpcred->cr_uid = cred->cr_ruid; - tmpcred->cr_groups[0] = cred->cr_rgid; + tmpcred->cr_gid = cred->cr_rgid; td->td_ucred = tmpcred; } else cred = tmpcred = td->td_ucred; Modified: projects/ngroups/sys/netncp/ncp_conn.c ============================================================================== --- projects/ngroups/sys/netncp/ncp_conn.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/netncp/ncp_conn.c Fri Jun 5 20:23:22 2009 (r193534) @@ -249,7 +249,7 @@ ncp_conn_alloc(struct ncp_conn_args *cap ncp->connid = 0xFFFF; ncp->li = *cap; ncp->nc_group = (cap->group != NCP_DEFAULT_GROUP) ? - cap->group : cred->cr_groups[0]; + cap->group : cred->cr_gid; if (cap->retry_count == 0) ncp->li.retry_count = NCP_RETRY_COUNT; Modified: projects/ngroups/sys/netsmb/smb_conn.c ============================================================================== --- projects/ngroups/sys/netsmb/smb_conn.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/netsmb/smb_conn.c Fri Jun 5 20:23:22 2009 (r193534) @@ -416,7 +416,7 @@ smb_vc_create(struct smb_vcspec *vcspec, if (uid == SMBM_ANY_OWNER) uid = realuid; if (gid == SMBM_ANY_GROUP) - gid = cred->cr_groups[0]; + gid = cred->cr_gid; vcp->vc_uid = uid; vcp->vc_grp = gid; @@ -714,7 +714,7 @@ smb_share_create(struct smb_vc *vcp, str if (uid == SMBM_ANY_OWNER) uid = realuid; if (gid == SMBM_ANY_GROUP) - gid = cred->cr_groups[0]; + gid = cred->cr_gid; ssp = smb_zmalloc(sizeof(*ssp), M_SMBCONN, M_WAITOK); smb_co_init(SSTOCP(ssp), SMBL_SHARE, "smbss ilock", "smbss"); ssp->obj.co_free = smb_share_free; Modified: projects/ngroups/sys/nfsclient/nfs_subs.c ============================================================================== --- projects/ngroups/sys/nfsclient/nfs_subs.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/nfsclient/nfs_subs.c Fri Jun 5 20:23:22 2009 (r193534) @@ -253,7 +253,7 @@ nfsm_rpchead(struct ucred *cr, int nmfla *tl++ = 0; /* stamp ?? */ *tl++ = 0; /* NULL hostname */ *tl++ = txdr_unsigned(cr->cr_uid); - *tl++ = txdr_unsigned(cr->cr_groups[0]); + *tl++ = txdr_unsigned(cr->cr_gid); grpsiz = (auth_len >> 2) - 5; *tl++ = txdr_unsigned(grpsiz); for (i = 1; i <= grpsiz; i++) Modified: projects/ngroups/sys/nfsserver/nfs_srvsock.c ============================================================================== --- projects/ngroups/sys/nfsserver/nfs_srvsock.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/nfsserver/nfs_srvsock.c Fri Jun 5 20:23:22 2009 (r193534) @@ -360,7 +360,7 @@ nfs_getreq(struct nfsrv_descript *nd, st tl = nfsm_dissect_nonblock(u_int32_t *, 3 * NFSX_UNSIGNED); nd->nd_cr->cr_uid = nd->nd_cr->cr_ruid = nd->nd_cr->cr_svuid = fxdr_unsigned(uid_t, *tl++); - nd->nd_cr->cr_groups[0] = nd->nd_cr->cr_rgid = + nd->nd_cr->cr_gid = nd->nd_cr->cr_rgid = nd->nd_cr->cr_svgid = fxdr_unsigned(gid_t, *tl++); #ifdef MAC mac_cred_associate_nfsd(nd->nd_cr); @@ -376,7 +376,7 @@ nfs_getreq(struct nfsrv_descript *nd, st nd->nd_cr->cr_groups[i] = fxdr_unsigned(gid_t, *tl++); else tl++; - nd->nd_cr->cr_ngroups = (len >= XU_NGROUPS) ? XU_NGROUPS : (len + 1); + nd->nd_cr->cr_ngroups = MIN(XU_NGROUPS, len + 1); if (nd->nd_cr->cr_ngroups > 1) nfsrvw_sort(nd->nd_cr->cr_groups, nd->nd_cr->cr_ngroups); len = fxdr_unsigned(int, *++tl); Modified: projects/ngroups/sys/nfsserver/nfs_srvsubs.c ============================================================================== --- projects/ngroups/sys/nfsserver/nfs_srvsubs.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/nfsserver/nfs_srvsubs.c Fri Jun 5 20:23:22 2009 (r193534) @@ -1181,9 +1181,7 @@ nfsrv_fhtovp(fhandle_t *fhp, int lockfla cred = nfsd->nd_cr; if (cred->cr_uid == 0 || (exflags & MNT_EXPORTANON)) { cred->cr_uid = credanon->cr_uid; - for (i = 0; i < credanon->cr_ngroups && i < NGROUPS; i++) - cred->cr_groups[i] = credanon->cr_groups[i]; - cred->cr_ngroups = i; + crsetgroups(cred, credanon->cr_ngroups, credanon->cr_groups); } if (exflags & MNT_EXRDONLY) *rdonlyp = 1; Modified: projects/ngroups/sys/rpc/authunix_prot.c ============================================================================== --- projects/ngroups/sys/rpc/authunix_prot.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/rpc/authunix_prot.c Fri Jun 5 20:23:22 2009 (r193534) @@ -101,7 +101,7 @@ xdr_authunix_parms(XDR *xdrs, uint32_t * if (!xdr_uint32_t(xdrs, &cred->cr_uid)) return (FALSE); - if (!xdr_uint32_t(xdrs, &cred->cr_groups[0])) + if (!xdr_uint32_t(xdrs, &cred->cr_gid)) return (FALSE); if (xdrs->x_op == XDR_ENCODE) { Modified: projects/ngroups/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c ============================================================================== --- projects/ngroups/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Fri Jun 5 20:23:22 2009 (r193534) @@ -447,11 +447,7 @@ rpc_gss_svc_getcred(struct svc_req *req, cr = client->cl_cred = crget(); cr->cr_uid = cr->cr_ruid = cr->cr_svuid = uc->uid; cr->cr_rgid = cr->cr_svgid = uc->gid; - cr->cr_ngroups = uc->gidlen; - if (cr->cr_ngroups > NGROUPS) - cr->cr_ngroups = NGROUPS; - for (i = 0; i < cr->cr_ngroups; i++) - cr->cr_groups[i] = uc->gidlist[i]; + crsetgroups(cr, uc->gidlen, uc->gidlist); *crp = crhold(cr); return (TRUE); Modified: projects/ngroups/sys/rpc/svc_auth.c ============================================================================== --- projects/ngroups/sys/rpc/svc_auth.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/rpc/svc_auth.c Fri Jun 5 20:23:22 2009 (r193534) @@ -165,7 +165,7 @@ int svc_getcred(struct svc_req *rqst, struct ucred **crp, int *flavorp) { struct ucred *cr = NULL; - int flavor, i; + int flavor; struct xucred *xcr; flavor = rqst->rq_cred.oa_flavor; @@ -177,10 +177,8 @@ svc_getcred(struct svc_req *rqst, struct xcr = (struct xucred *) rqst->rq_clntcred; cr = crget(); cr->cr_uid = cr->cr_ruid = cr->cr_svuid = xcr->cr_uid; - cr->cr_ngroups = xcr->cr_ngroups; - for (i = 0; i < xcr->cr_ngroups; i++) - cr->cr_groups[i] = xcr->cr_groups[i]; - cr->cr_rgid = cr->cr_svgid = cr->cr_groups[0]; + crsetgroups(cr, xcr->cr_ngroups, xcr->cr_groups); + cr->cr_rgid = cr->cr_svgid = cr->cr_gid; *crp = cr; return (TRUE); Modified: projects/ngroups/sys/rpc/svc_auth_unix.c ============================================================================== --- projects/ngroups/sys/rpc/svc_auth_unix.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/rpc/svc_auth_unix.c Fri Jun 5 20:23:22 2009 (r193534) @@ -88,20 +88,20 @@ _svcauth_unix(struct svc_req *rqst, stru str_len = RNDUP(str_len); buf += str_len / sizeof (int32_t); xcr->cr_uid = IXDR_GET_UINT32(buf); - xcr->cr_groups[0] = IXDR_GET_UINT32(buf); + xcr->cr_gid = IXDR_GET_UINT32(buf); gid_len = (size_t)IXDR_GET_UINT32(buf); if (gid_len > NGRPS) { stat = AUTH_BADCRED; goto done; } for (i = 0; i < gid_len; i++) { - if (i + 1 < NGROUPS) + if (i + 1 < XU_NGROUPS) xcr->cr_groups[i + 1] = IXDR_GET_INT32(buf); else buf++; } - if (gid_len + 1 > NGROUPS) - xcr->cr_ngroups = NGROUPS; + if (gid_len + 1 > XU_NGROUPS) + xcr->cr_ngroups = XU_NGROUPS; else xcr->cr_ngroups = gid_len + 1; Modified: projects/ngroups/sys/security/audit/audit.c ============================================================================== --- projects/ngroups/sys/security/audit/audit.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/security/audit/audit.c Fri Jun 5 20:23:22 2009 (r193534) @@ -224,7 +224,7 @@ audit_record_ctor(void *mem, int size, v cru2x(cred, &ar->k_ar.ar_subj_cred); ar->k_ar.ar_subj_ruid = cred->cr_ruid; ar->k_ar.ar_subj_rgid = cred->cr_rgid; - ar->k_ar.ar_subj_egid = cred->cr_groups[0]; + ar->k_ar.ar_subj_egid = cred->cr_gid; ar->k_ar.ar_subj_auid = cred->cr_audit.ai_auid; ar->k_ar.ar_subj_asid = cred->cr_audit.ai_asid; ar->k_ar.ar_subj_pid = td->td_proc->p_pid; Modified: projects/ngroups/sys/security/audit/audit_arg.c ============================================================================== --- projects/ngroups/sys/security/audit/audit_arg.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/security/audit/audit_arg.c Fri Jun 5 20:23:22 2009 (r193534) @@ -369,7 +369,7 @@ audit_arg_process(struct proc *p) cred = p->p_ucred; ar->k_ar.ar_arg_auid = cred->cr_audit.ai_auid; ar->k_ar.ar_arg_euid = cred->cr_uid; - ar->k_ar.ar_arg_egid = cred->cr_groups[0]; + ar->k_ar.ar_arg_egid = cred->cr_gid; ar->k_ar.ar_arg_ruid = cred->cr_ruid; ar->k_ar.ar_arg_rgid = cred->cr_rgid; ar->k_ar.ar_arg_asid = cred->cr_audit.ai_asid; Modified: projects/ngroups/sys/sys/ucred.h ============================================================================== --- projects/ngroups/sys/sys/ucred.h Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/sys/ucred.h Fri Jun 5 20:23:22 2009 (r193534) @@ -48,7 +48,7 @@ struct ucred { uid_t cr_uid; /* effective user id */ uid_t cr_ruid; /* real user id */ uid_t cr_svuid; /* saved user id */ - short cr_ngroups; /* number of groups */ + int cr_ngroups; /* number of groups */ gid_t cr_rgid; /* real group id */ gid_t cr_svgid; /* saved group id */ struct uidinfo *cr_uidinfo; /* per euid resource consumption */ @@ -60,7 +60,7 @@ struct ucred { struct label *cr_label; /* MAC label */ struct auditinfo_addr cr_audit; /* Audit properties. */ gid_t *cr_groups; /* groups */ - short cr_agroups; /* Available groups */ + int cr_agroups; /* Available groups */ }; #define NOCRED ((struct ucred *)0) /* no credential available */ #define FSCRED ((struct ucred *)-1) /* filesystem credential */ @@ -94,7 +94,7 @@ void change_ruid(struct ucred *newcred, void change_svgid(struct ucred *newcred, gid_t svgid); void change_svuid(struct ucred *newcred, uid_t svuid); void crcopy(struct ucred *dest, struct ucred *src); -struct ucred *crcopysafe(struct proc *, struct ucred *); +struct ucred *crcopysafe(struct proc *p, struct ucred *cr); struct ucred *crdup(struct ucred *cr); void cred_update_thread(struct thread *td); void crfree(struct ucred *cr); @@ -103,6 +103,7 @@ struct ucred *crhold(struct ucred *cr); int crshared(struct ucred *cr); void cru2x(struct ucred *cr, struct xucred *xcr); void crextend(struct ucred *cr, int n); +void crsetgroups(struct ucred *cr, int n, gid_t *groups); int groupmember(gid_t gid, struct ucred *cred); #endif /* _KERNEL */ Modified: projects/ngroups/sys/ufs/ufs/ufs_vnops.c ============================================================================== --- projects/ngroups/sys/ufs/ufs/ufs_vnops.c Fri Jun 5 19:52:03 2009 (r193533) +++ projects/ngroups/sys/ufs/ufs/ufs_vnops.c Fri Jun 5 20:23:22 2009 (r193534) @@ -1476,7 +1476,7 @@ ufs_mkdir(ap) refcount_init(&ucred.cr_ref, 1); ucred.cr_uid = ip->i_uid; ucred.cr_ngroups = 1; - ucred.cr_groups[0] = dp->i_gid; + ucred.cr_gid = dp->i_gid; ucp = &ucred; } #endif @@ -2267,6 +2267,7 @@ ufs_makeinode(mode, dvp, vpp, cnp) { #ifdef QUOTA struct ucred ucred, *ucp; + gid_t ucred_group; ucp = cnp->cn_cred; #endif /* @@ -2293,7 +2294,8 @@ ufs_makeinode(mode, dvp, vpp, cnp) refcount_init(&ucred.cr_ref, 1); ucred.cr_uid = ip->i_uid; ucred.cr_ngroups = 1; - ucred.cr_groups[0] = pdir->i_gid; + ucred.cr_groups = &ucred_group; + ucred.cr_gid = pdir->i_gid; ucp = &ucred; #endif } else {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906052023.n55KNNUM037101>